MIRLN (Misc. IT Related Legal News) is a free product of KnowConnect, Inc. (www.knowconnect.com) and the American Bar Association’s Cyberspace Law Committee. Please feel free to distribute this message.
Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at http://www.buslaw.org/cgi-bin/controlpanel.cgi?committee=CL320000 (click on “Settings” beside Members-Only Listserve Discussion). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.
Recent MIRLN editions are archived at www.vip-law.com and in the public materials section of the Cyberspace Committee’s collaboration space at http://lawplace.metadot.com.
**************End of Introductory Note***************
FCC EASES HIGH-SPEED NET RULES (Wired, 5 August 2005) -- Beginning in about a year, phone companies won’t have to lease their high-speed lines to competing internet service providers at government-set rates, the Federal Communications Commission decided. FCC Chairman Kevin Martin said the unanimous vote by the agency’s four commissioners “ends the regulatory inequities that currently exist between cable and telephone companies” providing broadband Internet services. Without guaranteed access at government-mandated rates, providers of digital service, or DSL, on lines now leased from the big regional Bells or smaller phone companies will have to negotiate with them over rates and access. Consumer advocates criticized the deregulation -- which will take effect after a one-year transition period -- contending it will lead to fewer choices and higher prices for consumers by forcing existing independent broadband providers out of the market. http://www.wired.com/news/business/0,1367,68453,00.html and http://www.siliconvalley.com/mld/siliconvalley/business/technology/12331081.htm
WASHINGTON ANTI-SPAM LAW SURVIVES CAN-SPAM PREEMPTION (Steptoe & Johnson’s E-Commerce Law Week, 6 August 2005) -- State legislators must be dancing the cancan after a federal court ruled that the CAN-SPAM Act does not preempt Washington State’s anti-spam statute, leaving the door open to additional such measures that are undoubtedly popular with consumers (and voters). In Gordon v. Impulse Marketing Group, Inc., the US District Court for the Eastern District of Washington denied the defendant’s motion to dismiss on the grounds that, among other things, the plaintiff’s claims under Washington’s anti-spam statute were preempted by federal law. The court ruled that since the state law prohibited “falsity and deception” in the subject line of an email, it was not preempted by the federal CAN-SPAM Act, which specifically exempts from its preemption provision state laws that “prohibit falsity or deception in any portion of a commercial electronic mail message.” http://www.steptoe.com/index.cfm?fuseaction=ws.getItem&pubItemId=10245&siteId=547
UNIVERSITY AS AUTHOR? (Inside Higher Ed, 8 August 2005) -- The Kansas Supreme Court will soon decide whether the Kansas Board of Regents has to negotiate its intellectual property policy in the future, or whether it can simply hand down a decree – even one that asserts ownership of all faculty work. If the court upholds the decision of a lower court, public institutions in Kansas will have the right to claim ownership of any faculty work, including books. In the current policy, faculty members keep their book rights, and revenue sharing is built in for technology copyrights, but, “if [the board] can unilaterally enact a policy, then tomorrow they could turn around and say ‘we own it, we get all the royalties,’” said John Mazurek, a lawyer representing the Kansas National Education Association. http://insidehighered.com/news/2005/08/08/kansas
GOOGLE URGED TO DROP REACTOR IMAGES (News.com.au, 8 August 2005) -- The head of Australia’s nuclear energy agency has called on the owners of an internet satellite program to censor images of the country’s only nuclear reactor. Australian Nuclear Science and Technology Organisation executive director Ian Smith said he would ask internet search engine Google to remove the Lucas Heights reactor from its Google Earth program. The online program combines satellite images with aerial photographs and maps to let users zoom in on almost any building in the world. While Google Earth “censors” the White House with blocks of colour over the roof and the nearby Treasury Department and Executive Office buildings, anyone with a computer and web connection can use the free program to see aerial shots of sensitive Australian sites such as the Lucas Heights reactor, the secret US spy base at Pine Gap, outside Alice Springs, and Parliament House in Canberra. http://www.news.com.au/story/0,10117,16183993-2,00.html
NEXT VERSION OF GPL COMING IN 2007 (PC World, 4 August 2005) -- The next version of the GPL (General Public License), GPL 3, is likely to appear in early 2007, according to a board member of the Free Software Foundation (FSF) who is working on drafting the future release. The GPL is the most popular license for free software and was created by Richard Stallman in 1989 for the GNU free software operating system project. Version 2 of the GPL appeared in 1991. “Version 2 has now been running for [nearly] 15 years without substantial modification,” says Eben Moglen, a member of the board of the Free Software Foundation and a professor of law and legal history at Columbia University Law School. “It [GPL 2] has successfully been used to go from a world in which free software was a very marginal community to one in which everyone, everywhere is aware of it.” Moglen, Stallman, and other members of the FSF are working on drafting GPL 3. “We need to globalize GPL,” Moglen says. “GPL 2 has elegantly worked outside of the U.S. in Europe and elsewhere, but it needs to become a bit more legally cosmopolitan” so that the license is more accessible to lawyers around the world, he adds. “The GPL depended heavily on the Berne Convention, but it’s still speaking language very reminiscent of U.S. copyright law,” Moglen says. “The GPL needs to recognize global copyright more explicitly. It sounds strange to lawyers in some countries.” The FSF also needs to clarify some language in the license that some English-speaking lawyers have had trouble with, he adds. http://www.pcworld.com/resource/printable/article/0,aid,122123,00.asp
SURVEY SHOWS MIXED IMPACT OF INTERNET ON STUDENTS (EDUPAGE, 8 August 2005) -- A survey conducted in May 2004 by Steve Jones, professor of communication at the University of Illinois at Chicago, and Camille Johnson-Yale, a graduate student in communication at the University of Illinois at Urbana-Champaign, determined that 42 percent of the professors surveyed saw a decline in the quality of student work with the advent of the Internet, while 22 percent noted an improvement. However, a majority of respondents, 67 percent, indicated that the Internet had improved their communication with students. The nationwide survey of 2,316 faculty elicited a concern with student plagiarism, and 74 percent of respondents said they use the Internet or other tools to detect plagiarism. The researchers have presented some of their findings at academic conferences and have submitted their work to a peer-reviewed academic journal. Chronicle of Higher Education, 7 August 2005 (sub. req’d) http://chronicle.com/prm/weekly/v51/i49/49a03201.htm
SARBANES-OXLEY TRUMPS IM AT SOME FIRMS (Computerworld, 8 August 2005) -- In another case of fallout from the passage of the Sarbanes-Oxley Act, some companies are disabling their instant messaging systems because of concerns that the technology’s security and archival controls aren’t strong enough to comply with the law, according to IT executives, lawyers and auditors interviewed last week. Section 302 of Sarbanes-Oxley requires CEOs and chief financial officers to certify that their companies have established internal controls and are regularly evaluating the effectiveness of the control measures. Although vendors such as FaceTime Communications Inc. and IMlogic Inc. offer tools for storing messaging traffic and protecting against malware, users like Jefferson Wells International Inc. are erring on the side of caution by simply unplugging their IM systems. Jefferson Wells disconnected its MSN Messenger system because of concerns that the company wouldn’t be able to detect software viruses embedded in messages, said Scott Robertson, manager of corporate IT operations at the Brookfield, Wis.-based provider of technology risk management and other professional services. http://www.computerworld.com/governmenttopics/government/policy/story/0,10801,103752,00.html
RESEARCH COMPANY MULLS OVER NO DISCLOSURE POLICY (
SANS NewsBites, 8 August 2005) -- David Litchfield of Next Generation Security Software Ltd. says his company is considering moving to a “no disclosure” policy regarding software flaws; instead, the company would share information about vulnerabilities it discovered only with the affected vendors. This marks a change from the company’s earlier stance on disclosing flaws which netted them trouble from vendors unhappy with their practices. NGSS amended their policy after a talk Mr. Litchfield gave in 2002 detailing a vulnerability in Microsoft’s SQL Server database, for which a patch was already available, was followed closely by the appearance of the Sasser worm which took advantage of that vulnerability. NGS then decided to give the vendor 90 days to develop and release a patch before releasing details of the flaw. Mr. Litchfield told eWeek he feels the terrain has changed in the past several years: “How many times do you have to teach people about buffer overflows? If people are not educated by now, they’re never going to be.” http://www.eweek.com/print_article2/0,1217,a=157384,00.asp [SANS Editor’s Note (Pescatore): It is a no-brainer to say vulnerability discoverers never need to give out exploit code, and it is *almost* a no brainer to say that they should make no disclosure at all, other than what they give to the software vendor. However, one part of me remembers the bad old days when vendors never had any pressure to fix software and enterprises never bothered to patch when fixes did come out. This leads directly to the tremendous impact of Code Red/Nimda/Blaster/Slammer - and actually the Morris worm long before that. There still needs to be pressure but I don’t think there can be a fixed time period for complex issues, but 90 days might be good as a minimum.]
WRITTEN OPINION IN GOOGLE V. GEICO RELEASED (BNA’s Internet Law News, 9 August 2005) -- Months after the oral ruling, the judge in the Google v. Geico case has released a written opinion. The judge emphasized the ruling applies only to the specific facts of the case. Decision at http://blog.ericgoldman.org/archives/geicogoogleaug2005.pdf
BRIT LICENSE PLATES GET CHIPPED (Wired, 9 August 2005) -- The British government is preparing to test new high-tech license plates containing microchips capable of transmitting unique vehicle identification numbers and other data to readers more than 300 feet away. Officials in the United States say they’ll be closely watching the British trial as they contemplate initiating their own tests of the plates, which incorporate radio frequency identification, or RFID, tags to make vehicles electronically trackable. http://www.wired.com/news/privacy/0,1848,68429,00.html?tw=wn_tophead_1
FEDS FUND VOIP TAPPING RESEARCH (CNET, 9 August 2005) -- The federal government is funding the development of a prototype surveillance tool by George Mason University researchers who have discovered a novel way to trace Internet phone conversations. Their project is designed to let police identify whether suspects under surveillance have been communicating through voice over Internet Protocol (VoIP)--information that would be unavailable today if people choose to communicate surreptitiously. The eavesdropping technique already has been shown to work with Skype, the researchers say. “From a privacy advocate’s point of view, this is an attack on privacy,” Xinyuan Wang, an assistant professor of software engineering and principal investigator, said Tuesday. “From a police point of view, this is a way to trace things.” To translate his research into a tool that could be used by police in a successor version of the FBI’s Carnivore system, Wang received a grant of $307,436 from the National Science Foundation this month. The grant calls for the development of a prototype VoIP-tracing application to provide a “critical but currently missing capability in the fight on crime and terrorism.” The NSF grant comes as federal police are fretting about criminals using VoIP to mask their communications. The Federal Communications Commission on Friday approved mandatory wiretapping requirements for some VoIP providers, and the FBI has been warning for more than two years that VoIP may become a “haven for criminals, terrorists and spies.” At the moment, two Skype users who wish to conceal the fact that they’re chatting can direct their computers to bounce their conversation off a commercial anonymizing service, sometimes called a proxy service. Such services are offered by FindNot.com, Proxify.us and Anonymizer.com. The FBI or any other government agency that’s eavesdropping on both ends of the link would see that each person was connected to the anonymizing server--but couldn’t know for sure who was talking to whom. The more customers who use the service at once, the more difficult it would be for investigators to connect the dots. Wang discovered he could embed a unique, undetectable signature in Skype packets and then identify that signature when they reached their destination. The technique works in much the same way as a radioactive marker that a patient swallows, permitting doctors to monitor its progress through the digestive system. http://news.com.com/2100-7348_3-5825932.html
TERROR THREAT SHARPENS FOCUS ON URBAN SPY CAMERAS (SiliconValley.com, 10 August 2005) -- The striking images of London subway bombers captured by the city’s extensive video surveillance system, and a rising sense that similar attacks could happen in the United States, is stirring renewed interest in expanding police camera surveillance of America’s public places. In the aftermath of the London bombings, Sen. Hillary Clinton, D-N.Y., a liberal with a strongly pragmatic bent, called for installing more cameras to monitor passengers in the New York City subway system. Washington Mayor Anthony Williams, whose post-Sept. 11 efforts to build a video surveillance system for downtown areas were curtailed by resistance from the D.C. City Council and some members of Congress, cited the attacks to press for broader use of cameras. Meanwhile, Chicago, with the largest public video surveillance system in the country, is proceeding with plans to expand its 2,000-camera network and is beginning to encourage businesses to provide the city live feeds from their surveillance cameras. The London bombings showcased the capabilities of a modern, digital video surveillance system. After both the July 7 and July 21 attacks, authorities quickly produced relatively high-resolution images of the bombers that figured prominently in fast-moving investigations. But to critics, whose reservations are based primarily on privacy concerns, the London attacks also highlighted the limitations of camera surveillance. London has one of the world’s largest surveillance systems -- the average person there is photographed by 300 cameras in the course of a day, according to an often-cited 1999 calculation by two British academics -- yet that did not prevent terrorist bombings in the heart of the city. ``It’s very difficult to make a case that the cameras are a deterrent to the most determined terrorists, those who intend to give up their life,” said Brian Jenkins, a terrorism expert and senior adviser to the president of RAND Corp. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/12350080.htm
U.S. COPYRIGHT OFFICE POLL: IE-ONLY OK? (CNET, 10 August 2005) -- Signaling a new addition to the list of browser-specific Web sites, the U.S. Copyright Office solicited opinions on a planned Internet Explorer-only zone. The office, a division of the Library of Congress, invited comments through Aug. 22 on an upcoming Web service for prospective copyright owners that may launch with support for only limited browsers. “At this point in the process of developing the Copyright Office’s system for online preregistration, it is not entirely clear whether the system will be compatible with Web browsers other than Microsoft Internet Explorer versions 5.1 and higher,” the office said in its notice. “In order to ensure that preregistration can be implemented in a smoothly functioning and timely manner, the office now seeks comments that will assist it in determining whether any eligible parties will be prevented from preregistering a claim due to browser requirements of the preregistration system.” http://news.com.com/2100-1038_3-5827627.html [Editor: I vote “no”. Other negative reaction at http://www.washingtonpost.com/wp-dyn/content/article/2005/08/24/AR2005082401988.html ]
COMPREHENSIVE DATABASE OF COMPUTER VULNERABILITIES NOW AVAILABLE (NIST, 10 August 2005) – Cyber attackers are constantly scanning the Internet looking for vulnerabilities in computer systems that will enable them to take control and use the systems for illegal or unethical activities such as identity theft, industrial espionage or distributing spam. For those trying to prevent such attacks, keeping up with the 300 or so new vulnerabilities discovered each month can be an overwhelming task, especially since a single flaw can be known by numerous names. The new National Vulnerability Database (NVD) from the National Institute of Standards and Technology (NIST) will make it easier for system administrators and other security professionals to learn about vulnerabilities and how to remediate them. The NVD is a comprehensive database that integrates all publicly available U.S. government resources on vulnerabilities and provides links to many industry resources. NVD is built upon a dictionary of standardized vulnerability names and descriptions called Common Vulnerabilities and Exposures. [NIST DB at http://nvd.nist.gov/] Coverage at http://www.fcw.com/article89911-08-15-05-Print and http://online.securityfocus.com/news/11278
CRITICS SLAM NET WIRETAPPING RULE (Wired, 11 August 2005) -- An FCC ruling that internet telephony services must provide the same built-in wiretapping capabilities as conventional phone companies has civil libertarians feeling burned. “I think a legal challenge is highly likely at this point,” said John Morris, an attorney with the Center for Democracy and Technology. The FCC announced that some voice over internet protocol, or VOIP, companies are substantial replacements for old-fashioned telephone service, and must equip their systems to respond to federal wiretap orders. The services will have 18 months to comply with the order, which also applies to cable-modem companies and other broadband providers. While the full text of the ruling has yet to be released, critics say the announcement marks a significant expansion of the Communications Assistance for Law Enforcement Act, or CALEA, which drew a line between “information services” and phone networks. http://www.wired.com/news/privacy/0,1848,68483,00.html
NEW ENERGY BILL HAS CYBERSECURITY REPERCUSSIONS (Computerworld, 11 August 2005) -- The new energy bill signed into law by President Bush this week is expected to have the greatest impact on IT departments at power companies because it allows federal enforcement of upcoming cybersecurity standards, according to industry IT executives and other experts. Under the new law, the Federal Energy Regulatory Commission (FERC) has the authority to establish a national electric reliability organization with the power to oversee and audit reliability standards. Instead of developing its own standards, the FERC plans to adopt those set by the North American Electric Reliability Council (NERC), said Ellen Vancko, a spokeswoman for the organization. The NERC is a Princeton, N.J.-based voluntary organization that sets standards for the reliable operation and planning of the nation’s bulk electricity system. A spokeswoman for the FERC was unable to confirm the agency’s plans today. The NERC is developing cybersecurity standards (see “Utility cybersecurity plan questioned”) that cover areas ranging from the security of critical cyber assets to personnel screening and training requirements. The standards, known as CIP-002 to CIP-009, have been in the works for the past two years. http://www.computerworld.com/governmenttopics/government/legalissues/story/0,10801,103834,00.html?source=x62
LLOYD’S TAKING ON OPEN SOURCE IP RISK (Register, 12 August 2005) -- Lloyd’s of London is close to offering independent insurance protection worldwide against potential IP litigation involving Linux and open source software. The financial services giant has agreed to take on the risk associated with open source, and is finalizing arrangements to work through Open Source Risk Management (OSRM) who will become Lloyd’s sole US representative. OSRM will assess both the risk of the software in use and the individual company, before passing on the risk to the appropriate insurance company on the Lloyds market. OSRM expects to announce the first customers this Fall, and will initially charge organizations $60 per server. The partnership between OSRM and Lloyd’s will be vendor independent, differing from many of the existing intellectual property (IP) protection programs that are primarily designed to ward off attack from the litigous SCO Group. Red Hat, Hewlett Packard and Novell in January 2004 all announced separate protection for customers using their Linux products. JBoss in April this year announced indemnification for its middleware, including JBoss application sever, Cache and Hibernate object relational mapping technology. http://www.channelregister.co.uk/2005/08/12/opensource_indemnification/
COURT REVIVES INDICTMENT IN E-MAIL INTERCEPTION CASE (SiliconValley.com, 11 August 2005) -- A federal appeals court Thursday revived the government’s online eavesdropping prosecution against an executive of a company that offered e-mail service and surreptitiously tracked its subscribers’ messages. The case, closely watched by Internet privacy groups, had been dismissed in 2003 by a judge who found it was acceptable for the company -- an online literary clearinghouse -- to make copies of the e-mails so it could peruse messages sent to its subscribers by rival Amazon.com Inc. An executive of the now-defunct clearinghouse, Interloc Inc., was indicted in 2001. Prosecutors argued that intercepting e-mail before the messages were transmitted to recipients amounted to an offense under the federal Wiretap Act. But the executive, Bradford Councilman, argued that no violation of the Wiretap Act had occurred because the e-mails were copied while in ``electronic storage” -- in the process of being routed through a network of servers to recipients. A District Court judge in Boston agreed and dismissed the case. Then a three-judge panel of the Boston-based 1st U.S. Circuit Court of Appeals upheld the dismissal in June 2004, prompting the government to appeal to the full appeals court. In Thursday’s 5-2 decision, the full court said the e-mail interception could be considered illegal and reinstated the indictment, sending the case back to the District Court. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/12360782.htm Decision at http://www.ca1.uscourts.gov/pdf.opinions/03-1383EB-01A.pdf
A HOLLYWOOD MOMENT IN DELAWARE (New York Times, 13 August 2005) -- A DELAWARE judge ruled this week that Disney’s board was not liable to shareholders for allowing Michael D. Eisner, its chief executive at the time, to pay Michael S. Ovitz about $58,000 an hour to, as it turned out, spend 14 months alienating Disney workers and hatching plans that other executives rejected out of hand. Mr. Ovitz was fired as president in December 1996. Thanks to the severance package he negotiated, he walked away with $140 million. The legal arguments were complex, as shown by the 175-page ruling handed down by Chancellor William B. Chandler III of Delaware Chancery Court. An online panel of law professors convened by the Conglomerate Blog has been kicking the decision around this week. Anyone who slogs through the panel’s comments on www.theconglomerate.org will get a decent primer on the legal aspects of executive compensation and fiduciary duty. http://www.nytimes.com/2005/08/13/technology/13online.ready.html?ex=1281585600&en=45a519c01f8b2288&ei=5090&partner=rssuserland&emc=rss
CISCO AND ISS HARASS SECURITY RESEARCHER (Crypto-Gram, 15 August 2005) – [Worthwhile editorial by IT security expert Bruce Schneier on the recent lawsuit by Cisco to quiet a researcher’s symposium discussion of another Cisco vulnerability. This dispute was discussed in MIRLN 8.09 at http://www.vip-law.com/mirln8_09.htm] http://www.schneier.com/crypto-gram-0508.html#2
FROM LOVE TO LONGING TO PROTEST, IT’S ALL IN THE TILT OF THE POSTAGE (New York Times, 15 August 2005) - Every other day, when Janie Bielefeldt writes to her husband, who is deployed in Afghanistan, she places her stamps upside down and diagonally on the letters as a way to say “I miss you.” Susan Haggerty says “I love you” by putting her stamps upside down on letters to her son, stationed in Iraq. For most people, the front of an envelope is simply a place for addresses and postage, and a crooked stamp indicates little more than that the sender was in a hurry. But for others, this tiny sliver of real estate is home to a coded language, hidden in plain sight, that has been passed down through the generations for more than a century. A long-distance version of the romantic language of hand-held fans and flowers, the so-called language of stamps emerged in the Victorian era as a discreet method of courtship at a time when parents often censored mail. And though, like the epistolary tradition itself, the stealthy code has waned with the emergence of technology, it replenishes itself ever so slightly in the face of war, distance, parental disapproval and anything else that might get in the way of people’s connection to each other. “It tends to resurge during war times or whenever else there are large numbers of people separated from their loved ones,” said John M. Hotchner, a former president of the American Philatelic Society. And while the struggle to cope with longing is at least as old as language itself, the placement of stamps to send messages had its heyday during the 1890’s in England with the popularity of postcards, said Roy Nuhn, a researcher who has studied the history of stamp placement. More than a trivial sideshow, the practice of conveying secret messages from the front of mail long precedes the language of stamps and the use of these codes is part of the reason that we prepay for our postage today. Before 1840, when postage stamps were first used in England, the recipient of a letter paid for its postage. And since the cost was often prohibitively expensive, people began placing small marks and symbols on the front of mail. These codes allowed senders to convey a message to the recipient without obliging the recipient to pay for the formal acceptance of the letter. The loss of revenue from the use of these codes was one of the reasons that the British government adopted the system of prepaid stamps that is used almost everywhere now. “It was not unlike the tactic that some people use today with phone calling,” Mr. Hotchner said. “While traveling, people often tell their family back home that they will call at a designated time and let the phone ring only once before hanging up as a way of saying that they have arrived safely, without having to pay for the call.” http://www.nytimes.com/2005/08/15/national/15stamps.html?ex=1281758400&en=5fd5db52baa751d0&ei=5090&partner=rssuserland&emc=rss
ATOS ORIGIN PREDICTS OPEN SOURCE SOFTWARE LANDSCAPE (Computer Business Review, 15 August 2005) -- IT services provider Atos Origin SA has predicted a forthcoming change in the software landscape based on the results of a survey it has carried out in conjunction with the UK’s National Computing Centre. The research was undertaken by the NCC with the Atos Consulting arm of the Paris, France-based services firm, and revealed that more than two-thirds of the senior IT professionals questioned expect their companies to develop an open source strategy in the next five years, despite ongoing caution about the adoption of open source in the UK. The survey, which was compiled through over 140 web-based questionnaires completed by senior UK IT professionals in May and June, indicated that over 60% believe open source will either increase its presence in certain business areas or be a fundamental component in core IT systems, while 73% expect open source to develop within their organizations’ IT strategy over the next five years. http://www.cbronline.com/article_news.asp?guid=96BD2055-DC6E-4D49-B0CF-50C52AEFFD14
DOD LOOKS TO PUT PIZZAZZ BACK IN PKI (Network World, 15 August 2005) -- The U.S. military has started the process of making critical changes to its public-key infrastructure , which uses digital certificates for e-mail and Web security, in order to cope with scalability problems. In the eight years since the U.S. Department of Defense started using the PKI certificate management system it bought from Netscape Communications, it has issued more than 16 million digital certificates. Most of them are stored on the department’s common access smartcard, which is the main ID card used by the Army, Navy, Air Force and Marines. Along the way, the military also has revoked 10 million certificates as personnel and network needs change. That huge certificate revocation list (CRL) - which has bloated to over 50M bytes in file size - is the crux of the problem facing the Defense Department, because the entire CRL is supposed to be downloaded daily to every PKI user’s desktop at the department from servers acting as distribution points. The time-delay and bandwidth consumption of this large file download, even when there’s a high-speed LAN available, is a source of dissatisfaction to military planners. In addition, the download is poorly adapted to the needs of mobile units and ships. The Defense Department is seeking to eliminate CRL downloads by deploying a new set of PKI appliances called Online Certificate Status Protocol (OCSP ) responders, which store CRLs and automatically provide short answers to desktop users about whether a certificate is good or bad instead of forcing them to download a whole certificate list. “If you have an official DOD e-mail account, you also get an e-mail digital certificate,” says Gil Nolte, director of the Defense Department’s program management office for PKI at the National Security Agency. Nolte says about 4 million certificates are in use in the military today. A digital certificate links a person’s identity with a unique pair of public-private encryption keys that can be used for purposes such as signing and encrypting electronic documents, verifying sender identity and document validation. http://www.networkworld.com/news/2005/081505-pki.html?net&story=081505-pki&code=nlnetflash5473
A GOOD REPORT ON AIDS, AND SOME CREDIT THE WEB (New York Times, 18 August 2005) -- The national Centers for Disease Control and Prevention estimated in a report in June that new infections in San Francisco among men who have sex with men were occurring at about half the rate previously calculated by city health officials - 1.2 percent a year instead of 2.2 percent. That is the lowest rate reported in San Francisco since 1997 and the lowest among five cities with significant gay populations studied by the disease control agency. Since the report’s release, health officials here, known for their cautious approach to shifts in AIDS trends, have been scrambling to confirm the results and offer an explanation. Some officials have said that the decline has been fueled by conventional efforts like stepped-up H.I.V. treatment programs, easier and more regular tests, and so-called harm-reduction strategies like discouraging the use of crystal methamphetamine, a drug blamed for helping to spread the disease by lowering inhibitions. But other signs, like the proliferation of matchmaking Web sites for men infected with H.I.V. and the relatively high number of men here who know their H.I.V. status, point to a growth in the number of men looking for partners with the same status. The practice is known as sero-sorting, which involves men choosing sex partners based on their common serostatus, a term that refers to the presence of antibodies to a particular infectious agent in the blood. “Studies have shown when people have knowledge of their sero-status, they take that knowledge and use it to protect their partners,” said Dr. Patrick S. Sullivan, chief of the behavioral and clinical surveillance branch at the disease control centers. “Sero-sorting is one piece of that whole benefit that arises from people learning their status through H.I.V. testing.” http://www.nytimes.com/2005/08/18/health/18aids.html
EUROPE ADDS FUEL TO THE GROKSTER FIRE (Steptoe & Johnson’s E-Commerce Law Week, 20 August 2005) -- Less than two weeks after file-sharers and peer-to-peer software developers got singed by the Supreme Court’s decision in MGM Studios, Inc. v. Grokster, Ltd., the European Commission added fuel to the fire with its proposed directive and framework decision on copyright infringement. The EC proposal would criminalize not only direct copyright infringement, but also “attempting, aiding or abetting and inciting” such infringement. So while the EU has not gone as far as the U.S. in extending the terms of some copyrights (in 1998, the U.S. extended corporate copyrights to 95 years, to the benefit of big content owners), EU copyright enforcement rules may become even stricter than those in the land of the free and the home of the RIAA. In Grokster, which involved peer-to-peer file sharing software that had been used to share copyrighted music and video files, the Supreme Court held that “one who disributes a device with the object of promoting its use to infringe copyright, as shown by clear expression or other affirmative steps taken to foster infringement, is liable for the resulting acts of infringement by third parties.” But the EC’s proposal goes even further than Grokster. For while Grokster involved potential civil liability for contributory infringement, the proposed EU directive would make such indirect copyright infringement a criminal offense. http://www.steptoe.com/index.cfm?fuseaction=ws.getItem&pubItemId=10358&siteId=547
MUSIC FILE SHARING TO BE OFFERED LEGALLY (The Guardian, 22 August 2005) -- Online music fans will for the first time be able to legally share tracks by big names such as Oasis, Beyonce, David Bowie and Elvis Presley after the artists’ record label signed a ground-breaking deal with a new internet service provider. In what some see as signalling a dramatic shift in the way consumers buy music, the provider, Playlouder, has licensed acts from SonyBMG, the world’s second largest record label, and is confident that the other two big record labels, Universal and EMI, will follow suit. Playlouder is offering the first legal alternative with a comparable experience to the “peer to peer” file sharing sites often used to swap pirated tracks. Subscribers will be charged £26 a month for a high speed broadband internet connection, similar to the price charged by BT, with the added attraction of being able to share as much music as they want with other subscribers at no extra cost. Because there will be no restrictions on the format in which the traded music is encoded, users will be free to transfer songs to any type of digital music player, including the market leading Apple iPod, or burn them to CD. http://www.guardian.co.uk/arts/netmusic/story/0,13368,1553962,00.html
FEDS IT SPENDING SPIKES (FCW.com, 24 August 2005) -- There was a surge in fiscal third quarter federal contract award activity, Input, the market research firm reported, citing the Navy as the main contributor. Government awards of information technology-related prime contracts rose to $67 billion during the government’s fiscal 2005 third quarter, a 190 percent increase compared to the year-earlier quarter. Input said the Navy drove the bulk of the activity, generating close to $57 billion in awards. Most of the Navy’s award activity stemmed from a single vehicle: the Navy’s SeaPort Enhanced Rolling Admissions multiple-award contract. That deal, awarded in May, has a ceiling of $54.7 billion, according to Input. The vehicle provides a range of IT services including systems engineering, logistics support and information assurance. http://www.fcw.com/article90331-08-24-05-Web
PROFILING REPORT LEADS TO A DEMOTION (New York Times, 24 August 2005) -- The Bush administration is replacing the director of a small but critical branch of the Justice Department, months after he complained that senior political officials at the department were seeking to play down newly compiled data on the aggressive police treatment of black and Hispanic drivers. The demotion of the official, Lawrence A. Greenfeld, whom President Bush named in 2001 to lead the Bureau of Justice Statistics, caps more than three years of simmering tensions over charges of political interference at the agency. And it has stirred anger and tumult among many Justice Department statisticians, who say their independence in analyzing important law enforcement data has been compromised. The April study by the Justice Department, based on interviews with 80,000 people in 2002, found that white, black and Hispanic drivers nationwide were stopped by the police that year at about the same rate, roughly 9 percent. But, in findings that were more detailed than past studies on the topic, the Justice Department report also found that what happened once the police made a stop differed markedly depending on race and ethnicity. Once they were stopped, Hispanic drivers were searched or had their vehicles searched by the police 11.4 percent of the time and blacks 10.2 percent of the time, compared with 3.5 percent for white drivers. Blacks and Hispanics were also subjected to force or the threat of force more often than whites, and the police were much more likely to issue tickets to Hispanics rather than simply giving them a warning, the study found. In April, as the report was being completed, Mr. Greenfeld’s office drafted a news release to announce the findings and submitted it for review to the office of Tracy A. Henke, who was then the acting assistant attorney general who oversaw the statistics branch. The planned announcement noted that the rate at which whites, blacks and Hispanics were stopped was “about the same,” and that finding was left intact by Ms. Henke’s office, according to a copy of the draft obtained by The New York Times. But the references in the draft to higher rates of searches and use of force for blacks and Hispanics were crossed out by hand, with a notation in the margin that read, “Do we need this?” A note affixed to the edited draft, which the officials said was written by Ms. Henke, read “Make the changes,” and it was signed “Tracy.” That led to a fierce dispute after Mr. Greenfeld refused to delete the references, officials said. http://www.nytimes.com/2005/08/24/politics/24profiling.html?ex=1282536000&en=157817afd343a6b3&ei=5090&partner=rssuserland&emc=rss
FEDERAL APPEAL CT. REVERSES STORAGETEK DMCA DECISION (BNA’s Internet Law News, 25 August 2005) -- The Federal Circuit Court of Appeals has reversed a lower court decision that blocked an independent service vendor who offered repair and maintenance on StorageTek machines. The court ruled that the DMCA cannot be used to sue such vendors when the repair and maintanence itself does not violate any rights under copyright law. Decision at http://fedcir.gov/opinions/04-1462.pdf
CELLPHONES CATAPULT RURAL AFRICA TO 21ST CENTURY (New York Times, 25 August 2005) -- On this dry mountaintop, 36-year-old Bekowe Skhakhane does even the simplest tasks the hard way. Fetching water from the river takes four hours a day. To cook, she gathers sticks and musters a fire. Light comes from candles. But when Ms. Skhakhane wants to talk to her husband, who works in a steel factory 250 miles away in Johannesburg, she does what many in more developed regions do: she takes out her mobile phone. People like Ms. Skhakhane have made Africa the world’s fastest-growing cellphone market. From 1999 through 2004, the number of mobile subscribers in Africa jumped to 76.8 million, from 7.5 million, an average annual increase of 58 percent. South Africa, the continent’s richest nation, accounted for one-fifth of that growth. Asia, the next fastest-expanding market, grew by an annual average of just 34 percent in that period. “It is a necessity,” said Ms. Skhakhane, pausing from washing laundry in a plastic bucket on the dirt ground to fish her blue Nokia out of the pocket of her flowered apron. “Buying air time is part of my regular grocery list.” She spends the equivalent of $1.90 a month for five minutes of telephone time. Africa’s cellphone boom has taken the industry by surprise. Africans have never been rabid telephone users; even Mongolians have twice as many land lines per person. And with most Africans living on $2 a day or less, they were supposed to be too poor to justify corporate investments in cellular networks far outside the more prosperous cities and towns. But when African nations began to privatize their telephone monopolies in the mid-1990’s, and fiercely competitive operators began to sell air time in smaller, cheaper units, cellphone use exploded. It turned out that Africans had never been big phone users because nobody had given them the chance. One in 11 Africans is now a mobile subscriber. Demand for air time was so strong in Nigeria that from late 2002 to early 2003 operators there were forced to suspend the sale of subscriber identity module cards, or SIM cards, which activate handsets, while they strengthened their networks. Although only about 60 percent of Africans are within reach of a signal, the lowest level of penetration in the world, the technology is for many a social and economic godsend. One pilot program allows about 100 farmers in South Africa’s northeast to learn the prevailing prices for produce in major markets, crucial information in negotiations with middlemen. Health-care workers in the rural southeast summon ambulances to distant clinics via cellphone. One woman living on the Congo River, unable even to write her last name, tells customers to call her cellphone if they want to buy the fresh fish she sells. “She doesn’t have electricity, she can’t put the fish in the freezer,” said Mr. Nkuli of Vodacom. “So she keeps them in the river,” tethered live on a string, until a call comes in. Then she retrieves them and readies them for sale. http://www.nytimes.com/2005/08/25/international/africa/25africa.html?ex=1282622400&en=32b49363eac57aae&ei=5090&partner=rssuserland&emc=rss
LIBRARIES OFFERING AUDIOBOOK DOWNLOADS (SiliconValley.com, 25 August 2005) -- A new way to borrow audiobooks from the library involves no CDs, no car trips, no fines and no risk of being shushed. Rather, public libraries from New York City to Alameda, Calif., are letting patrons download Tom Clancy techno-thrillers, Arabic tutorials and other titles to which they can listen on their computers or portable music players -- all without leaving home. Librarians say such offerings help libraries stay relevant in the digital age. There’s still one big hitch, though: The leading library services offer Windows-friendly audiobook files that can’t be played on Apple Computer Inc.’s massively popular iPod player. Vendors such as OverDrive Inc. and OCLC Online Computer Library Center Inc.’s NetLibrary have licensing deals with publishers and provide digital books using Microsoft Corp.’s Windows Media Audio format, which includes copyright protections designed to help audiobooks stand apart from the often lawless world of song swapping. A patron with a valid library card visits a library Web site to borrow a title for, say, three weeks. When the audiobook is due, the patron must renew it or find it automatically ``returned” in a virtual sense: The file still sits on the patron’s computer, but encryption makes it unplayable beyond the borrowing period. http://www.siliconvalley.com/mld/siliconvalley/business/technology/12475303.htm
F.B.I., USING PATRIOT ACT, DEMANDS LIBRARY’S RECORDS (New York Times, 26 August 2005) -- Using its expanded power under the antiterrorism law known as the USA Patriot Act, the F.B.I. is demanding library records from a Connecticut institution as part of an intelligence investigation, the American Civil Liberties Union said Thursday. The demand is the first confirmed instance in which the Federal Bureau of Investigation has used the law in this way, federal officials and the A.C.L.U. said. The government’s power to demand access to library borrowing records and other material showing reading habits has been the single most divisive issue in the debate over whether Congress should extend key elements of the act after this year. Because of federal secrecy requirements, the A.C.L.U. said it was barred from disclosing the identity of the institution or other main details of the bureau’s demand, but court papers indicate that the target is a library in the Bridgeport area. In the debate over the future of the antiterrorism law, the administration has said that it has never used the so-called library provision in the law, which falls under Section 215, to demand records from libraries or booksellers. The A.C.L.U. said that in the Connecticut case, the bureau was using a separate investigative tool, a type of administrative subpoena known as a national security letter, to get records related to library patrons, reading materials and patrons’ use of the Internet. The bureau’s power to use national security letters to demand records without a judge’s approval was expanded under the antiterrorism law. Last year, a federal judge in Manhattan struck down part of the subpoena provision as unconstitutional, in part because it allowed for no judicial oversight, but the Justice Department is appealing the ruling. http://www.nytimes.com/2005/08/26/politics/26patriot.html?ex=1282708800&en=c26ca71a8d64b704&ei=5090&partner=rssuserland&emc=rss
**** RESOURCES ****
BEST OF THE WEB DIRECTORY (Forbes, August 2005) -- If Google or Yahoo searches aren’t your idea of conquering the Web’s vastness in an efficient manner, Best of The Web’s directory will deliver the highly relevant results you are seeking. Our editors continue to uncover the most interesting and useful sites in scores of well-defined categories, including a newly added section dedicated to Blogs. We identify the best blogs in categories ranging from Art and Literary Blogs, to Small Business, Marketing, Shopping and Music Blogs. You’ll find more than 3,000 sites reviewed here, each selected according to five criteria: Content, Design, Speed, Navigation and Customization. Looking for only the best of the best? Our Forbes Favorites are clearly marked at the beginning of each category. http://www.forbes.com/bow/b2c/main.jhtml [Editor: Thanks to Alan Rothman’s blog for recommending this resource: http://thesubwayfold.typepad.com/weblog/web_resources/index.html]
**** OTHER ****
ASSESSING THE INTERNET: LESSONS LEARNED, STRATEGIES FOR EVOLUTION, AND FUTURE POSSIBILITIES (Vint Cerf and Bob Kahn, Recipients of the ACM 2004 Turing Award, 22 August 2005) – Archived webcast at http://www.acm.org/sigs/sigcomm/sigcomm2005/webcast.html [Editor: Long time Cyberspace committee members will remember Bob Kahn from our Washington D.C. dinner during the January 2001 winter working meeting. After introductions, the discussion/lecture begins at 14m. Other observations:
• Secretary Chertoff and Dr. Cerf look enough alike to be brothers;
• Security capabilities and issues @24m
• P2P @32m
• IP and ownership @48m
• Interplanetary internet challenges (delay-and-disruption-tolerant networks) @63m
• Creativity in a regulated environment @65m
• Q&A segment begins @69m (e.g., expanded uses of DNS @77m, and the initial concept of packet-switching @86m)]
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu.
2. Edupage, http://www.educause.edu/pub/edupage/edupage.html.
3. SANS Newsbites, email@example.com.
4. NewsScan and Innovation, http://www.newsscan.com.
5. Internet Law & Policy Forum, http://www.ilpf.org.
6. BNA’s Internet Law News, http://ecommercecenter.bna.com.
7. The Ifra Trend Report, http://www.ifra.com/website/ifra.nsf/html/ITR-HTML.
8. Crypto-Gram, http://www.schneier.com/crypto-gram.html.
9. Gordon & Glickson’s Articles of Note, http://www.ggtech.com
10. Readers’ submissions, and the editor’s discoveries.
PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.