**************Introductory Note**********************
MIRLN (Misc. IT Related Legal News) is a free product of KnowConnect, Inc. (www.knowconnect.com) and the American Bar Association’s Cyberspace Law Committee. Please feel free to distribute this message.
Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at http://www.buslaw.org/cgi-bin/controlpanel.cgi?committee=CL320000 (click on “Settings” beside Members-Only Listserve Discussion). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.
Recent MIRLN editions are archived at www.vip-law.com and in the public materials section of the Cyberspace Committee’s collaboration space at http://lawplace.metadot.com.
**************End of Introductory Note***************
FCC EASES HIGH-SPEED NET RULES (Wired, 5 August 2005) -- Beginning in about a year, phone companies won’t have to lease their high-speed lines to competing internet service providers at government-set rates, the Federal Communications Commission decided. FCC Chairman Kevin Martin said the unanimous vote by the agency’s four commissioners “ends the regulatory inequities that currently exist between cable and telephone companies” providing broadband Internet services. Without guaranteed access at government-mandated rates, providers of digital service, or DSL, on lines now leased from the big regional Bells or smaller phone companies will have to negotiate with them over rates and access. Consumer advocates criticized the deregulation -- which will take effect after a one-year transition period -- contending it will lead to fewer choices and higher prices for consumers by forcing existing independent broadband providers out of the market. http://www.wired.com/news/business/0,1367,68453,00.html and http://www.siliconvalley.com/mld/siliconvalley/business/technology/12331081.htm
WASHINGTON ANTI-SPAM LAW SURVIVES CAN-SPAM PREEMPTION (Steptoe & Johnson’s E-Commerce Law Week, 6 August 2005) -- State legislators must be dancing the cancan after a federal court ruled that the CAN-SPAM Act does not preempt Washington State’s anti-spam statute, leaving the door open to additional such measures that are undoubtedly popular with consumers (and voters). In Gordon v. Impulse Marketing Group, Inc., the US District Court for the Eastern District of Washington denied the defendant’s motion to dismiss on the grounds that, among other things, the plaintiff’s claims under Washington’s anti-spam statute were preempted by federal law. The court ruled that since the state law prohibited “falsity and deception” in the subject line of an email, it was not preempted by the federal CAN-SPAM Act, which specifically exempts from its preemption provision state laws that “prohibit[] falsity or deception in any portion of a commercial electronic mail message.” http://www.steptoe.com/index.cfm?fuseaction=ws.getItem&pubItemId=10245&siteId=547
UNIVERSITY AS AUTHOR? (Inside Higher Ed, 8 August 2005) -- The Kansas Supreme Court will soon decide whether the Kansas Board of Regents has to negotiate its intellectual property policy in the future, or whether it can simply hand down a decree – even one that asserts ownership of all faculty work. If the court upholds the decision of a lower court, public institutions in Kansas will have the right to claim ownership of any faculty work, including books. In the current policy, faculty members keep their book rights, and revenue sharing is built in for technology copyrights, but, “if [the board] can unilaterally enact a policy, then tomorrow they could turn around and say ‘we own it, we get all the royalties,’” said John Mazurek, a lawyer representing the Kansas National Education Association. http://insidehighered.com/news/2005/08/08/kansas
GOOGLE URGED TO DROP REACTOR IMAGES (News.com.au, 8 August 2005) -- The head of Australia’s nuclear energy agency has called on the owners of an internet satellite program to censor images of the country’s only nuclear reactor. Australian Nuclear Science and Technology Organisation executive director Ian Smith said he would ask internet search engine Google to remove the Lucas Heights reactor from its Google Earth program. The online program combines satellite images with aerial photographs and maps to let users zoom in on almost any building in the world. While Google Earth “censors” the White House with blocks of colour over the roof and the nearby Treasury Department and Executive Office buildings, anyone with a computer and web connection can use the free program to see aerial shots of sensitive Australian sites such as the Lucas Heights reactor, the secret US spy base at Pine Gap, outside Alice Springs, and Parliament House in Canberra. http://www.news.com.au/story/0,10117,16183993-2,00.html
NEXT VERSION OF GPL COMING IN 2007 (PC World, 4 August 2005) -- The next version of the GPL (General Public License), GPL 3, is likely to appear in early 2007, according to a board member of the Free Software Foundation (FSF) who is working on drafting the future release. The GPL is the most popular license for free software and was created by Richard Stallman in 1989 for the GNU free software operating system project. Version 2 of the GPL appeared in 1991. “Version 2 has now been running for [nearly] 15 years without substantial modification,” says Eben Moglen, a member of the board of the Free Software Foundation and a professor of law and legal history at Columbia University Law School. “It [GPL 2] has successfully been used to go from a world in which free software was a very marginal community to one in which everyone, everywhere is aware of it.” Moglen, Stallman, and other members of the FSF are working on drafting GPL 3. “We need to globalize GPL,” Moglen says. “GPL 2 has elegantly worked outside of the U.S. in Europe and elsewhere, but it needs to become a bit more legally cosmopolitan” so that the license is more accessible to lawyers around the world, he adds. “The GPL depended heavily on the Berne Convention, but it’s still speaking language very reminiscent of U.S. copyright law,” Moglen says. “The GPL needs to recognize global copyright more explicitly. It sounds strange to lawyers in some countries.” The FSF also needs to clarify some language in the license that some English-speaking lawyers have had trouble with, he adds. http://www.pcworld.com/resource/printable/article/0,aid,122123,00.asp
SURVEY SHOWS MIXED IMPACT OF INTERNET ON STUDENTS (EDUPAGE, 8 August 2005) -- A survey conducted in May 2004 by Steve Jones, professor of communication at the University of Illinois at Chicago, and Camille Johnson-Yale, a graduate student in communication at the University of Illinois at Urbana-Champaign, determined that 42 percent of the professors surveyed saw a decline in the quality of student work with the advent of the Internet, while 22 percent noted an improvement. However, a majority of respondents, 67 percent, indicated that the Internet had improved their communication with students. The nationwide survey of 2,316 faculty elicited a concern with student plagiarism, and 74 percent of respondents said they use the Internet or other tools to detect plagiarism. The researchers have presented some of their findings at academic conferences and have submitted their work to a peer-reviewed academic journal. Chronicle of Higher Education, 7 August 2005 (sub. req’d) http://chronicle.com/prm/weekly/v51/i49/49a03201.htm
SARBANES-OXLEY TRUMPS IM AT SOME FIRMS (Computerworld, 8 August 2005) -- In another case of fallout from the passage of the Sarbanes-Oxley Act, some companies are disabling their instant messaging systems because of concerns that the technology’s security and archival controls aren’t strong enough to comply with the law, according to IT executives, lawyers and auditors interviewed last week. Section 302 of Sarbanes-Oxley requires CEOs and chief financial officers to certify that their companies have established internal controls and are regularly evaluating the effectiveness of the control measures. Although vendors such as FaceTime Communications Inc. and IMlogic Inc. offer tools for storing messaging traffic and protecting against malware, users like Jefferson Wells International Inc. are erring on the side of caution by simply unplugging their IM systems. Jefferson Wells disconnected its MSN Messenger system because of concerns that the company wouldn’t be able to detect software viruses embedded in messages, said Scott Robertson, manager of corporate IT operations at the Brookfield, Wis.-based provider of technology risk management and other professional services. http://www.computerworld.com/governmenttopics/government/policy/story/0,10801,103752,00.html
RESEARCH COMPANY MULLS OVER NO DISCLOSURE POLICY (
SANS NewsBites, 8 August 2005) -- David Litchfield of Next Generation Security Software Ltd. says his company is considering moving to a “no disclosure” policy regarding software flaws; instead, the company would share information about vulnerabilities it discovered only with the affected vendors. This marks a change from the company’s earlier stance on disclosing flaws which netted them trouble from vendors unhappy with their practices. NGSS amended their policy after a talk Mr. Litchfield gave in 2002 detailing a vulnerability in Microsoft’s SQL Server database, for which a patch was already available, was followed closely by the appearance of the Sasser worm which took advantage of that vulnerability. NGS then decided to give the vendor 90 days to develop and release a patch before releasing details of the flaw. Mr. Litchfield told eWeek he feels the terrain has changed in the past several years: “How many times do you have to teach people about buffer overflows? If people are not educated by now, they’re never going to be.” http://www.eweek.com/print_article2/0,1217,a=157384,00.asp [SANS Editor’s Note (Pescatore): It is a no-brainer to say vulnerability discoverers never need to give out exploit code, and it is *almost* a no brainer to say that they should make no disclosure at all, other than what they give to the software vendor. However, one part of me remembers the bad old days when vendors never had any pressure to fix software and enterprises never bothered to patch when fixes did come out. This leads directly to the tremendous impact of Code Red/Nimda/Blaster/Slammer - and actually the Morris worm long before that. There still needs to be pressure but I don’t think there can be a fixed time period for complex issues, but 90 days might be good as a minimum.]
WRITTEN OPINION IN GOOGLE V. GEICO RELEASED (BNA’s Internet Law News, 9 August 2005) -- Months after the oral ruling, the judge in the Google v. Geico case has released a written opinion. The judge emphasized the ruling applies only to the specific facts of the case. Decision at http://blog.ericgoldman.org/archives/geicogoogleaug2005.pdf
BRIT LICENSE PLATES GET CHIPPED (Wired, 9 August 2005) -- The British government is preparing to test new high-tech license plates containing microchips capable of transmitting unique vehicle identification numbers and other data to readers more than 300 feet away. Officials in the United States say they’ll be closely watching the British trial as they contemplate initiating their own tests of the plates, which incorporate radio frequency identification, or RFID, tags to make vehicles electronically trackable. http://www.wired.com/news/privacy/0,1848,68429,00.html?tw=wn_tophead_1
FEDS FUND VOIP TAPPING RESEARCH (CNET, 9 August 2005) -- The federal government is funding the development of a prototype surveillance tool by George Mason University researchers who have discovered a novel way to trace Internet phone conversations. Their project is designed to let police identify whether suspects under surveillance have been communicating through voice over Internet Protocol (VoIP)--information that would be unavailable today if people choose to communicate surreptitiously. The eavesdropping technique already has been shown to work with Skype, the researchers say. “From a privacy advocate’s point of view, this is an attack on privacy,” Xinyuan Wang, an assistant professor of software engineering and principal investigator, said Tuesday. “From a police point of view, this is a way to trace things.” To translate his research into a tool that could be used by police in a successor version of the FBI’s Carnivore system, Wang received a grant of $307,436 from the National Science Foundation this month. The grant calls for the development of a prototype VoIP-tracing application to provide a “critical but currently missing capability in the fight on crime and terrorism.” The NSF grant comes as federal police are fretting about criminals using VoIP to mask their communications. The Federal Communications Commission on Friday approved mandatory wiretapping requirements for some VoIP providers, and the FBI has been warning for more than two years that VoIP may become a “haven for criminals, terrorists and spies.” At the moment, two Skype users who wish to conceal the fact that they’re chatting can direct their computers to bounce their conversation off a commercial anonymizing service, sometimes called a proxy service. Such services are offered by FindNot.com, Proxify.us and Anonymizer.com. The FBI or any other government agency that’s eavesdropping on both ends of the link would see that each person was connected to the anonymizing server--but couldn’t know for sure who was talking to whom. The more customers who use the service at once, the more difficult it would be for investigators to connect the dots. Wang discovered he could embed a unique, undetectable signature in Skype packets and then identify that signature when they reached their destination. The technique works in much the same way as a radioactive marker that a patient swallows, permitting doctors to monitor its progress through the digestive system. http://news.com.com/2100-7348_3-5825932.html
TERROR THREAT SHARPENS FOCUS ON URBAN SPY CAMERAS (SiliconValley.com, 10 August 2005) -- The striking images of London subway bombers captured by the city’s extensive video surveillance system, and a rising sense that similar attacks could happen in the United States, is stirring renewed interest in expanding police camera surveillance of America’s public places. In the aftermath of the London bombings, Sen. Hillary Clinton, D-N.Y., a liberal with a strongly pragmatic bent, called for installing more cameras to monitor passengers in the New York City subway system. Washington Mayor Anthony Williams, whose post-Sept. 11 efforts to build a video surveillance system for downtown areas were curtailed by resistance from the D.C. City Council and some members of Congress, cited the attacks to press for broader use of cameras. Meanwhile, Chicago, with the largest public video surveillance system in the country, is proceeding with plans to expand its 2,000-camera network and is beginning to encourage businesses to provide the city live feeds from their surveillance cameras. The London bombings showcased the capabilities of a modern, digital video surveillance system. After both the July 7 and July 21 attacks, authorities quickly produced relatively high-resolution images of the bombers that figured prominently in fast-moving investigations. But to critics, whose reservations are based primarily on privacy concerns, the London attacks also highlighted the limitations of camera surveillance. London has one of the world’s largest surveillance systems -- the average person there is photographed by 300 cameras in the course of a day, according to an often-cited 1999 calculation by two British academics -- yet that did not prevent terrorist bombings in the heart of the city. ``It’s very difficult to make a case that the cameras are a deterrent to the most determined terrorists, those who intend to give up their life,” said Brian Jenkins, a terrorism expert and senior adviser to the president of RAND Corp. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/12350080.htm
U.S. COPYRIGHT OFFICE POLL: IE-ONLY OK? (CNET, 10 August 2005) -- Signaling a new addition to the list of browser-specific Web sites, the U.S. Copyright Office solicited opinions on a planned Internet Explorer-only zone. The office, a division of the Library of Congress, invited comments through Aug. 22 on an upcoming Web service for prospective copyright owners that may launch with support for only limited browsers. “At this point in the process of developing the Copyright Office’s system for online preregistration, it is not entirely clear whether the system will be compatible with Web browsers other than Microsoft Internet Explorer versions 5.1 and higher,” the office said in its notice. “In order to ensure that preregistration can be implemented in a smoothly functioning and timely manner, the office now seeks comments that will assist it in determining whether any eligible parties will be prevented from preregistering a claim due to browser requirements of the preregistration system.” http://news.com.com/2100-1038_3-5827627.html [Editor: I vote “no”. Other negative reaction at http://www.washingtonpost.com/wp-dyn/content/article/2005/08/24/AR2005082401988.html ]
COMPREHENSIVE DATABASE OF COMPUTER VULNERABILITIES NOW AVAILABLE (NIST, 10 August 2005) – Cyber attackers are constantly scanning the Internet looking for vulnerabilities in computer systems that will enable them to take control and use the systems for illegal or unethical activities such as identity theft, industrial espionage or distributing spam. For those trying to prevent such attacks, keeping up with the 300 or so new vulnerabilities discovered each month can be an overwhelming task, especially since a single flaw can be known by numerous names. The new National Vulnerability Database (NVD) from the National Institute of Standards and Technology (NIST) will make it easier for system administrators and other security professionals to learn about vulnerabilities and how to remediate them. The NVD is a comprehensive database that integrates all publicly available U.S. government resources on vulnerabilities and provides links to many industry resources. NVD is built upon a dictionary of standardized vulnerability names and descriptions called Common Vulnerabilities and Exposures. [NIST DB at http://nvd.nist.gov/] Coverage at http://www.fcw.com/article89911-08-15-05-Print and http://online.securityfocus.com/news/11278
CRITICS SLAM NET WIRETAPPING RULE (Wired, 11 August 2005) -- An FCC ruling that internet telephony services must provide the same built-in wiretapping capabilities as conventional phone companies has civil libertarians feeling burned. “I think a legal challenge is highly likely at this point,” said John Morris, an attorney with the Center for Democracy and Technology. The FCC announced that some voice over internet protocol, or VOIP, companies are substantial replacements for old-fashioned telephone service, and must equip their systems to respond to federal wiretap orders. The services will have 18 months to comply with the order, which also applies to cable-modem companies and other broadband providers. While the full text of the ruling has yet to be released, critics say the announcement marks a significant expansion of the Communications Assistance for Law Enforcement Act, or CALEA, which drew a line between “information services” and phone networks. http://www.wired.com/news/privacy/0,1848,68483,00.html
NEW ENERGY BILL HAS CYBERSECURITY REPERCUSSIONS (Computerworld, 11 August 2005) -- The new energy bill signed into law by President Bush this week is expected to have the greatest impact on IT departments at power companies because it allows federal enforcement of upcoming cybersecurity standards, according to industry IT executives and other experts. Under the new law, the Federal Energy Regulatory Commission (FERC) has the authority to establish a national electric reliability organization with the power to oversee and audit reliability standards. Instead of developing its own standards, the FERC plans to adopt those set by the North American Electric Reliability Council (NERC), said Ellen Vancko, a spokeswoman for the organization. The NERC is a Princeton, N.J.-based voluntary organization that sets standards for the reliable operation and planning of the nation’s bulk electricity system. A spokeswoman for the FERC was unable to confirm the agency’s plans today. The NERC is developing cybersecurity standards (see “Utility cybersecurity plan questioned”) that cover areas ranging from the security of critical cyber assets to personnel screening and training requirements. The standards, known as CIP-002 to CIP-009, have been in the works for the past two years. http://www.computerworld.com/governmenttopics/government/legalissues/story/0,10801,103834,00.html?source=x62
LLOYD’S TAKING ON OPEN SOURCE IP RISK (Register, 12 August 2005) -- Lloyd’s of London is close to offering independent insurance protection worldwide against potential IP litigation involving Linux and open source software. The financial services giant has agreed to take on the risk associated with open source, and is finalizing arrangements to work through Open Source Risk Management (OSRM) who will become Lloyd’s sole US representative. OSRM will assess both the risk of the software in use and the individual company, before passing on the risk to the appropriate insurance company on the Lloyds market. OSRM expects to announce the first customers this Fall, and will initially charge organizations $60 per server. The partnership between OSRM and Lloyd’s will be vendor independent, differing from many of the existing intellectual property (IP) protection programs that are primarily designed to ward off attack from the litigous SCO Group. Red Hat, Hewlett Packard and Novell in January 2004 all announced separate protection for customers using their Linux products. JBoss in April this year announced indemnification for its middleware, including JBoss application sever, Cache and Hibernate object relational mapping technology. http://www.channelregister.co.uk/2005/08/12/opensource_indemnification/
COURT REVIVES INDICTMENT IN E-MAIL INTERCEPTION CASE (SiliconValley.com, 11 August 2005) -- A federal appeals court Thursday revived the government’s online eavesdropping prosecution against an executive of a company that offered e-mail service and surreptitiously tracked its subscribers’ messages. The case, closely watched by Internet privacy groups, had been dismissed in 2003 by a judge who found it was acceptable for the company -- an online literary clearinghouse -- to make copies of the e-mails so it could peruse messages sent to its subscribers by rival Amazon.com Inc. An executive of the now-defunct clearinghouse, Interloc Inc., was indicted in 2001. Prosecutors argued that intercepting e-mail before the messages were transmitted to recipients amounted to an offense under the federal Wiretap Act. But the executive, Bradford Councilman, argued that no violation of the Wiretap Act had occurred because the e-mails were copied while in ``electronic storage” -- in the process of being routed through a network of servers to recipients. A District Court judge in Boston agreed and dismissed the case. Then a three-judge panel of the Boston-based 1st U.S. Circuit Court of Appeals upheld the dismissal in June 2004, prompting the government to appeal to the full appeals court. In Thursday’s 5-2 decision, the full court said the e-mail interception could be considered illegal and reinstated the indictment, sending the case back to the District Court. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/12360782.htm Decision at http://www.ca1.uscourts.gov/pdf.opinions/03-1383EB-01A.pdf
A HOLLYWOOD MOMENT IN DELAWARE (New York Times, 13 August 2005) -- A DELAWARE judge ruled this week that Disney’s board was not liable to shareholders for allowing Michael D. Eisner, its chief executive at the time, to pay Michael S. Ovitz about $58,000 an hour to, as it turned out, spend 14 months alienating Disney workers and hatching plans that other executives rejected out of hand. Mr. Ovitz was fired as president in December 1996. Thanks to the severance package he negotiated, he walked away with $140 million. The legal arguments were complex, as shown by the 175-page ruling handed down by Chancellor William B. Chandler III of Delaware Chancery Court. An online panel of law professors convened by the Conglomerate Blog has been kicking the decision around this week. Anyone who slogs through the panel’s comments on www.theconglomerate.org will get a decent primer on the legal aspects of executive compensation and fiduciary duty. http://www.nytimes.com/2005/08/13/technology/13online.ready.html?ex=1281585600&en=45a519c01f8b2288&ei=5090&partner=rssuserland&emc=rss
CISCO AND ISS HARASS SECURITY RESEARCHER (Crypto-Gram, 15 August 2005) – [Worthwhile editorial by IT security expert Bruce Schneier on the recent lawsuit by Cisco to quiet a researcher’s symposium discussion of another Cisco vulnerability. This dispute was discussed in MIRLN 8.09 at http://www.vip-law.com/mirln8_09.htm] http://www.schneier.com/crypto-gram-0508.html#2
FROM LOVE TO LONGING TO PROTEST, IT’S ALL IN THE TILT OF THE POSTAGE (New York Times, 15 August 2005) - Every other day, when Janie Bielefeldt writes to her husband, who is deployed in Afghanistan, she places her stamps upside down and diagonally on the letters as a way to say “I miss you.” Susan Haggerty says “I love you” by putting her stamps upside down on letters to her son, stationed in Iraq. For most people, the front of an envelope is simply a place for addresses and postage, and a crooked stamp indicates little more than that the sender was in a hurry. But for others, this tiny sliver of real estate is home to a coded language, hidden in plain sight, that has been passed down through the generations for more than a century. A long-distance version of the romantic language of hand-held fans and flowers, the so-called language of stamps emerged in the Victorian era as a discreet method of courtship at a time when parents often censored mail. And though, like the epistolary tradition itself, the stealthy code has waned with the emergence of technology, it replenishes itself ever so slightly in the face of war, distance, parental disapproval and anything else that might get in the way of people’s connection to each other. “It tends to resurge during war times or whenever else there are large numbers of people separated from their loved ones,” said John M. Hotchner, a former president of the American Philatelic Society. And while the struggle to cope with longing is at least as old as language itself, the placement of stamps to send messages had its heyday during the 1890’s in England with the popularity of postcards, said Roy Nuhn, a researcher who has studied the history of stamp placement. More than a trivial sideshow, the practice of conveying secret messages from the front of mail long precedes the language of stamps and the use of these codes is part of the reason that we prepay for our postage today. Before 1840, when postage stamps were first used in England, the recipient of a letter paid for its postage. And since the cost was often prohibitively expensive, people began placing small marks and symbols on the front of mail. These codes allowed senders to convey a message to the recipient without obliging the recipient to pay for the formal acceptance of the letter. The loss of revenue from the use of these codes was one of the reasons that the British government adopted the system of prepaid stamps that is used almost everywhere now. “It was not unlike the tactic that some people use today with phone calling,” Mr. Hotchner said. “While traveling, people often tell their family back home that they will call at a designated time and let the phone ring only once before hanging up as a way of saying that they have arrived safely, without having to pay for the call.” http://www.nytimes.com/2005/08/15/national/15stamps.html?ex=1281758400&en=5fd5db52baa751d0&ei=5090&partner=rssuserland&emc=rss
ATOS ORIGIN PREDICTS OPEN SOURCE SOFTWARE LANDSCAPE (Computer Business Review, 15 August 2005) -- IT services provider Atos Origin SA has predicted a forthcoming change in the software landscape based on the results of a survey it has carried out in conjunction with the UK’s National Computing Centre. The research was undertaken by the NCC with the Atos Consulting arm of the Paris, France-based services firm, and revealed that more than two-thirds of the senior IT professionals questioned expect their companies to develop an open source strategy in the next five years, despite ongoing caution about the adoption of open source in the UK. The survey, which was compiled through over 140 web-based questionnaires completed by senior UK IT professionals in May and June, indicated that over 60% believe open source will either increase its presence in certain business areas or be a fundamental component in core IT systems, while 73% expect open source to develop within their organizations’ IT strategy over the next five years. http://www.cbronline.com/article_news.asp?guid=96BD2055-DC6E-4D49-B0CF-50C52AEFFD14
DOD LOOKS TO PUT PIZZAZZ BACK IN PKI (Network World, 15 August 2005) -- The U.S. military has started the process of making critical changes to its public-key infrastructure , which uses digital certificates for e-mail and Web security, in order to cope with scalability problems. In the eight years since the U.S. Department of Defense started using the PKI certificate management system it bought from Netscape Communications, it has issued more than 16 million digital certificates. Most of them are stored on the department’s common access smartcard, which is the main ID card used by the Army, Navy, Air Force and Marines. Along the way, the military also has revoked 10 million certificates as personnel and network needs change. That huge certificate revocation list (CRL) - which has bloated to over 50M bytes in file size - is the crux of the problem facing the Defense Department, because the entire CRL is supposed to be downloaded daily to every PKI user’s desktop at the department from servers acting as distribution points. The time-delay and bandwidth consumption of this large file download, even when there’s a high-speed LAN available, is a source of dissatisfaction to military planners. In addition, the download is poorly adapted to the needs of mobile units and ships. The Defense Department is seeking to eliminate CRL downloads by deploying a new set of PKI appliances called Online Certificate Status Protocol (OCSP ) responders, which store CRLs and automatically provide short answers to desktop users about whether a certificate is good or bad instead of forcing them to download a whole certificate list. “If you have an official DOD e-mail account, you also get an e-mail digital certificate,” says Gil Nolte, director of the Defense Department’s program management office for PKI at the National Security Agency. Nolte says about 4 million certificates are in use in the military today. A digital certificate links a person’s identity with a unique pair of public-private encryption keys that can be used for purposes such as signing and encrypting electronic documents, verifying sender identity and document validation. http://www.networkworld.com/news/2005/081505-pki.html?net&story=081505-pki&code=nlnetflash5473
A GOOD REPORT ON AIDS, AND SOME CREDIT THE WEB (New York Times, 18 August 2005) -- The national Centers for Disease Control and Prevention estimated in a report in June that new infections in San Francisco among men who have sex with men were occurring at about half the rate previously calculated by city health officials - 1.2 percent a year instead of 2.2 percent. That is the lowest rate reported in San Francisco since 1997 and the lowest among five cities with significant gay populations studied by the disease control agency. Since the report’s release, health officials here, known for their cautious approach to shifts in AIDS trends, have been scrambling to confirm the results and offer an explanation. Some officials have said that the decline has been fueled by conventional efforts like stepped-up H.I.V. treatment programs, easier and more regular tests, and so-called harm-reduction strategies like discouraging the use of crystal methamphetamine, a drug blamed for helping to spread the disease by lowering inhibitions. But other signs, like the proliferation of matchmaking Web sites for men infected with H.I.V. and the relatively high number of men here who know their H.I.V. status, point to a growth in the number of men looking for partners with the same status. The practice is known as sero-sorting, which involves men choosing sex partners based on their common serostatus, a term that refers to the presence of antibodies to a particular infectious agent in the blood. “Studies have shown when people have knowledge of their sero-status, they take that knowledge and use it to protect their partners,” said Dr. Patrick S. Sullivan, chief of the behavioral and clinical surveillance branch at the disease control centers. “Sero-sorting is one piece of that whole benefit that arises from people learning their status through H.I.V. testing.” http://www.nytimes.com/2005/08/18/health/18aids.html
EUROPE ADDS FUEL TO THE GROKSTER FIRE (Steptoe & Johnson’s E-Commerce Law Week, 20 August 2005) -- Less than two weeks after file-sharers and peer-to-peer software developers got singed by the Supreme Court’s decision in MGM Studios, Inc. v. Grokster, Ltd., the European Commission added fuel to the fire with its proposed directive and framework decision on copyright infringement. The EC proposal would criminalize not only direct copyright infringement, but also “attempting, aiding or abetting and inciting” such infringement. So while the EU has not gone as far as the U.S. in extending the terms of some copyrights (in 1998, the U.S. extended corporate copyrights to 95 years, to the benefit of big content owners), EU copyright enforcement rules may become even stricter than those in the land of the free and the home of the RIAA. In Grokster, which involved peer-to-peer file sharing software that had been used to share copyrighted music and video files, the Supreme Court held that “one who disributes a device with the object of promoting its use to infringe copyright, as shown by clear expression or other affirmative steps taken to foster infringement, is liable for the resulting acts of infringement by third parties.” But the EC’s proposal goes even further than Grokster. For while Grokster involved potential civil liability for contributory infringement, the proposed EU directive would make such indirect copyright infringement a criminal offense. http://www.steptoe.com/index.cfm?fuseaction=ws.getItem&pubItemId=10358&siteId=547
MUSIC FILE SHARING TO BE OFFERED LEGALLY (The Guardian, 22 August 2005) -- Online music fans will for the first time be able to legally share tracks by big names such as Oasis, Beyonce, David Bowie and Elvis Presley after the artists’ record label signed a ground-breaking deal with a new internet service provider. In what some see as signalling a dramatic shift in the way consumers buy music, the provider, Playlouder, has licensed acts from SonyBMG, the world’s second largest record label, and is confident that the other two big record labels, Universal and EMI, will follow suit. Playlouder is offering the first legal alternative with a comparable experience to the “peer to peer” file sharing sites often used to swap pirated tracks. Subscribers will be charged £26 a month for a high speed broadband internet connection, similar to the price charged by BT, with the added attraction of being able to share as much music as they want with other subscribers at no extra cost. Because there will be no restrictions on the format in which the traded music is encoded, users will be free to transfer songs to any type of digital music player, including the market leading Apple iPod, or burn them to CD. http://www.guardian.co.uk/arts/netmusic/story/0,13368,1553962,00.html
FEDS IT SPENDING SPIKES (FCW.com, 24 August 2005) -- There was a surge in fiscal third quarter federal contract award activity, Input, the market research firm reported, citing the Navy as the main contributor. Government awards of information technology-related prime contracts rose to $67 billion during the government’s fiscal 2005 third quarter, a 190 percent increase compared to the year-earlier quarter. Input said the Navy drove the bulk of the activity, generating close to $57 billion in awards. Most of the Navy’s award activity stemmed from a single vehicle: the Navy’s SeaPort Enhanced Rolling Admissions multiple-award contract. That deal, awarded in May, has a ceiling of $54.7 billion, according to Input. The vehicle provides a range of IT services including systems engineering, logistics support and information assurance. http://www.fcw.com/article90331-08-24-05-Web
PROFILING REPORT LEADS TO A DEMOTION (New York Times, 24 August 2005) -- The Bush administration is replacing the director of a small but critical branch of the Justice Department, months after he complained that senior political officials at the department were seeking to play down newly compiled data on the aggressive police treatment of black and Hispanic drivers. The demotion of the official, Lawrence A. Greenfeld, whom President Bush named in 2001 to lead the Bureau of Justice Statistics, caps more than three years of simmering tensions over charges of political interference at the agency. And it has stirred anger and tumult among many Justice Department statisticians, who say their independence in analyzing important law enforcement data has been compromised. The April study by the Justice Department, based on interviews with 80,000 people in 2002, found that white, black and Hispanic drivers nationwide were stopped by the police that year at about the same rate, roughly 9 percent. But, in findings that were more detailed than past studies on the topic, the Justice Department report also found that what happened once the police made a stop differed markedly depending on race and ethnicity. Once they were stopped, Hispanic drivers were searched or had their vehicles searched by the police 11.4 percent of the time and blacks 10.2 percent of the time, compared with 3.5 percent for white drivers. Blacks and Hispanics were also subjected to force or the threat of force more often than whites, and the police were much more likely to issue tickets to Hispanics rather than simply giving them a warning, the study found. In April, as the report was being completed, Mr. Greenfeld’s office drafted a news release to announce the findings and submitted it for review to the office of Tracy A. Henke, who was then the acting assistant attorney general who oversaw the statistics branch. The planned announcement noted that the rate at which whites, blacks and Hispanics were stopped was “about the same,” and that finding was left intact by Ms. Henke’s office, according to a copy of the draft obtained by The New York Times. But the references in the draft to higher rates of searches and use of force for blacks and Hispanics were crossed out by hand, with a notation in the margin that read, “Do we need this?” A note affixed to the edited draft, which the officials said was written by Ms. Henke, read “Make the changes,” and it was signed “Tracy.” That led to a fierce dispute after Mr. Greenfeld refused to delete the references, officials said. http://www.nytimes.com/2005/08/24/politics/24profiling.html?ex=1282536000&en=157817afd343a6b3&ei=5090&partner=rssuserland&emc=rss
FEDERAL APPEAL CT. REVERSES STORAGETEK DMCA DECISION (BNA’s Internet Law News, 25 August 2005) -- The Federal Circuit Court of Appeals has reversed a lower court decision that blocked an independent service vendor who offered repair and maintenance on StorageTek machines. The court ruled that the DMCA cannot be used to sue such vendors when the repair and maintanence itself does not violate any rights under copyright law. Decision at http://fedcir.gov/opinions/04-1462.pdf
CELLPHONES CATAPULT RURAL AFRICA TO 21ST CENTURY (New York Times, 25 August 2005) -- On this dry mountaintop, 36-year-old Bekowe Skhakhane does even the simplest tasks the hard way. Fetching water from the river takes four hours a day. To cook, she gathers sticks and musters a fire. Light comes from candles. But when Ms. Skhakhane wants to talk to her husband, who works in a steel factory 250 miles away in Johannesburg, she does what many in more developed regions do: she takes out her mobile phone. People like Ms. Skhakhane have made Africa the world’s fastest-growing cellphone market. From 1999 through 2004, the number of mobile subscribers in Africa jumped to 76.8 million, from 7.5 million, an average annual increase of 58 percent. South Africa, the continent’s richest nation, accounted for one-fifth of that growth. Asia, the next fastest-expanding market, grew by an annual average of just 34 percent in that period. “It is a necessity,” said Ms. Skhakhane, pausing from washing laundry in a plastic bucket on the dirt ground to fish her blue Nokia out of the pocket of her flowered apron. “Buying air time is part of my regular grocery list.” She spends the equivalent of $1.90 a month for five minutes of telephone time. Africa’s cellphone boom has taken the industry by surprise. Africans have never been rabid telephone users; even Mongolians have twice as many land lines per person. And with most Africans living on $2 a day or less, they were supposed to be too poor to justify corporate investments in cellular networks far outside the more prosperous cities and towns. But when African nations began to privatize their telephone monopolies in the mid-1990’s, and fiercely competitive operators began to sell air time in smaller, cheaper units, cellphone use exploded. It turned out that Africans had never been big phone users because nobody had given them the chance. One in 11 Africans is now a mobile subscriber. Demand for air time was so strong in Nigeria that from late 2002 to early 2003 operators there were forced to suspend the sale of subscriber identity module cards, or SIM cards, which activate handsets, while they strengthened their networks. Although only about 60 percent of Africans are within reach of a signal, the lowest level of penetration in the world, the technology is for many a social and economic godsend. One pilot program allows about 100 farmers in South Africa’s northeast to learn the prevailing prices for produce in major markets, crucial information in negotiations with middlemen. Health-care workers in the rural southeast summon ambulances to distant clinics via cellphone. One woman living on the Congo River, unable even to write her last name, tells customers to call her cellphone if they want to buy the fresh fish she sells. “She doesn’t have electricity, she can’t put the fish in the freezer,” said Mr. Nkuli of Vodacom. “So she keeps them in the river,” tethered live on a string, until a call comes in. Then she retrieves them and readies them for sale. http://www.nytimes.com/2005/08/25/international/africa/25africa.html?ex=1282622400&en=32b49363eac57aae&ei=5090&partner=rssuserland&emc=rss
COURTS ENFORCE HYPERLINKED ONLINE CONTRACTS IN PAIR OF CASES (BNA’s Internet Law News, 25 August 2005) -- BNA’s Electronic Commerce & Law Report reports on two recent cases in which courts enforced online courts. In a case involving a website’s privacy policy, a New York federal district court ruled that the terms of an airline Web site’s privacy policy, viewable via a hyperlink, are an enforceable part of the contract for an airline ticket. Similarly, an Illinois appellate court ruled that contract terms containing a mandatory arbitration clause, accessible via a hyperlink visible on each page of the online ordering process, were a part of the contract for a computer purchase. NY case name is In re JetBlue Airways Corp. Privacy Litigation. Illinois case is Hubbert v. Dell Corp., which is online at http://www.state.il.us/court/Opinions/AppellateCourt/2005/5thDistrict/August/Html/5030643.htm
LIBRARIES OFFERING AUDIOBOOK DOWNLOADS (SiliconValley.com, 25 August 2005) -- A new way to borrow audiobooks from the library involves no CDs, no car trips, no fines and no risk of being shushed. Rather, public libraries from New York City to Alameda, Calif., are letting patrons download Tom Clancy techno-thrillers, Arabic tutorials and other titles to which they can listen on their computers or portable music players -- all without leaving home. Librarians say such offerings help libraries stay relevant in the digital age. There’s still one big hitch, though: The leading library services offer Windows-friendly audiobook files that can’t be played on Apple Computer Inc.’s massively popular iPod player. Vendors such as OverDrive Inc. and OCLC Online Computer Library Center Inc.’s NetLibrary have licensing deals with publishers and provide digital books using Microsoft Corp.’s Windows Media Audio format, which includes copyright protections designed to help audiobooks stand apart from the often lawless world of song swapping. A patron with a valid library card visits a library Web site to borrow a title for, say, three weeks. When the audiobook is due, the patron must renew it or find it automatically ``returned” in a virtual sense: The file still sits on the patron’s computer, but encryption makes it unplayable beyond the borrowing period. http://www.siliconvalley.com/mld/siliconvalley/business/technology/12475303.htm
F.B.I., USING PATRIOT ACT, DEMANDS LIBRARY’S RECORDS (New York Times, 26 August 2005) -- Using its expanded power under the antiterrorism law known as the USA Patriot Act, the F.B.I. is demanding library records from a Connecticut institution as part of an intelligence investigation, the American Civil Liberties Union said Thursday. The demand is the first confirmed instance in which the Federal Bureau of Investigation has used the law in this way, federal officials and the A.C.L.U. said. The government’s power to demand access to library borrowing records and other material showing reading habits has been the single most divisive issue in the debate over whether Congress should extend key elements of the act after this year. Because of federal secrecy requirements, the A.C.L.U. said it was barred from disclosing the identity of the institution or other main details of the bureau’s demand, but court papers indicate that the target is a library in the Bridgeport area. In the debate over the future of the antiterrorism law, the administration has said that it has never used the so-called library provision in the law, which falls under Section 215, to demand records from libraries or booksellers. The A.C.L.U. said that in the Connecticut case, the bureau was using a separate investigative tool, a type of administrative subpoena known as a national security letter, to get records related to library patrons, reading materials and patrons’ use of the Internet. The bureau’s power to use national security letters to demand records without a judge’s approval was expanded under the antiterrorism law. Last year, a federal judge in Manhattan struck down part of the subpoena provision as unconstitutional, in part because it allowed for no judicial oversight, but the Justice Department is appealing the ruling. http://www.nytimes.com/2005/08/26/politics/26patriot.html?ex=1282708800&en=c26ca71a8d64b704&ei=5090&partner=rssuserland&emc=rss
**** RESOURCES ****
BEST OF THE WEB DIRECTORY (Forbes, August 2005) -- If Google or Yahoo searches aren’t your idea of conquering the Web’s vastness in an efficient manner, Best of The Web’s directory will deliver the highly relevant results you are seeking. Our editors continue to uncover the most interesting and useful sites in scores of well-defined categories, including a newly added section dedicated to Blogs. We identify the best blogs in categories ranging from Art and Literary Blogs, to Small Business, Marketing, Shopping and Music Blogs. You’ll find more than 3,000 sites reviewed here, each selected according to five criteria: Content, Design, Speed, Navigation and Customization. Looking for only the best of the best? Our Forbes Favorites are clearly marked at the beginning of each category. http://www.forbes.com/bow/b2c/main.jhtml [Editor: Thanks to Alan Rothman’s blog for recommending this resource: http://thesubwayfold.typepad.com/weblog/web_resources/index.html]
**** OTHER ****
ASSESSING THE INTERNET: LESSONS LEARNED, STRATEGIES FOR EVOLUTION, AND FUTURE POSSIBILITIES (Vint Cerf and Bob Kahn, Recipients of the ACM 2004 Turing Award, 22 August 2005) – Archived webcast at http://www.acm.org/sigs/sigcomm/sigcomm2005/webcast.html [Editor: Long time Cyberspace committee members will remember Bob Kahn from our Washington D.C. dinner during the January 2001 winter working meeting. After introductions, the discussion/lecture begins at 14m. Other observations:
• Secretary Chertoff and Dr. Cerf look enough alike to be brothers;
• Security capabilities and issues @24m
• P2P @32m
• IP and ownership @48m
• Interplanetary internet challenges (delay-and-disruption-tolerant networks) @63m
• Creativity in a regulated environment @65m
• Q&A segment begins @69m (e.g., expanded uses of DNS @77m, and the initial concept of packet-switching @86m)]
SOURCES:
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu.
2. Edupage, http://www.educause.edu/pub/edupage/edupage.html.
3. SANS Newsbites, sans@sans.org.
4. NewsScan and Innovation, http://www.newsscan.com.
5. Internet Law & Policy Forum, http://www.ilpf.org.
6. BNA’s Internet Law News, http://ecommercecenter.bna.com.
7. The Ifra Trend Report, http://www.ifra.com/website/ifra.nsf/html/ITR-HTML.
8. Crypto-Gram, http://www.schneier.com/crypto-gram.html.
9. Gordon & Glickson’s Articles of Note, http://www.ggtech.com
10. Readers’ submissions, and the editor’s discoveries.
PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.
MIRLN stands for Miscellaneous IT Related Legal News, since 1997 a free monthly e-newsletter edited by Vince Polley (www.knowconnect.com). Earlier editions, and email delivery subscription information, are at http://www.knowconnect.com/mirln/
Saturday, August 27, 2005
Saturday, August 06, 2005
MIRLN -- Misc. IT Related Legal News [16 July – 6 August 2005; v8.09]
**************Introductory Note**********************
MIRLN (Misc. IT Related Legal News) is a free product of the American Bar Association’s Cyberspace Law Committee. Please feel free to distribute this message.
Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at http://www.buslaw.org/cgi-bin/controlpanel.cgi?committee=CL320000 (click on “Settings” beside Members-Only Listserve Discussion). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.
Recent MIRLN editions are archived at www.vip-law.com and in the public materials section of the Cyberspace Committee’s collaboration space at http://lawplace.metadot.com.
**************End of Introductory Note***************
HARRY POTTER AND THE RIGHT TO READ (Toronto Star, 18 July 2005) -- Along with millions worldwide who scooped up the latest Harry Potter tome over the weekend, the 41 schools that make up Manitoba’s Frontier School Division no doubt purchased several copies for their students. The link that connects Harry Potter and the school division that serves northern Manitoba extends beyond a mutual interest in children’s books. Both were at the centre of situations last week that illustrate how good news culture and heritage stories can easily be transformed when copyright law goes awry. The Harry Potter incident is widely known since it generated global attention. A grocery store in Coquitlam, British Columbia inadvertently sold 14 copies of the new Harry Potter book prior to its official sale date of July 16, 2005. Reports indicate that Raincoast Books, the Canadian publisher, mistakenly failed to include a notice on the shipping box that the books were not to be sold in advance. When Raincoast was informed of the sales, it joined with author J.K. Rowling and Bloomsbury Publishing, the British publisher, to seek a court order from the British Columbia Supreme Court to keep the book and its contents under wraps. Had Raincoast limited the requested order to stopping Canadian booksellers from selling the book, the issue would have attracted little attention. Rather than adopting that approach, however, Raincoast also directly targeted the 14 purchasers who had lawfully purchased copies of the book. The order compelled anyone with a copy of the book to return it to the publisher along with any notes and other descriptions of its contents. Moreover, it prohibited Canadians from reading or discussing any aspect of the book. [Read on.] http://www.michaelgeist.ca/index.php?option=content&task=view&id=896
-- and --
ONLINE PIRATES POUNCE ON NEW HARRY POTTER BOOK (CNET, 20 July 2005) -- The sixth book in the Harry Potter series, the fastest-selling book of all time, has become among the quickest to fall prey to Internet piracy, with illicit copies available online within hours of its release. Tech-savvy fans of the boy wizard teamed up to scan the entire 607 page book into digital form, with unauthorized e-book copies appearing online less than 12 hours after "Harry Potter and the Half-Blood Prince" went on sale on Saturday. Copies of the audio version of the book were also widespread on file-trading networks such as BitTorrent. http://news.com.com/2100-1030_3-5796511.html
COST OF US CYBER ATTACKS PLUMMETS (The Register, 18 July 2005) -- The cost of individual cyber attacks fell dramatically in the US last year but unauthorised access and the theft of proprietary information remain top security concerns. The 10th annual Computer Crime and Security Survey, put together by the Computer Security Institute (CSI) in conjunction with information security experts at the FBI, shows financial losses resulting from security breaches down for the fourth successive year. The cost of breaches averaged $204,000 per respondent - down 61 per cent from last year's average loss of $526,000. Virus attacks continue as the source of the greatest financial pain, making up 32 per cent of the overall losses reported. But unauthorized access showed a dramatic increase and replaced denial of service as the second most significant contributor to cybercrime losses. Unauthorised access was fingered for a quarter (24 per cent) of losses reported in the CSI/FBI Computer Crime and Security Survey 2005. Meanwhile losses from theft of proprietary information doubled last year, based on the survey of 700 computer security practitioners in various US corporations, universities and government agencies. The study found fears about negative publicity are preventing organisation from reporting cybercrime incidents to the police, a perennial problem the CSI/FBI study reckons is only getting worse. Assuming that this isn't true of what respondents also told CSI's researchers (academics from the University of Maryland), the study presents a picture of reducing cyber crime losses that contrasts sharply with vendor-sponsored studies. [Survey at http://www.gocsi.com/forms/fbi/csi_fbi_survey.jhtml] http://www.theregister.com/2005/07/18/csi_fbi_security_survey/
HAGUE CHOICE OF COURT CONVENTION FINALLY ADOPTED (Steptoe & Johnson’s E-Commerce Law Week, 16 July 2005) -- The long-awaited – and often-doubted – conclusion of negotiations for a multilateral treaty to improve the enforceability of civil judgments has finally arrived after 13 years of negotiations. The Hague Conference on Private International Law reached agreement on June 30 on the Convention on Choice of Courts Agreements ("Convention"). However, despite lobbying efforts by Internet service providers and other technology companies to place so-called clickwrap agreements and other non-negotiated agreements outside the scope of the Convention, the final draft of the 12-page document does not explicitly exclude such agreements. This raises concerns that many companies – including, for example, those that link to a website in a foreign jurisdiction – may unknowingly risk being hauled into a court halfway around the world. Of course, the Convention must still be ratified by any country to which it would apply, and the agreed text includes an option allowing countries to opt out of the Convention on specific matters if they have a “strong interest” in doing so. Therefore, the fight against having the Convention apply to non-negotiated agreements could spread to individual countries around the globe – raising the risk that the Convention may not actually avoid the world-wide jurisdictional muddle that it is designed to avoid. http://www.steptoe.com/index.cfm?fuseaction=ws.getItem&pubItemId=10121&siteId=547 [Convention at http://www.steptoe.com/publications/362b.pdf]
CALLING JACKIE CHILES (New York Times, 16 July 2005) -- Groklaw.net features an entry titled "The Stupidest Lawsuit Since the World Began," and it's hard to argue. A French transit company, Transports Schiocchet Excursions, is suing 10 cleaning women in the Moselle region because they carpool to work rather than use the company's buses. The plaintiffs' lawyers charge the women with "unfair and parasitical competition" and want their cars seized. http://www.nytimes.com/2005/07/16/technology/16online.ready.html?ex=1279166400&en=f3ce10695112b660&ei=5090&partner=rssuserland&emc=rss
IN CANADA: CACHE A PAGE, GO TO JAIL? (CNET, 19 July 2005) -- A bill before Canada's Parliament could make it illegal for search engines to cache Web pages, critics say, opening the door to unwarranted lawsuits and potentially hindering public access to information. The legislation in question, Bill C-60, is designed to amend Canada's Copyright Act by implementing parts of the 1996 World Intellectual Property Organization treaty, the treaty that led to the Digital Millennium Copyright Act in the U.S. Set for debate and an initial vote in the House of Commons after Parliament's summer break, C-60 addresses things such as file-sharing, anticopying devices and the liability of Internet service providers and would tighten the Copyright Act in ways favorable to record labels and movie studios. But according to Howard Knopf, a copyright attorney at the Ottawa firm of Macera & Jarzyna, a brief passage in the bill could mean trouble for search engines and other companies that archive or cache Web content. "The way it reads, arguably what they're saying is that the very act of making a reproduction by way of caching is illegal," Knopf said. Michael Geist, a law professor at the University of Ottawa, where he holds the Canada Research Chair in Internet and E-Commerce Law, agreed. http://news.com.com/2100-1028_3-5793659.html
HACKERS GET INTO USC DATABASE (CNET, 19 July 2005) -- A University of Southern California database containing about 270,000 records of past applicants was hacked last month, officials said on Tuesday. The breach of the university's online application database exposed "dozens" of records, which included names and Social Security numbers, to unauthorized individuals, said Katharine Harrington, USC dean of admissions and financial aid. Harrington could not be more specific about the number of people whose personal data may have been viewed by the hacker or hackers, nor about what the motivation had been for the computer break-in. "There was not a sufficiently precise tracking capability," Harrington said, but added that the hackers had not been able to access multiple records at once. Records were also only able to be viewed at random, she said. USC learned of the breach June 20 when it was tipped off by a journalist. http://news.com.com/2100-7349_3-5795373.html
UNIVERSITY R&D SPENDING IS UP (Inside Higher Ed, 21 July 2005) -- Colleges and universities spent $40.1 billion on research and development in the 2003 fiscal year, up 10.2 percent from the previous year and 100 percent from 1993. The data were released by the National Science Foundation, which regularly studies research spending in higher education. A majority of the research funds came from Washington. Federal research and development spending in 2003 was $24.7 billion, up 13 percent from the previous year. Other significant sources of research support include state and local governments, businesses and institutional funds. Industry support for R&D in higher education fell by 1 percent in 2003, to $2.16 billion. Other categories all reported increases. Nearly three-fourths of total research spending is for basic research, but applied research outpaced basic research slightly in the rate of increase, 11 percent to 10 percent. Within the sciences and engineering, the top area of support, by far, is the medical sciences. http://insidehighered.com/news/2005/07/21/nsf
LEGALLY DOWNLOADED MUSIC TRIPLES IN 2005 (AP, 21 July 2005) -- The number of digital music tracks legally downloaded from the Internet almost tripled in the first half of 2005 as the use of high-speed broadband connections surged around the world, the international recording industry said Thursday. The International Federation of Phonographic Industries said that 180 million single tracks were downloaded legally in the first six months of the year, compared to 57 million tracks in the first half of 2004 and 157 million for the whole of last year. The federation credited the increase to a 13 percent rise in the number of broadband lines installed around the world, along with an industry campaign to both prosecute and educate against illegal downloading. It said there was just a 3 percent increase in illegal file-sharing to 900 million in July, from 870 million at the start of the year. "We are now seeing real evidence that people are increasingly put off by illegal file-sharing and turning to legal ways of enjoying music online," said John Kennedy, the IFPI's chairman. "Whether it's the fear of getting caught breaking the law, or the realization that many networks could damage your home PC, attitudes are changing, and that is good news for the whole music industry." The IFPI, which has filed hundreds of lawsuits worldwide accusing people of putting copyright songs onto Internet file-sharing networks and offering them to millions without permission, said that the legitimate market is responding to the increased demand. http://news.yahoo.com/news?tmpl=story&cid=528&e=3&u=/ap/20050722/ap_on_hi_te/britain_music_piracy
-- and --
ONLINE FILE SHARERS 'BUY MORE MUSIC' (The Guardian, 27 July 2005) -- Computer-literate music fans who illegally share tracks over the internet also spend four and a half times as much on digital music as those who do not, according to research published today. The survey confirms what many music fans have informally insisted for some time: that downloading tracks illegally has also led them to become more enthusiastic buyers of singles and albums online. Unlikely to be music to the ears of record companies, who have previously argued the opposite, the results will raise a question mark over the companies' recent drive to pursue individual file sharers through the courts. http://www.guardian.co.uk/online/news/0,12597,1536888,00.html and http://news.bbc.co.uk/2/hi/technology/4718249.stm
POLICE: ORKUT USED AS BRAZILIAN DRUG NETWORK (CNET, 21 July 2005) -- Brazilian police arrested 10 people on Thursday accused of selling drugs using Google's international social networking site Orkut, which is hugely popular in the Latin American country. "We discovered the drug ring first via authorized phone tapping, and later the investigation included monitoring of their activities on the Internet," said a duty officer at the Drugs Enforcement Service in the city of Niteroi, just across the bay from Rio de Janeiro. Orkut allows members to join and set up online communities to discuss everything from doughnuts to quantum physics and schedule events such as community meetings. Narcotics are also discussed, with some groups advocating their legalization. However, most popular Portuguese-language communities touching on the issue are anti-drug groups. Several million Brazilians have become devotees of Orkut since Web search leader Google launched the popular social-networking site in January 2004. They make up more than half of Orkut's 7 million plus members. http://news.com.com/2100-1030_3-5798781.html
CONGRESS: TSA BROKE PRIVACY LAWS (Wired, 22 July 2005) -- The Transportation Security Administration violated privacy protections by secretly collecting personal information on at least 250,000 people, congressional investigators said Friday. The Government Accountability Office sent a letter to Congress saying the collection violated the Privacy Act, which prohibits the government from compiling information on people without their knowledge. The information was collected as the agency tested a program, now called Secure Flight, to conduct computerized checks of airline passengers against terrorist watch lists. TSA had promised it would only use the limited information about passengers that it had obtained from airlines. Instead, the agency and its contractors compiled files on people using data from commercial brokers and then compared those files with the lists. The GAO reported that about 100 million records were collected. The 1974 Privacy Act requires the government to notify the public when it collects information about people. It must say who it's gathering information about, what kinds of information, why it's being collected and how the information is stored. And to protect people from having misinformation about them in their files, the government must also disclose how they can access and correct the data it has collected. Before it began testing Secure Flight, the TSA published notices in September and November saying that it would collect from airlines information about people who flew commercially in June 2004. Instead, the agency actually took 43,000 names of passengers and used about 200,000 variations of those names -- who turned out to be real people who may not have flown that month, the GAO said. A TSA contractor collected 100 million records on those names. Justin Oberman, the TSA official in charge of Secure Flight, said that was a highly instructive test. "When you cannot distinguish one John Smith from another, you're going to get records from John Smiths who aren't boarding flights on an order of magnitude we can't handle," Oberman said. He said the testing is designed to find out what kind of data airlines will need to get -- such as passengers' birthdates --so they can turn it over to the government to check against watch lists. http://www.wired.com/news/privacy/0,1848,68292,00.html
-- and --
BEHIND-THE-SCENES BATTLE ON TRACKING DATA MINING (New York Times, 24 July 2005) -- Bush administration officials are opposing an effort in Congress under the antiterrorism law known as the USA Patriot Act to force the government to disclose its use of data-mining techniques in tracking suspects in terrorism cases. As part of the vote in the House this week to extend major parts of the antiterrorism law permanently, lawmakers agreed to include a little-noticed provision that would require the Justice Department to report to Congress annually on government-wide efforts to develop and use data-mining technology to track intelligence patterns. But a set of talking points distributed among Republican lawmakers as the measure was being debated warned that the Justice Department was opposed to the amendment because it would add to the list of "countless reports" already required by Congress and would take time away from more critical law enforcement activities. The government's use of vast public and private databases to mine for leads has produced several damaging episodes for the Bush administration, most notably in connection with the Total Information Awareness system developed by the Pentagon for tracking terror suspects and the Capps program of the Department of Homeland Security for screening airline passengers. Both programs were ultimately scrapped after public outcries over possible threats to privacy and civil liberties, and some Republicans and Democrats in Congress say they want to keep closer tabs on such computer operations to guard against abuse. "We have wasted millions and millions of dollars on implementing database-mining activities which, when they became public, produced such an outrage they were canceled," Representative Howard L. Berman, a California Democrat who sponsored the amendment requiring a report to Congress, said this week during the House debate. "We do not want to tie the hands of our security agencies in gathering this information," Mr. Berman said. "We simply want to provide a logical mechanism to gather the information so that the American people can feel more comfortable that what is being done is protected." http://www.nytimes.com/2005/07/24/politics/24patriot.html?ex=1279857600&en=fcec9a4f677a46db&ei=5090&partner=rssuserland&emc=rss
NEW YORK JUDGES REFUSE TO SAY INTERNET OBSCENITY LAW IS UNCONSTITUTIONAL (Newsday, 25 July 2005) -- A special three-judge federal panel on Monday refused to find unconstitutional a law making it a crime to send obscenity over the Internet to children. The Communications Decency Act of 1996 had been challenged by Barbara Nitke, a photographer who specializes in pictures of sadomasochistic sexual behavior, and by the National Coalition for Sexual Freedom, a Baltimore-based advocacy organization. They contended in a December 2001 lawsuit brought in U.S. District Court in Manhattan that the law was so broad and vague in its scope that it violated the First Amendment, making it impossible for them to publish to the Internet because they cannot control the forum. A judge from the 2nd Circuit Court of Appeals and two district judges heard the facts of the case and issued a written decision saying the plaintiffs had provided insufficient evidence to prove the law was unconstitutional. The panel noted that evidence was offered to indicate there are at least 1.4 million Web sites that mention bondage, discipline and sadomasochism but that evidence was insufficient to decide how many sites might be considered obscene. The judges said the evidence also was insufficient for them to determine how much the standards for obscenity differ in communities across the United States. The court said it was necessary to know how much the standards vary to decide if those creating Web sites would be graded for obscenity unfairly when compared with those who market traditional pornography and can control how they distribute the material. http://www.newsday.com/news/local/wire/newyork/ny-bc-ny--sexsites-obscenit0725jul25,0,6680266.story
WIRELESS NETWORK HIJACKER FOUND GUILTY (Silicon.com, 22 July 2005) – A UK man has been fined £500 and sentenced to 12 months' conditional discharge for hijacking a wireless broadband connection. On Wednesday, a jury at Isleworth court in London found Gregory Straszkiewicz, 24, guilty of dishonestly obtaining an electronic communications service and possessing equipment for fraudulent use of a communications service. Straszkiewicz was prosecuted under sections 125 and 126 of the Communications Act 2003. Police sources said Straszkiewicz was caught standing outside a building in a residential area holding a wireless-enabled laptop. The Crown Prosecution Service confirmed that Straszkiewicz was 'piggybacking' the wireless network that householders were using. He was reported to have attempted this several times before police arrested him. [See similar story from the U.S. in MIRLN 8.08 at http://mirln.blogspot.com/]
http://management.silicon.com/government/0,39024677,39150672,00.htm
UK POLICE WANT NEW COMPUTER POWERS (Techworld, 26 July 2005) -- The UK Association of Chief Police Officers (ACPO) has called for new powers to allow police to tackle rogue websites, and make withholding encryption keys a criminal offence. The new proposals are buried inside a long and sometimes controversial list of powers the influential body would like the government to consider enacting through legislation in the light of the special demands posed by terrorist investigations. Most of these relate to conventional police powers, but one section of the official release suggests amending part 3 of the Regulation of Investigatory Powers Act (RIPA) with a specific offence of withholding a software encryption key. This is the first time encryption keys have been singled out by UK police in this way, though the problems associated with their use by criminals to secure documents has long been a subject of debate. http://www.techworld.com/security/news/index.cfm?NewsID=4106
ADVISING CLIENTS IN A POST-GROKSTER WORLD (BNA’s Internet Law News, 27 July 2005) - Fred Von Lohmann highlights the challenges facing lawyers as they seek to advise technology clients in the post-Grokster world. Von Lohmann argues that the court's concurring opinions leave innovators and lower courts with precious little guidance on issues such as contributory and vicarious copyright liability. http://www.law.com/jsp/article.jsp?id=1122023112436
-- and --
NEW FILE-SHARING TECHNIQUES ARE LIKELY TO TEST COURT DECISION (New York Times, 1 August 2005) – Briefly buoyed by their Supreme Court victory on file sharing, Hollywood and the recording industry are on the verge of confronting more technically sophisticated opponents. At a computer security conference in Las Vegas on Thursday, an Irish software designer described a new version of a peer-to-peer file-sharing system that he says will make it easier to share digital information anonymously and make detection by corporations and governments far more difficult. Others have described similar efforts to build a so-called darknet that aims to shield the identities of those sharing information. The issue is complicated by the fact that the small group of technologists designing the new systems say their goal is to create tools to circumvent censorship and political repression - not to abet copyright violation. The Irish programmer, Ian Clarke, is a 28-year-old free-speech advocate who five years ago introduced a software system called Freenet that was intended to make it impossible for governments and corporations to restrict the flow of any kind of digital information. The system initially used a secure approach to routing between users and employed encryption to protect the information from eavesdroppers who were not part of the network. Unlike today's open peer-to-peer networks, the new systems like Mr. Clarke's use software code to connect individuals who trust one another. He said he would begin distributing the new version of his program within a few months, making it possible for groups of users to establish secured networks - available only to them and those they choose to include - through which any kind of digital information can be exchanged. Though he says his aim is political - helping dissidents in countries where computer traffic is monitored by the government, for example - Mr. Clarke is open about his disdain for copyright laws, asserting that his technology would produce a world in which all information is freely shared. In June, Ross Anderson, a prominent computer-security researcher who was a pioneer in developing early peer-to-peer networks, published a technical paper detailing how it was possible to resist industry attempts to disable such networks. He also published a second paper trying to anticipate the market reaction to curbs on file sharing like the Grokster ruling. The paper, "The Economics of Censorship Resistance," predicts the emergence of closed networks like the new Freenet, as well as "fan clubs" focused on specific digital content, which would be more difficult for the industry to combat. Legal skirmishes over anonymous peer-to-peer networks have already taken place in both Europe and Asia. In Japan last year, Isamu Kaneko, the developer of a file-sharing program called WinNY, was arrested after two users of the program were charged with sharing copyrighted material through the system. The Kaneko case is pending. On a separate front, the recording industry has sued users of Blubster, a peer-to-peer network designed by Pablo Soto, a Spanish programmer, who built privacy features into his system. http://www.nytimes.com/2005/08/01/technology/01file.html?ex=1280548800&en=2ab1bf4745b327bc&ei=5090&partner=rssuserland&emc=rss
CISCO HITS BACK AT FLAW RESEARCHER (CNET, 27 July 2005) -- Cisco Systems has taken legal action to keep a researcher from further discussing a hack into its router software. The networking giant and Internet Security Systems jointly filed a request Wednesday for a temporary restraining order against Michael Lynn and the organizers of the Black Hat security conference. The motion came after Lynn showed in a presentation how attackers could take over Cisco routers--a problem that he said could bring the Internet to its knees. The filing in U.S. District Court for the Northern District of California asks the court to prevent Lynn and Black Hat from "further disclosing proprietary information belonging to Cisco and ISS," said John Noh, a Cisco spokesman. "It is our belief that the information that Lynn presented at Black Hat this morning is information that was illegally obtained and violated our intellectual property rights," Noh added. Lynn decompiled Cisco's software for his research and by doing so violated the company's rights, Noh said. http://news.com.com/2100-1002_3-5807551.html
-- and --
RESEARCHER, CISCO REACH AGREEMENT (SiliconValley.com, 29 July 2005) -- Cisco Systems reached an agreement Thursday with a defiant computer security researcher who said he would stop revealing the details of a serious flaw in Cisco's software that directs traffic around much of the Internet. Only a day before, Michael Lynn quit his job with an Internet security company in Atlanta to deliver a speech at the Black Hat conference in Las Vegas that revealed details of the Cisco flaw. Cisco sought a court injunction Thursday to silence Lynn and even hired temporary workers to rip information about the software flaw from handouts given to conference-goers. The dispute highlights a hot debate over when and how to disclose vulnerabilities uncovered by security researchers to the software and equipment used to run the world's computer systems. Lynn, who Wednesday resigned from Internet Security Systems, said he had to defy Cisco and his employer to get out information on vital security threats to equipment that helps run the Internet. http://www.siliconvalley.com/mld/siliconvalley/12255870.htm
-- but--
WHISTLE-BLOWER FACES FBI PROBE (Wired, 29 July 2005) -- The FBI is investigating a computer security researcher for criminal conduct after he revealed that critical routers supporting the internet and many networks have a serious software flaw that could allow someone to crash or take control of them. Mike Lynn, a former researcher at Internet Security Systems, or ISS, said he was tipped off late Thursday night that the FBI was investigating him for violating trade secrets belonging to his former employer. Lynn resigned from ISS Wednesday morning after his company and Cisco threatened to sue him if he spoke at the Black Hat security conference in Las Vegas about a serious vulnerability he found while reverse-engineering the operating system in Cisco routers. He said he conducted the reverse-engineering at the request of his company, which was concerned that Cisco wasn't being forthright about a recent fix it had made to its operating system. Lynn spoke anyway, discussing the flaw in Cisco IOS, the operating system that runs on Cisco routers, which are responsible for transferring data over much of the internet and private networks. Although Lynn demonstrated for the audience what hackers could do to a router if they exploited the flaw, he did not reveal technical details that would allow anyone to exploit the bug without doing the same research he did to discover it. Both companies knew in advance about Lynn's plan to talk and originally supported it. But at the last minute, the companies tried to halt the presentation or force Lynn to allow Cisco representatives to speak as well. http://www.wired.com/news/privacy/0,1848,68356,00.html
-- and --
HACKERS RACE TO EXPOSE CISCO ROUTER FLAW (CNET, 31 July 2005) -- Computer hackers worked through the weekend to expose a flaw that could allow an attacker to take control of the Cisco Systems routers that direct traffic across much of the Internet. Angered and inspired by Cisco's attempts to suppress news of the flaw earlier in the week, several computer security experts at the Defcon computer-security conference worked past midnight Saturday to discover and map out the vulnerability. Cisco's routers direct traffic across at least 60 percent of the Internet and the security hole has dominated a pair of conferences that draw thousands of security researchers, U.S. government employees and teenage troublemakers to Las Vegas each summer. The hackers said they had no intention of hijacking e-commerce payments, reading private e-mail, or launching any of the other malicious attacks that could be possible by exploiting the flaw. Rather, they said they wanted to illustrate the need for Cisco customers to update their software to defend against such possibilities. Many Cisco customers have postponed the difficult process because it could require them to unplug entirely from the Internet. http://news.com.com/2100-1002_3-5812611.html
STATE ANTI-SPAM LAW IS NOT PREEMPTED BY CAN-SPAM ACT (BNA’s Internet Law News, 28 July 2005) -- BNA's Electronic Commerce & Law Report reports that a federal court in Washington has ruled that a state anti-spam law creating a civil cause of action against those who send commercial e-mails containing false header information and/or misleading subject lines is not preempted by the federal CAN-SPAM Act. Although the CAN-SPAM Act generally preempts state regulation of commercial e-mail, the court acknowledges, the law expressly permits state regulation of false or misleading commercial e-mail practices. Case name is Gordon v. Impulse Marketing Group Inc. Article at http://pubs.bna.com/ip/BNA/eip.nsf/is/a0b1d7n7y4
READING BETWEEN THE LINES OF USED BOOK SALES (New York Times, 28 July 2005) -- THE Internet is a bargain hunter's paradise. Ebay is an easy example, but there are many places for deals on used goods, including Amazon.com. While Amazon is best known for selling new products, an estimated 23 percent of its sales are from used goods, many of them secondhand books. Used bookstores have been around for centuries, but the Internet has allowed such markets to become larger and more efficient. And that has upset a number of publishers and authors. In 2002, the Authors Guild and the Association of American Publishers sent an open letter to Jeff Bezos, the chief executive of Amazon.com, which has a market for used books in addition to selling new copies. "If your aggressive promotion of used book sales becomes popular among Amazon's customers," the letter said, "this service will cut significantly into sales of new titles, directly harming authors and publishers." But does it? True, consumers probably save a few dollars while authors and publishers may lose some sales from a used book market. Yet the evidence suggests that the costs to publishers are not large, and also suggests that the overall gains from such secondhand markets outweigh any losses. Consider a recent paper, "Internet Exchanges for Used Books," by Anindya Ghose of New York University and Michael D. Smith and Rahul Telang of Carnegie-Mellon. (The text of the paper is available at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=584401.) The starting point for their analysis is the double-edged impact of a used book market on the market for new books. When used books are substituted for new ones, the seller faces competition from the secondhand market, reducing the price it can set for new books. But there's another effect: the presence of a market for used books makes consumers more willing to buy new books, because they can easily dispose of them later. http://www.nytimes.com/2005/07/28/technology/28scene.html?ex=1280203200&en=33765024cbf62d4c&ei=5090&partner=rssuserland&emc=rss
REALLY OPEN SOURCE (Inside Higher Ed, 29 July 2005) -- Few projects in academe have attracted the attention and praise in recent years of OpenCourseWare, a program in which the Massachusetts Institute of Technology is making all of its course materials available online — free — for anyone to use. In the four years since MIT launched the effort, use of the courseware has skyrocketed, and several other universities have created similar programs, assembling material from their own courses. With less fanfare than MIT, Rice University has also been promoting a model for free, shared information that could be used by faculty members and students anywhere in the world. But the Rice program — Connexions — is different in key respects. It is assembling material from professors (and high school teachers) from anywhere, it is offering free software tools in addition to course materials, and it is trying to reshape the way academe uses both peer review and publishing. The project also has hopes of becoming a major curricular tool at community colleges. http://www.insidehighered.com/news/2005/07/29/open
BUSH SIGNS LAW THAT CREATES MEDICAL ERROR DATABASES (Government Health IT, 29 July 2005) -- The Patient Safety and Quality Improvement Act of 2005 that President Bush signed today will require the establishment of a network of databases to hold data on medical errors that patient safety organizations and health care providers voluntarily report. Sen. Jim Jeffords (I-Vt.) first introduced a patient safety bill in 2000. He said the syringing of the bill today “will go a long way in reducing patient deaths and injuries that result from preventable errors.” The bill ensures legal protection by calling for the voluntary reporting of medical errors, keeping patient and provider information anonymous. The bill requires the Department of Health and Human Services to set up and maintain an interactive, evidence-based management resource that can analyze the reports. Don Woodlock, general manager of inpatient clinical at GE Healthcare Information Technologies, said the removal of provider information could help spur reporting of medical errors. Before passage of the bill, which guarantees anonymity, providers were reluctant to report errors due to fear of litigation. Dr. J. Edward Hill, president of the American Medical Association, said the patient safety law “is the catalyst we need to transform the current culture of blame and punishment into one of open communication and prevention.” http://govhealthit.com/article89736-07-29-05-Web
ROBOTS TAKE SCIENTISTS INTO SEA DEPTHS (Seattle P-I, 29 July 2005) -- Think of it as the Mars Rover but at the bottom of the ocean, remotely exploring our own planet's most alien landscape for scientists back at mission control. "This is how the science is going to be done," said Deborah Kelley, a University of Washington oceanographer. In 2000, Kelley led an expedition using a manned submersible to explore the deep Atlantic Ocean. Her team stumbled upon something never seen before. The researchers discovered a startlingly massive collection of limestone towers located miles away from the tectonic "spreading" cracks in the seafloor that typically produce such structures. Some of these hydrothermal vent towers were hundreds of feet high, prompting the scientists to call the unprecedented find the "Lost City" after the myth of Atlantis. Yesterday, Kelley and her colleagues were in Seattle and also "virtually" back at the Lost City to demonstrate how robotics and information technology can transform deep-ocean exploration. What once required dangerous and time-limited manned exploits can now be done by remote control on a ship deck or in an office thousands of miles away. In a darkened room on the UW campus, the makeshift, temporary command center featured Kelley and her colleagues surrounded by video screens depicting Ballard along with the remote-controlled submersible Hercules poised alongside one of the stark, shimmering white towers of the Lost City. http://seattlepi.nwsource.com/local/234479_lostcity29.html
WILL THE ADWARE INDUSTRY BEAT SPITZER? (CNET, 2 August 2005; article by Prof. Eric Goldman) -- New York Attorney General Elliott Spitzer's recent enforcement action against adware vendor Intermix Media has opened up a new front in the battle against this type of software. Though Intermix claims to have settled the matter for $7.5 million, any disposition leaves open a number of issues regarding Spitzer's ultimate plan for a possible sweep against the entire adware industry. In particular, Spitzer has repeatedly threatened advertisers who run ads with adware vendors. These threats have created a conundrum for advertisers. On one hand, adware offers advertisers a cost-effective way to reach consumers who derive value from the advertisements. On the other hand, no advertiser wants to get on Spitzer's hit list. Thus, if Spitzer's threat is real, many advertisers will simply forgo adware advertising. But amid the commotion, a critical, substantive question remains ignored: What legal doctrine holds advertisers liable for advertising via adware? We have yet to hear a coherent theory from Spitzer--or anyone else--explaining how this liability arises. In fact, advertiser liability for adware vendors' actions would represent a novel and unprecedented application of current law. In other words, to hold advertisers liable, Spitzer will need to create new law. Advertiser liability for adware vendors' actions would represent a novel and unprecedented application of current law. We can better understand the radical nature of these assertions through some analogies to other advertising contexts. Imagine The New York Times runs a libelous story or illegally obtains consumer subscriptions through deceptive trade practices. Or imagine a Yellow Pages vendor illegally trespasses by throwing copies of its book onto homeowners' land. Are advertisers liable in these circumstances? Generally, the answer is emphatically no. Advertisers have no more responsibility for the media partner's actions than any other customer or vendor. Indeed, such expansive liability might generate First Amendment concerns. http://news.com.com/2010-1071_3-5808481.html
CALLING ALL LUDDITES (New York Times, 3 August 2005; op-ed piece by Tom Friedman) -- I've been thinking of running for high office on a one-issue platform: I promise, if elected, that within four years America will have cellphone service as good as Ghana's. If re-elected, I promise that in eight years America will have cellphone service as good as Japan's, provided Japan agrees not to forge ahead on wireless technology. My campaign bumper sticker: "Can You Hear Me Now?" I began thinking about this after watching the Japanese use cellphones and laptops to get on the Internet from speeding bullet trains and subways deep underground. But the last straw was when I couldn't get cellphone service while visiting I.B.M.'s headquarters in Armonk, N.Y. But don't worry - Congress is on the case. It dropped everything last week to pass a bill to protect gun makers from shooting victims' lawsuits. The fact that the U.S. has fallen to 16th in the world in broadband connectivity aroused no interest. Look, I don't even like cellphones, but this is not about gadgets. The world is moving to an Internet-based platform for commerce, education, innovation and entertainment. Wealth and productivity will go to those countries or companies that get more of their innovators, educators, students, workers and suppliers connected to this platform via computers, phones and P.D.A.'s. [Article continues, and discusses the virtues of municipalities providing free WiFi.] http://www.nytimes.com/2005/08/03/opinion/03friedman.html?ex=1280721600&en=18d4a862134f2aae&ei=5090&partner=rssuserland&emc=rss
FCC PUTS DSL ON SAME FOOTING AS CABLE SERVICE (CNET, 5 August 2005) -- The Federal Communications Commission on Friday did away with old rules that require phone companies to share their infrastructure with Internet service providers. The new framework puts DSL service in line with cable modem services. Recently, the U.S. Supreme Court upheld the FCC's interpretation of cable modem service as an "information" service, which means it isn't required to share its infrastructure with competitors. The new rules could hurt ISPs such as EarthLink, which will be forced to negotiate wholesale deals with existing DSL providers. But DSL providers won't get off scott free. DSL providers will still be required to comply with wire tapping rules and disability requirements. And DSL providers will still contribute to the Universal Service Fund, at least for the next 270 days until the FCC can figure out another way to keep USF funded. http://news.com.com/2061-10785_3-5820294.html?part=rss&tag=5820294&subj=news
‘GUNS, GERMS, AND STEEL’ RECONSIDERED (Inside Higher Ed, 3 August 2005) -- Guns, Germs, and Steel: The Fates of Human Societies has had the kind of impact that most scholarly authors can only dream about for their works. First published by W.W. Norton in 1997, the book won a Pulitzer Prize the next year for its author, Jared Diamond, a professor of geography at the University of California at Los Angeles. Almost immediately, the book sold much better than most serious works (more than 1 million copies) and started to turn up on college reading lists — in courses on world history, anthropology, sociology and other fields. By 1999, the book was one of 12 recommended to freshmen at the University of California at Berkeley (along with some works that had been around a while longer, like Genesis and Exodus from the Bible). In 2001, Cornell University had all of its freshmen read the book. This summer, PBS broadcast a series based on the book, with Diamond explaining many of his ideas. And in the last week, a relatively new blog in anthropology — Savage Minds — has set off a huge debate over the book. Two of the eight people who lead Savage Minds posted their objections to the book, and things have taken off from there, with several prominent blogs in the social sciences picking up the debate, and adding to it. Hundreds of scholars are posting and cross-posting in an unusually intense and broad debate for a book that has been out for eight years. http://insidehighered.com/news/2005/08/03/ggs
NET POSTS DIRECTED TO FORUM RESIDENTS SUPPORT JURISDICTION (BNA’s Internet Law News, 4 August 2005) -- BNA's Electronic Commerce & Law Report reports that a federal court in Massachusetts has ruled that postings on a Yahoo! message board, though readable by those outside the forum, are nonetheless a "contact" with the forum in instances in which the posts are directed to the forum's residents. The court reasoned that the postings, which it said showed the defendant "engaged in direct dialogue" with forum residents, are analogous to e-mail sent to state residents. Case name is Abiomed v. Turnbull. Decision at http://pacer.mad.uscourts.gov/dc/opinions/gorton/pdf/abiomed.pdf
BOSTON AIRPORT BATTLES WITH FREE WI-FI (CNET, 4 August 2005) -- A free Wi-Fi service that competes with Logan Airport's paid-for service poses an 'unacceptable potential risk' to security forces gear, according to airport authorities. Boston's Logan International Airport is attempting to pull the plug on Continental Airlines' free Wi-Fi node, which competes with the airport's $7.95 (£4.48) per day pay service. In an escalating series of threatening letters sent over the last few weeks, airport officials have pledged to "take all necessary steps to have the [Wi-Fi] antenna removed" from Continental's frequent flyer lounge. Continental's free service poses an "unacceptable potential risk" to communications gear used by the state police and the Transportation Security Administration, the letters claim. For its part, Continental says that a 1996 law prevents local officials from meddling with wireless service and has asked the Federal Communications Commission to intervene. Its letter to the FCC argues that the agency has "exclusive jurisdiction" over Wi-Fi and should keep local authorities at bay. "We believe that offering free Wi-Fi at Boston's Logan airport is consistent with the FCC's regulations and its prior rulings on similar issues and that it is permissible under the terms of our lease," Continental spokeswoman Julie King said Wednesday. The airline provides free wireless access at all of its Presidents Club lounges worldwide. http://uk.news.yahoo.com/050804/152/fous1.html
**** RESOURCES ****
SOURCES:
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu.
2. Edupage, http://www.educause.edu/pub/edupage/edupage.html.
3. SANS Newsbites, sans@sans.org.
4. NewsScan and Innovation, http://www.newsscan.com.
5. Internet Law & Policy Forum, http://www.ilpf.org.
6. BNA’s Internet Law News, http://ecommercecenter.bna.com.
7. The Ifra Trend Report, http://www.ifra.com/website/ifra.nsf/html/ITR-HTML.
8. Crypto-Gram, http://www.schneier.com/crypto-gram.html.
9. David Evan’s “Internet and Computer News”, http://www.abanet.org/scripts/listcommands.jsp?parm=subscribe/at-internet
10. Readers’ submissions, and the editor’s discoveries.
PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.
MIRLN (Misc. IT Related Legal News) is a free product of the American Bar Association’s Cyberspace Law Committee. Please feel free to distribute this message.
Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at http://www.buslaw.org/cgi-bin/controlpanel.cgi?committee=CL320000 (click on “Settings” beside Members-Only Listserve Discussion). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.
Recent MIRLN editions are archived at www.vip-law.com and in the public materials section of the Cyberspace Committee’s collaboration space at http://lawplace.metadot.com.
**************End of Introductory Note***************
HARRY POTTER AND THE RIGHT TO READ (Toronto Star, 18 July 2005) -- Along with millions worldwide who scooped up the latest Harry Potter tome over the weekend, the 41 schools that make up Manitoba’s Frontier School Division no doubt purchased several copies for their students. The link that connects Harry Potter and the school division that serves northern Manitoba extends beyond a mutual interest in children’s books. Both were at the centre of situations last week that illustrate how good news culture and heritage stories can easily be transformed when copyright law goes awry. The Harry Potter incident is widely known since it generated global attention. A grocery store in Coquitlam, British Columbia inadvertently sold 14 copies of the new Harry Potter book prior to its official sale date of July 16, 2005. Reports indicate that Raincoast Books, the Canadian publisher, mistakenly failed to include a notice on the shipping box that the books were not to be sold in advance. When Raincoast was informed of the sales, it joined with author J.K. Rowling and Bloomsbury Publishing, the British publisher, to seek a court order from the British Columbia Supreme Court to keep the book and its contents under wraps. Had Raincoast limited the requested order to stopping Canadian booksellers from selling the book, the issue would have attracted little attention. Rather than adopting that approach, however, Raincoast also directly targeted the 14 purchasers who had lawfully purchased copies of the book. The order compelled anyone with a copy of the book to return it to the publisher along with any notes and other descriptions of its contents. Moreover, it prohibited Canadians from reading or discussing any aspect of the book. [Read on.] http://www.michaelgeist.ca/index.php?option=content&task=view&id=896
-- and --
ONLINE PIRATES POUNCE ON NEW HARRY POTTER BOOK (CNET, 20 July 2005) -- The sixth book in the Harry Potter series, the fastest-selling book of all time, has become among the quickest to fall prey to Internet piracy, with illicit copies available online within hours of its release. Tech-savvy fans of the boy wizard teamed up to scan the entire 607 page book into digital form, with unauthorized e-book copies appearing online less than 12 hours after "Harry Potter and the Half-Blood Prince" went on sale on Saturday. Copies of the audio version of the book were also widespread on file-trading networks such as BitTorrent. http://news.com.com/2100-1030_3-5796511.html
COST OF US CYBER ATTACKS PLUMMETS (The Register, 18 July 2005) -- The cost of individual cyber attacks fell dramatically in the US last year but unauthorised access and the theft of proprietary information remain top security concerns. The 10th annual Computer Crime and Security Survey, put together by the Computer Security Institute (CSI) in conjunction with information security experts at the FBI, shows financial losses resulting from security breaches down for the fourth successive year. The cost of breaches averaged $204,000 per respondent - down 61 per cent from last year's average loss of $526,000. Virus attacks continue as the source of the greatest financial pain, making up 32 per cent of the overall losses reported. But unauthorized access showed a dramatic increase and replaced denial of service as the second most significant contributor to cybercrime losses. Unauthorised access was fingered for a quarter (24 per cent) of losses reported in the CSI/FBI Computer Crime and Security Survey 2005. Meanwhile losses from theft of proprietary information doubled last year, based on the survey of 700 computer security practitioners in various US corporations, universities and government agencies. The study found fears about negative publicity are preventing organisation from reporting cybercrime incidents to the police, a perennial problem the CSI/FBI study reckons is only getting worse. Assuming that this isn't true of what respondents also told CSI's researchers (academics from the University of Maryland), the study presents a picture of reducing cyber crime losses that contrasts sharply with vendor-sponsored studies. [Survey at http://www.gocsi.com/forms/fbi/csi_fbi_survey.jhtml] http://www.theregister.com/2005/07/18/csi_fbi_security_survey/
HAGUE CHOICE OF COURT CONVENTION FINALLY ADOPTED (Steptoe & Johnson’s E-Commerce Law Week, 16 July 2005) -- The long-awaited – and often-doubted – conclusion of negotiations for a multilateral treaty to improve the enforceability of civil judgments has finally arrived after 13 years of negotiations. The Hague Conference on Private International Law reached agreement on June 30 on the Convention on Choice of Courts Agreements ("Convention"). However, despite lobbying efforts by Internet service providers and other technology companies to place so-called clickwrap agreements and other non-negotiated agreements outside the scope of the Convention, the final draft of the 12-page document does not explicitly exclude such agreements. This raises concerns that many companies – including, for example, those that link to a website in a foreign jurisdiction – may unknowingly risk being hauled into a court halfway around the world. Of course, the Convention must still be ratified by any country to which it would apply, and the agreed text includes an option allowing countries to opt out of the Convention on specific matters if they have a “strong interest” in doing so. Therefore, the fight against having the Convention apply to non-negotiated agreements could spread to individual countries around the globe – raising the risk that the Convention may not actually avoid the world-wide jurisdictional muddle that it is designed to avoid. http://www.steptoe.com/index.cfm?fuseaction=ws.getItem&pubItemId=10121&siteId=547 [Convention at http://www.steptoe.com/publications/362b.pdf]
CALLING JACKIE CHILES (New York Times, 16 July 2005) -- Groklaw.net features an entry titled "The Stupidest Lawsuit Since the World Began," and it's hard to argue. A French transit company, Transports Schiocchet Excursions, is suing 10 cleaning women in the Moselle region because they carpool to work rather than use the company's buses. The plaintiffs' lawyers charge the women with "unfair and parasitical competition" and want their cars seized. http://www.nytimes.com/2005/07/16/technology/16online.ready.html?ex=1279166400&en=f3ce10695112b660&ei=5090&partner=rssuserland&emc=rss
IN CANADA: CACHE A PAGE, GO TO JAIL? (CNET, 19 July 2005) -- A bill before Canada's Parliament could make it illegal for search engines to cache Web pages, critics say, opening the door to unwarranted lawsuits and potentially hindering public access to information. The legislation in question, Bill C-60, is designed to amend Canada's Copyright Act by implementing parts of the 1996 World Intellectual Property Organization treaty, the treaty that led to the Digital Millennium Copyright Act in the U.S. Set for debate and an initial vote in the House of Commons after Parliament's summer break, C-60 addresses things such as file-sharing, anticopying devices and the liability of Internet service providers and would tighten the Copyright Act in ways favorable to record labels and movie studios. But according to Howard Knopf, a copyright attorney at the Ottawa firm of Macera & Jarzyna, a brief passage in the bill could mean trouble for search engines and other companies that archive or cache Web content. "The way it reads, arguably what they're saying is that the very act of making a reproduction by way of caching is illegal," Knopf said. Michael Geist, a law professor at the University of Ottawa, where he holds the Canada Research Chair in Internet and E-Commerce Law, agreed. http://news.com.com/2100-1028_3-5793659.html
HACKERS GET INTO USC DATABASE (CNET, 19 July 2005) -- A University of Southern California database containing about 270,000 records of past applicants was hacked last month, officials said on Tuesday. The breach of the university's online application database exposed "dozens" of records, which included names and Social Security numbers, to unauthorized individuals, said Katharine Harrington, USC dean of admissions and financial aid. Harrington could not be more specific about the number of people whose personal data may have been viewed by the hacker or hackers, nor about what the motivation had been for the computer break-in. "There was not a sufficiently precise tracking capability," Harrington said, but added that the hackers had not been able to access multiple records at once. Records were also only able to be viewed at random, she said. USC learned of the breach June 20 when it was tipped off by a journalist. http://news.com.com/2100-7349_3-5795373.html
UNIVERSITY R&D SPENDING IS UP (Inside Higher Ed, 21 July 2005) -- Colleges and universities spent $40.1 billion on research and development in the 2003 fiscal year, up 10.2 percent from the previous year and 100 percent from 1993. The data were released by the National Science Foundation, which regularly studies research spending in higher education. A majority of the research funds came from Washington. Federal research and development spending in 2003 was $24.7 billion, up 13 percent from the previous year. Other significant sources of research support include state and local governments, businesses and institutional funds. Industry support for R&D in higher education fell by 1 percent in 2003, to $2.16 billion. Other categories all reported increases. Nearly three-fourths of total research spending is for basic research, but applied research outpaced basic research slightly in the rate of increase, 11 percent to 10 percent. Within the sciences and engineering, the top area of support, by far, is the medical sciences. http://insidehighered.com/news/2005/07/21/nsf
LEGALLY DOWNLOADED MUSIC TRIPLES IN 2005 (AP, 21 July 2005) -- The number of digital music tracks legally downloaded from the Internet almost tripled in the first half of 2005 as the use of high-speed broadband connections surged around the world, the international recording industry said Thursday. The International Federation of Phonographic Industries said that 180 million single tracks were downloaded legally in the first six months of the year, compared to 57 million tracks in the first half of 2004 and 157 million for the whole of last year. The federation credited the increase to a 13 percent rise in the number of broadband lines installed around the world, along with an industry campaign to both prosecute and educate against illegal downloading. It said there was just a 3 percent increase in illegal file-sharing to 900 million in July, from 870 million at the start of the year. "We are now seeing real evidence that people are increasingly put off by illegal file-sharing and turning to legal ways of enjoying music online," said John Kennedy, the IFPI's chairman. "Whether it's the fear of getting caught breaking the law, or the realization that many networks could damage your home PC, attitudes are changing, and that is good news for the whole music industry." The IFPI, which has filed hundreds of lawsuits worldwide accusing people of putting copyright songs onto Internet file-sharing networks and offering them to millions without permission, said that the legitimate market is responding to the increased demand. http://news.yahoo.com/news?tmpl=story&cid=528&e=3&u=/ap/20050722/ap_on_hi_te/britain_music_piracy
-- and --
ONLINE FILE SHARERS 'BUY MORE MUSIC' (The Guardian, 27 July 2005) -- Computer-literate music fans who illegally share tracks over the internet also spend four and a half times as much on digital music as those who do not, according to research published today. The survey confirms what many music fans have informally insisted for some time: that downloading tracks illegally has also led them to become more enthusiastic buyers of singles and albums online. Unlikely to be music to the ears of record companies, who have previously argued the opposite, the results will raise a question mark over the companies' recent drive to pursue individual file sharers through the courts. http://www.guardian.co.uk/online/news/0,12597,1536888,00.html and http://news.bbc.co.uk/2/hi/technology/4718249.stm
POLICE: ORKUT USED AS BRAZILIAN DRUG NETWORK (CNET, 21 July 2005) -- Brazilian police arrested 10 people on Thursday accused of selling drugs using Google's international social networking site Orkut, which is hugely popular in the Latin American country. "We discovered the drug ring first via authorized phone tapping, and later the investigation included monitoring of their activities on the Internet," said a duty officer at the Drugs Enforcement Service in the city of Niteroi, just across the bay from Rio de Janeiro. Orkut allows members to join and set up online communities to discuss everything from doughnuts to quantum physics and schedule events such as community meetings. Narcotics are also discussed, with some groups advocating their legalization. However, most popular Portuguese-language communities touching on the issue are anti-drug groups. Several million Brazilians have become devotees of Orkut since Web search leader Google launched the popular social-networking site in January 2004. They make up more than half of Orkut's 7 million plus members. http://news.com.com/2100-1030_3-5798781.html
CONGRESS: TSA BROKE PRIVACY LAWS (Wired, 22 July 2005) -- The Transportation Security Administration violated privacy protections by secretly collecting personal information on at least 250,000 people, congressional investigators said Friday. The Government Accountability Office sent a letter to Congress saying the collection violated the Privacy Act, which prohibits the government from compiling information on people without their knowledge. The information was collected as the agency tested a program, now called Secure Flight, to conduct computerized checks of airline passengers against terrorist watch lists. TSA had promised it would only use the limited information about passengers that it had obtained from airlines. Instead, the agency and its contractors compiled files on people using data from commercial brokers and then compared those files with the lists. The GAO reported that about 100 million records were collected. The 1974 Privacy Act requires the government to notify the public when it collects information about people. It must say who it's gathering information about, what kinds of information, why it's being collected and how the information is stored. And to protect people from having misinformation about them in their files, the government must also disclose how they can access and correct the data it has collected. Before it began testing Secure Flight, the TSA published notices in September and November saying that it would collect from airlines information about people who flew commercially in June 2004. Instead, the agency actually took 43,000 names of passengers and used about 200,000 variations of those names -- who turned out to be real people who may not have flown that month, the GAO said. A TSA contractor collected 100 million records on those names. Justin Oberman, the TSA official in charge of Secure Flight, said that was a highly instructive test. "When you cannot distinguish one John Smith from another, you're going to get records from John Smiths who aren't boarding flights on an order of magnitude we can't handle," Oberman said. He said the testing is designed to find out what kind of data airlines will need to get -- such as passengers' birthdates --so they can turn it over to the government to check against watch lists. http://www.wired.com/news/privacy/0,1848,68292,00.html
-- and --
BEHIND-THE-SCENES BATTLE ON TRACKING DATA MINING (New York Times, 24 July 2005) -- Bush administration officials are opposing an effort in Congress under the antiterrorism law known as the USA Patriot Act to force the government to disclose its use of data-mining techniques in tracking suspects in terrorism cases. As part of the vote in the House this week to extend major parts of the antiterrorism law permanently, lawmakers agreed to include a little-noticed provision that would require the Justice Department to report to Congress annually on government-wide efforts to develop and use data-mining technology to track intelligence patterns. But a set of talking points distributed among Republican lawmakers as the measure was being debated warned that the Justice Department was opposed to the amendment because it would add to the list of "countless reports" already required by Congress and would take time away from more critical law enforcement activities. The government's use of vast public and private databases to mine for leads has produced several damaging episodes for the Bush administration, most notably in connection with the Total Information Awareness system developed by the Pentagon for tracking terror suspects and the Capps program of the Department of Homeland Security for screening airline passengers. Both programs were ultimately scrapped after public outcries over possible threats to privacy and civil liberties, and some Republicans and Democrats in Congress say they want to keep closer tabs on such computer operations to guard against abuse. "We have wasted millions and millions of dollars on implementing database-mining activities which, when they became public, produced such an outrage they were canceled," Representative Howard L. Berman, a California Democrat who sponsored the amendment requiring a report to Congress, said this week during the House debate. "We do not want to tie the hands of our security agencies in gathering this information," Mr. Berman said. "We simply want to provide a logical mechanism to gather the information so that the American people can feel more comfortable that what is being done is protected." http://www.nytimes.com/2005/07/24/politics/24patriot.html?ex=1279857600&en=fcec9a4f677a46db&ei=5090&partner=rssuserland&emc=rss
NEW YORK JUDGES REFUSE TO SAY INTERNET OBSCENITY LAW IS UNCONSTITUTIONAL (Newsday, 25 July 2005) -- A special three-judge federal panel on Monday refused to find unconstitutional a law making it a crime to send obscenity over the Internet to children. The Communications Decency Act of 1996 had been challenged by Barbara Nitke, a photographer who specializes in pictures of sadomasochistic sexual behavior, and by the National Coalition for Sexual Freedom, a Baltimore-based advocacy organization. They contended in a December 2001 lawsuit brought in U.S. District Court in Manhattan that the law was so broad and vague in its scope that it violated the First Amendment, making it impossible for them to publish to the Internet because they cannot control the forum. A judge from the 2nd Circuit Court of Appeals and two district judges heard the facts of the case and issued a written decision saying the plaintiffs had provided insufficient evidence to prove the law was unconstitutional. The panel noted that evidence was offered to indicate there are at least 1.4 million Web sites that mention bondage, discipline and sadomasochism but that evidence was insufficient to decide how many sites might be considered obscene. The judges said the evidence also was insufficient for them to determine how much the standards for obscenity differ in communities across the United States. The court said it was necessary to know how much the standards vary to decide if those creating Web sites would be graded for obscenity unfairly when compared with those who market traditional pornography and can control how they distribute the material. http://www.newsday.com/news/local/wire/newyork/ny-bc-ny--sexsites-obscenit0725jul25,0,6680266.story
WIRELESS NETWORK HIJACKER FOUND GUILTY (Silicon.com, 22 July 2005) – A UK man has been fined £500 and sentenced to 12 months' conditional discharge for hijacking a wireless broadband connection. On Wednesday, a jury at Isleworth court in London found Gregory Straszkiewicz, 24, guilty of dishonestly obtaining an electronic communications service and possessing equipment for fraudulent use of a communications service. Straszkiewicz was prosecuted under sections 125 and 126 of the Communications Act 2003. Police sources said Straszkiewicz was caught standing outside a building in a residential area holding a wireless-enabled laptop. The Crown Prosecution Service confirmed that Straszkiewicz was 'piggybacking' the wireless network that householders were using. He was reported to have attempted this several times before police arrested him. [See similar story from the U.S. in MIRLN 8.08 at http://mirln.blogspot.com/]
http://management.silicon.com/government/0,39024677,39150672,00.htm
UK POLICE WANT NEW COMPUTER POWERS (Techworld, 26 July 2005) -- The UK Association of Chief Police Officers (ACPO) has called for new powers to allow police to tackle rogue websites, and make withholding encryption keys a criminal offence. The new proposals are buried inside a long and sometimes controversial list of powers the influential body would like the government to consider enacting through legislation in the light of the special demands posed by terrorist investigations. Most of these relate to conventional police powers, but one section of the official release suggests amending part 3 of the Regulation of Investigatory Powers Act (RIPA) with a specific offence of withholding a software encryption key. This is the first time encryption keys have been singled out by UK police in this way, though the problems associated with their use by criminals to secure documents has long been a subject of debate. http://www.techworld.com/security/news/index.cfm?NewsID=4106
ADVISING CLIENTS IN A POST-GROKSTER WORLD (BNA’s Internet Law News, 27 July 2005) - Fred Von Lohmann highlights the challenges facing lawyers as they seek to advise technology clients in the post-Grokster world. Von Lohmann argues that the court's concurring opinions leave innovators and lower courts with precious little guidance on issues such as contributory and vicarious copyright liability. http://www.law.com/jsp/article.jsp?id=1122023112436
-- and --
NEW FILE-SHARING TECHNIQUES ARE LIKELY TO TEST COURT DECISION (New York Times, 1 August 2005) – Briefly buoyed by their Supreme Court victory on file sharing, Hollywood and the recording industry are on the verge of confronting more technically sophisticated opponents. At a computer security conference in Las Vegas on Thursday, an Irish software designer described a new version of a peer-to-peer file-sharing system that he says will make it easier to share digital information anonymously and make detection by corporations and governments far more difficult. Others have described similar efforts to build a so-called darknet that aims to shield the identities of those sharing information. The issue is complicated by the fact that the small group of technologists designing the new systems say their goal is to create tools to circumvent censorship and political repression - not to abet copyright violation. The Irish programmer, Ian Clarke, is a 28-year-old free-speech advocate who five years ago introduced a software system called Freenet that was intended to make it impossible for governments and corporations to restrict the flow of any kind of digital information. The system initially used a secure approach to routing between users and employed encryption to protect the information from eavesdroppers who were not part of the network. Unlike today's open peer-to-peer networks, the new systems like Mr. Clarke's use software code to connect individuals who trust one another. He said he would begin distributing the new version of his program within a few months, making it possible for groups of users to establish secured networks - available only to them and those they choose to include - through which any kind of digital information can be exchanged. Though he says his aim is political - helping dissidents in countries where computer traffic is monitored by the government, for example - Mr. Clarke is open about his disdain for copyright laws, asserting that his technology would produce a world in which all information is freely shared. In June, Ross Anderson, a prominent computer-security researcher who was a pioneer in developing early peer-to-peer networks, published a technical paper detailing how it was possible to resist industry attempts to disable such networks. He also published a second paper trying to anticipate the market reaction to curbs on file sharing like the Grokster ruling. The paper, "The Economics of Censorship Resistance," predicts the emergence of closed networks like the new Freenet, as well as "fan clubs" focused on specific digital content, which would be more difficult for the industry to combat. Legal skirmishes over anonymous peer-to-peer networks have already taken place in both Europe and Asia. In Japan last year, Isamu Kaneko, the developer of a file-sharing program called WinNY, was arrested after two users of the program were charged with sharing copyrighted material through the system. The Kaneko case is pending. On a separate front, the recording industry has sued users of Blubster, a peer-to-peer network designed by Pablo Soto, a Spanish programmer, who built privacy features into his system. http://www.nytimes.com/2005/08/01/technology/01file.html?ex=1280548800&en=2ab1bf4745b327bc&ei=5090&partner=rssuserland&emc=rss
CISCO HITS BACK AT FLAW RESEARCHER (CNET, 27 July 2005) -- Cisco Systems has taken legal action to keep a researcher from further discussing a hack into its router software. The networking giant and Internet Security Systems jointly filed a request Wednesday for a temporary restraining order against Michael Lynn and the organizers of the Black Hat security conference. The motion came after Lynn showed in a presentation how attackers could take over Cisco routers--a problem that he said could bring the Internet to its knees. The filing in U.S. District Court for the Northern District of California asks the court to prevent Lynn and Black Hat from "further disclosing proprietary information belonging to Cisco and ISS," said John Noh, a Cisco spokesman. "It is our belief that the information that Lynn presented at Black Hat this morning is information that was illegally obtained and violated our intellectual property rights," Noh added. Lynn decompiled Cisco's software for his research and by doing so violated the company's rights, Noh said. http://news.com.com/2100-1002_3-5807551.html
-- and --
RESEARCHER, CISCO REACH AGREEMENT (SiliconValley.com, 29 July 2005) -- Cisco Systems reached an agreement Thursday with a defiant computer security researcher who said he would stop revealing the details of a serious flaw in Cisco's software that directs traffic around much of the Internet. Only a day before, Michael Lynn quit his job with an Internet security company in Atlanta to deliver a speech at the Black Hat conference in Las Vegas that revealed details of the Cisco flaw. Cisco sought a court injunction Thursday to silence Lynn and even hired temporary workers to rip information about the software flaw from handouts given to conference-goers. The dispute highlights a hot debate over when and how to disclose vulnerabilities uncovered by security researchers to the software and equipment used to run the world's computer systems. Lynn, who Wednesday resigned from Internet Security Systems, said he had to defy Cisco and his employer to get out information on vital security threats to equipment that helps run the Internet. http://www.siliconvalley.com/mld/siliconvalley/12255870.htm
-- but--
WHISTLE-BLOWER FACES FBI PROBE (Wired, 29 July 2005) -- The FBI is investigating a computer security researcher for criminal conduct after he revealed that critical routers supporting the internet and many networks have a serious software flaw that could allow someone to crash or take control of them. Mike Lynn, a former researcher at Internet Security Systems, or ISS, said he was tipped off late Thursday night that the FBI was investigating him for violating trade secrets belonging to his former employer. Lynn resigned from ISS Wednesday morning after his company and Cisco threatened to sue him if he spoke at the Black Hat security conference in Las Vegas about a serious vulnerability he found while reverse-engineering the operating system in Cisco routers. He said he conducted the reverse-engineering at the request of his company, which was concerned that Cisco wasn't being forthright about a recent fix it had made to its operating system. Lynn spoke anyway, discussing the flaw in Cisco IOS, the operating system that runs on Cisco routers, which are responsible for transferring data over much of the internet and private networks. Although Lynn demonstrated for the audience what hackers could do to a router if they exploited the flaw, he did not reveal technical details that would allow anyone to exploit the bug without doing the same research he did to discover it. Both companies knew in advance about Lynn's plan to talk and originally supported it. But at the last minute, the companies tried to halt the presentation or force Lynn to allow Cisco representatives to speak as well. http://www.wired.com/news/privacy/0,1848,68356,00.html
-- and --
HACKERS RACE TO EXPOSE CISCO ROUTER FLAW (CNET, 31 July 2005) -- Computer hackers worked through the weekend to expose a flaw that could allow an attacker to take control of the Cisco Systems routers that direct traffic across much of the Internet. Angered and inspired by Cisco's attempts to suppress news of the flaw earlier in the week, several computer security experts at the Defcon computer-security conference worked past midnight Saturday to discover and map out the vulnerability. Cisco's routers direct traffic across at least 60 percent of the Internet and the security hole has dominated a pair of conferences that draw thousands of security researchers, U.S. government employees and teenage troublemakers to Las Vegas each summer. The hackers said they had no intention of hijacking e-commerce payments, reading private e-mail, or launching any of the other malicious attacks that could be possible by exploiting the flaw. Rather, they said they wanted to illustrate the need for Cisco customers to update their software to defend against such possibilities. Many Cisco customers have postponed the difficult process because it could require them to unplug entirely from the Internet. http://news.com.com/2100-1002_3-5812611.html
STATE ANTI-SPAM LAW IS NOT PREEMPTED BY CAN-SPAM ACT (BNA’s Internet Law News, 28 July 2005) -- BNA's Electronic Commerce & Law Report reports that a federal court in Washington has ruled that a state anti-spam law creating a civil cause of action against those who send commercial e-mails containing false header information and/or misleading subject lines is not preempted by the federal CAN-SPAM Act. Although the CAN-SPAM Act generally preempts state regulation of commercial e-mail, the court acknowledges, the law expressly permits state regulation of false or misleading commercial e-mail practices. Case name is Gordon v. Impulse Marketing Group Inc. Article at http://pubs.bna.com/ip/BNA/eip.nsf/is/a0b1d7n7y4
READING BETWEEN THE LINES OF USED BOOK SALES (New York Times, 28 July 2005) -- THE Internet is a bargain hunter's paradise. Ebay is an easy example, but there are many places for deals on used goods, including Amazon.com. While Amazon is best known for selling new products, an estimated 23 percent of its sales are from used goods, many of them secondhand books. Used bookstores have been around for centuries, but the Internet has allowed such markets to become larger and more efficient. And that has upset a number of publishers and authors. In 2002, the Authors Guild and the Association of American Publishers sent an open letter to Jeff Bezos, the chief executive of Amazon.com, which has a market for used books in addition to selling new copies. "If your aggressive promotion of used book sales becomes popular among Amazon's customers," the letter said, "this service will cut significantly into sales of new titles, directly harming authors and publishers." But does it? True, consumers probably save a few dollars while authors and publishers may lose some sales from a used book market. Yet the evidence suggests that the costs to publishers are not large, and also suggests that the overall gains from such secondhand markets outweigh any losses. Consider a recent paper, "Internet Exchanges for Used Books," by Anindya Ghose of New York University and Michael D. Smith and Rahul Telang of Carnegie-Mellon. (The text of the paper is available at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=584401.) The starting point for their analysis is the double-edged impact of a used book market on the market for new books. When used books are substituted for new ones, the seller faces competition from the secondhand market, reducing the price it can set for new books. But there's another effect: the presence of a market for used books makes consumers more willing to buy new books, because they can easily dispose of them later. http://www.nytimes.com/2005/07/28/technology/28scene.html?ex=1280203200&en=33765024cbf62d4c&ei=5090&partner=rssuserland&emc=rss
REALLY OPEN SOURCE (Inside Higher Ed, 29 July 2005) -- Few projects in academe have attracted the attention and praise in recent years of OpenCourseWare, a program in which the Massachusetts Institute of Technology is making all of its course materials available online — free — for anyone to use. In the four years since MIT launched the effort, use of the courseware has skyrocketed, and several other universities have created similar programs, assembling material from their own courses. With less fanfare than MIT, Rice University has also been promoting a model for free, shared information that could be used by faculty members and students anywhere in the world. But the Rice program — Connexions — is different in key respects. It is assembling material from professors (and high school teachers) from anywhere, it is offering free software tools in addition to course materials, and it is trying to reshape the way academe uses both peer review and publishing. The project also has hopes of becoming a major curricular tool at community colleges. http://www.insidehighered.com/news/2005/07/29/open
BUSH SIGNS LAW THAT CREATES MEDICAL ERROR DATABASES (Government Health IT, 29 July 2005) -- The Patient Safety and Quality Improvement Act of 2005 that President Bush signed today will require the establishment of a network of databases to hold data on medical errors that patient safety organizations and health care providers voluntarily report. Sen. Jim Jeffords (I-Vt.) first introduced a patient safety bill in 2000. He said the syringing of the bill today “will go a long way in reducing patient deaths and injuries that result from preventable errors.” The bill ensures legal protection by calling for the voluntary reporting of medical errors, keeping patient and provider information anonymous. The bill requires the Department of Health and Human Services to set up and maintain an interactive, evidence-based management resource that can analyze the reports. Don Woodlock, general manager of inpatient clinical at GE Healthcare Information Technologies, said the removal of provider information could help spur reporting of medical errors. Before passage of the bill, which guarantees anonymity, providers were reluctant to report errors due to fear of litigation. Dr. J. Edward Hill, president of the American Medical Association, said the patient safety law “is the catalyst we need to transform the current culture of blame and punishment into one of open communication and prevention.” http://govhealthit.com/article89736-07-29-05-Web
ROBOTS TAKE SCIENTISTS INTO SEA DEPTHS (Seattle P-I, 29 July 2005) -- Think of it as the Mars Rover but at the bottom of the ocean, remotely exploring our own planet's most alien landscape for scientists back at mission control. "This is how the science is going to be done," said Deborah Kelley, a University of Washington oceanographer. In 2000, Kelley led an expedition using a manned submersible to explore the deep Atlantic Ocean. Her team stumbled upon something never seen before. The researchers discovered a startlingly massive collection of limestone towers located miles away from the tectonic "spreading" cracks in the seafloor that typically produce such structures. Some of these hydrothermal vent towers were hundreds of feet high, prompting the scientists to call the unprecedented find the "Lost City" after the myth of Atlantis. Yesterday, Kelley and her colleagues were in Seattle and also "virtually" back at the Lost City to demonstrate how robotics and information technology can transform deep-ocean exploration. What once required dangerous and time-limited manned exploits can now be done by remote control on a ship deck or in an office thousands of miles away. In a darkened room on the UW campus, the makeshift, temporary command center featured Kelley and her colleagues surrounded by video screens depicting Ballard along with the remote-controlled submersible Hercules poised alongside one of the stark, shimmering white towers of the Lost City. http://seattlepi.nwsource.com/local/234479_lostcity29.html
WILL THE ADWARE INDUSTRY BEAT SPITZER? (CNET, 2 August 2005; article by Prof. Eric Goldman) -- New York Attorney General Elliott Spitzer's recent enforcement action against adware vendor Intermix Media has opened up a new front in the battle against this type of software. Though Intermix claims to have settled the matter for $7.5 million, any disposition leaves open a number of issues regarding Spitzer's ultimate plan for a possible sweep against the entire adware industry. In particular, Spitzer has repeatedly threatened advertisers who run ads with adware vendors. These threats have created a conundrum for advertisers. On one hand, adware offers advertisers a cost-effective way to reach consumers who derive value from the advertisements. On the other hand, no advertiser wants to get on Spitzer's hit list. Thus, if Spitzer's threat is real, many advertisers will simply forgo adware advertising. But amid the commotion, a critical, substantive question remains ignored: What legal doctrine holds advertisers liable for advertising via adware? We have yet to hear a coherent theory from Spitzer--or anyone else--explaining how this liability arises. In fact, advertiser liability for adware vendors' actions would represent a novel and unprecedented application of current law. In other words, to hold advertisers liable, Spitzer will need to create new law. Advertiser liability for adware vendors' actions would represent a novel and unprecedented application of current law. We can better understand the radical nature of these assertions through some analogies to other advertising contexts. Imagine The New York Times runs a libelous story or illegally obtains consumer subscriptions through deceptive trade practices. Or imagine a Yellow Pages vendor illegally trespasses by throwing copies of its book onto homeowners' land. Are advertisers liable in these circumstances? Generally, the answer is emphatically no. Advertisers have no more responsibility for the media partner's actions than any other customer or vendor. Indeed, such expansive liability might generate First Amendment concerns. http://news.com.com/2010-1071_3-5808481.html
CALLING ALL LUDDITES (New York Times, 3 August 2005; op-ed piece by Tom Friedman) -- I've been thinking of running for high office on a one-issue platform: I promise, if elected, that within four years America will have cellphone service as good as Ghana's. If re-elected, I promise that in eight years America will have cellphone service as good as Japan's, provided Japan agrees not to forge ahead on wireless technology. My campaign bumper sticker: "Can You Hear Me Now?" I began thinking about this after watching the Japanese use cellphones and laptops to get on the Internet from speeding bullet trains and subways deep underground. But the last straw was when I couldn't get cellphone service while visiting I.B.M.'s headquarters in Armonk, N.Y. But don't worry - Congress is on the case. It dropped everything last week to pass a bill to protect gun makers from shooting victims' lawsuits. The fact that the U.S. has fallen to 16th in the world in broadband connectivity aroused no interest. Look, I don't even like cellphones, but this is not about gadgets. The world is moving to an Internet-based platform for commerce, education, innovation and entertainment. Wealth and productivity will go to those countries or companies that get more of their innovators, educators, students, workers and suppliers connected to this platform via computers, phones and P.D.A.'s. [Article continues, and discusses the virtues of municipalities providing free WiFi.] http://www.nytimes.com/2005/08/03/opinion/03friedman.html?ex=1280721600&en=18d4a862134f2aae&ei=5090&partner=rssuserland&emc=rss
FCC PUTS DSL ON SAME FOOTING AS CABLE SERVICE (CNET, 5 August 2005) -- The Federal Communications Commission on Friday did away with old rules that require phone companies to share their infrastructure with Internet service providers. The new framework puts DSL service in line with cable modem services. Recently, the U.S. Supreme Court upheld the FCC's interpretation of cable modem service as an "information" service, which means it isn't required to share its infrastructure with competitors. The new rules could hurt ISPs such as EarthLink, which will be forced to negotiate wholesale deals with existing DSL providers. But DSL providers won't get off scott free. DSL providers will still be required to comply with wire tapping rules and disability requirements. And DSL providers will still contribute to the Universal Service Fund, at least for the next 270 days until the FCC can figure out another way to keep USF funded. http://news.com.com/2061-10785_3-5820294.html?part=rss&tag=5820294&subj=news
‘GUNS, GERMS, AND STEEL’ RECONSIDERED (Inside Higher Ed, 3 August 2005) -- Guns, Germs, and Steel: The Fates of Human Societies has had the kind of impact that most scholarly authors can only dream about for their works. First published by W.W. Norton in 1997, the book won a Pulitzer Prize the next year for its author, Jared Diamond, a professor of geography at the University of California at Los Angeles. Almost immediately, the book sold much better than most serious works (more than 1 million copies) and started to turn up on college reading lists — in courses on world history, anthropology, sociology and other fields. By 1999, the book was one of 12 recommended to freshmen at the University of California at Berkeley (along with some works that had been around a while longer, like Genesis and Exodus from the Bible). In 2001, Cornell University had all of its freshmen read the book. This summer, PBS broadcast a series based on the book, with Diamond explaining many of his ideas. And in the last week, a relatively new blog in anthropology — Savage Minds — has set off a huge debate over the book. Two of the eight people who lead Savage Minds posted their objections to the book, and things have taken off from there, with several prominent blogs in the social sciences picking up the debate, and adding to it. Hundreds of scholars are posting and cross-posting in an unusually intense and broad debate for a book that has been out for eight years. http://insidehighered.com/news/2005/08/03/ggs
NET POSTS DIRECTED TO FORUM RESIDENTS SUPPORT JURISDICTION (BNA’s Internet Law News, 4 August 2005) -- BNA's Electronic Commerce & Law Report reports that a federal court in Massachusetts has ruled that postings on a Yahoo! message board, though readable by those outside the forum, are nonetheless a "contact" with the forum in instances in which the posts are directed to the forum's residents. The court reasoned that the postings, which it said showed the defendant "engaged in direct dialogue" with forum residents, are analogous to e-mail sent to state residents. Case name is Abiomed v. Turnbull. Decision at http://pacer.mad.uscourts.gov/dc/opinions/gorton/pdf/abiomed.pdf
BOSTON AIRPORT BATTLES WITH FREE WI-FI (CNET, 4 August 2005) -- A free Wi-Fi service that competes with Logan Airport's paid-for service poses an 'unacceptable potential risk' to security forces gear, according to airport authorities. Boston's Logan International Airport is attempting to pull the plug on Continental Airlines' free Wi-Fi node, which competes with the airport's $7.95 (£4.48) per day pay service. In an escalating series of threatening letters sent over the last few weeks, airport officials have pledged to "take all necessary steps to have the [Wi-Fi] antenna removed" from Continental's frequent flyer lounge. Continental's free service poses an "unacceptable potential risk" to communications gear used by the state police and the Transportation Security Administration, the letters claim. For its part, Continental says that a 1996 law prevents local officials from meddling with wireless service and has asked the Federal Communications Commission to intervene. Its letter to the FCC argues that the agency has "exclusive jurisdiction" over Wi-Fi and should keep local authorities at bay. "We believe that offering free Wi-Fi at Boston's Logan airport is consistent with the FCC's regulations and its prior rulings on similar issues and that it is permissible under the terms of our lease," Continental spokeswoman Julie King said Wednesday. The airline provides free wireless access at all of its Presidents Club lounges worldwide. http://uk.news.yahoo.com/050804/152/fous1.html
**** RESOURCES ****
SOURCES:
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu.
2. Edupage, http://www.educause.edu/pub/edupage/edupage.html.
3. SANS Newsbites, sans@sans.org.
4. NewsScan and Innovation, http://www.newsscan.com.
5. Internet Law & Policy Forum, http://www.ilpf.org.
6. BNA’s Internet Law News, http://ecommercecenter.bna.com.
7. The Ifra Trend Report, http://www.ifra.com/website/ifra.nsf/html/ITR-HTML.
8. Crypto-Gram, http://www.schneier.com/crypto-gram.html.
9. David Evan’s “Internet and Computer News”, http://www.abanet.org/scripts/listcommands.jsp?parm=subscribe/at-internet
10. Readers’ submissions, and the editor’s discoveries.
PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.
Subscribe to:
Posts (Atom)