Friday, October 01, 2004

MIRLN -- Misc. IT Related Legal News [September 2004; v7.12]

**************Introductory Note**********************

MIRLN (Misc. IT Related Legal News) is a free product of the American Bar Association’s Cyberspace Law Committee. Please feel free to distribute this message.

Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at (click on “Settings” beside Members-Only Listserve Discussion). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN editions are archived at and in the public materials section of the Cyberspace Committee’s collaboration space at

**************End of Introductory Note***************

WHEN ALL ELSE FAILS, THERE’S CYBERINSURANCE. (Information Security, August 2004) -- Fires are catastrophic. A business can’t ship products or make money if its facility is reduced to ashes. Fire insurance, though, can replace the building, equipment and, in some cases, revenue. Hackers and worms can also cause catastrophic loss, but insurance doesn’t treat them the same way. Traditional business casualty and liability insurance only covers physical damage and loss; essential data and business applications losses aren’t covered. That’s why insurance companies--including American International Group, Lloyd’s of London and Marsh--began offering “cyber risk insurance” about five years ago. The logic behind cyberinsurance is sound. There are four ways to deal with risk: Accept it, reduce it, ignore it or transfer it. In an IT context, businesses should do what they can to secure their data and infrastructure and use cyberinsurance to cover the unexpected and what can’t be secured. “Insurance is part of the total risk management for security,” says Emily Freeman, VP at AIG, a leading global insurance and financial services company. “No matter what you do in terms of technology, the risks can’t go to zero since it’s a combined people, process and technology problem. The role of insurance is to stand behind your best efforts and deal with events that can’t be prevented or mitigated.” The Yankee Group predicted in 1999 that cyber-insurance would skyrocket from $100 million in coverage to $7 billion in 2004. Yet, the market has remained underwhelmed by the concept. One broker says he’s only closed three sales out of 100 cyberinsurance proposals. The most recent prediction from the Insurance Information Institute in New York is that coverage might reach $3 billion or $4 billion in the next three years.,295796,sid6_iss446_art920,00.html

-- and --

OMB UNVEILS FISMA HOW-TO (Federal Computer Week, 27 August 2004) -- Office of Management and Budget officials this month released final instructions to federal agencies for filing mandatory reports on their systems security efforts in 2004. The annual compliance reports, a requirement under the Federal Information Security Management Act, must be filed by Oct. 6, this year. The 28 pages of instructions include a reporting template and expanded definitions of terms and concepts associated with FISMA. OMB Director Joshua Bolten noted in his instructions that all security requirements established by FISMA apply to all agencies, regardless of their size. The reporting requirements for small agencies, which OMB officials define as microagencies, are slimmed down, he said. But the actual security requirements are the same for all agencies. Microagencies are ones with fewer than 100 employees. Any organization that operates, uses or simply has access to federal information systems must also comply with FISMA, Bolten reminded agency officials. Contractors, grantees, state and local governments, industry partners-none are exempted, the OMB guidelines state.

-- and --

CLARKE TOUTS BROAD APPROACH TO IT SECURITY (Information Week, 27 August 2004) -- Richard Clarke, best known as the former counterterrorism czar for presidents Bill Clinton and George W. Bush, ended his government career as the White House adviser to the President on Cyberspace Security. He’s now bringing that expertise to the IT world. In an Internet presentation sponsored by RSA Security Inc., Clarke on Thursday sounded the alarm on some possible threats, but also unveiled a list of 10 steps, or checkpoints, to help secure IT installations. Clarke, now chairman of Good Harbor Consulting, advocates a broad approach to IT security, employing what he terms “a holistic view of risk.” Clarke noted that the broad area of IT security is growing has traditionally been slighted by top management in large corporations. He said management--including CEOs, board directors, CIOs, CFOs, HR heads, and internal auditors--should meet regularly to discuss security issues. “This whole group needs to get together once a month,” he suggested. Security issues are rapidly growing in importance to business, he said, noting that not only do top executives have to pay attention to legislation like Sarbanes-Oxley and HIPAA, but also that there is much pending legislation--on both the national and state levels--that could benefit from input from informed IT managers and from involved top management. “This [can be] about showing the Congress that you don’t need to be regulated, because you’re doing it yourself,” he said. He ticked off a list of proposed legislation that could become law. The SEC is considering supporting legislation that would require an IT-security readiness statement to be filed with the SEC annually. The FCC is examining regulations that would require ISPs to beef-up their security. Also under consideration, he noted, is legislation aimed at improving security at chemical and electric-power plants. Clarke listed 10 steps for businesses to follow.

-- and --

HACKERS HIJACK FEDERAL COMPUTERS (USA Today, 30 August 2004) -- Hundreds of powerful computers at the Defense Department and U.S. Senate were hijacked by hackers who used them to send spam e-mail, federal authorities say. The use of government computers was uncovered during the Justice Department’s recent cybercrime crackdown. It adds another wrinkle to the use of so-called zombie PCs, which number in the millions and have bedeviled consumers and universities the past year.

-- and --

SIX SECRETS OF HIGHLY SECURE ORGANIZATIONS (CIO Magazine, 15 Sept 2004) -- The “2004 Global Information Security Survey,” a worldwide study by CIO, CSO (a CIO sister publication) and PricewaterhouseCoopers, was conducted online from March 22 through April 30, 2004. Readers of CIO and CSO, and clients of PricewaterhouseCoopers from around the globe were invited by e-mail to take the survey. The results of the report are based on the responses of more than 8,000 CEOs, CFOs, CIOs, CSOs, vice presidents, and directors of IT and information security from 62 countries on six continents. The margin of error for this survey is ± 1%. The survey represents a broad range of industries, including consulting and professional services (13%), government (10%), computer-related manufacturing and software (9%), financial services/banking (9%), education (7%) and health care (5%). We’ve defined a small group—about one-fifth of respondents—that described itself as “very confident” in the effectiveness of its information security practices. This group has earned the right to be confident. Collectively, while those respondents reported more security incidents, they experienced less downtime and fewer financial losses than the average respondent. This is just one of the reasons they are the Best Practices Group.

