Friday, August 18, 2006

MIRLN -- Misc. IT Related Legal News [29 July – 18 August 2006; v9.11]

**************Introductory Note**********************

MIRLN (Misc. IT Related Legal News) is a free product of Dickinson Wright PLLC ( and the American Bar Association’s Cyberspace Law Committee. Please feel free to distribute this message. Dickinson Wright’s IT & Security Law practice group is described here:

Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN editions are archived at and blogged at

**************End of Introductory Note***************

DEFECTIVE COMPUTER CHIPS INCORPORATED INTO DISK DRIVES DO NOT CAUSE “PROPERTY DAMAGE” (Smith, Smith & Feeley, LLP, July 2006) -- The United States District Court for the Northern District of California has held that defective computer chips that were incorporated into computer disk drives did not cause “property damage” within the meaning of a commercial general liability policy. (Atmel Corporation v. St. Paul Fire & Marine Insurance Co. (N.D. Cal. 2006) 430 F.Supp.2d 989) [Case discussion follows at]

VISA LOOKS TO BOLSTER SECURITY WITH PCI CLASSIFICATION CHANGES (Computerworld, 26 July 2006) -- Visa U.S.A. Inc. has changed the way it classifies merchants under its Payment Card Industry (PCI) data security standards program, which will require about 1,000 merchants to meet more rigorous compliance-validation standards. Those affected are Visa “Level 4” merchants, meaning those that process fewer than 6 million credit card transactions a year. They will now be included in the “Level 2” category as part of a bid by Visa to tighten security requirements for a broader set of merchants. [Visa] stressed that it had not changed the validation requirements themselves, but was only moving some merchants into a new validation level. Level 2 merchants are required to submit to quarterly network-vulnerability scans and must also fill out a 75-item self-assessment questionnaire. Merchants moved into this category have until Sept. 30, 2007, to demonstrate compliance with the stiffer requirements. Merchants who claim they are PCI-compliant can be hit with hefty fines if they suffer a subsequent security breach resulting from the lack of proper controls. Similar PCI measures are recommended for Level 4 merchants, but they are not required. As a result, merchants in that category have rarely paid attention to the stronger standards, said David Taylor, vice president of data security strategies at Protegrity Corp., a Stamford, Conn.-based company that offers PCI compliance services.

SIDES LINE UP IN GOOGLE-PERFECT 10 FIGHT (TechNewsWorld, 26 July 2006) -- Allies have begun taking sides in a court case that has far-reaching implications for the Internet. At stake is a practice at the heart of the Net: linking information between Web sites. The case pits search Goliath Google against adult entertainment publisher Perfect 10, and is currently before a federal appeals court in San Francisco where supporters of both sides have begun showing their colors through “friends of the court” briefs. The latest groups to trumpet Google’s side in the case are the Electronic Frontier Foundation Latest News about Electronic Frontier Foundation (EFF) and the Library Copyright Alliance, a group of library associations. In their document filed with the Ninth Circuit Court of Appeals, the groups argue that Perfect 10 seeks to broaden the copyright law in a way that will be harmful to the Internet. “[Perfect 10’s] theory is that merely linking to a Web site that has infringing content on it -- even if you don’t know it has infringing content on it -- is an act that should make you liable to the copyright owner of whatever is on that site,” according to EFF staff attorney Jason Schultz.

TIME RUNNING OUT FOR SARBANES-OXLEY COMPLIANCE (, 26 July 2006) -- Like it or not, the clock is ticking for non-US companies that need to be compliant to one of the most talked-about elements of the Sarbanes-Oxley (SOX) Act established in 2002. With the passing of the critical 15 July milestone for foreign companies listed in the US to be compliant to Section 404 under SOX, they now have anything from a few weeks to nearly a year to meet the regulations or face the consequences. Under Section 404, publicly traded companies must have internal policies and controls in place to protect, document and process information for financial reporting. The law requires affected businesses to comply by the end of their respective financial year after 15 July, 2006. The date is an extension of the original deadline of 15 July, 2005, set by the US Securities and Exchange Commission (SEC). Public US companies were required to be compliant in November 2004.,3800010364,39160788,00.htm

SENATOR BLASTS HOMELAND SECURITY’S NET EFFORTS (CNET, 28 July 2006) -- A Republican senator on Friday blasted the U.S. Department of Homeland Security’s readiness for a massive cyberattack, saying he hasn’t seen any improvements since bringing in department officials for questioning last summer. “Despite spending millions of dollars over the past year, DHS continues to struggle with how to effectively form and maintain effective public-private partnerships in support of cybersecurity,” Sen. Tom Coburn of Oklahoma said at a hearing convened by a Senate Homeland Security subcommittee, of which he is chairman. Coburn, the only politician present at the 90-minute hearing, grilled top computer security officials from Homeland Security, the National Security Agency, the Office of Management and Budget, and the Government Accountability Office (GAO). He also asked private-sector companies for suggestions for government action. The Oklahoma senator joined industry groups and congressional colleagues in chiding the agency for failing to appoint a high-level cybersecurity chief one year after the post’s creation. He said having a strong leader in charge is critically important to defend against a crippling cyberattack that could take out not only e-commerce and communications capacities, but also “electrical transformers, chemical systems and pipelines” controlled by computers.

PEN REGISTER ORDER DEEMED INSUFFICIENT TO OBTAIN DIALED DIGIT EXTRACTION OR CELL PHONE LOCATION (Steptoe & Johnson’s E-commerce Law Week, 29 July 2006) -- On July 19, a U.S. Magistrate Judge in the Southern District of Texas ruled that law enforcement must show probable cause and obtain a Title III wiretap order before obtaining access to “post-cut-through dialed digits” -- i.e., the digits that a caller might dial after his initial call is connected -- on the basis that such digits often represent call content that cannot be obtained under a pen register order. In doing so, the Magistrate resolved for the first time an issue that had been left open by both the D.C. Circuit and the Federal Communications Commission when the latter decided that the Communications Assistance for Law Enforcement Act (CALEA) required carriers to have such “dialed digit extraction” capability. The Judge also joined a majority of courts that have rejected the Justice Department’s attempt to use pen register orders to obtain cell phone location information.

HP BALKS AT PATENT PROVISION IN GPL UPDATE (CNET, 2 August 2006) -- A proposed patent provision in a revamped General Public License isn’t sitting well at Hewlett-Packard, raising concerns that two competing versions of the license could survive. The GPL governs thousands of open-source projects, and version 3 represent’s the Free Software Foundation first explicit attempt to grapple with the thorny issue of software patents. But HP prefers version 2 to the GPLv3 draft released on July 27, arguing that it imposes disproportionate patent consequences for a company that distributes even a single copy of GPLv3 software carrying technology the company has patented. The Free Software Foundation, which is in charge of the license overhaul, is optimistic that middle ground will be found. The stakes are high. HP’s wariness, and Linux leader Linus Torvalds’ objections to the update (see, raise the possibility that version 2 may remain in circulation. And that would increase, rather than reduce, the profusion of open-source licenses, complicating programming and legal issues. “The greatest potential for GPLv3 is that it becomes more attractive than GPLv2, and we have a smaller number of licenses. That is the dream of GPLv3,” said Scott Peterson, an intellectual property attorney at HP involved with the foundation’s GPL version 3 revision. “It would be unfortunate if in fact we have the reverse--we have GPLv2 plus GPLv3.” The GPL remains the single most widely used license, and its success has been remarkable. The GPL governs thousands of open-source projects, among them the Linux kernel, the Samba file server software and the MySQL database. Since the current GPL version 2 was released in 1991, the license has grown from a philosophical, technological, economic and social curiosity to a powerful force in the multibillion-dollar software industry. The fact that HP and other companies want to have a voice in its future is a testament to its influence. Software governed by the GPL gives programmers and users several built-in freedoms. They may modify, copy and redistribute the software--both the binary files computers actually run and the underlying source code programmers handle. GPLv3 keeps this core intact and adds provisions involving newer computing issues, such as digital rights management and patents. Essentially, HP believes that language in the new draft could permanently defang a company’s ability to sue for patent infringement in a particular situation. Imagine Company A holds a certain patent. If technology covered by that patent is included in GPL-governed software distributed by Company A, then Company A no longer has the right to sue anyone over infringement of that patent. That applies even if Company A itself didn’t write or add that technology, or if another entity--Company B--inserted it into the software. “Suppose somebody added into the Linux kernel some feature that might go into a Linux distribution, (a feature) we had intended to retain as a differentiator and that we were not expecting was going to become open source,” Peterson said. “Our mere redistribution of that would mean we could no longer enforce that patent.” In contrast, with GPLv2 software, a company that stops distributing the affected software is then free to sue for patent infringement, Peterson said. Hewlett-Packard said it would be content with the patent portion of General Public License version 3 if a few changes, in capital letters below, were added to Section 11: “You receive the Program with a covenant from each author and THE conveyor FROM WHOM YOU RECEIVED the Program, and of any material, conveyed under this License, on which the Program is based, that the covenanting party will not assert (or cause others to assert) any of the party’s essential patent claims in the material that the party conveyed, against you, arising from your exercise of rights under this License. If you convey a covered work, you similarly covenant to all recipients TO WHOM YOU CONVEY THE WORK, including recipients FROM YOU of works based on the covered work, not to assert any of your essential patent claims in the covered work.”

AGENCIES ISSUE PROPOSED RULE ON IDENTITY THEFT ‘RED FLAGS’ (Wall Street Technology, 1 August 2006) -- The federal banking agencies have proposed a rule that would require each financial institution and creditor to develop and implement an identity theft prevention program that includes policies and procedures for detecting, preventing and mitigating identity theft in connection with account opening and existing accounts. The proposed regulations include guidelines listing patterns, practices and specific forms of activity that should raise a “red flag” signaling a possible risk of identity theft. Under proposed regulations, an identity theft prevention program established by a financial institution or creditor would have to include policies and procedures for detecting any “red flag” relevant to its own operations and implementing a mitigation strategy appropriate for the level of risk, according to a release from the agencies. The proposed rule would implement sections 114 and 315 of the Fair and Accurate Credit Transactions Act of 2003 (FACT Act). Regulators also would require credit and debit card issuers to develop policies and procedures to assess the validity of a request for a change of address followed closely by a request for additional or replacement card. The proposal lists 31 red flags in connection with an account application or an existing account, including:
• A notice of address discrepancy is provided by consumer reporting agency.
• The photograph [or] physical description on the identification is not consistent with the appearance of the applicant or customer presenting the identification.
• An account that has been inactive for a reasonably lengthy period of time is used.
• The financial institution or creditor is notified that the customer is not receiving account statements.
• An employee has accessed or downloaded an unusually large number of customer account records.
Banking advocates find fault with the documentation involved in the proposed rules. “Our concern is primarily the compliance burden,” says Nessa Feddis, senior federal council at the American Bankers Association (Washington). The proposal listed numerous potential red flags, some of which aren’t appropriate or effective for some institutions, Feddis says. Comments are due on the proposed rule by September 18.

BANKS BAN CELL PHONE USE (Chicago Tribune, 3 August 2006) -- If you’re ever in a First National Bank branch, try babbling on your cell phone. It’ll likely be a short conversation. The Chicago Heights-based institution, which has five area locations, prohibits the use of the gadget that some have come to regard as an expression of Western civilization’s full flowering. “We ban cell phone use in the lobby,” Senior Vice President Ralph Oster said, “because you don’t know what people are doing” on the device. Theoretically, a criminal could be on a phone at a teller window, robbing the bank or passing a bad check. Meanwhile, an accomplice outside has an eye peeled for police to foil an arrest attempt. “You’re trying to stop that communication,” Oster said. In cracking down on the use of cell phones to enhance security, First National increasingly has kindred spirits in the industry. Mexico City banks began banning cell phones in May to curb robberies. North of the border at about the same time, Munster, Ind.-based Citizens Financial Bank, with 22 Indiana and Illinois branches, also began asking customers to silence phones for security. Last year, Citizens Bank of Northern California prohibited cell phones after a bank executive shopping for a camera phone came away impressed, but uneasy, with the technology.,1,5072478.story?coll=chi-technology-hed&ctrack=1&cset=true

EMPLOYEE FIRED FOR CLAIMING COPYRIGHT IN WEBSITE CAN GET UNEMPLOYMENT BENEFITS (, 3 August 2006) -- Christina Binney was one of the founders of Banner Therapy Products, and worked as the company’s treasurer. She was also responsible for Banner’s computers, and designed its catalog and website. In April 2003, she was fired for taking her computer’s hard drive home over the weekend, and because she had named herself in copyright notices appearing in the company’s catalogs and on its website. She sought unemployment benefits, and the North Carolina Employment Security Commission (“ESC”), denied her claim. The ESC determined that the denial of benefits was proper because Binney had been terminated for employment-related misconduct. The appellate court held that given Binney’s position and responsibilities in the company, and the reasonableness of her conclusions as to ownership of copyright, her actions did not rise to the level of misconduct that warranted a denial of benefits.

OU COUNTERS CLASS-ACTION LAWSUIT CONNECTED TO DATA BREACH (The Athens News, 3 August 2006) -- for Ohio University have mounted a full-court defense against a well-publicized class-action lawsuit, filed by two alumni whose personal data were among those accessed when hackers broke into OU’s computer system. In a motion filed in the Ohio Court of Claims Friday, Ohio Assistant Attorney General Randall W. Knutti asked Judge Clark B. Weaver, Sr., to either dismiss the suit filed in June by alums Donald J. Kulpa and Kenneth D. Neben, or grant OU summary judgment. Knutti argued that the estimated 173,000 people affected by the computer security breaches at OU, having in common only the fact that their Social Security numbers were all on OU computers, “could never constitute a class” for purposes of a legal action. He also contended that Kulpa and Neben cannot point to any concrete damages they’ve suffered, but have only expressed “a generalized fear of future harm,” based on the possibility that data thieves may have obtained, and may misuse, their Social Security numbers. “Just as patients who fear cancer - but have not suffered from it - lack standing to sue unless they have some injury and are ‘reasonably certain’ to contract cancer, alumni who fear identity theft - but have not suffered from it - lack standing to sue unless they have some injury and are ‘reasonably certain’ to become victims of identity theft,” Knutti contended. “Mr. Kulpa and Mr. Neben are worried that their Social Security numbers might be stolen, and they want to do something about it. That is commendable,” Knutti summed up. “But they cannot win this case, and in any event, a 173,000-person class action in which no one other than the attorneys gains any real benefit is not the right thing to do.” To bolster its case, OU has filed some 150 pages of supporting documentation. These include affidavits from OU employee who say there’s no evidence that hackers actually stole any personal data from university computers; a long list of hacking incidents that have taken place at other institutions; extensive information about the steps OU is taking to limit the negative impact of the hackings; and legal citations to support the claim that Kulpa and Neben don’t have a viable case against the university. [Editor: These asserted legal defenses have succeeded in other, recent suits. Still, plaintiffs are increasingly creative—e.g., in asserting breach of implied contract—and the courts will, sooner or later, accommodate creative claims against sloppy data-managers.]

SENATE RATIFIES CONTROVERSIAL CYBERCRIME TREATY (CNET, 4 August 2006) -- The first and only international treaty designed exclusively to combat computer crime won approval late Thursday from the U.S. Senate. The Council of Europe Convention on Cybercrime “will enhance our ability to cooperate with foreign governments in fighting terrorism, computer hacking, money laundering and child pornography, among other crimes,” Sen. Richard Lugar, the Indiana Republican who is chairman of the Senate Foreign Relations Committee, said in a statement. The treaty is intended to harmonize computer crime laws, especially those in smaller or less developed nations that may not have updated their legal framework to reflect the complexities of the Internet. It requires participating countries to target a broad swath of activities, including unauthorized intrusions into networks, fraud, the release of worms and viruses, child pornography and copyright infringement. [O]ne portion, which provoked the most controversy, deals with international cooperation. It says Internet providers must cooperate with electronic searches and seizures without reimbursement; the FBI must conduct electronic surveillance “in real time” on behalf of another government; that U.S. businesses can be slapped with “expedited preservation” orders preventing them from routinely deleting logs or other data. What’s controversial about those requirements is that they don’t require “dual criminality”--in other words, Russian security services investigating democracy activists could ask for the FBI’s help in uncovering the contents of their Yahoo Mail or Hotmail accounts, or even conducting live wiretaps. EPIC’s take on the treaty is at and; ArsTechnica weighs in at

MUSIC INDUSTRY SUES P2P FIRM LIMEWIRE (CNET, 4 August 2006) -- After months of issuing warnings, the music industry finally made good on its threat to file suit against peer-to-peer software company LimeWire. A group of music companies, including Sony BMG, Virgin Records and Warner Bros. Records, have accused LimeWire and the company’s officers of copyright infringement, according to a federal lawsuit filed Friday in U.S. District Court in New York. LimeWire produces software that’s often used to create copies of music recordings and then distribute them over the Web. LimeWire is “devoted essentially to the Internet piracy of plaintiffs’ sound recordings,” the record companies charge in their suit. “The scope of infringement caused by defendants is staggering.” The recording industry continues to pressure file-sharing companies that refuse to do one of two things: either adopt a business model that compensates record companies, or shut down. Complaint at

MICHIGAN TRAINS FEDERAL, STATE AND LOCAL LAW ENFORCEMENT IN IDENTITY THEFT (Press Release, Government Technology, 4 August 2006) -- A new identity theft investigation training course has helped to better prepare 476 Michigan law enforcement officers to investigate identity theft, credit fraud and counterfeiting complaints. The free training course was offered from July 10 through Aug. 3 by the Identity Theft Teams of the Michigan State Police (MSP), in conjunction with the Michigan Association of Chiefs of Police (MACP) and the Michigan Sheriff’s Association (MSA). Officers from 141 police and sheriff’s departments, as well as members of the U.S. Office of the Inspector General, U.S. Secret Service and Michigan Department of State attended training sessions that were held in Kalamazoo, Lansing, Marquette, Roscommon, Saginaw and Troy. During the four-hour course, officers were trained in the latest investigative techniques, including the areas of victim assistance, identity theft rings, prosecution of offenders and criminal law. “One of the most positive aspects of this training was the opportunity for officers to network with one another and share investigative strategies,” stated Col. Peter C. Munoz, director of the MSP. “We are pleased to have been able to partner with the Michigan Association of Chiefs of Police and the Michigan Sheriff’s Association to offer this type of training; it is our hope the result will be an improved level of service to Michigan citizens.” Officers also learned about the investigative tools available to help them combat identity theft, such as the MSP Identity Theft Team Web site, which contains valuable information and resources to assist investigators.

JUDGE RULES STATISTICS NOT INTELLECTUAL PROPERTY OF MLB (, 8 August 2006) -- Fantasy baseball leagues are allowed to use player names and statistics without licensing agreements because they are not the intellectual property of Major League Baseball, a federal judge ruled Tuesday. Baseball and its players have no right to prevent the use of names and playing records, U.S. District Court Judge Mary Ann Medler in St. Louis ruled in a 49-page summary judgment. St. Louis-based CBC Distribution and Marketing Inc. filed a lawsuit against Major League Baseball Advanced Media, MLB’s Internet wing, after CBC was denied a new licensing agreement with the baseball players’ association giving it the rights to player profiles and statistics. Major League Baseball claimed that intellectual property laws and so-called “right of publicity” make it illegal for fantasy leagues to make money off the identities and stats of professional players. But even if the players could claim the right of publicity against commercial ventures by others, Medler wrote, the First Amendment takes precedent because CBC, which runs CDM Fantasy Sports, is disseminating the same statistical information found in newspapers every day. “The names and playing records of major league baseball players as used in CBC’s fantasy games are not copyrightable,” Medler wrote. “Therefore, federal copyright law does not pre-empt the players’ claimed right of publicity.” The ruling brings some relief to more than 300 businesses that run online fantasy leagues and have awaited the outcome of the lawsuit. In fantasy sports leagues, fans draft major leaguers and teams win or lose based on the statistical success of the actual players in major league games.

COURT RULES AGAINST MAN IN PORN-AT-WORK CASE (Reuters, 9 August 2006) -- A Montana man who used his work computer to access child pornography does not have a reasonable expectation of privacy that would bar a search of the machine, a U.S. federal appeals court ruled on Tuesday. Jeffrey Ziegler had argued that his Fourth Amendment rights against unreasonable searches and seizures should prevent the government from using evidence that he had viewed many images of child pornography at work. The U.S. 9th Circuit Court of Appeals based in San Francisco cited similar past cases and found that even if some people lament the lack of privacy at work, the law was against Ziegler. “Social norms suggest that employees are not entitled to privacy in the use of workplace computers, which belong to their employers and pose significant dangers in terms of diminished productivity and even employer liability,” Diarmuid O’Scannlain wrote for a three-judge panel. “Employer monitoring is largely an assumed practice, and thus we think a disseminated computer-use policy is entirely sufficient to defeat any expectation that an employee might nonetheless harbor.”

A FACE IS EXPOSED FOR AOL SEARCHER NO. 4417749 (New York Times, 9 August 2006) -- Buried in a list of 20 million Web search queries collected by AOL and recently released on the Internet is user No. 4417749. The number was assigned by the company to protect the searcher’s anonymity, but it was not much of a shield. No. 4417749 conducted hundreds of searches over a three-month period on topics ranging from “numb fingers” to “60 single men” to “dog that urinates on everything.” And search by search, click by click, the identity of AOL user No. 4417749 became easier to discern. There are queries for “landscapers in Lilburn, Ga,” several people with the last name Arnold and “homes sold in shadow lake subdivision gwinnett county georgia.” It did not take much investigating to follow that data trail to Thelma Arnold, a 62-year-old widow who lives in Lilburn, Ga., frequently researches her friends’ medical ailments and loves her three dogs. “Those are my searches,” she said, after a reporter read part of the list to her. AOL removed the search data from its site over the weekend and apologized for its release, saying it was an unauthorized move by a team that had hoped it would benefit academic researchers. But the detailed records of searches conducted by Ms. Arnold and 657,000 other Americans, copies of which continue to circulate online, underscore how much people unintentionally reveal about themselves when they use search engines — and how risky it can be for companies like AOL, Google and Yahoo to compile such data.

-- and --

INTERNET PRIVACY GROUP FILES COMPLAINT AGAINST AOL (Washington Post, 15 August 2006) -- The Electronic Frontier Foundation filed a complaint yesterday asking the Federal Trade Commission to investigate AOL and require strengthening of its privacy protections after the Dulles-based firm recently released 20 million search records of 658,000 AOL users. In its complaint, the San Francisco-based advocacy group contended that the data release violated AOL’s privacy policy and the Federal Trade Commission Act’s bar on deceptive or unfair trade practices.

UC JOINS GOOGLE BOOK PROJECT (, 10 August 2006) -- The University of California has joined Google Inc.’s bid to scan the book collections of the world’s great libraries, the organizations said Tuesday, marking renewed momentum for a project nearly derailed by stiff resistance from publishers. The top Web search company said it will fund the scanning of “several million” of the 34 million titles in the University of California’s libraries, as part of a year-and-a-half old project to make major library collections searchable online. The University of California (UC) holds 100 libraries on 10 campuses across the state and ranks as the largest research and academic library in the world. California joins Harvard, Oxford, Stanford, the University of Michigan and the New York Public Library in the Google Book Search project. But authors’ and publishers’ groups sued Google last year to block scanning of copyrighted library books, arguing that, akin to Napster’s effect on the music industry, the digitizing of books might tempt consumers to stop buying printed works. Google has countered that it is creating the electronic equivalent of a library card catalog for copyrighted works and that library project only plans to publish the full texts of out-of-copyright books in the public domain. For works under copyright protection, Google Book Search publishes only short snippets, a few sentences on either side of mentions of words a user has searched for. What online readers see is similar to’s “Search Inside the Book” feature. In response to the legal threats, several of Google’s library backers said last year they would proceed with the scanning of public domain works, but deferred plans to digitize copyrighted books in order to steer clear of the controversy. Michigan was alone in saying it planned to proceed with the scanning of both in-copyright and out-of-copyright materials. Colvin said the University of California Libraries shared Michigan’s view that Google’s project enjoys “fair use” protection and had agreed to scan copyrighted works. [Quite good Washington Post history of the Google Book project, and current legal disputes, at

CT RULES EBAY CAR PURCHASER MUST SUE IN DEALER’S FORUM (BNA’s Internet Law News, 10 August 2006) -- BNA’s Electronic Commerce & Law Report reports that a federal court in California has ruled that a Wisconsin automotive group’s sale over eBay of a single car to a California resident is not enough to support personal jurisdiction in California. The court ruled that specific jurisdiction over the dealership or its agent did not exist because offering a car for auction over eBay does not amount to “purposefully directing” the activity to any particular state. Case name is Boschetto v. Hansing.

DRUGS: SPORTS’ PRISONER’S DILEMMA (Bruce Schneier, Wired, 10 August 2006) -- The big news in professional bicycle racing is that Floyd Landis may be stripped of his Tour de France title because he tested positive for a banned performance-enhancing drug. Sidestepping the issues of whether professional athletes should be allowed to take performance-enhancing drugs, how dangerous those drugs are, and what constitutes a performance-enhancing drug in the first place, I’d like to talk about the security and economic issues surrounding the issue of doping in professional sports. Drug testing is a security issue. Various sports federations around the world do their best to detect illegal doping, and players do their best to evade the tests. It’s a classic security arms race: Improvements in detection technologies lead to improvements in drug-detection evasion, which in turn spur the development of better detection capabilities. Right now, it seems that the drugs are winning; in places, these drug tests are described as “intelligence tests”: If you can’t get around them, you don’t deserve to play. But unlike many security arms races, the detectors have the ability to look into the past. Last year, a laboratory tested Lance Armstrong’s urine and found traces of the banned substance EPO. What’s interesting is that the urine sample tested wasn’t from 2005; it was from 1999. Back then, there weren’t any good tests for EPO in urine. Today there are, and the lab took a frozen urine sample (who knew that labs save urine samples from athletes?) and tested it. He was later cleared -- the lab procedures were sloppy -- but I don’t think the real ramifications of the episode were ever well understood. Testing can go back in time. [There’s more, and it’s interesting.],71566-0.html

GARTNER: TOP 5 STEPS TO DRAMATICALLY LIMIT DATA LOSS AND INFORMATION LEAKS (Tekrati, 10 August 2006) -- Public exposure of private data is becoming a regular occurrence, but the majority of these incidents can be prevented if companies implement the proper security best practices, according to Gartner. Gartner analysts have identified the top 5 steps to prevent data loss and information leaks. The first is deploying content monitoring and filtering. “From lost laptops to misplaced backup tapes to accidental e-mails filled with sensitive information, we seem to be in the midst of a data loss epidemic, with tens of millions of individuals receiving data loss notification letters this year,” said Rich Mogull, research vice president for Gartner. “Data loss and information leaks are not random acts of nature too costly to prevent,” said Mogull. “By following these five steps, enterprises can dramatically reduce the risk of their valuable structured or unstructured information ending up in the wrong hands and forcing an embarrassing public disclosure.” The top 5 steps to prevent data loss and information leaks are the following: [Editor – this is useful; the steps are outlined at]

JUDGES CONSOLIDATE SUITS OVER BUSH TELECOM SPY PROGRAM IN SAN FRANCISCO (, 10 August 2006) -- A federal panel of judges has consolidated 17 lawsuits throughout the United States filed against telephone companies accused of assisting the Bush administration monitor Americans’ communications without warrants. The Judicial Panel on Multidistrict Litigation transferred the cases to U.S. District Judge Vaughn Walker, who last month declined to dismiss one of the lawsuits brought against the federal government and AT&T Inc., according to an order released Thursday. The consolidated lawsuits also target Verizon Communications Inc., Bellsouth Corp. and their affiliates. The panel ruled 26 other lawsuits with similar allegations also may be moved to Walker, who took the bench in 1990 after being nominated by the first President Bush. Last month, Walker rejected government assertions that the AT&T case had to be dropped because it could expose state secrets and jeopardize the war on terror. Walker ruled July 20 the warrantless eavesdropping has been so widely reported there’s no danger of exposing secrets. No hearing has been set, and the Justice Department has asked Walker to halt the case pending appeal.

-- and --

JUDGE FINDS WIRETAP ACTIONS VIOLATE THE LAW (New York Times, 18 August 2006) -- A federal judge ruled yesterday that the National Security Agency’s program to wiretap the international communications of some Americans without a court warrant violated the Constitution, and she ordered it shut down. The ruling was the first judicial assessment of the Bush administration’s arguments in defense of the surveillance program, which has provoked fierce legal and political debate since it was disclosed last December. But the issue is far from settled, with the Justice Department filing an immediate appeal and succeeding in allowing the wiretapping to continue for the time being. In a sweeping decision that drew on history, the constitutional separation of powers and the Bill of Rights, Judge Anna Diggs Taylor of United States District Court in Detroit rejected almost every administration argument. Judge Taylor ruled that the program violated both the Fourth Amendment and a 1978 law that requires warrants from a secret court for intelligence wiretaps involving people in the United States. She rejected the administration’s repeated assertions that a 2001 Congressional authorization and the president’s constitutional authority allowed the program. “It was never the intent of the framers to give the president such unfettered control, particularly when his actions blatantly disregard the parameters clearly enumerated in the Bill of Rights,” she wrote. “The three separate branches of government were developed as a check and balance for one another.” Republicans said the decision was the work of a liberal judge advancing a partisan agenda. Judge Taylor, 73, worked in the civil rights movement, supported Jimmy Carter’s presidential campaign and was appointed to the bench by him in 1979. She was the first black woman to serve on the Detroit federal trial court. Decision at

-- and --

ACLU RENEWS CHALLENGE TO CONSTITUTIONALITY OF NSL GAG ORDERS (Steptoe & Johnson’s E-Commerce Law Week, 12 August 2006) -- The American Civil Liberties Union and New York Civil Liberties Union continued their fight against the gag order provisions of National Security Letters, releasing on August 7 a redacted version of their second amended complaint in the case of an NSL served on an Internet service provider. The new complaint, which was filed under seal in the Southern District of New York last month, seeks a declaration that the gag order provisions are unconstitutional and an injunction prohibiting the FBI from enforcing such secrecy provisions against plaintiffs or others. Despite recent legislation permitting limited judicial review, the constitutionality of both the underlying NSLs and the accompanying gag orders are still an open question.

FOX TO SELL FILMS ONLINE IN MySPACE.COM (LA Times, 14 August 2006) -- Signaling its ambition to turn MySpace into an entertainment marketplace, News Corp. today is expected to unveil plans to sell downloadable copies of 20th Century Fox movies and TV shows through the popular social network and other Fox Interactive Media websites. The announcement comes a week after Fox signed a major advertising deal with Google Inc., intensifying News Corp.’s race against Viacom Inc. and other entertainment companies to cultivate younger audiences online. “This is a great example of how to build yet another revenue opportunity into MySpace in addition to advertising,” said Pali Research analyst Richard Greenfield. “It’s layering in a commerce element that currently doesn’t exist.” When it launches in October, the service is expected to include movies such as “X-Men: The Last Stand” and “The Omen,” for $19.99, and shows such as “Prison Break” and “Bones,” for $1.99 an episode. Movies will be available when they’re released on DVD, and shows will go online 24 hours after they air. Analysts said the immediate financial effect for 20th Century Fox appeared minor. Customers won’t be allowed to burn the videos to a DVD or transfer them to an iPod — only to Windows Media-compatible devices — which should limit the appeal. “We’re still in this hazy period where big media companies are not sure of the future, and they want to place a lot of bets on the table,” said Gartner Inc. analyst Allen Weiner.,1,7225371.story?coll=la-headlines-entnews

SECOND LIFERS GET FIRST LOOK AT NEW HOTEL CHAIN (CNET, 14 August 2006) -- Avatars looking for a stylish place to mingle and get a cocktail will soon be able to check out a trendy new hotel--months before their fleshy counterparts. Starwood Hotels & Resorts Worldwide, which oversees such well-known hotel brands as Sheraton, St. Regis and Westin, will launch its newest chain, Aloft, in the online society “Second Life” in September. In the brick-and-mortar realm, the plan is for the first Aloft inn to open sometime in 2008, catering to active, urban 30- to 50-year-olds. But the real-world lodge will be preceded by a 3D cyberversion designed to prompt feedback from virtual guests and help guide the earthbound endeavor. “We think the SL world is a specific community of early adopters, of tech-savvy people who like to voice their opinions,” said Brian McGuinness, vice president of the Aloft Hotels brand. Aloft will be the first hotel for “Second Life,” which has already incorporated businesses from Wells Fargo to Major League Baseball. Marc Schiller, CEO and founder of ElectricArtists 2.0, a marketing services company, approached Starwood two months ago with the idea of a virtual debut for Aloft. Starwood then purchased an island in “Second Life,” and construction began on the hotel a month ago. “We’re hoping we can learn a lot about where (Second Lifers) congregate and how they use space in a communal way,” Schiller said. “That could be valuable as Starwood develops the hotel.” “Second Life” is an open-ended virtual world in which players can create or do just about anything they can imagine. Opened to the public in 2003, it features a mainland composed of an array of square, 16-acre plots. The so-called metaverse is free to play in, but users must pay monthly fees if they want to own land. Its publisher, Linden Lab, makes money from land-usage fees, as well as player purchases of the “Second Life” currency, the Lindendollar, which is used to purchase property and other goods. The virtual marketplace supports millions of U.S. dollars in monthly transactions. One of the most intriguing elements of “Second Life” is its bustling economy. Linden Lab is one of the few companies that grants its users full intellectual-property rights to their creations, and that’s engendered a robust marketplace in any number of virtual goods, including land, clothing, vehicles, magic wands and more.

ALL VA COMPUTERS TO GET SECURITY UPGRADE (, 14 August 2006) -- Veterans Affairs Secretary Jim Nicholson announced plans today for an immediate upgrade of all VA computers that will include enhanced data security encryption systems. The agency expects to have 100 percent of its laptop computers fully encrypted within four weeks. According to a VA announcement, the encryption upgrade comes through a $3.7 million contract that was awarded Aug. 11 to SMS, a service-disabled veteran-owned small business in Syracuse, N.Y. The encryption solution consists of GuardianEdge and Trust Digital products. Under the award, VA laptop computers will receive the encryption programs first. Desktop computers will follow. Portable media, such as flash drives and CDs, are also included in the security encryption program, the announcement states. Final testing of the software is under way, and implementation and training materials are being developed with the actual encryption of laptops scheduled to begin Aug. 18.

SUN’s GENERAL COUNSEL OFFERS REALLY INTERESTING IDEA (, 17 August 2006) -- As has been pointed out by a number of sources in the blawgosphere (including Geoffrey G. Gussis and Bob Ambrogri), Sun Microsystem’s General Counsel, Mike Dillon, has started a blawg he calls the legal thing. As Dillon notes, Sun already has 3,000 webloggers in action, so he decided it was time to join in. As I read through the initial postings in the legal thing, I was struck by the post entitled Alumni Blog. In the short post, Dillon picks up from a recent conversation he had with a friend about the number of quality people that have worked at Sun at some point in their career. What followed was worthwhile reading and the kernel of a very intriguing idea. It’s no secret that we [Sun] are taking actions to reduce our operating expenses, including eliminating jobs. Many of the employees who are impacted are also active members of our blogging community. Naturally, the question is what do we do? Should we shut off their access to blogs@sun? That is choice most companies would make. Indeed, some attorneys advised that we take this approach. The thinking was that it would minimize disruption, negative external perceptions and reduce the risk of litigation. Here’s what we did instead. We created a site for all former employees to blog as part of our Sun alumni community. I have to admit that I held my breath when the site went live. But, far from being a magnet for angry ex-employees or litigation, the site has developed into a wonderful and supportive community made up of some very talented and creative people. For those of you seeking these types of employees. Look here. The jury may still be out as this is such a new site, but in an ever-changing world where employees come and go, it seems to me that a policy of nourishing (as opposed to cutting off) your alumni base is just good business. You never know, that former employee may someday be your best client. Good stuff. SUN’s extended community blogs are at

**** RESOURCES ****
ABA LAUNCHES LITIGATION PODCAST -- The ABA’s Section of Litigation has launched a podcast -- Tips & Tactics for the Practicing Trial Lawyer. The first episode, Managing Privilege, discusses real-world situations involving privileged communications. The podcast is also available through iTunes. See

TOWARDS A DOCTRINE OF ‘FAIR ACCESS’ IN COPYRIGHT: THE FEDERAL CIRCUIT’S ACCORD (SSRN, article by Zohar Efroni, Max Planck Institute for Intellectual Property) – ABSTRACT: This Article argues that the Federal Circuit in Chamberlain and Storage Tech is developing a parallel common law doctrine of fair access. As applied, this doctrine manifests the court’s approach as to the appropriate balance between the interests of copyright owners and information users in the context of access to copyrighted works. It is parallel to the statutory approach due to its deviation from Congress’s policy as reflected in the DMCA. Applying the Hohfeldian model of fundamental jural relations to the anti-circumvention norms, the Article criticizes Chamberlain’s theory, which argues that the anti-circumvention law did not establish a new property right allowing owners to prohibit access to their digital works. In connection to a possible interpretation of the fair access doctrine that would allow fair use (and other copyright defenses) as a valid protection against anti-circumvention and anti-trafficking claims, it shall be argued that the Federal Circuit’s decisions have paved the way not only for the incorporation of traditional copyright infringement defenses into the anti-circumvention law, but also provided solid arguments to defendants in cases where such defenses, and particularly statutory fair use, are inapplicable. The court’s analysis effectively opens up the door to an alternative judicial approach of anti-circumvention construction - the fair access doctrine. In light of the legislature’s bewilderedness as to if and how to modify the flawed access control provisions of the DMCA, Its development in the course of future disputes could furnish an effective shield for defendants in circumstances of unjustified application of the anticircumvention rules. [Editor: SSRN is a terrific resource.]

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School,
2. Edupage,
3. SANS Newsbites,
4. NewsScan and Innovation,
5. Internet Law & Policy Forum,
6. BNA’s Internet Law News,
7. Crypto-Gram,
8. McGuire Wood’s Technology & Business Articles of Note,
9. Steptoe & Johnson’s E-Commerce Law Week,
10. Readers’ submissions, and the editor’s discoveries.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.