Saturday, June 18, 2005

MIRLN -- Misc. IT Related Legal News [21 May – 18 June 2005; v8.07]

**************Introductory Note**********************

MIRLN (Misc. IT Related Legal News) is a free product of the American Bar Association’s Cyberspace Law Committee. Please feel free to distribute this message.

Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at (click on “Settings” beside Members-Only Listserve Discussion). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN editions are archived at and in the public materials section of the Cyberspace Committee’s collaboration space at

**************End of Introductory Note***************

E-MAIL RETENTION A MUST AFTER MORGAN STANLEY CASE (CNET, 21 May 2005) -- The $1.45 billion judgment against Morgan Stanley for deceiving billionaire Ronald Perelman over a business deal has a lesson all companies should learn--keeping e-mails is now a must, experts say. Banks and broker-dealers are obliged to retain e-mail and instant messaging documents for three years under U.S. Securities and Exchange Commission rules. But similar requirements will apply to all public companies from July 2006 under the Sarbanes-Oxley corporate reform measures. At the same time, U.S. courts are imposing increasingly harsh punishments on corporations that fail to comply with orders to produce e-mail documents, the experts said. Where judges once were more likely to accept that incompetence or computer problems might be to blame, they are now apt to rule that noncompliance is an indication a company has something to hide. “Morgan Stanley is going to be a harbinger,” said Bill Lyons, chief executive officer of AXS-One, a provider of records retention software systems. “I think general counsels around the world are going to look at this as a legal Chernobyl,” he said. Wednesday’s $1.45 billion verdict against Morgan Stanley in West Palm Beach, Fla., was the product of just such a negative ruling on e-mail retention, which is also expected to form the backbone of the Wall Street firm’s appeal.

-- and --

COMPANIES RAMPING UP E-MAIL MONITORING (CNET, 8 June 2005) -- A new study has found that 63 percent of corporations with 1,000 or more employees either employ or plan to employ staff to read or otherwise analyze outbound e-mail. The report, released Monday by e-mail security specialist Proofpoint, said 36.1 percent of companies employ staff to monitor e-mail today, with another 26.5 percent saying they intend to employ such staff in the future. In companies with more than 20,000 employees, this practice is even more common, according to the survey, which involved 332 technology decision-makers at large U.S. companies. Forty percent of those large companies employ staff to monitor e-mail today, and an additional 32 percent plan to employ such staff in the future. According to the study, companies are concerned about making sure e-mail isn’t used to leak company trade secrets or other intellectual property, and about complying with financial disclosure regulations. Another factor is preventing confidential internal memos from getting zapped outside the company, according to the report. The study comes amid a rise in workplace monitoring. The number of employers who monitor the amount of time employees spend on the phone and track the numbers called has jumped to 51 percent, up from 9 percent in 2001, according to a study released last month by the American Management Association and the ePolicy Institute.

COURT RULES FOR GERMAN ISPS IN P2P IDENTITIES CASE (The Register, 17 May 2005) -- ISPs in the state of Hamburg can’t be forced to provide customer data to record companies, even when illegal copying is suspected, at least for now. The Higher Regional Court in Hamburg has ruled ( that there is no legal basis for demanding customer data. ISPs, the court argues, aren’t part of the criminal act. They merely provide access to the web. The Higher Regional Court overruled a earlier decision by the Hamburg District Court, which had granted record companies access to customer data after they discovered an FTP server where numbers by German band Rammstein could be downloaded for free. The District Court based its ruling on the German Copyright Act. The full text of the decision is available (in German) at:

U.S. ARMY UPGRADES ARMY KNOWLEDGE ONLINE - AKO - PORTAL (Internet Ad Sales, 18 May 2005) -- Appian Corporation, the leading provider of business process management solutions to the government, today announced that the U.S. Army has purchased additional software licenses, as well as maintenance and professional services, for the Army Knowledge Online (AKO) portal. Additionally, AKO will be upgraded to Appian Enterprise v.3, the latest version of Appian’s award-winning portal solution for government. With more than 1.6 million registered users, AKO is widely regarded as one of the most successful enterprise portal implementations in the world. In April, 770,000 different people used AKO 12.5 million times. Overall, 72 percent of the active force uses AKO regularly. Considered the virtual nerve center of Army operations, AKO provides single sign-on access to as many as 300 of the Army’s mission-critical applications and services. “The global war on terror has created new demands for collaboration and information sharing,” said Gary Winkler, Director of Enterprise Integration, Chief Information Officer/G6. “The rapid and wide-spread acceptance of AKO as the Army operations portal and virtual workspace makes it the obvious and most appropriate vehicle for bringing groups of people with shared interests together.”

NEXT FOR BITTORRENT: SEARCH (Wired, 23 May 2005) -- Whiz kid inventor Bram Cohen and a small cadre of developers and entrepreneurs are in the final stage of launching an advertising-supported search engine dedicated to cataloging and indexing the thousands of movies, music tracks, software programs and other files for download over Cohen’s popular BitTorrent protocol. The free search tool will be the first large-scale commercial offering from BitTorrent, a five-person company headed by Cohen that so far has drawn most of its revenue from T-shirt sales and PayPal donations. The ranked search results will be accompanied by sponsored links provided through a partnership with Oakland, California, company Ask Jeeves, says Ashwin Navin, BitTorrent’s chief operating officer. BitTorrent will make money from each clickthrough. “Ask Jeeves syndicates our advertising products to many different sites, and BitTorrent will be one of them,” confirmed Ask Jeeves spokeswoman Darcy Cobb. Navin demonstrated the service for Wired News last week at BitTorrent’s temporary headquarters, a small, one-room San Francisco office shared with Navin’s last venture, an import/export firm called GSI Group. Surrounded by pallets of imported playing cards and poker chips, Navin fired up a browser on his laptop and typed “Mozilla” into the BitTorrent search field. The search quickly produced a site offering torrents for the free browser. The search engine is expected to go live within two weeks, according to Navin, who is moving to the Bay Area from Bellevue, Washington. It will live on BitTorrent, the website from which Cohen distributes the open-source software that has changed the way netizens distribute and connect with content online. BitTorrent speeds internet file transfers by shifting the bandwidth burden off the publisher, and distributing it among users downloading the file: Everyone downloading a file over BitTorrent is unobtrusively uploading it to other users at the same time so that large, popular files actually move at a faster rate than obscure ones. The new search engine takes that dynamic into account. It resembles Google in operation, with a simple interface and results ranked by an automated process. But unlike a general web search, the BitTorrent web crawler interacts with each torrent behind the scenes to determine the number of nodes downloading and uploading through it. That lets the search engine order its results by the throughput of each torrent. “Web search rates things by relevance,” says Navin, a former strategist for Yahoo. “Our search rates things by relevance and availability.” Although BitTorrent has become associated with online piracy thanks to its role in distributing copyright movies and television shows, the company is eager to highlight its utility as a completely lawful program for furthering free speech. That’s the vision that drives the company, says Navin -- now anyone can publish their own movies, music or software, because BitTorrent all but eliminates expensive bandwidth costs.,1272,67596,00.html

-- but --

FEDS SHUT DOWN ILLEGAL ‘STAR WARS’ SITE (SciTechToday, 27 May 2005) -- Federal agents have shut down the Elite Torrents network, which distributed illegal copies of Star Wars: Revenge of the Sith before the movie appeared in theaters. Armed with 10 search warrants, agents from the FBI and the U.S. Immigration and Customs Enforcement seized the network’s main server, reporting that it contains nearly 18,000 movies and software programs. “Our goal is to shut down as much of this illegal operation as quickly as possible to stem the serious financial damage to the victims of this high-tech piracy -- the people who labor to produce these copyrighted products,” said Acting Assistant Attorney General Richter in a statement. The Elite Torrents network relied on BitTorrent Latest News about BitTorrent technology, which has been targeted by the Motion Picture Association of America Latest News about Motion Picture Association of America (MPAA) in several lawsuits. In December, the MPAA took actions against over 100 servers in the U.S. and Europe, going after site operators that used BitTorrent and eDonkey to swap movie files. One popular site that was closed,, noted that it might return without hosting any more BitTorrent links, and other sites are expected to follow a similar tactic. The inclusion of federal authorities in the shutdown of Elite Torrents is indicative of the multipronged enforcement strategy being enacted at the MPAA, which helped with the recent shutdown.

-- and ---

NEW SWEDISH LAW TO BAN DOWNLOADING OF FILMS, MUSIC (Reuters, 25 May 2005) -- Sweden’s parliament approved a law on Wednesday that bans the downloading of copyrighted material such as films and music from the Internet after being singled out for criticism by Hollywood. Sweden had until now allowed downloading of files, while uploading, or putting material on the Web, was illegal. Actor Morgan Freeman, in a Reuters interview, recently cited Sweden as an example of a country where illegal peer-to-peer file-sharing was a growing problem. The Swedish parliament’s decision, which comes into effect July 1, aims to change that. “The decision means that a clear ban has been introduced against downloading music, pictures and other material on the Internet for private use without the copyright holder’s permission,” parliament said in a statement.

CONFIDENTIAL DATA, MANDATORY PROTECTION (National Law Journal, 23 May 2005; subscription required) -- As of Oct. 31, 2004, companies listed on the New York Stock Exchange (NYSE) are required to be in compliance with the NYSE’s corporate governance rules promulgated pursuant to the Sarbanes-Oxley Act. While § 406 of Sarbanes-Oxley only requires public companies to adopt codes of conduct governing “senior financial officers, applicable to its principal financial officer and comptroller or principal accounting officer,” the code of conduct required by the NYSE is not so narrowly limited. Codes of conduct promulgated by NYSE-listed companies must apply to “directors, officers and employees,” not just those involved in financial reporting, and must “address” conduct beyond financial reporting. NYSE’s Listed Company Manual, § 303A, ¶ 10. While recognizing that “[e]ach company may determine its own policies,” the NYSE now requires a listed company to address confidentiality as a goal of its compliance program and to adopt a policy that its “[e]mployees, officers and directors should maintain the confidentiality of information entrusted to them by the company or its customers.” This rule places the NYSE at the forefront of a trend that is drastically changing the traditional rules on protecting a company’s confidential information. It used to be that a company had the option of whether to protect its confidential information-an option that was driven solely by market incentives to keep the information away from the competition. Indeed, the courts will only protect company confidential information as a trade secret if the company itself takes reasonable steps to protect it. See, e.g., Teleflora LLC v. Florists’ Transworld Delivery Inc., No. C 03-05858, 2004 WL 1844847, at 6 (N.D. Calif. Oct. 5, 2004). The courts, of course, have never mandated that such reasonable steps be taken or that confidential company information be protected. For NYSE-listed companies, taking reasonable steps to protect confidential information-whether it is their own confidential business information or customers’ personal information-is no longer optional. Section 303A is part of a growing trend of laws and regulations requiring companies to protect confidential information.

MINNESOTA COURT TAKES DIM VIEW OF ENCRYPTION (CNET, 24 May 2005) -- A Minnesota appeals court has ruled that the presence of encryption software on a computer may be viewed as evidence of criminal intent. Ari David Levie, who was convicted of taking illegal photographs of a nude 9-year-old girl, argued on appeal that the PGP encryption utility on his computer was irrelevant and should not have been admitted as evidence during his trial. PGP stands for Pretty Good Privacy and is sold by PGP Inc. of Palo Alto, Calif. But the Minnesota appeals court ruled 3-0 that the trial judge was correct to let that information be used when handing down a guilty verdict. “We find that evidence of appellant’s Internet use and the existence of an encryption program on his computer was at least somewhat relevant to the state’s case against him,” Judge R.A. Randall wrote in an opinion dated May 3. Randall favorably cited testimony given by retired police officer Brooke Schaub, who prepared a computer forensics report--called an EnCase Report--for the prosecution. Schaub testified that PGP “can basically encrypt any file” and “other than the National Security Agency,” nobody could break it. Opinion at

HOMELAND SECURITY FLUNKS CYBERSECURITY PREP TEST (CNET, 26 May 2005) -- The U.S. Department of Homeland Security has failed to live up to its cybersecurity responsibilities and may be “unprepared” for emergencies, federal auditors said in a scathing report released Thursday. More than two years after its creation, Homeland Security has never developed a contingency plan to restore Internet functions in an emergency and has yet to create a vulnerability assessment of what could happen in an worst-case scenario, the Government Accountability Office concluded. “DHS cannot effectively function as the cybersecurity focal point intended by law and national policy” at the moment, the report said. “There is increased risk that large portions of our national infrastructure are either unaware of key areas of cybersecurity risks or unprepared to effectively address cyber emergencies.” Report at

-- and --

CIA OVERSEEING 3-DAY WAR GAME ON INTERNET (AP, 26 May 2005) -- The CIA is conducting a secretive war game, dubbed “Silent Horizon,” this week to practice defending against an electronic assault on the same scale as the Sept. 11 terrorism attacks. The three-day exercise, ending Thursday, was meant to test the ability of government and industry to respond to escalating Internet disruptions over many months, according to participants. They spoke on condition of anonymity because the CIA asked them not to disclose details of the sensitive exercise taking place in Charlottesville, Va., about two hours southwest of Washington. The simulated attacks were carried out five years in the future by a fictional alliance of anti-American organizations, including anti-globalization hackers. The most serious damage was expected to be inflicted in the war game’s closing hours. The national security simulation was significant because its premise — a devastating cyberattack that affects government and parts of the economy with the same magnitude as the Sept. 11, 2001, suicide hijackings — contravenes assurances by U.S. counterterrorism experts that such far-reaching effects from a cyberattack are highly unlikely. Previous government simulations have modeled damage from cyberattacks more narrowly. “You hear less and less about the digital Pearl Harbor,” said Dennis McGrath, who helped run three similar war games for the Institute for Security Technology Studies at Dartmouth College. “What people call cyberterrorism, it’s just not at the top of the list.” The CIA’s little-known Information Operations Center, which evaluates threats to U.S. computer systems from foreign governments, criminal organizations and hackers, was running the war game. About 75 people, mostly from the CIA, gathered in conference rooms and reacted to signs of mock computer attacks.

MAD AS HELL, SWITCHING TO MAC (MacCentral, 26 May 2005) -- This is my first column written on a Mac - ever. Maybe I should have done it a long time ago, but I never said I was smart, just obstinate. I was a PC bigot. But now, I’ve had it. I’m mad as hell and I’m not going to take it anymore. In the coming weeks I’m going to keep a diary of an experiment my company began at 6 p.m. April 29, 2005 - an experiment predicated on the hypothesis that the WinTel platform represents the greatest violation of the basic tenets of information security and has become a national economic security risk. I do not say this lightly, and I have never been a Microsoft basher, either. I never criticize a company without a fair bit of explanation, justification and supportive evidence. I have come to the belief that there is a much easier, more secure way to use computers. After having spent several years focusing my security work on Ma, Pa and the Corporate Clueless, I also have come to the conclusion that if I’m having such security problems, heaven help the 98 percent of humanity who merely want a computer for e-mail and multimedia. Even though I’m a security guy going on 22 years now, my day-to-day work is pretty much like everyone else’s. I live on laptops and use my desktops at home and the office for geeking and experimenting. My two day-to-day laptops (two, for 24/7 backup) are my business machines. I don’t need them to do a whole lot - except work reliably, which is why I am fed up with WinTel. My company has given up on WinTel. We have successfully moved to Mac in less than two days. Think about it: a security-friendly alternative that works and doesn’t require gobs of third-party utilities to safely perform the most mundane tasks. Please follow the details of our experiment at It’s already way more interesting than I thought it would be. [Editor: For similar reasons, I moved to Macintosh 17 months ago, even though my company remained a WinTel-required environment. Since then, I’ve never needed technical support.]

EU TO FUND GLOBAL RESEARCH ON OPEN SOURCE (CNET, 26 May 2005) -- The European Union is putting money toward research into open-source software and standards across the world. The newly approved funding--660,00 euros, or $825,594--is for the two-year FLOSSWorld project, Europe’s first initiative to support international research and policy development on “free/libre/open source software.” Previous FLOSS projects, starting as early as 2001, have concentrated on the use of open source in Europe alone. Rishab Aiyer Ghosh, FLOSSWorld coordinator at the Maastricht Economic Research Institute on Innovation and Technology at the University of Maastricht in the Netherlands, told that the EU doesn’t usually fund international projects. The grant will be shared by countries including Argentina, Brazil, Bulgaria, China, Croatia, India, Malaysia and South Africa. The research will focus on three areas: the impact of free and open-source software on skills development and its ability to affect economics and generate employment; regional differences in software development; and attitudes of governments and public sector organizations to using open source.

FEDERAL REPORT WARNS OF RFID MISUSES (CNET, 27 May 2005) -- Radio frequency identification is becoming increasingly popular inside the U.S. government, but agencies have not seriously considered the privacy risks, federal auditors said. In a report published Friday, the Government Accountability Office said that 13 of the largest federal agencies are already using RFID or plan to use it. But only one of 23 agencies polled by the GAO had identified any legal or privacy issues--even though three admitted RFID would let them track employee movements. “Key security issues include protecting the confidentiality, integrity and availability of the data and information systems,” the GAO said. “The privacy issues include notifying consumers; tracking an individual’s movements; profiling an individual’s habits, tastes and predilections; and allowing for secondary uses of information.” Report at

FTC RULE REQUIRES DESTRUCTION OF CONSUMER DATA (Washington Post, 2 June 2005) -- A new federal rule that took effect yesterday requires all businesses and individuals to destroy private consumer information obtained from credit bureaus and other information providers in determining whether to grant credit, hire employees or rent an apartment. Issued under orders from Congress, which was trying to crack down on identity theft, the Federal Trade Commission’s new rule requires that personal information be burned, pulverized, shredded or destroyed in such a way that the information cannot be read or reconstructed. The rule also applies to electronic files, which must be erased or destroyed, and covers credit report data, credit scores, employment histories, insurance claims, check-writing histories, residential or tenant history and medical information. An FTC official said failure to properly dispose of the data could draw a $2,500 federal penalty per violation, as well as lawsuits from people who could seek damages if personal information was misused as a result of improper disposal.

6TH CIRCUIT UPHOLDS DECISION ON COPYRIGHT EXCEPTION (BNA’s Internet Law News, 6 June 2005) -- The Sixth Circuit Court of Appeals has reaffirmed their decision that there is effectively no de minimus exception to copyright infringement for sound recordings. The court concluded that even copying of two notes from a sound recording constitutes infringement. Case name is Bridgeport Music v. Dimension Films. Decision at

JUDGES TOSS OUT DUIs BECAUSE BREATHALYZERS’ SOURCE CODE IS SECRET (BoingBoing, 6 June 2005) -- Florida judges are tossing out DUI cases when defendants ask to see the source code for the breathalyzers that busted them -- the manufacturers won’t turn over the source, and since the machine’s correct operation is critical to establishing the case against the DUIers, the case is dismissed when it can’t be produced. All four of Seminole County’s criminal judges have been using a standard that if a DUI defendant asks for a key piece of information about how the machine works - its software source code, for instance - and the state cannot provide it, the breath test is rejected, the Orlando Sentinel reported Wednesday. Seminole judges have been following the lead of county Judge Donald Marblestone, who in January ruled that although the information may be a trade secret and controlled by a private contractor, defendants are entitled to it.

EBAY OFFERS GUARANTEES FOR SOME BUYS (CNET, 6 June 2005) -- eBay has launched a program offering purchase protection of up to $20,000 for certain capital goods bought through its Web site. Items covered include tractors from the auctioneer’s agriculture and forestry category; skid steers, backhoes, crawler dozers and other gear in the construction category; plus mills and lathes from the manufacturing and metalworking category, eBay said Monday. The offer, which is valid with purchases of $1,000 or more, is designed to give buyers protection against fraud and material misrepresentation. The program covers goods purchased in the United States, the auctioneer said. The offer covers items not received and those having damages or liens. There is no charge to buyers or sellers, the auctioneer said. The move is meant to appeal to small businesses and to boost confidence in online auctioning, eBay said.

LEGAL ONLINE MUSIC STORES MAKE SOME GAINS (Reuters, 7 June 2005) -- Legal online music stores have gained a solid foothold against free file-sharing networks, according to new data released on Tuesday. The beleaguered music industry has been pursuing a carrot and stick strategy of supporting legal alternatives such as Apple’s iTunes, RealNetworks’s Rhapsody and Napster, while filing a barrage of lawsuits against people and services that share music illicitly online. According to data from market research firm NPD Group Inc, the efforts are bearing fruit: iTunes has surged to a tie for second place as the most popular online music source, with 1.7 million U.S. households downloading at least one song in March. That put it neck and neck with the peer-to-peer service LimeWire and slightly behind another P2P service, WinMX, which has 2.1 million households. “Legal services offer some obvious advantages: they’re spyware free, and it’s very quick and easy to get what you want,” said NPD’s Isaac Josephson. “The older, more affluent demographics are already a bit more inclined to go for convenience over free, and when you raise the legal issues that’s an important tipping point.” About 4 percent of Internet-enabled U.S. households used a legal online music store in March, according to NPD.

-- and --

COME ON MUSIC BIZ, EMBRACE P2P (Wired, 13 June 2005) -- File-swapping networks alone are not to blame for the recording industry’s woes and might plausibly be converted into legitimate channels for distributing music, one of Europe’s most influential economic bodies has concluded. In a report issued Monday, the Organisation for Economic Co-operation and Development -- a Paris-based alliance of developed nations -- also suggested that it’s difficult to establish a link between piracy and the music industry’s shrinking revenues. The report said a “re-evaluation” of music distribution needs to happen to achieve a balance between consumers’ desire to access digital music and the industry’s copyright protection concerns. “Online technologies could evolve in a manner in which unauthorized use of copyright works are finally transformed into legitimate businesses,” said Sacha Wunsch-Vincent, an OECD economist and one of the report’s authors. The report said it is difficult to establish a causal connection between the rise of file sharing and a drop in music sales. While the music industry’s revenues fell 20 percent from 1999 to 2003, other factors, such as illegal CD copying, might have played a role in the decline, the OECD said.,1412,67820,00.html Report at

THE JOY OF STACKS (InsideHigherEd, 9 June 2005) -- To understand why professors need great libraries, says Andrew Abbott, “you need to think about an ape swinging through the trees.” Abbott is not an evolutionary biologist, but a sociologist at the University of Chicago. And to Abbott, a scholar in a library is just like a swinging primate. “You’ve got your current source, which is the branch you are on, and then you see the next source, on the next branch, so you swing over. And on that new hanging vine, you see the next source, which you didn’t see before, and you swing again.” When books aren’t browsable or instantly available, Abbott says, a scholar becomes the ape “with no branch to grab, and you are stopped, hanging on a branch with no place to go.” At far too many libraries, he says, that is becoming the norm. Many universities are boasting about how they are digitizing collections or building vast, off-site facilities to store millions of books. Even when those books are available within hours, Abbott says, that destroys the way scholars need to think — moving from source to source, not knowing which source they will stumble on. Abbott heads a faculty committee at Chicago in charge of guiding a mammoth expansion of the Joseph Regenstein Library there. Chicago recently embarked on a plan that will end up with Regenstein housing more volumes — 8 million — under a single roof than any other university library in the United States.

MICROSOFT JOINS YAHOO!, GOOGLE IN CENSORING CHINA’S WEB (AFP, 13 June 2005) -- Users of Microsoft’s new China-based Internet portal were blocked from using the words “democracy”, “freedom” and “human rights” in an apparent move by the US software giant to appease Beijing. Other words that could not be used on Microsoft’s free online blog service MSN Spaces include “Taiwan independence” and “demonstration”. Bloggers who enter such words or other politically charged or pornographic content are prompted with a message that reads: “This item should not contain forbidden speech such as profanity. Please enter a different word for this item”. Officials at Microsoft’s Beijing offices refused to comment Monday. Internet sites in China are strongly urged to abide by a code of conduct and self-censor any information that could be viewed by the government as politically sensitive, pornographic or illegal. For many Chinese websites, such content also includes news stories that the government considers unfavorable or does not want published. New regulations issued in March now require that all China-based websites be formally registered with the government by the end of June or be shut down by Internet police. Microsoft formed a joint venture with China’s state-funded Shanghai Alliance Investment Ltd (SAIL) last month to launch the MSN China web portal. Microsoft is not the only international tech company to comply with China’s stringent Internet rules. Yahoo! and Google -- the two most popular Internet search engines -- have already been criticized for cooperating with the Chinese government to censor the Internet.

LIBERTY ALLIANCE TAKES ON ID THEFT (CNET, 13 June 2005) -- In the wake of several high-profile data breaches, the Liberty Alliance is branching out to take on identity theft. The organization, formed to develop technology standards for online authentication, plans to launch its Identity Theft Protection Group on Tuesday. Headed by representatives from American Express and Fidelity Investments, the new effort plans to release an identity theft glossary next month and to subsequently come up with ways to prevent ID theft. “I am concerned that unless we do something as an industry, this problem is going to get worse and worse, to the point that it is no longer a question if your identity gets stolen, but when,” Michael Barrett, co-chairman of the Identity Theft Prevention Group and a security executive at American Express, said in an interview Monday. Identity-related crime such as phishing threatens the growth of the Internet, Barrett said. The Identity Theft Prevention Group hopes to become a hub for efforts to combat the issue. It plans to first define and dissect the problem and then develop solutions, which could be technical specifications, policy best practices or business guidelines, Barrett said. The launch comes in the wake of several high-profile data loss incidents that exposed American consumers to identity risk. Last week, CitiFinancial said tapes containing unencrypted information on 3.9 million customers were lost by the United Parcel Service while in transit to a credit bureau. CitiFinancial is the consumer finance subsidiary of Citigroup. In past months, data leaks have been reported by Bank of America and Wachovia, data brokers ChoicePoint and LexisNexis, and the University of California at Berkeley and Stanford University.

COPYRIGHT-WORRIED PHOTO LABS SPURN JOBS (AP, 16 June 2005) -- Charlie Morgan says that if it weren't for digital photography, he wouldn't have a bustling business that specializes in publicity shots for musicians. That's because Morgan — perhaps being a bit modest — says he's not a very good photographer. He relies on Photoshop editing software to make his work look sharp. But digital sometimes presents a puzzling problem. When Morgan's mother and a client recently took CDs with some of his shots to a printing lab, the photo technicians spurned them. They said that since the shots seemed to have been taken by a professional, printing the pictures might be a copyright violation. The situation is not unusual, and it's getting trickier in our digital age. Copyright law requires photo labs to be on the lookout for portraits and other professional work that should not be duplicated without a photographer's permission. In the old days, questions about an image's provenance could be settled with a negative. If you had it, you probably had the right to reproduce it. Now, when images are submitted on CDs or memory cards or over the Web, photofinishers often have to guess whether a picture was truly taken by the customer — or whether it was scanned into a computer or pilfered off the Internet. That leads to some awkward moments at photo desks when customers' images get barred for essentially looking too good. Like others who have been told their work was unprintable, Morgan is frustrated that photo labs lack clear standards. "They really don't have anything etched in stone," said Morgan, who lives in Plant City, Fla. "The person that works in the photography section of Wal-Mart could take a break, someone from the underwear department could take their place, and they could decide to print the picture." Wal-Mart spokeswoman Jacquie Young said her company's photo departments are instructed to err on the side of protecting copyrights, even if that means a conflict with an insistent customer. She would not say what signs of professionalism the photofinishers are told to look for.

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School,
2. Edupage,
3. SANS Newsbites,
4. NewsScan and Innovation,
5. Internet Law & Policy Forum,
6. BNA’s Internet Law News,
7. The Ifra Trend Report,
8. Crypto-Gram,
9. David Evan’s “Internet and Computer News”,
10. Readers’ submissions, and the editor’s discoveries.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.