-- and --

IT SECURITY CULTURE MUST START FROM THE TOP ( 23 Sept 2004) -- Senior executives need to help companies build an IT security-conscious culture from the top down, according to new research by Ernst & Young. Respondents to its Global Information Security Survey 2004 named lack of security awareness by users as the top obstacle to information security. But only 28 per cent of them listed raising employee information security awareness as a top initiative in 2004. “I think the issue of security awareness has been delegated or abdicated to technical professionals some levels down in organisations,” said Jan Babiak, managing partner of Ernst & Young’s information security services in the UK. Ernst & Young advised that companies should place more emphasis on creating a security-conscious culture that includes setting the right ‘tone at the top’. But only one in five companies saw it as a chief executive-level priority. Nearly two thirds of those surveyed did not have a chief information security officer, although more than half (53 per cent) of companies with revenues over over a $1bn a year did. Viruses and Trojans are still rated the biggest threat overall, but employee misconduct was considered the second biggest threat. Theft of proprietary information was rated the lowest threat.

-- and --

INFORMATION SECURITY & NEGLIGENCE - TARGETING THE C-CLASS (Carter Schoenberg, Sept 2004) – “Abstract: Numerous recommendations since September 11, 2001 have been published on the evils of negligence relative to protecting ones assets (cyber & physical). In light of the articles, references, statutes, case laws and other relevant pieces of this puzzle, how do you physically prove negligence versus the common business practice of risk management? This article addresses at what point does risk management become negligence. Basically, a blueprint for attorneys to tactically go after a corporate enterprise for negligence.”
[Author’s bio at]

FRENCH LAWSUIT CHALLENGES ANTI-PIRACY TECHNOLOGY (, 25 August 2004) -- Copy protection technologies used to prevent CDs from being pirated online are facing a legal challenge in France, where a judge began a formal investigation of record label EMI Group PLC for using them. Confirming a report in French financial daily Les Echos, the record store Fnac said Wednesday it has also been placed under investigation by a French judge along with EMI’s French arm. The record company did not respond to requests for comment. The lawsuit accuses EMI and Fnac of ``deception over the material qualities of a product.’’ Filed on behalf of several individual consumers, it alleges that the copy protection system used on certain EMI discs makes it impossible to play them on many car stereos, hi-fi’s and personal computers. French consumer association UFC-Que Choisir is seeking damages in the legal action, which also claims that EMI’s copy protection stops customers from making personal copies of their CDs -- a privilege granted to French consumers by a 1985 law.

WEB FIRMS MAY ADD MICHIGAN SALES TAX (Detroit News, 23 August 2004) -- Michigan hopes to start collecting millions of dollars in sales tax revenue from out-of-state Internet retailers and catalogs next month when it streamlines its tax code to match 20 other states. The state loses about $265 million each year in unpaid sales taxes on products purchased by Michigan residents from companies outside the state. The problem has arisen for two reasons — out of state firms are not required by law to collect sales taxes for the state of Michigan and the vast majority of residents don’t report the purchases on their tax returns. The state Department of Treasury hopes to coax online firms into voluntarily collecting Michigan sales tax after Sept. 1, when it unveils a new tax code that shares definitions, forms and due dates with the 20 other states, including Indiana, Texas and Nevada. State officials believe the changes will help the state recoup about 10 percent, or $26 million of the unpaid taxes. “The hope is not only to generate additional revenue, but simplify the process for those who do collect sales tax,” said Dale Vettel, an administrator with the state treasury’s tax policy division. Supporters of streamlining the nation’s sales tax codes say that if it is easier for out-of-state online and catalog businesses to collect, they will voluntarily send sale taxes to states where their products are shipped. Ten of the participating states came online this year and it’s too early to determine how well the system is working.

CHINA LAW APPROVES E-SIGNATURES (Washington Times, 28 August 2004) -- China’s Legislature Saturday passed the Law on Electronic Signature, which legalizes increasing electronic deals. The law was approved by the Standing Committee of the 10th National People’s Congress after three deliberations, reported Xinhua, China’s main government-run news agency. The law grants electronic signatures the same legal effect as handwritten signatures and seals in business transactions. A legal electronic signature should identify the signer and confirm file content, Xinhua said. As Internet trade requires a reliable third party to identify the signers, the credibility of online certifying organizations is significant for the transaction security.

FRIENDSTER FIRES DEVELOPER FOR BLOG (CNET, 31 August 2004) -- Friendster, known for breaking new ground in online social networking and promoting self-expression among peers, fired one of its employees Monday for her personal Web log, or online diary. Joyce Park, a Web developer living in Sunnyvale, Calif., said her managers told her Monday that she stepped over the line with her blog, Troutgirl. They declined to elaborate, except to say that it was CEO Scott Sassa’s ultimate decision, Park said. “I only made three posts about Friendster on my blog before they decided to fire me, and it was all publicly available information. They did not have any policy, didn’t give me any warning, they didn’t ask me to take anything down,” said Park, 35. Friendster spokeswoman Lisa Kopp said that the company does not comment about employee matters. Park’s termination is the latest warning shot for employees who are participating in the blogging phenomenon. Comments made in public forums can boomerang if they come to the attention of the boss, even at supposedly hip, Web-savvy companies such as Friendster. The firing could dampen widespread enthusiasm for blogs, which by their own right have fostered the development of elaborate social networks on the Web. It also, once again, raises questions about how the new publishing medium changes roles of corporate communication, news media and the community online. Park isn’t the first employee to lose her job for comments made on a blog. But it may be the first such instance involving an employee for a dot-com that promotes connecting and community among Web users--a hallmark of blogging. For example, Microsoft fired contractor Michael Hanscom last year after he had taken pictures of Apple G5 computers being unloaded onto the software company’s campus and posted them to his Web log.

OFCOM CHEERS INDUSTRY WITH VOIP NUMBER RULING (ZDnet.UK, 6 Sept 2004) -- The UK communications watchdog says it want to help build a successful VoIP market in Britain, but one tough decision still has to be taken. Ofcom has begun to lay out the future for commercial voice over IP (VoIP) services in the UK. The communications regulator announced on Monday that Internet telephony service providers will be able to offer both geographic and non-geographic numbers to their customers. Geographic numbers will begin with 01 or 02, like today’s existing fixed-line telephone numbers. This will allow consumers to shift onto a VoIP service but retain their existing number, or choose another that indicates where they are located. Non-geographic numbers for VoIP will begin with 056. These will be suitable for people who want to use their Internet telephony service from a number of locations. For example, they could install the necessary software on their laptop and be contactable anywhere over a GPRS or 3G link.,39020345,39165620,00.htm

DIGITAL CONTENT SPURS MICROPAYMENTS RESURGENCE (CNET, 7 Sept 2004) -- With its meteoric rise to success, Apple Computer’s iTunes digital music service not only changed perceptions about whether consumers were willing to pay for online content, but it also highlighted the rising promise of micropayments. On Tuesday, 2-year-old BitPass, a payment company in Palo Alto, Calif., is expected to announce $11.75 million in venture capital, along with the news that former American Express Chairman James Robinson III will join its board of directors. Robinson is also a partner in one of the firms investing in BitPass, New York-based RRE Ventures. While credit card companies and online transaction specialists like PayPal are ringing up bigger sales online, business models aimed at helping e-commerce vendors facilitate smaller deals, or micropayments, are getting a boost from digital content sales. According to recent research published by TowerGroup, the total market for Internet and wireless micropayments, led by demand for digital content, will increase by 23 percent annually over the next five years to reach $11.5 billion by 2009. TowerGroup, based in Needham, Mass., charted the micropayments market at just over $2 billion in 2003.

FEDERAL COURTS PROPOSE RULES FOR E-DISCOVERY (, 8 Sept 2004) -- The federal judiciary, recognizing the challenges of litigating in a world of digital data, has published a set of proposed rules to govern the twists and turns of electronic discovery. The draft rules, published on Aug. 15 by the Advisory Committee on Federal Rules, address such issues as inadvertent disclosure of privileged information, treatment of information that is not reasonably accessible and consequences of loss or destruction of electronic data. They also include “meet and confer” provisions similar to those in Local Rule 26.1(d) of the District of New Jersey adopted last October, which encourage lawyers to address electronic discovery issues early on in the course of litigation. The most controversial of the proposed rules may be an amendment to Rule 37 that would create a narrow “safe harbor,” protecting a party from sanctions for failing to provide electronically stored information in some circumstances. A party would be protected if it “took reasonable steps to preserve the information after it knew or should have known the information was discoverable ... and the failure resulted because of the routine operation of the party’s electronic system.” The party must also not have violated any court order requiring it to preserve electronically stored information.

-- and --

TWO U.S. COURTS COME DOWN HARD ON E-DISCOVERY VIOLATIONS (ABA Journal, 10 Sept 2004) -- Attorneys and their clients likely will be more diligent in compliance with electronic discovery requests in the wake of two recent court opinions imposing harsh sanctions for the deletion of e-mails. “My experience with e-discovery has been that it has been very much a wild wild West mentality with respect to preservation efforts,” says Dean Gonsowski, director of litigation strategy services for the Denver office of Fios Inc., which provides e-discovery services. “There was an amorphous feeling that ‘we must preserve,’ but not much real guidance. Compliance with the duty to preserve electronic data was all over the map.” Not anymore, according to Gonsowski: “With Zubulake V and the Philip Morris cases, the boundaries of the duty-to-preserve obligation are becoming clearer, and the penalties are becoming more visible and demonstrable. Particularly the Zubulake decision shows that the days when an attorney or his client can claim ignorance are quickly going by the wayside.” In Zubulake, a federal district court in New York City ordered sanctions, including an instruction of adverse inference, against a company for deleting e-mails germane to discovery requests in what the court described as “a relatively routine employment discrimination dispute in which discovery has now lasted over two years.” The July 20 decision was the fifth by the court in this case. Zubulake v. UBS Warburg, No. 02 Civ. 1243 (S.D.N.Y.). The next day, the U.S. District Court for the District of Columbia ordered tobacco giant Philip Morris to pay $2.75 million in sanctions for e-discovery violations, including the deletion of relevant e-mails. U.S. v. Philip Morris, No. 99-2496.

MUCH ADO ABOUT BARD’S TEXTS ONLINE (CNET, 10 Sept 2004) -- William Shakespeare, the Warwickshire wordsmith, was paid a posthumous compliment this week, when the British Library made available 21 of his works on the Internet. High-resolution images of 21 original texts, in 93 different versions, are available on the British Library Web site. Leafing through virtual page after virtual page, people will be able to read the plays in the same format that Shakespeare himself and the actors who performed his plays for the Globe audiences did. Unlike many commonly read texts, the quarto editions digitized by the British Library were compiled during Shakespeare’s life. They are as close to the real deal as many fans of the Bard will ever have seen.

VIRUS WRITER HIDES JOB AD IN MYDOOM NET WORM (Reuters, 10 Sept 2004) -- Times must be getting tough for computer virus writers. Technicians at British anti-virus firm Sophos Plc said on Friday they had discovered a plea for work inserted deep in the lines of code for two new computer worm outbreaks, “MyDoom-U” and “MyDoom-V.” “We searching 4 work in AV (anti-virus) industry,” read the message. Because it was inserted in the code, the message was only visible to anti-virus professionals. While the calling card may have won the programmer points for creativity, the anti-virus community was not impressed. “It’s hard to tell if the creators of these new versions of the MyDoom worm are being serious, but there is no way that anybody in the anti-virus industry would touch them with a barge pole,” said Graham Cluley, senior technology consultant for Sophos.

PA COURT REJECTS CHILD PORN INTERNET LAW (Washington Post, 11 Sept 2004) -- A federal court yesterday struck down as unconstitutional a path-breaking Pennsylvania law designed to prevent Internet users from seeing Web sites that contain child pornography. U.S. District Court Judge Jan E. DuBois threw out the 2002 law, ruling that it violated free-speech rights because it resulted in more than 1 million legitimate sites being blocked but shut down only about 400 offenders. Decision at

-- and --

NORWAY TO BLOCK CHILD PORNOGRAPHY SITES (Forbes, 21 Sept 2004) -- Norwegian police and a state-controlled telecommunications group on Tuesday announced a joint project to block access to child pornography Web sites on the Internet. Starting next month, the Telenor ASA group will filter hundreds of sites that the national crime police, Kripos, deem to contain child pornography. Anyone in Norway attempting to access such illegal sites will instead see a page informing them about the filter, and a Web link to Kripos. “This is crime prevention at its best,” said Kripos head Arne Huuse. “The filter will stop a considerable number of potential users, users that we must assume to exist in Telenor’s customer base, which consists of nearly 1 million Internet customers.” Esben Tuman Johnsen, a Telenor spokesman, told The Associated Press it believes it is the first company to apply such a filter for its users. In some countries, including the United States, such filters have met legal obstacles because of criticism that they censor non-pornographic sites. Johnsen said the issue of censorship was not a problem, because if any user objects, the filter will be removed at their request, giving them access to the Web site.

PAYPAL TO LEVY FINES FOR GAMBLING, PORN (Reuters, 10 Sept 2004) -- PayPal, the online payments arm of eBay Inc., on Friday said it will soon fine people up to $500 for uses related to gambling, adult content or services, and buying or selling prescription drugs from noncertified sellers. The new policy, which takes effect Sept. 24 and applies to both buyers and sellers, marks the first time PayPal has imposed fines for violations of its use policy, spokeswoman Amanda Pires said. In addition to fines that could be applied to each violation, PayPal may take legal action to recover losses in excess of the fines, Pires said in an interview. PayPal processes transactions on the Net and at one time had received almost 10 percent of its revenue from online gambling. But it halted the practice under regulatory pressure after its acquisition by eBay in 2002 and now prohibits the processing of gambling and adult transactions. Now it has decided to enforce that policy with fines. “What you’re seeing here is an evolution of our program. We’re trying to deter people who would offer PayPal as a way to pay for anything in these categories,” said Pires in an interview. Under the new policy, prescription drug sellers who do not have Verified Internet Pharmacy Practice Sites certification from the National Association of Boards of Pharmacy, and the people who buy from them, also face fines and possible legal action if they do business using PayPal. Pires said the changes were not in response to any sort of pressure from regulators. Eric Jackson, a former PayPal executive and author of the new book “The PayPal Wars,” had a different view. He called the new policy “draconian” and said it was likely a two-fold strategy to discourage certain behavior while heading off regulators.

IETF DEALS MICROSOFT’S E-MAIL PROPOSAL A SETBACK -- (Infoworld, 14 Sept 2004) – A proposed technology for identifying the source of e-mail messages suffered a blow last week when a group within the Internet Engineering Task Force (IETF) established to study the proposal sent it back for more work, citing concerns over vague intellectual property claims made by Microsoft Corp. covering some of the technology. Members of the IETF’s Mail Transfer Agent Authorization Records in Domain Name System (DNS) working group, also known as MARID, voted last week to not to proceed with standards documents for the Sender ID authentication technology that were submitted by Microsoft to the IETF for approval in June. The group’s members reached a “rough consensus” that questions about intellectual property claims by Microsoft could torpedo deployment of the standard unless they are resolved, according to a message posted to a discussion list for the group. The vote by MARID is just the latest voice in a chorus of complaints about the proposal, which Microsoft promoted heavily as one piece of a multipronged attack on spam. In recent weeks, leading open source software groups have already said they will not use it in their products, because Microsoft’s terms for use of the technology violate the terms of their own open source license.

PRIVACY COMPLAINT AGAINST AIRLINE DISMISSED (Washington Post, 15 Sept 2004) -- Northwest Airlines did not violate its own privacy policy and did not mislead customers when it shared passenger records with the government as part of a secret airline security project after the terrorist attacks in 2001, the Department of Transportation has ruled. The department dismissed a complaint filed this year by a Washington privacy rights organization, Electronic Privacy Information Center, and the Minnesota Civil Liberties Union alleging that the carrier committed unfair and deceptive trade practices in sharing the information with the National Aeronautics and Space Administration without informing its customers. The agency has the authority to review business practices of companies in the transportation industry, for example, such as whether an airline actually provided fares to customers as advertised. It was the first time the transportation agency had reviewed a case involving an airline’s privacy policies, the Sept. 10 decision said. Northwest’s policy posted on its Web site said the airline would not sell information about its customers to third parties and that it shares information about its passengers only in limited, specific cases. Northwest shared three months’ worth of travel records with NASA’s Ames Research Center, following a December 2001 request by the agency. The Transportation Department said it dismissed the complaint because the language of the policy says only that the airline won’t sell the information and it did not address sharing information with the government.

HONG KONG: GOOGLE NEWS SITE HIT BY LEGAL ROW OVER COPYRIGHT (Asia Media, 11 Sept 2004) -- Google forged ahead with its news website despite threats of legal action and allegations by local media of copyright infringement. The controversies arose after the launch of Google’s Hong Kong news on Thursday. The website for Hong Kong news cites news summaries and uses photos from local Chinese language media, including newspaper, radio and television, and provides hyperlinks to their websites. In its own news report yesterday, Ming Pao said it had issued a letter through lawyers to ask that the US search engine giant stop such practices. Ming Pao said Google had not sought consent from the newspaper before using its news summaries, which it said might infringe copyright. The head of RTHK’s corporation communications unit, Sze Wing-yuen, said the government radio station would ask Google not to use its news until “the matter was cleared up”. “We have to strike a balance between copyright and public interest,” Mr Sze said. The chief editor of Sing Tao electronic daily, Raymond Chan Wai-man, warned of “follow-up actions”. Kevin Pun Kwok-hung, associate professor in computer science and law at the University of Hong Kong, warned that Google might infringe copyright if the news summaries were detailed enough to make the material “copyrightable”. “There is a possibility of criminal liability under the Copyright Ordinance if a reproduction is carried out for commercial purposes and the party knows that it is an infringement of copyright,” said Dr Pun, who specialises in information technology law. [Editor: If this is not permitted, then MIRLN probably also is in violation.]

SURPRISE SUPPORT FOR DRUG IMPORTING (Washington Post, 14 Sept 2004) -- A top drug company executive broke ranks with industry yesterday and endorsed a proposal before the Montgomery County Council to allow county employees to buy lower-cost prescription drugs from Canada. Peter Rost, vice president of marketing for Pfizer Inc., said he decided to become one of the first drug industry executives to support the concept because he was tired of hearing colleagues say the practice is a public health risk. “This has been proven to be safe in Europe,” said Rost, who cautioned he was not speaking on behalf of Pfizer. “The real concern about safety is about people who do not take drugs because they cannot afford it. The safety issue is a made-up story.” His comments came as a surprise to his bosses, who maintain that Montgomery officials would put their employees at risk if they approve this measure. “His position is certainly not Pfizer’s,” said Bryant Haskins, a Pfizer spokesman. “We do not think importation is a good thing.”

MICROSOFT TO SHARE OFFICE SOFTWARE CODE (Washington Post, 19 Sept 2004) -- Microsoft Corp. said on Sunday that it would share the underlying software code for its Office program as part of its efforts to make governments more confident in the security and compatibility of the world’s largest software maker’s products. The new initiative is an extension of Microsoft’s Government Security Program, which allows the governments of more than 30 countries to examine most of Microsoft’s underlying source code, or software blueprint for its flagship Windows operating system. The source code for Office 2003 will be made available so that governments can conduct in-depth testing and examination to make sure that the document, spreadsheet, presentation and scheduling program works with other information technology systems, Microsoft said. Redmond, Washington-based Microsoft keeps its source code closely guarded, and requires any governments or companies to sign agreements not to divulge the data that is used to create its software programs.

THE SECOND COMING OF E-COMMERCE (E-Commerce Times, 20 Sept 2004) -- Consumers have steadily embraced the Web for their retail shopping needs over the last 10 years. Online spending in 2003 was almost US$55 billion and is expected to top $60 billion for 2004, according to report from eMarketer.

CHICAGO MOVING TO ‘SMART’ SURVEILLANCE CAMERAS (New York Times, 21 Sept 2004) -- A highly advanced system of video surveillance that Chicago officials plan to install by 2006 will make people here some of the most closely observed in the world. Mayor Richard M. Daley says it will also make them much safer. “Cameras are the equivalent of hundreds of sets of eyes,” Mr. Daley said when he unveiled the new project this month. “They’re the next best thing to having police officers stationed at every potential trouble spot.” Police specialists here can already monitor live footage from about 2,000 surveillance cameras around the city, so the addition of 250 cameras under the mayor’s new plan is not a great jump. The way these cameras will be used, however, is an extraordinary technological leap. Sophisticated new computer programs will immediately alert the police whenever anyone viewed by any of the cameras placed at buildings and other structures considered terrorist targets wanders aimlessly in circles, lingers outside a public building, pulls a car onto the shoulder of a highway, or leaves a package and walks away from it. Images of those people will be highlighted in color at the city’s central monitoring station, allowing dispatchers to send police officers to the scene immediately. Officials here designed the system after studying the video surveillance network in London, which became a world leader in this technology during the period when Irish terrorists were active. The Chicago officials also studied systems used in Las Vegas casinos, as well as those used by Army combat units. The system they have devised, they say, will be the most sophisticated in the United States and perhaps the world.

INTERNET AD REVENUES JUMP 40 PERCENT IN 2004 (, 20 Sept 2004) -- Internet advertising revenues jumped 40 percent in the first half of this year, driven largely by the growing popularity of keyword ads tied to search results. U.S. revenues for the first six months were $4.6 billion, compared with $3.3 billion for the same period in 2003, according to a PricewaterhouseCoopers study conducted for the Interactive Advertising Bureau. Search made up 40 percent of the ad revenues in the second quarter of 2004, compared with 29 percent in the year-ago period. “Not surprisingly, search continues its popularity and (has) been embraced by advertisers due to its innate relevancy, the simplicity of the results and because advertisers can determine more precise response rates,” said Pete Petrusky, director of PricewaterhouseCoopers’s New Media Group. Ad revenues from e-mail marketing dropped 29 percent in the second quarter to $47 million as many Internet users equated legitimate pitches with spam. The figure includes ads within e-mail newsletters, e-mail marketing campaigns and other commercial e-mail communications from legitimate businesses.

SCHWARZENEGGER SIGNS INTERNET PIRACY BILL -- E-MAIL ADDRESS REQUIRED TO SHARE MOVIES, MUSIC ONLINE (22 Sept 2004) -- Aiding the industry that helped him gain worldwide fame, Gov. Arnold Schwarzenegger signed legislation Tuesday aimed at discouraging online piracy by requiring anyone disseminating movies or music on the Internet to disclose their e-mail address. California file sharers who trade songs or films without providing an e- mail address will be guilty of a misdemeanor, under the first-in-the-nation measure that could make it easier for law enforcement to track down people who illegally download copyrighted material. The bill is the latest attempt by film and music trade associations to combat the hard-to-police use of file-sharing software. The signing was hailed by the bill’s sponsor, the Motion Picture Association of America, whose president, Dan Glickman, noted in a statement that Schwarzenegger had “a unique understanding of the powerful impact of piracy.’’ The governor remains a member of the Screen Actors Guild, which supported the bill. Opponents, including the San Francisco-based Electronic Frontier Foundation and the American Civil Liberties Union, say the measure infringes on privacy rights of computer users and would turn casual file-sharers into criminals.

GOOGLE OMITS CONTROVERSIAL NEWS STORIES IN CHINA ( 21 Sept 2004) – The internet’s most popular search engine Google has been accused of supporting Chinese internet controls by omitting contentious news stories from search results in China. State-sponsored internet providers in China routinely block access to internet sites deemed inappropriate by the government. These include both Chinese and foreign news sites carrying reports that criticise the Chinese government. Researchers at Dynamic Internet Technology (DIT), a US company that provides technology for circumventing internet restrictions in China, have discovered that the recently-launched Chinese version of Google News omits blocked news sources from its results. The origin of a computer sending a search request can be identified using its internet protocol (IP) address. Google admits to omitting some news sources within China but says this is meant to improve the quality of the service.

THE LEGAL IMPLICATIONS OF SELF-DESTRUCTING E-MAI (USA Today, 22 Sept 2004) – According to an article by Laurie Varendorff, an Australian records management expert, Microsoft and IBM have developed software that enables creators of e-mail messages to have tremendous control over their messages, even after they have been sent. Mr. Varendorff states that the relatively recent release of Microsoft Office 2003, with its Digital Rights Management (DRM) and Information Rights Management (IRM) features, permits the creator of an e-mail message to control the printing, forwarding and copying of the message. Moreover, and importantly, the feature supposedly empowers the creator to set a date and time for the expiration of the e-mail, as well as the expiration of Word, Excel, and PowerPoint documents at the volition of the creator, rather than at the will of the recipient. Mr. Vardendorff believes that this feature should be outlawed by legislators, or at least that safeguards be put in place for recipients, such as advance notice to recipients that the feature is being used with certain communications. Drilling down further, the question arises as to who really has “ownership,” or at least control, of an e-mail message — is it the creator/sendor, or the recipient? Under copyright law, it’s probable that the creator of the content of the e-mail is the owner of that content. Indeed, the law has established that the copyright to the content of letters sent from one person to another belongs to the creator/sender of the letters, so the same result likely should pertain in the e-mail context. Still, does that mean that the creator/sender of an e-mail continues to maintain complete control of an e-mail after it has been sent to a recipient? [Editor: A too-long and sometimes-superficial article, but provides an interesting overview.]

GOOGLE WINS KEYWORD ADVERTISING CASE IN GERMANY ( 22 Sept 2004) -- Google has won a trade mark action brought against it in Germany over its AdWords keyword advertising service, after a Hamburg court yesterday dismissed a suit brought by Metaspinner Media, according to the Associated Press. Metaspinner sued in May, seeking to enforce a preliminary injunction imposed on the search engine over its unauthorised use of the trade mark “Preispiraten,” meaning “price pirates,” in AdWords. AdWords allows advertisers to sponsor particular search terms so that, whenever that term is searched, the advertiser’s link will appear next to the search results. Metaspinner had accused Google of selling the trade mark “Preispiraten” to rivals, and already had been granted a preliminary injunction by a Hamburg Court to prevent trade mark infringement. But according to an AP report, the case has now been dismissed. The ruling is not yet available, the reason for the dismissal has not been announced, and neither Metaspinner nor Google has commented. The German dismissal comes days after a similar lawsuit was filed in the US by computer services firm Rescuecom, joining a number of ongoing US and French legal actions.

BSA NOW PUSHING 700 SOFTWARE PIRACY PROBES IN THE U.S. (Computerworld, 23 Sept 2004) – The Business Software Alliance, the chief watchdog for U.S. software publishers, rarely raids enterprise customers with federal marshals and court orders, according to Robert M. Kruger, chief enforcement officer for the Washington-based nonprofit organization. But that doesn’t mean Kruger and other BSA piracy cops are easing up on their investigations. Even though the incidence of software piracy worldwide has dropped, the BSA still has 700 active investigations into software piracy across the U.S., Kruger said yesterday. The incidence of piracy has gone from roughly 50% of all software being used 10 years ago to about 33% today. According to Kruger, BSA investigations against enterprise customers are usually triggered by calls to the BSA hotline (888-NO-PIRACY), reports sent to the BSA Web site and referrals from BSA member companies. The penalty for individuals or organizations found guilty of illegally copying or using software “is not a traffic ticket,” Kruger said. Copyright owners can sue for damages, including actual damages and any profits obtained by the infringing organization that can be tied to the pirated software. In addition, copyright owners can also sue organizations for statutory damages of up to $150,000 for each work pirated. Kruger offered some basic tips to avoid software audits, such as adopting effective software management policies, conducting internal audits on at least a yearly basis and erasing illegally copied software.,4814,96109,00.html

JUDGE STRIKES DOWN ANTI-BOOTLEG LAW (ABC, 24 Sept 2004) -- A federal judge Friday struck down a 1994 law banning the sale of bootleg recordings of live music, ruling the law unfairly grants “seemingly perpetual protection” to the original performances. U.S. District Judge Harold Baer Jr. dismissed a federal indictment of Jean Martignon, who runs a Manhattan mail-order and Internet business that sells bootleg recordings. Baer found the bootleg law was written by Congress in the spirit of federal copyright law, which protects writing for a fixed period of time typically for the life of the author and 70 years after the author’s death. But the judge said the bootleg law, which was passed “primarily to cloak artists with copyright protection,” could not stand because it places no time limit on the ban. Baer also noted that copyright law protects “fixed” works such as books or recorded music releases while bootlegs, by definition, are of live performances. Decision at

COMPUTER SCIENTISTS SLAM E-VOTING MACHINES (CNET, 27 Sept 2004) -- The world’s oldest professional society of computer scientists on Monday took aim at electronic voting machines, recommending they not be used in elections unless they provide a physical paper trail. In a new position statement, the Association for Computing Machinery said that “voting systems should enable each voter to inspect a physical record to verify that his or her vote has been accurately cast and to serve as an independent check on the result produced and stored by the system.” Accidental bugs or intentional malicious code in e-voting machines could theoretically alter an election’s results. ACM said that a paper trail will provide a way to double-check what’s happening inside machines from companies such as Diebold Election Systems and Sequoia Voting Systems--a feat that would not otherwise be possible. Such systems are expected to be used by tens of millions of voters in the Nov. 2 U.S. election.

-- and --

SCHWARZENEGGER SIGNS BILL REQUIRING E-VOTE PAPER TRAIL (, 28 Sept 2004) -- Schwarzenegger signed legislation Monday that will bar the use of electronic voting machines that don’t produce paper trails to verify votes. The requirement, which takes effect in 2006, is a response to concerns that the machines could be tampered with or produce incorrect results. Secretary of State Kevin Shelley banned the use of 14,000 electronic voting machines in San Diego, Solano, San Joaquin and Kern counties for the November election because the machines weren’t federally approved. He also laid down conditions for the use of the machines in 11 other counties.

-- and --

FEDERAL COURT ORDERS TRIAL IN FLORIDA E-BALLOT LAWSUIT (USA Today, 27 Sept 2004) – A federal appeals court on Monday overturned a judge who had thrown out a lawsuit seeking a paper trail for that state’s new touchscreen voting machines. Fifteen Florida counties use voting machines that don’t create paper copies. Three judges from the 11th U.S. Circuit Court of Appeals wrote that the federal judge erred when he threw out the lawsuit filed by U.S. Rep. Robert Wexler, a south Florida congressman. “We vacate that decision and remand for a consideration of the merits,” the unsigned ruling reads. A state appeals court ruled last month that a paper trail of ballots was not required, ruling that voters are not guaranteed “a perfect voting system.” Wexler had argued that the paperless voting system makes manual recounts impossible. He sued state elections officials, arguing that constitutional promises of equal protection would be violated by a voting system that varies from county to county in Florida.

SPY IMAGERY AGENCY WATCHING INSIDE U.S. (AP, 27 Sept 2004) -- In the name of homeland security, America’s spy imagery agency is keeping a close eye, close to home. It’s watching America. Since the Sept. 11 attacks, about 100 employees of a little-known branch of the Defense Department called the National Geospatial-Intelligence Agency — and some of the country’s most sophisticated aerial imaging equipment — have focused on observing what’s going on in the United States. Their work brushes up against the fine line between protecting the public and performing illegal government spying on Americans. Roughly twice a month, the agency is called upon to help with the security of events inside the United States. Even more routinely, it is asked to help prepare imagery and related information to protect against possible attacks on critical sites. For instance, the agency has modified basic maps of the nation’s capital to highlight the location of hospitals, linking them to data on the number of beds or the burn unit in each. To secure the Ronald Reagan (news - web sites) funeral procession, the agency merged aerial photographs and 3D images, allowing security planners to virtually walk, drive or fly through the Simi Valley, Calif., route. The agency is especially watchful of big events or targets that might attract terrorists — political conventions, for example, or nuclear power plants. Everyone agrees that the domestic mission of the NGA has increased dramatically in the wake of Sept. 11, even though laws and carefully crafted regulations are in place to prevent government surveillance aimed at Americans.

NEW U.K. RULES CUT PORN RISKS (, 27 Sept 2004) -- IT managers worried about the repercussions of discovering paedophile content on company systems have been advised by online watchdog the Internet Watch Foundation (IWF) that they can report such material without fear of prosecution. The advice follows a survey by the IWF which found that most IT managers would not know how to proceed if they found such illegal material on company systems. Under current legislation, it is a criminal offence simply to possess an indecent image of a child, but malware is increasingly responsible for surreptitiously depositing offensive images on corporate systems. In a survey of 1,000 IT Week readers, the IWF found that 87 percent of IT professionals were unaware of the rules on inadvertent possession of child pornography. The IWF said the regulations have now been clarified and IT managers are allowed to identify and secure such images without suffering legal consequences. According to an imminent memorandum of understanding (MoU) between the police and the Crown Prosecution Service relating to the Sexual Offences Act 2003, IT managers can preserve suspect images on company systems, but only if they do so in order to provide access to a law enforcement agency or other relevant body. [Editor: Strict liability for even inadvertent possession remains a real issue in the U.S.; companies maintaining newsgroup servers may be at risk.]

FDIC GUIDANCE ON INSTANT MESSAGING (FDIC, Sept 2004) – “This guidance identifies risks associated with public Internet instant messaging (IM)1 and how they can be mitigated through an effective management program. Public IM may be used by employees both officially and unofficially in work environments. The use of public IM may expose financial institutions to security, privacy, and legal liability risks because of the ability to download copyrighted files. Technology vendors have released IM products for corporate use that authenticate, encrypt, audit, log and monitor IM communication. These new corporate enterprise products help financial institutions use IM technology in a more secure environment and assist in compliance with applicable laws and regulations.”

PART OF PATRIOT ACT STRUCK DOWN (Wired, 29 Sept 2004) -- Part of the Patriot Act, a central plank of the Bush administration’s war on terror, was ruled unconstitutional by a federal judge Wednesday. U.S. District Judge Victor Marrero ruled in favor of the American Civil Liberties Union, which challenged the power the FBI has to demand confidential records from companies, like internet service providers, as part of terrorism investigations. The move strikes down section 505 of the Patriot Act, which gives the FBI power to demand information from companies without a court order and bars recipients of the letters from ever revealing that they received the FBI demand for records. Marrero held that this permanent ban was a violation of free-speech rights. In his ruling, Marreo prohibited the Department of Justice and the FBI from issuing special administrative subpoenas, also known as national security letters. But he delayed enforcement of his judgment pending an appeal that’s expected to be filed by the government.,1283,65136,00.html and Decision at

TREASURY BEING SUED FOR CURBS ON EDITING (New York Times, 28 Sept 2004) -- Treasury Department regulations against editing manuscripts from Cuba, Iran and other countries under American economic sanctions violate the First Amendment of the Constitution and should be overturned, a group of American publishers said in a federal lawsuit filed yesterday. Arcade Publishing, an independent book publisher, and three trade groups representing publishers and authors filed the suit in Federal District Court in Manhattan against the Treasury Department’s Office of Foreign Assets Control, which wrote and enforces the regulations, and Treasury Secretary John W. Snow. The regulations, meant to keep Americans from trading with enemies, require anyone who publishes material from a country under trade sanctions to obtain a license before substantively altering the manuscript. The publishers say that keeps them from performing typical editing functions like reordering sentences and paragraphs, correcting grammar and adding illustrations or photographs. The regulations do not forbid publication of existing works from those countries. They allow publishers to print and distribute materials that come to them in camera-ready form, that is, ready to be published without alteration. But they also restrict marketing materials, which the publishers say essentially prohibits publication. The publishers argue that the regulations do not allow enough room for them to prepare material from foreign authors for the United States market and create a “chilling effect” on them. “For all practical purposes,” the suit states, “that means American publishers simply cannot publish their books.”

BLOG: STEWART BAKER ON CALEA (JoHo The Blog, 28 Sept 2004) -- Stewart is general counsel to the Commission on Intelligence Capabilties or the US Regarding WMD, but he’s speaking on behalf of himself. CALEA was pretty good as written, he says. “The problem with the FCC’s tentative conclusions is that it takes a statutory set of standards and turns it into a kind of commission mush.” “The one fundamental thing about regulating to give law enforcement access to new technology is that there’s a big cliff effect.” At some point the regulations stop. Are you going to tell Intel how to design their chips and Cisco how to design their routers? Eventually you got to a spot in the economy that’s beyond regulation. Where do you put the cliff? CALEA said they’d put it in rate-regulated industries. The FCC instead said that information services are exempt “sometimes.” That “mushy” response gives the FCC what it really wants: “Discretion to reach out and regulate a little more” to accommodate all the stakeholders. That means you can’t really know whether you’re regulated or not. CALEA sets a performance standard for companies as opposed to a type of input-output regulation. It says you must make your telecommunications — every call — isolatable and deliverable to law enforcement. We don’t care how you do it. You won’t be challenged until a law enforcement agency comes to you, which gives you some time to establish your business. The FCC, under pressure from enforcement agencies, instead demands that on Day One you have to have all the CALEA features the FBI wants. That will discourage innovation: You first have to sit down with the FBI and figure out how you’re going to meet every CALEA requirement from the beginning. The “substantial replacement” test that the FCC has adopted is “dangerous.” The original statute says that if your tech is going up as the PSTN is going down, then you are subject to CALEA. The FCC instead says that “substantial replacement” can be “decided in the abstract.” Anything that connects to you to the Internet is now a potential substantial replacement...wireless, maybe even private pbx connections, can be treated as covered by CALEA.

SUN’S SCHWARTZ GUNS FOR PATENT GLORIES (CNET, 30 Sept 2004) -- Sun Microsystems President Jonathan Schwartz, who speaks often of innovation in sales methods and not just technology, is seeking a patent on the company’s per-employee software pricing plan, CNET has learned. Other co-authors of the unpublished patent application, filed in July, are Chief Marketing Officer Anil Gadre and Director of Worldwide Marketing Aisling MacRunnels. In addition, Schwartz is co-author of two other patent applications relating to Sun’s three-dimensional Looking Glass user interface. The existence of two of Schwartz’s patent applications was disclosed in a filing with the Securities and Exchange Commission. The third patent application will be disclosed in a future filing, Sun said. Schwartz in 2003 introduced a new subscription pricing plan for Sun’s Java Enterprise System server software collection, charging $100 per year per employee and letting the customer use as much of the software as desired. A 1,000-employee company would pay $100,000 per year.

US SURFER’S WAVE TURNS INTO WHALE (BBC, 30 Sept 2004) -- A surfer in the US state of California says the wave he was riding on a recent trip turned out to be a whale. Spyros Vamvas, 60, from San Clemente, said he felt the ocean swirl - and was lifted up by the giant mammal. “I’m looking down, and there’s just swirling water and I see barnacles on the back of the whale,” Mr Vamvas told the Associated Press news agency. Witnesses said the whale put Mr Vamvas back on the water’s surface, turned and headed out towards the open sea. [Editor: You can be doing normal things and have marvelous, unexpected adventures, too.]

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School,
2. Edupage,
3. SANS Newsbites,
4. NewsScan and Innovation,
5. Internet Law & Policy Forum,
6. BNA’s Internet Law News,
7. The Ifra Trend Report,
8. Crypto-Gram,
9. David Evan’s “Internet and Computer News”,
10. Readers’ submissions, and the editor’s discoveries.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.

No comments: