Saturday, December 23, 2006

MIRLN -- Misc. IT Related Legal News [3-23 December 2006; v9.17]

**************Introductory Note**********************

MIRLN (Misc. IT Related Legal News) is a free product of the American Bar Association’s Cyberspace Law Committee and Dickinson Wright PLLC. Please feel free to distribute this message. Dickinson Wright’s IT & Security Law practice group is described at http://tinyurl.com/joo5y.

Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at http://www.abanet.org/dch/committee.cfm?com=CL320000 (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN editions are archived at www.vip-law.com and blogged at http://mirln.blogspot.com/.

**************End of Introductory Note***************

**** MEETINGS OF NOTE ****
ABA’S CYBERSPACE LAW COMMITTEE WINTER WORKING MEETING (January 26-27, 2007; Little Rock, Arkansas) -- Subcommittees will meet to advance on-going projects and to plan upcoming programs. A recent list of Committee projects is available at http://www.abanet.org/dch/committee.cfm?com=CL320000. The Committee Dinner will be held Friday evening at the Clinton Library. Register online at http://www.abanet.org/buslaw/committees/CL320000pub/meetings.shtml. The deadline to register is Friday, January 12, 2007. [Editor: Please come; this is consistently THE most productive gathering of IT lawyers working on real-world problems.]

**** NEWS ****

COURT SIDES WITH ALLEGED ‘VACATION’ SPAMMER (CNET, 29 Nov 2006) -- When antispam activist Mark Mumma received unsolicited e-mails advertising cruise vacations two years ago, he posted a report on his Web site and threatened to sue Omega World Travel. But Mumma met with an unpleasant surprise: He was the one sued in federal court by Omega World Travel and its subsidiary Cruise.com, which demanded $3.8 million in damages for defamation. Mumma, who owns Oklahoma-based MummaGraphics and runs a one-man Web design and hosting shop at Webguy.com, filed counterclaims against the companies and CEO Gloria Bohan. The 4th Circuit Court of Appeals sided with the alleged spammers. In a little-noticed opinion issued in mid-November, a three-judge panel acknowledged the e-mail messages in question may have included a false Internet address and a nonworking “From:” address, but concluded that they nevertheless were permitted under the federal antispam law known as the Can-Spam Act. “The Can-Spam Act preempts MummaGraphics’ claims under Oklahoma’s statutes,” Judge James Harvie Wilkinson III wrote in an opinion published November 17 (click here for PDF). The Can-Spam Act “addresses ‘spam’ as a serious and pervasive problem, but it does not impose liability at the mere drop of a hat,” Wilkinson added. This ruling could prove to be a setback for other antispam activists for one major reason: It suggests that, thanks to the Can-Spam Act, state laws prohibiting fraudulent or deceptive communications won’t be all that useful against junk e-mail. “There’s been a lot of activity in the states to pass laws purportedly to protect their citizens” from spam, said Eric Goldman, a law professor at Santa Clara University. “The 4th Circuit may have laid waste to all of those efforts.” Goldman, who has written about the case, said the ruling that the federal Can-Spam Act trumps a state’s law “has to burst the bubble of a lot of antispam activists.” David Sorkin, a law professor at Chicago’s John Marshall Law School who edits the Spamlaws.com site, is more blunt. The ruling, he said, “vindicates those of us who view Can-Spam as pointless and potentially dangerous legislation.” http://news.com.com/2102-1030_3-6138874.html?tag=st.util.print Goldman’s analysis here: http://blog.ericgoldman.org/archives/2006/11/fourth_circuit_1.htm

MPAA KILLS ANTI-PRETEXTING BILL (Wired, 1 Dec 2006) -- A tough California bill that would have prohibited companies and individuals from using deceptive “pretexting” ruses to steal private information about consumers was killed after determined lobbying by the motion picture industry, Wired News has learned. The bill, SB1666, was written by state Sen. Debra Bowen, and would have barred investigators from making “false, fictitious or fraudulent” statements or representations to obtain private information about an individual, including telephone calling records, Social Security numbers and financial information. Victims would have had the right to sue for damages. The bill won approval in three committees and sailed through the state Senate with a 30-0 vote. Then, according to Lenny Goldberg, a lobbyist for the Privacy Rights Clearinghouse, the measure encountered unexpected, last-minute resistance from the Motion Picture Association of America. “The MPAA has a tremendous amount of clout and they told legislators, ‘We need to pose as someone other than who we are to stop illegal downloading,’” Goldberg said. Consequently, when the bill hit the assembly floor Aug. 23, it was voted down 33-27, just days before revelations about Hewlett-Packard’s use of pretexting to spy on journalists and board members put the practice in the national spotlight. http://www.wired.com/news/technology/0,72214-0.html

FBI TAPS CELL PHONE MIC AS EAVESDROPPING TOOL (CNET, 1 Dec 2006) -- The FBI appears to have begun using a novel form of electronic surveillance in criminal investigations: remotely activating a mobile phone’s microphone and using it to eavesdrop on nearby conversations. The technique is called a “roving bug,” and was approved by top U.S. Department of Justice officials for use against members of a New York organized crime family who were wary of conventional surveillance techniques such as tailing a suspect or wiretapping him. Nextel cell phones owned by two alleged mobsters, John Ardito and his attorney Peter Peluso, were used by the FBI to listen in on nearby conversations. The FBI views Ardito as one of the most powerful men in the Genovese family, a major part of the national Mafia. The surveillance technique came to light in an opinion published this week by U.S. District Judge Lewis Kaplan. He ruled that the “roving bug” was legal because federal wiretapping law is broad enough to permit eavesdropping even of conversations that take place near a suspect’s cell phone. Kaplan’s opinion said that the eavesdropping technique “functioned whether the phone was powered on or off.” Some handsets can’t be fully powered down without removing the battery; for instance, some Nokia models will wake up when turned off if an alarm is set. http://news.com.com/2100-1029_3-6140191.html

SENATOR PLEDGES MORE SCRUTINY OF GOVERNMENT’S TERRORIST SCREENING SYSTEMS (SiliconValley.com 1 Dec 2006) -- The incoming Senate Judiciary chairman pledged greater scrutiny Friday of computerized government anti-terrorism screening after learning that millions of Americans who travel internationally have been assigned risk assessments over the last four years without their knowledge. ``Data banks like this are overdue for oversight,” said Sen. Patrick Leahy, D-Vt., who will take over Judiciary in January. ``That is going to change in the new Congress.” The Associated Press reported Thursday that millions of Americans and foreigners crossing U.S. borders in the past four years have been assessed by the computerized Automated Targeting System, or ATS, designed to help pick out terrorists or criminals. The travelers are not allowed to see or directly challenge these risk assessments, which the government intends to keep on file for 40 years. Under specific circumstances, some or all data in the system can be shared with state, local and foreign governments and even some private contractors. ``It is simply incredible that the Bush administration is willing to share this sensitive information with foreign governments and even private employers, while refusing to allow U.S. citizens to see or challenge their own terror scores,” Leahy said. This system ``highlights the danger of government use of technology to conduct widespread surveillance of our daily lives without proper safeguards for privacy.” http://www.siliconvalley.com/mld/siliconvalley/news/editorial/16143019.htm

CORPORATES WANT STANDARDIZED REMITTANCE DATA IN WIRE TRANSFERS (Bank Systems & Technology, 1 Dec 2006) -- Businesses would be more likely to choose wire transfers for electronic payments -- rather than ACH or check -- if they were provided with more-standardized remittance information with wire payments, according to a joint study by The Clearing House Payments Company (which operates CHIPS) and the Federal Reserve Bank (operators of Fedwire). The two rivals in the wire space joined forces for the study, which examined responses from 381 corporate decision makers, hoping to encourage corporates to use wire transfers more often. Ninety-four percent of [corporate participants] said remittance information was valuable to them,” says Hank Farrar, SVP with The Clearing House (New York). “[They] understand the value of having information with their payments.” With standardized data, businesses can post payments to their internal systems with less manual intervention. “It makes it difficult to process a payment in a straight-through manner without remittance information,” says Ken Isaacson, an assistant VP with the Federal Reserve Bank of New York. What was eye-opening about the study, though, was that 58 percent of participants said they would pay extra for wires that included remittance information. “The corporates actually indicated they were willing to pay more for this information,” adds Isaacson. One of the chief impediments to including remittance information with wire payments is the lack of standards, according the report, “Business-to-Business Wire Transfer Payments: Customer Preferences and Opportunities for Financial Institutions.” “The problem is, you’ve got companies, banks and software providers all trying to figure out what to do about this,” explains The Clearing House’s Farrar. “Which way do you go? Corporates are looking for standards.” “As a result, we believe the wire transfer operators, banks and software vendors need to agree to a common standard for remittance information,” explains the Fed’s Isaacson. “We need to create the right incentive for this. ... Corporates are likely to use wire transfers more if the process becomes easier and more efficient.” http://www.banktech.com/feed/showArticle.jhtml?articleID=196601367

BANKING GROUPS RELEASE GUIDANCE FOR RESPONDING TO DATA BREACHES (Steptoe & Johnson’s E-Commerce Law Week, 2 Dec 2006) -- Companies that suffer a data security breach must negotiate a crazy quilt of state and federal laws. And even with the most adept handling, the breach may still damage customer confidence and companies’ reputations -- and draw the attention of the Federal Trade Commission, state Attorneys General, and the plaintiffs’ bar. In an effort to help financial institutions avoid these potential pitfalls, the BITS Financial Services Roundtable and the American Bankers Association recently released guidance for “developing and executing response programs.” Although intended primarily for financial institutions, the document also extends to other industries, advising “all entities that handle sensitive customer information” to implement “similar security standards.” And with Democrats hinting that data security and identity theft may be priorities in the coming congressional term, the document seems as much directed at lawmakers as at the business world. http://www.steptoe.com/publications-4048.html ABA Guidance at http://www.bitsinfo.org/downloads/Publications%20Page/BITSABADBNov06.pdf

INSURANCE COVERS KOREAN FINANCIAL LOSSES FROM HACKING (The Korea Times, 5 Dec 2006) -- Financial service providers [in Korea] will be required to insure customers’ accounts to cover financial damage caused by hackers and financial accidents beginning next month, the Financial Supervisory Service (FSS) said Tuesday. The FSS will make it compulsory for banks to sign insurance contracts that can cover financial damage of up to 2 billion won in the case of hackers and electronic system breakdowns. The policy is in line with toughened regulations on online financial transactions that will take effect beginning January. Commercial banks, the Industrial Bank of Korea and the National Agricultural Cooperative Federation must provide insurance that covers damage up to 2 billion won. The Korea Development Bank, the Korea Post and the National Federation of Fisheries Cooperatives must have insurance coverage of up to 1 billion won, while securities firms and stock-related financial firms must have coverage of 500 million won. Insurance companies must have policies that cover damages of up to 100 million won. The government is moving to oblige financial institutions to compensate consumers for virtually all financial losses from hackers’ intrusions into online financial accounts and personal data. http://times.hankooki.com/lpage/biz/200612/kt2006120519175511870.htm

BUSH ‘PRIVACY BOARD’ JUST A GAG (Wired, 6 Dec 2006) -- The first public meeting of a Bush administration “civil liberties protection panel” had a surreal quality to it, as the five-member board refused to answer any questions from the press, and stonewalled privacy advocates and academics on key questions about domestic spying. The Privacy and Civil Liberties Oversight Board, which met Tuesday, was created by Congress in 2004 on the recommendation of the 9/11 Commission, but is part of the White House, which handpicked all the members. Though mandated by law in late 2004, the board was not sworn in until March 2006, due to inaction on the part of the White House and Congress. The three-hour meeting, held at Georgetown University, quickly established that the panel would be something less than a fierce watchdog of civil liberties. Instead, members all but said they view their job as helping Americans learn to relax and love warrantless surveillance. “The question is, how much can the board share with the public about the protections incorporated in both the development and implementation of those policies?” said Alan Raul, a Washington D.C. lawyer who serves as vice chairman. “On the public side, I believe the board can help advance national security and the rights of American by helping explain how the government safeguards U.S. personal information.” Board members were briefed on the government’s NSA-run warrantless wiretapping program last week, and said they were impressed by how the program handled information collected from American citizens’ private phone calls and e-mail. Lisa Graves, the deputy director of the Center for National Security Studies, asked the board two simple questions: Did they know how many Americans had been eavesdropped on by the warrantless wiretapping program, and, if so, how many? Raul acknowledged in a roundabout way that the data existed, but said it was too sensitive to release. Graves then asked if the board had pushed to have that data made public, as the Justice Department is required to do with typical spy wiretaps. Raul declined to say. “It is important for us to retain confidentiality on what recommendations we have and haven’t made,” he said. Graves tried to push the issue of whether the board was going to be public or private, but chairwoman Carol Dinkins politely cut her off and ended the question-and-answer session. http://www.wired.com/news/technology/0,72248-0.html

CHANGES ARE EXPECTED IN VOTING BY 2008 ELECTION (New York Times, 8 Dec 2006) -- By the 2008 presidential election, voters around the country are likely to see sweeping changes in how they cast their ballots and how those ballots are counted, including an end to the use of most electronic voting machines without a paper trail, federal voting officials and legislators say. New federal guidelines, along with legislation given a strong chance to pass in Congress next year, will probably combine to make the paperless voting machines obsolete, the officials say. States and counties that bought the machines will have to modify them to hook up printers, at federal expense, while others are planning to scrap the machines and buy new ones. Motivated in part by voting problems during the midterm elections last month, the changes are a result of a growing skepticism among local and state election officials, federal legislators and the scientific community about the reliability and security of the paperless touch-screen machines used by about 30 percent of American voters. The changes also mean that the various forms of vote-counting software used around the country — most of which are protected by their manufacturers for reasons of trade secrecy — will for the first time be inspected by federal authorities, and the code could be made public. There will also be greater federal oversight on how new machines are tested before they arrive at polling stations. “In the next two years I think we’ll see the kinds of sweeping changes that people expected to see right after the 2000 election,” said Doug Chapin, director of electionline.org, a nonpartisan election group. “The difference now is that we have moved from politics down to policies.” Many of the paperless machines were bought in a rush to overhaul the voting system after the disputed presidential election in 2000, which was marred by hanging chads. But concerns have been growing that in a close election those machines give election workers no legitimate way to conduct a recount or to check for malfunctions or fraud. Several counties around the country are already considering scrapping their voting systems after problems this year, and last week federal technology experts concluded for the first time that paperless touch-screen machines could not be secured from tampering. http://www.nytimes.com/2006/12/08/washington/08voting.html?ex=1323234000&en=3477a8e068ee5994&ei=5090&partner=rssuserland&emc=rss

HP, CALIF. SETTLE SPYING LAWSUIT (Washington Post, 8 Dec 2006) -- California’s attorney general announced a $14.5 million civil settlement with Hewlett-Packard over its corporate spying scandal yesterday and said in an interview that he was exploring a possible settlement of criminal charges against the firm’s former chairman. Patricia C. Dunn was ousted as chairman in September after the HP ethics and spying scandal became public. California Attorney General Bill Lockyer filed fraud and conspiracy charges against her in October, a day after Dunn learned that she had suffered a relapse of ovarian cancer. Lockyer said he has been talking to Dunn’s attorney, James Brosnahan, about a potential settlement. “I’m sympathetic to her health problems,” Lockyer said in an interview, adding that there was “nothing yet that would indicate that settlements are likely.” The civil settlement involved a lawsuit the state filed against the computer giant in Santa Clara County Superior Court. Under the agreement, HP will pay $13.5 million to create a “privacy and piracy” fund to help state and local law enforcement fight privacy and intellectual property violations. The rest of the money will go to damages and to pay for the investigation. HP also agreed to strengthen in-house monitoring to ensure that future investigations launched by HP or its contractors will comply with legal and ethical standards and protect privacy rights. HP further agreed to hire an independent director, expand the duties of its chief ethics officer and chief privacy officer, beef up staff ethics training and create a compliance council to set policies for ethics programs. http://www.washingtonpost.com/wp-dyn/content/article/2006/12/07/AR2006120701067.html

TECH FIRMS SEEK FEDERAL DATA-PRIVACY LAW (SiliconValley.com, 8 Dec 2006) -- Microsoft Corp., Hewlett-Packard Co. and other high-tech companies are preparing to push for data-privacy legislation next year to replace what they consider an outdated patchwork of state and federal laws that are inconsistent and burdensome. ``We think the time has come for a comprehensive privacy bill that would protect consumers’ personal information while still allowing the flow of information needed for commerce online,” Ira Rubinstein, a Microsoft lawyer, said this week. Several recent high-profile breaches of consumers’ personal information have made consideration of privacy proposals more likely, Rubinstein said. The Social Security numbers and medical data of approximately 930,000 people were compromised this June, for example, when computer equipment belonging to insurance provider American International Group Inc. was stolen. Microsoft, HP and eBay Inc. earlier this year formed the Consumer Privacy Legislative Forum to lobby for privacy legislation. Google Inc., Intel Corp., Oracle Corp. and other companies later joined. The forum supports legislation that would set standards for what notice must be given to consumers about personal information collected on them and how it will be used, Rubinstein said. The companies are aiming for a law that would override any existing state laws and standardize privacy rules across industries. The group’s efforts will likely face some opposition, however. Marc Rotenberg, executive director of the Electronic Privacy Information Center, a consumer advocacy group, said the proposals, if adopted, would amount to an industry drafting its own regulations. Rotenberg also argued that the notices to consumers preferred by Microsoft and other companies are insufficient to protect online privacy. Instead, consumers should have access to the data that companies have on them and have more control over how they are used, he said, similar to the way consumers can currently access their credit reports. Rotenberg also opposes the pre-emption of state laws, which he said in many cases have better protections than federal rules. Many anti-spam experts complained when Congress in 2003 approved a measure that did not let individuals sue spammers and that pre-empted most state laws that did. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/16197575.htm

MAJOR BREACH OF UCLA’S COMPUTER FILES (L.A. Times, 12 Dec 2006) -- In what appears to be one of the largest computer security breaches ever at an American university, one or more hackers have gained access to a UCLA database containing personal information on about 800,000 of the university’s current and former students, faculty and staff members, among others. UCLA officials said the attack on a central campus database exposed records containing the names, Social Security numbers and birth dates — the key elements of identity theft — for at least some of those affected. The attempts to break into the database began in October 2005 and ended Nov. 21, when the suspicious activity was detected and blocked, the officials said. In a letter scheduled to be sent today to potential victims of the breach, acting Chancellor Norman Abrams said that although some Social Security numbers were obtained by the hackers, the university had no evidence that any of the information had been misused. “We take our responsibility to safeguard personal information very seriously,” Abrams said in the letter, which was scheduled to be mailed or e-mailed overnight to those whose records were compromised. “My primary concern is to make sure this does not happen again” and to provide information to try to minimize the risk of identity theft for those affected, he said. Abrams urged those whose records might have been accessed to monitor their consumer credit files and consider fraud alerts and other precautions. The UCLA incident is the latest in a series of computer security breaches affecting private organizations, financial institutions, government agencies and other large employers. Partly because of their tradition of openness, universities are proving to be a favorite — and often vulnerable — target, several experts in the field said Monday. In 2003, for example, a hacker at San Diego State used an outdated computer network in the drama department to find a way into the financial aid system. The Social Security numbers of more than 200,000 people were exposed. Foley and others interviewed said that although there was no evidence of any fraudulent or illegal use of the information, the UCLA breach, in the sheer number of people affected, appeared to be among the largest at an American college or university. “To my knowledge, it’s absolutely one of the largest,” said Rodney Petersen, security task force coordinator for Educause, a nonprofit higher education association that focuses on technology issues. He said most problems at universities have involved breaches of departmental or other, smaller databases. Comprehensive statistics on computer break-ins at colleges do not exist. But in the first six months of this year alone, there were at least 29 security failures at colleges nationwide, jeopardizing the records of 845,000 people. Both private and public institutions have been hit. In 2005, a database at USC was hacked, exposing the records of 270,000 individuals. http://www.latimes.com/news/local/la-me-ucla12dec12,0,7111141.story?coll=la-home-headlines

-- and --

UNIVERSITIES VULNERABLE TO ID THIEVES (Washington Post, 17 Dec 2006) -- Universities have become attractive targets for hackers who are taking advantage of the openness of the schools’ networks, their decentralized security and the personal information they keep on millions of young adults. A major database breach at the University of California, Los Angeles that went undetected for more than a year and a smaller breach at the University of Texas are the latest examples of how vulnerable colleges are to such attacks, security experts said. Universities account for more than 50 data breaches on a list of more than 300 so far this year as tracked by the Privacy Rights Clearinghouse. Hackers have broken into computer systems at Georgetown University, Ohio University, the University of Alaska and Western Illinois University, among others. “They are a major category, if not the major category,” Clearinghouse director Beth Givens said. Hackers also might have obtained the personal information of 6,000 people who worked for, applied to or attended the University of Texas at Dallas, school officials said last week. The information includes names and Social Security numbers, the school said. In some cases, addresses, e-mail addresses and telephone numbers also might have been obtained. In both cases, school officials stress there is no indication that any of the information has been used to obtain phony credit cards or commit identity-theft crimes. One reason university databases make such attractive targets is that Social Security numbers are routinely used to identify students. http://www.washingtonpost.com/wp-dyn/content/article/2006/12/17/AR2006121700302.html -- and -- related story excerpt: AN OMINOUS MILESTONE: 100 MILLION DATA LEAKS (New York Times, 18 Dec 2006) -- * * * In fact, educational institutions were twice as likely to report suffering a breach as any other type of entity, with government, general businesses, financial service and healthcare companies pulling up behind. “College and university databases are the ideal target for cyber criminals and unscrupulous insiders,” said Ron Ben-Natan, the chief technology officer of Guardium, a database security and monitoring company based in Waltham, Mass. “They store large volumes of high-value data on students and parents, including financial aid, alumni and credit card records. “At the same time,” Mr. Ben-Natan continued, “these organizations need open networks to effectively support their faculty, students and corporate partners.” http://www.nytimes.com/2006/12/18/technology/18link.html?ex=1324098000&en=1a4715bcf2898783&ei=5090&partner=rssuserland&emc=rss

-- and --

WHAT’S KEEPING THE TORT LAWYERS AT BAY (Computer World, 18 Dec 2006) -- Ever since security breaches became a regular happening, pundits have been saying liability lawsuits are sure to follow. Information security breaches have been dubbed “the next asbestos” because of the potential for courts to force companies to pay billions of dollars in damages to thousands of victims. But it probably will be many years before large numbers of victims of information leaks collect a dime. There are a couple of reasons why the deluge of security lawsuits hasn’t materialized, according to John Soma, a professor at the University of Denver College of Law and the executive director of its Privacy Foundation. For starters, there isn’t a legally recognized foundation for launching lawsuits over data breaches. The mere occurrence of a security breach is insufficient justification for filing a lawsuit, Soma says. Lawsuits charging negligence must show that accepted standards of performance weren’t met. But today’s standards of security performance are either immature or untested in court. Actual damages are the second criteria for a lawsuit. Asbestos victims were exposed to a hazardous substance and exhibit symptoms of deadly diseases directly linked to that exposure. So far, there haven’t been thousands of security breach victims who can demonstrate that they have actually suffered significant damages, although the potential for that to happen certainly exists. It isn’t even easy to file a lawsuit saying regulations were violated, because today’s security regulations are purposely nebulous. The lack of concrete details in federal security regulations, such as the rules under the Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act, make a poor target for the tort bar. Dan Langin, an information security lawyer in Overland Park, Kan., says the legal system is “at the stage where the compliance picture is being sorted out.” For example, the Securities and Exchange Commission’s guidance on internal controls required by Sarbanes-Oxley is nowhere near as specific as the Environmental Protection Agency’s regulations on asbestos exposure. HIPAA and Gramm-Leach-Bliley have vague security guidelines, too. And the security frameworks often used to comply with federal guidelines, ISO 17799 and the Control Objectives for IT and Related Technology (Cobit) from the IT Governance Institute haven’t been sanctioned by court decisions. Any lawsuits seeking to establish a precedent that makes these security frameworks a standard have probably been settled out of court to preempt that from happening. There have been some significant, well-publicized regulatory actions taken against companies that exposed confidential information… http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=275774&source=NLT_SEC&nlid=38

FEDERAL JUDGE: MAKING FILES AVAILABLE FOR DOWNLOAD = DISTRIBUTION (ArsTechnica, 10 Dec 2006) -- The RIAA’s argument that making files available for download constitutes copyright infringement received an important boost from a federal judge. In an decision delivered in October and first reported over the weekend, Judge Ann Aiken found that making songs available for download via a P2P application such as Kazaa is equivalent to distributing the files and forms a sufficient basis for a claim of copyright infringement, the first time that a judge has made such a ruling in a file-sharing case. The case in question, Elektra v. Perez, follows the pattern of the numerous other file-sharing lawsuits brought by the RIAA. After MediaSentry discovered a number of songs in a Kazaa user’s download folder, the RIAA filed a “John Doe” lawsuit which was supplanted once the defendant, Dave Perez, was identified by his ISP as the owner of the account allegedly used to share music. In his response, Perez denied the accusations of file sharing and said that even if he was responsible for the “perez@kazaa” account, merely making the files available in a shared folder for other Kazaa users falls short of infringement. The argument echoes that made in many other file-sharing cases, including Elektra v. Barker: distribution does not take place until someone actually downloads one of the songs from a Kazaa share, and that the RIAA would have to show that someone illegally downloaded the file in order to demonstrate that copyright infringement occurred. In the Elektra v. Barker case, the EFF filed an amicus brief outlining its position that sharing music files does not infringe the “distribution right” granted to copyright holders. It’s a difficult question, due in large part to the copyright law’s predating the “digital age.” As written, US copyright law explicitly says that in order to “distribute” a copyrighted work, an actual, physical exchange of a material object must take place. The EFf and other groups have urged the courts to define “distribution” as necessitating involving physical objects. Oddly enough, that position also embraces the pre-Internet concept of “distribution,” even though most would agree that the iTunes Store and other online music services selling purely digital goods engage in the authorized distribution of copyrighted works. Perez, the EFF, and others might use libraries to illustrate their arguments. A public library has a wide selection of copyrighted works available for patrons to use, read, watch, listen to, and even copy, within limits. However, the library is not responsible for what its patrons do once they borrow a book or DVD. In other words, its’s not the collection itself and public access to it that causes infringement, it’s the actions of those who use items in the collection. There are special provisions protecting libraries from the actions of their users, but online users may be responsible for what others do, should they even make it possible for others to get access to copyrighted materials. Judge Aiken ruled in favor of the RIAA. In her order, the judge noted that in a copyright infringement case, the plaintiff needs to do two things: demonstrate ownership of the material and show that the party accused of infringement “violated at least one exclusive right granted to copyright holders under 17 U.S.C. § 106.” Making songs available for download fulfills the second requirement, wrote Judge Aiken. http://arstechnica.com/news.ars/post/20061210-8393.html

TWO BIG RETAILERS SETTLE WITH BSA ON SOFTWARE PIRACY COMPLAINTS (Computer World, 12 Dec 2006) -- Payless ShoeSource Inc. and Burlington Coat Factory Warehouse Corp. have paid a combined total of nearly $425,000 to the Business Software Alliance for unlicensed software use, according to a statement released today by the BSA, a watchdog group representing the nation’s leading software manufacturers. The BSA today announced that Payless ShoeSource, a national discount shoe store retail chain, paid BSA $124,057 to settle claims that it had unlicensed copies of Adobe, Autodesk, Borland, Internet Security Systems, McAfee and Symantec software programs installed on its computers. In addition, according to the BSA, national department store chain Burlington Coat Factory paid the BSA $300,000 to settle claims that it had unlicensed copies of Microsoft and McAfee software programs installed on its computers. “Burlington Coat Factory understands the importance of software asset management,” the retailer’s CIO, Brad Friedman, said in a statement. “We have created a new software management policy and continue to refine its implementation to emphasize the importance of understanding each software company’s licensing requirements and using only fully licensed software. We also note that when these issues arose, effective corrective action was taken as soon as they came to management’s attention. “We are confident that all our software has been fully and appropriately licensed since then,” Friedman said. Both companies also agreed to delete any unlicensed copies of programs in use, purchase replacement software and strengthen their software management practices. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9005942&source=NLT_AM&nlid=1

-- and --

CHINA SIGNS LICENSING PACT WITH U.S., U.K. (CNET, 15 Dec 2006) -- The West’s struggle with China over software licensing issues took a new turn on Friday with the news that the Chinese government had signed a memorandum of understanding with four U.K. and U.S. trade associations. The associations involved are the Business Software Alliance and The Publishers Association in the U.K., and, in the U.S., the Association of American Publishers and the Motion Picture Association of America. The Chinese government has asked them to hand over a list of products they want protected as well as information about their own ongoing legal action against alleged copyright infringers. “This is primarily for enforcement,” said BSA’s regional director for the Asia Pacific region, Jeffrey Hardee, told Agence France-Presse. “We are concerned about...the use of unlicensed software within organizations.” The problems of unlicensed software and the misuse of copyright information are immense in China. The National Copyright Association of China will now be the custodian of information handed over by the four trade associations. http://news.com.com/2100-1014_3-6144063.html

VIRTUALLY ADDICTED (Business Week, 14 Dec 2006) -- By his own admission, James Pacenza was spending too much time in Internet chat rooms, in some of them discussing se. xHe goes so far as to call his interest in inappropriate Web sites a form of addiction that stems from the posttraumatic stress disorder he’s suffered since returning from Vietnam. Whatever it’s called, Pacenza’s chat-room habit cost him his job. After 19 years at IBM’s East Fishkill plant, Pacenza was fired in May, 2003, after a fellow employee noticed discussion of a sex act on a chat room open on Pacenza’s computer. IBM (IBM) maintains that logging onto the Web site was a violation of its business conduct guidelines and a misuse of company property—and that it was well within its rights to terminate Pacenza’s employment. Pacenza and his attorney beg to differ. They filed suit in a New York U.S. District Court in July, 2004, seeking $5 million for wrongful termination. Earlier in the year, Pacenza had admitted to a superior that he had a problem with the Internet at home. Pacenza’s attorney, Michael Diederich Jr., alleges that the perception that Pacenza was addicted to the Internet caused IBM to fire first without asking questions or “even attempting to examine the situation.” Diederich says there are several steps IBM could have taken, including limiting his Internet use or blocking certain sites. “It’s not productive or useful for the employer to unfairly terminate employees,” says Diederich. [C]ases like Pacenza’s, which involve Internet misuse, may no longer be quite so simple, thanks to a growing debate over whether Internet abuse is a legitimate addiction, akin to alcoholism. Attorneys say recognition by a court—whether in this or some future litigation—that Internet abuse is an uncontrollable addiction, and not just a bad habit, could redefine the condition as a psychological impairment worthy of protection under the Americans with Disabilities Act (ADA). That in turn would have far-reaching ramifications for how companies deal with workplace Internet use and abuse. http://www.businessweek.com/technology/content/dec2006/tc20061214_422859.htm?campaign_id=nws_insdr_dec16&link_position=link14

STOLEN BOEING LAPTOP HELD ID DATA ON 382,000 (CNET, 14 Dec 2006) -- Boeing has confirmed that a laptop stolen from an employee’s car contained sensitive information on 382,000 workers and retirees. It is third such incident at the aircraft giant in the past 13 months. The laptop contained names, home addresses, phone numbers, Social Security numbers and dates of birth for current and former Boeing employees. [Fool me once, shame on you; fool me three times? Actually, Boeing has reported 250+ laptop losses.] http://news.com.com/2100-1029_3-6143780.html

-- and --

BOEING EMPLOYEE FIRED AFTER LAPTOP STOLEN (CNET, 18 Dec 2006) -- Boeing announced last week it fired an employee who it said violated company policy by downloading sensitive information onto a laptop without using encryption technology. Boeing took the action after learning the laptop, which contained personal information about 382,000 Boeing employees and retirees, had been stolen from a car. http://news.com.com/2110-1029_3-6144454.html

CORPORATE BLOGS: HANDLE WITH CARE (Comment & Analysis, Business Week, 14 Dec 2006) -- Blogging has quickly emerged as a powerful tool of the modern enterprise. Through blogs, companies can market products and services, and make important strides toward building goodwill and brand loyalty. Companies can also use blogs as an effective means of communication by putting a human face on the corporation, countering negative publicity, and facilitating communications with current and potential customers. Seeing the value in blogging, a growing number of companies, including Sun Microsystems and Google, have established official corporate blogs and/or have implemented formalized policies to encourage employees to set up personal blogs that can be used, in part, to promote the company. While corporate-sanctioned blogging can benefit companies, it also can result in legal liability. Careless statements posted on a company-sanctioned blog can come back to haunt the company through litigation and other avenues. The legal issues raised by blogs can be grouped into several categories. First, there are potential intellectual-property issues to consider. New blogs tend to build on the work of existing blogs or other content through linking and copying. This can create legal concerns regarding copyright infringement if not conducted within the confines of the law. Inadvertent disclosure of company information in employee blogs can reveal trade secrets and jeopardize the protected status of that information. The disclosure of a third party’s trade secrets also can expose a blogger to liability for misappropriation. Sponsorship of blogs can also expose a company to defamation claims. U.S. law provides Web site operators with a certain level of immunity for content they publish; however, companies and their employees may be held liable if they are the authors, rather than the publishers, of defamatory statements on blogs. Moreover, false or misleading statements made on a corporate blog about the goods or services of a competitor may be grounds for trade libel action. Companies that collect personal information from a blog’s visitors or posters need to contend with the rapidly evolving legal and regulatory framework regarding privacy and data protection. Such companies may have liability for failure to comply with applicable state, federal, and foreign statutes and regulations. A blogger who discloses personal information about co-workers on a company blog, or on his own blog during company time, may also open the organization and himself to common-law tort actions for invasion of privacy. Blogging also can lead to potential securities concerns. Specifically, blogs can result in securities-fraud claims. Public companies must thus take special care to caution their employees against disclosing any nonpublic financial information in blogs. Personal [as opposed to company-sanctioned] blogging by employees, whether from home or the office, creates some thorny employment-law issues. For blogs that are company-sponsored or originate in the workplace, employers might be held vicariously liable on a theory that they failed to exercise control or implicitly endorsed the objectionable content by allowing the blogging. Finally, there are litigation issues to consider. Prior to developing a corporate blog or permitting employees to blog about the company in their personal blogs, companies should carefully consider the implications for discovery. In the event that litigation does arise in connection with blogs, problems can be compounded if a company has not maintained adequate archives of the blog information. Given the potential risks and liabilities of blogging, companies should develop and implement policies establishing the terms and conditions under which employees will be permitted to blog. While the specific contents of a blogging policy will have to be tailored to the organization’s particular goals, culture, and existing policies, there are certain common elements that all organizations should consider, including the following concepts in all blogging policies … http://uk.biz.yahoo.com/14122006/244/corporate-blogs-handle-care.html

FIRM NOT LIABLE FOR WORKER’S E-MAIL THREATS: COURT (Business Insurance, 15 Dec 2006) -- An employer whose employee sent threatening e-mail messages over the firm’s computer is immune from liability as an interactive computer service provider, says a California state appellate court. Thursday’s unanimous decision by a three-judge panel of the state appellate court in San Jose in Michelangelo Delfino et al. vs. Agilent Technologies Inc. upheld a lower court’s decision. The case was brought by Mr. Delfino and Mary E. Day, who had received threatening anonymous e-mail messages from Cameron Moore, who was then an employee of the Santa Clara, Calif.-based Agilent. Mr. Moore’s job was terminated by Agilent after he was arrested in connection with his conduct relating to Mr. Delfino, according to the opinion. The plaintiffs contended that a lower court was incorrect when it ruled that as an Internet provider under the Communications Decency Act of 1996, Agilent was immune from liability for Mr. Moore’s cyber threats. But the appellate court agreed with the lower court. “We are aware of no case that has held that a corporate employer is a provider of interactive computer services under circumstances such as those presented here,” said the appellate decision. “But several commentators have opined that an employer that provides its employees with Internet access through the company’s internal computer system is among the class of parties potentially immune under the CDA….In light of the term’s broad definition under the CDA we conclude that Agilent was a provider of interactive computer services.” http://www.businessinsurance.com/cgi-bin/news.pl?newsId=9071

THE LONG ARM OF THE (FTC’S) LAW GETS A LITTLE LONGER (Steptoe & Johnson’s E-Commerce Law Week, 16 Dec 2006) -- After more than a year of prodding by the Federal Trade Commission, early on December 9, the U.S. Congress gave final approval to the Undertaking Spam, Spyware, And Fraud Enforcement With Enforcers beyond Borders (U.S. SAFE WEB) Act of 2006. In addition to several measures intended to encourage information sharing and cooperation with foreign law enforcement, the Act extends the FTC’s authority to regulate “unfair or deceptive acts or practices” under the FTC Act to include acts or practices involving foreign commerce that: “(1) cause or are likely to cause reasonably foreseeable injury within the United States; or (2) involve material conduct occurring within the United States.” The U.S.SAFE WEB Act thus expands beyond U.S. borders the FTC’s already broad authority to regulate “unfair or deceptive ... practices.” Part of Congress’s intent is to help the FTC get a better handle on “spammers” and “scammers” that operate abroad but target U.S. residents. But foreign-based companies may be justifiably concerned that the FTC might use its new powers to pursue enforcement actions against them if they suffer a data breach involving personal information of US residents. http://www.steptoe.com/publications-4072.html

GOOGLE OFFERS PATENT SEARCH TO INVENTORS (NewsFactor.com, 15 Dec 2006) -- Google has launched a beta version of a service designed to help inventors search existing patents. The site is currently indexing the seven million patents granted by the U.S. Patent and Trademark Office (USPTO), and will add other patent sources in the coming months. The new service lets users search for patents in several ways, including by patent number, by the name of the inventor, or through keywords. The search technology is similar to Google’s method for displaying published information in its Book Search service. However, unlike the book-search service, which is unique to Google (and the other search engines bent on making vast collections of books searchable), the USPTO does offer online patent-search capabilities through its own Web site. http://news.yahoo.com/s/nf/20061215/bs_nf/48792

DVD SWAP SITE SWITCHES FROM CREDITS TO CASH (CNET, 17 Dec 2006) -- Peerflix is getting out of the barter economy. The DVD-trading site, which has about 250,000 regular users, will now let participants swap their old DVDs for money or monetary credit to buy other DVDs being sold on the network. The idea is to make exchanges on the site more liquid, the company’s CEO, Billy McNair, said in an interview. Until now, consumers could sell old DVDs on the site, but in return they got credits for buying someone else’s old DVDs. The discs were given number ratings (1, 2 or 3) rather than dollar values, depending on demand or rarity. Thus, in the old system, Independence Day and Crash may both have had an equivalent 2 value, and getting one for the other would have been a straight swap. Under the new system, Independence Day may be rated at $5.43, while Crash gets a $7.19 value, putting the person with Crash in a better position. “It brings in a profit motive that wasn’t there before,” McNair said. “There was also a learning curve with credits. Cash is easy to understand.” The monetary value of the discs is set by an algorithm developed by Peerflix. The company has also revamped the look of its site to make it easier for users to post movie reviews or information about their own cinematic likes and dislikes. Since 2005, the company has grown fairly rapidly and now processes about 30,000 to 50,000 trades a month. While consumers use the site to get rid of old DVDs and buy new ones for their collections, many use it as a substitute for renting movies, said McNair. People buy a DVD, but then trade it away again in a week. The short period of ownership becomes the equivalent of a rental. http://news.zdnet.com/2100-1040_22-6144169.html?part=rss&tag=feed&subj=zdnet

REMEDIAL RECRUITING — AT HARVARD (InsideHigherEd.com, 18 Dec 2006) -- A Harvard University economics department recruiting video for new Ph.D. students that could be described as spectacularly stodgy and stereotypically self-important has inspired considerable creativity in the department — in the form of parody videos now making their way to YouTube. “Ed Glaeser and I made the video in a misguided attempt to make the Harvard economics department’s Ph.D. admissions Web site more personal. Of course, if you have seen the video you know that the effect is rather different — pompous I would say,” John Campbell, an economics professor and a co-star star of the official show, wrote in an e-mail. In stilted tones, and with uncannily consistent eye contact, the two Harvard economics professors (one with his tie hanging rather awkwardly), welcome potential students, describe the campus visitation process and put in a good word for the department. “It’s like watching paint dry,” one YouTube poster wrote. “I didn’t think it was quite that exciting,” a second poster responded. http://insidehighered.com/news/2006/12/18/harvard. Harvard video at http://www.youtube.com/watch?v=mDJ_VHmaHgY [Editor: this really is a train-wreck; I went to Harvard, albeit in mathematics. The YouTube spoofs are cute, but probably not done by USC film majors.]

JUDGE STOPS BRIT FROM SELLING HOTMAIL LISTS (CNET, 18 Dec 2006) -- Microsoft has stopped a U.K. man from selling lists of e-mail addresses that were then being used by spammers. The technology giant took to court Paul Martin McDonald, who through his company Bizads sold e-mail addresses that were then used as spam lists. Microsoft sought and was granted a summary judgment against McDonald, arguing that his actions had caused Microsoft to suffer loss and damage to the goodwill it enjoyed as owner of the Web-based e-mail service Hotmail. The judge agreed with Microsoft that Bizads had breached the Privacy and Electronic Communications Regulations (PECR), a U.K. law that includes regulations designed to halt the sending of unsolicited e-mail. “The evidence plainly established that the business of Bizads was supplying e-mail lists of persons who had not consented to receive direct marketing mail and that it had encouraged purchasers of the lists to send e-mails to those people,” the judge said. The judge ruled that Microsoft had suffered a loss as a result of the breach of the PECR and was entitled to compensation and an injunction restraining McDonald from instigating the transmission of commercial e-mails to Hotmail accounts. http://news.com.com/2100-7348_3-6144548.html

NEW ARMY COIN MANUAL (FM 3-24) (Nat’l Security Law listserve, by Bobby Chesney, 17 Dec 2006) -- The Army’s long-awaited counterinsurgency doctrine manual, FM 3-24, is now available. The 282-page doctrine contains a section on legal considerations, at Appendix D (nothing particularly surprising or controversial in it, but it nonetheless is interesting reading). [Editor: also, vaguely interesting “Social Network Analysis” discussion at Appendix B, especially at/after B-7.] FM 3-24 is posted here: http://www.fas.org/irp/doddir/army/fm3-24.pdf From the summary: “This manual is designed to fill a doctrinal gap. It has been 20 years since the Army published a field manual devoted exclusively to counterinsurgency operations. For the Marine Corps it has been 25 years. With our Soldiers and Marines fighting insurgents in Afghanistan and Iraq, it is essential that we give them a manual that provides principles and guidelines for counterinsurgency operations. Such guidance must be grounded in historical studies. However, it also must be informed by contemporary experiences. This manual takes a general approach to counterinsurgency operations. The Army and Marine Corps recognize that every insurgency is contextual and presents its own set of challenges. You cannot fight former Saddamists and Islamic extremists the same way you would have fought the Viet Cong, Moros, or Tupamaros; the application of principles and fundamentals to deal with each varies considerably. Nonetheless, all insurgencies, even today’s highly adaptable strains, remain wars amongst the people. They use variations of standard themes and adhere to elements of a recognizable revolutionary campaign plan. This manual therefore addresses the common characteristics of insurgencies. It strives to provide those conducting counterinsurgency campaigns with a solid foundation for understanding and addressing specific insurgencies.”

COUNTIES WORK TO HIDE DATA (ComputerWorld, 18 Dec 2006) -- On Oct. 10, the Orange County comptroller’s office in Florida completed an 18-month project to remove sensitive personal information from images of official public records posted on its Web site. The $750,000 effort involved a review of over 30 million pages in more than 12 million documents to look for data such as Social Security, bank account, and credit and debit card numbers. In the end, 777,635 pages — 2.6% of the total reviewed — were found to contain personal data and were redacted. “There’s going to be something we missed,” acknowledged Carol Foglesong, the county’s assistant comptroller. “But I think we got 99%” of the items that needed to be removed. Orange County’s efforts are being replicated in dozens of counties nationwide as local governments scramble to pull documents from their Web sites or black out personal data from images of title deeds, tax liens, court papers and other public records. As reported by Computerworld earlier this year, such images often contain personal identifiers and usually are accessible to anyone with Internet access. That has made county Web sites a veritable treasure-trove of information for identity thieves, according to privacy advocates. Many county governments still haven’t begun to address the prevalence of personal data, despite heightened public concerns about identity theft, said B.J. Ostergren, a privacy advocate in Richmond, Va. But a growing number appear to be attempting to fix the problem, she added. “I think a lot of people are beginning to put the skids on this sort of stuff,” Ostergren said. In October, for example, the council that oversees Washington’s King County, which includes Seattle, passed an ordinance requiring that the county recorder’s office remove online access to all title deed documents. The vote followed a council member’s discovery of more than 200 Social Security numbers, including those of several public officials and professional athletes, in title deeds on the county’s Web site. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=277308&source=rss_topic17

LAWSUIT CHALLENGES GOVERNMENT’S RIGHT TO READ YOUR E-MAIL (Minneapolis Star Tribune, 18 Dec 2006) -- The government needs a search warrant if it wants to read the U.S. mail that arrives at your home. But federal prosecutors say they don’t need a search warrant to read your e-mail messages if those messages happen to be stored in someone else’s computer. That would include all of the Big Four e-mail providers -- Yahoo, AOL, Hotmail and Google -- that together hold e-mail accounts for 135 million Americans. Twenty years ago, when only a relative handful of scientists and scholars had e-mail, Congress passed a law giving state and federal officials broad access to messages stored on the computers of e-mail providers. Now that law, the Stored Communications Act of 1986, is being challenged in federal court in Ohio by Steven Warshak, a seller of “natural male enhancement” products who was indicted for mail fraud and money laundering after federal investigators sifted through thousands of his e-mails. The government isn’t saying it has unfettered access to e-mail. But e-mail users should not expect privacy when they allow an outside party to store their messages, prosecutors argue. In fact, many e-mail providers require their customers to sign agreements acknowledging that the provider may release customer information as required by law. E-mail providers also routinely screen messages for spam, viruses and child pornography. That further undermines claims to the privacy of e-mail, government attorneys say. Advocates for Internet privacy and civil liberties are watching the Warshak case closely. In their view, e-mail deserves the same protection as snail mail, which can’t be opened by government agents without a search warrant. “This points to a very scary future unless we fix it,” said Kevin Bankston, an attorney with the San Francisco-based Electronic Frontier Foundation, which filed a brief in support of the challenge. “The average person expects that no one is going to read their e-mail except the person they send it to.” http://www.startribune.com/789/story/884388.html

FRANCE: SUPREME COURT RULES AGAINST ENCRYPTION OF WORK FILES BY EMPLOYEES (Hunton & Williams, Privacy & E-Commerce Alert, 19 Dec 2006) -- On October 18, 2006 the French Supreme Court upheld two prior lower court decisions and ruled that all files stored on an employee’s computer are presumed to be professional documents and subsequently that employers must always be allowed access to them. Accordingly, the encryption of files by employees so as to prevent access by supervisors constitutes a ground for termination. The ruling is available (in French only) at: http://www.liaisons-sociales.com/fichiers/arrcass04-48_025_236.pdf

-- but --

FRENCH COURT FAVORS PERSONAL PRIVACY OVER PIRACY SEARCHES (International Herald Tribune, 21 Dec 2006) -- A French court has ruled that music companies and other copyright holders cannot conduct unrestrained Internet monitoring to find pirates. The decision, which could leave record companies open to lawsuits in France for invasion of privacy, pits European Union-sanctioned data protection rules against aggressive tracing tactics used by the music and film industry. “The judge’s decision defends the privacy of individuals over the intrusion from record labels,” said Aziz Ridouan, president of the Association of Audio Surfers, a group that defends people charged with illegal downloading. “This should send a strong message and hopefully affect every one of the hundreds of people defending themselves.” The case involved an Internet user in the Paris suburb of Bobigny whose internet provider address — a unique computer identifier — was traced while the user was on the peer-to-peer software Shareaza. “The right-holders found the IP address of my client and reported it to the police,” said Olivier Hugot, the defending lawyer, who declined to name his client. “The annulment of the case is important because it has direct impact on the tactics used by record companies in dozens of cases in France.” The organization responsible for tracing down Internet users, the Society of Music Authors, Composers and Publishers, played down the impact of the court decision and said that it would appeal. http://www.iht.com/articles/2006/12/21/business/privacy.php

REGULATOR SAYS MORGAN STANLEY WITHHELD E-MAIL IN CASES (New York Times, 20 Dec 2006) – The NASD, the nation’s largest self-regulatory organization for the securities industry, accused Morgan Stanley yesterday of routinely failing to provide e-mail messages to aggrieved customers who had filed arbitration cases against the firm over three and a half years and with making false claims that millions of e-mail messages in its possession had been lost in the Sept. 11 attack on the World Trade Center. The regulator also contended in its complaint against Morgan Stanley that the firm regularly destroyed millions of e-mail messages by overwriting its backup tapes and by allowing employees to delete messages. Securities and Exchange Commission rules require that firms keep all e-mails and business communications for three years. Morgan Stanley’s failure to provide e-mail messages relating to arbitration cases began in October 2001, the NASD said, and extended through March 2005. While claiming that the World Trade Center disaster had destroyed many of its e-mail messages, Morgan Stanley actually held millions of pre-Sept. 11 e-mail messages that were restored to its system from backup tapes shortly after the attack, NASD said. Many other of the firm’s e-mail messages were maintained on individual users’ computers and therefore were not affected by the attacks, regulators said. Yet Morgan Stanley often failed to search those computers when responding to document requests. “We think what happened here was unprecedented,” said James S. Shorris, head of enforcement at NASD. “The firm’s actions undermined the integrity of the regulatory and arbitration processes, potentially leaving in question the validity of the outcomes in hundreds of cases.” Rather than ask that Morgan Stanley pay a fine to settle the case, NASD has asked that it be required to provide relief to arbitration claimants whose cases might have been helped by the e-mail that was missing or not produced. http://www.nytimes.com/2006/12/20/technology/20email.html?ex=1324270800&en=1dbcb5b148de3d95&ei=5090&partner=rssuserland&emc=rss

BRITISH LAW GOES ONLINE (ComputerActive, 20 Dec 2006) -- The British government has made the entirety of the country’s law statutes available online. The Statute Law website contains the ‘official revised edition’ of the UK’s primary legislation - that is, any acts passed by parliament. The database includes details of how laws have changed over time, as well as how existing laws will be amended by future legislation that is not yet in force. The content - all 30,000 items - is available for free for private use. In addition to acts of parliament, the website also contains secondary legislation - laws passed directly by the goverment of the day - that has come into effect since 1991. In addition to national law, the database also contains acts of the Scottish parliament and the Northern Ireland assembly. http://www.activehome.co.uk/computeractive/news/2171338/british-law-goes-online/ British law website at http://www.statutelaw.gov.uk/

CT RULES UNAUTHORIZED LINK TO WEBCAST INFRINGES COPYRIGHT (BNA’s Internet Law News, 21 Dec 2006) -- BNA’s Electronic Commerce & Law Report reports that a federal court in Texas has ruled that a webcast of a live sporting event is copyrightable, and its owner has the right to prevent another from displaying an unauthorized link to that webcast. The webcaster complained that the link frustrated the company’s efforts to market itself to advertisers as the exclusive source of the webcasts. Case name is Live Nation Motor Sports Inc. f/k/a SFX Motor Sports Inc. v. Davis d/b/a TripleClamps.

GOOGLE’S BLOGGER ADDS PRIVACY OPTIONS (SiliconValley.com, 21 Dec 2006) -- Google Inc. has released a new version of its Blogger service, adding privacy settings that restrict readership to a predetermined audience. Users can choose to have blogs accessible to anyone or just to themselves. Or they can list the e-mail addresses of the people they want to let in. Those readers would need to register for a free Google account - the same used for its Gmail and other services - and would sign in with their regular Google passwords. Several blogging competitors already offer privacy options, and in fact, Blogger used to offer a password option through a premium service that’s no longer available. Google began offering the new privacy features this week, although it is gradually converting existing Blogger users to the upgrade. The offering comes as potential employers, mates and others increasingly try to screen people by checking out their blogs, social-networking profiles and other Internet postings. The new version of Blogger also comes with other enhancements, including the ability to tag posts with multiple keywords, the way Gmail users can label their e-mails. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/16291873.htm

****RESOURCES****
(UN)COMMON KNOWLEDGE: LEGAL EDUCATION IN THE NETWORKED WORLD (Harvard’s Berkman Center’s Gene Koo – December 2006) -- Looking at the role that technology plays in a law school curriculum and in preparing students for work in the legal profession, Mr. Koo asked:
1. What are the new skills demanded by a technology-enhanced practice? Consider two new practices: (1) e-discovery, which has made it possible for lawyers to sift through of millions of emails and documents; and (2) huge, multi-office teams, which are tackling both more complex but also more discrete issues. The first is one of many examples of computers as intelligence augmentation; the second illustrates technology as network augmentation.
* What are the technical skills? Are our new associates as computer-literate as we claim?
* What are the cognitive/conceptual skills? Are successful lawyers also necessarily systems- and “meta”-level thinkers?
* What are the social skills? What collaboration and teamwork skills do legal workplaces demand today?
* What “anti-skills” or attitudes should young attorneys cultivate? How do lawyers prevent themselves from becoming isolated techno-drones?
2. Who should teach these skills? We have representatives from the law school, law practice, and CLE worlds. Where does the buck stop?
* Does a networked and “databased” environment shift power away from the teacher (someone who creates and controls an educational experience) to the learner (someone who will seek knowledge/information as s/he sees fit)? Do we have any choice in this matter?
3. How should they/we teach these skills? In addition to presenting bigger challenges, technology — especially the Internet — also affords us new possibilities.
* Can traditional distance learning techniques bridge a different gap than geography: that between practice and the academy?
* How can clinical programs serve not just as opportunities for practice, but also opportunities for technology-enabled practice?
* Can technology enable or enhance simulations as a pedagogical tool?
* How do sophisticated networks and networking tools enable lawyers, law professors, and even law students to aggregate and disseminate crucial knowledge? Is the teacher’s role diminished or changed in this environment?
Mr. Koo’s thoughts can be found on his blog at: http://blogs.law.harvard.edu/vvvv/2006/12/04/legal-ed-in-a-networked-world-whats-at-stake/

LESSIG’S CODE 2.0, A REVISION TO CODE AND OTHER LAWS OF CYBERSPACE (11 DEC 2006) -- So Code v2 is officially launched today. Some may remember Code and Other Laws of Cyberspace, published in 1999. Code v2 is a revision to that book — not so much a new book, as a translation of (in Internet time) a very old book. Part of the update was done on a Wiki. The Wiki was governed by a Creative Commons Attribution-ShareAlike license. So too is Code v2. Thus, at http://codev2.cc, you can download the book. Soon, you can update it further (we’re still moving it into a new wiki). You can also learn a bit more about the history of the book, and aim of the revision. And finally, there are links to buy the book — more cheaply than you likely can print it yourself.

SOURCES:
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu.
2. Edupage, http://www.educause.edu/pub/edupage/edupage.html.
3. SANS Newsbites, sans@sans.org.
4. NewsScan and Innovation, http://www.newsscan.com.
5. Internet Law & Policy Forum, http://www.ilpf.org.
6. BNA’s Internet Law News, http://ecommercecenter.bna.com.
7. Crypto-Gram, http://www.schneier.com/crypto-gram.html.
8. McGuire Wood’s Technology & Business Articles of Note, http://www.mcguirewoods.com
9. Steptoe & Johnson’s E-Commerce Law Week, www.steptoe.com
10. Readers’ submissions, and the editor’s discoveries.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.

No comments: