Saturday, November 11, 2006

MIRLN -- Misc. IT Related Legal News [22 October – 11 November 2006; v9.15]

**************Introductory Note**********************

MIRLN (Misc. IT Related Legal News) is a free product of the American Bar Association’s Cyberspace Law Committee and Dickinson Wright PLLC. Please feel free to distribute this message. Dickinson Wright’s IT & Security Law practice group is described at

Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN editions are archived at and blogged at

**************End of Introductory Note***************

FILESHARING AND DIGITAL EVIDENCE CASE IN SWEDEN (EDRI, 11 Oct 2006) -- Andreas Bawer was accused in 2005 of sharing a film, called Hip Hip Hora, breaching the Swedish Penal Code. He was found guilty in the Swedish Court of First Instance, (Västmanlands Tingrätt) in December 2005. However, in a recent decision on 2 October 2006 of the Swedish Appeal Court (Svea Hovrätt) he was acquitted, the court identifying several faults in the digital evidences presented. Bawer, having allegedly shared film files, could, in accordance with the Swedish penal code, be sentenced for criminal liability on condition it was proven beyond reasonable doubt that the IP address used for file sharing was assigned to the computer Bawer owned or used, and that the court could not rule out others had used the said computer at the time of the alleged file sharing. The legal question in issue was whether there was sufficient evidence of probability that Bawer had shared a film file Hip Hip Hora. In Swedish law, the prosecuting authority has the burden of proof both for the subjective and objective conditions for criminal liability, and only evidence proven before the court make up the basis for the court´s assessment and judgement. In the Bawer-case the prosecuting authority contended the IP address was connected to Bawer´s computer. The evidence was a record made by the Swedish Antipiratbyrån (Swedish Antipiracybureau) of Bawer´s file sharing. Antipiratbyrån had access to a file sharing service named Walhall through which it made a search for the film Hip Hip Hora which allegedly was made available by Bawer. Antipiratbyrån requested to download the film from Bawer using the file-sharing service Walhall, through which a download was performed. With the control program CommView, the Antipiratbyrån recorded the traffic data between the computer of Antipiratbyrån and Bawer’s computer. Expert witnesses proved several faults with the record of the traffic data carried out by the Antipiratbyrån through its use of the control program CommView. First, the recorded IP address could have belonged to a router or a firewall, which in turn, could have assigned the IP address to the culprit to use for filesharing. Second, the control program CommView monitored simultaneously file sharing carried out with different IPaddresses, whereas only one filesharing was recorded without any description of how the evidence was secured. Third, the record of the file sharing did not show a transcript of the time zone used for the record. Fourth, the record of the file sharing did not show a transcript of the date and time for the file sharing allegedly committed by Bawer. Fifth, the programs used to define the time of the record on the CD/DVD made by the Antipiratbyrån showed discrepancies. Hence, the Swedish Appeal Court could not prove beyond reasonable doubt that the film file was shared from Bawer’s computer. [Editor: Thanks to a MIRLN subscriber in Europe.]

MURDER SUSPECT AGREES TO DECRYPT LAPTOP (, 19 Oct 2006) -- US Federal attorneys have agreed to a plea deal that would let them view encrypted content on the laptop of a convicted murderer and sex offender. Joseph Edward Duncan, a former computer science student, has confessed to killing three people in northern Idaho and abducting and sexually assaulting two children. Associated Press reported that Duncan had kept an encrypted journal on his laptop that is believed to contain evidence relevant to the case. The computer had spent over a year at the FBI’s headquarters, but operatives had been unable to decrypt the data. Under the plea bargain, Duncan has agreed to release the encryption key to his defence attorney and to plead guilty to three counts of murder and two counts of kidnapping. He will be eligible for the death penalty. [Editor: Years ago I read a law review article that parsed compelled-disclosure differences that flowed from whether you’d ever written-down your passwords—e.g., in a file or diary—or whether you’d only ever committed them to memory; if the latter, the Fifth Amendment offered more protection than the former. Still a valid conclusion?]

MICROSOFT BOWS TO THE BELGIANS (CNET, 20 Oct 2006) -- Microsoft said on Friday it would remove links to articles in Belgian newspapers rather than be sued for copyright violation like Google was. Microsoft received a cease and desist letter last week from Copiepresse, which represents French and German-language Belgian newspaper publishers, with complaints similar to a lawsuit the organization filed against Google and won. Copiepresse argues that posting article text violates copyright, even if the text is very short and the accompanying link drives traffic to the publisher Web site. An appeals court upheld the ruling in the Google case last month and banned the search giant from reproducing snippets of items from Belgian newspapers on its Google News aggregation Web site. Microsoft will remove all links to cached and non-cached articles from French and German-language Belgian newspapers from its Live Search engine and the news engine Newsbot, according to a statement issued in Belgium by the Redmond, Wash.-based company.

WE’RE GOOGLE. SO SUE US. (New York Times, 23 Oct 2006) -- Google attracts millions of Web users every day. And, increasingly, it’s attracting the attention of plenty of lawyers, too. 992 riots in Los Angeles has become the subject of a copyright lawsuit. As Google has grown into the world’s most popular search engine and, arguably, the most powerful Internet company, it has become entangled in scores of lawsuits touching on a wide range of legal questions, including copyright violation, trademark infringement and its method of ranking Web sites. Any company that is large and successful is going to attract lawsuits, and Google’s deep pockets make it an especially big target. But as it rushes to create innovative new services, Google sometimes operates in a way that almost seems to invite legal scrutiny. A group of authors and publishers is challenging the company’s right to scan books that are still under copyright. A small Web site in California is suing Google because it was removed from the company’s search results. And European news agencies have sued over Google’s use of their headlines and photos in Google News. In these cases and others, potential legal problems seem to give the company little pause before it plunges into new ventures. “I think Google is wanting to push the boundaries,” said Jonathan Zittrain, professor of Internet governance and regulation at Oxford University. “The Internet ethos of the 90’s, the expansionist ethos, was, ‘Just do it, make it cool, make it great and we’ll cut the rough edges off later,’ “ Professor Zittrain said. “They’re really trying to preserve a culture that says, ‘Just do it, and consult with the lawyers as you go so you don’t do anything flagrantly ill-advised.’ “

STUDY: DATA BREACHES BECOMING MORE EXPENSIVE (Information Week, 23 Oct 2006) -- Data breaches are expensive, averaging $4.7 million per incident, and they’re becoming even more costly. These are some of the findings of the Ponemon Institute’s “2006 Cost of Data Breach Study,” released today. Based on 31 real data losses, the study finds a vast disparity in the financial impact of breaches and the amount spent on remediation. Given an average cost of $4.7 million per breach--an average loss of 26,000 records at a cost of $182 per record--companies spent only $180,000 on preventing future data losses. Of the $4.7 million cost, about $2.5 million reflects the cost of lost business. The cost of losing data rose from 2005 to 2006. The 2006 average was $182 per compromised record. The Ponemon Institute’s 2005 study cited a figure of $132 per record. These figures include the cost of detection, escalation, notification, and follow-up help to victims.

-- and --

STUDY: CUSTOMERS DON’T WANT DATA HANDLED BY OUTSIDE VENDORS (Computer World, 24 Oct 2006) -- A customer will likely forgive a company once if a data security breach occurs and some of that customer’s personal information is put at risk. But if the breach comes at the hands of a third-party vendor working for the original company, customers are likely to be less forgiving and will bolt to another firm for their products and services. Those are some of the conclusions from a 17-page report, the “2006 Cost of Data Breach Study,” released yesterday by the Ponemon Institute LLC, an Elk Rapids, Mich.-based firm that looks at information and privacy management practices in business and government. “It turns out that a major cost... [is] lost business opportunities” when customers no longer trust companies they have worked with and seek out new business relationships, said Larry Ponemon, founder and chairman of the Ponemon Institute and an occasional Computerworld columnist. Given the recent spate of corporate data breaches involving lost laptops, stolen computers and hacked networks, Ponemon said he expected people to become desensitized to the problem -- and complacent.

AMAZON WON’T GIVE BOOK-SEARCH DETAILS TO GOOGLE (, 24 Oct 2006) -- As expected, online retailer Inc. has objected to providing details about its book search feature to rival Google Inc., which says it needs them to fight copyright infringement allegations from a group of authors and book publishers. In a Monday filing, described Google’s request, which was made via a subpoena served on Oct. 6, as ``overly broad and unduly burdensome” and said it would expose Amazon’s trade secrets. Amazon lawyers also note how Google wants ``essentially all documents concerning Amazon’s sale of books on its Web sites, and all searching and indexing functions.” ``Google can not show any substantial need to obtain Amazon’s proprietary information,” despite Google’s promises to only use the information to defend itself against the lawsuits, Amazon’s lawyers wrote. Google says it needs the details to battle recently consolidated class action lawsuits filed against it by several major book publishers and The Authors Guild, which collectively allege Google didn’t get the proper approvals before making their work available to anyone with an Internet connection.

GOVERNMENTS WILL LIKE GOOGLE’S AD-FREE CUSTOM SEARCH ENGINE, ANALYST SAYS (TechWeb, 25 Oct 2006) -- Google’s new Custom Search Engine will have a strong impact on government search sites even though the government sites won’t be required to run Google ads, according to an analysis conducted by Arnold Information Technology (AIT). “Every government agency can now put up a Google box at no cost,” said Stephen Arnold, AIT’s managing director, in an interview Tuesday shortly after Google unveiled its latest search innovation. “Applications will come out of the woodwork for this function.” Arnold, who has written a book on Google, runs the small IT consultancy from Louisville, Ky. In announcing Google Custom Search Engine on Monday, the search engine giant said it will enable operators of Internet sites to choose and rank search page results using their own indexes. The company said it expects the approach will increase its advertising sales, but, at the same time, it noted that educational institutions, nonprofits, and government agencies won’t be required to include ads.;jsessionid=HZJQMII4EXXNEQSNDLQSKHSCJUNN2JVN

RINGTONES DESERVE A COMPULSORY LICENSE (ARS Technica, 24 Oct 2006) -- Copyright owners have great control over the way in which their works are used, but that control is not unlimited. Music publishers were reminded of this fact when the US Register of Copyrights decided last week that ringtones fall under the compulsory license provisions of copyright law. While that decision may sound esoteric, it’s actually quite an important one for the industry, and the fight over it was contentious. Earlier this year, the RIAA asked the Copyright Royalty Board—the government group that sets royalty rates for compulsory licenses—to consider whether ringtones fell under the statutory licensing provisions of US Code Chapter 17, Section 115. The Copyright Royalty Board agreed that this was an interesting question, and they referred it to the Register of Copyrights, Marybeth Peters. Peters and her staff convened a hearing on October 4 at which the RIAA presented its arguments in favor of the compulsory license, while representatives of the National Music Publishers Association (NMPA) and other put forward their strongest objections.

CT RULES GOOGLE ADVERTISERS BOUND BY ADWORDS FORUM CLAUSE (BNA’s Internet Law News, 26 Oct 2006) -- BNA’s Electronic Commerce & Law Report reports that a federal court in New York has ruled that the forum selection clause in Google’s AdWords online contract, which calls for all claims to be litigated in northern California, is enforceable against a New York attorney who admitted assenting to the contract. The court added that, even if the contract were analyzed as an adhesion contract, the designated forum was a fair and reasonable choice. Case name is Person v. Google.

ZOMBIES STILL HAUNT WINDOWS PCS (, 26 Oct 2006) -- Software giant Microsoft has crowned the “zombie” PC the greatest threat to Windows users. Of the many forms of attacks uncovered during the first half of 2006, the company said backdoor Trojans which take control of infected computers can be found in almost one out of every two Windows-based systems.

PASS HACKER UNDER FIRE (Wired, 27 Oct 2006) -- Security researcher Christopher Soghoian created the Northwest Airline Boarding Pass Generator in the hope of spurring Congress to look closely at the nation’s aviation security policies, which he calls “security theater.” The site lets anyone create a facsimile of a Northwest Airlines boarding pass, with whatever name they choose. On Friday, Congress heard Soghoian’s message loud and clear. But instead of promising to reform broken airport security procedures, Rep. Edward Markey (D-Massachusetts), a member of the House Homeland Security committee known for his defenses of privacy, wants the site shut down and Soghoian arrested. In reality, the “loophole” is nothing new. Security expert Bruce Schneier wrote about it in 2003, and the online magazine Slate covered it as major news in 2005. Soghoian points out that Sen. Chuck Schumer (D-New York) publicized the same security hole in April 2006. “Perhaps Sen. Schumer will end up being my cellmate,” Soghoian said. Soghoian, a Ph.D. student at Indiana University, says he has never used one of the fake boarding passes, which are likely good enough to get someone through airport security into the “sanitized” area of the airport, but not good enough to get anyone on a plane. He was waiting for clearance from lawyers at Indiana University before attempting to test if the method worked to get through security.,72023-0.html

-- and --

DIY BOARDING PASS SITE GETS SHUT DOWN (CNET, 30 Oct 2006) -- FBI agents raided Christopher Soghoian’s home over the weekend, seizing computers and other equipment, Soghoian wrote on his blog. They first visited him Friday afternoon with a request to take the site down, but when he got online, he found that the site had already been removed, he wrote.

ARMY MONITORS SOLDIERS’ BLOGS, WEB SITES (AP, 29 Oct 2006) -- From the front lines of Iraq and Afghanistan to here at home, soldiers blogging about military life are under the watchful eye of some of their own. A Virginia-based operation, the Army Web Risk Assessment Cell, monitors official and unofficial blogs and other Web sites for anything that may compromise security. The team scans for official documents, personal contact information and pictures of weapons or entrances to camps. In one incident, a blogger was describing his duties as a guard, providing pictures of his post and discussing how to exploit its vulnerabilities. Other soldiers posted photos of an Army weapons system that was damaged by enemy attack, and another showed personal information that could have endangered his family.

COPYING OWN CDS ‘SHOULD BE LEGAL’ (BBC, 29 Oct 2006) -- A think-tank has called for outdated copyright laws to be rewritten to take account of new ways people listen to music, watch films and read books. The Institute for Public Policy Research (IPPR) is calling for a “private right to copy”. It would decriminalise millions of Britons who break the law each year by copying their CDs onto music players. IPPR deputy director Dr Ian Kearns said: “When it comes to protecting the interests of copyright holders, the emphasis the music industry has put on tackling illegal distribution and not prosecuting for personal copying, is right. “But it is not the music industry’s job to decide what rights consumers have -- that is the job of government.” Report author Kay Withers said: “The idea of all-rights reserved doesn’t make sense for the digital era and it doesn’t make sense to have a law that everyone breaks. To give the IP regime legitimacy it must command public respect.”

MYSPACE PROTECTS MUSIC (RedHerring, 30 Oct 2006) -- said Monday it has licensed technology from Gracenote that will allow it to block unauthorized copyrighted music from being posted on its site. The social networking site will use Gracenote’s MusicID audio-fingerprinting technology and Global Media Database to review music uploaded to its site. The software will allow it to search through members’ profiles to find copyrighted music. Los Angeles-based MySpace will be able to identify copyrighted music in the Global Media Database and block uploads of such music.

SECURITY DATABASE: THE HITS JUST KEEP ON COMING (FCW, 31 Oct 2006) -- Just more than a year ago, the National Institute of Standards and Technology built an online database to help organizations track security flaws in popular software products. The National Vulnerability Database Web site is on pace to receive 25 million hits per year, according to NIST, so users obviously like it. And the need for it has never been greater. The database, which began with a list of 12,000 vulnerabilities, recently hit 20,000, with no sign of slowing. The NIST database categorizes software problems by product and vendor name and version number, and it provides information on known fixes and links to relevant industry sources. The database also notes the severity of each flaw, using the industry standard Common Vulnerability Scoring System so users can decide which problems to address first, according to NIST.

-- and --

U.S. INTELLIGENCE UNVEILS SPY VERSION OF WIKIPEDIA (Reuters, 31 Oct 2006) -- The U.S. intelligence community on Tuesday unveiled its own secretive version of Wikipedia, saying the popular online encyclopedia format known for its openness is key to the future of American espionage. The office of U.S. intelligence czar John Negroponte announced Intellipedia, which allows intelligence analysts and other officials to collaboratively add and edit content on the government’s classified Intelink Web much like its more famous namesake on the World Wide Web. A “top secret” Intellipedia system, currently available to the 16 agencies that make up the U.S. intelligence community, has grown to more than 28,000 pages and 3,600 registered users since its introduction on April 17. Less restrictive versions exist for “secret” and “sensitive but unclassified” material. The system is also available to the Transportation Security Administration and national laboratories. Intellipedia is currently being used to assemble a major intelligence report, known as a national intelligence estimate, on Nigeria as well as the State Department’s annual country reports on terrorism, officials said. Some day it may also be the path intelligence officials take to produce the president’s daily intelligence briefing. But the system, which makes data available to thousands of users who would not see it otherwise, has also stirred qualms about potential security lapses following the recent media leak of a national intelligence estimate that caused a political uproar by identifying Iraq as a contributor to the growth of global terrorism. “We’re taking a risk,” acknowledged Michael Wertheimer, the intelligence community’s chief technical officer. “There’s a risk it’s going to show up in the media, that it’ll be leaked.” [Editor: Moving from ‘need-to-know’ to ‘need-to-share’; a classic knowledge management technique.]

GERMANY: NO NEED TO CONSULT WORKS COUNCIL PRIOR TO BANNING PRIVATE INTERNET USE (Hunton & William’s Brussels Privacy & E-Commerce Alert, 2 Nov 2006) -- In October 2006, the German Regional Labor Court of Hamm ruled that employers have the right to ban private use of e-mail and internet without consulting the works council. This rule also applies when private use of internet and e-mail was explicitly allowed by a previous company guideline. In addition, to the extent employees do not comply with the ban, employers are entitled to terminate their employment contracts. A copy of the decision (file number Az. 10 TaBV 1/06) can be requested (in German only) at:

INDIA’S BANGALORE CITY RENAMED BENGALOORU (Washington Post, 1 Nov 2006) -- India’s technology hub of Bangalore changed its name to its vernacular original Bengalooru on Wednesday in what is seen as a bid to appease locals upset at the influx of outsiders. The name change was announced to mark the 50th anniversary celebrations of the formation of Karnataka state, of which the city is the capital.

REPUBLICANS OUTNUMBER DEMOCRATS ONLINE (TechWeb, 1 Nov 2006) -- Republicans outnumber Democrats on the Web, and the most common political leaning is moderate, a Web research firm said Wednesday. 36.6 percent of U.S. online adults are Republicans, 30.8 percent are Democrats and 17.3 percent are Independents, Nielsen/NetRatings said. The Web site with the highest concentration of Republicans is, while had the highest percentage of Democrats. “The fact that the online population is more heavily composed of Republicans than Democrats is principally a function of the Republican party’s higher composition within the overall electorate,” Nielsen/NetRatings analyst Ken Cassar said in a statement. “This is exacerbated by the fact that online penetration continues to be deeper among affluent households, which have historically skewed Republican.” In its survey, Nielsen also found that 36.1 percent of respondents identified themselves as “moderate,” 32.5 percent as “conservative” or “very conservative,” and 19.8 percent as “liberal” or “very liberal.”

ID THEFT IS REAL, BUT WINNING DAMAGES IS ELUSIVE (ABA Journal, 3 Nov 2006) -- Between November 2001 and 2003, according to court records, Scott Levine stole confidential data from the computers of Acxiom Corp., a data bank based in Little Rock, Ark., that stores marketing information for its clients’ customers. Levine, an Acxiom client, sold the data to a marketing firm in Georgia for direct mail purposes, and Acxiom got justice when Levine was convicted of the crime. But Levine’s other victims decided they wanted justice, too. They are the individuals whose data may have been stolen. Last month, a U.S. District Court judge in the Eastern District of Arkansas dismissed a class action suit against Acxiom, as courts have thrown out other suits in recent months when groups of individuals have tried to sue companies for negligently handling personal data. Bell v. Acxiom Corp., No. 4:06CV00485-WRW (Oct. 3). The reason for dismissal in all of these cases is that no one was able to demonstrate damages stemming from the theft of their personal data. “We’re still stuck on this damages question,” says Jon Stanley, a Cape Elizabeth, Maine-based lawyer who practices in the areas of privacy, information security and cybercrime. “Even if you can prove damages, how do you prove that the damages you suffered were from a specific theft?” “More than three years after the theft, plaintiff has not alleged that she has suffered anything greater than an increased risk of identity theft,” Judge William R. Wilson Jr. wrote. “Because plaintiff has not alleged that she has suffered any concrete damages, she does not have standing under the case-or-controversy requirement.” In a similar federal case, Key v. DSW, No. 2:06-cv-459 (S.D. Ohio Sept. 27), the Columbus, Ohio-based shoe retailer DSW admitted unauthorized individuals stole approximately 96,000 customer records. But the court found the named plaintiff’s concerns about identity theft were not actual and imminent and were insufficient to sustain a class action suit.

OPEN SEASON ON E-MAIL? (ABA Journal, 3 Nov 2006) -- Not only is there no ethical duty for unsolicited e-mail, an ethics committee advises, but attorneys who receive such messages can even represent a client adverse to the sender of such e-mail. The opinion of the Legal Ethics Committee of the San Diego County Bar Association is only advisory, and it was issued with a dissent, which argued that a potential client could reasonably expect that an attorney would treat even an unsolicited contact as confidential. Ethics Opinion 2006-1. The opinion covers a hypothetical situation involving personal injury attorney “Lana Lawyer,” who receives an unsolicited e-mail from “Vicky Victim,” a driver involved in a five-car accident. In the e-mail, Victim tells Lawyer she was rear-ended by three cars and she had had three drinks before the five-car accident. Unfortunately, Lawyer already had had a conference with “Henry Hurt,” the driver of the first automobile in the accident. It turns out that information in Victim’s unsolicited e-mail could benefit Lawyer in her representation of Hurt. These were the questions before the ethics committee: (1) Is Vicky Victim’s unsolicited e-mail confidential? (2) Is Lana Lawyer precluded from representing Henry Hurt? (3) If not, can Lawyer use information received from Victim in that representation? (4) If Lawyer cannot represent Hurt, can she accept representation of Victim? The committee answered no to the first two questions and yes to the third, meaning that Lawyer had no duty of confidentiality arising from the unsolicited e-mail and that Lawyer could represent Hurt and even use the negative information received from Victim. But she could not represent Victim. The majority determined that sending the unsolicited e-mail did not constitute a “consultation,” and Victim was not a client for purposes of any attorney-client privilege. “Without more, an e-mail address is comparable to a street address and telephone number,” the majority wrote. Victim had no reasonable basis to believe that her unsolicited e-mail would be confidential. The majority concluded, “A sender’s subjective belief that by unilaterally sending an e-mail requesting a conference with an attorney for the purpose of representation is not reasonable where the attorney has no opportunity to interact with the sender prior to receiving the e-mail message.” The majority buttressed its result by citing Arizona State Bar Ethics Opinion 02-04 and Comment 2 to the ABA Model Rule of Professional Conduct 1.18, Duties to Prospective Client.

MICROSOFT AND NOVELL REACH DEAL ON LINUX (Financial Times, 3 Nov 2006) -- Microsoft struck an alliance with one of the leading open-source software companies on Thursday, signalling what could come to be seen as a landmark agreement in the war that has divided the software world in recent years. As part of the deal Microsoft said it would for the first time put some of its marketing effort behind a version of the Linux operating system. Microsoft has gradually revised its opposition to Linux, reflecting the fact that the rival system has become a mainstream part of many companies’ technology systems and that customers have started to demand easier ways to link systems that run on the rival software products. Steve Ballmer, Microsoft’s chief executive, who once called Linux “a cancer that attaches itself in an intellectual property sense to everything it touches”, yesterday said: “I certainly realise Linux plays an important role in the infrastructure of our customers and will continue to play an important role.” Microsoft said it would co-operate with Novell, whose Suse Linux is one of the most widely used versions of the software, to make the rival technologies work better together. The companies said they had been pressed by customers who use both technologies to overcome technical, business and legal disagreements that have made it difficult to run their systems alongside each other.

U.S. WEB ARCHIVE IS SAID TO REVEAL A NUCLEAR PRIMER (New York Times, 3 Nov 2006) -- Last March, the federal government set up a Web site to make public a vast archive of Iraqi documents captured during the war. The Bush administration did so under pressure from Congressional Republicans who had said they hoped to “leverage the Internet” to find new evidence of the prewar dangers posed by Saddam Hussein. But in recent weeks, the site has posted some documents that weapons experts say are a danger themselves: detailed accounts of Iraq’s secret nuclear research before the 1991 Persian Gulf war. The documents, the experts say, constitute a basic guide to building an atom bomb. Last night, the government shut down the Web site after The New York Times asked about complaints from weapons experts and arms-control officials. A spokesman for the director of national intelligence said access to the site had been suspended “pending a review to ensure its content is appropriate for public viewing.” Officials of the International Atomic Energy Agency, fearing that the information could help states like Iran develop nuclear arms, had privately protested last week to the American ambassador to the agency, according to European diplomats who spoke on condition of anonymity because of the issue’s sensitivity. One diplomat said the agency’s technical experts “were shocked” at the public disclosures. The documents, roughly a dozen in number, contain charts, diagrams, equations and lengthy narratives about bomb building that nuclear experts who have viewed them say go beyond what is available elsewhere on the Internet and in other public forums. For instance, the papers give detailed information on how to build nuclear firing circuits and triggering explosives, as well as the radioactive cores of atom bombs.

GERMAN CT RULES ISP MUST DELETE IP LOGS (BNA’s Internet Law News, 7 Nov 2006) -- The highest appeal court in Germany has decided that T-Online, one of the largest German ISPs has to delete all IP logs to guarantee the privacy of their customers. The decision does not mean that T-Online is now obliged to delete all their IP-logs; the customers first need to complain. But, if they ask T-Online to delete their IP-logs, the ISP has no other choice than to comply. German language decision at,1518,446838,00.html. Discussion at

APPEALS COURT WILL HEAR EFF/AT&T SPYING CASE (, 7 Nov 2006) -- The U.S. 9th Circuit Court of Appeals is the next stop on the Electronic Frontier Foundation’s (EFF’s) case against AT&T over alleged collaboration with the National Security Agency’s (NSA’s) domestic surveillance program. The court decided on Tuesday decided it would hear an appeal of a district court’s decision allowing the EFF’s case to go forward against the government and AT&T. The ruling is only an agreement to hear the case, not on the merits of the appeal. The case involves allegations that AT&T, then SBC, provided caller information to the NSA as part of its domestic surveillance program monitoring that monitored international phone calls to suspected terrorists in foreign countries. The government claimed that “state secret privilege” prevented the federal judiciary from determining whether the spying program is legal or not. In July, U.S. District Court Judge Vaughn Walker disagreed and ruled that the case could go forward.

LAWYERS FACE RIGHT TO BLOG (Chicago Tribune, 7 Nov 2006) -- Evan Brown, a 32-year-old Chicago lawyer, publishes a blog about legal developments involving the Internet. Other than a cute picture of his 1-year-old son sitting on his shoulders on the Web site, the online forum is a scholarly discussion for tech geeks like him. Yet, Brown acknowledges the blog,, has had some unintended business benefits. He has met about a dozen clients through his blog who have sought his advice on intellectual-property matters. “I think of that as a natural and healthy side effect of the blog,” said Brown, an associate at Hinshaw & Culbertson. “It’s certainly not the reason I started it.” That impact of Brown’s blog puts him at the leading edge of a debate about how attorneys communicate--and advertise. The marketing potential, whether explicit or not, of law-related blogs--or “blawgs” as some attorneys have come to call their online journals--is raising some tricky ethical questions for the profession, which regulates lawyer advertising. Those issues have come to the forefront in recent months, after ethics monitors in Kentucky found lawyer-written blogs to be advertising and subjected them to increased scrutiny. Regulators in New York have made bloggers nervous by proposing new advertising rules that also include electronic communications. Blogging has added a 21st Century twist to the broader ongoing debate within the profession about advertising by lawyers. In 1978, the U.S. Supreme Court gave lawyers the 1st Amendment right to advertise. States came up with guidelines to protect consumers from deceptive legal ads, paving the way for late-night TV ads and billboards featuring bankruptcy attorneys. But, even with the state protections, Warren Burger, former chief justice of the United States, once denounced “the outrageous breach of professional conduct we see in the huckster advertising of some attorneys.”,0,7074178.story?track=rss

NIST INFORMATION SECURITY HANDBOOK: A GUIDE FOR MANAGERS (NIST, 7 Nov 2006) -- NIST is proud to announce the release of Special Publication 800-100, Information Security Handbook: A Guide for Managers. This Information Security Handbook provides a broad overview of information security program elements to assist managers in understanding how to establish and implement an information security program. The purpose of this publication is to inform members of the information security management team [agency heads, chief information officers (CIO), senior agency information security officers (SAISO), and security managers] about various aspects of information security that they will be expected to implement and oversee in their respective organizations. This handbook summarizes and augments a number of existing National Institute of Standards and Technology (NIST) standard and guidance documents and provides additional information on related topics. Handbook at

13 NATIONS DENOUNCED FOR WEB CENSORSHIP (, 8 Nov 2006) -- The Internet enemies list numbers 13: Belarus, China, Cuba, Egypt, Iran, Myanmar, North Korea, Saudi Arabia, Syria, Tunisia, Turkmenistan, Uzbekistan and Vietnam. These are the countries singled out by the press freedom group Reporters Without Borders as the worst culprits for systematic online censorship, and they were targeted in the group’s 24-hour online protest ending at 5 a.m. Wednesday. The 13 countries “censor and block online content that criticizes them,” the organization said in defining its protest. “Multinationals such as Yahoo! cooperate with the Chinese government in filtering the Internet and tracking down cyber-dissidents.” Reporters Without Borders said it obtained a copy of the verdict in the case of Jiang Lijun, sentenced to four years in prison in November 2003 for his online pro-democracy articles in China. Reporters Without Borders said that the search engine company Yahoo! Inc. had helped Chinese police identify him.

YAHOO TO OFFER INSTANT MESSAGING INSIDE E-MAIL (Reuters, 9 Nov 2006) -- Yahoo Inc. making it easier to choose between e-mail and instant-messaging tools by bringing the two together in its popular free Yahoo Mail program, an executive said on Thursday. Yahoo Mail, which counts 250 million active monthly users, plans in coming months to incorporate the Yahoo Messenger instant-messaging program inside the e-mail service, Yahoo executive Brad Garlinghouse said. Consumers will be able to run the two programs in one Web browser. There is no need to download Yahoo Messenger software, a complication for users who are not technically inclined. Yahoo’s melding of e-mail and instant messaging follows the lead of rival Google Inc., which merged its Google Talk instant-message chat service with its Gmail e-mail program. But Yahoo’s audience is roughly 10 times larger than Google’s base of e-mail users, according to industry data. In the first public demonstration of the combined service at the Web 2.0 conference here, Garlinghouse and a colleague showed how, when a user opens up and addresses an e-mail, an icon appears if he or she is online. Clicking the icon instantly transforms a conversation from the delayed, read-it-when-you-have-a-chance way people use e-mail into the immediate back-and-forth of an instant message conversation.

SPEARS TEXT MESSAGES DIVORCE PLAN TO HUBBY (CNET, 9 Nov 2006) -- A video of Britney Spears’ soon-to-be ex-husband apparently getting a text message informing him that the pop princess had filed for divorce became the most viewed item on YouTube on Thursday, with more than 1 million hits. The Web video shows Federline taping a reality television show and talking about Spears being his biggest fan--until he gets a text message. Then he puts his head in his hands, rips off his microphone and disappears, returning 30 minutes later visibly upset. Spears, 24, abruptly filed for divorce from fledgling rapper Federline this week after two years of marriage--and two children--while he was filming in Canada. [Too much going on here *NOT* to post—privacy; YouTube; copyright; SMS-delivered “notice”; confidentiality of the show-under-production.]

LAWYERS RECEIVING ELECTRONIC DOCUMENTS ARE FREE TO EXAMINE ‘HIDDEN’ METADATA: ABA ETHICS OPINION (ABA Press Release, 9 Nov 2006) -- Lawyers who receive electronic documents are free to look for and use information hidden in metadata – information embedded in electronically produced documents – even if the documents were provided by an opposing lawyer, according to a new ethics opinion from the American Bar Association. The opinion is contrary to the view of some legal ethics authorities, which have found it ethically impermissible as a matter of honesty for lawyers to search documents they receive from other lawyers for metadata or to use what they find, according to the ABA Standing Committee on Ethics and Professional Responsibility. But the ABA committee said the only provision in the ABA Model Rules of Professional Conduct relevant to the issue merely requires a lawyer to notify the sender when the lawyer receives what the lawyer should reasonably know were inadvertently sent documents. It does not require the recipient to return those documents unread. The committee also made clear that it was not addressing situations in which documents are obtained through criminal, fraudulent, deceitful or otherwise improper conduct. The ABA committee noted metadata is ubiquitous in electronic documents, and includes such information as the last date and time that a document was saved and by whom, data on when it was accessed, the name of the owner of the computer that created the document and the date and time it was created, and a record of any changes made to the document or comments written into it. ABA Ethics Opinions at

U.S. SETTLES CIVIL CASE AGAINST BRITISH GAMBLING SITE BETONSPORTS (, 9 Nov 2006) -- U.S. Attorney Catherine Hanaway reached a settlement Thursday with online gambling company BetOnSports PLC which permanently bars the London-based company from accepting any bets from the United States. The settlement ends a massive civil case Hanaway filed this summer. The settlement also requires BetOnSports to open a toll-free telephone service to inform bettors how they can reclaim wagers pending before the suit was filed.

LARGEST U.S. WEBSITES GET MORE FOREIGN TRAFFIC (Information Week, 9 Nov 2006) -- Google Inc., Microsoft Corp., and Yahoo Inc. are among 14 of the top 25 U.S. Web properties that attract more foreign traffic than Web surfers from the U.S., a market research company said Thursday. The three companies each draw more than three-quarters of their traffic from other nations, ComScore Networks said. The overall traffic trend from outside the United States is an indication of the country’s shrinking share of the world’s online population, which is growing rapidly. In 10 years, the U.S. share has fallen to less than 25 percent from 65 percent. U.S. users overall, however, account for a slightly higher proportion of pages viewed, indicating that they’re a bit more engaged with many of the Web properties than their foreign counterparts, ComScore said. Google is one notable exception, with non-U.S. users accounting for 89.1 percent of page views. Examples of the top 25 U.S. sites that do not attract much attention from abroad include U.S.-based, telecommunications and cable companies, such as Verizon and AT&T; media entities, including Fox, which owns MySpace, New York Times Digital, and CBS; and major U.S. retailers, banks and airlines, such as Target, Wal-Mart, Bank of America and United Airlines, ComScore said.

CUSTOMERS TO SHOP BY IMAGE ON WEB SITE (AP, 9 Nov 2006) -- So you want those sleek pair of black boots worn by supermodel Tyra Banks or the bling bling sported by Paris Hilton? This holiday season, customers can get their chance with a new Web site called that bills itself as the first visual search engine, allowing consumers to search for items by appearance instead of just text and then purchase similar versions — at all price points — from 200 merchants’ Web sites. The site, operated by San Mateo, Calif.-based Riya, an expert in visual computing, allows customers to click on images of celebrities wearing accessories or on pictures of handbags, jewelry, shoes and watches. In a few weeks, the site will add clothing, according to Riya’s CEO and co-founder Munjal Shah. Eventually, customers will be able to download their own images onto the site. Shah said that the site features about two million different products from such merchants as and, and the company is adding 30,000 different products a day. uses face recognition technology; it looks inside a photo and creates a digital signature that describes the photo’s content and enables a more accurate search for similar looking items.

IN FLORIDA, ECHOES OF 2000 AS VOTE QUESTIONS EMERGE (New York Times, 10 Nov 2006) -- A Democrat who narrowly lost the Congressional race here is seeking a recount after dozens of people reported problems using Sarasota County’s touch-screen voting machines and a significant number of ballots had no recorded votes in the high-profile race. But his opponent, Christine Jennings, has not conceded, pointing to voting irregularities. The Democrat, Christine Jennings, lost to her Republican opponent, Vern Buchanan, by just 373 votes out of a total 237,861 cast — one of the closest House races in the nation. More than 18,000 voters in Sarasota County, or 13 percent of those who went to the polls Tuesday, did not seem to vote in the Congressional race when they cast ballots, a discrepancy that Kathy Dent, the county elections supervisor, said she could not explain. In comparison, only 2 percent of voters in one neighboring county within the same House district and 5 percent in another skipped the Congressional race, according to The Herald-Tribune of Sarasota. And many of those who did not seem to cast a vote in the House race did vote in more obscure races, like for the hospital board. More than 100 voters have told the Jennings campaign that their votes for her did not show up on the summary screen at the end of the touch-screen voting process, and that they had to re-enter them. The candidate’s lawyers said they feared that not everyone had noticed the problem or realized that they could re-enter the vote.
In a manual recount of touch-screen voting results, Mr. Ivey said, canvassers try to determine whether voters who skipped making a selection in a certain race did so unintentionally. But Rebecca Mercuri, a computer scientist and an expert on voting technology in Hamilton, N.J., who has been critical of electronic voting, said it would be impossible to figure out voter intent in a recount of touch-screen votes. A preliminary review by The Herald-Tribune found that if Ms. Jennings had won the same percentage of the 18,000 missing votes as she did among counted votes in Sarasota County, she would have won the race by about 600 votes instead of losing by 373. Some state officials, including Ms. Dent, the elections supervisor, theorized that many voters skipped the Congressional race because they were turned off by vitriolic campaigning. But Mr. Coffey said if that had been the case, other counties in the same Congressional district would have had similarly high “undervote” rates. So many voters reported similar problems in the state’s early voting period, Mr. Coffey said, that the Jennings campaign wrote a letter to Ms. Dent expressing concern. He said the results showed that an even larger portion of early voters — 20 percent of the total — did not vote in the Congressional race. By contrast, only 2 percent of voters using paper absentee ballots skipped the race, he said. Mr. Coffey said Ms. Jennings wanted independent experts to come test the county’s iVotronic voting machines, made by Election Systems and Software of Omaha. Ms. Dent did not return a call seeking comment on Wednesday.

**** RESOURCES ****
PRIVACY LOST (MSNBC, Oct 2006) – Who’s watching as you surf the Web, drive through the express lane, and shop for groceries? Multipart package on the loss of privacy in the U.S., including discussion on the difference between E.U. and U.S. law, and on the uneasy intersection between technology and security.

ELECTION LAW RESOURCE – From the Moritz College of Law at Ohio State University. Reports legal developments (and litigation); contains education resources, and podcasts. [Editor: particularly interesting this past week.]

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School,
2. Edupage,
3. SANS Newsbites,
4. NewsScan and Innovation,
5. Internet Law & Policy Forum,
6. BNA’s Internet Law News,
7. Crypto-Gram,
8. McGuire Wood’s Technology & Business Articles of Note,
9. Steptoe & Johnson’s E-Commerce Law Week,
10. Readers’ submissions, and the editor’s discoveries.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.