Saturday, March 26, 2005

MIRLN -- Misc. IT Related Legal News [6-26 March 2005; v8.04]

**************Introductory Note**********************

MIRLN (Misc. IT Related Legal News) is a free product of the American Bar Association’s Cyberspace Law Committee. Please feel free to distribute this message.

Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at (click on “Settings” beside Members-Only Listserve Discussion). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN editions are archived at and in the public materials section of the Cyberspace Committee’s collaboration space at

**************End of Introductory Note***************

WORLD COMPUTER AND INTERNET LAW CONGRESS (produced by the Computer Law Association, May 5-6, 2005, in Washington, D.C.) -- Program information at

**** NEWS ****

TRACKING PCS ANYWHERE ON THE NET (CNET, 4 March 2005) – A University of California researcher says he has found a way to identify computer hardware remotely, a technique that could potentially unmask anonymous Web surfers by bypassing some common security techniques. Tadayoshi Kohno, a doctoral student, wrote in a paper on his research: “There are now a number of powerful techniques for remote operating system fingerprinting, that is, remotely determining the operating systems of devices on the Internet. We push this idea further and introduce the notion of remote physical device fingerprinting...without the fingerprinted device’s known cooperation.” The potential applications for Kohno’s technique are far-reaching. For example, it could be possible to track “a physical device as it connects to the Internet from different access points, counting the number of devices behind a NAT even when the devices use constant or random IP identifications, remotely probing a block of addresses to determine if the addresses correspond to virtual hosts.” NAT, or network address translation, is a protocol commonly used to make it appear as if machines behind a firewall all retain the same IP address on the public Internet. Kohno’s research is likely not the last word in Net anonymity, but simply the latest escalation in the arms race between snoopware and anonymity developers. Possible countermeasures include masking time skews with better random number generation techniques, for example.’s

EU MINISTERS ENDORSE PATENT LA (BBC, 7 March 2005) -- European ministers have endorsed a controversial proposed law on patents which critics say could stifle software development. Some major tech firms say it is needed to protect inventions, while others fear it will hurt smaller tech firms. The draft bill still needs the backing of the European Parliament - which is unlikely to rubber stamp the proposals. Some MEPs have said they will reject the bill or require substantial changes before it is made law. French Green MEP Alain Lipietz warned two weeks ago that the parliament would reject the Council of Minister’s version of the legislation as part of the final or conciliation stage of the decision procedure. The parliament demanded that the European Commission, the EU executive, resubmit the draft law to a first reading, which would make it easier to propose amendments aimed at limiting the scope of possible patents. The Commission, which has the sole right to propose pan-EU legislation, refused, saying that the ministers should decide on the draft law.

WHITE HOUSE APPROVES PASS FOR BLOGGER (New York Times, 7 March 2005) – Another signal moment for bloggers is to occur this morning, when Garrett M. Graff, who writes a blog about the news media in Washington, is to be ushered into the White House briefing room to attend the daily press “gaggle.” Mr. Graff, 23, may be the first blogger in the short history of the medium to be granted a daily White House pass for the specific purpose of writing a blog, or Web log. A White House spokesman said yesterday that he believed Mr. Graff was the first blogger to be given credentials. He is being given a press pass as the editor of FishbowlDC (, a blog that is published by, which offers networking and services for journalists. Increasingly, bloggers are penetrating the preserves of the mainstream news media. They have secured seats on campaign planes, at political conventions and in presidential debates, and have become a driving force in news events themselves. Mr. Graff said he was inspired to try to seek access to the White House by the controversy over James D. Guckert, who used the alias Jeff Gannon. Mr. Guckert was granted daily passes to White House briefings while writing for a Web site run by a Republican operative in Texas. The episode raised questions about who was a legitimate journalist and how access to the White House was granted. The blog is at

FIRMS TAKING ACTION AGAINST WORKER BLOGS (AP, 7 March 2005) -- Flight attendant Ellen Simonetti and former Google employee Mark Jen have more in common than their love of blogging: They both got fired over it. Though many companies have Internet guidelines that prohibit visiting porn sites or forwarding racist jokes, few of the policies directly cover blogs, or Web journals, particularly those written outside of work hours. Simonetti had posted suggestive photographs of herself in uniform, while Jen speculated online about his employer’s finances. In neither case were their bosses happy when they found out. “There needs to be a dialogue going on between employers and employees,” said Heather Armstrong, a Web designer fired for commenting on her blog about goings on at work. “There’s this power of personal publishing, and there needs to be rules about what you can or cannot say about the workplace.” On blogs, which are by their very nature public forums, people often muse about their likes and dislikes — of family, of friends, of co-workers. Currently, some 27 percent of online U.S. adults read blogs, and 7 percent pen them, according to The Pew Internet and American Life Project. With search engines making it easy to find virtually anything anyone says in a blog these days, companies are taking notice — and taking action. “Because it’s less formal, you’re more likely to say something that would offend your boss,” said Lewis Maltby, president of the National Workrights Institute, a workers’ rights group. and

TECH HEAVIES THROW WEIGHT INTO COMPLIANCE (, 7 March 2005) -- A coalition of eight tech companies has formed the Compliance and Management Electronic Information (CMEI) working group in a bid to give companies a hand in formulating a comprehensive compliance framework for their business. The group, made up of Oracle, Hewlett-Packard, Veritas, Sun Microsystems, Open Text , Hitachi Data Systems, Network Appliance and Plasmon, expects to have resources available on the Internet Law & Policy Forum (ILPF) Web site ( in the next six months. The ILPF is a non-profit organization that provides a neutral forum for challenges posed by the Internet on law, policy, technology and businesses worldwide. Outside the CMEI, the organization hosts working groups focused on spam, self-regulation, security and policy, content liability, electronic authentication and jurisdiction. The CMEI site will host documentation on best practices for information retention and maintenance regulations, provide counsel and exchange information with various businesses, legislative bodies and regulatory agencies in various workshops, and publish checklists and summaries of legal and regulatory requirements for interested companies. Officials say the many information compliance regulations worldwide cause undo headaches for companies trying to abide by them, both in money and time spent adhering to conflicting regulations. As an example they point to a company, based in the United States with offices in the United Kingdom, that severs its ties with a customer. Under U.S. law, companies must retain records for seven years, but in the U.K. they must immediately destroy all customer information. Those sorts of conflicting policy goals, as well as some of the weak language found in ambiguous regulations was the main reason for the formation of the working group, according to Harald Collet, CMEI chairman and Oracle records management and compliance support product manager. With businesses focused on complying with the deadlines of specific regulations, he said, such as Sarbanes Oxley, they now have to work on building a framework that is more all-encompassing.

GERMAN CT BLOCKS LINK FROM WEBSITE TO CIRCUMVENTION SOFTWARE (BNA’s Internet Law News, 8 March 2005) -- A German court has prohibited the German news site Heise to link in an online article to a site were circumvention software was made available. IFPI complained that the news article provided information and a link that should be deemed illegal under the anti-circumvention provision of the German Copyright Law.

TEEN CONVICTED UNDER INTERNET PIRACY LAW (, 7 March 2005) -- An Arizona university student is believed to be the first person in the country to be convicted of a crime under state laws for illegally downloading music and movies from the Internet, prosecutors and activists say. University of Arizona student Parvin Dhaliwal pleaded guilty to possession of counterfeit marks, or unauthorized copies of intellectual property. Under an agreement with prosecutors, Dhaliwal was sentenced last month to a three-month deferred jail sentence, three years of probation, 200 hours of community service and a $5,400 fine. The judge in the case also ordered him to take a copyright class at the University of Arizona, which he attends, and to avoid file-sharing computer programs. “Generally copyright is exclusively a federal matter,” said Jason Schultz, an attorney with the Electronic Frontier Foundation, a technology civil liberties group. “Up until this point, you just haven’t seen states involved at all.” Federal investigators referred the case to the Maricopa County Attorney’s Office for prosecution because Dhaliwal was a minor when he committed the crime, said Krystal Garza, a spokeswoman for the office. “His age was a big factor,” she said. “If it went into federal court, it’s a minimum of three months in jail up front.”

MICHIGAN STATE POLICE QUIT ANTI-TERRORISM DATABASE (, 7 March 2005) -- State police officials say they will drop out of a multistate data-collection system that came under fire as a potential threat to people’s privacy. The Michigan State Police said it will stop participating in the pilot project, known as ``Matrix,” when it ends March 18. The department said too few states are participating to make the project worthwhile. The project began in December 2003 with 13 states; Florida, Ohio, Pennsylvania and Connecticut remain. State police also said they were concerned about future funding and unrealistic expectations to expand the Multistate Anti-Terrorism Information Exchange. ``The need for law enforcement investigators to access legally available information sources for criminal investigations continues to be a critical goal,” said Lt. Colonel Peter Munoz, deputy director and commander of the Field Services Bureau. The project collects data, including driver’s license and criminal history information, and shares access with participating states.

HARVARD REJECTS APPLICANTS WHO PEEKED INTO ADMISSIONS COMPUTER (, 8 March 2005) -- Harvard Business School will reject 119 applicants who followed a hacker’s instructions and peeked into the school’s admission site to see if they had been accepted, the school’s dean said. ``This behavior is unethical at best -- a serious breach of trust that cannot be countered by rationalization,” Kim Clark said in a statement Monday. ``Any applicant found to have done so will not be admitted to this school.” An unknown hacker posted instructions last week on a BusinessWeek online message board on how to view the status of their applications. Applicants to at least six business schools took advantage of the instructions, although most got only blank screens. Though some Harvard applicants did find information on their application status, school officials stressed that any decision wasn’t final until March 30. Carnegie Mellon’s Tepper School of Business has already said it will reject those proven to have tried to peek at their files. [Editor: I think these schools are over-reacting; applicants could only see their own records, and I understand the “hack” to have been a relatively straight-forward manipulation of a non-confidential URL. If the schools can’t be bothered to protect this information more effectively, it’s crazy for them to turn around with a draconian punishment for simple curiosity.] Dartmouth takes a more nuanced approach:

WISCONSIN WANTS TO TAX INTERNET DOWNLOADS (Capital Times, 8 March 2005) -- Wisconsin residents would have to pay the state sales tax on goods they download from the Internet, including songs, books and movies, under Gov. Jim Doyle’s budget, costing them an estimated $3.2 million over the next two years. State Rep. Scott Jensen, R-Waukesha, complained Monday that the move contradicted Doyle’s pledge to balance the budget without raising taxes. “The next time you download the latest song from U2 for 99 cents, the governor wants to charge you the sales tax,” Jensen said in a release. “It’s enough to give iPod users a case of ‘vertigo,’” in reference to the group’s hit song. In his example, the sales tax would be about 5 cents. The governor’s budget proposal would make clear that Wisconsin can collect the sales tax for certain purchases, from movie and music downloads to electronic books and artwork.

SHAREHOLDERS SUE CHOICEPOINT (ComputerWorld, 7 March 2005) -- Shareholders are suing ChoicePoint Inc. and its top executives after the company’s share price fell sharply following news that identity thieves had gained access to personal information about some U.S. residents that was held by the personal data vendor. A class-action lawsuit has been filed in U.S. District Court for the Central District of California on behalf of those who bought ChoicePoint shares between April 22, 2004, and March 3, 2005, Radnor, Pa.-based law firm Schiffrin & Barroway LLP said in a statement Friday. The suit charges Alpharetta, Ga.-based ChoicePoint and three top executives with keeping key information from the public in an effort to artificially inflate the price of the company’s stock. Specifically, the suit alleges that the defendants knew that ChoicePoint’s measures to protect its data were inadequate, that the company knew it was selling data to illegal enterprises, that security breaches had occurred twice before and that the company had exposed more than 500,000 people to the threat of identity theft, according to the statement. The suit seeks to recover damages for the shareholders.,10801,100239,00.html

GOVERNMENT AGENCIES TO GET EARLY DIBS ON WINDOWS PATCHES (Information Week, 11 March 2005) -- Microsoft will give the Air Force and other federal agencies software patches to test a month before the general public receives them. The arrangement is part of Microsoft’s Security Update Validation Program, a “closed beta program” introduced within the past 12 months. Microsoft will begin giving prerelease software patches to the Air Force, The Wall Street Journal reported Friday. The Department of Homeland Security will give advance notice of the new vulnerabilities to other government agencies and distribute the patches to them after they’ve been tested by the Air Force, the newspaper reported. Advance testing will make it possible for government agencies to install the patches as soon as Microsoft releases the final versions. That’s aimed at helping agencies stay ahead of hackers, who often are able to develop attacks that exploit a software hole less than a week after Microsoft discloses the vulnerability. The early-access program is also available to select business customers. The software updates are provided to program participants only for testing purposes, a Microsoft spokesman says. “Customers are specifically prohibited from deploying these security updates in a production environment,” the spokesman says via E-mail. “Participants are testing prerelease software, therefore the updates are provided only to deploy in a test environment. Participants can only deploy the security updates to their entire infrastructure when they are released to the general public.” The issue of providing advance access to security bulletins and software patches is a sensitive subject for Microsoft and other software vendors, who need to ensure that information and code don’t find their way to hackers before final patches are available for all customers. And customers who don’t receive advance notice may believe they’re at a disadvantage.

TEXAS BILL WOULD BENEFIT GRADUATES OF ONLINE LAW SCHOOLS (Chronicle of Higher Education, 11 March 2005) -- A bill working its way through the Texas legislature could give graduates of online law schools more opportunities to practice law. The American Bar Association (ABA) has so far refused to accredit online law schools, saying that they do not train students adequately to practice law. Although the ABA continues to refuse accreditation to online law schools, the organization does accredit institutions that offer some courses online. Currently in Texas, a graduate of an online law school can only take the state’s bar exam if he or she has practiced law in another state for at least five years. The proposed law would allow online graduates to take the Texas bar exam if they simply had passed the bar in another state. A small number of other states have similar statutes. California is currently the only state that allows individuals to take the bar exam without having passed another state’s bar exam. The bill was prompted by the situation of Julie Drenner, daughter of a state legislator, who graduated from Oak Brook College of Law and Government in California, passed that state’s bar exam, and now wants to practice law in Texas. (sub. req’d)

FRANCE: OPT-OUT BECOMES THE RULE FOR B2B MARKETING (Hunton & William’s Privacy & E-Commerce Alert, 14 March 2005) -- During its February 17 session, the French data protection authority (CNIL) reversed its position on e-mail direct marketing in the B2B context: the CNIL stated that the sending of a commercial message to an individual’s professional e-mail account and for professional purposes is no longer subject to the individual’s prior consent. Until then, the CNIL had favored a strict interpretation of the law, considering that the opt-in requirement applicable to e-mail marketing also applied to individuals acting in their professional capacity. However, since the purpose of the opt-in rule is to protect consumers, not to adversely affect exchanges between businesses, it decided that opt-out should become the rule in the B2B context. For further information (in French only), consult the CNIL web site:[uid]=238&cHash=6dd2646505.

FRENCH COURT RULES DOWNLOADING LAWFUL (BNA’s Internet Law News, 14 March 2005) -- The French Court of Appeal of Montpellier has released a 22 years old Internet user free of charges after he was sued for copying nearly 500 movies on Internet, burning them on CDs and sharing them with friends. The Court based its decision on the article L-122-5 of the French Intellectual Property Code stating that “authors can’t forbid copies or reproductions that are only intented for the private use of the copyist.” Coverage at French decision at

MAN GETS TO KEEP HIS NAME AFTER MATTEL LOSES UDRP CLAIM (BNA’s Internet Law News, 14 March 2005) -- Mattel has lost an ICANN UDRP bid to obtain the name The registrant’s name is Gopi Mattel.

PRIVACY ADVOCATES FROWN ON AMAZON SNOOPING PLAN (CNET, 14 March 2005) -- Post a review of a book or other product on, and the information may find its way into the company’s file on you. That’s one key feature, anyway, of a system Amazon has invented to gather clues about customers’ gift-giving habits in order to suggest future gifts and reminders. The company was granted a patent last week for the system, which also profiles gift recipients and guesses their age, birthday and gender. Amazon says it hasn’t put the “systems and methods” covered by the patent to use, so it isn’t monitoring customer review pages yet. But that fact gives little comfort to consumer advocates, who have hounded Amazon for years over its customer-profiling practices. This latest invention is yet further cause for concern, because it could involve profiling children and exploit the giving of gifts and the sense of community that customer reviews were designed to engender, advocate groups said. “Amazon has continued to set the low bar for privacy on the Internet,” said Chris Hoofnagle, West Coast director of the Electronic Privacy Information Center, or EPIC. “It’s almost no longer a surprise when the company announces some new way to profile people.” Here’s how the proposed system works, according to Amazon’s patent claim: Amazon would gather information about gift recipients, including their names, addresses and items customers send them. The system would then try to guess their gender, age and the gift-giving occasion based on the type of present, messages written in gift cards, dates gifts are ordered, items on wish lists, and commentary in related consumer reviews.

STUDY SHOWS ONLINE CITATIONS DON’T AGE WELL (Chronicle of Higher Education, 14 March 2005) – A study conducted by two academics at Iowa State University has shown a remarkably high rate of “decay” for online citations. Michael Bugeja, professor of journalism and communication, and Daniela Dimitrova, assistant professor of communication, looked at five prestigious communication-studies journals from 2000 to 2003 and found 1,126 footnotes that cite online resources. Of those, 373 did not work at all, a decay rate of 33 percent; of those that worked, only 424 took users to information relevant to the citation. In one of the journals in the study, 167 of 265 citations did not work. Bugeja compared the current situation to that of Shakespearean plays in the early days of printing, when many copies of plays were fraught with errors due to the instability of the printing medium. Anthony T. Grafton, a professor of history at Princeton University and author of a book on footnotes, agreed that citation decay is a real and growing problem, describing the situation as “a world in which documentation and verification melt into air.” (sub. req’d)

AOL CLARIFIES IM PRIVACY GUARANTEE (CNET, 14 March 2005) -- America Online said late Monday that it plans to revise its user agreement in response to concerns that instant messages sent through the company’s service could be monitored. The new policy for AOL Instant Messenger, or AIM, will stress that the company does not eavesdrop on customer’s conversations except in unusual circumstances such as a court order, an AOL spokesman said. AIM’s terms of service have been in place since at least February 2004, but nobody appears to have raised an alarm until a few days ago. Over the weekend, a brushfire of sorts flared among bloggers alarmed about six words embedded deep in the policy: “You waive any right to privacy.” That unfortunate wording was intended to apply to an AIM feature called “Rate-a-Buddy,” spokesman Andrew Weinstein said. Like the classic site, Rate-a-Buddy permits AIM users to post photographs publicly so others can rate them on how “cute” and “interesting” they seem to be. The Rate-a-Buddy language was “wrapped into” the AIM terms of service, and that “inartfully” worded phrase has been deleted from a new version that will be made public Tuesday, Weinstein said. “It’s going to make it very clear that this section applies to public areas.” AIM’s public areas include a few dozen public chat rooms, which cover topics from celebrity gossip to NASCAR chat. “We’re making the language clearer so users understand it,” Weinstein said. “At a minimum, there was significant confusion.” AOL’s AIM Privacy Policy--referenced in AIM’s terms of service--has long said that “AOL does not read your private online communications when you use any of the communication tools offered as AIM Products.” The updated terms of service will include that statement, rather than referencing it.

HOW TO DESTROY THE EARTH (Reviewed in Cryptogram, 15 March 2005) -- This is a fascinating -- and detailed -- analysis of what would be required to destroy the earth: materials, methods, feasibility, schedule. While the DHS might view this as a terrorist manual and get it removed from the Internet, the good news is that obliterating the planet isn’t an easy task. [Editor: Totally off-topic, with no worldly legal implications, but engaging, educational, and fun.]

CREATIVE COMMONS IS REWRITING RULES OF COPYRIGHT (Washington Post, 15 March 2005) -- When Chuck D and the Fine Arts Militia released their latest single, “No Meaning No,” several months ago, they didn’t try to stop people from circulating free copies on the Internet. They encouraged it. They posted the entire 3-minute, 12-second song and its various vocal, drum and guitar components online and invited everyone to view, copy, mix, remix, sample, imitate, parody and even criticize it. The result has been the creation of a flood of derivative work ranging from classical twists on the hip-hop piece to video interpretations of the song. The musicians reveled in the instant fan base. They were so pleased that they recently decided to publish their next entire album, due later this spring, the same way, becoming the first major artists to do so. “No Meaning No” was released under an innovative new licensing scheme called Creative Commons that some say may be better suited to the electronic age than the hands-off mind-set that has made copyright such a bad word among the digerati. So far, more than 10 million other creations -- ranging from the movie “Outfoxed” and songs by the Beastie Boys to the British Broadcasting Corp.’s news footage and the tech support books published under the O’Reilly label -- have been distributed using these licenses. The idea has even won the support of Hilary Rosen, formerly of the Recording Industry Association of America, and Jack Valenti, the past head of the Motion Picture Association of America, who became known for their aggressive pursuit of people who share free, unauthorized copies via the Internet. Interest in Creative Commons licenses comes as artists, authors and traditional media companies begin to warm to the idea of the Internet as friend instead of foe and race to capitalize on technologies such as file-sharing and digital copying.

AGENCE FRANCE PRESSE SUES OVER GOOGLE NEWS (Reuters, 19 March 2005) -- Agence France Presse has sued Google Inc., alleging the Web search leader includes AFP’s photos, news headlines and stories on its news site without permission. The French news service is seeking damages of at least $17.5 million and an order barring Google News from displaying AFP photographs, news headlines or story leads, according to the suit filed on Thursday in the U.S. District Court for the District of Columbia. “We allow publishers to opt out of Google News but most publishers want to be included because they believe it is a benefit to them and to their readers,” Google spokesman Steve Langdon said of the AFP lawsuit. The attorney for AFP was not immediately available for comment. AFP sells subscriptions to its content and does not provide it free. Google News gathers photos and news stories from around the Web and posts them on its news site, which is free to users. “Without AFP’s authorization, defendant is continuously and willfully reproducing and publicly displaying AFP’s photographs, headlines and story leads on its Google News web pages,” AFP charged in its lawsuit. AFP said it has informed Google that it is not authorized to use AFP’s copyrighted material as it does and has asked Google to cease and desist from infringing its copyrighted work. AFP alleged that Google has ignored such requests and as of the filing date of the lawsuit “continues in an unabated manner to violate AFP’s copyrights.”

BANK REGULATOR SAYS BANKS MUST WARN OF ID THEFT (Reuters, 18 March 2005) -- The FDIC on Friday ordered U.S. banks to warn customers of suspected cases of identity theft, one of the fastest-growing types of consumer fraud. The 5-0 vote by the agency’s board of directors come in the wake of a flurry of announcements of the theft of personal data affecting hundreds of thousands of consumers. The changes have won approval from the Office of the Comptroller of the Currency and Office of Thrift Supervision, and still require Federal Reserve (news - web sites) Board approval. Fed spokesman Andrew Williams said the board is considering the matter. Banks will be required to notify customers when they learn of unauthorized access to sensitive customer information and, after a reasonable investigation, determine the information was misused or there is a “reasonable possibility” of misuse. The notices must describe the incidents, detail measures taken to protect customers, provide phone numbers for further information, remind customers to be vigilant and describe how customers may put fraud alerts in their credit reports. Sensitive customer information is defined as a customer’s name, address or phone number, in conjunction with his or her Social Security (news - web sites) or driver’s license numbers; account, credit or debit card numbers; or an identification number or password that would permit access to an account. It also includes any combination of data that would allow a thief to access an account.

FRENCH GOV’T REQUIRES E-CONTRACT RETENTION FOR 10 YEARS (BNA’s Internet Law News, 17 March 2005) -- BNA’s Electronic Commerce & Law Report reports that France has published new standards on electronic contracting that require firms to store for a 10-year period all e-contracts for goods and services valued above 120 euros. The new standards on e-contract archives--which went into effect Feb. 19--are France’s step toward implementing the EU’s 2004 framework e-commerce legislation. For a free trial to source of this story, visit

PUBLIC-PRIVATE DEAL TO PREVENT INTERNET CIGARETTE SALES (, 17 March 2005) -- Major credit card companies will refuse to participate in Internet sales of cigarettes nationwide under a government agreement made Thursday. The U.S. Bureau of Alcohol, Tobacco, Firearms and Explosives, the companies and state attorneys general agreed to work together to prevent the long unchecked use of credit cards to buy cigarettes over the Internet across state lines. The agreement is effective immediately. The result is that virtually all credit cards will no longer participate with Web sites based in the United States and abroad that sell cigarettes and tobacco products in every state, said New York Attorney General Eliot Spitzer. The card companies also agreed to take action against Internet sellers that authorities identify as violating state and federal laws regulating cigarette sales. The effort is important because enforcement has been difficult, even though in many states, including New York, the Internet sale of tobacco products is illegal. The trade undercuts traditional business operators, often avoids sales tax for states and localities, and can be a way for underage consumers to buy cigarettes and chewing tobacco before they turn 18. ``By working with all the major card companies, we will severely restrict the availability of the Internet retailers to make these illegal sales,” said Spitzer, one of the lead attorneys general in the partnership sealed Thursday. The negotiations were also led by California Attorney General Bill Lockyer and Oregon Attorney General Hardy Myers. Attorneys general from Colorado, Idaho, Louisiana, Maryland, Pennsylvania, Vermont and Wisconsin also participated.

GROWTH OF WIRELESS INTERNET OPENS NEW PATH FOR THIEVES (New York Times, 19 March 2005) – The spread of the wireless data technology known as Wi-Fi has reshaped the way millions of Americans go online, letting them tap into high-speed Internet connections effortlessly at home and in many public places. But every convenience has its cost. Federal and state law enforcement officials say sophisticated criminals have begun to use the unsecured Wi-Fi networks of unsuspecting consumers and businesses to help cover their tracks in cyberspace. In the wired world, it was often difficult for lawbreakers to make themselves untraceable on the Internet. In the wireless world, with scores of open Wi-Fi networks in some neighborhoods, it could hardly be easier. Law enforcement officials warn that such connections are being commandeered for child pornography, fraud, death threats and identity and credit card theft. “We have known for a long time that the criminal use of the Internet was progressing at a greater rate than law enforcement had the knowledge or ability to catch up,” said Jan H. Gilhooly, who retired last month as special agent in charge of the Secret Service field office in Newark and now helps coordinate New Jersey operations for the Department of Homeland Security. “Now it’s the same with the wireless technologies.” In 2003, the Secret Service office in Newark began an investigation that infiltrated the Web sites and computer networks of suspected professional data thieves. Since October, more than 30 people around the world have been arrested in connection with the operation and accused of trafficking in hundreds of thousands of stolen credit card numbers online. Of those suspects, half regularly used the open Wi-Fi connections of unsuspecting neighbors. Four suspects, in Canada, California and Florida, were logged in to neighbors’ Wi-Fi networks at the moment law enforcement agents, having tracked them by other means, entered their homes and arrested them, Secret Service agents involved in the case said.

IS THE UNITED STATES GOING TO GET EVEN TOUGHER ON FOREIGNERS? (Steptoe & Johnson’s E-Commerce Law Week, 19 March 2005) -- In its efforts to fight terrorism, the Bush Administration has substantially tightened US immigration rules and other controls on access of foreigners to the United States. It now appears that the US government is testing the waters for tougher restrictions on US companies that employ foreign nationals who may have access to controlled technology. Last year, the US Department of Commerce issued a report indicating that the enforcement of regulations on “deemed exports” by the Bureau of Industry and Security (BIS) might not be strong enough, and a notice should soon be published requesting comment on the report’s recommendations.

STUDY CRITICIZES GOVERNMENT ON CYBERSECURITY RESEARCH (New York Times, 19 March 2005) -- A report released Friday by a panel of computer experts criticizes the federal government, saying that its financing of research on computer network security is inadequate and that it is making a mistake by focusing on classified research that is inaccessible to the commercial sector. The report, commissioned by the Bush administration, calls for the government to spend $148 million annually on Internet security research through the National Science Foundation, over the current $58 million. It also urges more research spending by the Pentagon’s Defense Advanced Research Projects Agency, or Darpa, and by the Department of Homeland Security. The report, “Cybersecurity: A Crisis of Prioritization,” was prepared by a subcommittee of the President’s Information Technology Advisory Committee, a group of industry and university experts. Research in Internet security is needed to protect systems that run the government and military operations, as well as other areas, including the electric power grid, the air traffic control grid and financial systems, the report said. “The federal government is largely failing in its responsibility to protect the nation from cyberthreats,” said Edward D. Lazowska, chairman of the computer science and engineering department at the University of Washington and co-chairman of the panel. “The Department of Homeland Security simply doesn’t ‘get’ cybersecurity. They are allocating less than 2 percent of their science and technology budget to cybersecurity, and only a small proportion of this is forward-looking.”

MICHIGAN CT. RULES ON DUTY TO PROTECT FROM ID THEFT (BNA’s Internet Law News, 21 March 2005) -- Thanks to an ILN reader for reporting on a recent Michigan case in which the court ruled that unionized 911 operators who were victims of identity theft were owed a duty of care by the union which held their personal information. The union knew confidential information was leaving its premises but did not develop procedures to ensure the security of the information. The court concluded a special relationship existed between the union and plaintiffs such that the union owed plaintiffs a duty to protect them from identity theft by providing some safeguards to ensure the security of their most essential confidential identifying information, which could easily be used to appropriate a person’s identity. Decision at

FEC CONSIDERS RESTRICTING ONLINE POLITICAL ACTIVITIES (Washington Post, 21 March 2005) -- The Federal Election Commission has begun considering whether to issue new rules on how political campaigns are waged on the Internet, a regulatory process that is expected to take months to complete but that is already generating considerable angst online. The agency is weighing whether -- and how -- to impose restrictions on a host of online activities, including campaign advertising and politically oriented blogs. Election officials are reluctantly taking up the issue, after losing a court case last fall. The FEC, which enforces federal election law, had issued scores of regulations delineating how the campaign finance reform legislation adopted in 2002 ought to be implemented. But Reps. Christopher Shays (R-Conn.) and Martin T. Meehan (D-Mass.), who sponsored the legislation, complained that many of those rules were too lax, and they successfully sued to have them rescinded. The commission must now rewrite a number of those directions, including ones that left online political activities virtually free from government regulation. “We are almost certainly going to move from an environment in which the Internet was per se not regulated to where it is going to be regulated in some part,” said FEC Commissioner David M. Mason, a Republican. “That shift has huge significance because it means that people who are conducting political activity on the Internet are suddenly going to have to worry about or at least be conscious of certain legal distinctions and lines they didn’t used to have to worry about.” Which people, what activities and where those lines should be drawn, though, have yet to be determined. The rise of the Internet as a political tool, the variety of ways in which it can be used to promote a campaign and the fact that most federal election laws were written long before the Internet became a household word have combined to present the agency’s commissioners with plenty of knotty legal questions to consider. Should bloggers who work for political campaigns, for example, be required to disclose that relationship? Should their writings include a disclaimer indicating that they were paid for by a campaign? What if a campaign supporter links his Web site to a candidate’s home page? Is that considered a campaign contribution subject to government regulation? What if an independent blogger endorses a candidate? Or posts a campaign’s news release? Are those contributions?

-- and --

ONLINE POLITICKING RECEIVES TEMPORARY REPRIEVE (CNET, 23 March 2005) -- Political bloggers would continue to be exempt from most campaign finance laws, according to highly anticipated rules that federal regulators released Wednesday. The Federal Election Commission also proposed that online-only news outlets and even individual bloggers should be treated as legitimate journalists and thus be immune from laws that could count their political endorsements as campaign contributions. The 47-page outline of proposed rules takes a cautious approach to the explosive question of how Web sites and e-mail should be regulated, with the FEC saying throughout that its conclusions are only tentative ones and inviting public comment. The comment process is expected to be approved by the agency at its meeting Thursday. FEC release at

**** RESOURCES ****

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School,
2. Edupage,
3. SANS Newsbites,
4. NewsScan and Innovation,
5. Internet Law & Policy Forum,
6. BNA’s Internet Law News,
7. The Ifra Trend Report,
8. Crypto-Gram,
9. David Evan’s “Internet and Computer News”,
10. Readers’ submissions, and the editor’s discoveries.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.

No comments: