Friday, February 04, 2005

MIRLN -- Misc. IT Related Legal News [8 Jan – 5 Feb 2005; v8.02]

**************Introductory Note**********************

MIRLN (Misc. IT Related Legal News) is a free product of the American Bar Association’s Cyberspace Law Committee. Please feel free to distribute this message.

Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at (click on “Settings” beside Members-Only Listserve Discussion). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN editions are archived at and in the public materials section of the Cyberspace Committee’s collaboration space at

**************End of Introductory Note***************

**** PROGRAM ANNOUNCEMENT **** “IS CONSUMER PROTECTION AN ANACHRONISM IN THE INFORMATION ECONOMY?” – by the Shidler Center For Law, Commerce & Technology at the University of Washington School of Law, March 4, 2005. If technological advances make markets operate more efficiently and increases competition, then is consumer protection law even needed? If consumer protection law is supposed to correct market failures, and technology can correct them more effectively than laws and regulators, then perhaps it has become an anachronism and some of the consumer protection laws on the books today should be repealed. But if consumer protection law is supposed to insure that consumers are treated fairly and their wishes respected, and technology creates new opportunities for consumers to be cheated or mistreated by unethical merchants, then what might be needed is more consumer protection laws, not fewer. For information regarding the program and online registration please visit [Editor: Looks to be an excellent program; participants include Microsoft’s Tom Rubin, Berkeley’s Pam Samuleson, Washington’s Attorney General Rob McKenna, EPIC’s Chris Hoofnagle, OSU’s Peter Swire, and Cyberspace Committee members Jane Winn, Jean Braucher and Anita Ramasastry.]

**** NEWS ****
NEW YORK TIMES MULLS CHARGING WEB READERS (Reuters, 7 Jan 2005) -- The New York Times Co. is considering subscription fees to the online version of its flagship newspaper, which now is available for free, but it has no immediate plans to do so, the company said on Friday. One of the paper's biggest rivals, Dow Jones & Co. Inc.'s Wall Street Journal, charges for its online edition. A New York Times spokeswoman said the company is reviewing whether it should make any business changes to the online version but that no shifts were imminent. "We are reviewing the site to see whether or not there would be any areas where we should change the business model," said the spokeswoman, Catherine Mathis, adding: "This is not new. We've been discussing this for some time." According to the upcoming issue of BusinessWeek magazine, whose cover story focuses on The New York Times Co., an internal debate has been raging at the newspaper over whether its online edition, which had about 18.5 million unique monthly visitors as of November, should adopt a subscription fee. N.Y. Times publisher Arthur Sulzberger Jr. was quoted in the article as saying: "It gets to the issue of how comfortable are we training a generation of readers to get quality information for free. That is troubling." [Editor: If they go for-fee, I’ll drop them as a MIRLN source, as I did with the WSJ.]

"DATA MINING: AN OVERVIEW" (U.S. Congressional Research Service, 16 Dec 2004) -- Data mining is emerging as one of the key features of many homeland security initiatives. Often used as a means for detecting fraud, assessing risk, and product retailing, data mining involves the use of data analysis tools to discover previously unknown, valid patterns and relationships in large data sets. In the context of homeland security, data mining is often viewed as a potential means to identify terrorist activities, such as money transfers and communications, and to identify and track individual terrorists themselves, such as through travel and immigration records. While data mining represents a significant advance in the type of analytical tools currently available, there are limitations to its capability. One limitation is that although data mining can help reveal patterns and relationships, it does not tell the user the value or significance of these patterns. These types of determinations must be made by the user. A second limitation is that while data mining can identify connections between behaviors and/or variables, it does not necessarily identify a causal relationship. To be successful, data mining still requires skilled technical and analytical specialists who can structure the analysis and interpret the output that is created. Data mining is becoming increasingly common in both the private and public sectors. Industries such as banking, insurance, medicine, and retailing commonly use data mining to reduce costs, enhance research, and increase sales. In the public sector, data mining applications initially were used as a means to detect fraud and waste, but have grown to also be used for purposes such as measuring and improving program performance. However, some of the homeland security data mining applications represent a significant expansion in the quantity and scope of data to be analyzed. Two efforts that have attracted a higher level of congressional interest include the Terrorism Information Awareness (TIA) project (now-discontinued) and the Computer-Assisted Passenger Prescreening System II (CAPPS II) project (nowcanceled and replaced by Secure Flight). As with other aspects of data mining, while technological capabilities are important, there are other implementation and oversight issues that can influence the success of a project’s outcome. One issue is data quality, which refers to the accuracy and completeness of the data being analyzed. A second issue is the interoperability of the data mining software and databases being used by different agencies. A third issue is mission creep, or the use of data for purposes other than for which the data were originally collected. A fourth issue is privacy. Questions that may be considered include the degree to which government agencies should use and mix commercial data with government data, whether data sources are being used for purposes other than those for which they were originally designed, and possible application of the Privacy Act to these initiatives. It is anticipated that congressional oversight of data mining projects will grow as data mining efforts continue to evolve. This report will be updated as events warrant.

