Saturday, March 26, 2005

MIRLN -- Misc. IT Related Legal News [6-26 March 2005; v8.04]

**************Introductory Note**********************

MIRLN (Misc. IT Related Legal News) is a free product of the American Bar Association’s Cyberspace Law Committee. Please feel free to distribute this message.

Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at http://www.buslaw.org/cgi-bin/controlpanel.cgi?committee=CL320000 (click on “Settings” beside Members-Only Listserve Discussion). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN editions are archived at www.vip-law.com and in the public materials section of the Cyberspace Committee’s collaboration space at http://lawplace.metadot.com.

**************End of Introductory Note***************

**** PROGRAM ANNOUNCEMENT ****
WORLD COMPUTER AND INTERNET LAW CONGRESS (produced by the Computer Law Association, May 5-6, 2005, in Washington, D.C.) -- Program information at http://www.cla.org/final_dc_05.pdf

**** NEWS ****

TRACKING PCS ANYWHERE ON THE NET (CNET, 4 March 2005) – A University of California researcher says he has found a way to identify computer hardware remotely, a technique that could potentially unmask anonymous Web surfers by bypassing some common security techniques. Tadayoshi Kohno, a doctoral student, wrote in a paper on his research: “There are now a number of powerful techniques for remote operating system fingerprinting, that is, remotely determining the operating systems of devices on the Internet. We push this idea further and introduce the notion of remote physical device fingerprinting...without the fingerprinted device’s known cooperation.” The potential applications for Kohno’s technique are far-reaching. For example, it could be possible to track “a physical device as it connects to the Internet from different access points, counting the number of devices behind a NAT even when the devices use constant or random IP identifications, remotely probing a block of addresses to determine if the addresses correspond to virtual hosts.” NAT, or network address translation, is a protocol commonly used to make it appear as if machines behind a firewall all retain the same IP address on the public Internet. Kohno’s research is likely not the last word in Net anonymity, but simply the latest escalation in the arms race between snoopware and anonymity developers. Possible countermeasures include masking time skews with better random number generation techniques, for example. http://news.com.com/Tracking+PCs+anywhere+on+the+Net/2100-1029_3-5600055.html?tag=cd.top%5BEditor’s

EU MINISTERS ENDORSE PATENT LA (BBC, 7 March 2005) -- European ministers have endorsed a controversial proposed law on patents which critics say could stifle software development. Some major tech firms say it is needed to protect inventions, while others fear it will hurt smaller tech firms. The draft bill still needs the backing of the European Parliament - which is unlikely to rubber stamp the proposals. Some MEPs have said they will reject the bill or require substantial changes before it is made law. French Green MEP Alain Lipietz warned two weeks ago that the parliament would reject the Council of Minister’s version of the legislation as part of the final or conciliation stage of the decision procedure. The parliament demanded that the European Commission, the EU executive, resubmit the draft law to a first reading, which would make it easier to propose amendments aimed at limiting the scope of possible patents. The Commission, which has the sole right to propose pan-EU legislation, refused, saying that the ministers should decide on the draft law. http://news.bbc.co.uk/1/hi/technology/4325215.stm

WHITE HOUSE APPROVES PASS FOR BLOGGER (New York Times, 7 March 2005) – Another signal moment for bloggers is to occur this morning, when Garrett M. Graff, who writes a blog about the news media in Washington, is to be ushered into the White House briefing room to attend the daily press “gaggle.” Mr. Graff, 23, may be the first blogger in the short history of the medium to be granted a daily White House pass for the specific purpose of writing a blog, or Web log. A White House spokesman said yesterday that he believed Mr. Graff was the first blogger to be given credentials. He is being given a press pass as the editor of FishbowlDC (www.mediabistro.com/fishbowldc), a blog that is published by Mediabistro.com, which offers networking and services for journalists. Increasingly, bloggers are penetrating the preserves of the mainstream news media. They have secured seats on campaign planes, at political conventions and in presidential debates, and have become a driving force in news events themselves. Mr. Graff said he was inspired to try to seek access to the White House by the controversy over James D. Guckert, who used the alias Jeff Gannon. Mr. Guckert was granted daily passes to White House briefings while writing for a Web site run by a Republican operative in Texas. The episode raised questions about who was a legitimate journalist and how access to the White House was granted. http://www.nytimes.com/2005/03/07/technology/07press.html?ex=1267938000&en=53aba0fd77cf623d&ei=5090&partner=rssuserland The blog is at http://www.mediabistro.com/fishbowldc

FIRMS TAKING ACTION AGAINST WORKER BLOGS (AP, 7 March 2005) -- Flight attendant Ellen Simonetti and former Google employee Mark Jen have more in common than their love of blogging: They both got fired over it. Though many companies have Internet guidelines that prohibit visiting porn sites or forwarding racist jokes, few of the policies directly cover blogs, or Web journals, particularly those written outside of work hours. Simonetti had posted suggestive photographs of herself in uniform, while Jen speculated online about his employer’s finances. In neither case were their bosses happy when they found out. “There needs to be a dialogue going on between employers and employees,” said Heather Armstrong, a Web designer fired for commenting on her blog about goings on at work. “There’s this power of personal publishing, and there needs to be rules about what you can or cannot say about the workplace.” On blogs, which are by their very nature public forums, people often muse about their likes and dislikes — of family, of friends, of co-workers. Currently, some 27 percent of online U.S. adults read blogs, and 7 percent pen them, according to The Pew Internet and American Life Project. With search engines making it easy to find virtually anything anyone says in a blog these days, companies are taking notice — and taking action. “Because it’s less formal, you’re more likely to say something that would offend your boss,” said Lewis Maltby, president of the National Workrights Institute, a workers’ rights group. http://story.news.yahoo.com/news?tmpl=story&cid=528&e=2&u=/ap/20050307/ap_on_hi_te/fired_for_blogging and http://www.washingtonpost.com/wp-dyn/articles/A11675-2005Mar6.html

TECH HEAVIES THROW WEIGHT INTO COMPLIANCE (InternetNews.com, 7 March 2005) -- A coalition of eight tech companies has formed the Compliance and Management Electronic Information (CMEI) working group in a bid to give companies a hand in formulating a comprehensive compliance framework for their business. The group, made up of Oracle, Hewlett-Packard, Veritas, Sun Microsystems, Open Text , Hitachi Data Systems, Network Appliance and Plasmon, expects to have resources available on the Internet Law & Policy Forum (ILPF) Web site (www.ilpf.org) in the next six months. The ILPF is a non-profit organization that provides a neutral forum for challenges posed by the Internet on law, policy, technology and businesses worldwide. Outside the CMEI, the organization hosts working groups focused on spam, self-regulation, security and policy, content liability, electronic authentication and jurisdiction. The CMEI site will host documentation on best practices for information retention and maintenance regulations, provide counsel and exchange information with various businesses, legislative bodies and regulatory agencies in various workshops, and publish checklists and summaries of legal and regulatory requirements for interested companies. Officials say the many information compliance regulations worldwide cause undo headaches for companies trying to abide by them, both in money and time spent adhering to conflicting regulations. As an example they point to a company, based in the United States with offices in the United Kingdom, that severs its ties with a customer. Under U.S. law, companies must retain records for seven years, but in the U.K. they must immediately destroy all customer information. Those sorts of conflicting policy goals, as well as some of the weak language found in ambiguous regulations was the main reason for the formation of the working group, according to Harald Collet, CMEI chairman and Oracle records management and compliance support product manager. With businesses focused on complying with the deadlines of specific regulations, he said, such as Sarbanes Oxley, they now have to work on building a framework that is more all-encompassing. http://www.internetnews.com/bus-news/article.php/3487896

GERMAN CT BLOCKS LINK FROM WEBSITE TO CIRCUMVENTION SOFTWARE (BNA’s Internet Law News, 8 March 2005) -- A German court has prohibited the German news site Heise to link in an online article to a site were circumvention software was made available. IFPI complained that the news article provided information and a link that should be deemed illegal under the anti-circumvention provision of the German Copyright Law. http://constitutionalcode.blogspot.com/2005/03/court-prohibits-linking-to.html

TEEN CONVICTED UNDER INTERNET PIRACY LAW (SiliconValley.com, 7 March 2005) -- An Arizona university student is believed to be the first person in the country to be convicted of a crime under state laws for illegally downloading music and movies from the Internet, prosecutors and activists say. University of Arizona student Parvin Dhaliwal pleaded guilty to possession of counterfeit marks, or unauthorized copies of intellectual property. Under an agreement with prosecutors, Dhaliwal was sentenced last month to a three-month deferred jail sentence, three years of probation, 200 hours of community service and a $5,400 fine. The judge in the case also ordered him to take a copyright class at the University of Arizona, which he attends, and to avoid file-sharing computer programs. “Generally copyright is exclusively a federal matter,” said Jason Schultz, an attorney with the Electronic Frontier Foundation, a technology civil liberties group. “Up until this point, you just haven’t seen states involved at all.” Federal investigators referred the case to the Maricopa County Attorney’s Office for prosecution because Dhaliwal was a minor when he committed the crime, said Krystal Garza, a spokeswoman for the office. “His age was a big factor,” she said. “If it went into federal court, it’s a minimum of three months in jail up front.” http://www.siliconvalley.com/mld/siliconvalley/news/11075540.htm

MICHIGAN STATE POLICE QUIT ANTI-TERRORISM DATABASE (SiliconValley.com, 7 March 2005) -- State police officials say they will drop out of a multistate data-collection system that came under fire as a potential threat to people’s privacy. The Michigan State Police said it will stop participating in the pilot project, known as ``Matrix,” when it ends March 18. The department said too few states are participating to make the project worthwhile. The project began in December 2003 with 13 states; Florida, Ohio, Pennsylvania and Connecticut remain. State police also said they were concerned about future funding and unrealistic expectations to expand the Multistate Anti-Terrorism Information Exchange. ``The need for law enforcement investigators to access legally available information sources for criminal investigations continues to be a critical goal,” said Lt. Colonel Peter Munoz, deputy director and commander of the Field Services Bureau. The project collects data, including driver’s license and criminal history information, and shares access with participating states. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/11074980.htm

HARVARD REJECTS APPLICANTS WHO PEEKED INTO ADMISSIONS COMPUTER (SiliconValley.com, 8 March 2005) -- Harvard Business School will reject 119 applicants who followed a hacker’s instructions and peeked into the school’s admission site to see if they had been accepted, the school’s dean said. ``This behavior is unethical at best -- a serious breach of trust that cannot be countered by rationalization,” Kim Clark said in a statement Monday. ``Any applicant found to have done so will not be admitted to this school.” An unknown hacker posted instructions last week on a BusinessWeek online message board on how to view the status of their applications. Applicants to at least six business schools took advantage of the instructions, although most got only blank screens. Though some Harvard applicants did find information on their application status, school officials stressed that any decision wasn’t final until March 30. Carnegie Mellon’s Tepper School of Business has already said it will reject those proven to have tried to peek at their files. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/11082291.htm [Editor: I think these schools are over-reacting; applicants could only see their own records, and I understand the “hack” to have been a relatively straight-forward manipulation of a non-confidential URL. If the schools can’t be bothered to protect this information more effectively, it’s crazy for them to turn around with a draconian punishment for simple curiosity.] Dartmouth takes a more nuanced approach: http://www.post-gazette.com/pg/05077/473361.stm

WISCONSIN WANTS TO TAX INTERNET DOWNLOADS (Capital Times, 8 March 2005) -- Wisconsin residents would have to pay the state sales tax on goods they download from the Internet, including songs, books and movies, under Gov. Jim Doyle’s budget, costing them an estimated $3.2 million over the next two years. State Rep. Scott Jensen, R-Waukesha, complained Monday that the move contradicted Doyle’s pledge to balance the budget without raising taxes. “The next time you download the latest song from U2 for 99 cents, the governor wants to charge you the sales tax,” Jensen said in a release. “It’s enough to give iPod users a case of ‘vertigo,’” in reference to the group’s hit song. In his example, the sales tax would be about 5 cents. The governor’s budget proposal would make clear that Wisconsin can collect the sales tax for certain purchases, from movie and music downloads to electronic books and artwork. http://www.madison.com/tct/news/stories/index.php?ntid=31226&ntpid=8

SHAREHOLDERS SUE CHOICEPOINT (ComputerWorld, 7 March 2005) -- Shareholders are suing ChoicePoint Inc. and its top executives after the company’s share price fell sharply following news that identity thieves had gained access to personal information about some U.S. residents that was held by the personal data vendor. A class-action lawsuit has been filed in U.S. District Court for the Central District of California on behalf of those who bought ChoicePoint shares between April 22, 2004, and March 3, 2005, Radnor, Pa.-based law firm Schiffrin & Barroway LLP said in a statement Friday. The suit charges Alpharetta, Ga.-based ChoicePoint and three top executives with keeping key information from the public in an effort to artificially inflate the price of the company’s stock. Specifically, the suit alleges that the defendants knew that ChoicePoint’s measures to protect its data were inadequate, that the company knew it was selling data to illegal enterprises, that security breaches had occurred twice before and that the company had exposed more than 500,000 people to the threat of identity theft, according to the statement. The suit seeks to recover damages for the shareholders. http://www.computerworld.com/governmenttopics/government/legalissues/story/0,10801,100239,00.html

GOVERNMENT AGENCIES TO GET EARLY DIBS ON WINDOWS PATCHES (Information Week, 11 March 2005) -- Microsoft will give the Air Force and other federal agencies software patches to test a month before the general public receives them. The arrangement is part of Microsoft’s Security Update Validation Program, a “closed beta program” introduced within the past 12 months. Microsoft will begin giving prerelease software patches to the Air Force, The Wall Street Journal reported Friday. The Department of Homeland Security will give advance notice of the new vulnerabilities to other government agencies and distribute the patches to them after they’ve been tested by the Air Force, the newspaper reported. Advance testing will make it possible for government agencies to install the patches as soon as Microsoft releases the final versions. That’s aimed at helping agencies stay ahead of hackers, who often are able to develop attacks that exploit a software hole less than a week after Microsoft discloses the vulnerability. The early-access program is also available to select business customers. The software updates are provided to program participants only for testing purposes, a Microsoft spokesman says. “Customers are specifically prohibited from deploying these security updates in a production environment,” the spokesman says via E-mail. “Participants are testing prerelease software, therefore the updates are provided only to deploy in a test environment. Participants can only deploy the security updates to their entire infrastructure when they are released to the general public.” The issue of providing advance access to security bulletins and software patches is a sensitive subject for Microsoft and other software vendors, who need to ensure that information and code don’t find their way to hackers before final patches are available for all customers. And customers who don’t receive advance notice may believe they’re at a disadvantage. http://www.informationweek.com/story/showArticle.jhtml?articleID=159401297

TEXAS BILL WOULD BENEFIT GRADUATES OF ONLINE LAW SCHOOLS (Chronicle of Higher Education, 11 March 2005) -- A bill working its way through the Texas legislature could give graduates of online law schools more opportunities to practice law. The American Bar Association (ABA) has so far refused to accredit online law schools, saying that they do not train students adequately to practice law. Although the ABA continues to refuse accreditation to online law schools, the organization does accredit institutions that offer some courses online. Currently in Texas, a graduate of an online law school can only take the state’s bar exam if he or she has practiced law in another state for at least five years. The proposed law would allow online graduates to take the Texas bar exam if they simply had passed the bar in another state. A small number of other states have similar statutes. California is currently the only state that allows individuals to take the bar exam without having passed another state’s bar exam. The bill was prompted by the situation of Julie Drenner, daughter of a state legislator, who graduated from Oak Brook College of Law and Government in California, passed that state’s bar exam, and now wants to practice law in Texas. (sub. req’d) http://chronicle.com/prm/weekly/v51/i27/27a03501.htm

FRANCE: OPT-OUT BECOMES THE RULE FOR B2B MARKETING (Hunton & William’s Privacy & E-Commerce Alert, 14 March 2005) -- During its February 17 session, the French data protection authority (CNIL) reversed its position on e-mail direct marketing in the B2B context: the CNIL stated that the sending of a commercial message to an individual’s professional e-mail account and for professional purposes is no longer subject to the individual’s prior consent. Until then, the CNIL had favored a strict interpretation of the law, considering that the opt-in requirement applicable to e-mail marketing also applied to individuals acting in their professional capacity. However, since the purpose of the opt-in rule is to protect consumers, not to adversely affect exchanges between businesses, it decided that opt-out should become the rule in the B2B context. For further information (in French only), consult the CNIL web site: http://www.cnil.fr/index.php?id=1780&news[uid]=238&cHash=6dd2646505.

