Friday, January 19, 2007

MIRLN -- Misc. IT Related Legal News [24 December – 19 January 2007; v10.01]

**************Introductory Note**********************

MIRLN (Misc. IT Related Legal News) is a free product of the American Bar Association’s Cyberspace Law Committee and Dickinson Wright PLLC. Please feel free to distribute this message. Dickinson Wright’s IT & Security Law practice group is described at

Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN editions are archived at and blogged at

**************End of Introductory Note***************

This begins MIRLN’s 10th year!

ABA’S CYBERSPACE LAW COMMITTEE WINTER WORKING MEETING (January 26-27, 2007; Little Rock, Arkansas) -- Subcommittees will meet to advance on-going projects and to plan upcoming programs. A recent list of Committee projects is available at The Committee Dinner will be held Friday evening at the Clinton Library. Register online at The deadline to register is Friday, January 12, 2007. [Editor: Please come; this is consistently THE most productive gathering of IT lawyers working on real-world problems.]

**** NEWS ****

JUDGE: CAN’T LINK TO WEBCAST IF COPYRIGHT OWNER OBJECTS (CNET, 21 Dec 2006) -- A federal judge in Texas has ruled that it is unlawful to provide a hyperlink to a Webcast if the copyright owner objects to it. U.S. District Judge Sam Lindsay in the northern district of Texas granted a preliminary injunction against Robert Davis, who operated and had been providing direct links to the live audiocasts of motorcycle racing events. Lindsay ruled last week that “the link Davis provides on his Web site is not a ‘fair use’ of copyright material” and ordered him to cease linking directly to streaming audio files. The audio Webcasts are copyrighted by SFX Motor Sports, a Texas company that is one of the largest producers of “Supercross” motorcycle racing events. SFX sued Davis in February, noting that fans who go to its own Web site will see the names and logos of sponsors including wireless company Amp’d Mobile. (Anyone who clicked on the link from Davis’ site, however, would not see the logos of companies that paid to be sponsors.) While Lindsay’s decision appears to be the first to deal with direct or “deep” links to Webcasts, this is not the first time courts have wrestled with the legality of copyright law and direct links. In 2001, a U.S. federal appeals court ruled that a news organization could be prohibited from linking to software--illegal under the Digital Millennium Copyright Act--that can decrypt DVDs. “The injunction’s linking prohibition validly regulates (2600 Magazine’s) opportunity instantly to enable anyone anywhere to gain unauthorized access to copyrighted movies on DVDs,” the appeals court said. A Dutch court reached a similar conclusion in a suit dealing with someone who had allegedly infringed Scientology’s copyright scriptures, as did an Australian court in a case dealing with pirated MP3 files. But in those lawsuits, the file that was the target of the hyperlink actually violated copyright law. What’s unusual in the SFX case is that a copyright holder is trying to prohibit a direct link to its own Web site. (There is no evidence that SFX tried technical countermeasures, such as referer logging and blocking anyone coming from Davis’ site.) A 2000 dispute between Ticketmaster and suggested that such direct links should be permitted. A California federal judge ruled that “hyperlinking does not itself involve a violation of the Copyright Act” because “no copying is involved.” Davis, who was representing himself without an attorney, defended his Web site in legal filings that were full of bluster and accused SFX of acting like Genghis Kahn.

DOD BARS USE OF HTML E-MAIL, OUTLOOK WEB ACCESS (FCW, 22 Dec 2006) -- Due to an increased network threat condition, the Defense Department is blocking all HTML-based e-mail messages and has banned the use of Outlook Web Access e-mail applications, according to a spokesman for the Joint Task Force for Global Network Operations. An internal message available on the Internet from the Defense Security Service (DSS) states that JTF-GNO raised the network threat condition from Information Condition 5, which indicates normal operating conditions, to Infocon 4 “in the face of continuing and sophisticated threats” against Defense Department networks. Infocon 4 usually indicates heightened vigilance in preparation for operations or exercises or increased monitoring of networks due to increased risk of attack. The JTF-GNO mandated use of plain text e-mail because HTML messages pose a threat to DOD because HTML text can be infected with spyware and, in some cases, executable code that could enable intruders to gain access to DOD networks, the JTF-GNO spokesman said. In an e-mail to Federal Computer Week, a Navy user said that any HTML messages sent to his account are automatically converted to plain text.

PERSONAL DATA OF 15,000 TWU STUDENTS MADE VULNERABLE (Pegasus News, 22 Dec 2006) -- In the wake of this recent potential personal data nightmare at UT Dallas, comes one at Texas Woman’s University. From a school release: “Texas Woman’s University is notifying approximately 15,000 students that their personal data has been exposed to potential identity theft. The personal data of all students who were enrolled at TWU in the calendar year 2005 was exposed. The personal data includes names, addresses and Social Security Numbers. This exposure affects the university’s three campuses in Denton, Dallas and Houston. University officials discovered earlier this week that IRS 1098-T Tuition Statement data for 2005 was transmitted to an outside vendor via a non-secure connection. The data was briefly exposed only during transmission and is now secure. At this time TWU has no indication that this data has been accessed or used by anyone. However, the university recognizes the seriousness of this exposure and the need to inform the affected students as quickly as possible.” [Editor: Interesting; there was no hack here, only a vulnerability caused by transient transmission over unsecured facilities. This vulnerability-notification may raise the bar for other organizations – the new “best practice”?]

DATA SECURITY, TERRORISM TOP EXECUTIVE WORRIES (TechWeb, 22 Dec 2006) -- More corporate executives are more worried about data security and terrorism than anything else, according to a new study. Sixty-one percent of executives report being most concerned about information systems being compromised, and another 55% worry about terrorism, according to a Harris Interactive poll that was conducted in September. The poll also shows that corporate malfeasance worries about 40% of executives. “No business can survive without customer trust,” Mike Dabadie, a division president at Harris Interactive, said in a written statement. “In today’s computerized economy, customers trust companies with a lot of sensitive personal and financial information. Any breach of data security that would compromise that trust can have a devastating impact on the company’s reputation.” In the poll, only 9% of respondents said they’re not worried about data security at all, and only 14% said they’re not at all worried about terrorism.

WHERE REAL MONEY MEETS VIRTUAL REALITY, THE JURY IS STILL OUT (Washington Post, 26 Dec 2006) -- Veronica Brown is a hot fashion designer, making a living off the virtual lingerie and formalwear she sells inside the online fantasy world Second Life. She expects to have earned about $60,000 this year from people who buy her digital garments to outfit their animated self-images in this fast-growing virtual community. But Brown got an unnerving reminder last month of how tenuous her livelihood is when a rogue software program that copies animated objects appeared in Second Life. Scared that their handiwork could be cloned and sold by others, Brown and her fellow shopkeepers launched a general strike and briefly closed the electronic storefronts where they peddle digital furniture, automobiles, hairdos and other virtual wares. As virtual worlds proliferate across the Web, software designers and lawyers are straining to define property rights in this emerging digital realm. The debate over these rights extends far beyond the early computer games that pioneered virtual reality into the new frontiers of commerce. “Courts are trying to figure out how to apply laws from real life, which we’ve grown accustomed to, to the new world,” said Greg Lastowka, a professor at Rutgers School of Law at Camden in New Jersey. “The law is struggling to keep up.” U.S. courts have heard several cases involving virtual-world property rights but have yet to set a clear precedent clarifying whether people own the electronic goods they make, buy or accumulate in Second Life and other online landscapes. Also unclear is whether people have any claim when their real-life property is depicted online, for instance in Microsoft’s new three-dimensional renderings of actual real estate. The debate is assuming greater urgency as commerce gains pace in virtual reality. In Second Life, where nearly 2 million people have signed up to create their own characters and socialize with other digital beings, the virtual economy is booming, with total transactions in November reaching the equivalent of $20 million. Second Life’s creator, Linden Lab, allows members to exchange the electronic currency they accumulate online with real U.S. dollars. Last month, people converted about $3 million at the Lindex currency market. Second Life’s economy has been surging since Linden Lab made the unusual decision three years ago to grant users intellectual property rights for what they create with the Web site’s free software tools. Thousands of people have created homes and businesses on virtual land leased from the site and are peddling virtual items as varied as yachts and ice cream. Congress has taken note and is completing a study of whether income in the virtual economy, such as from the sale of gowns that Brown makes, should be taxed by the Internal Revenue Service. The Joint Economic Committee of Congress is expected to issue its findings early next year.

2006 FOOT-IN-MOUTH AWARDS (Wired, 26 Dec 2006) -- Welcome to Wired News’ 2006 Foot-in-Mouth Awards program. You, the readers, have sent us your picks for the lamest quotes from or about the world of technology during this eventful year. We have selected the “best” of those and present them to you now. Leading off with a stupid quote from President Bush might seem a little too easy, perhaps unfair, a bit like stealing candy from a blind kid or something. But in a year chockablock with moronic quips, obtuse observations and mind-boggling inanities, you still have to put Dubya front and center. He is, after all, the most powerful man in the world. “One of the things I’ve learned on the Google is to pull up maps. It’s very interesting to see -- I’ve forgotten the name of the program -- but you get the satellite, and you can -- like, I kinda like to look at the ranch. It reminds me of where I wanna be sometimes.”,72320-0.html?tw=rss.index

BROBECK CLOSED ARCHIVE PROJECT. (University of Maryland project) -- Brobeck, Phleger & Harrison (Brobeck) was a leading regional law firm that grew to national prominence in the 1990s. In 2002, as the technology economy slowed, Brobeck was forced to rethink the growth strategy that had propelled it to the pinnacle of corporate practice. Declining partner compensation prompted an exodus of top-performers. This vicious cycle ultimately forced the partnership to announce its intention to liquidate in February 2003. A potential bright spot in this otherwise dismal story came from an unexpected corner. The artifacts left in the wake of Brobeck – including digital materials documenting the operation of the partnership and the work its lawyers did on behalf of more than 10,000 clients – contained a wealth of historical information. is an information site about the broad- based effort to save the digital records of Brobeck in a closed archive. Welcome to Please explore the reference materials we have collected on this site. If you would like to learn more about the project, please contact us. [Editor: Gee, aren’t there possible attorney/client issues here? The FAQs touch on this, but a process for “opt-out” after court-directed mail or publication of notice seems wrong to me. Wouldn’t specific opt-in be wiser?]

UNDER-THE-RUG OVERSIGHT (New York Times Editorial, 29 Dec 2006) -- The wondrously named Privacy and Civil Liberties Oversight Board held its first public hearing the other day on the National Security Agency’s illegal eavesdropping program. If you expected it to discover any truths about the secret program, you can forget it. The board spent its time explaining why it was more important to work from within the administration than to challenge it. Thus wags the tail of a watchdog with neither bark nor bite. The board was created two years ago by the White House and the Republican Congress as a pale substitute for the independent monitor recommended by the Sept. 11 commission. Its members (four Republicans and one lone Democrat) serve at the pleasure of the administration. It has a paltry budget and no subpoena power, and any requests for documents can be vetoed by the attorney general. It’s so low on the totem pole that it didn’t even get a formal briefing on the administration’s eavesdropping on American citizens until October — almost a year after the warrantless surveillance program had been uncloaked for the nation by the news media. Hardly complaining, the oversight panel offered a parody of a hearing that laid bare its own toothlessness. Members studiously ducked the question of whether they condoned President Bush’s concoction of an inherent power to eavesdrop beyond court oversight. One spoke of the priority to “provide advice confidentially” to the White House, another even more vaguely of the “conservative tradition of checks and balances.” A frustrated witness informed the board it was “all bark and no bite.” But in truth, there’s no bark either. The board’s initial report to Congress in March will first be vetted by administration factotums. Right now, the panel is best suited to polishing up the handles on the White House doors. But its members make the point that the board is no more than Congress created it to be. All the more reason to repair the damage as Americans wonder precisely how many liberties they have already sacrificed. A bill to remake the board as an independent entity with subpoena power and a credible claim to oversight has been submitted by Representatives Carolyn Maloney, Democrat of New York, and Christopher Shays, Republican of Connecticut. It deserves a full and open review — which is more than the American public has been getting from its toothless watchdog.

WALL STREET JOURNAL EXAMINES HIPAA LOOPHOLES (, 2 Jan 2007) -- “[I]ncreasingly complex confidentiality issues” in federal medical privacy rules “are affecting patients and their insurance coverage,” the Wall Street Journal reports. According to the Journal, complaints of privacy violations “have been piling up.” Between April 2003 and Nov. 30, 2006, HHS received 23,896 complaints related to medical-privacy rules. An HHS spokesperson said 75% of those complaints have been closed because no violations were found or informal guidance was provided to involved parties. Since HIPAA was enacted in 2003, HHS has not taken enforcement actions against any entity for violating the privacy rule.

MUSIC INDUSTRY SOFTENS ON PODCASTS (Arstechnica, 2 Jan 2007) -- Sony BMG has decided to dip its toes into the world of podcasted music with its recent agreement with marketing agency Rock River Communications Inc., making it the first (and only, for the time being) major music label in the US to license music for podcasting. While you may not have heard of Rock River Communications, you will most likely recognize what they do. The agency creates promotional mix CDs for companies like Volkswagen, The Gap, Verizon, Chrysler, and more to hand out at retail stores and dealerships. Rock River, in an attempt to move past CD-only distribution, is now creating promotional podcasts for Chrysler and Ford Motors. According to the Wall Street Journal, Ford and Chrysler are both paying Sony BMG a flat fee to license music for podcast distribution for one year, no matter how many copies are downloaded. On the customer’s side, the podcast will be free and can be kept forever. Rock River says that they are in talks to license music from more music labels in the future for podcasting. It’s no secret that the music industry has always been very much against any form of digital distribution that is not DRMed. Unprotected files of songs or podcasts with songs in them could be chopped out of the podcast and widely distributed via those nasty P2P networks, with no royalties paid back to the labels as they usually are in radio. The Internet, after all, is often viewed by the music industry as the Wild West in that regard. However, labels are beginning to slowly test the waters with unprotected files—in Weird Al’s case, offering MP3s for free via his web site helped propel him into the Billboard Top 10 for the first time in his career.

NEW U.K. LAW ON EMAIL FOOTERS FOR COMPANIES (NakedLaw, 3 Jan 2007) -- New Regulations came into force on 1 January 2007 requiring U.K. companies to disclose their company name, registration number, place of registration and registered office address on the company website, in e-mail footers and on order forms. These requirements previously applied to business letters sent by companies, but not to websites and emails. The DTI has published an implementation briefing on the changes. Companies risk a fine if they are found to be in breach of the relevant provisions, so the changes provide a good opportunity to revisit and update that email disclaimer. DTI briefing paper at

7TH CIRCUIT RULING EXPANDS USE OF FISA WIRETAPS (, 3 Jan 2007) -- Federal prosecutors may use wiretap evidence obtained under the Foreign Intelligence Surveillance Act in spy cases for criminal prosecutions unrelated to the original espionage purpose of the wiretap, the 7th U.S. Circuit Court of Appeals has held. The ruling is the first outside the special FISA court itself to interpret the law as expanding the ability of prosecutors to use the act in a variety of criminal contexts, according to defense attorney James Geis, a Chicago solo practitioner representing Ning Wen, who was convicted of violating export-control laws. “Unless there is a constitutional problem in domestic use of evidence seized as part of an international investigation, there is no basis for suppression,” wrote Chief Judge Frank Easterbrook in U.S. v. Wen, No. 06-1385. “I think this holding makes it virtually impossible to challenge a FISA search,” said Geis. “This pretty much makes it bulletproof.” The ruling could be significant given the government’s increased focus on economic espionage and international theft of U.S. technology. Last month, two men, Fei Ye and Ming Zhong, pleaded guilty in San Francisco to stealing trade secrets from Sun Microsystems Inc. and Transmeta Corp., with the intent of benefiting the People’s Republic of China. Wen and his wife, both naturalized U.S. citizens, were arrested in 2005 in Manitowoc, Wis., for sending to China $500,000 worth of computer parts that could be used to improve missile systems. The government alleged that the computer chips sent out of the United States to China without permission could be used for military radar and missiles. The FISA court, created to oversee government requests for surveillance warrants against suspected foreign intelligence agents, has held that domestic use of intercepted evidence is permitted so long as it has a “significant” international objective. Sealed Case, 310 F.3d 717 (FIS Ct.). Geis argued that evidence of domestic criminal conduct gathered under FISA warrants cannot be used to prosecute domestic crime when the espionage investigation dies without charges. “Violation of export laws was very different than espionage,” he said. “We never got to see the [government] affidavit” that was the basis for the warrant, he said.

NUCLEAR WEAPONS PROGRAM CHIEF DISMISSED (CBS, 4 Jan 2007) -- Energy Secretary Samuel Bodman on Thursday announced the dismissal of the head of the U.S. nuclear weapons program because of security breakdowns at weapons facilities including the Los Alamos laboratory in the western state of New Mexico. Linton Brooks is to submit his resignation as chief of the National Nuclear Security Administration this month, the department said. Bodman said the NNSA under Brooks, a former ambassador and arms control negotiator, had failed to adequately correct security problems, so “I have decided it is time for new leadership at the NNSA.” Brooks was reprimanded last June for failing to report to Bodman that computers at an NNSA facility in Albuquerque, New Mexico, had been breached resulting in the theft of files containing Social Security numbers and other personal data from 1,500 workers.

2006 PRIVACY YEAR IN REVIEW (EPIC, 4 Jan 2007) -- Congress returns to Washington this week and privacy issues are likely to get renewed attention with unresolved questions about the President’s domestic surveillance program, the future of Real ID, and the growth of the data broker industry. Meanwhile courts will consider sex bloggers and the media will try to sort through the increasingly complicated world of surveillance technology. Here are the Top Ten Privacy Stories of 2006 and Ten Privacy Issues to Watch in 2007 from the Electronic Privacy Information Center …

DEMOCRAT POLITICO VENTURES INTO ‘SECOND LIFE’ (ZDnet, 4 Jan 2007) -- As jubilant Democrats in Washington celebrated their newfound control of the U.S. Congress on Thursday, Rep. George Miller was doing the same thing in a more unusual place: Second Life. Miller appears to be the first member of Congress to hold something akin to a press conference in this virtual world, which is operated by Linden Lab and boasts its own currency and a population of more than 2 million “residents.” The event, which lasted about half an hour, took place in a virtual adaptation of the Capitol building on an island in Second Life. Instead of a neo-classical dome, the virtual equivalent featured an open-air amphitheater, mammoth video screens and an orange sky above. “It’s going to develop into an important forum for members of Congress of both parties,” predicted Miller, who has represented the district northeast of San Francisco since 1974.

-- and --

TEXAS SPEAKER’S RACE ON YOUTUBE (, 8 Jan 2007) -- The ultimate insider’s game, the Texas Speaker’s race, is now on YouTube. The grainy video footage shows supporters of Speaker Tom Craddick entering the private Austin Club Sunday night. Although Rep. Mike Krusee, R-Round Rock, said he counted more than 70 supporters, the video showed only 63. Of course, no one knows whether the videographer got everyone coming and going. The mystery is still who employed the videographer, but you can imagine the video re-surfacing in a Democratic primary battle when a challenger is accusing an incumbent of selling out his constituents. This speaker’s race already has been battled out over the Internet more than most. Instead of rumors just being spread in telephone calls between House members, the Internet (and Old Media) have been used to give the perception that one side is winning over the other. [Editor: I think I recognize a friend in the crowd, too. For the political context, see TEXAS SPEAKER WINS CHALLENGE AND KEEPS POST (New York Times, 10 Jan 2007) --

MORE TROUBLE FOR MORGAN STANLEY; E-MAIL ‘DESTROYED’ IN 9/11 ATTACK IS FOUND (ABA Journal, 5 Jan 2007) -- Since 2005, Wall Street giant Morgan Stanley has played the lead in something of an electronic discovery cautionary tale for litigators. And apparently there may be more lessons to come. It began when the securities giant was hit with a $1.5 billion judgment in Coleman Holdings Inc. v. Morgan Stanley & Co., No. CA 03-5045 AI (March 23, 2005), for failing to produce thousands of backup tapes of digital documents. Then last May, there was an agreement to pay the U.S. Securities and Exchange Commission $15 million to settle allegations of e-mail mishandling pursuant to SEC investigations. Now NASD, the nation’s largest self-regulatory organization for the securities industry, is accusing the company of not only failing to hand over millions of e-mail messages to investigators and plaintiffs in numerous proceedings against the company, but of falsely saying the documents had been lost in the Sept. 11, 2001, terrorist attack on the World Trade Center. “This was an ongoing problem for three and a half years affecting over a thousand cases,” says James Shorris, NASD executive vice president and head of enforcement. “The firm made the claim they didn’t know the e-mail was restored, but everyone who came back to work on Sept. 17 turned on their computer, and the e-mail was there.” NASD set forth these allegations in a disciplinary complaint filed Dec. 19. The complaint triggers a hearing before a NASD disciplinary panel. Possible remedies include a fine, censure, suspension or bar from the securities industry; disgorgement of gains associated with the violations; and payment of restitution, according to NASD. Morgan Stanley has yet to respond to the complaint and did not respond to requests to comment for this story. But in statements to other news media, it argued the 9/11 attacks did in fact destroy e-mail servers and archives and that it had cooperated fully with NASD’s review.

THE LEGAL RIGHTS TO YOUR ‘SECOND LIFE’ AVATAR (CNET, 5 Jan 2007) -- A Second Life land developer has convinced YouTube to pull down an off-color video of her virtual self being harassed during an interview, raising novel questions about the legal rights of virtual-world participants. Last month, Anshe Chung Studios demanded that YouTube delete the recording, citing the Digital Millenium Copyright Act, which generally requires Web sites to remove material that infringes on copyright laws. The controversy stemmed from video taken during an interview with Anshe Chung, the virtual world’s biggest land owner, conducted by CNET in its Second Life bureau last month. During the interview--which took place in a digital theater in front of dozens of audience members’ avatars--a group intent on sabotaging the event attacked it with 15 minutes of animated penises and photographs of Anshe Chung’s real-life owner, Ailin Graef, digitally altered to make her look like she was holding a giant penis. Afterward, a video of the attack was posted on YouTube. When Anshe Chung Studios filed a complaint with the popular video service claiming that Graef’s copyrights had been infringed because images of her avatar were used without her permission, YouTube promptly removed the video.

-- but then --

DMCA COMPLAINT AGAINST YOUTUBE DROPPED (CNET, 15 Jan 2007) -- The husband of Second Life land baroness Anshe Chung said he should not have filed a Digital Millennium Copyright Act complaint against YouTube in his attempts to have the site delete a video of her avatar being attacked by a barrage of digital flying penises. And as a result, he said, he has revoked the DMCA claim. In an interview with CNET, Guntram Graef, the husband of Anshe Chung’s creator, Ailin Graef, explained that he now understands that the video, which he still considers offensive and a sexual attack on his wife, was not copyright infringement and, therefore, his DMCA complaint was not appropriate.

AN INSTANT, 25 YEARS OF SAVINGS HAD DISAPPEARED. (RedTape Chronicles, 5 Jan 2007) -- One moment Dave DeSmidt had $179,000 in his 401(k) retirement account, the next he had nothing. In an instant, 25 years of savings had disappeared. With a few clicks, someone raided DeSmidt’s retirement account with J.P. Morgan & Co and ordered a full disbursement to a private checking account. Then came the really bad news. While credit card and online banking accounts are legally protected in the event of fraud, DeSmidt’s brokerage account came with no such insurance. Two months after the theft, his balance still read $0. With hacking of brokerage accounts increasing, the legal gap facing DeSmidt and other victims has regulators and critics debating the need for new consumer protections.

HOW TO PROTECT YOURSELF AT WIRELESS HOT SPOTS (Computerworld, 5 Jan 2007) -- Wi-Fi hot spots in airports, restaurants, cafes and even downtown locations have turned Internet access into an always-on, ubiquitous experience. Unfortunately, that also means always-on, ubiquitous security risks. Connecting to a hot spot can be an open invitation to danger. Hot spots are public, open networks that practically invite hacking and snooping. They use unencrypted, insecure connections, but most people treat them as if they are secure private networks. This could allow anyone nearby to capture your packets and snoop on everything you do when online, including stealing passwords and private information. In addition, it could also allow an intruder to break into your PC without your knowledge. But there’s plenty you can do to keep yourself safe -- and I’ll show you how to do that in this article. If you follow these tips, you’ll be able to make secure connections at any hot spot…

-- and --

WI-FI CONCERNS PROMPT NEW SECURITY LAWS (Computerworld, 9 Jan 2007) -- Mounting worries about the dangers of too-easy access to wireless LANs have prompted government officials in New York and California to put new laws on the books aimed at preventing network “piggybacking” and exposure of sensitive data in both businesses and homes. Last October, the local government in Westchester County, N.Y., began enforcing a countywide law requiring all commercial businesses to secure their WLAN access or face fines. It also requires any Westchester County businesses offering public Wi-Fi access to the Internet to post an official sign on the wall that advises the user to “install a firewall or other computer security measure.” The law, which has the Westchester IT department periodically driving about the county with WLAN probes to test whether businesses have failed to adequately secure their WLANs, was enacted because “we saw piggybacking on Wi-Fi nets,” says county CIO Norm Jacknis. “On these networks, there’s unfettered access to confidential data, and we have a problem with that.” Jacknis says a small number of businesses caught with unsecure Wi-Fi exposing sensitive data have been cited for violations under the law, but so far none has failed to correct the discovered problems. Under the new law, a second violation would lead to a $250 fine and a third and succeeding violation a fine of $500.

ONLINE BACKGROUND CHECKS (ABA Journal, 7 Jan 2007) -- The growth of online communities like Facebook and MySpace is staggering (the latter reports 5 million new members every month), and it’s apparent to any Internet surfer that profiles, blogs and visible chat sessions can be particularly revealing. Many employers are noticing too. And they’re making online searches part of their background checks. But if employers don’t hire a candidate based on what they find, is that employment discrimination? That’s likely to be a question that will pop up more often as job interviewees are asked about comments they’ve made online, or as applicants suspect their age, race or nationality was at play in the hiring process. Although there are no reported cases at this writing that pit a disgruntled candidate against a search-engine-fueled human resources department, some believe it won’t be long before the issue looms large for many companies. Part of the difficulty with employment screening that looks at personal Web pages is that if information is online, it’s considered public, says John Challenger, CEO of the Chicago-based outplacement firm Challenger, Gray & Christmas. And some of those details, especially for younger people, can be pretty revealing. “Many people, especially students, have an unreasonable expectation of privacy,” says Steven Rothberg, the founder of “There’s some awareness, and some password protections are being put in place for MySpace users, but on the whole, many of the younger generation think it’s a good thing to be an exhibitionist and talk about bad behavior.” Rothberg says about three-quarters of the employers who talk to him say they regularly search online as part of background checks, including blog content. Some have admitted to him they turned down intern candidates because they didn’t like what they saw on those pages.

FOREIGN HACKERS GUM UP UA COMPUTERS (Arizona Star, 9 Jan 2007) -- Foreign hackers infiltrated the UA’s computer network several times in the last two months, depositing files on numerous servers and workstations in the library, Student Union and procurement office. University of Arizona investigators have no evidence of other tampering, and they are uncertain about the hackers’ motives. With the infiltration, the attacker or attackers could have gained access to other data, although personal student information and research-oriented information were not at risk, said Michele Norin, executive director for the UA’s Center for Computing and Information Technology. “Across the three areas, the impact was upwards of 30 servers, and we’re assessing upwards of 350 workstations,” Norin said. “We’re still trying to define all the details of how it occurred.” The hackers installed software that enabled them to store files, such as movies or games, on the systems. In similar breaches, hackers typically enable others to access the files, but it wasn’t clear whether that happened to the UA computers, Norin said. “Being able to put files on machines is pretty common across any organization that manages a network,” Norin said. “What is unclear is the ulterior intent in terms of whether they were trying to see other information or not. That could indicate a different motive.” On a few computers, hackers installed software that captures and logs keystrokes and can be used to catch log-in names and passwords. “Because of the potential of what might have been captured, that led to analysis of all the systems and all the machines,” Norin said. “We can’t confirm that anything was captured or that it was used for anything. All we know is that it was there.” The breach was noticed last Tuesday, the first working day after the holiday break, when a typical process failed to run, raising a red flag. The computers were hacked in November and December.

-- and --

STOLEN UI COMPUTERS LIKELY HAVE PERSONAL DATA FOR 70K (, 11 Jan 2007) -- Three desktop computers have disappeared from the University of Idaho’s Advancement Services office – and now school officials say the personal data of alumni, donors, employees and students may be in danger. UI says someone stole the computers – and an internal investigation shows that as many as 70,000 social security numbers, names and addresses were stored on the hard drives six months before the theft. School officials tell NewsChannel 7 that it is unclear if the data was still on the computers at the time of the theft. There is currently no evidence any of the data has been misused. The computers are still missing. The school says it will notify more than 331,000 people who may have been exposed – with those people living in the state of Idaho receiving an e-mail, and out-of-state folks will receive notice by US Mail.

WEB-BASED SERVICE LETS ITUNES USERS SHARE DRM-FREE MUSIC (, 10 Jan 2007) -- A new online music service lets people share music stored on their PCs with other computer users or those with Web-enabled mobile phones. Using the free Avvenu Music Player launching this week, users can select tracks they wish to share and send links to friends via e-mail. Recipients click on the link to listen to the songs for up to five days on standard Web browsers. Avvenu supports audio files in MP3, AAC and WMA formats, but only tracks that are free of copy-protection restrictions can be streamed with the service, said Richard French, chief executive of Palo Alto-based Avvenu Inc. Music files are sent to Avvenu and streamed from its servers when the sharer’s computer is off. Otherwise, audio files are streamed directly from users’ computers or phones. Avvenu officials insist their service is legal because recipients don’t retain copies of songs -- the streams only work when there’s an Internet connection, and only for five days. The Recording Industry Association of America had no comment.

SEARCH ENGINE TARGETS EXASPERATED BOOMERS (MSNBC, 10 Jan 2007) -- Does surfing the Web exhaust — and even exasperate — older people? The backers of are betting on it. Cranky is a specialty search engine designed to please aging baby boomers by processing every request from the perspective of someone who is at least 50 years old. This steadily growing demographic often feels overwhelmed using high-powered search engines from the likes of Google Inc. and Yahoo Inc. because they spew out more results than older eyes care to see, said Jeff Taylor, the Cranky mastermind who previously struck it rich as the founder of online employment site Like the mainstream search engines, Cranky hopes to make money selling targeted advertising alongside its search results. Cranky’s ads will be provided by InterActiveCorp’s, a search engine that has been around for a decade. After teaming up with Internet research firm Compete Inc. to identify the 500,000 most popular Web sites among people at least 45 years old, Cranky dispatched reviewers to dig even deeper into the top 5,000 destinations. The reviewers then wrote descriptions about the content and tried to ensure the index contained more direct links to the most meaningful information.

CT RULES THAT TRADEMARKED SEARCH KEYWORDS ACTIONABLE (BNA’s Internet Law News, 11 Jan 2007) -- BNA’s Electronic Commerce & Law Report reports that a federal court in Pennsylvania has ruled that the purchase of search engine keywords incorporating a competitor’s trademark is an actionable “use in commerce” of the mark. However, Judge Thomas N. O’Neill, Jr. rejected the doctrine of initial interest confusion in the search engine/meta tag context, stating that the leading case in this area, Brookfield Communications Inc. v. West Coast Entertainment Corp., had “mischaracteriz[ed]...the operation of internet search engines” to reach its result.” Case name is J.G. Wentworth v. Settlement Funding LLC.

U.S. WARNS ABOUT CANADIAN SPY COINS (AP, 11 Jan 2006) -- Money talks, but can it also follow your movements? In a U.S. government warning high on the creepiness scale, the Defense Department cautioned its American contractors over what it described as a new espionage threat: Canadian coins with tiny radio frequency transmitters hidden inside. The government said the mysterious coins were found planted on U.S. contractors with classified security clearances on at least three separate occasions between October 2005 and January 2006 as the contractors traveled through Canada. Intelligence and technology experts said such transmitters, if they exist, could be used to surreptitiously track the movements of people carrying the spy coins. The U.S. report doesn’t suggest who might be tracking American defense contractors or why. It also doesn’t describe how the Pentagon discovered the ruse, how the transmitters might function or even which Canadian currency contained them. Further details were secret, according to the U.S. Defense Security Service, which issued the warning to the Pentagon’s classified contractors. The government insists the incidents happened, and the risk was genuine. “What’s in the report is true,” said Martha Deutscher, a spokeswoman for the security service. “This is indeed a sanitized version, which leaves a lot of questions.”Top suspects, according to outside experts: China, Russia or even France — all said to actively run espionage operations inside Canada with enough sophistication to produce such technology. The Canadian Security Intelligence Service said it knew nothing about the coins.

BUSH SIGNS VA BREACH NOTIFICATION LAW: WILL PRIVATE SECTOR LEGISLATION FOLLOW? (Steptoe & Johnson’s E-Commerce Law Week, 11 Jan 2007) -- President Bush recently signed the Veterans Benefits, Health Care, and Information Technology Act of 2006, which requires, among other things, that the Veterans Administration “prescribe interim regulations” for the provision of several data breach response measures, including notification to veterans in cases where there is “a reasonable risk … [of] the potential misuse of sensitive personal information.” Although the new law applies only to the policies and practices of the VA and its contractors, it could serve as a model for more broadly applicable federal breach notification legislation, which Democrats have promised to push in the new congressional session. Moreover, the law requires the VA to “establish and maintain a comprehensive Department-wide information security program,” the details of which could inform future congressional or regulatory efforts to define “reasonable” data security. So the private sector should watch closely as the Act is implemented. Meanwhile, while the private sector awaits possible federal notification legislation, action continues at the more local level. Lawmakers in Michigan and Washington, D.C., recently passed legislation requiring companies to notify customers in the case of a data breach. While the Michigan bill was signed by the Governor on January 3, the D.C. bill requires the approval of Congress, which seems likely. Unless Congress quickly passes national data breach notification legislation with a strong preemption provision, the crazy quilt of state and local laws may soon become even more difficult to negotiate.

MICROSOFT CONFIRMS NSA’S ROLE IN WINDOWS VISTA SECURITY (, 11 Jan 2007) -- News emerged this week that top cryptologists at the U.S. National Security Agency (NSA) had a hand in some of the security features in Microsoft’s new operating system, Windows Vista. The NSA, best known for its code-breaking capabilities and covert-spying operations, loaned a team of cryptologists to the software giant for reviewing some of the security features in Vista, which is expected to be used, eventually, by hundreds of millions of computer users around the world. The NSA, which was once so secretive it was referred to as “No Such Agency,” said helping secure the soon-to-be-ubiquitous OS was a matter of national interest. “Our intention is to help everyone with security,” Tony W. Sager, the NSA’s chief of vulnerability analysis and operations, was quoted by the Washington Post as saying. Sager also told the Post that the agency helped ensure that Vista was both secure and compatible with existing government software. Microsoft has confirmed the agency played an active role in the software’s development. Although the NSA declined to provide details of its specific involvement with Vista, Sager told the Post it used a “red team” and a “blue team” to test Vista’s security. The red team posed as “the determined, technically competent adversary” to disrupt, corrupt, or steal information. And the blue team helped with Vista’s configuration. Microsoft said in a statement that it also asked several other groups to review Vista, including the North Atlantic Treaty Organization and the National Institute of Standards and Technology. Although the NSA claims to have U.S. interests in mind when participating on projects such as this, the idea of a government agency climbing inside such ubiquitous and important software has raised privacy concerns in some quarters.

STATE OF MISSOURI LAUNCHED WEBSITE TO COMPARE RX AND OTC PRICES (11 Jan 2007) -- You deserve information about and access to affordable prescription medications. Finding the best price can be challenging and time-consuming. MoRx Price Compare was created by the Missouri Lieutenant Governor and the Department of Social Services’ Division of Medical Services to provide information on issues related to prescription medicine, safety and cost-saving tips and programs to help Missourians pay for prescription medications.

BLOGGERS GAIN ACCESS TO “SCOOTER” LIBBY TRIAL (Reuters, 11 Jan 2007) -- Internet bloggers will be allowed to cover the criminal trial of former White House staffer Lewis “Scooter” Libby alongside reporters from traditional media outlets, a court spokesman said on Thursday. Members of a bloggers’ association will share at least two seats during the high-profile trial in which Libby’s former boss, Vice President Dick Cheney, is expected to testify, said Sheldon Snook, a spokesman for the U.S. District Court in Washington. The arrangement is believed to be a first for a high-profile court case, although trade shows and political conventions have issued media passes to bloggers in the past several years. “Bloggers are part of the media landscape and if we were to ignore bloggers, we would be ignoring reality,” Snook said. Blogging access will be restricted to members of the Media Blogging Association, a trade group that provides legal advice and promotes increased access for its 1,000 members. Bloggers likely will file reports throughout the day from an overflow room that will be set up with wireless Internet service, although like other media outlets they will be prohibited from transmitting video or audio of the trial.

PAYPAL HOPES IT’S GOT THE KEY TO THWART PHISHING (ComputerWorld, 11 Jan 2007) -- Over the next few months, eBay Inc. will be offering its PayPal users a new tool in the fight against phishers: a $5 security key. The PayPal Security Key is actually a small electronic device, designed to clip on to a keychain, that calculates a new numeric password every 30 seconds. PayPal users who sign up to use the device will need to enter their regular passwords as well as the number displayed on the key whenever they log in to the online payment service. “The key is really going to give users one more layer of security for their accounts,” said Sara Bettencourt, a PayPal spokeswoman. Because the numeric password changes so frequently, even successful phishers will end up with obsolete numeric passwords and will be unable to empty PayPal accounts.

BUSH SIGNS BILL TO BAN USE OF DECEPTION TO OBTAIN PHONE RECORDS (, 12 Jan 2007) -- President Bush on Friday signed a bill into law that would make it a crime to lie to obtain the telephone records of private citizens. The legislation outlaws the practice of getting confidential phone records by ``making false or fraudulent statements” to a phone company employee, by ``obtaining false or fraudulent documents to access accounts” or by ``accessing customer accounts through the Internet” without authorization. Violators face fines and imprisonment of up to 10 years. Fines are doubled and five years may be added to the prison term if the violations involve more than $100,000 or more than 50 customers.

DOD OFFICIAL SLAMS US LAW FIRMS FOR DEFENDING GUANTANAMO DETAINEES (Jurist, 12 Jan 2007) -- US Deputy Assistant Secretary of Defense for Detainee Affairs Charles “Cully” Stimson has set off a firestorm of protest by publicly questioning the propriety of some of the country’s top law firms representing Guantanamo Bay [JURIST news archive] detainees. In an interview [recorded audio] on Federal News Radio [media website] Thursday on the fifth anniversary of the US military prison, Stimson predicted that “when corporate CEOs see that those firms are representing the very terrorists who hit their bottom line in 2001 those CEO’s are going to make those law firms choose between representing terrorists or representing reputable firms.” The former Navy lawyer said “It’s shocking...The major law firms in this country...are out there representing detainees.” Stimson cited a string of major US law firms defending clients at Guantanamo pro bono: Pillsbury Winthrop, Jenner & Block, Hunton & Williams, Alston & Bird, Cutler Pickering, Weil Gotshal, Paul Weiss Rifkin, Covington & Burling, Mayer Brown, Pepper Hamilton, Perkins Cole, Fulbright Jaworski, Sutherland Asbill & Brennan, and Venable [firm websites]. Stimson’s statements drew harsh criticism Friday from some of the lawyers involved in Guantanamo defense and from professional groups. David J. Cynamon [profile], an attorney with Pillsbury Winthrop Shaw Pittman who is representing Kuwaiti detainees held at Guantanamo, told JURIST’s Hotline: “Apparently, the Bush Administration has no good answers to the legal and moral travesties at Guantanamo, so they have decided to fall back on good old-fashioned lawyer bashing in a desperate effort to change the subject. It is bad enough that they have consistently flouted the Supreme Court’s 2004 ruling that the detainees are entitled to habeas corpus. Now they are attempting to prevent the detainees from having legal counsel at all. It is truly incredible that Stimson, an attorney himself, does not appear to understand or care about the fundamental obligation of lawyers to represent unpopular and indigent clients. We and the other habeas counsel are very proud of the work we are doing on behalf of the Guantanamo detainees, and we are confident that the vast majority of our corporate clients feel the same way. The true “news story” here is not that prominent law firms are trying to get the detainees a fair hearing but that the Bush Administration is trying to deny them one.” The President of the American Bar Association also issued a statement [text] Friday condemning Stimson’s comments: “Lawyers represent people in criminal cases to fulfill a core American value: the treatment of all people equally before the law. To impugn those who are doing this critical work -- and doing it on a volunteer basis -- is deeply offensive to members of the legal profession, and we hope to all Americans. The American Bar Association supports lawyers who give of their time and expertise defending those involved in legal actions. In fact it is one of the basic tenets of the Association’s Second Season of Service, that lawyers should perform pro bono and volunteer work.”
[DOD has disavowed Secy. Stimson’s comments, and he’s apologized. Still, his comments are stunning, coming from a lawyer. How could this happen? Do his remarks reflect a culture that has moved so far from the core values that underlie and support our constitution? A New York Times editorial on 19 Jan 2007 -- -- indicates that AG Gonzales exacerbated Secy. Stimson’s comments, and suggests a bar disciplinary investigation.]

MILITARY EXPANDS DOMESTIC SURVEILLANCE (New York Times, 14 Jan 2006) -- The Pentagon has been using a little-known power to obtain banking and credit records of hundreds of Americans and others suspected of terrorism or espionage inside the United States, part of an aggressive expansion by the military into domestic intelligence gathering. The C.I.A. has also been issuing what are known as national security letters to gain access to financial records from American companies, though it has done so only rarely, intelligence officials say. Banks, credit card companies and other financial institutions receiving the letters usually have turned over documents voluntarily, allowing investigators to examine the financial assets and transactions of American military personnel and civilians, officials say. The F.B.I., the lead agency on domestic counterterrorism and espionage, has issued thousands of national security letters since the attacks of Sept. 11, 2001, provoking criticism and court challenges from civil liberties advocates who see them as unjustified intrusions into Americans’ private lives. But it was not previously known, even to some senior counterterrorism officials, that the Pentagon and the Central Intelligence Agency have been using their own “noncompulsory” versions of the letters. Congress has rejected several attempts by the two agencies since 2001 for authority to issue mandatory letters, in part because of concerns about the dangers of expanding their role in domestic spying. The military and the C.I.A. have long been restricted in their domestic intelligence operations, and both are barred from conducting traditional domestic law enforcement work. The C.I.A.’s role within the United States has been largely limited to recruiting people to spy on foreign countries. Carl Kropf, a spokesman for the director of national intelligence, said intelligence agencies like the C.I.A. used the letters on only a “limited basis.” John Radsan, an assistant general counsel at the C.I.A. from 2002 to 2004 and now a law professor at William Mitchell College of Law in St. Paul, said, “The C.I.A. is not supposed to have any law enforcement powers, or internal security functions, so if they’ve been issuing their own national security letters, they better be able to explain how they don’t cross the line.” Military officials say the Right to Financial Privacy Act of 1978, which establishes procedures for government access to sensitive banking data, first authorized them to issue national security letters. The military had used the letters sporadically for years, officials say, but the pace accelerated in late 2001, when lawyers and intelligence officials concluded that the Patriot Act strengthened their ability to use the letters to seek financial records on a voluntary basis and to issue mandatory letters to obtain credit ratings, the officials said. [Editor: I wonder whether the Posse Comitatus Act might restrict military activities like there; the National Security Act probably affects some such domestic CIA activities.]

FREEDOM OF INFORMATION, THE WIKI WAY (Washington Post, 15 Jan 2007) -- You’re a government worker in China, and you’ve just gotten a memo showing the true face of the regime. Without any independent media around, how do you share what you have without landing in jail or worse? is a Web-based way for people with damning, potentially helpful or just plain embarrassing government documents to make them public without leaving fingerprints. Modeled on the participatory, online encyclopedia Wikipedia, the site is expected to go live within the next two months. Organizer James Chen said that while its creators tried to keep the site under wraps until its launch, Google references to it have soared in recent days from about eight to more than 20,000. The site, whose FAQs are written in flowery dissident-ese -- “What conscience cannot contain, and institutional secrecy unjustly conceals, Wikileaks can broadcast to the world” -- targets regimes in Asia, sub-Saharan Africa and the Middle East, but not exclusively. It was founded and partially funded, organizers say, by dissidents, mathematicians and technologists from China, the United States, Taiwan, Europe, Australia and South Africa. The site relies on a worldwide web of volunteers and contributors to post and vet the information, and dodge any efforts to shut it down. To protect document donors and the site itself, Wikileaks uses its own coded software combined with, for the techies out there, modified versions of Freenet and PGP.

FOUNDERS OF PAYMENT PROCESSING COMPANY CHARGED IN ONLINE GAMBLING CASE (, 16 Jan 2007) -- Two founders of a company that processes Internet gambling transactions were arrested and charged with funneling billions of dollars in gambling proceeds to overseas betting operations, federal prosecutors announced Tuesday. The charges mark the latest in a series of crackdowns by the federal government against the online gambling industry. The charges against the former Neteller PLC directors, John David Lefebvre, 55, and Stephen Eric Lawrence, 46, both Canadian citizens, were contained in two criminal complaints unsealed in U.S. District Court in Manhattan on Monday, U.S. Attorney Michael Garcia said in a statement. The prosecutor said the men knew when they took their company public that its activities were illegal. FBI Assistant Director Mark J. Mershon said the multibillion-dollar online gambling industry is ``a colossal criminal enterprise masquerading as legitimate business.” Neteller is an Internet payment services company that has grown in popularity as an increasing number of credit card companies have begun refusing to accept payments to online gambling sites. Neteller essentially acts as a middleman between gamblers and offshore betting operations. For example, a gambler who wants to place bets at offshore sports books can fund an account with Neteller, which in turn will transfer the money to the betting sites. Prosecutors say Neteller facilitated the transfer of billions of dollars of illegal gambling proceeds. In 1999, the men founded Neteller, which is based in the Isle of Man and is publicly traded in the United Kingdom. The company began processing Internet gambling transactions in 2000.

FIRM ENTITLED TO COPY OF FORMER EMPLOYEES’ HOME PC HARD DRIVES (CCH’s Computer Law Alert, 17 Jan 2007) -- A television stand manufacturer, who alleged trade secrets misappropriation and Computer Fraud and Abuse Act violations against former employees and their new company, was entitled to mirror image copies of the hard drives of the former employee’s business and home computers, the federal district court in Saint Louis has ruled. The manufacturer claimed that the former employees had transferred confidential information and trade secrets to their personal e-mail accounts, presumably for the purpose of using other computers to access and store the files. The manufacturer’s discovery request called for “all computer or portable or detachable hard drives, or mirror images thereof, used by [the former employees], including but not limited to any computer or portable or detachable hard drive in their homes.” The former employees objected to the discovery request as overbroad, vague, burdensome, and calling for irrelevant information. The recently amended Federal Rules of Civil Procedure allow parties to request that another party “produce and permit the party making the inspect, copy, test, or sample any designated documents or electronically stored information --including writings, drawings, graphs, charts, photographs, sound recordings, images, and other data or data compilations stored in any medium from which information can be obtained --translated, if necessary, by the respondent into reasonably usable form.” Fed. R. Civ. P. 34(a) An advisory committee note to Rule 34(a) confirms that direct access to a party’s electronic information system might be warranted in some circumstances. Discrepancies or inconsistencies in a responding party’s discovery responses would justify such a request, in the court’s view. The record showed that one of the former employees had sent an e-mail (which had not been produced in response to discovery requests) from his personal account to one of the manufacturer’s customers. The existence of the e-mail raised the question of whether the former employees in fact had produced all documents responsive to the manufacturer’s discovery requests, the court noted. More importantly, a computer hard drive may be discoverable when the computer was used to commit the wrong that is the subject of the lawsuit. (subscription required)

NINTH CIRCUIT’S BALCO RULING “PUMPS UP” GOVERNMENT’S ELECTRONIC SEARCH AND SEIZURE POWER (Steptoe & Johnson’s E-Commerce Law Week, 18 Jan 2007) -- The Ninth Circuit’s recent ruling in U.S. v. Comprehensive Drug Testing, Inc., a consolidated appeal of several cases related to the Balco steroids scandal, gives government agents the authority to seize broad swaths of electronic information when searching for specific digital evidence. According to the court, “the government may seize intermingled data for off-site review to minimize intrusiveness of a computer search,” but it “may not retain or use the evidence after proper objections are raised, unless a magistrate subsequently reviews and filters the evidence off-site.” The ruling suggests that where targeted records are interspersed among records that are not of interest, companies may have to surrender databases to government investigators in toto, potentially exposing company proprietary information as well as individuals’ personal information without their knowledge or consent.

-- and --

COMPUTER PRIVACY IN DISTRESS (Wired, commentary by Jennifer Granick, 17 Jan 2007) -- My laptop computer was purchased by Stanford, but my whole life is stored on it. I have e-mail dating back several years, my address book with the names of everyone I know, notes and musings for various work and personal projects, financial records, passwords to my blog, my web mail, project and information management data for various organizations I belong to, photos of my niece and nephew and my pets. In short, my computer is my most private possession. I have other things that are more dear, but no one item could tell you more about me than this machine. Yet, a rash of recent court decisions says the Constitution may not be enough to protect my laptop from arbitrary, suspicionless and warrantless examination by the police. At issue is the Fourth Amendment, which protects individuals from unreasonable searches and seizures by government agents. As a primary safeguard against arbitrary and capricious searches, property seizures and arrests, the founding fathers required the government to first seek a warrant from a judge or magistrate. The warrant has to specifically describe the place to be searched and the items to be seized. Searches and seizures without such a warrant are presumed to be unconstitutional. There are times, of course, when it would be unreasonable, burdensome, ineffective or just plain silly to require police to get a warrant before searching, so courts have carved out many, many exceptions to the warrant requirement. The fundamental thread in these decisions is a subtle and case-specific determination of what is “reasonable” conduct by law enforcement. Because reasonable minds can differ on reasonable courses of action, the resulting Fourth Amendment law is complicated, sometimes contradictory and very fact-dependent. Computers pose special Fourth Amendment search problems because they pack so much information in such a small, monolithic physical form. As a result, courts are grappling with how to protect privacy rights during searches of computers. Three digital search topics in particular are converging in interesting, and foreboding, ways. First, there are several new cases that suggest that agents can search computers at the border (including international airports) without reasonable suspicion or a warrant, under the routine border search exception to the warrant requirement. Second, a recent case in the 9th U.S. Circuit Court of Appeals has held that private employees have no reasonable expectation of privacy, and thus no Fourth Amendment rights, in their workplace computers (gulp!). Third and finally, the 9th Circuit is struggling, and failing, to define ways to judicially supervise police searches of computers to ensure that law enforcement gets the information it needs, while leaving undisturbed any private information on unrelated matters that may be on the same disk drive. Together the computer search cases can paint a scary picture. But if you read the decisions carefully, there is ample room for courts to follow up with more nuanced opinions that protect computer privacy and allow reasonable government access. For example . . . [continued],72510-0.html?tw=rss.index

WHITE HOUSE RETREATS UNDER PRESSURE (New York Times, 18 Jan 2007) -- The Bush administration’s abrupt abandonment on Wednesday of its program to eavesdrop inside the United States without court approval is the latest in a series of concessions to Congress, the courts and public opinion that have dismantled major elements of its strategy to counter the terrorist threat. In the aftermath of the 2001 attacks, President Bush asserted sweeping powers to conduct the hunt for operatives of Al Qaeda, the detention of suspects and their interrogation to uncover the next plot. But facing no new attack to justify emergency measures, as well as a series of losses in the courts and finally the Democratic sweep of the November election, Mr. Bush has had to retreat across the board. [Editor: Nothing new here, but it’s a concise summary of the past 5 years’ worth of sweeping claims of executive authority, and gradual retreat.]

**** RESOURCES ****
NIST DRAFT ONTOLOGY OF IDENTITY CREDENTIALS (6 Oct 2006) -- A definition more applicable to this publication is: “a description of objects, actors, actions and their relationships within the domain of Identity credentials.”

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School,
2. Edupage,
3. SANS Newsbites,
4. NewsScan and Innovation,
5. Internet Law & Policy Forum,
6. BNA’s Internet Law News,
7. Crypto-Gram,
8. McGuire Wood’s Technology & Business Articles of Note,
9. Steptoe & Johnson’s E-Commerce Law Week,
10. Readers’ submissions, and the editor’s discoveries.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.