Saturday, November 19, 2005

MIRLN -- Misc. IT Related Legal News [30 Oct - 19 Nov 2005; v8.14]

**************Introductory Note**********************

MIRLN (Misc. IT Related Legal News) is a free product of KnowConnect, Inc. (www.knowconnect.com) and the American Bar Association’s Cyberspace Law Committee. Please feel free to distribute this message.

Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at http://www.buslaw.org/cgi-bin/controlpanel.cgi?committee=CL320000 (click on “Settings” beside Members-Only Listserve Discussion). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN editions are archived at www.vip-law.com and in the public materials section of the Cyberspace Committee’s collaboration space at http://lawplace.metadot.com.

**************End of Introductory Note***************

MICROSOFT: WE WERE RAILROADED IN MASSACHUSETTS ON ODF (ZDnet, 17 Oct 2005) -- Those were not Microsoft’s exact words, but if you were a fly on the wall [to] recent correspondence with Microsoft’s Alan Yates regarding how Microsoft’s XML-based Office file formats ended up off of Massachusetts’ list of approved file formats (essentially pulling the state’s plug on future usage of Microsoft Office), it would be difficult to summarize his opinion in any other way. To the untrained eye, the Massachusetts decision-- formally known as that state’s Enterprise Technical Reference Model (henceforth referred to as MA ETRM)-- looks like one of those small open source victories for some European municipality looking to establish independence from big bad proprietary American technology. Such victories are important, no doubt, to that town, city, or country and even to perhaps to certain technology communities in general (e.g., open source) -- but largely peripheral to the bigger battle. But, MA ETRM is about far more than open source. Industry historians will later view it as one of the most brilliant chess moves by a handful of industry titans with a common interest in breaking Microsoft’s dominant grip. http://news.zdnet.com/2100-3513_22-5893208.html

DEALING WITH DATA THEFT: AFTER THE FACT (InternetWeek, 20 Oct 2005) -- Time and again, businesses fall short in their ability to protect their customer information as criminals looking to steal data get wiser and more creative. Whether customer data is stolen or lost through hacking, physical means such as a misplaced laptop or hijacked data tapes, or an unscrupulous employee, the results are the same: customers at risk and a huge black eye for the company. No industry grapples more with data theft and the ensuing customer relationship nightmare than the financial services sector, which will increase spending on IT security and related issues 12% this year to $1.8 billion, according to consulting firm Celent. How these companies respond to the seemingly inevitable security breach can change the way they are viewed by customers and the general public. Handle it right, and a company can flip the negative into a positive and earn customers’ respect and appreciation. Handle it wrong, and the business will forever fight the stigma of an untrustworthy organization. The good news is the financial services industry is fast making an art form out of dealing with security breaches, and its experience can serve as an invaluable guideline for any business holding sensitive customer information. http://internetweek.cmp.com/shared/article/printablePipelineArticle.jhtml?articleId=172302862

AFTER SONGS AND VIDEOS, CRIB NOTES BECOME THE LATEST OFFERING FOR IPODS (Chronicle of Higher Ed, 27 Oct 2005) -- With iPods slowly working their way into college classrooms, it was only a matter of time before someone put the devices to use as a way of cutting corners on course work. Now a pair of companies has stepped up, offering a line of iPod-ready crib notes to such literary classics as The Great Gatsby and The Scarlet Letter. The notes are taken from study guides published by SparkNotes -- a company that has marketed itself as a hipper version of CliffsNotes, the giant of the field -- and are sold by iPREPpress, a business that retails reference material that can be viewed on the digital music players. Right now about a dozen titles are available at $4.95 apiece. But the companies plan to publish digital guides for about 50 English-department cornerstones, according to Kurt Goszyk, the founder of iPREPpress. The guides basically turn the iPod into a text-based browser: Students can read biographical sketches of characters, review themes and motifs, and test themselves with study questions and answers -- all by using the iPod’s click wheel to navigate a series of hyperlinks. But students can also listen to overviews of the books’ plots and protagonists while they work out at the gym or walk from class to class. The study guides each include about six or seven minutes of audio material for students on the go, said Mr. Goszyk. “But in areas where you really have to concentrate” -- like SparkNotes’ more detailed summaries of quotations and symbolism -- “we kept it as only text,” he said. http://chronicle.com/free/2005/10/2005102702t.htm

INSURER LAUNCHES $10 MILLION OPEN-SOURCE POLICY (ZDnet, 31 Oct 2005) -- Insurance underwriter Kiln, which is a Lloyd’s of London division, and Miller Insurance Services on Monday said they will offer open-source compliance insurance. New York-based Open Source Risk Management will be the exclusive risk assessor. The insurance will cover up to $10 million in damages, including profit losses related to noncompliance with an open-source software license. The policy could, in some cases, cover the cost of repairing code that was found to infringe on open-source licenses such as the General Public License, which is used with the Linux operating system. The insurers said more than 30 legal claims in the last two years have involved infringements on open-source licenses. In each case, the plaintiffs were able to restrict the use of their code. “The emerging open-source model of worldwide collaborative technology development introduces novel business risks that traditional insurance products can, but have not, addressed,” said Matthew Hogg, an underwriter for Kiln Risk Solutions. Daniel Egger, CEO of Open Source Risk Management, said many companies inadvertently expose themselves to legal risks when they use open-source software. In particular, companies may infringe on copyright laws when distributing their own software--which could include open-source products--to business partners or customers, Egger said. http://news.zdnet.com/2100-3513_22-5924112.html [Editor: Of course, with the insurance coverage will come emergent best-practices, standards, and processes.]

U.S. MULLS NEW DIGITAL-SIGNATURE STANDARD (CNET, 1 Nov 2005) -- A team of Chinese scientists shocked the data security world this year by announcing a flaw in a widely used technique used to create and verify digital signatures in e-mail and on the Web. Now the U.S. government is trying to figure out what to do about it. The decade-old algorithm, called the Secure Hash Algorithm, or SHA-1, is an official federal standard and is embedded in every modern Web browser and operating system. Any change will be expensive and time-consuming--and a poor choice by the government would mean that the successor standard may not survive another 10 years. “We’re going to have to make a decision fairly soon about where to push people,” said John Kelsey of the National Institute of Standards and Technology (NIST), which convened a workshop here on the topic Monday. Even though NIST is only technically responsible for government standards-setting, Kelsey noted, “we’re likely to get a lot of other people to head in that direction as well.” The findings by the researchers at China’s Shangdong University, which they described in an interview with CNET News.com in March, are still of more theoretical than practical interest. But as computing speed accelerates, their discovery eventually will make it easier for intruders to insert undetectable back doors into computer code or to forge an electronic signature--unless a different, more secure “hash” algorithm is adopted. http://news.com.com/U.S.+mulls+new+digital+signature+standard/2100-1029_3-5924982.html?tag=nefd.lede

DATA LAWS RAISE SECURITY WORRIES (VNUnet, 2 Nov 2005) -- Regulatory compliance is now the biggest security concern for IT departments, according to international research. Nearly two-thirds of firms that responded to consultancy Ernst & Young’s survey cited complying with electronic data retention regulations such as Sarbanes-Oxley and the European Union 8th Directive on company law as their primary IT security focus. But despite senior management fears of prosecution making security a board issue, IT departments are failing to make information security an integral part of the business, says The Global Information Security Survey 2005. ‘Images of directors being taken away in orange jumpsuits and silver manacles are making firms sit up and take notice,’ said Ernst & Young partner Antony Smyth. ‘It is a chance for departments to make use of the focus that security is getting in the boardroom, but most are not doing this.’ The survey of more than 1,300 public and private sector organisations in 55 countries found 81 per cent of firms view IT security as the most important element in complying with data policies. Just 56 per cent of IT directors cited security as important for aiding other business strategies. Some 88 per cent of firms are updating policies and procedures to comply with regulations, but only 41 per cent are using the opportunity to reorganise their IT security functions or to make changes to systems architecture. The survey also suggests that organisations are not securing information and systems when they outsource their operations to third parties. One fifth of firms do not address the risks of communicating electronically with suppliers, outsourcers and partners, and 33 per cent only have informal procedures to deal with these risks. http://www.vnunet.com/computing/news/2145373/laws-raise-security-worries

MICROSOFT CALLS FOR BROAD PRIVACY LAW (Reuters, 3 Nov 2005) -- Microsoft Corp. on Thursday called for a broad national law to protect consumer privacy and a top Republican lawmaker said he planned to push such a bill next year, amid heightened consumer concerns about identity theft and online fraud. “This is the time, this is the place, we believe, for the government to adopt privacy legislation on a national basis,” Microsoft General Counsel Brad Smith said at a lunch event. Texas Republican Rep. Joe Barton, who chairs the House Energy and Commerce Committee, said at a separate event that he plans to introduce a comprehensive privacy bill next year. High-tech businesses, including Microsoft, helped block attempts to pass a national privacy law in 2001 and 2002, arguing that businesses can be trusted to handle consumer profiles responsibly. Since then, most Fortune 500 companies have developed “privacy policies” that spell out, often in dense legalese, what they do with credit-card numbers, birthdates and other information consumers give to them. Congress, meanwhile, has tackled a number of privacy issues, from “spam” e-mail to telemarketing to computer “spyware.” Lawmakers are currently wrangling over legislation that would require businesses to let consumers know when their account information has been exposed to outsiders. Still, several polls have found that privacy concerns have prompted some consumers to cut back on online purchases, and a rash of data breaches has exposed sloppy security practices at banks, universities and a wide range of other institutions. Smith said a broad privacy law spelling out how businesses handle consumer information is now needed to shore up consumer confidence and simplify a legal landscape that is becoming cluttered by conflicting state and national laws. “It’s the patchwork of state laws that is causing a lot of heartburn, not any one individual law,” he said. Any legislation should allow consumers to limit how information about them is used and should apply to online and offline businesses equally, Smith said. Online retailer eBay Inc. is also pushing for a national privacy law, a lobbyist for the company said, while computer maker Hewlett-Packard Co. has backed such a law for years. A prominent civil liberties advocate said Smith’s speech was a significant development. “This creates some momentum for really addressing privacy legislation as early as next year,” said Jerry Berman, president of the Center for Democracy and Technology. http://news.yahoo.com/s/nm/20051103/wr_nm/privacy_dc

WANT ‘WAR AND PEACE’ ONLINE? HOW ABOUT 20 PAGES AT A TIME? (New York Times, 4 Nov 2005) – In a race to become the iTunes of the publishing world, Amazon.com and Google are both developing systems to allow consumers to purchase online access to any page, section or chapter of a book. These programs would combine their already available systems of searching books online with a commercial component that could revolutionize the way that people read books. The idea is to do for books what Apple has done for music, allowing readers to buy and download parts of individual books for their own use through their computers rather than trek to a store or receive them by mail. Consumers could purchase a single recipe from a cookbook, for example, or a chapter on rebuilding a car engine from a repair manual. The initiatives are already setting off a tug of war among publishers and the potential vendors over who will do business with whom and how to split the proceeds. Random House, the biggest American publisher, proposed a micropayment model yesterday in which readers would be charged about 5 cents a page, with 4 cents of that going to the publisher to be shared with the author. The fact that Random House has already developed such a model indicates that it supports the concept, and that other publishers are likely to follow. The proposals could also become bargaining chips in current lawsuits against Google by trade groups representing publishers and authors. These groups have charged that Google is violating copyrights by making digital copies of books from libraries for use in its book-related search engine. But if those copies of older books on library shelves that have long been absent from bookstores started to produce revenue for publishers and authors, the trade groups might drop some of their objections. In a telephone interview yesterday, Paul Aiken, executive director of the Authors Guild, which filed a federal copyright infringement lawsuit against Google in September over its Google Print program, called the Amazon announcement “a positive development.” “This is the way it’s supposed to work: to give consumers access to books and have revenues flow back to publishers and authors,” Mr. Aiken said. “Conceptually, something similar might be possible for the Google program.” Amazon said yesterday that it was developing two programs that would begin some time next year. The first, Amazon Pages, is intended to work with the company’s “search inside the book” feature to allow users to search its universe of books and then buy and read online whatever pages they need of a given book. The second program, Amazon Upgrade, will allow customers to add online access to their purchase of a physical copy of a book. [Editor: Very interesting and promising developments. Let’s hope Amazon-Upgrade doesn’t echo MP3.com’s missteps; there must be more to the model than is described here.] http://www.nytimes.com/2005/11/04/technology/04publish.html?ex=1288760400&en=4ef1b1171533988d&ei=5090&partner=rssuserland&emc=rss

FRENCH GIVE A QUALIFIED ‘NON’ TO SNOOPING OF P2P IP ADDRESSES (Steptoe & Johnson’s E-Commerce Law Week, 5 Nov 2005) -- On October 24, the French data protection authority, the Commission Nationale de I’Informatique et Libertes (CNIL), dealt a blow to music industry enforcement efforts against peer-to-peer (P2P) file-sharing by announcing that it would not permit the automated monitoring of users of P2P file sharing systems. The CNIL concluded such monitoring could lead to “a massive collection of personal data” and allow “exhaustive and continuous surveillance” of P2P sites “beyond that which was necessary for the fight against piracy”. The CNIL’s stance runs counter to its own ruling in April authorizing similar P2P site surveillance by the Syndicat des Editeurs de Logiciels de Loisirs (SELL), a trade association representing French video game producers, whose members include video game industry heavyweights such as Sega, Sony, and Atari. Defending its apparent volte-face, the CNIL noted that SELL had pledged to send messages to suspected P2P site users itself, rather than asking ISPs to act as third party intermediaries, and had agreed to take an anonymous approach in communicating with suspected violators. In French, we believe that’s what is called “une distinction sans diffĂ©rence.” In any event, if French Culture Minister Renaud Donnedieu de Vabres is to be believed, forthcoming consideration in the French Parliament of the implementation of the EU Copyright Directive might allow the music industry anti-piracy initiative to move forward. Consideration of the EU Copyright Directive by the French Parliament is scheduled to begin in December. http://www.steptoe.com/index.cfm?fuseaction=ws.getItem&pubItemId=11105&siteId=547

HOMELAND SECURITY’S VAGUE CYBER PLAN (CNET, 7 Nov 2005) -- A preliminary report released by the Department of Homeland Security seems to scatter cybersecurity responsibilities across the government and the private sector while sticking to generalities about future plans. In its 175-page draft of the National Infrastructure Protection Plan, or NIPP, the department outlines a broad framework for protecting the nation’s “critical infrastructure” and “key assets”--bureaucratic argot referring to everything from the power grid to dams to computer systems. President Bush first commissioned the plan in December 2003, and the Department of Homeland Security released an early version in February. According to a notice announcing the document’s availability, the latest version aims to provide greater detail. The term “cybersecurity” appears 148 times the draft, and a 16-page appendix devoted to the topic offers some suggestions for threat analysis, response readiness and training. But the rest is worded in terms of generalities. The plan asserts that cybersecurity responsibilities should ultimately lie with the Department of Homeland Security but also calls on state and local governments to come up with information security measures and to be aware of vulnerabilities in their systems. The report charges academia and research institutions with devising “best practices” for IT security and the private sector with ensuring that it is “satisfying cyberprotection standards.” The document suggests that work should be done through a “sector partnership model”--that is, informal advisory bodies composed of private-sector and governmental representatives from the same subject area. It proposes several lists of general actions that various sectors should take (for example, “set sector-specific security goals”) and allocates deadlines from the adoption of the plan to accomplish them (in that particular case, 90 days). The recommendations are often vague. For example, the suggestion that the Department of Homeland Security should lead and develop a “national cybersecurity exercise” to simulate responses to an attack is listed as an “ongoing” project with no deadline. And under a category referring to the steps the government should take to deal with “privacy and constitutional freedoms,” the department lists no suggested actions. http://news.com.com/2100-7348_3-5937715.html Draft at http://dw.com.com/redir?destUrl=http%3A%2F%2Fpolitechbot.com%2Fdocs%2Fdhs.nipp.110205.pdf&siteId=3&oId=2100-7348-5937715&ontId=1009&lop=nl.ex [Editor: Oh, for Pete’s sake! The USG has been dithering on this for more than five years; it’s time for some useful, specific proposals. E.g., tax breaks for secure software; procurement policies that reject standard ‘no-liability’ language; antitrust expemption and confidentiality assurance for ISAC operations; etc.]

HISTORY’S WORST SOFTWARE BUGS (Wired, 8 Nov 2005) -- Last month automaker Toyota announced a recall of 160,000 of its Prius hybrid vehicles following reports of vehicle warning lights illuminating for no reason, and cars’ gasoline engines stalling unexpectedly. But unlike the large-scale auto recalls of years past, the root of the Prius issue wasn’t a hardware problem -- it was a programming error in the smart car’s embedded code. The Prius had a software bug. With that recall, the Prius joined the ranks of the buggy computer -- a club that began in 1945 when engineers found a moth in Panel F, Relay #70 of the Harvard Mark II system.1The computer was running a test of its multiplier and adder when the engineers noticed something was wrong. The moth was trapped, removed and taped into the computer’s logbook with the words: “first actual case of a bug being found.” Sixty years later, computer bugs are still with us, and show no sign of going extinct. As the line between software and hardware blurs, coding errors are increasingly playing tricks on our daily lives. Bugs don’t just inhabit our operating systems and applications -- today they lurk within our cell phones and our pacemakers, our power plants and medical equipment. And now, in our cars. But which are the worst? It’s all too easy to come up with a list of bugs that have wreaked havoc. It’s harder to rate their severity. Which is worse -- a security vulnerability that’s exploited by a computer worm to shut down the internet for a few days or a typo that triggers a day-long crash of the nation’s phone system? The answer depends on whether you want to make a phone call or check your e-mail. http://www.wired.com/news/technology/bugs/0,2924,69355,00.html?tw=wn_tophead_1 [Editor: Fun story. The CIA-bug-in-Soviet-pipeline story (more at http://www.msnbc.msn.com/id/4394002), if true, isn’t the only case of such a plant.]

ARE YOU A ‘PUBLIC FIGURE’? (Wired, 9 Nov 2005) -- Can being mentioned on the net turn an ordinary citizen into a public figure with severely limited abilities to fight libel and defamation lawsuits? According to a Florida judge’s ruling -- perhaps the first of its kind in the United States -- the answer is yes. In an Oct. 21 ruling, Florida circuit court Judge Karen Cole threw out a defamation case against two TV stations because she deemed the plaintiff -- a Jacksonville woman -- to be a public figure who had been subject to “substantial” internet debate. In the eyes of the law, public figures are usually politicians or celebrities, who have limited rights to claim that they’ve been libeled or defamed, thanks to a 1964 ruling by the U.S. Supreme Court. Among other things, Cole said plaintiff Eliza Thomas had become a public figure because there had been “substantial public debate” regarding her and her husband on the internet. http://wired.com/news/politics/0,1283,69511,00.html?tw=wn_tophead_4

SONY’S ANTI-FILE-SHARING CD CAUSES A FIRESTORM OF ANGER (Houston Chronicle, 8 Nov 2005) -- Since the dawn of file-sharing in the late 1990s, the music industry has struggled with keeping its wares from being traded freely. Recording labels have tried all kinds of approaches, from suing their own customers to Draconian copy protection to changing formats. The one that has worked the best — surprise! — has been to offer a low-cost way to buy music that allows users to do pretty much what they want to do with the tunes they purchase. It’s almost as though there’s a Good Side and a Dark Side to the musical force. Over time, you’d think the business would get that the Good Side will win more converts. That is, until you see something like the strange case of the Sony rootkit. On Halloween, a developer with an Austin-based software company posted on his blog a detailed report on a troubling discovery — a CD from Sony BMG had installed software on his PC that uses the same technique for hiding itself as the most pernicious type of spyware. Mark Russinovich of Sysinternals also discovered that the software, known as a rootkit, could then be used by the creators of viruses and worms to hide their own malicious payloads. A rootkit works at the very lowest levels of the Windows operating system to cloak files. Spyware purveyors use the technique to hide their code from programs designed to find and remove it. In Sony’s case, the rootkit was part of a media player designed to restrict how a CD’s tunes are played, stored to a computer’s hard drive or copied, and was used to hide those files, making it difficult to get around the protection. The software was installed when the CD’s buyers — in Russinovich’s case, Van Zant’s Get Right with the Man — first tried to play the disc on a PC. The disc can’t be used in a PC without Sony’s player. The rootkit hid the software by looking for a particular sequence of characters in the name. Any files that included the sequence were cloaked. Russinovich had to jump through hoops to find the software, trace its source and remove it. When he did, he found the process disabled his CD drives, which were no longer visible in Windows Explorer. His report, at www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html, concluded: “The entire experience was frustrating and irritating. Not only had Sony put software on my system that uses techniques commonly used by malware to mask its presence, the software is poorly written and provides no means for uninstall. Worse, most users that stumble across the cloaked files ... will cripple their computer if they attempt the obvious step of deleting the cloaked files.” http://www.chron.com/cs/CDA/ssistory.mpl/business/3445666
[Commentator: “Many of you have probably read about the discovery someone recently made that Sony’s new DRM has a rather dark side. Here is an EFF page that describes not only some of the ‘bad’ stuff in the software but also the onerous provisions of the EULA that comes with the CD. The EFF page has information about the ‘rootkit’ that gets installed on your machine, as well as a summary of the ‘bad’ provisions in the EULA. http://www.eff.org/deeplinks/archives/004145.php. Mark Russinovich has a detailed explanation on his blog of how the Sony DRM works and why people are claiming that it is a rootkit. I strongly recommend reading before discussing these issues. The explanation is at http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html“
-- and-- “It turns out that despite Sony’s denials, the player software that comes with the DRM’d CDs phones home each time it is launched. Mark Russinovich, the guy who originally broke the story, has detailed his proof of this. Discussion at http://malwarecle.blogspot.com/2005/11/how-much-worse-can-this-get.html“]
Also, REAL STORY OF THE ROGUE ROOTKIT (Wired, 17 Nov 2005, by Bruce Schneier) at http://www.wired.com/news/privacy/0,1848,69601,00.html; ITALIAN POLICE ASKED TO INVESTIGATE SONY DRM CODE (PCWorld, 7 Nov 2005) at http://www.pcworld.com/news/article/0,aid,123454,00.asp
[Editor: Trespass to Chattels? A perfect application of this expanded doctrine; CFAA? If mens rea can be shown; Deceptive Trade Practices? You bet! Sony has gone way over the line, and its lawyers (especially those who reviewed the EULA) have done a very poor job.]

MAN SPENDS $100,000 ON VIRTUAL SPACE STATION IN ONLINE GAME (AP, 10 Nov 2005) -- In one of the largest sales yet of property in an online game, a Miami resident has bought a virtual space station for $100,000 and wants to turn it into a cross between Jurassic Park and a disco. Jon Jacobs, a director of independent films, plans to call the space resort, in the science-fiction themed game Project Entropia, “Club Neverdie.” Like other land areas in the game that has been visited by 300,000 players, the resort grounds will spawn dinosaur-like monsters, which visitors can kill. Jacobs will take a cut of the virtual resources that the carcasses yield, like hides. Jacobs, 39, plans to hire famous disc jockeys to entertain visitors once a week or so at the resort but still reckons on netting $20,000 a month from the hunting tax and other income. “I want to operate this thing at the level of a major nightclub in a major city,” Jacobs said. Jacobs bought the property late last month from MindArk PE AB, Project Entropia’s Swedish developer. The game, which has no subscription fee, has its own currency but it’s convertible at a fixed rate to dollars. About a quarter of the purchase money came from Jacobs’ in-game earnings. Over three years playing Project Entropia, Jacobs accumulated items that later became worth thousands of dollars, like first-aid kits and powerful weapons. He sold those items last year to buy an island in Project Entropia, but was outbid - it sold for $26,500, the previous record sale in that world. He refinanced his house shortly after and considered investing some of the cash in the hot Miami real-estate market, but he realized that if he bought a rental property, it really wouldn’t generate any income beyond what he’d pay for the mortgage and repairs. So he invested the proceeds in the game. http://news.yahoo.com/s/cmp/20051110/tc_cmp/173601281

INTERNET SERVICE TO PUT CLASSIC TV ON HOME COMPUTER (New York Times, 14 Nov 2005) -- Looking for “The Fugitive?” Didn’t get enough “Eight Is Enough?” Would you like to “Welcome Back, Kotter” one more time? Warner Brothers is preparing a major new Internet service that will let fans watch full episodes from more than 100 old television series. The service, called In2TV, will be free, supported by advertising, and will start early next year. More than 4,800 episodes will be made available online in the first year. The move will give Warner a way to reap new advertising revenue from a huge trove of old programming that is not widely syndicated. Programs on In2TV will have one to two minutes of commercials for each half-hour episode, compared with eight minutes in a standard broadcast. The Internet commercials cannot be skipped. America Online, which is making a broad push into Internet video, will distribute the service on its Web portal. Both it and Warner Brothers are Time Warner units. An enhanced version of the service will use peer-to-peer file-sharing technology to get the video data to viewers. Warner, with 800 television programs in its library, says it is the largest TV syndicator. It wants to use the Internet to reach viewers rather than depend on the whims of cable networks and local TV stations, said Eric Frankel, the president of Warner Brothers’ domestic cable distribution division. “We looked at the rise of broadband on Internet and said, ‘Let’s try to be the first to create a network that opens a new window of distribution for us rather than having to go hat in hand to a USA or a Nick at Night or a TBS,’ “ Mr. Frankel said. [Editor: See? P2P has real, non-infringing uses, too.] http://www.nytimes.com/2005/11/14/business/14warner.html?ex=1289624400&en=a46d72f19b7403e3&ei=5090&partner=rssuserland&emc=rss

MORE FIND ONLINE ENCYCLOPEDIA IS HANDY (New York Times, 14 Nov 2005) -- By several measures, the user-written online encyclopedia Wikipedia (www.wikipedia.com) has exploded in popularity over the last year. The Internet traffic-measurement firm Nielsen//NetRatings found that Wikipedia had more than tripled its monthly readership in September from the same month in 2004. September may have been a month of especially heavy usage for Wikipedia: the site does better during major news events, and September saw both the aftermath of Hurricane Katrina and the confirmation of John G. Roberts Jr. as chief justice of the United States Supreme Court. But Wikipedia’s popularity is not limited to periods of big news. Intelliseek, a marketing-research firm that measures online buzz, has found that the term Wikipedia is consistently used by bloggers - about twice as often as the term “encyclopedia” - and showed up in roughly one out of every 600 blog posts last month; it was one of every 3,300 posts in October 2004. “For bloggers, it’s almost like a badge of credibility to embed Wikipedia in their blog references,” said Pete Blackshaw, chief marketing officer for Intelliseek. “There’s something about Wikipedia that confers a degree of respectability, because multiple Web users have converged on it.” http://www.nytimes.com/2005/11/14/business/14drill.html?ex=1289624400&en=73da448cea0792a2&ei=5090&partner=rssuserland&emc=rss

A COMPROMISE OF SORTS ON INTERNET CONTROL (New York Times, 16 Nov 2005) -- Representatives from the United States and nations that had sought to break up some of its control over the Internet reached an accord on Tuesday night that leaves the supervision of domain names and other technical resources unchanged. They agreed instead to an evolutionary approach to Internet management. But the accord, a document of principles that delegates from more than 100 countries worked out here after more than two years of sometimes fiery argument, also established a new international forum intended to give governments a stronger voice in Internet policy issues, including the address system, a trade-off that the Americans were willing to accept. The text of the document is to be approved at a United Nations summit meeting on information-age issues that begins Wednesday in Tunis. American delegates who had been working on the document celebrated the outcome. Only in September, the European Union had made a well-received proposal to put some of the American powers under a new agency. And in the prelude to the talks that resumed this week, increasing pressure had been brought on the Americans to share their authority. David A. Gross, coordinator of international communications and information policy in the State Department, said late Tuesday: “I didn’t think it was possible. We did not change anything about the role of the U.S. government. It’s very significant.” The United States maintained that diluting the authority of the body that now manages the Internet address structure, the Internet Corporation for Assigned Names and Numbers, known as Icann, could jeopardize the stability and security of the global network. http://www.nytimes.com/2005/11/16/technology/16net.html?ex=1289797200&en=8cef00d486e38143&ei=5090&partner=rssuserland&emc=rss Agreed text at http://lists.essential.org/pipermail/random-bits/2005-November/001305.html

SHOP-TILL-YOU-DROP SPECIALS, REVEALED HERE FIRST (New York Times, 17 Nov 2005) -- For retailers, the day after Thanksgiving is a painstakingly orchestrated affair. Prices are scientifically slashed, down to the penny. Sales begin at dawn. And glossy circulars containing the well-laid plans are distributed just a day or two ahead to keep consumers and competitors in the dark. Or at least that is how it worked before people like Michael Brim came along. From a cramped dorm room in California, Mr. Brim, an 18-year-old college freshman who dines on Lucky Charms and says he rarely shops, is abruptly pulling back the curtain on the biggest shopping day of the year. His Web site, BF2005.com, publishes the circulars for what retailers call Black Friday - the day that officially starts the holiday shopping season - weeks ahead of time. So far this year, sources have leaked advertisements to him from Toys “R” Us (showing the Barbie Fashion Show Mall, regularly $99.99, for $29.97); Sears (a Canon ZR100 MiniDV camcorder, regularly $329.99, for $249.99); and Ace Hardware (a Skil 12-volt drill, regularly $44.99, for $24.99). Mr. Brim says his motive is to educate consumers. But retailers are furious, arguing that the site jeopardizes their holiday business, and they have threatened legal action. But BF2005.com is not their only problem. There are now at least three Web sites dedicated to digging up Black Friday sales secrets, creating a fierce competition to post the ads first. It is so heated, in fact, that all three sites stamp the circulars with bright electronic watermarks to discourage rivals from stealing a scoop. http://www.nytimes.com/2005/11/17/business/17shop.html?ex=1289883600&en=ed15eb16d7a6526a&ei=5090&partner=rssuserland&emc=rss

JUDGES REJECT CELL-PHONE TRACKING (Wired, 17 Nov 2005) -- For the third time in recent months, a federal judge has balked at allowing government investigators to track a citizen via cell phone in real time without agents showing probable cause. Andrew J. Peck, a magistrate judge with the U.S. District Court for the Southern District of New York, asked the Justice Department to clarify its arguments after learning that a Long Island magistrate judge initially denied a similar request in August. All three cell-tracking requests accompanied more traditional requests to capture the dialing information of incoming and outgoing calls. Those orders only require investigators to certify that the information is likely relevant to an ongoing investigation. A Texas judge and the Long Island judge ultimately rejected the location-tracking requests in harshly worded opinions last month, concluding investigators cannot track cell phones without going through the hoops necessary for getting a traditional search warrant. Investigators normally need to prove probable cause to a judge if a tracking device reveals information about nonpublic places. http://www.wired.com/news/privacy/0,1848,69598,00.html Steptoe & Johnson’s useful discussion at http://www.steptoe.com/index.cfm?fuseaction=ws.getItem&pubItemId=11105&siteId=547

A COURT FIGHT TO KEEP A SECRET THAT’S NO REAL SECRET AT ALL (New York Times, 18 Nov 2005) -- As government secrets go, this one did not take long to unravel. Federal investigators did not want the public to know that they had requested confidential information about library use in Connecticut from a little-known organization called Library Connection. Revealing the organization’s identity, government lawyers warned, could compromise national security by tipping off the target of the investigation. But even as the federal government was arguing in court that it needed to keep Library Connection’s name secret, it had carelessly left its name sprinkled throughout court records. It was right there, in bold type, on Page 7 of an Aug. 16 memorandum of law, in between black splotches applied by government censors to wipe out hints of the organization’s identity. It was also on Page 18 of the memo, and it was visible in the header line on a court Web site to anyone who looked up the case using the file number. The name of the organization was so evident, both through telltale clues and explicit references, that The New York Times published it six times in news reports on the continuing court case, and it was named in other publications as well. Yet the federal government continues to argue in federal courts in Bridgeport, Manhattan and Washington that the identity of Library Connection, a consortium of libraries, must be kept secret, in the interest of rooting out potential terrorists. A decision from the United States Court of Appeals for the Second Circuit, in New York, could come soon. Library Connection, meanwhile, has been in a delicate spot: Under the USA Patriot Act, which allows the secret request for information, the organization risks prosecution if it says plainly what many already know. Its executive director, George Christian, has answered “no comment” to numerous reporters who have asked him about the case, and a member of his board who is an authority on intellectual freedom, Peter Chase, has had to decline speaking engagements - even as government officials like Kevin J. O’Connor, the United States attorney for the District of Connecticut, have been free to accept them. http://www.nytimes.com/2005/11/18/nyregion/18library.html?ex=1289970000&en=fc173cd843fa272d&ei=5090&partner=rssuserland&emc=rss

**** RESOURCES ****
WHAT IS WEX? (Cornell Law School) -- Wex is an ambitious effort to construct a collaboratively-created, public-access law dictionary and encyclopedia. It is sponsored and hosted by the Legal Information Institute at the Cornell Law School (http://www.lawschool.cornell.edu/). Much of the material that appears in Wex was originally developed for the LII’s “Law about...” pages, to which Wex is the successor. http://www.law.cornell.edu/wex/index.php/Main_Page

SOURCES:
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu.
2. Edupage, http://www.educause.edu/pub/edupage/edupage.html.
3. SANS Newsbites, sans@sans.org.
4. NewsScan and Innovation, http://www.newsscan.com.
5. Internet Law & Policy Forum, http://www.ilpf.org.
6. BNA’s Internet Law News, http://ecommercecenter.bna.com.
7. The Ifra Trend Report, http://www.ifra.com/website/ifra.nsf/html/ITR-HTML.
8. Crypto-Gram, http://www.schneier.com/crypto-gram.html.
9. Gordon & Glickson’s Articles of Note, http://www.ggtech.com
10. Readers’ submissions, and the editor’s discoveries.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.