A&E, NATIONAL GEOGRAPHIC TO SEND TV OVER INTERNET (Reuters, 5 Jan 2005) -- Four cable television channels, including A&E and National Geographic (news - web sites), will use the Internet to broadcast programs in a deal with video-on-demand company Akimbo Systems, Akimbo said on Wednesday. The Biography Channel and the History Channel are also part of the announcements at the Consumer Electronics Show, the largest annual technology trade show in the United States. A major theme at the show this year is the proliferation of lower-priced, larger high-definition television screens, and companies like Akimbo are scrambling to carve out a niche providing content for those big screens. Privately held Akimbo sells a programming service and a television set-top box that uses high-speed Internet connections to gather and store TV shows. It can hold up to 200 hours of video. A&E, Biography Channel and History Channel -- all units of A&E Television Networks, a joint venture of broadcasters ABC and NBC and the Hearst Corp. -- will provide various shows like "American Justice," "Biography," "Growing Up Gotti" and "Dog the Bounty Hunter" to Akimbo. National Geographic will serve up films from programs from its library and films like "Inside the Pentagon (news - web sites)" and "21 Days to Baghdad."

HACKERS STEAL ID INFO FROM VIRGINIA UNIVERSITY (CNET, 10 Jan 2005) -- George Mason University confirmed on Monday that the personal information of more than 30,000 students, faculty and staff had been nabbed by online intruders. The attackers broke into a server that held details used on campus identity cards, the university said. Joy Hughes, the school's vice president for information technology, said in an internal e-mail sent over the weekend and seen by CNET that "the server contained the names, photos, Social Security numbers and (campus ID) numbers of all members of the Mason community who have identification cards." Hughes warned that campus community members should contact the major credit bureaus to flag their accounts for possible identity fraud. "It appears that the hackers were looking for access to other campus systems rather than specific data," Hughes wrote. "However, it is possible that the data on the server could be used for identity theft." George Mason is a public university located in Fairfax, Va., a suburb of Washington, DC, with smaller campuses in Arlington, Va., and Prince William County. It reported 26,796 students enrolled as of fall 2002, and 3,908 faculty and staff members. It also is home to the Information Security Institute, the Lab for Information Security Technology and the Center for Secure Information Systems, which has been designated a "Center of Academic Excellence" by the U.S. National Security Agency.

ONLINE RETAILERS LOOK OVERSEAS (New York Times, 10 Jan 2005) – Five years ago, ProFlowers, an online florist based in San Diego, pumped $500,000 into market and technology research that would, the company hoped, help it move quickly into Europe and Japan. Within just a few months, staying in the United States market suddenly seemed much more appealing. "We naïvely assumed that everybody would look at the Internet and see it the same way," said Bill Strauss, chief executive of Provide Commerce, the parent company of ProFlowers. "But consumer behavior was absolutely different.” This year, though, the company is joining the growing ranks of online businesses that are ready again to dip their toes into foreign waters, as sales growth in the American Internet market begins to slow. Analysts and Internet executives who have experience with foreign retail operations, though, warn that such forays remain harder than they may appear. "For the most part, it's unbelievably difficult to go into another country," said Carrie Johnson, an analyst with the consultancy Forrester Research. "But every major online retailer is now looking at internationalization as an engine of growth." Ms. Johnson would not disclose the names of her Web-retailing clients that are considering foreign expansion, and most merchants are tight-lipped about such plans. But companies like eBags, Staples, Expedia and others are accelerating their foreign online efforts. ProFlowers, which operates Web sites in foreign languages and passes along orders to merchants in those countries, will begin its expansion effort this year with test marketing in Canada. "Long term, international is the place to be," Mr. Strauss said.

MOMENTUM IS GAINING FOR CELLPHONES AS CREDIT CARDS (New York Times, 10 Jan 2005) – People already use their cellphones to read e-mail messages, take pictures and play video games. Before long, they may use them in place of their wallets. By embedding in the cellphone a computer chip or other type of memory device, a phone can double as a credit card. The chip performs the same function as the magnetic strip on the back of a credit card, storing account information and other data necessary to make a purchase. In Asia, phone makers are already selling phones that users can swipe against credit or debit card readers, in much the same way they would swipe plastic MasterCard or Visa cards. Trials are now under way to bring the technology to America, industry executives said. Ron Brown, executive director of the Infrared Data Association, a trade group representing companies pushing the technology for cellphone credit cards, said that the new handsets could become "a major form of payment, because cellphones are the most ubiquitous device in the world." He added, though, that "cash will never go away." Advocates say that consumers will readily embrace the technology as a way to pay for even small purchases, because it is less bother than taking a credit card out of a purse or parting with cash. The impending changes to the cellphone happen to coincide with major shifts taking place in the banking industry. Since credit cards are still considered somewhat inconvenient, particularly for quick, small purchases, major credit card companies have developed "contactless payment" technologies for checkout counters that allow customers to wave their cards near an electronic reader without having to swipe the card or sign their name. MasterCard, for example, has introduced a system called PayPass that lets cardholders wave a card in front of a reader to initiate a payment, much as motorists use E-ZPass and similar systems to pay tolls and ExxonMobil customers use SpeedPass to buy gas. Several major credit card companies issue PayPass cards; McDonald's has agreed to accept them at some restaurants. And American Express announced late last year that it would have its system, ExpressPay, in more than 5,000 CVS drugstores by the middle of this year. Judy Tenzer, a spokeswoman for American Express, said the technology made it more likely that customers would use credit cards to pay for small items.

TO TRY TO NET KILLER, POLICE ASK A SMALL TOWN'S MEN FOR DNA (New York Times, 10 Jan 2005) -- In an unusual last-ditch move to find clues to the three-year-old killing of a freelance fashion writer, police investigators are trying to get DNA samples from every man in this Cape Cod hamlet, all 790 or so, or as many as will agree. Raising concerns among civil libertarians and prompting both resistance and support from men in Truro, the state and local police began collecting the genetic samples last week, visiting delicatessens, the post office and even the town dump to politely ask men to cooperate. Legal experts said the sweeping approach had been used only in limited instances before in the United States - although it is more widely used in Europe - and in at least one of those cases it prompted a lawsuit. Sgt. David Perry of the Truro Police Department and other law enforcement authorities here say that the program is voluntary but that they will pay close attention to those who refuse to provide DNA. "We're trying to find that person who has something to hide," Sergeant Perry said. The killing was the most notorious in this resort community in memory. Christa Worthington, 46, who had lived in New York and Paris and London before retreating to the quiet sea-stung town, was found stabbed to death in her bungalow here on Jan. 6, 2002, her 2-year-old daughter, Ava, clinging to her body. Semen was found on the body, and in the last three years the police have investigated a former boyfriend and other men, including a married man who is Ava's father. "All those people are ruled out at this point," Sergeant Perry said. A $25,000 reward failed to crack the case, which generated international publicity and a lurid book, "Invisible Eden," by Maria Flook, with explicit details of Ms. Worthington's love interests and violent death. So the police sought help from the F.B.I., which said it thought the killer had Truro ties and suggested trying to match the semen in a global genetic canvass. Mass DNA collection drives, as needle-in-a-haystack as they might sound, have yielded results in criminal investigations in England and Germany. Six years ago in Germany, for example, authorities investigating the rape and murder of an 11-year-old girl collected DNA samples from 16,400 men, a sweep believed to be the largest to date. DNA from one man matched the evidence, prompting him to confess his guilt. [Editor: Once your sample is taken, you’re “in the system” forever after, and these “systems” are only growing. Trust ‘em all?]

VERIZON'S E-MAIL EMBARGO ENRAGES (Wired, 10 Jan 2005) -- Verizon Communications customers expecting e-mail from across the pond may be in for a long wait. The internet service provider has been blocking e-mail originating from Great Britain and other parts of Europe for weeks, and customers are upset about having their communications disrupted without notice. Verizon began blocking ranges of IP addresses belonging to British and European ISPs on Dec. 22, according to the company. The blacklisting of e-mail from abroad was in response to spam coming from the region, according to a customer service representative at Verizon who identified himself only as "Gary." He said company policy prevents him from giving out his last name. Since Dec. 28, dozens of Verizon customers have been posting their frustrations on Verizon.adsl and newsgroups about being unable to receive e-mail from Britain, Germany, France and Russia. Verizon customers describe the frustrations of not knowing how many e-mails have been blocked and receiving contradictory information from Verizon's customer service, and anger at switching to free e-mail accounts until the problem is resolved.,1272,66226,00.html?tw=wn_tophead_3

EUROPEAN COMMISSION APPROVES ICC MODEL CLAUSES (Hunton & Williams Privacy & E-Commerce Alert, 11 Jan 2005) -- On December 27, the European Commission granted final approval to the industry alternative model clauses for controller-to-controller transfers of personal data; the clauses may therefore be used to ensure an adequate level of data protection for transfers from the EU as from April 1, 2005. The Commission's existing controller-to-controller contracts of 2001 will remain in effect, so that data exporters will have two sets of clauses to choose from. The seven business groups that proposed the clauses for approval were led by ICC Data Protection Task Force Chairman Christopher Kuner of Hunton & Williams' Brussels office. The Commission's press release announcing the adequacy decision is available at: The full text of the adequacy decision will be up soon on the DG Markt web site. FAQs explaining some of the differences between the new clauses and the existing Commission clauses are available on the ICC web site at

I.B.M. TO GIVE FREE ACCESS TO 500 PATENTS (New York Times, 11 Jan 2005) -- plans to announce today that it is making 500 of its software patents freely available to anyone working on open-source projects, like the popular Linux operating system, on which programmers collaborate and share code. The new model for I.B.M., analysts say, represents a shift away from the traditional corporate approach to protecting ownership of ideas through patents, copyrights, trademark and trade-secret laws. The conventional practice is to amass as many patents as possible and then charge anyone who wants access to them. I.B.M. has long been the champion of that formula. The company, analysts estimate, collected $1 billion or more last year from licensing its inventions. The move comes after a lengthy internal review by I.B.M., the world's largest patent holder, of its strategy toward intellectual property. I.B.M. executives said the patent donation today would be the first of several such steps. John Kelly, the senior vice president for technology and intellectual property, called the patent contribution "the beginning of a new era in how I.B.M. will manage intellectual property." I.B.M. may be redefining its intellectual property strategy, but it apparently has no intention of slowing the pace of its patent activity. I.B.M. was granted 3,248 patents in 2004, far more than any other company, according to the United States Patent and Trademark Office. On this issue, I.B.M. appears to be siding with a growing number of academics and industry analysts who regard open-source software projects as early evidence of the wide collaboration and innovation made possible by the Internet, providing opportunities for economies, companies and individuals who can exploit the new model. I.B.M. has already made substantial contributions to open-source software projects in the last few years. The company has been the leading corporate supporter of Linux. I.B.M. executives said they hoped the company's initial contribution of 500 patents would be the beginning of a "patent commons," which other companies would join. I.B.M. has not yet approached other companies, Mr. Stallings said. Related story at

-- and --

SUN SETS OPEN-SOURCE COURSE FOR SOLARIS - SOFTWARE GIANT CHANGING TO KEEP UP WITH COMPETITION (San Francisco Chronicle, 26 Jan 2005) -- Sun Microsystems said Tuesday that its Solaris 10 operating system would soon be available on an open-source basis, a move the company hopes will help counter the perception that its technology is too proprietary and pricier than the competition. The decision means the software will be free and that programmers outside Sun will be able to customize and improve it. John Loiacono, executive vice president of software at Sun, said the decision to offer a free version of Solaris is intended to help Sun expand the market for its other programs and its servers. "The more people use Solaris, the more opportunities we have to sell other technologies," he said. Sun chief executive Scott McNealy said the company's technology had never been as closed as its competitors had tried to portray. Still, McNealy said, with many government agencies and corporations demanding open-source alternatives, the company felt it had to open up even further to compete.

-- and --

LAWYERS RIDE SHOTGUN FOR OPEN SOURCE (CNET, 31 Jan 2005) -- A prominent intellectual property lawyer in the open-source movement is helping launch a center to provide free services to developers who use the collaborative programming method. Eben Moglen, a Columbia University law professor who has represented the Free Software Foundation in legal cases, said that he will help run the new Software Freedom Law Center, which is set to be announced on Tuesday. The center said in a statement that it will employ two full-time intellectual property attorneys, who will help provide consulting services to nonprofit open-source organizations. The staff count is expected to expand to four later in 2005. The help they provide could include training lawyers, supporting litigation, dealing with licensing problems and keeping managing contributions to open-source projects, the center said. "The Law Center is being established to provide legal services to protect the legitimate rights and interests of free and open-source software projects and developers, who often do not have the means to secure the legal services they need," Moglen said in a statement. An initial $4 million to fund the New York-based center came from Open Source Development Labs, a Linux consortium funded by computing industry giants such as IBM, Hewlett-Packard, Intel and others.

HACKER PENETRATES T-MOBILE SYSTEMS (SecurityFocus, 11 Jan 2005) -- A sophisticated computer hacker had access to servers at wireless giant T-Mobile for at least a year, which he used to monitor U.S. Secret Service e-mail, obtain customers' passwords and Social Security numbers, and download candid photos taken by Sidekick users, including Hollywood celebrities, SecurityFocus has learned. Twenty-one year-old Nicolas Jacobsen was quietly charged with the intrusions last October, after a Secret Service informant helped investigators link him to sensitive agency documents that were circulating in underground IRC chat rooms. The informant also produced evidence that Jacobsen was behind an offer to provide T-Mobile customers' personal information to identity thieves through an Internet bulletin board, according to court records. Jacobsen could access information on any of the Bellevue, Washington-based company's 16.3 million customers, including many customers' Social Security numbers and dates of birth, according to government filings in the case. He could also obtain voicemail PINs, and the passwords providing customers with Web access to their T-Mobile e-mail accounts. He did not have access to credit card numbers. The case arose as part of the Secret Service's "Operation Firewall" crackdown on Internet fraud rings last October, in which 19 men were indicted for trafficking in stolen identity information and documents, and stolen credit and debit card numbers. But Jacobsen was not charged with the others. Instead he faces two felony counts of computer intrusion and unauthorized impairment of a protected computer in a separate, unheralded federal case in Los Angeles, currently set for a February 14th status conference. The government is handling the case well away from the spotlight. The U.S. Secret Service, which played the dual role of investigator and victim in the drama, said Tuesday it couldn't comment on Jacobsen because the agency doesn't discuss ongoing cases-- a claim that's perhaps undermined by the 19 other Operation Firewall defendants discussed in a Secret Service press release last fall. T-Mobile, which apparently knew of the intrusions by July of last year, has not issued any public warning. Under California's anti-identity theft law "SB1386," the company is obliged to notify any California customers of a security breach in which their personally identifiable information is "reasonably believed to have been" compromised. That notification must be made in "the most expedient time possible and without unreasonable delay," but may be postponed if a law enforcement agency determines that the disclosure would compromise an investigation.

DHS, DOJ PLAN CYBERCRIME SURVEY (Federal Computer Week, 13 Jan 2005) -- In what they hope will become the premier measure of national cybercrime statistics, officials at the Homeland Security and Justice departments plan to survey 36,000 businesses this spring to examine the type and frequency of computer security incidents. Officials from both departments said there are currently no surveys that do what they envision the Computer Security Survey will do annually: provide statistically relevant national data on cybercrime across all U.S. businesses, especially those in critical infrastructure sectors. Patrick Morrissey, deputy director for law enforcement and intelligence in DHS' National Cyber Security Division, said no one really knows if the problem is getting better or worse or what sectors cybercriminals may be targeting. "We are awash in anecdotal evidence but little or nothing scientific or verifiable," he told members of the National Infrastructure Advisory Council Jan. 11 during a presentation. "With that being the case, decisions are being made in this area on incomplete information. Among other things this initiative is designed to help us address this gap."

FBI RETIRES CONTROVERSIAL E-MAIL SURVEILLANCE TOOL (Reuters, 18 Jan 2005) -- The FBI has all but retired its controversial e-mail wiretap system formerly known as Carnivore, turning instead to commercially available software, according to two recently released reports to Congress. The monitoring system developed to intercept the e-mail and other online activities of suspected criminals was not used in fiscal years 2003 and 2002, according to the reports obtained by the Electronic Privacy Information Center under the Freedom of Information Act. According to the reports, the FBI used commercially available software to conduct court-ordered Internet surveillance in criminal investigations 13 times during that time period. The FBI is required by federal law to provide detailed reports on how it uses Carnivore, the monitoring system now known as DCS 1000. FBI agents, after receiving a court warrant, install the system on the suspect's Internet service provider and filter out his e-mail messages, Web browsing activities and other online communications.

GOOGLE LOSES TRADEMARK DISPUTE IN FRANCE (CNET, 20 Jan 2005) -- On Dec. 16, a Nanterre court in France ruled that Google infringed on the trademarks of Le Meridien by allowing the hotel chain's rivals to bid on keywords of its name and appear prominently in related search results. Le Meridien had sued Google's French subsidiary on Oct. 25 after failing to reach an amicable agreement, according to court documents. In a blow to Google's keyword-bidding engine, the French court ordered the company to stop linking ads to Le Meridien-trademarked terms by Monday or face a daily fine of $194 (150 euros). The company must also cease linking ads related to Le Meridien brands within 72 hours of whenever Le Meridien notifies it of listings in violation, or face a daily fine of 150 euros. Finally, Google must pay all court fees and a fine of $2,592 (2,000 euros). A representative of Mountain View, Calif.-based Google said the company will appeal the decision. "We will continue to defend against this suit, which we believe is without merit," the representative said. The decision casts a shadow on Google's billion-dollar money engine, keyword-based advertising, and potentially on the company's financial prospects in Europe. The company makes about 98 percent of its revenue from keyword advertising linked to search technology, and many such ads are tied to branded or trademarked names of products and services. The technique has been effective because Web search is one of the primary ways that people find products and services.

BERTELSMANN SETTLES WITH SMALL MUSIC COMPANY IN SUIT OVER NAPSTER (New York Times, 20 Jan 2005) – More than four years after Bertelsmann, the German media conglomerate, shook up the music industry by providing financial help to the Napster file-sharing service, the company has settled one record label's attempt to hold it liable for aiding online piracy. Bertelsmann has agreed to pay about $50,000 to settle accusations from Bridgeport Music, a small company in Southfield, Mich., that it had contributed to copyright infringement by lending millions of dollars to Napster in 2000 and 2001. The settlement, which covers the small label's legal fees, is the first sign of a break in a battle that has taken shape amid the fallout from the collapse of Napster, a file-swapping service based in Silicon Valley, which enabled millions of computer users to trade songs online free. Because Napster was forced to file for bankruptcy protection, the case is regarded as perhaps the last chance for record companies and music publishers to extract payment for the problems - particularly declining CD sales - that they attribute to file sharing. Bridgeport is the smallest of the music companies pursuing copyright-infringement claims, and Bertelsmann may still face a protracted battle with the industry's bigger and wealthier players, including the EMI Group and the Universal Music Group, a division of Vivendi Universal. Bertelsmann owns 50 percent of the music giant Sony BMG Music Entertainment. The companies contend that Bertelsmann, which lent Napster about $85 million to develop a new service that would compensate labels and songwriters, in essence controlled the online company and should be held responsible for the theft of songs. Bertelsmann's lawyers say the company did not hold an equity stake or seats on Napster's board, and lacked the sort of control needed to be found liable.

THE FUTURE OF P2P (NewsScan, 21 Jan 2005) -- While Hollywood and the music industry has spent the last few years demonizing peer-to-peer networks, big business is eyeing the technology's potential for "commoditization" (translation: $$$). "Old media always tries to stop new media. When they can't stop it, they try to control it. Then they figure out how to make money and they always make a lot of money," says StreamCast Networks president Michael Weiss. P2P networks can be used to share any type of file -- photos, software, licensed music and other digital content. The BBC has already embraced the technology, and will be using P2P to offer most of its programs for download this year. Even some commercial entertainment companies are working on business models that would enable them to make money off of it, such as paid-for-pass-along, in which firms receive money each time a file is shared.

IN GERMANY, EMAIL BLOCKING MAY BE ILLEGAL (Steptoe & Johnson’s E-Commerce Law Week, 22 Jan 2005) -- Spammers rejoice! A German court may just have criminalized spam filters. According to a recent ruling by the Higher Regional Court (OLG) in Karlsruhe, Germany, companies and universities that selectively block email messages from a specific sender may be in violation of German law. The ruling, issued on January 10, is the first of its kind on this topic by a German higher regional court and will force a criminal investigation against the person(s) responsible for blocking the emails. This decision has implications for companies offering email or spam filtering services in Germany, as well as for companies that filter the email of their German-based employees' for spam. Such companies would be well-advised to ensure that their spam filters and email services do not inadvertently violate this law by blocking messages without their customers' or employees' knowledge. Otherwise, they might just find themselves on the wrong end of a German inquisition.

AOL TO DROP DIRECT USENET ACCESS (Reuters, 26 Jan 2005) -- America Online will stop providing direct access to Usenet newsgroups, one of the earliest forums on the Internet for people to discuss a large variety of topics from television shows to software to sex. The move to drop AOL next month comes as usage of the service has shrunk to fewer than 1,000 users a month. AOL has some 23 million subscribers in the United States alone. Dropping Usenet will let AOL focus more on more popular community features such as message boards, chat rooms and online journals, said AOL spokeswoman Jay Esmele. AOL users still would be able to access Usenet groups from other providers,

EBAY SCRUBS MISSILE SALE (CNET, 26 Jan 2005) -- A British man trying to sell a deactivated Soviet-era missile on eBay was forced to delete it after Web site staff contacted him for breaching company rules. But eBay told Richard Moore, from Cambridgeshire, to remove the missile because he broke eBay regulations by listing it alongside its vehicle launcher, which should have appeared as a separate item--and not because it was a weapon. The online auctioneer bans the sale of any ammunition, replica guns or firearms on its sites. Selling demilitarized missiles however is acceptable, an eBay spokesman said. "There's a large market in demilitarized weaponry, and they're classified as museum pieces," the spokesman said. The missile's fully operational launcher is still on offer, at 18,990 pounds ($35,660).

STUDY: MOST IDENTITY THEFT OCCURS OFFLINE (AP, 27 Jan 2005) -- Despite growing fears about online fraud, a new study finds that most cases of identity theft originate offline. Most often, a lost or stolen wallet or checkbook gives thieves information to commit fraud. Computer crimes made up just 12 percent of all identity fraud cases in which the cause is known; and of those half are attributed to spyware, the software that sneaks onto computers and can send back private information. "Most people's identity is being stolen in traditional ways," said Ken Hunter, president and chief executive of the Better Business Bureau, which conducted the study with Javelin Research. CheckFree Services Corp., Visa USA and Wells Fargo Bank - three companies that promote online banking and other services - sponsored the study, which also found that identity fraud is often committed by a friend, relative, in-home employee or someone else known by the victim. The study also found that those who access their bank accounts online can detect identity theft earlier and thus minimize losses.

DIEBOLD TO MARKET PAPER-TRAIL E-VOTING SYSTEM (InfoWorld, 27 Jan 2005) -- Diebold Election Systems, a target of many electronic voting critics during the 2004 U.S. election, announced Thursday it has completed the design for a printer that would give its e-voting machines a paper trail. Diebold's printer, submitted for federal government approval several weeks ago, would create a so-called voter-verified paper trail, a function that many e-voting critics have demanded of e-voting machine manufacturers. A machine with a voter-verified paper trail printer allows voters to review their votes on a printout after using an electronic ballot, and advocates of voter-verified paper trail printers say the functionality allows voters to be confident e-voting machines recorded their votes as intended, and provides a paper train for a recount. The company's decision comes in large part because of state requirements for paper trail ballots, said David Bear, a Diebold spokesman. Nevada used e-voting machines with paper trail capabilities in the November U.S. election, and California and Ohio have joined Nevada in requiring e-voting machine printers in future elections. Voter-verified paper trails would virtually eliminate machine error in which votes aren't counted, said Will Doherty, executive director of the Verified Voting Foundation. In the November 2004 election, one county in North Carolina lost more than 4,500 votes when there was a misunderstanding over the capacity of the e-voting machines used there.

THE SARB-OX SHIFT (ComputerWorld, 31 Jan 2005) -- When Sen. Paul S. Sarbanes and Rep. Michael Oxley crafted legislation in 2002 aimed at strengthening corporate governance and restoring investor confidence, little could they have known that the new law would help trigger a recasting of the CIO's role and the responsibilities of corporate IT departments across the U.S. And it isn't just the Sarbanes-Oxley Act of 2002 that's contributing to the shift in the CIO's role. There are roughly 150 corporate governance regulations that companies have to adhere to worldwide, according to George Westerman, a research scientist in the Center for Information Systems Research at the MIT Sloan School of Management. As a result, CIOs and IT departments have become integral to corporate compliance efforts, and their visibility within the organization has risen to new heights. Still, their increased stature may diminish once IT-related compliance requirements are under control. Many believe that the evolving regulatory landscape has helped raise CIOs' visibility within their organizations. Sarbanes-Oxley compliance alone "is making people understand what is under the covers and how complex IT really is," says Dennis Fishback, senior vice president and CIO at Calpine Corp., a San Jose-based energy company. For example, Calpine's accounting group conducted 450 tests for its Sarbanes-Oxley Section 404 readiness efforts. In comparison, the company's IT department had to conduct thousands of tests to ensure its readiness, says Fishback. "IT systems are so large and companies have become so much more dependent on their IT infrastructures that the potential for failure has gone up," says Rob Austin, a fellow at Cutter Consortium in Arlington, Mass., and a professor at Harvard Business School.,10801,99318,00.html?source=x62

CT CONFIRMS RIGHT TO RELY ON CDA S.230 FOR DISCUSSION FORUM (BNA’s Internet Law News, 1 Feb 2005) -- A New Jersey appellate court has ruled that the CDA s.230 provides protection for all persons who host discussion forums, regardless of whether they are ISPs. The case involved the "Eye on Emerson" website, created by a resident of Emerson, New Jersey to discuss local affairs in the Borough of Emerson. Several public officials sued over allegedly defamatory and certainly offensive comments posted on a bulletin board that was part of the website. Decision at

GREEK AUTHORITY BLOCKS BOSSES FROM PRYING INTO EMPLOYEES' E-MAILS (AFP, 1 Feb 2005) -- Greece's personal data watchdog has ordered companies not to violate their employees' privacy by snooping into their private e-mails. The independent Data Protection Authority (DPA), whose decisions are binding, said Monday it had barred firms from collecting and processing information on workers' communications, including e-mail. The decision, obtained by AFP on Tuesday, did not include monetary fines. The authority acted on a complaint by the workers' union of an unnamed company, alleging the company remote-controlled employees' computers through Virtual Network Control, a specialised software that transmits the screen and keyboard and mouse clicks between two computers on a network. According to the complaint, the company did not inform staff it had installed the system, made records of the websites they visited and shut down an employee's e-mail because he sent too many messages. The DPA said that contacts vital to the company's business and cost control might be monitored. "Recording and processing of (an employee's) entire communications cannot be allowed under any circumstance," it said.

-- and --

EMPLOYEES TO BE BILLED FOR PERSONAL NET USE? (CNET, 1 Feb 2005) -- Employees who surf the Net at work could receive a bill each month for the cost of borrowed bandwidth and wasted time if Australia-based Exinda Networks' URL- and bandwidth-monitoring system takes off. Exinda Networks says it's developed a system that allows a company to monitor exactly which Web sites are visited by each employee and how much bandwidth has been used--in terms of a cash loss to the employer. Con Nikolouzakis, director of Exinda Networks, said the URL- and bandwidth-monitoring system was designed to ensure that employees are held responsible for the cost of misused bandwidth and time. "If you use your office computer for Internet banking and booking theater tickets, you're fine. If you choose to use it to download illegal software, research personal interests or other non-business uses, then you could be issued with a 'please explain' and a bill for the costs of the bandwidth and time you wasted," Nikolouzakis said. According to Nikolouzakis, access to certain sites can be blocked, and bandwidth abusers can have their bandwidth throttled, which would significantly slow that individual's access to the undesirable Web site. Additionally, the employee could be presented with a bill.

THWARTING ETHICAL VIOLATIONS WITH WEB SITE DISCLAIMERS (D.C. Bar Journal, Feb 2005) -- Over the past few years, many lawyers and law firms have created sites on the World Wide Web to publicize their practices and attract new clients. The American Bar Association and the ethics committees of state bars are increasingly finding such sites subject to existing—or new—professional responsibility rules with regard to attorney–client relationships, advertising, and confidentiality. For example, in Opinion 302 (2000) the Legal Ethics Committee of the District of Columbia Bar concluded that lawyers could use web sites to disseminate information about their practices “provided that such communications comply with our general rules governing lawyer communications with clients.” In that opinion the committee focused on Rule 7.1(a) of the D.C. Rules of Professional Conduct, which prohibits lawyers from making “false or misleading” communications about themselves or their services. This restriction on members of the D.C. Bar also applies to communications made to potential clients, because the District has no rule concerned specifically with advertising or solicitation. However, not all lawyers have evaluated whether their web sites comply with ethical requirements, even though embarrassing and potentially costly problems might be prevented by simple and inexpensive modifications to their sites. [Editor: Interesting article by Prof. Walter Effross.]

DELETING SPAM COSTS BILLIONS, STUDY FINDS (, 2 Feb 2005) -- Time wasted deleting junk e-mail costs American businesses nearly $22 billion a year, according to a new study from the University of Maryland. A telephone-based survey of adults who use the Internet found that more than three-quarters receive spam daily. The average spam messages per day is 18.5 and the average time spent per day deleting them is 2.8 minutes. The loss in productivity is equivalent to $21.6 billion per year at average U.S. wages, according to the National Technology Readiness Survey produced by Rockbridge Associates, Inc., and the Center for Excellence in Service at Maryland's business school. The study, to be released Thursday, also found that 14 percent of spam recipients actually read messages to see what they say, and 4 percent of the recipients have bought something advertised through spam within the past year.

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School,
2. Edupage,
3. SANS Newsbites,
4. NewsScan and Innovation,
5. Internet Law & Policy Forum,
6. BNA’s Internet Law News,
7. The Ifra Trend Report,
8. Crypto-Gram,
9. David Evan’s “Internet and Computer News”,
10. Readers’ submissions, and the editor’s discoveries.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.

No comments: