Saturday, October 30, 2004

MIRLN -- Misc. IT Related Legal News [October 2004; v7.13]

**************Introductory Note**********************

MIRLN (Misc. IT Related Legal News) is a free product of the American Bar Association’s Cyberspace Law Committee. Please feel free to distribute this message.

Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at (click on “Settings” beside Members-Only Listserve Discussion). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN editions are archived at and in the public materials section of the Cyberspace Committee’s collaboration space at

**************End of Introductory Note***************

DIEBOLD LOSES KEY COPYRIGHT CASE (Wired, 30 Sept 2004) -- Students who sued Diebold Election Systems won their case against the voting machine maker on Thursday after a judge ruled that the company had misused the Digital Millennium Copyright Act and ordered the company to pay damages and fees. Lawyers for the students call the move a victory for free speech. A judge for the California district court ruled that the company knowingly misrepresented that the students had infringed the company’s copyright and ordered the company to pay damages and fees to two students and a nonprofit internet service provider, Online Policy Group. Last October, students at Swarthmore College in Pennsylvania posted copies and links to some 13,000 internal Diebold company memos that an anonymous source had leaked to Wired News. The memos suggested that the company was aware of security flaws in its voting system when it sold the system to states. Diebold sent several cease-and-desist letters to the students and threatened them with litigation, citing the Digital Millennium Copyright Act, or DMCA. Online Policy Group was also threatened after someone posted a link to the memos on a website hosted by the ISP. Diebold said the memos were stolen from a company server and that posting them or even linking to them violated the copyright law. The Electronic Frontier Foundation, which took on the case for the Online Policy Group, argued that the memos were an important part of the public debate on electronic voting systems.,2645,65173,00.html Decision at

U.N. WARNS OF NUCLEAR CYBER ATTACK RISK (, 27 Sept 2004) -- The United Nations’ nuclear watchdog agency warned Friday of growing concern about cyber attacks against nuclear facilities. The International Atomic Energy Agency (IAEA) announced in a statement that it was developing new guidelines aimed at combating the danger of computerized attacks by outside intruders or corrupt insiders. “For example, software operated control systems in a nuclear facility could be hacked or the software corrupted by staff with insider access,” the group said. The IAEA’s new guidelines on “Security of Information Technology Related Equipment and Software Based Controls Against Malevolent Acts” are being finalized now, said the agency. The announcement came out of the agency’s 48th annual general conference attended by 137 nations. Last year the Slammer worm penetrated a private computer network at Ohio’s idled Davis-Besse nuclear plant and disabled a safety monitoring system for nearly five hours. The worm entered the plant network through an interconnected contractor’s network, bypassing Davis-Besse’s firewall. News of the Davis-Besse incident prompted Rep. Edward Markey (D-MA) last fall to call for U.S. regulators to establish cyber security requirements for the 103 nuclear reactors operating in the U.S., specifically requiring firewalls and up-to-date patching of security vulnerabilities. By that time the U.S. Nuclear Regulatory Commission (NRC) had already begun working on an official manual to guide plant operators in evaluating their cybersecurity posture. But that document, finalized this month, “is not directive in nature,” says Jim Davis, director of operations at the Nuclear Energy Institute, an industry association. “It does not establish a minimum level of security or anything like that. That isn’t the purpose of the manual.” A related industry effort will establish management-level cyber security guidelines for plant operators, says Davis, who believes industry efforts are sufficient.

PUTNAM TO LEAVE GOVERNMENT REFORM FOR RULES COMMITTEE (GCN, 28 Sept 2004) -- Rep. Adam Putnam, the force behind much of Congress’ oversight of federal IT during the last two years, is moving from the House Government Reform Committee to the Rules Committee effective today. Putnam will take the place of Rep. Porter J. Goss, another Florida Republican, who left the committee and his Hill office last week to become the director of the CIA. Since January of last year, Putnam had been the chairman of the Government Reform Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census. During his tenure on the subcommittee, Putnam held more than 30 hearings on key IT topics, including the Quicksilver e-government projects, the role of federal CIOs, security, enterprise architecture, and investment control and planning. He also published two agency cybersecurity report cards and pressed industry for more accountability on systems security. Most recently, Putnam sponsored an amendment to the House’s 9/11 legislation to require that cybersecurity be included throughout the systems planning and development process. [Editor: Rep. Putnam was doing important work, well. He’ll be hard to replace.]

ARNOLD VETOES PRIVACY BILL (Wired, 30 Sept 2004) -- A California bill protecting the privacy of internet and e-mail usage at work met the red veto pen of Gov. Arnold Schwarzenegger on Wednesday. The would-be law, SB 1841, would have required the state’s employers to provide “clear and conspicuous” notice before electronically monitoring the e-mail or internet usage of employees. Not doing so would have become a misdemeanor in the California penal code. Schwarzenegger shot the bill down because businesses need to retain the perogative to monitor employee activities, his office said. “For business purposes, employers should have the ability to monitor employee activity in order to ensure (internet and e-mail) access is not being abused,” Schwarzenegger said.,1848,65152,00.html

U.S. CYBERSECURITY CHIEF ABRUPTLY RESIGNS, CITES FRUSTRATION (, 1 Oct 2004) -- The government’s cybersecurity chief has abruptly resigned from the Homeland Security Department amid a concerted campaign by the technology industry and some lawmakers to persuade the Bush administration to give him more authority and money for protection programs. Amit Yoran, a former software executive from Symantec Corp., made his resignation effective Thursday as director of the National Cyber Security Division, giving a single’s day notice of his intention to leave. He kept the job one year. Yoran has privately confided to industry colleagues his frustrations in recent months over what he considers the department’s lack of attention paid to computer security issues, according to lobbyists and others who recounted these conversations on condition they not be identified because the talks were personal. Yoran said Friday he ``felt the timing was right to pursue other opportunities.” It was unclear immediately who might succeed him even temporarily. Yoran’s deputy is Donald A. “Andy” Purdy, a former White House adviser on cybersecurity. [Editor: Richard Clark, Howard Schmidt, and now Amit Yoran – we keep losing the best and the brightest.]

-- and --

CYBER-SECURITY TO GET HIGHER-PROFILE LEADER (Washington Post, 13 Oct 2004) -- Homeland Security Secretary Tom Ridge said yesterday that the role of overseeing computer security and the Internet should have a higher profile at the agency, in the face of increasing concern from technology executives and experts that cyber-security is getting inadequate attention. Ridge told an industry council that advises the White House that the agency was creating a new position of assistant secretary to be responsible for both cyber- and telecommunications security, according to two executives who heard the remarks. But hours later, Homeland Security spokesman Brian Roehrkasse said that despite Ridge’s comments, final details on the title and responsibilities of the elevated position had not been decided. An administration source who spoke on the condition of anonymity later said Ridge misspoke; the job will instead be deputy assistant secretary.

U.S. OFFERS INTERNET DOWNLOADS OF NEW $50 BILL (, 1 Oct 2004) -- The U.S. government will offer over the Internet low-quality images of its new $50 bill for artists, students and others who discover that their computers, scanners or printers won’t allow them to view or copy pictures of the new currency. Uncle Sam is making sure that computers won’t cooperate with would-be counterfeiters -- even as it tries to accommodate consumers who legitimately want or need images of the currency. The government said it also will consider individual requests for higher-quality images -- such as might be used in commercial art projects. The low-quality images, suitable for school projects and other uses, will be available free at, a Web site run by the Bureau of Engraving and Printing. The new $50 bill was introduced this week.

COURT TO REHEAR EMAIL PRIVACY CASE (LinuxElectrons, 5 Oct 2004) -- The First Circuit Court of Appeals decided today to rehear arguments in a case that could have a profound effect on email privacy. Last month, the Electronic Frontier Foundation (EFF) submitted a friend-of-the-court brief in the case, US v. Councilman, urging such a rehearing. In the earlier decision, a panel of First Circuit judges ruled that an email service provider did not violate criminal provisions of the Wiretap Act by monitoring the content of users’ incoming messages without their consent. However, the Wiretap Act is the same law that requires the government to get a wiretap order before intercepting emails, and the panel decision could be read to eliminate this requirement. As the panel itself admitted, “it may well be that the protections of the Wiretap Act have been eviscerated as technology advances.” The brief requesting a rehearing, authored by law professors Orin Kerr and Peter Swire and cosigned by a number of civil liberties organizations, argued that the original panel decision in the Councilman case should be reheard by the entire First Circuit Court of Appeals. “The First Circuit clearly understands the need to quickly reconsider the court’s earlier ruling, which raised significant constitutional questions and threatened to disrupt the traditional understanding of wiretap law,” said Kevin Bankston, EFF attorney and Equal Justice Works/Bruce J. Ennis fellow. “Upon rehearing the case, the full First Circuit should recognize that the original decision rewrote the field of Internet surveillance law in ways that Congress never intended.” Friend-Of-The-Court Brief at

FIRMS FAILING ON SECURITY: STUDY (AustralianIT, 7 Oct 2004) – Global corporations are failing to safeguard their information networks against potent threats from viruses, worms and especially their own employees, according to a report by consultancy firm Ernst and Young. The Global Information Security Survey found that while corporate leaders were increasingly aware of the risks to their information security from people within their organisations they are not acting on that knowledge. “More than 70 per cent of the companies surveyed failed to list training and raising employee awareness about information security issues as a top initiative,” the report said. Ernst and Young polled more than 1,233 organisations from across 70 countries. There were 69 respondents from India, making it the second-largest country sample. “While organisations remain focused on external threats such as viruses the internal threats are constantly being under-emphasised,” said Terry Thomas, partner, Ernst and Young’s Risk and Business Solution Practice.,7204,10997993%5E15331%5E%5Enbv%5E15306-15319,00.html

THE PROPOSED FEDERAL E-DISCOVERY RULES (Findlaw, Oct 2004; commentary by Prof. Anita Ramasastry) -- In recent lawsuits, the proverbial smoking gun may not be an interoffice memorandum found in a locked file cabinet. Instead, it may be an e-mail message stored and forgotten on someone’s hard drive. This reality has significantly altered discovery - the process by which parties to a litigation request documents from each other; produce documents to each other; and serve and answer each other’s interrogatories and requests for admission. Accordingly, on August 15, the federal judiciary disseminated a proposed set of rules to govern “e-discovery” - that is, the exchange of electronic information in litigation proceedings. At present, at least four federal district courts have adopted local rules to address e-discovery. Two states have also court rules that specifically address e-discovery. The proposed federal amendments would be the first attempt to create a coherent set of rules for the entire federal judiciary. The proposal, if adopted, would amend the Federal Rules of Civil Procedure (FRCP), which govern all federal civil litigation -- and would take effect by December 1, 2006. Currently, we are within the six-month period during which comments on the rules can be made to the Advisory Committee on Federal Rules. In this column, I will comment on the strengths and weaknesses of the draft e-discovery rules. * * *

PRESCRIPTION DRUGS ONLINE (Pew Internet & American Life, 10 Oct 2004) -- The prescription drug market is enormous and now includes millions of Americans who go online to get information about the medicines they consume. According to a May-June 2004 telephone survey of 2,200 American adults, 64% of American households contain a regular user of prescription drugs. One in four Americans (26%) has used the internet to look for information about prescription drugs. Just 4% of Americans have ever purchased prescription drugs on the internet. Prescription drug spam plagues many internet users – especially men. (full report at

ALLEGED SPAMMER SETTLES WITH MASSACHUSETTS (CNET, 11 Oct 2004) -- DC Enterprises has agreed to settle a spam-related case with the Massachusetts Attorney General’s office, marking a resolution of the first state case under the federal Can-Spam Act, state regulators announced Monday. Under the case, filed in June, Massachusetts Attorney General Tom Reilly alleged that DC Enterprises and Carson sent thousands of unsolicited commercial e-mails touting low-interest mortgages. But the bulk e-mails allegedly failed to provide a working “opt out” provision that would have allowed recipients to prevent future e-mails, did not clearly identify the notices as advertisements and used a nonfunctioning return address--all of which violate provisions of the Can-Spam Act and the Massachusetts Consumer Protection Act.

U.S. FUNDS CHAT-ROOM SURVEILLANCE STUDY (, 11 Oct 2004) -- Amid the torrent of jabber in Internet chat rooms - flirting by QTpie and BoogieBoy, arguments about politics and horror flicks - are terrorists plotting their next move? The government certainly isn’t discounting the possibility. It’s taking the idea seriously enough to fund a yearlong study on chat room surveillance under an anti-terrorism program. A Rensselaer Polytechnic Institute computer science professor hopes to develop mathematical models that can uncover structure within the scattershot traffic of online public forums. Chat rooms are the highly popular and freewheeling areas on the Internet where people with self-created nicknames discuss just about anything: teachers, Kafka, cute boys, politics, love, root canal. They are also places where malicious hackers have been known to trade software tools, stolen passwords and credit card numbers. The Pew Internet & American Life Project estimates that 28 million Americans have visited Internet chat rooms. Trying to monitor the sea of traffic on all the chat channels would be like assigning a police officer to listen in on every conversation on the sidewalk - virtually impossible. Instead of rummaging through megabytes of messages, RPI professor Bulent Yener will use mathematical models in search of patterns in the chatter. Downloading data from selected chat rooms, Yener will track the times that messages were sent, creating a statistical profile of the traffic.

JUSTICE DEPT. WANTS NEW ANTIPIRACY POWERS (ZDnet, 12 Oct 2004) -- The U.S. Justice Department recommended a sweeping transformation of the nation’s intellectual-property laws, saying peer-to-peer piracy is a “widespread” problem that can be addressed only through more spending, more FBI agents and more power for prosecutors. In an extensive report released Tuesday, senior department officials endorsed a pair of controversial copyright bills strongly favored by the entertainment industry that would criminalize “passive sharing” on file-swapping networks and permit lawsuits against companies that sell products that “induce” copyright infringement. “The department is prepared to build the strongest, most aggressive legal assault against intellectual-property crime in our nation’s history,” Attorney General John Ashcroft, who created the task force in March, said at a press conference in Los Angeles on Tuesday afternoon. In an example of the Justice Department’s hunger for new copyright-related police powers, the report asks Congress to introduce legislation that would permit wiretaps to be used in investigating serious intellectual-property offenses and that would create a new crime of the “importation” of pirated products. It also suggests stationing FBI agents and prosecutors in Hong Kong and Budapest, Hungary, to aid local officials and “develop training programs on intellectual-property enforcement.” Report at

YOU NEED A ROBOLAWYER (Wired, 13 Oct 2004) – I have a recurring nightmare. Microsoft CEO Steve Ballmer shows up on my doorstep demanding my left kidney, claiming that I agreed to this in some “clickwrap” contract. In my waking life, I am inundated with such agreements - privacy policies, downloading poliicies, security policies, software licensing agreements - all vying for my assent. As a lawyer, I write these contracts for clients, but I must confess that I never read them online. Who has the time? Unfortunately, the law assumes we all do - and that by clicking, we are “agreeing” to the unread privacy policy, to spyware being installed on our systems, or to pornographic pop-up ads. Almost every site has terms and conditions; as a result, regular Internet users are faced with dozens of such agreements a week. Some come in the form of the ubiquitous “I Agree” button, others in the form of prose hidden at the bottom of the homepage under the moniker “Legal.” Increasingly, companies have been putting some pretty nasty things into their clickwrap agreements - such as that they can collect and sell your detailed personal information or install software that will capture your every keystroke. A few firms have you agree that, even if they violate their own promises to secure your information, you won’t ever sue. This is not legal boilerplate, the kind that everybody assents to when renting a car or buying a ticket to a ball game. It affects the privacy, security, and operability of all the information you access online. What is needed - desperately - is a law robot. A browser-based automaton that could be adjusted to match your tolerance for legal mumbo jumbo. Take privacy agreements, for example: The browser could be set to share your identity only with sites that promise to use the information solely to complete your purchase, or that agree not to share it with third parties, or any of a host of options. Web site operators would use a similar query-based method to set up their privacy policies. Of course, they could write their own language, but they would then run the risk that your robolawyer wouldn’t accept it.

NY CT REFUSES TO ENFORCE AOL FORUM SELECTION CLAUSE (BNA’s Internet Law News, 14 Oct 2004) -- BNA’s Electronic Commerce & Law Report reports that a New York Civil Court has refused to enforce a forum selection clause in AOL’s terms of service that gives Virginia courts exclusive jurisdiction to resolve disputes between AOL and its users. The court ruled that the clause violates New York public policy favoring small claims court adjudication of low-dollar claims. Case name is Scarcella v. AOL.

-- and --

CLICKWRAP’S FORUM SELECTION CLAUSE APPLIED TO TORT CLAIM (BNA’s Internet Law News, 28 Oct 2004) -- BNA’s Electronic Commerce & Law Report reports on Mortgage Plus v. DocMagic, a Kansas district court case that held that a forum selection clause contained in a software license agreement is broad enough to encompass a tort claim arising from the use of the software. The court also upheld the enforceability of the clickwrap agreement, distinguishing an earlier Kansas case that held unenforceable a shrinkwrap agreement.

E-COMMERCE EXPERTS: YOU AIN’T SEEN NOTHING YET (CNET, 15 Oct 2004) -- Some Internet pioneers who survived the roller-coaster of the dot-com boom and bust said Friday that the ride has only just begun. Much work and much opportunity lie ahead for e-commerce companies, executives from Yahoo, VeriSign and CNET Networks (publisher of said during a panel discussion here on Friday to commemorate the 10-year anniversary of e-commerce. “We haven’t even started yet; we’re really in ‘E-commerce 101,’” said Dan Rosensweig, chief operating officer of Yahoo. “I think this is going to get really fun in the next 10 years.” Though the date is debatable, it’s thought that the first secure e-commerce transaction took place sometime in the summer of 1994. A company called NetMarket, now owned by Cendant, claimed it conducted the first encrypted Web transaction on Aug. 11, 1994, with the sale of the Sting CD “Ten Summoner’s Tales.” Since then, e-commerce has become a relatively small, but booming sliver of the United States economy. According to Department of Commerce figures, e-commerce accounted for 1.7 percent of all U.S. consumer sales in the second quarter of 2004. The panelists were enthusiastic on Friday about the prospects of increasing that amount closer to a double-digit figure, despite growing fears over identity theft, fraud, privacy invasion and online nuisances such as viruses, worms and spam that have taken root on the Web right along side online shopping. The panelists offered an array of ideas about how e-commerce might evolve in positive ways over the next few years. Most speakers agreed that the sales of music, movies, games and other digital products represent one of the most exciting and dynamic areas of e-commerce. Internet visionaries are also working on ratcheting up so-called personalization and localization technology to make Web sites anticipate a shopper’s every need wherever they happen to be. Another holy grail is the prospect of luring consumers to shop over their cell phones--a big trend in Asian countries that hasn’t caught on as much in the United States. Rosensweig and Bonnie predicted that Web logs and online communities such as Friendster would come to incorporate e-commerce features through “favorites” lists for music and games. The panelists agreed that online auctions and the migration of electronic transactions from proprietary Electronic Data Interchange networks to the Internet, will continue to grow and thrive.

BRITISH COURT ORDERS IDS OF DOWNLOADERS (AP, 15 Oct 2004) -- The High Court in London has ordered Internet service providers to hand over the names and addresses of 28 alleged music pirates to Britain’s trade body for the recording industry. The British Phonographic Industry Ltd., or BPI, Friday welcomed the court order by Justice William Blackburne as the first step to suing people it accuses of promoting the illegal downloading of copyrighted music. The ruling is a victory for both the BPI and its umbrella organization, the International Federation of the Phonographic Industry, IFPI, which announced earlier this month that its affiliates were filing a total of 459 lawsuits against alleged Internet pirates in Britain, France, Germany, Denmark, Italy and Austria. The lawsuits target people alleged to have put hundreds of copyright songs onto Internet file-sharing networks and offered them to millions of people worldwide without permission. The IFPI claims piracy is behind a global slump in music sales that began in 2000. It says worldwide sales of recorded music fell 7.6 percent in 2003, following a similar drop the previous year. U.S. music sales have been on the rebound since fall 2003. The court order issued Thursday by Blackburne requires the service providers, or ISPs, to identify the 28 individuals within two weeks. The BPI called the 28 “major file-sharers” who were providing an estimated 7 million British people, and unknown millions worldwide, with illegal downloads of music.

COURT ORDERS NEW PROTECTIONS IN RIAA SUITS (BNA’s Internet Law News, 28 Oct 2004) -- A Pennsylvania district court has issued an order that will force the RIAA to better respect the privacy and due process rights of people it has accused of copyright infringement. After the RIAA asked the court to issue subpoenas to ISPs for the names and addresses of people they suspect of infringement, the court issued an order that the ISPs must first send their customers detailed notices about the subpoenas, including information about how the accused suspects can contest the subpoenas. Order at

3 STATE UTILITIES MAY OFFER INTERNET VIA POWER LINES (, 16 Oct 2004) -- Clearing the way for homes and businesses to receive high-speed Internet services through their electrical outlets, the Federal Communications Commission adopted rules this week that would enable the utility companies to offer an alternative to the broadband communications services now provided by cable and phone companies. And at least two of Washington state’s utilities are rolling out pilot projects in central and Eastern Washington or planning to. And a third, Seattle City Light, is moving in that direction. The new broadband Internet service is more than a year away from becoming widely available. But the FCC’s ruling is expected to significantly increase the level of investment and interest by the utilities, which had been stymied in previous attempts to offer new services over power lines. They reach more American homes than either telephone lines or television cables. So far, the technology has been limited mainly to experiments around the country, although a commercial version recently became available in some communities near Cincinnati.

WIKI WARS (, 14 Oct 2004) -- Wikis, touted as the next big thing in online content, have become the latest battleground in the presidential election as users of online encyclopedia Wikipedia, the best-known wiki, squabble over entries related to President George W. Bush and Democratic challenger John Kerry, the junior senator from Massachusetts. Disputes over content related to Mr. Bush and Mr. Kerry have been growing since August, prompting the popular reference site’s administrators to warn users last month that election-related entries may be the focus of “contention and debate – possibly diminishing their neutrality.” Wikis like Wikipedia are web sites that encourage users to share information by allowing them to freely write and edit content. Wikipedia community members held an online town hall meeting last month to try to solve the disputes over the entries, to no avail. Meanwhile, Wikipedia’s administrators are periodically “freezing” contentious pages – locking out any edits for brief periods of time. Since May, Wikipedia’s Mr. Kerry entry has been frozen at least seven times, while its Mr. Bush page has been locked down almost as often. Indeed, entries for Mr. Bush and Mr. Kerry have become the most contentious in the history of Wikipedia, said Wikipedia creator Jimmy Wales, president of the Wikipedia Foundation, which is based in St. Petersburg, Florida. Mr. Bush and Mr. Kerry have created even more debate than entries for sex and religion. As of October 8, Wikipedia’s President Bush entry had been tweaked 3,953 times. Its entry for Senator Kerry had been modified 3,230 times. By contrast, Wikipedia’s article on Jesus has only been edited 1,855 times since the site’s inception in 2001.

-- and --

SITE SEEKS TO SPUR POLITICAL AD SWAPS (CNET, 19 Oct 2004) -- Voters in political ad-saturated swing states might want to avoid the P2P Politics Web site, which aims to let people swap campaign commercials via e-mail. But for anyone who has missed the ads now barraging battleground states with all the relentlessness of a Florida hurricane, a trip to the new civic-minded site might be in order. The new Web site is backed by Stanford professor Lawrence Lessig and his Creative Commons foundation, which promotes a version of copyright that facilitates widespread distribution and use of content. “Political ads have one purpose,” Lessig said in a statement. “That is to elect the candidate they support. With just...two weeks to go, we expect the campaigns will be eager to help their supporters get the message out.” Indeed, although the site’s role in shifting voters’ opinions is likely to be small, it is a real part of what has been a radical transformation in campaigning and political awareness this year due to the Internet.

WEST VIRGINIA TO START GRID (, 14 Oct 2004) -- This fall, West Virginia will launch its Global Grid Exchange, an open public infrastructure that will bring together idle or unused computer processing power throughout the state. The grid is funded through the state’s Economic Development Authority, and developed under the West Virginia High Technology Consortium Foundation. Participants hope that bringing together unused computing resources via the Internet will create a grid that provides a common and inexpensive infrastructure for government, academia and industry. According to state officials, the Global Grid Exchange will be the largest public computing grid in the world. “The response to this effort from around the state has been incredible, resulting in an amazing commitment of donated computing resources — from PCs to mainframes — that will help power the Global Grid Exchange,” Gov. Bob Wise said in a statement. Initially, the infrastructure will be available for economic development initiatives within West Virginia, but the goal is to open it to anyone around the world, said James Estep, president and chief executive officer of the foundation. The concept of grid computing, which focuses on distributed computational power, has been around for decades. One of the most famous is the Search for Extraterrestrial Intelligence project, which uses idle processing power on computers around the world connected through the Internet.

NSA PLOTS SOFTWARE CENTER (FCW, 15 Oct 2004) -- The National Security Agency’s top information security official disclosed plans this week for a government-funded research center devoted to improving the security of commercial software, calling the initiative a modern-day Manhattan Project. Comparing the proposed high-assurance software initiative to the famous atomic bomb research project of the 1940s, NSA’s director for information assurance, Daniel Wolf, said the research would focus on tools and techniques for writing secure software and detecting malicious code hidden in software. Before NSA officials can create the center, the Defense secretary must approve the concept and find money for the project, Wolf said. He gave the keynote address at the Microsoft Corp. Security Summit East in Washington, D.C., earlier this week. The quality and trustworthiness of commercial software has become a matter of increasing concern to NSA officials, who are responsible for the security of Defense Department and intelligence software. NSA officials anticipate that many companies on whose software DOD and intelligence users rely will be moving significant portions of their commercial software development overseas within a few years. NSA officials cannot force companies to develop software a certain way, Wolf said, “but we would like to get them to a point where they are producing commercial products that meet the needs of our users.” About 95 percent of the agency’s desktop PCs run Microsoft’s Windows operating system, Wolf said.

DRAFT EU ANTI-TERROR PLAN CALLS FOR RETENTION OF DATA FOR 12 MONTHS (, 15 Oct 2004) -- European Union governments are pushing through contentious new plans to retain data from telephone calls and e-mails for a minimum period of 12 months as part of new anti-terrorist and cybercrime proposals. The plan would not include the recording of actual calls -- only at what times calls or e-mails were sent and to whom. A draft proposal for new data retention rules, obtained by The Associated Press on Friday, calls for EU-wide standards on what data can be accessed by authorities in criminal and anti-terror investigations. The proposal, an update of one first submitted in April by Britain, France, Sweden and Ireland, aims to harmonize existing rules and standardize access to such data for all EU governments. EU leaders made the proposal one of their key anti-terror priorities at a summit following the March 11 rail bombings in Madrid and set a June 2005 deadline to have a new law on the books. In a move that has angered privacy advocates and industry, the draft calls for telecommunications providers to retain their records for at least 12 months in case police investigators need to check them. The draft acknowledges it ``may constitute an interference in the private life of the individual” but says the regulation, if approved, would not violate privacy rules. A report backed by some 90 privacy advocate groups and 80 companies said collecting such data was ``an invasive act.” The groups say the proposal would violate European human rights conventions. Industry groups, meanwhile, fear it will have to foot the bill for keeping the data, and that not enough consultation is being done.

PRINTERS BETRAY DOCUMENT SECRETS (BBC, 18 Oct 2004) -- US scientists have discovered that every desktop printer has a signature style that it invisibly leaves on all the documents it produces. They have now found a way to use this to identify individual laser printers. The work will help track down printers used to make bogus bank notes, fake passports and other important papers. Before now it was thought that the differences between cheap, mass-produced desktop printers were not significant enough to make individual identification possible. But a team from Purdue University in Indiana led by Professor Edward Delp has developed techniques that make it possible to trace which printer was used to produce which document. In 11 out of 12 tests, the team’s methods identified which model of desktop laser printer was used to print particular documents. “We also believe that we will be able to identify not only which model of printer was used but specifically which printer was used,” Professor Delp said. and;jsessionid=XB3UF3S22L1UYQSNDBGCKHSCJUMEKJVN?articleID=49901439&site_section=700031

WEBSITE ACCESSIBILITY - UK AND US DEVELOPMENTS (Morrison & Foerster, 18 Oct 2004) -- In countries where access to the Internet is widespread, there are still substantial segments of the population who are at risk of being marginalized because of the way the web is being designed and built. Users with hearing or sight-related disabilities, and those with restricted mobility, often cannot access the web. Common problems like the inability to adjust font sizes for text displays, the lack of alternative audio and visual content, and poor navigational structures requiring multiple mouse-clicks, all contribute to a lack of accessibility for these users. Like many organizations today, MoFo is currently evaluating and redesigning its site to enhance its performance and ensure accessibility for all users.

A HITCH IN OFFERING ONLINE PRICES (New York Times, 18 Oct 2004) – and other newly minted companies want to end the traveler’s frustration at scanning multiple Web sites to find the cheapest prices for flights, hotels and car rentals. Whether those sites will allow such searches is another matter. Travel search engines take aim at the most headache-inducing task for online shoppers: examining numerous major e-travel agency sites, like Expedia, Orbitz and Travelocity, as well as airline, hotel and car rental company sites, to find the best prices. Kayak and its chief competitors,, and Yahoo, conduct those searches on their customers’ behalf, and highlight the cheapest fare. (Another search site,, charges a fee for bookings.) Yet not all travel agencies and suppliers want the search engines to scan their sites, arguing that services should not be compared on price alone. As a result, the search sites could miss some bargains, forcing travelers to continue shopping. Steve Hafner, Kayak’s chief executive, suggested that this will not be a long-term problem. “It’s a rare supplier that doesn’t want their services marketed to consumers,” he said. “Until we can show a little more information about some of the products, we won’t get all the suppliers involved. But I haven’t encountered a site that says ‘Please don’t show us in your results.’” But at least one company is saying just that. Travelocity’s chief executive, Michelle Peluso, said that Kayak was posting her site’s fares without the company’s consent and that she would contact Kayak soon to determine how and when the data would be removed. “We’ll evaluate it over time, but I’m not convinced that any of them are good for consumers, suppliers or us,” Ms. Peluso said. “I see these as commoditizing travel at a time when we’re working hard with suppliers to go in the opposite direction.” Aside from undermining the sites’ claims about finding the lowest available fares, Travelocity’s abstention would eliminate a source of revenue. In addition to advertising fees, travel search sites typically earn commissions for bookings or for delivering prospective customers to other companies.

KEYCHAIN REMOTE CONTROL TURNS OFF MOST TVS (AP, 19 Oct 2004) -- A lot of people love television but apparently some people have had enough of it, too. A new keychain gadget that lets people turn off most TVs — anywhere from airports to restaurants — is selling at a faster clip than it would take most people to surf the channels on their boob tubes. “I thought there would just be a trickle, but we are swamped,” the inventor, Mitch Altman of San Francisco, said Monday in an interview. “I didn’t know there were so many people who were into turning TV off.” Hundreds of orders for Altman’s $14.99 TV-B-Gone gadget poured in Monday after the tiny remote control was announced in Wired magazine and other online media outlets. At times, the unexpected attention overloaded and crashed the Web site of his company, Cornfield Electronics. The keychain fob works like a universal remote control but one that only turns TVs on or off. With a zap of a button, the gizmo goes through a string of about 200 infrared codes that controls the power of about 1,000 television models. Altman said the majority of TVs should react within 17 seconds, though it takes a little more than a minute for the gizmo to emit all the trigger codes.

PAY-AS-YOU-GO SOFTWARE LICENSING GOING SLOW (CNET, 19 Oct 2004) -- Pay-as-you-go software might sound like a fine idea in principle, but it’s a bear to put into practice. That was the gist of conversation at the SoftSummit conference, as software executives discussed the promise and reality of utility computing and subscription pricing. Utility computing, a tech buzzword, essentially promises that a company will have to pay for only the computing resources it actually uses, dramatically cutting costs and improving efficiency. Sounds good on paper, but both software makers and customers have been slow and inconsistent in committing to the model, for reasons ranging from economics to privacy. For the software industry, utility pricing poses a threat to the bottom line, said Jason Maynard, an analyst at Merrill Lynch. It’s hard to precisely predict software needs, and under standard perpetual license models, that usually results in drastic overbuying. “We have an industry that’s still addicted to the crack of perpetual licensing,” Maynard said. That’s why utility pricing, to date, has largely been restricted to upstarts like, where the whole business model is built around alternative pricing, he said. “I don’t think you’re going to see the big vendors change out of inspiration,” Maynard said. “This is going to be a slow transition that happens as customers demand this.” Also, usage-based pricing is new and thus inspires all sorts of novel legal issues, said Erik Larson, director of product management for software maker Macromedia. That means lengthy contracts that are expensive for software makers to hash out, making them reluctant to apply utility pricing to all but their biggest accounts. “People don’t think much about the end-user agreement that comes with a perpetual license, even though it’s a big legal contract, because the terms are pretty familiar, at this point,” he said. “With utility pricing, by its nature, everything’s different. Those contracts are 200 pages and take a whole team of lawyers to work out.” One of the biggest areas for potential dispute is what gets measured and how. Software usage can be volatile and hard to predict, and coming up with a metering scheme fair to all is a fine balancing act, said David Rowley, vice president of business development for copy protection specialist Macrovision. “When you go in and lease a car, the contract says so many cents per mile, and people have a pretty good idea of how much they’re going to drive in a year,” Rowley said. “Software isn’t necessarily like that.” Customers may also have issues with how much information the software maker gets to collect. Usage patterns for key applications can provide valuable information on a company’s business plans, making companies reluctant to share such data, even with the folks who made the application, said Rowley, likening the situation to telling Sprint, “you can keep track of my minutes but not whom I’m calling.” Dan Griffith, software asset manager at Motorola’s Freescale Semiconductor subsidiary, said there’s big business awaiting whoever comes up with the software equivalent of an electricity meter. “As the utility model moves forward, somebody needs to make a meter the customer accepts and the vendor accepts,” he said.

FCC CHAIR TO SEEK NET TELEPHONE OVERSIGHT (AP, 19 Oct 2004) – FCC Chairman Michael Powell said Tuesday that he would seek broad regulatory authority for the federal government over Internet-based telephone services to avoid stifling the emerging market. Powell told a receptive audience at an industry conference that letting states regulate Voice over Internet Protocol,or VoIP, services would lead to a patchwork of conflicting rules like those which have ensnarled the traditional phone business for decades. To do so, Powell said, “is to dumb down the Internet back to the limited vision of government officials. That would be a tragedy.” After his speech, Powell told reporters he expected to introduce a proposal to the full Federal Communications Commission (news - web sites) in less than a month, and definitely before a new Congress begins its session in January. “We cannot avoid this question any longer,” he said. “It is very likely that treatment of VOIP will have some of the farthest reaching consequences of anything this commission has done or will do.”

ISRAELI DRAFT BILL TO LEGALIZE CD BURNING FOR PRIVATE USE (GLOBESonline, 20 Oct 2004) -- The Ministry of Justice is proposing a draft bill to legalize CD burning for private use. The ministry yesterday published a draft Copyright Law (Duplication of Material) to legalize the private copying of music CDs, provided that it is done on stipulated types of media. A fee will be paid to the holders of the copyright, performers and recording producers for these types of media. The purpose of the draft bill is to settle in a balanced manner the widespread private copying of music. In discussions prior to the publication of the draft bill, Minister of Justice Joseph (Tomy) Lapid stated that the legal authorities should make it clear to the public that the copying of CDs was permitted for private use, and did not infringe copyrights. At the same time, royalties should be set to be paid to artists and producers who invest their best time, money and talent in their creations, and have the right to be paid for their work.

GOOGLE TAKES ON YOUR DESKTOP (New York Times, 21 Oct 2004) – The modern PC is a marvel, isn’t it? Here’s a machine that lets an ordinary person with very little training create a new document, check its spelling, dress it up with graphics, send it electronically to someone across the globe - and then save it accidentally into some dark corner of the hard drive, where it will never be seen again. Of course, every operating system offers a Find command. But the one in Windows is not, ahem, Microsoft’s finest work. Last week, Google took the wraps off its latest invention: Google Desktop Search. As the name implies, it’s software that applies the famous Google search technology to the stuff on your own hard drive. It’s free, it’s available right now for Windows XP and 2000 (, and it’s terrific. Like the Windows search program, Google Desktop can find files by name, including photos, music files and so on. But it can also search for words inside your files, including Word, Excel and PowerPoint documents. That’s a relief when you can’t remember what you named a file, but you do remember what it was about - or when a marauding toddler renamed your doctoral thesis “xggrjpO#$5%////.” (Windows offers this feature, too, but it’s hard to find, hard to turn on and poorly documented.) For its final trick, Google Desktop does something so profound it may change the way you think about your PC forever: It can search any Web page you’ve ever seen, any e-mail message you’ve opened and the transcript of any instant-message chat you’ve had. * * * [You] can also turn off any of the searchable item types. If, for example, you’d rather not make your Web-surfing sessions available for searching by other family members, turn off that feature. You can also omit only secure Web pages from the log, so that your banking and stock transactions aren’t available for recall. (Even so, corporations should carefully consider the security ramifications of Google Desktop’s logging features.) and

E.U. STRUGGLES WITH NEW RULES FOR SOFTWARE PATENTS (IEEE, Oct 2004) -- The European Union Directive on the Patentability of Computer-Implemented Inventions passed by the European Parliament in September 2003 was approved by the EU Council of Ministers four months ago, on the proviso that the bill was amended to better support the award and enforcement of software patents for large companies. Whereas the Council’s version considers protecting patents for software that supplies a technical contribution, which computer science patent attorney Guy Gosnell says is more in keeping with software patentability tactics employed by the United States and others, Parliament’s version mandates tougher restrictions on the patentability of computer-implemented inventions. “The [Council’s] directive...appears to recognize the investment that is generally required for software development and to provide a mechanism for securing patent protection on the resulting software, such that the developer can recoup and perhaps make a return on its investment,” Gosnell notes, adding that Parliament is unlikely to approve the Council’s version. Open source groups and veteran software industry members such as Catalyst Software’s Robert Cochran applaud Parliament’s position: Cochran considers copyright the better approach to protecting software, as it is almost free to deploy and shields the original author’s rights while still offering a wide latitude for innovation and development. He explains that patent rights are assigned from the date of the initial patent claim rather than the date of invention, which is problematic for software; in addition, many companies cannot afford the costs of patenting, while properly assessing software-related applications is a tough job for patent examiners. Cochran warns that the Council’s version of the directive carries with it the threat of “preemptive patent-based attacks” on software. Both the Council and Parliament versions ban the patentability of business methods.

AMERICAN PASSPORTS TO GET CHIPPED (WIRED, 21 OCT 2004) -- New U.S. passports will soon be read remotely at borders around the world, thanks to embedded chips that will broadcast on command an individual’s name, address and digital photo to a computerized reader. The State Department hopes the addition of the chips, which employ radio frequency identification, or RFID, technology, will make passports more secure and harder to forge, according to spokeswoman Kelly Shannon. “The reason we are doing this is that it simply makes passports more secure,” Shannon said. “It’s yet another layer beyond the security features we currently use to ensure the bearer is the person who was issued the passport originally.” But civil libertarians and some technologists say the chips are actually a boon to identity thieves, stalkers and commercial data collectors, since anyone with the proper reader can download a person’s biographical information and photo from several feet away. “Even if they wanted to store this info in a chip, why have a chip that can be read remotely?” asked Barry Steinhardt, who directs the American Civil Liberty Union’s Technology and Liberty program. “Why not require the passport be brought in contact with a reader so that the passport holder would know it had been captured? Americans in the know will be wrapping their passports in aluminum foil.” Last week, four companies received contracts from the government to deliver prototype chips and readers immediately for evaluation. Diplomats and State Department employees will be issued the new passports as early as January, while other citizens applying for new passports will get the new version starting in the spring. Countries around the world are also in the process of including the tags in their passports, in part due to U.S. government requirements that some nations must add biometric identification in order for their citizens to visit without a visa.,1848,65412,00.html

ETHICS CODE WRITTEN TO REPROGRAM TECH INDUSTRY (CNET, 21 Oct 2004) -- Hewlett-Packard, IBM and Dell joined a host of electronics makers Thursday in an effort to promote a unified code of socially responsible business practices across the world. The new Electronics Industry Code of Conduct governs areas such as labor practices, health and safety and environmental protection. The code replaces several codes used before, making it easier for suppliers to comply and for auditors to check that compliance, HP said in a statement. Any electronics supplier is free to adopt the code, and HP expects other companies to do so. Among the requirements of the code: Bribes, embezzlement and extortion are prohibited; intellectual property must be protected; child labor is prohibited; wasted water and energy must be minimized; hazardous materials must be handled safely; pollutants must be monitored and treated; and occupational injuries must be reported. Several electronics manufacturers collaborated in writing the code, including Celestica, Flextronics, Jabil, Sanmina-SCI and Solectron.

SAN FRANCISCO SETS GOAL OF FREE CITYWIDE WIFI (Reuters, 21 Oct 2004) -- San Francisco Mayor Gavin Newsom set a goal on Thursday of providing free wireless Internet activity in his city that sees itself as a vanguard of the Internet revolution. “We will not stop until every San Franciscan has access to free wireless Internet service,” he said in his annual state of the city address. “These technologies will connect our residents to the skills and the jobs of the new economy.” “No San Franciscan should be without a computer and a broadband connection.” He said the city had already made free WiFi service available at Union Square, a central shopping and tourist hub, and would add access to several other sections of the city including Civic Center around City Hall.

EC ISSUES WORKING DOCUMENT ON SAFE HARBOR AGREEMENT (BNA’s Internet Law News, 25 Oct 2004) -- The European Commission has released a staff working document that reports on the implementation of the EU Data Privacy Directive’s Safe Harbor Agreement with the United States. The report notes that there is non-compliance among some companies, but does not call for a termination of the agreement. Report at

JUDGE TOSSES FLA. E-VOTING PAPER TRAIL SUIT (Washington Post, 25 Oct 2004) -- Florida does not need to create a paper record for touch-screen voting machines in case recounts are needed in tight races, a federal judge ruled Monday, upholding the state’s emergency rule that set standards for e-voting recounts. Touch-screen machines “provide sufficient safeguards” of constitutional rights by warning voters when they have not cast votes in individual races and allowing them to make a final review of their ballots, U.S. District Judge James Cohn ruled. Rep. Robert Wexler, a Democrat, had sought either a paper record for manual recounts in close elections like the contentious 2000 presidential race or an order switching voters in 15 counties from touch-screens to optically scanned paper ballots by 2006. He wanted a way to help determine voter intent when no votes were recorded, known as “undervotes.” The judge found there was no constitutional violation in a touch-screen recount rule issued by the state Oct. 15. That rule replaced one thrown out in August by a state judge. The current requirement is to determine “voter choice,” which the state maintains is whatever is recorded on a touch-screen machine when a voter presses the final button. [Editor: Without: (a) public examination of underlying source code; and (b) assurance that such code has been loaded into these machines, there will remain the possibility that “voter choice” has been compromised by software errors or malfeasance. Paper records are the easiest way to assure integrity here. “Trust, but verify!” See]

RULING ON REFILLED PRINTER CARTRIDGES TOUCHES DMCA (CNET, 26 Oct 2004) -- In a closely watched case involving the Digital Millennium Copyright Act, a federal court has ruled that a small North Carolina company can continue selling a chip that makes it possible to use refilled toner cartridges in Lexmark printers. A federal appeals court overturned on Tuesday a preliminary injunction that barred Sanford, N.C.-based Static Control from selling its Smartek chip. Static, which sells printer parts and other business supplies, has been defending a lawsuit brought by Lexmark, the No. 2 maker of printers in the United States. The suit claims the Smartek chip violates the DMCA, and Lexmark hopes the case will slam the brakes on the toner cartridge remanufacturing industry and compel consumers to buy its cartridges. Ed Swartz, Static’s CEO, said in a statement that the “courts have spoken--companies cannot abuse copyright laws to create electronic monopolies and take advantage of the citizens of this great country.” The case has gotten a lot of attention because it’s one of the first to test the limits of the DMCA, which Congress enacted in 1998 to limit Internet piracy. Under section 1201 of the DMCA, it is generally unlawful to circumvent technology that restricts access to a copyrighted work or sell a device that can do so. In court documents, Lexmark has claimed the Smartek chip mimics a technology used by Lexmark chips and unlawfully tricks the printer into accepting an aftermarket cartridge. That “circumvents the technological measure that controls access” to Lexmark’s software, the complaint said. But Congress also included exemptions in the DMCA explicitly permitting activities such as law-enforcement activities, encryption research, security testing and interoperability. Static Control has seized on the last exemption, which permits reverse-engineering “for the purpose of enabling interoperability of an independently created computer program with other programs” and says its creation of the Smartek chip is also protected by traditional fair use rights enshrined in U.S. copyright law. and

BUSH WEB SITE BARS OVERSEAS VISITORS (Washington Post, 27 Oct 2004) -- The Bush-Cheney reelection campaign has barred people outside the United States from viewing its Web site. Since midnight on Monday, no one outside the United States except people in Canada could see the site, said Rich Miller, a security analyst for Netcraft, a Web site monitoring firm in Bath, England. Internet users from other countries instead see a white page featuring the message: “Access denied: You don’t have permission to access on this server.” The move happened one week after the Bush-Cheney and Republican National Committee sites were unavailable for almost six hours. It is not unusual for Web sites to block e-mail and browser traffic from individual Internet addresses and from certain countries notorious for churning out online fraud scams and junk e-mail, but security experts said the Bush-Cheney campaign’s move is probably unprecedented. “I’ve never heard of a site wholesale blocking access from the rest of the world,” said Johannes Ullrich, chief technology officer for the SANS Internet Storm Center, which monitors hacker trends. “I guess they decided it just wasn’t worth the trouble to leave it open to foreign visitors.” Jonah Seiger, founding partner of Connections Media, a Washington campaign consultancy that works with Democratic candidates, said that it did not make sense for the Bush-Cheney campaign to “consciously block access to anybody.” “Maybe the next thing they’ll try is to block Democrats and people in blue states from coming to the site,” Seiger said.


CUT THE CORDS WITH A WI-FI NETWORK (CNET, 1 Oct 2004) – An excellent “how-to” guide for setting up a home wireless network --

[Editor: With this MIRLN issue I am leaving Schlumberger to operate a knowledge management consulting business I’ve formed with colleagues from BP. We’re helping corporate and government legal departments with technology and techniques to capture and distribute their lawyers’ expertise. There’s more information at I will continue to publish MIRLN on its normal schedule.]

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School,
2. Edupage,
3. SANS Newsbites,
4. NewsScan and Innovation,
5. Internet Law & Policy Forum,
6. BNA’s Internet Law News,
7. The Ifra Trend Report,
8. Crypto-Gram,
9. David Evan’s “Internet and Computer News”,
10. Readers’ submissions, and the editor’s discoveries.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.

No comments: