Saturday, April 23, 2005

MIRLN -- Misc. IT Related Legal News [27 March - 23 April 2005; v8.05]

**************Introductory Note**********************

MIRLN (Misc. IT Related Legal News) is a free product of the American Bar Association’s Cyberspace Law Committee. Please feel free to distribute this message.

Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at (click on “Settings” beside Members-Only Listserve Discussion). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN editions are archived at and in the public materials section of the Cyberspace Committee’s collaboration space at

**************End of Introductory Note***************

YAHOO ADDS SEARCH FOR ‘FLEXIBLE’ COPYRIGHT CONTENT (CNET, 24 March 2005) -- Yahoo has added a feature that lets people search content that’s been licensed through Creative Commons, a nonprofit group that specializes in copyrighting material so that it’s available for some reuse. Yahoo said the search tool links to millions of Web pages featuring Creative Commons’ unconventional content-licensing agreements. Most of the content available through the search feature can be licensed for free under noncommercial-usage or other guidelines, Yahoo said. Creative Commons says its mission is to carve out new ways to share creative works. For example, one alternative the group offers is “attribution only” distribution--the copyright holder lets others copy, distribute, display and perform his works, but only if users give the author credit. The organization lists the different licenses and details on its Web site.

ICANN APPROVES .EU DOMAIN SPACE (Internet News, 25 March 2005) -- The European Union (EU) can now make a name for itself on the Internet, following this week’s approval to include .eu as a country code top-level domain (ccTLD). Directors at the Internet Corporation for Assigned Names and Numbers (ICANN) approved the new name space at a meeting Monday. Officials at EURid, who will take over registry management of the ccTLD, expect final approval from the U.S. Department of Commerce within the next week.

A CAPPS BY ANY OTHER NAME (Wired, 25 March 2005) -- The controversial Secure Flight passenger pre-screening system, or CAPPS III as some have dubbed it, is riddled with faults and should be shelved until it meets strict criteria laid out by Congress. That’s according to Rep. Loretta Sanchez (D-California), members of the American Civil Liberties Union and computer security expert Bruce Schneier, who held a press call Thursday to bring attention to an upcoming report by the Government Accountability Office, which they hope will fault Secure Flight for failing to meet several criteria for its implementation required by Congress. The GAO report, which was mandated by Congress last year in the Department of Homeland Security Appropriations Act of 2005, is likely to be released Monday. But Sanchez and others said they were concerned that the Transportation Security Administration, which will implement Secure Flight, is trying to ignore Congress by taking steps to roll out the system on two national airlines this August, before the program can be certified by the GAO or cleared by Congress. Sanchez also said they were speaking out now out of concern that the GAO could be pressured to certify Secure Flight before it’s ready to go forward. TSA spokeswoman Amy Von Walter would not comment on the GAO report’s contents before its release, but she said the TSA had been working closely with Congress and the GAO “to ensure we are meeting their requests and requirements as we move through the testing phase” and that they would continue to do so “to ensure they’re in agreement before implementing the program in August.” Although there has been some talk that the August rollout might be only a test, Von Walter confirmed that it is the first stage of officially implementing Secure Flight. The TSA had yet to determine which two airlines would participate in the rollout.,1848,67015,00.html

DEAR FEDS, SEND MONEY OR THE IT INFRASTRUCTURE COULD GET IT (Steptoe & Johnson’s E-Commerce Law Week, 26 March 2005) -- They say money makes the world go ‘round . . . And now a group of experts are warning that without a serious cash infusion, the nation’s information technology (IT) infrastructure world is at grave risk of being knocked off its axis by a terrorist or criminal attack. In a report entitled, “Cyber Security: A Crisis of Prioritization,” the President’s Information Technology Advisory Committee (PITAC) -- an advisory body of IT leaders in academia and industry -- argues that the IT infrastructure of the US is “highly vulnerable to terrorist and criminal attacks.” The report, made public on March 18, calls for a drastically increased federal role in supporting the development of new cybersecurity technologies. PITAC warns that short-term solutions to infrastructure vulnerability, like patching or retrofitting software, are inadequate and that only a massive deployment of money and manpower can successfully address the “large structural insecurities” of the nation’s IT infrastructure. We’ve heard such dire warnings before, however, to little discernable effect. But perhaps the current spotlight on identity theft and data security breaches will lend some heft to the argument that the security of the nation’s cyber infrastructure deserves at least as much attention as the data it carries.

-- and --

BANK REGULATORS BEAT CONGRESS TO THE PUNCH ON SECURITY BREACH NOTIFICATIONS (Steptoe & Johnson’s E-Commerce Law Week, 26 March 2005) -- With all the Congressional activity on data security and identity theft these days, it’s easy to forget that threats of new legislation are only half the story. In some industries, federal regulators are already setting guidelines for when companies should disclose security breaches. For example, the four federal financial industry regulators have issued “Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice” to instruct financial institutions on when they will be expected to report security breaches of “sensitive customer information” -- whether that information is stored electronically or in paper form. The federal regulators will view a financial institution’s failure to comply with the guidance as an unsafe and unsound information security practice.

TELECOM GIANTS JOIN FORCES AGAINST HACKERS (CNET, 28 March 2005) -- High-profile telecom and networking companies are banding together to crack down on hackers. The new Fingerprint Sharing Alliance hopes to help its members, which include British Telecommunications, Cisco Systems, EarthLink, MCI and NTT Communications, more effectively share information on individuals responsible for launching online attacks. Other organizations involved in the collaboration, which was announced Monday, include Asia Netcom, Broadwing Communications, Verizon Dominicana, XO Communications and the University of Pennsylvania. Members of the Fingerprint Sharing Alliance will automatically send one another data on computer hackers as they observe or experience new attacks. By immediately alerting other communications companies when they’re being threatened, members of the group hope they can more effectively guard against online attacks and infrastructure hacks that cross network boundaries. Arbor Networks is helping to spearhead the effort. The Lexington, Mass.-based company, which specializes in network threat detection and monitoring tools, will provide the technology used by the group’s members to share emerging attack data. By helping the communications giants rapidly distribute information on hackers, the security company said it can aid in blocking attacks closer to the source. Mark Sitko, vice president of MCI’s Security Services Product Management group, said the Fingerprint Sharing Alliance will quickly provide an “unparalleled view” into new security threats as they surface around the globe. Sitko also promised that MCI will bring significant antihacking firepower to the table.

METLIFE PLANS FREE ID THEFT AID FOR CLIENTS (Washington Post, 28 March 2005) -- MetLife Inc., one of the nation’s largest insurers, is rolling out a new program this week to provide free help in resolving cases of identity theft for all of its homeowner insurance policyholders. Noel Edsall, director of MetLife Auto & Home product development, said the ID theft resolution service would be launched first in New York and Florida, then expand nationwide. While several insurance companies sell ID theft coverage, mainly to reimburse consumers for their costs in dealing with misuse of credit cards or other accounts, MetLife would be the first that works with consumers to resolve their problems at no cost. Matt Cullina, manager of the MetLife team that developed the new service, said that MetLife policyholders who are victimized by ID thieves will be urged to call the MetLife call center listed on their policies. From there they will be directed to specialists at Identity Theft 911 LLC of Scottsdale, Ariz., which provides ID theft resolution services. Sheryl Cox Christenson, the company’s chief executive, said Identity Theft 911 “serves as an advocate,” providing services that include preparing affidavits, contacting police and notifying credit bureaus on a consumer’s behalf.

NIST OFFERS HIPAA SECURITY GUIDANCE (Government Computing News, 28 March 2005) -- The National Institute of Standards and Technology has issued a new guide on securing health information. The guide, Special Publication 800-66, recommends the type of systems that are needed to meet the Health Insurance Portability and Accountability Act security mandates that take effect April 20. The publication, An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act Security Rule, details the minimum requirements to secure health information and systems. NIST identifies resources relevant to the specific security standards included in the HIPAA security rule and provides implementation examples for each. Under the rule, doctors and hospitals must secure and protect patient information from unauthorized use, such as hackers, while also keeping it available for legitimate use. The rule also applies to agencies that transmit health information in electronic form. The guide also lays out similarities between the HIPAA security rule and the Federal Information Security Management Act of 2002, which all agencies must fulfill.; guide at

OUT-OF-STATE TELECOMMUTER RULED LIABLE FOR N.Y. TAXES (, 29 March 2005) -- A man who lives out of state while working by computer must pay New York tax on his full income, the state’s highest court ruled Tuesday in a case that could have wide implications for the growing practice of telecommuting. The Court of Appeals said computer programmer Thomas Huckaby, who lives in Nashville, Tenn., owed New York income tax for his full salary, not just the time he spent working at his employer’s New York offices. Huckaby, whose home state doesn’t have an income tax, paid New York state tax on about 25 percent of his income over two years for the time he spent working there for the National Organization of Industrial Trade Unions. The court upheld a state tax department ruling that all his income should be taxed. That amounts to $4,387 plus interest. However, the ruling could lead to much greater income for the state as it is applied to the growing field of telecommuting. The U.S. Census Bureau’s latest statistics show that nearly 4.2 million people worked at home in 2000, up from 3.4 million in 1990.

TEN QUESTIONS ABOUT SARBANES-OXLEY COMPLIANCE (Computerworld, 30 March 2005) -- Imagine this scenario: You are a CIO at a publicly traded company in turmoil, and your chief financial officer was forced to resign at the end of last quarter after material weakness concerns were raised by your external auditors. Three months ago, the Securities and Exchange Commission got involved and launched a formal investigation, and your company is now constantly scrutinized. It’s time for your CEO to report earnings, and it’s not good news. Now your general counsel adds more bad news. Under the Sarbanes-Oxley Act, your management must demonstrate that adequate internal controls have been established to safeguard confidential information from being compromised during the “blackout.” With the rumor mill running rampant, you know the likelihood of an internal disclosure concerning earnings information is high. However, you have no means to detect these communications if they are leaked in a Web mail or a post to an Internet bulletin board. Even if you could detect this, what information should you protect? Is there a blueprint compliance strategy that could be deployed in a way that could detect all electronic disclosures? There are solutions available, but first you must understand Sarbanes-Oxley, how it affects your business and what information -- by law -- needs to be protected. You and your CEO must know the answers to the following 10 questions in order to prepare and prove that you have deployed the right mix of internal controls:,4814,100646,00.html [Editor: The ABA’s Cyberspace Law Committee soon will publish a “Directors Guide to Data Governance” addressing these issues. The book will be the subject of a committee panel presentation at the ABA annual meeting this August in Chicago. Registration information at]

CENTER CREATES ARCHIVING MODEL (Federal Computer Week, 30 March 2005) -- A New York-based technology research center has developed an approach and methodology designed to help state and territorial archivists and librarians preserve digital information. Through an $800,000 grant from the National Science Foundation, the University at Albany’s Center for Technology in Government has developed a national capability assessment and planning model -- containing information about the governance structure, business model, architecture, and data standards -- to assist governments in identifying, capturing and archiving digital content critical to government operations. As part of the National Digital Information Infrastructure and Preservation Program, the Library of Congress will distribute this toolkit during three workshops that will be held beginning in late April and through May for state and territorial government representatives. Library officials hope to collaborate with their state and territorial counterparts in devising long-term strategies, and receive feedback that can be used to help create a second version. While there are legal mandates in place for preserving paper records, safeguarding digital information is new territory for many governments.

HOLLYWOOD SEEKS ITUNES FOR FILM (CNET, 30 March 2005) -- Sony Pictures Digital Entertainment is trying to develop and own the next iTunes--but for films. “We want to set business models, pricing models, distribution models like (Apple Computer CEO Steve) Jobs did for music, but for the film industry,” Michael Arrieta, senior vice president of Sony Pictures, said at the Digital Hollywood conference here. “I’m trying to create the new ‘anti-Napster,’” he added. To that end, Arrieta said, his group plans to digitize Sony Pictures’ top 500 films and make them available for the first time in various digital environments within the next year. He said the distribution for films like “Spider-Man 2” will go beyond just Movielink, the video-on-demand joint venture of Sony Pictures and several other major studios, which to date has hosted a limited library of Sony’s movies. For example, Sony plans to sell and make films available in flash memory for mobile phones in the next year, Arrieta said. It also will further develop its digital stores for downloading and owning films on the PC, he said in an interview. Sony’s plans--and similar moves by other studios--are likely to avoid empowering any one technology company--such as Apple in the music equation--and allow studios to pocket more of the profits. The philosophy in Hollywood is “Define your own agenda or someone else will for you.”

CHINESE ONLINE SIGNATURES GRANTED LEGAL EFFECT (China View, 31 March 2005) -- Online signatures will become valid in China as of April 1 to facilitate the country’s growing on-line trading, an official of the Ministry of Information Industry (MII) on Thursday. The law grants electronic signatures the same legal effect as handwritten signatures and seals for business transactions, acknowledged the official. It establishes a market access system for online certification providers to ensure the security of e-commerce. While giving due consideration to current electronic certification services that are still in a startup period, the law stipulates that governmental departments shall undertake “effective and appropriate” supervision and management over the electronic certification service organs in market access. The Administration Rules on Online Certification Service goes into effect on the same day to support the implementation of the law. The rules cover mainly the issuance and management of licenses for online certification service, standardization of service behavior, handling of suspension or alteration of the service, pattern and security measures of online signature certification, supervision and management and penalties for illegal activities in the field.

THE WELL CELEBRATES 20TH BIRTHDAY (CNET, 31 March 2005) -- One of the oldest and most celebrated online communities is celebrating its 20th birthday on Friday. Founded in 1985 as a humble computer conferencing system with six dial-up modems, The Well soon blossomed into a “literate watering hole,” luring tens of thousands of artists, technologists and writers. “It’s really something that you’re not going to see anywhere else,” said Gail Williams, director of communities. “It seems to have a tremendous momentum, no matter what happens.” The Well was the creation of Stewart Brand, publisher of the Whole Earth Catalog, who squirreled away the original VAX server in a corner of Whole Earth’s decrepit offices in Sausalito, Calif. Before long, The Well’s conferences became known for intelligent conversation and were attracting luminaries like Kevin Kelly (a Wired Magazine editor) and Mitchell Kapor (the founder of Lotus Development Corporation). Some of The Well’s discussions marked turning points in the history of the Internet. A post from John Perry Barlow, a former Grateful Dead lyricist, prompted Kapor to jet to Wyoming where the two created the Electronic Frontier Foundation. In another, Barlow famously invoked science fiction writer William Gibson’s term “cyberspace” to apply to the Internet of the present. Sometimes participants seemed to regret disclosures made in the chatty confines of the conferences. When James Rutt, a prominent Well member in the 1990s, became chief executive of Network Solutions, he raised eyebrows by deleting hundreds of his posts to avoid possible embarrassment. The Well is at

INTEL TO STOP USING OPEN-SOURCE LICENSE (CNET, 31 March 2005) -- Intel on Thursday said that it will discontinue an open-source license used to govern some of its software. The chipmaker said it has told the Open Source Initiative (OSI) to remove its open-source license from future use as an approved OSI license. The OSI is a nonprofit agency that promotes the use of open-source software and maintains a listing of open-source licenses on its Web site. McCoy Smith, an Intel attorney, raised the issue on an OSI mailing list earlier this week. He said that Intel would like to “remove from future use” the Intel Open Source License, to reduce license proliferation. Intel’s open-source license governs the use of security software that the company has defined. The issue of license proliferation has caused concern among some in the open-source community as it can increase the cost for companies wishing to adopt open-source software, as they need to review and manage each type of license. Intel decided to get rid of its license after finding that it had not been used within the company for several years and is not often used outside Intel, according to an Intel spokesman. Smith said that it does not want the “deapproval” of the license to be retroactive to past uses, as it does not want to force companies to relicense code.

POPE’S INFLUENCE INCLUDES TECHNOLOGY FIRSTS (CNET, 2 April 2005) -- While Pope John Paul II will largely be remembered for his influence on social issues ranging from euthanasia to AIDS, he also earned a place in history as the first pontiff to embrace computer technology. The Vatican brokered a deal with Verizon last year for a service to deliver a daily papal message to subscribers’ cell phones. A church representative said the Vatican had a history of embracing new communications media, and cell phones are a natural vehicle for reaching younger believers. “People are always trying to find ways to market His Holiness,” said Sister Mary Ann Walsh, a spokeswoman for the U.S. Conference of Catholic Bishops. Earlier, the Vatican set up a special page for the pope to deliver messages about faith and world peace. “While the Internet can never replace that profound experience of God which only the living, liturgical and sacramental life of the Church can offer, it can certainly provide a unique supplement and support in both preparing for the encounter with Christ in community, and sustaining the new believer in the journey of faith which then begins,” the pontiff proclaimed at the 36th annual World Communications Day in 2002. Under John Paul II’s leadership, the Vatican has also moved forward with plans to name St. Isidore of Seville, known for his scholarly work, as the patron saint of computer users, computer technicians and the Internet. The pope’s health crisis the past few weeks also prompted a flurry of Web activity. The main Vatican Web site was unreachable due to heavy traffic most of Friday. But American Catholics could still submit prayers for the pontiff through the Franciscan Friars’ online St. Anthony Shrine, while Your Catholic Voice encouraged the faithful to initiate e-mail prayer chains.

-- related (somewhat) story on the security of the Papal election process, and how it might be “hacked” at

B.C. COURT DISMISSES PRIVACY CLAIM OVER DATA OUTSOURCING (BNA’s Internet Law News, 4 April 2005) -- The British Columbia Supreme Court has dismissed a claim by a B.C. union challenging the outsourcing of the management of health information to a U.S. company. The court emphasized the importance of privacy protection, but concluded that “the contractual provisions, the corporate structure, and the legislative provisions provide more than reasonable security with respect to records in British Columbia.” It also noted that “all reasonable steps to ensure the confidentiality of the information which Maximus will receive in order to discharge its contractual obligations. Privacy is not absolute.” Case name is BC Govt Serv. Empl. Union v. British Columbia (Minister of Health Services). Decision at

THE NEXT CHAPTER IN THE PATRIOT ACT (CNET, 4 April 2005) -- Both the Senate and the House of Representatives are kicking off what promises to be a tumultuous series of hearings about whether to renew key sections of the controversial 2001 law. Roughly half of the law is set to expire on Dec. 31. It’s too early to know whether the hearings will be a sober analysis of surveillance and privacy or a Republican ploy to rubber-stamp a renewal. Early signs are positive; presiding over the Senate hearings will be Arlen Specter, R-Penn., who supported a partial repeal of the Patriot Act last year. His House counterpart, F. James Sensesnbrenner, R-Wis., has made similar comments in the past. The Patriot Act, of course, has been one of the most polarizing laws of the last few decades. The Bush administration drafted large portions of it, and the president himself sings its praises every chance he gets. But worries about the law’s effect on civil liberties led hundreds of communities to vote to condemn it. The law is long and convoluted. But five sections that are set to expire will have the most impact on the technology and telecommunications industries:
• Sec. 202: Computer hacking is a “predicate offense” permitting police to seek certain types of wiretaps.
• Sec. 203: Federal police can share information gleaned from a wiretap or Carnivore-like surveillance device with spy agencies. Previously, there was no explicit authorization for such data sharing.
• Sec. 212: Internet providers and other communications services can divulge information to police more readily. Specifically, customer records and other data may be legally handed over to police in an emergency.
• Sec. 215: Secret court orders can be used to obtain records or “tangible items” from any person or business if the FBI claims a link to terrorism. The unlucky recipient of the secret order is gagged; disclosing its existence is punishable by a prison term. Librarians are especially concerned about this (though the FBI claims it hasn’t invoked Sec. 215 so far).
• Sec. 217: Computer service providers may eavesdrop on electronic trespassers legally. Police can be authorized to “listen in” on what’s happening on the provider’s network.

-- and --

FEDS UNCLOAK THE PATRIOT ACT (CNET, 5 April 2005) -- More information is dribbling out about the exercise of extraordinary powers granted to federal police nearly four years ago as part of the war on terror. As the Bush administration this week called on Congress to expand the USA Patriot Act, it disclosed how two of the most controversial sections of the law have been wielded by police. Police invoked the Patriot Act when surreptitiously entering and searching a home or office without notifying the owner 108 times during a 22-month period, according to a one-page summary released by the Justice Department late Monday. On Tuesday, U.S. Attorney General Alberto Gonzales told the Senate that police have employed secret court orders to obtain records 35 times so far.

COURT RULES COMMON LAW PROTECTS RECORDINGS MADE BEFORE U.S. COPYRIGHT LAW (, 5 April 2005) -- New York’s highest court ruled that common law protects the rights of a record company for music recorded before the 1972 federal copyright law in a decision the judges expect to have “significant ramifications for the music recording industry.” The result is that artists, their estates and others involved in recordings made before 1972 should be able to collect royalties in the United States for their performances, said Philip Allen Lacovara, the attorney for Capitol Records that won the state decision released Tuesday.

GOOGLE FEATURE INCORPORATES SATELLITE MAPS (Washington Post, 5 April 2005) -- Online search engine leader Google has unveiled a new feature that will enable its users to zoom in on homes and businesses using satellite images, an advance that may raise privacy concerns as well as intensify the competitive pressures on its rivals. The satellite technology, which Google began offering late Monday at, is part of the package that the Mountain View-based company acquired when it bought digital map maker Keyhole Corp. for an undisclosed amount nearly six months ago. This marks the first time since the deal closed that Google has offered free access to Keyhole’s high-tech maps through its search engine. Users previously had to pay $29.95 to download a version of Keyhole’s basic software package. A more traditional map will continue to be the first choice served up by Google’s search engine. Users will have the option of retrieving a satellite picture by clicking on a button. The satellite maps could unnerve some people, even as the technology impresses others. That’s because the Keyhole technology is designed to provide close-up perspective of specific addresses. [Editor: try it -- key in your home address and click on the “Satellite” URL at the upper-right of the window; zoom in]

IBM TO EXPENSE STOCK OPTIONS (News Factor, 6 April 2005) -- IBM says it will start expensing stock options in view of new Securities and Exchange Commission guidelines that go in effect on June 15th. The world’s largest computer firm joins other large firms that have decided to count the value of stock options against their earnings, but leaves the ranks of many technology firms that offer stock options as an incentive to attract the best talent. The company says it will restate earnings from last year based on the new policy. The total expense for distributed stock options in fiscal 2004 was 55 US cents a share. IBM says it will adopt the Financial Accounting Standards Board’s revised Shared-Based Payment policy -- known as “SFAS 123(R)” -- which was issued last December. FASB said the rule was needed to make company financial reporting more transparent and comparable for investors and regulators. The lack of expensing stock options is said to distort financial results. Some critics of stock-based compensation say the practice is merely a financial rearrangement of chairs to make earnings announcements appear better. The actual health of the company can be tested within its operational results. IBM is unlikely to be a leader among technology companies in the adoption of SFAS 123(R). “If technology companies don’t need to expense stock options, I don’t see many of them doing so just because IBM is doing it,” said Yankee Group analyst Michael Dominy. “They’ll do it if they’re forced to.” FASB said in December it would allow companies the option of continuing to apply previous guidelines regarding the expensing of stock options, “as long as the footnotes to financial statements disclosed what net income would have been had the preferable fair-value-based method been used.”

HOMELAND SECURITY PANEL PICKS CONTROVERSIAL CHIEF (CNET, 6 April 2005) -- A federal privacy board on Wednesday appointed a prominent champion of government data-mining as its first chairman. The Department of Homeland Security’s privacy board chose as its chairman Paul Rosenzweig, a conservative lawyer best known in technology circles for his defense of the Pentagon’s Total Information Awareness project. Bowing to privacy concerns, Congress pulled the plug on the program two years ago. Nuala O’Connor Kelly, the department’s chief privacy officer, nominated Rosenzweig for the job during the group’s first meeting in a downtown hotel here. Rosenzweig is a senior fellow at the Heritage Foundation and a former Justice Department trial attorney. “Constructive criticism from the bully pulpit to which we’ve been advanced here can serve as a positive tool to the department,” Rosenzweig said during the meeting, which drew more than 100 audience members. Lisa Sotto, a partner at the New York law firm of Hunton and Williams, was appointed vice chairman. The privacy advisory board has already raised eyebrows when an executive from “adware” company Claria (formerly called Gator) was selected as a member in February. The group is charged with providing advice “programmatic, policy, operational and technological issues that affect privacy, data integrity and data interoperability.” “I don’t really regard Paul as a privacy advocate,” said Lee Tien, a lawyer with the Electronic Frontier Foundation in San Francisco. “I think he’s much more focused on whatever homeland security mission there is. He tends to view privacy as something to be circumvented.”

FRENCH APPEALS COURT SAYS YAHOO NOT LIABLE FOR NAZI GEAR AUCTIONS (, 6 April 2005) -- A Paris appeals court on Wednesday upheld a decision that absolved Yahoo! Inc. of any legal responsibility for auctions of Nazi paraphernalia formerly held through its Web site. The attorney for Yahoo, Olivier Metzner, said the decision made clear that the company and its former chief executive, Tim Koogle, were not responsible for the Nazi collectibles sold. In 2003, a Paris court ruled that Yahoo and Koogle never sought to ``justify war crimes and crimes against humanity’‘ -- the accusation leveled by human rights activists, including Holocaust survivors and their families. The case was initiated in 2000, when France’s Union of Jewish Students and the International Anti-Racism and Anti-Semitism League sued Yahoo for allowing Nazi collectibles, including flags emblazoned with swastikas, to be sold on its auction pages. The case led to a landmark ruling in France, with a court ordering Yahoo to block Internet surfers in France from auctions selling Nazi memorabilia.

FORUM SELECTION CLAUSE UPHELD IN CONTENT SCRAPING CASE (, 6 April 2005) -- In the case of Cairo, Inc. v. CrossMedia Services, Inc., decided on April 1, 2005, the U.S. District Court for the Northern District of California has held that although a company using scrapers to gather content from a competitor’s website did not expressly assent to the website’s terms of use, the scrapers’ “repeated and automated” access to the site created imputed assent to the terms of service and the forum selection clause appearing therein.

SPITZER PULLS CAMPAIGN AD OFF GOOGLE (CNET, 7 April 2005) -- New York Attorney General Eliot Spitzer on Wednesday pulled a political ad that ran on Google when Web searchers typed in the acronym for American International Group, a prosecutorial target of the crime-busting gubernatorial candidate. During Wednesday morning and early afternoon, Google searchers who typed in the keyword “AIG” were delivered a search ad at the top right of the results page that read “Spitzer for NY Governor.” People who clicked on that ad were sent to “It wasn’t appropriate, and as soon as Mr. Spitzer found out about it, he had it removed it as soon as possible,” Darren Dopp, a spokesman for the New York attorney general, told Reuters. Dopp said it appeared that a relatively low-level campaign staffer responsible for promoting Spitzer’s campaign Web site made a mistake and put in the AIG keyword.

UC ELECTRONIC RESERVES RANKLE PUBLISHERS (Chronicle of Higher Education, 7 April 2005) -- A system that handles electronic reserves at the University of California (UC) in San Diego has prompted complaints from publishers that the university has far exceeded the bounds of fair use. With the system, materials that faculty put on reserve are made available electronically, allowing students to access and even print them from outside the university library. The Association of American Publishers objected, saying that electronic access substantially changes the traditional terms of reserve materials and deprives publishers of sales. Publishers have previously won legal challenges to the production of coursepacks, which the courts said do not fall under the terms of fair use. The publishing group insisted the same applies to electronic resources. Representatives of UC disputed the claims, saying the reserve system does not infringe on sales of texts. Jonathan Franklin, associate law librarian at the University of Washington, noted that the fair use law is not clear and commented that if the disagreement is ultimately settled by the courts, such a resolution might provide needed clarification for all concerned. (sub. req’d)

AOL LAUNCHES INTERNET PHONE SERVICE (AP, 7 April 2005) -- America Online Inc. on Thursday launched its Internet telephone service, jumping into a market that’s already crowded with startups, cable operators and even traditional phone companies. The AOL Internet Phone Service, which is being offered to AOL members and others in 40 markets at first, includes the regular features of traditional telephony and combines them with advanced services that are accessed on a PC over the Internet. AOL’s subscribers must have a high-speed Internet connection and a router. An adapter connects to the router, and a conventional phone can be plugged into the adapter. Users will receive a number and can make or receive calls. AOL’s starting price for new users is $29.99 per month for the first six months — increasing to $39.99 after that. It includes unlimited local and long-distance calling within the U.S. and Canada as well as unlimited access to the regular AOL service over existing broadband. Plans for current AOL users start at $13.99 a month (increasing to $18.99 after three months) for unlimited local and regional calling to $29.99 (increasing to $34.99) for a global calling plan with low international rates. The price for new users is steeper than the current Internet telephony leader, Vonage, which charges $24.99 a month for unlimited U.S. and Canada dialing. Packet8, a similar service offered by 8x8 Inc., charges $19.95 for its “Freedom Unlimited” plan. AOL is apparently trying to differentiate itself by bundling its online service. It also claims to make it easier for consumers to manage their service from a Web-based “dashboard,” which New Jersey-based Vonage also uses to describe its Web-interface. From there, users can change call-forwarding settings, view call logs and access contact lists that will dial a number simply by clicking on it.

-- and --

ENTERPRISE USERS ALREADY TALKING VOIP (AP, 13 April 2005) -- Because their phones speak the language of the Internet, Boeing Co. engineers can both hear and see each other as they remotely collaborate on projects. Boeing began experimenting with Internet telephony in 2001 and is now spreading it, videophones included, across the far-flung aerospace and defense company. The same technology lets brokers at Lehman Bros. pre-record voicemail messages and insert them into clients’ inboxes, while the town of Herndon, Va. distributes missing children alerts -- photos and text -- to its municipal employees over their Internet Protocol phones. At NFL Films, a Voice over Internet system makes setup easy as workers travel from stadium to stadium: Workers merely plug their phones into a network and everything from the phone number to user privileges are automatically set up. No trip to the wiring closet required. Home adoption of Internet telephones may not be mainstream, but many corporations, government agencies and other big institutions are cautiously embracing Internet calling for its advanced features and potential cost savings. A 2004 Yankee Group survey of 231 businesses found that 39 percent were using IP telephony in some form. Of those, 9 percent were testing, 25 percent were partially deployed and 5 percent were fully deployed. Of the 113 million U.S. business handsets in use today, only 10 percent use Internet Protocol tech. But growth is accelerating: In fact, the Yankee Group estimates 50 percent of new lines shipped this year will use IP.

ITALIAN DPA ISSUES RFID GUIDELINES (Hunton & William’s Privacy & E-Commerce Alert, 11 April 2005) -- On March 29, the Garante (Italian Data Protection Authority) published guidelines on the processing of personal data by RFID chips. The Guidelines set forth the following general principles for use of the chips: 1) individuals must be informed about their use; 2) explicit consent must be given for the processing of personal data; 3) there must be a way to deactivate the chips; 4) labor law rights of employees must be respected; 5) chips implanted under the skin may be used only in very exceptional cases; 6) the principles of proportionality and finality must be observed and the personal data may be retained only as long as necessary; 7) adequate security must be used; and 8) the processing must be notified to the Garante. The Guidelines are available (in Italian only) at:

NEW GUIDE AIMS TO KEEP BLOGGERS SAFE FROM PINK SLIPS (CNET, 11 April 2005) -- As ex-Delta Air Lines and Google employees can testify, blogging about your workplace can often have unfortunate consequences, including receiving a pink slip. To help online scribes--and their bosses--stay on the right side of the law, the Electronic Frontier Foundation has launched a guide for blogging in the workplace. The EFF guide warns that not just random readers can find your blog; friends and colleagues can, too. But anonymity can help protect bloggers from the fallout. “Anyone can eventually find your blog if your real identity is tied to it in some way,” the guide says. “And there may be consequences. Family members may be shocked or upset when they read your uncensored thoughts. A potential boss may think twice about hiring you. But these concerns shouldn’t stop you from writing. Instead, they should inspire you to keep your blog private, or accessible only to certain trusted people.” Among the tips to preserving anonymity: Disguise your name and keep quiet on any details that might allow people to guess your identity--for instance, the location of your city, how many employees there are in your company, or the color of a boss’ cat. The guide also recommends not using work resources for blogging. “You could get in trouble for using company resources like an internet connection to maintain your blog, and it will be very hard for you to argue that the blog is a work-related activity. It will also be much more difficult for you to hide your blogging from officemates and IT operators who observe traffic over the office network,” the guide says.; guide at

AUSTRALIAN ACTORS’ UNION SHOUTS ‘CUT’ ON DIGITAL FILM (The Age, 12 April 2005) -- The Australian actors union is blocking a world-first remixable film project, and possibly forcing the production offshore, out of fear that footage of actors could be misused. The Media, Entertainment and Arts Alliance has stopped production on the “re-mixable” film experiment because of plans to release the film under a Creative Commons (CC) licence. The $100,000 short film Sanctuary has been seeking a dispensation from the MEAA since January to allow professional actors to participate in the production. The film’s cast supports the concept but the MEAA board has refused any dispensation, stalling production scheduled to start in late March. The CC licence will allow audiences to freely copy and edit the film’s digital assets for non-commercial purposes, this being the issue of central concern to the MEAA. “We don’t see any safe way a performer can appear in this,” says Simon Whipp, MEAA national director. “Footage could be taken and included in a pro-abortion advertisement or a pro-choice advertisement.

INFORMATION FROM GUANTANAMO DETAINEES (Department of Defense, April 2005) -- The US Government currently maintains custody of approximately 550 enemy combatants in the Global War on Terrorism at Guantanamo Bay, Cuba. Many of these enemy combatants are highly trained, dangerous members of al-Qaida, its related terrorist networks, and the former Taliban regime. More than 4,000 reports capture information provided by these detainees, much of it corroborated by other intelligence reporting. This unprecedented body of information has expanded our understanding of al-Qaida and other terrorist organizations and continues to prove valuable. Our intelligence and law enforcement communities develop leads, comprehensive assessments, and intelligence products based on information detainees provide. The information includes their leadership structures, recruiting practices, funding mechanisms, relationships, and the cooperation between terrorist groups, as well as training programs, and plans for attacking the United States and other countries. [Declassified report summary at; at least one detainee reportedly is a lawyer]

COPYRIGHT REFORM TO FREE ORPHANS? (Wired, 12 April 2005) -- Veteran filmmaker Robert Goodman is working on a documentary about the first pop culture phenomenon of the 20th century: American picture postcards. But securing permission to use many of these works -- photos and illustrations that are around 100 years old -- is an impossible task, as many of the original owners are unknown or dead, or the publishing companies no longer exist. The uncertainty of copyright ownership means Goodman, an Emmy-nominated director with a long career in film, photography and writing, is facing substantial costs, a lot of tedious research and, if he’s really unlucky, lawsuits. “There’s no good copyright clearinghouse to go to and say, here’s all the people who copyrighted their materials and here’s how you find them,” said Goodman. “You’re left with trying to find their relatives, and we live in a society where people, on average, move every seven years. It’s an impossibility.” Stories like these about so-called “orphan works” -- items still locked up under copyright but where the owners are unknown or impossible to locate -- are leading the U.S. Copyright Office to try to fix the problem. The office is soliciting reply comments until May 9, and has already collected and posted more than 700 initial comments from artists, academics and copyright owners. Jule Sigall, associate register for policy and international affairs for the copyright office, said the office will hold public hearings this summer and report its findings to the Senate Judiciary Committee by the end of the year. It’s possible that Congress will address the orphan works issue with legislation. “We’re hoping to get a good factual record of what the problems are (and) what obstacles people are running into,” Sigall said. “We also asked people to propose solutions. There seem to be a lot of good suggestions as to the type of mechanisms that could be used to solve the problems.” The copyright office wants to find a solution to satisfy those who want to build on orphan works without jeopardizing copy protection for owners.,1284,67139,00.html

SECURITY BREACH LAWS BECOME STATE’S RIGHTS ISSUE (CNET, 13 April 2005) -- In the wake of a series of high-profile security mishaps, key members of Congress have pledged to crack down on data brokers. But a Senate hearing on Wednesday showed that important federalism questions--namely, how much flexibility states will enjoy to craft their own rules--remain unresolved. “Why not pre-empt state laws so these companies know what they’re dealing with and don’t have to familiarize themselves with the differences” that 50 different state laws could pose, asked Arlen Specter, a Pennsylvania Republican who heads the Senate Judiciary Committee. On technology topics, Congress frequently sets national rules and prevents states from enacting stricter ones. That’s the approach taken by the 2003 Can-Spam Act, which overruled stricter state laws that, in some cases, set “opt-in” rules for bulk e-mail and granted junk e-mail recipients the right to sue spammers. Can-Spam doesn’t. William Sorrell, Vermont attorney general and president of the National Association of Attorneys General, asked senators to veer in a different direction this time. “Have your law be a floor rather than a ceiling,” Sorrell said Wednesday. “Be respectful of the ability of the states.” State legislators have wasted no time in responding to a series of security snafus involving Bank of America, payroll provider PayMaxx, and Reed Elsevier Group’s LexisNexis service. More than 20 states, including New York, Washington, Illinois and Texas, already have proposed responses such as requiring that consumers be alerted if their personal information is disclosed accidentally or improperly. The data mining companies that are likely targets of regulation aren’t exactly clamoring for a crackdown. But they said Wednesday that if new laws are going to be enacted, they’d strongly prefer a uniform federal rule over a state-by-state approach.

PUTTING TEETH INTO U.S. CYBERCRIME POLICY (CNET, 14 April 2005) -- It wasn’t so long ago that interest in the topic of online crime was limited to a small circle of technologists. Nowadays, senior government officials talk about it as a potential national security threat. That’s where Paul Kurtz comes in. As the executive director of the Cyber Security Industry Alliance, a consortium of CEOs pressing for more-effective cybersecurity legislation, Kurtz is hoping to make sure any new regulations carry real weight. And since the 41-year-old Kurtz’s resume includes a stint on the White House’s National Security Council, as well as a period as senior director for national security at the Office of Cyberspace Security, it’s a good bet that he’ll find an audience willing to hear him out. Kurtz helped develop the international component of the National Strategy to Secure Cyberspace, as a member of the President’s Critical Infrastructure Protection Board. In his new post, Kurtz believes the CSIA, which was founded in 2003, can succeed where other security interest groups have not. Unlike industry efforts that have criticized the government for doing too little, or policy groups that have called for action and failed to consider the implications of technology-oriented legislation, Kurtz is looking for middle ground. The security expert believes that by helping the government see the big picture, tech-wise, and aiding politicians in writing laws that have real teeth against cybercriminals, true progress against the tide of online threats can be made. Earlier this month, CNET caught up with Kurtz com to hear his ideas on where CSIA’s battle for better cybercrime legislation currently stands. [interview follows]

THE SCO BOOMERANG AND THE STRENGTH OF LINUX (NewsFactor, 15 April 2005) -- Back in March of 2003, when SCO Group first brought its suit against IBM for, we thought, copyright infringement related to code IBM supposedly donated to Linux, the whole world thought it might be the death of Linux. Even those who didn’t think so certainly believed the litigation was at least about Linux. Two years later, and counting, there still is no indication from SCO what code it is precisely talking about, and any link to Linux seems to be getting weaker and weaker. The code SCO offered to the court so far as infringing materials was rejected as being not credible evidence of copyright infringement. So, where are we now in the SCO v. the World litigation? Most observers now seem to view the case as more about a contract dispute, and the latest SCO claim it wishes to add to its complaint seems to be about AIX code on the Power architecture, which absolutely has no relationship to Linux. So what happened to SCO’s Linux copyright infringement claims? While it’s unwise to predict outcomes in legal disputes beyond what ought to happen, the market already has reached its own conclusion, which is that in the enterprise, most folks just don’t care how it turns out. They want to switch to Linux and they are.

-- and --

LINUX PROGRAMMER WINS LEGAL VICTORY (CNET, 15 April 2005) -- A Linux programmer has reported a legal victory in Germany in enforcing the General Public License, which governs countless projects in the free and open-source software realms. A Munich district court on Tuesday issued a preliminary injunction barring Fortinet, a maker of multipurpose security devices, from distributing products that include a Linux component called “initrd” that Harald Welte helped write. In addition to being a Linux programmer, Welte runs an operation called the GPL Violations project that attempts to encourage companies shipping products incorporating GPL software to abide by the license terms. The license lets anyone use GPL software in products without paying a fee, but it requires that they provide the underlying source code for the GPL components when they ship such a product. Fortinet, based in Sunnyvale, Calif., said in a statement it’s addressing the issue but is surprised that Welte resorted to legal action. “Fortinet recently became aware of Mr. Welte’s allegations and has, in good faith, been diligently working with him to resolve this matter outside of the German court system. Fortinet is actively taking steps to ensure that its products are compliant with GPL requirements. Therefore, Fortinet is surprised that Mr. Welte pursued a preliminary injunction against Fortinet in Germany and believes that this is an unnecessary action,” the company said. “Fortinet is continuing its efforts to expeditiously resolve this matter with Mr. Welte.” Welte has said he doesn’t object to corporate use of open-source software; he just wants it to be done properly. Welte first notifies companies of his accusations before beginning legal action, he said. In the case of Fortinet, the GPL Violations project informed the company of its concerns March 17, but “out-of-court negotiations on a settlement failed to conclude in a timely manner,” the project said in a statement.

CONTROVERSIAL TERROR DATABASE MATRIX SHUTS DOWN (AP, 18 April 2005) -- A three-year-old crime and terrorism database that came under fire for sharing and collecting personal information was closed down Friday because a federal grant ran out. Elements of the Multistate Anti-Terrorism Information Exchange - Matrix - may live on if individual states decide to fund it on their own, said Bob Cummings, executive vice president for the Institute for Intergovernmental Research in Tallahassee, which helped coordinate the Matrix network. “We’re winding up the project today. The system that the federal government has basically paid for, the application itself to the users and the states, will either be assumed by the states or will no longer exist,” he said. Matrix was down to four participants - Pennsylvania, Florida, Ohio and Connecticut - after several states opted out due to privacy concerns, legal issues or cost. It operated with grant money from the departments of Justice and Homeland Security, but that funding expired Friday. “They can put a good face on it, saying that the grant ran out, but frankly if there wasn’t growing opposition to this kind of intrusive, investigatory technique, the funding wouldn’t have run out,” said Howard Simon, executive director for the Florida American Civil Liberties Union.

FLEXIBLE COPYRIGHTS HOP THE POND (Wired, 18 April 2005) -- The British Broadcasting Corporation recently unveiled a license that will allow the public to access free television footage, films and sounds from some of the largest media archives in the United Kingdom. But don’t expect to mash up scenes of Monty Python with clips of The Simpsons. For the time being, those who want to create new media from the so-called Creative Archive will have to be content with works a bit more obscure. Still, the effort is seen by copyright-reform advocates as a great development for sharing and building upon old works. The Creative Archive License, originally scheduled to launch last fall, borrows from the U.S.-based Creative Commons, a nonprofit organization that develops and promotes flexible copyright licenses around the world. The license permits free use of materials as long as users credit the original author, use them in the United Kingdom for noncommercial purposes and agree to license what they make under the same terms. In addition, the work may not be used for political or derogatory purposes. The British Film Institute, Channel 4 and Open University have signed on to use the new Creative Archive License. Teachers’ TV and Arts Council England are also planning to use the licenses, Le Dieu said. So far, the British Film Institute is the only organization to make clips available. The group is releasing a handful of works from its archive that are in the public domain and do not include a soundtrack -- they are black-and-white clips from about 100 years ago. In the United Kingdom, the term of copyright is 70 years from the program’s first transmission or public showing. “We have an obligation to the public to make that material accessible to the extent that that is possible within the terms of copyright law,” said Richard Paterson, head of knowledge for the film institute, which holds 200,000 films and 400,000 television programs. Footage from industries owned by the state like railroads, buses, airlines, utilities and mining will be made available using the licenses. “It’s true of most archives in the world that most people don’t know what’s in them,” Paterson said. “This makes it accessible.” The BBC hasn’t released any of its content using the licenses yet because the company “wants to make sure that the rights owners are coming along with us on this journey,” Le Dieu said. She has no estimate of when the BBC will MAKE ANY OF ITS MATERIAL AVAILABLE. HTTP://WWW.WIRED.COM/NEWS/DIGIWOOD/0,1412,67239,00.HTML

**** RESOURCES ****
Two key documents relating to counsel’s obligations for control of electronic data and potential electronic evidence.

ELECTRONIC DISCOVERY SANCTIONS IN THE TWENTY FIRST CENTURY (Judge Shira Scheindlin, 14 Feb 2005) – Judge Scheindlin authored the Zubulake decisions that have set the ‘gold standard’ for defining counsel’s duty to issue, monitor and enforce litigation hold orders.

-- and --

Decision of a court in Florida in the Morgan Stanley/Ron Perelman fraud litigation, in which the court severely criticizes conduct of Kirkland & Ellis and articulates additional standards for counsel’s obligations to preserve and disclose electronic records sought in pretrial discovery.

Learn whether your in-house legal department is making the most of what each of your lawyers knows, individually, how to break down “silos” and promote sharing, and how better to empower professional development. The Editor’s KnowConnect, Inc. provides advice and assistance in knowledge management process design. [My first and last plug in MIRLN.]

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School,
2. Edupage,
3. SANS Newsbites,
4. NewsScan and Innovation,
5. Internet Law & Policy Forum,
6. BNA’s Internet Law News,
7. The Ifra Trend Report,
8. Crypto-Gram,
9. David Evan’s “Internet and Computer News”,
10. Readers’ submissions, and the editor’s discoveries.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.