Sunday, December 03, 2006

MIRLN -- Misc. IT Related Legal News [12 November – 2 December 2006; v9.16]

**************Introductory Note**********************

MIRLN (Misc. IT Related Legal News) is a free product of the American Bar Association’s Cyberspace Law Committee and Dickinson Wright PLLC. Please feel free to distribute this message. Dickinson Wright’s IT & Security Law practice group is described at

Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN editions are archived at and blogged at

**************End of Introductory Note***************

ABA’S CYBERSPACE LAW COMMITTEE WINTER WORKING MEETING (January 26-27, 2007; Little Rock, Arkansas) -- Subcommittees will meet to advance on-going projects and to plan upcoming programs. A recent list of Committee projects is available at The Committee Dinner will be held Friday evening at the Clinton Library. Register online at The deadline to register is Friday, January 12, 2007. [Editor: Please come; this is consistently THE most productive gathering of IT lawyers working on real-world problems.]

**** NEWS ****

49 MILLION U.S. ADULTS NOTIFIED OF DATA BREACHES: STUDY (InformationWeek, 10 Nov 2006) -- An estimated 49 million U.S. adults have been told over the last three years that their personal information has been lost, stolen or improperly disclosed, a research firm said Friday. Most of the notifications came from government agencies and financial institutions, according to a national survey conducted by Harris Interactive in October. While many of the respondents did not believe there was any harmful result of the data breach, a small but significant number thought they may have seen some damage. Specifically, more than one in five adults said some organization had notified them that their personal information was improperly disclosed, translating into about 49 million people, Harris said. Among those adults, 48 percent were notified by a government agency, 29 percent a financial company, and 12 percent by a commercial company. Other organizations that had made notifications included educational institutions, 6 percent, and healthcare facilities, 5 percent. Fully 81 percent of adults notified of trouble perceived nothing harmful happening as a result, Harris said. The remaining 19 percent, or 9.3 million people, believed they suffered harm. Within that group, 78 percent said either merchandise was charged in their name, or some kind of fraud was committed that cost them money. The remainder said cash was taken from their bank account, a credit card was taken out in their name, or someone posed as them to receive a government benefit or service. Much of the damage suffered by victims was caused by friends and family, stolen wallets or purses, pilfered information from mailboxes or trash containers, and insider theft of personal data by employees of organizations, said Alan Westin, the Columbia University professor who helped design the survey. Nevertheless, enough people were harmed through mistakes by business, government, and other types of organizations to warrant stronger data security measures to retain the trust of customers, members, or citizens, Westin said in a statement. and

U.K. OUTLAWS DENIAL-OF-SERVICE ATTACKS (CNET, 10 Nov 2006) -- A U.K. law has been passed that makes it an offense to launch denial-of-service attacks, which experts had previously called “a legal gray area.” Among the provisions of the Police and Justice Bill 2006, which gained Royal Assent on Wednesday, is a clause that makes it an offense to impair the operation of any computer system. Other clauses prohibit preventing or hindering access to a program or data held on a computer, or impairing the operation of any program or data held on a computer. The maximum penalty for such cybercrimes has also been increased from 5 years to 10 years. The law that attempted previously to deal with this area of computer crime was the Computer Misuse Act 1990 (CMA), which was drafted before widespread use of the Internet began. and and,39024888,39163990,00.htm

COURT PROTECTS KIMBERLY-CLARK TRADEMARK ORANGE COLOR (IP Frontline, 10 Nov 2006) -- The United States District Court for the Northern District of Georgia, Atlanta Division, recently granted a permanent injunction in favor of Kimberly-Clark Corporation and Kimberly-Clark Worldwide, Inc. against ValuMax International, Inc. in a trademark infringement and dilution case involving color. Kimberly-Clark asserted trademark infringement, unfair competition and trademark dilution, violations of the Lanham Act, as well as a violation of the Georgia Deceptive Trade Practices Act and Georgia Trademark law regarding its Color Orange disposable medical face mask sold under the FLUIDSHIELD® trademark. The Color Orange is a registered trademark of Kimberly-Clark in connection with face masks. Kimberly-Clark claimed that ValuMax infringed its registered trademark by selling a disposable medical face mask of a “confusingly similar orange color.” The court ordered that ValuMax be permanently enjoined from using an orange color for its medical face mask product or from using any other mark which could cause confusion or dilute Kimberly-Clark’s trademark-registered Color Orange. It further ordered ValuMax to destroy all medical face masks of an orange color similar to that used by Kimberly-Clark as well as any product used to produce the orange color in contention.

PENNSYLVANIA COURT SAYS VIEWING CHILD PORN ‘NOT ILLEGAL’ (The Register, 10 Nov 2006) -- A US court has ruled that viewing child pornography on a website without deliberately saving it to a computer is not a crime. The judge said that the state penal code was ambiguous, so he must rule in favour of the defendant. Anthony Diodoro, a 26-year-old from Delaware County, Pennsylvania admitted knowingly viewing 370 child-porn images online. He also admitted that he had intentionally visited the websites for the purpose of viewing child porn. State law says that a person must have “knowing possession” of child pornography in order for it to be a crime. A panel of three judges in the Pennsylvania Superior Court concluded that Diodoro could not be convicted of knowingly possessing the images because there was no evidence that Diodoro knew that his computer was storing the images in its internet cache file. “Because this is a penal statute with an ambiguous term when it comes to computer technology, it must be construed strictly and in favour of the defendant,” wrote Judge Richard Klein. “A defendant must have fair notice that his conduct is criminal,” wrote Klein. “Because of the ambiguity, sufficient notice was not provided here. For this reason, we are constrained to reverse [a previous decision] and leave it to the Legislature to clarify the language if it intends to make the mere ‘viewing’ of child pornography a crime.” Klein said that it was well within the power of lawmakers to clarify the law, if that was their intention. “We note that it is well within the power of the Legislature to criminalize the act of viewing child pornography on a Web site without saving the image,” he concluded. In the UK, the Protection of Children Act can be used to convict someone for viewing child porn on the internet, regardless of whether or not they understood a computer’s cache function. “In the UK simply viewing images classes as a download because your computer makes images of them on your screen,” said Tony Fagelman of the Internet Watch Foundation, a body which works to minimise the availability of images of child abuse. “The decision is quite unusual, usually US law follows the same legal framework that we do in the UK.” Ruling at

-- and --

GOVERNMENT STUDY: INTERNET 1 PERCENT PORN (AP, 15 Nov 2006) -- About 1 percent of Web sites indexed by Google and Microsoft are sexually explicit, according to a U.S. government-commissioned study. Government lawyers introduced the study in court this month as the Justice Department seeks to revive the 1998 Child Online Protection Act, which required commercial Web sites to collect a credit card number or other proof of age before allowing Internet users to view material deemed “harmful to minors.” The U.S. Supreme Court blocked the law in 2004, ruling it also would cramp the free speech rights of adults to see and buy what they want on the Internet. The court said technology such as filtering software may work better than such laws. The American Civil Liberties Union, which challenged the law on behalf of a broad range of Web publishers, said the study supports its argument that filters work well. The study concludes that the strictest filter tested, AOL’s Mature Teen, blocked 91 percent of the sexually explicit Web sites in indexes maintained by Google Inc. and Microsoft Corp.’s MSN. Stark prepared the report based on information the Justice Department obtained through subpoenas sent to search engine companies and Internet service providers. Google refused one such subpoena for 1 million sample queries and 1 million Web addresses in its database, citing trade secrets. A judge limited the amount of information the company had to provide. Stark also examined a random sample of search-engine queries. He estimated that 1.7 percent of search results at Time Warner Inc.’s AOL, MSN and Yahoo Inc. are sexually explicit and 1.1 percent of Web sites cataloged at Google and MSN fall in that category.

-- and --

FEDERAL CASE MAY REDEFINE CHILD PORN (CNETE, 30 Nov 2006) -- Jeff Pierson is a photographer whose action shots of hopped-up American autos laying waste to the asphalt at Alabama dragways have appeared in racing magazines and commercial advertisements. Pierson’s Web site boasted he has the “most wonderful wife in the world and two fantastic daughters.” And until recently, he ran a business called Beautiful Super Models that charged $175 for portraits of aspiring models under 18. In a federal indictment announced this week, the U.S. Department of Justice accused Pierson, 43, of being a child pornographer--even though even prosecutors acknowledge there’s no evidence he has ever taken a single photograph of an unclothed minor. Rather, they argue, his models struck poses that were illegally provocative. “The images charged are not legitimate child modeling, but rather lascivious poses one would expect to see in an adult magazine,” Alice Martin, U.S. attorney for the northern district of Alabama, said in a statement. Pierson’s child pornography indictment arises out of an FBI and U.S. Postal Inspection Service investigation of so-called child modeling sites, which have been the subject of a series of critical congressional hearings and news reports in the last few years. An August article in The New York Times, for instance, called the modeling Web sites “the latest trend in child exploitation.”

KEEPING YOUR ENEMIES CLOSE (New York Times, 12 Nov 2006) – If you found yourself running a company suddenly branded one of the most reviled in the country — if, for example, you noticed that visitors to, a heavily visited consumer Web site, voted yours as the second “worst company in America” and you had just been awarded the 2005 “Lifetime Menace Award” by the human rights group Privacy International — you might feel obliged to take extraordinary steps. You might even want to reach out to your most vocal critics and ask them, “What are we doing wrong?” So it was in early 2005 that Douglas C. Curling, the president of ChoicePoint, a giant data broker that maintains digital dossiers on nearly every adult in the United States, courted two critics whom he had accused just months earlier of starting “yet another inaccurate, misdirected and misleading attack” on his company. Mr. Curling also contacted others who had spent years calling for laws requiring better safeguarding of personal information that ChoicePoint and other data brokers assemble — records such as Social Security numbers, birth dates, driver’s license numbers, license plate numbers, spouse names, maiden names, addresses, criminal records, civil judgments and the purchase price of every parcel of property a person has ever owned. “It was sort of like when I talk with my wife when she’s not happy with me,” Mr. Curling said of his dealings with some of ChoicePoint’s harshest critics. “It’s not exactly a dialogue I look forward to, but I can’t deny it’s important.” He also could not deny his motivations for engaging in these conversations: in the public’s mind, ChoicePoint had come to symbolize the cavalier manner in which corporations handled confidential data about consumers. [Editor: Long, excellent, thorough, piece on the fall, and rise, of ChoicePoint. Includes useful collateral graphics and timelines. Illuminates the social-engineering dimension of data security.]

-- and --

PLAINTIFFS STRIKE OUT IN DATA BREACH LAWSUIT AGAINST CHOICEPOINT (Steptoe & Johnson’s ECommerce Law Week, 22 Nov 2006) -- Databroker ChoicePoint in January agreed to a $15 million settlement with the Federal Trade Commission, resolving charges that the company’s security and record-handling procedures had permitted fraudsters to purchase access to the personal information of as many as 163,000 individuals, in violation of both the Fair Credit Reporting Act (FCRA) and the FTC Act. But private litigants have had a more difficult time cashing in on the ChoicePoint breach. Last month, in Harrington v. ChoicePoint, Inc., a consolidated class action suit, a federal court in California granted ChoicePoint’s motion for summary judgment on the plaintiffs’ FCRA claims, finding that the company’s records established that neither the content nor the communication of the plaintiffs’ information to fraudsters was of a nature that could establish a violation of FCRA. The ruling suggests that, absent specific evidence that the information allegedly disclosed contained the content of a consumer report and was actually transmitted to a third party, the plaintiff’s bar likely faces an uphill battle when attempting to recover for data breaches under FCRA.

GOOGLE EARTH IN 4D (ZDnet, 12 Nov 2006) -- Google skipped right past the third dimension and landed directly in the fourth (time) by offering historical maps on Google Earth. Now you can travel back in time — for example, I am looking at the globe of 1790. Don’t expect detailed high resolution photography from days gone by, but it’s still interesting to see old maps overlaid on the satellite imagery of today. Playing with layer transparency on the overlaid maps gives you a good sense of how things have changed over the years — especially when looking at more detailed maps like New York 1836 or London 1843. Currently, maps are available for:
* World Globe 1790
* North America 1733
* United States 1833
* Lewis and Clark 1814
* New York 1836
* San Francisco 1853
* South America 1787
* Buenos Aires 1892
* Asia 1710
* Tokyo 1680
* Middle East 1861
* England, Wales 1790
* London 1843
* Paris 1716
* Africa 1787
* Australia Southeast 1844
* Various other maps from Map Finder
To use this new feature, expand the Featured Content - Rumsey Historical Maps in the Layers panel.

UNDER THE THUMB IN THE UK? (BBC, 13 Nov 2006) -- Getting your fingerprints taken would once have meant only one thing. You were helping the police with their inquiries. Now such “biometric” identification is entering the mainstream of every day life. If you want to hire a car at Stansted Airport, you now need to give a fingerprint.

DID YOUR VOTE GET COUNTED? (Forbes essay by Bruce Schneier, 13 Nov 2006) -- Last week in Florida’s 13th Congressional district, the victory margin was only 386 votes out of 153,000. There’ll be a mandatory lawyered-up recount, but it won’t include the almost 18,000 votes that seem to have disappeared. The electronic voting machines didn’t include them in their final tallies, and there’s no backup to use for the recount. The district will pick a winner to send to Washington, but it won’t be because they are sure the majority voted for him. Maybe the majority did, and maybe it didn’t. There’s no way to know. Electronic voting machines represent a grave threat to fair and accurate elections, a threat that every American--Republican, Democrat or independent--should be concerned about. Because they’re computer-based, the deliberate or accidental actions of a few can swing an entire election. The solution: Paper ballots, which can be verified by voters and recounted if necessary. In the U.S., there have been hundreds of documented cases of electronic voting machines distorting the vote to the detriment of candidates from both political parties: machines losing votes, machines swapping the votes for candidates, machines registering more votes for a candidate than there were voters, machines not registering votes at all. I would like to believe these are all mistakes and not deliberate fraud, but the truth is that we can’t tell the difference. And these are just the problems we’ve caught; it’s almost certain that many more problems have escaped detection because no one was paying attention. And that assumes well-designed voting machines. The actual machines being sold by companies like Diebold, Sequoia Voting Systems and Election Systems & Software are much worse. The software is badly designed. Machines are “protected” by hotel minibar keys. Vote tallies are stored in easily changeable files. Machines can be infected with viruses. Some voting software runs on Microsoft Windows, with all the bugs and crashes and security vulnerabilities that introduces. The list of inadequate security practices goes on and on. [Editor: There’s more.]

-- and --

LAWSUIT ALLEGES E-VOTING NEGLIGENCE IN FLORIDA (CNET, 21 Nov 2006) -- Public-interest groups and concerned voters have launched a new attack on what was supposed to be a higher-tech solution to Florida’s hanging-chad brouhaha from the 2000 presidential contest. A lawsuit filed in state court Tuesday alleges that election officials in Sarasota County did a shoddy job of selecting and managing touch-screen machines during this year’s congressional election--and it calls for a re-vote. The left-leaning advocacy groups People for the American Way, Voter Action, American Civil Liberties Union of Florida and Electronic Frontier Foundation lodged the challenge on behalf of Republican and Democratic voters in the county. The legal action follows reports from election officials that more than 18,000 of the county’s ballots didn’t register a vote in the district’s U.S. House of Representatives race. That effectively meant 1 in 7 voters skipped that portion, which watchdogs said was an abnormally high “undervote” rate when compared with tallies from absentee ballots and from different brands of electronic machines used during the same election in neighboring counties. After conducting a recount, county officials on Monday certified Republican Vern Buchanan as the winner by a 369-vote edge over Democrat Christine Jennings, according to published reports. Jennings also filed a formal complaint in a county circuit court on Tuesday. Like the advocacy groups, she requested a new election and an investigation into the touch-screen machines, which she claimed were responsible for more than 17,000 of the missing votes. “This is clearly a case of machine error--not ballot design error and not voter error,” Jennings campaign attorney Kendall Coffey said in a statement. Complaint here:

BRITAIN KILLS EU ATTEMPT TO REGULATE NET VIDEO CLIPS (The Guardian, 14 Nov 2006) -- The British government is set to fight off proposed European rules that would make it responsible for overseeing taste and decency in video clips on sites such as YouTube and MySpace. Under a clause in the European media regulation directive TV Without Frontiers, national governments would be responsible for regulating the internet for the first time. Britain’s media watchdog, Ofcom, backed by the culture secretary, Tessa Jowell, argued that the plan was unworkable and would stifle creativity and investment in new media across Europe. Ofcom said internet users should be left to police themselves within the bounds of the law. Because internet technology does not respect borders, it argued, users would simply turn instead to websites in the US and elsewhere. In a statement of “general approach” before a vote in the EU assembly, the council of ministers yesterday bowed to pressure to limit government oversight to “TV-like” services on the web. That means Ofcom will regulate TV-style video downloads from major broadcasters, but not video clips on social networking websites. When it first objected, Ofcom had the support of only a handful of other EU member states, but it has since won them over. “Today’s outcome is testament to the substantial progress we have made in persuading our European partners to take our arguments on board,” said the creative industries minister, Shaun Woodward. Britain also won majority support for its line on the “country of origin” principle, which makes national regulators responsible for broadcasters operating from within their borders.,,1947176,00.html#article_continue

GOOGLE RESERVES $200 MILLION FROM YOUTUBE DEAL FOR COPYRIGHT ISSUES (, 14 Nov 2006) -- Google Inc. has set aside more than $200 million in its just-completed takeover of YouTube Inc. as a financial cushion to cover losses or possible legal bills for the frequent copyright violations on YouTube’s video-sharing site. Without elaborating in a late Monday statement, Google said it is withholding 12.5 percent of the stock owed to YouTube for one year ``to secure certain indemnification obligations.” The Mountain View-based company disclosed the escrow account in an announcement commemorating the completion of its much-anticipated YouTube acquisition. As of Tuesday afternoon, Google representatives hadn’t responded to requests for more details about the escrow account. Buying San Bruno-based YouTube cost Google 3.66 million shares of its prized stock, including a convertible warrant. As of Tuesday, those shares were worth $1.79 billion -- above the targeted purchase price of $1.65 billion announced last month. But the escrow account’s existence means YouTube’s former owners -- a small group led by co-founders Chad Hurley, Steve Chen, Jawed Karim and Sequoia Capital -- may never receive a substantial portion of the Google stock if YouTube runs into legal trouble or incurs other losses. The percentage of stock being held in escrow translates into about 457,000 Google shares worth about $224 million after the company’s stock price rose $8.27 Tuesday to close at $489.30 on the Nasdaq Stock Market. YouTube may become a more tantalizing target for copyright owners and their lawyers now that it’s owned by Google, a moneymaking machine that had accumulated $10.4 billion in cash through September. The much-smaller YouTube never turned a profit, and even required a $15 million infusion from Google to help pay its bills until the deal closed, according to disclosures made late Monday.

-- and --

UNIVERSAL SUES MYSPACE FOR COPYRIGHT VIOLATIONS (CNET, 17 Nov 2006) -- Universal Music Group sued late Friday, claiming that the social-networking site is infringing on the copyrights of thousands of songs and videos. Universal, owned by French media conglomerate Vivendi, claims that Myspace has looked the other way as users unlawfully uploaded copyright music videos. In a copy of court documents filed Friday in U.S. District Court in Los Angeles, Universal also accuses MySpace of aiding copyright infringement by reformatting clips so users can transfer them to friends or post them to other sites. “Defendants have made infringement free and easy,” Universal’s attorneys wrote in the filing, a copy of which was obtained by CNET “(MySpace) has turned MySpace Videos into a vast virtual warehouse for pirated copies of music videos and songs.” Complaint at

SANS NAMES TOP HACKER TARGETS (CNET, 15 Nov 2006) -- Microsoft’s Internet Explorer has been named one of the Internet’s top 20 hacker targets by a leading security organization. The SANS Institute also said Wednesday that Microsoft Office and Windows Libraries and Services are some of the most vulnerable applications available on computers today. But Microsoft was not alone in the annual list, released Wednesday. Apple Computer’s Mac OS X was also cataloged, along with “configuration weaknesses” The 2006 list is of the Top 20 Attack Targets, whereas previously it was named the Top 20 Internet Security Vulnerabilities. Written by members of the SANS Institute and security experts from the technology industry and government bodies, it indicates which network features could leave a company vulnerable to attack. List at

CALIFORNIA COURT EXPANDS IMMUNITY FOR BLOGGERS (Reuters, 21 Nov 2006) -- Individuals who use the Internet to distribute information from another source may not be held to account if the material is considered defamatory, the California Supreme Court ruled on Monday in a reversal of a lower court decision. The ruling supports federal law that clears individuals of liability if they transmit, but are not the source of, defamatory information. It expands protections the law gives to Internet service providers to include bloggers and activist Web sites. “We acknowledge that recognizing broad immunity for defamatory republication on the Internet has some troubling consequences,” California’s high court justices said in their opinion. “Until Congress chooses to revise the settled law in this area, however, plaintiffs who contend they were defamed in an Internet posting may only seek recovery from the original source of the statement,” the decision stated. The opinion, written by Associate Justice Carol Corrigan, addressed a lawsuit by two doctors who claimed defendant Ilena Rosenthal and others distributed e-mails and Internet postings that republished statements the doctors said impugned their character and competence. Decision at

-- and --

WEB PUBLISHER NOT LIABLE FOR DISCRIMINATORY HOUSING ADS POSTED BY THIRD PARTY (Trade Regulation Talk blog, 20 Nov 2006) -- Publishing company Craigslist was not liable for Fair Housing Act violations resulting from allegedly discriminatory advertisements posted on its website, the federal district court in Chicago has ruled. The Communications Decency Act operated to immunize the publisher from liability for content posted on its website by third parties. (Chicago Lawyers’ Committee for Civil Rights Under the Law, Inc. v. Craigslist, Case No. 06 C 0657, November 14, 2006). The Chicago Lawyers’ Committee for Civil Rights Under Law, Inc. (CLC), a public interest consortium of Chicago law firms, sought to hold Craigslist liable for discriminatory housing advertisements appearing on its website. Craigslist requested dismissal of the suit, arguing that, as an interactive computer service provider, the Communications Decency Act shielded it from liability for the third-party ads. Craigslist operates a website (accessible at “,” as well as other web addresses), that allows third-party users to post and read notices for, among other things, housing sale or rental opportunities. In typical month, more than 10 million items of user-supplied information are posted on the Craigslist website. The Fair Housing Act prohibits discrimination in the sale or rental of housing, including publishing and printing advertisements that discriminate or indicate a preference based on race, color, religion, sex, handicap, familial status, or national origin. 42 U.S.C. § 3604(c). Courts have held that Section 3604(c) applies to a variety of media, including newspapers and print publishers. CLC contended that Internet publishers like Craigslist should be held to the same standard of liability as print publishers under the Fair Housing Act. Craigslist asserted that the Communications Decency Act operated to immunize it from liability for content, including housing ads, posted on its website by third parties. The CDA provides that “[n]o provider . . . of an interactive computer service shall be treated as a publisher for information provided by another information content provider.” 47 U.S.C. § 230(c)(1). The court agreed with Craigslist. While the CDA does not grant immunity per se to website operators, it does prohibit causes of action based on the website operator’s status as a publisher. Decision at

VISTA’S EULA PRODUCT ACTIVATION WORRIES (SecurityFocus, 20 Nov 2006) -- Mark Rasch looks at the license agreement for Windows Vista and how its product activation component, which can disable operation of the computer, may be like walking on thin ice. The terms of Microsoft’s End User License Agreement (EULA) for its upcoming Vista operating system raises the conflict between two fundamental principles of contract law. The first, and more familiar, is that parties to a contract can generally agree to just about anything, as long as what they agree to doesn’t violate the law and isn’t “unconscionable.” The second principle is that the law generally disfavors the remedy of “self-help.” That is to say that, if there is a violation of the terms of a contract, you usually have to go to court, prove the violation, and then you are entitled to damages or other relief. The terms of the Vista EULA, like the current EULA related to the “Windows Genuine Advantage,” allows Microsoft to unilaterally decide that you have breached the terms of the agreement, and they can essentially disable the software, and possibly deny you access to critical files on your computer without benefit of proof, hearing, testimony or judicial intervention. In fact, if Microsoft is wrong, and your software is, in fact, properly licensed, you probably will be forced to buy a license to another copy of the operating system from Microsoft just to be able to get access to your files, and then you can sue Microsoft for the original license fee. Even then, you wont be able to get any damages from Microsoft, and may not even be able to get the cost of the first license back. [Editor: read the rest; then read the VISTA EULA – UCITA lives, apparently.]

OU PROVOST OKS FIRINGS OF IT MANAGERS (Computer World, 20 Nov 2006) -- Ohio University’s provost last week upheld the August firings of two IT managers in connection with a series of data security breaches, rejecting a recommendation by the school’s grievance committee that the workers be rehired and given public apologies. In letters sent last Wednesday to the two former IT employees, OU Provost Kathy Krendl said she reviewed their terminations and the grievance committee’s recommendation and concluded that the firings were justified. Krendl wrote in the letters to Thomas Reid, who had been director of communication network services at OU, and Todd Acheson, the school’s former Unix systems manager, that she supported the decision by CIO William Sams to fire the two men on grounds of “nonfeasance” of their duties. “I must conclude that responsibility for designing and maintaining a secure network resided in your office,” Krendl wrote. The finding of nonfeasance “does not indicate any intentional or purposeful wrongdoing,” she added. “It does not indicate that you intended to put our data at risk, but in fact, that was the result of failing to take the necessary proactive steps to protect confidential information.”

THE KID WITH ALL THE NEWS ABOUT THE TV NEWS (New York Times, 20 Nov 2006) -- When people in the television news business want to find out what’s going on in their industry, they turn to a blog called TVNewser. But while the executives obsessively checking TVNewser are mostly high powered and highly paid, the person who creates it is not: he is Brian Stelter, a baby-faced 21-year-old at Towson University here, a few miles north of Baltimore. “I’ve heard people joke that when TVNewser is dormant, the kid had a final or a big family dinner that he couldn’t get out of,” said Brian Williams, the NBC news anchor and a TVNewser devotee. “People from entry level to high and mighty check in on it.” When his postings dropped off last month after his girlfriend dumped him, Mr. Stelter found himself fielding complaints from powerful network executives about when he was going to get over his romantic travails and get back on track. Mr. Stelter’s blog (, a seven-day-a-week, almost 24-hour-a-day newsfeed of gossip, anonymous tips, newspaper article links and program ratings, has become a virtual bulletin board for the industry. It is read religiously by network presidents, media executives, producers and publicists, not for any stinging commentary from Mr. Stelter, whose style is usually described as earnest, but because it provides a quick snapshot of the industry on any given day. Habitués include Mr. Williams and Jonathan Klein, the president of CNN’s domestic operations, who long ago offered up his cellphone number to Mr. Stelter. “The whole industry pays attention to his blog,” said Jeffrey W. Schneider, a senior vice president of ABC News. “It would not surprise me if I refreshed my browser 30 to 40 times a day.” In April Mr. Stelter attended the White House Correspondents’ Dinner as a guest of MSNBC. “He was quite a celebrity,” said Jeremy Gaines, a spokesman for MSNBC. “Literally two tables over was George Clooney, and at our table was TVNewser, and people were waiting in line to see him.” Perhaps this is what the techno-geeks had in mind when they invented the Internet — a device to squash not only time and space, but also social class and professional hierarchies, putting an unprepossessing Maryland college student with several term papers due in a position to command the attention and grudging respect of some of society’s most famous and powerful personalities.

CLICK ON ME NOW OR VISIT ME LATER (New York Times, 20 Nov 2006) -- About a third of consumers sometimes click on banner advertisements on the Web. But twice as many consumers sometimes respond to such ads indirectly, avoiding clicking on them but later visiting the Web sites advertised, according to a survey by DoubleClick, an online marketing-software company. 6,121 adults were surveyed in July via an online panel adjusted to reflect the Internet-using population. The finding suggests that consumers prefer to reach sites on their own, rather than by linking through advertisements. “People are engaged in the content they’re looking at the time that they’re exposed to the ad, and they don’t want to navigate off the page,” said Rick Bruner, DoubleClick’s director of research. Marketers have been slow to come to that realization, and many still pay ad publishers only when an ad is clicked on. But an increasing number pay a fee for every thousand consumers who see the ad — effectively using Internet ads to generate awareness, as they would newspaper or television ads. That is often the compensation scheme behind elaborate, interactive ads like those for “Pirates of the Caribbean: Dead Man’s Chest” last summer.

FINANCIAL INSTITUTIONS URGED TO LOOK BEYOND FFIEC RULES (ComputerWorld, 21 Nov 2006) -- Financial institutions that truly want to bolster their online security need to look beyond the requirements of new strong authentication guidelines set to take effect Dec. 31, IT users and industry analysts said. The guidelines are from the Federal Financial Institutions Examination Council (FFIEC) and call on banks and credit unions to implement strong authentication measures to protect online users against ID theft and other types of fraud. They also urge financial institutions to upgrade current single-factor authentication processes -- typically based on usernames and passwords -- with a stronger, second form of authentication. The guidelines are not required by law, but the FFIEC has said it will start auditing banks for compliance next year. The guidelines have been successful in getting the financial industry to turn its attention to the issue of online security, said Avivah Litan, an analyst at Gartner Inc. in Stamford, Conn. About two-thirds of the financial institutions in the U.S. are likely to have stronger authentication processes in place by the time the deadline passes, she said. But because the focus is largely on front-end access controls -- and less on what happens at the transaction level -- the FFIEC guidance by itself is inadequate against emerging security threats, said Don Phan, an analyst at Javelin Strategy and Research in Pleasanton, Calif. “We don’t consider FFIEC guidance alone to be strong enough to make the consumer safer” against online security threats,” he said. “Financial institutions must set their goals higher than FFIEC compliance.” Phan recommends using risk assessment and alerting measures both at the log-in stage and for real-time monitoring of an account holder’s activities in-session. Such measures are needed to fight fraud that can result if hackers manage to compromise strong authentication processes during log-in, he said. Already, for instance, fraudsters have found a way to break the one-time passwords that some banks have begun using as a second form of user authentication, Phan said. Similarly strong authentication measures, such as two-factor authentication, don’t offer protection against so-called man-in-the-middle attacks where hackers are able to intercept and modify the traffic between two parties.

SURVEY: COMPANIES NOT PREPARED FOR NEW E-DISCOVERY RULES (ComputerWorld, 21 Nov 2006) -- Few corporations are prepared for the new federal rules slated to take effect Dec. 1 for electronic discovery of documents in civil cases, according to a survey conducted by Computerworld. About 42% of the 170 IT managers and staffers surveyed said they did not know the status of their company’s preparation for the new rules, while 32% said their company was not at all prepared. The new rules specify requirements for submitting electronic documents – including e-mail and perhaps even IM logs -- as evidence in civil cases. The rules were recommended in September 2005 by the Judicial Conference of the U.S. Supreme Court’s Committee on Rules of Practice and Procedure. If the survey is correct, a widespread lack of preparation that could lead to large fines to companies, said John Bace, an analyst at Gartner Inc. in Stamford, Conn., who said the Computerworld survey results are in line with his research. The new rules, described in a 300-plus-page document, require that companies that are involved in civil litigation meet within 30 days of the filing to decide how to handle electronic data. The firms must agree on what records are shared, which electronic format is used and a definition of “accessible data.” Of the Computerworld survey respondents, 15% said their company was halfway or somewhat prepared, while 5% said their company was completely prepared. Twenty-two percent said they had prepared for the new rules by reading about them, and a few said they had retained inside or outside counsel. Several respondents also said this was the first time they had heard of the new rules.

EU, U.S. IN TALKS OVER COMMON DATA PRIVACY RULES (Reuters, 22 Nov 2006) -- The European Union and the United States have launched talks to establish common guidelines over data privacy rules, EU and U.S. officials said on Tuesday. A committee of EU national data privacy supervisors is due to rule on Wednesday over the access to private transactions which the international banking network SWIFT gave the United States. SWIFT’s CEO Leonard Schrank said last week he expected the committee to rule that SWIFT broke EU privacy law. Divergent transatlantic views over data privacy rules in the fight against terrorism were also highlighted in talks over air passenger data sharing, on which the EU and the United States clinched a deal last month. “We need to establish common guidelines on theses issue, not just renegotiate agreement by agreement,” the EU’s Justice and Security Commissioner Franco Frattini told reporters in Lisbon. EU and U.S. senior officials held talks on data privacy during Frattini’s visit to Washington on Nov. 6 and will continue at senior level, another Commission official said. The dialogue focused on the role of the U.S. financial intelligence program in fighting terrorism globally and “on rigorous safeguards in place to protect the privacy of all citizens not engaged in terrorism,” U.S. Treasury Undersecretary Stuart Levey said in a statement in response to inquiries. Frattini said he proposed to the United States to create a permanent working group to bring data protection rules closer. “We need to exchange data with the U.S. because if that helps to stop a terrorist attack, we’re all happy. But we also need to protect innocent people data,” he said. EU lawmakers called on the EU and the United States last month to negotiate a wide-ranging agreement on security and data privacy.

CELL PHONE OWNERS GETTING NEW RIGHTS (CNN, 23 Nov 2006) -- Cell phone owners will be allowed to break software locks on their handsets in order to use them with competing carriers under new copyright rules announced Wednesday. Other copyright exemptions approved by the Library of Congress will let film professors copy snippets from DVDs for educational compilations and let blind people use special software to read copy-protected electronic books. All told, Librarian of Congress James H. Billington approved six exemptions, the most his Copyright Office has ever granted. For the first time, the office exempted groups of users. Previously, Billington took an all-or-nothing approach, making exemptions difficult to justify. “I am very encouraged by the fact that the Copyright Office is willing to recognize exemptions for archivists, cell phone recyclers and computer security experts,” said Fred von Lohmann, an attorney with the civil-liberties group Electronic Frontier Foundation. “Frankly I’m surprised and pleased they were granted.” But von Lohmann said he was disappointed the Copyright Office rejected a number of exemptions that could have benefited consumers, including one that would have let owners of DVDs legally copy movies for use on Apple Computer Inc.’s iPod and other portable players. The new rules will take effect Monday and expire in three years. In granting the exemption for cell phone users, the Copyright Office determined that consumers aren’t able to enjoy full legal use of their handsets because of software locks that wireless providers have been placing to control access to phones’ underlying programs. Billington noted that at least one company has filed lawsuits claiming that breaking the software locks violates copyright law, which makes it illegal for people to circumvent copy-protection technologies without an exemption from the Copyright Office. He said the locks appeared in place not to protect the developer of the cell phone software but for third-party interests. The exemption granted to film professors authorizes the breaking of the CSS copy-protection technology found in most DVDs. Programs to do so circulate widely on the Internet, though it has been illegal to use or distribute them. The professors said they need the ability to create compilations of DVD snippets to teach their classes -- for example, taking portions of old and new cartoons to study how animation has evolved. Such compilations are generally permitted under “fair use” provisions of copyright law, but breaking the locks to make the compilations has been illegal. Billington also authorized the breaking of locks on electronic books so that blind people can use them with read-aloud software and similar aides. He granted two exemptions dealing with computer obsolescence. For computer software and video games that require machines no longer available, copy-protection controls may be circumvented for archival purposes. Locks on computer programs also may be broken if they require dongles -- small computer attachments -- that are damaged and can’t be replaced. The final exemption lets researchers test CD copy-protection technologies for security flaws or vulnerabilities. Researchers had cited Sony BMG Music Entertainment’s use of copy-protection systems that installed themselves on personal computers to limit copying. In doing so, critics say, Sony BMG exposed the computers to hacking, and the company has acknowledged problems with one of the technologies used on some 5.7 million CDs.

WHO WILL SECURE THE SECURITY PROFESSIONALS? (Steptoe & Johnson’s ECommerce Law Week, 25 Nov 2006) -- This modern-day take on Roman satirist Juvenal’s old saw (“Quis custodiet ipsos custodes?” or “Who will watch the watchmen?”) has a modern-day answer: the Federal Trade Commission. The FTC announced on November 16 that data breach response specialist Guidance Software Inc. had settled charges that it had failed to provide “reasonable and appropriate security” for personal information stored on its corporate network, in violation of the “deceptive acts or practices” provision of the FTC Act. Although Guidance admitted no wrongdoing, it agreed to cease misrepresenting its security policies, implement a comprehensive information security program, and submit to 10 years of FTC oversight. The settlement should again remind companies that, in the opinion of the Commission, the broad language of the FTC Act provides ample basis for regulating corporate data security.

FRENCH PARLIAMENT DUMPING WINDOWS FOR LINUX (CNET, 27 Nov 2006) -- France’s gendarmes and Ministry of Culture and Communication have done it, and now members of the country’s parliament are about to switch to open source. Starting in June 2007, PCs in French deputes’ offices will be equipped with a Linux operating system and open-source productivity software. The project, backed by parliament members Richard Cazenave and Bernard Carayon of the Union for a Popular Movement party, will see 1,154 French parliamentary workstations running on Linux, with productivity software, the Firefox Web browser and an open-source e-mail client. [Editor: I’ve installed Linux and OpenOffice on an old PC, too. It was easy, intuitive (well, as intuitive as Microsoft’s stuff anyway), and free. OpenOffice documents seem entirely compatible with Microsoft applications.]

XEROX SEEKS ERASABLE FORM OF PAPER FOR COPIERS (New York Times, 27 Nov 2006) -- During the 1970s, researchers at Xerox’s Palo Alto Research Center explored a software technique called “garbage collection” used for recycling computer memory. The technique allowed the automatic reuse of blocks of memory that were storing unused programs and data. Today an anthropologist at the center, Brinda Dalal, has become a self-styled “garbologist” to assist in a joint effort with chemists at the Xerox Research Center of Canada to develop an “erasable paper” system. The goal is to recycle paper documents produced by the company’s copiers — potentially an unlimited number of times. What she has discovered is a notable change in the role of paper in modern offices, where it is increasingly used as a medium of display rather than storage. Documents are stored on central servers and personal computers and printed only as needed; for meetings, editing or reviewing information. The pieces of paper spewed from copiers frequently end up back in the recycling bin on the same day they are printed, she noted. Of the 1,200 pages the average office worker prints per month, 44.5 percent are for daily use — assignments, drafts or e-mail. In her research, scouring the waste produced by office workers, she found that 21 percent of black-and-white copier documents were returned to the recycling bin on the same day they were produced. Her research is part of a three-year-old technology development effort to design an add-on system for an office copier to produce “transient documents” that can be easily reused. The researchers now have a prototype system that will produce documents on a specially coated paper with a light yellow tint. The printed information on the document “disappears” within 16 hours. The documents can be reused more quickly by simply placing them in the copier paper tray. The researchers said that individual pieces of paper had been printed on up to 50 times, and the only current limit in the process appears to be paper life. Xerox said the precise nature of the technology was proprietary and that Xerox had applied for a number of related patents covering the invention. The researchers describe the invention as being based on compounds that can change color when they absorb a certain wavelength of light, but can then gradually revert to their original appearance. The compounds currently self-erase in about 16 to 24 hours, or can be erased immediately when heated.

VAUNTED LEGAL SCHOLAR SWITCHES SIDES IN SUPREME COURT PATENT CASE (, 27 Nov 2006) -- One of the nation’s top legal scholars on intellectual property has switched sides in a U.S. Supreme Court case that could decide how patents are granted. Mark Lemley, a Stanford University professor and of counsel at Keker & Van Nest in San Francisco, initially asked the high court to hear KSR International Co. v. Teleflex Inc. But then, in October, Lemley filed a brief asking the Court to take no action in the case, which is scheduled for oral argument on Tuesday. Lemley has already landed on the winning side of two high court patent fights this year. He filed an amicus brief supporting eBay Inc., which won its closely watched battle against MercExchange LLC in May. The next month he represented the defendant in LabCorp. v. Metabolite, persuading the Court to punt the case -- after it had already granted certiorari -- because of a procedural issue. His move in the current case could be a big boost to Teleflex, whose patent on an electronic gas pedal KSR is seeking to invalidate. It’s extremely rare, say Court observers, for a practitioner to change positions in a high court case. Roy Englert, a name partner at Robbins, Russell, Englert, Orserk & Untereiner in Washington, D.C., who has argued 16 cases before the Supreme Court, says the only time he can recall it happening was in 1989, when the U.S. solicitor general’s office withdrew its support in a case it initially urged the Court to hear. That’s what happened with Lemley. In June he and 23 other law professors urged the Supreme Court to hear KSR’s appeal. Then, in October, he and four different law professors signed on to an amicus brief siding with Telefle. xWhat happened? Lemley says that after he filed his June certiorari petition, the U.S. Court of Appeals for the Federal Circuit issued three decisions that made him change his mind. “If the Federal Circuit had issued those decisions two years ago, I would not have supported KSR’s petition for cert,” he says. He also notes that two new law review articles -- written by two of the professors who joined him on the Teleflex brief -- made him realize that the status quo doesn’t need fixing. The KSR case initially attracted the attention of reform-minded patent professors like Lemley, who believed that the Federal Circuit had been too loose with an important standard -- that patents should not cover obvious inventions. At the district court, KSR had argued that Teleflex’s patent should be invalidated because it covered an obvious invention. Neither gas pedals nor electronic sensors are new technology, KSR argued. There was nothing innovative in combining the two. The court agreed, but the decision was reversed on appeal. The Federal Circuit ruled that because no one had suggested combining these two technologies in any written prior art, the invention was not obvious. In their petition, Lemley and company argued that by relying so heavily on written prior art, the Federal Circuit had lowered the patent bar too far. Sometimes an invention is so obvious that no one ever even bothers to write about it, they said. But in the October amicus brief, Lemley urged the Court not to mess with the Federal Circuit’s current standard. “I still think there are obvious patents that slip through, but I think the Federal Circuit’s test is the best we’ve got right now,” Lemley now says.

PARAMOUNT, FOX EMBRACE BITTORRENT (CNET, 29 Nov 2006) -- Peer-to-peer company BitTorrent will begin distributing movies and TV shows for top entertainment companies starting this spring, the company is expected to announce Wednesday. In February, BitTorrent will launch a video store where customers can download movies from Hollywood studios such as Paramount Pictures, Lionsgate and Twentieth Century Fox Film, as well as TV shows from MTV Networks. Earlier this year, BitTorrent announced a similar partnership with Warner Bros. Home Entertainment. Financial terms of the agreement were not released. The deal comes at a time when Hollywood is looking for a winning Internet movie strategy. Short-form video distributed over the Net has caught fire at places like YouTube. Many in the digital-entertainment realm are preparing for a day when the Web will provide an effective and profitable distribution method for feature-length films. BitTorrent’s announcement comes a day after Wal-Mart Stores, the world’s largest retailer, launched its own movie download service. Other companies that have struck Net distribution agreements with studios are Apple Computer, which offers content via its iTunes Store, and video-sharing site Guba. Even by offering thousands of titles, San Francisco-based BitTorrent faces tough competition from the massive libraries of Wal-Mart and Amazon. Executives at BitTorrent say they plan to stand out from the pack by offering consumers the speediest way to download a movie. Developed in 2001, BitTorrent’s open-source distribution system was designed to help transfer large files over the Internet. BitTorrent allows a single file to be broken into small fragments that are distributed among computers. People then share pieces of the content with one another.

RUSSIA AGREES TO SHUT DOWN ALLOFMP3.COM (CNET, 29 Nov 2006) -- Russia has agreed to shut down and other music sites based in that country that the U.S. government says are offering downloads illegally. The nation has struck the agreement with the Office of the U.S. Trade Representative as it seeks entry to the World Trade Organization. The U.S. has suggested that it would hold up Russia’s acceptance in the WTO unless leaders there took action against digital piracy. “Russia will take enforcement actions against the operation of Russia-based websites,” according to a press release issued November 19 by the U.S. Trade Representative. “(Russia will) investigate and prosecute companies that illegally distribute copyright works on the Internet.”

HERE’S MY NUMBER (FOR TODAY) (New York Times, 30 Nov 2006) -- THERE is no shortage of ways to reach Airin McClain, a singer who lives in Philadelphia. She has a Web site, an instant messenger account, a MySpace page, four e-mail addresses and two mobile phones. Good luck getting one of those phone numbers, though. She would sooner tell you her weight. “Why would I give out my cell?” said Ms. McClain, 23. “I don’t need a guy I met at a bar one night calling me every day for the next two weeks begging me to go out. I want to filter out the people I don’t need to have contact with.” In an age of information oversharing, the mobile-phone number is one of the few pieces of personal information that people still choose to guard. Unwanted incoming calls are intrusive and time-consuming and can suck precious daytime cell-plan minutes. And the decision to give out a cell number can haunt you for years, as people now hold on to the numbers longer than their land-line numbers. Some people have found a way to avoid compromising the sanctity of their cellphone without committing the modern sin of being unreachable. Instead of giving out her cell number, Ms. McClain has recently been dispersing what has become known as a “social phone number.” This is a free number that is as disposable as a Hotmail address. A handful of Web sites are creating these mask numbers, which can be obtained in nearly every area code (users can either have a number in their own region, or make it look as if they have an office in New York City when they are actually operating out of rural Maine). These sites buy numbers in bulk at a discount, then generate profit by displaying ads and getting users of the free service to upgrade to billable plans with features like call forwarding, call blocking and outbound calling. For those who sign up, a recording prompts callers to leave a voice-mail message, and a text or e-mail message is then sent to the recipient to announce a new message, which can be picked up on the Web, by e-mail or by phone. Matt Wisk, creator of the social phone number provider (and chief marketing officer of the site’s parent company, United Online), said he got the idea to protect mobile numbers in 2005 when Paris Hilton’s cellphone was hacked into, spilling her contacts’ phone numbers all over the Internet. “I thought, ‘There’s got to be a better way,’ “ he said. made its debut in May, with the paradoxical tagline “My number is so private, I can make it public.” AOL introduced a similar service around the same time.,, and are other sites that offer similar services free, albeit without the benefit of customizable area codes.

EARLY ASTRONOMICAL ‘COMPUTER’ FOUND TO BE TECHNICALLY COMPLEX (New York Times, 30 Nov 2006) -- A computer in antiquity would seem to be an anachronism, like Athena ordering takeout on her cellphone. But a century ago, pieces of a strange mechanism with bronze gears and dials were recovered from an ancient shipwreck off the coast of Greece. Historians of science concluded that this was an instrument that calculated and illustrated astronomical information, particularly phases of the Moon and planetary motions, in the second century B.C. The instrument, the Antikythera Mechanism, sometimes called the world’s first computer, has now been examined with the latest in high-resolution imaging systems and three-dimensional X-ray tomography. A team of British, Greek and American researchers deciphered inscriptions and reconstructed the gear functions, revealing “an unexpected degree of technical sophistication for the period,” it said. The researchers, led by the mathematician and filmmaker Tony Freeth and the astronomer Mike G. Edmunds, both of the University of Cardiff, Wales, are reporting their results today in the journal Nature. They said their findings showed that the inscriptions related to lunar-solar motions, and the gears were a representation of the irregularities of the Moon’s orbital course, as theorized by the astronomer Hipparchos. They established the date of the mechanism at 150-100 B.C.

GOVERNMENT COMPUTERS QUIETLY RATE MILLIONS OF TRAVELERS FOR TERRORISM POTENTIAL (, 30 Nov 2006) -- For the past four years, without public notice, federal agents have assigned millions of Americans and other international travelers computer-generated scores assessing the risk they pose of being terrorists or criminals. The travelers are not allowed to see or directly challenge these risk assessments. And the government intends to keep them on file for 40 years. Earlier in November, the government disclosed the existence and details of the Automated Targeting System (ATS) for the first time in the Federal Register. Privacy and civil liberties lawyers, congressional aides and even law enforcement officers said they thought the ATS had been applied only to cargo. The scores are assigned to people entering and leaving the United States after computers assess their travel records, including where they are from, how they paid for tickets, their motor vehicle records, past one-way travel, seating preference and what kind of meals they ordered. The Homeland Security Department notice called it ``one of the most advanced targeting systems in the world” and said U.S. ability to spot criminals and other security threats ``would be critically impaired without access to this data.” Still, privacy advocates view ATS with alarm. ``It’s probably the most invasive system the government has yet deployed in terms of the number of people affected,” David Sobel, a lawyer at the Electronic Frontier Foundation, a civil liberties group devoted to electronic data issues, said in an interview. A similar DHS data-mining project for domestic air travelers -- now known as Secure Flight -- caused a furor two years ago in Congress, which has barred its implementation until it can pass 10 tests for accuracy and privacy protection.

TELECOMS PROVIDERS TO REVEAL SECURITY LAPSES (, 30 Nov 2006) -- Earlier this month, Nationwide Building Society revealed that a laptop belonging to one of its employees containing customer information had been stolen three months previously. While the company said the machine contained only limited information, the theft only became public knowledge after a journalist found out. The delay in revealing the theft has once again highlighted the debate over whether customers should be informed if there is a danger of their details falling into the wrong hands. European Commission legislation due to pass into law late next year addresses this issue. The Review of EU Regulatory Framework for Electronic Communications Networks and Services would force all suppliers of ‘electronic communications networks or services’ to notify regulators and customers of any breach of security that would result in customers’ personal data being made available to others. John Fell, partner at law firm Pinsent Masons, says the legislation, which will apply to telecoms provider firms and ISPs, is a significant advancement. ‘The Data Protection Act says you must put in place appropriate technical and organisational measures to prevent people gaining unlawful access to personal data, but this goes well beyond that, stipulating that if you are breached you have to tell people about it,’ he said. But Fell says there might be confusion in the application of the law. ‘When do providers disclose and to whom?’ he said. ‘If there is a network breach, who does BT tell? Does it tell the subscribers or does it have to tell every business it has a wholesale rental agreement with?’ There is also the question of liability. ‘I can see there being a lot of issues in a company that says if we notify customers, not just the authorities, we are holding ourselves up to potentially giving compensation that could be very expensive,’ said Fell.

**** RESOURCES ****
BACKGROUND DISCUSSION OF COPYRIGHT LAW AND POTENTIAL LIABILITY FOR STUDENTS ENGAGED IN P2P FILE SHARING ON UNIVERSITY NETWORKS (Joint Committee of the Higher Education and Entertainment Communities, Nov 2006) -- A group of college officials who are part of a joint task force involving higher education and the entertainment industry have issued a white paper on copyright issues raised by file sharing, a practice that is popular with students but (in many forms) infuriates producers of music and film. The new document updates one issued three years ago. Document at

BUSINESS.GOV RELAUNCHED (USG, Nov 2006) --, the official business link to the U.S. Government, is managed by the U.S. Small Business Administration (SBA) in a partnership with 21 other federal agencies. This partnership, known as Business Gateway, is a Presidential E-government initiative that provides a single access point to government services and information to help the nation’s businesses with their operations. Launched in 2004, initially focused on starting, growing and financing small businesses. Over the past few years, our users told us could serve businesses better by focusing on helping them comply with Federal regulations, a need that was not being met by any other Federal government program. In addition, businesses spend a lot of time complying with laws and regulations and worrying about what they don’t know. According to a report by the Small Business Paperwork Relief Task Force, the Office of Management and Budget estimated that in fiscal year 2003, it took businesses and citizens approximately 8.2 billion hours and $320 billion filling out paperwork and complying with government regulations. We listened to our users, and in October 2006, re-launched to focus on helping businesses comply with Federal regulations.

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School,
2. Edupage,
3. SANS Newsbites,
4. NewsScan and Innovation,
5. Internet Law & Policy Forum,
6. BNA’s Internet Law News,
7. Crypto-Gram,
8. McGuire Wood’s Technology & Business Articles of Note,
9. Steptoe & Johnson’s E-Commerce Law Week,
10. Readers’ submissions, and the editor’s discoveries.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.

No comments: