Saturday, October 30, 2004

MIRLN -- Misc. IT Related Legal News [October 2004; v7.13]

**************Introductory Note**********************

MIRLN (Misc. IT Related Legal News) is a free product of the American Bar Association’s Cyberspace Law Committee. Please feel free to distribute this message.

Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at http://www.buslaw.org/cgi-bin/controlpanel.cgi?committee=CL320000 (click on “Settings” beside Members-Only Listserve Discussion). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN editions are archived at www.vip-law.com and in the public materials section of the Cyberspace Committee’s collaboration space at http://lawplace.metadot.com.

**************End of Introductory Note***************

DIEBOLD LOSES KEY COPYRIGHT CASE (Wired, 30 Sept 2004) -- Students who sued Diebold Election Systems won their case against the voting machine maker on Thursday after a judge ruled that the company had misused the Digital Millennium Copyright Act and ordered the company to pay damages and fees. Lawyers for the students call the move a victory for free speech. A judge for the California district court ruled that the company knowingly misrepresented that the students had infringed the company’s copyright and ordered the company to pay damages and fees to two students and a nonprofit internet service provider, Online Policy Group. Last October, students at Swarthmore College in Pennsylvania posted copies and links to some 13,000 internal Diebold company memos that an anonymous source had leaked to Wired News. The memos suggested that the company was aware of security flaws in its voting system when it sold the system to states. Diebold sent several cease-and-desist letters to the students and threatened them with litigation, citing the Digital Millennium Copyright Act, or DMCA. Online Policy Group was also threatened after someone posted a link to the memos on a website hosted by the ISP. Diebold said the memos were stolen from a company server and that posting them or even linking to them violated the copyright law. The Electronic Frontier Foundation, which took on the case for the Online Policy Group, argued that the memos were an important part of the public debate on electronic voting systems. http://www.wired.com/news/evote/0,2645,65173,00.html Decision at
http://www.lessig.org/blog/archives/diebold.pdf

U.N. WARNS OF NUCLEAR CYBER ATTACK RISK (SecurityFocus.com, 27 Sept 2004) -- The United Nations’ nuclear watchdog agency warned Friday of growing concern about cyber attacks against nuclear facilities. The International Atomic Energy Agency (IAEA) announced in a statement that it was developing new guidelines aimed at combating the danger of computerized attacks by outside intruders or corrupt insiders. “For example, software operated control systems in a nuclear facility could be hacked or the software corrupted by staff with insider access,” the group said. The IAEA’s new guidelines on “Security of Information Technology Related Equipment and Software Based Controls Against Malevolent Acts” are being finalized now, said the agency. The announcement came out of the agency’s 48th annual general conference attended by 137 nations. Last year the Slammer worm penetrated a private computer network at Ohio’s idled Davis-Besse nuclear plant and disabled a safety monitoring system for nearly five hours. The worm entered the plant network through an interconnected contractor’s network, bypassing Davis-Besse’s firewall. News of the Davis-Besse incident prompted Rep. Edward Markey (D-MA) last fall to call for U.S. regulators to establish cyber security requirements for the 103 nuclear reactors operating in the U.S., specifically requiring firewalls and up-to-date patching of security vulnerabilities. By that time the U.S. Nuclear Regulatory Commission (NRC) had already begun working on an official manual to guide plant operators in evaluating their cybersecurity posture. But that document, finalized this month, “is not directive in nature,” says Jim Davis, director of operations at the Nuclear Energy Institute, an industry association. “It does not establish a minimum level of security or anything like that. That isn’t the purpose of the manual.” A related industry effort will establish management-level cyber security guidelines for plant operators, says Davis, who believes industry efforts are sufficient. http://www.securityfocus.com/printable/news/9592

PUTNAM TO LEAVE GOVERNMENT REFORM FOR RULES COMMITTEE (GCN, 28 Sept 2004) -- Rep. Adam Putnam, the force behind much of Congress’ oversight of federal IT during the last two years, is moving from the House Government Reform Committee to the Rules Committee effective today. Putnam will take the place of Rep. Porter J. Goss, another Florida Republican, who left the committee and his Hill office last week to become the director of the CIA. Since January of last year, Putnam had been the chairman of the Government Reform Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census. During his tenure on the subcommittee, Putnam held more than 30 hearings on key IT topics, including the Quicksilver e-government projects, the role of federal CIOs, security, enterprise architecture, and investment control and planning. He also published two agency cybersecurity report cards and pressed industry for more accountability on systems security. Most recently, Putnam sponsored an amendment to the House’s 9/11 legislation to require that cybersecurity be included throughout the systems planning and development process. http://www.gcn.com/vol1_no1/daily-updates/27472-1.html [Editor: Rep. Putnam was doing important work, well. He’ll be hard to replace.]

ARNOLD VETOES PRIVACY BILL (Wired, 30 Sept 2004) -- A California bill protecting the privacy of internet and e-mail usage at work met the red veto pen of Gov. Arnold Schwarzenegger on Wednesday. The would-be law, SB 1841, would have required the state’s employers to provide “clear and conspicuous” notice before electronically monitoring the e-mail or internet usage of employees. Not doing so would have become a misdemeanor in the California penal code. Schwarzenegger shot the bill down because businesses need to retain the perogative to monitor employee activities, his office said. “For business purposes, employers should have the ability to monitor employee activity in order to ensure (internet and e-mail) access is not being abused,” Schwarzenegger said. http://www.wired.com/news/privacy/0,1848,65152,00.html

U.S. CYBERSECURITY CHIEF ABRUPTLY RESIGNS, CITES FRUSTRATION (SiliconValley.com, 1 Oct 2004) -- The government’s cybersecurity chief has abruptly resigned from the Homeland Security Department amid a concerted campaign by the technology industry and some lawmakers to persuade the Bush administration to give him more authority and money for protection programs. Amit Yoran, a former software executive from Symantec Corp., made his resignation effective Thursday as director of the National Cyber Security Division, giving a single’s day notice of his intention to leave. He kept the job one year. Yoran has privately confided to industry colleagues his frustrations in recent months over what he considers the department’s lack of attention paid to computer security issues, according to lobbyists and others who recounted these conversations on condition they not be identified because the talks were personal. Yoran said Friday he ``felt the timing was right to pursue other opportunities.” It was unclear immediately who might succeed him even temporarily. Yoran’s deputy is Donald A. “Andy” Purdy, a former White House adviser on cybersecurity. [Editor: Richard Clark, Howard Schmidt, and now Amit Yoran – we keep losing the best and the brightest.]
http://www.siliconvalley.com/mld/siliconvalley/news/editorial/9811404.htm

-- and --

CYBER-SECURITY TO GET HIGHER-PROFILE LEADER (Washington Post, 13 Oct 2004) -- Homeland Security Secretary Tom Ridge said yesterday that the role of overseeing computer security and the Internet should have a higher profile at the agency, in the face of increasing concern from technology executives and experts that cyber-security is getting inadequate attention. Ridge told an industry council that advises the White House that the agency was creating a new position of assistant secretary to be responsible for both cyber- and telecommunications security, according to two executives who heard the remarks. But hours later, Homeland Security spokesman Brian Roehrkasse said that despite Ridge’s comments, final details on the title and responsibilities of the elevated position had not been decided. An administration source who spoke on the condition of anonymity later said Ridge misspoke; the job will instead be deputy assistant secretary. http://www.washingtonpost.com/wp-dyn/articles/A28019-2004Oct12.html

U.S. OFFERS INTERNET DOWNLOADS OF NEW $50 BILL (SiliconValley.com, 1 Oct 2004) -- The U.S. government will offer over the Internet low-quality images of its new $50 bill for artists, students and others who discover that their computers, scanners or printers won’t allow them to view or copy pictures of the new currency. Uncle Sam is making sure that computers won’t cooperate with would-be counterfeiters -- even as it tries to accommodate consumers who legitimately want or need images of the currency. The government said it also will consider individual requests for higher-quality images -- such as might be used in commercial art projects. The low-quality images, suitable for school projects and other uses, will be available free at www.moneyfactory.com, a Web site run by the Bureau of Engraving and Printing. The new $50 bill was introduced this week. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/9809934.htm

COURT TO REHEAR EMAIL PRIVACY CASE (LinuxElectrons, 5 Oct 2004) -- The First Circuit Court of Appeals decided today to rehear arguments in a case that could have a profound effect on email privacy. Last month, the Electronic Frontier Foundation (EFF) submitted a friend-of-the-court brief in the case, US v. Councilman, urging such a rehearing. In the earlier decision, a panel of First Circuit judges ruled that an email service provider did not violate criminal provisions of the Wiretap Act by monitoring the content of users’ incoming messages without their consent. However, the Wiretap Act is the same law that requires the government to get a wiretap order before intercepting emails, and the panel decision could be read to eliminate this requirement. As the panel itself admitted, “it may well be that the protections of the Wiretap Act have been eviscerated as technology advances.” The brief requesting a rehearing, authored by law professors Orin Kerr and Peter Swire and cosigned by a number of civil liberties organizations, argued that the original panel decision in the Councilman case should be reheard by the entire First Circuit Court of Appeals. “The First Circuit clearly understands the need to quickly reconsider the court’s earlier ruling, which raised significant constitutional questions and threatened to disrupt the traditional understanding of wiretap law,” said Kevin Bankston, EFF attorney and Equal Justice Works/Bruce J. Ennis fellow. “Upon rehearing the case, the full First Circuit should recognize that the original decision rewrote the field of Internet surveillance law in ways that Congress never intended.” http://www.linuxelectrons.com/article.php/20041005185439620 Friend-Of-The-Court Brief at http://www.eff.org/legal/cases/US_v_Councilman/20040902_Councilman_Brief.pdf

FIRMS FAILING ON SECURITY: STUDY (AustralianIT, 7 Oct 2004) – Global corporations are failing to safeguard their information networks against potent threats from viruses, worms and especially their own employees, according to a report by consultancy firm Ernst and Young. The Global Information Security Survey found that while corporate leaders were increasingly aware of the risks to their information security from people within their organisations they are not acting on that knowledge. “More than 70 per cent of the companies surveyed failed to list training and raising employee awareness about information security issues as a top initiative,” the report said. Ernst and Young polled more than 1,233 organisations from across 70 countries. There were 69 respondents from India, making it the second-largest country sample. “While organisations remain focused on external threats such as viruses the internal threats are constantly being under-emphasised,” said Terry Thomas, partner, Ernst and Young’s Risk and Business Solution Practice. http://australianit.news.com.au/articles/0,7204,10997993%5E15331%5E%5Enbv%5E15306-15319,00.html

THE PROPOSED FEDERAL E-DISCOVERY RULES (Findlaw, Oct 2004; commentary by Prof. Anita Ramasastry) -- In recent lawsuits, the proverbial smoking gun may not be an interoffice memorandum found in a locked file cabinet. Instead, it may be an e-mail message stored and forgotten on someone’s hard drive. This reality has significantly altered discovery - the process by which parties to a litigation request documents from each other; produce documents to each other; and serve and answer each other’s interrogatories and requests for admission. Accordingly, on August 15, the federal judiciary disseminated a proposed set of rules to govern “e-discovery” - that is, the exchange of electronic information in litigation proceedings. At present, at least four federal district courts have adopted local rules to address e-discovery. Two states have also court rules that specifically address e-discovery. The proposed federal amendments would be the first attempt to create a coherent set of rules for the entire federal judiciary. The proposal, if adopted, would amend the Federal Rules of Civil Procedure (FRCP), which govern all federal civil litigation -- and would take effect by December 1, 2006. Currently, we are within the six-month period during which comments on the rules can be made to the Advisory Committee on Federal Rules. In this column, I will comment on the strengths and weaknesses of the draft e-discovery rules. * * * http://practice.findlaw.com/cyberlaw-1004.html

PRESCRIPTION DRUGS ONLINE (Pew Internet & American Life, 10 Oct 2004) -- The prescription drug market is enormous and now includes millions of Americans who go online to get information about the medicines they consume. According to a May-June 2004 telephone survey of 2,200 American adults, 64% of American households contain a regular user of prescription drugs. One in four Americans (26%) has used the internet to look for information about prescription drugs. Just 4% of Americans have ever purchased prescription drugs on the internet. Prescription drug spam plagues many internet users – especially men. http://www.pewinternet.org/PPF/r/139/report_display.asp (full report at http://www.pewinternet.org/pdfs/PIP_Prescription_Drugs_Online.pdf)

ALLEGED SPAMMER SETTLES WITH MASSACHUSETTS (CNET, 11 Oct 2004) -- DC Enterprises has agreed to settle a spam-related case with the Massachusetts Attorney General’s office, marking a resolution of the first state case under the federal Can-Spam Act, state regulators announced Monday. Under the case, filed in June, Massachusetts Attorney General Tom Reilly alleged that DC Enterprises and Carson sent thousands of unsolicited commercial e-mails touting low-interest mortgages. But the bulk e-mails allegedly failed to provide a working “opt out” provision that would have allowed recipients to prevent future e-mails, did not clearly identify the notices as advertisements and used a nonfunctioning return address--all of which violate provisions of the Can-Spam Act and the Massachusetts Consumer Protection Act. http://news.com.com/2100-1030_3-5406062.html

U.S. FUNDS CHAT-ROOM SURVEILLANCE STUDY (SiliconValley.com, 11 Oct 2004) -- Amid the torrent of jabber in Internet chat rooms - flirting by QTpie and BoogieBoy, arguments about politics and horror flicks - are terrorists plotting their next move? The government certainly isn’t discounting the possibility. It’s taking the idea seriously enough to fund a yearlong study on chat room surveillance under an anti-terrorism program. A Rensselaer Polytechnic Institute computer science professor hopes to develop mathematical models that can uncover structure within the scattershot traffic of online public forums. Chat rooms are the highly popular and freewheeling areas on the Internet where people with self-created nicknames discuss just about anything: teachers, Kafka, cute boys, politics, love, root canal. They are also places where malicious hackers have been known to trade software tools, stolen passwords and credit card numbers. The Pew Internet & American Life Project estimates that 28 million Americans have visited Internet chat rooms. Trying to monitor the sea of traffic on all the chat channels would be like assigning a police officer to listen in on every conversation on the sidewalk - virtually impossible. Instead of rummaging through megabytes of messages, RPI professor Bulent Yener will use mathematical models in search of patterns in the chatter. Downloading data from selected chat rooms, Yener will track the times that messages were sent, creating a statistical profile of the traffic. http://www.siliconvalley.com/mld/siliconvalley/news/9894237.htm

JUSTICE DEPT. WANTS NEW ANTIPIRACY POWERS (ZDnet, 12 Oct 2004) -- The U.S. Justice Department recommended a sweeping transformation of the nation’s intellectual-property laws, saying peer-to-peer piracy is a “widespread” problem that can be addressed only through more spending, more FBI agents and more power for prosecutors. In an extensive report released Tuesday, senior department officials endorsed a pair of controversial copyright bills strongly favored by the entertainment industry that would criminalize “passive sharing” on file-swapping networks and permit lawsuits against companies that sell products that “induce” copyright infringement. “The department is prepared to build the strongest, most aggressive legal assault against intellectual-property crime in our nation’s history,” Attorney General John Ashcroft, who created the task force in March, said at a press conference in Los Angeles on Tuesday afternoon. In an example of the Justice Department’s hunger for new copyright-related police powers, the report asks Congress to introduce legislation that would permit wiretaps to be used in investigating serious intellectual-property offenses and that would create a new crime of the “importation” of pirated products. It also suggests stationing FBI agents and prosecutors in Hong Kong and Budapest, Hungary, to aid local officials and “develop training programs on intellectual-property enforcement.” http://news.zdnet.com/2100-9588_22-5406654.html Report at http://www.cybercrime.gov/IPTaskForceReport.pdf

YOU NEED A ROBOLAWYER (Wired, 13 Oct 2004) – I have a recurring nightmare. Microsoft CEO Steve Ballmer shows up on my doorstep demanding my left kidney, claiming that I agreed to this in some “clickwrap” contract. In my waking life, I am inundated with such agreements - privacy policies, downloading poliicies, security policies, software licensing agreements - all vying for my assent. As a lawyer, I write these contracts for clients, but I must confess that I never read them online. Who has the time? Unfortunately, the law assumes we all do - and that by clicking, we are “agreeing” to the unread privacy policy, to spyware being installed on our systems, or to pornographic pop-up ads. Almost every site has terms and conditions; as a result, regular Internet users are faced with dozens of such agreements a week. Some come in the form of the ubiquitous “I Agree” button, others in the form of prose hidden at the bottom of the homepage under the moniker “Legal.” Increasingly, companies have been putting some pretty nasty things into their clickwrap agreements - such as that they can collect and sell your detailed personal information or install software that will capture your every keystroke. A few firms have you agree that, even if they violate their own promises to secure your information, you won’t ever sue. This is not legal boilerplate, the kind that everybody assents to when renting a car or buying a ticket to a ball game. It affects the privacy, security, and operability of all the information you access online. What is needed - desperately - is a law robot. A browser-based automaton that could be adjusted to match your tolerance for legal mumbo jumbo. Take privacy agreements, for example: The browser could be set to share your identity only with sites that promise to use the information solely to complete your purchase, or that agree not to share it with third parties, or any of a host of options. Web site operators would use a similar query-based method to set up their privacy policies. Of course, they could write their own language, but they would then run the risk that your robolawyer wouldn’t accept it. http://www.wired.com/wired/archive/12.10/view.html?pg=2

NY CT REFUSES TO ENFORCE AOL FORUM SELECTION CLAUSE (BNA’s Internet Law News, 14 Oct 2004) -- BNA’s Electronic Commerce & Law Report reports that a New York Civil Court has refused to enforce a forum selection clause in AOL’s terms of service that gives Virginia courts exclusive jurisdiction to resolve disputes between AOL and its users. The court ruled that the clause violates New York public policy favoring small claims court adjudication of low-dollar claims. Case name is Scarcella v. AOL.

-- and --

CLICKWRAP’S FORUM SELECTION CLAUSE APPLIED TO TORT CLAIM (BNA’s Internet Law News, 28 Oct 2004) -- BNA’s Electronic Commerce & Law Report reports on Mortgage Plus v. DocMagic, a Kansas district court case that held that a forum selection clause contained in a software license agreement is broad enough to encompass a tort claim arising from the use of the software. The court also upheld the enforceability of the clickwrap agreement, distinguishing an earlier Kansas case that held unenforceable a shrinkwrap agreement.

E-COMMERCE EXPERTS: YOU AIN’T SEEN NOTHING YET (CNET, 15 Oct 2004) -- Some Internet pioneers who survived the roller-coaster of the dot-com boom and bust said Friday that the ride has only just begun. Much work and much opportunity lie ahead for e-commerce companies, executives from Yahoo, VeriSign and CNET Networks (publisher of News.com) said during a panel discussion here on Friday to commemorate the 10-year anniversary of e-commerce. “We haven’t even started yet; we’re really in ‘E-commerce 101,’” said Dan Rosensweig, chief operating officer of Yahoo. “I think this is going to get really fun in the next 10 years.” Though the date is debatable, it’s thought that the first secure e-commerce transaction took place sometime in the summer of 1994. A company called NetMarket, now owned by Cendant, claimed it conducted the first encrypted Web transaction on Aug. 11, 1994, with the sale of the Sting CD “Ten Summoner’s Tales.” Since then, e-commerce has become a relatively small, but booming sliver of the United States economy. According to Department of Commerce figures, e-commerce accounted for 1.7 percent of all U.S. consumer sales in the second quarter of 2004. The panelists were enthusiastic on Friday about the prospects of increasing that amount closer to a double-digit figure, despite growing fears over identity theft, fraud, privacy invasion and online nuisances such as viruses, worms and spam that have taken root on the Web right along side online shopping. The panelists offered an array of ideas about how e-commerce might evolve in positive ways over the next few years. Most speakers agreed that the sales of music, movies, games and other digital products represent one of the most exciting and dynamic areas of e-commerce. Internet visionaries are also working on ratcheting up so-called personalization and localization technology to make Web sites anticipate a shopper’s every need wherever they happen to be. Another holy grail is the prospect of luring consumers to shop over their cell phones--a big trend in Asian countries that hasn’t caught on as much in the United States. Rosensweig and Bonnie predicted that Web logs and online communities such as Friendster would come to incorporate e-commerce features through “favorites” lists for music and games. The panelists agreed that online auctions and the migration of electronic transactions from proprietary Electronic Data Interchange networks to the Internet, will continue to grow and thrive. http://news.com.com/E-commerce+experts+You+aint+seen+nothing+yet/2100-1038_3-5412507.html?tag=nefd.top

BRITISH COURT ORDERS IDS OF DOWNLOADERS (AP, 15 Oct 2004) -- The High Court in London has ordered Internet service providers to hand over the names and addresses of 28 alleged music pirates to Britain’s trade body for the recording industry. The British Phonographic Industry Ltd., or BPI, Friday welcomed the court order by Justice William Blackburne as the first step to suing people it accuses of promoting the illegal downloading of copyrighted music. The ruling is a victory for both the BPI and its umbrella organization, the International Federation of the Phonographic Industry, IFPI, which announced earlier this month that its affiliates were filing a total of 459 lawsuits against alleged Internet pirates in Britain, France, Germany, Denmark, Italy and Austria. The lawsuits target people alleged to have put hundreds of copyright songs onto Internet file-sharing networks and offered them to millions of people worldwide without permission. The IFPI claims piracy is behind a global slump in music sales that began in 2000. It says worldwide sales of recorded music fell 7.6 percent in 2003, following a similar drop the previous year. U.S. music sales have been on the rebound since fall 2003. The court order issued Thursday by Blackburne requires the service providers, or ISPs, to identify the 28 individuals within two weeks. The BPI called the 28 “major file-sharers” who were providing an estimated 7 million British people, and unknown millions worldwide, with illegal downloads of music. http://story.news.yahoo.com/news?tmpl=story&cid=528&e=4&u=/ap/20041015/ap_on_hi_te/britain_music_piracy

COURT ORDERS NEW PROTECTIONS IN RIAA SUITS (BNA’s Internet Law News, 28 Oct 2004) -- A Pennsylvania district court has issued an order that will force the RIAA to better respect the privacy and due process rights of people it has accused of copyright infringement. After the RIAA asked the court to issue subpoenas to ISPs for the names and addresses of people they suspect of infringement, the court issued an order that the ISPs must first send their customers detailed notices about the subpoenas, including information about how the accused suspects can contest the subpoenas. Order at http://www.eff.org/IP/P2P/RIAA_v_ThePeople/20041012_Order_Granting_Request.pdf

3 STATE UTILITIES MAY OFFER INTERNET VIA POWER LINES (SeattlePI.com, 16 Oct 2004) -- Clearing the way for homes and businesses to receive high-speed Internet services through their electrical outlets, the Federal Communications Commission adopted rules this week that would enable the utility companies to offer an alternative to the broadband communications services now provided by cable and phone companies. And at least two of Washington state’s utilities are rolling out pilot projects in central and Eastern Washington or planning to. And a third, Seattle City Light, is moving in that direction. The new broadband Internet service is more than a year away from becoming widely available. But the FCC’s ruling is expected to significantly increase the level of investment and interest by the utilities, which had been stymied in previous attempts to offer new services over power lines. They reach more American homes than either telephone lines or television cables. So far, the technology has been limited mainly to experiments around the country, although a commercial version recently became available in some communities near Cincinnati. http://seattlepi.nwsource.com/business/195511_powerline16.html

WIKI WARS (RedHerring.com, 14 Oct 2004) -- Wikis, touted as the next big thing in online content, have become the latest battleground in the presidential election as users of online encyclopedia Wikipedia, the best-known wiki, squabble over entries related to President George W. Bush and Democratic challenger John Kerry, the junior senator from Massachusetts. Disputes over content related to Mr. Bush and Mr. Kerry have been growing since August, prompting the popular reference site’s administrators to warn users last month that election-related entries may be the focus of “contention and debate – possibly diminishing their neutrality.” Wikis like Wikipedia are web sites that encourage users to share information by allowing them to freely write and edit content. Wikipedia community members held an online town hall meeting last month to try to solve the disputes over the entries, to no avail. Meanwhile, Wikipedia’s administrators are periodically “freezing” contentious pages – locking out any edits for brief periods of time. Since May, Wikipedia’s Mr. Kerry entry has been frozen at least seven times, while its Mr. Bush page has been locked down almost as often. Indeed, entries for Mr. Bush and Mr. Kerry have become the most contentious in the history of Wikipedia, said Wikipedia creator Jimmy Wales, president of the Wikipedia Foundation, which is based in St. Petersburg, Florida. Mr. Bush and Mr. Kerry have created even more debate than entries for sex and religion. As of October 8, Wikipedia’s President Bush entry had been tweaked 3,953 times. Its entry for Senator Kerry had been modified 3,230 times. By contrast, Wikipedia’s article on Jesus has only been edited 1,855 times since the site’s inception in 2001. http://redherring.com/Article.aspx?a=10909&hed=Wiki+wars

-- and --

SITE SEEKS TO SPUR POLITICAL AD SWAPS (CNET, 19 Oct 2004) -- Voters in political ad-saturated swing states might want to avoid the P2P Politics Web site, which aims to let people swap campaign commercials via e-mail. But for anyone who has missed the ads now barraging battleground states with all the relentlessness of a Florida hurricane, a trip to the new civic-minded site might be in order. The new Web site is backed by Stanford professor Lawrence Lessig and his Creative Commons foundation, which promotes a version of copyright that facilitates widespread distribution and use of content. “Political ads have one purpose,” Lessig said in a statement. “That is to elect the candidate they support. With just...two weeks to go, we expect the campaigns will be eager to help their supporters get the message out.” Indeed, although the site’s role in shifting voters’ opinions is likely to be small, it is a real part of what has been a radical transformation in campaigning and political awareness this year due to the Internet. http://news.com.com/2100-1028_3-5418034.html

WEST VIRGINIA TO START GRID (FCW.com, 14 Oct 2004) -- This fall, West Virginia will launch its Global Grid Exchange, an open public infrastructure that will bring together idle or unused computer processing power throughout the state. The grid is funded through the state’s Economic Development Authority, and developed under the West Virginia High Technology Consortium Foundation. Participants hope that bringing together unused computing resources via the Internet will create a grid that provides a common and inexpensive infrastructure for government, academia and industry. According to state officials, the Global Grid Exchange will be the largest public computing grid in the world. “The response to this effort from around the state has been incredible, resulting in an amazing commitment of donated computing resources — from PCs to mainframes — that will help power the Global Grid Exchange,” Gov. Bob Wise said in a statement. Initially, the infrastructure will be available for economic development initiatives within West Virginia, but the goal is to open it to anyone around the world, said James Estep, president and chief executive officer of the foundation. The concept of grid computing, which focuses on distributed computational power, has been around for decades. One of the most famous is the Search for Extraterrestrial Intelligence project, which uses idle processing power on computers around the world connected through the Internet. http://www.fcw.com/geb/articles/2004/1011/web-grid-10-14-04.asp

NSA PLOTS SOFTWARE CENTER (FCW, 15 Oct 2004) -- The National Security Agency’s top information security official disclosed plans this week for a government-funded research center devoted to improving the security of commercial software, calling the initiative a modern-day Manhattan Project. Comparing the proposed high-assurance software initiative to the famous atomic bomb research project of the 1940s, NSA’s director for information assurance, Daniel Wolf, said the research would focus on tools and techniques for writing secure software and detecting malicious code hidden in software. Before NSA officials can create the center, the Defense secretary must approve the concept and find money for the project, Wolf said. He gave the keynote address at the Microsoft Corp. Security Summit East in Washington, D.C., earlier this week. The quality and trustworthiness of commercial software has become a matter of increasing concern to NSA officials, who are responsible for the security of Defense Department and intelligence software. NSA officials anticipate that many companies on whose software DOD and intelligence users rely will be moving significant portions of their commercial software development overseas within a few years. NSA officials cannot force companies to develop software a certain way, Wolf said, “but we would like to get them to a point where they are producing commercial products that meet the needs of our users.” About 95 percent of the agency’s desktop PCs run Microsoft’s Windows operating system, Wolf said. http://www.fcw.com/fcw/articles/2004/1011/web-manh-10-15-04.asp

DRAFT EU ANTI-TERROR PLAN CALLS FOR RETENTION OF DATA FOR 12 MONTHS (SiliconValley.com, 15 Oct 2004) -- European Union governments are pushing through contentious new plans to retain data from telephone calls and e-mails for a minimum period of 12 months as part of new anti-terrorist and cybercrime proposals. The plan would not include the recording of actual calls -- only at what times calls or e-mails were sent and to whom. A draft proposal for new data retention rules, obtained by The Associated Press on Friday, calls for EU-wide standards on what data can be accessed by authorities in criminal and anti-terror investigations. The proposal, an update of one first submitted in April by Britain, France, Sweden and Ireland, aims to harmonize existing rules and standardize access to such data for all EU governments. EU leaders made the proposal one of their key anti-terror priorities at a summit following the March 11 rail bombings in Madrid and set a June 2005 deadline to have a new law on the books. In a move that has angered privacy advocates and industry, the draft calls for telecommunications providers to retain their records for at least 12 months in case police investigators need to check them. The draft acknowledges it ``may constitute an interference in the private life of the individual” but says the regulation, if approved, would not violate privacy rules. A report backed by some 90 privacy advocate groups and 80 companies said collecting such data was ``an invasive act.” The groups say the proposal would violate European human rights conventions. Industry groups, meanwhile, fear it will have to foot the bill for keeping the data, and that not enough consultation is being done. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/9929350.htm

PRINTERS BETRAY DOCUMENT SECRETS (BBC, 18 Oct 2004) -- US scientists have discovered that every desktop printer has a signature style that it invisibly leaves on all the documents it produces. They have now found a way to use this to identify individual laser printers. The work will help track down printers used to make bogus bank notes, fake passports and other important papers. Before now it was thought that the differences between cheap, mass-produced desktop printers were not significant enough to make individual identification possible. But a team from Purdue University in Indiana led by Professor Edward Delp has developed techniques that make it possible to trace which printer was used to produce which document. In 11 out of 12 tests, the team’s methods identified which model of desktop laser printer was used to print particular documents. “We also believe that we will be able to identify not only which model of printer was used but specifically which printer was used,” Professor Delp said. http://news.bbc.co.uk/2/hi/technology/3753886.stm and http://www.techweb.com/article/printableArticle.jhtml;jsessionid=XB3UF3S22L1UYQSNDBGCKHSCJUMEKJVN?articleID=49901439&site_section=700031

WEBSITE ACCESSIBILITY - UK AND US DEVELOPMENTS (Morrison & Foerster, 18 Oct 2004) -- In countries where access to the Internet is widespread, there are still substantial segments of the population who are at risk of being marginalized because of the way the web is being designed and built. Users with hearing or sight-related disabilities, and those with restricted mobility, often cannot access the web. Common problems like the inability to adjust font sizes for text displays, the lack of alternative audio and visual content, and poor navigational structures requiring multiple mouse-clicks, all contribute to a lack of accessibility for these users. Like many organizations today, MoFo is currently evaluating and redesigning its site to enhance its performance and ensure accessibility for all users. http://www.mofo.com/news/general.cfm?MCatID=&concentrationID=&ID=1348&Type=5

A HITCH IN OFFERING ONLINE PRICES (New York Times, 18 Oct 2004) – Kayak.com and other newly minted companies want to end the traveler’s frustration at scanning multiple Web sites to find the cheapest prices for flights, hotels and car rentals. Whether those sites will allow such searches is another matter. Travel search engines take aim at the most headache-inducing task for online shoppers: examining numerous major e-travel agency sites, like Expedia, Orbitz and Travelocity, as well as airline, hotel and car rental company sites, to find the best prices. Kayak and its chief competitors, SideStep.com, Mobissimo.com and Yahoo, conduct those searches on their customers’ behalf, and highlight the cheapest fare. (Another search site, Qixo.com, charges a fee for bookings.) Yet not all travel agencies and suppliers want the search engines to scan their sites, arguing that services should not be compared on price alone. As a result, the search sites could miss some bargains, forcing travelers to continue shopping. Steve Hafner, Kayak’s chief executive, suggested that this will not be a long-term problem. “It’s a rare supplier that doesn’t want their services marketed to consumers,” he said. “Until we can show a little more information about some of the products, we won’t get all the suppliers involved. But I haven’t encountered a site that says ‘Please don’t show us in your results.’” But at least one company is saying just that. Travelocity’s chief executive, Michelle Peluso, said that Kayak was posting her site’s fares without the company’s consent and that she would contact Kayak soon to determine how and when the data would be removed. “We’ll evaluate it over time, but I’m not convinced that any of them are good for consumers, suppliers or us,” Ms. Peluso said. “I see these as commoditizing travel at a time when we’re working hard with suppliers to go in the opposite direction.” Aside from undermining the sites’ claims about finding the lowest available fares, Travelocity’s abstention would eliminate a source of revenue. In addition to advertising fees, travel search sites typically earn commissions for bookings or for delivering prospective customers to other companies. http://www.nytimes.com/2004/10/18/business/18ecom.html?ex=1255752000&en=522caf6659d9082a&ei=5090&partner=rssuserland

KEYCHAIN REMOTE CONTROL TURNS OFF MOST TVS (AP, 19 Oct 2004) -- A lot of people love television but apparently some people have had enough of it, too. A new keychain gadget that lets people turn off most TVs — anywhere from airports to restaurants — is selling at a faster clip than it would take most people to surf the channels on their boob tubes. “I thought there would just be a trickle, but we are swamped,” the inventor, Mitch Altman of San Francisco, said Monday in an interview. “I didn’t know there were so many people who were into turning TV off.” Hundreds of orders for Altman’s $14.99 TV-B-Gone gadget poured in Monday after the tiny remote control was announced in Wired magazine and other online media outlets. At times, the unexpected attention overloaded and crashed the Web site of his company, Cornfield Electronics. The keychain fob works like a universal remote control but one that only turns TVs on or off. With a zap of a button, the gizmo goes through a string of about 200 infrared codes that controls the power of about 1,000 television models. Altman said the majority of TVs should react within 17 seconds, though it takes a little more than a minute for the gizmo to emit all the trigger codes. http://story.news.yahoo.com/news?tmpl=story&cid=528&e=1&u=/ap/20041020/ap_on_hi_te/tv_be_gone

PAY-AS-YOU-GO SOFTWARE LICENSING GOING SLOW (CNET, 19 Oct 2004) -- Pay-as-you-go software might sound like a fine idea in principle, but it’s a bear to put into practice. That was the gist of conversation at the SoftSummit conference, as software executives discussed the promise and reality of utility computing and subscription pricing. Utility computing, a tech buzzword, essentially promises that a company will have to pay for only the computing resources it actually uses, dramatically cutting costs and improving efficiency. Sounds good on paper, but both software makers and customers have been slow and inconsistent in committing to the model, for reasons ranging from economics to privacy. For the software industry, utility pricing poses a threat to the bottom line, said Jason Maynard, an analyst at Merrill Lynch. It’s hard to precisely predict software needs, and under standard perpetual license models, that usually results in drastic overbuying. “We have an industry that’s still addicted to the crack of perpetual licensing,” Maynard said. That’s why utility pricing, to date, has largely been restricted to upstarts like Salesforce.com, where the whole business model is built around alternative pricing, he said. “I don’t think you’re going to see the big vendors change out of inspiration,” Maynard said. “This is going to be a slow transition that happens as customers demand this.” Also, usage-based pricing is new and thus inspires all sorts of novel legal issues, said Erik Larson, director of product management for software maker Macromedia. That means lengthy contracts that are expensive for software makers to hash out, making them reluctant to apply utility pricing to all but their biggest accounts. “People don’t think much about the end-user agreement that comes with a perpetual license, even though it’s a big legal contract, because the terms are pretty familiar, at this point,” he said. “With utility pricing, by its nature, everything’s different. Those contracts are 200 pages and take a whole team of lawyers to work out.” One of the biggest areas for potential dispute is what gets measured and how. Software usage can be volatile and hard to predict, and coming up with a metering scheme fair to all is a fine balancing act, said David Rowley, vice president of business development for copy protection specialist Macrovision. “When you go in and lease a car, the contract says so many cents per mile, and people have a pretty good idea of how much they’re going to drive in a year,” Rowley said. “Software isn’t necessarily like that.” Customers may also have issues with how much information the software maker gets to collect. Usage patterns for key applications can provide valuable information on a company’s business plans, making companies reluctant to share such data, even with the folks who made the application, said Rowley, likening the situation to telling Sprint, “you can keep track of my minutes but not whom I’m calling.” Dan Griffith, software asset manager at Motorola’s Freescale Semiconductor subsidiary, said there’s big business awaiting whoever comes up with the software equivalent of an electricity meter. “As the utility model moves forward, somebody needs to make a meter the customer accepts and the vendor accepts,” he said. http://news.com.com/Pay-as-you-go+software+licensing+going+slow/2100-7784_3-5418184.html?tag=nefd.top

FCC CHAIR TO SEEK NET TELEPHONE OVERSIGHT (AP, 19 Oct 2004) – FCC Chairman Michael Powell said Tuesday that he would seek broad regulatory authority for the federal government over Internet-based telephone services to avoid stifling the emerging market. Powell told a receptive audience at an industry conference that letting states regulate Voice over Internet Protocol,or VoIP, services would lead to a patchwork of conflicting rules like those which have ensnarled the traditional phone business for decades. To do so, Powell said, “is to dumb down the Internet back to the limited vision of government officials. That would be a tragedy.” After his speech, Powell told reporters he expected to introduce a proposal to the full Federal Communications Commission (news - web sites) in less than a month, and definitely before a new Congress begins its session in January. “We cannot avoid this question any longer,” he said. “It is very likely that treatment of VOIP will have some of the farthest reaching consequences of anything this commission has done or will do.” http://story.news.yahoo.com/news?tmpl=story&cid=528&e=2&u=/ap/20041019/ap_on_hi_te/powell_voice_over_net

ISRAELI DRAFT BILL TO LEGALIZE CD BURNING FOR PRIVATE USE (GLOBESonline, 20 Oct 2004) -- The Ministry of Justice is proposing a draft bill to legalize CD burning for private use. The ministry yesterday published a draft Copyright Law (Duplication of Material) to legalize the private copying of music CDs, provided that it is done on stipulated types of media. A fee will be paid to the holders of the copyright, performers and recording producers for these types of media. The purpose of the draft bill is to settle in a balanced manner the widespread private copying of music. In discussions prior to the publication of the draft bill, Minister of Justice Joseph (Tomy) Lapid stated that the legal authorities should make it clear to the public that the copying of CDs was permitted for private use, and did not infringe copyrights. At the same time, royalties should be set to be paid to artists and producers who invest their best time, money and talent in their creations, and have the right to be paid for their work. http://www.globes.co.il/serveen/globes/docview.asp?did=845974&fid=942

GOOGLE TAKES ON YOUR DESKTOP (New York Times, 21 Oct 2004) – The modern PC is a marvel, isn’t it? Here’s a machine that lets an ordinary person with very little training create a new document, check its spelling, dress it up with graphics, send it electronically to someone across the globe - and then save it accidentally into some dark corner of the hard drive, where it will never be seen again. Of course, every operating system offers a Find command. But the one in Windows is not, ahem, Microsoft’s finest work. Last week, Google took the wraps off its latest invention: Google Desktop Search. As the name implies, it’s software that applies the famous Google search technology to the stuff on your own hard drive. It’s free, it’s available right now for Windows XP and 2000 (desktop.google.com), and it’s terrific. Like the Windows search program, Google Desktop can find files by name, including photos, music files and so on. But it can also search for words inside your files, including Word, Excel and PowerPoint documents. That’s a relief when you can’t remember what you named a file, but you do remember what it was about - or when a marauding toddler renamed your doctoral thesis “xggrjpO#$5%////.” (Windows offers this feature, too, but it’s hard to find, hard to turn on and poorly documented.) For its final trick, Google Desktop does something so profound it may change the way you think about your PC forever: It can search any Web page you’ve ever seen, any e-mail message you’ve opened and the transcript of any instant-message chat you’ve had. * * * [You] can also turn off any of the searchable item types. If, for example, you’d rather not make your Web-surfing sessions available for searching by other family members, turn off that feature. You can also omit only secure Web pages from the log, so that your banking and stock transactions aren’t available for recall. (Even so, corporations should carefully consider the security ramifications of Google Desktop’s logging features.) http://www.nytimes.com/2004/10/21/technology/circuits/21stat.html?ex=1256011200&en=d6c013f692e0c33f&ei=5090&partner=rssuserland and http://www.siliconvalley.com/mld/siliconvalley/news/editorial/9952488.htm

E.U. STRUGGLES WITH NEW RULES FOR SOFTWARE PATENTS (IEEE, Oct 2004) -- The European Union Directive on the Patentability of Computer-Implemented Inventions passed by the European Parliament in September 2003 was approved by the EU Council of Ministers four months ago, on the proviso that the bill was amended to better support the award and enforcement of software patents for large companies. Whereas the Council’s version considers protecting patents for software that supplies a technical contribution, which computer science patent attorney Guy Gosnell says is more in keeping with software patentability tactics employed by the United States and others, Parliament’s version mandates tougher restrictions on the patentability of computer-implemented inventions. “The [Council’s] directive...appears to recognize the investment that is generally required for software development and to provide a mechanism for securing patent protection on the resulting software, such that the developer can recoup and perhaps make a return on its investment,” Gosnell notes, adding that Parliament is unlikely to approve the Council’s version. Open source groups and veteran software industry members such as Catalyst Software’s Robert Cochran applaud Parliament’s position: Cochran considers copyright the better approach to protecting software, as it is almost free to deploy and shields the original author’s rights while still offering a wide latitude for innovation and development. He explains that patent rights are assigned from the date of the initial patent claim rather than the date of invention, which is problematic for software; in addition, many companies cannot afford the costs of patenting, while properly assessing software-related applications is a tough job for patent examiners. Cochran warns that the Council’s version of the directive carries with it the threat of “preemptive patent-based attacks” on software. Both the Council and Parliament versions ban the patentability of business methods. http://csdl.computer.org/comp/mags/so/2004/05/s5101.pdf

AMERICAN PASSPORTS TO GET CHIPPED (WIRED, 21 OCT 2004) -- New U.S. passports will soon be read remotely at borders around the world, thanks to embedded chips that will broadcast on command an individual’s name, address and digital photo to a computerized reader. The State Department hopes the addition of the chips, which employ radio frequency identification, or RFID, technology, will make passports more secure and harder to forge, according to spokeswoman Kelly Shannon. “The reason we are doing this is that it simply makes passports more secure,” Shannon said. “It’s yet another layer beyond the security features we currently use to ensure the bearer is the person who was issued the passport originally.” But civil libertarians and some technologists say the chips are actually a boon to identity thieves, stalkers and commercial data collectors, since anyone with the proper reader can download a person’s biographical information and photo from several feet away. “Even if they wanted to store this info in a chip, why have a chip that can be read remotely?” asked Barry Steinhardt, who directs the American Civil Liberty Union’s Technology and Liberty program. “Why not require the passport be brought in contact with a reader so that the passport holder would know it had been captured? Americans in the know will be wrapping their passports in aluminum foil.” Last week, four companies received contracts from the government to deliver prototype chips and readers immediately for evaluation. Diplomats and State Department employees will be issued the new passports as early as January, while other citizens applying for new passports will get the new version starting in the spring. Countries around the world are also in the process of including the tags in their passports, in part due to U.S. government requirements that some nations must add biometric identification in order for their citizens to visit without a visa. http://www.wired.com/news/privacy/0,1848,65412,00.html

ETHICS CODE WRITTEN TO REPROGRAM TECH INDUSTRY (CNET, 21 Oct 2004) -- Hewlett-Packard, IBM and Dell joined a host of electronics makers Thursday in an effort to promote a unified code of socially responsible business practices across the world. The new Electronics Industry Code of Conduct governs areas such as labor practices, health and safety and environmental protection. The code replaces several codes used before, making it easier for suppliers to comply and for auditors to check that compliance, HP said in a statement. Any electronics supplier is free to adopt the code, and HP expects other companies to do so. Among the requirements of the code: Bribes, embezzlement and extortion are prohibited; intellectual property must be protected; child labor is prohibited; wasted water and energy must be minimized; hazardous materials must be handled safely; pollutants must be monitored and treated; and occupational injuries must be reported. Several electronics manufacturers collaborated in writing the code, including Celestica, Flextronics, Jabil, Sanmina-SCI and Solectron. http://news.com.com/2100-7342_3-5421700.html

SAN FRANCISCO SETS GOAL OF FREE CITYWIDE WIFI (Reuters, 21 Oct 2004) -- San Francisco Mayor Gavin Newsom set a goal on Thursday of providing free wireless Internet activity in his city that sees itself as a vanguard of the Internet revolution. “We will not stop until every San Franciscan has access to free wireless Internet service,” he said in his annual state of the city address. “These technologies will connect our residents to the skills and the jobs of the new economy.” “No San Franciscan should be without a computer and a broadband connection.” He said the city had already made free WiFi service available at Union Square, a central shopping and tourist hub, and would add access to several other sections of the city including Civic Center around City Hall. http://story.news.yahoo.com/news?tmpl=story&cid=582&e=1&u=/nm/20041022/wr_nm/tech_sanfrancisco_dc

EC ISSUES WORKING DOCUMENT ON SAFE HARBOR AGREEMENT (BNA’s Internet Law News, 25 Oct 2004) -- The European Commission has released a staff working document that reports on the implementation of the EU Data Privacy Directive’s Safe Harbor Agreement with the United States. The report notes that there is non-compliance among some companies, but does not call for a termination of the agreement. Report at http://eusafeharborreport.notlong.com/

JUDGE TOSSES FLA. E-VOTING PAPER TRAIL SUIT (Washington Post, 25 Oct 2004) -- Florida does not need to create a paper record for touch-screen voting machines in case recounts are needed in tight races, a federal judge ruled Monday, upholding the state’s emergency rule that set standards for e-voting recounts. Touch-screen machines “provide sufficient safeguards” of constitutional rights by warning voters when they have not cast votes in individual races and allowing them to make a final review of their ballots, U.S. District Judge James Cohn ruled. Rep. Robert Wexler, a Democrat, had sought either a paper record for manual recounts in close elections like the contentious 2000 presidential race or an order switching voters in 15 counties from touch-screens to optically scanned paper ballots by 2006. He wanted a way to help determine voter intent when no votes were recorded, known as “undervotes.” The judge found there was no constitutional violation in a touch-screen recount rule issued by the state Oct. 15. That rule replaced one thrown out in August by a state judge. The current requirement is to determine “voter choice,” which the state maintains is whatever is recorded on a touch-screen machine when a voter presses the final button. http://www.washingtonpost.com/wp-dyn/articles/A61163-2004Oct25.html [Editor: Without: (a) public examination of underlying source code; and (b) assurance that such code has been loaded into these machines, there will remain the possibility that “voter choice” has been compromised by software errors or malfeasance. Paper records are the easiest way to assure integrity here. “Trust, but verify!” See http://apnews.excite.com/article/20041027/D85VOSTG1.html]

RULING ON REFILLED PRINTER CARTRIDGES TOUCHES DMCA (CNET, 26 Oct 2004) -- In a closely watched case involving the Digital Millennium Copyright Act, a federal court has ruled that a small North Carolina company can continue selling a chip that makes it possible to use refilled toner cartridges in Lexmark printers. A federal appeals court overturned on Tuesday a preliminary injunction that barred Sanford, N.C.-based Static Control from selling its Smartek chip. Static, which sells printer parts and other business supplies, has been defending a lawsuit brought by Lexmark, the No. 2 maker of printers in the United States. The suit claims the Smartek chip violates the DMCA, and Lexmark hopes the case will slam the brakes on the toner cartridge remanufacturing industry and compel consumers to buy its cartridges. Ed Swartz, Static’s CEO, said in a statement that the “courts have spoken--companies cannot abuse copyright laws to create electronic monopolies and take advantage of the citizens of this great country.” The case has gotten a lot of attention because it’s one of the first to test the limits of the DMCA, which Congress enacted in 1998 to limit Internet piracy. Under section 1201 of the DMCA, it is generally unlawful to circumvent technology that restricts access to a copyrighted work or sell a device that can do so. In court documents, Lexmark has claimed the Smartek chip mimics a technology used by Lexmark chips and unlawfully tricks the printer into accepting an aftermarket cartridge. That “circumvents the technological measure that controls access” to Lexmark’s software, the complaint said. But Congress also included exemptions in the DMCA explicitly permitting activities such as law-enforcement activities, encryption research, security testing and interoperability. Static Control has seized on the last exemption, which permits reverse-engineering “for the purpose of enabling interoperability of an independently created computer program with other programs” and says its creation of the Smartek chip is also protected by traditional fair use rights enshrined in U.S. copyright law. http://news.com.com/2100-1041_3-5427708.html and http://www.siliconvalley.com/mld/siliconvalley/news/editorial/10020869.htm

BUSH WEB SITE BARS OVERSEAS VISITORS (Washington Post, 27 Oct 2004) -- The Bush-Cheney reelection campaign has barred people outside the United States from viewing its Web site. Since midnight on Monday, no one outside the United States except people in Canada could see the site, said Rich Miller, a security analyst for Netcraft, a Web site monitoring firm in Bath, England. Internet users from other countries instead see a white page featuring the message: “Access denied: You don’t have permission to access www.georgewbush.com on this server.” The move happened one week after the Bush-Cheney and Republican National Committee sites were unavailable for almost six hours. It is not unusual for Web sites to block e-mail and browser traffic from individual Internet addresses and from certain countries notorious for churning out online fraud scams and junk e-mail, but security experts said the Bush-Cheney campaign’s move is probably unprecedented. “I’ve never heard of a site wholesale blocking access from the rest of the world,” said Johannes Ullrich, chief technology officer for the SANS Internet Storm Center, which monitors hacker trends. “I guess they decided it just wasn’t worth the trouble to leave it open to foreign visitors.” Jonah Seiger, founding partner of Connections Media, a Washington campaign consultancy that works with Democratic candidates, said that it did not make sense for the Bush-Cheney campaign to “consciously block access to anybody.” “Maybe the next thing they’ll try is to block Democrats and people in blue states from coming to the site,” Seiger said. http://www.washingtonpost.com/wp-dyn/articles/A2668-2004Oct27.html


****RESOURCES****
THE FOREIGN INTELLIGENCE SURVEILLENCE ACT: AN OVERVIEW OF THE STATUTORY FRAMEWORK AND RECENT JUDICIAL DECISIONS (Congressional Research Service, 22 Sept 2004) -- http://www.fas.org/irp/crs/RL30465.pdf

CUT THE CORDS WITH A WI-FI NETWORK (CNET, 1 Oct 2004) – An excellent “how-to” guide for setting up a home wireless network -- http://reviews.cnet.com/4520-10163_7-5512709-1.html


****EDITOR’S NEWS****
[Editor: With this MIRLN issue I am leaving Schlumberger to operate a knowledge management consulting business I’ve formed with colleagues from BP. We’re helping corporate and government legal departments with technology and techniques to capture and distribute their lawyers’ expertise. There’s more information at www.knowconnect.com. I will continue to publish MIRLN on its normal schedule.]

SOURCES:
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu.
2. Edupage, http://www.educause.edu/pub/edupage/edupage.html.
3. SANS Newsbites, sans@sans.org.
4. NewsScan and Innovation, http://www.newsscan.com.
5. Internet Law & Policy Forum, http://www.ilpf.org.
6. BNA’s Internet Law News, http://ecommercecenter.bna.com.
7. The Ifra Trend Report, http://www.ifra.com/website/ifra.nsf/html/ITR-HTML.
8. Crypto-Gram, http://www.schneier.com/crypto-gram.html.
9. David Evan’s “Internet and Computer News”, http://www.abanet.org/scripts/listcommands.jsp?parm=subscribe/at-internet
10. Readers’ submissions, and the editor’s discoveries.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.

Friday, October 01, 2004

MIRLN -- Misc. IT Related Legal News [September 2004; v7.12]

**************Introductory Note**********************

MIRLN (Misc. IT Related Legal News) is a free product of the American Bar Association’s Cyberspace Law Committee. Please feel free to distribute this message.

Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at http://www.buslaw.org/cgi-bin/controlpanel.cgi?committee=CL320000 (click on “Settings” beside Members-Only Listserve Discussion). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN editions are archived at www.vip-law.com and in the public materials section of the Cyberspace Committee’s collaboration space at http://lawplace.metadot.com.

**************End of Introductory Note***************

WHEN ALL ELSE FAILS, THERE’S CYBERINSURANCE. (Information Security, August 2004) -- Fires are catastrophic. A business can’t ship products or make money if its facility is reduced to ashes. Fire insurance, though, can replace the building, equipment and, in some cases, revenue. Hackers and worms can also cause catastrophic loss, but insurance doesn’t treat them the same way. Traditional business casualty and liability insurance only covers physical damage and loss; essential data and business applications losses aren’t covered. That’s why insurance companies--including American International Group, Lloyd’s of London and Marsh--began offering “cyber risk insurance” about five years ago. The logic behind cyberinsurance is sound. There are four ways to deal with risk: Accept it, reduce it, ignore it or transfer it. In an IT context, businesses should do what they can to secure their data and infrastructure and use cyberinsurance to cover the unexpected and what can’t be secured. “Insurance is part of the total risk management for security,” says Emily Freeman, VP at AIG, a leading global insurance and financial services company. “No matter what you do in terms of technology, the risks can’t go to zero since it’s a combined people, process and technology problem. The role of insurance is to stand behind your best efforts and deal with events that can’t be prevented or mitigated.” The Yankee Group predicted in 1999 that cyber-insurance would skyrocket from $100 million in coverage to $7 billion in 2004. Yet, the market has remained underwhelmed by the concept. One broker says he’s only closed three sales out of 100 cyberinsurance proposals. The most recent prediction from the Insurance Information Institute in New York is that coverage might reach $3 billion or $4 billion in the next three years. http://infosecuritymag.techtarget.com/ss/0,295796,sid6_iss446_art920,00.html

-- and --

OMB UNVEILS FISMA HOW-TO (Federal Computer Week, 27 August 2004) -- Office of Management and Budget officials this month released final instructions to federal agencies for filing mandatory reports on their systems security efforts in 2004. The annual compliance reports, a requirement under the Federal Information Security Management Act, must be filed by Oct. 6, this year. The 28 pages of instructions include a reporting template and expanded definitions of terms and concepts associated with FISMA. OMB Director Joshua Bolten noted in his instructions that all security requirements established by FISMA apply to all agencies, regardless of their size. The reporting requirements for small agencies, which OMB officials define as microagencies, are slimmed down, he said. But the actual security requirements are the same for all agencies. Microagencies are ones with fewer than 100 employees. Any organization that operates, uses or simply has access to federal information systems must also comply with FISMA, Bolten reminded agency officials. Contractors, grantees, state and local governments, industry partners-none are exempted, the OMB guidelines state. http://www.fcw.com/fcw/articles/2004/0823/web-fisma-08-27-04.asp

-- and --

CLARKE TOUTS BROAD APPROACH TO IT SECURITY (Information Week, 27 August 2004) -- Richard Clarke, best known as the former counterterrorism czar for presidents Bill Clinton and George W. Bush, ended his government career as the White House adviser to the President on Cyberspace Security. He’s now bringing that expertise to the IT world. In an Internet presentation sponsored by RSA Security Inc., Clarke on Thursday sounded the alarm on some possible threats, but also unveiled a list of 10 steps, or checkpoints, to help secure IT installations. Clarke, now chairman of Good Harbor Consulting, advocates a broad approach to IT security, employing what he terms “a holistic view of risk.” Clarke noted that the broad area of IT security is growing has traditionally been slighted by top management in large corporations. He said management--including CEOs, board directors, CIOs, CFOs, HR heads, and internal auditors--should meet regularly to discuss security issues. “This whole group needs to get together once a month,” he suggested. Security issues are rapidly growing in importance to business, he said, noting that not only do top executives have to pay attention to legislation like Sarbanes-Oxley and HIPAA, but also that there is much pending legislation--on both the national and state levels--that could benefit from input from informed IT managers and from involved top management. “This [can be] about showing the Congress that you don’t need to be regulated, because you’re doing it yourself,” he said. He ticked off a list of proposed legislation that could become law. The SEC is considering supporting legislation that would require an IT-security readiness statement to be filed with the SEC annually. The FCC is examining regulations that would require ISPs to beef-up their security. Also under consideration, he noted, is legislation aimed at improving security at chemical and electric-power plants. Clarke listed 10 steps for businesses to follow. http://www.informationweek.com/shared/printableArticle.jhtml?articleID=45400035

-- and --

HACKERS HIJACK FEDERAL COMPUTERS (USA Today, 30 August 2004) -- Hundreds of powerful computers at the Defense Department and U.S. Senate were hijacked by hackers who used them to send spam e-mail, federal authorities say. The use of government computers was uncovered during the Justice Department’s recent cybercrime crackdown. It adds another wrinkle to the use of so-called zombie PCs, which number in the millions and have bedeviled consumers and universities the past year. http://www.usatoday.com/tech/news/computersecurity/2004-08-30-cyber-crime_x.htm

-- and --

SIX SECRETS OF HIGHLY SECURE ORGANIZATIONS (CIO Magazine, 15 Sept 2004) -- The “2004 Global Information Security Survey,” a worldwide study by CIO, CSO (a CIO sister publication) and PricewaterhouseCoopers, was conducted online from March 22 through April 30, 2004. Readers of CIO and CSO, and clients of PricewaterhouseCoopers from around the globe were invited by e-mail to take the survey. The results of the report are based on the responses of more than 8,000 CEOs, CFOs, CIOs, CSOs, vice presidents, and directors of IT and information security from 62 countries on six continents. The margin of error for this survey is ± 1%. The survey represents a broad range of industries, including consulting and professional services (13%), government (10%), computer-related manufacturing and software (9%), financial services/banking (9%), education (7%) and health care (5%). We’ve defined a small group—about one-fifth of respondents—that described itself as “very confident” in the effectiveness of its information security practices. This group has earned the right to be confident. Collectively, while those respondents reported more security incidents, they experienced less downtime and fewer financial losses than the average respondent. This is just one of the reasons they are the Best Practices Group. http://www.cio.com/archive/091504/security.html

-- and --

IT SECURITY CULTURE MUST START FROM THE TOP (VNUNET.com 23 Sept 2004) -- Senior executives need to help companies build an IT security-conscious culture from the top down, according to new research by Ernst & Young. Respondents to its Global Information Security Survey 2004 named lack of security awareness by users as the top obstacle to information security. But only 28 per cent of them listed raising employee information security awareness as a top initiative in 2004. “I think the issue of security awareness has been delegated or abdicated to technical professionals some levels down in organisations,” said Jan Babiak, managing partner of Ernst & Young’s information security services in the UK. Ernst & Young advised that companies should place more emphasis on creating a security-conscious culture that includes setting the right ‘tone at the top’. But only one in five companies saw it as a chief executive-level priority. Nearly two thirds of those surveyed did not have a chief information security officer, although more than half (53 per cent) of companies with revenues over over a $1bn a year did. Viruses and Trojans are still rated the biggest threat overall, but employee misconduct was considered the second biggest threat. Theft of proprietary information was rated the lowest threat. http://www.vnunet.com/news/1158301

-- and --

INFORMATION SECURITY & NEGLIGENCE - TARGETING THE C-CLASS (Carter Schoenberg, Sept 2004) – “Abstract: Numerous recommendations since September 11, 2001 have been published on the evils of negligence relative to protecting ones assets (cyber & physical). In light of the articles, references, statutes, case laws and other relevant pieces of this puzzle, how do you physically prove negligence versus the common business practice of risk management? This article addresses at what point does risk management become negligence. Basically, a blueprint for attorneys to tactically go after a corporate enterprise for negligence.” http://www.infosecwriters.com/text_resources/pdf/InformationSecurityCClass.pdf
[Author’s bio at http://www.techforum.com/bios/schoenberg.html]

FRENCH LAWSUIT CHALLENGES ANTI-PIRACY TECHNOLOGY (SiliconValley.com, 25 August 2004) -- Copy protection technologies used to prevent CDs from being pirated online are facing a legal challenge in France, where a judge began a formal investigation of record label EMI Group PLC for using them. Confirming a report in French financial daily Les Echos, the record store Fnac said Wednesday it has also been placed under investigation by a French judge along with EMI’s French arm. The record company did not respond to requests for comment. The lawsuit accuses EMI and Fnac of ``deception over the material qualities of a product.’’ Filed on behalf of several individual consumers, it alleges that the copy protection system used on certain EMI discs makes it impossible to play them on many car stereos, hi-fi’s and personal computers. French consumer association UFC-Que Choisir is seeking damages in the legal action, which also claims that EMI’s copy protection stops customers from making personal copies of their CDs -- a privilege granted to French consumers by a 1985 law. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/9494497.htm

WEB FIRMS MAY ADD MICHIGAN SALES TAX (Detroit News, 23 August 2004) -- Michigan hopes to start collecting millions of dollars in sales tax revenue from out-of-state Internet retailers and catalogs next month when it streamlines its tax code to match 20 other states. The state loses about $265 million each year in unpaid sales taxes on products purchased by Michigan residents from companies outside the state. The problem has arisen for two reasons — out of state firms are not required by law to collect sales taxes for the state of Michigan and the vast majority of residents don’t report the purchases on their tax returns. The state Department of Treasury hopes to coax online firms into voluntarily collecting Michigan sales tax after Sept. 1, when it unveils a new tax code that shares definitions, forms and due dates with the 20 other states, including Indiana, Texas and Nevada. State officials believe the changes will help the state recoup about 10 percent, or $26 million of the unpaid taxes. “The hope is not only to generate additional revenue, but simplify the process for those who do collect sales tax,” said Dale Vettel, an administrator with the state treasury’s tax policy division. Supporters of streamlining the nation’s sales tax codes say that if it is easier for out-of-state online and catalog businesses to collect, they will voluntarily send sale taxes to states where their products are shipped. Ten of the participating states came online this year and it’s too early to determine how well the system is working. http://www.detnews.com/2004/technology/0408/23/a01-251000.htm

CHINA LAW APPROVES E-SIGNATURES (Washington Times, 28 August 2004) -- China’s Legislature Saturday passed the Law on Electronic Signature, which legalizes increasing electronic deals. The law was approved by the Standing Committee of the 10th National People’s Congress after three deliberations, reported Xinhua, China’s main government-run news agency. The law grants electronic signatures the same legal effect as handwritten signatures and seals in business transactions. A legal electronic signature should identify the signer and confirm file content, Xinhua said. As Internet trade requires a reliable third party to identify the signers, the credibility of online certifying organizations is significant for the transaction security. http://washingtontimes.com/upi-breaking/20040828-045733-4670r.htm

FRIENDSTER FIRES DEVELOPER FOR BLOG (CNET, 31 August 2004) -- Friendster, known for breaking new ground in online social networking and promoting self-expression among peers, fired one of its employees Monday for her personal Web log, or online diary. Joyce Park, a Web developer living in Sunnyvale, Calif., said her managers told her Monday that she stepped over the line with her blog, Troutgirl. They declined to elaborate, except to say that it was CEO Scott Sassa’s ultimate decision, Park said. “I only made three posts about Friendster on my blog before they decided to fire me, and it was all publicly available information. They did not have any policy, didn’t give me any warning, they didn’t ask me to take anything down,” said Park, 35. Friendster spokeswoman Lisa Kopp said that the company does not comment about employee matters. Park’s termination is the latest warning shot for employees who are participating in the blogging phenomenon. Comments made in public forums can boomerang if they come to the attention of the boss, even at supposedly hip, Web-savvy companies such as Friendster. The firing could dampen widespread enthusiasm for blogs, which by their own right have fostered the development of elaborate social networks on the Web. It also, once again, raises questions about how the new publishing medium changes roles of corporate communication, news media and the community online. Park isn’t the first employee to lose her job for comments made on a blog. But it may be the first such instance involving an employee for a dot-com that promotes connecting and community among Web users--a hallmark of blogging. For example, Microsoft fired contractor Michael Hanscom last year after he had taken pictures of Apple G5 computers being unloaded onto the software company’s campus and posted them to his Web log. http://news.com.com/Friendster+fires+developer+for+blog/2100-1038_3-5331835.html?tag=nefd.top

OFCOM CHEERS INDUSTRY WITH VOIP NUMBER RULING (ZDnet.UK, 6 Sept 2004) -- The UK communications watchdog says it want to help build a successful VoIP market in Britain, but one tough decision still has to be taken. Ofcom has begun to lay out the future for commercial voice over IP (VoIP) services in the UK. The communications regulator announced on Monday that Internet telephony service providers will be able to offer both geographic and non-geographic numbers to their customers. Geographic numbers will begin with 01 or 02, like today’s existing fixed-line telephone numbers. This will allow consumers to shift onto a VoIP service but retain their existing number, or choose another that indicates where they are located. Non-geographic numbers for VoIP will begin with 056. These will be suitable for people who want to use their Internet telephony service from a number of locations. For example, they could install the necessary software on their laptop and be contactable anywhere over a GPRS or 3G link. http://news.zdnet.co.uk/communications/networks/0,39020345,39165620,00.htm

DIGITAL CONTENT SPURS MICROPAYMENTS RESURGENCE (CNET, 7 Sept 2004) -- With its meteoric rise to success, Apple Computer’s iTunes digital music service not only changed perceptions about whether consumers were willing to pay for online content, but it also highlighted the rising promise of micropayments. On Tuesday, 2-year-old BitPass, a payment company in Palo Alto, Calif., is expected to announce $11.75 million in venture capital, along with the news that former American Express Chairman James Robinson III will join its board of directors. Robinson is also a partner in one of the firms investing in BitPass, New York-based RRE Ventures. While credit card companies and online transaction specialists like PayPal are ringing up bigger sales online, business models aimed at helping e-commerce vendors facilitate smaller deals, or micropayments, are getting a boost from digital content sales. According to recent research published by TowerGroup, the total market for Internet and wireless micropayments, led by demand for digital content, will increase by 23 percent annually over the next five years to reach $11.5 billion by 2009. TowerGroup, based in Needham, Mass., charted the micropayments market at just over $2 billion in 2003. http://news.com.com/2100-1030-5347513.html

FEDERAL COURTS PROPOSE RULES FOR E-DISCOVERY (Law.com, 8 Sept 2004) -- The federal judiciary, recognizing the challenges of litigating in a world of digital data, has published a set of proposed rules to govern the twists and turns of electronic discovery. The draft rules, published on Aug. 15 by the Advisory Committee on Federal Rules, address such issues as inadvertent disclosure of privileged information, treatment of information that is not reasonably accessible and consequences of loss or destruction of electronic data. They also include “meet and confer” provisions similar to those in Local Rule 26.1(d) of the District of New Jersey adopted last October, which encourage lawyers to address electronic discovery issues early on in the course of litigation. The most controversial of the proposed rules may be an amendment to Rule 37 that would create a narrow “safe harbor,” protecting a party from sanctions for failing to provide electronically stored information in some circumstances. A party would be protected if it “took reasonable steps to preserve the information after it knew or should have known the information was discoverable ... and the failure resulted because of the routine operation of the party’s electronic system.” The party must also not have violated any court order requiring it to preserve electronically stored information.
http://www.law.com/jsp/article.jsp?id=1094073248317

-- and --

TWO U.S. COURTS COME DOWN HARD ON E-DISCOVERY VIOLATIONS (ABA Journal, 10 Sept 2004) -- Attorneys and their clients likely will be more diligent in compliance with electronic discovery requests in the wake of two recent court opinions imposing harsh sanctions for the deletion of e-mails. “My experience with e-discovery has been that it has been very much a wild wild West mentality with respect to preservation efforts,” says Dean Gonsowski, director of litigation strategy services for the Denver office of Fios Inc., which provides e-discovery services. “There was an amorphous feeling that ‘we must preserve,’ but not much real guidance. Compliance with the duty to preserve electronic data was all over the map.” Not anymore, according to Gonsowski: “With Zubulake V and the Philip Morris cases, the boundaries of the duty-to-preserve obligation are becoming clearer, and the penalties are becoming more visible and demonstrable. Particularly the Zubulake decision shows that the days when an attorney or his client can claim ignorance are quickly going by the wayside.” In Zubulake, a federal district court in New York City ordered sanctions, including an instruction of adverse inference, against a company for deleting e-mails germane to discovery requests in what the court described as “a relatively routine employment discrimination dispute in which discovery has now lasted over two years.” The July 20 decision was the fifth by the court in this case. Zubulake v. UBS Warburg, No. 02 Civ. 1243 (S.D.N.Y.). The next day, the U.S. District Court for the District of Columbia ordered tobacco giant Philip Morris to pay $2.75 million in sanctions for e-discovery violations, including the deletion of relevant e-mails. U.S. v. Philip Morris, No. 99-2496. http://www.abanet.org/journal/ereport/s10edoc.html

MUCH ADO ABOUT BARD’S TEXTS ONLINE (CNET, 10 Sept 2004) -- William Shakespeare, the Warwickshire wordsmith, was paid a posthumous compliment this week, when the British Library made available 21 of his works on the Internet. High-resolution images of 21 original texts, in 93 different versions, are available on the British Library Web site. Leafing through virtual page after virtual page, people will be able to read the plays in the same format that Shakespeare himself and the actors who performed his plays for the Globe audiences did. Unlike many commonly read texts, the quarto editions digitized by the British Library were compiled during Shakespeare’s life. They are as close to the real deal as many fans of the Bard will ever have seen. http://news.com.com/Much+ado+about+Bard%27s+texts+online/2100-1026_3-5361771.html?tag=nefd.top

VIRUS WRITER HIDES JOB AD IN MYDOOM NET WORM (Reuters, 10 Sept 2004) -- Times must be getting tough for computer virus writers. Technicians at British anti-virus firm Sophos Plc said on Friday they had discovered a plea for work inserted deep in the lines of code for two new computer worm outbreaks, “MyDoom-U” and “MyDoom-V.” “We searching 4 work in AV (anti-virus) industry,” read the message. Because it was inserted in the code, the message was only visible to anti-virus professionals. While the calling card may have won the programmer points for creativity, the anti-virus community was not impressed. “It’s hard to tell if the creators of these new versions of the MyDoom worm are being serious, but there is no way that anybody in the anti-virus industry would touch them with a barge pole,” said Graham Cluley, senior technology consultant for Sophos. http://story.news.yahoo.com/news?tmpl=story&cid=582&e=1&u=/nm/20040910/wr_nm/odd_internet_dc

PA COURT REJECTS CHILD PORN INTERNET LAW (Washington Post, 11 Sept 2004) -- A federal court yesterday struck down as unconstitutional a path-breaking Pennsylvania law designed to prevent Internet users from seeing Web sites that contain child pornography. U.S. District Court Judge Jan E. DuBois threw out the 2002 law, ruling that it violated free-speech rights because it resulted in more than 1 million legitimate sites being blocked but shut down only about 400 offenders. http://www.washingtonpost.com/wp-dyn/articles/A13111-2004Sep10.html Decision at http://www.cdt.org/speech/pennwebblock/20040910memorandum.pdf

-- and --

NORWAY TO BLOCK CHILD PORNOGRAPHY SITES (Forbes, 21 Sept 2004) -- Norwegian police and a state-controlled telecommunications group on Tuesday announced a joint project to block access to child pornography Web sites on the Internet. Starting next month, the Telenor ASA group will filter hundreds of sites that the national crime police, Kripos, deem to contain child pornography. Anyone in Norway attempting to access such illegal sites will instead see a page informing them about the filter, and a Web link to Kripos. “This is crime prevention at its best,” said Kripos head Arne Huuse. “The filter will stop a considerable number of potential users, users that we must assume to exist in Telenor’s customer base, which consists of nearly 1 million Internet customers.” Esben Tuman Johnsen, a Telenor spokesman, told The Associated Press it believes it is the first company to apply such a filter for its users. In some countries, including the United States, such filters have met legal obstacles because of criticism that they censor non-pornographic sites. Johnsen said the issue of censorship was not a problem, because if any user objects, the filter will be removed at their request, giving them access to the Web site. http://www.forbes.com/business/services/feeds/ap/2004/09/21/ap1553744.html

PAYPAL TO LEVY FINES FOR GAMBLING, PORN (Reuters, 10 Sept 2004) -- PayPal, the online payments arm of eBay Inc., on Friday said it will soon fine people up to $500 for uses related to gambling, adult content or services, and buying or selling prescription drugs from noncertified sellers. The new policy, which takes effect Sept. 24 and applies to both buyers and sellers, marks the first time PayPal has imposed fines for violations of its use policy, spokeswoman Amanda Pires said. In addition to fines that could be applied to each violation, PayPal may take legal action to recover losses in excess of the fines, Pires said in an interview. PayPal processes transactions on the Net and at one time had received almost 10 percent of its revenue from online gambling. But it halted the practice under regulatory pressure after its acquisition by eBay in 2002 and now prohibits the processing of gambling and adult transactions. Now it has decided to enforce that policy with fines. “What you’re seeing here is an evolution of our program. We’re trying to deter people who would offer PayPal as a way to pay for anything in these categories,” said Pires in an interview. Under the new policy, prescription drug sellers who do not have Verified Internet Pharmacy Practice Sites certification from the National Association of Boards of Pharmacy, and the people who buy from them, also face fines and possible legal action if they do business using PayPal. Pires said the changes were not in response to any sort of pressure from regulators. Eric Jackson, a former PayPal executive and author of the new book “The PayPal Wars,” had a different view. He called the new policy “draconian” and said it was likely a two-fold strategy to discourage certain behavior while heading off regulators. http://story.news.yahoo.com/news?tmpl=story&cid=582&e=3&u=/nm/20040910/wr_nm/tech_ebay_fines_dc

IETF DEALS MICROSOFT’S E-MAIL PROPOSAL A SETBACK -- (Infoworld, 14 Sept 2004) – A proposed technology for identifying the source of e-mail messages suffered a blow last week when a group within the Internet Engineering Task Force (IETF) established to study the proposal sent it back for more work, citing concerns over vague intellectual property claims made by Microsoft Corp. covering some of the technology. Members of the IETF’s Mail Transfer Agent Authorization Records in Domain Name System (DNS) working group, also known as MARID, voted last week to not to proceed with standards documents for the Sender ID authentication technology that were submitted by Microsoft to the IETF for approval in June. The group’s members reached a “rough consensus” that questions about intellectual property claims by Microsoft could torpedo deployment of the standard unless they are resolved, according to a message posted to a discussion list for the group. The vote by MARID is just the latest voice in a chorus of complaints about the proposal, which Microsoft promoted heavily as one piece of a multipronged attack on spam. In recent weeks, leading open source software groups have already said they will not use it in their products, because Microsoft’s terms for use of the technology violate the terms of their own open source license. http://www.infoworld.com/article/04/09/14/HNietfmsblow_1.html

PRIVACY COMPLAINT AGAINST AIRLINE DISMISSED (Washington Post, 15 Sept 2004) -- Northwest Airlines did not violate its own privacy policy and did not mislead customers when it shared passenger records with the government as part of a secret airline security project after the terrorist attacks in 2001, the Department of Transportation has ruled. The department dismissed a complaint filed this year by a Washington privacy rights organization, Electronic Privacy Information Center, and the Minnesota Civil Liberties Union alleging that the carrier committed unfair and deceptive trade practices in sharing the information with the National Aeronautics and Space Administration without informing its customers. The agency has the authority to review business practices of companies in the transportation industry, for example, such as whether an airline actually provided fares to customers as advertised. It was the first time the transportation agency had reviewed a case involving an airline’s privacy policies, the Sept. 10 decision said. Northwest’s policy posted on its Web site said the airline would not sell information about its customers to third parties and that it shares information about its passengers only in limited, specific cases. Northwest shared three months’ worth of travel records with NASA’s Ames Research Center, following a December 2001 request by the agency. The Transportation Department said it dismissed the complaint because the language of the policy says only that the airline won’t sell the information and it did not address sharing information with the government. http://www.washingtonpost.com/wp-dyn/articles/A21559-2004Sep14.html

HONG KONG: GOOGLE NEWS SITE HIT BY LEGAL ROW OVER COPYRIGHT (Asia Media, 11 Sept 2004) -- Google forged ahead with its news website despite threats of legal action and allegations by local media of copyright infringement. The controversies arose after the launch of Google’s Hong Kong news on Thursday. The website for Hong Kong news cites news summaries and uses photos from local Chinese language media, including newspaper, radio and television, and provides hyperlinks to their websites. In its own news report yesterday, Ming Pao said it had issued a letter through lawyers to ask that the US search engine giant stop such practices. Ming Pao said Google had not sought consent from the newspaper before using its news summaries, which it said might infringe copyright. The head of RTHK’s corporation communications unit, Sze Wing-yuen, said the government radio station would ask Google not to use its news until “the matter was cleared up”. “We have to strike a balance between copyright and public interest,” Mr Sze said. The chief editor of Sing Tao electronic daily, Raymond Chan Wai-man, warned of “follow-up actions”. Kevin Pun Kwok-hung, associate professor in computer science and law at the University of Hong Kong, warned that Google might infringe copyright if the news summaries were detailed enough to make the material “copyrightable”. “There is a possibility of criminal liability under the Copyright Ordinance if a reproduction is carried out for commercial purposes and the party knows that it is an infringement of copyright,” said Dr Pun, who specialises in information technology law. http://asiamedia.ucla.edu/article.asp?parentid=14525 [Editor: If this is not permitted, then MIRLN probably also is in violation.]

SURPRISE SUPPORT FOR DRUG IMPORTING (Washington Post, 14 Sept 2004) -- A top drug company executive broke ranks with industry yesterday and endorsed a proposal before the Montgomery County Council to allow county employees to buy lower-cost prescription drugs from Canada. Peter Rost, vice president of marketing for Pfizer Inc., said he decided to become one of the first drug industry executives to support the concept because he was tired of hearing colleagues say the practice is a public health risk. “This has been proven to be safe in Europe,” said Rost, who cautioned he was not speaking on behalf of Pfizer. “The real concern about safety is about people who do not take drugs because they cannot afford it. The safety issue is a made-up story.” His comments came as a surprise to his bosses, who maintain that Montgomery officials would put their employees at risk if they approve this measure. “His position is certainly not Pfizer’s,” said Bryant Haskins, a Pfizer spokesman. “We do not think importation is a good thing.” http://www.washingtonpost.com/wp-dyn/articles/A18917-2004Sep13.html

MICROSOFT TO SHARE OFFICE SOFTWARE CODE (Washington Post, 19 Sept 2004) -- Microsoft Corp. said on Sunday that it would share the underlying software code for its Office program as part of its efforts to make governments more confident in the security and compatibility of the world’s largest software maker’s products. The new initiative is an extension of Microsoft’s Government Security Program, which allows the governments of more than 30 countries to examine most of Microsoft’s underlying source code, or software blueprint for its flagship Windows operating system. The source code for Office 2003 will be made available so that governments can conduct in-depth testing and examination to make sure that the document, spreadsheet, presentation and scheduling program works with other information technology systems, Microsoft said. Redmond, Washington-based Microsoft keeps its source code closely guarded, and requires any governments or companies to sign agreements not to divulge the data that is used to create its software programs. http://www.washingtonpost.com/wp-dyn/articles/A33816-2004Sep19.html

THE SECOND COMING OF E-COMMERCE (E-Commerce Times, 20 Sept 2004) -- Consumers have steadily embraced the Web for their retail shopping needs over the last 10 years. Online spending in 2003 was almost US$55 billion and is expected to top $60 billion for 2004, according to report from eMarketer. http://www.ecommercetimes.com/story/36610.html

CHICAGO MOVING TO ‘SMART’ SURVEILLANCE CAMERAS (New York Times, 21 Sept 2004) -- A highly advanced system of video surveillance that Chicago officials plan to install by 2006 will make people here some of the most closely observed in the world. Mayor Richard M. Daley says it will also make them much safer. “Cameras are the equivalent of hundreds of sets of eyes,” Mr. Daley said when he unveiled the new project this month. “They’re the next best thing to having police officers stationed at every potential trouble spot.” Police specialists here can already monitor live footage from about 2,000 surveillance cameras around the city, so the addition of 250 cameras under the mayor’s new plan is not a great jump. The way these cameras will be used, however, is an extraordinary technological leap. Sophisticated new computer programs will immediately alert the police whenever anyone viewed by any of the cameras placed at buildings and other structures considered terrorist targets wanders aimlessly in circles, lingers outside a public building, pulls a car onto the shoulder of a highway, or leaves a package and walks away from it. Images of those people will be highlighted in color at the city’s central monitoring station, allowing dispatchers to send police officers to the scene immediately. Officials here designed the system after studying the video surveillance network in London, which became a world leader in this technology during the period when Irish terrorists were active. The Chicago officials also studied systems used in Las Vegas casinos, as well as those used by Army combat units. The system they have devised, they say, will be the most sophisticated in the United States and perhaps the world. http://www.nytimes.com/2004/09/21/national/21cameras.html?ex=1253419200&en=91f6419c966161e7&ei=5090&partner=rssuserland

INTERNET AD REVENUES JUMP 40 PERCENT IN 2004 (Salon.com, 20 Sept 2004) -- Internet advertising revenues jumped 40 percent in the first half of this year, driven largely by the growing popularity of keyword ads tied to search results. U.S. revenues for the first six months were $4.6 billion, compared with $3.3 billion for the same period in 2003, according to a PricewaterhouseCoopers study conducted for the Interactive Advertising Bureau. Search made up 40 percent of the ad revenues in the second quarter of 2004, compared with 29 percent in the year-ago period. “Not surprisingly, search continues its popularity and (has) been embraced by advertisers due to its innate relevancy, the simplicity of the results and because advertisers can determine more precise response rates,” said Pete Petrusky, director of PricewaterhouseCoopers’s New Media Group. Ad revenues from e-mail marketing dropped 29 percent in the second quarter to $47 million as many Internet users equated legitimate pitches with spam. The figure includes ads within e-mail newsletters, e-mail marketing campaigns and other commercial e-mail communications from legitimate businesses. http://www.salon.com/tech/wire/2004/09/20/internet_ads/index.html

SCHWARZENEGGER SIGNS INTERNET PIRACY BILL -- E-MAIL ADDRESS REQUIRED TO SHARE MOVIES, MUSIC ONLINE (22 Sept 2004) -- Aiding the industry that helped him gain worldwide fame, Gov. Arnold Schwarzenegger signed legislation Tuesday aimed at discouraging online piracy by requiring anyone disseminating movies or music on the Internet to disclose their e-mail address. California file sharers who trade songs or films without providing an e- mail address will be guilty of a misdemeanor, under the first-in-the-nation measure that could make it easier for law enforcement to track down people who illegally download copyrighted material. The bill is the latest attempt by film and music trade associations to combat the hard-to-police use of file-sharing software. The signing was hailed by the bill’s sponsor, the Motion Picture Association of America, whose president, Dan Glickman, noted in a statement that Schwarzenegger had “a unique understanding of the powerful impact of piracy.’’ The governor remains a member of the Screen Actors Guild, which supported the bill. Opponents, including the San Francisco-based Electronic Frontier Foundation and the American Civil Liberties Union, say the measure infringes on privacy rights of computer users and would turn casual file-sharers into criminals. http://sfgate.com/cgi-bin/article.cgi?f=/c/a/2004/09/22/BAGQO8SOCF1.DTL#

GOOGLE OMITS CONTROVERSIAL NEWS STORIES IN CHINA (NewScientist.com 21 Sept 2004) – The internet’s most popular search engine Google has been accused of supporting Chinese internet controls by omitting contentious news stories from search results in China. State-sponsored internet providers in China routinely block access to internet sites deemed inappropriate by the government. These include both Chinese and foreign news sites carrying reports that criticise the Chinese government. Researchers at Dynamic Internet Technology (DIT), a US company that provides technology for circumventing internet restrictions in China, have discovered that the recently-launched Chinese version of Google News omits blocked news sources from its results. The origin of a computer sending a search request can be identified using its internet protocol (IP) address. Google admits to omitting some news sources within China but says this is meant to improve the quality of the service. http://www.newscientist.com/news/news.jsp?id=ns99996426

THE LEGAL IMPLICATIONS OF SELF-DESTRUCTING E-MAI (USA Today, 22 Sept 2004) – According to an article by Laurie Varendorff, an Australian records management expert, Microsoft and IBM have developed software that enables creators of e-mail messages to have tremendous control over their messages, even after they have been sent. Mr. Varendorff states that the relatively recent release of Microsoft Office 2003, with its Digital Rights Management (DRM) and Information Rights Management (IRM) features, permits the creator of an e-mail message to control the printing, forwarding and copying of the message. Moreover, and importantly, the feature supposedly empowers the creator to set a date and time for the expiration of the e-mail, as well as the expiration of Word, Excel, and PowerPoint documents at the volition of the creator, rather than at the will of the recipient. Mr. Vardendorff believes that this feature should be outlawed by legislators, or at least that safeguards be put in place for recipients, such as advance notice to recipients that the feature is being used with certain communications. Drilling down further, the question arises as to who really has “ownership,” or at least control, of an e-mail message — is it the creator/sendor, or the recipient? Under copyright law, it’s probable that the creator of the content of the e-mail is the owner of that content. Indeed, the law has established that the copyright to the content of letters sent from one person to another belongs to the creator/sender of the letters, so the same result likely should pertain in the e-mail context. Still, does that mean that the creator/sender of an e-mail continues to maintain complete control of an e-mail after it has been sent to a recipient? http://www.usatoday.com/tech/columnist/ericjsinrod/2004-09-22-sinrod_x.htm [Editor: A too-long and sometimes-superficial article, but provides an interesting overview.]

GOOGLE WINS KEYWORD ADVERTISING CASE IN GERMANY (Out-law.com 22 Sept 2004) -- Google has won a trade mark action brought against it in Germany over its AdWords keyword advertising service, after a Hamburg court yesterday dismissed a suit brought by Metaspinner Media, according to the Associated Press. Metaspinner sued in May, seeking to enforce a preliminary injunction imposed on the search engine over its unauthorised use of the trade mark “Preispiraten,” meaning “price pirates,” in AdWords. AdWords allows advertisers to sponsor particular search terms so that, whenever that term is searched, the advertiser’s link will appear next to the search results. Metaspinner had accused Google of selling the trade mark “Preispiraten” to rivals, and already had been granted a preliminary injunction by a Hamburg Court to prevent trade mark infringement. But according to an AP report, the case has now been dismissed. The ruling is not yet available, the reason for the dismissal has not been announced, and neither Metaspinner nor Google has commented. The German dismissal comes days after a similar lawsuit was filed in the US by computer services firm Rescuecom, joining a number of ongoing US and French legal actions. http://www.out-law.com/php/page.php?page_id=googlewinskeyword1095860891&area=news

BSA NOW PUSHING 700 SOFTWARE PIRACY PROBES IN THE U.S. (Computerworld, 23 Sept 2004) – The Business Software Alliance, the chief watchdog for U.S. software publishers, rarely raids enterprise customers with federal marshals and court orders, according to Robert M. Kruger, chief enforcement officer for the Washington-based nonprofit organization. But that doesn’t mean Kruger and other BSA piracy cops are easing up on their investigations. Even though the incidence of software piracy worldwide has dropped, the BSA still has 700 active investigations into software piracy across the U.S., Kruger said yesterday. The incidence of piracy has gone from roughly 50% of all software being used 10 years ago to about 33% today. According to Kruger, BSA investigations against enterprise customers are usually triggered by calls to the BSA hotline (888-NO-PIRACY), reports sent to the BSA Web site and referrals from BSA member companies. The penalty for individuals or organizations found guilty of illegally copying or using software “is not a traffic ticket,” Kruger said. Copyright owners can sue for damages, including actual damages and any profits obtained by the infringing organization that can be tied to the pirated software. In addition, copyright owners can also sue organizations for statutory damages of up to $150,000 for each work pirated. Kruger offered some basic tips to avoid software audits, such as adopting effective software management policies, conducting internal audits on at least a yearly basis and erasing illegally copied software. http://www.computerworld.com/printthis/2004/0,4814,96109,00.html

JUDGE STRIKES DOWN ANTI-BOOTLEG LAW (ABC, 24 Sept 2004) -- A federal judge Friday struck down a 1994 law banning the sale of bootleg recordings of live music, ruling the law unfairly grants “seemingly perpetual protection” to the original performances. U.S. District Judge Harold Baer Jr. dismissed a federal indictment of Jean Martignon, who runs a Manhattan mail-order and Internet business that sells bootleg recordings. Baer found the bootleg law was written by Congress in the spirit of federal copyright law, which protects writing for a fixed period of time typically for the life of the author and 70 years after the author’s death. But the judge said the bootleg law, which was passed “primarily to cloak artists with copyright protection,” could not stand because it places no time limit on the ban. Baer also noted that copyright law protects “fixed” works such as books or recorded music releases while bootlegs, by definition, are of live performances. http://abcnews.go.com/wire/Entertainment/ap20040924_1966.html Decision at http://www.lessig.org/blog/archives/martignon-smaller.pdf

COMPUTER SCIENTISTS SLAM E-VOTING MACHINES (CNET, 27 Sept 2004) -- The world’s oldest professional society of computer scientists on Monday took aim at electronic voting machines, recommending they not be used in elections unless they provide a physical paper trail. In a new position statement, the Association for Computing Machinery said that “voting systems should enable each voter to inspect a physical record to verify that his or her vote has been accurately cast and to serve as an independent check on the result produced and stored by the system.” Accidental bugs or intentional malicious code in e-voting machines could theoretically alter an election’s results. ACM said that a paper trail will provide a way to double-check what’s happening inside machines from companies such as Diebold Election Systems and Sequoia Voting Systems--a feat that would not otherwise be possible. Such systems are expected to be used by tens of millions of voters in the Nov. 2 U.S. election. http://news.com.com/2110-1028_3-5384946.html

-- and --

SCHWARZENEGGER SIGNS BILL REQUIRING E-VOTE PAPER TRAIL (SiliconValley.com, 28 Sept 2004) -- Schwarzenegger signed legislation Monday that will bar the use of electronic voting machines that don’t produce paper trails to verify votes. The requirement, which takes effect in 2006, is a response to concerns that the machines could be tampered with or produce incorrect results. Secretary of State Kevin Shelley banned the use of 14,000 electronic voting machines in San Diego, Solano, San Joaquin and Kern counties for the November election because the machines weren’t federally approved. He also laid down conditions for the use of the machines in 11 other counties. http://www.siliconvalley.com/mld/siliconvalley/9778991.htm

-- and --

FEDERAL COURT ORDERS TRIAL IN FLORIDA E-BALLOT LAWSUIT (USA Today, 27 Sept 2004) – A federal appeals court on Monday overturned a judge who had thrown out a lawsuit seeking a paper trail for that state’s new touchscreen voting machines. Fifteen Florida counties use voting machines that don’t create paper copies. Three judges from the 11th U.S. Circuit Court of Appeals wrote that the federal judge erred when he threw out the lawsuit filed by U.S. Rep. Robert Wexler, a south Florida congressman. “We vacate that decision and remand for a consideration of the merits,” the unsigned ruling reads. A state appeals court ruled last month that a paper trail of ballots was not required, ruling that voters are not guaranteed “a perfect voting system.” Wexler had argued that the paperless voting system makes manual recounts impossible. He sued state elections officials, arguing that constitutional promises of equal protection would be violated by a voting system that varies from county to county in Florida. http://www.usatoday.com/tech/news/techpolicy/evoting/2004-09-27-fla-evote-suit-on_x.htm

SPY IMAGERY AGENCY WATCHING INSIDE U.S. (AP, 27 Sept 2004) -- In the name of homeland security, America’s spy imagery agency is keeping a close eye, close to home. It’s watching America. Since the Sept. 11 attacks, about 100 employees of a little-known branch of the Defense Department called the National Geospatial-Intelligence Agency — and some of the country’s most sophisticated aerial imaging equipment — have focused on observing what’s going on in the United States. Their work brushes up against the fine line between protecting the public and performing illegal government spying on Americans. Roughly twice a month, the agency is called upon to help with the security of events inside the United States. Even more routinely, it is asked to help prepare imagery and related information to protect against possible attacks on critical sites. For instance, the agency has modified basic maps of the nation’s capital to highlight the location of hospitals, linking them to data on the number of beds or the burn unit in each. To secure the Ronald Reagan (news - web sites) funeral procession, the agency merged aerial photographs and 3D images, allowing security planners to virtually walk, drive or fly through the Simi Valley, Calif., route. The agency is especially watchful of big events or targets that might attract terrorists — political conventions, for example, or nuclear power plants. Everyone agrees that the domestic mission of the NGA has increased dramatically in the wake of Sept. 11, even though laws and carefully crafted regulations are in place to prevent government surveillance aimed at Americans. http://story.news.yahoo.com/news?tmpl=story&cid=528&e=5&u=/ap/20040927/ap_on_sc/watching_the_homeland

NEW U.K. RULES CUT PORN RISKS (VNUNET.com, 27 Sept 2004) -- IT managers worried about the repercussions of discovering paedophile content on company systems have been advised by online watchdog the Internet Watch Foundation (IWF) that they can report such material without fear of prosecution. The advice follows a survey by the IWF which found that most IT managers would not know how to proceed if they found such illegal material on company systems. Under current legislation, it is a criminal offence simply to possess an indecent image of a child, but malware is increasingly responsible for surreptitiously depositing offensive images on corporate systems. In a survey of 1,000 IT Week readers, the IWF found that 87 percent of IT professionals were unaware of the rules on inadvertent possession of child pornography. The IWF said the regulations have now been clarified and IT managers are allowed to identify and secure such images without suffering legal consequences. According to an imminent memorandum of understanding (MoU) between the police and the Crown Prosecution Service relating to the Sexual Offences Act 2003, IT managers can preserve suspect images on company systems, but only if they do so in order to provide access to a law enforcement agency or other relevant body. http://www.vnunet.com/news/1158365 [Editor: Strict liability for even inadvertent possession remains a real issue in the U.S.; companies maintaining newsgroup servers may be at risk.]

FDIC GUIDANCE ON INSTANT MESSAGING (FDIC, Sept 2004) – “This guidance identifies risks associated with public Internet instant messaging (IM)1 and how they can be mitigated through an effective management program. Public IM may be used by employees both officially and unofficially in work environments. The use of public IM may expose financial institutions to security, privacy, and legal liability risks because of the ability to download copyrighted files. Technology vendors have released IM products for corporate use that authenticate, encrypt, audit, log and monitor IM communication. These new corporate enterprise products help financial institutions use IM technology in a more secure environment and assist in compliance with applicable laws and regulations.” http://www.fdic.gov/news/news/financial/2004/fil8404a.html

PART OF PATRIOT ACT STRUCK DOWN (Wired, 29 Sept 2004) -- Part of the Patriot Act, a central plank of the Bush administration’s war on terror, was ruled unconstitutional by a federal judge Wednesday. U.S. District Judge Victor Marrero ruled in favor of the American Civil Liberties Union, which challenged the power the FBI has to demand confidential records from companies, like internet service providers, as part of terrorism investigations. The move strikes down section 505 of the Patriot Act, which gives the FBI power to demand information from companies without a court order and bars recipients of the letters from ever revealing that they received the FBI demand for records. Marrero held that this permanent ban was a violation of free-speech rights. In his ruling, Marreo prohibited the Department of Justice and the FBI from issuing special administrative subpoenas, also known as national security letters. But he delayed enforcement of his judgment pending an appeal that’s expected to be filed by the government. http://www.wired.com/news/politics/0,1283,65136,00.html and http://www.nytimes.com/2004/09/30/national/30patriot.html?ex=1254196800&en=810f6c1f1717bb9e&ei=5090&partner=rssuserland Decision at http://www.nysd.uscourts.gov/rulings/04CV2614_Opinion_092904.pdf

TREASURY BEING SUED FOR CURBS ON EDITING (New York Times, 28 Sept 2004) -- Treasury Department regulations against editing manuscripts from Cuba, Iran and other countries under American economic sanctions violate the First Amendment of the Constitution and should be overturned, a group of American publishers said in a federal lawsuit filed yesterday. Arcade Publishing, an independent book publisher, and three trade groups representing publishers and authors filed the suit in Federal District Court in Manhattan against the Treasury Department’s Office of Foreign Assets Control, which wrote and enforces the regulations, and Treasury Secretary John W. Snow. The regulations, meant to keep Americans from trading with enemies, require anyone who publishes material from a country under trade sanctions to obtain a license before substantively altering the manuscript. The publishers say that keeps them from performing typical editing functions like reordering sentences and paragraphs, correcting grammar and adding illustrations or photographs. The regulations do not forbid publication of existing works from those countries. They allow publishers to print and distribute materials that come to them in camera-ready form, that is, ready to be published without alteration. But they also restrict marketing materials, which the publishers say essentially prohibits publication. The publishers argue that the regulations do not allow enough room for them to prepare material from foreign authors for the United States market and create a “chilling effect” on them. “For all practical purposes,” the suit states, “that means American publishers simply cannot publish their books.” http://www.nytimes.com/2004/09/28/books/28publ.html?ex=1254110400&en=b10c9a74833bdf3f&ei=5090&partner=rssuserland

BLOG: STEWART BAKER ON CALEA (JoHo The Blog, 28 Sept 2004) -- Stewart is general counsel to the Commission on Intelligence Capabilties or the US Regarding WMD, but he’s speaking on behalf of himself. CALEA was pretty good as written, he says. “The problem with the FCC’s tentative conclusions is that it takes a statutory set of standards and turns it into a kind of commission mush.” “The one fundamental thing about regulating to give law enforcement access to new technology is that there’s a big cliff effect.” At some point the regulations stop. Are you going to tell Intel how to design their chips and Cisco how to design their routers? Eventually you got to a spot in the economy that’s beyond regulation. Where do you put the cliff? CALEA said they’d put it in rate-regulated industries. The FCC instead said that information services are exempt “sometimes.” That “mushy” response gives the FCC what it really wants: “Discretion to reach out and regulate a little more” to accommodate all the stakeholders. That means you can’t really know whether you’re regulated or not. CALEA sets a performance standard for companies as opposed to a type of input-output regulation. It says you must make your telecommunications — every call — isolatable and deliverable to law enforcement. We don’t care how you do it. You won’t be challenged until a law enforcement agency comes to you, which gives you some time to establish your business. The FCC, under pressure from enforcement agencies, instead demands that on Day One you have to have all the CALEA features the FBI wants. That will discourage innovation: You first have to sit down with the FBI and figure out how you’re going to meet every CALEA requirement from the beginning. The “substantial replacement” test that the FCC has adopted is “dangerous.” The original statute says that if your tech is going up as the PSTN is going down, then you are subject to CALEA. The FCC instead says that “substantial replacement” can be “decided in the abstract.” Anything that connects to you to the Internet is now a potential substantial replacement...wireless, maybe even private pbx connections, can be treated as covered by CALEA. http://www.hyperorg.com/blogger/mtarchive/003109.html

SUN’S SCHWARTZ GUNS FOR PATENT GLORIES (CNET, 30 Sept 2004) -- Sun Microsystems President Jonathan Schwartz, who speaks often of innovation in sales methods and not just technology, is seeking a patent on the company’s per-employee software pricing plan, CNET News.com has learned. Other co-authors of the unpublished patent application, filed in July, are Chief Marketing Officer Anil Gadre and Director of Worldwide Marketing Aisling MacRunnels. In addition, Schwartz is co-author of two other patent applications relating to Sun’s three-dimensional Looking Glass user interface. The existence of two of Schwartz’s patent applications was disclosed in a filing with the Securities and Exchange Commission. The third patent application will be disclosed in a future filing, Sun said. Schwartz in 2003 introduced a new subscription pricing plan for Sun’s Java Enterprise System server software collection, charging $100 per year per employee and letting the customer use as much of the software as desired. A 1,000-employee company would pay $100,000 per year. http://news.com.com/Suns+Schwartz+guns+for+patent+glories/2100-1014_3-5390714.html?tag=nefd.top

US SURFER’S WAVE TURNS INTO WHALE (BBC, 30 Sept 2004) -- A surfer in the US state of California says the wave he was riding on a recent trip turned out to be a whale. Spyros Vamvas, 60, from San Clemente, said he felt the ocean swirl - and was lifted up by the giant mammal. “I’m looking down, and there’s just swirling water and I see barnacles on the back of the whale,” Mr Vamvas told the Associated Press news agency. Witnesses said the whale put Mr Vamvas back on the water’s surface, turned and headed out towards the open sea. http://news.bbc.co.uk/2/hi/americas/3705204.stm [Editor: You can be doing normal things and have marvelous, unexpected adventures, too.]

SOURCES:
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu.
2. Edupage, http://www.educause.edu/pub/edupage/edupage.html.
3. SANS Newsbites, sans@sans.org.
4. NewsScan and Innovation, http://www.newsscan.com.
5. Internet Law & Policy Forum, http://www.ilpf.org.
6. BNA’s Internet Law News, http://ecommercecenter.bna.com.
7. The Ifra Trend Report, http://www.ifra.com/website/ifra.nsf/html/ITR-HTML.
8. Crypto-Gram, http://www.schneier.com/crypto-gram.html.
9. David Evan’s “Internet and Computer News”, http://www.abanet.org/scripts/listcommands.jsp?parm=subscribe/at-internet
10. Readers’ submissions, and the editor’s discoveries.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.