Sunday, November 21, 2004

MIRLN -- Misc. IT Related Legal News [1-22 November 2004; v7.14]

HOW TO BE AN (INFO) PEEPING TOM (CNN, 25 Oct 2004) -- Just how much do you really know about your neighbor? Sure, the guy next door drives a five-year-old Honda and only waters his lawn on Sundays, but wouldn’t you like to know how much he paid for his house? Curious as to why you never see his wife anymore, or if she is still his Mrs.? “As scary and creepy as it is that you have access to this information, it is public record,” says Don MacLeod, editor-in-chief for Internet Law Researcher and reference librarian for law firm Cadawalder, Wickersham & Taft. “It isn’t something someone created on his own.” Spying on your neighbor is hardly the next best thing to bringing over milk and cookies. But from the price of a house to a person’s age, nosy neighbors have an ever increasing number of tools at their disposal. In this election season, perhaps you want to know more about someone’s political leanings? The Federal Election Commission’s Web site,, lists contributions of $200 or more dating back to 1997. Also, the Web site for the Center for Responsive Politics,, lists donor contributions from as early as 1989. You can even find out if he registered to vote by visiting your county’s board of elections office. Some even post the information on their Web sites. Same goes for home prices and property tax information. It’s public information, and many counties are making this available online through their county clerk or assessor’s office. * * *

FILE SHARERS WIN MORE PROTECTION (Wired, 28 Oct 2004) – Alleged file sharers must be given a notice explaining their legal rights before their internet service provider hands over any personal information to the music labels, a Pennsylvania judge ruled, making it still harder for the music industry to use the courts to intimidate people suspected of piracy. Privacy advocates called the Oct. 12 order by U.S. District Judge Cynthia Rufe a positive step in protecting the privacy and due process rights of accused copyright infringers. The Recording Industry Association of America has filed thousands of so-called “John Doe” lawsuits, where the industry’s trade association sues people based on their internet protocol addresses without knowing their names. The RIAA must first obtain an order from a judge to subpoena the internet service providers for the name of the defendant. With Rufe’s order, now ISPs in the Eastern District of Pennsylvania must provide a detailed notice to their customer advising them of their rights, before they hand over their customers’ names to the music companies’ lawyers. “It’s another step in the evolution of protections for people who are accused by the record labels of file sharing, but may have a defense and may want to protect their anonymity,” said Wendy Seltzer, an attorney with the Electronic Frontier Foundation, an organization that filed a friend-of-the-court brief in the case. “It puts some procedural safeguards into the process.” “We have always encouraged ISPs to inform their subscribers of pending subpoenas. This action by the court is consistent with that,” Jonathan Lamy, a spokesman for the RIAA, wrote in an e-mail.,1412,65516,00.html

INFORMATION SECURITY: HOW LIABLE SHOULD VENDORS BE? (ComputerWorld, 28 Oct 2004; opinion by Bruce Schneier) -- Information insecurity is costing us billions. We pay for it in theft: information theft, financial theft. We pay for it in productivity loss, both when networks stop working and in the dozens of minor security inconveniences we all have to endure. We pay for it when we have to buy security products and services to reduce those other two losses. We pay for security, year after year. The problem is that all the money we spend isn’t fixing the problem. We’re paying, but we still end up with insecurities. The problem is insecure software. It’s bad design, poorly implemented features, inadequate testing and security vulnerabilities from software bugs. The money we spend on security is to deal with the effects of insecure software. And that’s the problem. We’re not paying to improve the security of the underlying software. We’re paying to deal with the problem rather than to fix it. The only way to fix this problem is for vendors to fix their software, and they won’t do it until it’s in their financial best interests to do so.,4814,96948,00.html

-- and --

PROTECTING INDUSTRIAL CONTROLS (FCW, 29 Oct 2004) -- About 500 academic, government and industry technical experts recently released a common set of cybersecurity requirements that could help the electrical power, oil and gas, and water industries, among other critical infrastructures and utilities, strengthen their computer-based systems. The draft document, “System Protection Profile (SPP) for Industrial Control Systems,” was issued by the Process Control Security Requirements Forum, which was formed by the National Institute of Standards and Technology in 2001. Although Version 1.0 of the requirements was completed more than six months ago, it was publicly announced earlier this month.

-- and --

FDIC OFFERS GUIDANCE FOR USING OPEN SOURCE SOFTWARE (BNA’s Internet Law News, 4 Nov 2004) -- The Federal Deposit Insurance Corp. has released guidance for banks on managing risks associated with the use of free and open source software as part of their overall information technology programs. Although open source software does not pose risks that are fundamentally different from the risks presented by the use of proprietary or self-developed software, the FDIC says, open source software may require banks to establish “unique risk management practices.” Guidance at

-- and --

OR, AS THEY SAID ON THE TITANIC, “INSURERS AND AUDITORS FIRST” (Steptoe & Johnson, E-Commerce Law Week, 6 Nov 2004) -- “Sauve qui peut.” While it sounds better in French than “every man for himself” sounds in English, the reality isn’t pretty in either language. Still, a pell-mell rush for the lifeboats seems to be the order of the day for the private sector as computer security continues to attract Congressional attention. Case in point: the Corporate Information Security Working Group (CISWG), which started meeting in 2003 under the guidance of Rep. Adam Putnam (R-FL) and his Government Reform Subcommittee on Technology. Phase I of CISWG brought together trade association representatives and academics to brainstorm a list of recommendations for the public and private sector to consider when evaluating and implementing cybersecurity plans. The mission of CISWG Phase II, it seems, has been to take those initial recommendations and turn them into public policy, perhaps even legislation, that will create metrics and incentives for increased computer security. The result may be a private sector recommendation that comes remarkably close to imposing new liability on the private sector for computer security failures.

