Friday, April 14, 2006

MIRLN -- Misc. IT Related Legal News [26 March – 14 April 2006; v9.05]

**************Introductory Note**********************

MIRLN (Misc. IT Related Legal News) is a free product of Dickinson Wright PLLC (www.dickinsonwright.com) and the American Bar Association’s Cyberspace Law Committee. Please feel free to distribute this message.

Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at http://www.buslaw.org/cgi-bin/controlpanel.cgi?committee=CL320000 (click on “Settings” beside Members-Only Listserve Discussion). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN editions are archived at www.vip-law.com and in the public materials section of the Cyberspace Committee’s collaboration space at http://lawplace.metadot.com.

**************End of Introductory Note***************

WEB PUBLISHER SUES OVER GOOGLE INDEX EXCLUSION (InfoWorld, 20 March 2006) -- Google was hit with a lawsuit on Friday by a Web publisher that alleges it has suffered significant financial harm because its site got dropped from the search engine’s index. KinderStart.com, which operates a Web site for parents of children under 7 years old, filed its lawsuit as a class action in U.S. District Court for the Northern District of California, San Jose Division. KinderStart.com, based in Norwalk, California, charges Google, among other things, with violating its right to free speech under the U.S. Constitution; violating section 2 of the Sherman Act by using a monopoly position to harm competitors; engaging in unfair practices and competition under California law; and committing defamation and libel. The Web publisher is asking the court to certify the lawsuit as a class action nationwide with a subclass in California and award unspecified damages to affected businesses. It also wants the court to declare Google in violation of the plaintiffs’ right to free speech and impose “suitable” injunctive relief for them. If KinderStart.com prevails, the lawsuit could have significant repercussions on the way Google decides to remove Web sites from its index, an action that can seriously hurt a business’ sales and marketing operations due to Google’s enormous influence on Web traffic as the world’s most used search engine. Google reserves the right to remove Web sites from its index for various reasons. For example, in its webmaster guidelines for making a Web site easy for Google’s search spider to crawl and index, the company lists practices Google considers deceptive that can get a site banned. But KinderStart.com states it hasn’t knowingly violated any of Google’s webmaster guidelines. It seeks class action status for the lawsuit because it believes a significant number of Web publishers have been affected in a similar way. http://www.infoworld.com/article/06/03/20/76626_Hngoogleexclusion_1.html

YAHOO LOSES 230 DEFENSE FOR ITS DATING SITE--ANTHONY V. YAHOO (Eric Goldman blog, 24 March 2006) -- Anthony subscribed to Yahoo’s dating subscription services. He claims that Yahoo creates false personal profiles and retains expired profiles to make the subscription service look more attractive to existing subscribers. He is the named plaintiff in this putative class action, claiming (among other things) that, based on this behavior, Yahoo engages false and negligent misrepresentation and deceptive/unfair trade practices. Yahoo moves to dismiss those claims under 47 USC 230. The court rejects Yahoo’s motions for two reasons. First, the complaint alleges that Yahoo creates the false profiles, so Yahoo (and not a third party) is the information content provider of those profiles. Second, Yahoo sends subscribers the expired profiles. Though the profiles are created by its users, Yahoo (not the users) create the false perception that the profiles are valid. Thus, Yahoo can’t claim the 230 immunity for creating that impression. Normally, I never meet a 230 defense that I don’t like. So it may surprise you that I think the court rightly rejected the 230 claim. Certainly, 230 on its face does not apply to the allegation that Yahoo created profiles itself. Note to plaintiffs: you should always be able to survive a 230 motion to dismiss by claiming that the online service provider itself solely created the content in question. (See the analogous ruling in the Hy Cite case). Of course, these allegations are subject to Rule 11, so plaintiffs need to be able to support these factual assertions. http://blog.ericgoldman.org/archives/2006/03/yahoo_loses_230.htm

BRITANNICA EDITORS CALL WIKIPEDIA COMPARISON SLOPPY AND CARELESS (Newsfactor.com, 24 March 2006) -- During the recent dust-up over Wikipedia’s accuracy, the site’s advocates often pointed to an article in scientific journal Nature, which noted that the encyclopedic site was comparable in quality to the Encyclopedia Britannica. After extensive study, Britannica has blasted back at that assertion, calling the Nature study both sloppy and careless. “Virtually everything in that story was misleading and wrong,” said Theodore Pappas, executive editor of Britannica. “It was so full of errors that it’s completely without merit.” According to Britannica, Nature contacted the reference publisher only a day before the study was published, asking for a response to Britannica’s “many errors.” In trying to replicate the study, Britannica faced lengthy delays from unresponsive editors at Nature, Pappas said. The publisher then attempted to analyze the study’s results in detail by looking at the materials mentioned by Nature, only to find that some of the information in question had not been published in the encyclopedia or was nearly a decade old. Firing back at the Nature study was necessary, Pappas noted, because the publisher felt that the story was a major black eye that was wholly undeserved. “It was damning to our reputation, and completely inaccurate,” he said. Britannica also expressed frustration and anger over the way the article was laid out, with many sidebars that seemed to take a “pro-Wikipedia” stance, Pappas noted. http://news.yahoo.com/s/nf/20060324/bs_nf/42348

ILLINOIS MAN FINED FOR PIGGYBACKING ON WI-FI SERVICE (Techweb, 24 March 2006) -- In Illinois, riding piggyback on someone else’s Wi-Fi could cost you some money. David M. Kauchak, 32, pleaded guilty this week in Winnebago County to remotely accessing someone else’s computer system without permission, the Rockford Register Star newspaper reported. A Winnebago County judge fined Kauchak $250 and sentenced him to one year of court supervision.Kauchak has the dubious distinction of being the first person to face the charge in Winnebago County, and prosecutors say they’re taking the crime seriously. “We just want to get the word out that it is a crime. We are prosecuting it, and people need to take precautions,” Assistant State’s Attorney Tom Wartowski told the newspaper. A police officer arrested Kauchak in January after spotting him sitting in a parked car with a computer. A chat with the suspect led to the arrest, Wartowski said. http://news.yahoo.com/s/cmp/20060325/tc_cmp/183702832 [Editor: I sure hope there’s more to this story; some people leave WiFi access points intentionally open, inviting occasional visitors. From time to time, as a matter of principle, I do the same.]

PROPOSED FEC RULES WOULD EXEMPT MOST POLITICAL ACTIVITY ON INTERNET (Washington Post, 25 March 2006) -- The Federal Election Commission last night released proposed new rules that leave almost all Internet political activity unregulated except for the purchase of campaign ads on Web sites. “My key goal in this rule-making has been to make sure that the commission establish clear rules to exempt individuals who engage in online politics from campaign finance laws,” said Chairman Michael E. Toner, a Republican. “We tried to craft a regulation that would allow the maximum amount of freedom for people as possible,” said Commissioner Ellen L. Weintraub, a Democrat. Most bloggers, individual Web users, and such Web sites as Drudge Report and Salon.com are exempted from regulation and will be free to support and attack federal candidates, much as newspapers are allowed. For the most part, leading advocates of the blogger community welcomed the proposed rules. “As a whole, these are rules that I think those who have been fighting regulations are going to be cheering,” said Richard L. Hasen, a professor at Loyola Law School in Los Angeles, who runs the Election Law blog. The rules provide “broad exemptions for most political activity on the Internet, and expand the media exemption to the Internet,” he said. Hasen and others noted that as technology advances, the regulations will have to be modified. In particular, Hasen said, “as the Internet and TV converge, the FEC or Congress will eventually need to rethink these rules to see if they make sense.” “Generally, it’s in line with what I think bloggers ask for,” said Jerome Armstrong, the founder of the liberal blog MyDD, an adviser to the Howard Dean for president campaign in 2004 and currently an adviser to former Virginia governor Mark R. Warner’s political action committee. “They give bloggers the media exemption.” Armstrong voiced concern, however, over potential difficulties that could result from a requirement that campaign ads have disclaimers. “The size of a Web ad and the size of blog ad is so small that having to put a disclaimer on it is going to take up all the space,” he said. http://www.washingtonpost.com/wp-dyn/content/article/2006/03/24/AR2006032402012.html

-- and --

SINGAPORE WARNS POLITICAL BLOGGERS (CNET, 3 April 2006) -- Political debate on the Internet could fuel “dangerous discourse” in Singapore, the city-state’s government said on Monday, warning that Singaporeans who post political commentary on Web sites could face prosecution. Speaking in parliament, Senior Minister of State Balaji Sadasivan said anyone using the Internet to “persistently propagate, promote or circulate political issues” about Singapore during election periods was breaking the law. Singapore Prime Minister Lee Hsien Loong, whose People’s Action Party has dominated politics in the city-state since its independence in 1965, is widely expected to call early elections in the coming months. “In a free-for-all Internet environment, where there are no rules, political debate could easily degenerate into an unhealthy, unreliable and dangerous discourse, flush with rumors and distortions to mislead and confuse the public,” Sadasivan said. The tiny island-republic’s laws require political parties and individuals to register if they want to post political content on the Net. http://news.com.com/2100-1028_3-6057083.html

LAW PROFESSOR BANS LAPTOPS IN CLASS, OVER STUDENT PROTEST (USA Today, 21 March 2006) -- A group of University of Memphis law students are passing a petition against a professor who banned laptop computers from her classroom because she considers them a distraction in lectures. On March 6, Professor June Entman warned her first-year law students by e-mail to bring pens and paper to take notes in class. “My main concern was they were focusing on trying to transcribe every word that was I saying, rather than thinking and analyzing,” Entman said Monday. “The computers interfere with making eye contact. You’ve got this picket fence between you and the students.” The move didn’t sit well with the students, who have begun collecting signatures against the move and tried to file a complaint with the American Bar Association. The complaint, based on an ABA rule for technology at law schools, was dismissed. “Our major concern is the snowball effect,” said law school student Jennifer Bellott. “If you open the door for one professor, you open the door for every other professor to do the same thing.” “If we continue without laptops, I’m out of here. I’m gone; I won’t be able to keep up,” said student Cory Winsett, who said his hand-written notes are incomplete and less organized. http://www.usatoday.com/tech/news/2006-03-21-professor-laptop-ban_x.htm

PERSPECTIVE: HOW DO YOU REALLY FEEL ABOUT E-SNOOPING? (CNET, 22 March 2006) -- In this era when the federal government says it must take steps to combat and prevent terrorism, the knee-jerk assumption might be to believe that the American public supports governmental surveillance steps. Wrong! Actually, there also is measurable public concern about the monitoring activities of businesses and employers. The Ponemon Institute provided CNET News.com with the organization’s recent report, titled “Americans’ Perceptions About Surveillance”. The privacy think tank’s data indicates that Americans worry about how the government and others monitor their communications and activities.
• Approximately 90 percent of survey respondents reported that they are not in favor of or are unsure about governmental use of wiretaps.
• More than 85 percent said they are against or unsure about spyware being placed on their personal computers that monitors Internet browsing or shopping behavior.
• Over 72 percent are not in favor of or expressed mixed feelings about the use of electronic tags, such as RFID, that are embedded in products that could be used to track identities from short distances. http://news.com.com/How+do+you+really+feel+about+e-snooping/2010-1029_3-6052082.html?tag=fd_carsl Ponemon report at http://i.n.com.com/pdf/ne/2006/surveillance_study.pdf

HOUSE PANEL PREPS ID THEFT LAW (InternetNews.com, 24 March 2006) -- Republicans and Democrats have reached a compromise on legislation mandating data brokers disclose to consumers certain unencrypted breaches of their personal information. The accord comes almost five months after a subcommittee of the panel approved the Data Accountability and Trust Act (DATA Act) over the strenuous objections of Democrats who argued the legislation lacked any real teeth. In the original version of the bill, the public disclosure trigger was based on a company’s evaluation that a “significant risk” of identity theft existed with the breach. Democrats contended under that standard that breach disclosures would be few and far between. In the compromise version, that threshold is lowered to a “reasonable” risk of identity theft. The amended legislation narrows the definition of data brokers to only those companies that sell non-customer data to non-affiliated third parties. Companies in compliance with the Fair Credit Reporting Act, Gramm-Leach Bliley Act or the Health Insurance Portability and Accountability Act (HIPPA) would be deemed in compliance with the DATA Act. The bill also requires data brokers to establish “reasonable” procedures to verify the accuracy of the information they collect and calls for the brokers to “regularly” monitor security systems for breaches. It also provides for a Federal Trade Commission (FTC) or independent audit of a data broker’s security practice following a breach. The FTC could require annual audits for a period of five years after the breach. http://www.internetnews.com/bus-news/article.php/3594136

-- and --

SUFFERING IN SILENCE WITH DATA LEAKS (CNET, 29 March 2006) -- A hacker had snatched her home address and phone and credit card numbers--even the three-digit security code printed on the back of her credit card--and was offering them to anyone willing to pay the asking price: $5. Perry, a copyright attorney from Mill Valley, Calif., was among 10 people whose personal data was posted last month on a Web site that specializes in the trafficking of stolen information. Even worse, no one bothered to tell her that her credit card information had been compromised. It’s likely that no one was required to do so. Much to the chagrin of consumer advocates, the disclosure laws passed by 23 states during the past three years have had little impact when it comes to ensuring consumers are notified about data theft or loss. Most existing laws allow merchants plenty of wiggle room when deciding whether to tell customers about such breaches, legal and security analysts said. The majority of state laws, for example, allow a company to stay mum about a robbery, if disclosing it would interfere with a police investigation. That’s a huge loophole that could be used in almost every incidence of stolen data, said Dan Clements, CEO of CardCops.com, a company that tracks the sale of stolen credit cards on the Web. Every law enforcement agency that receives a crime report is going to consider the case “under investigation,” he said. “Only about 10 percent of the merchants do the right thing and notify customers when there is a compromise,” Clements said. “Most want to sweep the hack under the rug. Their motivation is clear; they don’t want to lose their customers’ trust.” http://news.com.com/2100-1029_3-6055160.html

HIPAA DOESN’T PROTECT ALL HEALTH INFORMATION, OHIO COURT RULES (GovernmentHealthIT, 28 March 2006) -- In what could be a landmark ruling, the Ohio Supreme Court has decided that the state’s open records law supersedes the federal Health Insurance Portability and Accountability Act’s privacy protections for medical records. The decision may be the first in the country concerning a conflict between a state’s open records law and HIPAA was at issue, attorney John Greiner said. He represented the Cincinnati Enquirer newspaper in its successful suit to compel the city to release information about landlords and homeowners cited for lead paint violations. Greiner said the ruling could affect areas beyond Ohio because many states have similar open records laws. Joy Pritts, a privacy expert in Washington, D.C., said the ruling highlights a potential area of vulnerability in HIPAA protections for individuals’ health records. In its unanimous March 17 decision, Ohio’s highest court found that the Cincinnati Health Department erred by citing privacy of personal health information, when it refused to release records about the houses whose were cited for lead paint contamination. The health department’s violation notice states that a child with elevated levels of lead in his or her blood lived in the house. The department argued that victims of lead paint poisoning could be identified once their addresses were made public. http://govhealthit.com/article92752-03-28-06-Web&RSS=yes

BITTORRENT SEARCH SITE HITS BACK (BBC, 28 March 2006) -- A search engine used to locate links to movie and music files has moved to dismiss legal attempts by the US film industry to sue over copyright. Lawyers for Torrentspy say the lawsuit is an attempt to make the BitTorrent system itself illegal. People use BitTorrent as a way of downloading content, often illegally sharing copyrighted material. Torrentspy says it does not host copyright files and obeys requests to remove links to such material. http://news.bbc.co.uk/2/hi/technology/4853674.stm

JUSTICE DEPARTMENT SUBPOENAS REACH FAR BEYOND GOOGLE (InformationWeek, 29 March 2006) -- In its effort to uphold the Child Online Protection Act, the U.S. Department of Justice is leaving no stone unturned. In addition to America Online, MSN, and Google, the government has demanded information from at least 34 Internet service providers, search companies, and security software firms, InformationWeek learned through a Freedom of Information Act request. http://informationweek.com/news/showArticle.jhtml?articleID=184401156

SLA 102: THE SERVICE SUMMARY (ComputerWorld, 29 March 2006) -- In my last column, I walked through the basic areas that a service provider’s service-level agreement should cover: the service summary, security and design reviews, hardware, software, service availability, service requests, and monitoring and reporting. In this article, I’ll focus on the service summary. In most SLAs, this section describes the service you will be receiving in general terms. Here are some of the areas you should keep in mind as you negotiate your contract with your service provider... http://www.computerworld.com/securitytopics/security/story/0,10801,109760,00.html?source=x10

RULING ADDS TO CONFUSION OVER LEGALITY OF KEYWORDS (CNET, 31 March 2006) -- Contradicting earlier decisions, a U.S. federal court ruled this week that the purchase by Canadian pharmacies of search engine keywords using the name of rival Merck’s “Zocor” cholesterol reduction drug does not constitute trademark infringement. Merck sued a handful of online pharmacies last year, alleging trademark infringement based on the use of the Zocor trademark on Web sites and in keywords designed to turn up sponsored links on search results pages. The lawsuit also alleged trademark dilution and false advertising. On Thursday, the U.S. District Court for the Southern District of New York refused to dismiss the claims of trademark dilution and false advertising but dismissed the trademark infringement claim related to the keyword purchases. The decision contradicts an earlier ruling in which a court held that Google’s sale to car insurance providers of “Geico” as a keyword to trigger their ads constituted “use in commerce,” and was thus trademark infringement. Geico settled that case with Google in September, but other cases against the search behemoth are pending. The New York court referenced the Geico decision in its Merck ruling but disagreed with the reasoning. http://news.com.com/2100-1030_3-6056754.html

DUTCH GOVERNMENT TO GIVE CITIZENS PERSONAL WEB SITES (CNET, 31 March 2006) -- Dutch citizens will get a personalized Internet page giving them access to their records at public institutions and reminding them when to renew important documents, the government said Friday. The aim is to let citizens and companies, which will also get pages, access their data at any time, and eventually reduce administrative costs. A trial Personal Internet Page (PIP) project will start later this year. Between 10 and 15 government organizations will participate, giving citizens online access to their tax information, grants, licenses and social security data. The PIP will also remind citizens when to renew their travel documents or driving license, and may show the status of a building permit. Forms can be filled in and submitted online, and will reuse standard personal data. http://news.com.com/2100-1038_3-6056406.html

INTERNET ARCHIVE’S VALUE, LEGALITY DEBATED IN COPYRIGHT SUIT (SiliconValley.com, 31 March 2006) -- An ongoing lawsuit between a company and a popular archive of Web pages raises questions about whether the archive unavoidably violates copyright laws while providing a valuable service, according to attorneys and an independent law expert. The San Francisco-based nonprofit Internet Archive was created in 1996 to preserve Web pages that will eventually be deleted or changed. More than 55 billion pages are stored there. A health care company claims the archive didn’t do enough to protect copyrighted information that helped a competing firm win a trademark suit. The archive ``is just like a big vacuum cleaner, sucking up information and making it available” to anyone with a Web browser, said Scott S. Christie, an attorney representing Healthcare Advocates Inc. ``That has some social value, but in doing so they are grabbing information that they’re not entitled to,” he said. ``More importantly, they are telling people that they will take it off the shelf if you do a certain thing a certain way -- but that didn’t happen in this case.” Carnegie Mellon University computer science professor Michael Shamos, an expert in Internet law, said archiving like that done by the Internet Archive is ``the biggest copyright infringement in the world,” but said it is done in a way ``that almost nobody cares about.” Shamos said Web site publishers typically don’t mind that their sites wind up on the Internet Archive, because the whole point of posting Web sites is to get as many people as possible to see them. The rub is that a Webmaster loses control over the site, because the Internet Archive keeps that information on the Web even after the page is dismantled, Shamos said. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/14234814.htm

STUDY: IT SPENDING TO INCREASE (ZDnet, 31 March 2006) -- The majority of business and information technology (IT) executives in the United States anticipate increases in IT expenditures over the next three years, according to results of an annual study released by Accenture. The study, which queried 300 general business managers and IT executives from US-based companies with average revenues of $8 billion, found that six out of ten executives (60 percent) expect their organizations to increase their IT expenditures over the next three years. Only 13 percent of respondents expect their organizations to reduce IT spending. The average increase in spending during the next year is expected to be 5.5 percent. Additionally, while more than two-thirds (69 percent) of executives said that IT spending at their organizations has increased in the past three years, nearly one-third (32 percent) indicate that spending is less than it should be. Of those respondents who expect IT spending to increase over the next three years, the greatest number (21 percent) selected “new business initiatives” as the most important factor driving the rise in expenditures. “Upgrading legacy systems” and “adopting new technologies” followed closely, selected by 19 percent and 18 percent of those respondents, respectively. http://news.zdnet.com/2100-9595_22-6056393.html

VERDICT ON VIRTUAL PROPERTY THIEF UPHELD (Sydney Morning Herald, $ April 2006) -- China has upheld a guilty verdict and fine against a man who stole and sold players’ games IDs and online equipment amid growing calls for more concrete virtual property laws, state media said on Monday. A court in Guangzhou, the provincial capital of China’s southern province of Guangdong, dismissed an appeal by Yan Yifan, 20, found guilty of selling stolen passwords and online equipment from 30 players of the online historical quest game, “Da Xihua Xiyou,” last year. Upholding Yan’s original 5000 RMB ($870) fine, the court said that online game players had spent time, energy and money gaining the game’s equipment and adding value to the virtual goods, Xinhua news agency reported. Yan stole players’ personal information while working at US-listed Chinese internet company NetEase.com Inc. and sold counterfeited identity cards and other online possessions to other players for over 4000 RMB ($700), Xinhua said without giving details. More and more virtual property disputes are being brought before China’s courts, prompting calls from intellectual property rights lawyers for more strongly defined virtual property laws, the China Daily reported. http://www.smh.com.au/news/breaking/verdict-on-virtual-property-thief-upheld/2006/04/04/1143916492279.html

HOW COMMON IS IDENTITY THEFT? (PC World, 3 April 2006) -- Wondering how likely you are to have your credit card number stolen? Well, according to a comprehensive survey conducted by the U.S. Department of Justice (DOJ), identity theft is affecting millions of households in the U.S each year and costing an estimated $6.4 billion per year. About 3 percent of all households in the U.S., totaling an estimated 3.6 million families, were hit by some sort of ID theft during the first six months of 2004, according to DOJ data released this week. The data comes from the Justice Department’s National Crime Victimization Survey, which interviews members of 42,000 households across the country every six months to better understand the nature, frequency, and consequences of crime. Households that participate in the survey are selected at random and then interviewed by DOJ statisticians twice a year for three years. http://www.pcworld.com/news/article/0,aid,125291,00.asp

FOUR IN TEN EXECS THINK THEY WILL BE CYBERVICTIM (SC Magazine, 6 April 2006) -- Nearly 40 percent of executives believe their company will be the victim of a successful cybercrime attack, according to a new survey. The Cost and Confidence Research study of 293 senior managers in mid-to large-size companies found that 38 percent thought their organizations would be breached by hackers, phishers and other cybercriminals this year. The survey, undertaken by research firm YouGov, found the same proportion also had admitted breaches last year. Worryingly, a third of senior managers, had no idea if their organization’s infrastructure had been hacked at all. Despite continually increasing security budgets (15-percent growth last year according to Infonetics Research), confidence levels in security provision have not increased amongst the majority of senior managers, (68 percent say it has not increased since last year). Nearly three-quarters (74 percent) of respondents agreed that security problems were now a “fact of business life.” And a third of managers admitted that their confidence in security could be improved if they understood security problems themselves. http://www.scmagazine.com/us/news/article/551977/?n=us

NO. 1, THANKS TO DOWNLOADS (Wired, 4 April 2006) -- “Crazy” by Gnarls Barkley sat atop the British singles chart Monday, the first track to reach No. 1 based solely on computer download sales. The song, by producer Danger Mouse and hip-hop artist Cee-Lo, went on sale in record stores Monday, but it had already sold 31,000 copies through the internet, making it the previous week’s best-selling track. Until recently, download sales could count toward a chart position only if the track also was available in stores. But the Official U.K. Charts Company, which oversees the British music charts, changed the rules to make online tunes eligible as long as hard copies go on sale in stores within a week. http://www.wired.com/news/culture/0,70581-0.html

NEW BREACH NOTIFICATION LAWS SPRINGING UP ALL OVER (Steptoe & Johnson’s E-Commerce Law Week, 1 April 2006) -- After a relatively quiet winter, data security legislation is once again brewing in state legislatures. And, with the advent of Spring, new laws are blooming across the country. Three more states have jumped on the “breach notification law” bandwagon. Since our last update, the governors of Utah (S.B. 69), Wisconsin (Act 138), and Indiana (H.B. 1101) signed data security bills with breach notification provisions. The Utah law is the broadest of the three, with its breach notification sections accompanied by provisions requiring businesses to “implement and maintain” reasonable security procedures. And both Utah and Indiana have requirements regarding the destruction of personal information, which is an important but often overlooked element of any good security policy. http://www.steptoe.com/index.cfm?fuseaction=ws.getItem&pubItemId=12163&siteId=547 [Editor: the Utah requirement to provide reasonable security measures comports with FTC enforcement activity. Most U.S. companies should have a formal, systematic security management process.]

WHISTLE-BLOWER OUTS NSA SPY ROOM (Wired, 7 April 2006) -- AT&T provided National Security Agency eavesdroppers with full access to its customers’ phone calls, and shunted its customers’ internet traffic to data-mining equipment installed in a secret room in its San Francisco switching center, according to a former AT&T worker cooperating in the Electronic Frontier Foundation’s lawsuit against the company. Mark Klein, a retired AT&T communications technician, submitted an affidavit in support of the EFF’s lawsuit this week. That class action lawsuit, filed in federal court in San Francisco last January, alleges that AT&T violated federal and state laws by surreptitiously allowing the government to monitor phone and internet communications of AT&T customers without warrants. On Wednesday, the EFF asked the court to issue an injunction prohibiting AT&T from continuing the alleged wiretapping, and filed a number of documents under seal, including three AT&T documents that purportedly explain how the wiretapping system works. http://www.wired.com/news/technology/0,70619-0.html?tw=rss.index

LAPTOP COMES PRELOADED WITH ABRIDGED WEB (New York Times, 10 April 2006) -- While Google, Yahoo and Microsoft are busy building legions of data centers to capture the contents of the Web, a fledgling company has decided that it will squeeze the essential Internet onto a single laptop. The company, Webaroo, plans to announce Monday that Acer, a leading maker of personal computers, will begin selling laptops furnished with 40GB of data, representing a snapshot of the Web. While the full Internet is a million gigabytes or larger, Webaroo’s founders argue that they have created a way to provide offline Web searchers with a useful subset of the Internet’s vast storehouse of data and knowledge. “People are addicted to search,” said Brad Husick, Webaroo’s president and one of its founders, and “there are lots of times when Internet access is inconvenient.” Underlying the Webaroo system is a software technology that is optimized for what the company refers to as “content density.” This means that Webaroo has captured and compressed information that will give searchers a reasonable sample of the information that might otherwise yield thousands or millions of answers in a Google or Yahoo search. http://news.com.com/Laptop+comes+preloaded+with+abridged+Web/2100-1032_3-6059315.html?tag=nefd.top

IRS ASKS PAYPAL FOR HELP FINDING TAXPAYERS HIDING INCOME OFFSHORE (SiliconValley.com, 11 April 2006) -- The Internal Revenue Service won approval from a federal court to ask PayPal to turn over information about people who might be evading taxes by hiding income in other countries, officials said Tuesday. A federal court in San Jose, Calif., gave the IRS permission to ask PayPal Inc. -- a company that enables online money transfers -- for account information for American taxpayers who have bank accounts, credit cards or debit cards issued by financial institutions in more than 30 countries reputed to be tax havens. PayPal spokeswoman Amanda Pires said the company just received the summons. ``We’re still evaluating our options,” she said. ``The privacy of our customers’ information is something we take really seriously.” PayPal enables individuals and businesses around the globe to send and receive money online. In 2005, users moved $27.5 billion through the money transmitter. The company, owned by eBay Inc., has 100 million account holders globally. The request for information is an outgrowth of an IRS effort, begun several years ago, to trace money that American taxpayers hold offshore to avoid paying taxes. The IRS said many of those taxpayers access their money through credit and debit cards. The tax collectors have already obtained information from some credit card companies, merchants and payment processors. ``PayPal is another one of the mechanisms by which money stashed overseas might be spent,” Eileen O’Connor, assistant attorney general for the Justice Department Tax Division, told reporters. In some cases, the IRS obtained credit card numbers but could not identify the cardholder. The IRS said PayPal might be able to lead the tax agency to those individuals. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/14318267.htm

SOON, CATCH ‘LOST’ ONLINE, A DAY LATER (New York Times, 11 April 2006) -- For the Walt Disney Company, plans to make television shows available free online are a way to bolster revenue by selling two sets of advertising — TV commercials and online ads — for a single show. For advertisers, the online offerings represent an opportunity to capture the attention of particularly Web-savvy consumers who do not have the luxury of fast-forwarding through the ads as they can on a digital video recorder. Yesterday, Disney announced details of the plan. Beginning in May, the company will begin a two-month trial that will make four popular shows from its ABC network — “Desperate Housewives,” “Lost,” “Commander in Chief” and “Alias” — available for free viewing online the day after they are broadcast. The plan was first reported in The Wall Street Journal. Unilever is among the advertisers that bought ads for the initial test run. Noreen Simmons, Unilever’s director of strategic media planning, said she expected that consumers who were watching shows in streaming video online would be more alert than if they were watching the same content on television. “It’s going to be a different viewing experience,” Ms. Simmons said. “Rather than people sitting back in their chairs watching TV, this is going to be a lean-forward experience.” A string of other companies — including Cingular, Ford, Toyota, Procter & Gamble and Universal Pictures — have also purchased ads, a spokeswoman for Disney said. Jon Winsell, the director of online media strategy for ID Society, an interactive marketing agency in New York, said people who were willing to log on to a computer to watch a missed episode might be loyal enough to tolerate the unskippable commercial breaks. http://www.nytimes.com/2006/04/11/business/media/11adco.html?ex=1302408000&en=8d0f18560d341e09&ei=5090&partner=rssuserland&emc=rss

IN HISTORIC VOTE ON WHOIS PURPOSE, REFORMERS WIN BY 2/3 MAJORITY (CircleID blog, 12 April 2006) -- It has taken almost three years—by some counts, more than 6 years—but ICANN’s domain name policy making organization has finally taken a stand on Whois and privacy. And the results were a decisive defeat for the copyright and trademark interests and the US government, and a stunning victory for advocates of the rights of individual domain name registrants. The GNSO Council has now adopted, by an impressive 2/3 majority (18-9), the following definition of Whois purpose: “The purpose of the gTLD Whois service is to provide information sufficient to contact a responsible party for a particular gTLD domain name who can resolve, or reliably pass on data to a party who can resolve, issues related to the configuration of the records associated with the domain name within a DNS nameserver.” This narrow, technical definition of Whois was supported by the registries, registrars, the three Nomination Committee appointees, and the noncommercial users (NCUC) while the Business, Intellectual Property, and ISP constituencies were in the minority during the vote. The US government expressed its displeasure at the result. Will it pull a .xxx? Let’s back up a bit and ask Why is ICANN discussing the “purpose” of Whois and why does it matter? ICANN’s current method of collecting and publishing the contact information of all domain name registrants blatantly violates national and international norms and laws regarding data protection. It allows ICANN to require registrars to collect potentially unlimited and sensitive contact information about their registrants and publish it on the web for anyone to use, for any purpose whatsoever. By attempting to define the purpose of Whois, ICANN was following standard data protection norms and recognizing that both the data it collects about registrants and the amount of data it makes publicly available must be guided and restricted by a defined purpose. And that purpose must be directly related to ICANN’s mission, which is defined in narrow and technical terms as a coordinator of Internet identifiers. Everyone knows that Whois has metastasized into something that it was never intended to be, yet the current system was allowed and encouraged to evolve into a free data mining resource because trademark and copyright lawyers wanted it to. http://www.circleid.com/posts/historic_vote_on_whois_reformers_win/

WEB’S ROLE IN TERRORISM EXAMINED (CNET, 11 April 2006) -- Investigations into the Madrid and London bombings highlight two worrying trends for European security services--the emergence of autonomous, homegrown radical cells and their skilled exploitation of the Internet. A Spanish judge investigating the train bombs that killed 191 people in Madrid in March 2004 reported on Tuesday that the attacks were carried out by a local group of Islamic militants who were inspired--but not directed--by al-Qaida, taking their cue from an Islamist Web site. On Sunday, Britain’s Observer newspaper quoted a draft government report on last July’s London attacks as saying the four young suicide bombers were not part of an international terrorist network, but had devised their own “simple and inexpensive” plot, again using information from the Net. http://news.com.com/2100-1028_3-6059920.html

US SENTENCING COMMISSION ACTS TO REVERSE CULTURE OF WAIVER (CorporateCounsel.net Blog, 11 April 2006) -- Last Wednesday, the US Sentencing Commission voted to remove the provision on waiver of the attorney-client privilege and work product protections that was added in 2004 to the Commentary to the Sentencing Guidelines for organizations (the provision to be removed is the last sentence in Application Note 12 of the Commentary to Section 8C2. 5). Although the provision in the Commentary to be removed is worded in the negative - waiver is not required unless “necessary in order to provide timely and thorough disclosure of all pertinent information known to the organization” - the exception had become the rule and many hope that the Commission’s action is a significant step in reversing what some have referred to as a “culture of waiver.” Many commenters had urged the Commission to remove the existing language and replace it with an express statement that waivers of the attorney-client privilege and work product protections are not to be considered in evaluating the level of cooperation or determining the appropriate sentence. It doesn’t look like the Commission went that far. The next step is that the Commission will submit the removal of the waiver provision and other amendments it approved to the Sentencing Guidelines, to Congress on May 1st. Unless Congress takes affirmative action to modify or disapprove an amendment in the submission to Congress, the change will become effective on November 1st. http://www.thecorporatecounsel.net/blog/archive/000970.html

OUTSOURCING CONTRACTS UP, BUT SAVINGS QUESTIONED (InformationWeek, 13 April 2006) -- More companies are outsourcing than ever before, but they may be saving a lot less from the process than anticipated, according to a newly released market survey. In its quarterly review of the IT and business process outsourcing market, advisory firm Technology Partners International found that the total value of all contracts worth more than $50 million signed in the first quarter of 2006 increased 173% year-over-year to $22.7 billion. And a record number of 83 new deals were signed in the quarter, TPI said. The research firm also found that the value of contracts in the pipeline, deals that are out for bid but have yet to be been signed, increased 39% year-over-year to $22.6 billion. TPI released its findings on Wednesday. But while more firms are turning critical IT and business functions like help desk support and customer service over to third parties, who in turn often send the work to subsidiaries in low-cost countries like India or China, they are saving less from the process than is widely believed. In India, programmers and service workers are paid anywhere from 80% to 40% less than their U.S. counterparts. However, the overhead associated with outsourcing appears to be eating up the bulk of those savings. Factoring in transition, legal, advisory and management costs, outsourcing typically lets a company reduce the expense of a particular function by 15%, TPI says. TPI also found that fewer vendors are getting a bigger share of the outsourcing market, raising the possibility that the highly fragmented services industry is beginning to consolidate. In first quarter of 2006, the six largest vendors—Accenture, ACS, CSC, EDS, Hewlett Packard, and IBM—received 52% of worldwide outsourcing revenue, up from 47% in the previous year, according to TPI. http://www.informationweek.com/story/showArticle.jhtml?articleID=185301064&cid=RSSfeed_IWK_News

LIBRARIANS WIN AS U.S. RELENTS ON SECRECY LAW (New York Times, 13 April 2006) -- After fighting ferociously for months, federal prosecutors relented yesterday and agreed to allow a Connecticut library group to identify itself as the recipient of a secret F.B.I. demand for records in a counterterrorism investigation. The decision ended a dispute over whether the broad provisions for secrecy in the USA Patriot Act, the antiterror law, trumped the free speech rights of library officials. The librarians had gone to federal court to gain permission to identify themselves as the recipients of the secret subpoena, known as a national security letter, ordering them to turn over patron records and e-mail messages. It was unclear what impact the government’s decision would have on the approximately 30,000 other such letters that are issued each year. Changes in the Patriot Act now allow the government discretion over whether to enforce or relax what had been a blanket secrecy requirement concerning the letters. Lawyers for the group, the Library Connection of Windsor, Conn., argued that their client was eager to participate freely in the debate last year over the reauthorization of the Patriot Act. But federal prosecutors asserted that the Patriot Act required that the group’s identity remain secret and that the government would suffer irreparable harm if any information about its investigations became known. http://www.nytimes.com/2006/04/13/nyregion/13library.html?ex=1302580800&en=f1f297d6e3fb15df&ei=5090&partner=rssuserland&emc=rss

ALL BETS ARE OFF, ONLINE ANYWAY (Wired, 14 April 2006) -- The United States is taking aim at internet casino ads as tensions build in a high-profile trade fight over the country’s largely toothless online gambling ban. Although many website operators insist internet gambling ads are legal, a recent crack down by U.S. authorities has led some website operators to disgorge online casino advertising revenues and spurred others to rethink their advertising policies, jeopardizing millions of dollars in revenues. Shawn Riley, whose Amateur Poker League draws 2.5 million visitors a month, figures his Wichita, Kansas, business has passed up seven figures in revenue by refusing to run ads or affiliate links for gambling sites. “I would really like the money but I have to avoid the headaches,” he said. “I feel like I’m doing 55 down the highway and everybody else is doing 80.” Because gambling operations are based in foreign countries such as Antigua and Costa Rica, and individual gamblers have extremely low odds of being prosecuted, websites and media organizations that sell gambling ads are being caught in the middle. One of the biggest losers is Sporting News, the media company owned by Microsoft co-founder Paul Allen. In January, the company surrendered $4.2 million in revenue to avoid prosecution for advertising gambling sites between 2000 and 2003 in its magazine, as well as on its website and syndicated radio network. Tune in Sporting News Radio today and you’ll hear the other half of the settlement -- a $3 million, three-year barrage of anti-gambling public service ads. http://www.wired.com/news/politics/0,70660-0.html?tw=rss.index

SOURCES:
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu.
2. Edupage, http://www.educause.edu/pub/edupage/edupage.html.
3. SANS Newsbites, sans@sans.org.
4. NewsScan and Innovation, http://www.newsscan.com.
5. Internet Law & Policy Forum, http://www.ilpf.org.
6. BNA’s Internet Law News, http://ecommercecenter.bna.com.
7. Crypto-Gram, http://www.schneier.com/crypto-gram.html.
8. McGuire Wood’s Technology & Business Articles of Note, http://www.ggtech.com
9. Steptoe & Johnson’s E-Commerce Law Week, www.steptoe.com
10. Readers’ submissions, and the editor’s discoveries.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.