FRENCH COURT RULES DOWNLOADING LAWFUL (BNA’s Internet Law News, 14 March 2005) -- The French Court of Appeal of Montpellier has released a 22 years old Internet user free of charges after he was sued for copying nearly 500 movies on Internet, burning them on CDs and sharing them with friends. The Court based its decision on the article L-122-5 of the French Intellectual Property Code stating that “authors can’t forbid copies or reproductions that are only intented for the private use of the copyist.” Coverage at http://frenchdownload.notlong.com/ French decision at http://www.juriscom.net/documents/camontpellier20050315.pdf

MAN GETS TO KEEP HIS NAME AFTER MATTEL LOSES UDRP CLAIM (BNA’s Internet Law News, 14 March 2005) -- Mattel has lost an ICANN UDRP bid to obtain the name mattel.org. The registrant’s name is Gopi Mattel. http://www.arb-forum.com/domains/decisions/372847.htm

PRIVACY ADVOCATES FROWN ON AMAZON SNOOPING PLAN (CNET, 14 March 2005) -- Post a review of a book or other product on Amazon.com, and the information may find its way into the company’s file on you. That’s one key feature, anyway, of a system Amazon has invented to gather clues about customers’ gift-giving habits in order to suggest future gifts and reminders. The company was granted a patent last week for the system, which also profiles gift recipients and guesses their age, birthday and gender. Amazon says it hasn’t put the “systems and methods” covered by the patent to use, so it isn’t monitoring customer review pages yet. But that fact gives little comfort to consumer advocates, who have hounded Amazon for years over its customer-profiling practices. This latest invention is yet further cause for concern, because it could involve profiling children and exploit the giving of gifts and the sense of community that customer reviews were designed to engender, advocate groups said. “Amazon has continued to set the low bar for privacy on the Internet,” said Chris Hoofnagle, West Coast director of the Electronic Privacy Information Center, or EPIC. “It’s almost no longer a surprise when the company announces some new way to profile people.” Here’s how the proposed system works, according to Amazon’s patent claim: Amazon would gather information about gift recipients, including their names, addresses and items customers send them. The system would then try to guess their gender, age and the gift-giving occasion based on the type of present, messages written in gift cards, dates gifts are ordered, items on wish lists, and commentary in related consumer reviews. http://news.com.com/Privacy+advocates+frown+on+Amazon+snooping+plan/2100-1038_3-5611663.html?tag=nefd.top

STUDY SHOWS ONLINE CITATIONS DON’T AGE WELL (Chronicle of Higher Education, 14 March 2005) – A study conducted by two academics at Iowa State University has shown a remarkably high rate of “decay” for online citations. Michael Bugeja, professor of journalism and communication, and Daniela Dimitrova, assistant professor of communication, looked at five prestigious communication-studies journals from 2000 to 2003 and found 1,126 footnotes that cite online resources. Of those, 373 did not work at all, a decay rate of 33 percent; of those that worked, only 424 took users to information relevant to the citation. In one of the journals in the study, 167 of 265 citations did not work. Bugeja compared the current situation to that of Shakespearean plays in the early days of printing, when many copies of plays were fraught with errors due to the instability of the printing medium. Anthony T. Grafton, a professor of history at Princeton University and author of a book on footnotes, agreed that citation decay is a real and growing problem, describing the situation as “a world in which documentation and verification melt into air.” (sub. req’d) http://chronicle.com/prm/daily/2005/03/2005031402n.htm

AOL CLARIFIES IM PRIVACY GUARANTEE (CNET, 14 March 2005) -- America Online said late Monday that it plans to revise its user agreement in response to concerns that instant messages sent through the company’s service could be monitored. The new policy for AOL Instant Messenger, or AIM, will stress that the company does not eavesdrop on customer’s conversations except in unusual circumstances such as a court order, an AOL spokesman said. AIM’s terms of service have been in place since at least February 2004, but nobody appears to have raised an alarm until a few days ago. Over the weekend, a brushfire of sorts flared among bloggers alarmed about six words embedded deep in the policy: “You waive any right to privacy.” That unfortunate wording was intended to apply to an AIM feature called “Rate-a-Buddy,” spokesman Andrew Weinstein said. Like the classic HotOrNot.com site, Rate-a-Buddy permits AIM users to post photographs publicly so others can rate them on how “cute” and “interesting” they seem to be. The Rate-a-Buddy language was “wrapped into” the AIM terms of service, and that “inartfully” worded phrase has been deleted from a new version that will be made public Tuesday, Weinstein said. “It’s going to make it very clear that this section applies to public areas.” AIM’s public areas include a few dozen public chat rooms, which cover topics from celebrity gossip to NASCAR chat. “We’re making the language clearer so users understand it,” Weinstein said. “At a minimum, there was significant confusion.” AOL’s AIM Privacy Policy--referenced in AIM’s terms of service--has long said that “AOL does not read your private online communications when you use any of the communication tools offered as AIM Products.” The updated terms of service will include that statement, rather than referencing it. http://news.com.com/2100-1030_3-5616543.html

HOW TO DESTROY THE EARTH (Reviewed in Cryptogram, 15 March 2005) -- This is a fascinating -- and detailed -- analysis of what would be required to destroy the earth: materials, methods, feasibility, schedule. While the DHS might view this as a terrorist manual and get it removed from the Internet, the good news is that obliterating the planet isn’t an easy task. http://ned.ucam.org/~sdh31/misc/destroy.html [Editor: Totally off-topic, with no worldly legal implications, but engaging, educational, and fun.]

CREATIVE COMMONS IS REWRITING RULES OF COPYRIGHT (Washington Post, 15 March 2005) -- When Chuck D and the Fine Arts Militia released their latest single, “No Meaning No,” several months ago, they didn’t try to stop people from circulating free copies on the Internet. They encouraged it. They posted the entire 3-minute, 12-second song and its various vocal, drum and guitar components online and invited everyone to view, copy, mix, remix, sample, imitate, parody and even criticize it. The result has been the creation of a flood of derivative work ranging from classical twists on the hip-hop piece to video interpretations of the song. The musicians reveled in the instant fan base. They were so pleased that they recently decided to publish their next entire album, due later this spring, the same way, becoming the first major artists to do so. “No Meaning No” was released under an innovative new licensing scheme called Creative Commons that some say may be better suited to the electronic age than the hands-off mind-set that has made copyright such a bad word among the digerati. So far, more than 10 million other creations -- ranging from the movie “Outfoxed” and songs by the Beastie Boys to the British Broadcasting Corp.’s news footage and the tech support books published under the O’Reilly label -- have been distributed using these licenses. The idea has even won the support of Hilary Rosen, formerly of the Recording Industry Association of America, and Jack Valenti, the past head of the Motion Picture Association of America, who became known for their aggressive pursuit of people who share free, unauthorized copies via the Internet. Interest in Creative Commons licenses comes as artists, authors and traditional media companies begin to warm to the idea of the Internet as friend instead of foe and race to capitalize on technologies such as file-sharing and digital copying. http://www.washingtonpost.com/wp-dyn/articles/A35297-2005Mar14.html

AGENCE FRANCE PRESSE SUES OVER GOOGLE NEWS (Reuters, 19 March 2005) -- Agence France Presse has sued Google Inc., alleging the Web search leader includes AFP’s photos, news headlines and stories on its news site without permission. The French news service is seeking damages of at least $17.5 million and an order barring Google News from displaying AFP photographs, news headlines or story leads, according to the suit filed on Thursday in the U.S. District Court for the District of Columbia. “We allow publishers to opt out of Google News but most publishers want to be included because they believe it is a benefit to them and to their readers,” Google spokesman Steve Langdon said of the AFP lawsuit. The attorney for AFP was not immediately available for comment. AFP sells subscriptions to its content and does not provide it free. Google News gathers photos and news stories from around the Web and posts them on its news site, which is free to users. “Without AFP’s authorization, defendant is continuously and willfully reproducing and publicly displaying AFP’s photographs, headlines and story leads on its Google News web pages,” AFP charged in its lawsuit. AFP said it has informed Google that it is not authorized to use AFP’s copyrighted material as it does and has asked Google to cease and desist from infringing its copyrighted work. AFP alleged that Google has ignored such requests and as of the filing date of the lawsuit “continues in an unabated manner to violate AFP’s copyrights.” http://story.news.yahoo.com/news?tmpl=story&cid=582&e=1&u=/nm/20050319/wr_nm/tech_google_copyright_dc

BANK REGULATOR SAYS BANKS MUST WARN OF ID THEFT (Reuters, 18 March 2005) -- The FDIC on Friday ordered U.S. banks to warn customers of suspected cases of identity theft, one of the fastest-growing types of consumer fraud. The 5-0 vote by the agency’s board of directors come in the wake of a flurry of announcements of the theft of personal data affecting hundreds of thousands of consumers. The changes have won approval from the Office of the Comptroller of the Currency and Office of Thrift Supervision, and still require Federal Reserve (news - web sites) Board approval. Fed spokesman Andrew Williams said the board is considering the matter. Banks will be required to notify customers when they learn of unauthorized access to sensitive customer information and, after a reasonable investigation, determine the information was misused or there is a “reasonable possibility” of misuse. The notices must describe the incidents, detail measures taken to protect customers, provide phone numbers for further information, remind customers to be vigilant and describe how customers may put fraud alerts in their credit reports. Sensitive customer information is defined as a customer’s name, address or phone number, in conjunction with his or her Social Security (news - web sites) or driver’s license numbers; account, credit or debit card numbers; or an identification number or password that would permit access to an account. It also includes any combination of data that would allow a thief to access an account. http://story.news.yahoo.com/news?tmpl=story&cid=582&e=4&u=/nm/20050318/wr_nm/financial_banks_identitytheft_dc

FRENCH GOV’T REQUIRES E-CONTRACT RETENTION FOR 10 YEARS (BNA’s Internet Law News, 17 March 2005) -- BNA’s Electronic Commerce & Law Report reports that France has published new standards on electronic contracting that require firms to store for a 10-year period all e-contracts for goods and services valued above 120 euros. The new standards on e-contract archives--which went into effect Feb. 19--are France’s step toward implementing the EU’s 2004 framework e-commerce legislation. http://pubs.bna.com/ip/BNA/eip.nsf/is/a0b0p2a3q1 For a free trial to source of this story, visit http://www.bna.com/products/ip/eplr.htm

PUBLIC-PRIVATE DEAL TO PREVENT INTERNET CIGARETTE SALES (SiliconValley.com, 17 March 2005) -- Major credit card companies will refuse to participate in Internet sales of cigarettes nationwide under a government agreement made Thursday. The U.S. Bureau of Alcohol, Tobacco, Firearms and Explosives, the companies and state attorneys general agreed to work together to prevent the long unchecked use of credit cards to buy cigarettes over the Internet across state lines. The agreement is effective immediately. The result is that virtually all credit cards will no longer participate with Web sites based in the United States and abroad that sell cigarettes and tobacco products in every state, said New York Attorney General Eliot Spitzer. The card companies also agreed to take action against Internet sellers that authorities identify as violating state and federal laws regulating cigarette sales. The effort is important because enforcement has been difficult, even though in many states, including New York, the Internet sale of tobacco products is illegal. The trade undercuts traditional business operators, often avoids sales tax for states and localities, and can be a way for underage consumers to buy cigarettes and chewing tobacco before they turn 18. ``By working with all the major card companies, we will severely restrict the availability of the Internet retailers to make these illegal sales,” said Spitzer, one of the lead attorneys general in the partnership sealed Thursday. The negotiations were also led by California Attorney General Bill Lockyer and Oregon Attorney General Hardy Myers. Attorneys general from Colorado, Idaho, Louisiana, Maryland, Pennsylvania, Vermont and Wisconsin also participated. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/11162710.htm

GROWTH OF WIRELESS INTERNET OPENS NEW PATH FOR THIEVES (New York Times, 19 March 2005) – The spread of the wireless data technology known as Wi-Fi has reshaped the way millions of Americans go online, letting them tap into high-speed Internet connections effortlessly at home and in many public places. But every convenience has its cost. Federal and state law enforcement officials say sophisticated criminals have begun to use the unsecured Wi-Fi networks of unsuspecting consumers and businesses to help cover their tracks in cyberspace. In the wired world, it was often difficult for lawbreakers to make themselves untraceable on the Internet. In the wireless world, with scores of open Wi-Fi networks in some neighborhoods, it could hardly be easier. Law enforcement officials warn that such connections are being commandeered for child pornography, fraud, death threats and identity and credit card theft. “We have known for a long time that the criminal use of the Internet was progressing at a greater rate than law enforcement had the knowledge or ability to catch up,” said Jan H. Gilhooly, who retired last month as special agent in charge of the Secret Service field office in Newark and now helps coordinate New Jersey operations for the Department of Homeland Security. “Now it’s the same with the wireless technologies.” In 2003, the Secret Service office in Newark began an investigation that infiltrated the Web sites and computer networks of suspected professional data thieves. Since October, more than 30 people around the world have been arrested in connection with the operation and accused of trafficking in hundreds of thousands of stolen credit card numbers online. Of those suspects, half regularly used the open Wi-Fi connections of unsuspecting neighbors. Four suspects, in Canada, California and Florida, were logged in to neighbors’ Wi-Fi networks at the moment law enforcement agents, having tracked them by other means, entered their homes and arrested them, Secret Service agents involved in the case said. http://www.nytimes.com/2005/03/19/technology/19wifi.html?ex=1268888400&en=51d90e7518bba5d6&ei=5090&partner=rssuserland

IS THE UNITED STATES GOING TO GET EVEN TOUGHER ON FOREIGNERS? (Steptoe & Johnson’s E-Commerce Law Week, 19 March 2005) -- In its efforts to fight terrorism, the Bush Administration has substantially tightened US immigration rules and other controls on access of foreigners to the United States. It now appears that the US government is testing the waters for tougher restrictions on US companies that employ foreign nationals who may have access to controlled technology. Last year, the US Department of Commerce issued a report indicating that the enforcement of regulations on “deemed exports” by the Bureau of Industry and Security (BIS) might not be strong enough, and a notice should soon be published requesting comment on the report’s recommendations. http://www.steptoe.com/index.cfm?fuseaction=ws.getItem&pubItemId=9184&siteId=547

STUDY CRITICIZES GOVERNMENT ON CYBERSECURITY RESEARCH (New York Times, 19 March 2005) -- A report released Friday by a panel of computer experts criticizes the federal government, saying that its financing of research on computer network security is inadequate and that it is making a mistake by focusing on classified research that is inaccessible to the commercial sector. The report, commissioned by the Bush administration, calls for the government to spend $148 million annually on Internet security research through the National Science Foundation, over the current $58 million. It also urges more research spending by the Pentagon’s Defense Advanced Research Projects Agency, or Darpa, and by the Department of Homeland Security. The report, “Cybersecurity: A Crisis of Prioritization,” was prepared by a subcommittee of the President’s Information Technology Advisory Committee, a group of industry and university experts. Research in Internet security is needed to protect systems that run the government and military operations, as well as other areas, including the electric power grid, the air traffic control grid and financial systems, the report said. “The federal government is largely failing in its responsibility to protect the nation from cyberthreats,” said Edward D. Lazowska, chairman of the computer science and engineering department at the University of Washington and co-chairman of the panel. “The Department of Homeland Security simply doesn’t ‘get’ cybersecurity. They are allocating less than 2 percent of their science and technology budget to cybersecurity, and only a small proportion of this is forward-looking.” http://www.nytimes.com/2005/03/19/technology/19computer.html?ex=1268888400&en=1841584ce6d0bdd3&ei=5090&partner=rssuserland

MICHIGAN CT. RULES ON DUTY TO PROTECT FROM ID THEFT (BNA’s Internet Law News, 21 March 2005) -- Thanks to an ILN reader for reporting on a recent Michigan case in which the court ruled that unionized 911 operators who were victims of identity theft were owed a duty of care by the union which held their personal information. The union knew confidential information was leaving its premises but did not develop procedures to ensure the security of the information. The court concluded a special relationship existed between the union and plaintiffs such that the union owed plaintiffs a duty to protect them from identity theft by providing some safeguards to ensure the security of their most essential confidential identifying information, which could easily be used to appropriate a person’s identity. Decision at http://www.michbar.org/opinions/appeals/2005/021505/26184.pdf

FEC CONSIDERS RESTRICTING ONLINE POLITICAL ACTIVITIES (Washington Post, 21 March 2005) -- The Federal Election Commission has begun considering whether to issue new rules on how political campaigns are waged on the Internet, a regulatory process that is expected to take months to complete but that is already generating considerable angst online. The agency is weighing whether -- and how -- to impose restrictions on a host of online activities, including campaign advertising and politically oriented blogs. Election officials are reluctantly taking up the issue, after losing a court case last fall. The FEC, which enforces federal election law, had issued scores of regulations delineating how the campaign finance reform legislation adopted in 2002 ought to be implemented. But Reps. Christopher Shays (R-Conn.) and Martin T. Meehan (D-Mass.), who sponsored the legislation, complained that many of those rules were too lax, and they successfully sued to have them rescinded. The commission must now rewrite a number of those directions, including ones that left online political activities virtually free from government regulation. “We are almost certainly going to move from an environment in which the Internet was per se not regulated to where it is going to be regulated in some part,” said FEC Commissioner David M. Mason, a Republican. “That shift has huge significance because it means that people who are conducting political activity on the Internet are suddenly going to have to worry about or at least be conscious of certain legal distinctions and lines they didn’t used to have to worry about.” Which people, what activities and where those lines should be drawn, though, have yet to be determined. The rise of the Internet as a political tool, the variety of ways in which it can be used to promote a campaign and the fact that most federal election laws were written long before the Internet became a household word have combined to present the agency’s commissioners with plenty of knotty legal questions to consider. Should bloggers who work for political campaigns, for example, be required to disclose that relationship? Should their writings include a disclaimer indicating that they were paid for by a campaign? What if a campaign supporter links his Web site to a candidate’s home page? Is that considered a campaign contribution subject to government regulation? What if an independent blogger endorses a candidate? Or posts a campaign’s news release? Are those contributions? http://www.washingtonpost.com/wp-dyn/articles/A51986-2005Mar20.html

-- and --

ONLINE POLITICKING RECEIVES TEMPORARY REPRIEVE (CNET, 23 March 2005) -- Political bloggers would continue to be exempt from most campaign finance laws, according to highly anticipated rules that federal regulators released Wednesday. The Federal Election Commission also proposed that online-only news outlets and even individual bloggers should be treated as legitimate journalists and thus be immune from laws that could count their political endorsements as campaign contributions. The 47-page outline of proposed rules takes a cautious approach to the explosive question of how Web sites and e-mail should be regulated, with the FEC saying throughout that its conclusions are only tentative ones and inviting public comment. The comment process is expected to be approved by the agency at its meeting Thursday. http://news.com.com/2100-1028_3-5632346.html FEC release at http://dw.com.com/redir?destUrl=http%3A%2F%2Fwww.fec.gov%2Fagenda%2F2005%2Fmtgdoc05-16.pdf&siteId=3&oId=2100-1028-5632346&ontId=1023&lop=nl.ex

**** RESOURCES ****
DIRECTORY FOR CORPORATE RSS FEEDS – see http://www.legaline.com/2005/02/directory-for-corporate-rss-feeds.html

SOURCES:
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu.
2. Edupage, http://www.educause.edu/pub/edupage/edupage.html.
3. SANS Newsbites, sans@sans.org.
4. NewsScan and Innovation, http://www.newsscan.com.
5. Internet Law & Policy Forum, http://www.ilpf.org.
6. BNA’s Internet Law News, http://ecommercecenter.bna.com.
7. The Ifra Trend Report, http://www.ifra.com/website/ifra.nsf/html/ITR-HTML.
8. Crypto-Gram, http://www.schneier.com/crypto-gram.html.
9. David Evan’s “Internet and Computer News”, http://www.abanet.org/scripts/listcommands.jsp?parm=subscribe/at-internet
10. Readers’ submissions, and the editor’s discoveries.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.

Friday, March 04, 2005

MIRLN -- Misc. IT Related Legal News [5 Feb – 5 March 2005; v8.03]

**************Introductory Note**********************

MIRLN (Misc. IT Related Legal News) is a free product of the American Bar Association’s Cyberspace Law Committee. Please feel free to distribute this message.

Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at http://www.buslaw.org/cgi-bin/controlpanel.cgi?committee=CL320000 (click on “Settings” beside Members-Only Listserve Discussion). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN editions are archived at www.vip-law.com and in the public materials section of the Cyberspace Committee’s collaboration space at http://lawplace.metadot.com.

**************End of Introductory Note***************

**** PROGRAM ANNOUNCEMENT ****
ABA BUSINESS LAW SECTION SPRING MEETING (March 31 – April 2, 2005, Nashville, TN) – general meeting details and registration at http://www.abanet.org/buslaw/2005spring/; Cyberspace Committee program information at http://lawplace.metadot.com/metadot/index.pl?id=0; Cyberspace Committee dinner (April 2) information at http://www.buslaw.org/cgi-bin/controlpanel.cgi?committee=CL320000&info=Meetings

WORLD COMPUTER AND INTERNET LAW CONGRESS (produced by the Computer Law Association, May 5-6, 2005, in Washington, D.C.) -- Program information at http://www.cla.org/final_dc_05.pdf

**** NEWS ****
IT RESOURCES BEING POURED INTO SARBANES-OXLEY COMPLIANCE: SURVEY (TechWeb, 4 Feb 2005) – Companies are devoting large chunks of personnel and technology resources to complying with the Sarbanes-Oxley Act’s section 404, according to a survey of CFOs, controllers, and compliance leaders by IDC and RevenueRecognition.com. Section 404 requires companies to document and test internal controls over financial reporting, and to attest to the effectiveness of internal controls in annual reports. IT is an integral part of most companies’ plans for improving business processes related to Sarbanes-Oxley compliance. Some 83% of the surveyed companies are deploying or evaluating new systems to automate financial processes such as billing and revenue recognition in order to achieve compliance. About 40% are investing in information-security and other technology for improving their IT infrastructure, and 30% are investing in document and records-management systems. Average labor costs during the first full year of compliance are $3.7 million for companies with more than $1 billion in revenue, and $1.6 million for companies with revenue between $200 million and $1 billion, according to the survey. Among the largest 10% of companies surveyed, labor costs are averaging $9.4 million. http://story.news.yahoo.com/news?tmpl=story&cid=74&e=4&u=/cmp/20050205/tc_cmp/59301248

PENN TURNS AWAY RIAA (Chronicle of Higher Education, 4 Feb 2004) -- Officials at the University of Pennsylvania have declined to disclose the identities of two users of its campus network to the Recording Industry Association of America (RIAA), saying it cannot accurately identify the individuals. In its efforts to enforce music copyrights, the RIAA must file “John Doe” lawsuits against Internet users suspected of illegally sharing files. Those individuals are typically identified by their IP addresses, but in this case, according to David R. Millar, the university’s information security officer, circumstances including “multiple users and public-access computers ... prevent us from being able to identify users of an IP address.” A similar situation arose in March 2004 when officials at the university were unable to identify five of six individuals sought by the RIAA. Millar said the university’s actions should not be interpreted as a comment on the RIAA’s legal action. “Our policy has always been to comply with lawful subpoenas,” he said. Wendy Seltzer, a lawyer with the Electronic Frontier Foundation, said the institution is within its rights not to disclose identities to the RIAA, noting that ISPs are not required to keep logs of who their users are or what activities they engage in. http://chronicle.com/prm/daily/2005/02/2005020406n.htm

GOOGLE FINDS ITS MAP SERVICE (CNET, 8 Feb 2005) -- In its latest play in the ongoing search wars, Google on Tuesday quietly launched a beta site for a new map service. Google Maps offers maps, driving directions and the ability to search for local businesses. The search giant appears to be working with TeleAtlas for the mapping products. Neither Google nor TeleAtlas could be reached for comment. The service offers a few tweaks to standard mapping products. Someone using the service can click and drag the maps, instead of having to click and reload, for example, and magnified views of specific spots pop up in bubbles. The new map service supports Internet Explorer and Mozilla browsers. It covers the United States, Puerto Rico and parts of Canada. The ongoing search battles between Google and companies like Yahoo and Microsoft have led to new features and enhancements coming out almost weekly. Localization and mapping products have been a particular focus because they’re popular with advertisers. Even Amazon.com has gotten into the game, offering a service through its A9.com search unit that shows digital photos of storefronts in its U.S. business listings. http://news.com.com/2100-1024_3-5567274.html

THREE NEW PUBLICATIONS FOR THE DIGITAL MEDIA PROJECT (Berkman Center for Internet & Society, 8 Feb 2005) -- The Berkman Center’s Digital Media Project released three new papers this month. “Content & Control: Assessing the Impact of Policy Choices on Potential Online Business Models in the Music and Film Industries” examines emerging business models for digital media distribution -- from projects like Shawn Fanning’s SNOCAP and Apple’s iTunes to more experimental projects -- and the policy questions they raise. Researchers also released the white paper, “Copyright and Digital Media in a Post-Napster World: 2005 Update,” which builds on our 2003 research on the state of digital media to reflect major legal, political, and technological changes in the past year. Digital Media Project researchers, led by Berkman Fellow Urs Gasser, also released the International Supplement to this White Paper. This Supplement broadens the white paper’s perspective to examine how regulatory and legal frameworks around the world are influencing the use and distribution of new media. Content and Control: http://cyber.law.harvard.edu/media/content_and_control Copyright and Digital Media in a Post-Napster World: http://cyber.law.harvard.edu/media/wp2005 International Supplement: http://cyber.law.harvard.edu/media/wpsupplement2005.

PUBLICATION OF ALTERNATIVE STANDARD CONTRACTUAL CLAUSES FOR DATA TRANSFERS (Hunton & William’s Privacy & E-Commerce Alert, 9 Feb 2005) -- Commission Decision C(2004)5271 approving the alternative standard contractual clauses for the transfer of personal data to third countries was published in Official Journal L 385 of December 29, 2004. It is available in all languages of the European Union. For the English version, click on the link: http://europa.eu.int/eur-lex/lex/LexUriServ/site/en/oj/2004/l_385/l_38520041229en00740084.pdf.

FINAL FACTA RULES ON DATA DISPOSAL MAINTAIN STATUS QUO Steptoe & Johnson’s E-Commerce Law Week, 5 Feb 2005) -- In a financial institution letter released February 2, the US federal bank and thrift regulatory agencies announced that they issued final guidelines to implement section 216 of the Fair and Accurate Credit Transactions Act of 2003 (FACTA). Section 216 is designed to protect consumers against the risks associated with identity theft and other types of fraud. The new guidelines -- effective July 1, 2005 -- require any financial institution that maintains or otherwise possesses consumer information derived from consumer reports to properly dispose of it. The 12-page notice in the Federal Register might lead you to believe that the regulations actually say something substantial, but the agencies chose not to issue a prescriptive rule. Rather than taking a hard line and issuing specific guidelines, the agencies chose to allow institutions to follow the risk-based approach to handling security threats that is already in place under the existing guidelines. According to the agencies, this means that any changes to an institution’s existing information security program are “likely will be minimal.” http://www.steptoe.com/index.cfm?fuseaction=ws.getItem&pubItemId=8879&siteId=547

9TH CIRCUIT ORDERS EN BANC REHEARING OF YAHOO FRANCE CASE (BNA’s Internet Law News, 11 Feb 2005) -- Free speech activists and Yahoo have declared a small victory in a dispute over whether the e-commerce giant can host auctions for Nazi memorabilia on its US sites. The 9th US Circuit Court of Appeals said it would rehear some arguments in a 5-year-old lawsuit against Yahoo by two French human rights groups over the posting of Nazi memorabilia on the Yahoo site. Order at http://9thcircuityahoorehearing.notlong.com/ Coverage at http://www.washingtonpost.com/wp-dyn/articles/A15301-2005Feb10.html

STUDY: FEE-BASED MUSIC GAINS ON SWAPPING (CNET, 10 Feb 2005) -- Fee-based digital music is gaining popularity among downloaders in the United States, according to market research company Ipsos-Insight. About 47 percent of people who downloaded music in December and who were age 12 or older paid a fee to do so, the market researcher said. That’s up from 22 percent a year ago. The study is based on data from a sample of 1,112 respondents. Ipsos-Insight said that while users between the ages of 25 and 54 are the most likely to have paid to download music, the number of younger people paying for it is also rising. More than half of respondents between the ages of 12 and 17 reported that they have paid for music. http://news.com.com/2100-1027_3-5571262.html

NEGOTIATING LICENSING AGREEMENTS – GUIDANCE PUBLISHED (Out-law.com, 9 Feb 2005) -- The World Intellectual Property Organisation (WIPO) and the International Trade Centre (ITC) announced on Monday that they have published a basic practical guide on how to negotiate technology licensing agreements. Licensing agreements allow one company to obtain defined rights to use technology developed by another and, according to WIPO, are a useful option for companies seeking to maintain their competitive advantage and a healthy balance sheet. WIPO - a UN body dedicated to the creation of a stable environment for the marketing of intellectual property - and the ITC, which deals with trade promotion for the UN, are keen to see an increased use of licensing agreements, viewing them as an important means of promoting the effective transfer of technology, fostering entrepreneurship and assisting national economic development. The new publication therefore offers a practical introduction to negotiating licensing agreements and is designed to address the needs and concerns of non-specialists. According to WIPO, the guide focuses on the identification, acquisition and transfer, through licensing agreements, of intellectual property - in particular patent-protected technologies. It provides guidance on negotiating techniques for licensing contracts and explains a number of basic rules, common issues and legal concerns associated with the negotiating process. The guide, “Exchanging Value - Negotiating Technology Licensing Agreements” can be purchased from WIPO’s web site. http://www.out-law.com/php/page.php?page_id=negotiatinglicensin1107950786&area=news

COURT SAYS WIFE BROKE LAW WITH SPYWARE (BNA’s Internet Law News, 16 Feb 2005) -- The Florida Appeals Court, Fifth District has ruled that a wife who installed spyware on her husband’s computer to secretly record evidence of an extramarital affair violated state law. At issue in this case was whether the use of the spyware violated Florida’s wiretapping law. The three judges ruled that it did, and barred the wife from revealing the contents of the intercepted conversations. The court also ruled that the chat records could not be introduced as evidence in the unhappy couple’s divorce proceedings. Decision at http://www.5dca.org/Opinions/Opin2005/020705/5D03-3484.pdf Coverage at http://news.com.com/2100-1030_3-5577979.html

U.S. AGENCIES EARN D-PLUS ON COMPUTER SECURITY (SiliconValley.com, 16 Feb 2005) -- The overall security of computer systems inside the largest U.S. government agencies improved marginally since last year but still merits only a D-plus on the latest progress report from Congress. The departments of Transportation, Justice and the Interior made remarkable improvements, according to the rankings, which were compiled by the House Government Reform Committee and based on reports from each agency’s inspector general. But seven of the 24 largest agencies received failing grades, including the departments of Energy and Homeland Security. The Homeland Security Department encompasses dozens of agencies and offices previously elsewhere in government but also includes the National Cyber Security Division, responsible for improving the security of the country’s computer networks. ``Several agencies continue to receive failing grades, and that’s unacceptable,” said Rep. Tom Davis, R-Va., the committee’s chairman. ``We’re also seeing some exceptional turnarounds.” Davis said troubling areas included lax security at federal contractor computers, which could be used to break into government systems; a lack of contingency plans for broad system failures and little training available for employees responsible for security. The Transportation Department improved from a D-plus to an A-minus; the Interior Department, which failed last year, improved to a C-plus; and the Justice Department rose from a failing grade to B-minus. The poor grades effectively dampen efforts by U.S. policy makers to impose new laws or regulations to compel private companies and organizations to enhance their own security. Industry groups have argued that the government needs to improve its own computer security before requiring businesses to make such changes. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/10915463.htm

PBS WARNS STATIONS OF RISKS FROM PROFANITY IN WAR FILM (New York Times, 18 Feb 2005) – PBS has warned its member stations that it cannot protect them against federal indecency sanctions if they broadcast an unedited, profanity-laced version of a documentary about a United States Army regiment in Baghdad as it faced insurgent attacks leading up to the Iraqi elections, producers of the documentary said yesterday. The documentary, “A Company of Soldiers,” was produced by Front- line, a production of WGBH, the public television station in Boston, and is scheduled to be broadcast on Tuesday night. The Public Broadcasting Service will offer its stations both an edited and an unexpurgated version, as it commonly does with programs that have content that might be objectionable in some parts of the country. But producers at Frontline said PBS had taken the unusual step of offering only the edited version of the film for direct retransmission. Stations that want the unedited version, which the producers say is the one that captures the realities of combat faced by soldiers in Iraq, will be required to pre-record it and to sign a waiver indemnifying PBS against damages or fines they might incur because of the broadcast. David Fanning, the executive producer of Frontline, said in a telephone interview that he believed the PBS decision was motivated by confusion over rulings by the Federal Communications Commission over what constitutes indecency. Front-line’s lawyers had advised the producers that the vulgar language in the film did not violate federal guidelines about gratuitous use of profanity, Mr. Fanning said. “PBS, like other broadcasters, has been under tremendous pressure” because of uncertainty over the indecency guidelines, Mr. Fanning said. He said the producers had agreed that some instances of profanity were unnecessary, like the use of curse words by soldiers in the barracks and when off duty. “But when we were looking at the issue of the language of young men while they were in combat, in very stressful situations in Iraq, the question of whether to sanitize the film was easier [Editor: harder?] to answer,” he said. http://www.nytimes.com/2005/02/18/business/media/18pbs.html?ex=1266469200&en=de3ce08121f33394&ei=5090&partner=rssuserland

MICHIGAN PURSUES UNPAID TAXES ON TOBACCO BOUGHT ONLINE (Detroit Free Press, 18 Feb 2005) -- The state has begun billing smokers for the taxes they avoided by purchasing tobacco online. The Treasury Department so far has sent letters to 533 customers of one online seller, seeking $1.7 million in unpaid taxes. At least 13 online tobacco retailers operate in Michigan. The rapid growth of Internet cigarette sales prompted state officials to step up enforcement of the tax law, treasury spokesman Terry Stanton told the Detroit Free Press for a Friday story. Although there is no hard evidence, officials say they believe Michigan’s $2-per-pack cigarette tax -- the nation’s third-highest behind New York City and New Jersey -- has prompted more smokers to shop for cheaper prices. State law allows only licensed sellers who pay the appropriate tax to bring cigarettes into Michigan from other states. Penalties are not assessed against people who bring less than $50 in cigarettes into the state. http://www.freep.com/news/statewire/sw111914_20050218.htm [Ohio, too: http://toledoblade.com/apps/pbcs.dll/article?AID=/20050219/NEWS24/502190390; and New Jersey: http://www.newsday.com/news/local/wire/newjersey/ny-bc-nj--internetcigarette0303mar03,0,257716.story]

WASHINGTON ST. APP. CT. DENIES AOL FORUM SELECTION CLAUSE (BNA’s Internet Law News, 21 Feb 2005) -- A Washington State Appellate court has refused to enforce AOL’s forum selection clause that forces all disputes to be heard in Virginia. The court ruled that the clause violates state public policy as expressed in the Consumer Protection Act since it would force the litigants to sue in Virginia without benefit of the state class action remedy. Case name is Dix v. ICT Group. Decision at http://www.courts.wa.gov/opinions/?fa=opinions.opindisp&docid=231844MAJ

GOOGLE “LIBRARY” SPARKS FRENCH WARCRY (Reuters, 18 Feb 2005) -- France’s national library has raised a “warcry” over plans by Google to put books from some of the world’s great libraries on the Internet and wants to ensure the project does not lead a domination of American ideas. Jean-Noel Jeanneney, who heads France’s national library and is a noted historian, says Google’s choice of works is likely to favour Anglo-Saxon ideas and the English language. He wants the European Union to balance this with its own programme and its own Internet search engines. “It is not a question of despising Anglo-Saxon views ... It is just that in the simple act of making a choice, you impose a certain view of things,” Jeanneney told Reuters in a telephone interview on Friday. “I favour a multi-polar view of the world in the 21st century,” he said. “I don’t want the French Revolution retold just by books chosen by the United States. The picture presented may not be less good or less bad, but it will not be ours.” His views are making waves among intellectuals in France, where many people are wary of the impact of American ways and ideas on the French language and culture. http://uk.news.yahoo.com/050218/80/fcskz.html [OMG]

9-11 COMMISSIONER CALLS FOR END TO ISACS (InfoWorld, 18 Feb 2005) -- The U.S. government’s policy of relying on voluntary, industry-led information sharing and analysis centers, or ISACs, is not working and should be discontinued or reformed, according to Jamie Gorelick, a member of the 9-11 Commission. ISACs lack the organization and funding to work effectively and pass on vital security intelligence to the U.S. federal government about threats to the nation’s critical infrastructure. Their failure poses a threat to national security, Gorelick said during a panel discussion at the RSA Conference in San Francisco. However, the head of at least one ISAC says the organizations are working well, despite continued skepticism of government demands for information on security breaches. The ISAC system was created by Presidential Decision Directive 63 (PDD 63), which was issued by President Bill Clinton in 1998. PDD 63 called for the creation of ISACs to encourage private sector cooperation and information sharing with the federal government on issues related to the nation’s critical infrastructure. Today there are ISACs for the food, water and energy sectors, as well as the information technology, telecommunications, chemical and financial services industries. “I don’t think the model of ISACs works,” Gorelick said. “Asking industries to fund their own ISACs as they wish and in a disorganized fashion will not get us where we need to go.” In particular, Gorelick objected to the requirement that critical industries fund and operate their own ISACs without government oversight. The U.S. government should provide funding and a reliable communications system for each ISAC, rather than requiring them to “pass the hat” to raise operating funds, she said. The government should also provide a single point of contact for ISACs that can be a “quarterback” for the various industry groups and win the support of senior executives within different industry sectors, she said. However, the president of one prominent ISAC thinks Gorelick is mistaken in her notion that the groups are not working. “(Gorelick) is unfortunately mistaken in her perception,” said Guy Copeland, vice president of Information Infrastructure Advisory Programs at Computer Sciences Corp. and president of the Information Technology ISAC (IT-ISAC). “We’ve never received any funding from the government, and we’re stronger because of it.” http://www.infoworld.com/article/05/02/18/HNsecurity911_1.html

CFAA AS A CIVIL REMEDY (National Law Journal, 14 Feb 2005 – SUBSCRIPTION REQUIRED – Over the past three years, as public Web sites have become a business’s interface with the public, the federal Computer Fraud and Abuse Act (CFAA), 18, U.S.C. 1030, et. seq., has emerged as a potent civil remedy to protect valuable competitive business information that is accessible through these Web sites. This article will examine this newly developed legal precedent and the proactive steps businesses should implement to take advantage of the CFAA. http://www.law.com/jsp/nlj/PubArticleNLJ.jsp?id=1107783345003

EU PARLIAMENT APPROVES SOFTWARE PATENT RESTART (eWeek, 17 Feb 2005) -- A European Parliament body has adopted a motion to scrap the European Union’s proposed IT patenting legislation, amid growing criticism of the proposal from EU member states. The decision by the EP’s Conference of Presidents—the heads of the parliament’s political groups—is the last hurdle before the parliament can formally ask the Commission for a restart. The text’s opponents say it would bring the EU into line with U.S. patent practice, allowing broad patentability of software and business processes. As U.S. software companies spend millions defending or attacking intellectual property holdings, European vendors are taking advantage of their easier legal climate for software, especially smaller companies and open-source projects. http://www.eweek.com/article2/0,1759,1766515,00.asp

UN PANEL AIMS TO END INTERNET TUG OF WAR (Reuters, 21 Feb 2005) -- A U.N.-sponsored panel aims to settle a long-running tug of war for control of the Internet by July and propose solutions to problems such as cyber crime and email spam. The panel, set up in December 2003, will lay groundwork for a final decision to be taken in Tunis in November at a U.N.-sponsored World Summit on the Information Society, where global control of the world wide web may be decided. Right now, the most recognisable Internet governance body is a California-based non-profit company, the International Corporation for Assigned Names and Numbers (ICANN). But developing countries want an international body, such as the U.N.’s International Telecommunication Union (ITU), to have control over governance -- from distributing Web site domains to fighting spam. “There is an issue that is out there and that needs to be resolved,” said Nitin Desai, chairman of working group and special adviser to U.N. Secretary-General Kofi Annan. Incorporated in 1998, ICANN oversees management of the Internet’s crucial addressing system which matches numerical addresses to familiar Web site addresses. While its oversight has been confined to technical matters, critics say that it is subject to U.S. political influence. The ITU, a 138-year-old trade body that among other things established country code rules for international telephone calls, is seen by developing countries as being better able to address their needs. http://uk.news.yahoo.com/050221/80/fcy69.html

CHOICEPOINT TO RESCREEN 17,000 CUSTOMERS IN WAKE OF PERSONAL INFO BREACH (SiliconValley.com, 22 Feb 2005) -- ChoicePoint Inc., under fire for being duped into allowing criminals to access its massive database of personal information, said Monday that consumers in all 50 states, the District of Columbia and three U.S. territories may have been affected by the breach of the company’s credentialing process. The data warehouser also announced plans to rescreen 17,000 business customers to make sure they are legitimate. The Alpharetta-based company said it has hired a retired Secret Service agent to help revamp its verification process. It also has paid for a one-year subscription to a credit monitoring service for each of the 144,778 people that may have been affected by the breach. The company said the smallest number of possible victims -- two -- was in the U.S. Virgin Islands, while the largest number -- 34,114 -- was in California. It released a state-by-state breakdown late Monday. People in Puerto Rico and Guam also may have been affected. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/10961626.htm

OASIS PATENT POLICY SPARKS BOYC (CNET, 22 Feb 2005) -- Open-source and free-software advocates including Mitchell Kapor, Lawrence Lessig, Tim O’Reilly, Bruce Perens, Eric Raymond, Lawrence Rosen, Doc Searls and Richard Stallman signed an e-mail urging the community not to implement certain specifications sent out by OASIS (the Organization for the Advancement of Structured Information Standards). OASIS this month revised its patent policy in a way it claimed offers better options for open-source software development. “We ask you to stand with us in opposition to the OASIS patent policy,” states the e-mail, which was sent Tuesday morning. “Do not implement OASIS standards that aren’t open. Demand that OASIS revise its policies. If you are an OASIS member, do not participate in any working group that allows encumbered standards that cannot be implemented in open-source and free software.” In an interview, one signatory said the campaign would not target individual specifications, but the organization as a whole. “We want organizations like OASIS to develop policies so any group that wants to use an industry standard can know in advance whether or not someone’s going to come along and reach into their pocketbook,” said Rosen, a lawyer with Rosenlaw & Einschlag and author of “Open Source Licensing: Software Freedom and Intellectual Property Law.” OASIS defended its revised policy and launched a counterattack against the e-mail campaign. “This policy from OASIS is as strong as the W3C policy in terms of specifying work to be royalty-free,” said OASIS CEO Patrick Gannon in an interview. “Our policy states that standards may incorporate work that is patented, but that they have to disclose it. And in almost all cases, that results in a royalty-free license for that work.” OASIS revised its policy to specify three modes for standards work: RAND, or reasonable and nondiscriminatory licensing; RF, or royalty-free, on RAND terms; or RF on limited terms. http://news.com.com/2100-7344_3-5585711.html

EU OFFERS PRIVACY GUIDELINES FOR RFID (InfoWorld.com, 22 Feb 2005) -- The European Union (E.U.) has expressed concern that the use of RFID (radio frequency identification) technology by businesses and governments could violate human dignity as well as data protection rights and has published guidelines for businesses and agencies intending to use the technology. The E.U.’s executive body, the European Commission, tapped its advisory body on data protection and privacy, known as the Article 29 Working Party, to conduct its first assessment of data protection issues related to RFID. The technology is a method for storing, receiving and transmitting data via antennas on tags that respond to radio frequency queries. “The ability to surreptitiously collect a variety of data all related to the same person; track individuals as they walk in public places (airports, train stations, stores); enhance profiles through the monitoring of consumer behavior in stores; read the details of clothes and accessories worn and medicines carried by customers are all examples of uses of RFID technology that give rise to privacy concerns,” the group wrote in its report, published Jan. 19. The resulting guidelines include gaining unambiguous consent from individuals where RFID is used and providing clear information to the so-called data subjects including the presence and location of RFID tags and trackers, what sort of data is being collected and how it is being processed. The E.U. also wants individuals to be made fully aware that they have the right to gain complete access to any personal data being collected and stored on them as well as the right to check on the accuracy of the data. http://www.infoworld.com/article/05/02/22/HNrfidprivacy_1.html?source=rss&url=http://www.infoworld.com/article/05/02/22/HNrfidprivacy_1.html

CUSTOMERS ARE FINDING 911 VOID WITH INTERNET TELEPHONE SERVICE (Houston Chronicle, 24 Feb 2005) -- Lured by low phone rates, Peter John’s family found that saving money could endanger their lives after learning the one number they cannot dial: 911. John and his wife, Sosamma, were attacked by two men at their southwest Houston home earlier this month. As they struggled with the intruders, John was shot in the right thigh and torso. His wife was wounded in the left thigh. But when their 17-year-old daughter Joyce, who was in the house at the time, tried 911, the call would not go through. The attackers fled, leaving a shaken John wondering whether to reconsider his money-saving phone plan. “It’s scary,” John said. Officials at the Greater Harris County 9-1-1 Emergency Network, which oversees 911 service in Harris and Fort Bend counties, agree. “The key drawback for us is that most of the IP service providers don’t interconnect with the 911 network,” Executive Director John Melcher said. http://www.chron.com/cs/CDA/ssistory.mpl/metropolitan/3054952

SHHH. LIQUIDNET IS TRADING STOCKS IN HUGE BLOCKS (New York Times, 23 Feb 2005) – Meet what one money manager calls “ Napster for stocks.” Like Napster, which shook up the music industry with its file-sharing network, Liquidnet has pioneered an electronic marketplace that allows institutional investors to trade large blocks of stock anonymously. In a sign of how valuable such electronic trading power is, Liquidnet, which began operations in 2001, has just completed a financing deal that values the privately held company at $1.8 billion, according to a person close to the transaction. By comparison, the publicly traded electronic network leader, Archipelago, has a market value of $873 million. Nasdaq has a value of about $794 million, while the New York Stock Exchange, a nonprofit organization that has said it will explore the possibility of a public offering, is worth about $1.3 billion based on the price of its membership seats. “The institutional equities business has been a money-losing business for almost five years,” said Seth Merrin, the 44-year-old co-founder and chief executive of Liquidnet. “The trend has been toward electronic.” Liquidnet can command such a large price tag because it allows some 350 institutions to trade huge blocks - on average 40,000 shares, more than 80 times the size of an average order on the New York Stock Exchange - rather than forcing those institutions to cut up and parcel out the blocks into small shares, trying to trade the shares quietly so that the market does not move against the trade. http://www.nytimes.com/2005/02/23/business/23place.html?ex=1266814800&en=c4b1c92ddb35cd14&ei=5090&partner=rssuserland

VISA DEBUTS RFID-ENABLED CARD-PAYMENT SYSTEM (Information Week, 24 Feb 2005) -- Visa USA on Thursday kicked off a system utilizing radio-frequency identification (RFID) technology to enable consumers to make purchases by waving cards with embedded chips in front of terminals. The system, under development for two years, is designed for “small-ticket” purchases at fast-food restaurants, movie theaters, and convenience stores. The cards work at distances of 4 inches or less. Visa is guaranteeing merchants against “chargebacks,” the risk of a payment being accidentally charged to the wrong credit or debit card, for purchases up to $25. Visa has enhanced its VisaNet system to track contactless payment transactions through the authorization, clearing, and settlement processes, says Patrick Gauthier, Visa’s senior VP of new product development. Card-issuing banks need to be able to recognize transactions as contactless when responding to customer queries. He declines to say whether any retailers have yet agreed to use the card. MasterCard International has been testing a contactless card, called PayPass, at McDonald’s restaurants in the United States. Sheetz Inc., a convenience-store chain, plans to deploy PayPass at all of its outlets beginning March 1. American Express’ ExpressPay is being rolled out at CVS pharmacies. http://www.informationweek.com/story/showArticle.jhtml?articleID=60403344

PRIVACY ADVOCATES CRITICIZE HOMELAND SECURITY PRIVACY COMMITTEE (SiliconValley.com, 25 Feb 2005) -- Privacy advocates say a committee set up recently to advise the Homeland Security Department on privacy issues amounts to little more than a fox guarding a chicken coop. One member works for a high-tech company that distributed software that many computer users complained contained adware. Another works for a conglomerate whose subsidiary turned over personal records of airline passengers to a government contractor. A third works for a defense contractor from which thieves stole personal information on thousands of employees, making them vulnerable to identity theft. Bruce Schneier, chief technology officer of Counterpane Internet Security, a Mountain View, Calif., computer security company, and author of ``Beyond Fear,” said he looked at the 20-member list and laughed. ``It’s just plain weird,” Schneier said Thursday. ``Where are all the privacy people?” Homeland Security Chief Privacy Officer Nuala O’Connor Kelly said the committee represents a cross-section of viewpoints, including people who have criticized the department. ``We picked the best board from the people who applied,” said Kelly, adding that more than 130 people applied for the committee that she announced Wednesday. Privacy is a sensitive issue for the Homeland Security Department as it embarks on ambitious plans to look into the backgrounds of everyone who boards a plane, enters the country or works in the transportation industry. Privacy advocates say Homeland Security’s privacy board is skewed too heavily toward corporations, including Intel Corp., Computer Associates, IBM Corp. and Oracle Corp. Kelly, pointed to several privacy advocates on the board: Tara Lemmey, former executive director of the Electronic Frontier Foundation, a privacy rights group; Lance Hoffman, a George Washington University professor; and James Harper, editor of Privacilla.org and a self-described critic of government surveillance. http://www.siliconvalley.com/mld/siliconvalley/10991077.htm

E-MAIL RELIABILITY AT RISK AS SPAM CONTROLS GET AGGRESSIVE (SiliconValley.com, 25 Feb 2005) -- Sometimes the only way to know whether an e-mail got through is to call. Just ask Ashley Friedlein, who runs E-consultancy Ltd. in London. He never heard back from a correspondent in the United States, a subscriber of Verizon Online. So he phoned and learned his e-mail was never received. ``I wouldn’t have known anything about it had I not called to check” he said. Blame the mishap on increasingly aggressive spam controls employed by Verizon and other e-mail operators. As spammers identify new tricks for sneaking their junk past software sentinels, service providers’ technical parries could put even more legitimate mail at risk. Spam and spam-fighting have ``in some cases eroded the reliability of the mail system,” said Eric Allman, chief technology officer of leading e-mail software vendor Sendmail Inc. ``Now a lot of mail gets filtered out.” A typical user might lose anywhere from a legitimate message every few months to as many as five a week, estimates Richi Jennings of Ferris Research. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/10993009.htm

‘DIGITAL DIVIDE’ NARROWING FAST, WORLD BANK SAYS (Reuters, 24 Feb 2005) -- The “digital divide” between rich and poor nations is narrowing fast, the World Bank said on Thursday, calling into question a costly United Nations campaign to bring hi-tech telecommunications to the developing world. As some 1,700 international experts gathered in Geneva to prepare for the U.N.’s World Summit on the Information Society (WSIS), the World Bank said in a report that telecommunications services to poor countries were growing at an explosive rate. “The digital divide is rapidly closing,” the report said. “People in the developing world are getting more access at an incredible rate -- far faster than they got access to new technologies in the past.” Half the world’s population now enjoys access to a fixed-line telephone, the report said, and 77 percent to a mobile network -- surpassing a WSIS campaign goal that calls for 50 percent access by 2015. The report said there were 59 million fixed-line or mobile phones in Africa in 2002 -- contradicting Senegalese President Abdoulaye Wade’s claim at a U.N. news conference last year that there were more telephones in Manhattan than in all of Africa. http://www.reuters.com/newsArticle.jhtml?storyID=7731166

THE FEC’S COMING CRACKDOWN ON BLOGGING (CNET, 3 March 2005) -- Bradley Smith says that the freewheeling days of political blogging and online punditry are over. In just a few months, he warns, bloggers and news organizations could risk the wrath of the federal government if they improperly link to a campaign’s Web site. Even forwarding a political candidate’s press release to a mailing list, depending on the details, could be punished by fines. Smith should know. He’s one of the six commissioners at the Federal Election Commission, which is beginning the perilous process of extending a controversial 2002 campaign finance law to the Internet. In 2002, the FEC exempted the Internet by a 4-2 vote, but U.S. District Judge Colleen Kollar-Kotelly last fall overturned that decision. “The commission’s exclusion of Internet communications from the coordinated communications regulation severely undermines” the campaign finance law’s purposes, Kollar-Kotelly wrote. Smith and the other two Republican commissioners wanted to appeal the Internet-related sections. But because they couldn’t get the three Democrats to go along with them, what Smith describes as a “bizarre” regulatory process now is under way. http://news.com.com/2008-1028_3-5597079.html

**** RESOURCES ****
The ABA Standing Committee on Law and National Security, through the leadership of Stewart Baker, has created a very interesting online resource relating to the ongoing debate over various aspects of the patriot act. The site, http://www.patriotdebates.com/, contains sets of dueling essays on specific PATRIOT Act subtopics, written by an outstanding collection of some of the leading thinkers in this area. Each set consists of an opening and a response, with more iterations to come as the opponents engage one another.

SOURCES:
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu.
2. Edupage, http://www.educause.edu/pub/edupage/edupage.html.
3. SANS Newsbites, sans@sans.org.
4. NewsScan and Innovation, http://www.newsscan.com.
5. Internet Law & Policy Forum, http://www.ilpf.org.
6. BNA’s Internet Law News, http://ecommercecenter.bna.com.
7. The Ifra Trend Report, http://www.ifra.com/website/ifra.nsf/html/ITR-HTML.
8. Crypto-Gram, http://www.schneier.com/crypto-gram.html.
9. David Evan’s “Internet and Computer News”, http://www.abanet.org/scripts/listcommands.jsp?parm=subscribe/at-internet
10. Readers’ submissions, and the editor’s discoveries.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.