UK COURT ASSERTS NET JURISDICTION OVER GOV. SCHWARZENEGGER (BNA’s Internet Law News, 2 Nov 2004) -- The UK Court, Queen’s Bench Division, has asserted jurisdiction over an Internet libel suit launched against California Governor Arnold Schwarzenegger. The suit arises from an article in the LA Times available online that discussed alleged sexual harassment. The court applied last month’s Lewis v. King decision in determining that an “internet publication takes place in any jurisdiction where the relevant words are read or downloaded.” Case name is Richardson v. Schwarzenegger.

AUTHORS GAIN CONTROVERSIAL ROYALTIES RIGHTS UNDER NEW BILL (World Copyright Law Report, 29 Oct 2004) -- The Mexican Congress has passed a bill amending the Copyright Act 1996 in order to grant additional rights to authors and holders of neighbouring rights (eg, artists and record producers). Among other things, the bill increases the copyright term to the life of the author plus 100 years - an increase of 25 years. Once this term has expired, the government has the power to collect fees in relation to the use of works that are no longer protected.

-- and --

ONE INTERNET, MANY COPYRIGHT LAWS (New York Times, 8 Nov 2004) -- Project Gutenberg, the volunteer effort to put the world’s literature online, may be the latest victim in the Internet battle over copyright. Earlier this year, the Australian affiliate of Project Gutenberg posted the 1936 novel “Gone With the Wind” on its Web site for downloading at no charge. Last week, after an e-mail message was sent to the site by the law firm representing the estate of the book’s author, Margaret Mitchell, the hyperlink to the text turned into a “Page Not Found” dead end. At issue is the date when “Gone With the Wind” enters the public domain. In the United States, under an extension of copyright law, “Gone With the Wind” will not enter the public domain until 2031, 95 years after its original publication. But in Australia, as in a handful of other places, the book was free of copyright restrictions in 1999, 50 years after Mitchell’s death. The case is one more example of the Internet’s inherent lack of respect for national borders or, from another view, the world’s lack of reckoning for the international nature of the Internet, and it is also an example of the already complicated range of copyright laws. The issue of national sovereignty over the Internet has not been firmly established, either by trade agreement or by court precedent, some legal experts say, and conflicts continue to be settled individually. But there are much bigger copyright battles looming as more material, including songs by Elvis Presley and the Beatles, approach public domain in countries around the world.

-- and --

OTTAWA’S COPYRIGHT PLANS WRONGHEADED, EXPERTS SAY (Globe & Mail, 11 Nov 2004) -- Ottawa is about to blunder in cyberspace, lawyers and academics warn. Last week, the standing committee on Canadian Heritage resubmitted its recommendations for updating the Copyright Act of 1998 and ratifying the World Intellectual Property Organization (WIPO) treaty. Copyright lawyers say that if the changes are made into law, you will not even be able to own your own wedding pictures or save a Web page without paying for it. Among other things, the committee proposes that photographers keep the rights to their work and surfers would have to pay a levy for material even if was offered free of charge. Copyright holders could also shut down websites that they claim -- even erroneously -- are violating copyright, putting the burden of proof on the website charged. Michael Geist, who holds the Canada Research chair in Internet and e-commerce law at the University of Ottawa, and Howard Knopf, a Canadian copyright lawyer and director for the Center for Intellectual Property at the John Marshall Law School in Chicago, have sharply condemned the proposals. Mr. Geist blames “an amazing lobby job” by the recording industry, and Mr. Knopf calls it a “travesty [and] an exercise in hyperbole.” The committee’s premise is that all work on the Internet is someone’s property. You can read it or listen to it, but unless there is an explicit legal notice saying the material can be used, you would not be permitted to save a copy to disk or print it out without paying a copyright collective such as Access Copyright. “This last part is crucial,” says Laura Murray, a Queen’s University English professor who maintains a website called “It means that the bulk of sites used in educational settings -- resources designed by museums, libraries, universities, experts of various kinds -- that are intended for educational uses may be levied,” with a government agency automatically charging for the content. “It will be very difficult to communicate to the thousands of sites outside of Canada that are commonly used by Canadian students and educators (the Library of Congress, the British Library) that they must put such explicit notices on their sites,” she adds. “This is perverse.”

EBAY BUYERS CAN RETURN GOODS, GERMANY’S HIGHEST COURT RULES (Bloomberg, 3 Nov 2004) -- EBay Inc., the world’s largest Internet auctioneer, isn’t exempt from consumer protection rules that allow customers to return goods without a reason, Germany’s highest civil court ruled. The Federal Court of Justice in Karlsruhe said EBay doesn’t meet the definition of an auction under German law, meaning that buyers of goods from professional sellers on the system don’t have to have a reason in order to get a refund. German law excludes auctions from some rules on reversing purchases. and

E-VOTE VENDORS HAND OVER SOFTWARE (Wired, 26 Oct 2004) -- In an effort to increase the integrity of next week’s presidential election, five voting machine makers agreed for the first time to submit their software programs to the National Software Reference Library for safekeeping, federal officials said on Tuesday. The companies include Election Systems and Software, Diebold Election Systems, Sequoia Voting Systems and Hart InterCivic. The stored software [which does not include source code] will serve as a comparison tool for election officials should they need to determine whether anyone tampered with programs installed on voting equipment. The National Software Reference Library is part of an election security initiative launched by the U.S. Election Assistance Commission, a new federal entity that Congress created after the Florida 2000 election problems. The EAC is the first federal entity established to improve the integrity and efficiency of elections. The National Institute of Standards and Technology -- the agency that sets official measurements and defines standards for all kinds of commercial products -- will maintain the voting software library. NIST already manages a library of other types of software, like the Windows 2000 operating system, to help law enforcement investigate crimes involving computers. If questions about the veracity of a voting system arise after the election, computer forensic experts will be able to compare the software used on machines with the software in the NIST library to see if the software was altered. They can do this by comparing cryptographic hash files, which are digital fingerprints that identify the integrity of software.,1294,65490,00.html

-- and --

COMPUTER SCIENTISTS CAUTIOUS OF E-VOTING (AP, 4 Nov 2004) -- After only scattered problems in electronic voting’s biggest day ever in the United States, with roughly 40 million people casting digital ballots, voting equipment company executives crowed. To them, the relatively smooth election was a vindication of paperless touch-screen systems. For more than a year, computer scientists and voting rights advocates had vigorously assailed the nation’s 175,000 touch-screen machines as insecure and unreliable, prone to software bugs, hackers and hardware failures. Some naysayers had even predicted worst-case scenarios in which the ATM-like computers deleted or altered votes, machines overheated and crashed under record turnout. But that’s not to say electronic voting was trouble-free. On Tuesday, poll workers in New Orleans had numerous problems operating the equipment. On Election Day and during early voting, several dozen voters in six states reported difficulty selecting candidates, apparently due to miscalibration. Tuesday’s vote was not marred, however, by the problems that plagued primaries earlier this year — power outages, missing memory cartridges, machines that displayed the wrong ballots and suspicious delays in reporting results. “It was a very positive day for the American voting system generally and for electronic voting machines particularly,” said Harris Miller, president of the industry trade group Information Technology Association of America, which represents voting equipment companies. “The machines performed beautifully ... Instead of theories about catastrophes, the simple reality is that the machines produce accurate results and the voters love them.” Computer scientists reserved judgment. Many acknowledged that the hardware performed well. But software errors may have changed results, they said. The vast majority of touch screens in the United States do not produce paper records. And that means, critics say, that the machines could alter or delete ballots without anyone noticing. “What has most concerned scientists are problems that are not observable, so the fact that no major problems were observed says nothing about the system,” said David Jefferson, a computer scientist at Lawrence Livermore National Laboratory in California. “The fact that we had a relatively smooth election yesterday does not change at all the vulnerability these systems have to fraud or bugs.”

-- and --

MORE E-VOTING GLITCHES SURFACE (CNET, 5 Nov 2004) -- A transmission error in the battleground state of Ohio gave President George W. Bush almost 4,000 phantom votes in the preliminary results posted online, the Secretary of State’s office in Ohio acknowledged on Friday. The error would not have escaped detection during the certification process that validates the election results and does not even come close to changing the outcome, said Carlo LoParo, director of media and voter services for the Ohio Secretary of State’s office. Scrutiny of the unofficial results posted to the Board of Elections Web site in Franklin County uncovered that Bush had received 3,893 extra votes. Bush’s preliminary total is actually 365, the Associated Press stated. The document summarizing the unofficial tallies could no longer be accessed via the Web site late Friday. LoParo referred questions about the particular incident to Franklin County, where the error occurred. Representatives of the Board of Elections for that county did not return numerous phone calls seeking comment. The mistake is one of the latest minor errors that have marred the performance of electronic voting machines during an election that was heavily scrutinized. A county in North Carolina lost more than 4,500 votes because officials had thought the memory that stored ballots electronically could hold more data than it did, stated a report by the Associated Press.

-- and --

BLOGGERS SAID TO BLAME FOR BAD POLL INFO (, 4 Nov 2004) -- News organizations promised Wednesday to look into why their Election Day exit polls showed an initial surge for John Kerry, but also blamed bloggers for spreading news that gave a misleading view of the presidential race. The exit poll data was delivered at several points Tuesday to ABC, CBS, NBC, CNN, Fox News Channel and The Associated Press by the National Election Pool, a company formed in the wake of the networks’ blown calls on election night 2000. The first wave showed Kerry with a lead of three percentage points in Florida and four points in Ohio _ both battleground states won by President Bush when the votes were actually counted, giving the president his margin of victory. ``Once one part of it is in question and is wrong, it kind of puts the whole thing in question,” said Marty Ryan, Fox News Channel’s executive producer for political coverage. ``It was disappointing. ... During the primary season, it worked very well for us, we were happy with it. But that was not good last night.” Other network representatives said their confidence in NEP remained unshaken. The Florida and Ohio exit poll results, along with those in other states were Kerry was strong, was quickly disseminated on Web sites such as Slate, the Drudge Report,, and Command Post. Some of these sites cautioned readers not to make too much of the information. The Command Post delivered the news under the headline ``Grain of Salt.” Drudge removed the numbers almost as quickly as they were posted. And Slate warned: ``these early exit poll numbers do not divine the name of the winner.” But the people who read these numbers _ among them, thousands of ordinary Americans with an intense interest in the election _ put too much faith into them and leaped to conclusions, said Bill Schneider, CNN’s polling expert. ``I think people believed them, and it’s particularly the case with Internet bloggers,” said Kathy Frankovic, CBS News’ polling director. ``That’s unfortunate because it sets up expectations that may or may not be met. I think it’s a good exercise because it reminded people that early exit polls can be unreliable.”

-- and --

RESEARCHERS: FLORIDA VOTE FISHY (Wired, 18 Nov 2004) -- Electronic voting machines in Florida may have awarded George W. Bush up to 260,000 more votes than he should have received, according to statistical analysis conducted by University of California, Berkeley graduate students and a professor, who released a study on Thursday. The researchers likened their report to a beeping smoke alarm and called on Florida officials to examine the data and the voting systems in counties that used touch-screen voting machines to provide an explanation for the anomalies. The researchers examined the same numbers and variables in Ohio, but found no discrepancies there.,2645,65757,00.html Report at

NORTH CAROLINA MAN SENTENCED TO 9 YEARS FOR SPAM (CNET, 3 Nov 2004) -- A North Carolina man was sentenced to nine years in prison for sending hundreds of thousands of unwanted e-mail messages, Virginia prosecutors said Wednesday. Jeremy Jaynes of Raleigh was found guilty under a Virginia state law that sets limits on the number of e-mails marketers can send in a given time period and prohibits them from using fake e-mail addresses, Virginia Attorney General Jerry Kilgore said.

-- and, in another first sentence case --

FIRST SENTENCE FOR VIOLATING HIPAA (New York Times, 7 Nov 2004) -- Lying in a hospital bed, gravely ill from leukemia and weakened by chemotherapy, Eric Drew began to get mail thanking him for opening credit accounts he knew nothing about. After a maddening six months of calling the companies, the police, journalists and collection agencies, Mr. Drew discovered that a technician at the Seattle Cancer Care Alliance, where he received the first of two bone marrow transplants last fall, had stolen his identity. On Friday, the technician, Richard W. Gibson, 42, was sentenced to 16 months in prison, becoming the first person sentenced under a new federal law designed to protect patients’ privacy, federal prosecutors said. The sentence was four months longer than prosecutors requested.

WTO SAYS UNITED STATES SHOULD DROP BAN ON OFFSHORE INTERNET GAMBLING (, 10 Nov 2004) -- In a ruling that could open the United States to offshore Internet gambling, a World Trade Organization panel Wednesday said Washington should drop prohibitions on Americans placing bets in online casinos. In its final 287-page report, the WTO panel confirmed the preliminary ruling it issued in March in a dispute pitting the United States against the tiny Caribbean nation of Antigua and Barbuda, saying the ban represented an unfair trade barrier. U.S. diplomats in Geneva said they would contest the ruling before the WTO’s seven-member appeals body. Antigua filed a case before the WTO last year. It contended that U.S. restrictions on Internet gambling violated trade commitments the United States has made as a member of the 148-nation WTO. U.S. trade officials disagreed, saying that negotiators involved in the Uruguay Round of global trade talks, which created the WTO in 1995, clearly intended to exclude gambling. Decision at

FBI PURSUING MORE CYBER-CRIME CASES (Washington Post, 4 Nov 2004) -- A former technology company executive charged with hiring hackers to attack a competitor’s Web site has joined the FBI’s most-wanted list, the latest sign of the federal law enforcement agency’s growing interest in cyber-crime.

-- and --

NATIONS USE NET TO SPY, PLOT ATTACKS EX-BUSH AIDE (Reuters, 5 Nov 2004) -- The world’s most advanced military powers are using the Internet to spy on their enemies and prepare digital attacks against rogue targets, a leading cyber security expert said on Friday. “When there’s a major cyber incident it’s very difficult to prove most of the time who did it,” said Richard Clarke, former White House adviser on national security and cyber threats. “There are incidents, I think, where governments are involved, doing either reconnaissance or testing out concepts, probing for weaknesses.” Clarke said he suspects Russia and China are the most pervasive users of Internet for intelligence-gathering on suspected enemy states and plotting ways to use the information for military purposes. Law enforcement officials believe organized crime is behind much of the new so-called “spyware” that emerges on the Internet daily. The programs have proved adept at conning consumers out of money or stealing their banking details and major companies have been hit as well. “Organized hacking is mainly done for economic purposes,” said Ira Winkler, a former network security specialist for America’s National Security Agency. He added some governments are also interested in using the medium to steal a march on their economic rivals, as the Internet has proved to be one of the best resources for corporate espionage. For that reason, security experts have begun to warn the world’s most visible multi-national conglomerates to shore up their networks defenses against cyber snooping -- with mixed results.

U.K. SOFTWARE PIRACY WHISTLE-BLOWERS GET BIGGER REWARDS (CNET, 5 Nov 2004) -- The Business Software Alliance is doubling the maximum reward it will pay to individuals who report companies that are using pirated software. The BSA--a trade group supported by Microsoft, Adobe Systems and other major software makers to enforce software licenses and copyrights--announced on Friday that it is raising the ceiling on payments to U.K. whistle-blowers to $37,000 (20,000 pounds) for reports received during November and December this year. Under the BSA’s rules, someone who reports that a company is using illegal software--such as counterfeit or unlicensed programs--will receive a reward of 10 percent of the face value of the software recovered. Previously, this payment was capped at $18,500. The BSA is hoping that this offer of a larger maximum reward will force companies which are using illegal software to address the issue.

MOST THIRD WORLD E-GOVT PROJECTS FAIL: WORLD BANK (The Age, 8 Nov 2004) -- Eighty-five percent of e-government projects in developing countries fail either partially or fully, a World Bank official says. “It is estimated approximately 35 percent of e-government projects in developing countries are total failures and approximately 50 percent are partial failures,” Robert Schware, World Bank lead informatics specialist, said on Friday. E-government refers to the use of information and communications technologies to improve the efficiency, effectiveness, transparency and accountability of government. The World Bank funds many e-government projects worldwide such as developing e-trade facilitation systems, e-procurement pilots and one-stop government gateways. “Only some 15 percent can be fully seen as success. There are equal numbers of very sad statistics about the number of failed implementations in the US and Europe,” Schware told delegates at a seminar on e-government. In India half of the ongoing 200 e-governance projects were bound to fail, he said. “By failure I mean the inability to deliver government services that provide benefit to citizens or business.”

STATES, NBA, MLB JOIN ENTERTAINMENT CASE AGAINST FILE-SHARING (, 8 Nov 2004) -- A disparate group made up of dozens of state attorneys general, labor unions, retailers, professional sports leagues and others urged the U.S. Supreme Court on Monday to hear a claim brought by the recording and film industries against two Internet file-sharing firms. In several legal briefs filed with the court, the petitioners stressed the justices should take the entertainment companies’ case and finally resolve conflicting lower court rulings on file-sharing, said Steven Marks, general counsel for the Recording Industry Association of America. The filings are designed to support a petition made last month by a coalition of major recording companies and Hollywood movie studios who asked the court to reverse lower court decisions clearing Grokster Ltd. and StreamCast Networks Inc. of liability for their customers’ online swapping of movies and music.

-- and --

MUSIC PIRACY ‘DOES HIT CD SALES’ (BBC, 9 Nov 2004) – Record sales in the US have fallen because of people using the internet to download albums, a study suggests. The report, for the country’s National Bureau of Economic Research, studied the habits of 412 students. It said the US music industry lost one fifth of a sale for each album downloaded from the internet. The study contradicts a previous report, conducted in 2002, which said swapping songs online had no negative effect on music sales. That report, by Harvard and North Carolina universities, said high levels of file-swapping had an effect that was “indistinguishable from zero”. Other research quoted by the IFPI global music industry body has estimated some 15% of users who download music illegally go on to spend more on music. But the IFPI added that for every one person who uses file-sharing networks to sample music, a further two will cut back on their purchasing, or stop buying music altogether. The report, Piracy on the High Cs, was compiled by University of Pennsylvania professors Rafael Rob and Joel Waldfogel.

FCC ASSERTS ROLE AS INTERNET PHONE REGULATOR (Washington Post, 10 Nov 2004) -- The Federal Communications Commission said yesterday that the federal government, not states, has the authority to regulate phone service provided over the Internet. The unanimous ruling in a case involving Vonage Holdings Corp. was a victory for companies offering local and long-distance phone service over high-speed Internet connections. It was a defeat for state utilities regulators who sought to subject the new Internet services to many of the fees and regulations they have long applied to traditional phone providers. Companies providing Internet phone service said they had been reluctant to expand into more states until it was clear whether they would face state-by-state regulation and whether their consumers would have to pay state fees. But the FCC’s unanimous decision did not resolve the broader question of whether Internet phone services will be treated as information services or as traditional phone providers. As traditional providers, they could be required to contribute to federal universal service programs that subsidize phone service in poor and rural areas, and they could have to pay whenever they connected with the networks owned by traditional phone providers to complete calls.
Release at

ECJ SCALES BACK SCOPE OF DATABASE RIGHTS (BNA’s Internet Law News, 10 Nov 2004) -- The European Court of Justice has released four decisions that address the scope of the EU database rights. The decisions focus on the need for a substantial investment in the database, concluding that the definition of ‘substantial investment’ which gives rise to protection for the maker of a database against unauthorized acts of copying and distribution to the public covers only the work involved in seeking, collecting, verifying and presenting existing materials and not the resources used to create the materials which make up the database. Release at

DHS’s NDA FOR “SENSITIVE BUT UNCLASSIFIED INFORMATION” (Federation of American Scientists, Nov 2004) – Covers information that could “adversely affect the national interest of the conduct of Federal programs”. NDA at

UNITED NATIONS ESTABLISHES WORKING GROUP ON INTERNET GOVERNANCE (United Nations, 11 Nov 2004) -- Secretary-General Kofi Annan announced today the establishment of the Working Group on Internet Governance. The Working Group will prepare the ground for a decision on this issue by the second phase of the World Summit on the Information Society, to be held in Tunis in November 2005. The Secretary-General was requested to establish a working group on Internet governance by the first phase of the World Summit on the Information Society held in Geneva in December 2003. The task of this Working Group is to organize an open dialogue on Internet Governance, among all stakeholders, and to bring recommendations on this subject to the second phase of the Summit. The two documents adopted by the Geneva Summit -- the Declaration of Principles and the Plan of Action -- asked the Working Group “to investigate and make proposals for action, as appropriate, on the governance of the Internet by 2005”. The Group was requested to: -- Develop a working definition of Internet governance; -- Identify the public policy issues that are relevant to Internet governance; and -- Develop a common understanding of the respective roles and responsibilities of governments, international organizations and other forums, as well as the private sector and civil society from both developing and developed countries. The Working Group on Internet Governance will be chaired by Nitin Desai, Special Adviser to the Secretary-General for the World Summit. It includes 40 members from governments, private sector and civil society, representing all regions (see the list below). [Editor: Ayesha Hassan of the ICC/Paris is one of the Working Group members.]

-- and --

NO ROLE FOR UN IN ICANN (, 16 Nov 2004) -- The global domain name governing body has warned off the UN, saying it will operate as a private organisation when its agreement with the US Department of Commerce expires in 2006. The Internet Corporation for Assigned Names and Numbers is responsible for managing the domain name and internet protocol address system, and operates under an agreement with the US Commerce Department. ICANN chief executive Paul Twomey, an Australian, said the organisation would cut its ties with the department when the agreement expired in 2006, and ICANN would not be under the authority of any international organisation.,4057,11393890%255E15318,00.html

EVEN DIGITAL MEMORIES CAN FADE (New York Times, 10 Nov 2004) -- The nation’s 115 million home computers are brimming over with personal treasures - millions of photographs, music of every genre, college papers, the great American novel and, of course, mountains of e-mail messages. Yet no one has figured out how to preserve these electronic materials for the next decade, much less for the ages. Like junk e-mail, the problem of digital archiving, which seems straightforward, confounds even the experts. “To save a digital file for, let’s say, a hundred years is going to take a lot of work,” said Peter Hite, president of Media Management Services, a consulting firm in Houston. “Whereas to take a traditional photograph and just put it in a shoe box doesn’t take any work.” Already, half of all photographs are taken by digital cameras, with most of the shots never leaving a personal computer’s hard drive. So dire and complex is the challenge of digital preservation in general that the Library of Congress has spent the last several years forming committees and issuing reports on the state of the nation’s preparedness for digital preservation. Peter Schwartz, chairman of the Global Business Network, which specializes in long-range planning, says that a decade or two from now, the museum approach might be the most feasible answer. “As long as you keep your data files somewhat readable you’ll be able to go to the equivalent of Kinko’s where they’ll have every ancient computer available,” said Mr. Schwartz, whose company has worked with the Library of Congress on its preservation efforts.

E-MAIL AUTHENTICATION: COST, STANDARDS REMAIN PROBLEMS (InfoWorld, 10 Nov 2004) -- E-mail authentication can help fight the growing spam e-mail problem, but vendors need to come up with a single, open standard to avoid confusion and crippling costs for small ISPs (Internet service providers), participants in a U.S. government summit said. The security of the DNS, on which some leading e-mail authentication proposals are built, was also called into question at the conference, hosted by the U.S. Federal Trade Commission (FTC) and the National Institute of Standards and Technology (NIST). Holes in the DNS, which translates numeric addresses into readable Internet domain names, could allow spammers to enter false authentication information, said Scott Chasin, chief technology officer of MX Logic Inc., an e-mail filtering company. “I believe the fragile nature of DNS will affect those trying to thwart e-mail authentication schemes,” Chasin said. MX Logic supports efforts to create e-mail authentication, but Chasin also called for the widespread adoption of DNS Security Extensions (DNSSEC), a security project that’s been in the works for a decade, and is now being approved by the Internet Engineering Task Force (IETF). “(Authentication) is not a cure-all for spam,” he added in an interview. “It is not a cure-all for phishing.” Participants in the summit seemed divided about the potential of e-mail authentication that would establish DNS rules to allow e-mail recipients to receive e-mail only from trusted senders. Such authentication schemes would be based on a reputation system, similar to so-called white lists, in which e-mail from certain domains, such as or, would be cleared as legitimate e-mail. There could be multiple reputation systems run by multiple companies or organizations. Elizabeth Bowles, president of the 40,000-subscriber ISP Aristotle.Net Inc., raised concerns about at least six e-mail authentication proposals moving forward, including Sender ID, advanced by Microsoft Corp., and Sender Permitted From (SPF), being used by America Online Inc. Small ISPs can’t afford to configure their e-mail to comply with a variety of authentication standards, she said. Bowles and others who had concerns about e-mail authentication noted that various proposals require ISPs and Internet domain owners to publish different types of DNS records to comply with authentication standards. “We can’t have AOL implementing one system, and Microsoft implementing another, and everyone having to comply with a bunch of different standards,” said Bowles. “It has to be unified.” E-mail authentication standards should be easy to implement and the solutions should be easy to tailor to an ISP’s needs, she added. “I don’t think it can have a part of it that’s proprietary, that would require us to basically get a license for a piece of software that we couldn’t subsequently modify or improve,” she said. “If it is proprietary, at least it needs to be open, and it needs to be a flexible system.” Despite these concerns, others at the summit said e-mail authentication represents the best hope for senders who want to distinguish their e-mail from spam. A recent study conducted by Return Path Inc., an e-mail services provider, found that 18 percent of legitimate e-mail was blocked by the top 10 ISPs, said J. Trevor Hughes, executive director of the Email Service Provider Coalition, which represents 52 companies. An e-mail authentication standard could solve some of those problems, he said.

-- and --

YAHOO TAKES ON SPAM, BOOSTS E-MAIL STORAGE (CNET, 15 Nov 2004) -- Yahoo on Monday said it has begun attaching antispam technology to all of its outgoing e-mails, hoping that other providers will follow suit. Messages from its free e-mail service will include a “DomainKey,” a system that creates a digital signature for outgoing e-mail and then lets receivers verify that the message comes from where it claims. The technology tries to thwart spam “phishing” attacks in which messages pretend to originate from a familiar address and then launch viruses or social engineering hacks when opened. The changes won’t be noticeable to the Yahoo Mail user, since DomainKeys are resolved in Yahoo’s servers and network infrastructure.

CHINESE ELECTRONIC SIGNATURE STANDARDS RELEASED (, 11 Nov 2004) -- An electronic signature safety seal, jointly developed by the China E-commerce Association and the Material Evidence Validation Center of the Ministry of Public Security, was formally launched this week. The new system consists of two parts: e-seal and an e-signature. The system encrypts Chinese business seals and prints according to the embedded standards while binding them with a digital certificate issued by the relevant departments. Then the system combines them in a key whose code is authorized by the State Password Office. The e-seal and e-signature can be used so long as the key is connected with a computer. Currently, China International Travel Service, China International Economic Consulting Company, and Shanghai Zhongtai Industry Company have adopted the system to sign contracts with overseas businesses. The system is believed to be the first step towards realization of the e-signature law which will be implemented starting April 1, 2005.

EPA BACKS NANOMATERIAL SAFETY RESEARCH (Washington Post, 12 Nov 2004) -- The Environmental Protection Agency has awarded $4 million in grants to study the health and environmental risks posed by manufactured nanomaterials -- the new and invisibly tiny materials that are revolutionizing many industries but whose effects on living things remain largely unknown. The grants to a dozen universities mark the first significant federal effort to assess the biological and medical implications of nanotechnology, a burgeoning field of science that is expected to become a trillion-dollar industry within the next decade. Measuring three-billionths of an inch or less, [nanotech products] are small enough to enter the lungs and perhaps even be absorbed through the skin. Experiments in animals have shown that once in the body, they can travel to the brain and other organs. Several experiments are already underway that involve deliberately spreading nanomaterials in the environment despite some studies suggesting they can accumulate in the food chain and kill ecologically important microorganisms. With hundreds of tons of nanomaterials already being made in U.S. labs and factories every year -- and the release this year of several cautionary reports from European scientific organizations and insurance companies -- activists have become more vocal in their demands for safety studies. The 12 new EPA grants, to be announced today by Paul Gilman, the agency’s assistant administrator for research and development, aim to address some of those concerns. “This emerging field has the potential to transform environmental protection, but at the same time we must understand whether nanomaterials in the environment can have an adverse impact,” Gilman said in prepared remarks released last night.

WHAT WAL-MART KNOWS ABOUT CUSTOMERS’ HABITS (New York Times, 14 Nov 2004) – [Editor: Long and interesting story. Excerpts follow.] Hurricane Frances was on its way, barreling across the Caribbean, threatening a direct hit on Florida’s Atlantic coast. Residents made for higher ground, but far away, in Bentonville, Ark., executives at Wal-Mart Stores decided that the situation offered a great opportunity for one of their newest data-driven weapons, something that the company calls predictive technology. A week ahead of the storm’s landfall, Linda M. Dillman, Wal-Mart’s chief information officer, pressed her staff to come up with forecasts based on what had happened when Hurricane Charley struck several weeks earlier. Backed by the trillions of bytes’ worth of shopper history that is stored in Wal-Mart’s computer network, she felt that the company could “start predicting what’s going to happen, instead of waiting for it to happen,” as she put it. The experts mined the data and found that the stores would indeed need certain products - and not just the usual flashlights. “We didn’t know in the past that strawberry Pop-Tarts increase in sales, like seven times their normal sales rate, ahead of a hurricane,” Ms. Dillman said in a recent interview. “And the pre-hurricane top-selling item was beer.” Thanks to those insights, trucks filled with toaster pastries and six-packs were soon speeding down Interstate 95 toward Wal-Marts in the path of Frances. Most of the products that were stocked for the storm sold quickly, the company said. Such knowledge, Wal-Mart has learned, is not only power. It is profit, too. With 3,600 stores in the United States and roughly 100 million customers walking through the doors each week, Wal-Mart has access to information about a broad slice of America - from individual Social Security and driver’s license numbers to geographic proclivities for Mallomars, or lipsticks, or jugs of antifreeze. The data are gathered item by item at the checkout aisle, then recorded, mapped and updated by store, by state, by region. By its own count, Wal-Mart has 460 terabytes of data stored on Teradata mainframes, made by NCR, at its Bentonville headquarters. To put that in perspective, the Internet has less than half as much data, according to experts. Information about products, and often about customers, is most often obtained at checkout scanners. Wireless hand-held units, operated by clerks and managers, gather more inventory data. In most cases, such detail is stored for indefinite lengths of time. Sometimes it is divided into categories or mapped across computer models, and it is increasingly being used to answer discount retailing’s rabbinical questions, like how many cashiers are needed during certain hours at a particular store. [snip] Wal-Mart is also driving manufacturers to invest in radio frequency identification. By next October, the company will require its biggest suppliers to tag shipments to some of its distribution centers with tiny transmitters that would eventually let Wal-Mart track every item that it sells. With so much data at Wal-Mart’s corporate fingertips, what are the risks to consumers? Most have no clue that their habits are monitored to such an extent. There are no signs - like the ones for Wal-Mart’s anti-shoplifting cameras - advising customers that information is being collected and stored. And there is no giveback: Wal-Mart doesn’t use loyalty cards and rarely offers promotions based on past purchases. It is aware, however, that shoppers are concerned about privacy. On its Web site, Wal-Mart posts a privacy policy that states, in part: “We take reasonable steps to protect your personal information. We maintain reasonable physical, technical and procedural measures to limit access to personal information to authorized individuals with appropriate purposes.” [snip] Eventually, some experts say, Wal-Mart will use its technology to institute what is called scan-based trading, in which manufacturers own each product until it is sold. “Wal-Mart will never take those products onto its books,” said Bruce Hudson, a retail analyst at the Meta Group, an information technology consulting firm in Stamford, Conn. “If you think of the impact of shedding $50 billion of inventory, that is huge.” The impact will probably be felt by suppliers, he added, but none are likely to complain. “You can see the pattern of Wal-Mart’s mandates, and as Wal-Mart grows in power, it is getting more dictatorial,” he said. “The suppliers shake their heads and say, ‘I don’t want to go this way, but they are so big.’ Wal-Mart lives in a world of supply and command, instead of a world of supply and demand.”

SBC TAPS MICROSOFT FOR TV SOFTWARE (CNET, 17 Nov 2004) -- SBC Communications, as part of its efforts to compete head-on with the cable industry for television subscribers, plans to announce on Wednesday that it will pay $400 million to Microsoft for software used to deliver TV programming over high-speed data lines. It would be a crucial move into unproven territory for SBC, which like the other regional telephone giants wants to grow by expanding beyond phone and Internet services and into entertainment. To do that, SBC expects to spend more than $4 billion during the next three years on its fiber-optic network in order to offer faster Internet connections capable of carrying digital video programming. The deal is also a milestone for Microsoft. The company has spent roughly $20 billion in the past decade trying to break into the television business, but it has little to show for that investment, industry analysts said. The 10-year agreement with SBC is Microsoft’s first commercial contract to help deliver programming to millions of homes. SBC plans to deploy Microsoft’s software to encode television programming before it is sent to subscribers and then decode the same programs on TV set-top boxes in customers’ homes. Most important, the software compresses digital signals so that video programs can be sent over high-speed data lines.

TOP RESEARCHERS ASK WEB USERS TO JOIN SCIENCE GRID (Reuters, 16 Nov 2004) -- IBM and top scientific research organizations are joining forces in a humanitarian effort to tap the unused power of millions of computers and help solve complex social problems. The World Community Grid will seek to tap the vast underutilized power of computers belonging to individuals and businesses worldwide and channel it into selected medical and environmental research programs. Volunteers will be asked to download a program to their computers that runs when the machine is idle and reaches out to request data to contribute to research projects. Organizers say the Grid can help unlock genetic codes that underlie diseases like AIDS and HIV, Alzheimer’s or cancer, improve forecasting of natural disasters and aid studies to protect the world’s food and water supply. The massive volunteer project will be unveiled Tuesday by Sam Palmisano, CEO of International Business Machines Corp. (IBM), the world’s largest computer company, along with United Nations officials, researchers from the Mayo Clinic, Oxford University and South Africa, and others. “This is not just a project for techno-geeks,” said Jonathan Eunice, an analyst with research firm Illuminata of Nashua, New Hampshire, who was briefed on the scope of the plan. The project is designed to handle up to 10 million participants, or more, if demand is greater, IBM said. Details can be found at

INTERNET ARCHIVE’S WEB PAGE SNAPSHOTS HELD ADMISSIBLE AS EVIDENCE (Stanford Law School, Nov. 2004) -- The Internet Archive (IA) is a non-profit effort to preserve Internet sites and other digital media and make them available online. IA’s spiders regularly crawl the World Wide Web, making copies of web pages and storing them permanently in an enormous digital archive. Using the “Wayback Machine”, one of the Archive’s popular services, users can input the address of a web page and call up a series of dated copies, allowing them to see what the page contained at the times it was accessed by the IA spider. Polska is the American provider of TV Polonia, a Polish-language television channel. According to its pleadings in the case, it had reached a deal with EchoStar, which operates the Dish Network satellite TV service, to provide TV Polonia to Dish Network. The contract included marketing rights, giving EchoStar the right to use Polska’s trademarks to sell subscriptions to its television service. The deal was scheduled to expire in stages: absent a renewal, EchoStar’s marketing rights would expire in April of 2001, and programming would stop a year afterwards. The deal was not renewed, and Polska alleges that EchoStar continued to use the “TV Polonia” name to market its satellite service after its rights to exploit that trademark had expired. EchoStar pointed out that Polska seemed to have no problem with advertisements stating that TV Polonia could be found on the Dish Network, since Polska had one on its own website after the expiration of marketing rights. EchoStar offered IA snapshots dated to various times in 2001 as proof of the past content of Polska’s website. As part of a series of motions in limine, Polska attempted to suppress the snapshots on the grounds of hearsay and unauthenticated source. Magistrate Judge Arlander Keys rejected Polska’s assertion of hearsay, holding that the archived copies were not themselves statements susceptible to hearsay exclusion, since they merely showed what Polska had previously posted on its site. He also noted that, since Polska was seeking to suppress evidence of its own previous statements, the snapshots would not be barred even if they were hearsay. Over Polska’s objection, Judge Keys accepted an affidavit from an Internet Archive employee as sufficient to authenticate the snapshots for admissibility.

GOOGLE UNVEILS SERVICE FOR ACADEMICS (, 18 Nov 2004) -- Google has unveiled a new search service designed specifically for scientists and academic researchers. Currently in beta release, Google Scholar allows users to search specifically for scholarly literature, including peer-reviewed papers, books, technical reports, theses, abstracts and preprints. The resource spans a wide variety of academic disciplines, and includes a large number of professional societies and publishers, according to Google. The search tool also finds scholarly articles that are scattered across the Web. Unique to the Scholar service is a way to handle search of academic citations. The tool automatically analyzes and extracts citations and presents them as separate results, even if the documents they refer to are not online. This gives academics and researchers the ability to peruse citations of older articles that appear only in books or print-only publications. Because the site is in beta, it is likely that other additions and changes will be made as scholars use the service. Google has requested that users send in suggestions, questions and comments. In its information pages, Google notes that additions to its index will be forthcoming, and urges authors to contact their publishers and scholarly societies to expand the available content.

PRIVACY LAW EXPERT RONALD L. PLESSER DIES (Washington Post, 21 Nov 2004) -- Ronald L. Plesser, 59, a leading authority on federal privacy law and information policy for the past three decades and a partner in the Washington office of the Piper Rudnick law firm, died of a heart attack Nov. 18 at Dulles International Airport. Mr. Plesser’s work on information policy helped set the evolving standards for privacy in an era of computer databases, new communication technologies and the Internet. He worked first with Ralph Nader’s Center for the Study of Responsive Law in the early 1970s, where he compiled a comprehensive catalogue of the shortcomings of the 1966 Freedom of Information Act. His work formed the basis for Congress’s 1974 overhaul of the statute, which made it easier for the public to gain access to government records. “He was without question one of the real pioneers in the privacy field,” said Marc Rotenberg of the Electronic Privacy Information Center, a public interest research center in Washington. Jerry Berman, president of the Center for Democracy and Technology, called Mr. Plesser “the expert at the table” who knew the law, the technology, the players and how to build consensus on privacy policies for cable subscribers, cell phone users and video renters. Mr. Plesser was past chairman of the Individual Rights and Responsibilities section of the American Bar Association. [Editor: A smart, engaging man. Our prayers go to Barbara and the family.]

CYBERTIMES NAVIGATOR (New York Times resource) -- Stymied by the Internet’s choices? The recently updated Navigator is used by the newsroom of The Times for forays into the Web.

Happy Thanksgiving to our American readers!

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School,
2. Edupage,
3. SANS Newsbites,
4. NewsScan and Innovation,
5. Internet Law & Policy Forum,
6. BNA’s Internet Law News,
7. The Ifra Trend Report,
8. Crypto-Gram,
9. David Evan’s “Internet and Computer News”,
10. Readers’ submissions, and the editor’s discoveries.

**************Introductory Note**********************

MIRLN (Misc. IT Related Legal News) is a free product of the American Bar Association’s Cyberspace Law Committee. Please feel free to distribute this message.

Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at (click on “Settings” beside Members-Only Listserve Discussion). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN editions are archived at and in the public materials section of the Cyberspace Committee’s collaboration space at

**************End of Introductory Note***************

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.