MIRLN (Misc. IT Related Legal News) is a free product of KnowConnect, Inc. (www.knowconnect.com) and the American Bar Association’s Cyberspace Law Committee. Please feel free to distribute this message.
Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at http://www.buslaw.org/cgi-bin/controlpanel.cgi?committee=CL320000 (click on “Settings” beside Members-Only Listserve Discussion). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.
Recent MIRLN editions are archived at www.vip-law.com and in the public materials section of the Cyberspace Committee’s collaboration space at http://lawplace.metadot.com.
**************End of Introductory Note***************
LAW FIRMS NOT LIABLE IN ALLEGED WEB HACKING CASE (Law.com, 9 Dec 2005) -- Two law firms that allegedly surreptitiously accessed the password-protected Web site of an expert witness in order to show a judge that the witness violated a gag order cannot be held liable under the Digital Millennium Copyright Act. A District of Columbia federal judge has dismissed the suit by Boston occupational illness expert Dr. David Egilman, who accused the law firms Jones Day and Keller & Heckman of Washington, and Keller attorney Douglas Behr, of misappropriating his protected work. Egilman accused the Keller firm and Behr of hacking into his Web site by acquiring a password and sharing it with Jones Day lawyers in the midst of a 2001 landmark Colorado state toxics trial. Egilman had testified on behalf of the first four of 50 workers at Rocky Flats nuclear weapons plant who unsuccessfully claimed that the federal government colluded with the world’s largest beryllium maker, Brush Wellman Inc., to hide the health dangers of the metallic element. Despite a broad gag order by a Colorado state court judge, Frank Plaut, in Ballinger v. Brush Wellman Inc., No. 96-CV-2532, Egilman had posted critical material about Jones Day and Brush Wellman on his password-protected Web site in what Plaut ruled was a violation of the gag order. Plaut ordered jurors to disregard Egilman’s testimony as a sanction after learning from Jones Day that the posting included accusations of potential illegal conduct by Jones Day, and allegations that a Brush Wellman medical doctor was educated in Nazi Germany, according to press accounts at the time. Egilman, who has testified in dozens of toxics trials and was the expert in the recent Texas Vioxx trial that resulted in a $253 million verdict, limited Web site access to his staff and his Brown University students. He posted uncensored information on occupational illness and related litigation, including previously confidential corporate internal documents related to many toxic torts. Egilman sued Jones Day and Keller & Heckman, first in Texas and later in the District of Columbia, saying that his reputation was besmirched and his effectiveness compromised. He argued that the law firms and Behr circumvented measures installed to deny access to his copyright-protected work on the Web site, in violation of the 1978 Digital Millennium Copyright Act. U.S. District Judge Henry Kennedy Jr. in D.C. ruled that obtaining a username and password from a third party that has authorized access does not violate the DMCA. Kennedy cited the only other court to rule on improper use of a legitimate password, holding that gaining access to a third party’s legitimate password is not the same as hacking. http://www.law.com/jsp/printerfriendly.jsp?c=LawArticle&t=PrinterFriendlyArticle&cid=1134036310706
FTC HARE CONTINUES TO SPEED AHEAD OF CONGRESSIONAL TORTOISE ON INFORMATION SECURITY REGULATION (Steptoe & Johnson’s E-Commerce Law Week, 10 Dec 2005) -- When it comes to regulating industry information security practices, Congress and the Federal Trade Commission (“FTC”) seem to be reenacting Aesop’s fable of the tortoise and the hare. While Congress plods methodically along with various security-related bills, with nothing likely to be enacted before year’s end, the FTC continues to race ahead, setting de facto security standards for industry through enforcement actions based on its general authority to prevent “unfair . . . acts or practices in or affecting commerce.” 15 U.S.C. § 45(a)(1). On December 1, shoe retailer DSW, Inc., settled FTC charges that the company’s data security failures earlier this year -- which had allowed hackers to access the credit card, debit card information of more than 1.4 million consumers and the checking account information of 96,000 customers -- constituted an “unfair practice.” Notably, the case marks only the second time that the FTC has based a data security enforcement action on the FTC Act’s “unfairness” prong (the first being the Commission’s action against BJ’s Wholesalers this past June). In previous security breach cases, the FTC had based its allegations on the “deceptive practices” prong of the Act -- targeting, for instance, companies that failed to follow their own privacy policies, and thus allegedly deceived customers. The DSW case, like the BJ’s case before it, demonstrates the FTC’s continuing willingness to take action against companies that do not have a specific statutory obligation to safeguard personal information and have never promised customers that their personal information would be secure in the first place. In Aesop’s fable, the hare gets bored and falls asleep while the tortoise crosses the finish line. But the FTC is not likely to stop racing ahead unless and until a company refuses to settle and challenges the FTC’s statutory authority. http://www.steptoe.com/index.cfm?fuseaction=ws.getItem&pubItemId=11414&siteId=547
D.C. CIRCUIT NARROWS FTC’S JURISDICTION UNDER GRAMM-LEACH-BLILEY (Steptoe & Johnson’s E-Commerce Law Week, 10 Dec 2005) -- Hear that wind blowing outside? No, it’s not another winter storm. It’s the entire legal profession breathing a collective sigh of relief, as it avoids the FTC’s jurisdictional claws under the Gramm Leach Bliley Act (GLBA). On December 6, the U.S. Court of Appeals for the D.C. Circuit rejected the FTC’s claim of jurisdiction under the GLBA to regulate law firms as “financial institutions.” American Bar Ass’n v. FTC (No. 04-5257). The appeals court affirmed a district court ruling that the FTC’s decision to subject attorneys to GLBA privacy requirements “exceeded the statutory authority” of the FTC and “was therefore invalid as a matter of law.” This ruling represents a rare defeat for the FTC in a jurisdictional challenge, and provides a useful reminder that there are indeed limits to the types of activities and entities that are covered by the GLBA. The D.C. Circuit’s decision also could bode well for any companies that muster the intestinal fortitude to challenge the FTC’s assertion of jurisdiction in other areas, such as its claim that it can effectively enact and enforce industry information security standards under the “unfair practices” prong of the FTC Act (as discussed above). The American Bar Association case, though not directly relevant to that issue, illustrates just how to frame a successful jurisdictional challenge. http://www.steptoe.com/index.cfm?fuseaction=ws.getItem&pubItemId=11414&siteId=547
ARIZ. TOWN WILL GO WALL-TO-WALL WIRELESS (AP, 11 Dec 2005) -- Call it a municipal status symbol in the digital age: a city blanketed by a wireless Internet network, accessible at competitive prices throughout the town’s homes, cafes, offices and parks. Tempe, the Phoenix suburb that is home to Arizona State University, is due to have wireless Internet available for all of its 160,000 residents in February, becoming the first city of its size in the United States to have Wi-Fi throughout. Tempe officials hope that by making high-speed Internet as accessible as water or electricity across its 40 square miles, it will attract more technology and biotech companies — and the young, upwardly mobile employees they bring. An increasing number of the nation’s cities are looking at using Internet access as an economic development tool. Few cities have gotten as far as installing systems, “but most cities are realizing that it may be something that they want to do,” said Cheryl Leanza, legislative counsel for the National League of Cities. Philadelphia is developing a citywide high-speed system with EarthLink Inc. Unlike Philly or Tempe, New Orleans is building a free system, though the network speed will be limited. The Tempe network is being installed by NeoReach Wireless, a subsidiary of Bethesda, Md.-based MobilePro Corp. Roughly 400 antenna boxes mounted on light poles throughout the city will be used to stitch together the network, to which NeoReach will sell access, primarily through other providers. The network uses a so-called “mesh” setup, meaning it passes wireless signals from pole to pole and automatically reroutes transmissions if one of the transmitters breaks down. Speeds will vary depending on the number of users logged into the same access point. The network is strong enough only to be picked up outdoors or through one wall, meaning those who want service in their businesses or homes will need a box that serves as a signal booster and router. The city of Tempe gave the company access to its light poles in exchange for use of the network in transmitting data to and from city offices and vehicles, said Karrie Rockwell, a spokeswoman for NeoReach. Two hours of free access each day also will be available for Internet users on the Arizona State campus or the nearby Mill Avenue retail district, where the network began a year ago as a pilot project and has proven popular. Robert Jenkins, 50, sits at a coffee house on Mill Avenue a couple of times a week with his laptop, downloading larger files that take too long at home when he uses his mobile phone to access the Internet. NeoReach will directly sell service to outdoor users for $3.95 per hour or $29.95 per month. The resellers of NeoReach access have not yet announced pricing, but Rockwell said it will be cheaper than DSL or cable Internet access. Cable operator Cox Communications Inc. charges $49.95 per month for customers who don’t get Cox phone or TV service. Qwest Communications International Inc. charges $44.99 and $54.99 per month, depending on the speed. Tempe signed a contract with NeoReach after asking for bids — which prevented it from having to start its own utility and probably quelled potential objections to the city’s involvement in a WiFi network. http://news.yahoo.com/s/ap/20051211/ap_on_hi_te/wireless_city
EMPLOYEES LEAKING TRADE SECRETS VIA EMAIL: LACK OF CORPORATE POLICY REACHES WORRYING PROPORTIONS (VNUNet, 12 Dec 2005) -- A study by market research firm Radicati Group has shown that over one in 20 employees has sent company secrets to third parties via email. The Corporate Email User Habits study found that a quarter of those surveyed had forwarded corporate email to their personal accounts for later use, and nearly two thirds use their personal email for company business. “While six per cent may seem like a small number, in a 10,000-user organisation it translates to 600 employees leaking intellectual property,” said Sara Radicati, president of the Radicati Group. “Companies should take a hard look at educating their workforce on its official email policy, and put in place outbound filtering and monitoring technology that can block confidential or sensitive emails before they leave the corporate network, as well as report violations.” Only 22 per cent of companies surveyed had any policy on monitoring outgoing mail, and only half had any kind of internal policy regarding email use. http://www.vnunet.com/vnunet/news/2147460/employees-weakest-link Study at http://www.mirapoint.com/pdfs/whitepapers/End-User-Study-on-Email-Hygiene.pdf ABA’s “Employee Use of the Internet and E-Mail: A Model Corporate Policy With Commentary on Its Use in the U.S. and Other Countries” (shameless plug—I was co-editor) at http://www.abanet.org/abastore/index.cfm?section=main&fm=Product.AddToCart&pid=5070395
-- and --
FIRMS COUNT THE COST OF SECURITY THREATS (ElectronicNews.net, 12 Dec 2005) -- According to the State of Information Security 2005 report from PricewaterhouseCoopers and CIO Magazine, not only are security-related events up 22.4 percent on last year’s figures, but the number of organisations reporting financial losses as a result of the attacks is also surging. Twenty-two percent of companies said they had been hit financially, compared with last year’s 7 percent. But despite the growing security threat to businesses, only 37 percent of respondents have a security plan in place, with only 24 percent saying that they expected to develop one in the coming year. However, organisations with a chief information security officer (CISO) or chief security officer (CSO) fare a little better, with 62 percent implementing a security plan. More companies are employing a CISO or CSO, with 40 percent of respondents in the survey having one on the payroll compared with 31 percent in 2004. Security spending is slightly increasing to compensate for the growing threat, accounting for 13 percent of an organisation’s IT budget this year, compared with 11 percent last year. Malicious hackers are the top culprits to carry out the attacks, with 63 percent of events attributed to them compared with 66 percent last year. However, the number of employee-related attacks is also up, at 33 percent compared with 2004’s 28 percent. Former employees remain a likely source of the security threats, representing 20 percent of events. Meanwhile, computer viruses still top the charts as the most common type of attack, rising to 59 percent of attacks from 53 percent the previous year. http://www.enn.ie/frontpage/news-9658009.html
MICHIGAN CONSIDERS REQUIRING HIGH-SCHOOL STUDENTS TO TAKE AT LEAST ONE ONLINE COURSE (Chronicle of Higher Education, 13 Dec 2005) -- The Michigan State Board of Education is set to approve a new graduation requirement today that would make every high-school student in the state take at least one online course before receiving a diploma. The new requirement would appear to be the first of its kind in the nation. Mike Flanagan, the Michigan state superintendent of public instruction, said he proposed the online-course requirement, along with other general requirements, to make sure students were prepared for college and for jobs, which are becoming more technology-focused. While most high-school students are adept at using the Internet, Mr. Flanagan said, few of them take courses online. But today’s high-school students are increasingly likely to encounter online courses as more colleges turn to online education, he said. The online-education proposal is included with several other proposed statewide requirements -- including four years of English courses, three years of mathematics, and three years of science. Currently, the only state-required course for graduation in Michigan is a one-semester class in civics, although many of the state’s local school districts have much tougher requirements. If the state Board of Education approves the proposals, they will still need the assent of both the State Legislature and the governor. Mr. Flanagan said he already had strong support for the online proposal in the Legislature. http://chronicle.com/free/2005/12/2005121301t.htm
EUROPEAN REPORT FINDS LITTLE IMPACT FROM DATABASE DIRECTIVE (BNA’s Internet Law News, 14 Dec 2005) -- The EU DG Internal Market and Services has published an evaluation report on the EU’s Database Directive. The report acknowledges that the directive “has had no proven impact on the production of databases” and that the evidence casts doubt on the necessity of the database protection for a thriving database industry. Report at http://europa.eu.int/comm/internal_market/copyright/docs/databases/evaluation_report_en.pdf
EU PARLIAMENT ADOPTS ANTI-TERRORISM DATA RULES (Reuters, 14 Dec 2005) -- The European Parliament on Wednesday adopted new rules drawn up by the European Union to store phone and Internet data for up to two years to fight terrorism and other serious crime. But some EU lawmakers criticised the assembly saying it had caved in to pressure from member states, and arguing that the new rules would allow authorities to do what they wanted with the data. The parliament voted by 378 to 197 with 30 abstentions for a package already agreed between the assembly’s two biggest groups and member states, with European Commission backing. Earlier this month, Britain secured a deal among the EU’s 25 member states that would force telecommunications companies to store data for between six and 24 months. The rules, proposed by the European Commission in September, are part of the EU’s response to attacks in Madrid in 2004 and London this year. The version adopted on Wednesday is tougher than that recommended by the parliament’s civil liberties committee which wanted the data to be stored for one year. The committee’s recommendation was by-passed by the deal struck between member states and the assembly’s right-wing European People’s Party and socialists. The new rules still need to be formally approved by EU member states. Telecom firms have warned that the new rules will be costly to implement, but lawmakers and member states ditched a European Commission proposal that member states pay for extra data storage costs. http://uk.news.yahoo.com/14122005/80/eu-parliament-adopts-anti-terrorism-data-rules.html
IS THE PENTAGON SPYING ON AMERICANS? (MSNBC, 13 Dec 2005) – A year ago, at a Quaker Meeting House in Lake Worth, Fla., a small group of activists met to plan a protest of military recruiting at local high schools. What they didn’t know was that their meeting had come to the attention of the U.S. military. A secret 400-page Defense Department document obtained by NBC News lists the Lake Worth meeting as a “threat” and one of more than 1,500 “suspicious incidents” across the country over a recent 10-month period. The Defense Department document is the first inside look at how the U.S. military has stepped up intelligence collection inside this country since 9/11, which now includes the monitoring of peaceful anti-war and counter-military recruitment groups. “I think Americans should be concerned that the military, in fact, has reached too far,” says NBC News military analyst Bill Arkin. The Department of Defense declined repeated requests by NBC News for an interview. A spokesman said that all domestic intelligence information is “properly collected” and involves “protection of Defense Department installations, interests and personnel.” The military has always had a legitimate “force protection” mission inside the U.S. to protect its personnel and facilities from potential violence. But the Pentagon now collects domestic intelligence that goes beyond legitimate concerns about terrorism or protecting U.S. military installations, say critics. Four dozen anti-war meetings The DOD database obtained by NBC News includes nearly four dozen anti-war meetings or protests, including some that have taken place far from any military installation, post or recruitment center. One “incident” included in the database is a large anti-war protest at Hollywood and Vine in Los Angeles last March that included effigies of President Bush and anti-war protest banners. Another incident mentions a planned protest against military recruiters last December in Boston and a planned protest last April at McDonald’s National Salute to America’s Heroes — a military air and sea show in Fort Lauderdale, Fla. The Fort Lauderdale protest was deemed not to be a credible threat and a column in the database concludes: “US group exercising constitutional rights.” Two-hundred and forty-three other incidents in the database were discounted because they had no connection to the Department of Defense — yet they all remained in the database. The DOD has strict guidelines, adopted in December 1982, that limit the extent to which they can collect and retain information on U.S. citizens. Still, the DOD database includes at least 20 references to U.S. citizens or U.S. persons. Other documents obtained by NBC News show that the Defense Department is clearly increasing its domestic monitoring activities. One DOD briefing document stamped “secret” concludes: “[W]e have noted increased communication and encouragement between protest groups using the [I]nternet,” but no “significant connection” between incidents, such as “reoccurring instigators at protests” or “vehicle descriptions.” http://msnbc.msn.com/id/10454316/print/1/displaymode/1098/ DOD Guidelines at http://msnbcmedia.msn.com/i/msnbc/sections/news/DOD.1982.IntelligenceCollectionOnU.S.Persons.pdf
-- and --
PENTAGON WILL REVIEW DATABASE ON U.S. CITIZENS (Washington Post, 15 Dec 2005) -- Pentagon officials said yesterday they had ordered a review of a program aimed at countering terrorist attacks that had compiled information about U.S. citizens, after reports that the database included information on peace protesters and others whose activities posed no threat and should not have been kept on file. http://www.washingtonpost.com/wp-dyn/content/article/2005/12/14/AR2005121402528.html
BETTING ON BIRD FLU (Salon, 13 Dec 2005) -- On Nov. 1, Intrade, a Web site that allows people to bet on the likelihood of future events, issued a press release titled “Trading on Bird Flu -- 65% probability of U.S. case by March 2006!” The release announced that the trading activity on the exchange’s bird flu contracts -- offering savvy “investors” a chance to gamble on when the first strain of the deadly H5N1 will be confirmed in the United States -- had doubled in the last month. The report, put out by Intrade P.R. executive Mike Knesevitch, ended with an ominous, sobering claim: “Can these markets give us insight into global events like pandemics, hurricanes and politics? In the short history Intrade has put together, the answer is YES.” If these predictive markets are as startlingly accurate as they say, this spring the U.S. will get its first case of bird flu and some of us may die. Intrade launched its two bird flu contracts -- one predicting that the potentially deadly, pandemic-causing Asian bird flu will hit the U.S. in December, the other that it will hit in March -- on Oct. 18. (The December contract is now trading at 6, meaning the market is currently predicting a 6 percent chance of the flu hitting the U.S. on or before Dec. 31, the March at 29.6.) Now, with close to $34,000 worth of investor money wrapped up in them, the bird flu contracts are among the most popular on the futures markets site, and company spokesman Brian Keating says he expects betting on the bird flu only to increase as the contracts’ closing dates -- Dec. 31 and March 31, respectively -- approach and as more cases of the bird flu crop up around the world. Contracts on the Intrade exchange can be bought or sold between other members, just as with any other stock exchange, but if an investor chooses to hold on to a contract price until closing, that investor can lose the entire amount invested -- or make a tidy profit. In the five years since its inception, Intrade has been accurate in predicting elections, the new pope, the impact of Hurricane Katrina, and the capture of Saddam Hussein. A recent example occurred on Oct. 21 with Supreme Court nominee Harriet Miers’ confirmation contract. At approximately 8:30 that morning, traders monitoring the Harriet Miers confirmation process began aggressively selling contracts betting against her confirmation -- dropping her stock price 42 points in early trading. The following Thursday, Miers withdrew her nomination from the high court. The Intrade market allows, even thrives, on insider information. Knesevitch confirms that a lot of the market’s members work for government entities and often have the ability to move the market on national events well before news of them has filtered through the media. Dave Saigel, from the Centers for Disease Control, who says he was not aware of the bird flu market, concedes that it might be a useful prediction tool -- and may also help build awareness of the dangers of the disease and its spread. What’s more, he says, the markets have “picked great months for their contracts. December and March are prime flu months.” Jack Marshall, president of Pro Ethics, a consulting firm used to educate organizations on ethical dilemmas in the workplace, agrees that futures markets -- and betting on things like the bird flu -- may be more beneficial than hurtful to society. “It would be different if, say, after 9/11 people are betting on where the next person’s remains would be found, but this is far less sinister than that,” he says. “In postmodernist America we have a black humor and a detachment from a lot of catastrophe anyway. Betting on an abstract event, buying futures in abstraction doesn’t necessarily make things any worse.” Marshall argues that even the New York Stock Exchange allows people to profit from other people’s misery. And Marshall says he loves the whole “wisdom of crowds” aspect of futures markets. He says these types of markets offer valid projections about events and do so without any sort of bias -- and he finds more credibility in these markets than any kind of scientific facts. http://www.salon.com/ent/feature/2005/12/13/birdflu/
BEIJING CASTS NET OF SILENCE OVER PROTEST (New York Times, 14 Dec 2005) -- One week after the police violently suppressed a demonstration against the construction of a power plant in China, leaving as many as 20 people dead, an overwhelming majority of the Chinese public still knows nothing of the event. In the wake of the biggest use of armed force against civilians since the Tiananmen massacre in 1989, Chinese officials have used a variety of techniques - from barring reports in most newspapers outside the immediate region to banning place names and other keywords associated with the event from major Internet search engines, like Google - to prevent news of the deaths from spreading. Beijing’s handling of news about the incident, which was widely reported internationally, provides a revealing picture of the government’s ambitions to control the flow of information to its citizens, and of the increasingly sophisticated techniques - a combination of old-fashioned authoritarian methods and the latest Internet technologies - that it uses to keep people in the dark. http://www.nytimes.com/2005/12/14/international/asia/14china.html?ex=1292216400&en=fe07535b1db7c3a1&ei=5090&partner=rssuserland&emc=rss
BUSH LETS U.S. SPY ON CALLERS WITHOUT COURTS (New York Times, 16 Dec 2005) -- Months after the Sept. 11 attacks, President Bush secretly authorized the National Security Agency to eavesdrop on Americans and others inside the United States to search for evidence of terrorist activity without the court-approved warrants ordinarily required for domestic spying, according to government officials. Under a presidential order signed in 2002, the intelligence agency has monitored the international telephone calls and international e-mail messages of hundreds, perhaps thousands, of people inside the United States without warrants over the past three years in an effort to track possible “dirty numbers” linked to Al Qaeda, the officials said. The agency, they said, still seeks warrants to monitor entirely domestic communications. The previously undisclosed decision to permit some eavesdropping inside the country without court approval was a major shift in American intelligence-gathering practices, particularly for the National Security Agency, whose mission is to spy on communications abroad. As a result, some officials familiar with the continuing operation have questioned whether the surveillance has stretched, if not crossed, constitutional limits on legal searches. “This is really a sea change,” said a former senior official who specializes in national security law. “It’s almost a mainstay of this country that the N.S.A. only does foreign searches.” Nearly a dozen current and former officials, who were granted anonymity because of the classified nature of the program, discussed it with reporters for The New York Times because of their concerns about the operation’s legality and oversight. The White House asked The New York Times not to publish this article, arguing that it could jeopardize continuing investigations and alert would-be terrorists that they might be under scrutiny. After meeting with senior administration officials to hear their concerns, the newspaper delayed publication for a year to conduct additional reporting. http://select.nytimes.com/gst/abstract.html?res=F00F1FFF3D540C758DDDAB0994DD404482 [Editor: This is the story-of-the-decade for me; separation of powers and Article II supremacy. I’m astounded that the Times sat on it for a year. Reminds me of a senior DOD lawyer who carries a copy of the Constitution in his suit coat pocket, and pulls it out several times a day to cite Article II authority, as if there weren’t two centuries of statutory, regulatory, and case-law gloss.] Related story at http://www.salon.com/news/feature/2005/12/23/bamford/print.html ; interesting legal analysis/blog at http://balkin.blogspot.com/#113526050457460564.
-- but --
OUR DOMESTIC INTELLIGENCE CRISIS (by Judge Richard Posner, Washington Post, 21 Dec 2005) -- We’ve learned that the Defense Department is deeply involved in domestic intelligence (intelligence concerning threats to national security that unfold on U.S. soil). The department’s National Security Agency has been conducting, outside the framework of the Foreign Intelligence Surveillance Act, electronic surveillance of U.S. citizens within the United States. Other Pentagon agencies, notably the one known as Counterintelligence Field Activity (CIFA), have, as described in Walter Pincus’s recent articles in The Post, been conducting domestic intelligence on a large scale. Although the CIFA’s formal mission is to prevent attacks on military installations in the United States, the scale of its activities suggests a broader concern with domestic security. Other Pentagon agencies have gotten into the domestic intelligence act, such as the Information Dominance Center, which developed the Able Danger data-mining program. These programs are criticized as grave threats to civil liberties. They are not. Their significance is in flagging the existence of gaps in our defenses against terrorism. The Defense Department is rushing to fill those gaps, though there may be better ways. The collection, mainly through electronic means, of vast amounts of personal data is said to invade privacy. But machine collection and processing of data cannot, as such, invade privacy. Because of their volume, the data are first sifted by computers, which search for names, addresses, phone numbers, etc., that may have intelligence value. This initial sifting, far from invading privacy (a computer is not a sentient being), keeps most private data from being read by any intelligence officer. http://www.washingtonpost.com/wp-dyn/content/article/2005/12/20/AR2005122001053.html
CAN-SPAM WORKING - FTC (The Register, 21 Dec 2005) -- Legal action and email filtering are helping to minimise the nuisance of spam, according to US federal regulators. In a report (PDF) to Congress on the effectiveness of the US Federal CAN-SPAM Act, the Federal Trade Commission (FTC) concludes that technology has reduced the amount of junk email reaching consumers’ in-boxes. Meanwhile rigorous law enforcement has had a deterrent effect on spammers. “Consumers are receiving less spam now than they were receiving in 2003” when the CAN-SPAM Act was enacted, the FTC concludes. The regulators’ upbeat assessment that the war against spam - if not won - is going in the right direction is supported by figures from some security vendors cited in its report. According to email firm MX Logic, spam accounted for 67 per cent of the email it processed in the first eight months of 2005, down nine percentage points from the 76 per cent spam-rate MX faced in the same period last year. The FTC has brought 21 cases under CAN-SPAM compared to 62 cases against spammers it filed before the enactment of the law. Several important steps can be taken to improve the efficacy of the CAN-SPAM Act, the FTC advises. Laws and needed to help the FTC and other regulators in their quest to trace spammers and sellers who operate outside of the US. Improved user education on spam prevention and continued improvement in filtering tools and techniques to trace spammers will also assist in the fight against junk mail, the FTC reckons. http://www.theregister.co.uk/2005/12/21/can-spam/ Report at http://www.ftc.gov/reports/canspam05/051220canspamrpt.pdf
3RD CIRCUIT UPHOLDS PRIVATE SUITS FOR ECPA VIOLATIONS (BNA’s Internet Law News, 20 Dec 2005) -- The 3rd Circuit Court of Appeals has ruled that a private right action exists for violation of the Electronic Communications Privacy Act. Case name is DirecTV v. Pepe. Decision at http://caselaw.findlaw.com/data2/circs/3rd/044333p.pdf
FRENCH PARLIAMENT VOTES TO LEGALIZE P2P FILE SHARING (Reuters, 23 Dec 2005) -- The lower house of the French parliament voted to legalize peer-to-peer (P2P) file sharing of movies and music via the Internet. It is a vote that is certain to reverberate around the globe and draw severe criticism from the nation’s film and music industries as well as from actors and recording artists. The vote has been called a revolt again Culture Minister Renaud Donnedieu de Vabres’ draft legislation that would have established steep penalties for individuals convicted of pirating copyrighted materials with a fine of $360,000 and as much as three years of jail time. Several days prior to the matter being taken up on the floor of the parliament, consumer activists delivered a petition with 110,000 signatures criticizing the draft proposal to Vabres. A small group of legislators attached two amendments to Vabres’ bill to establish a monthly global licensing fee of 7 euros (around $8.50). The subscription charge would entitle users to unlimited downloads and legalize what most Western countries have heretofore considered a modern-day scourge. The amendment passed with a small majority, 30 to 28, with only 10 percent of the 577 assembly members actually present. The measure has yet to pass in the upper house. “We are trying to bring the law up to date with reality,” Patrick Bloche, a Socialist representative from Paris who co-authored the amendments, told the New York Times. “It is wrong to describe the eight million French people who have downloaded music from the Internet as delinquents.” http://news.yahoo.com/s/nf/20051223/bs_nf/40473
FLA. ATTORNEY GENERAL SAYS HIS E-MAILS AREN’T SPAM (Reuters, 24 Dec 2005) -- Florida’s attorney general has spearheaded an aggressive campaign against unsolicited e-mails, or spam. But as a candidate for governor, he appears to be generating some unwanted Internet clutter himself. Charlie Crist was a staunch defender of a tough anti-spam law passed by the state legislature last year, under which violators can be fined up to $500 for every e-mail they send. But a report in Thursday’s St. Petersburg Times said Crist, a Republican gubernatorial candidate, had annoyed some residents of the state by sending them unwanted e-mails promoting his candidacy and soliciting campaign donations. Joe Spooner, a 41-year-old investment adviser, told the newspaper he had no idea how the Crist campaign got his e-mail address but repeatedly tried to unsubscribe. After his fifth request to be removed, Spooner sent the Crist campaign an e-mail of his own. He accused Crist of hypocrisy because of the way he seemed to have forgotten all about his vocal crackdown on spammers. ‘Do I need to file a complaint with the attorney general’s office?” Spooner wrote. The newspaper quoted other people who had received unsolicited e-mails from Crist’s campaign. Crist was not immediately available for comment. http://news.yahoo.com/s/nm/20051223/wr_nm/email_dc
SOUTH KOREA: UR INDICTED. BCNU. (New York Times, 27 Dec 2005) -- South Koreans may look at their cellphones with some trepidation in the new year because prosecutors will start telling people they have been indicted via text messages. In a country where about 75 percent of the population carry cellphones, prosecutors felt it was time to move away from sending legal notices on paper and send them electronically instead, said Lee Young Pyo, an administrative official. “This is a more definite way for the individuals to know they have received a legal notice,” he said. http://www.nytimes.com/2005/12/27/international/27briefs.html
US MILITARY FINDS SOLDIERS’ BLOGS TOO CLOSE FOR COMFORT (Sydney Morning Herald, 28 Dec 2005) – Anyone wanting to hear daily insights into what it is like to be in a convoy hit by an explosion or ordered to pick up the body parts of comrades dismembered by a suicide bomber does not have to be there in person any more. Instead they just need to log on to the internet from the safety of their home or office. In a development that is worrying US military commanders in Iraq, a growing number of US soldiers - 200 at the last count - have set up their own blogs, or internet diaries, and are updating them from the battlefield. The phenomenon, helped by internet cafes at almost all US camps to permit soldiers regular contact with home, has for the first time allowed personal reports of the reality of combat to be read as they happen. Most of the sites started as simple diaries intended to keep in touch with friends and family. But some quickly developed a fan base of thousands. Websites now exist to direct viewers to blogs from specific units or locations. It is a phenomenon that has inevitably raised concern among commanders. In April the US military published its first policy memorandum on websites maintained by soldiers, requiring them to have official approval before starting internet postings. In July the first soldier was punished for publishing information considered sensitive, which includes mention of incidents under investigation or names of servicemen killed or wounded. http://www.smh.com.au/news/world/us-military-worried-by-soldiers-blogs/2005/12/27/1135445571736.html
**** RESOURCES ****
Chris Hoofnagle is the West Coast Director for EPIC. This is his consumer privacy top 10 – http://west.epic.org/archives/2005/11/hoofnagles_cons.html
“The new law of information security: What companies need to do now.” – good article by Thomas Smedinghoff -- http://www.technologyexecutivesclub.com/PDFs/ArticlePDFS/infosecurity.pdf
**** IN MEMORIAM ****
My father, Ira Polley, passed away last week at the age of 88. I’ll miss his laugh, outlook, and guidance. More information at http://www.vip-law.com/irapolleyobit.htm
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu.
2. Edupage, http://www.educause.edu/pub/edupage/edupage.html.
3. SANS Newsbites, email@example.com.
4. NewsScan and Innovation, http://www.newsscan.com.
5. Internet Law & Policy Forum, http://www.ilpf.org.
6. BNA’s Internet Law News, http://ecommercecenter.bna.com.
7. The Ifra Trend Report, http://www.ifra.com/website/ifra.nsf/html/ITR-HTML.
8. Crypto-Gram, http://www.schneier.com/crypto-gram.html.
9. Gordon & Glickson’s Articles of Note, http://www.ggtech.com
10. Readers’ submissions, and the editor’s discoveries.
PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.