Sunday, December 11, 2005

MIRLN -- Misc. IT Related Legal News [20 Nov – 10 Dec 2005; v8.15]

**************Introductory Note**********************

MIRLN (Misc. IT Related Legal News) is a free product of KnowConnect, Inc. (www.knowconnect.com) and the American Bar Association’s Cyberspace Law Committee. Please feel free to distribute this message.

Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at http://www.buslaw.org/cgi-bin/controlpanel.cgi?committee=CL320000 (click on “Settings” beside Members-Only Listserve Discussion). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN editions are archived at www.vip-law.com and in the public materials section of the Cyberspace Committee’s collaboration space at http://lawplace.metadot.com.

**************End of Introductory Note***************

A CONSTANT STATE OF INSECURITY (InfoWorld, 4 Nov 2005) --For the past few months an acquaintance of mine has been sniffing various public wireless and wired networks around the world, looking to see what plain text passwords are visible. It was an eye-opening experiment. She used a bunch of different tools, but mostly Cain. At the moment, it collects 18 different passwords or password representations, including plain text passwords sent over HTTP, FTP, ICQ, and SIP protocols, and will automatically collect the user’s log-in name, password (or password representation), and access location. Other than a few simple validity reviews and summary counts, my friend doesn’t look at the log-in names or passwords, and she deletes any collected information after obtaining the counts. She hasn’t used ARP (Address Resolution Protocol) poisoning or done anything other than to count plain text passwords passing by her traveling laptop’s NIC when she’s in a hotel, airport, or other public network. Although some -- including me -- might question her ethics, the information she shared is useful in understanding our true state of insecurity. She said about half the hotels use shared network media (i.e., a hub versus an Ethernet switch), so any plain text password you transmit is sniffable by any like-minded person in the hotel. Most wireless access points are shared media as well; even networks requiring a WEP key often allow the common users to sniff each other’s passwords. She said the average number of passwords collected in an overnight hotel stay was 118, if you throw out the 50 percent of connections that used an Ethernet switch and did not broadcast passwords. As a security professional, my friend often attends security conferences and teaches security classes. She noted that the number of passwords she collected in these venues was higher on average than in non-security locations. The very people who are supposed to know more about security than anyone appeared to have a higher-than-normal level of remote access back to their companies, but weren’t using any type of password protection. Another interesting issue my friend noticed was how many HTTPS-enabled Web sites did not implement SSL correctly -- users’ log-in names and passwords were being sent in clear text. This included communications to remotely accessed security devices, portals, and firewalls. The lesson here is never to trust the browser’s padlock icon when connecting to a new Web site or protected device. Sniff yourself and confirm. I did this last year and discovered my awesome anti-spam appliance’s SSL connection wasn’t working. [Commentator: This article shows how poorly even security professionals protect authentication information. I consider this a “must read.”] http://www.infoworld.com/article/05/11/04/45OPsecadvise_1.html

POLITICOS WARY OF CHANGES TO COPYRIGHT LAW (CNET, 16 Nov 2005) -- Politicians on Wednesday voiced reluctance to rewrite laws and allow people to bypass, in the name of fair use, copy-protection mechanisms on goods such as CDs and software. The statements came at a hearing here convened by a U.S. House of Representatives subcommittee that deals with commerce, trade and consumer protection. A provision of standard copyright law known as fair use allows for permission-free reproduction of certain copyright works, provided it’s for certain noncommercial purposes, such as teaching, news reporting, criticism and research. But fair use gets no mention in the Digital Millennium Copyright Act of 1998, a law that broadly prohibits cracking copy-protection technology found in products such as DVDs, computer software and electronic books. Critics say that omission eats away at consumers’ rights to use the works in ways standard fair use rights would otherwise permit. The law’s supporters, including the entertainment industry, counter that any changes would lead to rampant piracy. Some members of Congress have been trying for years to pass legislation that would build fair use into the DMCA. That’s one of the major goals of their latest effort, called the Digital Media Consumers’ Rights Act. The measure was reintroduced in March by Rep. Rick Boucher, a Virginia Democrat, and backed by Rep. Joe Barton, the Texas Republican who chairs the House Energy and Commerce Committee. http://news.com.com/2100-1030_3-5956328.html

SCIENCE BODY URGES DATA SHARING (BBC, 20 Nov 2005) -- Sharing government-held personal information could bring huge medical and social benefits, a government group has said. The new Council for Science and Technology has recommended pooling data to deliver better targeted public services and improve policymaking. But it said safeguards needed to be in place to protect people’s privacy. The government also needed to start a dialogue with the public on what was being proposed, it said. Information is frequently shared between medical researchers and the private sector. Report author Dr Mark Walport, who heads medical charity the Wellcome Trust, said he had seen the benefit of using databases for researching links between diseases and social conditions. Studies can also monitor the effectiveness of treatments or of the impact of adopting certain policies. However, the owner of the biggest collection of datasets in the country - the UK government - uses the information at its disposal at a fraction of its potential, according to Dr Walport. Personal data is guarded by government departments because of concern about misuse and invasions of privacy. But Dr Walport argued that with more creative thinking the government could improve medical and other social policy-making while at the same time protecting the privacy of individuals. http://news.bbc.co.uk/2/hi/technology/4455306.stm

CT. RULES THAT CDA S. 230 SHIELDS ISP BREACH OF PROMISE (BNA’s Internet Law News, 21 Nov 2005) -- BNA’s Electronic Commerce & Law Report reports that a federal court in Oregon has ruled that the statutory immunity provision found in CDA S.230 applies to a claim alleging that an ISP breached its own promise to remove unauthorized content in response to a complaint. The dispute involved counterfeit Yahoo! profiles and failure by Yahoo! to remove the profiles. Case name is Barnes v. Yahoo!. Article at http://pubs.bna.com/ip/bna/eip.nsf/eh/a0b1z6t5x9

STUDY: SECURITY STILL TOP IT SPENDING PRIORITY (Computerworld, 21 Nov 2005) -- A recent survey of 100 IT executives predicts that IT spending will decrease slightly in 2006 as more businesses worry about global economic conditions, but security software and enterprise IT upgrades remain top concerns. Macroeconomic factors such as high oil prices and a devastating hurricane season in the U.S. have caused 40% of the executives surveyed by Goldman, Sachs & Co. to consider reducing their 2006 IT budgets, according to survey results released Friday. Most executives, 52%, believe IT spending will be unchanged in 2006. Security software has been a long-running priority among the executives on Goldman’s survey panel, and nothing has changed that mind-set based on the current results. Spending on antivirus products has eased up after a flurry of activity, but CIOs continue to focus on improving security in areas like identity management and regulatory compliance, the survey said. Other enterprise software priorities include enterprise resource management and customer relationship management systems, with CIOs upgrading those two categories to top priorities. When Goldman polled its panel in April, ERP and CRM software were considered only medium priorities. http://www.computerworld.com/printthis/2005/0,4814,106422,00.html

SCHOOL RADIO STATIONS FACE COMPETITION OVER LICENSES (New York Times, 23 Nov 2005) -- The week before classes started in August 2004 at Franklin Central High School here, Steve George stopped in to prepare the school radio station for the coming year. As the faculty adviser to WRFT, he wanted to make sure his students were writing and producing public-service announcements. He had to contact a few of Franklin Central’s football rivals to arrange for WRFT to broadcast away games. He was pricing replacements for a 20-year-old remote unit. Then, on Mr. George’s way to the station’s studio, the principal intercepted him to pass along an unexpected piece of mail. It was a petition to the Federal Communications Commission asking that WRFT be denied its license, which was due for renewal, and that its frequency be given to an outfit called the Hoosier Public Radio Corporation. Through his 34 years in commercial radio, the career he left to become a teacher, Mr. George had never once been on a station confronted in this way. He could not imagine why anyone would want to take over WRFT in particular, a 50-watt station with an annual budget of $4,200 and inoffensive programs like “Wakin’ Up in a Flash,” a talk show run by two seniors at the local Chick-fil-A restaurant. “I thought, ‘Is this fiction?’ “ Mr. George recalled. “Who could do this?” He has since learned the answer. Hoosier Public Radio is largely the enterprise of one man, Martin Hensley, a former radio engineer who now describes his occupation as “serving God.” And the effort by Mr. Hensley to take the F.C.C. license from WRFT, or at least force it to share broadcast time with him, offers but one example of a series of similar conflicts involving student radio stations. At least 20 high school stations, and a handful of college ones, have been fending off challenges to their licenses by Christian broadcasters in the last year. This flurry of action, which seemed so inexplicable to Mr. George, actually has a fierce logic to it. A loophole in commission regulations makes educational stations unusually vulnerable to takeover attempts. Moreover, their frequencies are a lucrative commodity, a bargain-basement way to get onto the air. The commission rarely auctions new frequencies on the crowded radio dial, and existing ones sell for $200,000 or so for a 50-watt operation like WRFT’s to more than $10 million for a major commercial station. “It’s opportunistic,” said Mark Goodman, executive director of the Student Press Law Center, an organization based in Arlington, Va., that provides legal assistance for student journalists. “People see this as a way to go after stations that are of value and of use. In the process, student voices can be lost, and the entire society loses. From teen pregnancy to school testing, we understand our world better and our teenagers better when we hear them.” http://www.nytimes.com/2005/11/23/nyregion/23education.html?ex=1290402000&en=a509d60b6ca4aecf&ei=5090&partner=rssuserland&emc=rss

STUDY SUGGESTS DMCA TAKEDOWN REGS ABUSED (SecurityFocus, 25 Nov 2005) -- One third of all requests to Internet service providers to remove stolen copyrighted material from their servers could likely be defeated in court, according to a study of some 900 notices by two legal experts. The survey examined takedown notices served to Google and another large Internet provider under the Digital Millennium Copyright Act (DMCA) Section 512. Two provisions of that section require that hosting providers and search providers remove content and links to content in order to gain exemption from possible copyright lawsuits. The music and movie industry typically use a different provision of the section to ask for suspected infringers to be cut off from the Internet. According to the study, thirty percent of the notices could be readily challenged in court on clear grounds, such as a substantial fair-use argument and the likelihood that the material is uncopyrightable. One out of 11 notices had such a significant legal flaw--such as not identifying the infringing material--as to render the notice unusable. Moreover, more than half of the notices for link removal that were sent to Google were sent by businesses targeting apparent rivals, the report said. While the authors of the study admit it uses a small sample set, the conclusions support contentions that the DMCA has been used to hobble expression on the Internet, even among security researchers, who have an explicit exemption in the law. http://www.securityfocus.com/brief/62

GENERAL ASSEMBLY ADOPTS CONVENTION ON ELECTRONIC COMMUNICATIONS IN CONTRACTING (UN, 25 Nov 2005) -- Updating international trade law to take account of new technologies, the United Nations General Assembly has adopted a new convention on using electronic communications in international contracting, superseding law negotiated before the development of e-mail and the Internet. The new Convention, approved on Wednesday, will assure companies and traders worldwide that contracts negotiated electronically are as valid and enforceable as traditional paper-based transactions. The provisions deal with such issues as determining a party’s location in an electronic environment; the time and place of dispatch and receipt of electronic communications and the use of automated message systems for contract formation. Other provisions contain criteria establishing functional equivalence between electronic communications and paper documents, including “original” paper documents, and between electronic authentication methods and hand-written signatures. The UN Commission on International Trade Law (UNCITRAL) Working Group on Electronic Commerce prepared the document from 2002 to late 2004 and adopted it at its 38th Session in Vienna, Austria, in July. The Convention complements and builds upon earlier instruments prepared by UNCITRAL, the core legal body of the UN system in the field of international trade law, including the UNCITRAL Model Law on Electronic Commerce and the UNCITRAL Model Law on Electronic Signatures. The Convention will be open for signature by all States at UN Headquarters from next 16 January to 16 January 2008. A signature event could take place during UNCITRAL’s 39th session in New York next year, from 19 June to 7 July, to promote State participation. http://www.un.org/apps/news/story.asp?NewsID=16685&Cr=general&Cr1=assembly

DUTCH COMPANY STARTS NEW INTERNET ADDRESS SYSTEM (Computerworld, 28 Nov 2005) -- A Dutch company has launched a new Internet addressing service that does away with the most common top-level domains (TLDs), such as .com and .edu, and allows organizations and individuals to register Internet addresses that end with the name of their business, or virtually any other word they choose. UnifiedRoot S & M BV, based in Amsterdam, said its system allows its customers to use more intuitive Internet addresses that are easier to remember. They can combine the TLDs with second-level domains for categories of products and services, such as fruit.supermarket and vegetables.supermarket, for example. The company has set up 13 master root servers around the world to run its Domain Name System (DNS), which it said will run “in parallel” with the Internet’s principle DNS, run by the Internet Corporation for Assigned Names and Numbers (ICANN). To avoid conflicts, UnifiedRoot won’t register TLDs already registered by ICANN, it said. Its success will depend partly on cooperation from ISPs, which will have to update their DNS server directories in order for them to include UnifiedRoot’s DNS servers. European ISP Tiscali SpA has made the change, according to Seeboldt, along with several local ISPs in Turkey. Without the cooperation of ISPs, end users will have to reconfigure their own PCs to recognize the UnifiedRoot TLDs, which the company acknowledged could be tricky for some users. http://www.computerworld.com/news/2005/story/0,11280,106559,00.html

THIRD CIRCUIT OFFERS A TUTORIAL ON THE CFAA AS A CIVIL CAUSE OF ACTION (Steptoe & Johnson’s E-Commerce Law Week, 26 Nov 2005) -- A recent decision by the US Court of Appeals for the Third Circuit in P.C. Yonkers, Inc. v. Celebrations the Party and Seasonal Superstore, LLC, clarified that injunctive relief is available in civil suits brought under the Computer Fraud and Abuse Act (CFAA ), 18 U.S.C. § 1030, and that a civil suit can be brought not just where access to a computer causes damage, but also where something of value is allegedly taken from that computer. This clarification was necessitated by a district court’s utter confusion over the terms of the CFAA, including whether it even offered a basis for a civil claim. This just goes to show how novel civil suits over security breaches still are. Nevertheless, despite feeling compelled to give the district court a primer on the CFAA, the Third Circuit upheld the lower court’s denial of a preliminary injunction on the ground that the plaintiffs had failed to allege what precisely the defendants had taken from their computers, an essential element of a claim based on § 1030(a)(4). So apparently the district court wasn’t the only one that needed to be taken to school. http://www.steptoe.com/index.cfm?fuseaction=ws.getItem&pubItemId=11317&siteId=547

PENTAGON’S URBAN RECON TAKES WING (Wired, 29 Nov 2005) -- A leading defense contractor has successfully demonstrated a system that lets foot soldiers command unmanned aerial vehicles, or UAVs, to see real-time overhead images on their handheld computers while fighting in urban battle zones. Individual war fighters can receive video-surveillance data on a target of interest by moving a cursor over the subject, as part of a Northrop Grumman system to automate reconnaissance, surveillance and target acquisition, or RSTA, within urban environments. UAVs have already proven their worth in the kinds of urban battle zones that produce daily headlines out of Iraq -- places like Falluja and Najaf, where the drones can navigate the labyrinth of streets or stealthily peer into buildings. But ground troops don’t currently have direct access to this surveillance and reconnaissance data, and they have no control of the aircraft that deliver it. That’s what HURT, for Heterogeneous Urban RSTA, promises to change. Northrop demonstrated the system this fall on the former site of Georgia Air Force Base in Victorville, California, on a grid of abandoned streets and buildings used to train soldiers in urban combat. Two fixed-wing UAVs, a Raven and a Pointer, along with an Rmax rotorcraft, were put aloft under the control of the system. Participants on the ground were able to view wide-area surveillance of the battle zone on handheld monitors, but could also send one of the UAVs in for a closer look at a suspected enemy position by merely moving over the subject with their cursor. http://www.wired.com/news/technology/0,1282,69612,00.html

PLAN TO PUT COMPANY REPORTS ON THE WEB (Reuters, 30 Nov 2005) -- Corporations would be allowed to post proxy statements and annual reports on Web sites, instead of sending them through the mail, under a plan proposed Tuesday by federal regulators. The Securities and Exchange Commission voted 5 to 0 to submit the plan to a 60-day public comment period, with a final vote by the commission expected later. Aimed at saving postage and printing costs, the so-called e-proxy measure is also seen as a way to cut the costs to shareholders of waging proxy contests. Under the proposed rule, investors would receive a postcard notice in the mail telling them that a proxy statement and annual report was available online. Investors wishing to continue receiving printed matter could request it. “Studies show that today 75 percent of Americans now have access to the Internet and this percentage is rising steadily,” Christopher Cox, the S.E.C. chairman, said at a meeting. “The percentage of investors with Internet access is even higher.” The proposal, if adopted early next year, would probably not be enacted in time for the 2006 proxy season but would come into play in 2007, said Alan L. Beller, director of the S.E.C.’s corporate finance division. http://www.nytimes.com/2005/11/30/business/30regulate.html?ex=1291006800&en=1b09ce18cb246bdc&ei=5090&partner=rssuserland&emc=rss

ANGRY BELLSOUTH WITHDREW DONATION, NEW ORLEANS SAYS (Washington Post, 3 Dec 2005) -- Hours after New Orleans officials announced Tuesday that they would deploy a city-owned, wireless Internet network in the wake of Hurricane Katrina, regional phone giant BellSouth Corp. withdrew an offer to donate one of its damaged buildings that would have housed new police headquarters, city officials said yesterday. According to the officials, the head of BellSouth’s Louisiana operations, Bill Oliver, angrily rescinded the offer of the building in a conversation with New Orleans homeland security director Terry Ebbert, who oversees the roughly 1,650-member police force. City officials said BellSouth was upset about the plan to bring high-speed Internet access for free to homes and businesses to help stimulate resettlement and relocation to the devastated city. http://www.washingtonpost.com/wp-dyn/content/article/2005/12/02/AR2005120201853.html

EUROPEAN LEGAL MINEFIELD FOR SOX WHISTLEBLOWER PROGRAMS (Steptoe & Johnson’s E-Commerce Law Week, 3 Dec 2005) -- Every so often unexploded ordnance from as far back as World War I is discovered in Europe, particularly in France. But for companies in Europe -- especially those that are subject to the US Sarbanes-Oxley Act (“SOX”) -- a more dangerous minefield appears to be the legal one that is emerging from the conflict between SOX whistleblower obligations and European data protection law. And (sacré bleu!) again the problem is most acute in France. The Commission Nationale de l’Informatique et des Libertés, the French data protection authority, has just released guidelines on the implementation of whistleblower reporting hotlines in France (“Guidelines”). Combined with a court decision in Germany earlier this year regarding the interaction of works councils and whistleblower hotlines, the Guidelines create a very confusing European legal environment for whistleblower programs. It now appears that European Union authorities will also jump into the controversy, and that the issue is also likely to spread to other European countries. http://www.steptoe.com/index.cfm?fuseaction=ws.getItem&pubItemId=11361&siteId=547 [EDITOR: inter alia, the Guidelines protect supervisors’ reputations against anonymous complaints, thereby conflicting with the whistleblower rules.]

UPLOAD, STORE, PLAY AND SHARE IN A FEW CLICKS (New York Times, 3 Dec 2005) -- In Hollywood, young screenwriters have “elevator pitches” always at the ready--pithy descriptions of their screenplays, intended to capture the imagination of passing movie executives. You know: “It’s ‘Titanic’ on a spaceship.” “It’s a female ‘Harry Potter.’” “It’s ‘Raising Arizona’ meets ‘Leaving Las Vegas.’” Most of the time, high-tech companies can describe their products with equal efficiency, but not always. Take, for example, Glide Effortless, a new Web service that went live Wednesday. “What is Glide Effortless?” its news release asks. “It is a compatible browser-based online solution with integrated software and service environments, providing powerful file management, creation, communication, sharing and e-commerce capabilities.” Here’s another stab: It’s a personal Web site to which you can upload your favorite photos, MP3 files, video clips and even Word, PowerPoint or PDF documents. (A separate companion program speeds the uploading process by letting you drag and drop big batches of files at once.) Once everything’s posted on the Web site, you can do two things with it: manage it or share it. http://news.com.com/Upload%2C+store%2C+play+and+share+in+a+few+clicks/2100-1038_3-5978421.html?tag=nefd.top [Editor: Collaboration spaces (like wikis) are important elements of my Knowledge Management practice; Glide’s offering is at one end of the capabilities-spectrum, which is being elongated in some interesting ways. Commoditization won’t be too far off.]

-- and --

SNARED IN THE WEB OF A WIKIPEDIA LIAR (New York Times, 4 December 2005) -- According to Wikipedia, the online encyclopedia, John Seigenthaler Sr. is 78 years old and the former editor of The Tennessean in Nashville. But is that information, or anything else in Mr. Seigenthaler’s biography, true? The question arises because Mr. Seigenthaler recently read about himself on Wikipedia and was shocked to learn that he “was thought to have been directly involved in the Kennedy assassinations of both John and his brother Bobby.” Mr. Seigenthaler discovered that the false information had been on the site for several months and that an unknown number of people had read it, and possibly posted it on or linked it to other sites. If any assassination was going on, Mr. Seigenthaler (who is 78 and did edit The Tennessean) wrote last week in an op-ed article in USA Today, it was of his character. The case triggered extensive debate on the Internet over the value and reliability of Wikipedia, and more broadly, over the nature of online information. Wikipedia is a kind of collective brain, a repository of knowledge, maintained on servers in various countries and built by anyone in the world with a computer and an Internet connection who wants to share knowledge about a subject. Literally hundreds of thousands of people have written Wikipedia entries. Mistakes are expected to be caught and corrected by later contributors and users. The whole nonprofit enterprise began in January 2001, the brainchild of Jimmy Wales, 39, a former futures and options trader who lives in St. Petersburg, Fla. He said he had hoped to advance the promise of the Internet as a place for sharing information. It has, by most measures, been a spectacular success. Wikipedia is now the biggest encyclopedia in the history of the world. As of Friday, it was receiving 2.5 billion page views a month, and offering at least 1,000 articles in 82 languages. The number of articles, already close to two million, is growing by 7 percent a month. And Mr. Wales said that traffic doubles every four months. Still, the question of Wikipedia, as of so much of what you find online, is: Can you trust it? And beyond reliability, there is the question of accountability. Mr. Seigenthaler, after discovering that he had been defamed, found that his “biographer” was anonymous. He learned that the writer was a customer of BellSouth Internet, but that federal privacy laws shield the identity of Internet customers, even if they disseminate defamatory material. And the laws protect online corporations from libel suits. He could have filed a lawsuit against BellSouth, he wrote, but only a subpoena would compel BellSouth to reveal the name. In the end, Mr. Seigenthaler decided against going to court, instead alerting the public, through his article, “that Wikipedia is a flawed and irresponsible research tool.” http://www.nytimes.com/2005/12/04/weekinreview/04seelye.html?ex=1291352400&en=6a97402d6595c6f1&ei=5090&partner=rssuserland&emc=rss and http://news.com.com/Is+Wikipedia+safe+from+libel+liability/2100-1025_3-5984880.html?tag=nefd.lede

CAL. APPELLATE CT. RULES AGAINST EARTHLINK FORUM CLAUSE (BNA’s Internet Law News, 5 Dec 2005) -- A California appeals court has held that Earthlink’s arbitration and forum selection clauses in its DSL click through agreement are unenforceable under California law. The case arose as part of a class action suit, with the court ruling that “a forum selection clause that discourages legitimate claims by imposing unreasonable geographical barriers is unenforceable under well-settled California law.” Decision at http://www.courtinfo.ca.gov/opinions/documents/B177146.PDF

9/11 PANEL FAULTS GOVERNMENT ON CYBERSECURITY (CNET, 6 Dec 2005) -- The federal government is not making enough progress in protecting critical infrastructures such as communications networks and the Internet, said former members of the commission that investigated the attacks of Sept. 11, 2001. Progress also is lacking in airline security and providing radio spectrum to first responders, according to the 9/11 Public Discourse Project, which is made up of the 10 individuals--five Republicans and five Democrats--who served on the Sept. 11 commission. The 9/11 Public Discourse Project on Monday issued a report card with an A- for battling terrorist financing, but all 40 of the other grades (see PDF) were lower. “There are far too many C’s, D’s and F’s in the report card we will issue today. Many obvious steps that the American people assume have been completed have not been. Our leadership is distracted,” the project leaders said in a statement. Critical infrastructure protection initiatives received a D: No risk and vulnerability assessments have been made; no national priorities have been established; and no recommendations have been made on allocation of scarce resources, according to the report. “All key decisions are at least a year away. It is time that we stop talking about setting priorities, and actually set some,” the former commissioners wrote. The shortcomings are “shocking” and “scandalous,” according to the 9/11 Public Discourse Project. The government also was faulted for a lack of agency information-sharing that’s needed to strengthen intelligence, members said. The former commissioners also critiqued the work on new, more secure ID cards according to the Real ID Act. New standards for issuing birth certificates continue to be delayed until at least early 2006. “Without movement on the birth certificate issue, state-issued IDs are still not secure,” according to the report. In addition, Congress has failed to take a leading role in passport security, the report said. http://news.com.com/911+panel+faults+government+on+cybersecurity/2100-7348_3-5984743.html?tag=nefd.top

WEB OF LIES (InsideHigherEd, 6 Dec 2005) -- When several of his colleagues expressed doubts about whether they would eventually want to tenure him, William Bradford, an associate professor of law at Indiana University in Indianapolis, went public with his complaints. He posted on blogs, he talked on the radio, he talked to this Web site, he hit “The O’Reilly Factor.” His message: Liberal faculty members were pushing him out because he is conservative, a war veteran and a Native American who didn’t fit a liberal mold for Native Americans. But as Bradford’s complaints grew louder, his story unraveled. It has now become clear that Bradford lied about, among other things, his military service. University officials confirmed Monday that Bradford — who did not respond to e-mail and voice messages and who hasn’t commented on the latest events — has resigned, effective January 1. Bradford appeared on the national radar this summer, after five faculty members on a review committee, which did authorize his reappointment, said they did not think he deserved tenure at the time. Bradford, whose degrees include one each from Northwestern and Harvard Universities, railed against what he claimed was a liberal conspiracy against him. http://insidehighered.com/news/2005/12/06/bradford [Editor: Mr. Bradford has some interesting ideas; I’ve heard him deliver an impassioned argument for the Bush administration’s “pre-emptive war” doctrine; some thought it (and the doctrine) over-the-top.]

OK, OK, MAYBE PIRACY IS BAD (Wired, 8 Dec 2005) -- Software piracy is rampant and hampering economic growth, and it is increasingly in the hands of organized groups which are regarded as legitimate businesses in some countries. The global piracy rate is currently around 35 percent, coming down only 1 percent a year, research group IDC found in a study commissioned by the Business Software Allliance, which represents around 50 software firms. The study, covering 70 countries which represent 99 percent of the world’s information technology spending, said that a worldwide reduction of software piracy by 10 percentage points to 25 percent could generate 2.4 million jobs and $400 billion of economic growth. The battle against software piracy has been relatively successful over the last 15 years, with the piracy rate in Europe dropping to 35 percent from almost 80 percent in 1992 when the European authorities adopted special legislation. Still, a 35 percent piracy rate is more than 20 times higher than the percentage that retail stores lose through shoplifting. At its worst, piracy runs as high as 90 percent in China and 87 percent in Russia. The United States has a modest 21 percent piracy rate. China is already one of the world’s biggest personal computer markets, but does not even make it into the top 20 of software markets because so much software is illegally copied. http://www.wired.com/news/business/0,1367,69785,00.html

EFF MOVES TO BLOCK CERTIFICATION OF E-VOTING SYSTEMS (CNET, 9 Dec 2005) -- The Electronic Frontier Foundation filed a complaint aimed at blocking North Carolina’s recent certifications of voting machines, saying state elections officials failed to meet legal requirements before signing off on the systems. The complaint, filed in Wake County Superior Court by the EFF and a Raleigh lawyer on behalf of a local voters’ advocate, calls for a judge to void certifications that the Board of Elections issued last week to Diebold, ES&S and Sequoia Voting Systems. It also requests a restraining order that would prevent elections officials from certifying any new systems until they comply fully with state election laws. The state legislature modified those laws this summer, setting new standards for e-voting machines and requiring that existing systems be decertified. State elections officials “exceeded their statutory authority” in signing off on the systems, because they disregarded the law in two areas, the complaint charges. First, they failed to complete a comprehensive review of various security features on the systems, and second, they neglected to obtain every bit of source code associated with software on the devices--one of the new legal requirements. E-voting machines continue to generate security concerns and calls for reform. During the 2004 presidential election, officials acknowledged that glitches in some systems led to lost votes in a few states’ tallies--including 4,500 in one North Carolina county. Diebold, an Ohio-based company that makes automatic-teller machines as well, is also no stranger to controversy. Last year, California officials questioned the company on the integrity of its systems and recommended banning Diebold machines from the state. http://news.com.com/EFF+moves+to+block+certification+of+e-voting+systems/2100-1028_3-5988243.html?tag=nefd.top EFF Complaint at http://www.eff.org/Activism/E-voting/EFF_Mandamus_Complaint_TRO_20051208140945.pdf

WORKER PRIVACY: YOU HAVE NONE (Wired, 9 Dec 2005) -- If you have internet access at work, there’s a very good chance your employer has a system in place to monitor your online activities. So, if you’re concerned about privacy, take heed. Under current U.S. law, there’s little you can do to protect the confidentiality of your internet use on the job. Here’s a rundown of the rights you don’t have at work. Notice of monitoring: Only two states (Connecticut and Delaware) require that employers inform workers if they are monitoring online activity, according to Jeremy Gruber, legal director, the National Workrights Institute. Federal legislation requiring such disclosure has been proposed but not enacted. That said, most employers do provide notice to employees if they track workplace web use. In an employer survey conducted this year by the American Management Association and the ePolicy Institute, 89 percent of respondents said they notify employees if their web usage is being tracked. Privacy outside the office: More workers are telecommuting these days, often using laptops and other portable devices provided by their employer. But leaving the office doesn’t guarantee freedom from internet surveillance. Using the company laptop to remotely access its network is, from a monitoring legality standpoint, generally the same as working from the office, said Mark Schreiber, a partner at Edwards Angell Palmer & Dodge, who advises firms regarding internet use policies. People who are entering the company network from home, even from their personal computer, should be aware that online activities may be monitored. To protect privacy, Gruber’s recommends investing in your own equipment: “Use your own system that is in no way, shape, or form connected through the employer’s network,” he said. The right to blog: People who like to blog -- especially about their employer -- should refrain from doing so at work. “The computer system is the property of the employer, and the employer has the right to monitor all internet activity,” said Nancy Flynn, executive director of the ePolicy Institute. “That would include blog posts and all e-mail and internet transmissions.” Flynn estimates that hundreds of people have been fired for their blog content in recent years. In the AMA/ePolicy survey, 26 percent of respondents said they had fired workers for misusing the internet. A quarter of employers also said they’d terminated workers for e-mail misuse. Weekend work without monitoring: If you’re laboring overtime and taking work home for the weekend, employers are likely still monitoring your online activities if you use their equipment or network, says Gruber. That means employees might want to be careful about personal web-surfing or e-mail activities until they’ve logged off the company server. http://www.wired.com/news/privacy/0,1848,69732,00.html

LIVE TRACKING OF MOBILE PHONES PROMPTS COURT FIGHTS ON PRIVACY (New York Times, 10 Dec 2005) -- Most Americans carry cellphones, but many may not know that government agencies can track their movements through the signals emanating from the handset. In recent years, law enforcement officials have turned to cellular technology as a tool for easily and secretly monitoring the movements of suspects as they occur. But this kind of surveillance - which investigators have been able to conduct with easily obtained court orders - has now come under tougher legal scrutiny. In the last four months, three federal judges have denied prosecutors the right to get cellphone tracking information from wireless companies without first showing “probable cause” to believe that a crime has been or is being committed. That is the same standard applied to requests for search warrants. The rulings, issued by magistrate judges in New York, Texas and Maryland, underscore the growing debate over privacy rights and government surveillance in the digital age. With mobile phones becoming as prevalent as conventional phones (there are 195 million cellular subscribers in this country), wireless companies are starting to exploit the phones’ tracking abilities. For example, companies are marketing services that turn phones into even more precise global positioning devices for driving or allowing parents to track the whereabouts of their children through the handsets. Not surprisingly, law enforcement agencies want to exploit this technology, too - which means more courts are bound to wrestle with what legal standard applies when government agents ask to conduct such surveillance. Cellular operators like Verizon Wireless and Cingular Wireless know, within about 300 yards, the location of their subscribers whenever a phone is turned on. Even if the phone is not in use it is communicating with cellphone tower sites, and the wireless provider keeps track of the phone’s position as it travels. The operators have said that they turn over location information when presented with a court order to do so. http://www.nytimes.com/2005/12/10/technology/10phone.html?ex=1291870800&en=2019ce35d6b47983&ei=5090&partner=rssuserland&emc=rss

**** RESOURCES ****
THE SHIDLER JOURNAL OF LAW, COMMERCE & TECHNOLOGY is pleased to announce the recent publication of Volume 2, Issue 2. Abstracts for each of the articles in the current issue are provided below. Simply click on an article title to access a full text version of the article, or visit the Journal’s home page at www.lctjournal.washington.edu. The website also includes articles from past issues of the Journal. Recent titles are: “The FACT Act of 2003: Securing Personal Information In an Age of Identity Theft”; “Liability Under the Americans with Disabilities Act for Private Web Site Operators”; “Streamlined Sales and Use Tax Agreement: Is Your Business Ready for Compliance?”; “Proposed Federal Definition of ‘Internet Job Applicant’ Suggests Need for Revised Human Resource Policies”; and “‘I Didn’t Know My Client Wasn’t Complying!” - The Heightened Obligation Lawyers Have to Ensure Clients Follow Court Orders in Litigation Matters”.

The GAO now supplies reports and testimony via RSS – click the RSS button on http://www.gao.gov/

SOURCES:
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu.
2. Edupage, http://www.educause.edu/pub/edupage/edupage.html.
3. SANS Newsbites, sans@sans.org.
4. NewsScan and Innovation, http://www.newsscan.com.
5. Internet Law & Policy Forum, http://www.ilpf.org.
6. BNA’s Internet Law News, http://ecommercecenter.bna.com.
7. The Ifra Trend Report, http://www.ifra.com/website/ifra.nsf/html/ITR-HTML.
8. Crypto-Gram, http://www.schneier.com/crypto-gram.html.
9. Gordon & Glickson’s Articles of Note, http://www.ggtech.com
10. Readers’ submissions, and the editor’s discoveries.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.

No comments: