Friday, September 29, 2006

MIRLN -- Misc. IT Related Legal News [9-30 September 2006; v9.13]

**************Introductory Note**********************

MIRLN (Misc. IT Related Legal News) is a free product of Dickinson Wright PLLC (www.dickinsonwright.com) and the American Bar Association’s Cyberspace Law Committee. Please feel free to distribute this message. Dickinson Wright’s IT & Security Law practice group is described here: http://tinyurl.com/joo5y

Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at http://www.abanet.org/dch/committee.cfm?com=CL320000 (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN editions are archived at www.vip-law.com and blogged at http://mirln.blogspot.com/.

**************End of Introductory Note***************

**** CONFERENCES ****
EMERGING TRENDS IN INFORMATION SECURITY AND THE LAW: “PLAUSIBLE DENIABILITY IS DEAD”, November 9-10, 2006, in Washington, D.C., by Georgetown University Law Center and the Information Systems Security Association. CEOs, CIOs, CISOs and legal professionals need to understand the developments in regulations and statutes that have led to convergence of issues between information security and in-house and outside counsel. Business planning must consider the business drivers of the legal and security factors to be successful. This two-day conference is designed for CxOs and legal counsel together with a combination of panels, presentations and interactive sessions to highlight key success strategies for the transparency required for business integrity, security and compliance. For more information or to register, please visit https://www.law.georgetown.edu/cle/showEventDetail.cfm?ID=145 or call (202) 662-9890.

**** NEWS ****

U.S. LEADERSHIP ON CYBERSECURITY ‘AWOL’ (SD Times, 1 Sept 2006) -- How secure is cyberspace? Not very—if the U.S. Department of Homeland Security’s lack of attention to the issue is any indication. The position of DHS cybersecurity chief has been vacant for nearly two years. And while sources concerned with cybersecurity issues said the DHS is close to naming an acting assistant secretary for cybersecurity and telecommunications, the appointment is likely to be seen as little more than a stopgap measure. “We are operating without a cyberspace czar,” said Ron Moritz, chief security officer for Islandia, N.Y.-based software company CA. Paul Kurtz, executive director of the Arlington, Va.-based advocacy group Cyber Security Industry Alliance, said DHS has not taken adequate measures to address cybersecurity concerns. “Cybersecurity is [apparently] not an issue for DHS,” he said in a phone interview with SD Times. “[The cybersecurity division] is running in place.” He echoed that message in a July 13 news conference on Capitol Hill, where he joined Patrick Leahy of Vermont and other Senate Democrats in calling for stronger cybersupport leadership from DHS. “The U.S. government leadership on cybersecurity is AWOL,” Kurtz said in his public remarks. In September 2003, following the launch earlier that year of President George W. Bush’s National Strategy to Secure Cyberspace initiative, DHS tapped Symantec executive Amit Yoran to head its cybersecurity division. But Yoran resigned from his position after only a year, departing just before original DHS head Tom Ridge stepped down in late 2004. In a phone interview with SD Times, Yoran declined to say why he left DHS. But a report published in the Washington Post on Oct. 2, 2004, noted that Yoran had been disappointed that he was not given as much authority as he was promised to attack the problem. Yoran told SD Times that under his tenure, the cybersecurity division made some significant strides, such as getting the FBI, IRS and State Department to share with DHS ongoing data about cyberincidents. While many such efforts have had no immediate impact, “there is great long-term potential,” he said. Chief among the cyberincidents gaining attention are those that put consumer data, such as credit-card numbers, at risk. “It is becoming an all-too familiar story in the lives of Americans: the escalating reports of the unauthorized disclosure or theft of sensitive, personal information,” said Leahy in the July 13 news conference, referring to well-publicized incidents in both the private and public sectors. While DHS “works steadfastly to find a nominee for the assistant secretary for cybersecurity position,” it has begun to take measures to address data security issues. For instance, the National Cyber Security Division of DHS sponsors “Build Security In,” a Web portal (www.buildsecurityin.us-cert.gov) launched in October 2005 that provides guidance to the software developer community. In the near future, DHS will sponsor publications such as the Software Assurance Common Body of Knowledge and Security in the Software Lifecycle, the official said. http://www.sdtimes.com/article/story-20060901-01.html

-- and --

AFTER YEAR’S DELAY, WHITE HOUSE SELECTS CYBERSECURITY CHIEF (SiliconValley.com, 18 Sept 2006) -- The Homeland Security Department picked an industry information security specialist Monday as its cybersecurity chief, filling a job that has had no permanent director for a year. Greg Garcia was appointed assistant secretary for cybersecurity and telecommunications, Homeland Security Secretary Michael Chertoff said. The cybersecurity job was created in July 2005, but department officials have struggled to find candidates willing to take significant pay cuts from industry jobs to fill it. Part of Garcia’s job will be to oversee the department’s National Cyber Security Division. For the last two years, that office has been run by Donald ``Andy” Purdy Jr., who is a two-year contract employee on loan from Carnegie Mellon University in Pittsburgh. Carnegie Mellon has received $19 million in contracts from Homeland Security’s cybersecurity office under Purdy’s management. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/15549934.htm

XANGA FINED $1 MILLION UNDER CHILD PRIVACY ACT (CNET, 8 Sept 2006) -- Xanga.com, a social-networking and blog site, has been ordered to pay $1 million in a settlement with the Federal Trade Commission for violating the Children’s Online Privacy Protection Act. The FTC said in a statement Thursday that Xanga, which has been in operation since 1999, had been letting people create accounts even if the dates of birth they entered indicated that they were under the age of 13. The terms of the child privacy act, enacted in 1998, stipulate that parental notification and consent are required for a commercial Web site, including a social-networking service, to collect personal information from children under the age of 13. In addition, the FTC alleged that Xanga’s policies regarding children were not sufficiently clear on its site and that parents were not provided a means to access and control their children’s information. It is estimated that over the past five years, a total of 1.7 million Xanga accounts had been registered with a birth date that implied the person was under 13. Overall, privately held Xanga has 25 million registered users. The $1 million penalty is the largest fine ever imposed for a violation under the child privacy act, the FTC said. http://news.com.com/2100-1030_3-6113626.html

ACCESSIBILITY LAWSUIT AGAINST TARGET CAN PROCEED (ComputerWorld, 8 Sept 2006) -- A federal judge in San Francisco ruled Wednesday that a lawsuit filed against Minneapolis-based Target Corp. by the National Federation of the Blind (NFB) regarding the accessibility of the retailer’s Web site can move forward. According to the NFB, the ruling sets a precedent establishing that retailers must make their Web sites accessible to the blind under the Americans with Disabilities Act (ADA). “This ruling is a great victory for blind people throughout the country,” said NFB President Marc Maurer. “We are pleased that the court recognized that the blind are entitled to equal access to retail Web sites.” When asked if the NFB would file lawsuits against other online retailers and sites, spokesman John Pare said, “You probably could imagine that we would.” http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9003129

COPS RAID USENET PROVIDER OVER PORN (CNET, 8 Sept 2006) -- Voicenet Communications and subsidiary Omni Telecom were raided in January 2004 as part of an Bucks County, Pa., investigation into child pornography. During the raid, servers and other computer hardware were, according to the companies, “illegally seized” and business operations were substantially impaired. The servers included data distributed through Usenet, a sprawling and decentralized collection of discussion groups called newsgroups. Discussion topics include everything from soc.history to rec.aviation, sci.nanotech, and alt.sex.exhibitionism. Some newsgroups feature sexual discussions and a few include erotic photographs and videos. Because the volume of daily Usenet posts is far too vast for any human to read, ISPs are almost never aware of the contents of individual messages. Voicenet and Omni Telecom claim that the raid went too far--akin to the police raiding a phone company and hauling away its switches and networks as part of an investigation into prank phone calls. Their civil rights lawsuit claimed violations of federal law, state law, and--because their customers were precluded from continuing in discussions--the First Amendment. The raid was closely watched by other Internet and Usenet providers at the time, because of the nature of Usenet: A post by any user is automatically distributed to thousands of servers at corporations, ISPs, and universities. That means, in other words, if one Usenet provider is liable for illegal content on its servers that it doesn’t even know exists, any provider could be potentially liable as well. In her order last week, U.S. District Judge Mary McLaughlin permitted the case to go forward but with some caveats. She sided with Voicenet on some points and the Bucks County district attorney on OTHERS. HTTP://NEWS.COM.COM/POLICE+BLOTTER+COPS+RAID+USENET+PROVIDER+OVER+PORN/2100-1030_3-6113862.HTML?TAG=NEFD.TOP [Editor: An important issue. ISPs and corporations alike mirror usenet content, which contains a little bit of everything, including some material that may be strictly forbidden.]

CREDIT CARD COMPANIES TEAM UP FOR SECURITY (CNET, 8 Sept 2006) -- The five major credit card companies have teamed up in the interest of better security. American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International announced Thursday the creation of an organisation to develop and maintain security standards for credit and debit card payments. It’s the first time the five brands have agreed on a single, common framework. The newly formed Payment Card International (PCI) Security Standards Council will manage the PCI Data Security Standard, first established in January 2005 with the intention of making its implementation more efficient for all parties involved in a payment card transaction. That includes merchants, payment processors, point-of-sale vendors, financial institutions and more than a billion card holders worldwide. Having a single data security standard is a critical issue for the entire industry and will simplify the process, said Brian Buckley, Visa’s senior vice president of international risk management. Having the common accepted set of rules should foster broader compliance, said Bruce Rutherford, MasterCard’s vice president of payments. Those rules include instructions on proper data encryption, common technical standards and security audit procedures. The first action of the new council was to update the PCI security standard, which was promised in May. The revision gives instructions for how to implement the new standards and clarifies language that was previously considered vague. For example, terms such as “periodically” and “regularly” were swapped for definite deadlines like “annually” or “quarterly” where appropriate. A statement released by the newly formed council said the revisions were the result of feedback from vendors, merchants and payment processors. http://www.zdnet.co.uk/print/?TYPE=story&AT=39282935-39020645t-10000019c [PCI Council’s webpage at https://www.pcisecuritystandards.org/about/organization.htm]

S. 2453: BLANK CHECKS, FALSE BALANCES (Steptoe & Johnson’s E-Commerce Law Week, 9 Sept 2006) -- When Senator Arlen Specter (R-PA) introduced S. 2453, the “National Security Surveillance Act,” he described it as a “middle ground” that would provide meaningful congressional and judicial oversight over electronic surveillance while providing the President “with the flexibility and secrecy he needs to track terrorists.” Specter defended his bill as a hard-won compromise, by which the Administration would agree to subject the National Security Agency’s warrantless wiretapping program to judicial review in exchange for a “recognition” of the President’s inherent constitutional authority to engage in wiretapping outside the scope of the Foreign Intelligence Surveillance Act (FISA). In fact, it’s hard to see how the bill is any compromise at all -- which is why S. 2453 is now at the top of the Administration’s legislative agenda for the truncated fall session. S. 2453 would do far more to expand the government’s ability to engage in domestic wiretapping than Senator Specter or the Administration has acknowledged. It would give the Foreign Intelligence Surveillance Court (FISC) the power to authorize entire programs of surveillance that could involve wiretapping not just suspected terrorists and spies, but anyone who has associated or communicated with a suspected terrorist or spy for any reason. Moreover, S. 2453 would significantly expand the scope of particularized surveillance orders under FISA and dramatically increase the Executive Branch’s authority to engage in surveillance without any court order at all. Finally, although the bill purports simply to acknowledge the President’s constitutional authority to engage in warrantless surveillance, without affecting that authority, the bill would actually alter the legal terrain significantly and make it more likely that courts would uphold the constitutionality of the NSA’s warrantless wiretapping program. This means the government could demand that communications providers assist with wiretaps even where there is no court order and no statutory authorization at all. S. 2453 was voted out of the Judiciary Committee on September 13 on a straight party-line vote, sending it to the Senate floor. http://www.steptoe.com/publications-3821.html

N.J. PROSECUTORS DEFEND BID FOR PHONE COMPANY RECORDS (SiliconValley.com, 11 Sept 2006) -- New Jersey has the right to obtain information about a federal domestic surveillance program because that program is no longer a secret, the state argued in response to federal efforts to quash its investigation. The Justice Department wants to throw ``an impenetrable cloak insulating the federal government’s domestic surveillance activities from all judicial scrutiny,” acting New Jersey Attorney General Anne Milgram said in a statement Monday. New Jersey prosecutors subpoenaed 10 phone companies in May because of suspicion that state consumer protection laws may have been violated if phone companies were turning over records to the National Security Agency. The federal government sued the New Jersey attorney general’s office in federal court June 14, claiming compliance with the state’s subpoenas or even acknowledging the existence of such a program would threaten national security. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/15493848.htm

GM’S MASSIVE OUTSOURCING DEAL UP AND RUNNING (Information Week, 11 Sept 2006) -- The largest private-sector information technology outsourcing deal in history is off and running in a big way. Starting in June, General Motors began the first phase of a $15 billion deal to create a single global IT organization for the company. To that end, in the first two months alone GM and its six main outsourcing partners have performed 160,000 transition tasks, trained 8,100 people on 29 standardized work processes, redeployed 2,800 personnel, remapped 1.2 million assets to new contracts, and aligned 15,000 additional supplier personnel to support requirements. Two weeks from now, GM’s partners will get together to figure out how they can collaborate not only on business processes, but also from an architectural point of view. GM announced in February the goal to create a single worldwide IT organization instead of having disparate regional processes. It tapped EDS, Hewlett-Packard, IBM, Capgemini, IBM, Compuware Covisint, and WiPro for a combined $7.5 billion over five years to improve IT operations and integration, with another $7.5 billion set aside for other contracts. Other major IT companies, including SAP, Cisco, and Microsoft, each bring an additional presence by helping over a two-year period to create a set of standard processes to which GM’s outsourcing partners will have to adhere. “The issue is now no regional boundaries,” GM CIO Ralph Szygenda said Monday at the InformationWeek 500 conference in Palm Springs, Calif. “How do you do that, and how do you drive that? You have to have global strategy, organizations, processes, and systems.” Not only do global processes and systems make for a unified IT organization, Szygenda said, but they also bring about flexibility in terms of the vendor partners GM can choose. Despite the breadth of GM’s outsourcing deals, there are limitations. “You can never outsource strategy, you can never outsource architecting systems, you can never outsource accountability in information technology,” Szygenda said. There have also been a few challenges, such as getting all the vendors to actually work together to co-develop standard business processes and then correctly designing the routing infrastructure so that communications with help centers go to the right person among GM’s set of partners. While the focus of the day was GM’s blockbuster outsourcing deal, Szygenda also said his greatest failure as CIO thus far has been the IT relationship with dealerships. Szygenda has taken steps recently to rectify that situation by working with GM dealers and automotive information management vendors to closely integrate GM’s systems with the disparate dealerships’ financial, parts, advertising and ordering systems that touch GM’s systems in one way or another. “The assumption was dealers were independent and the automotive world shouldn’t have anything to do with them,” Szygenda said. “The dealers came to me and said, you’ve got to help us, we can’t do it ourselves as individual dealers.” http://informationweek.com/news/showArticle.jhtml?articleID=192701131

SURVEY: MOST INSIDER-RELATED DATA BREACHES GO UNREPORTED (Computerworld, 12 Sept 2006) -- Most insider-related security breaches go unreported, according to a new survey by Ponemon Institute LLC in Elks Rapids, Mich. The main reason that happens is because companies don’t have the resources to tackle the issue, according to the National Survey on Managing the Insider Threat, sponsored by ArcSight Inc., an enterprise security management company in Cupertino, Calif. Ponemon Institute surveyed 461 people who work in corporate IT departments in U.S. organizations. “We found that many of the respondents in our study found that it was difficult, if not impossible, to identify all data breaches that exist -- and over 79% of the respondents said one, if not more, insider-related security breaches at their companies go unreported,” said Larry Ponemon, chairman of Ponemon Institute. Approximately 93% believe that the No. 1 barrier to addressing the data breach risk is the lack of sufficient resources, and 80% cited a lack of leadership, he said. Another factor is that no one person has overall responsibility for managing insider threats, according to 31% of respondents. The respondents said they devote a considerable amount of their efforts to trying to prevent or control insider threats as part of their company’s IT security risk management program. Approximately 10% said they spend more than half of their time on insider-related risks, and about 55% of respondents said they spend more than 30% of their time dealing with those issues, according to the survey. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9003211&source=NLT_PM&nlid=8

JUDGES CITE MORE BLOGS IN RULINGS (National Law Journal, 12 Sept 2006) -- Judges have discovered the Internet’s 600 legal blogs, citing them at least 32 times in 27 decisions over the last two years. A blog, short for Web log, is a Web page that acts as a continuous journal of the writer’s commentary, news and links to related sites. Blogs began, often as personal diaries, in the 1990s but came into their own in recent years among lawyers who use them to share with peers the latest developments in legal specialties. The ability to burrow deeply into a specialized area of the law with continuous updates has an undeniable appeal to practitioners. This phenomenon was not lost on Ian Best, a 36-year-old law school graduate who began a blog, “3L Epiphany,” as an independent study project for academic credit at Ohio State University’s Michael E. Moritz College of Law. It is a taxonomy of legal blogs. Best counted them, classified them and tracked their development. “The most significant development is judges citing blogs,” said Best, who lives in Columbus, Ohio, and is awaiting his bar exam results. Best has found 32 citations of legal blogs in 27 different cases dating back to 2004. Perhaps the most noted was by Justice John Paul Stevens in his dissent in an important sentencing decision, U.S. v. Booker, 543 U.S. 220 (2005). More recently, on July 31, a 9th U.S. Circuit Court of Appeals dissent by Judge Diarmuid O’Scannlain cited commentary on law Professor Eugene Volokh’s blog, “The Volokh Conspiracy,” in Harper v. Poway Unified School Dist., 2006 U.S. App. Lexis 19164. It cited Volokh’s commentary on viewpoint discrimination and the First Amendment. http://www.law.com/jsp/article.jsp?id=1157978118334

HACK THE VOTE? NO PROBLEM (Salon.com, 13 Sept 2006) -- Having reported extensively on the security concerns that surround the use of electronic voting machines, I anxiously awaited the results of a new study of a Diebold touch-screen voting system, conducted by Princeton University. The Princeton computer scientists obtained the Diebold system with cooperation from VelvetRevolution, an umbrella organization of more than 100 election integrity groups, which I co-founded a few months after the 2004 election. We acquired the Diebold system from an independent source and handed it over to university scientists so that, for the first time, they could analyze the hardware, software and firmware of the controversial voting system. Such an independent study had never been allowed by either Diebold or elections officials. The results of that study, released this morning, are troubling, to say the least. They confirm many of the concerns often expressed by computer scientists and security experts, as well as election integrity activists, that electronic voting -- and indeed our elections -- may now be exceedingly vulnerable to the malicious whims of a single individual. The study reveals that a computer virus can be implanted on an electronic voting machine that, in turn, could result in votes flipped for opposing candidates. According to the study, a vote for George Washington could be easily converted to a vote for Benedict Arnold, and neither the voter, nor the election officials administering the election, would ever know what happened. The virus could also be written to spread from one machine to the next and the malfeasance would likely never be discovered, the scientists said. The study was released along with a videotape demonstration. “We’ve demonstrated that malicious code can spread like a virus from one voting machine to another, which means that a bad guy who can get access to a few machines -- or only one -- can infect one machine, which could infect another, stealing a few votes on each in order to steal an entire election,” said the study’s team leader, Edward W. Felten, professor of computer science and public affairs at Princeton. The Princeton study is the first extensive investigation of the Diebold AccuVote DRE (Direct Recording Electronic) system, which is employed in Maryland, Florida, Georgia and many other states. Such touch-screen voting systems made by Diebold will be in use in nearly 40 states in this November’s elections. http://www.salon.com/opinion/feature/2006/09/13/diebold/print.html

JUSTICE AT THE CLICK OF A MOUSE IN CHINA (CNET, 13 Sept 2006) -- A court in China has used a software program to help decide prison sentences in more than 1,500 criminal cases, a Hong Kong newspaper said on Wednesday. The software, tested for two years in a court in Zibo, a city in the eastern coastal province of Shandong, covered about 100 different crimes, including robbery, rape, murder and state security offenses, the South China Morning Post said, citing the software’s developer, Qin Ye. “The software is aimed at ensuring standardized decisions on prison terms. Our programs set standard terms for any subtle distinctions in different cases of the same crime,” Qin was quoted as saying. A Beijing-based software company had worked with the Zichuan District Court in Zibo since 2003 to develop the program and input mainland criminal law, the paper said. Judges enter details of a case and the system produces a sentence, the paper said. “The software can avoid abuse of discretionary power of judges as a result of corruption or insufficient training,” the paper quoted Zichuan District Court chief judge, Wang Hongmei, as saying. But some Chinese newspapers criticized the move as a farce that highlighted the “laziness of the court” and that would not curb judicial corruption as touted. http://news.com.com/2100-1012_3-6115154.html

SURFING A BIGGER RISK THAN SPAM TO COMPANY NETWORKS (CNET, 15 Sept 2006) -- Company networks are now more likely to pick up malicious software via employee Web surfing than from e-mail attachments, according to a new study. Nearly 40 percent of the 200 Danish companies surveyed said their systems had been infected by a virus or worm, despite the fact that 75 percent had implemented a security policy, IDC Denmark said in its report, released Wednesday. But the malicious software in question is no longer primarily making its way through e-mail, as in the past. “There is a common misconception that e-mails constitute the biggest security threat from the Internet,” Per Andersen, IDC Denmark’s managing director, said in a statement. “But the survey shows that up to 30 percent of companies with 500 or more staff have been infected as a result of Internet surfing, while only 20 to 25 percent of the same companies experienced viruses and worms from e-mails.” The risk of infection is about five times greater for companies that allow Internet usage by staff to go on unhindered and unmonitored, Andersen said. The problem doesn’t go away for companies that ban private Internet use, because often such policies aren’t enforced, IDC found: About 30 percent of managers at such companies said staff accessed the Internet for personal use during working hours. IDC believes that banning personal Internet use isn’t realistic, particularly as a long-term solution. Instead, the research firm recommends closer monitoring of employees’ Internet use and using tools that give management an overview of time spent and behavior patterns online. http://news.com.com/2100-7355_3-6116244.html

DISNEY’S ITUNES SALES HIT 125,000 (Financial Times, 19 Sept 2006) -- Disney has sold 125,000 online film downloads less than a week after agreeing to make its titles available on Apple’s iTunes store. The sales have added about $1m in incremental revenue to the media company, according to chief executive Bob Iger, who expressed confidence that revenues from the new film venture could reach $50m in its first year. “Clearly, customers are saying to us that they want content available in multiple ways,” Mr Iger said at an investor conference sponsored by Goldman Sachs. Disney broke with other Hollywood studios when it agreed last week to make 75 titles available on iTunes at prices ranging from $9.99 to $14.99. http://www.ft.com/cms/s/3cc773fc-481b-11db-a42e-0000779e2340.html

H-P CASE SENDS CHILL THROUGH BAR (National Law Journal, 18 Sept 2006) -- The Hewlett-Packard Co.’s scandal involving a media leak from the boardroom has lawyers on high alert about how they and their clients obtain private information. At issue is a controversial data-collecting method known as “pretexting,” in which false pretenses are used to obtain private data. That’s allegedly what happened in the Hewlett-Packard case, in which investigators allegedly posed as board members and members of the press to trick phone companies into releasing phone records. Allegations that lawyers knew about the pretexting in the Hewlett-Packard case but did nothing about it is striking too close to home for attorneys across the nation who find themselves in similar situations involving pretexting and investigators. The case has lawyers re-examining their investigative techniques and questioning under what circumstances pretexting should be used. The H-P case “definitely sends a message to be careful, and it should send a message to both general counsels, as well as outside counsel, to be careful here,” said Frank Morris, an attorney who counsels companies on privacy matters. Ethics expert David Hricik, a law professor and former chair of the American Bar Association Section of Intellectual Property Law’s professional responsibility committee, said the H-P case has also prompted attorneys to re-examine how they deal with investigators they hire who may want to use pretexting. “The question that I have seen raised is should lawyers give to investigators a letter that says, ‘Here are the dos and don’ts. And one of the don’ts is, Don’t pretext, it’s illegal,’ “ Hricik said. He added that “[a]lmost immediately after the H-P case came out, an e-mail went out on a listserv I’m on asking whether to advise agents not to engage in that sort of conduct.” Chris Hoofnagle, a former staff attorney at the Electronic Privacy Information Center in California, said lawyers have yet to learn their lesson about pretexting, particularly when it comes to obtaining cellphone records. In February, Hoofnagle wrote letters to all 50 state bar associations notifying them that lawyers were buying illegally obtained cellphone records from online data brokers who used pretexting to obtain the phone records. He asked the bar associations to caution attorneys that the practice was illegal and to stop doing it. The Washington State Bar Association was the only one to act on Hoofnagle’s advice and wrote a letter cautioning lawyers about the pitfalls of pretexting. “We took the letter at face value that this might be something that lawyers were engaged in without really thinking about the professional-conduct implications of it,” said Pam Anderson, chairwoman of the Washington bar’s Rules of Professional Conduct Committee. http://www.law.com/jsp/nlj/PubArticleNLJ.jsp?id=1158311122481

-- and ---

HP SPONSORS PRIVACY INNOVATION AWARD (NPR, 21 Sept 2006) -- Hewlett-Packard, a company accused of spying on its board, is co-sponsor of an award for privacy. It’s called the Privacy Innovation Award. Nominees are being accepted to honor, “unique contributions to the privacy industry.” The award’s Web site says there’s not enough recognition for organizations that have “embraced privacy as a competitive advantage.” HP’s co-sponsor says the company is good on privacy issues, once you set aside the acts of its board. [For real.] http://www.npr.org/templates/story/story.php?storyId=6123067

BELGIAN COURT TELLS GOOGLE TO DROP NEWSPAPER EXCERPTS (New York Times, 19 Sept 2006) -- A court ordered Google to remove on Monday all links to French- and German-language newspaper reports published in Belgium after an association of local publishers won a case that accused the company of violating the country’s copyright laws. The legal action is the most recent example of the news media’s challenging the growing power of Internet news portals run by the large search engines. Increasingly, people are obtaining their news in bite-size nuggets on search engines, and advertising revenue for newspapers is diminishing as a result. Copiepresse, an organization that helps enforce the copyrights of some of Belgium’s best-known newspapers, including Le Soir and Le Libre Belgique, sued Google for publishing summaries of articles in the newspapers along with a link to the Web sites of the newspapers. Google contends that copyright law protects its service under fair-use provisions. Google News benefits publishers, [its spokesman] said, by making it easier for people to find their content and driving large numbers of users to their Web sites. “It is important to remember that we never show more than the headlines and a few snippets of text,” he said. “If people want to read the entire story they have to click through to the newspapers’ Web site.” In the United States last month, Google agreed to license content from The Associated Press for a new service. Mr. Louette said this was a positive sign for the news media. “The deal with A.P. seems to contradict Google’s stated business model, which is not to pay for content,” he said. http://www.nytimes.com/2006/09/19/technology/19google.html?ex=1316318400&en=e37ea16919003e84&ei=5090&partner=rssuserland&emc=rss

CASE STUDY: CHOICEPOINT INCIDENT LEADS TO IMPROVED SECURITY, OTHERS MUST FOLLOW (Gartner Research, 19 Sept 2006) -- ChoicePoint transformed itself from a “poster child” of data breaches to a role model for data security and privacy practices. One new practice involves careful credentialing of customers, a critical business process that should have standards -- but doesn’t. The upside of ChoicePoint’s data breach disclosure is that it drove the industry to improve security standards. Still, businesses engaged in data brokering and credit reporting have very uneven data privacy standards, and all should be held to the same standards as ChoicePoint is. The market will not likely address this issue without government intervention and/or regulations. [Editor: From “bad-boy” to “poster-child”, ChoicePoint’s 18 month journey to best-practice pioneer looks like they’re on their way to turning their experience to competitive advantage. The Gartner report is available by subscription]

-- and --

CRISIS CONTAINMENT COULD EMPOWER BRANDS (ClickZ Network, 18 Sept 2006) -- Consumer demand for security is top-of-mind among marketing professionals, but few have taken measures to secure corporate data or to inform customers of their efforts. The “Secure the Trust of Your Brand: How Security and IT Integrity Influence Corporate Brands” report released by the CMO Council looks at how marketers address security issues and prepare for crisis containment. Corporate data breaches, identity theft, and Internet fraud concern a majority of online consumers; a point made clear in the first portion of the study. No matter the measures taken by corporations to prevent security breaches, only 29 percent of marketers say there’s a crisis containment plan in place at their companies should data be leaked. A crisis containment plan includes every response from the company stemming from a particular problem, as well as products and services offered to customers affected by the breach. A recent example is ChoicePoint, a credential verification and risk management company that experienced a security breach. In response, the company set up a special informational Web site and offered a free credit check for those affected by the breach. “They were pretty responsive, and pretty much able to negate some of the brand trust they lost,” said Van Camp. Close to 60 percent of marketers believe enforcing security and IT boosts a brand, compared to 21 percent who think it doesn’t have an effect. While marketers recognize the importance, security has yet to be used in company messaging in a meaningful way. About 60 percent of marketers don’t include security updates in marketing communications. Only 37 percent of marketers leverage actions their companies have taken toward tighter security in their messaging. http://www.clickz.com/showPage.html?page=3623460

YALE TO POST VIDEO OF COURSES ONLINE (Inside Higher Ed, 20 September 2006) -- Yale University announced plans to begin posting video of course lectures online. Yale’s effort is part of a larger movement in higher education toward open courseware, led in large part by an initiative started at MIT in 2001. For the OpenCourseWare project, MIT posts course materials online, including syllabi, reading lists, and other resources. Diana Kleiner, who is leading the effort at Yale, said the project follows “MIT’s footprints” but represents the next step. Kleiner said that Yale officials believe the in-class experience to be central to the educational experience. Under the program, all of the lectures for a given course will be recorded and placed online. Beginning with seven courses this year, the program is expected to grow quickly to include many more in successive years. The university is exploring ways to ensure that offering video of lectures online will not encourage Yale students to skip class and simply watch the lectures at their convenience. Also at issue are intellectual property considerations, given that faculty are free to use some copyrighted materials in lectures, but that those materials may not be used similarly by the public. http://www.insidehighered.com/news/2006/09/20/yale

INFORMATION, PLEASE? YES, AND LOTS OF IT (New York Times, 20 Sept 2006) -- People researching their ancestry have been given online assistance after BT, the former British Telecom, published more than a century of its phone books on the Web. The company hopes to tap into the interest in genealogy by allowing users to trawl through millions of names, addresses and phone numbers covering the period 1880 to 1984. It is not just old relations that may turn up in the pages. In the days when unlisted numbers were less popular, Winston Churchill, Buckingham Palace, Alfred Hitchcock, Oswald Mosley and John Profumo could all be found in the phone book. At one stage, BT allowed brief job descriptions. The author of Dracula, Bram Stoker, at Victoria-1436, was listed as a lawyer, while Houdini could be found under “handcuff king.” http://www.nytimes.com/2006/09/20/world/europe/20LONDON.html?ex=1316404800&en=15a5374b8ec63341&ei=5090&partner=rssuserland&emc=rss

MANY U.S. WORKERS FAVOR E-MAIL MONITORING, RESEARCH SHOWS (eWeek.com, 20 Sept 2006) -- Despite the implied submission of personal privacy, most workers at U.S.-based companies believe that their employers should be allowed to monitor electronic communications to help protect against misuse of sensitive data. According to a report published by researchers from Iowa State University and network security software maker Palisade Systems, 100 percent of the workers the group surveyed at U.S.-based corporations said it was appropriate for companies to scan their employees’ e-mail, instant messaging and other communications systems to ensure that people were not inappropriately sharing information with outsiders. The study specifically asked if companies should be allowed to scan electronic communications for proprietary business data such as customers’ personally identifiable information, including Social Security numbers, bank account data or credit card numbers. By comparison, the study, which is based on interviews conducted with people working in 171 organizations in the government, university and commercial sectors, found that only 11 percent of survey respondents working for government agencies and 31 percent of people working for universities felt that employee communications should be monitored. Researchers involved in the study said that the disparity in opinions is largely based on the realization among workers at U.S. companies that so-called insider threats represent one of the greatest dangers to data security, and that workers understand that businesses must keep a closer eye on their employees to prevent costly information leaks. http://www.eweek.com/article2/0,1759,2018143,00.asp

GERMAN CT HOLDS WIFI OWNERS LIABLE FOR CRIME ON NETWORK (BNA’s Internet Law News, 21 Sept 2006) -- BNA’S Electronic Commerce & Law Report reports that a German court has ruled that individuals who do not password-protect their wireless Internet routers can be held liable for crimes others commit using the unprotected Internet access. In a case decided June 27, but only released the week of Sept. 11, a Hamburg District Court found a plaintiff responsible for distributing copyrighted music online. Although the plaintiff claimed to have never done such a thing, the court found the plaintiff to be an accomplice because he had made Internet access freely available in his immediate vicinity by not requiring a password to access his Internet router. Article at http://pubs.bna.com/ip/bna/eip.nsf/eh/a0b3h7p7y0

SJ STATE WEIGHS SKYPE BAN (The Mercury News, 21 Sept 2006) -- An effort by San Jose State University to ban the Skype phone service has been put on hold in the face of fierce objections from students and staff. Administrators said they would meet with eBay, the owner of Skype, next Tuesday in order to give the San Jose-based company an opportunity to address the university’s concerns about network security. San Jose State is the third California university to impose restrictions on Skype. In January, the University of California, Santa Barbara announced it was prohibiting Skype because the license agreement it presented to users gave third parties access to the university’s network. UC-Santa Barbara said it would allow other computer-calling services. California State University Dominguez Hills has long discouraged use of all computer-calling services, including Skype, a spokesman said. Skype has also been banned by some universities in the United Kingdom. The problem with Skype is not that it enables illegal behavior, but that its end-user license agreement appears to permit legal use of university’s networks by people outside the university and, indeed, the United States. ``It’s a fairly subtle problem,” said Kevin Schmidt, campus network programmer at the University of California, Santa Barbara. Skype users agree to run an application on their computers that is built to relay calls between third parties whenever a computer is turned on. http://www.mercurynews.com/mld/mercurynews/business/15576648.htm

BOOMERS: A WEB-MARKETING BONANZA (Business Week, 25 Sept 2006) -- Only a few smart Internet sites have figured out how to appeal to a large constituency with time to spend and money to burn. Today, baby boomers make up the Web’s largest constituency, accounting for fully one-third of the 195.3 million Web users in the U.S., according to JupiterResearch. They also spend more money on online shopping than your average Web user. Advertisers understand that, and targeted boomers with close to $5 billion in ads last year, according to Jupiter, out of a total $13 billion spent in Web advertising. Despite all that, boomers are arguably the most underserved audience on the Net, when it comes to special, customized destinations. Even where you would expect to see smart, age-related targeting—sites dedicated to photo- and video-sharing, for example—there is a surprising void. Ditto social networks. College students have Facebook.com and MySpace.com. Professionals use LinkedIn. Some boomers do find their way onto such sites, but typically they discover little that’s tailored to their sensibilities. But now there is a growing movement on the Web to give baby boomers the kind of experience they seek. Eons.com is part of that, and so is the all-powerful AARP, which plans to add MySpace.com-like features to its Web site in the first quarter of 2007, says Hugh Delehanty, editor-in-chief of AARP publications. The site will let people create their own home pages and form interest groups, focused on hobbies like gardening or taking care of elderly parents. So what does this generation really care about? According to Jupiter, they’re most interested in investing, finance, and health. Self-help and advice columns are also popular on the new boomer-centric Web sites, which tend to take an upbeat view of the whole aging process. http://www.businessweek.com/technology/content/sep2006/tc20060925_328758.htm?campaign_id=rss_tech

TOP AIDE TO N.H. CONGRESSMAN RESIGNS AFTER POSTING PHONY BLOG COMMENTS (SiliconValley.com 26 Sept 2006) -- A top aide to U.S. Rep. Charles Bass resigned Tuesday after disclosures that he posed as a supporter of the Republican’s opponent in blog messages intended to convince people that the race was not competitive. Operators of two liberal blogs traced the postings to the House of Representatives’ computer server. Bass’ office traced the messages to his policy director, Tad Furtado, and issued a statement announcing Furtado’s resignation Tuesday. ``Tad Furtado posted to political Web sites from my office without my knowledge or authorization and in violation of my office policy,” Bass said. ``I have referred this matter to the House Committee on Standards of Official Conduct for their review.” Posting as IndyNH and IndieNH, Furtado professed support for Democrat Paul Hodes but scoffed at a poll showing him tied with Bass and suggested Democrats should invest their time and money elsewhere. ``I am going to look at the competitive race list to figure out where to send another mydd.com/netroots donation and maybe help out in other ways,” IndieNH wrote. ``Maybe CT or NY for me -- they are at least close by. Anyone interested in pooling NH efforts for some of those races?” Laura Clawson, who runs ``Blue Granite,” and Michael Caulfield, who runs ``NH-02 Progressive,” said they were suspicious of IndieNH’s postings from the beginning. ``You see this all the time on political blogs, some elaborate act where someone says, ‘Now, I hate to say something against a Democrat, but,”’ Clawson told the Concord Monitor. ``So you develop an eye for it. And this poster definitely tripped all the wires.” After tracing the poster’s IP address, Clawson posted an article last week on the results, and the postings stopped. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/15613719.htm

SPANISH UNIVERSITY JOINS GOOGLE BOOK SCAN PLAN (Reuters, 26 Sept 2006) -- The Complutense University of Madrid is becoming the first library in a non-English-speaking country to join Google Inc.’s bid to scan every book in print, as the controversial project extends its global reach. The university’s library, the country’s second largest behind the National Library, houses 3 million works, including thousands of Spanish-language public domain books, including those of Cervantes and Sor Juana Ines de la Cruz. “We already have other non-English-language books, but this will be a huge boost to our Spanish-language content, as well as other languages,” a Google spokeswoman said on Tuesday. More than 400 million people speak Spanish around the world. Madrid joins Harvard, Oxford, Stanford, the universities of Michigan and California and the New York Public Library for the project being run by the world’s most popular search company. The U.S. Library of Congress is involved in a similar effort with Google. http://uk.news.yahoo.com/26092006/80-91/spanish-university-joins-google-book-scan-plan.html

HOPING TO BE A MODEL, I.B.M. WILL PUT ITS PATENT FILINGS ONLINE (New York Times, 26 Sept 2006) -- I.B.M., the nation’s largest patent holder, will publish its patent filings on the Web for public review as part of a new policy that the company hopes will be a model for others. If widely adopted, the policy could help to curb the rising wave of patent disputes and patent litigation. The policy, being announced today, includes standards like clearly identifying the corporate ownership of patents, to avoid filings that cloak authorship under the name of an individual or dummy company. It also asserts that so-called business methods alone — broad descriptions of ideas, without technical specifics — should not be patentable. The move by I.B.M. does carry business risks. Patents typically take three or four years after filing to be approved by the patent office. Companies often try to keep patent applications private for as long as possible, to try to hide their technical intentions from rivals. “Competitors will know years ahead in some cases what fields we’re working on,” said John Kelly, senior vice president for technology and intellectual property at I.B.M. “We’ve decided we’ll take that risk and seek our competitive advantage elsewhere.” The more open approach, I.B.M. says, is intended as a step toward improving the quality of patents issued in general because the process of public review should weed out me-too claims that are not genuine innovations. “The larger picture here is that intellectual property is the crucial capital in a global knowledge economy,” said Samuel J. Palmisano, I.B.M.’s chief executive. “If you need a dozen lawyers involved every time you want to do something, it’s going to be a huge barrier. We need to make sure that intellectual property is not used as a barrier to growth in the future.” The I.B.M. move is partly a response to what it and other technology companies regard as the slow movement by Congress toward overhauling the patent process. http://www.nytimes.com/2006/09/26/technology/26patent.html?ex=1316923200&en=fe65e7e63544fb61&ei=5090&partner=rssuserland&emc=rss

DIGITAL ARCHIVING GAINS NEW TOOL (BBC, 26 Sept 2006) -- A tool that makes it easier to gather and store digital archives has been developed by the National Library of New Zealand and the British Library. As more and more information goes online the race is on to create meaningful digital archives. The web curator tool automates the process of collecting and storing information. It will become a key part of the British Library’s existing digital preservation programme. The practise of web harvesting - using software to search out and gather snapshots of websites - will become increasingly important as organisations seek to preserve web pages, which often have a shelf-life of just a few months before disappearing. The temporary nature of the web and the sheer amount of information available online makes digital preservation tricky. According to Stephen Green, the British Library’s web archiving programme manager, the tool will concentrate on sites considered to be an important part of British cultural heritage, such as the websites of political parties and information around significant events such as the July 7th bombings. The web curator tool that was developed will be available to other organisations as an open source release by the end of the year. http://news.bbc.co.uk/2/hi/technology/5382144.stm

JUDGE SAYS STREAMCAST LIABLE IN LAWSUIT (Washington Post, 27 Sept 2006) -- A federal judge ruled Wednesday against the distributor of the Morpheus online file-sharing software, finding the firm encouraged computer users to share music, movies and other copyright works without permission. The ruling was a sweeping victory for coalition of Hollywood movie studios, record companies and music publishers who sued Los Angeles-based StreamCast Networks Inc. and similar firms in 2001. The case led to a landmark copyright ruling by the U.S. Supreme Court last year. In the 60-page decision, U.S. District Judge Stephen V. Wilson granted the entertainment companies’ motion for summary judgment, concluding there was more than enough evidence of “massive infringement” on StreamCast’s network, despite the company’s arguments that it did not encourage computer users to violate copyright laws. http://www.washingtonpost.com/wp-dyn/content/article/2006/09/27/AR2006092701605.html

MYSPACE LAUNCHES VOTER-REGISTRATION PLAN (Washington Post, 27 Sept 2006) -- The youth-heavy online hangout MySpace.com is launching a voter-registration drive to engage its members in civics. In partnership with the nonpartisan group Declare Yourself, MySpace is running ads on its highly trafficked Web site and giving members tools such as a “I Registered To Vote On MySpace” badge to place on their personal profile pages. “Young people in this country ... are really engaged in what’s happening in their community and want to make a difference,” said Jeff Berman, MySpace’s senior vice president for public affairs. “The key is to make it easy for them to get engaged. By putting these tools on MySpace and putting it in front of their eyes, you make it far more likely they will use them.” To register, members simply go to http://www.myspace.com/declareyourself and enter a state or ZIP code. After entering the requested information, the site generates a PDF file that can be printed and mailed to state election officials. A Spanish version also is available. Although MySpace has a heavy youth population, about 80 percent of its 114 million registered members are old enough to vote, according to the Los Angeles-based company. http://www.washingtonpost.com/wp-dyn/content/article/2006/09/27/AR2006092700426.html?nav=rss_technology

CT RULES MASKING SPAM ORIGIN SUFFICIENT FOR JURISDICTION (BNA’s Internet Law News, 28 Sept 2006) -- BNA’S Electronic Commerce & Law Report reports that a federal court in Georgia has ruled that masking the origin of spam by routing it through an Internet service provider’s mail servers so that it appeared that the messages originated from the ISP itself amounts to an “electronic contact” with the ISP’s forum sufficient to assert personal jurisdiction over the spammers. The court reasoned that jurisdiction was proper because “[t]his process of masking involved connections to and from EarthLink’s network in Georgia.” Case name is EarthLink Inc. v. Pope.

GE LAPTOP THEFT EXPOSES DATA ON THOUSANDS (CNET, 27 Sept 2006) -- General Electric said on Tuesday that a company laptop containing the names and Social Security numbers of 50,000 current and former employees was stolen in early September. The laptop, issued to a GE official who was authorized to have the data, was stolen from a locked hotel room, the company said. The Connecticut-based company began mailing letters earlier this week to the people whose names and Social Security numbers were on the laptop, to notify them of the breach and to offer a year’s free access to a credit-monitoring service, GE spokesman Russell Wilkerson said. http://news.com.com/2100-1029_3-6120181.html [Editor: This is only one of dozens of such cases in the past two months alone. I’m not picking on GE; but this goes to show that even bigger, more sophisticated companies are failing to employ simple crypto tools which would obviate much of the risk.]

BELGIAN PREMIER SAYS SWIFT SECRETLY SUPPLIED U.S. WITH BANK DATA (SiliconVallery.com 28 Sept 2006) -- The money transfer company SWIFT has for years secretly supplied U.S. authorities with massive amounts of personal data for use in anti-terror investigations, violating EU privacy rules, a Belgian commission said Thursday. ``SWIFT finds itself in a conflicting position between American and European law,” Belgian Prime Minister Guy Verhofstadt said. Verhofstadt spoke after Belgium’s privacy protection commission presented its findings on the case, although it did not call for immediate legal action. The premier said that his government also would not take legal action to shut down the data transfers. The report said that while SWIFT did all it could to live up to Belgian, EU and U.S. regulations to hand over the requested information, it finds itself in a legal quagmire that must be urgently corrected. The controversy surrounds a secret transfer deal between the U.S. Treasury and the Belgium-based Society for Worldwide Interbank Financial Telecommunication, or SWIFT. The company routes about 11 million financial transactions daily between 7,800 banks and other financial institutions in 200 countries, recording customer names, account numbers and other identifying information. Verhofstadt said he did not object to the need to scour through personal data in hunting down terrorists, but it needed to be done with respect to privacy rights. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/15630604.htm

PIRATES OF THE MEDITERRANEAN (New York Times, Op-Ed, 30 Sept 2006) -- In the autumn of 68 B.C. the world’s only military superpower was dealt a profound psychological blow by a daring terrorist attack on its very heart. Rome’s port at Ostia was set on fire, the consular war fleet destroyed, and two prominent senators, together with their bodyguards and staff, kidnapped. The incident, dramatic though it was, has not attracted much attention from modern historians. But history is mutable. An event that was merely a footnote five years ago has now, in our post-9/11 world, assumed a fresh and ominous significance. For in the panicky aftermath of the attack, the Roman people made decisions that set them on the path to the destruction of their Constitution, their democracy and their liberty. One cannot help wondering if history is repeating itself. Consider the parallels. The perpetrators of this spectacular assault were not in the pay of any foreign power: no nation would have dared to attack Rome so provocatively. They were, rather, the disaffected of the earth: “The ruined men of all nations,” in the words of the great 19th-century German historian Theodor Mommsen, “a piratical state with a peculiar esprit de corps.” Like Al Qaeda, these pirates were loosely organized, but able to spread a disproportionate amount of fear among citizens who had believed themselves immune from attack. To quote Mommsen again: “The Latin husbandman, the traveler on the Appian highway, the genteel bathing visitor at the terrestrial paradise of Baiae were no longer secure of their property or their life for a single moment.” What was to be done? Over the preceding centuries, the Constitution of ancient Rome had developed an intricate series of checks and balances intended to prevent the concentration of power in the hands of a single individual. The consulship, elected annually, was jointly held by two men. Military commands were of limited duration and subject to regular renewal. Ordinary citizens were accustomed to a remarkable degree of liberty: the cry of “Civis Romanus sum” — “I am a Roman citizen” — was a guarantee of safety throughout the world. But such was the panic that ensued after Ostia that the people were willing to compromise these rights. The greatest soldier in Rome, the 38-year-old Gnaeus Pompeius Magnus (better known to posterity as Pompey the Great) arranged for a lieutenant of his, the tribune Aulus Gabinius, to rise in the Roman Forum and propose an astonishing new law. “Pompey was to be given not only the supreme naval command but what amounted in fact to an absolute authority and uncontrolled power over everyone,” the Greek historian Plutarch wrote. “There were not many places in the Roman world that were not included within these limits.” Pompey eventually received almost the entire contents of the Roman Treasury — 144 million sesterces — to pay for his “war on terror,” which included building a fleet of 500 ships and raising an army of 120,000 infantry and 5,000 cavalry. Such an accumulation of power was unprecedented, and there was literally a riot in the Senate when the bill was debated. Nevertheless, at a tumultuous mass meeting in the center of Rome, Pompey’s opponents were cowed into submission, the Lex Gabinia passed (illegally), and he was given his power. In the end, once he put to sea, it took less than three months to sweep the pirates from the entire Mediterranean. Even allowing for Pompey’s genius as a military strategist, the suspicion arises that if the pirates could be defeated so swiftly, they could hardly have been such a grievous threat in the first place. But it was too late to raise such questions. By the oldest trick in the political book — the whipping up of a panic, in which any dissenting voice could be dismissed as “soft” or even “traitorous” — powers had been ceded by the people that would never be returned. Pompey stayed in the Middle East for six years, establishing puppet regimes throughout the region, and turning himself into the richest man in the empire. Those of us who are not Americans can only look on in wonder at the similar ease with which the ancient rights and liberties of the individual are being surrendered in the United States in the wake of 9/11. The vote by the Senate on Thursday to suspend the right of habeas corpus for terrorism detainees, denying them their right to challenge their detention in court; the careful wording about torture, which forbids only the inducement of “serious” physical and mental suffering to obtain information; the admissibility of evidence obtained in the United States without a search warrant; the licensing of the president to declare a legal resident of the United States an enemy combatant — all this represents an historic shift in the balance of power between the citizen and the executive. An intelligent, skeptical American would no doubt scoff at the thought that what has happened since 9/11 could presage the destruction of a centuries-old constitution; but then, I suppose, an intelligent, skeptical Roman in 68 B.C. might well have done the same. In truth, however, the Lex Gabinia was the beginning of the end of the Roman republic. It set a precedent. Less than a decade later, Julius Caesar — the only man, according to Plutarch, who spoke out in favor of Pompey’s special command during the Senate debate — was awarded similar, extended military sovereignty in Gaul. Previously, the state, through the Senate, largely had direction of its armed forces; now the armed forces began to assume direction of the state. It also brought a flood of money into an electoral system that had been designed for a simpler, non-imperial era. Caesar, like Pompey, with all the resources of Gaul at his disposal, became immensely wealthy, and used his treasure to fund his own political faction. Henceforth, the result of elections was determined largely by which candidate had the most money to bribe the electorate. In 49 B.C., the system collapsed completely, Caesar crossed the Rubicon — and the rest, as they say, is ancient history. It may be that the Roman republic was doomed in any case. But the disproportionate reaction to the raid on Ostia unquestionably hastened the process, weakening the restraints on military adventurism and corrupting the political process. It was to be more than 1,800 years before anything remotely comparable to Rome’s democracy — imperfect though it was — rose again. The Lex Gabinia was a classic illustration of the law of unintended consequences: it fatally subverted the institution it was supposed to protect. Let us hope that vote in the United States Senate does not have the same result. http://www.nytimes.com/2006/09/30/opinion/30harris.html?ex=1317268800&en=c6ea4450122c3e93&ei=5090&partner=rssuserland&emc=rss [Editor: Former Irish President Mary Robinson delivered an important speech on 16 September at the ABA/IBA Rule of Law Symposium, “Rule of Law: Striking a Balance in an Era of Terrorism.” Both the instant article and the Robinson speech (at http://www.realizingrights.org/pdf/ABA_IBA_Rule_of_Law_Chicago_2006.pdf) remind me of Samuel Johnson’s remark, “I understand my own country so much better, when I stand in someone else’s.”]

**** RESOURCES ****
AUTHORSHIP, AUDIENCES, AND ANONYMOUS SPEECH (Tom Cotter, Lyrissa Lidsky; Minnesota Legal Studies Research Paper, 21 August 2006) -- Abstract: A series of United States Supreme Court decisions establishes that the First Amendment provides a qualified right to speak and publish anonymously, or under a pseudonym. But the Court has never clearly defined the scope of this right. As a result, lower courts have been left with little guidance when it comes to dealing both with the Internet-fueled growth of torts and crimes committed by anonymous speakers, and with the increasing number of lawsuits aimed at silencing legitimate anonymous speech. In this Article, we provide both positive and normative foundations for a comprehensive approach to anonymous speech. We first draw upon intellectual property theory, particularly as it relates to trademarks and copyright, to develop a positive analysis of the private and social costs and benefits of anonymous speech. Traditional First Amendment jurisprudence then supplies the missing normative component by providing two crucial presumptions that suggest how to weigh the relevant costs and benefits. The first is the anti-paternalism presumption. This assumes that audiences are capable of responding to anonymous speech in much the same way they respond to generic, nontrademarked products - by recognizing that the product, in this case speech, lacks an important quality indicator and should be evaluated accordingly. In this manner, audiences can minimize the potential social harm of many forms of anonymous speech. The second presumption, which we refer to as “more is better,” favors more speech over less, and thus places considerable weight on anonymity as a tool for encouraging otherwise reluctant speakers to come forward - even at the risk of simultaneously encouraging more potentially harmful speech. These twin presumptions form the basis for the detailed guidance we supply for legislatures contemplating regulation of anonymous speech, and for courts seeking to balance the rights of anonymous speakers with other important interests. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=925736

SOURCES:
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu.
2. Edupage, http://www.educause.edu/pub/edupage/edupage.html.
3. SANS Newsbites, sans@sans.org.
4. NewsScan and Innovation, http://www.newsscan.com.
5. Internet Law & Policy Forum, http://www.ilpf.org.
6. BNA’s Internet Law News, http://ecommercecenter.bna.com.
7. Crypto-Gram, http://www.schneier.com/crypto-gram.html.
8. McGuire Wood’s Technology & Business Articles of Note, http://www.ggtech.com
9. Steptoe & Johnson’s E-Commerce Law Week, www.steptoe.com
10. Readers’ submissions, and the editor’s discoveries.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.

Friday, September 08, 2006

MIRLN -- Misc. IT Related Legal News [19 August – 8 September 2006; v9.12]

**************Introductory Note**********************

MIRLN (Misc. IT Related Legal News) is a free product of Dickinson Wright PLLC (www.dickinsonwright.com) and the American Bar Association’s Cyberspace Law Committee. Please feel free to distribute this message. Dickinson Wright’s IT & Security Law practice group is described here: http://tinyurl.com/joo5y

Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at http://www.abanet.org/dch/committee.cfm?com=CL320000 (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN editions are archived at www.vip-law.com and blogged at http://mirln.blogspot.com/.

**************End of Introductory Note***************

**** CONFERENCES ****
44TH IP LAW CONFERENCE, November 9-10, 2006, in Plano, Texas, by the Institute for Law & Technology of the Center for American and International Law. Program information at http://www.cailaw.org/ilt/ILT_IP_LAW_06_Details.html.

-- or, directly conflicting --

EMERGING TRENDS IN INFORMATION SECURITY AND THE LAW: “PLAUSIBLE DENIABILITY IS DEAD”, November 9-10, 2006, in Washington, D.C., by Georgetown University Law Center and the Information Systems Security Association. CEOs, CIOs, CISOs and legal professionals need to understand the developments in regulations and statutes that have led to convergence of issues between information security and in-house and outside counsel. Business planning must consider the business drivers of the legal and security factors to be successful. This two-day conference is designed for CxOs and legal counsel together with a combination of panels, presentations and interactive sessions to highlight key success strategies for the transparency required for business integrity, security and compliance. For more information or to register, please visit https://www.law.georgetown.edu/cle/showEventDetail.cfm?ID=145 or call (202) 662-9890.

CYBERWEEK 2006: SHAPING THE FUTURE OF ODR AND ONLINE JUSTICE, September 25-29, 2006, online, by the University of Massachusetts Center for Information Technology and Dispute Resolution and the InternetBar.org. Cyberweek 2006 will consist of many different kinds of content, from Skypecasts to meetings in virtual worlds to Podcasts to discussion forums and more. Cyberweek is a free all-online conference. Program information at http://www.odr.info/cyberweek2006/index.php; registration information at http://www.katsh.org/forms/use/cyberweekregistration/form1.html

**** NEWS ****
COURT RULING: OFFICIALS’ PERSONAL E-MAILS NOT PUBLIC RECORDS (Tucson Citizen, 9 August 2006) -- Government officials’ personal e-mails don’t have to be disclosed under Arizona’s public records law even if kept on a taxpayer-supported computer, a state court has ruled. Previous Arizona court rulings have found that Arizona’s public records law generally requires disclosure of material that documents official activities, with exemptions for confidentiality, privacy and the best interests of the state. The new ruling by the state Court of Appeals notes that the Arizona public records law was enacted in 1975, long before e-mail systems became prevalent in public offices. The court said e-mails are often the equivalent of telephone calls, not printed paper documents. “Because of their transitory nature, the content of telephone calls generally would not be considered a public record,” a three-judge panel in Tucson said in a unanimous ruling Friday. “In our view, it defies logic to believe the Legislature intended to require every state officer or employee, for purposes of disclosure on a public records request, to record the content of all of his or her personal telephone calls or to create and maintain documentation of all activities, whether business-related or strictly personal, in which he or she engages on the job. “It would be just as illogical to infer any such intent with respect to electronic forms of communication that are purely personal in nature, even though e-mails are essentially self-documenting and easily retained.” The state supreme courts of Florida and Colorado have issued similar rulings, the Arizona court noted. http://www.tucsoncitizen.com/daily/local/21980

DEPARTMENT OF DEFENSE STUDY URGES OPEN SOURCE ADOPTION (ArsTechnica, 20 August 2006) -- The Open Technology Development road map, a recently authored government report, advises Deputy Undersecretary of Defense Sue Payton to integrate a comprehensive open source strategy into defense department procurement and development policies. Written by consultants for Advanced Systems & Concepts in collaboration with major technology companies and the Open Source Software Institute, the 79-page report advocates adoption of open technologies, support for and adherence to open standards, and discusses topics like licensing and software project governance. In addition to promoting open technology, the authors of the report feel that the DoD can improve interoperability while increasing efficiency and productivity by creating standard policies for internal redistribution of code developed by contractors. The report states that “by not enabling internal distribution, DoD creates an arbitrary scarcity of its own software code, which increases the development and maintenance costs of information technology across the Department.” http://arstechnica.com/news.ars/post/20060820-7545.html

ECHOSTAR LOSES COURT RULING ON SOME TV TRANSMISSIONS (Washington Post, 23 August 2006) -- Hundreds of thousands of Dish Network subscribers could lose access to shows on traditional television networks as early as today after a Supreme Court justice’s decision yesterday that brings an end to lawsuits that have been tied up in court for more than eight years. U.S. Supreme Court Justice Clarence Thomas yesterday let stand a May ruling by the U.S. Court of Appeals for the 11th Circuit that ordered EchoStar Communications Corp., the parent company of Dish Network, to stop transmitting network programming to 800,000 subscribers -- those who live in mostly rural areas too far to receive local stations with regular antennas. The decision stemmed from lawsuits filed by News Corp.’s Fox Network and stations affiliated with the four major networks, all claiming that EchoStar has been illegally offering distant-network signals to customers who are capable of receiving television signals from nearby cities. Rural customers who live within the reach of a local television broadcast are not eligible to receive network programming from a satellite TV company, which usually offers transmissions from stations in large cities, such as New York or Los Angeles. For more than eight years, Englewood, Colo.-based EchoStar has been battling broadcast networks that say the satellite provider is illegally encroaching on their markets and taking a chunk out of their audiences. EchoStar has frequently settled with local stations to maintain its presence in rural markets. This time, analysts said, the satellite company may be required to halt service to all subscribers who receive the network transmissions, even if the subscriptions are legal. “It looks like the company is running out of legal options and it’s going to have to take some drastic steps to appease customers who are losing access to these signals, whether it be lowering rates or helping them find access to other channels,” said Thomas W. Eagan, an analyst with Oppenheimer & Co. in New York. “The subscription television marketplace has become very saturated and people are looking to be compensated,” he said. “This could send customers straight to DirecTV or cable.” http://www.washingtonpost.com/wp-dyn/content/article/2006/08/22/AR2006082201283.html

FTC CHIEF CRITIQUES NET NEUTRALITY (CNET, 21 August 2006) -- The head of the Federal Trade Commission on Monday expressed sharp skepticism toward proposed laws that would levy extensive Net neutrality regulations on broadband providers. Deborah Platt Majoras, the FTC’s Republican chairman, said extensive Net neutrality legislation currently pending in the U.S. Senate is unnecessary because there has been no demonstrated harm to consumers, that normal market forces would likely prevent any problems, and that new laws would cause more problems than they solve. “I ask myself whether consumers will stand for an Internet that suddenly imposes restrictions on their ability to freely explore the Internet or does not provide for the choices they want,” Majoras told a luncheon audience at the Progress and Freedom Foundation’s annual conference here. Majoras’ comments come as the Senate is considering a massive legislative proposal to rewrite telecommunications laws. In June, a Senate panel narrowly rejected an amendment that would have slapped strict regulations on broadband providers. Sen. Ron Wyden, an Oregon Democrat, has said he’ll try to block a floor vote on the measure unless that amendment is adopted. The concept of network neutrality, which generally means that all Internet sites must be treated equally, has drawn a list of high-profile backers, from actress Alyssa Milano to Vint Cerf, one of the technical pioneers of the Internet. It has also led to a political rift between big Internet companies--such as Google and Yahoo that back it--and telecom companies that oppose what they view as onerous new federal regulations. In the last few months, it has become a partisan issue, with Republicans siding with broadband providers. (All the Democrats on the Senate Commerce Committee voted for the unsuccessful amendment in June). Because the FTC shares enforcement authority with the Federal Communications Commission over certain types of deceptive practices by broadband providers, Majoras’ remarks could nudge some senators who have been cautious supporters of Net neutrality to a more laissez-faire position. http://news.com.com/2100-1028_3-6107913.html

VERIZON IMPOSES NEW DSL SURCHARGE AS GOVERNMENT FEES REMOVED (SilliconValley.com, 21 August 2006) -- Verizon Communications Inc. is imposing a new surcharge on high-speed Internet service just as customers were set to receive lower bills thanks to a decision last year to deregulate the service. In a recent notice to customers, the telecommunications company said it would begin imposing the surcharge for all new digital-subscriber line customers, and on current DSL customers with monthly plans. Customers on an annual plan will start paying when their plan expires. The surcharge will initially be $1.20 a month for customers with service up to 768 kilobits per second and $2.70 per month for customers with faster DSL service, according to the company. The fee comes as a government fee on DSL customers for the Universal Service Fund is being phased out. For customers with service up to 768 kpbs, the fee was $1.25 a month, and for customers with service of up to 3 Mbps, the fee was $2.83 a month, according to Verizon. Customers will no longer pay such charges effective Aug. 14, New York-based Verizon said. Bobby Henson, a Verizon spokeswoman, cited ``new costs that we’ve developed over the past year as we’ve been developing and delivering this standalone DSL service. That service doesn’t have the benefit of the revenue that was coming in from voice.” http://www.siliconvalley.com/mld/siliconvalley/news/editorial/15327454.htm

AT&T SAYS COOPERATION WITH NSA COULD BE LEGAL (CNET, 22 August 2006) -- An AT&T executive on Tuesday offered a glimpse into how a company could be required to cooperate with a federal entity such as the National Security Agency. James Cicconi, AT&T’s senior executive vice president for external and legislative affairs, said there are “very specific federal statutes that prescribe means, in black and white law, for provision of information to the government under certain circumstances.” “We have stringently complied with those laws,” Cicconi said. “It’s pretty obvious, you know, as far as the court case is going, that they’ve not reached a different conclusion.” That’s a slightly more detailed explanation than AT&T has publicly offered so far. In February, AT&T declined to answer related questions from CNET News.com. In May, an AT&T spokesman told News.com: “Without commenting on or confirming the existence of the program, we can say that when the government asks for our help in protecting national security, and the request is within the law, we will provide that assistance.” Because Cicconi was AT&T’s general counsel before the merger with SBC Communications, he would have been responsible for reviewing the legality of cooperating with the NSA. A longtime Republican, Cicconi worked as deputy chief of staff to President George H.W. Bush and as an assistant to President Ronald Reagan. He’s recently served as co-chairman of Progress for America, a prominent group devoted to electing Republican politicians. Cicconi’s remarks--in response to a question at the Progress and Freedom Foundation’s annual summit here--seem to indicate that AT&T received formal authorization from the U.S. Department of Justice to authorize the program. The existence of such a letter has never been confirmed. Cicconi may have been referring to an obscure section of federal law, 18 U.S.C. 2511, which permits a telecommunications company to provide “information” and “facilities” to the federal government as long as the attorney general authorizes it. The authorization must come in the form of “certification in writing by...the Attorney General of the United States that no warrant or court order is required by law.” If a letter of certification exists, AT&T could be off the hook in its lawsuits. Federal law says that a “good faith” reliance on a letter of certification “is a complete defense to any civil or criminal” lawsuit, including one brought against the company by the Electronic Frontier Foundation. (Other officials, including the deputy attorney general and state attorneys general, also are authorized to write these letters.) http://news.com.com/2100-1030_3-6108386.html

NOW PLAYING ON THE NET: WAR PROPAGANDA (CNET, 22 August 2006) -- Amid the home videos of dancing teens and sporting events on YouTube, a well-crafted, nine-minute video makes a direct appeal to Americans to oust the Bush administration. “People of America, we wish to share with you our thoughts on the events we experienced,” says the narrator of “Iraq--the truth?” The narrator claims to represent those opposing the U.S. in Iraq. “Despite the madness we have endured we see no harm in presenting you with the criminal nature of your newly elected emperor.” It’s impossible to say for certain who created the video, but it’s no doubt part of a growing and surprising trend at video-sharing sites. The democratization of online video through sites such as YouTube, Metacafe and Ogrish.com is allowing combatants on both sides of the battlefield to make their version of events public. The Web offers any individual with Internet access the means to reach out to vast audiences with little or no regard for geographical borders. The number of people watching the propaganda videos is still small: About 14,000 people have viewed the “Iraq – the truth?” video, which was posted in May. By comparison, the most popular video currently on YouTube is “Tila Tequila,” which has been watched more than 800,000 times. But experts say such material could be a harbinger of the future. “The enemy is taking propaganda straight to the American people,” said Nancy Snow, associate professor at California State University at Fullerton and author of “Propaganda Inc.” “You have to give them credit for utilizing the power of this new medium. They’re using cheap technology, but today anybody with a video camera can make his own movie and broadcast it.” Bush administration officials have noticed. In a speech last February, U.S. Secretary of Defense Donald Rumsfeld said al-Qaida and other extremist groups have adapted faster than the U.S. to fighting information wars on the Web. http://news.com.com/Now+playing+on+the+Net+War+propaganda/2100-1038_3-6108004.html?tag=nefd.lede

ONLINE VOLUNTEERS ROLL UP THEIR SLEEVES (CNN, 23 August 2006) -- When it comes to volunteering, Caitrin Murphy finds satisfaction in spending 10 months helping Tijuana orphans or a Saturday building low-income homes outside Washington, D.C. But onsite projects aren’t always feasible, so Murphy instead turned to the Internet and, with two co-workers, remotely created a Web site for an organization that helps farmers in the West African country of Cameroon. “It’s an adequate alternative,” Murphy said. “I would prefer a hands-on, physical experience at the site. At the same time, ... by doing a project virtually we could affect the lives of people we would never think of meeting.” Online volunteering is growing as Internet access improves worldwide, particularly among African and Latin American organizations needing assistance. VolunteerMatch, a San Francisco group that helps volunteers learn about onsite and online projects, said 14 percent of its volunteer opportunities last year were virtual, compared with 1 percent in 1998. Instead of building homes, volunteers like Murphy can build Web sites. Or translate documents. Or prepare training manuals. Or mentor teens. All from a computer hundreds or thousands of miles away. http://www.cnn.com/2006/TECH/internet/08/23/online.volunteering.ap/index.html [Editor: the ABA’s Commission on Second Season of Service will be using a web portal/wiki/community site to match volunteers with needs. Second Season general information at http://www.abanet.org/initiatives/secondseason/about.shtml. Contact me to learn more.]

LAPTOP WITH DATA ON 28,000 HOME CARE PATIENTS STOLEN IN DETROIT (ComputerWorld, 23 August 2006) -- A laptop containing home care information on 28,000 patients has been stolen from the car of a nurse who works for Royal Oak, Mich.-based Beaumont Hospitals, according to a statement from the hospital. The laptop was in the nurse’s car, which was stolen in Detroit on Aug. 5 after the nurse had finished seeing patients. The vehicle was later recovered, but the laptop was missing. The computer contained personal and health information of Home Care patients who had received care over the previous three years, the hospital said. The Home Care staff uses laptops to document patient care; The data on the stolen laptop -- a Dell Latitude model -- includes patient names, addresses, birth dates, medical insurance information, Social Security numbers and personal health information relating to their home care services. The computer does not include information on services received at the Beaumont Hospitals or other Beaumont outpatient services, the hospital said. While Home Care laptops are encrypted and password protected, the nurse’s ID access code and password were with the stolen computer. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9002685

PERSPECTIVE: CONFIDENTIAL DATA REALLY IS AT RISK (CNET, 23 August 2006) -- We have long heard about how confidential data can be at risk. Now, a new U.S. survey by the Ponemon Institute drives home the point with hard data. An astonishing 81 percent of companies and governmental entities report having lost or misplaced one or more laptops containing confidential business information within the last 12 months. The survey, sponsored by data-protection specialist Vontu and aptly titled “Confidential Data at Risk,” concludes that a main reason for corporate data security breaches is that many companies simply don’t know where their sensitive or confidential business information resides. The survey goes on to summarize that “this lack of knowledge coupled with insufficient controls over data stores” poses “a serious threat to both business and governmental organizations.” The survey queried 484 information technology departments within U.S.-based corporate and governmental organizations. The answers to the survey questions paint a fairly bleak current picture. Only 10 percent of the respondents say their laptops had not been stolen. (Another 9 percent did not know.) The corporate and governmental respondents generally agreed that electronic storage devices contain sensitive or confidential information that is unprotected, with 60 percent stating this to be the case for PDAs and other mobile devices, 59 percent for laptops, 53 percent for USB flash drives, 36 percent for desktops, and 35 percent for shared-file servers. http://news.com.com/2010-1029_3-6108603.html

GOOGLE WRESTLES WITH BRAZIL’S REQUESTS FOR USER DATA ON AMERICAN SERVERS (Internet Week, 24 August 2006) -- A recent lawsuit filed by Brazilian prosecutors seeks information from Google Brazil about Orkut users for investigations involving hate crime, pornography, and child pornography. Earlier this week, Google filed a petition with Brazilian courts to appoint an independent expert to verify that information about users of Google’s social networking site Orkut resides on servers in the U.S. and not in Brazil. This is not to say that Google is refusing to cooperate, as the company did when the U.S. Department of Justice asked for user search data to resuscitate the controversial Child Online Protection Act. Rather Google wants Brazilian authorities to seek information through proper legal channels. “It is and always has been our intention to be as cooperative in the investigation and prosecution of crimes as we possibly can, while being careful to balance the interests of our users, our business and the request from the authorities,” Google said in a statement. “We have and will continue to provide Brazilian authorities with information on users who abuse the Orkut service, if their requests are reasonable and follow an appropriate legal process. In fact, we have already produced data in response to criminal court orders issued by Brazilian courts that are addressed to Google Inc. and served on its counsel in Brazil.” Since April, Google has supplied information to Brazilian authorities in response to at least 15 criminal court orders and has retained user data in more than 70 others, according to a Google spokesperson. Two weeks ago, Google said that since June, it had provided information 8 different investigations and had retained user data in 60 cases. Assuming this rate of legal inquiry continues throughout the year, Google has to be dealing with hundreds data requests annually in Brazil alone. http://news.yahoo.com/s/cmp/20060825/tc_cmp/192300052

-- and --

GOOGLE ORDERED TO PROVIDE BRAZIL INFO (Houston Chronicle, 31 August 2006) -- A judge on Thursday ordered the Brazilian subsidiary of Google Inc. to turn over information on users of the company’s social networking service Orkut or face daily fines of $23 million. Federal Judge Jose Marcos Lunardelli gave Google Brazil 15 days to release information needed to identify individuals accused of using Orkut to spread child pornography and engage in hate speech against blacks, Jews and homosexuals. Lunardelli [wrote] in his decision that “it is not relevant that the data are stored in the United States, since all the photographs and messages being investigated were published by Brazilians, through Internet connection in national territory.” http://www.chron.com/disp/story.mpl/ap/fn/4155909.html

U. OF CALIFORNIA WILL PROVIDE UP TO 3,000 BOOKS A DAY TO GOOGLE FOR SCANNING, CONTRACT STATES (Chronicle of Higher Education, 25 August 2006) -- A mere two months after the University of California begins its book-digitization project with Google, the university may provide the search company with a whopping 3,000 books a day for scanning. That nugget, and many others, can be found in a confidential contract that allowed California to join Harvard and Stanford Universities, the University of Michigan at Ann Arbor, and the University of Oxford, as well as the New York Public Library, in the search-engine company’s elaborate and controversial library-digitization effort. The contract was released in part as a response to an open-records request from The Chronicle. According to the document, the university will provide at least 2.5 million volumes to Google for scanning, starting with 600 books a day and ratcheting up over time to 3,000 volumes a day. Materials pulled for scanning will be back on the shelves of their libraries within 15 days. Both the university and Google will get digital copies of the scanned works, but there are some restrictions on how the university can use its copies. The university can offer the digital copy, whole or in parts, “as part of services offered to the university library patrons.” But the university must prevent users from downloading portions of the digital copies and stop automated scanning of the copies by, for example, other search engines. http://chronicle.com/free/2006/08/2006082501t.htm Contract at http://www.cdlib.org/news/ucgoogle_cooperative_agreement.pdf

-- and --

PUBLIC DOMAIN BOOKS, READY FOR YOUR IPOD (New York Times, 25 August 2006) -- Kara Shallenberg and her 10-year-old son, Henry, exhausted the audiobook collection at their library in Oceanside, Calif., five years ago. With Henry’s appetite for listening still strong, Ms. Shallenberg began to record herself reading his favorite books. Eventually she upgraded from a using a tape deck to burning CD’s on her laptop computer. Last fall she took her hobby to a wider audience. Kara Shallenberg and her son, Henry, who have joined the effort to record and distribute their book readings for LibriVo. xMs. Shallenberg’s recordings of “The Secret Garden,” “The Tale of Peter Rabbit” and other works are now available, free, to anyone with an Internet connection and basic audio software. She is part of a core group of volunteers who give their voices and spare time to LibriVox, a project that produces audiobooks of works in the public domain. LibriVox is the largest of several emerging collectives that offer free or inexpensive audiobooks of works whose copyrights have expired, from Plato to “The Wind in the Willows.” (In the United States, this generally means anything published or registered for copyright before 1923.) The results range from solo readings done by amateurs in makeshift home studios to high-quality recordings read by actors or professional voice talent. http://www.nytimes.com/2006/08/25/books/25audi.html?ex=1314158400&en=f2d510a47d9ff6fa&ei=5090&partner=rssuserland&emc=rss

-- and --

GOOGLE: THESE BOOKS ARE FREE (CNET, 30 August 2006) -- Google Book Search now offers PDF files of scanned books that can be downloaded and printed for free, Google announced on Wednesday. Readers can find the books by choosing the “Full view books” option on the Google Book Search home page before they activate their search. Once they have chosen a book from the results page, a download button is clearly visible on the top-right corner of the page. The PDFs are offered only for those books that fall into the public domain and are intended for personal use. “We use very conservative rules to comply with international copyright laws,” Google spokeswoman Megan Lamb said. A book’s availability depends on the country from which the user is accessing the site. Google blocks users from works that are not yet in the public domain for their country, Lamb said. A carefully worded note on usage from Google, included as the first page of each downloaded PDF file, explains what “public domain” means and how it can vary by country. Google also notes that users are responsible for following their own country’s copyright laws. “Make noncommercial use of the file. Refrain from automated querying. Maintain attribution. Keep it legal,” Google lists as usage guidelines. The bottom-right corner of every PDF book page contains a “Digitized by Google” watermark. [Editor: I downloaded a copy of “Great Expectations”.] http://news.com.com/Google+These+books+are+free/2100-1032_3-6110950.html?tag=nefd.top

AFRICAN LANGUAGES GROW AS A WIKIPEDIA PRESENCE (New York Times, 26 August 2006) -- At the second annual Wikimania conference, held this year at Harvard Law School, there was what might be considered a quintessential Wikipedian moment: as Martin Benjamin, a researcher at Yale University, gave a talk about the Swahili dictionary he is creating online, Ndesanjo Macha was simultaneously sitting in the audience using a Wi-Fi connection and laptop to put the finishing touches on his Wikipedia entry, “Martin Benjamin,” in Swahili. It was just the 1,025th article written for the Swahili version of Wikipedia (sw.wikipedia.org), the online, open-source encyclopedia founded five years ago by Jimmy Wales, and the fifth Mr. Macha had written that weekend in Cambridge, Mass. In founding Wikipedia, Mr. Wales has said, he aimed to create “a free encyclopedia for every person on the planet in their own language,” a goal he has defined as having 250,000 entries in every language spoken by more than a million people. But while larger Wikipedias, like those written in English (1,377,015 entries and counting) and French (348,243 entries), wrestle with questions of accuracy and vandalism, as well as the imposition of limits on who can create and edit entries, smaller Wikipedias face more basic questions: How do you create an online encyclopedia when few native speakers have access to the Internet? What use is an encyclopedia when literacy rates among a language’s speakers can approach zero? (This is not a problem for Swahili.) And who should control the content of an encyclopedia in a local language if not enough native speakers are moved, or able, to contribute? http://www.nytimes.com/2006/08/26/arts/26wiki.html?ex=1314244800&en=f100f432a921ef1d&ei=5090&partner=rssuserland&emc=rss

-- and --

INTERNET SEARCH GETS WEB 2.0 STYLE (CNET, 24 August 2006) -- In an acknowledgement that some questions may be better answered by a human than a search engine algorithm, Yahoo, Microsoft and others are embracing so-called social search. Social search generally refers to a Web site or service that relies on the participation of a community to come up with answers to specific questions or to provide links to Web sites or other resources of common interest. Don’t bet on social search usurping the algorithm, say experts. But it’s likely social-search answers will provide a strong second option to mathematical results. “Ultimately, it’s likely that a combination of algorithmic search and the various types of social-search systems will fuse into a hybrid that will work really well for satisfying a wide variety of information needs,” Search Engine Watch Executive Editor Chris Sherman concluded in a recent blog posting titled “What’s the Big Deal With Social Search?” No doubt, social search has its shortcomings. A site’s network of users has to be big enough and include people who are sufficiently competent to maintain quality. Also, skeptics say, companies have toyed with the idea of social search for years, and most efforts have been a disappointment. Advocates argue that people are now much more comfortable interacting on the Web. The say social search has its place, particularly in subjective arguments, like what’s the best place to eat a steak in downtown Chicago. And they say a new generation of Web 2.0 companies, whose business models revolve around information exchange, have gained acceptance, particularly among younger Web surfers, making social-search results more reliable. http://news.com.com/Internet+search+gets+Web+2.0+style/2100-1038_3-6108962.html?tag=nefd.lede

TEXAN FOILS BURGLARY IN BRITAIN VIA BEATLES WEBCAM (Reuters, 25 August 2006) -- An American helped foil a burglary in northern England whilst watching a Beatles-related webcam over the Internet, police said on Friday. The man from Dallas was using a live camera link to look at Mathew Street, an area of Liverpool synonymous with the Beatles and home to the Cavern Club where the band regularly played. He saw intruders apparently breaking into a sports store and alerted local police. http://news.yahoo.com/s/nm/20060825/wr_nm/britain_burglary_dc_2

WIKI SITE AIMS TO BOOST PATENT REVIEW PROCESS (CNET, 28 August 2006) -- The U.S. patent system is supposed to ensure that the latest wireless e-mail technique or crustless peanut-butter-and-jelly sandwich granted protection is truly one of a kind. But even the U.S. Patent and Trademark Office acknowledged recently that such judgments are no small feat. In a draft five-year strategic plan released last week, officials solidified their intention to develop a “peer review mechanism” that would enlist volunteers from the public to weigh in on applications and ease the burden on its own staff. Responding to that call for collaboration, a patent attorney and an accountant based in Salt Lake City on Monday launched WikiPatents.com. Sporting a star-based rating system reminiscent of those used for movie criticism, it’s designed in part to help patent examiners, attorneys, litigants, would-be investors, inventors and other interested outsiders decide whether already-issued patents deserve such a designation. Searching for a particular patent number returns a page that allows users to, among other things, rewrite a patent’s description in laypersons’ terms, rate the technical accuracy of a patent, vote on a reasonable royalty value, and divulge information about its availability for licensing. Eventually, such commentary will extend to pending patent applications as well. Each dedicated patent page also allows users to nominate and describe the pieces of prior art that they feel are most relevant to the patent in question. http://news.com.com/2100-1030_3-6110257.html

IN DELAWARE, PRIVACY FOR BIG PAYCHECKS (New York Times, 27 August 2006) -- Bankruptcy court is supposed to be a place where facts remain out in the open. But that seems to be changing in Delaware, one of the largest homes for corporate bankruptcy cases. The Werner Company, a maker of ladders, filed for Chapter 11 reorganization in June; its bankruptcy is being overseen by Judge Kevin J. Carey of United States bankruptcy court in Delaware. Earlier this month, Judge Carey agreed to seal documents detailing bonuses that will be paid to nine Werner executives. The move came after company lawyers argued that the pay disclosures “may create low morale and an unhealthy work environment” at Werner. The judge also shut out the public from the Aug. 17 hearing on the pay. Lynn M. LoPucki, a law professor at the University of California, Los Angeles, said, “The big picture here is compensation of public-company executives during a bankruptcy case being kept secret, which if you believe in open courts is not a good thing.” http://www.nytimes.com/2006/08/27/business/yourmoney/27suits.html?_r=1&adxnnl=1&oref=slogin&adxnnlx=1156684025-fe14+1d8OwJ+CZa9F2ynPg

BANK TO PAY $50 MILLION FOR BUYING PERSONAL DATA (Information Week, 29 August 2006) -- A bank has been ordered to pay a $50 million settlement for buying more than 650,000 names and addresses from the Florida Department of Highway Safety and Motor Vehicles. The Electronic Privacy Information Center, which filed an amicus brief in favor of the plaintiffs, announced the decision this week. EPIC said Fidelity Federal Bank & Trust bought 656,600 names and addresses for use in direct marketing and the purchase violated the Drivers Privacy Protection Act. The federal law was enacted in 1994, before a vast number of “find people” sites were popular on the Internet. It aims to protect drivers from having their personal information distributed because stalkers and other criminals had used motor vehicle records to locate victims. The death of actress Rebecca Schaeffer prompted a California law that became a model for the federal legislation. Schaeffer was killed outside her home in 1989 by an obsessed fan who had paid an investigator to find her address. Other crimes “ including a series of home robberies targeting people who drove expensive cars and harassment of women who had been to reproductive clinics “ motivated legislators to pass the federal law. From 2000 to 2003, Fidelity purchased data containing personal information of hundreds of thousands of drivers living in Palm Beach, as well as Martin and Broward counties for only $5,656, according to papers filed in Kehoe v. Fidelity Federal Bank and Trust. The bank sought the information for car loan solicitations, according to papers filed in the class-action lawsuit. In 2004, the U.S. District Court for the Southern District of Florida ruled that James Kehoe had to demonstrate actual damages before obtaining monetary compensation under the Drivers Privacy Protection Act. Kehoe appealed to the 11th Circuit Court of Appeals, which overturned that ruling. EPIC joined the suit and stated that the case represents a step in trying to address the collective threat that the data trade poses to privacy. “While Kehoe involves just a single bank using data for marketing, thousands of other businesses are trading in your personal information, resulting in a society that is losing autonomy and control over personal data,” the organization stated on its Web site. Marc Rotenberg, executive director of EPIC, said during an interview Tuesday that the organization joined the suit to push for damage awards when privacy laws are violated. He said that is critical to ensuring the laws are effective. http://www.informationweek.com/news/showArticle.jhtml?articleID=192500171

MAN POSTS BAIL IN HEZBOLLAH TV CASE (New York Times, 29 August 2006) -- A Staten Island man charged with trying to transmit broadcasts from an Arabic television station controlled by Hezbollah was released on bail yesterday, the law firm representing him said. On Thursday, Mr. Iqbal was charged with one count of conspiring to violate the International Emergency Economic Powers Act, a federal law that allows the president to regulate commercial and financial transactions in response to a threat to national security or foreign policy. The government said Mr. Iqbal sought to provide customers services that included satellite broadcasts of the television station, Al Manar. That is a violation of federal law, since the station — which is controlled by the Lebanese group Hezbollah — was designated a global terrorist entity by the United States Treasury Department in March. In May, Mr. Iqbal went to Lebanon and other destinations and was interviewed upon his return to the United States, according to a search warrant affidavit filed in the case. Mr. Iqbal said the purpose of his trip was “to meet media companies in Lebanon and Qatar in order to solicit business to broadcast their transmission to Arab communities in the United States,” the affidavit said. Mr. Iqbal said that he met with representatives of the Arabic television network in Beirut but was unsuccessful in conducting any business deals there, the affidavit said.

NYT MOVE TO BLOCK WEB TO BRITONS RAISES QUESTIONS (Reuters, 30 August 2006) -- A New York Times decision to block British online readers from seeing a story about London terrorism suspects raises new questions on restricting the flow of information in the Internet age, legal and media experts say. The New York Times said on Tuesday it had blocked British Internet readers from seeing a story detailing elements of the investigation into a suspected plot to blow up airliners between Britain and the United States. The story was published in Monday’s paper. Under British laws, courts will punish media organizations that publish material that judges feel may influence jurors and prevent suspects receiving a fair trial. “There has not been a prosecution for contempt over anybody publishing outside this jurisdiction (Britain), but logically there is no reason why there should not be,” said Caroline Kean, partner at UK media law firm Wiggin. While restricting what British media can report has been effective in the past, the Internet has made it far harder to stop information published by foreign outlets, which may breach Britain’s laws, from being seen by UK readers. “On advice of legal counsel, this article is unavailable to readers of nytimes.com in Britain. This arises from the requirement in British law that prohibits publication of prejudicial information about the defendants prior to trial,” the notice said. http://news.yahoo.com/s/nm/20060830/wr_nm/media_nytimes_dc_2

BEWARE, YOUR CELL PHONE COULD BETRAY YOU (Houston Chronicle, 30 August 2006) -- The married man’s girlfriend sent a text message to his cell phone: His wife was getting suspicious. Perhaps they should cool it for a few days. “So,” she wrote, “I’ll talk to u next week.” Later, the married man bought a new phone. He sold his old one on eBay, at Internet auction, for $290. The guys who bought it now know his secret. The married man had followed the directions in his phone’s manual to erase all his information, including lurid exchanges with his lover. But it wasn’t enough. Selling your old phone once you upgrade to a fancier model can be like handing over your diaries. All sorts of sensitive information pile up inside our cell phones, and deleting it may be more difficult than you think. A popular practice among sellers, resetting the phone, often means sensitive information appears to have been erased. But it can be resurrected using specialized yet inexpensive software found on the Internet. A company, Trust Digital of McLean, Va., bought 10 different phones on eBay this summer to test phone-security tools it sells for businesses. The phones all were fairly sophisticated models capable of working with corporate e-mail systems. Curious software experts at Trust Digital resurrected information on nearly all the used phones, including the racy exchanges between guarded lovers. The other phones contained: —One company’s plans to win a multimillion-dollar federal transportation contract. —E-mails about another firm’s $50,000 payment for a software license. —Bank accounts and passwords. —Details of prescriptions and receipts for one worker’s utility payments. The recovered information was equal to 27,000 pages — a stack of printouts 8 feet high. “We found just a mountain of personal and corporate data,” said Nick Magliato, Trust Digital’s chief executive. Many of the phones were owned personally by the sellers but crammed with sensitive corporate information, underscoring the blurring of work and home. “They don’t come with a warning label that says, ‘Be careful.’ The data on these phones is very important,” Magliato said. One phone surrendered the secrets of a chief executive at a small technology company in Silicon Valley. It included details of a pending deal with Adobe Systems Inc., and e-mail proposals from a potential Japanese partner. All the phones stored information on “flash” memory chips, the same technology found in digital cameras and some music players. Flash memory is inexpensive and durable. But it is slow to erase information in ways that make it impossible to recover. So manufacturers compensate with methods that erase data less completely but don’t make a phone seem sluggish. Phone manufacturers usually provide instructions for safely deleting a customer’s information, but it’s not always convenient or easy to find. Research in Motion Ltd. has built into newer Blackberry phones an easy-to-use wipe program. Palm Inc., which makes the popular Treo phones, puts directions deep within its Web site for what it calls a “zero out reset.” It involves holding down three buttons simultaneously while pressing a fourth tiny button on the back of the phone. But it’s so awkward to do that even Palm says it may take two people. A Palm executive, Joe Fabris, said the company made the process deliberately clumsy because it doesn’t want customers accidentally erasing their information. http://www.chron.com/disp/story.mpl/front/4151275.html

HARVARD OFFERS VIRTUAL CLASS IN SECOND LIFE (Edupage, 30 August 2006) -- This fall, Harvard Law School professor Charles Nesson will coteach a course on argument with his daughter, Harvard Extension School instructor Rebecca Nesson, that will take place in the Second Life virtual world. In Second Life, users create avatars that they control, using them to move around the virtual environment and interact with others and with the virtual physical space. A number of other colleges and universities have used Second Life as a component of certain courses. For this new course at Harvard, Nesson and Nesson will teach students--entirely through the virtual environment--how to use blogs, wikis, podcasts, and other electronic tools to make effective arguments. The class, which is open to the public through Harvard’s extension school, will take place in an online replica of the university’s Ames Courtroom. Rebecca Nesson will hold office hours in Second Life; Charles Nesson’s office hours will be in his actual office. Chronicle of Higher Education, 30 August 2006 (sub. req’d) http://chronicle.com/daily/2006/08/2006083001t.htm Course information at http://blogs.law.harvard.edu/cyberone/

NIST RELEASES GUIDELINES FOR SANITIZING FILES (FCW, 30 August 2006) -- The National Institute of Standards and Technology has released a new publication that provides guidance on disposing of files. Special Publication 800-88, “Guidelines for Media Sanitization,” gives agencies assistance to ensure that deleted or disposed files are unrecoverable. http://www.fcw.com/article95849-08-30-06-Web&RSS=yes NIST publication at http://csrc.nist.gov/publications/nistpubs/800-88/SP800-88_Aug2006.pdf

TEXAS ATTORNEYS CAN PARTICIPATE IN ONLINE LEGAL MATCHING SERVICE (National Law Journal, 31 August 2006) -- Lawyers can pay a fee to participate in an online service that matches subscribing lawyers with potential clients, as long as the service exercises no discretion in those match ups, the Professional Ethics Committee for the State Bar of Texas has determined. Opinion 573, issued in July, revisits an issue that the 11-member committee considered a year ago. In August 2005, the committee indicated in Opinion 561 that Texas lawyers cannot participate in a privately sponsored Internet site that obtains information about potential clients’ legal problems and forwards the information to one or more lawyers who subscribe to the service. The committee concluded in 2005 that participating in such a legal matching service would violate the anti-solicitation provisions of Texas Disciplinary Rules of Professional Conduct 7.03(b) and 7.04. But Peter Kennedy, attorney for San Francisco-based LegalMatch Inc., which asked the committee in December 2005 to take another look at the issue, says committee members did not do an about-face. “They distinguished their earlier opinion on a key fact, that the service doesn’t use discretion in forwarding information to attorneys,” says Kennedy, a shareholder in Austin’s Graves, Dougherty, Hearon & Moody. “Rather than some human being saying this kind of case sounds right for this kind of lawyer, the software behind the Web site does the matching.” http://www.law.com/jsp/nlj/PubArticleNLJ.jsp?id=1156943795457

IS EMPLOYEE ACCESS TO A COMPANY COMPUTER A LICENSE TO STEAL?
(Steptoe & Johnson’s E-Commerce Law Week, 31 August 2006) -- If an employee walks off with sensitive company data downloaded from the corporate network, can the company sue him under the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030? So far, the courts are split. Several district courts and the Seventh Circuit (International Airport Centers, L.L.C. v. Citrin, 440 F.3d 418, 420-21 (7th Cir. 2006)) have ruled that such employees have exceeded their authorized access to the company computers and thus can be held liable under the CFAA. But earlier this month, a district court in Florida reached the opposite conclusion. In Lockheed Martin Corp. v. Speed, the court ruled that employees who used their access to corporate computers to download trade secrets and then share them with the company’s competitors cannot be said to have accessed this proprietary information “without authorization” or in excess of their authorization for purposes of the CFAA. The court also found that an employee’s subsequent misuse of corporate data has no bearing on whether the employee’s access was authorized. Given the continuing uncertainty over the meaning of “authorization,” companies may want to protect themselves by setting clearer limits on employees’ use of company computers. http://www.steptoe.com/publications-3531.html

EDUCATION DEPT. SHARED STUDENT DATA WITH F.B.I. (New York Times, 1 Sept 2006) -- The Federal Education Department shared personal information on hundreds of student loan applicants with the Federal Bureau of Investigation across a five-year period that began after the Sept. 11 terror attacks, the agencies said yesterday. Under the program, called Project Strikeback, the Education Department received names from the F.B.I. and checked them against its student aid database, forwarding information. Each year, the Education Department collects information from 14 million applications for federal student aid. Neither agency would say whether any investigations resulted. The agencies said the program had been closed. The effort was reported yesterday by a graduate student, Laura McGann, at the Medill School of Journalism at Northwestern University, as part of a reporting project that focused on national security and civil liberties. In a statement, Mary Mitchelson, counsel to the inspector general of the Education Department, said, “Using names provided by the bureau, we examined the Department of Education’s student financial aid databases to determine if the individuals received or applied for federal student financial assistance.” Information collected on federal financial aid applications includes names, addresses, Social Security numbers, incomes and, for some students, information on parents’ incomes and educational backgrounds. Generally, only United States citizens and permanent residents are eligible to apply for federal student financial aid. Ms. McGann, the journalism student who reported on the program, said she saw data sharing mentioned, but not described, in a report by the Government Accountability Office that she reviewed in the spring as part of a research project after a seminar on investigative reporting. “I thought that was pretty unexpected for the Department of Education,” said Ms. McGann, 24, who graduated this year from Medill. “So I decided I would try to look into that a little more.” She said she found another mention of the program in a report from the inspector general’s office in the department. In June, Ms. McGann went directly to the Education Department. “Eventually, I did an on-camera interview with a deputy inspector general there who did comment on the program,” she said. “After that,” Ms. McGann added, “I decided I should file a Freedom of Information Act request.” Last month, she received documents in response to her request that were heavily redacted, she said. Among them were Education Department memorandums describing F.B.I. requests for information on specific people whose names were blocked out and an internal memorandum dated June 16, 10 days after her interview, stating that the data sharing program had terminated. The name of the author of that memorandum was also redacted, she added. “I learned that getting information from a federal agency you need to be persistent,” Ms. McGann said. “And I learned that public documents are really a wealth of stories.” She said she had accepted a position at Dow Jones Newswires in Washington. http://www.nytimes.com/2006/09/01/washington/01educ.html?ex=1314763200&en=89bfd87864b33173&ei=5090&partner=rssuserland&emc=rss

INTIMATE CONFESSIONS POUR OUT ON CHURCH’S WEB SITE (New York Times, 1 Sept 2006) -- On a Web site called mysecret.tv, there is the writer who was molested years ago by her baby sitter and who still cannot forgive herself for failing to protect her younger siblings from the same abuse. There is the happy father, businessman and churchgoer who is having a sexual relationship with another man in his church. There is the young woman who shot an abusive boyfriend when she was high on methamphetamine. About a month ago, LifeChurch, an evangelical network with nine locations and based in Edmond, Okla., set up mysecret.tv as a forum for people to confess anonymously on the Internet. The LifeChurch founder, the Rev. Craig Groeschel, said that after 16 years in the ministry he knew that the smiles and eager handshakes that greeted him each week often masked a lot of pain. But the accounts of anguish and guilt that have poured into mysecret.tv have stunned him, Mr. Groeschel said, and affirmed his belief in the need for confession. “We confess to God for forgiveness but to each other for healing,” Mr. Groeschel said. “Secrets isolate you, and keep you away from God, from those people closest to you.” mysecret.tv represents the first time the church has had an interactive Web site tied to its sermons, in this case a series that Mr. Groeschel began last month on the need for confession. The Internet already offers many places to confess, from the dry menu of sins at www.absolution-online.com to the raunchy exhibitionism at sites like www.confessionjunkie.com and www.grouphug.us. It is impossible to know whether these stories, like much on the Internet, are sincere or pure fiction. One of the best-known sites is postsecret.blogspot.com, an extension of an art project in which people write their secrets on postcards and mail them to an address in Germantown, Md. Mysecret.tv may be singular because it gives people at LifeChurch an easy opportunity to act on the sermons, said Scott L. Thumma, professor of the sociology of religion at the Hartford Institute for Religion Research. http://www.nytimes.com/2006/09/01/us/01confession.html?ex=1314763200&en=43e8edc62ec43d46&ei=5090&partner=rssuserland&emc=rss

MYSPACE MOVES INTO DIGITAL MUSIC BUSINESS (Reuters, 2 Sept 2006) -- MySpace, the wildly popular online teen hangout, said on Friday it will make its first move into the digital music business by selling songs from nearly 3 million unsigned bands. MySpace is the latest company to try to take on Apple Computer Inc.’s iTunes Music Store, but unlike many other start-up rivals, it already boasts 106 million users, as well as the backing of parent company News Corp. “The goal is to be one of the biggest digital music stores out there,” MySpace co-founder Chris DeWolfe told Reuters. “Everyone we’ve spoken to definitely wants an alternative to iTunes and the iPod. MySpace could be that alternative.” In the past year, MySpace.com has become the single most visited Internet address among U.S. Web users, according to Hitwise, with mainly teenagers and young adults using the site to socialize, share music and photographs. Before the end of 2006, De Wolfe said MySpace will offer independent bands that have not signed with a record label a chance to sell their music on the site. MySpace says it has nearly 3 million bands showcasing their music. Songs can be sold on the bands’ MySpace pages and on fan pages, in non-copyright-protected MP3 digital file format, which works on most digital players including Apple’s market-dominating iPod. http://news.yahoo.com/s/nm/20060902/wr_nm/myspace_dc_1

HELP DESK HELL (New York Times, 2 Sept 2006) -- Half of corporate information technology managers in Britain have so much contempt for their users that they deliberately sabotage them, according to SkillSoft, an online training firm. Those systems managers admitted to being “unhelpful and/or obstructive” to their users, according to a study commissioned by SkillSoft (pcauthority.com). Not surprisingly, the same share — 50 percent — of I.T. managers are actively looking for other jobs. http://www.nytimes.com/2006/09/02/business/02online.html?ex=1314849600&en=1da73ee0c06c1f35&ei=5090&partner=rssuserland&emc=rss

NEW WEB SITES SEEKING PROFIT IN WIKI MODEL (New York Times, 4 Sept 2006) -- Every day, millions of people find answers on Wikipedia to questions both trivial and serious. Jack Herrick found his business model there. In 2004, Mr. Herrick acquired the how-to guide eHow.com, which featured articles written by paid freelance writers. Although the business made a profit, he realized that the revenue brought in by selling advertising would not support the extensive site he had in mind. “If the page were about how to get a mortgage, it would work,” he said. “But the idea was to be the how-to guide to everything.” So in January 2005 he started wikiHow, a how-to guide built on the same open-source software as Wikipedia, which lets anyone write and edit entries in a collaborative system. To his surprise he found that many of the entries generated by Internet users — free — were more informative than those written by freelancers. “Wikipedia proved you could get there with another method,” Mr. Herrick said. Several months ago he sold eHow to focus on the new site, which now has 10,000 entries in English, Spanish and German. Mr. Herrick is hardly the only entrepreneur inspired by the efficiency and low cost of what has become known as the wiki model. Although Wikipedia is operated by a nonprofit foundation, ideas for advertising-based wiki sites are beginning to take their place alongside blogs and social networking sites as a staple of Silicon Valley business plans. In addition to Wikia, a site devoted to topics judged too esoteric for the online encyclopedia, there is ShopWiki, for product reviews, and Wikitravel, for tourism advice. Several start-ups allow users to operate their own wiki sites. http://www.nytimes.com/2006/09/04/technology/04wiki.html?ex=1315022400&en=e8bcc22f01ba8c4c&ei=5090&partner=rssuserland&emc=rss [Editor: This month’s Atlantic Magazine has a terrific article about the evolution and operation of wikipedia.org – article at http://www.theatlantic.com/doc/200609/wikipedia.]

GOOGLE TO OFFER PRINT-ARCHIVES SEARCHES (New York Times, 6 Sept 2006) -- Google plans to announce on Wednesday that it is offering a service that will permit Internet users to search through the archives of newspapers, magazines and other publications and uncover material that in some cases dates back more than 200 years. The new feature, to be named Google News Archive Search, will direct Google searchers to both paid and free digital content on publishers’ Web sites, but will not directly generate revenue for Google. Google would not state how many publishers were taking part in the new service, for which Google has independently indexed material from online databases and will display the results both as part of standard searches and through a new archive search page (news.google.com/archivesearch). However, it announced a number of partners including The Wall Street Journal, The New York Times, The Washington Post, Time, Guardian Unlimited, Factiva, Lexis-Nexis, HighBeam Research and Thomson Gale. In contrast to Google’s book scanning project, which has led to legal skirmishes with some publishers over copyright issues, some of the partners involved with the new service said they had been pressing Google to offer access to their archives for several years. The databases included in the service are part of what some have called the “dark Web” because they cannot be “spidered,” or indexed, by standard search engines and so have not been accessible through them. “We have been asking Google and other search engines to please spider our content for some time,” said Patrick Spain, chief executive of HighBeam Research, a digital content library based in Chicago. Some of HighBeam’s 3,300 publications and 40 million documents will be available free, while in other cases users will see just the headline and the first 600 characters of a document. To see the whole thing, users must be subscribers to the firm’s service, which costs either $20 a month or a $100 annual fee. “This symbolizes a major moment,” said Allen Weiner, a research director at Gartner, a market research firm. Google has reached an accommodation with the content companies that will benefit both sides, he said. In a number of cases the entire archive of publications like Time and The Washington Post will be reachable via a Google search. Time’s entire database is already freely available and supported by advertising. The magazine made its archive, consisting of 4,300 issues and 300,000 articles dating back to 1923, available free through www.time.com last month. With some publications, including The New York Times and The Washington Post, searchers will be sent to Web sites where they will be able to buy individual articles. http://www.nytimes.com/2006/09/06/business/media/06google.html?ex=1315195200&en=1acad04a9a69837e&ei=5090&partner=rssuserland&emc=rss

HP SPIED ON OWN DIRECTORS (Wired, 6 Sept 2006) -- Hewlett-Packard admitted in a securities filing Wednesday that it used a technique known as “pretexting” to obtain private phone records of its own company directors, but added that an internal review concluded the tactic “was not generally unlawful” at the time of the investigation. The company sought the records to determine who had leaked information to the press. The filing revealed George Keyworth as the source of the media leak and announced that Keyworth will not be re-nominated to the board. In addition, HP said that it has been contacted “informally” by the California attorney general in regard to the matter. The filing disclosed the details of the resignation in May of board member Tom Perkins, one of the founders of Silicon Valley venture capital giant Kleiner Perkins Caufield, who left the company over a dispute about how it handled the leak investigation. As previously reported by Wired News, Perkins resigned after learning that HP consultants posed as Perkins and other board members to obtain their confidential telecommunications records from phone companies – a practice known as pretexting. The investigation was intended to uncover the source of a CNET News.com article published in January describing a confidential planning session among board members that took place over several days at a California resort spa. Pretexting is common among private investigators, but it has only recently sparked a backlash and a string of lawsuits. Privacy advocates testified before Congress in February about the problem, and AT&T last month filed suit against 25 data brokers alleging they had engaged in pretexting their customers to gain access to account information. Although HP said it believes it did not break the law, the filing did not conclusively confirm its third party investigators followed the law in all aspects of their work. According to the filing, after Perkins complained about the manner of its investigation, the company consulted with an outside counsel who told officials “the use of pretexting at the time of the investigation was not generally unlawful (except with respect to financial institutions), but such counsel could not confirm that the techniques employed by the outside consulting firm and the party retained by that firm complied in all respects with applicable law.” http://www.wired.com/news/technology/security/0,71730-0.html?tw=rss.index

-- and --

HEWLETT-PACKARD SPIED ON WRITERS IN LEAKS (New York Times, 8 Sept 2006) -- The California attorney general’s investigation into the purloining of private phone records by agents of Hewlett-Packard has revealed that the monitoring effort began earlier than previously indicated and included journalists as targets. The targets included nine journalists who have covered Hewlett-Packard, including one from The New York Times, the company said. The company said this week that its board had hired private investigators to identify directors leaking information to the press and that those investigators had posed as board members — a technique known as pretexting — to gain access to their personal phone records. In an interview Thursday about the state’s criminal investigation of the Hewlett-Packard matter, Attorney General Bill Lockyer said, “A crime was committed.” But he added: “It is unclear how strong the case is. Who is charged and for what is still an open question.” Mr. Lockyer said search warrants would be issued to obtain the records of Internet service providers in an attempt to trace the identities of the imposters. He said Hewlett-Packard was cooperating with the investigation into what he said was the first California case of a major corporation using such methods to obtain phone records. An investigator with direct knowledge of the state’s inquiry characterized the list of targets as “extensive,” though that person would not elaborate. It could contain people other than journalists or directors. Travis Dodd, general attorney with AT&T Services in San Antonio, who is working with the California prosecutors, said the records of John Markoff, a reporter for The Times in San Francisco, were a “target of the pretexting” in 2005. http://www.nytimes.com/2006/09/08/technology/08hp.html?ex=1315368000&en=9a0c6a279635c06b&ei=5090&partner=rssuserland&emc=rss [Editor: Whether crime or no, lawyers involved might also examine Formal Opinion 06-439 of the ABA’s Standing Committee on Ethics and Professional Responsibility, which interprets Model Rule 4.1-Truthfulness in Statements to Others. There’s a fine line here, and lawyers ought err on the side of truthfulness. Actually, shouldn’t everybody? Formal Opinion at http://tinyurl.com/jfnke]

FACEBOOK FEATURE DRAWS PRIVACY CONCERNS (SiliconValley.com, 7 Sept 2006) -- The operators of the online hangout Facebook wanted to help users save time by highlighting changes their friends make to their personal profile pages. Instead, the new feature has drawn complaints from thousands of its users and even threats of a boycott. The backlash is over Facebook’s decision this week to deliver automated, customized alerts known as News Feeds about a user’s closest friends, classmates and colleagues. Users who log on might instantly find out that someone they know has joined a new social group, posted more photos or begun dating their best friend. A protest group created on the site, Students against Facebook News Feeds, had more than 600,000 members by Thursday, and more than 80,000 people had electronically endorsed a petition against the feature. A Web journal has even been set up calling for users to boycott the site on Tuesday, a week after the feature’s debut. Facebook has long prided itself on privacy. A user’s profile details, including contact information, relationship status and hobbies, are generally hidden from others unless they are already part of that user’s network of friends or institution, such as a college. In addition, users have the option of hiding specific details from certain users, even ones already designated as friends - choosing, for instance, to show photos to college buddies but not to co-workers. All of the information [newly] presented had been available before, but a person had to visit a friend’s profile page and make note of any changes - for example, noticing that the friend now has 103 friends instead of 102, and identifying which one got added. [Facebook CEO] Zuckerberg said people “can literally spend 10 to 20 minutes going through all the information in individual profiles.” The new feature, he said, was meant to “surface the most interesting changes” made by a user’s closest friends. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/15462497.htm

SOURCES:
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu.
2. Edupage, http://www.educause.edu/pub/edupage/edupage.html.
3. SANS Newsbites, sans@sans.org.
4. NewsScan and Innovation, http://www.newsscan.com.
5. Internet Law & Policy Forum, http://www.ilpf.org.
6. BNA’s Internet Law News, http://ecommercecenter.bna.com.
7. Crypto-Gram, http://www.schneier.com/crypto-gram.html.
8. McGuire Wood’s Technology & Business Articles of Note, http://www.ggtech.com
9. Steptoe & Johnson’s E-Commerce Law Week, www.steptoe.com
10. Readers’ submissions, and the editor’s discoveries.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.