Friday, March 04, 2005

MIRLN -- Misc. IT Related Legal News [5 Feb – 5 March 2005; v8.03]

**************Introductory Note**********************

MIRLN (Misc. IT Related Legal News) is a free product of the American Bar Association’s Cyberspace Law Committee. Please feel free to distribute this message.

Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at http://www.buslaw.org/cgi-bin/controlpanel.cgi?committee=CL320000 (click on “Settings” beside Members-Only Listserve Discussion). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN editions are archived at www.vip-law.com and in the public materials section of the Cyberspace Committee’s collaboration space at http://lawplace.metadot.com.

**************End of Introductory Note***************

**** PROGRAM ANNOUNCEMENT ****
ABA BUSINESS LAW SECTION SPRING MEETING (March 31 – April 2, 2005, Nashville, TN) – general meeting details and registration at http://www.abanet.org/buslaw/2005spring/; Cyberspace Committee program information at http://lawplace.metadot.com/metadot/index.pl?id=0; Cyberspace Committee dinner (April 2) information at http://www.buslaw.org/cgi-bin/controlpanel.cgi?committee=CL320000&info=Meetings

WORLD COMPUTER AND INTERNET LAW CONGRESS (produced by the Computer Law Association, May 5-6, 2005, in Washington, D.C.) -- Program information at http://www.cla.org/final_dc_05.pdf

**** NEWS ****
IT RESOURCES BEING POURED INTO SARBANES-OXLEY COMPLIANCE: SURVEY (TechWeb, 4 Feb 2005) – Companies are devoting large chunks of personnel and technology resources to complying with the Sarbanes-Oxley Act’s section 404, according to a survey of CFOs, controllers, and compliance leaders by IDC and RevenueRecognition.com. Section 404 requires companies to document and test internal controls over financial reporting, and to attest to the effectiveness of internal controls in annual reports. IT is an integral part of most companies’ plans for improving business processes related to Sarbanes-Oxley compliance. Some 83% of the surveyed companies are deploying or evaluating new systems to automate financial processes such as billing and revenue recognition in order to achieve compliance. About 40% are investing in information-security and other technology for improving their IT infrastructure, and 30% are investing in document and records-management systems. Average labor costs during the first full year of compliance are $3.7 million for companies with more than $1 billion in revenue, and $1.6 million for companies with revenue between $200 million and $1 billion, according to the survey. Among the largest 10% of companies surveyed, labor costs are averaging $9.4 million. http://story.news.yahoo.com/news?tmpl=story&cid=74&e=4&u=/cmp/20050205/tc_cmp/59301248

PENN TURNS AWAY RIAA (Chronicle of Higher Education, 4 Feb 2004) -- Officials at the University of Pennsylvania have declined to disclose the identities of two users of its campus network to the Recording Industry Association of America (RIAA), saying it cannot accurately identify the individuals. In its efforts to enforce music copyrights, the RIAA must file “John Doe” lawsuits against Internet users suspected of illegally sharing files. Those individuals are typically identified by their IP addresses, but in this case, according to David R. Millar, the university’s information security officer, circumstances including “multiple users and public-access computers ... prevent us from being able to identify users of an IP address.” A similar situation arose in March 2004 when officials at the university were unable to identify five of six individuals sought by the RIAA. Millar said the university’s actions should not be interpreted as a comment on the RIAA’s legal action. “Our policy has always been to comply with lawful subpoenas,” he said. Wendy Seltzer, a lawyer with the Electronic Frontier Foundation, said the institution is within its rights not to disclose identities to the RIAA, noting that ISPs are not required to keep logs of who their users are or what activities they engage in. http://chronicle.com/prm/daily/2005/02/2005020406n.htm

GOOGLE FINDS ITS MAP SERVICE (CNET, 8 Feb 2005) -- In its latest play in the ongoing search wars, Google on Tuesday quietly launched a beta site for a new map service. Google Maps offers maps, driving directions and the ability to search for local businesses. The search giant appears to be working with TeleAtlas for the mapping products. Neither Google nor TeleAtlas could be reached for comment. The service offers a few tweaks to standard mapping products. Someone using the service can click and drag the maps, instead of having to click and reload, for example, and magnified views of specific spots pop up in bubbles. The new map service supports Internet Explorer and Mozilla browsers. It covers the United States, Puerto Rico and parts of Canada. The ongoing search battles between Google and companies like Yahoo and Microsoft have led to new features and enhancements coming out almost weekly. Localization and mapping products have been a particular focus because they’re popular with advertisers. Even Amazon.com has gotten into the game, offering a service through its A9.com search unit that shows digital photos of storefronts in its U.S. business listings. http://news.com.com/2100-1024_3-5567274.html

THREE NEW PUBLICATIONS FOR THE DIGITAL MEDIA PROJECT (Berkman Center for Internet & Society, 8 Feb 2005) -- The Berkman Center’s Digital Media Project released three new papers this month. “Content & Control: Assessing the Impact of Policy Choices on Potential Online Business Models in the Music and Film Industries” examines emerging business models for digital media distribution -- from projects like Shawn Fanning’s SNOCAP and Apple’s iTunes to more experimental projects -- and the policy questions they raise. Researchers also released the white paper, “Copyright and Digital Media in a Post-Napster World: 2005 Update,” which builds on our 2003 research on the state of digital media to reflect major legal, political, and technological changes in the past year. Digital Media Project researchers, led by Berkman Fellow Urs Gasser, also released the International Supplement to this White Paper. This Supplement broadens the white paper’s perspective to examine how regulatory and legal frameworks around the world are influencing the use and distribution of new media. Content and Control: http://cyber.law.harvard.edu/media/content_and_control Copyright and Digital Media in a Post-Napster World: http://cyber.law.harvard.edu/media/wp2005 International Supplement: http://cyber.law.harvard.edu/media/wpsupplement2005.

PUBLICATION OF ALTERNATIVE STANDARD CONTRACTUAL CLAUSES FOR DATA TRANSFERS (Hunton & William’s Privacy & E-Commerce Alert, 9 Feb 2005) -- Commission Decision C(2004)5271 approving the alternative standard contractual clauses for the transfer of personal data to third countries was published in Official Journal L 385 of December 29, 2004. It is available in all languages of the European Union. For the English version, click on the link: http://europa.eu.int/eur-lex/lex/LexUriServ/site/en/oj/2004/l_385/l_38520041229en00740084.pdf.

FINAL FACTA RULES ON DATA DISPOSAL MAINTAIN STATUS QUO Steptoe & Johnson’s E-Commerce Law Week, 5 Feb 2005) -- In a financial institution letter released February 2, the US federal bank and thrift regulatory agencies announced that they issued final guidelines to implement section 216 of the Fair and Accurate Credit Transactions Act of 2003 (FACTA). Section 216 is designed to protect consumers against the risks associated with identity theft and other types of fraud. The new guidelines -- effective July 1, 2005 -- require any financial institution that maintains or otherwise possesses consumer information derived from consumer reports to properly dispose of it. The 12-page notice in the Federal Register might lead you to believe that the regulations actually say something substantial, but the agencies chose not to issue a prescriptive rule. Rather than taking a hard line and issuing specific guidelines, the agencies chose to allow institutions to follow the risk-based approach to handling security threats that is already in place under the existing guidelines. According to the agencies, this means that any changes to an institution’s existing information security program are “likely will be minimal.” http://www.steptoe.com/index.cfm?fuseaction=ws.getItem&pubItemId=8879&siteId=547

9TH CIRCUIT ORDERS EN BANC REHEARING OF YAHOO FRANCE CASE (BNA’s Internet Law News, 11 Feb 2005) -- Free speech activists and Yahoo have declared a small victory in a dispute over whether the e-commerce giant can host auctions for Nazi memorabilia on its US sites. The 9th US Circuit Court of Appeals said it would rehear some arguments in a 5-year-old lawsuit against Yahoo by two French human rights groups over the posting of Nazi memorabilia on the Yahoo site. Order at http://9thcircuityahoorehearing.notlong.com/ Coverage at http://www.washingtonpost.com/wp-dyn/articles/A15301-2005Feb10.html

STUDY: FEE-BASED MUSIC GAINS ON SWAPPING (CNET, 10 Feb 2005) -- Fee-based digital music is gaining popularity among downloaders in the United States, according to market research company Ipsos-Insight. About 47 percent of people who downloaded music in December and who were age 12 or older paid a fee to do so, the market researcher said. That’s up from 22 percent a year ago. The study is based on data from a sample of 1,112 respondents. Ipsos-Insight said that while users between the ages of 25 and 54 are the most likely to have paid to download music, the number of younger people paying for it is also rising. More than half of respondents between the ages of 12 and 17 reported that they have paid for music. http://news.com.com/2100-1027_3-5571262.html

NEGOTIATING LICENSING AGREEMENTS – GUIDANCE PUBLISHED (Out-law.com, 9 Feb 2005) -- The World Intellectual Property Organisation (WIPO) and the International Trade Centre (ITC) announced on Monday that they have published a basic practical guide on how to negotiate technology licensing agreements. Licensing agreements allow one company to obtain defined rights to use technology developed by another and, according to WIPO, are a useful option for companies seeking to maintain their competitive advantage and a healthy balance sheet. WIPO - a UN body dedicated to the creation of a stable environment for the marketing of intellectual property - and the ITC, which deals with trade promotion for the UN, are keen to see an increased use of licensing agreements, viewing them as an important means of promoting the effective transfer of technology, fostering entrepreneurship and assisting national economic development. The new publication therefore offers a practical introduction to negotiating licensing agreements and is designed to address the needs and concerns of non-specialists. According to WIPO, the guide focuses on the identification, acquisition and transfer, through licensing agreements, of intellectual property - in particular patent-protected technologies. It provides guidance on negotiating techniques for licensing contracts and explains a number of basic rules, common issues and legal concerns associated with the negotiating process. The guide, “Exchanging Value - Negotiating Technology Licensing Agreements” can be purchased from WIPO’s web site. http://www.out-law.com/php/page.php?page_id=negotiatinglicensin1107950786&area=news

COURT SAYS WIFE BROKE LAW WITH SPYWARE (BNA’s Internet Law News, 16 Feb 2005) -- The Florida Appeals Court, Fifth District has ruled that a wife who installed spyware on her husband’s computer to secretly record evidence of an extramarital affair violated state law. At issue in this case was whether the use of the spyware violated Florida’s wiretapping law. The three judges ruled that it did, and barred the wife from revealing the contents of the intercepted conversations. The court also ruled that the chat records could not be introduced as evidence in the unhappy couple’s divorce proceedings. Decision at http://www.5dca.org/Opinions/Opin2005/020705/5D03-3484.pdf Coverage at http://news.com.com/2100-1030_3-5577979.html

U.S. AGENCIES EARN D-PLUS ON COMPUTER SECURITY (SiliconValley.com, 16 Feb 2005) -- The overall security of computer systems inside the largest U.S. government agencies improved marginally since last year but still merits only a D-plus on the latest progress report from Congress. The departments of Transportation, Justice and the Interior made remarkable improvements, according to the rankings, which were compiled by the House Government Reform Committee and based on reports from each agency’s inspector general. But seven of the 24 largest agencies received failing grades, including the departments of Energy and Homeland Security. The Homeland Security Department encompasses dozens of agencies and offices previously elsewhere in government but also includes the National Cyber Security Division, responsible for improving the security of the country’s computer networks. ``Several agencies continue to receive failing grades, and that’s unacceptable,” said Rep. Tom Davis, R-Va., the committee’s chairman. ``We’re also seeing some exceptional turnarounds.” Davis said troubling areas included lax security at federal contractor computers, which could be used to break into government systems; a lack of contingency plans for broad system failures and little training available for employees responsible for security. The Transportation Department improved from a D-plus to an A-minus; the Interior Department, which failed last year, improved to a C-plus; and the Justice Department rose from a failing grade to B-minus. The poor grades effectively dampen efforts by U.S. policy makers to impose new laws or regulations to compel private companies and organizations to enhance their own security. Industry groups have argued that the government needs to improve its own computer security before requiring businesses to make such changes. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/10915463.htm

PBS WARNS STATIONS OF RISKS FROM PROFANITY IN WAR FILM (New York Times, 18 Feb 2005) – PBS has warned its member stations that it cannot protect them against federal indecency sanctions if they broadcast an unedited, profanity-laced version of a documentary about a United States Army regiment in Baghdad as it faced insurgent attacks leading up to the Iraqi elections, producers of the documentary said yesterday. The documentary, “A Company of Soldiers,” was produced by Front- line, a production of WGBH, the public television station in Boston, and is scheduled to be broadcast on Tuesday night. The Public Broadcasting Service will offer its stations both an edited and an unexpurgated version, as it commonly does with programs that have content that might be objectionable in some parts of the country. But producers at Frontline said PBS had taken the unusual step of offering only the edited version of the film for direct retransmission. Stations that want the unedited version, which the producers say is the one that captures the realities of combat faced by soldiers in Iraq, will be required to pre-record it and to sign a waiver indemnifying PBS against damages or fines they might incur because of the broadcast. David Fanning, the executive producer of Frontline, said in a telephone interview that he believed the PBS decision was motivated by confusion over rulings by the Federal Communications Commission over what constitutes indecency. Front-line’s lawyers had advised the producers that the vulgar language in the film did not violate federal guidelines about gratuitous use of profanity, Mr. Fanning said. “PBS, like other broadcasters, has been under tremendous pressure” because of uncertainty over the indecency guidelines, Mr. Fanning said. He said the producers had agreed that some instances of profanity were unnecessary, like the use of curse words by soldiers in the barracks and when off duty. “But when we were looking at the issue of the language of young men while they were in combat, in very stressful situations in Iraq, the question of whether to sanitize the film was easier [Editor: harder?] to answer,” he said. http://www.nytimes.com/2005/02/18/business/media/18pbs.html?ex=1266469200&en=de3ce08121f33394&ei=5090&partner=rssuserland

MICHIGAN PURSUES UNPAID TAXES ON TOBACCO BOUGHT ONLINE (Detroit Free Press, 18 Feb 2005) -- The state has begun billing smokers for the taxes they avoided by purchasing tobacco online. The Treasury Department so far has sent letters to 533 customers of one online seller, seeking $1.7 million in unpaid taxes. At least 13 online tobacco retailers operate in Michigan. The rapid growth of Internet cigarette sales prompted state officials to step up enforcement of the tax law, treasury spokesman Terry Stanton told the Detroit Free Press for a Friday story. Although there is no hard evidence, officials say they believe Michigan’s $2-per-pack cigarette tax -- the nation’s third-highest behind New York City and New Jersey -- has prompted more smokers to shop for cheaper prices. State law allows only licensed sellers who pay the appropriate tax to bring cigarettes into Michigan from other states. Penalties are not assessed against people who bring less than $50 in cigarettes into the state. http://www.freep.com/news/statewire/sw111914_20050218.htm [Ohio, too: http://toledoblade.com/apps/pbcs.dll/article?AID=/20050219/NEWS24/502190390; and New Jersey: http://www.newsday.com/news/local/wire/newjersey/ny-bc-nj--internetcigarette0303mar03,0,257716.story]

WASHINGTON ST. APP. CT. DENIES AOL FORUM SELECTION CLAUSE (BNA’s Internet Law News, 21 Feb 2005) -- A Washington State Appellate court has refused to enforce AOL’s forum selection clause that forces all disputes to be heard in Virginia. The court ruled that the clause violates state public policy as expressed in the Consumer Protection Act since it would force the litigants to sue in Virginia without benefit of the state class action remedy. Case name is Dix v. ICT Group. Decision at http://www.courts.wa.gov/opinions/?fa=opinions.opindisp&docid=231844MAJ

GOOGLE “LIBRARY” SPARKS FRENCH WARCRY (Reuters, 18 Feb 2005) -- France’s national library has raised a “warcry” over plans by Google to put books from some of the world’s great libraries on the Internet and wants to ensure the project does not lead a domination of American ideas. Jean-Noel Jeanneney, who heads France’s national library and is a noted historian, says Google’s choice of works is likely to favour Anglo-Saxon ideas and the English language. He wants the European Union to balance this with its own programme and its own Internet search engines. “It is not a question of despising Anglo-Saxon views ... It is just that in the simple act of making a choice, you impose a certain view of things,” Jeanneney told Reuters in a telephone interview on Friday. “I favour a multi-polar view of the world in the 21st century,” he said. “I don’t want the French Revolution retold just by books chosen by the United States. The picture presented may not be less good or less bad, but it will not be ours.” His views are making waves among intellectuals in France, where many people are wary of the impact of American ways and ideas on the French language and culture. http://uk.news.yahoo.com/050218/80/fcskz.html [OMG]

9-11 COMMISSIONER CALLS FOR END TO ISACS (InfoWorld, 18 Feb 2005) -- The U.S. government’s policy of relying on voluntary, industry-led information sharing and analysis centers, or ISACs, is not working and should be discontinued or reformed, according to Jamie Gorelick, a member of the 9-11 Commission. ISACs lack the organization and funding to work effectively and pass on vital security intelligence to the U.S. federal government about threats to the nation’s critical infrastructure. Their failure poses a threat to national security, Gorelick said during a panel discussion at the RSA Conference in San Francisco. However, the head of at least one ISAC says the organizations are working well, despite continued skepticism of government demands for information on security breaches. The ISAC system was created by Presidential Decision Directive 63 (PDD 63), which was issued by President Bill Clinton in 1998. PDD 63 called for the creation of ISACs to encourage private sector cooperation and information sharing with the federal government on issues related to the nation’s critical infrastructure. Today there are ISACs for the food, water and energy sectors, as well as the information technology, telecommunications, chemical and financial services industries. “I don’t think the model of ISACs works,” Gorelick said. “Asking industries to fund their own ISACs as they wish and in a disorganized fashion will not get us where we need to go.” In particular, Gorelick objected to the requirement that critical industries fund and operate their own ISACs without government oversight. The U.S. government should provide funding and a reliable communications system for each ISAC, rather than requiring them to “pass the hat” to raise operating funds, she said. The government should also provide a single point of contact for ISACs that can be a “quarterback” for the various industry groups and win the support of senior executives within different industry sectors, she said. However, the president of one prominent ISAC thinks Gorelick is mistaken in her notion that the groups are not working. “(Gorelick) is unfortunately mistaken in her perception,” said Guy Copeland, vice president of Information Infrastructure Advisory Programs at Computer Sciences Corp. and president of the Information Technology ISAC (IT-ISAC). “We’ve never received any funding from the government, and we’re stronger because of it.” http://www.infoworld.com/article/05/02/18/HNsecurity911_1.html

CFAA AS A CIVIL REMEDY (National Law Journal, 14 Feb 2005 – SUBSCRIPTION REQUIRED – Over the past three years, as public Web sites have become a business’s interface with the public, the federal Computer Fraud and Abuse Act (CFAA), 18, U.S.C. 1030, et. seq., has emerged as a potent civil remedy to protect valuable competitive business information that is accessible through these Web sites. This article will examine this newly developed legal precedent and the proactive steps businesses should implement to take advantage of the CFAA. http://www.law.com/jsp/nlj/PubArticleNLJ.jsp?id=1107783345003

EU PARLIAMENT APPROVES SOFTWARE PATENT RESTART (eWeek, 17 Feb 2005) -- A European Parliament body has adopted a motion to scrap the European Union’s proposed IT patenting legislation, amid growing criticism of the proposal from EU member states. The decision by the EP’s Conference of Presidents—the heads of the parliament’s political groups—is the last hurdle before the parliament can formally ask the Commission for a restart. The text’s opponents say it would bring the EU into line with U.S. patent practice, allowing broad patentability of software and business processes. As U.S. software companies spend millions defending or attacking intellectual property holdings, European vendors are taking advantage of their easier legal climate for software, especially smaller companies and open-source projects. http://www.eweek.com/article2/0,1759,1766515,00.asp

UN PANEL AIMS TO END INTERNET TUG OF WAR (Reuters, 21 Feb 2005) -- A U.N.-sponsored panel aims to settle a long-running tug of war for control of the Internet by July and propose solutions to problems such as cyber crime and email spam. The panel, set up in December 2003, will lay groundwork for a final decision to be taken in Tunis in November at a U.N.-sponsored World Summit on the Information Society, where global control of the world wide web may be decided. Right now, the most recognisable Internet governance body is a California-based non-profit company, the International Corporation for Assigned Names and Numbers (ICANN). But developing countries want an international body, such as the U.N.’s International Telecommunication Union (ITU), to have control over governance -- from distributing Web site domains to fighting spam. “There is an issue that is out there and that needs to be resolved,” said Nitin Desai, chairman of working group and special adviser to U.N. Secretary-General Kofi Annan. Incorporated in 1998, ICANN oversees management of the Internet’s crucial addressing system which matches numerical addresses to familiar Web site addresses. While its oversight has been confined to technical matters, critics say that it is subject to U.S. political influence. The ITU, a 138-year-old trade body that among other things established country code rules for international telephone calls, is seen by developing countries as being better able to address their needs. http://uk.news.yahoo.com/050221/80/fcy69.html

CHOICEPOINT TO RESCREEN 17,000 CUSTOMERS IN WAKE OF PERSONAL INFO BREACH (SiliconValley.com, 22 Feb 2005) -- ChoicePoint Inc., under fire for being duped into allowing criminals to access its massive database of personal information, said Monday that consumers in all 50 states, the District of Columbia and three U.S. territories may have been affected by the breach of the company’s credentialing process. The data warehouser also announced plans to rescreen 17,000 business customers to make sure they are legitimate. The Alpharetta-based company said it has hired a retired Secret Service agent to help revamp its verification process. It also has paid for a one-year subscription to a credit monitoring service for each of the 144,778 people that may have been affected by the breach. The company said the smallest number of possible victims -- two -- was in the U.S. Virgin Islands, while the largest number -- 34,114 -- was in California. It released a state-by-state breakdown late Monday. People in Puerto Rico and Guam also may have been affected. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/10961626.htm

OASIS PATENT POLICY SPARKS BOYC (CNET, 22 Feb 2005) -- Open-source and free-software advocates including Mitchell Kapor, Lawrence Lessig, Tim O’Reilly, Bruce Perens, Eric Raymond, Lawrence Rosen, Doc Searls and Richard Stallman signed an e-mail urging the community not to implement certain specifications sent out by OASIS (the Organization for the Advancement of Structured Information Standards). OASIS this month revised its patent policy in a way it claimed offers better options for open-source software development. “We ask you to stand with us in opposition to the OASIS patent policy,” states the e-mail, which was sent Tuesday morning. “Do not implement OASIS standards that aren’t open. Demand that OASIS revise its policies. If you are an OASIS member, do not participate in any working group that allows encumbered standards that cannot be implemented in open-source and free software.” In an interview, one signatory said the campaign would not target individual specifications, but the organization as a whole. “We want organizations like OASIS to develop policies so any group that wants to use an industry standard can know in advance whether or not someone’s going to come along and reach into their pocketbook,” said Rosen, a lawyer with Rosenlaw & Einschlag and author of “Open Source Licensing: Software Freedom and Intellectual Property Law.” OASIS defended its revised policy and launched a counterattack against the e-mail campaign. “This policy from OASIS is as strong as the W3C policy in terms of specifying work to be royalty-free,” said OASIS CEO Patrick Gannon in an interview. “Our policy states that standards may incorporate work that is patented, but that they have to disclose it. And in almost all cases, that results in a royalty-free license for that work.” OASIS revised its policy to specify three modes for standards work: RAND, or reasonable and nondiscriminatory licensing; RF, or royalty-free, on RAND terms; or RF on limited terms. http://news.com.com/2100-7344_3-5585711.html

EU OFFERS PRIVACY GUIDELINES FOR RFID (InfoWorld.com, 22 Feb 2005) -- The European Union (E.U.) has expressed concern that the use of RFID (radio frequency identification) technology by businesses and governments could violate human dignity as well as data protection rights and has published guidelines for businesses and agencies intending to use the technology. The E.U.’s executive body, the European Commission, tapped its advisory body on data protection and privacy, known as the Article 29 Working Party, to conduct its first assessment of data protection issues related to RFID. The technology is a method for storing, receiving and transmitting data via antennas on tags that respond to radio frequency queries. “The ability to surreptitiously collect a variety of data all related to the same person; track individuals as they walk in public places (airports, train stations, stores); enhance profiles through the monitoring of consumer behavior in stores; read the details of clothes and accessories worn and medicines carried by customers are all examples of uses of RFID technology that give rise to privacy concerns,” the group wrote in its report, published Jan. 19. The resulting guidelines include gaining unambiguous consent from individuals where RFID is used and providing clear information to the so-called data subjects including the presence and location of RFID tags and trackers, what sort of data is being collected and how it is being processed. The E.U. also wants individuals to be made fully aware that they have the right to gain complete access to any personal data being collected and stored on them as well as the right to check on the accuracy of the data. http://www.infoworld.com/article/05/02/22/HNrfidprivacy_1.html?source=rss&url=http://www.infoworld.com/article/05/02/22/HNrfidprivacy_1.html

CUSTOMERS ARE FINDING 911 VOID WITH INTERNET TELEPHONE SERVICE (Houston Chronicle, 24 Feb 2005) -- Lured by low phone rates, Peter John’s family found that saving money could endanger their lives after learning the one number they cannot dial: 911. John and his wife, Sosamma, were attacked by two men at their southwest Houston home earlier this month. As they struggled with the intruders, John was shot in the right thigh and torso. His wife was wounded in the left thigh. But when their 17-year-old daughter Joyce, who was in the house at the time, tried 911, the call would not go through. The attackers fled, leaving a shaken John wondering whether to reconsider his money-saving phone plan. “It’s scary,” John said. Officials at the Greater Harris County 9-1-1 Emergency Network, which oversees 911 service in Harris and Fort Bend counties, agree. “The key drawback for us is that most of the IP service providers don’t interconnect with the 911 network,” Executive Director John Melcher said. http://www.chron.com/cs/CDA/ssistory.mpl/metropolitan/3054952

SHHH. LIQUIDNET IS TRADING STOCKS IN HUGE BLOCKS (New York Times, 23 Feb 2005) – Meet what one money manager calls “ Napster for stocks.” Like Napster, which shook up the music industry with its file-sharing network, Liquidnet has pioneered an electronic marketplace that allows institutional investors to trade large blocks of stock anonymously. In a sign of how valuable such electronic trading power is, Liquidnet, which began operations in 2001, has just completed a financing deal that values the privately held company at $1.8 billion, according to a person close to the transaction. By comparison, the publicly traded electronic network leader, Archipelago, has a market value of $873 million. Nasdaq has a value of about $794 million, while the New York Stock Exchange, a nonprofit organization that has said it will explore the possibility of a public offering, is worth about $1.3 billion based on the price of its membership seats. “The institutional equities business has been a money-losing business for almost five years,” said Seth Merrin, the 44-year-old co-founder and chief executive of Liquidnet. “The trend has been toward electronic.” Liquidnet can command such a large price tag because it allows some 350 institutions to trade huge blocks - on average 40,000 shares, more than 80 times the size of an average order on the New York Stock Exchange - rather than forcing those institutions to cut up and parcel out the blocks into small shares, trying to trade the shares quietly so that the market does not move against the trade. http://www.nytimes.com/2005/02/23/business/23place.html?ex=1266814800&en=c4b1c92ddb35cd14&ei=5090&partner=rssuserland

VISA DEBUTS RFID-ENABLED CARD-PAYMENT SYSTEM (Information Week, 24 Feb 2005) -- Visa USA on Thursday kicked off a system utilizing radio-frequency identification (RFID) technology to enable consumers to make purchases by waving cards with embedded chips in front of terminals. The system, under development for two years, is designed for “small-ticket” purchases at fast-food restaurants, movie theaters, and convenience stores. The cards work at distances of 4 inches or less. Visa is guaranteeing merchants against “chargebacks,” the risk of a payment being accidentally charged to the wrong credit or debit card, for purchases up to $25. Visa has enhanced its VisaNet system to track contactless payment transactions through the authorization, clearing, and settlement processes, says Patrick Gauthier, Visa’s senior VP of new product development. Card-issuing banks need to be able to recognize transactions as contactless when responding to customer queries. He declines to say whether any retailers have yet agreed to use the card. MasterCard International has been testing a contactless card, called PayPass, at McDonald’s restaurants in the United States. Sheetz Inc., a convenience-store chain, plans to deploy PayPass at all of its outlets beginning March 1. American Express’ ExpressPay is being rolled out at CVS pharmacies. http://www.informationweek.com/story/showArticle.jhtml?articleID=60403344

PRIVACY ADVOCATES CRITICIZE HOMELAND SECURITY PRIVACY COMMITTEE (SiliconValley.com, 25 Feb 2005) -- Privacy advocates say a committee set up recently to advise the Homeland Security Department on privacy issues amounts to little more than a fox guarding a chicken coop. One member works for a high-tech company that distributed software that many computer users complained contained adware. Another works for a conglomerate whose subsidiary turned over personal records of airline passengers to a government contractor. A third works for a defense contractor from which thieves stole personal information on thousands of employees, making them vulnerable to identity theft. Bruce Schneier, chief technology officer of Counterpane Internet Security, a Mountain View, Calif., computer security company, and author of ``Beyond Fear,” said he looked at the 20-member list and laughed. ``It’s just plain weird,” Schneier said Thursday. ``Where are all the privacy people?” Homeland Security Chief Privacy Officer Nuala O’Connor Kelly said the committee represents a cross-section of viewpoints, including people who have criticized the department. ``We picked the best board from the people who applied,” said Kelly, adding that more than 130 people applied for the committee that she announced Wednesday. Privacy is a sensitive issue for the Homeland Security Department as it embarks on ambitious plans to look into the backgrounds of everyone who boards a plane, enters the country or works in the transportation industry. Privacy advocates say Homeland Security’s privacy board is skewed too heavily toward corporations, including Intel Corp., Computer Associates, IBM Corp. and Oracle Corp. Kelly, pointed to several privacy advocates on the board: Tara Lemmey, former executive director of the Electronic Frontier Foundation, a privacy rights group; Lance Hoffman, a George Washington University professor; and James Harper, editor of Privacilla.org and a self-described critic of government surveillance. http://www.siliconvalley.com/mld/siliconvalley/10991077.htm

E-MAIL RELIABILITY AT RISK AS SPAM CONTROLS GET AGGRESSIVE (SiliconValley.com, 25 Feb 2005) -- Sometimes the only way to know whether an e-mail got through is to call. Just ask Ashley Friedlein, who runs E-consultancy Ltd. in London. He never heard back from a correspondent in the United States, a subscriber of Verizon Online. So he phoned and learned his e-mail was never received. ``I wouldn’t have known anything about it had I not called to check” he said. Blame the mishap on increasingly aggressive spam controls employed by Verizon and other e-mail operators. As spammers identify new tricks for sneaking their junk past software sentinels, service providers’ technical parries could put even more legitimate mail at risk. Spam and spam-fighting have ``in some cases eroded the reliability of the mail system,” said Eric Allman, chief technology officer of leading e-mail software vendor Sendmail Inc. ``Now a lot of mail gets filtered out.” A typical user might lose anywhere from a legitimate message every few months to as many as five a week, estimates Richi Jennings of Ferris Research. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/10993009.htm

‘DIGITAL DIVIDE’ NARROWING FAST, WORLD BANK SAYS (Reuters, 24 Feb 2005) -- The “digital divide” between rich and poor nations is narrowing fast, the World Bank said on Thursday, calling into question a costly United Nations campaign to bring hi-tech telecommunications to the developing world. As some 1,700 international experts gathered in Geneva to prepare for the U.N.’s World Summit on the Information Society (WSIS), the World Bank said in a report that telecommunications services to poor countries were growing at an explosive rate. “The digital divide is rapidly closing,” the report said. “People in the developing world are getting more access at an incredible rate -- far faster than they got access to new technologies in the past.” Half the world’s population now enjoys access to a fixed-line telephone, the report said, and 77 percent to a mobile network -- surpassing a WSIS campaign goal that calls for 50 percent access by 2015. The report said there were 59 million fixed-line or mobile phones in Africa in 2002 -- contradicting Senegalese President Abdoulaye Wade’s claim at a U.N. news conference last year that there were more telephones in Manhattan than in all of Africa. http://www.reuters.com/newsArticle.jhtml?storyID=7731166

THE FEC’S COMING CRACKDOWN ON BLOGGING (CNET, 3 March 2005) -- Bradley Smith says that the freewheeling days of political blogging and online punditry are over. In just a few months, he warns, bloggers and news organizations could risk the wrath of the federal government if they improperly link to a campaign’s Web site. Even forwarding a political candidate’s press release to a mailing list, depending on the details, could be punished by fines. Smith should know. He’s one of the six commissioners at the Federal Election Commission, which is beginning the perilous process of extending a controversial 2002 campaign finance law to the Internet. In 2002, the FEC exempted the Internet by a 4-2 vote, but U.S. District Judge Colleen Kollar-Kotelly last fall overturned that decision. “The commission’s exclusion of Internet communications from the coordinated communications regulation severely undermines” the campaign finance law’s purposes, Kollar-Kotelly wrote. Smith and the other two Republican commissioners wanted to appeal the Internet-related sections. But because they couldn’t get the three Democrats to go along with them, what Smith describes as a “bizarre” regulatory process now is under way. http://news.com.com/2008-1028_3-5597079.html

**** RESOURCES ****
The ABA Standing Committee on Law and National Security, through the leadership of Stewart Baker, has created a very interesting online resource relating to the ongoing debate over various aspects of the patriot act. The site, http://www.patriotdebates.com/, contains sets of dueling essays on specific PATRIOT Act subtopics, written by an outstanding collection of some of the leading thinkers in this area. Each set consists of an opening and a response, with more iterations to come as the opponents engage one another.

SOURCES:
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu.
2. Edupage, http://www.educause.edu/pub/edupage/edupage.html.
3. SANS Newsbites, sans@sans.org.
4. NewsScan and Innovation, http://www.newsscan.com.
5. Internet Law & Policy Forum, http://www.ilpf.org.
6. BNA’s Internet Law News, http://ecommercecenter.bna.com.
7. The Ifra Trend Report, http://www.ifra.com/website/ifra.nsf/html/ITR-HTML.
8. Crypto-Gram, http://www.schneier.com/crypto-gram.html.
9. David Evan’s “Internet and Computer News”, http://www.abanet.org/scripts/listcommands.jsp?parm=subscribe/at-internet
10. Readers’ submissions, and the editor’s discoveries.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.

No comments: