Friday, July 15, 2005

MIRLN -- Misc. IT Related Legal News [18 June – 15 July 2005; v8.08]

**************Introductory Note**********************

MIRLN (Misc. IT Related Legal News) is a free product of the American Bar Association’s Cyberspace Law Committee. Please feel free to distribute this message.

Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at (click on “Settings” beside Members-Only Listserve Discussion). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN editions are archived at and in the public materials section of the Cyberspace Committee’s collaboration space at

**************End of Introductory Note***************

TROJAN E-MAILS SUGGEST TREND TOWARD TARGETED ATTACKS (Computerworld, 17 June 2005) -- A report on Trojan e-mail attacks against critical-infrastructure systems in the U.K. highlights an emerging trend away from mass-mailing worms and viruses to far more targeted ones, analysts said. The U.K.’s National Infrastructure Security Co-Ordination Center yesterday released a report (PDF format) disclosing that more than 300 government departments and businesses were targeted by a continuing series of e-mail attacks designed to covertly gather sensitive and economically valuable information (see story). Unlike with phishing and mass-mailing worms, the attackers appear to be going after specific individuals who have access to commercially or economically privileged information, the report said. The attacks involved the use of e-mails containing so-called Trojan programs or links to Web sites containing Trojan files. Once installed on a user’s system, Trojans covertly run in the background and perform a variety of functions, including collecting usernames, passwords and system information; scanning of drives; and uploading of documents and data to remote computers. “The e-mails use social engineering to appear credible, with subject lines often referring to news articles that would be of interest to the recipient,” the report said. “In fact, they are ‘spoofed,’ making them appear to originate from trusted contacts, news agencies or government departments.”The report highlights how hackers are starting to tailor their attacks and go after specific high-value targets instead of simply launching mass-mailing worms and viruses, said Mark Sunner, chief technology officer at MessageLabs Ltd., a New York-based provider of e-mail security services.,4814,102595,00.html and Report at

FIVE FINNS GET SUSPENDED SENTENCES IN SONERA TELEPHONE RECORD CASE (Helsingin Salomat, 17 June 2005) – The Helsinki District Court handed down suspended sentences to five defendants in the case involving unauthorised use of mobile telephone records by executives of the telecommunications service provider Sonera. All five were found guilty of violating telecommunications privacy. Although the sentences were less severe than the prosecution had called for, the court generally agreed with the prosecutors’ assertion that there had been extensive misuse of telecommunications information at Sonera from 1998 to 2001. The harshest sentence was handed down to former Information Security Manager Juha E. Miettinen, who got a ten-month suspended jail term. Two other defendants, an investigator for the National Bureau of Investigation, as well as Ari Uutinen, a former security chief at the Council of State (government), were fined for incitement to the main crime in the case, and for violating their official duties. The court found a number of both aggravating and mitigating circumstances in the case. One aggravating factor was the large number of targets of the illegal investigations. Another factor was the high position of the defendants in the company, their roles as initiators in the case, and their attempts to break the confidentiality between journalists and their sources.

MIX BRIX, CLIX? FACE TAX TO MAX, SAYS CAL. COURT (Steptoe & Johnson’s E-Commerce Law Week, 18 June 2005) -- Hatfields and McCoys have nothing on the feud between distance sellers and state revenue authorities. States have long sought to collect sales tax on mail order sales. After bitter litigation the Supreme Court has held and reheld that distance sellers can’t be forced to collect the tax unless those sellers have sufficient contacts with the state to become subject to state law. Then bricks-and-mortar companies got into the act, creating “clicks and mortar” companies to sell their products over the Internet -- without collecting taxes. As long as the Internet company was formally separate from the “bricks and mortar” company, the Internet company could not be forced to collect taxes because it didn’t have any assets in the taxing jurisdiction. That was the theory, anyway. But now a California court has thrown a brick of its own right through that notion. In Borders Online, LLC v. State Board of Equalization, a California Court of Appeal has upheld a trial court’s ruling that although “Borders” and “Borders Online” were two separate companies, Borders’ activities in the state “on behalf” of Borders Online were sufficient for the online retailer to be subject to California’s tax code. Further, the appeals court held that the online retailer had a “sufficient physical presence” in California -- by virtue of the presence of brick-and-mortar Borders stores -- to satisfy the commerce clause of the US Constitution. Decision at

-- and --

STATES MOVE FORWARD ON INTERNET SALES TAX (Washington Post, 1 July 2005) -- Tax officials, state lawmakers and industry representatives agreed Thursday to establish an 18-state network for collecting taxes on Internet sales, a compact they hope will encourage online retailers and Congress to endorse a mandatory national program. Meeting in Chicago under the auspices of the Streamlined Sales Tax Project, the officials agreed that 11 states will oversee the project and outlined incentives to encourage retailers to participate. Forty states have been negotiating since 2000 to create a framework for collecting sales taxes on all remote transactions, whether through regular mail or online. “The vote is a culmination of over five years of hard work by states, local governments and businesses interested in seeing the complexity in sales tax [reduced],” said Stephen Kranz, tax counsel for the Council on State Taxation, an industry trade association. Starting Oct. 1, software vendors contracted by the Streamlined Sales Tax Project will begin providing free tax collection and remittance software and services to online merchants who voluntarily agree to collect taxes on all online sales on behalf of the 18 participating states. Under the states’ plan, Internet retailers that agree to collect and remit taxes will do so for online sales originating in any of 11 states that have amended their state laws to fully comply with standards developed by the sales tax project. In the other seven states, the Internet sales tax collection would be optional until their tax codes are brought into full compliance. In both cases, any taxes the retailer collected would be based on the rates in effect where the buyer lives, and the retailers would be compensated for the cost of collecting and remitting that revenue to the states. As an incentive, the states will offer a one-year amnesty for e-commerce companies that may owe taxes on past online sales to any of the participating states. The amnesty offer could prove attractive for several major retailers that are currently involved in legal disputes over whether they owe taxes on Internet sales.

APPEALS COURT LIMITS CALIFORNIA’S FINANCIAL PRIVACY LAW (, 20 June 2005) -- A federal appeals court blocked a portion of California’s landmark financial privacy law Monday, ruling that banks have a right to sell their customers’ private information to affiliated companies. The 9th U.S. Circuit Court of Appeals ruled that federal law pre-empts a portion of California’s 2003 privacy law, the toughest in the nation, but leaves most of it intact. The part of the California law at issue is a section that gives consumers the right to block banks from selling their personal information to affiliates that are not in the same line of business. That could include a bank sharing data with an insurance company owned by the same corporation. Three trade associations challenged that aspect of the law, but it was upheld in July by a federal judge in Sacramento. That judge ruled that a 1999 federal financial-privacy law allows states to enact stricter rules. The American Bankers Association, the Financial Services Roundtable and the Consumer Bankers Association appealed. They said the federal 2003 Fair and Accurate Credit Transactions Act pre-empts California’s restrictions on how affiliated companies can share customer data. The 9th Circuit agreed, reversing the lower court ruling and sending the case back to the district judge. The lower court judge, U.S. District Judge Morrison C. England Jr., will be asked to determine whether any aspects of the California law dealing with this kind of information swapping might still be legal in light of the 2003 federal law. Specifically, England will determine whether any consumer information can be shielded from affiliated companies under the state law. Given that the appeals court sent the case back for further review, Monday’s ruling is not the “smashing pre-emption victory” that bankers had sought, said Tom Dresslar, spokesman for state Attorney General Bill Lockyer, who defended the state law. Decision at

L.A. TIMES SUSPENDS ‘WIKITORIALS’ (AP, 21 June 2005) -- A bold Los Angeles Times experiment in letting readers rewrite the paper’s editorials lasted all of three days. The newspaper suspended its “Wikitorial” Web feature after some users flooded the site over the weekend with foul language and pornographic photos. The paper had posted on its Web site Friday an editorial urging a better-defined plan to withdraw troops from Iraq. Readers were invited to add their thoughts. Dozens did, with some adding hyperlinks and others adding opposing views. One reader split the long editorial in two, something that pleased Michael Kinsley, the Times’ editorial and opinion editor. But the number of “inappropriate” posts soon began to overwhelm the editors’ ability to monitor the site. On Sunday, editors decided to remove the feature. The newspaper’s Web page was to show the original editorial and interim versions along with the readers’ final product. “The result is a constantly evolving collaboration among readers in a communal search for truth,” the paper said in its Friday edition. “Or that’s the theory.” The Times said it might be creating a new form of opinion journalism — or an embarrassing failure. In a statement Monday, the Times said the feature would stay offline indefinitely while it looked at what happened and how to fix it. “We thank the thousands of people who logged onto the Wikitorial in the right spirit,” the paper said.

EMPLOYEE WHISTLEBLOWER HOTLINES FOUND ILLEGAL IN FRANCE AND GERMANY (Hunton & William’s Privacy & E-Commerce Alert, 22 June 2005) -- In its session of May 26, 2005, the plenary of the French DPA (CNIL) refused to authorize the use of anonymous whistleblower hotlines operated by McDonalds France and CEAC (an affiliate of Exide Technologies) that would enable employees to alert their headquarters or managers (by phone, fax e-mail of mail) of their colleagues’ possible misconduct. These hotlines were set up by the companies in order to comply with the requirements of the US Sarbanes-Oxley law, which requires such anonymous complaint mechanisms. In two separate decisions, the CNIL expressed particular concern over: (1) anonymous reporting that could lead to slanderous denunciation; (2) disproportionality between the purpose and the risk of malicious reporting; (3) the fact that suspected staff would not be informed of a complaint or investigation in the early stage of the process; and (4) the period of data retention. Both decisions are available (in French) on the CNIL web site: Decision 2005/110 at (McDonalds); and Decision 2005/111 at (CEAC).

FTC OPPOSES MANDATORY “ADV” LABELING OF EMAIL (BNA’s Internet Law News, 233 June 2005) -- BNA’s Electronic Commerce & Law Report reports that the FTC has believes that federal legislation mandating the inclusion of “ADV” in the subject line of unsolicited commercial e-mail messages would be ineffective in combatting spam. The FTC’s views were informed by the belief that so-called “outlaw spammers” would not obey the law, that “ADV” labelling proved ineffective at the state level, and that anti-spam filters and other emerging e-mail technologies hold more promise as anti-spam tools than an “ADV” label. Article at
SHOULD CITIES BE ISPS? (CNET, 23 June 2005) -- When Philadelphia’s city government decided to sell wireless access to downtown residents last year, a furious political fight in the state capital erupted. Verizon stridently opposed the plan, liberal advocacy groups just as emphatically endorsed it, and politicians in Harrisburg ended up approving a compromise bill that effectively let the city of brotherly love do what it wanted. Now this politechnical dispute is bubbling up from states to Washington, D.C., where lobbyists are pressuring Congress to resolve the question of whether governments or private companies do a better job as Internet service providers. “Our focus is that 75 to 85 percent of our population in our low-income and minority areas that don’t have access,” said Dianah Neff, Philadelphia’s chief information officer. “When we talked to them and we did surveys with them, they said 76 percent of the time that cost was the No. 1 reason why they didn’t have access to the Internet.” But if reaching low-income people is the primary goal, said Jim Speta, an associate professor at the Northwestern University School of Law, then cities could keep costs down by relying on “consumer demand pull”--that is, handing vouchers to poorer consumers, who could use them to pay for private sector broadband.

PEER-TO-PEER FILE SHARING COMES WITH RISKS, SAYS FTC (Information Week, 23 June 2005) -- Peer-to-peer file-sharing technology offers both benefits and risks, according to a report issued today by the Federal Trade Commission. The report, based on comments from the FTC’s P2P workshop last December, cites benefits such as fast file transfers, bandwidth conservation, and reduced storage needs. It also warns of risks related to data security, spyware and adware, viruses, copyright infringement, and pornography. How significant are those risks compared with general Internet use? The FTC doesn’t know. “Workshop participants submitted little empirical evidence concerning whether the risks arising from P2P file sharing are greater than, equal to, or less than these risks from other Internet-related activities,” the report finds. The report comes at an odd time. The Supreme Court is expected to soon decide the future of peer-to-peer technology when it rules in the case of Metro-Goldwyn Mayer Studios v. Grokster Ltd. As the FTC says, “Because [this case] likely will clarify the legal framework applicable to P2P file sharing and may have a profound effect on the future structure and impact of P2P file-sharing programs, FTC staff does not believe that it would be prudent at this time to make specific recommendations regarding the intellectual-property issues raised by P2P file sharing.” Report at

DATABASE TARGETS TEENS AS RECRUITS FOR MILITARY (Houston Chronicle, 23 June 2005) -- The Defense Department began working Wednesday with a private marketing company to create a database of all U.S. college students and high school students between 16 and 18 years old, to help the military identify potential recruits in a time of dwindling enlistment in some branches. The new database will include an array of personal information including birth dates, Social Security numbers, e-mail addresses, grade-point averages, ethnicity and what subjects the students are studying. The data will be managed by BeNOW Inc. of Wakefield, Mass., one of many marketing companies that use computers to analyze large amounts of data to target potential customers based on their personal profiles and habits. “The purpose of the system ... is to provide a single central facility within the Department of Defense to compile, process and distribute files of individuals who meet age and minimum school requirements for military service,” according to the official notice of the program. Privacy advocates said the plan appeared to be an effort to circumvent laws that restrict the government’s right to collect or hold citizen information by turning to private firms to do the work. Some data on high school students already is given to military recruiters in a separate program under provisions of the 2002 No Child Left Behind Act. Under the new system, additional data will be collected from commercial data brokers, state driver’s license records and other sources, including information already held by the military. The Pentagon’s statements added that anyone can “opt out” of the system by providing detailed personal information that will be kept in a separate “suppression file.” That file will be matched with the full database regularly to ensure that those who do not wish to be contacted are not, according to the Pentagon. But privacy advocates said using database marketers for military recruitment is inappropriate. Chris Hoofnagle, West Coast director of the Electronic Privacy Information Center, called the system “an audacious plan to target-market kids, as young as 16, for military solicitation.” He added that collecting Social Security numbers was not only unnecessary but posed a needless risk of identity fraud. Theft of Social Security numbers and other personal information from data brokers, government agencies, financial institutions and other companies is rampant. BeNOW’s Web site does not have a published privacy policy, nor does it list either a chief privacy officer on its executive team.

ALMOST ALL LIBRARIES IN U.S. OFFER FREE ACCESS TO INTERNET (New York Times, 24 June 2005) -- Nearly all libraries around the country have free public Internet access and an increasing number are offering wireless connections, according to a study released Thursday by the American Library Association here. The study, which was conducted by researchers at Florida State University, found that 98.9 percent of libraries offer free public Internet access, up from 21 percent in 1994 and 95 percent in 2002. It also found that 18 percent of libraries have wireless Internet access and 21 percent plan to get it within the next year. The study found that rural areas were more likely to have slower connections and fewer workstations and training opportunities. Arkansas, California, Idaho, New Hampshire, Virginia and West Virginia had the lowest levels of access. Urban areas, which also had some of the highest poverty rates, tended to have high levels of connectivity, bandwidth and wireless access. Hazel Williams, 50, of Chicago said she started going to the library for Internet research two years ago while she was earning her high school equivalency diploma. People like Ms. Williams who go to the library for Internet access might be one reason that the number of annual library visits has increased from 500 million in the early 1990’s to 1.2 billion today, said Carol Brey-Casiano, president of the American Library Association. The study also reported that almost 40 percent of public libraries filter public Internet access to prevent minors from gaining access to sexually related materials. State library systems in Georgia and West Virginia put filters on all public libraries, the study reported.

AT PARTYGAMING, EVERYTHING’S WILD (New York Times, 26 June 2005) -- As a rule, companies don’t often draw attention to business practices that could land their executives in jail. But for PartyGaming PLC, potential illegalities aren’t just a secret hidden in its business plan - they are the centerpiece of its business plan. A giant in the online gambling business, PartyGaming is an often-overlooked megasurvivor from the dot-com crash of the late 1990’s. As hundreds of profitless commercial sites disappeared into the digital ether, PartyGaming’s popular gambling sites - like - soared, with revenues and profits growing exponentially year after year. This week, the company will go public in what is expected to be the largest offering in years on the London Stock Exchange, one that will make billionaires out of its ragtag assortment of founders and major stockholders - including a California lawyer who earned her first fortune in online pornography and phone-sex lines. All told, as much as $9 billion is expected to be raised, with all of the cash going to private shareholders selling portions of their stakes. PartyGaming, based in Gibraltar, has no assets in the United States, and its officers or directors could risk being served with a civil suit - or an arrest warrant - if they came to the United States on business. The reason? The Justice Department and numerous state attorneys general maintain that providing the opportunity for online gambling is against the law in the United States - and PartyGaming does it anyway. Indeed, of its $600 million in revenue and $350 million in profit in 2004, almost 90 percent came from the wallets and bank accounts of American gamblers. To justify this, PartyGaming walks a very thin line. Providing online gambling is not illegal per se in the United States, the company argues - federal prosecutors just say it is. The company’s prospectus - a British document that is not available in the United States - at times reads something like a legal brief, citing American case law to support the company’s position that no prosecution would ever take place. Still, in its offering documents, PartyGaming makes no secret of the fact that even if the company’s view of the law proves wrong, it is banking on its executives’ belief that there is little that law enforcement can do - or will do - to prosecute. “In many countries, including the United States, the group’s activities are considered to be illegal by the relevant authorities,” PartyGaming says in its offering document. “PartyGaming and its directors rely on the apparent unwillingness or inability of regulators generally to bring actions against businesses with no physical presence in the country concerned.” [Editor: Lengthy, interesting piece (with a too-long digression into 1990s internet pornography). Particularly interesting: the “offshore” move to avoid U.S. jurisdiction.]

THE VOICEMAIL MESSAGE THAT HAS GCs TALKING (, 27 June 2005) -- There are dumb mistakes, and then there are really dumb mistakes. Four years ago Matthew Gloss, the general counsel of Marvell Semiconductor Inc., and two of his colleagues phoned the legal chief of a rival company, Jasmine Networks Inc. The call went straight to voicemail, so Gloss left a message and hung up. At least, he thought he did. Though the Marvell officials didn’t know it, the Jasmine lawyer’s voicemail was still taping them as they continued to talk on speakerphone -- allegedly about how they were stealing their rival’s trade secrets. Gloss’ little boo-boo has turned into a major headache, not just for Marvell but potentially for in-house lawyers everywhere. That’s because when Jasmine filed its inevitable lawsuit against Marvell, it tried to enter the voicemail as evidence. Marvell moved to exclude the tape, arguing that it was protected by attorney-client privilege, since two company lawyers took part in the conversation. The trial judge sided with Marvell, but a California appellate court backed Jasmine. By failing to disconnect his phone, Gloss had waived privilege, the appellate court ruled last year. Moreover, since he is also a company officer -- he holds the title of vice president for business affairs -- Gloss had the authority to waive privilege on Marvell’s behalf. The appellate decision so worried the Association of Corporate Counsel that it asked the California Supreme Court to review the case. The justices agreed, and Marvell and Jasmine are currently preparing their briefs. ACC is also backing a proposed state law that says privilege can only be waived intentionally and not inadvertently.

US SUPREME COURT REVERSES GROKSTER DECISION (BNA’s Internet Law News, 28 June 2005) -- The US Supreme Court has ruled against file-swapping companies Grokster and StreamCast Networks in their high profile battle with the content indusries. The court sought to leave the 1984 Sony Betamax decision untouched, but added the notion of active inducement. Although the 9-0 decision was a loss for Grokster, the court provided a potential roadmap for future P2P services by ruling that there is no liability for knowledge of potential or actual infringement; no liability for product support or technical updates, and (absent other evidence of intent) no liability for failure to take affirmative steps to prevent infringement. Decision at Media coverage at,1412,68018,00.html

-- and --

THE COURT HAS RULED SO ENTER THE GEEKS (New York Times, 29 June 2005) -- The Supreme Court’s unanimous decision Tuesday in the Grokster case means trouble and potentially ruinous judgments against commercial file-sharing services, but it has also established a new standard for software innovation: don’t ask, don’t sell. That is, don’t ask for or gather information on what users are doing with the software you write, and don’t sell ads that profit from access to copyrighted material. The court found that the file-sharing companies Grokster and Streamcast could be sued for copyright infringement because they offered marketing and technical advice that clearly induced their customers to share files illegally, so the companies could attract larger numbers of users and thus more advertising. But the court did not give the movie and recording businesses much ammunition to attack the Robin Hoods of the Internet: those software geeks and culture fans who really just want to share. They are online right now building Web sites that don’t make a dime and spending hours writing and editing “mp3 blogs” - Web page collections of downloadable songs. They hook people up, basically because they can and because people want access to art. The court’s decision may torpedo the parasitical, ad-pumping services like Grokster, Kazaa and Morpheus, but no one’s going to miss them much. There are plenty of geek alternatives that were devised not as business startups, but for the programmers’ satisfaction and the users’ sense of connection. It’s a completely alien mentality for profit-focused companies that still dream of being paid every time someone hears a song. Reality has never exactly worked that way, from radio to the Internet. In the United States, songwriters are paid for radio air play, but performers and recording companies are not, on the theory that having a song broadcast sells recordings and concert tickets. [Editor: The entire story is worthwhile.]

-- and --

REFLECTING ON THE GROKSTER DECISION (BNA’s Internet Law News, 29 June 2005) -- Several articles focus on the fallout from the Grokster decision. The Toronto Star features a special edition of my Law Bytes column which comments on Monday’s Grokster decision. The column argues that the case is a mirror image of the recent Canadian file sharing case as despite the unanimous verdict, it provides a roadmap for file sharing services to avoid future liability. Larry Lessig warns of chilled innovation in a Business Week interview, while other articles include reaction from industry players on both sides of the issue. Geist Toronto Star column at Reaction articles at Lessig interview at

BLOGGERS FIGHTING GOVERNMENT REGULATIONS (AP, 28 June 2005) -- Bloggers who built their Internet followings with anti-establishment prose are now lobbying the establishment to protect their livelihoods from federal regulations. Some are even working with lawyers, public-relations consultants and a political action committee to do it. “I like to think of myself as just a guy with a blog, but it’s clear that ‘just a guy with a blog’ is different today than it was when I started three years ago,” said Markos Moulitsas Zuniga, founder of the Web log “One sign of having arrived is when government regulators start wanting to poke their fingers into what you do.” Moulitsas was to testify Tuesday at a hearing on a Federal Election Commission proposal that would extend some campaign finance rules to the Internet, including bloggers. Moulitsas also is working with a lawyer who volunteered to help bloggers fight new government regulations and whose efforts were promoted in a PR firm press release Monday. He is prepared to lobby Congress himself if necessary, and he is the treasurer of BlogPac, a political action committee formed last year by bloggers. Duncan Black — who founded the blog — featured a headline Monday on his Web site, “Bite me, Congressman,” that linked to a diatribe against a Republican House committee chairman over global warming. Asked whether the use of hearing testimony and PACs is a sign that bloggers are succumbing to mainstream political techniques, Black said he and his colleagues have no choice. “I think once you do achieve a certain degree of traffic, influence, notoriety — however you want to call it — eventually the outsider label is not perfectly applicable anymore,” said Black, who describes himself as a “recovering economist.” He too planned to testify before the FEC.

CONGRESS MODIFIES FCC RULING ON UNSOLICITED FAXES ( 28 June 2005) -- Congress approved junk fax legislation Tuesday that allows businesses to send out unsolicited faxes in certain circumstances while protecting the rights of consumers to stop receiving them. The legislation, passed by the House on a voice vote and now headed for President Bush’s signature, reinstates a 1992 Federal Communications Commission ruling that permits businesses and associations to send unsolicited faxes to those with whom they have an ``established business relationship.” It would eliminate a new FCC ruling, first drawn up in 2003, that required businesses and organizations to obtain prior written approval before sending a commercial fax. That rule was supposed to go into effect on Friday, but the FCC on Tuesday announced it would further delay its new junk fax rule until Jan. 9, 2006, ``in light of the ongoing developments in Congress.” The agency said the delay would also give more time to respond to petitions to reconsider the rule.

PUBLISHING MAKES SHIFT TO DIGITAL (BBC, 29 June 2005) -- The vast majority of UK research material will be available in electronic form by 2020. According to a study commissioned by the British Library, 90% of newly published work will be available digitally by this time. Only half of this will also be available in print form, with just 10% of new titles available only in print. It represents a “seismic shift” in the world of publishing said British Library chief executive Lynne Brindley. For its part, the British Library aims to spend the next three years developing the infrastructure necessary to store, manage, preserve and provide access to digital material. “In many ways digital material is more fragile than physical material and if we don’t manage it effectively it won’t survive for future generations,” said Ms Brindley.

THEFT FEARS RULE OUT NATIONAL AUSTRALIAN CARD (AustralianIT, 29 June 2005) -- Australia will not introduce a national identification card because of the fear of identity theft by criminals, Attorney-General Philip Ruddock said. Mr Ruddock today rejected media reports that the federal Government was considering introducing a national ID card. His comments come as the British government legislates to introduce the country’s first national ID card since World War II. The UK cards, which Prime Minister Tony Blair says are necessary to fight terrorism, fraud and illegal immigration, will include biometric details such as iris scans and fingerprints. But Mr Ruddock told a security technology conference in Sydney today a national ID card could actually compromise Australians’ security. “We haven’t supported an approach where all personal information is centralised on one database and a single form of identification is used,” Mr Ruddock told the gathering of government, security and business leaders. “Such an approach could actually increase the risk of identity fraud because only one document would need to be counterfeited to establish an identity.” Outside the forum, Mr Ruddock said the government wanted to step up security of existing personal identification documents such as passports, birth certificates and drivers’ licences. “We are not about developing a national ID card, we are about improving identity security arrangements - that’s the approach we’re taking,” he told reporters.,7204,15767261%5E15319%5E%5Enbv%5E15306,00.html

ONE FIFTH OF JAPANESE BUSINESSES USING OPEN SOURCE OS (Info World, 5 July 2005) -- The use of open-source operating systems in enterprise servers is growing in Japan, with companies citing low introduction costs as the main factor for adoption, according to a recent report by the Japanese government. So far, 21 percent of Japanese companies have already introduced open-source operating systems including Linux, FreeBSD, and OpenBSD systems, while 22 percent either have plans to deploy, or are considering plans to deploy, an open-source operating system, according to an annual white paper released by Japan’s Ministry of Internal Affairs and Communications (MIC). By contrast, 33 percent of U.S. companies have adopted open-source operating systems in at least some of their servers, MIC said. Among the companies polled by the MIC, 66 percent said open-source operating systems have low initial costs, while 47.8 percent said the software has low operating costs. Of those companies that have so far adopted open-source operating systems, major uses for these servers include Web, mail, and file servers. Open-source operating systems are used with much less frequency in applications for financial, payment, distribution and customer service applications, the report said.

MAN CHARGED WITH STEALING WI-FI SIGNAL (Forbes, 6 July 2005) -- Police have arrested a man for using someone else’s wireless Internet network in one of the first criminal cases involving this fairly common practice. Benjamin Smith III, 41, faces a pretrial hearing this month following his April arrest on charges of unauthorized access to a computer network, a third-degree felony. Police say Smith admitted using the Wi-Fi signal from the home of Richard Dinon, who had noticed Smith sitting in an SUV outside Dinon’s house using a laptop computer. The practice is so new that the Florida Department of Law Enforcement doesn’t even keep statistics, according to the St. Petersburg Times, which reported Smith’s arrest this week. Innocuous use of other people’s unsecured Wi-Fi networks is common, though experts say that plenty of illegal use also goes undetected: such as people sneaking on others’ networks to traffic in child pornography, steal credit card information and send death threats. [Editor: There must be more to this story. Smith has been charged with unauthorized access to a computer network, a third-degree felony.]

E-VOTE GUIDELINES NEED WORK (Wired, 7 July 2005) -- In an effort to keep pace with changing technology and address widespread security concerns about electronic voting machines, the federal government has released new guidelines for voting systems. The guidelines, published in late June, call for vendors to follow better programming practices and make some suggestions for addressing problems with vote integrity. Computer security experts say the guidelines are a step in the right direction, but fall short of making voting systems secure. They also don’t require systems to produce a voter-verified paper audit trail, which would allow voters to confirm their vote. The government is accepting public comment on the guidelines for 90 days, after which it will revise them, if needed, and release them for states to adopt. But there has been some confusion on whether these should be considered final guidelines, or simply a first step toward more permanent guidelines. Avi Rubin, a Johns Hopkins University computer science professor and technical director of the university’s Information Security Institute, said the new guidelines are an improvement but contain some serious security red flags. He also said they have some requirements that, had they been included in previous versions of voting system guidelines, would have prevented voting systems made by Diebold Election Systems from being certified.,2645,68116,00.html?tw=wn_4polihead

GOOGLE WINS COPYCAT WEB DOMAIN DISPUTE (Reuters, 8 July 2005) -- The National Arbitration Forum said on Friday that Google Inc. has rights to the Internet domain names,, and, which are similar to its own domain. The Web search leader filed a complaint with the NAF on May 11, claiming legal rights to Web addresses bearing a close resemblance to, which it registered in late 1999. Sergey Gridasov, of St. Petersburg, Russia, registered,, and between December 2000 and January 2001 through Computer Services Langenbach GmbH, which did business as He did not respond to charges levied against him. Because Gridasov failed to answer, the arbitrator was entitled to accept all reasonable allegations and inferences in the complaint from Google as true, unless the evidence was clearly contradictory. The NAF arbitrator, Paul Dorf, found that Gridasov did not have legitimate rights to the Web addresses, and the Web addresses were confusingly similar to Google’s trademark rights to its own name. Further, the arbitrator found that Gridasov was using them in bad faith by presumably profiting from the use of domains.

DOWNLOADING TROUBLE AT THE BBC (BBC, 10 July 2005) -- The BBC has been lambasted by classical music labels for making all nine of Beethoven’s symphonies available for free download over the Internet. This week the BBC will announce there have been more than a million downloads of the symphonies during the month-long scheme. But the initiative has infuriated the bosses of leading classical record companies who argue the offer undermines the value of music and that any further offers would be unfair competition.

WILL THE U.N. RUN THE INTERNET? (CNET, 11 July 2005) -- An international political spat is brewing over whether the United Nations will seize control of the heart of the Internet. U.N. bureaucrats and telecommunications ministers from many less-developed nations claim the U.S. government has undue influence over how things run online. Now they want to be the ones in charge. While the formal proposal from a U.N. working group will be released July 18, it’s already clear what it will contain. A preliminary summary of governmental views claims there’s a “convergence of views” supporting a new organization to oversee crucial Internet functions, most likely under the aegis of the United Nations or the International Telecommunications Union. Beyond the usual levers of diplomatic pressure and public kvetching, Brazil and China could choose what amounts to the nuclear option: a fragmented root. At issue is who decides key questions like adding new top-level domains, assigning chunks of numeric Internet addresses, and operating the root servers that keep the Net humming. Other suggested responsibilities for this new organization include Internet surveillance, “consumer protection,” and perhaps even the power to tax domain names to pay for “universal access.” This development represents a grave political challenge to the Internet Corporation for Assigned Names and Numbers (ICANN), which was birthed by the U.S. government to handle some of those topics. A recent closed-door meeting in Geneva convened by the U.N.’s Working Group on Internet Governance offers clues about the plot to dethrone ICANN. As these excerpts from a transcript show, dissatisfaction and general-purpose griping is rampant * * *

UK LOBBIES FOR DATA RENTENTION (ZDnet, 11 July 2005) -- Charles Clarke wants email and phone records kept for up to three years to aid police investigations, but critics have claimed the scheme is expensive and unwieldy. Britain will renew its efforts this week to get fellow European Union members to agree to the introduction of new controls for the retention of telecommunications data, following last week’s bombings in London. Under the proposals, telecoms operators and Internet service providers would have to keep records of emails, telephone calls and text messages for between 12 months and three years. Law enforcement agencies would be able to see who had sent and received these communications, although the content of these communications would not be stored. Home secretary Charles Clarke claims that the powers would help to establish links between individuals. “Telecommunications records, whether of telephones or of emails, which record what calls were made from what number to another number at what time are of important use for intelligence,” said Clarke, according to reports. The UK is one of several countries advocating the introduction of such measures over recent months. Other EU members have opposed them, fearing they would erode civil liberties. Back in June the European Parliament rejected draft legislation introduced by France, Ireland, Sweden and the UK, amid fears that the proposals were illegal.

NEW BATTLE BREWS OVER UCITA, SOFTWARE LICENSING TERMS (Computer World, 11 July 2005) -- A new legislative battle is looming over the controversial UCITA software licensing law. But this time, it’s software users, not vendors, who are poised to attack. The push for state-by-state adoption of the Uniform Computer Information Transactions Act was abandoned nearly two years ago because of widespread opposition. But the group of software users that led that opposition has since been quietly drafting its own model software-licensing law. Its concern is that courts may use UCITA as a reference point in legal disputes, giving vendors a victory through the legal system that they couldn’t gain in state legislatures. “That battle against UCITA is still going on; it’s just taken another form,” said Riva Kinstlick, vice president of government relations at Prudential Financial in Newark, N.J. “People are starting to be concerned about it,” said Kinstlick, who maintained that stopping UCITA wasn’t enough. “If there is a void and UCITA is the only thing to take the place of the void, this could end up being the model almost by default rather than choice,” she said. UCITA is a software licensing law that specifies terms and conditions for licensing contracts. Under the act, unless the parties agree otherwise, the default terms apply. Its supporters argued that UCITA would provide a legal framework for online commerce. Opponents said the default rules favored vendors and created potential perils for corporate users, such as allowing vendors to knowingly ship defective products. Virginia approved the law in 2000, and Maryland quickly followed. But opponents—especially those in the financial services industry—joined the state-by-state battle to block further adoptions. In August 2003, the law’s legislative sponsor, the Chicago-based National Conference of Commissioners on Uniform State Laws (NCCUSL), suspended efforts to win state adoption. But UCITA can still be used as a contract model, said Jean Braucher, a University of Arizona law professor who is working with Americans for Fair Electronic Commerce Transactions (AFFECT) to develop a model bill. “Eventually, we need an alternative,” she said.,10801,103065,00.html

GIVING NEW MEANING TO ‘SPYWARE’ (Wired, 12 July 2005) -- Supreme Court Justice Potter Stewart famously said that he couldn’t define obscenity, but that he knew it when he saw it. The same has long been the case with spyware. It’s not easy to define, but most people know it when parasitic programs suck up resources on their computer and clog their browsers with pop-up ads. Recognizing that one person’s search toolbar is another’s spyware, a coalition of consumer groups, ISPs and software companies announced on Tuesday that it has finally come up with a mutually agreeable definition for the internet plague. Spyware impairs “users’ control over material changes that affect their user experience, privacy or system security; use of their system resources, including what programs are installed on their computers; or collection, use and distribution of their personal or otherwise sensitive information,” according to the Anti-Spyware Coalition, which includes Microsoft, EarthLink, McAfee and Hewlett-Packard. The group hopes the definitions will clear the way for anti-spyware legislation and help create a formal, centralized method for companies to dispute or change their software’s classification.,1848,68167,00.html

BUSH PICKS TECH LAWYER FOR SECURITY POST (CNET, 13 July 2005) -- President Bush has chosen Stewart Baker, one of Washington’s most influential technology lawyers, to be assistant secretary for policy in the Homeland Security Department. Baker’s new job, which requires Senate confirmation, would place him in the prominent position of shaping policy on topics from data mining to the department’s planning for “what if” scenarios far off in the future. It also could include evaluating existing department functions for efficiency and creating a national strategy to prevent terrorists from entering the United States. The nomination, announced Wednesday, is part of a sweeping reorganization of the department that Secretary Michael Chertoff announced Wednesday. “Creation of a DHS policy shop has been suggested by members of Congress, (former Secretary Tom Ridge), and numerous outside experts,” Chertoff said. “Now is the time to make this a reality.” Baker is currently a partner at the Steptoe and Johnson law firm--which counts many technology companies as clients--and has been an important but polarizing fixture in many privacy debates during the last 15 years. Baker served as the general counsel of the National Security Agency--the bane of many civil libertarians--during the early 1990s. “For the civil liberties community, this could be a troubling appointment,” said Marc Rotenberg, director of the Electronic Privacy Information Center. “Stu Baker often stood on the other side of important national debates on protecting privacy and preserving open government.” [Editor: I don’t share Marc’s concerns. I find Stewart to be a careful, thoughtful, and well-informed lawyer who also possesses rarer attributes: he’s open-minded and an excellent listener. For me, he’s the ideal person for this new position. I *AM* sad that he’ll no longer be able to concoct the snappy headlines I’ve come to love in Steptoe & Johnson’s E-Commerce Law Week report!]

**** RESOURCES ****
EFF: LEGAL GUIDE FOR BLOGGERS (8 June 2005) -- Like all journalists and publishers, bloggers sometimes publish information that other people don’t want published. You might, for example, publish something that someone considers defamatory, republish an AP news story that’s under copyright, or write a lengthy piece detailing the alleged crimes of a candidate for public office. The difference between you and the reporter at your local newspaper is that in many cases, you may not have the benefit of training or resources to help you determine whether what you’re doing is legal. And on top of that, sometimes knowing the law doesn’t help - in many cases it was written for traditional journalists, and the courts haven’t yet decided how it applies to bloggers. But here’s the important part: None of this should stop you from blogging. Freedom of speech is the foundation of a functioning democracy, and Internet bullies shouldn’t use the law to stifle legitimate free expression. That’s why EFF created this guide, compiling a number of FAQs designed to help you understand your rights and, if necessary, defend your freedom. To be clear, this guide isn’t a substitute for, nor does it constitute, legal advice. Only an attorney who knows the details of your particular situation can provide the kind of advice you need if you’re being threatened with a lawsuit. The goal here is to give you a basic roadmap to the legal issues you may confront as a blogger, to let you know you have rights, and to encourage you to blog freely with the knowledge that your legitimate speech is protected.

A MODEL REGIME OF PRIVACY PROTECTION (by Daniel Solove, GW Law School, and Chris Hoofnagle, EPIC) -- Privacy protection in the United States has often been criticized, but critics have too infrequently suggested specific proposals for reform. Recently, there has been significant legislative interest at both the federal and state levels in addressing the privacy of personal information. This was sparked when ChoicePoint, one of the largest data brokers in the United States with records on almost every adult American citizen, sold data on about 145,000 people to fraudulent businesses set up by identity thieves. Other companies announced security breaches, including LexisNexis, from which personal information about 32,000 people was improperly accessed. Senator Schumer criticized Westlaw for making available to certain subscribers personal information including Social Security Numbers (SSNs). In the aftermath of the ChoicePoint debacle and other major information security breaches, both of us have been asked by Congressional legislative staffers, state legislative policymakers, journalists, academics, and others about what specifically should be done to better regulate information privacy. In response to these questions, we believe that it is imperative to have a discussion of concrete legislative solutions to privacy problems.

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School,
2. Edupage,
3. SANS Newsbites,
4. NewsScan and Innovation,
5. Internet Law & Policy Forum,
6. BNA’s Internet Law News,
7. The Ifra Trend Report,
8. Crypto-Gram,
9. David Evan’s “Internet and Computer News”,
10. Readers’ submissions, and the editor’s discoveries.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.