MIRLN (Misc. IT Related Legal News) is a free product of Dickinson Wright PLLC (www.dickinsonwright.com) and the American Bar Association’s Cyberspace Law Committee. Please feel free to distribute this message. Dickinson Wright’s IT & Security Law practice group is described here: http://tinyurl.com/joo5y
Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at http://www.abanet.org/dch/committee.cfm?com=CL320000 (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.
Recent MIRLN editions are archived at www.vip-law.com and blogged at http://mirln.blogspot.com/.
**************End of Introductory Note***************
**** CONFERENCES ****
EMERGING TRENDS IN INFORMATION SECURITY AND THE LAW: “PLAUSIBLE DENIABILITY IS DEAD”, November 9-10, 2006, in Washington, D.C., by Georgetown University Law Center and the Information Systems Security Association. CEOs, CIOs, CISOs and legal professionals need to understand the developments in regulations and statutes that have led to convergence of issues between information security and in-house and outside counsel. Business planning must consider the business drivers of the legal and security factors to be successful. This two-day conference is designed for CxOs and legal counsel together with a combination of panels, presentations and interactive sessions to highlight key success strategies for the transparency required for business integrity, security and compliance. For more information or to register, please visit https://www.law.georgetown.edu/cle/showEventDetail.cfm?ID=145 or call (202) 662-9890.
**** NEWS ****
U.S. LEADERSHIP ON CYBERSECURITY ‘AWOL’ (SD Times, 1 Sept 2006) -- How secure is cyberspace? Not very—if the U.S. Department of Homeland Security’s lack of attention to the issue is any indication. The position of DHS cybersecurity chief has been vacant for nearly two years. And while sources concerned with cybersecurity issues said the DHS is close to naming an acting assistant secretary for cybersecurity and telecommunications, the appointment is likely to be seen as little more than a stopgap measure. “We are operating without a cyberspace czar,” said Ron Moritz, chief security officer for Islandia, N.Y.-based software company CA. Paul Kurtz, executive director of the Arlington, Va.-based advocacy group Cyber Security Industry Alliance, said DHS has not taken adequate measures to address cybersecurity concerns. “Cybersecurity is [apparently] not an issue for DHS,” he said in a phone interview with SD Times. “[The cybersecurity division] is running in place.” He echoed that message in a July 13 news conference on Capitol Hill, where he joined Patrick Leahy of Vermont and other Senate Democrats in calling for stronger cybersupport leadership from DHS. “The U.S. government leadership on cybersecurity is AWOL,” Kurtz said in his public remarks. In September 2003, following the launch earlier that year of President George W. Bush’s National Strategy to Secure Cyberspace initiative, DHS tapped Symantec executive Amit Yoran to head its cybersecurity division. But Yoran resigned from his position after only a year, departing just before original DHS head Tom Ridge stepped down in late 2004. In a phone interview with SD Times, Yoran declined to say why he left DHS. But a report published in the Washington Post on Oct. 2, 2004, noted that Yoran had been disappointed that he was not given as much authority as he was promised to attack the problem. Yoran told SD Times that under his tenure, the cybersecurity division made some significant strides, such as getting the FBI, IRS and State Department to share with DHS ongoing data about cyberincidents. While many such efforts have had no immediate impact, “there is great long-term potential,” he said. Chief among the cyberincidents gaining attention are those that put consumer data, such as credit-card numbers, at risk. “It is becoming an all-too familiar story in the lives of Americans: the escalating reports of the unauthorized disclosure or theft of sensitive, personal information,” said Leahy in the July 13 news conference, referring to well-publicized incidents in both the private and public sectors. While DHS “works steadfastly to find a nominee for the assistant secretary for cybersecurity position,” it has begun to take measures to address data security issues. For instance, the National Cyber Security Division of DHS sponsors “Build Security In,” a Web portal (www.buildsecurityin.us-cert.gov) launched in October 2005 that provides guidance to the software developer community. In the near future, DHS will sponsor publications such as the Software Assurance Common Body of Knowledge and Security in the Software Lifecycle, the official said. http://www.sdtimes.com/article/story-20060901-01.html
-- and --
AFTER YEAR’S DELAY, WHITE HOUSE SELECTS CYBERSECURITY CHIEF (SiliconValley.com, 18 Sept 2006) -- The Homeland Security Department picked an industry information security specialist Monday as its cybersecurity chief, filling a job that has had no permanent director for a year. Greg Garcia was appointed assistant secretary for cybersecurity and telecommunications, Homeland Security Secretary Michael Chertoff said. The cybersecurity job was created in July 2005, but department officials have struggled to find candidates willing to take significant pay cuts from industry jobs to fill it. Part of Garcia’s job will be to oversee the department’s National Cyber Security Division. For the last two years, that office has been run by Donald ``Andy” Purdy Jr., who is a two-year contract employee on loan from Carnegie Mellon University in Pittsburgh. Carnegie Mellon has received $19 million in contracts from Homeland Security’s cybersecurity office under Purdy’s management. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/15549934.htm
XANGA FINED $1 MILLION UNDER CHILD PRIVACY ACT (CNET, 8 Sept 2006) -- Xanga.com, a social-networking and blog site, has been ordered to pay $1 million in a settlement with the Federal Trade Commission for violating the Children’s Online Privacy Protection Act. The FTC said in a statement Thursday that Xanga, which has been in operation since 1999, had been letting people create accounts even if the dates of birth they entered indicated that they were under the age of 13. The terms of the child privacy act, enacted in 1998, stipulate that parental notification and consent are required for a commercial Web site, including a social-networking service, to collect personal information from children under the age of 13. In addition, the FTC alleged that Xanga’s policies regarding children were not sufficiently clear on its site and that parents were not provided a means to access and control their children’s information. It is estimated that over the past five years, a total of 1.7 million Xanga accounts had been registered with a birth date that implied the person was under 13. Overall, privately held Xanga has 25 million registered users. The $1 million penalty is the largest fine ever imposed for a violation under the child privacy act, the FTC said. http://news.com.com/2100-1030_3-6113626.html
ACCESSIBILITY LAWSUIT AGAINST TARGET CAN PROCEED (ComputerWorld, 8 Sept 2006) -- A federal judge in San Francisco ruled Wednesday that a lawsuit filed against Minneapolis-based Target Corp. by the National Federation of the Blind (NFB) regarding the accessibility of the retailer’s Web site can move forward. According to the NFB, the ruling sets a precedent establishing that retailers must make their Web sites accessible to the blind under the Americans with Disabilities Act (ADA). “This ruling is a great victory for blind people throughout the country,” said NFB President Marc Maurer. “We are pleased that the court recognized that the blind are entitled to equal access to retail Web sites.” When asked if the NFB would file lawsuits against other online retailers and sites, spokesman John Pare said, “You probably could imagine that we would.” http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9003129
COPS RAID USENET PROVIDER OVER PORN (CNET, 8 Sept 2006) -- Voicenet Communications and subsidiary Omni Telecom were raided in January 2004 as part of an Bucks County, Pa., investigation into child pornography. During the raid, servers and other computer hardware were, according to the companies, “illegally seized” and business operations were substantially impaired. The servers included data distributed through Usenet, a sprawling and decentralized collection of discussion groups called newsgroups. Discussion topics include everything from soc.history to rec.aviation, sci.nanotech, and alt.sex.exhibitionism. Some newsgroups feature sexual discussions and a few include erotic photographs and videos. Because the volume of daily Usenet posts is far too vast for any human to read, ISPs are almost never aware of the contents of individual messages. Voicenet and Omni Telecom claim that the raid went too far--akin to the police raiding a phone company and hauling away its switches and networks as part of an investigation into prank phone calls. Their civil rights lawsuit claimed violations of federal law, state law, and--because their customers were precluded from continuing in discussions--the First Amendment. The raid was closely watched by other Internet and Usenet providers at the time, because of the nature of Usenet: A post by any user is automatically distributed to thousands of servers at corporations, ISPs, and universities. That means, in other words, if one Usenet provider is liable for illegal content on its servers that it doesn’t even know exists, any provider could be potentially liable as well. In her order last week, U.S. District Judge Mary McLaughlin permitted the case to go forward but with some caveats. She sided with Voicenet on some points and the Bucks County district attorney on OTHERS. HTTP://NEWS.COM.COM/POLICE+BLOTTER+COPS+RAID+USENET+PROVIDER+OVER+PORN/2100-1030_3-6113862.HTML?TAG=NEFD.TOP [Editor: An important issue. ISPs and corporations alike mirror usenet content, which contains a little bit of everything, including some material that may be strictly forbidden.]
CREDIT CARD COMPANIES TEAM UP FOR SECURITY (CNET, 8 Sept 2006) -- The five major credit card companies have teamed up in the interest of better security. American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International announced Thursday the creation of an organisation to develop and maintain security standards for credit and debit card payments. It’s the first time the five brands have agreed on a single, common framework. The newly formed Payment Card International (PCI) Security Standards Council will manage the PCI Data Security Standard, first established in January 2005 with the intention of making its implementation more efficient for all parties involved in a payment card transaction. That includes merchants, payment processors, point-of-sale vendors, financial institutions and more than a billion card holders worldwide. Having a single data security standard is a critical issue for the entire industry and will simplify the process, said Brian Buckley, Visa’s senior vice president of international risk management. Having the common accepted set of rules should foster broader compliance, said Bruce Rutherford, MasterCard’s vice president of payments. Those rules include instructions on proper data encryption, common technical standards and security audit procedures. The first action of the new council was to update the PCI security standard, which was promised in May. The revision gives instructions for how to implement the new standards and clarifies language that was previously considered vague. For example, terms such as “periodically” and “regularly” were swapped for definite deadlines like “annually” or “quarterly” where appropriate. A statement released by the newly formed council said the revisions were the result of feedback from vendors, merchants and payment processors. http://www.zdnet.co.uk/print/?TYPE=story&AT=39282935-39020645t-10000019c [PCI Council’s webpage at https://www.pcisecuritystandards.org/about/organization.htm]
S. 2453: BLANK CHECKS, FALSE BALANCES (Steptoe & Johnson’s E-Commerce Law Week, 9 Sept 2006) -- When Senator Arlen Specter (R-PA) introduced S. 2453, the “National Security Surveillance Act,” he described it as a “middle ground” that would provide meaningful congressional and judicial oversight over electronic surveillance while providing the President “with the flexibility and secrecy he needs to track terrorists.” Specter defended his bill as a hard-won compromise, by which the Administration would agree to subject the National Security Agency’s warrantless wiretapping program to judicial review in exchange for a “recognition” of the President’s inherent constitutional authority to engage in wiretapping outside the scope of the Foreign Intelligence Surveillance Act (FISA). In fact, it’s hard to see how the bill is any compromise at all -- which is why S. 2453 is now at the top of the Administration’s legislative agenda for the truncated fall session. S. 2453 would do far more to expand the government’s ability to engage in domestic wiretapping than Senator Specter or the Administration has acknowledged. It would give the Foreign Intelligence Surveillance Court (FISC) the power to authorize entire programs of surveillance that could involve wiretapping not just suspected terrorists and spies, but anyone who has associated or communicated with a suspected terrorist or spy for any reason. Moreover, S. 2453 would significantly expand the scope of particularized surveillance orders under FISA and dramatically increase the Executive Branch’s authority to engage in surveillance without any court order at all. Finally, although the bill purports simply to acknowledge the President’s constitutional authority to engage in warrantless surveillance, without affecting that authority, the bill would actually alter the legal terrain significantly and make it more likely that courts would uphold the constitutionality of the NSA’s warrantless wiretapping program. This means the government could demand that communications providers assist with wiretaps even where there is no court order and no statutory authorization at all. S. 2453 was voted out of the Judiciary Committee on September 13 on a straight party-line vote, sending it to the Senate floor. http://www.steptoe.com/publications-3821.html
N.J. PROSECUTORS DEFEND BID FOR PHONE COMPANY RECORDS (SiliconValley.com, 11 Sept 2006) -- New Jersey has the right to obtain information about a federal domestic surveillance program because that program is no longer a secret, the state argued in response to federal efforts to quash its investigation. The Justice Department wants to throw ``an impenetrable cloak insulating the federal government’s domestic surveillance activities from all judicial scrutiny,” acting New Jersey Attorney General Anne Milgram said in a statement Monday. New Jersey prosecutors subpoenaed 10 phone companies in May because of suspicion that state consumer protection laws may have been violated if phone companies were turning over records to the National Security Agency. The federal government sued the New Jersey attorney general’s office in federal court June 14, claiming compliance with the state’s subpoenas or even acknowledging the existence of such a program would threaten national security. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/15493848.htm
GM’S MASSIVE OUTSOURCING DEAL UP AND RUNNING (Information Week, 11 Sept 2006) -- The largest private-sector information technology outsourcing deal in history is off and running in a big way. Starting in June, General Motors began the first phase of a $15 billion deal to create a single global IT organization for the company. To that end, in the first two months alone GM and its six main outsourcing partners have performed 160,000 transition tasks, trained 8,100 people on 29 standardized work processes, redeployed 2,800 personnel, remapped 1.2 million assets to new contracts, and aligned 15,000 additional supplier personnel to support requirements. Two weeks from now, GM’s partners will get together to figure out how they can collaborate not only on business processes, but also from an architectural point of view. GM announced in February the goal to create a single worldwide IT organization instead of having disparate regional processes. It tapped EDS, Hewlett-Packard, IBM, Capgemini, IBM, Compuware Covisint, and WiPro for a combined $7.5 billion over five years to improve IT operations and integration, with another $7.5 billion set aside for other contracts. Other major IT companies, including SAP, Cisco, and Microsoft, each bring an additional presence by helping over a two-year period to create a set of standard processes to which GM’s outsourcing partners will have to adhere. “The issue is now no regional boundaries,” GM CIO Ralph Szygenda said Monday at the InformationWeek 500 conference in Palm Springs, Calif. “How do you do that, and how do you drive that? You have to have global strategy, organizations, processes, and systems.” Not only do global processes and systems make for a unified IT organization, Szygenda said, but they also bring about flexibility in terms of the vendor partners GM can choose. Despite the breadth of GM’s outsourcing deals, there are limitations. “You can never outsource strategy, you can never outsource architecting systems, you can never outsource accountability in information technology,” Szygenda said. There have also been a few challenges, such as getting all the vendors to actually work together to co-develop standard business processes and then correctly designing the routing infrastructure so that communications with help centers go to the right person among GM’s set of partners. While the focus of the day was GM’s blockbuster outsourcing deal, Szygenda also said his greatest failure as CIO thus far has been the IT relationship with dealerships. Szygenda has taken steps recently to rectify that situation by working with GM dealers and automotive information management vendors to closely integrate GM’s systems with the disparate dealerships’ financial, parts, advertising and ordering systems that touch GM’s systems in one way or another. “The assumption was dealers were independent and the automotive world shouldn’t have anything to do with them,” Szygenda said. “The dealers came to me and said, you’ve got to help us, we can’t do it ourselves as individual dealers.” http://informationweek.com/news/showArticle.jhtml?articleID=192701131
SURVEY: MOST INSIDER-RELATED DATA BREACHES GO UNREPORTED (Computerworld, 12 Sept 2006) -- Most insider-related security breaches go unreported, according to a new survey by Ponemon Institute LLC in Elks Rapids, Mich. The main reason that happens is because companies don’t have the resources to tackle the issue, according to the National Survey on Managing the Insider Threat, sponsored by ArcSight Inc., an enterprise security management company in Cupertino, Calif. Ponemon Institute surveyed 461 people who work in corporate IT departments in U.S. organizations. “We found that many of the respondents in our study found that it was difficult, if not impossible, to identify all data breaches that exist -- and over 79% of the respondents said one, if not more, insider-related security breaches at their companies go unreported,” said Larry Ponemon, chairman of Ponemon Institute. Approximately 93% believe that the No. 1 barrier to addressing the data breach risk is the lack of sufficient resources, and 80% cited a lack of leadership, he said. Another factor is that no one person has overall responsibility for managing insider threats, according to 31% of respondents. The respondents said they devote a considerable amount of their efforts to trying to prevent or control insider threats as part of their company’s IT security risk management program. Approximately 10% said they spend more than half of their time on insider-related risks, and about 55% of respondents said they spend more than 30% of their time dealing with those issues, according to the survey. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9003211&source=NLT_PM&nlid=8
JUDGES CITE MORE BLOGS IN RULINGS (National Law Journal, 12 Sept 2006) -- Judges have discovered the Internet’s 600 legal blogs, citing them at least 32 times in 27 decisions over the last two years. A blog, short for Web log, is a Web page that acts as a continuous journal of the writer’s commentary, news and links to related sites. Blogs began, often as personal diaries, in the 1990s but came into their own in recent years among lawyers who use them to share with peers the latest developments in legal specialties. The ability to burrow deeply into a specialized area of the law with continuous updates has an undeniable appeal to practitioners. This phenomenon was not lost on Ian Best, a 36-year-old law school graduate who began a blog, “3L Epiphany,” as an independent study project for academic credit at Ohio State University’s Michael E. Moritz College of Law. It is a taxonomy of legal blogs. Best counted them, classified them and tracked their development. “The most significant development is judges citing blogs,” said Best, who lives in Columbus, Ohio, and is awaiting his bar exam results. Best has found 32 citations of legal blogs in 27 different cases dating back to 2004. Perhaps the most noted was by Justice John Paul Stevens in his dissent in an important sentencing decision, U.S. v. Booker, 543 U.S. 220 (2005). More recently, on July 31, a 9th U.S. Circuit Court of Appeals dissent by Judge Diarmuid O’Scannlain cited commentary on law Professor Eugene Volokh’s blog, “The Volokh Conspiracy,” in Harper v. Poway Unified School Dist., 2006 U.S. App. Lexis 19164. It cited Volokh’s commentary on viewpoint discrimination and the First Amendment. http://www.law.com/jsp/article.jsp?id=1157978118334
HACK THE VOTE? NO PROBLEM (Salon.com, 13 Sept 2006) -- Having reported extensively on the security concerns that surround the use of electronic voting machines, I anxiously awaited the results of a new study of a Diebold touch-screen voting system, conducted by Princeton University. The Princeton computer scientists obtained the Diebold system with cooperation from VelvetRevolution, an umbrella organization of more than 100 election integrity groups, which I co-founded a few months after the 2004 election. We acquired the Diebold system from an independent source and handed it over to university scientists so that, for the first time, they could analyze the hardware, software and firmware of the controversial voting system. Such an independent study had never been allowed by either Diebold or elections officials. The results of that study, released this morning, are troubling, to say the least. They confirm many of the concerns often expressed by computer scientists and security experts, as well as election integrity activists, that electronic voting -- and indeed our elections -- may now be exceedingly vulnerable to the malicious whims of a single individual. The study reveals that a computer virus can be implanted on an electronic voting machine that, in turn, could result in votes flipped for opposing candidates. According to the study, a vote for George Washington could be easily converted to a vote for Benedict Arnold, and neither the voter, nor the election officials administering the election, would ever know what happened. The virus could also be written to spread from one machine to the next and the malfeasance would likely never be discovered, the scientists said. The study was released along with a videotape demonstration. “We’ve demonstrated that malicious code can spread like a virus from one voting machine to another, which means that a bad guy who can get access to a few machines -- or only one -- can infect one machine, which could infect another, stealing a few votes on each in order to steal an entire election,” said the study’s team leader, Edward W. Felten, professor of computer science and public affairs at Princeton. The Princeton study is the first extensive investigation of the Diebold AccuVote DRE (Direct Recording Electronic) system, which is employed in Maryland, Florida, Georgia and many other states. Such touch-screen voting systems made by Diebold will be in use in nearly 40 states in this November’s elections. http://www.salon.com/opinion/feature/2006/09/13/diebold/print.html
JUSTICE AT THE CLICK OF A MOUSE IN CHINA (CNET, 13 Sept 2006) -- A court in China has used a software program to help decide prison sentences in more than 1,500 criminal cases, a Hong Kong newspaper said on Wednesday. The software, tested for two years in a court in Zibo, a city in the eastern coastal province of Shandong, covered about 100 different crimes, including robbery, rape, murder and state security offenses, the South China Morning Post said, citing the software’s developer, Qin Ye. “The software is aimed at ensuring standardized decisions on prison terms. Our programs set standard terms for any subtle distinctions in different cases of the same crime,” Qin was quoted as saying. A Beijing-based software company had worked with the Zichuan District Court in Zibo since 2003 to develop the program and input mainland criminal law, the paper said. Judges enter details of a case and the system produces a sentence, the paper said. “The software can avoid abuse of discretionary power of judges as a result of corruption or insufficient training,” the paper quoted Zichuan District Court chief judge, Wang Hongmei, as saying. But some Chinese newspapers criticized the move as a farce that highlighted the “laziness of the court” and that would not curb judicial corruption as touted. http://news.com.com/2100-1012_3-6115154.html
SURFING A BIGGER RISK THAN SPAM TO COMPANY NETWORKS (CNET, 15 Sept 2006) -- Company networks are now more likely to pick up malicious software via employee Web surfing than from e-mail attachments, according to a new study. Nearly 40 percent of the 200 Danish companies surveyed said their systems had been infected by a virus or worm, despite the fact that 75 percent had implemented a security policy, IDC Denmark said in its report, released Wednesday. But the malicious software in question is no longer primarily making its way through e-mail, as in the past. “There is a common misconception that e-mails constitute the biggest security threat from the Internet,” Per Andersen, IDC Denmark’s managing director, said in a statement. “But the survey shows that up to 30 percent of companies with 500 or more staff have been infected as a result of Internet surfing, while only 20 to 25 percent of the same companies experienced viruses and worms from e-mails.” The risk of infection is about five times greater for companies that allow Internet usage by staff to go on unhindered and unmonitored, Andersen said. The problem doesn’t go away for companies that ban private Internet use, because often such policies aren’t enforced, IDC found: About 30 percent of managers at such companies said staff accessed the Internet for personal use during working hours. IDC believes that banning personal Internet use isn’t realistic, particularly as a long-term solution. Instead, the research firm recommends closer monitoring of employees’ Internet use and using tools that give management an overview of time spent and behavior patterns online. http://news.com.com/2100-7355_3-6116244.html
DISNEY’S ITUNES SALES HIT 125,000 (Financial Times, 19 Sept 2006) -- Disney has sold 125,000 online film downloads less than a week after agreeing to make its titles available on Apple’s iTunes store. The sales have added about $1m in incremental revenue to the media company, according to chief executive Bob Iger, who expressed confidence that revenues from the new film venture could reach $50m in its first year. “Clearly, customers are saying to us that they want content available in multiple ways,” Mr Iger said at an investor conference sponsored by Goldman Sachs. Disney broke with other Hollywood studios when it agreed last week to make 75 titles available on iTunes at prices ranging from $9.99 to $14.99. http://www.ft.com/cms/s/3cc773fc-481b-11db-a42e-0000779e2340.html
H-P CASE SENDS CHILL THROUGH BAR (National Law Journal, 18 Sept 2006) -- The Hewlett-Packard Co.’s scandal involving a media leak from the boardroom has lawyers on high alert about how they and their clients obtain private information. At issue is a controversial data-collecting method known as “pretexting,” in which false pretenses are used to obtain private data. That’s allegedly what happened in the Hewlett-Packard case, in which investigators allegedly posed as board members and members of the press to trick phone companies into releasing phone records. Allegations that lawyers knew about the pretexting in the Hewlett-Packard case but did nothing about it is striking too close to home for attorneys across the nation who find themselves in similar situations involving pretexting and investigators. The case has lawyers re-examining their investigative techniques and questioning under what circumstances pretexting should be used. The H-P case “definitely sends a message to be careful, and it should send a message to both general counsels, as well as outside counsel, to be careful here,” said Frank Morris, an attorney who counsels companies on privacy matters. Ethics expert David Hricik, a law professor and former chair of the American Bar Association Section of Intellectual Property Law’s professional responsibility committee, said the H-P case has also prompted attorneys to re-examine how they deal with investigators they hire who may want to use pretexting. “The question that I have seen raised is should lawyers give to investigators a letter that says, ‘Here are the dos and don’ts. And one of the don’ts is, Don’t pretext, it’s illegal,’ “ Hricik said. He added that “[a]lmost immediately after the H-P case came out, an e-mail went out on a listserv I’m on asking whether to advise agents not to engage in that sort of conduct.” Chris Hoofnagle, a former staff attorney at the Electronic Privacy Information Center in California, said lawyers have yet to learn their lesson about pretexting, particularly when it comes to obtaining cellphone records. In February, Hoofnagle wrote letters to all 50 state bar associations notifying them that lawyers were buying illegally obtained cellphone records from online data brokers who used pretexting to obtain the phone records. He asked the bar associations to caution attorneys that the practice was illegal and to stop doing it. The Washington State Bar Association was the only one to act on Hoofnagle’s advice and wrote a letter cautioning lawyers about the pitfalls of pretexting. “We took the letter at face value that this might be something that lawyers were engaged in without really thinking about the professional-conduct implications of it,” said Pam Anderson, chairwoman of the Washington bar’s Rules of Professional Conduct Committee. http://www.law.com/jsp/nlj/PubArticleNLJ.jsp?id=1158311122481
-- and ---
HP SPONSORS PRIVACY INNOVATION AWARD (NPR, 21 Sept 2006) -- Hewlett-Packard, a company accused of spying on its board, is co-sponsor of an award for privacy. It’s called the Privacy Innovation Award. Nominees are being accepted to honor, “unique contributions to the privacy industry.” The award’s Web site says there’s not enough recognition for organizations that have “embraced privacy as a competitive advantage.” HP’s co-sponsor says the company is good on privacy issues, once you set aside the acts of its board. [For real.] http://www.npr.org/templates/story/story.php?storyId=6123067
BELGIAN COURT TELLS GOOGLE TO DROP NEWSPAPER EXCERPTS (New York Times, 19 Sept 2006) -- A court ordered Google to remove on Monday all links to French- and German-language newspaper reports published in Belgium after an association of local publishers won a case that accused the company of violating the country’s copyright laws. The legal action is the most recent example of the news media’s challenging the growing power of Internet news portals run by the large search engines. Increasingly, people are obtaining their news in bite-size nuggets on search engines, and advertising revenue for newspapers is diminishing as a result. Copiepresse, an organization that helps enforce the copyrights of some of Belgium’s best-known newspapers, including Le Soir and Le Libre Belgique, sued Google for publishing summaries of articles in the newspapers along with a link to the Web sites of the newspapers. Google contends that copyright law protects its service under fair-use provisions. Google News benefits publishers, [its spokesman] said, by making it easier for people to find their content and driving large numbers of users to their Web sites. “It is important to remember that we never show more than the headlines and a few snippets of text,” he said. “If people want to read the entire story they have to click through to the newspapers’ Web site.” In the United States last month, Google agreed to license content from The Associated Press for a new service. Mr. Louette said this was a positive sign for the news media. “The deal with A.P. seems to contradict Google’s stated business model, which is not to pay for content,” he said. http://www.nytimes.com/2006/09/19/technology/19google.html?ex=1316318400&en=e37ea16919003e84&ei=5090&partner=rssuserland&emc=rss
CASE STUDY: CHOICEPOINT INCIDENT LEADS TO IMPROVED SECURITY, OTHERS MUST FOLLOW (Gartner Research, 19 Sept 2006) -- ChoicePoint transformed itself from a “poster child” of data breaches to a role model for data security and privacy practices. One new practice involves careful credentialing of customers, a critical business process that should have standards -- but doesn’t. The upside of ChoicePoint’s data breach disclosure is that it drove the industry to improve security standards. Still, businesses engaged in data brokering and credit reporting have very uneven data privacy standards, and all should be held to the same standards as ChoicePoint is. The market will not likely address this issue without government intervention and/or regulations. [Editor: From “bad-boy” to “poster-child”, ChoicePoint’s 18 month journey to best-practice pioneer looks like they’re on their way to turning their experience to competitive advantage. The Gartner report is available by subscription]
-- and --
CRISIS CONTAINMENT COULD EMPOWER BRANDS (ClickZ Network, 18 Sept 2006) -- Consumer demand for security is top-of-mind among marketing professionals, but few have taken measures to secure corporate data or to inform customers of their efforts. The “Secure the Trust of Your Brand: How Security and IT Integrity Influence Corporate Brands” report released by the CMO Council looks at how marketers address security issues and prepare for crisis containment. Corporate data breaches, identity theft, and Internet fraud concern a majority of online consumers; a point made clear in the first portion of the study. No matter the measures taken by corporations to prevent security breaches, only 29 percent of marketers say there’s a crisis containment plan in place at their companies should data be leaked. A crisis containment plan includes every response from the company stemming from a particular problem, as well as products and services offered to customers affected by the breach. A recent example is ChoicePoint, a credential verification and risk management company that experienced a security breach. In response, the company set up a special informational Web site and offered a free credit check for those affected by the breach. “They were pretty responsive, and pretty much able to negate some of the brand trust they lost,” said Van Camp. Close to 60 percent of marketers believe enforcing security and IT boosts a brand, compared to 21 percent who think it doesn’t have an effect. While marketers recognize the importance, security has yet to be used in company messaging in a meaningful way. About 60 percent of marketers don’t include security updates in marketing communications. Only 37 percent of marketers leverage actions their companies have taken toward tighter security in their messaging. http://www.clickz.com/showPage.html?page=3623460
YALE TO POST VIDEO OF COURSES ONLINE (Inside Higher Ed, 20 September 2006) -- Yale University announced plans to begin posting video of course lectures online. Yale’s effort is part of a larger movement in higher education toward open courseware, led in large part by an initiative started at MIT in 2001. For the OpenCourseWare project, MIT posts course materials online, including syllabi, reading lists, and other resources. Diana Kleiner, who is leading the effort at Yale, said the project follows “MIT’s footprints” but represents the next step. Kleiner said that Yale officials believe the in-class experience to be central to the educational experience. Under the program, all of the lectures for a given course will be recorded and placed online. Beginning with seven courses this year, the program is expected to grow quickly to include many more in successive years. The university is exploring ways to ensure that offering video of lectures online will not encourage Yale students to skip class and simply watch the lectures at their convenience. Also at issue are intellectual property considerations, given that faculty are free to use some copyrighted materials in lectures, but that those materials may not be used similarly by the public. http://www.insidehighered.com/news/2006/09/20/yale
INFORMATION, PLEASE? YES, AND LOTS OF IT (New York Times, 20 Sept 2006) -- People researching their ancestry have been given online assistance after BT, the former British Telecom, published more than a century of its phone books on the Web. The company hopes to tap into the interest in genealogy by allowing users to trawl through millions of names, addresses and phone numbers covering the period 1880 to 1984. It is not just old relations that may turn up in the pages. In the days when unlisted numbers were less popular, Winston Churchill, Buckingham Palace, Alfred Hitchcock, Oswald Mosley and John Profumo could all be found in the phone book. At one stage, BT allowed brief job descriptions. The author of Dracula, Bram Stoker, at Victoria-1436, was listed as a lawyer, while Houdini could be found under “handcuff king.” http://www.nytimes.com/2006/09/20/world/europe/20LONDON.html?ex=1316404800&en=15a5374b8ec63341&ei=5090&partner=rssuserland&emc=rss
MANY U.S. WORKERS FAVOR E-MAIL MONITORING, RESEARCH SHOWS (eWeek.com, 20 Sept 2006) -- Despite the implied submission of personal privacy, most workers at U.S.-based companies believe that their employers should be allowed to monitor electronic communications to help protect against misuse of sensitive data. According to a report published by researchers from Iowa State University and network security software maker Palisade Systems, 100 percent of the workers the group surveyed at U.S.-based corporations said it was appropriate for companies to scan their employees’ e-mail, instant messaging and other communications systems to ensure that people were not inappropriately sharing information with outsiders. The study specifically asked if companies should be allowed to scan electronic communications for proprietary business data such as customers’ personally identifiable information, including Social Security numbers, bank account data or credit card numbers. By comparison, the study, which is based on interviews conducted with people working in 171 organizations in the government, university and commercial sectors, found that only 11 percent of survey respondents working for government agencies and 31 percent of people working for universities felt that employee communications should be monitored. Researchers involved in the study said that the disparity in opinions is largely based on the realization among workers at U.S. companies that so-called insider threats represent one of the greatest dangers to data security, and that workers understand that businesses must keep a closer eye on their employees to prevent costly information leaks. http://www.eweek.com/article2/0,1759,2018143,00.asp
GERMAN CT HOLDS WIFI OWNERS LIABLE FOR CRIME ON NETWORK (BNA’s Internet Law News, 21 Sept 2006) -- BNA’S Electronic Commerce & Law Report reports that a German court has ruled that individuals who do not password-protect their wireless Internet routers can be held liable for crimes others commit using the unprotected Internet access. In a case decided June 27, but only released the week of Sept. 11, a Hamburg District Court found a plaintiff responsible for distributing copyrighted music online. Although the plaintiff claimed to have never done such a thing, the court found the plaintiff to be an accomplice because he had made Internet access freely available in his immediate vicinity by not requiring a password to access his Internet router. Article at http://pubs.bna.com/ip/bna/eip.nsf/eh/a0b3h7p7y0
SJ STATE WEIGHS SKYPE BAN (The Mercury News, 21 Sept 2006) -- An effort by San Jose State University to ban the Skype phone service has been put on hold in the face of fierce objections from students and staff. Administrators said they would meet with eBay, the owner of Skype, next Tuesday in order to give the San Jose-based company an opportunity to address the university’s concerns about network security. San Jose State is the third California university to impose restrictions on Skype. In January, the University of California, Santa Barbara announced it was prohibiting Skype because the license agreement it presented to users gave third parties access to the university’s network. UC-Santa Barbara said it would allow other computer-calling services. California State University Dominguez Hills has long discouraged use of all computer-calling services, including Skype, a spokesman said. Skype has also been banned by some universities in the United Kingdom. The problem with Skype is not that it enables illegal behavior, but that its end-user license agreement appears to permit legal use of university’s networks by people outside the university and, indeed, the United States. ``It’s a fairly subtle problem,” said Kevin Schmidt, campus network programmer at the University of California, Santa Barbara. Skype users agree to run an application on their computers that is built to relay calls between third parties whenever a computer is turned on. http://www.mercurynews.com/mld/mercurynews/business/15576648.htm
BOOMERS: A WEB-MARKETING BONANZA (Business Week, 25 Sept 2006) -- Only a few smart Internet sites have figured out how to appeal to a large constituency with time to spend and money to burn. Today, baby boomers make up the Web’s largest constituency, accounting for fully one-third of the 195.3 million Web users in the U.S., according to JupiterResearch. They also spend more money on online shopping than your average Web user. Advertisers understand that, and targeted boomers with close to $5 billion in ads last year, according to Jupiter, out of a total $13 billion spent in Web advertising. Despite all that, boomers are arguably the most underserved audience on the Net, when it comes to special, customized destinations. Even where you would expect to see smart, age-related targeting—sites dedicated to photo- and video-sharing, for example—there is a surprising void. Ditto social networks. College students have Facebook.com and MySpace.com. Professionals use LinkedIn. Some boomers do find their way onto such sites, but typically they discover little that’s tailored to their sensibilities. But now there is a growing movement on the Web to give baby boomers the kind of experience they seek. Eons.com is part of that, and so is the all-powerful AARP, which plans to add MySpace.com-like features to its Web site in the first quarter of 2007, says Hugh Delehanty, editor-in-chief of AARP publications. The site will let people create their own home pages and form interest groups, focused on hobbies like gardening or taking care of elderly parents. So what does this generation really care about? According to Jupiter, they’re most interested in investing, finance, and health. Self-help and advice columns are also popular on the new boomer-centric Web sites, which tend to take an upbeat view of the whole aging process. http://www.businessweek.com/technology/content/sep2006/tc20060925_328758.htm?campaign_id=rss_tech
TOP AIDE TO N.H. CONGRESSMAN RESIGNS AFTER POSTING PHONY BLOG COMMENTS (SiliconValley.com 26 Sept 2006) -- A top aide to U.S. Rep. Charles Bass resigned Tuesday after disclosures that he posed as a supporter of the Republican’s opponent in blog messages intended to convince people that the race was not competitive. Operators of two liberal blogs traced the postings to the House of Representatives’ computer server. Bass’ office traced the messages to his policy director, Tad Furtado, and issued a statement announcing Furtado’s resignation Tuesday. ``Tad Furtado posted to political Web sites from my office without my knowledge or authorization and in violation of my office policy,” Bass said. ``I have referred this matter to the House Committee on Standards of Official Conduct for their review.” Posting as IndyNH and IndieNH, Furtado professed support for Democrat Paul Hodes but scoffed at a poll showing him tied with Bass and suggested Democrats should invest their time and money elsewhere. ``I am going to look at the competitive race list to figure out where to send another mydd.com/netroots donation and maybe help out in other ways,” IndieNH wrote. ``Maybe CT or NY for me -- they are at least close by. Anyone interested in pooling NH efforts for some of those races?” Laura Clawson, who runs ``Blue Granite,” and Michael Caulfield, who runs ``NH-02 Progressive,” said they were suspicious of IndieNH’s postings from the beginning. ``You see this all the time on political blogs, some elaborate act where someone says, ‘Now, I hate to say something against a Democrat, but,”’ Clawson told the Concord Monitor. ``So you develop an eye for it. And this poster definitely tripped all the wires.” After tracing the poster’s IP address, Clawson posted an article last week on the results, and the postings stopped. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/15613719.htm
SPANISH UNIVERSITY JOINS GOOGLE BOOK SCAN PLAN (Reuters, 26 Sept 2006) -- The Complutense University of Madrid is becoming the first library in a non-English-speaking country to join Google Inc.’s bid to scan every book in print, as the controversial project extends its global reach. The university’s library, the country’s second largest behind the National Library, houses 3 million works, including thousands of Spanish-language public domain books, including those of Cervantes and Sor Juana Ines de la Cruz. “We already have other non-English-language books, but this will be a huge boost to our Spanish-language content, as well as other languages,” a Google spokeswoman said on Tuesday. More than 400 million people speak Spanish around the world. Madrid joins Harvard, Oxford, Stanford, the universities of Michigan and California and the New York Public Library for the project being run by the world’s most popular search company. The U.S. Library of Congress is involved in a similar effort with Google. http://uk.news.yahoo.com/26092006/80-91/spanish-university-joins-google-book-scan-plan.html
HOPING TO BE A MODEL, I.B.M. WILL PUT ITS PATENT FILINGS ONLINE (New York Times, 26 Sept 2006) -- I.B.M., the nation’s largest patent holder, will publish its patent filings on the Web for public review as part of a new policy that the company hopes will be a model for others. If widely adopted, the policy could help to curb the rising wave of patent disputes and patent litigation. The policy, being announced today, includes standards like clearly identifying the corporate ownership of patents, to avoid filings that cloak authorship under the name of an individual or dummy company. It also asserts that so-called business methods alone — broad descriptions of ideas, without technical specifics — should not be patentable. The move by I.B.M. does carry business risks. Patents typically take three or four years after filing to be approved by the patent office. Companies often try to keep patent applications private for as long as possible, to try to hide their technical intentions from rivals. “Competitors will know years ahead in some cases what fields we’re working on,” said John Kelly, senior vice president for technology and intellectual property at I.B.M. “We’ve decided we’ll take that risk and seek our competitive advantage elsewhere.” The more open approach, I.B.M. says, is intended as a step toward improving the quality of patents issued in general because the process of public review should weed out me-too claims that are not genuine innovations. “The larger picture here is that intellectual property is the crucial capital in a global knowledge economy,” said Samuel J. Palmisano, I.B.M.’s chief executive. “If you need a dozen lawyers involved every time you want to do something, it’s going to be a huge barrier. We need to make sure that intellectual property is not used as a barrier to growth in the future.” The I.B.M. move is partly a response to what it and other technology companies regard as the slow movement by Congress toward overhauling the patent process. http://www.nytimes.com/2006/09/26/technology/26patent.html?ex=1316923200&en=fe65e7e63544fb61&ei=5090&partner=rssuserland&emc=rss
DIGITAL ARCHIVING GAINS NEW TOOL (BBC, 26 Sept 2006) -- A tool that makes it easier to gather and store digital archives has been developed by the National Library of New Zealand and the British Library. As more and more information goes online the race is on to create meaningful digital archives. The web curator tool automates the process of collecting and storing information. It will become a key part of the British Library’s existing digital preservation programme. The practise of web harvesting - using software to search out and gather snapshots of websites - will become increasingly important as organisations seek to preserve web pages, which often have a shelf-life of just a few months before disappearing. The temporary nature of the web and the sheer amount of information available online makes digital preservation tricky. According to Stephen Green, the British Library’s web archiving programme manager, the tool will concentrate on sites considered to be an important part of British cultural heritage, such as the websites of political parties and information around significant events such as the July 7th bombings. The web curator tool that was developed will be available to other organisations as an open source release by the end of the year. http://news.bbc.co.uk/2/hi/technology/5382144.stm
JUDGE SAYS STREAMCAST LIABLE IN LAWSUIT (Washington Post, 27 Sept 2006) -- A federal judge ruled Wednesday against the distributor of the Morpheus online file-sharing software, finding the firm encouraged computer users to share music, movies and other copyright works without permission. The ruling was a sweeping victory for coalition of Hollywood movie studios, record companies and music publishers who sued Los Angeles-based StreamCast Networks Inc. and similar firms in 2001. The case led to a landmark copyright ruling by the U.S. Supreme Court last year. In the 60-page decision, U.S. District Judge Stephen V. Wilson granted the entertainment companies’ motion for summary judgment, concluding there was more than enough evidence of “massive infringement” on StreamCast’s network, despite the company’s arguments that it did not encourage computer users to violate copyright laws. http://www.washingtonpost.com/wp-dyn/content/article/2006/09/27/AR2006092701605.html
MYSPACE LAUNCHES VOTER-REGISTRATION PLAN (Washington Post, 27 Sept 2006) -- The youth-heavy online hangout MySpace.com is launching a voter-registration drive to engage its members in civics. In partnership with the nonpartisan group Declare Yourself, MySpace is running ads on its highly trafficked Web site and giving members tools such as a “I Registered To Vote On MySpace” badge to place on their personal profile pages. “Young people in this country ... are really engaged in what’s happening in their community and want to make a difference,” said Jeff Berman, MySpace’s senior vice president for public affairs. “The key is to make it easy for them to get engaged. By putting these tools on MySpace and putting it in front of their eyes, you make it far more likely they will use them.” To register, members simply go to http://www.myspace.com/declareyourself and enter a state or ZIP code. After entering the requested information, the site generates a PDF file that can be printed and mailed to state election officials. A Spanish version also is available. Although MySpace has a heavy youth population, about 80 percent of its 114 million registered members are old enough to vote, according to the Los Angeles-based company. http://www.washingtonpost.com/wp-dyn/content/article/2006/09/27/AR2006092700426.html?nav=rss_technology
CT RULES MASKING SPAM ORIGIN SUFFICIENT FOR JURISDICTION (BNA’s Internet Law News, 28 Sept 2006) -- BNA’S Electronic Commerce & Law Report reports that a federal court in Georgia has ruled that masking the origin of spam by routing it through an Internet service provider’s mail servers so that it appeared that the messages originated from the ISP itself amounts to an “electronic contact” with the ISP’s forum sufficient to assert personal jurisdiction over the spammers. The court reasoned that jurisdiction was proper because “[t]his process of masking involved connections to and from EarthLink’s network in Georgia.” Case name is EarthLink Inc. v. Pope.
GE LAPTOP THEFT EXPOSES DATA ON THOUSANDS (CNET, 27 Sept 2006) -- General Electric said on Tuesday that a company laptop containing the names and Social Security numbers of 50,000 current and former employees was stolen in early September. The laptop, issued to a GE official who was authorized to have the data, was stolen from a locked hotel room, the company said. The Connecticut-based company began mailing letters earlier this week to the people whose names and Social Security numbers were on the laptop, to notify them of the breach and to offer a year’s free access to a credit-monitoring service, GE spokesman Russell Wilkerson said. http://news.com.com/2100-1029_3-6120181.html [Editor: This is only one of dozens of such cases in the past two months alone. I’m not picking on GE; but this goes to show that even bigger, more sophisticated companies are failing to employ simple crypto tools which would obviate much of the risk.]
BELGIAN PREMIER SAYS SWIFT SECRETLY SUPPLIED U.S. WITH BANK DATA (SiliconVallery.com 28 Sept 2006) -- The money transfer company SWIFT has for years secretly supplied U.S. authorities with massive amounts of personal data for use in anti-terror investigations, violating EU privacy rules, a Belgian commission said Thursday. ``SWIFT finds itself in a conflicting position between American and European law,” Belgian Prime Minister Guy Verhofstadt said. Verhofstadt spoke after Belgium’s privacy protection commission presented its findings on the case, although it did not call for immediate legal action. The premier said that his government also would not take legal action to shut down the data transfers. The report said that while SWIFT did all it could to live up to Belgian, EU and U.S. regulations to hand over the requested information, it finds itself in a legal quagmire that must be urgently corrected. The controversy surrounds a secret transfer deal between the U.S. Treasury and the Belgium-based Society for Worldwide Interbank Financial Telecommunication, or SWIFT. The company routes about 11 million financial transactions daily between 7,800 banks and other financial institutions in 200 countries, recording customer names, account numbers and other identifying information. Verhofstadt said he did not object to the need to scour through personal data in hunting down terrorists, but it needed to be done with respect to privacy rights. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/15630604.htm
PIRATES OF THE MEDITERRANEAN (New York Times, Op-Ed, 30 Sept 2006) -- In the autumn of 68 B.C. the world’s only military superpower was dealt a profound psychological blow by a daring terrorist attack on its very heart. Rome’s port at Ostia was set on fire, the consular war fleet destroyed, and two prominent senators, together with their bodyguards and staff, kidnapped. The incident, dramatic though it was, has not attracted much attention from modern historians. But history is mutable. An event that was merely a footnote five years ago has now, in our post-9/11 world, assumed a fresh and ominous significance. For in the panicky aftermath of the attack, the Roman people made decisions that set them on the path to the destruction of their Constitution, their democracy and their liberty. One cannot help wondering if history is repeating itself. Consider the parallels. The perpetrators of this spectacular assault were not in the pay of any foreign power: no nation would have dared to attack Rome so provocatively. They were, rather, the disaffected of the earth: “The ruined men of all nations,” in the words of the great 19th-century German historian Theodor Mommsen, “a piratical state with a peculiar esprit de corps.” Like Al Qaeda, these pirates were loosely organized, but able to spread a disproportionate amount of fear among citizens who had believed themselves immune from attack. To quote Mommsen again: “The Latin husbandman, the traveler on the Appian highway, the genteel bathing visitor at the terrestrial paradise of Baiae were no longer secure of their property or their life for a single moment.” What was to be done? Over the preceding centuries, the Constitution of ancient Rome had developed an intricate series of checks and balances intended to prevent the concentration of power in the hands of a single individual. The consulship, elected annually, was jointly held by two men. Military commands were of limited duration and subject to regular renewal. Ordinary citizens were accustomed to a remarkable degree of liberty: the cry of “Civis Romanus sum” — “I am a Roman citizen” — was a guarantee of safety throughout the world. But such was the panic that ensued after Ostia that the people were willing to compromise these rights. The greatest soldier in Rome, the 38-year-old Gnaeus Pompeius Magnus (better known to posterity as Pompey the Great) arranged for a lieutenant of his, the tribune Aulus Gabinius, to rise in the Roman Forum and propose an astonishing new law. “Pompey was to be given not only the supreme naval command but what amounted in fact to an absolute authority and uncontrolled power over everyone,” the Greek historian Plutarch wrote. “There were not many places in the Roman world that were not included within these limits.” Pompey eventually received almost the entire contents of the Roman Treasury — 144 million sesterces — to pay for his “war on terror,” which included building a fleet of 500 ships and raising an army of 120,000 infantry and 5,000 cavalry. Such an accumulation of power was unprecedented, and there was literally a riot in the Senate when the bill was debated. Nevertheless, at a tumultuous mass meeting in the center of Rome, Pompey’s opponents were cowed into submission, the Lex Gabinia passed (illegally), and he was given his power. In the end, once he put to sea, it took less than three months to sweep the pirates from the entire Mediterranean. Even allowing for Pompey’s genius as a military strategist, the suspicion arises that if the pirates could be defeated so swiftly, they could hardly have been such a grievous threat in the first place. But it was too late to raise such questions. By the oldest trick in the political book — the whipping up of a panic, in which any dissenting voice could be dismissed as “soft” or even “traitorous” — powers had been ceded by the people that would never be returned. Pompey stayed in the Middle East for six years, establishing puppet regimes throughout the region, and turning himself into the richest man in the empire. Those of us who are not Americans can only look on in wonder at the similar ease with which the ancient rights and liberties of the individual are being surrendered in the United States in the wake of 9/11. The vote by the Senate on Thursday to suspend the right of habeas corpus for terrorism detainees, denying them their right to challenge their detention in court; the careful wording about torture, which forbids only the inducement of “serious” physical and mental suffering to obtain information; the admissibility of evidence obtained in the United States without a search warrant; the licensing of the president to declare a legal resident of the United States an enemy combatant — all this represents an historic shift in the balance of power between the citizen and the executive. An intelligent, skeptical American would no doubt scoff at the thought that what has happened since 9/11 could presage the destruction of a centuries-old constitution; but then, I suppose, an intelligent, skeptical Roman in 68 B.C. might well have done the same. In truth, however, the Lex Gabinia was the beginning of the end of the Roman republic. It set a precedent. Less than a decade later, Julius Caesar — the only man, according to Plutarch, who spoke out in favor of Pompey’s special command during the Senate debate — was awarded similar, extended military sovereignty in Gaul. Previously, the state, through the Senate, largely had direction of its armed forces; now the armed forces began to assume direction of the state. It also brought a flood of money into an electoral system that had been designed for a simpler, non-imperial era. Caesar, like Pompey, with all the resources of Gaul at his disposal, became immensely wealthy, and used his treasure to fund his own political faction. Henceforth, the result of elections was determined largely by which candidate had the most money to bribe the electorate. In 49 B.C., the system collapsed completely, Caesar crossed the Rubicon — and the rest, as they say, is ancient history. It may be that the Roman republic was doomed in any case. But the disproportionate reaction to the raid on Ostia unquestionably hastened the process, weakening the restraints on military adventurism and corrupting the political process. It was to be more than 1,800 years before anything remotely comparable to Rome’s democracy — imperfect though it was — rose again. The Lex Gabinia was a classic illustration of the law of unintended consequences: it fatally subverted the institution it was supposed to protect. Let us hope that vote in the United States Senate does not have the same result. http://www.nytimes.com/2006/09/30/opinion/30harris.html?ex=1317268800&en=c6ea4450122c3e93&ei=5090&partner=rssuserland&emc=rss [Editor: Former Irish President Mary Robinson delivered an important speech on 16 September at the ABA/IBA Rule of Law Symposium, “Rule of Law: Striking a Balance in an Era of Terrorism.” Both the instant article and the Robinson speech (at http://www.realizingrights.org/pdf/ABA_IBA_Rule_of_Law_Chicago_2006.pdf) remind me of Samuel Johnson’s remark, “I understand my own country so much better, when I stand in someone else’s.”]
**** RESOURCES ****
AUTHORSHIP, AUDIENCES, AND ANONYMOUS SPEECH (Tom Cotter, Lyrissa Lidsky; Minnesota Legal Studies Research Paper, 21 August 2006) -- Abstract: A series of United States Supreme Court decisions establishes that the First Amendment provides a qualified right to speak and publish anonymously, or under a pseudonym. But the Court has never clearly defined the scope of this right. As a result, lower courts have been left with little guidance when it comes to dealing both with the Internet-fueled growth of torts and crimes committed by anonymous speakers, and with the increasing number of lawsuits aimed at silencing legitimate anonymous speech. In this Article, we provide both positive and normative foundations for a comprehensive approach to anonymous speech. We first draw upon intellectual property theory, particularly as it relates to trademarks and copyright, to develop a positive analysis of the private and social costs and benefits of anonymous speech. Traditional First Amendment jurisprudence then supplies the missing normative component by providing two crucial presumptions that suggest how to weigh the relevant costs and benefits. The first is the anti-paternalism presumption. This assumes that audiences are capable of responding to anonymous speech in much the same way they respond to generic, nontrademarked products - by recognizing that the product, in this case speech, lacks an important quality indicator and should be evaluated accordingly. In this manner, audiences can minimize the potential social harm of many forms of anonymous speech. The second presumption, which we refer to as “more is better,” favors more speech over less, and thus places considerable weight on anonymity as a tool for encouraging otherwise reluctant speakers to come forward - even at the risk of simultaneously encouraging more potentially harmful speech. These twin presumptions form the basis for the detailed guidance we supply for legislatures contemplating regulation of anonymous speech, and for courts seeking to balance the rights of anonymous speakers with other important interests. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=925736
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu.
2. Edupage, http://www.educause.edu/pub/edupage/edupage.html.
3. SANS Newsbites, firstname.lastname@example.org.
4. NewsScan and Innovation, http://www.newsscan.com.
5. Internet Law & Policy Forum, http://www.ilpf.org.
6. BNA’s Internet Law News, http://ecommercecenter.bna.com.
7. Crypto-Gram, http://www.schneier.com/crypto-gram.html.
8. McGuire Wood’s Technology & Business Articles of Note, http://www.ggtech.com
9. Steptoe & Johnson’s E-Commerce Law Week, www.steptoe.com
10. Readers’ submissions, and the editor’s discoveries.
PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.