Saturday, December 23, 2006

MIRLN -- Misc. IT Related Legal News [3-23 December 2006; v9.17]

**************Introductory Note**********************

MIRLN (Misc. IT Related Legal News) is a free product of the American Bar Association’s Cyberspace Law Committee and Dickinson Wright PLLC. Please feel free to distribute this message. Dickinson Wright’s IT & Security Law practice group is described at http://tinyurl.com/joo5y.

Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at http://www.abanet.org/dch/committee.cfm?com=CL320000 (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN editions are archived at www.vip-law.com and blogged at http://mirln.blogspot.com/.

**************End of Introductory Note***************

**** MEETINGS OF NOTE ****
ABA’S CYBERSPACE LAW COMMITTEE WINTER WORKING MEETING (January 26-27, 2007; Little Rock, Arkansas) -- Subcommittees will meet to advance on-going projects and to plan upcoming programs. A recent list of Committee projects is available at http://www.abanet.org/dch/committee.cfm?com=CL320000. The Committee Dinner will be held Friday evening at the Clinton Library. Register online at http://www.abanet.org/buslaw/committees/CL320000pub/meetings.shtml. The deadline to register is Friday, January 12, 2007. [Editor: Please come; this is consistently THE most productive gathering of IT lawyers working on real-world problems.]

**** NEWS ****

COURT SIDES WITH ALLEGED ‘VACATION’ SPAMMER (CNET, 29 Nov 2006) -- When antispam activist Mark Mumma received unsolicited e-mails advertising cruise vacations two years ago, he posted a report on his Web site and threatened to sue Omega World Travel. But Mumma met with an unpleasant surprise: He was the one sued in federal court by Omega World Travel and its subsidiary Cruise.com, which demanded $3.8 million in damages for defamation. Mumma, who owns Oklahoma-based MummaGraphics and runs a one-man Web design and hosting shop at Webguy.com, filed counterclaims against the companies and CEO Gloria Bohan. The 4th Circuit Court of Appeals sided with the alleged spammers. In a little-noticed opinion issued in mid-November, a three-judge panel acknowledged the e-mail messages in question may have included a false Internet address and a nonworking “From:” address, but concluded that they nevertheless were permitted under the federal antispam law known as the Can-Spam Act. “The Can-Spam Act preempts MummaGraphics’ claims under Oklahoma’s statutes,” Judge James Harvie Wilkinson III wrote in an opinion published November 17 (click here for PDF). The Can-Spam Act “addresses ‘spam’ as a serious and pervasive problem, but it does not impose liability at the mere drop of a hat,” Wilkinson added. This ruling could prove to be a setback for other antispam activists for one major reason: It suggests that, thanks to the Can-Spam Act, state laws prohibiting fraudulent or deceptive communications won’t be all that useful against junk e-mail. “There’s been a lot of activity in the states to pass laws purportedly to protect their citizens” from spam, said Eric Goldman, a law professor at Santa Clara University. “The 4th Circuit may have laid waste to all of those efforts.” Goldman, who has written about the case, said the ruling that the federal Can-Spam Act trumps a state’s law “has to burst the bubble of a lot of antispam activists.” David Sorkin, a law professor at Chicago’s John Marshall Law School who edits the Spamlaws.com site, is more blunt. The ruling, he said, “vindicates those of us who view Can-Spam as pointless and potentially dangerous legislation.” http://news.com.com/2102-1030_3-6138874.html?tag=st.util.print Goldman’s analysis here: http://blog.ericgoldman.org/archives/2006/11/fourth_circuit_1.htm

MPAA KILLS ANTI-PRETEXTING BILL (Wired, 1 Dec 2006) -- A tough California bill that would have prohibited companies and individuals from using deceptive “pretexting” ruses to steal private information about consumers was killed after determined lobbying by the motion picture industry, Wired News has learned. The bill, SB1666, was written by state Sen. Debra Bowen, and would have barred investigators from making “false, fictitious or fraudulent” statements or representations to obtain private information about an individual, including telephone calling records, Social Security numbers and financial information. Victims would have had the right to sue for damages. The bill won approval in three committees and sailed through the state Senate with a 30-0 vote. Then, according to Lenny Goldberg, a lobbyist for the Privacy Rights Clearinghouse, the measure encountered unexpected, last-minute resistance from the Motion Picture Association of America. “The MPAA has a tremendous amount of clout and they told legislators, ‘We need to pose as someone other than who we are to stop illegal downloading,’” Goldberg said. Consequently, when the bill hit the assembly floor Aug. 23, it was voted down 33-27, just days before revelations about Hewlett-Packard’s use of pretexting to spy on journalists and board members put the practice in the national spotlight. http://www.wired.com/news/technology/0,72214-0.html

FBI TAPS CELL PHONE MIC AS EAVESDROPPING TOOL (CNET, 1 Dec 2006) -- The FBI appears to have begun using a novel form of electronic surveillance in criminal investigations: remotely activating a mobile phone’s microphone and using it to eavesdrop on nearby conversations. The technique is called a “roving bug,” and was approved by top U.S. Department of Justice officials for use against members of a New York organized crime family who were wary of conventional surveillance techniques such as tailing a suspect or wiretapping him. Nextel cell phones owned by two alleged mobsters, John Ardito and his attorney Peter Peluso, were used by the FBI to listen in on nearby conversations. The FBI views Ardito as one of the most powerful men in the Genovese family, a major part of the national Mafia. The surveillance technique came to light in an opinion published this week by U.S. District Judge Lewis Kaplan. He ruled that the “roving bug” was legal because federal wiretapping law is broad enough to permit eavesdropping even of conversations that take place near a suspect’s cell phone. Kaplan’s opinion said that the eavesdropping technique “functioned whether the phone was powered on or off.” Some handsets can’t be fully powered down without removing the battery; for instance, some Nokia models will wake up when turned off if an alarm is set. http://news.com.com/2100-1029_3-6140191.html

SENATOR PLEDGES MORE SCRUTINY OF GOVERNMENT’S TERRORIST SCREENING SYSTEMS (SiliconValley.com 1 Dec 2006) -- The incoming Senate Judiciary chairman pledged greater scrutiny Friday of computerized government anti-terrorism screening after learning that millions of Americans who travel internationally have been assigned risk assessments over the last four years without their knowledge. ``Data banks like this are overdue for oversight,” said Sen. Patrick Leahy, D-Vt., who will take over Judiciary in January. ``That is going to change in the new Congress.” The Associated Press reported Thursday that millions of Americans and foreigners crossing U.S. borders in the past four years have been assessed by the computerized Automated Targeting System, or ATS, designed to help pick out terrorists or criminals. The travelers are not allowed to see or directly challenge these risk assessments, which the government intends to keep on file for 40 years. Under specific circumstances, some or all data in the system can be shared with state, local and foreign governments and even some private contractors. ``It is simply incredible that the Bush administration is willing to share this sensitive information with foreign governments and even private employers, while refusing to allow U.S. citizens to see or challenge their own terror scores,” Leahy said. This system ``highlights the danger of government use of technology to conduct widespread surveillance of our daily lives without proper safeguards for privacy.” http://www.siliconvalley.com/mld/siliconvalley/news/editorial/16143019.htm

CORPORATES WANT STANDARDIZED REMITTANCE DATA IN WIRE TRANSFERS (Bank Systems & Technology, 1 Dec 2006) -- Businesses would be more likely to choose wire transfers for electronic payments -- rather than ACH or check -- if they were provided with more-standardized remittance information with wire payments, according to a joint study by The Clearing House Payments Company (which operates CHIPS) and the Federal Reserve Bank (operators of Fedwire). The two rivals in the wire space joined forces for the study, which examined responses from 381 corporate decision makers, hoping to encourage corporates to use wire transfers more often. Ninety-four percent of [corporate participants] said remittance information was valuable to them,” says Hank Farrar, SVP with The Clearing House (New York). “[They] understand the value of having information with their payments.” With standardized data, businesses can post payments to their internal systems with less manual intervention. “It makes it difficult to process a payment in a straight-through manner without remittance information,” says Ken Isaacson, an assistant VP with the Federal Reserve Bank of New York. What was eye-opening about the study, though, was that 58 percent of participants said they would pay extra for wires that included remittance information. “The corporates actually indicated they were willing to pay more for this information,” adds Isaacson. One of the chief impediments to including remittance information with wire payments is the lack of standards, according the report, “Business-to-Business Wire Transfer Payments: Customer Preferences and Opportunities for Financial Institutions.” “The problem is, you’ve got companies, banks and software providers all trying to figure out what to do about this,” explains The Clearing House’s Farrar. “Which way do you go? Corporates are looking for standards.” “As a result, we believe the wire transfer operators, banks and software vendors need to agree to a common standard for remittance information,” explains the Fed’s Isaacson. “We need to create the right incentive for this. ... Corporates are likely to use wire transfers more if the process becomes easier and more efficient.” http://www.banktech.com/feed/showArticle.jhtml?articleID=196601367

BANKING GROUPS RELEASE GUIDANCE FOR RESPONDING TO DATA BREACHES (Steptoe & Johnson’s E-Commerce Law Week, 2 Dec 2006) -- Companies that suffer a data security breach must negotiate a crazy quilt of state and federal laws. And even with the most adept handling, the breach may still damage customer confidence and companies’ reputations -- and draw the attention of the Federal Trade Commission, state Attorneys General, and the plaintiffs’ bar. In an effort to help financial institutions avoid these potential pitfalls, the BITS Financial Services Roundtable and the American Bankers Association recently released guidance for “developing and executing response programs.” Although intended primarily for financial institutions, the document also extends to other industries, advising “all entities that handle sensitive customer information” to implement “similar security standards.” And with Democrats hinting that data security and identity theft may be priorities in the coming congressional term, the document seems as much directed at lawmakers as at the business world. http://www.steptoe.com/publications-4048.html ABA Guidance at http://www.bitsinfo.org/downloads/Publications%20Page/BITSABADBNov06.pdf

INSURANCE COVERS KOREAN FINANCIAL LOSSES FROM HACKING (The Korea Times, 5 Dec 2006) -- Financial service providers [in Korea] will be required to insure customers’ accounts to cover financial damage caused by hackers and financial accidents beginning next month, the Financial Supervisory Service (FSS) said Tuesday. The FSS will make it compulsory for banks to sign insurance contracts that can cover financial damage of up to 2 billion won in the case of hackers and electronic system breakdowns. The policy is in line with toughened regulations on online financial transactions that will take effect beginning January. Commercial banks, the Industrial Bank of Korea and the National Agricultural Cooperative Federation must provide insurance that covers damage up to 2 billion won. The Korea Development Bank, the Korea Post and the National Federation of Fisheries Cooperatives must have insurance coverage of up to 1 billion won, while securities firms and stock-related financial firms must have coverage of 500 million won. Insurance companies must have policies that cover damages of up to 100 million won. The government is moving to oblige financial institutions to compensate consumers for virtually all financial losses from hackers’ intrusions into online financial accounts and personal data. http://times.hankooki.com/lpage/biz/200612/kt2006120519175511870.htm

BUSH ‘PRIVACY BOARD’ JUST A GAG (Wired, 6 Dec 2006) -- The first public meeting of a Bush administration “civil liberties protection panel” had a surreal quality to it, as the five-member board refused to answer any questions from the press, and stonewalled privacy advocates and academics on key questions about domestic spying. The Privacy and Civil Liberties Oversight Board, which met Tuesday, was created by Congress in 2004 on the recommendation of the 9/11 Commission, but is part of the White House, which handpicked all the members. Though mandated by law in late 2004, the board was not sworn in until March 2006, due to inaction on the part of the White House and Congress. The three-hour meeting, held at Georgetown University, quickly established that the panel would be something less than a fierce watchdog of civil liberties. Instead, members all but said they view their job as helping Americans learn to relax and love warrantless surveillance. “The question is, how much can the board share with the public about the protections incorporated in both the development and implementation of those policies?” said Alan Raul, a Washington D.C. lawyer who serves as vice chairman. “On the public side, I believe the board can help advance national security and the rights of American by helping explain how the government safeguards U.S. personal information.” Board members were briefed on the government’s NSA-run warrantless wiretapping program last week, and said they were impressed by how the program handled information collected from American citizens’ private phone calls and e-mail. Lisa Graves, the deputy director of the Center for National Security Studies, asked the board two simple questions: Did they know how many Americans had been eavesdropped on by the warrantless wiretapping program, and, if so, how many? Raul acknowledged in a roundabout way that the data existed, but said it was too sensitive to release. Graves then asked if the board had pushed to have that data made public, as the Justice Department is required to do with typical spy wiretaps. Raul declined to say. “It is important for us to retain confidentiality on what recommendations we have and haven’t made,” he said. Graves tried to push the issue of whether the board was going to be public or private, but chairwoman Carol Dinkins politely cut her off and ended the question-and-answer session. http://www.wired.com/news/technology/0,72248-0.html

CHANGES ARE EXPECTED IN VOTING BY 2008 ELECTION (New York Times, 8 Dec 2006) -- By the 2008 presidential election, voters around the country are likely to see sweeping changes in how they cast their ballots and how those ballots are counted, including an end to the use of most electronic voting machines without a paper trail, federal voting officials and legislators say. New federal guidelines, along with legislation given a strong chance to pass in Congress next year, will probably combine to make the paperless voting machines obsolete, the officials say. States and counties that bought the machines will have to modify them to hook up printers, at federal expense, while others are planning to scrap the machines and buy new ones. Motivated in part by voting problems during the midterm elections last month, the changes are a result of a growing skepticism among local and state election officials, federal legislators and the scientific community about the reliability and security of the paperless touch-screen machines used by about 30 percent of American voters. The changes also mean that the various forms of vote-counting software used around the country — most of which are protected by their manufacturers for reasons of trade secrecy — will for the first time be inspected by federal authorities, and the code could be made public. There will also be greater federal oversight on how new machines are tested before they arrive at polling stations. “In the next two years I think we’ll see the kinds of sweeping changes that people expected to see right after the 2000 election,” said Doug Chapin, director of electionline.org, a nonpartisan election group. “The difference now is that we have moved from politics down to policies.” Many of the paperless machines were bought in a rush to overhaul the voting system after the disputed presidential election in 2000, which was marred by hanging chads. But concerns have been growing that in a close election those machines give election workers no legitimate way to conduct a recount or to check for malfunctions or fraud. Several counties around the country are already considering scrapping their voting systems after problems this year, and last week federal technology experts concluded for the first time that paperless touch-screen machines could not be secured from tampering. http://www.nytimes.com/2006/12/08/washington/08voting.html?ex=1323234000&en=3477a8e068ee5994&ei=5090&partner=rssuserland&emc=rss

HP, CALIF. SETTLE SPYING LAWSUIT (Washington Post, 8 Dec 2006) -- California’s attorney general announced a $14.5 million civil settlement with Hewlett-Packard over its corporate spying scandal yesterday and said in an interview that he was exploring a possible settlement of criminal charges against the firm’s former chairman. Patricia C. Dunn was ousted as chairman in September after the HP ethics and spying scandal became public. California Attorney General Bill Lockyer filed fraud and conspiracy charges against her in October, a day after Dunn learned that she had suffered a relapse of ovarian cancer. Lockyer said he has been talking to Dunn’s attorney, James Brosnahan, about a potential settlement. “I’m sympathetic to her health problems,” Lockyer said in an interview, adding that there was “nothing yet that would indicate that settlements are likely.” The civil settlement involved a lawsuit the state filed against the computer giant in Santa Clara County Superior Court. Under the agreement, HP will pay $13.5 million to create a “privacy and piracy” fund to help state and local law enforcement fight privacy and intellectual property violations. The rest of the money will go to damages and to pay for the investigation. HP also agreed to strengthen in-house monitoring to ensure that future investigations launched by HP or its contractors will comply with legal and ethical standards and protect privacy rights. HP further agreed to hire an independent director, expand the duties of its chief ethics officer and chief privacy officer, beef up staff ethics training and create a compliance council to set policies for ethics programs. http://www.washingtonpost.com/wp-dyn/content/article/2006/12/07/AR2006120701067.html

TECH FIRMS SEEK FEDERAL DATA-PRIVACY LAW (SiliconValley.com, 8 Dec 2006) -- Microsoft Corp., Hewlett-Packard Co. and other high-tech companies are preparing to push for data-privacy legislation next year to replace what they consider an outdated patchwork of state and federal laws that are inconsistent and burdensome. ``We think the time has come for a comprehensive privacy bill that would protect consumers’ personal information while still allowing the flow of information needed for commerce online,” Ira Rubinstein, a Microsoft lawyer, said this week. Several recent high-profile breaches of consumers’ personal information have made consideration of privacy proposals more likely, Rubinstein said. The Social Security numbers and medical data of approximately 930,000 people were compromised this June, for example, when computer equipment belonging to insurance provider American International Group Inc. was stolen. Microsoft, HP and eBay Inc. earlier this year formed the Consumer Privacy Legislative Forum to lobby for privacy legislation. Google Inc., Intel Corp., Oracle Corp. and other companies later joined. The forum supports legislation that would set standards for what notice must be given to consumers about personal information collected on them and how it will be used, Rubinstein said. The companies are aiming for a law that would override any existing state laws and standardize privacy rules across industries. The group’s efforts will likely face some opposition, however. Marc Rotenberg, executive director of the Electronic Privacy Information Center, a consumer advocacy group, said the proposals, if adopted, would amount to an industry drafting its own regulations. Rotenberg also argued that the notices to consumers preferred by Microsoft and other companies are insufficient to protect online privacy. Instead, consumers should have access to the data that companies have on them and have more control over how they are used, he said, similar to the way consumers can currently access their credit reports. Rotenberg also opposes the pre-emption of state laws, which he said in many cases have better protections than federal rules. Many anti-spam experts complained when Congress in 2003 approved a measure that did not let individuals sue spammers and that pre-empted most state laws that did. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/16197575.htm

MAJOR BREACH OF UCLA’S COMPUTER FILES (L.A. Times, 12 Dec 2006) -- In what appears to be one of the largest computer security breaches ever at an American university, one or more hackers have gained access to a UCLA database containing personal information on about 800,000 of the university’s current and former students, faculty and staff members, among others. UCLA officials said the attack on a central campus database exposed records containing the names, Social Security numbers and birth dates — the key elements of identity theft — for at least some of those affected. The attempts to break into the database began in October 2005 and ended Nov. 21, when the suspicious activity was detected and blocked, the officials said. In a letter scheduled to be sent today to potential victims of the breach, acting Chancellor Norman Abrams said that although some Social Security numbers were obtained by the hackers, the university had no evidence that any of the information had been misused. “We take our responsibility to safeguard personal information very seriously,” Abrams said in the letter, which was scheduled to be mailed or e-mailed overnight to those whose records were compromised. “My primary concern is to make sure this does not happen again” and to provide information to try to minimize the risk of identity theft for those affected, he said. Abrams urged those whose records might have been accessed to monitor their consumer credit files and consider fraud alerts and other precautions. The UCLA incident is the latest in a series of computer security breaches affecting private organizations, financial institutions, government agencies and other large employers. Partly because of their tradition of openness, universities are proving to be a favorite — and often vulnerable — target, several experts in the field said Monday. In 2003, for example, a hacker at San Diego State used an outdated computer network in the drama department to find a way into the financial aid system. The Social Security numbers of more than 200,000 people were exposed. Foley and others interviewed said that although there was no evidence of any fraudulent or illegal use of the information, the UCLA breach, in the sheer number of people affected, appeared to be among the largest at an American college or university. “To my knowledge, it’s absolutely one of the largest,” said Rodney Petersen, security task force coordinator for Educause, a nonprofit higher education association that focuses on technology issues. He said most problems at universities have involved breaches of departmental or other, smaller databases. Comprehensive statistics on computer break-ins at colleges do not exist. But in the first six months of this year alone, there were at least 29 security failures at colleges nationwide, jeopardizing the records of 845,000 people. Both private and public institutions have been hit. In 2005, a database at USC was hacked, exposing the records of 270,000 individuals. http://www.latimes.com/news/local/la-me-ucla12dec12,0,7111141.story?coll=la-home-headlines

-- and --

UNIVERSITIES VULNERABLE TO ID THIEVES (Washington Post, 17 Dec 2006) -- Universities have become attractive targets for hackers who are taking advantage of the openness of the schools’ networks, their decentralized security and the personal information they keep on millions of young adults. A major database breach at the University of California, Los Angeles that went undetected for more than a year and a smaller breach at the University of Texas are the latest examples of how vulnerable colleges are to such attacks, security experts said. Universities account for more than 50 data breaches on a list of more than 300 so far this year as tracked by the Privacy Rights Clearinghouse. Hackers have broken into computer systems at Georgetown University, Ohio University, the University of Alaska and Western Illinois University, among others. “They are a major category, if not the major category,” Clearinghouse director Beth Givens said. Hackers also might have obtained the personal information of 6,000 people who worked for, applied to or attended the University of Texas at Dallas, school officials said last week. The information includes names and Social Security numbers, the school said. In some cases, addresses, e-mail addresses and telephone numbers also might have been obtained. In both cases, school officials stress there is no indication that any of the information has been used to obtain phony credit cards or commit identity-theft crimes. One reason university databases make such attractive targets is that Social Security numbers are routinely used to identify students. http://www.washingtonpost.com/wp-dyn/content/article/2006/12/17/AR2006121700302.html -- and -- related story excerpt: AN OMINOUS MILESTONE: 100 MILLION DATA LEAKS (New York Times, 18 Dec 2006) -- * * * In fact, educational institutions were twice as likely to report suffering a breach as any other type of entity, with government, general businesses, financial service and healthcare companies pulling up behind. “College and university databases are the ideal target for cyber criminals and unscrupulous insiders,” said Ron Ben-Natan, the chief technology officer of Guardium, a database security and monitoring company based in Waltham, Mass. “They store large volumes of high-value data on students and parents, including financial aid, alumni and credit card records. “At the same time,” Mr. Ben-Natan continued, “these organizations need open networks to effectively support their faculty, students and corporate partners.” http://www.nytimes.com/2006/12/18/technology/18link.html?ex=1324098000&en=1a4715bcf2898783&ei=5090&partner=rssuserland&emc=rss

-- and --

WHAT’S KEEPING THE TORT LAWYERS AT BAY (Computer World, 18 Dec 2006) -- Ever since security breaches became a regular happening, pundits have been saying liability lawsuits are sure to follow. Information security breaches have been dubbed “the next asbestos” because of the potential for courts to force companies to pay billions of dollars in damages to thousands of victims. But it probably will be many years before large numbers of victims of information leaks collect a dime. There are a couple of reasons why the deluge of security lawsuits hasn’t materialized, according to John Soma, a professor at the University of Denver College of Law and the executive director of its Privacy Foundation. For starters, there isn’t a legally recognized foundation for launching lawsuits over data breaches. The mere occurrence of a security breach is insufficient justification for filing a lawsuit, Soma says. Lawsuits charging negligence must show that accepted standards of performance weren’t met. But today’s standards of security performance are either immature or untested in court. Actual damages are the second criteria for a lawsuit. Asbestos victims were exposed to a hazardous substance and exhibit symptoms of deadly diseases directly linked to that exposure. So far, there haven’t been thousands of security breach victims who can demonstrate that they have actually suffered significant damages, although the potential for that to happen certainly exists. It isn’t even easy to file a lawsuit saying regulations were violated, because today’s security regulations are purposely nebulous. The lack of concrete details in federal security regulations, such as the rules under the Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act, make a poor target for the tort bar. Dan Langin, an information security lawyer in Overland Park, Kan., says the legal system is “at the stage where the compliance picture is being sorted out.” For example, the Securities and Exchange Commission’s guidance on internal controls required by Sarbanes-Oxley is nowhere near as specific as the Environmental Protection Agency’s regulations on asbestos exposure. HIPAA and Gramm-Leach-Bliley have vague security guidelines, too. And the security frameworks often used to comply with federal guidelines, ISO 17799 and the Control Objectives for IT and Related Technology (Cobit) from the IT Governance Institute haven’t been sanctioned by court decisions. Any lawsuits seeking to establish a precedent that makes these security frameworks a standard have probably been settled out of court to preempt that from happening. There have been some significant, well-publicized regulatory actions taken against companies that exposed confidential information… http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=275774&source=NLT_SEC&nlid=38

FEDERAL JUDGE: MAKING FILES AVAILABLE FOR DOWNLOAD = DISTRIBUTION (ArsTechnica, 10 Dec 2006) -- The RIAA’s argument that making files available for download constitutes copyright infringement received an important boost from a federal judge. In an decision delivered in October and first reported over the weekend, Judge Ann Aiken found that making songs available for download via a P2P application such as Kazaa is equivalent to distributing the files and forms a sufficient basis for a claim of copyright infringement, the first time that a judge has made such a ruling in a file-sharing case. The case in question, Elektra v. Perez, follows the pattern of the numerous other file-sharing lawsuits brought by the RIAA. After MediaSentry discovered a number of songs in a Kazaa user’s download folder, the RIAA filed a “John Doe” lawsuit which was supplanted once the defendant, Dave Perez, was identified by his ISP as the owner of the account allegedly used to share music. In his response, Perez denied the accusations of file sharing and said that even if he was responsible for the “perez@kazaa” account, merely making the files available in a shared folder for other Kazaa users falls short of infringement. The argument echoes that made in many other file-sharing cases, including Elektra v. Barker: distribution does not take place until someone actually downloads one of the songs from a Kazaa share, and that the RIAA would have to show that someone illegally downloaded the file in order to demonstrate that copyright infringement occurred. In the Elektra v. Barker case, the EFF filed an amicus brief outlining its position that sharing music files does not infringe the “distribution right” granted to copyright holders. It’s a difficult question, due in large part to the copyright law’s predating the “digital age.” As written, US copyright law explicitly says that in order to “distribute” a copyrighted work, an actual, physical exchange of a material object must take place. The EFf and other groups have urged the courts to define “distribution” as necessitating involving physical objects. Oddly enough, that position also embraces the pre-Internet concept of “distribution,” even though most would agree that the iTunes Store and other online music services selling purely digital goods engage in the authorized distribution of copyrighted works. Perez, the EFF, and others might use libraries to illustrate their arguments. A public library has a wide selection of copyrighted works available for patrons to use, read, watch, listen to, and even copy, within limits. However, the library is not responsible for what its patrons do once they borrow a book or DVD. In other words, its’s not the collection itself and public access to it that causes infringement, it’s the actions of those who use items in the collection. There are special provisions protecting libraries from the actions of their users, but online users may be responsible for what others do, should they even make it possible for others to get access to copyrighted materials. Judge Aiken ruled in favor of the RIAA. In her order, the judge noted that in a copyright infringement case, the plaintiff needs to do two things: demonstrate ownership of the material and show that the party accused of infringement “violated at least one exclusive right granted to copyright holders under 17 U.S.C. § 106.” Making songs available for download fulfills the second requirement, wrote Judge Aiken. http://arstechnica.com/news.ars/post/20061210-8393.html

TWO BIG RETAILERS SETTLE WITH BSA ON SOFTWARE PIRACY COMPLAINTS (Computer World, 12 Dec 2006) -- Payless ShoeSource Inc. and Burlington Coat Factory Warehouse Corp. have paid a combined total of nearly $425,000 to the Business Software Alliance for unlicensed software use, according to a statement released today by the BSA, a watchdog group representing the nation’s leading software manufacturers. The BSA today announced that Payless ShoeSource, a national discount shoe store retail chain, paid BSA $124,057 to settle claims that it had unlicensed copies of Adobe, Autodesk, Borland, Internet Security Systems, McAfee and Symantec software programs installed on its computers. In addition, according to the BSA, national department store chain Burlington Coat Factory paid the BSA $300,000 to settle claims that it had unlicensed copies of Microsoft and McAfee software programs installed on its computers. “Burlington Coat Factory understands the importance of software asset management,” the retailer’s CIO, Brad Friedman, said in a statement. “We have created a new software management policy and continue to refine its implementation to emphasize the importance of understanding each software company’s licensing requirements and using only fully licensed software. We also note that when these issues arose, effective corrective action was taken as soon as they came to management’s attention. “We are confident that all our software has been fully and appropriately licensed since then,” Friedman said. Both companies also agreed to delete any unlicensed copies of programs in use, purchase replacement software and strengthen their software management practices. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9005942&source=NLT_AM&nlid=1

-- and --

CHINA SIGNS LICENSING PACT WITH U.S., U.K. (CNET, 15 Dec 2006) -- The West’s struggle with China over software licensing issues took a new turn on Friday with the news that the Chinese government had signed a memorandum of understanding with four U.K. and U.S. trade associations. The associations involved are the Business Software Alliance and The Publishers Association in the U.K., and, in the U.S., the Association of American Publishers and the Motion Picture Association of America. The Chinese government has asked them to hand over a list of products they want protected as well as information about their own ongoing legal action against alleged copyright infringers. “This is primarily for enforcement,” said BSA’s regional director for the Asia Pacific region, Jeffrey Hardee, told Agence France-Presse. “We are concerned about...the use of unlicensed software within organizations.” The problems of unlicensed software and the misuse of copyright information are immense in China. The National Copyright Association of China will now be the custodian of information handed over by the four trade associations. http://news.com.com/2100-1014_3-6144063.html

VIRTUALLY ADDICTED (Business Week, 14 Dec 2006) -- By his own admission, James Pacenza was spending too much time in Internet chat rooms, in some of them discussing se. xHe goes so far as to call his interest in inappropriate Web sites a form of addiction that stems from the posttraumatic stress disorder he’s suffered since returning from Vietnam. Whatever it’s called, Pacenza’s chat-room habit cost him his job. After 19 years at IBM’s East Fishkill plant, Pacenza was fired in May, 2003, after a fellow employee noticed discussion of a sex act on a chat room open on Pacenza’s computer. IBM (IBM) maintains that logging onto the Web site was a violation of its business conduct guidelines and a misuse of company property—and that it was well within its rights to terminate Pacenza’s employment. Pacenza and his attorney beg to differ. They filed suit in a New York U.S. District Court in July, 2004, seeking $5 million for wrongful termination. Earlier in the year, Pacenza had admitted to a superior that he had a problem with the Internet at home. Pacenza’s attorney, Michael Diederich Jr., alleges that the perception that Pacenza was addicted to the Internet caused IBM to fire first without asking questions or “even attempting to examine the situation.” Diederich says there are several steps IBM could have taken, including limiting his Internet use or blocking certain sites. “It’s not productive or useful for the employer to unfairly terminate employees,” says Diederich. [C]ases like Pacenza’s, which involve Internet misuse, may no longer be quite so simple, thanks to a growing debate over whether Internet abuse is a legitimate addiction, akin to alcoholism. Attorneys say recognition by a court—whether in this or some future litigation—that Internet abuse is an uncontrollable addiction, and not just a bad habit, could redefine the condition as a psychological impairment worthy of protection under the Americans with Disabilities Act (ADA). That in turn would have far-reaching ramifications for how companies deal with workplace Internet use and abuse. http://www.businessweek.com/technology/content/dec2006/tc20061214_422859.htm?campaign_id=nws_insdr_dec16&link_position=link14

STOLEN BOEING LAPTOP HELD ID DATA ON 382,000 (CNET, 14 Dec 2006) -- Boeing has confirmed that a laptop stolen from an employee’s car contained sensitive information on 382,000 workers and retirees. It is third such incident at the aircraft giant in the past 13 months. The laptop contained names, home addresses, phone numbers, Social Security numbers and dates of birth for current and former Boeing employees. [Fool me once, shame on you; fool me three times? Actually, Boeing has reported 250+ laptop losses.] http://news.com.com/2100-1029_3-6143780.html

-- and --

BOEING EMPLOYEE FIRED AFTER LAPTOP STOLEN (CNET, 18 Dec 2006) -- Boeing announced last week it fired an employee who it said violated company policy by downloading sensitive information onto a laptop without using encryption technology. Boeing took the action after learning the laptop, which contained personal information about 382,000 Boeing employees and retirees, had been stolen from a car. http://news.com.com/2110-1029_3-6144454.html

CORPORATE BLOGS: HANDLE WITH CARE (Comment & Analysis, Business Week, 14 Dec 2006) -- Blogging has quickly emerged as a powerful tool of the modern enterprise. Through blogs, companies can market products and services, and make important strides toward building goodwill and brand loyalty. Companies can also use blogs as an effective means of communication by putting a human face on the corporation, countering negative publicity, and facilitating communications with current and potential customers. Seeing the value in blogging, a growing number of companies, including Sun Microsystems and Google, have established official corporate blogs and/or have implemented formalized policies to encourage employees to set up personal blogs that can be used, in part, to promote the company. While corporate-sanctioned blogging can benefit companies, it also can result in legal liability. Careless statements posted on a company-sanctioned blog can come back to haunt the company through litigation and other avenues. The legal issues raised by blogs can be grouped into several categories. First, there are potential intellectual-property issues to consider. New blogs tend to build on the work of existing blogs or other content through linking and copying. This can create legal concerns regarding copyright infringement if not conducted within the confines of the law. Inadvertent disclosure of company information in employee blogs can reveal trade secrets and jeopardize the protected status of that information. The disclosure of a third party’s trade secrets also can expose a blogger to liability for misappropriation. Sponsorship of blogs can also expose a company to defamation claims. U.S. law provides Web site operators with a certain level of immunity for content they publish; however, companies and their employees may be held liable if they are the authors, rather than the publishers, of defamatory statements on blogs. Moreover, false or misleading statements made on a corporate blog about the goods or services of a competitor may be grounds for trade libel action. Companies that collect personal information from a blog’s visitors or posters need to contend with the rapidly evolving legal and regulatory framework regarding privacy and data protection. Such companies may have liability for failure to comply with applicable state, federal, and foreign statutes and regulations. A blogger who discloses personal information about co-workers on a company blog, or on his own blog during company time, may also open the organization and himself to common-law tort actions for invasion of privacy. Blogging also can lead to potential securities concerns. Specifically, blogs can result in securities-fraud claims. Public companies must thus take special care to caution their employees against disclosing any nonpublic financial information in blogs. Personal [as opposed to company-sanctioned] blogging by employees, whether from home or the office, creates some thorny employment-law issues. For blogs that are company-sponsored or originate in the workplace, employers might be held vicariously liable on a theory that they failed to exercise control or implicitly endorsed the objectionable content by allowing the blogging. Finally, there are litigation issues to consider. Prior to developing a corporate blog or permitting employees to blog about the company in their personal blogs, companies should carefully consider the implications for discovery. In the event that litigation does arise in connection with blogs, problems can be compounded if a company has not maintained adequate archives of the blog information. Given the potential risks and liabilities of blogging, companies should develop and implement policies establishing the terms and conditions under which employees will be permitted to blog. While the specific contents of a blogging policy will have to be tailored to the organization’s particular goals, culture, and existing policies, there are certain common elements that all organizations should consider, including the following concepts in all blogging policies … http://uk.biz.yahoo.com/14122006/244/corporate-blogs-handle-care.html

FIRM NOT LIABLE FOR WORKER’S E-MAIL THREATS: COURT (Business Insurance, 15 Dec 2006) -- An employer whose employee sent threatening e-mail messages over the firm’s computer is immune from liability as an interactive computer service provider, says a California state appellate court. Thursday’s unanimous decision by a three-judge panel of the state appellate court in San Jose in Michelangelo Delfino et al. vs. Agilent Technologies Inc. upheld a lower court’s decision. The case was brought by Mr. Delfino and Mary E. Day, who had received threatening anonymous e-mail messages from Cameron Moore, who was then an employee of the Santa Clara, Calif.-based Agilent. Mr. Moore’s job was terminated by Agilent after he was arrested in connection with his conduct relating to Mr. Delfino, according to the opinion. The plaintiffs contended that a lower court was incorrect when it ruled that as an Internet provider under the Communications Decency Act of 1996, Agilent was immune from liability for Mr. Moore’s cyber threats. But the appellate court agreed with the lower court. “We are aware of no case that has held that a corporate employer is a provider of interactive computer services under circumstances such as those presented here,” said the appellate decision. “But several commentators have opined that an employer that provides its employees with Internet access through the company’s internal computer system is among the class of parties potentially immune under the CDA….In light of the term’s broad definition under the CDA we conclude that Agilent was a provider of interactive computer services.” http://www.businessinsurance.com/cgi-bin/news.pl?newsId=9071

THE LONG ARM OF THE (FTC’S) LAW GETS A LITTLE LONGER (Steptoe & Johnson’s E-Commerce Law Week, 16 Dec 2006) -- After more than a year of prodding by the Federal Trade Commission, early on December 9, the U.S. Congress gave final approval to the Undertaking Spam, Spyware, And Fraud Enforcement With Enforcers beyond Borders (U.S. SAFE WEB) Act of 2006. In addition to several measures intended to encourage information sharing and cooperation with foreign law enforcement, the Act extends the FTC’s authority to regulate “unfair or deceptive acts or practices” under the FTC Act to include acts or practices involving foreign commerce that: “(1) cause or are likely to cause reasonably foreseeable injury within the United States; or (2) involve material conduct occurring within the United States.” The U.S.SAFE WEB Act thus expands beyond U.S. borders the FTC’s already broad authority to regulate “unfair or deceptive ... practices.” Part of Congress’s intent is to help the FTC get a better handle on “spammers” and “scammers” that operate abroad but target U.S. residents. But foreign-based companies may be justifiably concerned that the FTC might use its new powers to pursue enforcement actions against them if they suffer a data breach involving personal information of US residents. http://www.steptoe.com/publications-4072.html

GOOGLE OFFERS PATENT SEARCH TO INVENTORS (NewsFactor.com, 15 Dec 2006) -- Google has launched a beta version of a service designed to help inventors search existing patents. The site is currently indexing the seven million patents granted by the U.S. Patent and Trademark Office (USPTO), and will add other patent sources in the coming months. The new service lets users search for patents in several ways, including by patent number, by the name of the inventor, or through keywords. The search technology is similar to Google’s method for displaying published information in its Book Search service. However, unlike the book-search service, which is unique to Google (and the other search engines bent on making vast collections of books searchable), the USPTO does offer online patent-search capabilities through its own Web site. http://news.yahoo.com/s/nf/20061215/bs_nf/48792

DVD SWAP SITE SWITCHES FROM CREDITS TO CASH (CNET, 17 Dec 2006) -- Peerflix is getting out of the barter economy. The DVD-trading site, which has about 250,000 regular users, will now let participants swap their old DVDs for money or monetary credit to buy other DVDs being sold on the network. The idea is to make exchanges on the site more liquid, the company’s CEO, Billy McNair, said in an interview. Until now, consumers could sell old DVDs on the site, but in return they got credits for buying someone else’s old DVDs. The discs were given number ratings (1, 2 or 3) rather than dollar values, depending on demand or rarity. Thus, in the old system, Independence Day and Crash may both have had an equivalent 2 value, and getting one for the other would have been a straight swap. Under the new system, Independence Day may be rated at $5.43, while Crash gets a $7.19 value, putting the person with Crash in a better position. “It brings in a profit motive that wasn’t there before,” McNair said. “There was also a learning curve with credits. Cash is easy to understand.” The monetary value of the discs is set by an algorithm developed by Peerflix. The company has also revamped the look of its site to make it easier for users to post movie reviews or information about their own cinematic likes and dislikes. Since 2005, the company has grown fairly rapidly and now processes about 30,000 to 50,000 trades a month. While consumers use the site to get rid of old DVDs and buy new ones for their collections, many use it as a substitute for renting movies, said McNair. People buy a DVD, but then trade it away again in a week. The short period of ownership becomes the equivalent of a rental. http://news.zdnet.com/2100-1040_22-6144169.html?part=rss&tag=feed&subj=zdnet

REMEDIAL RECRUITING — AT HARVARD (InsideHigherEd.com, 18 Dec 2006) -- A Harvard University economics department recruiting video for new Ph.D. students that could be described as spectacularly stodgy and stereotypically self-important has inspired considerable creativity in the department — in the form of parody videos now making their way to YouTube. “Ed Glaeser and I made the video in a misguided attempt to make the Harvard economics department’s Ph.D. admissions Web site more personal. Of course, if you have seen the video you know that the effect is rather different — pompous I would say,” John Campbell, an economics professor and a co-star star of the official show, wrote in an e-mail. In stilted tones, and with uncannily consistent eye contact, the two Harvard economics professors (one with his tie hanging rather awkwardly), welcome potential students, describe the campus visitation process and put in a good word for the department. “It’s like watching paint dry,” one YouTube poster wrote. “I didn’t think it was quite that exciting,” a second poster responded. http://insidehighered.com/news/2006/12/18/harvard. Harvard video at http://www.youtube.com/watch?v=mDJ_VHmaHgY [Editor: this really is a train-wreck; I went to Harvard, albeit in mathematics. The YouTube spoofs are cute, but probably not done by USC film majors.]

JUDGE STOPS BRIT FROM SELLING HOTMAIL LISTS (CNET, 18 Dec 2006) -- Microsoft has stopped a U.K. man from selling lists of e-mail addresses that were then being used by spammers. The technology giant took to court Paul Martin McDonald, who through his company Bizads sold e-mail addresses that were then used as spam lists. Microsoft sought and was granted a summary judgment against McDonald, arguing that his actions had caused Microsoft to suffer loss and damage to the goodwill it enjoyed as owner of the Web-based e-mail service Hotmail. The judge agreed with Microsoft that Bizads had breached the Privacy and Electronic Communications Regulations (PECR), a U.K. law that includes regulations designed to halt the sending of unsolicited e-mail. “The evidence plainly established that the business of Bizads was supplying e-mail lists of persons who had not consented to receive direct marketing mail and that it had encouraged purchasers of the lists to send e-mails to those people,” the judge said. The judge ruled that Microsoft had suffered a loss as a result of the breach of the PECR and was entitled to compensation and an injunction restraining McDonald from instigating the transmission of commercial e-mails to Hotmail accounts. http://news.com.com/2100-7348_3-6144548.html

NEW ARMY COIN MANUAL (FM 3-24) (Nat’l Security Law listserve, by Bobby Chesney, 17 Dec 2006) -- The Army’s long-awaited counterinsurgency doctrine manual, FM 3-24, is now available. The 282-page doctrine contains a section on legal considerations, at Appendix D (nothing particularly surprising or controversial in it, but it nonetheless is interesting reading). [Editor: also, vaguely interesting “Social Network Analysis” discussion at Appendix B, especially at/after B-7.] FM 3-24 is posted here: http://www.fas.org/irp/doddir/army/fm3-24.pdf From the summary: “This manual is designed to fill a doctrinal gap. It has been 20 years since the Army published a field manual devoted exclusively to counterinsurgency operations. For the Marine Corps it has been 25 years. With our Soldiers and Marines fighting insurgents in Afghanistan and Iraq, it is essential that we give them a manual that provides principles and guidelines for counterinsurgency operations. Such guidance must be grounded in historical studies. However, it also must be informed by contemporary experiences. This manual takes a general approach to counterinsurgency operations. The Army and Marine Corps recognize that every insurgency is contextual and presents its own set of challenges. You cannot fight former Saddamists and Islamic extremists the same way you would have fought the Viet Cong, Moros, or Tupamaros; the application of principles and fundamentals to deal with each varies considerably. Nonetheless, all insurgencies, even today’s highly adaptable strains, remain wars amongst the people. They use variations of standard themes and adhere to elements of a recognizable revolutionary campaign plan. This manual therefore addresses the common characteristics of insurgencies. It strives to provide those conducting counterinsurgency campaigns with a solid foundation for understanding and addressing specific insurgencies.”

COUNTIES WORK TO HIDE DATA (ComputerWorld, 18 Dec 2006) -- On Oct. 10, the Orange County comptroller’s office in Florida completed an 18-month project to remove sensitive personal information from images of official public records posted on its Web site. The $750,000 effort involved a review of over 30 million pages in more than 12 million documents to look for data such as Social Security, bank account, and credit and debit card numbers. In the end, 777,635 pages — 2.6% of the total reviewed — were found to contain personal data and were redacted. “There’s going to be something we missed,” acknowledged Carol Foglesong, the county’s assistant comptroller. “But I think we got 99%” of the items that needed to be removed. Orange County’s efforts are being replicated in dozens of counties nationwide as local governments scramble to pull documents from their Web sites or black out personal data from images of title deeds, tax liens, court papers and other public records. As reported by Computerworld earlier this year, such images often contain personal identifiers and usually are accessible to anyone with Internet access. That has made county Web sites a veritable treasure-trove of information for identity thieves, according to privacy advocates. Many county governments still haven’t begun to address the prevalence of personal data, despite heightened public concerns about identity theft, said B.J. Ostergren, a privacy advocate in Richmond, Va. But a growing number appear to be attempting to fix the problem, she added. “I think a lot of people are beginning to put the skids on this sort of stuff,” Ostergren said. In October, for example, the council that oversees Washington’s King County, which includes Seattle, passed an ordinance requiring that the county recorder’s office remove online access to all title deed documents. The vote followed a council member’s discovery of more than 200 Social Security numbers, including those of several public officials and professional athletes, in title deeds on the county’s Web site. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=277308&source=rss_topic17

LAWSUIT CHALLENGES GOVERNMENT’S RIGHT TO READ YOUR E-MAIL (Minneapolis Star Tribune, 18 Dec 2006) -- The government needs a search warrant if it wants to read the U.S. mail that arrives at your home. But federal prosecutors say they don’t need a search warrant to read your e-mail messages if those messages happen to be stored in someone else’s computer. That would include all of the Big Four e-mail providers -- Yahoo, AOL, Hotmail and Google -- that together hold e-mail accounts for 135 million Americans. Twenty years ago, when only a relative handful of scientists and scholars had e-mail, Congress passed a law giving state and federal officials broad access to messages stored on the computers of e-mail providers. Now that law, the Stored Communications Act of 1986, is being challenged in federal court in Ohio by Steven Warshak, a seller of “natural male enhancement” products who was indicted for mail fraud and money laundering after federal investigators sifted through thousands of his e-mails. The government isn’t saying it has unfettered access to e-mail. But e-mail users should not expect privacy when they allow an outside party to store their messages, prosecutors argue. In fact, many e-mail providers require their customers to sign agreements acknowledging that the provider may release customer information as required by law. E-mail providers also routinely screen messages for spam, viruses and child pornography. That further undermines claims to the privacy of e-mail, government attorneys say. Advocates for Internet privacy and civil liberties are watching the Warshak case closely. In their view, e-mail deserves the same protection as snail mail, which can’t be opened by government agents without a search warrant. “This points to a very scary future unless we fix it,” said Kevin Bankston, an attorney with the San Francisco-based Electronic Frontier Foundation, which filed a brief in support of the challenge. “The average person expects that no one is going to read their e-mail except the person they send it to.” http://www.startribune.com/789/story/884388.html

FRANCE: SUPREME COURT RULES AGAINST ENCRYPTION OF WORK FILES BY EMPLOYEES (Hunton & Williams, Privacy & E-Commerce Alert, 19 Dec 2006) -- On October 18, 2006 the French Supreme Court upheld two prior lower court decisions and ruled that all files stored on an employee’s computer are presumed to be professional documents and subsequently that employers must always be allowed access to them. Accordingly, the encryption of files by employees so as to prevent access by supervisors constitutes a ground for termination. The ruling is available (in French only) at: http://www.liaisons-sociales.com/fichiers/arrcass04-48_025_236.pdf

-- but --

FRENCH COURT FAVORS PERSONAL PRIVACY OVER PIRACY SEARCHES (International Herald Tribune, 21 Dec 2006) -- A French court has ruled that music companies and other copyright holders cannot conduct unrestrained Internet monitoring to find pirates. The decision, which could leave record companies open to lawsuits in France for invasion of privacy, pits European Union-sanctioned data protection rules against aggressive tracing tactics used by the music and film industry. “The judge’s decision defends the privacy of individuals over the intrusion from record labels,” said Aziz Ridouan, president of the Association of Audio Surfers, a group that defends people charged with illegal downloading. “This should send a strong message and hopefully affect every one of the hundreds of people defending themselves.” The case involved an Internet user in the Paris suburb of Bobigny whose internet provider address — a unique computer identifier — was traced while the user was on the peer-to-peer software Shareaza. “The right-holders found the IP address of my client and reported it to the police,” said Olivier Hugot, the defending lawyer, who declined to name his client. “The annulment of the case is important because it has direct impact on the tactics used by record companies in dozens of cases in France.” The organization responsible for tracing down Internet users, the Society of Music Authors, Composers and Publishers, played down the impact of the court decision and said that it would appeal. http://www.iht.com/articles/2006/12/21/business/privacy.php

REGULATOR SAYS MORGAN STANLEY WITHHELD E-MAIL IN CASES (New York Times, 20 Dec 2006) – The NASD, the nation’s largest self-regulatory organization for the securities industry, accused Morgan Stanley yesterday of routinely failing to provide e-mail messages to aggrieved customers who had filed arbitration cases against the firm over three and a half years and with making false claims that millions of e-mail messages in its possession had been lost in the Sept. 11 attack on the World Trade Center. The regulator also contended in its complaint against Morgan Stanley that the firm regularly destroyed millions of e-mail messages by overwriting its backup tapes and by allowing employees to delete messages. Securities and Exchange Commission rules require that firms keep all e-mails and business communications for three years. Morgan Stanley’s failure to provide e-mail messages relating to arbitration cases began in October 2001, the NASD said, and extended through March 2005. While claiming that the World Trade Center disaster had destroyed many of its e-mail messages, Morgan Stanley actually held millions of pre-Sept. 11 e-mail messages that were restored to its system from backup tapes shortly after the attack, NASD said. Many other of the firm’s e-mail messages were maintained on individual users’ computers and therefore were not affected by the attacks, regulators said. Yet Morgan Stanley often failed to search those computers when responding to document requests. “We think what happened here was unprecedented,” said James S. Shorris, head of enforcement at NASD. “The firm’s actions undermined the integrity of the regulatory and arbitration processes, potentially leaving in question the validity of the outcomes in hundreds of cases.” Rather than ask that Morgan Stanley pay a fine to settle the case, NASD has asked that it be required to provide relief to arbitration claimants whose cases might have been helped by the e-mail that was missing or not produced. http://www.nytimes.com/2006/12/20/technology/20email.html?ex=1324270800&en=1dbcb5b148de3d95&ei=5090&partner=rssuserland&emc=rss

BRITISH LAW GOES ONLINE (ComputerActive, 20 Dec 2006) -- The British government has made the entirety of the country’s law statutes available online. The Statute Law website contains the ‘official revised edition’ of the UK’s primary legislation - that is, any acts passed by parliament. The database includes details of how laws have changed over time, as well as how existing laws will be amended by future legislation that is not yet in force. The content - all 30,000 items - is available for free for private use. In addition to acts of parliament, the website also contains secondary legislation - laws passed directly by the goverment of the day - that has come into effect since 1991. In addition to national law, the database also contains acts of the Scottish parliament and the Northern Ireland assembly. http://www.activehome.co.uk/computeractive/news/2171338/british-law-goes-online/ British law website at http://www.statutelaw.gov.uk/

CT RULES UNAUTHORIZED LINK TO WEBCAST INFRINGES COPYRIGHT (BNA’s Internet Law News, 21 Dec 2006) -- BNA’s Electronic Commerce & Law Report reports that a federal court in Texas has ruled that a webcast of a live sporting event is copyrightable, and its owner has the right to prevent another from displaying an unauthorized link to that webcast. The webcaster complained that the link frustrated the company’s efforts to market itself to advertisers as the exclusive source of the webcasts. Case name is Live Nation Motor Sports Inc. f/k/a SFX Motor Sports Inc. v. Davis d/b/a TripleClamps.

GOOGLE’S BLOGGER ADDS PRIVACY OPTIONS (SiliconValley.com, 21 Dec 2006) -- Google Inc. has released a new version of its Blogger service, adding privacy settings that restrict readership to a predetermined audience. Users can choose to have blogs accessible to anyone or just to themselves. Or they can list the e-mail addresses of the people they want to let in. Those readers would need to register for a free Google account - the same used for its Gmail and other services - and would sign in with their regular Google passwords. Several blogging competitors already offer privacy options, and in fact, Blogger used to offer a password option through a premium service that’s no longer available. Google began offering the new privacy features this week, although it is gradually converting existing Blogger users to the upgrade. The offering comes as potential employers, mates and others increasingly try to screen people by checking out their blogs, social-networking profiles and other Internet postings. The new version of Blogger also comes with other enhancements, including the ability to tag posts with multiple keywords, the way Gmail users can label their e-mails. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/16291873.htm

****RESOURCES****
(UN)COMMON KNOWLEDGE: LEGAL EDUCATION IN THE NETWORKED WORLD (Harvard’s Berkman Center’s Gene Koo – December 2006) -- Looking at the role that technology plays in a law school curriculum and in preparing students for work in the legal profession, Mr. Koo asked:
1. What are the new skills demanded by a technology-enhanced practice? Consider two new practices: (1) e-discovery, which has made it possible for lawyers to sift through of millions of emails and documents; and (2) huge, multi-office teams, which are tackling both more complex but also more discrete issues. The first is one of many examples of computers as intelligence augmentation; the second illustrates technology as network augmentation.
* What are the technical skills? Are our new associates as computer-literate as we claim?
* What are the cognitive/conceptual skills? Are successful lawyers also necessarily systems- and “meta”-level thinkers?
* What are the social skills? What collaboration and teamwork skills do legal workplaces demand today?
* What “anti-skills” or attitudes should young attorneys cultivate? How do lawyers prevent themselves from becoming isolated techno-drones?
2. Who should teach these skills? We have representatives from the law school, law practice, and CLE worlds. Where does the buck stop?
* Does a networked and “databased” environment shift power away from the teacher (someone who creates and controls an educational experience) to the learner (someone who will seek knowledge/information as s/he sees fit)? Do we have any choice in this matter?
3. How should they/we teach these skills? In addition to presenting bigger challenges, technology — especially the Internet — also affords us new possibilities.
* Can traditional distance learning techniques bridge a different gap than geography: that between practice and the academy?
* How can clinical programs serve not just as opportunities for practice, but also opportunities for technology-enabled practice?
* Can technology enable or enhance simulations as a pedagogical tool?
* How do sophisticated networks and networking tools enable lawyers, law professors, and even law students to aggregate and disseminate crucial knowledge? Is the teacher’s role diminished or changed in this environment?
Mr. Koo’s thoughts can be found on his blog at: http://blogs.law.harvard.edu/vvvv/2006/12/04/legal-ed-in-a-networked-world-whats-at-stake/

LESSIG’S CODE 2.0, A REVISION TO CODE AND OTHER LAWS OF CYBERSPACE (11 DEC 2006) -- So Code v2 is officially launched today. Some may remember Code and Other Laws of Cyberspace, published in 1999. Code v2 is a revision to that book — not so much a new book, as a translation of (in Internet time) a very old book. Part of the update was done on a Wiki. The Wiki was governed by a Creative Commons Attribution-ShareAlike license. So too is Code v2. Thus, at http://codev2.cc, you can download the book. Soon, you can update it further (we’re still moving it into a new wiki). You can also learn a bit more about the history of the book, and aim of the revision. And finally, there are links to buy the book — more cheaply than you likely can print it yourself.

SOURCES:
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu.
2. Edupage, http://www.educause.edu/pub/edupage/edupage.html.
3. SANS Newsbites, sans@sans.org.
4. NewsScan and Innovation, http://www.newsscan.com.
5. Internet Law & Policy Forum, http://www.ilpf.org.
6. BNA’s Internet Law News, http://ecommercecenter.bna.com.
7. Crypto-Gram, http://www.schneier.com/crypto-gram.html.
8. McGuire Wood’s Technology & Business Articles of Note, http://www.mcguirewoods.com
9. Steptoe & Johnson’s E-Commerce Law Week, www.steptoe.com
10. Readers’ submissions, and the editor’s discoveries.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.

Sunday, December 03, 2006

MIRLN -- Misc. IT Related Legal News [12 November – 2 December 2006; v9.16]

**************Introductory Note**********************

MIRLN (Misc. IT Related Legal News) is a free product of the American Bar Association’s Cyberspace Law Committee and Dickinson Wright PLLC. Please feel free to distribute this message. Dickinson Wright’s IT & Security Law practice group is described at http://tinyurl.com/joo5y.

Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at http://www.abanet.org/dch/committee.cfm?com=CL320000 (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN editions are archived at www.vip-law.com and blogged at http://mirln.blogspot.com/.

**************End of Introductory Note***************

**** MEETINGS OF NOTE ****
ABA’S CYBERSPACE LAW COMMITTEE WINTER WORKING MEETING (January 26-27, 2007; Little Rock, Arkansas) -- Subcommittees will meet to advance on-going projects and to plan upcoming programs. A recent list of Committee projects is available at http://www.abanet.org/dch/committee.cfm?com=CL320000. The Committee Dinner will be held Friday evening at the Clinton Library. Register online at http://www.abanet.org/buslaw/committees/CL320000pub/meetings.shtml. The deadline to register is Friday, January 12, 2007. [Editor: Please come; this is consistently THE most productive gathering of IT lawyers working on real-world problems.]

**** NEWS ****

49 MILLION U.S. ADULTS NOTIFIED OF DATA BREACHES: STUDY (InformationWeek, 10 Nov 2006) -- An estimated 49 million U.S. adults have been told over the last three years that their personal information has been lost, stolen or improperly disclosed, a research firm said Friday. Most of the notifications came from government agencies and financial institutions, according to a national survey conducted by Harris Interactive in October. While many of the respondents did not believe there was any harmful result of the data breach, a small but significant number thought they may have seen some damage. Specifically, more than one in five adults said some organization had notified them that their personal information was improperly disclosed, translating into about 49 million people, Harris said. Among those adults, 48 percent were notified by a government agency, 29 percent a financial company, and 12 percent by a commercial company. Other organizations that had made notifications included educational institutions, 6 percent, and healthcare facilities, 5 percent. Fully 81 percent of adults notified of trouble perceived nothing harmful happening as a result, Harris said. The remaining 19 percent, or 9.3 million people, believed they suffered harm. Within that group, 78 percent said either merchandise was charged in their name, or some kind of fraud was committed that cost them money. The remainder said cash was taken from their bank account, a credit card was taken out in their name, or someone posed as them to receive a government benefit or service. Much of the damage suffered by victims was caused by friends and family, stolen wallets or purses, pilfered information from mailboxes or trash containers, and insider theft of personal data by employees of organizations, said Alan Westin, the Columbia University professor who helped design the survey. Nevertheless, enough people were harmed through mistakes by business, government, and other types of organizations to warrant stronger data security measures to retain the trust of customers, members, or citizens, Westin said in a statement. http://news.yahoo.com/s/cmp/20061111/tc_cmp/193700714 and http://www.techweb.com/wire/193700752

U.K. OUTLAWS DENIAL-OF-SERVICE ATTACKS (CNET, 10 Nov 2006) -- A U.K. law has been passed that makes it an offense to launch denial-of-service attacks, which experts had previously called “a legal gray area.” Among the provisions of the Police and Justice Bill 2006, which gained Royal Assent on Wednesday, is a clause that makes it an offense to impair the operation of any computer system. Other clauses prohibit preventing or hindering access to a program or data held on a computer, or impairing the operation of any program or data held on a computer. The maximum penalty for such cybercrimes has also been increased from 5 years to 10 years. The law that attempted previously to deal with this area of computer crime was the Computer Misuse Act 1990 (CMA), which was drafted before widespread use of the Internet began. http://news.com.com/2100-7348_3-6134472.html and http://www.theregister.com/2006/11/12/uk_bans_denial_of_service_attacks/ and http://software.silicon.com/security/0,39024888,39163990,00.htm

COURT PROTECTS KIMBERLY-CLARK TRADEMARK ORANGE COLOR (IP Frontline, 10 Nov 2006) -- The United States District Court for the Northern District of Georgia, Atlanta Division, recently granted a permanent injunction in favor of Kimberly-Clark Corporation and Kimberly-Clark Worldwide, Inc. against ValuMax International, Inc. in a trademark infringement and dilution case involving color. Kimberly-Clark asserted trademark infringement, unfair competition and trademark dilution, violations of the Lanham Act, as well as a violation of the Georgia Deceptive Trade Practices Act and Georgia Trademark law regarding its Color Orange disposable medical face mask sold under the FLUIDSHIELD® trademark. The Color Orange is a registered trademark of Kimberly-Clark in connection with face masks. Kimberly-Clark claimed that ValuMax infringed its registered trademark by selling a disposable medical face mask of a “confusingly similar orange color.” The court ordered that ValuMax be permanently enjoined from using an orange color for its medical face mask product or from using any other mark which could cause confusion or dilute Kimberly-Clark’s trademark-registered Color Orange. It further ordered ValuMax to destroy all medical face masks of an orange color similar to that used by Kimberly-Clark as well as any product used to produce the orange color in contention. http://www.ipfrontline.com/depts/article.asp?id=13290&deptid=7

PENNSYLVANIA COURT SAYS VIEWING CHILD PORN ‘NOT ILLEGAL’ (The Register, 10 Nov 2006) -- A US court has ruled that viewing child pornography on a website without deliberately saving it to a computer is not a crime. The judge said that the state penal code was ambiguous, so he must rule in favour of the defendant. Anthony Diodoro, a 26-year-old from Delaware County, Pennsylvania admitted knowingly viewing 370 child-porn images online. He also admitted that he had intentionally visited the websites for the purpose of viewing child porn. State law says that a person must have “knowing possession” of child pornography in order for it to be a crime. A panel of three judges in the Pennsylvania Superior Court concluded that Diodoro could not be convicted of knowingly possessing the images because there was no evidence that Diodoro knew that his computer was storing the images in its internet cache file. “Because this is a penal statute with an ambiguous term when it comes to computer technology, it must be construed strictly and in favour of the defendant,” wrote Judge Richard Klein. “A defendant must have fair notice that his conduct is criminal,” wrote Klein. “Because of the ambiguity, sufficient notice was not provided here. For this reason, we are constrained to reverse [a previous decision] and leave it to the Legislature to clarify the language if it intends to make the mere ‘viewing’ of child pornography a crime.” Klein said that it was well within the power of lawmakers to clarify the law, if that was their intention. “We note that it is well within the power of the Legislature to criminalize the act of viewing child pornography on a Web site without saving the image,” he concluded. In the UK, the Protection of Children Act can be used to convict someone for viewing child porn on the internet, regardless of whether or not they understood a computer’s cache function. “In the UK simply viewing images classes as a download because your computer makes images of them on your screen,” said Tony Fagelman of the Internet Watch Foundation, a body which works to minimise the availability of images of child abuse. “The decision is quite unusual, usually US law follows the same legal framework that we do in the UK.” http://www.theregister.com/2006/11/10/pennsylvania_court_ruling/ Ruling at http://www.superior.court.state.pa.us/opinions/a23036_06.PDF

-- and --

GOVERNMENT STUDY: INTERNET 1 PERCENT PORN (AP, 15 Nov 2006) -- About 1 percent of Web sites indexed by Google and Microsoft are sexually explicit, according to a U.S. government-commissioned study. Government lawyers introduced the study in court this month as the Justice Department seeks to revive the 1998 Child Online Protection Act, which required commercial Web sites to collect a credit card number or other proof of age before allowing Internet users to view material deemed “harmful to minors.” The U.S. Supreme Court blocked the law in 2004, ruling it also would cramp the free speech rights of adults to see and buy what they want on the Internet. The court said technology such as filtering software may work better than such laws. The American Civil Liberties Union, which challenged the law on behalf of a broad range of Web publishers, said the study supports its argument that filters work well. The study concludes that the strictest filter tested, AOL’s Mature Teen, blocked 91 percent of the sexually explicit Web sites in indexes maintained by Google Inc. and Microsoft Corp.’s MSN. Stark prepared the report based on information the Justice Department obtained through subpoenas sent to search engine companies and Internet service providers. Google refused one such subpoena for 1 million sample queries and 1 million Web addresses in its database, citing trade secrets. A judge limited the amount of information the company had to provide. Stark also examined a random sample of search-engine queries. He estimated that 1.7 percent of search results at Time Warner Inc.’s AOL, MSN and Yahoo Inc. are sexually explicit and 1.1 percent of Web sites cataloged at Google and MSN fall in that category. http://www.cnn.com/2006/TECH/internet/11/15/internet.blocking.ap/index.html

-- and --

FEDERAL CASE MAY REDEFINE CHILD PORN (CNETE, 30 Nov 2006) -- Jeff Pierson is a photographer whose action shots of hopped-up American autos laying waste to the asphalt at Alabama dragways have appeared in racing magazines and commercial advertisements. Pierson’s Web site boasted he has the “most wonderful wife in the world and two fantastic daughters.” And until recently, he ran a business called Beautiful Super Models that charged $175 for portraits of aspiring models under 18. In a federal indictment announced this week, the U.S. Department of Justice accused Pierson, 43, of being a child pornographer--even though even prosecutors acknowledge there’s no evidence he has ever taken a single photograph of an unclothed minor. Rather, they argue, his models struck poses that were illegally provocative. “The images charged are not legitimate child modeling, but rather lascivious poses one would expect to see in an adult magazine,” Alice Martin, U.S. attorney for the northern district of Alabama, said in a statement. Pierson’s child pornography indictment arises out of an FBI and U.S. Postal Inspection Service investigation of so-called child modeling sites, which have been the subject of a series of critical congressional hearings and news reports in the last few years. An August article in The New York Times, for instance, called the modeling Web sites “the latest trend in child exploitation.” http://news.com.com/2100-1030_3-6139524.html?part=rss&tag=2547-1_3-0-5&subj=news

KEEPING YOUR ENEMIES CLOSE (New York Times, 12 Nov 2006) – If you found yourself running a company suddenly branded one of the most reviled in the country — if, for example, you noticed that visitors to Consumerist.com, a heavily visited consumer Web site, voted yours as the second “worst company in America” and you had just been awarded the 2005 “Lifetime Menace Award” by the human rights group Privacy International — you might feel obliged to take extraordinary steps. You might even want to reach out to your most vocal critics and ask them, “What are we doing wrong?” So it was in early 2005 that Douglas C. Curling, the president of ChoicePoint, a giant data broker that maintains digital dossiers on nearly every adult in the United States, courted two critics whom he had accused just months earlier of starting “yet another inaccurate, misdirected and misleading attack” on his company. Mr. Curling also contacted others who had spent years calling for laws requiring better safeguarding of personal information that ChoicePoint and other data brokers assemble — records such as Social Security numbers, birth dates, driver’s license numbers, license plate numbers, spouse names, maiden names, addresses, criminal records, civil judgments and the purchase price of every parcel of property a person has ever owned. “It was sort of like when I talk with my wife when she’s not happy with me,” Mr. Curling said of his dealings with some of ChoicePoint’s harshest critics. “It’s not exactly a dialogue I look forward to, but I can’t deny it’s important.” He also could not deny his motivations for engaging in these conversations: in the public’s mind, ChoicePoint had come to symbolize the cavalier manner in which corporations handled confidential data about consumers. http://www.nytimes.com/2006/11/12/business/yourmoney/12choice.html?ex=1320987600&en=14581a8cba5edab7&ei=5090&partner=rssuserland&emc=rss [Editor: Long, excellent, thorough, piece on the fall, and rise, of ChoicePoint. Includes useful collateral graphics and timelines. Illuminates the social-engineering dimension of data security.]

-- and --

PLAINTIFFS STRIKE OUT IN DATA BREACH LAWSUIT AGAINST CHOICEPOINT (Steptoe & Johnson’s ECommerce Law Week, 22 Nov 2006) -- Databroker ChoicePoint in January agreed to a $15 million settlement with the Federal Trade Commission, resolving charges that the company’s security and record-handling procedures had permitted fraudsters to purchase access to the personal information of as many as 163,000 individuals, in violation of both the Fair Credit Reporting Act (FCRA) and the FTC Act. But private litigants have had a more difficult time cashing in on the ChoicePoint breach. Last month, in Harrington v. ChoicePoint, Inc., a consolidated class action suit, a federal court in California granted ChoicePoint’s motion for summary judgment on the plaintiffs’ FCRA claims, finding that the company’s records established that neither the content nor the communication of the plaintiffs’ information to fraudsters was of a nature that could establish a violation of FCRA. The ruling suggests that, absent specific evidence that the information allegedly disclosed contained the content of a consumer report and was actually transmitted to a third party, the plaintiff’s bar likely faces an uphill battle when attempting to recover for data breaches under FCRA. http://www.steptoe.com/publications-4017.html

GOOGLE EARTH IN 4D (ZDnet, 12 Nov 2006) -- Google skipped right past the third dimension and landed directly in the fourth (time) by offering historical maps on Google Earth. Now you can travel back in time — for example, I am looking at the globe of 1790. Don’t expect detailed high resolution photography from days gone by, but it’s still interesting to see old maps overlaid on the satellite imagery of today. Playing with layer transparency on the overlaid maps gives you a good sense of how things have changed over the years — especially when looking at more detailed maps like New York 1836 or London 1843. Currently, maps are available for:
* World Globe 1790
* North America 1733
* United States 1833
* Lewis and Clark 1814
* New York 1836
* San Francisco 1853
* South America 1787
* Buenos Aires 1892
* Asia 1710
* Tokyo 1680
* Middle East 1861
* England, Wales 1790
* London 1843
* Paris 1716
* Africa 1787
* Australia Southeast 1844
* Various other maps from Map Finder
To use this new feature, expand the Featured Content - Rumsey Historical Maps in the Layers panel. http://blogs.zdnet.com/Google/?p=387

UNDER THE THUMB IN THE UK? (BBC, 13 Nov 2006) -- Getting your fingerprints taken would once have meant only one thing. You were helping the police with their inquiries. Now such “biometric” identification is entering the mainstream of every day life. If you want to hire a car at Stansted Airport, you now need to give a fingerprint. http://news.bbc.co.uk/2/hi/uk_news/magazine/6129084.stm

DID YOUR VOTE GET COUNTED? (Forbes essay by Bruce Schneier, 13 Nov 2006) -- Last week in Florida’s 13th Congressional district, the victory margin was only 386 votes out of 153,000. There’ll be a mandatory lawyered-up recount, but it won’t include the almost 18,000 votes that seem to have disappeared. The electronic voting machines didn’t include them in their final tallies, and there’s no backup to use for the recount. The district will pick a winner to send to Washington, but it won’t be because they are sure the majority voted for him. Maybe the majority did, and maybe it didn’t. There’s no way to know. Electronic voting machines represent a grave threat to fair and accurate elections, a threat that every American--Republican, Democrat or independent--should be concerned about. Because they’re computer-based, the deliberate or accidental actions of a few can swing an entire election. The solution: Paper ballots, which can be verified by voters and recounted if necessary. In the U.S., there have been hundreds of documented cases of electronic voting machines distorting the vote to the detriment of candidates from both political parties: machines losing votes, machines swapping the votes for candidates, machines registering more votes for a candidate than there were voters, machines not registering votes at all. I would like to believe these are all mistakes and not deliberate fraud, but the truth is that we can’t tell the difference. And these are just the problems we’ve caught; it’s almost certain that many more problems have escaped detection because no one was paying attention. And that assumes well-designed voting machines. The actual machines being sold by companies like Diebold, Sequoia Voting Systems and Election Systems & Software are much worse. The software is badly designed. Machines are “protected” by hotel minibar keys. Vote tallies are stored in easily changeable files. Machines can be infected with viruses. Some voting software runs on Microsoft Windows, with all the bugs and crashes and security vulnerabilities that introduces. The list of inadequate security practices goes on and on. [Editor: There’s more.] http://www.forbes.com/home/security/2006/11/10/voting-fraud-security-tech-security-cz_bs_1113security.html

-- and --

LAWSUIT ALLEGES E-VOTING NEGLIGENCE IN FLORIDA (CNET, 21 Nov 2006) -- Public-interest groups and concerned voters have launched a new attack on what was supposed to be a higher-tech solution to Florida’s hanging-chad brouhaha from the 2000 presidential contest. A lawsuit filed in state court Tuesday alleges that election officials in Sarasota County did a shoddy job of selecting and managing touch-screen machines during this year’s congressional election--and it calls for a re-vote. The left-leaning advocacy groups People for the American Way, Voter Action, American Civil Liberties Union of Florida and Electronic Frontier Foundation lodged the challenge on behalf of Republican and Democratic voters in the county. The legal action follows reports from election officials that more than 18,000 of the county’s ballots didn’t register a vote in the district’s U.S. House of Representatives race. That effectively meant 1 in 7 voters skipped that portion, which watchdogs said was an abnormally high “undervote” rate when compared with tallies from absentee ballots and from different brands of electronic machines used during the same election in neighboring counties. After conducting a recount, county officials on Monday certified Republican Vern Buchanan as the winner by a 369-vote edge over Democrat Christine Jennings, according to published reports. Jennings also filed a formal complaint in a county circuit court on Tuesday. Like the advocacy groups, she requested a new election and an investigation into the touch-screen machines, which she claimed were responsible for more than 17,000 of the missing votes. “This is clearly a case of machine error--not ballot design error and not voter error,” Jennings campaign attorney Kendall Coffey said in a statement. http://news.com.com/2100-1028_3-6137725.html Complaint here: http://media.pfaw.org/pdf/SarasotaElectionComplaint11-21-06.pdf

BRITAIN KILLS EU ATTEMPT TO REGULATE NET VIDEO CLIPS (The Guardian, 14 Nov 2006) -- The British government is set to fight off proposed European rules that would make it responsible for overseeing taste and decency in video clips on sites such as YouTube and MySpace. Under a clause in the European media regulation directive TV Without Frontiers, national governments would be responsible for regulating the internet for the first time. Britain’s media watchdog, Ofcom, backed by the culture secretary, Tessa Jowell, argued that the plan was unworkable and would stifle creativity and investment in new media across Europe. Ofcom said internet users should be left to police themselves within the bounds of the law. Because internet technology does not respect borders, it argued, users would simply turn instead to websites in the US and elsewhere. In a statement of “general approach” before a vote in the EU assembly, the council of ministers yesterday bowed to pressure to limit government oversight to “TV-like” services on the web. That means Ofcom will regulate TV-style video downloads from major broadcasters, but not video clips on social networking websites. When it first objected, Ofcom had the support of only a handful of other EU member states, but it has since won them over. “Today’s outcome is testament to the substantial progress we have made in persuading our European partners to take our arguments on board,” said the creative industries minister, Shaun Woodward. Britain also won majority support for its line on the “country of origin” principle, which makes national regulators responsible for broadcasters operating from within their borders. http://technology.guardian.co.uk/news/story/0,,1947176,00.html#article_continue

GOOGLE RESERVES $200 MILLION FROM YOUTUBE DEAL FOR COPYRIGHT ISSUES (SiliconValley.com, 14 Nov 2006) -- Google Inc. has set aside more than $200 million in its just-completed takeover of YouTube Inc. as a financial cushion to cover losses or possible legal bills for the frequent copyright violations on YouTube’s video-sharing site. Without elaborating in a late Monday statement, Google said it is withholding 12.5 percent of the stock owed to YouTube for one year ``to secure certain indemnification obligations.” The Mountain View-based company disclosed the escrow account in an announcement commemorating the completion of its much-anticipated YouTube acquisition. As of Tuesday afternoon, Google representatives hadn’t responded to requests for more details about the escrow account. Buying San Bruno-based YouTube cost Google 3.66 million shares of its prized stock, including a convertible warrant. As of Tuesday, those shares were worth $1.79 billion -- above the targeted purchase price of $1.65 billion announced last month. But the escrow account’s existence means YouTube’s former owners -- a small group led by co-founders Chad Hurley, Steve Chen, Jawed Karim and Sequoia Capital -- may never receive a substantial portion of the Google stock if YouTube runs into legal trouble or incurs other losses. The percentage of stock being held in escrow translates into about 457,000 Google shares worth about $224 million after the company’s stock price rose $8.27 Tuesday to close at $489.30 on the Nasdaq Stock Market. YouTube may become a more tantalizing target for copyright owners and their lawyers now that it’s owned by Google, a moneymaking machine that had accumulated $10.4 billion in cash through September. The much-smaller YouTube never turned a profit, and even required a $15 million infusion from Google to help pay its bills until the deal closed, according to disclosures made late Monday. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/16012245.htm

-- and --

UNIVERSAL SUES MYSPACE FOR COPYRIGHT VIOLATIONS (CNET, 17 Nov 2006) -- Universal Music Group sued MySpace.com late Friday, claiming that the social-networking site is infringing on the copyrights of thousands of songs and videos. Universal, owned by French media conglomerate Vivendi, claims that Myspace has looked the other way as users unlawfully uploaded copyright music videos. In a copy of court documents filed Friday in U.S. District Court in Los Angeles, Universal also accuses MySpace of aiding copyright infringement by reformatting clips so users can transfer them to friends or post them to other sites. “Defendants have made infringement free and easy,” Universal’s attorneys wrote in the filing, a copy of which was obtained by CNET News.com. “(MySpace) has turned MySpace Videos into a vast virtual warehouse for pirated copies of music videos and songs.” http://news.com.com/2100-1030_3-6136829.html Complaint at http://news.findlaw.com/wsj/docs/ip/umgmyspace111706cmp.html

SANS NAMES TOP HACKER TARGETS (CNET, 15 Nov 2006) -- Microsoft’s Internet Explorer has been named one of the Internet’s top 20 hacker targets by a leading security organization. The SANS Institute also said Wednesday that Microsoft Office and Windows Libraries and Services are some of the most vulnerable applications available on computers today. But Microsoft was not alone in the annual list, released Wednesday. Apple Computer’s Mac OS X was also cataloged, along with “configuration weaknesses” The 2006 list is of the Top 20 Attack Targets, whereas previously it was named the Top 20 Internet Security Vulnerabilities. Written by members of the SANS Institute and security experts from the technology industry and government bodies, it indicates which network features could leave a company vulnerable to attack. http://news.com.com/2100-7349_3-6135844.html List at http://www.sans.org/top20/?ref=1814

CALIFORNIA COURT EXPANDS IMMUNITY FOR BLOGGERS (Reuters, 21 Nov 2006) -- Individuals who use the Internet to distribute information from another source may not be held to account if the material is considered defamatory, the California Supreme Court ruled on Monday in a reversal of a lower court decision. The ruling supports federal law that clears individuals of liability if they transmit, but are not the source of, defamatory information. It expands protections the law gives to Internet service providers to include bloggers and activist Web sites. “We acknowledge that recognizing broad immunity for defamatory republication on the Internet has some troubling consequences,” California’s high court justices said in their opinion. “Until Congress chooses to revise the settled law in this area, however, plaintiffs who contend they were defamed in an Internet posting may only seek recovery from the original source of the statement,” the decision stated. The opinion, written by Associate Justice Carol Corrigan, addressed a lawsuit by two doctors who claimed defendant Ilena Rosenthal and others distributed e-mails and Internet postings that republished statements the doctors said impugned their character and competence. http://news.yahoo.com/s/nm/20061121/wr_nm/life_defamation_internet_dc_2 Decision at http://www.courtinfo.ca.gov/opinions/documents/S122953.PDF

-- and --

WEB PUBLISHER NOT LIABLE FOR DISCRIMINATORY HOUSING ADS POSTED BY THIRD PARTY (Trade Regulation Talk blog, 20 Nov 2006) -- Publishing company Craigslist was not liable for Fair Housing Act violations resulting from allegedly discriminatory advertisements posted on its website, the federal district court in Chicago has ruled. The Communications Decency Act operated to immunize the publisher from liability for content posted on its website by third parties. (Chicago Lawyers’ Committee for Civil Rights Under the Law, Inc. v. Craigslist, Case No. 06 C 0657, November 14, 2006). The Chicago Lawyers’ Committee for Civil Rights Under Law, Inc. (CLC), a public interest consortium of Chicago law firms, sought to hold Craigslist liable for discriminatory housing advertisements appearing on its website. Craigslist requested dismissal of the suit, arguing that, as an interactive computer service provider, the Communications Decency Act shielded it from liability for the third-party ads. Craigslist operates a website (accessible at “chicago.craigslist.org,” as well as other web addresses), that allows third-party users to post and read notices for, among other things, housing sale or rental opportunities. In typical month, more than 10 million items of user-supplied information are posted on the Craigslist website. The Fair Housing Act prohibits discrimination in the sale or rental of housing, including publishing and printing advertisements that discriminate or indicate a preference based on race, color, religion, sex, handicap, familial status, or national origin. 42 U.S.C. § 3604(c). Courts have held that Section 3604(c) applies to a variety of media, including newspapers and print publishers. CLC contended that Internet publishers like Craigslist should be held to the same standard of liability as print publishers under the Fair Housing Act. Craigslist asserted that the Communications Decency Act operated to immunize it from liability for content, including housing ads, posted on its website by third parties. The CDA provides that “[n]o provider . . . of an interactive computer service shall be treated as a publisher for information provided by another information content provider.” 47 U.S.C. § 230(c)(1). The court agreed with Craigslist. While the CDA does not grant immunity per se to website operators, it does prohibit causes of action based on the website operator’s status as a publisher. http://www.traderegulation.blogspot.com/ Decision at http://www.eff.org/legal/cases/clc_v_craigslist/craigslist_decision.pdf

VISTA’S EULA PRODUCT ACTIVATION WORRIES (SecurityFocus, 20 Nov 2006) -- Mark Rasch looks at the license agreement for Windows Vista and how its product activation component, which can disable operation of the computer, may be like walking on thin ice. The terms of Microsoft’s End User License Agreement (EULA) for its upcoming Vista operating system raises the conflict between two fundamental principles of contract law. The first, and more familiar, is that parties to a contract can generally agree to just about anything, as long as what they agree to doesn’t violate the law and isn’t “unconscionable.” The second principle is that the law generally disfavors the remedy of “self-help.” That is to say that, if there is a violation of the terms of a contract, you usually have to go to court, prove the violation, and then you are entitled to damages or other relief. The terms of the Vista EULA, like the current EULA related to the “Windows Genuine Advantage,” allows Microsoft to unilaterally decide that you have breached the terms of the agreement, and they can essentially disable the software, and possibly deny you access to critical files on your computer without benefit of proof, hearing, testimony or judicial intervention. In fact, if Microsoft is wrong, and your software is, in fact, properly licensed, you probably will be forced to buy a license to another copy of the operating system from Microsoft just to be able to get access to your files, and then you can sue Microsoft for the original license fee. Even then, you wont be able to get any damages from Microsoft, and may not even be able to get the cost of the first license back. http://www.securityfocus.com/columnists/423 [Editor: read the rest; then read the VISTA EULA – UCITA lives, apparently.]

OU PROVOST OKS FIRINGS OF IT MANAGERS (Computer World, 20 Nov 2006) -- Ohio University’s provost last week upheld the August firings of two IT managers in connection with a series of data security breaches, rejecting a recommendation by the school’s grievance committee that the workers be rehired and given public apologies. In letters sent last Wednesday to the two former IT employees, OU Provost Kathy Krendl said she reviewed their terminations and the grievance committee’s recommendation and concluded that the firings were justified. Krendl wrote in the letters to Thomas Reid, who had been director of communication network services at OU, and Todd Acheson, the school’s former Unix systems manager, that she supported the decision by CIO William Sams to fire the two men on grounds of “nonfeasance” of their duties. “I must conclude that responsibility for designing and maintaining a secure network resided in your office,” Krendl wrote. The finding of nonfeasance “does not indicate any intentional or purposeful wrongdoing,” she added. “It does not indicate that you intended to put our data at risk, but in fact, that was the result of failing to take the necessary proactive steps to protect confidential information.” http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=274378&source=rss_topic17

THE KID WITH ALL THE NEWS ABOUT THE TV NEWS (New York Times, 20 Nov 2006) -- When people in the television news business want to find out what’s going on in their industry, they turn to a blog called TVNewser. But while the executives obsessively checking TVNewser are mostly high powered and highly paid, the person who creates it is not: he is Brian Stelter, a baby-faced 21-year-old at Towson University here, a few miles north of Baltimore. “I’ve heard people joke that when TVNewser is dormant, the kid had a final or a big family dinner that he couldn’t get out of,” said Brian Williams, the NBC news anchor and a TVNewser devotee. “People from entry level to high and mighty check in on it.” When his postings dropped off last month after his girlfriend dumped him, Mr. Stelter found himself fielding complaints from powerful network executives about when he was going to get over his romantic travails and get back on track. Mr. Stelter’s blog (tvnewser.com), a seven-day-a-week, almost 24-hour-a-day newsfeed of gossip, anonymous tips, newspaper article links and program ratings, has become a virtual bulletin board for the industry. It is read religiously by network presidents, media executives, producers and publicists, not for any stinging commentary from Mr. Stelter, whose style is usually described as earnest, but because it provides a quick snapshot of the industry on any given day. Habitués include Mr. Williams and Jonathan Klein, the president of CNN’s domestic operations, who long ago offered up his cellphone number to Mr. Stelter. “The whole industry pays attention to his blog,” said Jeffrey W. Schneider, a senior vice president of ABC News. “It would not surprise me if I refreshed my browser 30 to 40 times a day.” In April Mr. Stelter attended the White House Correspondents’ Dinner as a guest of MSNBC. “He was quite a celebrity,” said Jeremy Gaines, a spokesman for MSNBC. “Literally two tables over was George Clooney, and at our table was TVNewser, and people were waiting in line to see him.” Perhaps this is what the techno-geeks had in mind when they invented the Internet — a device to squash not only time and space, but also social class and professional hierarchies, putting an unprepossessing Maryland college student with several term papers due in a position to command the attention and grudging respect of some of society’s most famous and powerful personalities. http://www.nytimes.com/2006/11/20/business/media/20newser.html?ex=1321678800&en=20fb4c0279475404&ei=5090&partner=rssuserland&emc=rss

CLICK ON ME NOW OR VISIT ME LATER (New York Times, 20 Nov 2006) -- About a third of consumers sometimes click on banner advertisements on the Web. But twice as many consumers sometimes respond to such ads indirectly, avoiding clicking on them but later visiting the Web sites advertised, according to a survey by DoubleClick, an online marketing-software company. 6,121 adults were surveyed in July via an online panel adjusted to reflect the Internet-using population. The finding suggests that consumers prefer to reach sites on their own, rather than by linking through advertisements. “People are engaged in the content they’re looking at the time that they’re exposed to the ad, and they don’t want to navigate off the page,” said Rick Bruner, DoubleClick’s director of research. Marketers have been slow to come to that realization, and many still pay ad publishers only when an ad is clicked on. But an increasing number pay a fee for every thousand consumers who see the ad — effectively using Internet ads to generate awareness, as they would newspaper or television ads. That is often the compensation scheme behind elaborate, interactive ads like those for “Pirates of the Caribbean: Dead Man’s Chest” last summer. http://www.nytimes.com/2006/11/20/technology/20drill.html?ex=1321678800&en=08aa8a1700fb40b8&ei=5090&partner=rssuserland&emc=rss

FINANCIAL INSTITUTIONS URGED TO LOOK BEYOND FFIEC RULES (ComputerWorld, 21 Nov 2006) -- Financial institutions that truly want to bolster their online security need to look beyond the requirements of new strong authentication guidelines set to take effect Dec. 31, IT users and industry analysts said. The guidelines are from the Federal Financial Institutions Examination Council (FFIEC) and call on banks and credit unions to implement strong authentication measures to protect online users against ID theft and other types of fraud. They also urge financial institutions to upgrade current single-factor authentication processes -- typically based on usernames and passwords -- with a stronger, second form of authentication. The guidelines are not required by law, but the FFIEC has said it will start auditing banks for compliance next year. The guidelines have been successful in getting the financial industry to turn its attention to the issue of online security, said Avivah Litan, an analyst at Gartner Inc. in Stamford, Conn. About two-thirds of the financial institutions in the U.S. are likely to have stronger authentication processes in place by the time the deadline passes, she said. But because the focus is largely on front-end access controls -- and less on what happens at the transaction level -- the FFIEC guidance by itself is inadequate against emerging security threats, said Don Phan, an analyst at Javelin Strategy and Research in Pleasanton, Calif. “We don’t consider FFIEC guidance alone to be strong enough to make the consumer safer” against online security threats,” he said. “Financial institutions must set their goals higher than FFIEC compliance.” Phan recommends using risk assessment and alerting measures both at the log-in stage and for real-time monitoring of an account holder’s activities in-session. Such measures are needed to fight fraud that can result if hackers manage to compromise strong authentication processes during log-in, he said. Already, for instance, fraudsters have found a way to break the one-time passwords that some banks have begun using as a second form of user authentication, Phan said. Similarly strong authentication measures, such as two-factor authentication, don’t offer protection against so-called man-in-the-middle attacks where hackers are able to intercept and modify the traffic between two parties. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9005343&source=rss_topic146

SURVEY: COMPANIES NOT PREPARED FOR NEW E-DISCOVERY RULES (ComputerWorld, 21 Nov 2006) -- Few corporations are prepared for the new federal rules slated to take effect Dec. 1 for electronic discovery of documents in civil cases, according to a survey conducted by Computerworld. About 42% of the 170 IT managers and staffers surveyed said they did not know the status of their company’s preparation for the new rules, while 32% said their company was not at all prepared. The new rules specify requirements for submitting electronic documents – including e-mail and perhaps even IM logs -- as evidence in civil cases. The rules were recommended in September 2005 by the Judicial Conference of the U.S. Supreme Court’s Committee on Rules of Practice and Procedure. If the survey is correct, a widespread lack of preparation that could lead to large fines to companies, said John Bace, an analyst at Gartner Inc. in Stamford, Conn., who said the Computerworld survey results are in line with his research. The new rules, described in a 300-plus-page document, require that companies that are involved in civil litigation meet within 30 days of the filing to decide how to handle electronic data. The firms must agree on what records are shared, which electronic format is used and a definition of “accessible data.” Of the Computerworld survey respondents, 15% said their company was halfway or somewhat prepared, while 5% said their company was completely prepared. Twenty-two percent said they had prepared for the new rules by reading about them, and a few said they had retained inside or outside counsel. Several respondents also said this was the first time they had heard of the new rules. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9005298&intsrc=hm_list

EU, U.S. IN TALKS OVER COMMON DATA PRIVACY RULES (Reuters, 22 Nov 2006) -- The European Union and the United States have launched talks to establish common guidelines over data privacy rules, EU and U.S. officials said on Tuesday. A committee of EU national data privacy supervisors is due to rule on Wednesday over the access to private transactions which the international banking network SWIFT gave the United States. SWIFT’s CEO Leonard Schrank said last week he expected the committee to rule that SWIFT broke EU privacy law. Divergent transatlantic views over data privacy rules in the fight against terrorism were also highlighted in talks over air passenger data sharing, on which the EU and the United States clinched a deal last month. “We need to establish common guidelines on theses issue, not just renegotiate agreement by agreement,” the EU’s Justice and Security Commissioner Franco Frattini told reporters in Lisbon. EU and U.S. senior officials held talks on data privacy during Frattini’s visit to Washington on Nov. 6 and will continue at senior level, another Commission official said. The dialogue focused on the role of the U.S. financial intelligence program in fighting terrorism globally and “on rigorous safeguards in place to protect the privacy of all citizens not engaged in terrorism,” U.S. Treasury Undersecretary Stuart Levey said in a statement in response to inquiries. Frattini said he proposed to the United States to create a permanent working group to bring data protection rules closer. “We need to exchange data with the U.S. because if that helps to stop a terrorist attack, we’re all happy. But we also need to protect innocent people data,” he said. EU lawmakers called on the EU and the United States last month to negotiate a wide-ranging agreement on security and data privacy. http://in.today.reuters.com/news/NewsArticle.aspx?type=technologyNews&storyID=2006-11-22T021546Z_01_NOOTR_RTRJONC_0_India-277279-1.xml

CELL PHONE OWNERS GETTING NEW RIGHTS (CNN, 23 Nov 2006) -- Cell phone owners will be allowed to break software locks on their handsets in order to use them with competing carriers under new copyright rules announced Wednesday. Other copyright exemptions approved by the Library of Congress will let film professors copy snippets from DVDs for educational compilations and let blind people use special software to read copy-protected electronic books. All told, Librarian of Congress James H. Billington approved six exemptions, the most his Copyright Office has ever granted. For the first time, the office exempted groups of users. Previously, Billington took an all-or-nothing approach, making exemptions difficult to justify. “I am very encouraged by the fact that the Copyright Office is willing to recognize exemptions for archivists, cell phone recyclers and computer security experts,” said Fred von Lohmann, an attorney with the civil-liberties group Electronic Frontier Foundation. “Frankly I’m surprised and pleased they were granted.” But von Lohmann said he was disappointed the Copyright Office rejected a number of exemptions that could have benefited consumers, including one that would have let owners of DVDs legally copy movies for use on Apple Computer Inc.’s iPod and other portable players. The new rules will take effect Monday and expire in three years. In granting the exemption for cell phone users, the Copyright Office determined that consumers aren’t able to enjoy full legal use of their handsets because of software locks that wireless providers have been placing to control access to phones’ underlying programs. Billington noted that at least one company has filed lawsuits claiming that breaking the software locks violates copyright law, which makes it illegal for people to circumvent copy-protection technologies without an exemption from the Copyright Office. He said the locks appeared in place not to protect the developer of the cell phone software but for third-party interests. The exemption granted to film professors authorizes the breaking of the CSS copy-protection technology found in most DVDs. Programs to do so circulate widely on the Internet, though it has been illegal to use or distribute them. The professors said they need the ability to create compilations of DVD snippets to teach their classes -- for example, taking portions of old and new cartoons to study how animation has evolved. Such compilations are generally permitted under “fair use” provisions of copyright law, but breaking the locks to make the compilations has been illegal. Billington also authorized the breaking of locks on electronic books so that blind people can use them with read-aloud software and similar aides. He granted two exemptions dealing with computer obsolescence. For computer software and video games that require machines no longer available, copy-protection controls may be circumvented for archival purposes. Locks on computer programs also may be broken if they require dongles -- small computer attachments -- that are damaged and can’t be replaced. The final exemption lets researchers test CD copy-protection technologies for security flaws or vulnerabilities. Researchers had cited Sony BMG Music Entertainment’s use of copy-protection systems that installed themselves on personal computers to limit copying. In doing so, critics say, Sony BMG exposed the computers to hacking, and the company has acknowledged problems with one of the technologies used on some 5.7 million CDs. http://www.cnn.com/2006/TECH/11/23/digital.copyright.ap/index.html

WHO WILL SECURE THE SECURITY PROFESSIONALS? (Steptoe & Johnson’s ECommerce Law Week, 25 Nov 2006) -- This modern-day take on Roman satirist Juvenal’s old saw (“Quis custodiet ipsos custodes?” or “Who will watch the watchmen?”) has a modern-day answer: the Federal Trade Commission. The FTC announced on November 16 that data breach response specialist Guidance Software Inc. had settled charges that it had failed to provide “reasonable and appropriate security” for personal information stored on its corporate network, in violation of the “deceptive acts or practices” provision of the FTC Act. Although Guidance admitted no wrongdoing, it agreed to cease misrepresenting its security policies, implement a comprehensive information security program, and submit to 10 years of FTC oversight. The settlement should again remind companies that, in the opinion of the Commission, the broad language of the FTC Act provides ample basis for regulating corporate data security. http://www.steptoe.com/publications-4025.html

FRENCH PARLIAMENT DUMPING WINDOWS FOR LINUX (CNET, 27 Nov 2006) -- France’s gendarmes and Ministry of Culture and Communication have done it, and now members of the country’s parliament are about to switch to open source. Starting in June 2007, PCs in French deputes’ offices will be equipped with a Linux operating system and open-source productivity software. The project, backed by parliament members Richard Cazenave and Bernard Carayon of the Union for a Popular Movement party, will see 1,154 French parliamentary workstations running on Linux, with OpenOffice.org productivity software, the Firefox Web browser and an open-source e-mail client. http://news.com.com/2100-7344_3-6138372.html [Editor: I’ve installed Linux and OpenOffice on an old PC, too. It was easy, intuitive (well, as intuitive as Microsoft’s stuff anyway), and free. OpenOffice documents seem entirely compatible with Microsoft applications.]

XEROX SEEKS ERASABLE FORM OF PAPER FOR COPIERS (New York Times, 27 Nov 2006) -- During the 1970s, researchers at Xerox’s Palo Alto Research Center explored a software technique called “garbage collection” used for recycling computer memory. The technique allowed the automatic reuse of blocks of memory that were storing unused programs and data. Today an anthropologist at the center, Brinda Dalal, has become a self-styled “garbologist” to assist in a joint effort with chemists at the Xerox Research Center of Canada to develop an “erasable paper” system. The goal is to recycle paper documents produced by the company’s copiers — potentially an unlimited number of times. What she has discovered is a notable change in the role of paper in modern offices, where it is increasingly used as a medium of display rather than storage. Documents are stored on central servers and personal computers and printed only as needed; for meetings, editing or reviewing information. The pieces of paper spewed from copiers frequently end up back in the recycling bin on the same day they are printed, she noted. Of the 1,200 pages the average office worker prints per month, 44.5 percent are for daily use — assignments, drafts or e-mail. In her research, scouring the waste produced by office workers, she found that 21 percent of black-and-white copier documents were returned to the recycling bin on the same day they were produced. Her research is part of a three-year-old technology development effort to design an add-on system for an office copier to produce “transient documents” that can be easily reused. The researchers now have a prototype system that will produce documents on a specially coated paper with a light yellow tint. The printed information on the document “disappears” within 16 hours. The documents can be reused more quickly by simply placing them in the copier paper tray. The researchers said that individual pieces of paper had been printed on up to 50 times, and the only current limit in the process appears to be paper life. Xerox said the precise nature of the technology was proprietary and that Xerox had applied for a number of related patents covering the invention. The researchers describe the invention as being based on compounds that can change color when they absorb a certain wavelength of light, but can then gradually revert to their original appearance. The compounds currently self-erase in about 16 to 24 hours, or can be erased immediately when heated. http://www.nytimes.com/2006/11/27/technology/27xerox.html?ex=1322283600&en=3ae06b7f8791a091&ei=5090&partner=rssuserland&emc=rss

VAUNTED LEGAL SCHOLAR SWITCHES SIDES IN SUPREME COURT PATENT CASE (Law.com, 27 Nov 2006) -- One of the nation’s top legal scholars on intellectual property has switched sides in a U.S. Supreme Court case that could decide how patents are granted. Mark Lemley, a Stanford University professor and of counsel at Keker & Van Nest in San Francisco, initially asked the high court to hear KSR International Co. v. Teleflex Inc. But then, in October, Lemley filed a brief asking the Court to take no action in the case, which is scheduled for oral argument on Tuesday. Lemley has already landed on the winning side of two high court patent fights this year. He filed an amicus brief supporting eBay Inc., which won its closely watched battle against MercExchange LLC in May. The next month he represented the defendant in LabCorp. v. Metabolite, persuading the Court to punt the case -- after it had already granted certiorari -- because of a procedural issue. His move in the current case could be a big boost to Teleflex, whose patent on an electronic gas pedal KSR is seeking to invalidate. It’s extremely rare, say Court observers, for a practitioner to change positions in a high court case. Roy Englert, a name partner at Robbins, Russell, Englert, Orserk & Untereiner in Washington, D.C., who has argued 16 cases before the Supreme Court, says the only time he can recall it happening was in 1989, when the U.S. solicitor general’s office withdrew its support in a case it initially urged the Court to hear. That’s what happened with Lemley. In June he and 23 other law professors urged the Supreme Court to hear KSR’s appeal. Then, in October, he and four different law professors signed on to an amicus brief siding with Telefle. xWhat happened? Lemley says that after he filed his June certiorari petition, the U.S. Court of Appeals for the Federal Circuit issued three decisions that made him change his mind. “If the Federal Circuit had issued those decisions two years ago, I would not have supported KSR’s petition for cert,” he says. He also notes that two new law review articles -- written by two of the professors who joined him on the Teleflex brief -- made him realize that the status quo doesn’t need fixing. The KSR case initially attracted the attention of reform-minded patent professors like Lemley, who believed that the Federal Circuit had been too loose with an important standard -- that patents should not cover obvious inventions. At the district court, KSR had argued that Teleflex’s patent should be invalidated because it covered an obvious invention. Neither gas pedals nor electronic sensors are new technology, KSR argued. There was nothing innovative in combining the two. The court agreed, but the decision was reversed on appeal. The Federal Circuit ruled that because no one had suggested combining these two technologies in any written prior art, the invention was not obvious. In their petition, Lemley and company argued that by relying so heavily on written prior art, the Federal Circuit had lowered the patent bar too far. Sometimes an invention is so obvious that no one ever even bothers to write about it, they said. But in the October amicus brief, Lemley urged the Court not to mess with the Federal Circuit’s current standard. “I still think there are obvious patents that slip through, but I think the Federal Circuit’s test is the best we’ve got right now,” Lemley now says. http://www.law.com/jsp/article.jsp?id=1164029738621&rss=newswire

PARAMOUNT, FOX EMBRACE BITTORRENT (CNET, 29 Nov 2006) -- Peer-to-peer company BitTorrent will begin distributing movies and TV shows for top entertainment companies starting this spring, the company is expected to announce Wednesday. In February, BitTorrent will launch a video store where customers can download movies from Hollywood studios such as Paramount Pictures, Lionsgate and Twentieth Century Fox Film, as well as TV shows from MTV Networks. Earlier this year, BitTorrent announced a similar partnership with Warner Bros. Home Entertainment. Financial terms of the agreement were not released. The deal comes at a time when Hollywood is looking for a winning Internet movie strategy. Short-form video distributed over the Net has caught fire at places like YouTube. Many in the digital-entertainment realm are preparing for a day when the Web will provide an effective and profitable distribution method for feature-length films. BitTorrent’s announcement comes a day after Wal-Mart Stores, the world’s largest retailer, launched its own movie download service. Other companies that have struck Net distribution agreements with studios are Apple Computer, which offers content via its iTunes Store, Amazon.com and video-sharing site Guba. Even by offering thousands of titles, San Francisco-based BitTorrent faces tough competition from the massive libraries of Wal-Mart and Amazon. Executives at BitTorrent say they plan to stand out from the pack by offering consumers the speediest way to download a movie. Developed in 2001, BitTorrent’s open-source distribution system was designed to help transfer large files over the Internet. BitTorrent allows a single file to be broken into small fragments that are distributed among computers. People then share pieces of the content with one another. http://news.com.com/2100-1025_3-6139174.html

RUSSIA AGREES TO SHUT DOWN ALLOFMP3.COM (CNET, 29 Nov 2006) -- Russia has agreed to shut down Allofmp3.com and other music sites based in that country that the U.S. government says are offering downloads illegally. The nation has struck the agreement with the Office of the U.S. Trade Representative as it seeks entry to the World Trade Organization. The U.S. has suggested that it would hold up Russia’s acceptance in the WTO unless leaders there took action against digital piracy. “Russia will take enforcement actions against the operation of Russia-based websites,” according to a press release issued November 19 by the U.S. Trade Representative. “(Russia will) investigate and prosecute companies that illegally distribute copyright works on the Internet.” http://news.com.com/2100-1027_3-6139350.html

HERE’S MY NUMBER (FOR TODAY) (New York Times, 30 Nov 2006) -- THERE is no shortage of ways to reach Airin McClain, a singer who lives in Philadelphia. She has a Web site, an instant messenger account, a MySpace page, four e-mail addresses and two mobile phones. Good luck getting one of those phone numbers, though. She would sooner tell you her weight. “Why would I give out my cell?” said Ms. McClain, 23. “I don’t need a guy I met at a bar one night calling me every day for the next two weeks begging me to go out. I want to filter out the people I don’t need to have contact with.” In an age of information oversharing, the mobile-phone number is one of the few pieces of personal information that people still choose to guard. Unwanted incoming calls are intrusive and time-consuming and can suck precious daytime cell-plan minutes. And the decision to give out a cell number can haunt you for years, as people now hold on to the numbers longer than their land-line numbers. Some people have found a way to avoid compromising the sanctity of their cellphone without committing the modern sin of being unreachable. Instead of giving out her cell number, Ms. McClain has recently been dispersing what has become known as a “social phone number.” This is a free number that is as disposable as a Hotmail address. A handful of Web sites are creating these mask numbers, which can be obtained in nearly every area code (users can either have a number in their own region, or make it look as if they have an office in New York City when they are actually operating out of rural Maine). These sites buy numbers in bulk at a discount, then generate profit by displaying ads and getting users of the free service to upgrade to billable plans with features like call forwarding, call blocking and outbound calling. For those who sign up, a recording prompts callers to leave a voice-mail message, and a text or e-mail message is then sent to the recipient to announce a new message, which can be picked up on the Web, by e-mail or by phone. Matt Wisk, creator of the social phone number provider PrivatePhone.com (and chief marketing officer of the site’s parent company, United Online), said he got the idea to protect mobile numbers in 2005 when Paris Hilton’s cellphone was hacked into, spilling her contacts’ phone numbers all over the Internet. “I thought, ‘There’s got to be a better way,’ “ he said. PrivatePhone.com made its debut in May, with the paradoxical tagline “My number is so private, I can make it public.” AOL introduced a similar service around the same time. SimpleVoiceBox.com, J2.com, and K7.net are other sites that offer similar services free, albeit without the benefit of customizable area codes. http://www.nytimes.com/2006/11/30/fashion/30numbers.html?ex=1322542800&en=509006b423704d01&ei=5090&partner=rssuserland&emc=rss

EARLY ASTRONOMICAL ‘COMPUTER’ FOUND TO BE TECHNICALLY COMPLEX (New York Times, 30 Nov 2006) -- A computer in antiquity would seem to be an anachronism, like Athena ordering takeout on her cellphone. But a century ago, pieces of a strange mechanism with bronze gears and dials were recovered from an ancient shipwreck off the coast of Greece. Historians of science concluded that this was an instrument that calculated and illustrated astronomical information, particularly phases of the Moon and planetary motions, in the second century B.C. The instrument, the Antikythera Mechanism, sometimes called the world’s first computer, has now been examined with the latest in high-resolution imaging systems and three-dimensional X-ray tomography. A team of British, Greek and American researchers deciphered inscriptions and reconstructed the gear functions, revealing “an unexpected degree of technical sophistication for the period,” it said. The researchers, led by the mathematician and filmmaker Tony Freeth and the astronomer Mike G. Edmunds, both of the University of Cardiff, Wales, are reporting their results today in the journal Nature. They said their findings showed that the inscriptions related to lunar-solar motions, and the gears were a representation of the irregularities of the Moon’s orbital course, as theorized by the astronomer Hipparchos. They established the date of the mechanism at 150-100 B.C. http://www.nytimes.com/2006/11/30/science/30compute.html?ex=1322542800&en=404c232629ce7e71&ei=5090&partner=rssuserland&emc=rss

GOVERNMENT COMPUTERS QUIETLY RATE MILLIONS OF TRAVELERS FOR TERRORISM POTENTIAL (SiliconValley.com, 30 Nov 2006) -- For the past four years, without public notice, federal agents have assigned millions of Americans and other international travelers computer-generated scores assessing the risk they pose of being terrorists or criminals. The travelers are not allowed to see or directly challenge these risk assessments. And the government intends to keep them on file for 40 years. Earlier in November, the government disclosed the existence and details of the Automated Targeting System (ATS) for the first time in the Federal Register. Privacy and civil liberties lawyers, congressional aides and even law enforcement officers said they thought the ATS had been applied only to cargo. The scores are assigned to people entering and leaving the United States after computers assess their travel records, including where they are from, how they paid for tickets, their motor vehicle records, past one-way travel, seating preference and what kind of meals they ordered. The Homeland Security Department notice called it ``one of the most advanced targeting systems in the world” and said U.S. ability to spot criminals and other security threats ``would be critically impaired without access to this data.” Still, privacy advocates view ATS with alarm. ``It’s probably the most invasive system the government has yet deployed in terms of the number of people affected,” David Sobel, a lawyer at the Electronic Frontier Foundation, a civil liberties group devoted to electronic data issues, said in an interview. A similar DHS data-mining project for domestic air travelers -- now known as Secure Flight -- caused a furor two years ago in Congress, which has barred its implementation until it can pass 10 tests for accuracy and privacy protection. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/16134135.htm

TELECOMS PROVIDERS TO REVEAL SECURITY LAPSES (VNUnet.com, 30 Nov 2006) -- Earlier this month, Nationwide Building Society revealed that a laptop belonging to one of its employees containing customer information had been stolen three months previously. While the company said the machine contained only limited information, the theft only became public knowledge after a journalist found out. The delay in revealing the theft has once again highlighted the debate over whether customers should be informed if there is a danger of their details falling into the wrong hands. European Commission legislation due to pass into law late next year addresses this issue. The Review of EU Regulatory Framework for Electronic Communications Networks and Services would force all suppliers of ‘electronic communications networks or services’ to notify regulators and customers of any breach of security that would result in customers’ personal data being made available to others. John Fell, partner at law firm Pinsent Masons, says the legislation, which will apply to telecoms provider firms and ISPs, is a significant advancement. ‘The Data Protection Act says you must put in place appropriate technical and organisational measures to prevent people gaining unlawful access to personal data, but this goes well beyond that, stipulating that if you are breached you have to tell people about it,’ he said. But Fell says there might be confusion in the application of the law. ‘When do providers disclose and to whom?’ he said. ‘If there is a network breach, who does BT tell? Does it tell the subscribers or does it have to tell every business it has a wholesale rental agreement with?’ There is also the question of liability. ‘I can see there being a lot of issues in a company that says if we notify customers, not just the authorities, we are holding ourselves up to potentially giving compensation that could be very expensive,’ said Fell. http://www.vnunet.com/computing/analysis/2169875/telecoms-providers-reveal

**** RESOURCES ****
BACKGROUND DISCUSSION OF COPYRIGHT LAW AND POTENTIAL LIABILITY FOR STUDENTS ENGAGED IN P2P FILE SHARING ON UNIVERSITY NETWORKS (Joint Committee of the Higher Education and Entertainment Communities, Nov 2006) -- A group of college officials who are part of a joint task force involving higher education and the entertainment industry have issued a white paper on copyright issues raised by file sharing, a practice that is popular with students but (in many forms) infuriates producers of music and film. The new document updates one issued three years ago. Document at http://www.aau.edu/intellect/06P2P_11-08-06.pdf

BUSINESS.GOV RELAUNCHED (USG, Nov 2006) -- Business.gov, the official business link to the U.S. Government, is managed by the U.S. Small Business Administration (SBA) in a partnership with 21 other federal agencies. This partnership, known as Business Gateway, is a Presidential E-government initiative that provides a single access point to government services and information to help the nation’s businesses with their operations. Launched in 2004, Business.gov initially focused on starting, growing and financing small businesses. Over the past few years, our users told us Business.gov could serve businesses better by focusing on helping them comply with Federal regulations, a need that was not being met by any other Federal government program. In addition, businesses spend a lot of time complying with laws and regulations and worrying about what they don’t know. According to a report by the Small Business Paperwork Relief Task Force, the Office of Management and Budget estimated that in fiscal year 2003, it took businesses and citizens approximately 8.2 billion hours and $320 billion filling out paperwork and complying with government regulations. We listened to our users, and in October 2006, re-launched Business.gov to focus on helping businesses comply with Federal regulations. http://www.business.gov/

SOURCES:
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu.
2. Edupage, http://www.educause.edu/pub/edupage/edupage.html.
3. SANS Newsbites, sans@sans.org.
4. NewsScan and Innovation, http://www.newsscan.com.
5. Internet Law & Policy Forum, http://www.ilpf.org.
6. BNA’s Internet Law News, http://ecommercecenter.bna.com.
7. Crypto-Gram, http://www.schneier.com/crypto-gram.html.
8. McGuire Wood’s Technology & Business Articles of Note, http://www.ggtech.com
9. Steptoe & Johnson’s E-Commerce Law Week, www.steptoe.com
10. Readers’ submissions, and the editor’s discoveries.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.