Saturday, October 08, 2005

MIRLN -- Misc. IT Related Legal News [18 September – 8 October 2005; v8.12]

**************Introductory Note**********************

MIRLN (Misc. IT Related Legal News) is a free product of KnowConnect, Inc. (www.knowconnect.com) and the American Bar Association’s Cyberspace Law Committee. Please feel free to distribute this message.

Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at http://www.buslaw.org/cgi-bin/controlpanel.cgi?committee=CL320000 (click on “Settings” beside Members-Only Listserve Discussion). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN editions are archived at www.vip-law.com and in the public materials section of the Cyberspace Committee’s collaboration space at http://lawplace.metadot.com.

**************End of Introductory Note***************

NAVY: DON’T ACCESS PERSONAL E-MAIL AT WORK (FCW, 9 Sept 2005) -- Navy employees can no longer access personal e-mail accounts, including Yahoo Mail and Microsoft Hotmail, from the service’s networks without approval. That is one of six rules in the Navy’s new acceptable use of information technology policy issued in July. The “Effective Use of Department of Navy IT Resources,” states that the service’s military, civilian and contractor users cannot:
* Automatically forward official Navy e-mail to a commercial account or use a commercial account for official government business without approval.
* Install or modify computer hardware or software without approval.
* Circumvent or disable security measures, countermeasures or safeguards, such as firewalls, content filters and antivirus programs.
* Participate in or contribute to activity that causes a disruption or denial of service.
* Write, code, compile, store, transmit, transfer or introduce malicious software, programs or code.
* Use peer-to-peer (P2P) file sharing applications, such as Kazaa, Shareaza and OpenP2P without approval and only in support of Navy missions.
“This policy is intended to promote effective and secure use of IT resources within the Department of the Navy and is an integral part of the department’s information assurance efforts,” according to the policy released by the Navy Department’s Chief Information Officer’s Office. http://www.fcw.com/article90710-09-09-05-Web&RSS=yes

WORD BLUNDER EXPOSES U.K. SPLIT ON TERRORISM (CNET, 16 Sept 2005) -- The U.K. government is in trouble over dodgy document management, with an apparent split within the government over new antiterrorism laws exposed by a letter from Home Secretary Charles Clarke. The letter, sent via e-mail as a Word document to the members of the opposing Conservative party, appeared to back controversial plans to hold terrorism suspects for up to three months without trial. However, anybody applying the Microsoft “track changes” function was able to see Clarke’s original wording, which expressed concerns over such measures. http://news.com.com/2110-1029_3-5869260.html [At this point, don’t you think people should be charged with knowledge about these kinds of risks?]

PLAN LETS USERS BE THE JUDGE OF FLAWS (CNET, 16 Sept 2005) -- A plan to make it easier for companies to determine how hard they could be hit by security flaws is ready for prime time, according to its backers. The Common Vulnerability Scoring System plan calls for a unified approach to rating vulnerabilities in software, to replace the proprietary methods many technology companies and security vendors use when determining the impact of a flaw. “We want to bring order to the chaos,” said Mike Caudill, chairman of the Forum of Incident Response and Security Teams, or FIRST, which is pushing for adoption of the new Common Vulnerability Scoring System. “The ultimate goal is to have a system that will help the user appropriately react to a vulnerability.” The Common Vulnerability Scoring System, or CVSS, was developed under the auspices of the National Infrastructure Advisory Council, which advises President Bush about the security of information systems for critical infrastructure. FIRST, a worldwide consortium of security incident response teams such as the United States Computer Emergency Readiness Center, coordinates further CVSS development. On Monday, FIRST plans to announce a push for wide-scale adoption of CVSS. Backers believe the rating system is ready to move into more general use after being a work-in-progress for the past year and a half. It was released publicly in late February, when a group of about 30 companies started testing it. “Now is the time to move to the next phase of deploying CVSS and getting additional vendors on board,” Gerhard Eschelbeck, one of the designers of the rating scheme and chief technology officer at vulnerability management company Qualys, said Friday. CVSS goes beyond today’s severity ratings, such as the familiar “critical” and “important” found in security bulletins from Microsoft. The new scoring system, which uses numbers between 1 and 10, enables organizations to calculate the specific risk to their own environment by adding information related to their IT systems. This could help them prioritize patches. In addition to letting companies add their own environmental metric to the risk equation, CVSS also takes into account factors such as the availability of attack code and security patches, which can have an impact on the risk posed by a vulnerability. Current rating schemes typically are limited only to certain aspects of the vulnerability--for example, whether an attacker could remotely compromise a system and how easily a flaw can be exploited. http://news.zdnet.com/2102-1009_22-5869923.html?tag=printthis

-- and --

TROJAN RIDES IN ON 5-MONTH-OLD UNPATCHED OFFICE FLAW (CNET, 30 Sept 2005) -- A new Trojan horse exploits an unpatched flaw in Microsoft Office and could let an attacker commandeer vulnerable computers, security experts have warned. The malicious code takes advantage of a flaw in Microsoft’s Jet Database Engine, a lightweight database used in the company’s Office productivity software. The security hole was reported to Microsoft in April, but the company has yet to provide a fix for the problem. “Microsoft is aware that a Trojan recently released into the wild may be exploiting a publicly reported vulnerability in Microsoft Office,” a company representative said in a statement sent via e-mail on Friday. The software maker is investigating the issue and will take “appropriate action,” the representative said. http://news.com.com/Trojan+rides+in+on+unpatched+Office+flaw/2100-1002_3-5886543.html?tag=nefd.top [Editor: How long is too-long to fix known vulnerabilities?]

RULING PROTECTS FREE SPEECH ON NET, LAWYERS SAY (Toronto Star, 16 Sept 2005) -- In a decision hailed as a victory for freedom of expression, an appeal court has thrown out a lawsuit brought by a former United Nations official trying to sue the Washington Post in Ontario over stories published three years before he moved to the province - and where the newspaper had just seven subscribers. There is no “real and substantial connection” between the province of Ontario and Cheickh Bangoura’s $10 million lawsuit against the Post and three of its reporters, the Ontario Court of Appeal said today in a 3-0 decision. The lawsuit pitted Bangoura against the Post and a coalition of 50 media organizations from around the world. Members of the coalition, which included the New York Times, CNN and major Canadian and European newspapers, were afraid that if the case were allowed to proceed in Ontario, they would be forced to block access to their websites and online databases, which, in turn, would dramatically shrink the scope of the Internet. They feared that if Bangoura could sue in Ontario for stories published in Washington, D.C., they, too, could be sued for Internet stories read in countries far removed from their place of publication. In one story, published on Jan. 5, 1997, the Post examined allegations that Bangoura was involved in sexual harassment, financial improprieties and nepotism while head of the U.N.’s drug program in East Africa. It also examined allegations he had been protected by ties to then secretary-general Boutros Boutros-Ghali. A second story on Jan. 19, 1997 reported that Bangoura had been removed from his job. At the time, the Post had only seven subscribers in Ontario and over 95 per cent of its newspapers were sold in Washington, D.C. Bangoura moved to the Brampton area three years later. The Post’s stories were available online for 14 days after publication. After that, they were available through a paid archive, but Bangoura’s lawyer was the only person in Ontario to obtain them this way. Last year, an Ontario Superior Court judge ruled that Bangoura’s case could proceed to trial. The Post should have reasonably foreseen that the impact of its two Jan. 1997 stories about Bangoura, which were also published on the Internet, would have followed him wherever he resided, said Justice Romain Pitt. http://www.thestar.com/NASApp/cs/ContentServer?pagename=thestar/Layout/Article_Type1&call_pageid=971358637177&c=Article&cid=1126907414358&DPL=IvsNDS%2f7ChAX&tacodalogin=yes

NO TRESPASSING . . . ON MY CYBER CHATTELS (Steptoe & Johnson’s E-Commerce Law Week, 17 Sept 2005) -- Who needs new laws to combat spyware, when old-fashioned tort claims with funny names will do just fine? Once thought confined to the dustbin of 19th Century legal history, “trespass to chattels” -- or trespass to personal property -- has been resurrected in recent years as a cause of action against Internet spammers and spyware companies. The latest such case is Sotelo v. DirectRevenue, LLC, in which the U.S. District Court for the Northern District of Illinois, Eastern Division, on August 29, allowed a class-action suit against several spyware distributors to proceed based on a claim of damages flowing from an alleged trespass to chattels -- i.e., the plaintiff’s computer. In reinvigorating an obscure and largely dormant cause of action, the court demonstrated that the common law may well already contain remedies for computer security and privacy breaches that have until recently been seen as unsusceptible to tort suits for one reason or another. And by allowing the case to proceed as a class action, the decision could make such claims more economically attractive to plaintiffs’ lawyers. After all, one of the spyware defendants in this case claims access to over 12 million computers in the U.S. through its software, creating a potentially large class of annoyed litigants. So a legal tool that was first used by Internet service providers against spammers may now become a favored tool for individual computer users, as long as there’s a deep pocket on the other end. http://www.steptoe.com/index.cfm?fuseaction=ws.getItem&pubItemId=10494&siteId=547

BUILDING THE GREAT FIREWALL OF CHINA, WITH FOREIGN HELP (New York Times, 18 Sept 2005) -- In April 2004, a few weeks before the 15th anniversary of Beijing’s massacre of protesters in Tiananmen Square, the top-ranking staff members of The Contemporary Business News in Hunan were called into a meeting. An editor read a message from the Communist Party’s propaganda department warning that protests or media coverage of the anniversary would not be tolerated as June 4 approached. Though the message was routine, the reporters were warned not to take notes. But Shi Tao, one of the journalists, did. He e-mailed them to a Chinese dissident in America, who posted them on the Web. A few months later, Mr. Shi was arrested. This April, he was given 10 years in prison, a sentence the judge called lenient, for disseminating state secrets abroad. How did the police find Mr. Shi? His newly published verdict states that the prosecution relied in part on information given to the government by Mr. Shi’s e-mail provider, Yahoo. America has a bipartisan human rights policy in China. It is called trade. The idea is that Western companies will bring Western values - especially when they develop the Internet, supposedly an unstoppable force for openness. But Mr. Shi’s fate is the latest piece of evidence that it’s not working out that way. China now has more than 100 million Internet users, more than any nation but the United States. But as the Internet booms, China is growing more politically closed. Its government has used the Internet masterfully as a steam valve, allowing Chinese to participate in a world that is modern in all senses but one. A controlled Internet may seem like an oxymoron, but China has one. Sophisticated filters block access for users in China to ideas about democracy, human rights, Taiwan, Tiananmen and other sensitive subjects. Type in “democracy” on a search engine in China and you get a limited choice of government-approved sites, or nothing at all, or a warning that the word is prohibited. If you use one of these words in an e-mail message, chat room or blog, you will be censored, and possibly arrested. American companies like Microsoft and Cisco have all sold China security tools and firewalls that China has turned into political controls. The companies argue that it is not their fault if China misuses standard politically neutral technology. They are right, but many foreign Internet companies in China have gone beyond neutrality. Some, including Yahoo, signed a pledge of “self-discipline” in 2002, promising to follow China’s censorship laws. Many Internet portals actively censor their Chinese Web sites. [Editor: there’s more to this editorial.] http://www.nytimes.com/2005/09/18/opinion/18sun3.html?ex=1284696000&en=0a85c3297d4fcec7&ei=5090&partner=rssuserland&emc=rss

SECRECY POWER SINKS PATENT CASE (Wired, 20 Sept 2005) -- When New England inventor Philip French had his epiphany 15 years ago, he didn’t dream it would lead to an invention that would be pressed into service in a top-secret government project, or spawn an epic court battle over the limits of executive power. He was just admiring a tennis ball. The ball’s seam, with its two symmetrical halves embracing each other in a graceful curve, intrigued him. “I thought, my god, I bet you can do something with that kind of shape,” he recalls. He was right. French and two colleagues went on to design and patent a device now called the Crater Coupler, a simple, foolproof connector for linking one pipe or cable to another without nut threads or bolted flanges. The device is interesting on its own, but the broader legal legacy of the invention may be more important. In a little-noticed opinion this month, a federal appeals court ruled against the Crater Coupler patent holders and upheld a sweeping interpretation of the controversial “state secrets privilege” -- an executive power handed down from the English throne under common law that lets the government effectively kill civil lawsuits deemed a threat to national security, even if the state is not a party to the suit. The ruling is notable as a rare appellate interpretation of the state secrets privilege as it applies to patent holders. As such, it is a potentially worrying development for inventors -- particularly those developing weapons, surveillance and anti-terror technologies for government contractors -- who may find infringement claims dismissed without a hearing under the auspices of national security. It also offers a fascinating, if limited, view into the machinery of official secrecy at a time when the privilege is being exercised as never before. Never passed by Congress, the privilege has its roots in English common law and was cemented into American jurisprudence by a landmark 1953 Supreme Court case titled U.S. v. Reynolds. In Reynolds, the widows of three men who died in a mysterious Air Force crash sued the government, and U.S. officials tried to quash the lawsuit by claiming that they couldn’t release any information about the accident without endangering national security. The Supreme Court upheld the claim, establishing a legal precedent that today allows the executive branch to block the release of information in any civil suit -- even if the government isn’t the one being sued. According to research by an associate professor of political science at the University of Texas, the government invoked the privilege only four more times in the next 23 years. But following the Watergate scandal, the executive branch began applying state secrecy claims more liberally. Between 1977 and 2001, there were at least 51 civil lawsuits in which the government claimed the state secrets privilege -- in every case successfully. Under Reynolds, the head of a federal agency must personally intervene to invoke the privilege. In Crater v. Lucent, it was Richard J. Danzig, then-secretary of the Navy, who did the honors. In a March 1999 declaration, Danzig claimed that permitting Crater to pursue a legal inquiry into the government’s alleged use of their coupler would tip off U.S. adversaries to certain highly classified government operations and “could be expected to cause extremely grave damage to national security.” http://www.wired.com/news/technology/0,1282,68894,00.html

CT. RULES SMS EMAIL SPAM COVERED BY TCPA (BNA’s Internet Law News, 22 Sept 2005) -- An Arizona court has ruled that email spam that was converted into an SMS message can be treated as a call for the purposes of the Telephone Consumer Protection Act. Case name is Joffe v. Acacia Mortgage Corp. Decision at http://www.cofad1.state.az.us/opinionfiles/CV/CV020701.pdf Coverage at http://www.azdailysun.com/non_sec/nav_includes/story.cfm?storyID=115849

ITAA BACKS BREACH NOTIFICATION LAW (FCW, 21 Sept 2005) -- Congress should pass a law that outlines when government and the private sector must notify the public about cybersecurity breaches that compromise confidential information, an information technology industry group said today. The theft of millions of personal records from ChoicePoint and other companies has made breach notification “the most pressing cybersecurity issue on the minds of Congress right now,” said Greg Garcia, vice president of information security programs and policy at the IT Association of America. Congress is more likely to pass a breach notification law than any other cybersecurity-related bill this term, Garcia said. As of August, 17 state bills have been passed into law, and eight of them have taken effect, Garcia said. The ITAA supports a national standard for breach notification with rational guidelines of when to notify the public, Garcia said. The law should establish a clear definition of breaches, specify means and methods of notification and identify information to publish, Garcia said. It should also describe exceptions when information cannot be given, such as in national security matters. http://www.fcw.com/article90869-09-21-05-Web

FRENCH GOVERNMENT-SPONSORED GUIDE AIMS TO HELP BLOGGERS BEAT CENSORSHIP (SiliconValley.com, 22 Sept 2005) -- A Paris-based media watchdog has released a free guide with tips for bloggers and dissidents to sneak past Internet censors in countries from China to Iran. Reporters Without Borders’ ``Handbook for Bloggers and Cyber-Dissidents” is partly financed by the French Foreign Ministry and includes technical advice on how to remain anonymous online. It was launched at the Apple Expo computer show in Paris on Thursday and can be downloaded for free in Chinese, Arabic, Persian, English and French. ``Bloggers are often the only real journalists in countries where the mainstream media is censored or under pressure,” Julien Pain, head of the watchdog’s Internet Freedom desk, writes in the introduction. In a bid to inspire budding Web diarists around the world, the 87-page booklet gives advice on setting up and running blogs, and on using pseudonyms and anonymous proxies, which can be used to replace easily traceable home computer addresses. ``With a bit of common sense, perseverance and especially by picking the right tools, any blogger should be able to overcome censorship,” Pain writes. The advice varies depending on the user’s level of paranoia -- from changing cyber-cafes to sending cryptographically signed messages via specially formatted e-mail. The guide explains circumvention technologies that can break through government filters but warns bloggers to check how severe the penalty will be if they are caught using them. http://www.siliconvalley.com/mld/siliconvalley/business/technology/12714408.htm [Handbook at http://www.rsf.org/rubrique.php3?id_rubrique=542]

IPOD MAPS DRAW LEGAL THREATS (Wired, 26 Sept 2005) -- Transit officials in New York and San Francisco have launched a copyright crackdown on a website offering free downloadable subway maps designed to be viewed on the iPod. IPodSubwayMaps.com is the home of iPod-sized maps of nearly two dozen different transit systems around the world, from the Paris Metro to the London Underground. The site is run by New Yorker William Bright, who said he fell into transit bureaucracy crosshairs after posting a digitized copy of the New York City subway system map on Aug. 9. “I got it on Gawker the day after it started, and the site exploded,” he said. More than 9,000 people downloaded the map, which was viewable on either an iPod or an iPod nano, before Bright received a Sept. 14 letter from Lester Freundlich, a senior associate counsel at New York’s Metropolitan Transit Authority, saying that Bright had infringed the MTA’s copyright and that he needed a license to post the map and to authorize others to download it. http://www.wired.com/news/mac/0,2125,68967,00.html

EU DATA PROTECTION CHIEF WARNS AGAINST ANTI-TERRORISM PLANS (SiliconValley.com, 26 Sept 2005) -- The European Union’s data protection supervisor Monday criticized EU plans to retain phone and e-mail data for use in anti-terrorism investigations, saying they failed to protect civil liberties and gave a free hand to national intelligence services. Peter Hustinx said the proposals -- one drafted by EU governments, the other by the European Commission -- did not prove the need for EU-wide data retention rules. He added that the rush to push through the bills following the London bombings in July would come at the cost of civil liberties. He highlighted the proposal drafted by EU governments which could see data like times of phone calls retained for up to three years. He warned that ``a time limit (on keeping data) beyond one year would be disproportionate.” British Home Secretary Charles Clarke, who is chairing the EU negotiations, has called for the 25 governments to look at curbing some civil liberties to allow for improved police investigations into suspected terror groups. EU governments have been working hard to agree on data retention rules, in particular how long such data should be retained and who should pay for the added cost of keeping the records. Telecommunications companies are opposed to being left with the costs. http://www.siliconvalley.com/mld/siliconvalley/business/technology/12746814.htm

WIRETAP RULES FOR VOIP, BROADBAND COMING IN 2007 (ZDnet, 26 Sept 2005) -- Broadband providers and Internet phone services have until spring 2007 to follow a new and complex set of rules designed to make it easier for police to seek wiretaps, federal regulators have ruled. It’s clear from the Federal Communications Commission’s 59-page decision, released late Friday evening, that any voice over Internet Protocol, or VoIP, provider linking with the public telephone network must be wiretap-ready. That list would include companies such as Vonage, SkypeOut and Packet 8. But what remains uncertain is what the Communications Assistance for Law Enforcement Act (CALEA) ruling means for companies, universities, nonprofits--and even individuals offering wireless or other forms of Internet access. “Because of that very fundamental difference between the Internet and the public switched network, the commission has had a hard time defining who, exactly, is covered, and they have in this order completely punted on the question of who is responsible for what,” Jim Dempsey, executive director of the Center for Democracy and Technology, said Monday. http://news.zdnet.com/2100-1035_22-5883032.html FCC decision at http://www.fcc.gov/FCC-05-153A1.pdf [Editor: DTF - doomed to fail. Telcos and classic VoIP providers are centralized entities that the government can compel, but internet-enabled telephony may evolve to follow a distributed P2P model, where individuals create ad hoc “connections” for each conversation. How will CALEA apply then?]

MEDIATION BEGINS IN MUSIC COPYRIGHT TRIAL (ABC News, 27 Sept 2005) -- Four music giants and their local subsidiaries have entered mediation with Baidu.com, China’s largest Internet search engine, over the recording companies’ claims of copyright infringement. No agreement was reached after more than five hours of discussions that began Monday at the Beijing No. 1 Intermediate People’s Court, the official China Daily newspaper said. A judge would resolve the issue if there is no resolution. It is the second time this month that Baidu, whose share price went as high as $153.98 after an initial public offering at $27 on the Nasdaq Stock Market in August, was in a Chinese court dealing with accusations of copyright violations. Universal, EMI, Warner, Sony BMG and local subsidiaries claim that Baidu made it easy for its users to illegally download copies of 137 of their songs through the mp3.baidu.com search page. The music companies are seeking 1.67 million yuan, or $206,000, in compensation, the China Daily newspaper said. http://abcnews.go.com/Technology/wireStory?id=1163082

AT GOOGLE, THE WORKERS ARE PLACING THEIR BETS (New York Times, 26 Sept 2005) -- Like all search engines, Google helps people sort through information from the past. But a new service, being used inside the company, tries to forecast the future. Google has created a predictive market system, basically a way for its employees to bet on the likelihood of possible events. Such markets have long been used to predict world events, like election results. Intrade, part of the Trade Exchange Network, allows people to bet on elections, stock market indexes and even the weather, for example. In Google’s system, employees can bet on how the company will perform in the future, forecasting things like product introduction dates and new office openings. It was devised under a program that allows engineers to spend one day a week on a project of their choice. To help develop the system, Google consulted Hal R. Varian, an economist at the University of California, Berkeley. Professor Varian (who also writes the Economic Scene column for The New York Times) said that the final product was not entirely what he anticipated. “I was a little surprised,” Professor Varian said. “I expected this to be accurate because there’s a lot of literature and experience with these systems. But this has been even better than I expected.” Google has not offered precise data on the system’s accuracy, but a chart posted on the company’s blog last week showed that, in the words of its accompanying entry, prices set for events through employees’ wagering were a “pretty close” indication of the probability of events. http://www.nytimes.com/2005/09/26/business/26google.html?ex=1285387200&en=c171e8934faa7fc1&ei=5090&partner=rssuserland&emc=rss

GOOGLE ENDS BOYCOTT OF NEWS.COM (SiliconValley.com, 28 Sept 2006) -- Google Inc.’s boycott of News.com appears to have ended quietly, less than three months after company executives told the technology news site that they would stop speaking with its reporters for a year. Google CEO Eric Schmidt this week granted an interview to News.com’s Elinor Mills, the reporter whose article in July about privacy issues raised by Google’s search engine apparently offended the company. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/12764875.htm

POLL: COMPANIES UNPREPARED FOR NEXT SARBANES-OXLEY DEADLINE (TechWeb, 26 Sept 2005) -- Nearly half of public companies that filed for extensions to meet Sarbanes-Oxley requirements are likely to miss the next deadline, according to a poll by Akonix Systems Inc. The poll, released Monday, found that 45 percent of public companies will not have archiving systems in place for their e-mail and instant messaging by July 15, 2006. Executives can face fines and jail time for failing to meet the deadlines. Akonix, which produces instant messaging, security and management solutions, reported that only 29 percent of executives at 157 public companies believed their messages would be archived on time. Another 26 percent said they were unsure of whether they would meet the deadline. Most stated that cost was the major obstacle. AMR Research reports that U.S. businesses will spend more than $6.5 billion on products and services related to Sarbanes-Oxley requirements. http://www.techweb.com/wire/ebiz/171200636;jsessionid=41STIHEK3RNDEQSNDBNCKHSCJUMEKJVN

FTC LAUNCHES AGGRESSIVE CAMPAIGN TO EDUCATE ONLINE CONSUMERS (TechNewsWorld, 27 Sept 2005) – Saying a consumer that is aware of online threats is essential to a strong U.S. economy, the Federal Trade Commission Latest News about Federal Trade Commission (FTC) has launched its most ambitious effort yet to educate Americans on the dangers lurking on the Web. The FTC joined with cybersecurity experts in government and the private sector, consumer protection groups and online companies to launch an interactive campaign that leans heavily on the Web. The FTC said it had established a standalone Web site, onguardonline.gov, where consumers can learn how to avoid online scams and buy online with confidence. FTC Chairman Deborah Platt Majoras said the effort is “all about consumer confidence,” which in turn drives the U.S. economy. The Web page features basic tutorials on topics such as spam, phishing attacks, spyware and secure shopping, with information presented in a number of formats. The site also includes links to forms for reporting possible fraud or attacks. http://www.technewsworld.com/story/46373.html

COMMISSION UNVEILS PLANS FOR EUROPEAN DIGITAL LIBRARIES (European Commission, 30 Sept 2005) -- The European Commission today unveiled its strategy to make Europe’s written and audiovisual heritage available on the Internet. Turning Europe’s historic and cultural heritage into digital content will make it usable for European citizens for their studies, work or leisure and will give innovators, artists and entrepreneurs the raw material that they need. The Commission proposes a concerted drive by EU Member States to digitise, preserve, and make this heritage available to all. It presents a first set of actions at European level and invites comments on a series of issues in an online consultation (deadline for replies 20 January 2006). The replies will feed into a proposal for a Recommendation on digitisation and digital preservation, to be presented in June 2006. http://europa.eu.int/rapid/pressReleasesAction.do?reference=IP/05/1202&format=HTML&aged=0&language=en&guiLanguage=en

-- and --

YAHOO TO DIGITIZE PUBLIC DOMAIN BOOKS (CNET, 2 Oct 2005) -- Yahoo is launching a library-digitization project to rival Google’s controversial program. Yahoo is working with the Internet Archive, the University of California and others on a project to digitize books in archives around the world and make them searchable through any Web search engine and downloadable for free, the group was set to announce Monday. “If we get this right so enough people want to participate in droves, we can have an interoperable, circulating library that is not only searchable on Yahoo but other search engines and downloadable on handhelds, even iPods,” said Brewster Kahle, founder of the Internet Archive. The project, to be run by the newly formed Open Content Alliance (OCA), was designed to skirt copyright concerns that have plagued Google’s Print Library Project since it was begun last year. http://news.com.com/2100-1038_3-5887374.html

NEW RULE SAYS AGENCIES MUST BUILD CYBER SECURITY INTO ACQUISITION PLANNING (SANS NewsBytes, 30 September 2005) As of September 30, 2005, contracting officers at federal agencies are required to incorporate cyber security requirements in their acquisition planning. The Federal Acquisitions Regulation Council issued an interim rule and will accept comments on the rule through November 29, 2005. The rule says that acquisition professionals must get advice from IT security specialists, requires contracting officers to abide by FIPS standards and to incorporate “appropriate agency security policy and requirements in IT acquisition.” http://appserv.gcn.com/cgi-bin/udt/im.display.printable?client.id=gcndaily2&story.id=37162 http://a257.g.akamaitech.net/7/257/2422/01jan20051800/edocket.access.gpo.gov/2005/05-19468.htm

DIGITAL MUSIC SALES SURGE AMID BROADER DECLINE (CNET, 3 Oct 2005) -- The music industry cheered a tripling of digital music sales in the first half of 2005 that was spurred by mobile phone ring tones and online services and offset persistent declines in overall sales. Digital music now makes up 6 percent of total sales, or about $790 million, according to first-half figures released on Monday by the International Federation of the Phonographic Industry (IFPI) trade group. Sales of CDs and other physical formats continued a long decline, which the music industry has blamed mainly on piracy, falling to $13.2 billion from $13.4 billion a year earlier. “It feels as if the decline is lessening,” said IFPI Chairman and Chief Executive John Kennedy, who has predicted that full-year sales will be roughly flat. The IFPI said that lower CD prices, flagging DVD music video sales and competition from other entertainment sectors also contributed to the decline. http://news.com.com/2100-1027_3-5887586.html

SARB-OX MISSTEPS HELP IT EXECS FINE-TUNE PLANS (ComputerWorld, 3 Oct 2005) -- Executives who oversaw the first round of Sarbanes-Oxley Act compliance for their companies said last week that in hindsight, they likely would have done things a bit differently. The changes they would make include better educating workers about the steps that need to be taken, assigning dedicated staffers to assess and monitor critical controls, and automating a greater portion of repairs to deficient IT controls, said attendees at the Sarbanes-Oxley Conference & Exhibition here. Neil Frieser, vice president of internal controls at Viacom Inc. in New York, said his early experiences taught him that “you want to start the process early, to educate as many people as possible.” Frieser said Viacom conducted a staggering 19,600 tests on 1,560 business controls and 540 IT controls last year to meet Section 404 of the law. The work covered 116 business processes and 75 IT applications throughout the media company, whose divisions include CBS Broadcasting Inc., MTV Networks Co. and Nickelodeon Networks. One of the best lessons Viacom executives learned and acted on during the process was to identify and test internal controls centrally rather than hand the work off to each of a dozen business unit leaders, Frieser said. “We developed a lot of guidance centrally instead of having a lot of guesswork in each of the business units,” he said. “We weren’t perfect in 2004, but we got more right than we got wrong.” Michael Hultberg, executive director at Time Warner Inc. Image Credit: The Institute for Financial Excellence Michael Hultberg, executive director at Time Warner Inc. in New York, said officials at the media giant discovered during the first round of Section 404 compliance efforts that “many of the key controls we’d identified actually weren’t that key.” Time Warner spent a mind-numbing 350,000 man-hours identifying, evaluating and testing its financial and IT controls, but it discovered a higher proportion of IT control deficiencies in areas such as security and change management, he said. http://computerworld.com/governmenttopics/government/legislation/story/0,10801,105116,00.html

FINNISH “STAR TREK” SPOOF PROSPERS ON INTERNET (Reuters, 5 Oct 2005) -- A Finnish spoof of the sci-fi classic “Star Trek” has boldly gone where no feature film has gone before, relying on free distribution over the Internet to reach more than 450,000 viewers in less than a week. “Star Wreck: In the Pirkinning” is a full-length feature in Finnish with English subtitles. It was made over seven years by a group of students and other amateur film makers with a bare-bones budget and a few home computers to create elaborate special effects. “We took a conscious decision not to go to the theatres as the movie was done mostly on a voluntary basis,” said Timo Vuorensola, who directed the film. “Through the Internet and DVD it will probably get the widest possible viewership. We are hoping to reach one million downloads by the end of the year.” The success of “Star Wreck” comes as Hollywood grapples with the threats and opportunities of the Internet. Movie studios are fearful of the rampant piracy that has ravaged their music label counterparts, but are also hoping to use the Internet to cut distribution costs and open up new markets. http://news.yahoo.com/s/nm/20051005/wr_nm/media_internet_starwreck_dc

E-MAIL TO LAWYERS: E-DISCOVERY RULES ON THE WAY (ABA Journal, 7 Oct 2005) -- The Judicial Conference of the United States, making “the biggest change … in a generation or two,” has approved changes to the Rules of Civil Procedure to govern discovery of electronic communications, including e-mails and digitally stored documents. The amendments were developed by the conference’s Advisory Committee on Civil Rules, chaired by U.S. District Judge Lee Rosenthal of the Southern District of Texas. After a six-month period for comments, the Committee on Rules of Practice and Procedure adopted the e-discovery rules at a meeting of the Judicial Conference, the administrative policy arm of the federal courts, on Sept. 20. The rules must still be approved by the U.S. Supreme Court, though this is considered a formality. Then, if Congress does not disapprove them, they are expected to take effect by Dec. 1, 2006. Some experts are predicting the rules will represent the proverbial “paradigm shift” in the practices of many attorneys. “The amendments are the biggest change to the Rules of Civil Procedure in a generation or two,” says George Paul, a Phoenix-based attorney who co-wrote the upcoming ABA book The Discovery Revolution. “Lawyers are going to have to think about whether their clients have information on laptops, desktops, servers and personal digital assistants. You’re going to have to know what you’re doing well enough to talk to your client and opponent about electronic discovery.” Under the proposed amendment to Rule 26(f), a pretrial conference will include discussion of issues related to discovery of electronically stored information. “The topics to be discussed include the form of producing electronically stored information, a distinctive and recurring problem in electronic discovery resulting from the fact that unlike paper, electronically stored information may exist and be produced in a number of different forms,” says the Summary of the Report of the Judicial Conference Committee on Rules of Practice and Procedure. http://www.abanet.org/journal/ereport/oc7rules.html [Report summary at http://www.uscourts.gov/rules/Reports/ST09-2005.pdf ]

AND IT CAME 2 PASS (New York Times, 7 Oct 2005) -- “In da Bginnin God cre8d da heavens & da earth.” That’s according to a new version of the Bible translated into the text message language of cell phone users. The Bible Society in Australia on Thursday launched its translation of all 31,173 verses of the Bible in the modern, abbreviated language of text messages. The verses can be accessed over the Internet for free so that they can be spread by cell phone to family and friends, said society spokesman Michael Chant. The society used the International Contemporary English Version of the Bible and remained faithful to the grammar, changing just the spelling of words, Chant said. Sending the entire Bible by text message would take more than 30,000 dispatches, he said. http://www.nytimes.com/2005/10/07/international/asia/07brief-australia.html?adxnnl=1&adxnnlx=1128708480-hLsNnKHGs6YjvklLsU7OhA

HAVE RECESSIONS ABSOLUTELY, POSITIVELY BECOME LESS PAINFUL? (New York Times, 8 Oct 2005) – The nearly empty Airbus 310 was coasting through the Alabama night sky when a message flashed in the cockpit. "DIVERT," it said, before using code to order the plane to land in Atlanta. The pilot banked the jet to the east and a half-hour later it was on the ground. There, its cargo door opened up to a group of waiting FedEx employees who began filling it with 17,000 pounds of cargo. It had been a busy day for Georgia businesses, and FedEx's regular nightly flights from Atlanta to the company's Memphis hub were overbooked with packages. So the local crew made a call to a sprawling, low-slung room here at headquarters, where people hunch over computer screens showing weather maps and flight plans, and asked for help from the five empty FedEx jets that roam over the United States every night. The recent birth of that small fleet, at a multimillion-dollar price tag, explains a lot about how the nation's economy has become so much more resilient. Think of it as the FedEx economy, a system that constantly recalibrates itself to cope with surprises. The United States has endured an almost biblical series of calamities in recent years - wars, hurricanes, financial scandals, soaring oil prices and rising interest rates - but the economy keeps chugging along at an annual growth rate of roughly 3 percent. It has been able to do so with the help of technology that allows businesses to react ever more quickly to changes. But with little notice, those reactions have also created a new feature of the business cycle: the micro-recession. When one of them strikes, activity slows for a few weeks, sometimes in just certain sectors or regions, as companies adjust to a dip in demand. It has happened much more often in the last few years than in earlier expansions, but growth has picked up each time, thanks in part to the adjustments that businesses have made. No company embodies this change, for better and worse, quite like FedEx. The company's around-the-world flights - fuller coming from Asia than going to it - are the shipping lanes of the global economy, bringing goods from Chinese factories to American shelves in just days. FedEx technology helps Procter & Gamble managers send more Crest to Wal-Mart whenever somebody buys a tube, and the managers can then watch the replacement move through the supply chain from their computer screens. All this - combined with financial innovations that allow companies to hedge their bets and, some say, the deregulation of pivotal transportation industries - has helped mute the economy's swings. The business cycle has certainly not been eliminated, as some dreamers suggested during the 1990's boom, but recessions really do seem to happen less often. Besides Las Vegas, the flying spares leave from Duluth, Minn.; Laredo, Tex.; Fort Myers, Fla.; and Portland, Me. All take circuitous paths to Memphis, passing near major cities like Dallas, Denver and St. Louis. On a typical night, one of the five makes an unexpected stop to collect an overflow of packages, one lands to bail out a plane needing a repair, and three arrive in Memphis as empty as they were when they took off. Until a year ago, FedEx used just one flying spare, leaving from Las Vegas, but executives decided they needed an even larger reserve army to fight uncertainty. Every night, the company also keeps about 10 percent of planes half empty, allowing them to make unplanned stops and pick up more cargo. Changes like this, not just at FedEx but at its rival United Parcel Service and many other companies, have helped foster the recent economic stability. The amount of inventory that companies keep in their warehouses, in case demand suddenly surges or some boxes become stuck in Oakland, has steadily fallen. http://www.nytimes.com/2005/10/08/business/08fedex.html?ex=1286424000&en=bd7eae6d58092b0b&ei=5090&partner=rssuserland&emc=rss

**** CURIOSITIES ****
HURRICANE RITA (22-25 September 2005) – The editor’s blog, from the apparent bullseye. http://vpolleyhurricanerita.blogspot.com/

SOURCES:
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu.
2. Edupage, http://www.educause.edu/pub/edupage/edupage.html.
3. SANS Newsbites, sans@sans.org.
4. NewsScan and Innovation, http://www.newsscan.com.
5. Internet Law & Policy Forum, http://www.ilpf.org.
6. BNA’s Internet Law News, http://ecommercecenter.bna.com.
7. The Ifra Trend Report, http://www.ifra.com/website/ifra.nsf/html/ITR-HTML.
8. Crypto-Gram, http://www.schneier.com/crypto-gram.html.
9. Gordon & Glickson’s Articles of Note, http://www.ggtech.com
10. Readers’ submissions, and the editor’s discoveries.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.

No comments: