Saturday, August 06, 2005

MIRLN -- Misc. IT Related Legal News [16 July – 6 August 2005; v8.09]

**************Introductory Note**********************

MIRLN (Misc. IT Related Legal News) is a free product of the American Bar Association’s Cyberspace Law Committee. Please feel free to distribute this message.

Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at http://www.buslaw.org/cgi-bin/controlpanel.cgi?committee=CL320000 (click on “Settings” beside Members-Only Listserve Discussion). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN editions are archived at www.vip-law.com and in the public materials section of the Cyberspace Committee’s collaboration space at http://lawplace.metadot.com.

**************End of Introductory Note***************

HARRY POTTER AND THE RIGHT TO READ (Toronto Star, 18 July 2005) -- Along with millions worldwide who scooped up the latest Harry Potter tome over the weekend, the 41 schools that make up Manitoba’s Frontier School Division no doubt purchased several copies for their students. The link that connects Harry Potter and the school division that serves northern Manitoba extends beyond a mutual interest in children’s books. Both were at the centre of situations last week that illustrate how good news culture and heritage stories can easily be transformed when copyright law goes awry. The Harry Potter incident is widely known since it generated global attention. A grocery store in Coquitlam, British Columbia inadvertently sold 14 copies of the new Harry Potter book prior to its official sale date of July 16, 2005. Reports indicate that Raincoast Books, the Canadian publisher, mistakenly failed to include a notice on the shipping box that the books were not to be sold in advance. When Raincoast was informed of the sales, it joined with author J.K. Rowling and Bloomsbury Publishing, the British publisher, to seek a court order from the British Columbia Supreme Court to keep the book and its contents under wraps. Had Raincoast limited the requested order to stopping Canadian booksellers from selling the book, the issue would have attracted little attention. Rather than adopting that approach, however, Raincoast also directly targeted the 14 purchasers who had lawfully purchased copies of the book. The order compelled anyone with a copy of the book to return it to the publisher along with any notes and other descriptions of its contents. Moreover, it prohibited Canadians from reading or discussing any aspect of the book. [Read on.] http://www.michaelgeist.ca/index.php?option=content&task=view&id=896

-- and --

ONLINE PIRATES POUNCE ON NEW HARRY POTTER BOOK (CNET, 20 July 2005) -- The sixth book in the Harry Potter series, the fastest-selling book of all time, has become among the quickest to fall prey to Internet piracy, with illicit copies available online within hours of its release. Tech-savvy fans of the boy wizard teamed up to scan the entire 607 page book into digital form, with unauthorized e-book copies appearing online less than 12 hours after "Harry Potter and the Half-Blood Prince" went on sale on Saturday. Copies of the audio version of the book were also widespread on file-trading networks such as BitTorrent. http://news.com.com/2100-1030_3-5796511.html

COST OF US CYBER ATTACKS PLUMMETS (The Register, 18 July 2005) -- The cost of individual cyber attacks fell dramatically in the US last year but unauthorised access and the theft of proprietary information remain top security concerns. The 10th annual Computer Crime and Security Survey, put together by the Computer Security Institute (CSI) in conjunction with information security experts at the FBI, shows financial losses resulting from security breaches down for the fourth successive year. The cost of breaches averaged $204,000 per respondent - down 61 per cent from last year's average loss of $526,000. Virus attacks continue as the source of the greatest financial pain, making up 32 per cent of the overall losses reported. But unauthorized access showed a dramatic increase and replaced denial of service as the second most significant contributor to cybercrime losses. Unauthorised access was fingered for a quarter (24 per cent) of losses reported in the CSI/FBI Computer Crime and Security Survey 2005. Meanwhile losses from theft of proprietary information doubled last year, based on the survey of 700 computer security practitioners in various US corporations, universities and government agencies. The study found fears about negative publicity are preventing organisation from reporting cybercrime incidents to the police, a perennial problem the CSI/FBI study reckons is only getting worse. Assuming that this isn't true of what respondents also told CSI's researchers (academics from the University of Maryland), the study presents a picture of reducing cyber crime losses that contrasts sharply with vendor-sponsored studies. [Survey at http://www.gocsi.com/forms/fbi/csi_fbi_survey.jhtml] http://www.theregister.com/2005/07/18/csi_fbi_security_survey/

HAGUE CHOICE OF COURT CONVENTION FINALLY ADOPTED (Steptoe & Johnson’s E-Commerce Law Week, 16 July 2005) -- The long-awaited – and often-doubted – conclusion of negotiations for a multilateral treaty to improve the enforceability of civil judgments has finally arrived after 13 years of negotiations. The Hague Conference on Private International Law reached agreement on June 30 on the Convention on Choice of Courts Agreements ("Convention"). However, despite lobbying efforts by Internet service providers and other technology companies to place so-called clickwrap agreements and other non-negotiated agreements outside the scope of the Convention, the final draft of the 12-page document does not explicitly exclude such agreements. This raises concerns that many companies – including, for example, those that link to a website in a foreign jurisdiction – may unknowingly risk being hauled into a court halfway around the world. Of course, the Convention must still be ratified by any country to which it would apply, and the agreed text includes an option allowing countries to opt out of the Convention on specific matters if they have a “strong interest” in doing so. Therefore, the fight against having the Convention apply to non-negotiated agreements could spread to individual countries around the globe – raising the risk that the Convention may not actually avoid the world-wide jurisdictional muddle that it is designed to avoid. http://www.steptoe.com/index.cfm?fuseaction=ws.getItem&pubItemId=10121&siteId=547 [Convention at http://www.steptoe.com/publications/362b.pdf]

CALLING JACKIE CHILES (New York Times, 16 July 2005) -- Groklaw.net features an entry titled "The Stupidest Lawsuit Since the World Began," and it's hard to argue. A French transit company, Transports Schiocchet Excursions, is suing 10 cleaning women in the Moselle region because they carpool to work rather than use the company's buses. The plaintiffs' lawyers charge the women with "unfair and parasitical competition" and want their cars seized. http://www.nytimes.com/2005/07/16/technology/16online.ready.html?ex=1279166400&en=f3ce10695112b660&ei=5090&partner=rssuserland&emc=rss

IN CANADA: CACHE A PAGE, GO TO JAIL? (CNET, 19 July 2005) -- A bill before Canada's Parliament could make it illegal for search engines to cache Web pages, critics say, opening the door to unwarranted lawsuits and potentially hindering public access to information. The legislation in question, Bill C-60, is designed to amend Canada's Copyright Act by implementing parts of the 1996 World Intellectual Property Organization treaty, the treaty that led to the Digital Millennium Copyright Act in the U.S. Set for debate and an initial vote in the House of Commons after Parliament's summer break, C-60 addresses things such as file-sharing, anticopying devices and the liability of Internet service providers and would tighten the Copyright Act in ways favorable to record labels and movie studios. But according to Howard Knopf, a copyright attorney at the Ottawa firm of Macera & Jarzyna, a brief passage in the bill could mean trouble for search engines and other companies that archive or cache Web content. "The way it reads, arguably what they're saying is that the very act of making a reproduction by way of caching is illegal," Knopf said. Michael Geist, a law professor at the University of Ottawa, where he holds the Canada Research Chair in Internet and E-Commerce Law, agreed. http://news.com.com/2100-1028_3-5793659.html

HACKERS GET INTO USC DATABASE (CNET, 19 July 2005) -- A University of Southern California database containing about 270,000 records of past applicants was hacked last month, officials said on Tuesday. The breach of the university's online application database exposed "dozens" of records, which included names and Social Security numbers, to unauthorized individuals, said Katharine Harrington, USC dean of admissions and financial aid. Harrington could not be more specific about the number of people whose personal data may have been viewed by the hacker or hackers, nor about what the motivation had been for the computer break-in. "There was not a sufficiently precise tracking capability," Harrington said, but added that the hackers had not been able to access multiple records at once. Records were also only able to be viewed at random, she said. USC learned of the breach June 20 when it was tipped off by a journalist. http://news.com.com/2100-7349_3-5795373.html

UNIVERSITY R&D SPENDING IS UP (Inside Higher Ed, 21 July 2005) -- Colleges and universities spent $40.1 billion on research and development in the 2003 fiscal year, up 10.2 percent from the previous year and 100 percent from 1993. The data were released by the National Science Foundation, which regularly studies research spending in higher education. A majority of the research funds came from Washington. Federal research and development spending in 2003 was $24.7 billion, up 13 percent from the previous year. Other significant sources of research support include state and local governments, businesses and institutional funds. Industry support for R&D in higher education fell by 1 percent in 2003, to $2.16 billion. Other categories all reported increases. Nearly three-fourths of total research spending is for basic research, but applied research outpaced basic research slightly in the rate of increase, 11 percent to 10 percent. Within the sciences and engineering, the top area of support, by far, is the medical sciences. http://insidehighered.com/news/2005/07/21/nsf

LEGALLY DOWNLOADED MUSIC TRIPLES IN 2005 (AP, 21 July 2005) -- The number of digital music tracks legally downloaded from the Internet almost tripled in the first half of 2005 as the use of high-speed broadband connections surged around the world, the international recording industry said Thursday. The International Federation of Phonographic Industries said that 180 million single tracks were downloaded legally in the first six months of the year, compared to 57 million tracks in the first half of 2004 and 157 million for the whole of last year. The federation credited the increase to a 13 percent rise in the number of broadband lines installed around the world, along with an industry campaign to both prosecute and educate against illegal downloading. It said there was just a 3 percent increase in illegal file-sharing to 900 million in July, from 870 million at the start of the year. "We are now seeing real evidence that people are increasingly put off by illegal file-sharing and turning to legal ways of enjoying music online," said John Kennedy, the IFPI's chairman. "Whether it's the fear of getting caught breaking the law, or the realization that many networks could damage your home PC, attitudes are changing, and that is good news for the whole music industry." The IFPI, which has filed hundreds of lawsuits worldwide accusing people of putting copyright songs onto Internet file-sharing networks and offering them to millions without permission, said that the legitimate market is responding to the increased demand. http://news.yahoo.com/news?tmpl=story&cid=528&e=3&u=/ap/20050722/ap_on_hi_te/britain_music_piracy

-- and --

ONLINE FILE SHARERS 'BUY MORE MUSIC' (The Guardian, 27 July 2005) -- Computer-literate music fans who illegally share tracks over the internet also spend four and a half times as much on digital music as those who do not, according to research published today. The survey confirms what many music fans have informally insisted for some time: that downloading tracks illegally has also led them to become more enthusiastic buyers of singles and albums online. Unlikely to be music to the ears of record companies, who have previously argued the opposite, the results will raise a question mark over the companies' recent drive to pursue individual file sharers through the courts. http://www.guardian.co.uk/online/news/0,12597,1536888,00.html and http://news.bbc.co.uk/2/hi/technology/4718249.stm

POLICE: ORKUT USED AS BRAZILIAN DRUG NETWORK (CNET, 21 July 2005) -- Brazilian police arrested 10 people on Thursday accused of selling drugs using Google's international social networking site Orkut, which is hugely popular in the Latin American country. "We discovered the drug ring first via authorized phone tapping, and later the investigation included monitoring of their activities on the Internet," said a duty officer at the Drugs Enforcement Service in the city of Niteroi, just across the bay from Rio de Janeiro. Orkut allows members to join and set up online communities to discuss everything from doughnuts to quantum physics and schedule events such as community meetings. Narcotics are also discussed, with some groups advocating their legalization. However, most popular Portuguese-language communities touching on the issue are anti-drug groups. Several million Brazilians have become devotees of Orkut since Web search leader Google launched the popular social-networking site in January 2004. They make up more than half of Orkut's 7 million plus members. http://news.com.com/2100-1030_3-5798781.html

CONGRESS: TSA BROKE PRIVACY LAWS (Wired, 22 July 2005) -- The Transportation Security Administration violated privacy protections by secretly collecting personal information on at least 250,000 people, congressional investigators said Friday. The Government Accountability Office sent a letter to Congress saying the collection violated the Privacy Act, which prohibits the government from compiling information on people without their knowledge. The information was collected as the agency tested a program, now called Secure Flight, to conduct computerized checks of airline passengers against terrorist watch lists. TSA had promised it would only use the limited information about passengers that it had obtained from airlines. Instead, the agency and its contractors compiled files on people using data from commercial brokers and then compared those files with the lists. The GAO reported that about 100 million records were collected. The 1974 Privacy Act requires the government to notify the public when it collects information about people. It must say who it's gathering information about, what kinds of information, why it's being collected and how the information is stored. And to protect people from having misinformation about them in their files, the government must also disclose how they can access and correct the data it has collected. Before it began testing Secure Flight, the TSA published notices in September and November saying that it would collect from airlines information about people who flew commercially in June 2004. Instead, the agency actually took 43,000 names of passengers and used about 200,000 variations of those names -- who turned out to be real people who may not have flown that month, the GAO said. A TSA contractor collected 100 million records on those names. Justin Oberman, the TSA official in charge of Secure Flight, said that was a highly instructive test. "When you cannot distinguish one John Smith from another, you're going to get records from John Smiths who aren't boarding flights on an order of magnitude we can't handle," Oberman said. He said the testing is designed to find out what kind of data airlines will need to get -- such as passengers' birthdates --so they can turn it over to the government to check against watch lists. http://www.wired.com/news/privacy/0,1848,68292,00.html

-- and --

BEHIND-THE-SCENES BATTLE ON TRACKING DATA MINING (New York Times, 24 July 2005) -- Bush administration officials are opposing an effort in Congress under the antiterrorism law known as the USA Patriot Act to force the government to disclose its use of data-mining techniques in tracking suspects in terrorism cases. As part of the vote in the House this week to extend major parts of the antiterrorism law permanently, lawmakers agreed to include a little-noticed provision that would require the Justice Department to report to Congress annually on government-wide efforts to develop and use data-mining technology to track intelligence patterns. But a set of talking points distributed among Republican lawmakers as the measure was being debated warned that the Justice Department was opposed to the amendment because it would add to the list of "countless reports" already required by Congress and would take time away from more critical law enforcement activities. The government's use of vast public and private databases to mine for leads has produced several damaging episodes for the Bush administration, most notably in connection with the Total Information Awareness system developed by the Pentagon for tracking terror suspects and the Capps program of the Department of Homeland Security for screening airline passengers. Both programs were ultimately scrapped after public outcries over possible threats to privacy and civil liberties, and some Republicans and Democrats in Congress say they want to keep closer tabs on such computer operations to guard against abuse. "We have wasted millions and millions of dollars on implementing database-mining activities which, when they became public, produced such an outrage they were canceled," Representative Howard L. Berman, a California Democrat who sponsored the amendment requiring a report to Congress, said this week during the House debate. "We do not want to tie the hands of our security agencies in gathering this information," Mr. Berman said. "We simply want to provide a logical mechanism to gather the information so that the American people can feel more comfortable that what is being done is protected." http://www.nytimes.com/2005/07/24/politics/24patriot.html?ex=1279857600&en=fcec9a4f677a46db&ei=5090&partner=rssuserland&emc=rss

NEW YORK JUDGES REFUSE TO SAY INTERNET OBSCENITY LAW IS UNCONSTITUTIONAL (Newsday, 25 July 2005) -- A special three-judge federal panel on Monday refused to find unconstitutional a law making it a crime to send obscenity over the Internet to children. The Communications Decency Act of 1996 had been challenged by Barbara Nitke, a photographer who specializes in pictures of sadomasochistic sexual behavior, and by the National Coalition for Sexual Freedom, a Baltimore-based advocacy organization. They contended in a December 2001 lawsuit brought in U.S. District Court in Manhattan that the law was so broad and vague in its scope that it violated the First Amendment, making it impossible for them to publish to the Internet because they cannot control the forum. A judge from the 2nd Circuit Court of Appeals and two district judges heard the facts of the case and issued a written decision saying the plaintiffs had provided insufficient evidence to prove the law was unconstitutional. The panel noted that evidence was offered to indicate there are at least 1.4 million Web sites that mention bondage, discipline and sadomasochism but that evidence was insufficient to decide how many sites might be considered obscene. The judges said the evidence also was insufficient for them to determine how much the standards for obscenity differ in communities across the United States. The court said it was necessary to know how much the standards vary to decide if those creating Web sites would be graded for obscenity unfairly when compared with those who market traditional pornography and can control how they distribute the material. http://www.newsday.com/news/local/wire/newyork/ny-bc-ny--sexsites-obscenit0725jul25,0,6680266.story

WIRELESS NETWORK HIJACKER FOUND GUILTY (Silicon.com, 22 July 2005) – A UK man has been fined £500 and sentenced to 12 months' conditional discharge for hijacking a wireless broadband connection. On Wednesday, a jury at Isleworth court in London found Gregory Straszkiewicz, 24, guilty of dishonestly obtaining an electronic communications service and possessing equipment for fraudulent use of a communications service. Straszkiewicz was prosecuted under sections 125 and 126 of the Communications Act 2003. Police sources said Straszkiewicz was caught standing outside a building in a residential area holding a wireless-enabled laptop. The Crown Prosecution Service confirmed that Straszkiewicz was 'piggybacking' the wireless network that householders were using. He was reported to have attempted this several times before police arrested him. [See similar story from the U.S. in MIRLN 8.08 at http://mirln.blogspot.com/]
http://management.silicon.com/government/0,39024677,39150672,00.htm

UK POLICE WANT NEW COMPUTER POWERS (Techworld, 26 July 2005) -- The UK Association of Chief Police Officers (ACPO) has called for new powers to allow police to tackle rogue websites, and make withholding encryption keys a criminal offence. The new proposals are buried inside a long and sometimes controversial list of powers the influential body would like the government to consider enacting through legislation in the light of the special demands posed by terrorist investigations. Most of these relate to conventional police powers, but one section of the official release suggests amending part 3 of the Regulation of Investigatory Powers Act (RIPA) with a specific offence of withholding a software encryption key. This is the first time encryption keys have been singled out by UK police in this way, though the problems associated with their use by criminals to secure documents has long been a subject of debate. http://www.techworld.com/security/news/index.cfm?NewsID=4106

ADVISING CLIENTS IN A POST-GROKSTER WORLD (BNA’s Internet Law News, 27 July 2005) - Fred Von Lohmann highlights the challenges facing lawyers as they seek to advise technology clients in the post-Grokster world. Von Lohmann argues that the court's concurring opinions leave innovators and lower courts with precious little guidance on issues such as contributory and vicarious copyright liability. http://www.law.com/jsp/article.jsp?id=1122023112436

-- and --

NEW FILE-SHARING TECHNIQUES ARE LIKELY TO TEST COURT DECISION (New York Times, 1 August 2005) – Briefly buoyed by their Supreme Court victory on file sharing, Hollywood and the recording industry are on the verge of confronting more technically sophisticated opponents. At a computer security conference in Las Vegas on Thursday, an Irish software designer described a new version of a peer-to-peer file-sharing system that he says will make it easier to share digital information anonymously and make detection by corporations and governments far more difficult. Others have described similar efforts to build a so-called darknet that aims to shield the identities of those sharing information. The issue is complicated by the fact that the small group of technologists designing the new systems say their goal is to create tools to circumvent censorship and political repression - not to abet copyright violation. The Irish programmer, Ian Clarke, is a 28-year-old free-speech advocate who five years ago introduced a software system called Freenet that was intended to make it impossible for governments and corporations to restrict the flow of any kind of digital information. The system initially used a secure approach to routing between users and employed encryption to protect the information from eavesdroppers who were not part of the network. Unlike today's open peer-to-peer networks, the new systems like Mr. Clarke's use software code to connect individuals who trust one another. He said he would begin distributing the new version of his program within a few months, making it possible for groups of users to establish secured networks - available only to them and those they choose to include - through which any kind of digital information can be exchanged. Though he says his aim is political - helping dissidents in countries where computer traffic is monitored by the government, for example - Mr. Clarke is open about his disdain for copyright laws, asserting that his technology would produce a world in which all information is freely shared. In June, Ross Anderson, a prominent computer-security researcher who was a pioneer in developing early peer-to-peer networks, published a technical paper detailing how it was possible to resist industry attempts to disable such networks. He also published a second paper trying to anticipate the market reaction to curbs on file sharing like the Grokster ruling. The paper, "The Economics of Censorship Resistance," predicts the emergence of closed networks like the new Freenet, as well as "fan clubs" focused on specific digital content, which would be more difficult for the industry to combat. Legal skirmishes over anonymous peer-to-peer networks have already taken place in both Europe and Asia. In Japan last year, Isamu Kaneko, the developer of a file-sharing program called WinNY, was arrested after two users of the program were charged with sharing copyrighted material through the system. The Kaneko case is pending. On a separate front, the recording industry has sued users of Blubster, a peer-to-peer network designed by Pablo Soto, a Spanish programmer, who built privacy features into his system. http://www.nytimes.com/2005/08/01/technology/01file.html?ex=1280548800&en=2ab1bf4745b327bc&ei=5090&partner=rssuserland&emc=rss

CISCO HITS BACK AT FLAW RESEARCHER (CNET, 27 July 2005) -- Cisco Systems has taken legal action to keep a researcher from further discussing a hack into its router software. The networking giant and Internet Security Systems jointly filed a request Wednesday for a temporary restraining order against Michael Lynn and the organizers of the Black Hat security conference. The motion came after Lynn showed in a presentation how attackers could take over Cisco routers--a problem that he said could bring the Internet to its knees. The filing in U.S. District Court for the Northern District of California asks the court to prevent Lynn and Black Hat from "further disclosing proprietary information belonging to Cisco and ISS," said John Noh, a Cisco spokesman. "It is our belief that the information that Lynn presented at Black Hat this morning is information that was illegally obtained and violated our intellectual property rights," Noh added. Lynn decompiled Cisco's software for his research and by doing so violated the company's rights, Noh said. http://news.com.com/2100-1002_3-5807551.html

-- and --

RESEARCHER, CISCO REACH AGREEMENT (SiliconValley.com, 29 July 2005) -- Cisco Systems reached an agreement Thursday with a defiant computer security researcher who said he would stop revealing the details of a serious flaw in Cisco's software that directs traffic around much of the Internet. Only a day before, Michael Lynn quit his job with an Internet security company in Atlanta to deliver a speech at the Black Hat conference in Las Vegas that revealed details of the Cisco flaw. Cisco sought a court injunction Thursday to silence Lynn and even hired temporary workers to rip information about the software flaw from handouts given to conference-goers. The dispute highlights a hot debate over when and how to disclose vulnerabilities uncovered by security researchers to the software and equipment used to run the world's computer systems. Lynn, who Wednesday resigned from Internet Security Systems, said he had to defy Cisco and his employer to get out information on vital security threats to equipment that helps run the Internet. http://www.siliconvalley.com/mld/siliconvalley/12255870.htm

-- but--

WHISTLE-BLOWER FACES FBI PROBE (Wired, 29 July 2005) -- The FBI is investigating a computer security researcher for criminal conduct after he revealed that critical routers supporting the internet and many networks have a serious software flaw that could allow someone to crash or take control of them. Mike Lynn, a former researcher at Internet Security Systems, or ISS, said he was tipped off late Thursday night that the FBI was investigating him for violating trade secrets belonging to his former employer. Lynn resigned from ISS Wednesday morning after his company and Cisco threatened to sue him if he spoke at the Black Hat security conference in Las Vegas about a serious vulnerability he found while reverse-engineering the operating system in Cisco routers. He said he conducted the reverse-engineering at the request of his company, which was concerned that Cisco wasn't being forthright about a recent fix it had made to its operating system. Lynn spoke anyway, discussing the flaw in Cisco IOS, the operating system that runs on Cisco routers, which are responsible for transferring data over much of the internet and private networks. Although Lynn demonstrated for the audience what hackers could do to a router if they exploited the flaw, he did not reveal technical details that would allow anyone to exploit the bug without doing the same research he did to discover it. Both companies knew in advance about Lynn's plan to talk and originally supported it. But at the last minute, the companies tried to halt the presentation or force Lynn to allow Cisco representatives to speak as well. http://www.wired.com/news/privacy/0,1848,68356,00.html

-- and --

HACKERS RACE TO EXPOSE CISCO ROUTER FLAW (CNET, 31 July 2005) -- Computer hackers worked through the weekend to expose a flaw that could allow an attacker to take control of the Cisco Systems routers that direct traffic across much of the Internet. Angered and inspired by Cisco's attempts to suppress news of the flaw earlier in the week, several computer security experts at the Defcon computer-security conference worked past midnight Saturday to discover and map out the vulnerability. Cisco's routers direct traffic across at least 60 percent of the Internet and the security hole has dominated a pair of conferences that draw thousands of security researchers, U.S. government employees and teenage troublemakers to Las Vegas each summer. The hackers said they had no intention of hijacking e-commerce payments, reading private e-mail, or launching any of the other malicious attacks that could be possible by exploiting the flaw. Rather, they said they wanted to illustrate the need for Cisco customers to update their software to defend against such possibilities. Many Cisco customers have postponed the difficult process because it could require them to unplug entirely from the Internet. http://news.com.com/2100-1002_3-5812611.html

STATE ANTI-SPAM LAW IS NOT PREEMPTED BY CAN-SPAM ACT (BNA’s Internet Law News, 28 July 2005) -- BNA's Electronic Commerce & Law Report reports that a federal court in Washington has ruled that a state anti-spam law creating a civil cause of action against those who send commercial e-mails containing false header information and/or misleading subject lines is not preempted by the federal CAN-SPAM Act. Although the CAN-SPAM Act generally preempts state regulation of commercial e-mail, the court acknowledges, the law expressly permits state regulation of false or misleading commercial e-mail practices. Case name is Gordon v. Impulse Marketing Group Inc. Article at http://pubs.bna.com/ip/BNA/eip.nsf/is/a0b1d7n7y4

READING BETWEEN THE LINES OF USED BOOK SALES (New York Times, 28 July 2005) -- THE Internet is a bargain hunter's paradise. Ebay is an easy example, but there are many places for deals on used goods, including Amazon.com. While Amazon is best known for selling new products, an estimated 23 percent of its sales are from used goods, many of them secondhand books. Used bookstores have been around for centuries, but the Internet has allowed such markets to become larger and more efficient. And that has upset a number of publishers and authors. In 2002, the Authors Guild and the Association of American Publishers sent an open letter to Jeff Bezos, the chief executive of Amazon.com, which has a market for used books in addition to selling new copies. "If your aggressive promotion of used book sales becomes popular among Amazon's customers," the letter said, "this service will cut significantly into sales of new titles, directly harming authors and publishers." But does it? True, consumers probably save a few dollars while authors and publishers may lose some sales from a used book market. Yet the evidence suggests that the costs to publishers are not large, and also suggests that the overall gains from such secondhand markets outweigh any losses. Consider a recent paper, "Internet Exchanges for Used Books," by Anindya Ghose of New York University and Michael D. Smith and Rahul Telang of Carnegie-Mellon. (The text of the paper is available at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=584401.) The starting point for their analysis is the double-edged impact of a used book market on the market for new books. When used books are substituted for new ones, the seller faces competition from the secondhand market, reducing the price it can set for new books. But there's another effect: the presence of a market for used books makes consumers more willing to buy new books, because they can easily dispose of them later. http://www.nytimes.com/2005/07/28/technology/28scene.html?ex=1280203200&en=33765024cbf62d4c&ei=5090&partner=rssuserland&emc=rss

REALLY OPEN SOURCE (Inside Higher Ed, 29 July 2005) -- Few projects in academe have attracted the attention and praise in recent years of OpenCourseWare, a program in which the Massachusetts Institute of Technology is making all of its course materials available online — free — for anyone to use. In the four years since MIT launched the effort, use of the courseware has skyrocketed, and several other universities have created similar programs, assembling material from their own courses. With less fanfare than MIT, Rice University has also been promoting a model for free, shared information that could be used by faculty members and students anywhere in the world. But the Rice program — Connexions — is different in key respects. It is assembling material from professors (and high school teachers) from anywhere, it is offering free software tools in addition to course materials, and it is trying to reshape the way academe uses both peer review and publishing. The project also has hopes of becoming a major curricular tool at community colleges. http://www.insidehighered.com/news/2005/07/29/open

BUSH SIGNS LAW THAT CREATES MEDICAL ERROR DATABASES (Government Health IT, 29 July 2005) -- The Patient Safety and Quality Improvement Act of 2005 that President Bush signed today will require the establishment of a network of databases to hold data on medical errors that patient safety organizations and health care providers voluntarily report. Sen. Jim Jeffords (I-Vt.) first introduced a patient safety bill in 2000. He said the syringing of the bill today “will go a long way in reducing patient deaths and injuries that result from preventable errors.” The bill ensures legal protection by calling for the voluntary reporting of medical errors, keeping patient and provider information anonymous. The bill requires the Department of Health and Human Services to set up and maintain an interactive, evidence-based management resource that can analyze the reports. Don Woodlock, general manager of inpatient clinical at GE Healthcare Information Technologies, said the removal of provider information could help spur reporting of medical errors. Before passage of the bill, which guarantees anonymity, providers were reluctant to report errors due to fear of litigation. Dr. J. Edward Hill, president of the American Medical Association, said the patient safety law “is the catalyst we need to transform the current culture of blame and punishment into one of open communication and prevention.” http://govhealthit.com/article89736-07-29-05-Web

ROBOTS TAKE SCIENTISTS INTO SEA DEPTHS (Seattle P-I, 29 July 2005) -- Think of it as the Mars Rover but at the bottom of the ocean, remotely exploring our own planet's most alien landscape for scientists back at mission control. "This is how the science is going to be done," said Deborah Kelley, a University of Washington oceanographer. In 2000, Kelley led an expedition using a manned submersible to explore the deep Atlantic Ocean. Her team stumbled upon something never seen before. The researchers discovered a startlingly massive collection of limestone towers located miles away from the tectonic "spreading" cracks in the seafloor that typically produce such structures. Some of these hydrothermal vent towers were hundreds of feet high, prompting the scientists to call the unprecedented find the "Lost City" after the myth of Atlantis. Yesterday, Kelley and her colleagues were in Seattle and also "virtually" back at the Lost City to demonstrate how robotics and information technology can transform deep-ocean exploration. What once required dangerous and time-limited manned exploits can now be done by remote control on a ship deck or in an office thousands of miles away. In a darkened room on the UW campus, the makeshift, temporary command center featured Kelley and her colleagues surrounded by video screens depicting Ballard along with the remote-controlled submersible Hercules poised alongside one of the stark, shimmering white towers of the Lost City. http://seattlepi.nwsource.com/local/234479_lostcity29.html

WILL THE ADWARE INDUSTRY BEAT SPITZER? (CNET, 2 August 2005; article by Prof. Eric Goldman) -- New York Attorney General Elliott Spitzer's recent enforcement action against adware vendor Intermix Media has opened up a new front in the battle against this type of software. Though Intermix claims to have settled the matter for $7.5 million, any disposition leaves open a number of issues regarding Spitzer's ultimate plan for a possible sweep against the entire adware industry. In particular, Spitzer has repeatedly threatened advertisers who run ads with adware vendors. These threats have created a conundrum for advertisers. On one hand, adware offers advertisers a cost-effective way to reach consumers who derive value from the advertisements. On the other hand, no advertiser wants to get on Spitzer's hit list. Thus, if Spitzer's threat is real, many advertisers will simply forgo adware advertising. But amid the commotion, a critical, substantive question remains ignored: What legal doctrine holds advertisers liable for advertising via adware? We have yet to hear a coherent theory from Spitzer--or anyone else--explaining how this liability arises. In fact, advertiser liability for adware vendors' actions would represent a novel and unprecedented application of current law. In other words, to hold advertisers liable, Spitzer will need to create new law. Advertiser liability for adware vendors' actions would represent a novel and unprecedented application of current law. We can better understand the radical nature of these assertions through some analogies to other advertising contexts. Imagine The New York Times runs a libelous story or illegally obtains consumer subscriptions through deceptive trade practices. Or imagine a Yellow Pages vendor illegally trespasses by throwing copies of its book onto homeowners' land. Are advertisers liable in these circumstances? Generally, the answer is emphatically no. Advertisers have no more responsibility for the media partner's actions than any other customer or vendor. Indeed, such expansive liability might generate First Amendment concerns. http://news.com.com/2010-1071_3-5808481.html

CALLING ALL LUDDITES (New York Times, 3 August 2005; op-ed piece by Tom Friedman) -- I've been thinking of running for high office on a one-issue platform: I promise, if elected, that within four years America will have cellphone service as good as Ghana's. If re-elected, I promise that in eight years America will have cellphone service as good as Japan's, provided Japan agrees not to forge ahead on wireless technology. My campaign bumper sticker: "Can You Hear Me Now?" I began thinking about this after watching the Japanese use cellphones and laptops to get on the Internet from speeding bullet trains and subways deep underground. But the last straw was when I couldn't get cellphone service while visiting I.B.M.'s headquarters in Armonk, N.Y. But don't worry - Congress is on the case. It dropped everything last week to pass a bill to protect gun makers from shooting victims' lawsuits. The fact that the U.S. has fallen to 16th in the world in broadband connectivity aroused no interest. Look, I don't even like cellphones, but this is not about gadgets. The world is moving to an Internet-based platform for commerce, education, innovation and entertainment. Wealth and productivity will go to those countries or companies that get more of their innovators, educators, students, workers and suppliers connected to this platform via computers, phones and P.D.A.'s. [Article continues, and discusses the virtues of municipalities providing free WiFi.] http://www.nytimes.com/2005/08/03/opinion/03friedman.html?ex=1280721600&en=18d4a862134f2aae&ei=5090&partner=rssuserland&emc=rss

FCC PUTS DSL ON SAME FOOTING AS CABLE SERVICE (CNET, 5 August 2005) -- The Federal Communications Commission on Friday did away with old rules that require phone companies to share their infrastructure with Internet service providers. The new framework puts DSL service in line with cable modem services. Recently, the U.S. Supreme Court upheld the FCC's interpretation of cable modem service as an "information" service, which means it isn't required to share its infrastructure with competitors. The new rules could hurt ISPs such as EarthLink, which will be forced to negotiate wholesale deals with existing DSL providers. But DSL providers won't get off scott free. DSL providers will still be required to comply with wire tapping rules and disability requirements. And DSL providers will still contribute to the Universal Service Fund, at least for the next 270 days until the FCC can figure out another way to keep USF funded. http://news.com.com/2061-10785_3-5820294.html?part=rss&tag=5820294&subj=news

‘GUNS, GERMS, AND STEEL’ RECONSIDERED (Inside Higher Ed, 3 August 2005) -- Guns, Germs, and Steel: The Fates of Human Societies has had the kind of impact that most scholarly authors can only dream about for their works. First published by W.W. Norton in 1997, the book won a Pulitzer Prize the next year for its author, Jared Diamond, a professor of geography at the University of California at Los Angeles. Almost immediately, the book sold much better than most serious works (more than 1 million copies) and started to turn up on college reading lists — in courses on world history, anthropology, sociology and other fields. By 1999, the book was one of 12 recommended to freshmen at the University of California at Berkeley (along with some works that had been around a while longer, like Genesis and Exodus from the Bible). In 2001, Cornell University had all of its freshmen read the book. This summer, PBS broadcast a series based on the book, with Diamond explaining many of his ideas. And in the last week, a relatively new blog in anthropology — Savage Minds — has set off a huge debate over the book. Two of the eight people who lead Savage Minds posted their objections to the book, and things have taken off from there, with several prominent blogs in the social sciences picking up the debate, and adding to it. Hundreds of scholars are posting and cross-posting in an unusually intense and broad debate for a book that has been out for eight years. http://insidehighered.com/news/2005/08/03/ggs

NET POSTS DIRECTED TO FORUM RESIDENTS SUPPORT JURISDICTION (BNA’s Internet Law News, 4 August 2005) -- BNA's Electronic Commerce & Law Report reports that a federal court in Massachusetts has ruled that postings on a Yahoo! message board, though readable by those outside the forum, are nonetheless a "contact" with the forum in instances in which the posts are directed to the forum's residents. The court reasoned that the postings, which it said showed the defendant "engaged in direct dialogue" with forum residents, are analogous to e-mail sent to state residents. Case name is Abiomed v. Turnbull. Decision at http://pacer.mad.uscourts.gov/dc/opinions/gorton/pdf/abiomed.pdf

BOSTON AIRPORT BATTLES WITH FREE WI-FI (CNET, 4 August 2005) -- A free Wi-Fi service that competes with Logan Airport's paid-for service poses an 'unacceptable potential risk' to security forces gear, according to airport authorities. Boston's Logan International Airport is attempting to pull the plug on Continental Airlines' free Wi-Fi node, which competes with the airport's $7.95 (£4.48) per day pay service. In an escalating series of threatening letters sent over the last few weeks, airport officials have pledged to "take all necessary steps to have the [Wi-Fi] antenna removed" from Continental's frequent flyer lounge. Continental's free service poses an "unacceptable potential risk" to communications gear used by the state police and the Transportation Security Administration, the letters claim. For its part, Continental says that a 1996 law prevents local officials from meddling with wireless service and has asked the Federal Communications Commission to intervene. Its letter to the FCC argues that the agency has "exclusive jurisdiction" over Wi-Fi and should keep local authorities at bay. "We believe that offering free Wi-Fi at Boston's Logan airport is consistent with the FCC's regulations and its prior rulings on similar issues and that it is permissible under the terms of our lease," Continental spokeswoman Julie King said Wednesday. The airline provides free wireless access at all of its Presidents Club lounges worldwide. http://uk.news.yahoo.com/050804/152/fous1.html

**** RESOURCES ****

SOURCES:
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu.
2. Edupage, http://www.educause.edu/pub/edupage/edupage.html.
3. SANS Newsbites, sans@sans.org.
4. NewsScan and Innovation, http://www.newsscan.com.
5. Internet Law & Policy Forum, http://www.ilpf.org.
6. BNA’s Internet Law News, http://ecommercecenter.bna.com.
7. The Ifra Trend Report, http://www.ifra.com/website/ifra.nsf/html/ITR-HTML.
8. Crypto-Gram, http://www.schneier.com/crypto-gram.html.
9. David Evan’s “Internet and Computer News”, http://www.abanet.org/scripts/listcommands.jsp?parm=subscribe/at-internet
10. Readers’ submissions, and the editor’s discoveries.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.

No comments: