**************Introductory Note**********************
MIRLN (Misc. IT Related Legal News) is a free product of the American Bar Association’s Cyberspace Law Committee and Dickinson Wright PLLC. Dickinson Wright’s IT & Security Law practice group is described at http://tinyurl.com/joo5y.
Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at http://www.abanet.org/dch/committee.cfm?com=CL320000 (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley (vpolley@REMOVETHISSTRINGvip-law.com) with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.
Recent MIRLN editions are archived at www.vip-law.com and blogged at http://mirln.blogspot.com/.
**************End of Introductory Note***************
ORDINARY CUSTOMERS FLAGGED AS TERRORISTS (Washington Post, 27 March 2007) -- Private businesses such as rental and mortgage companies and car dealers are checking the names of customers against a list of suspected terrorists and drug traffickers made publicly available by the Treasury Department, sometimes denying services to ordinary people whose names are similar to those on the list. The Office of Foreign Asset Control’s list of “specially designated nationals” has long been used by banks and other financial institutions to block financial transactions of drug dealers and other criminals. But an executive order issued by President Bush after the Sept. 11, 2001, attacks has expanded the list and its consequences in unforeseen ways. Businesses have used it to screen applicants for home and car loans, apartments and even exercise equipment, according to interviews and a report by the Lawyers’ Committee for Civil Rights of the San Francisco Bay Area to be issued today. “The way in which the list is being used goes far beyond contexts in which it has a link to national security,” said Shirin Sinnar, the report’s author. “The government is effectively conscripting private businesses into the war on terrorism but doing so without making sure that businesses don’t trample on individual rights.” The lawyers’ committee has documented at least a dozen cases in which U.S. customers have had transactions denied or delayed because their names were a partial match with a name on the list, which runs more than 250 pages and includes 3,300 groups and individuals. No more than a handful of people on the list, available online, are U.S. citizens. Yet anyone who does business with a person or group on the list risks penalties of up to $10 million and 10 to 30 years in prison, a powerful incentive for businesses to comply. The law’s scope is so broad and guidance so limited that some businesses would rather deny a transaction than risk criminal penalties, the report finds. http://www.washingtonpost.com/wp-dyn/content/article/2007/03/26/AR2007032602088_pf.html
NAVIGATING THE PCI STANDARD (CSOonline, 1 April 2007) -- In mid-December 2006, just as Visa was announcing a $20 million incentive to try to hurry compliance with the credit card industry’s data-security standard, a consultant for TJX was discovering precisely the sort of breach that the standard is supposed to prevent. An undisclosed number of transaction records from TJ Maxx, Marshalls and other TJX stores had been compromised. “Removed” by intruders, even. Exactly which records, when and by whom, the $16 billion retailer was unsure, although The Wall Street Journal later put the number of affected credit cards at more than 40 million. Behind the scenes, TJX executives began working with law enforcement and additional outside security experts to try to identify and fix the problem, prior to a January announcement of the breach. Meanwhile, in San Francisco, Visa was going public with an announcement of its own. Technically, if its merchants aren’t compliant with the Payment Card Industry (PCI) Data Security Standard, Visa can cut off their ability to accept Visa cards—a death sentence for commerce. Despite deadlines that had come and gone, however, only 36 percent of Visa’s largest merchants were following the rules. So starting in April, banks whose retail customers were in compliance and had not suffered security breaches would be eligible to receive funds from a pool of up to $20 million. In addition, Visa warned, it would increase fines to banks whose retail customers were not compliant and make PCI certification a requirement for some pricing discounts. As far as Visa is concerned, the standard is working—if only merchants would adopt it. “To date we have not seen that a PCI-compliant entity has been compromised,” Eduardo Perez, vice president for payment system risk at Visa, told CSO in January. Although he would not comment on the TJX incident specifically, he continued: “In every instance we’ve dealt with, compromised entities have not been compliant with PCI.” For critics, however, the TJX breach proves something else entirely. “It’s a perfect example of where the PCI program is not working,” says Avivah Litan, vice president and research director at Gartner. “It’s a good step. It’s good for the card brands to enforce security, but it’s impractical to expect 5 million retailers to become security experts.” In reality, the TJX breach is not so much an example as it is a test. Corporate America has long insisted that self-regulation, not government intervention, is the cure for what ails information security. Government regulations, they claim, tend to be poorly crafted and difficult to enforce; they turn into needlessly expensive exercises in bureaucratic paperwork. In response to the threat of such legislation, industry sectors have attempted to police themselves by establishing either voluntary guidelines or ones imposed by business partners. (See “Power Play.”) http://www.csoonline.com/read/040107/fea_pci_pf.html [Editor: the PCI DSS is available here: https://www.pcisecuritystandards.org/pdfs/pci_dss_v1-1.pdf ]
SELLING STUFF ONLINE? HERE COMES THE IRS (CNET, 13 April 2007) -- Americans who sell items through Internet auction sites could be in for an unpleasant surprise at tax time next year, thanks to an IRS proposal designed to identify taxpayers who don’t report income from those sales. The U.S. Treasury Department wants Congress to force auction sites like eBay, Amazon.com and uBid.com to turn over the identities and Social Security numbers of a large portion of their users to the IRS--so tax collectors know how much each person made through online selling. The effort is part of a larger plan, which enjoys enthusiastic support from both Democrats and Republicans, to close what’s known as the “tax gap.” It’s a broad term that covers Americans who don’t file tax returns or those who underreport their income, and the IRS believes it to total around $345 billion for the 2001 tax year. http://news.com.com/2100-1028_3-6176041.html
DOCS POINT TO E-VOTING BUG IN CONTESTED RACE (Wired, 17 April 2007) -- Symptoms consistent with a known software flaw in a popular electronic voting machine surfaced widely in a controversial election in Sarasota County, Florida, last November, despite county officials’ claims that a bug played no role in the election results, according to documents obtained by Wired News. Activists say the flaw might have contributed to the high number of lost or uncast votes in a now-contested congressional race. Incident reports from the election reveal Sarasota County poll workers from at least 19 precincts contacted technicians and election officials to report touch-screen sensitivity problems with the iVotronic voting machine. In those incidents, voters were forced to press the screen harder and repeatedly to register a vote. The complaints mirror the symptoms of a bug that the machine’s maker, Election Systems & Software, revealed prior to the election in a warning unheeded by the county. Additionally, the documents -- obtained through public records requests by Wired News and the Florida Fair Elections Coalition -- show the problems also appeared on a smaller scale during the primary election in Sarasota County two months earlier. This contradicts statements by Sarasota supervisor of elections Kathy Dent, who told Wired News last month that no such problems happened during the primary, and that she only learned voters were having problems with the touch screens after the November election was over and votes were counted. Seven voting machines had touch problems in the September primary, five of which later clocked in an unusually high number of “under votes” in the now-contested race for the U.S. House of Representative’s 13th Congressional District. http://www.wired.com/politics/onlinerights/news/2007/04/evotinganalysis
EU PRIVACY BODY CRITICIZES GOOGLE PRACTICES (MarketWatch, 19 April 2007) -- A European Union advisory body that monitors data privacy has written a letter to Google Inc. warning the No. 1 provider of Internet searches that its practices fall short of EU data protection standards, according to a person familiar with the group’s proceedings. Google confirmed that it received an earlier letter from the Norwegian Data Protection Group, which has a representative on the advisory body known as the Article 29 Working Party. A second letter is expected to be released by the European Commission on behalf of the Working Party, said the source, who spoke on condition of anonymity. Composed of privacy protection authorities from each of the EU’s 27 member nations, the group coordinates European privacy laws, and its member commissioners oversee privacy law in their home countries. If privacy authorities in those nations find Google in violation of data-protection statutes, the company can be fined. Google keeps a record of the Internet search habits of consumers who use its service. The U.S. government last year had asked Google and its search rivals, Yahoo Inc. and Microsoft Corp., for information as part of an investigation into online pornography. While Yahoo and Microsoft complied with the Justice Department subpoena for the data, Google refused the request, citing privacy concerns. A federal judge later ordered the company to release a less-extensive amount of information than U.S. officials had requested. The Mountain View, Calif.-based search giant’s data-collection and storage practices came under renewed scrutiny by the Working Party in the wake of Google’s $3.1 billion agreement to acquire fellow online ad firm DoubleClick, the source said. DoubleClick keeps extensive data on Internet ad campaigns, including who clicks on online banner ads and how often. Rivals of Google, as well as online privacy watchdog groups, have asked U.S. antitrust regulators to examine the combination, which will extend Google’s dominance of the online ad market. http://www.marketwatch.com/news/story/eu-privacy-body-criticizes-google/story.aspx?guid={578CE44F-EDC5-43A8-865A-51960583F9D3
CT RULES INTERNET ARCHIVE PRINTOUTS INADMISSABLE (BNA’s Internet Law News, 19 April 2007) -- BNA’s Electronic Commerce & Law Report reports that a federal court in New York has ruled that printouts of Web pages purporting to indicate how a Web page appeared at a prior point in time, supplied by the Internet Archive’s “Wayback Machine” service, are inadmissible without authenticating testimony from someone familiar with how the pages were created. The court ruled that in the absence of testimony or sworn statements from an employee of the operators of the third-party Web sites attesting to the authenticity of the contested Web page exhibits, the Wayback Machine exhibits cannot be authenticated as required under the Rules of Evidence. Case name is Novak v. Petswarehouse.com
NINTH CIRCUIT HELPS DMCA DEFENDANTS FIND SAFE HARBOR (Steptoe & Johnson’s E-Commerce Law Week, 19 April 2007) -- The Digital Millennium Copyright Act (DMCA) limits service providers’ liability for certain online material, including for “Transitory Digital Network Communications,” “System Caching,” “Information Residing on Systems or Networks At [the] Direction of Users,” and “Information Location Tools” (17 U.S.C. § 512(a-d)). But claiming these safe harbors can be difficult, since online service providers must first show that they have “adopted and reasonably implemented ... a policy that ... terminat[es] in appropriate circumstances ... subscribers ... who are repeat infringers,” and that they have not “interfere[d] with standard technical measures” of “identify[ing] or protect[ing] copyrighted works.” In Perfect 10, Inc. v. CCBill LLC, the Ninth Circuit addressed the plaintiff’s claim that CCBill, an online payment processor, and CWIE, a web hosting service, should not be given safe harbor. By offering a definition of a “reasonably implemented” termination policy, this ruling should help providers of online services more easily determine whether they meet the threshold for claiming DMCA safe harbor. And, for copyright holders, the ruling shows what not to do when giving a service provider notice of infringement. http://www.steptoe.com/publications-4417.html
NY COURT CONVERTS CONVERSION INTO E-TORT (Steptoe & Johnson’s E-Commerce Law Week, 19 April 2007) -- The common law tort of conversion provides a remedy for the theft or other unauthorized interference with the ownership of the plaintiff’s personal property. This cause of action has traditionally been limited to tangible objects. But in Thyroff v. Nationwide Mutual Insurance Co., the New York State Court of Appeals last month explicitly extended the Empire State’s conversion tort to “electronic records,” finding that the tort’s history supported its expansion to “keep pace with the contemporary realities of widespread computer use.” Specifically, the ruling allows an insurance agent to maintain a conversion claim against his former employer, which had allegedly prevented the agent from accessing personal and business information stored on the company computer system. But the conversion tort also gives employers another tool for going after workers who purloin company data. http://www.steptoe.com/publications-4417.html
JUDGE REFUSES TO DISMISS GOOGLE TRADEMARK SUIT (Information Week, 19 April 2007) -- A U.S. judge refused Wednesday to dismiss a lawsuit against Google Inc. that charges the Web search leader’s AdWords program abuses trademarks. In making his decision to allow the case to move forward, U.S. District Court Judge Jeremy Fogel ruled the public has an interest in whether AdWords, the company’s popular pay-per-click advertising system, violates U.S. trademark law. American Blind & Wallpaper Factory Inc., the top U.S. reseller of window blinds, charged in its lawsuit that Google abuses trademarks by allowing rivals of a company to buy ads that appear when consumers search the Web for information on that business. Google has prevailed in two prior trademark suits filed against its pay-per-click ads. Auto insurer GEICO lost a federal case in Virginia, and computer repair site Rescuecom lost a similar federal case, but is appealing. The latest ruling granted some claims while rejecting others in Google’s motion for summary judgment, which asked the judge to dismiss American Blind’s trademark infringement claims against Google’s AdWords ad-selling program. “The large number of businesses and users affected by Google’s AdWords program indicates that a significant public interest exists in determining whether the AdWords program violates trademark law,” Fogel wrote in his decision. A Google spokesman said the company still has a motion for sanctions against American Blinds pending before Magistrate Judge Richard Seeborg, in the same federal court, alleging that American Blinds failed to disclose key evidence. http://www.informationweek.com/story/showArticle.jhtml?articleID=199100854&cid=RSSfeed_IWK_News
YOUTUBE DELETES VIDEO OF MCCAIN SINGING ‘BOMB IRAN’ (CNET, 20 April 2007) -- YouTube confirmed Friday that it had erroneously deleted and would restore a video of presidential candidate John McCain singing an impromptu ditty about starting a war with Iran. The Arizona senator joked about attacking the sovereign nation during a campaign stop in South Carolina this week, singing, to the tune of the Beach Boys song “Barbara Ann”: “That old, that old Beach Boys song, Bomb Iran. Bomb, bomb, bomb, bomb, anyway.” According to a video recorded by what appears to be a camera phone held by someone at the back of the room, the audience laughed at McCain’s rendition of the classic song. But the clip was deleted by YouTube, which is owned by Google. A spokesman for YouTube, who asked that his name not appear in this article, said, “We appreciate the prompt feedback from our community regarding the McCain video. It was flagged by our users, we reviewed it and it was mistakenly removed. We have examined the situation and have since reinstated the video.” The spokesman refused to answer any other questions, such as when, exactly, the video was deleted or what procedures are in place to ensure that political candidates don’t use YouTube’s complaint procedure to squelch critics. The popular video-sharing site permits users to flag videos as “inappropriate.” This is not the first time a controversy has erupted over political videos removed by YouTube. The Electronic Frontier Foundation has documented other videos that it says should not have been deleted. The EFF has filed suit against Viacom on behalf of MoveOn.org and Brave New Films, saying a satire of the The Colbert Report was removed from YouTube following a “baseless” copyright complaint. “It is time to draw a line in the sand and make clear that taking down political speech first and asking questions later is absolutely unacceptable behavior,” Adam Green, civic communications director at MoveOn.org, said in response to the McCain video deletion. Recently, another anti-Bush video surfaced on YouTube. This one pokes fun at World Bank President Paul Wolfowitz--who is currently embroiled in a controversy over a hiring that violates the organization’s policy--in the style of NBC’s popular TV show The Office. Democratic Presidential candidate John Edwards is mocked in a video showing him spending more than two minutes fussing with his hair and camera makeup. http://news.com.com/2100-1025_3-6178173.html [McCain video here: http://www.youtube.com/watch?v=hAzBxFaio1I; Wolfowitz video here: http://www.youtube.com/watch?v=7UlhLLiQo2Y; Edwards video here: http://www.youtube.com/watch?v=2AE847UXu3Q]
WARNER MUSIC REACHES $110 MILLION SETTLEMENT WITH BERTELSMANN RELATED TO NAPSTER ALLIANCE (SiliconValley.com, 24 April 2007) -- Warner Music Group Corp., parent company of record labels such as Bad Boy, Nonesuch, and Rhino, said Tuesday it reached a $110 million settlement with Bertelsmann related to copyright infringement claims after Bertelsmann invested in Napster. Bertelsmann AG invested in the file-swapping site in 2000. Under the settlement, Bertelsmann admitted no liability. http://www.siliconvalley.com/news/ci_5739296?nclick_check=1
YAHOO STRIKES DEAL TO CATALOG LYRICS ONLINE (SiliconValley.com, 24 April 2007) -- Yahoo has teamed up with Gracenote, an Emeryville company, to offer what it is calling “the largest catalog of legal, licensed song lyrics” on the Web. “It fills a huge, gaping hole out there,” said Ian Rogers, general manager of Yahoo Music. While there are plenty of Web sites offering lyrics, Gracenote is the first company to have gone through the painstaking process of negotiating deals with the thousands of publishers who own copyrights to the lyrics. The catalog offered by Yahoo will include lyrics of 400,000 songs owned by more than 10,000 publishers. About 9,000 artists are represented, ranging from classic names such as the Beatles and Bob Dylan to more recent stars like Radiohead and Beyonce. Craig Palmer, chief executive of Gracenote, said it took more than two years and nearly 100 deals to forge the legal framework behind the database. Gracenote then had to create standards for publishing lyrics on the Web and put together an automated system for compensating the songwriters. This can include as many as 10 writers on a single hip-hop song. “The copyrights, the database and the payments issues all had to be solved in order to bring this obvious service to market,” Palmer said. Yahoo’s song lyrics are supposed to be the official versions. Under the licensing agreement, Yahoo will share with copyright holders the revenue from the ads that will be displayed alongside the lyrics. Music publishers such as BMG Music Publishing, EMI Music Publishing, Sony/ATV Music Publishing, Universal Music Publishing Group and Warner/Chappell Music are contributing lyrics. http://www.siliconvalley.com/news/ci_5738001
INTEL PROPOSES PLAN TO RESTORE LOST DOCUMENTS IN AMD SUIT (SiliconValley.com, 24 April 2007) -- Intel Corp. on Tuesday said it came up with a plan to restore documents destroyed as the company braced for massive antitrust litigation, saying it “regrets the lapse in its retention practices.” Rival chip maker Sunnyvale, Calif.-based Advanced Micro Devices Inc. has attacked what it calls Intel’s “grim reaper” email destruction policies, exposed in antitrust litigation in federal court in Delaware. In court papers Tuesday, Santa Clara, Calif.-based Intel cited its recently purchased a new email archive system that automatically saves all messages from designated document custodians as part of a plan to restore the lost materials. Filed in 2005, the case accuses Intel of misusing its market power in semiconductor chip manufacture to keep a lid on competition from AMD. Earlier this year, the long-simmering dispute heated up when Intel admitted to a potentially massive loss of documents that AMD was requesting to prepare its case. The two companies and lawyers for consumers who have joined in the antitrust lawsuit against Intel have been assessing the extent of the damage to documents that could become key evidence in the case. Tuesday, Intel filed a 39-page document setting out its plan to restore and supplement its database to make sure nothing important is left out of the mountain of data that AMD will be mining for evidence. The plan, Intel says, “will involve the processing and review of a huge, and as yet indeterminate volume of data.” The effort will be a costly one, Intel said, but the company wants to set things right. U.S. District Judge Joseph Farnan, who has appointed a special master to review the problem of the missing documents, said he would become personally involved at the stage where the accumulated data are tested to demonstrate whether incurable gaps exist. http://www.siliconvalley.com/news/ci_5740458
BANKS FILE DATA BREACH SUIT AGAINST TJX (CNET, 25 April 2007) -- The Massachusetts Bankers Association, a trade group, announced that it is filing a class action lawsuit against retailer TJX over a data breach that put more than 45 million credit and debit cards holders at risk of having their financial information accessed. The bankers association, along with the Connecticut Bankers Association and Maine Association of Community Banks, filed the lawsuit in the U.S. District Court in Boston. The three banking associations represent almost 300 banks and are seeking to recover “tens of millions of dollars” in damages, according to the filing. Last month, TJX announced it discovered a data breach of its customers’ records that spanned a two-year period. http://news.com.com/2110-7350_3-6179237.html
OHIO U. RESTRICTS FILE SHARING (InsideHigherEd, 26 April 2007) -- Ohio University, under heavy pressure from the recording industry to curtail illegal downloading on campus, announced a plan Wednesday to monitor its campus network for peer-to-peer file sharing and disable Internet access for students violating a new policy restricting the use of all peer-to-peer technology. The university is one of just a handful of institutions, including the University of Florida, to adopt such a broad approach to restricting file sharing, said John C. Vaughn, executive vice president of the Association of American Universities. “The concern is that if the price of restricting illegal file sharing is also to shut off legal transactions, that’s a price that most institutions aren’t willing to pay,” said Vaughn, who has tracked file sharing policies for the association of research universities. But to the extent that institutions can find ways to zero in on peer-to-peer protocols that are “used overwhelmingly for illegal file sharing,” Vaughn said, “then I think some institutions think it’s a reasonable policy.” Ohio University employees will begin monitoring the network Friday for use of such file sharing programs as Ares, Azureus, BitTorrent, BitLord, KaZaA, LimeWire, Shareaza and uTorrent. Any use of peer-to-peer technology under the new policy could result in a loss of Internet access and, upon the second offense, a disciplinary referral — although it’s important to note that the university will be phasing the policy in on a flexible, still undetermined time frame, targeting the biggest users first, according to Sally Linder, a university spokeswoman. http://insidehighered.com/news/2007/04/26/ohio
GERMAN GOVERNMENT ADMITS IT IS ALREADY CONDUCTING ONLINE SEARCHES (Heise Online, 26 April 2007) -- At a meeting of the Bundestag’s Interior Affairs Committee on Wednesday, the Chancellor’s Office admitted that Germany’s secret services have been conducting controversial, covert online searches of computers since 2005 after being given an order to do so by then-Interior Minister Otto Schily (SPD). Gisela Piltz, spokesperson for home affairs from the FDP in the Bundestag, made these announcements after the German government was forced to answer her questions concerning the touchy subject of the monitoring of private PCs and storage units on the Internet. The government said that it does not see any breach of the privacy of telecommunications and the basic right to control personal data. The government did not say how many covert telecommunications investigations had already taken place. Apparently, the government is dealing with practical problems concerning these online searches. For instance, government officials have allegedly been complaining about more data being collected than could be managed. Piltz said that “the cat is out of the bag” now that the government has made this general confession. According to the neoliberal FDP, a mere order from a ministry does not provide any legal basis for such deep intervention in the basic rights of citizens. The party says that the German government’s opinion that such searches in apartments do not constitute a violation of privacy is an outrage as long as the computers are not “in the garden.” In March, the German government reacted to another request for information from the FDP, explaining that the German Office for the Protection of the Constitution already has the right to conduct covert searches of networked PCs and protected data storage media on the Internet. At the beginning of February, the German Supreme Court ruled that state investigators have no legal basis for covert searches via the Internet. In that case, the Court handed down a ruling concerning one of the German Criminal Police Office’s projects. Since then, politicians such as German Interior Minister Wolfgang Schäuble (CDU) and police spokespeople have been calling for a legal basis to be provided quickly so that state criminal prosecutors can search PCs and online data carriers. But support for such measures has not only come from the CDU: Dieter Wiefelspütz, the SPD’s spokesperson for home affairs in the Bundestag, has also repeatedly called for the creation of a legal basis for covert online searches within strictly defined legal boundaries. Recently, he also indirectly admitted that the state was already conducting online searches of hard drives. http://www.heise.de/english/newsticker/news/88895
ARIZ. HIGH COURT REVERSES RULING ON GOVERNMENT E-MAIL PRIVACY (Arizona Republic, 26 April 2007) -- It is up to a judge, not government officials, to decide which messages generated from government e-mail systems are private. The ruling came from the Arizona Supreme Court on Wednesday morning after Phoenix Newspapers Inc. appealed a court decision denying The Arizona Republic access to about 90 e-mails Stanley Griffis sent or received during his time as Pinal county manager. Now a court will review those e-mails to determine which messages should be released as public record to the newspaper. The Arizona Republic requested access to Griffis’ e-mails last year after the Pinal County Sheriff’s Office launched an investigation into the former county manager’s misuse of public funds. Pinal County gave up more than 700 messages but withheld dozens that county officials and Griffis considered confidential or private. A court of appeals ruled that Griffis, and in essence government officials, had the right to decide what e-mails are private and what could be withheld from public record. But the Arizona Supreme Court’s ruling reversed that decision. “In camera (court) review of disputed documents . . . reinforces this Court’s previous holding that the courts, rather than government officials, are the final arbiter of what qualifies as a public record,” states the opinion of the Supreme Court of Arizona. “Griffis bears the burden of establishing that the e-mails are not public records.” David Bodney, an attorney representing the newspaper, said the ruling establishes an “important protocol for public officials who would try to withhold their e-mail communications as purely personal.” “The public has a strong right to know that its top appointed official was not using e-mail to further his own private schemes,” Bodney said. http://www.azcentral.com/news/articles/0426ruling0426.html
THE EUROPEAN PARLIAMENT APPROVES NEW, STRICTER ANTI-PIRACY DIRECTIVE (NordicHardware.com, 26 April 2007) -- The European Parliament voted yes on the new controversial directive Ipred 2 which concludes that all kinds of infringement of the intellectual copyrights will be considered criminal. The directive is actually stricter than that and even criminalizes attempts of infringing on copyrights. In theory this means that basically all video sites, P2P developers and other services used to spread material around the web is criminal. There is an exception though and that is the end-user. If this user downloads pirated material and use this only for his own entertainment, study or research he or she can not be prosecuted through the new directive. Ipred 2 has been harshly criticized from day 1 by people saying it in turn infringes on people freedom of speech and even been considered a lobby directive from the media industry. The goal is to harmonize (EP’s choice of word) the copyright laws of the member countries of the EU through the new directive. The fines and penalties will be adjusted by some countries according to the new directive, but they still vary quite a lot between the European countries where Great Britain are the strictest with up to 10 years in prison, while the same crime only pays three months in Greece. http://www.nordichardware.com/news,6197.html
MUSIC INDUSTRY WINS UW IDS IN FILE-SHARING CASE (Wisconsin State Journal, 26 April 2007) -- As many as 53 UW-Madison students could be slapped with lawsuits by the music recording industry after a federal judge on Wednesday ordered the university to surrender their names and other information for sharing digital music files over the Internet. On Tuesday, 16 record companies represented by the Recording Industry Association of America filed a lawsuit in U.S. District Court seeking the names associated with 53 Internet connections for copyright infringement. On Wednesday, U.S. District Judge John Shabaz signed an order requiring UW-Madison to relinquish the names, addresses, telephone numbers, e-mail addresses and Media Access Control addresses for each of the 53 individuals. The lawsuit and decision came as no surprise to the university, which last month declined to send out “settlement letters” from the RIAA to alleged copyright violators among UW-Madison students. http://www.madison.com/wsj/home/local/index.php?ntid=131102
-- and --
CONGRESS UPS ANTE ON FILE SHARING (InsideHigherEd, 3 May 2007) -- If campus technology officers have been feeling left out as their colleagues in the financial aid office get all the fan mail from Congress, never fear. Now it’s their turn. A bipartisan group of House of Representatives lawmakers said Wednesday that they had written the presidents of 19 colleges and universities asking their officials to complete an expansive survey on the use of their campus networks for illegal downloading of copyrighted music, video or other digital content. The institutions (all universities, a list of which appears at bottom) were singled out because they had received the largest number of copyright infringement notices from the recording and movie industries in the most recent reporting period. The effort was spearheaded by lawmakers on the House Judiciary Committee, which has led Congress’s scrutiny of the campus downloading issue so far. But the fact that the signers of the letter included the chairman and senior Republican on the House Education and Labor Committee suggested — to the dismay of some college officials — that leaders on the education panel might be receptive to dealing with the issue in legislation to renew the Higher Education Act this year. http://insidehighered.com/news/2007/05/03/download
NCAA BARS TEXTING OF RECRUITS (InsideHigherEd, 27 April 2007) -- The Division I Board of Directors of the National Collegiate Athletic Association has voted to ban text-messaging between coaches and recruits. A student advisory group told NACC leaders that text-messaging had become “instusive” and “overused.” http://insidehighered.com/news/2007/04/27/qt
GOOGLE HALTS `HIJACKED’ ADS USED TO STEAL PERSONAL DATA (SiliconValley.com, 27 April 2007) -- Google yanked paid advertisements that online criminals were using to steal banking and other personal information from Web surfers looking for the Better Business Bureau and other sites. The ads, linked to 20 popular search terms, directed those who clicked on them to a booby-trapped site where their information could be captured. It was unclear how many people were affected before the breach was discovered this week, but computer security experts said Thursday the attack appears to be isolated and only targeting Windows XP users who had not properly updated their machines. They said the attack was unlikely to undermine Google’s core business of selling lucrative advertising links, which made up the bulk of the Mountain View-based company’s $3.08 billion in profit in 2006 and $1 billion in the first quarter of 2007 alone. Google said it dismantled the offending links and shut down the problem AdWords accounts Tuesday. The company is working with advertisers to identify any other malware-loaded sites that might be on the network, it said. However, the experts said the infiltration of the Web’s largest marketing network raises questions for the entire search industry about how to screen advertisers for those with nefarious motives. The criminals created their own Web site and outbid legitimate businesses in Google’s AdWords program to secure prime placement of ads linked to popular search terms. Users who clicked on those ads were then routed to the booby-trapped site before being sent on to the legitimate destination. http://www.siliconvalley.com/news/ci_5762859 [Editor: reminds me a bit of the Choicepoint fiasco inasmuch as Google apparently was doing business with unvetted criminal parties. ‘Know-Your-Customer’ may take on a whole new meaning.]
N.Y. AG GETS FIRST SETTLEMENT UNDER SECURITY BREACH NOTIFICATION LAW (Information Week, 27 April 2007) -- The New York Attorney General has obtained the first settlement under the state’s new security breach notification law. Attorney General Andrew Cuomo announced Thursday that it has reached an agreement with CS Stars LLC, a Chicago-based claims management company, to implement precautionary procedures, comply with New York’s notification law in the event of another security breach, and pay $60,000 to the AG’s office for investigation costs. On May 9, 2006, an employee at CS Stars noticed that a computer was missing that held personal information, including the names, addresses, and Social Security numbers of recipients of workers’ compensation benefits, according to the AG’s office. The New York Special Funds Conservation Committee, a not-for-profit organization created to assist in providing benefits to workers under the New York Workers’ Compensation Law, was the owner of the data contained in the missing computer. It was not until June 29, 2006 that CS Stars first notified Special Funds of the security breach, the AG’s office reported. On the same date, the company notified the FBI, as well. The FBI instructed the company to not send out any notifications to people who might be affected by the data breach because it might impede their investigation. According to the AG’s release, CS Stars notified the Attorney General’s office, the Consumer Protection Board, and the state office of Cyber Security about the breach on June 30, 2006. Then on July 18, the company, with the permission of the FBI, the company began sending out notices to the approximately 540,000 potentially affected New York consumers notifying them of the security breach. Under New York’s Information Security Breach and Notification Law, any business that maintains private information which it does not own must notify the owner of the data of any security breach “immediately following discovery” of the breach. They also must notify all affected consumers in the “most expedient time possible.” http://www.informationweek.com/shared/printableArticle.jhtml?articleID=199202218
-- and --
GAO REPORT TARGETS DATA BREACH GUIDELINES (Network World, 30 April 2007) -- A U.S. Government Accountability Office (GAO) report issued Monday in response to a May 2006 data breach at the Department of Veterans Affairs says federal agencies should have uniform guidelines governing when to offer credit monitoring to individuals whose personal information is exposed. Veterans were denied the opportunity to take prompt steps to protect themselves against identity theft last year because internal delays kept key VA officials, including the agency’s secretary, in the dark for up to two weeks, the report states. One lesson learned after the breach is that federal agencies must have rapid internal notification of key officials, the GAO said. Today’s report urges the Office of Management and Budget, which oversees security and privacy for the federal government, to develop guidance agencies can use when determining whether to offer credit monitoring and other services that may reduce the risk of identity theft. Without such guidance, the GAO said, agencies may make inconsistent decisions that leave some people more vulnerable than others. http://www.networkworld.com/news/2007/043007-gao-data-breach-guidelines.html GAO report at http://www.gao.gov/new.items/d07657.pdf
ISO 17799 -- IT’S A CONTROL, NOT A STANDARD (Computerworld, 29 April 2007) -- I’m always interested when I learn that things aren’t the way I thought they were. Mom put “Santa’s” presents under the Christmas tree. Columbus didn’t discover America. Lee, Lifeson, and Peart aren’t equal to the Father, Son, and Holy Spirit. And, most recently, ISO 17799:2005 shouldn’t be used as a list of required controls for organizations to deploy. Don’t get me wrong. For something written by committee, the International Standards Organization and International Electrotechnical Commission Code of Practice for Information Security Management Reference Number 17799:2005 (from here on out ISO 17799) isn’t half bad. As anyone familiar with it knows, it’s a fairly exhaustive list of controls covering 11 major domains of information security (more on that later), from policy to compliance. It’s not perfect. Aside from the Briticisms (it is their language, after all), there are some areas where it doesn’t give enough depth or detail, others where it goes a little overboard, and some terminology that is just plain odd (“Threat Vulnerability Management,” anyone?). But these relatively minor shortcomings are outweighed by the overall benefits for those companies that turn to it for guidance. If your company is adopting ISO 17799 as a “standard,” however, you’re missing the point. ISO 17799 is a list of controls -- nothing more, nothing less. Notice the ample use of the word should throughout the document. Nowhere are there any requirements that an organization do anything. No ‘shall’ or ‘shall not’, no ‘do’ or ‘do not’ -- ISO 17799 is a list of guidelines, not requirements. This is a good thing. ISO 17799 was originally British Standard 7799-1, and meant to be adopted along with the other parts of the 7799 series, namely 7799-2 (Information Security Management Systems) and 7799-3 (Guidelines for Information Security Risk Management). Further muddying the waters, BS 7799-2 was recently adopted as ISO 27001. BS 7799-1/ISO 17799 will eventually be renumbered as ISO 27002 (PDF format). So what’s the point? That’s where ISO 27001 comes in. ISO 27001:2005 is a specification for an Information Security Management System (ISMS): These are things you must do to set up an ISMS. But what is an ISMS? The ISMS is the framework you need to have in place to define, implement and monitor the controls needed to protect the information in your company. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9018158&source=rss_topic146
DOJ BUSTS E-GOLD PAYMENT SERVICE ON MONEY LAUNDERING, CONSPIRACY CHARGES (Computerworld, 30 April 2007) -- A federal grand jury has indicted online payment provider E-gold Ltd. and three men on charges of money laundering and conspiracy. According to a four-count indictment unsealed Friday, Dr. Douglas Jackson, of Satellite Beach, Fla.; Reid Jackson, of Melbourne, Fla.; and Barry Downey, of Woodbine, Md.; and their company, E-gold, transferred funds even though they knew the monies were proceeds of child pornography, credit card fraud and bank fraud. E-gold carried out these transfers over a six-year period from 1999 to 2005, the government said. “Criminals of every stripe gravitated to E-gold as a place to move their money with impunity,” Jeffrey Taylor, U.S. Attorney for the District of Columbia, said in a statement. “The defendants in this case knowingly allowed them to do so and profited from their crimes.” After the indictment was passed down, federal prosecutors seized funds in 58 E-gold accounts and froze the company’s assets. E-gold can continue to operate under government supervision, however, and use existing funds to cash out unaffected accounts. E-gold, which was founded in 1996, has been a favorite of online scammers because it is completely anonymous, said Ron O’Brien, a senior security analyst at Sophos PLC. E-gold required only an e-mail address to register, and as a digital gold exchange it is not required to perform background checks on users. “E-gold has attracted cybercriminals because of the anonymity,” said O’Brien. The service has also been favored because payments are not reversible; once a payment is made, it can’t be retracted by the sender. In fact, several “ransomware” attacks -- malicious code that sneaked onto PCs, encrypted user files and then displayed a message demanding money to unlock the files -- have used E-gold as the payment method between victim and criminal, O’Brien noted. E-gold payments have also been linked to the notorious ShadowCrew identity theft gang. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9018291&source=rss_topic146
J.P. MORGAN CHASE PROBING DATA BREACH SHOWN IN YOUTUBE VIDEO (Computer World, 1 May 2007) -- Financial services firm J.P. Morgan Chase is investigating claims by a Washington, D.C.-based workers union that it dumped documents containing personal financial data belonging to its customers in garbage bags outside five branch offices in New York. Separately, it is also sending out letters to tens of thousands of Chicago-area customers and some employees about the potential compromise of their account information after a tape containing the data was reported missing. The Service Employees International Union, an organization claiming more than 1.8 million members countrywide, has posted a video on YouTube that supposedly shows documents containing account data -- including full customer names, addresses and Social Security numbers -- being discovered in trash bags outside the bank branches in and around New York City. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9018384&source=NLT_AM&nlid=1
RECOVERING THE COSTS OF ELECTRONIC DATA DISCOVERY AS PART OF A BILL OF COSTS (ABA’s Law Technology Today, 1 May 2007) -- In today’s world of exploding digital content, complying with discovery requests often means identifying, preserving, collecting, coding, reviewing and producing gigabytes, if not terabytes, of data. To satisfy these electronic data discovery (EDD) obligations – many of which are now codified in the recent amendments to the Federal Rules of Civil Procedure – litigants regularly turn to a wide variety of electronic discovery specialists to collect data, code it and build sophisticated computerized databases that make it possible for discovery reviews to proceed efficiently and for litigators to prepare for trial. The costs of these activities can be expensive, running from tens of thousands to hundreds and even millions of dollars in a single case, prompting litigants to seek vehicles for shifting this financial burden to their opponents. The recent amendments to the Federal Rules of Civil Procedure now codify the courts’ long-standing authority to shift unduly burdensome production costs to the party requesting the discovery.[1] This authority, however, rarely gets exercised and, at best, addresses only isolated requests for production and not the lion’s share of EDD-related costs. Six years ago, the Sedona Conference advocated that this issue be addressed by allowing prevailing parties to recover electronic discovery costs.[2] The recent decision in Lockheed Martin Idaho Technologies Co. (“LMITCO”)[3]indicates that courts may be increasingly inclined to adopt this approach when exercising their discretion under 28 U.S.C. § 1920 and its state counterparts – at least under certain circumstances. [Editor: LMITCO decision analysis follows.] http://www.abanet.org/lpm/ltt/articles/vol1/is2/Recovering_the_Costs_of_Electronic_Data_Discovery.shtml
THE RIGHT’S EXPLICIT AND CANDID REJECTION OF “THE RULE OF LAW” (Salon.com, 2 May 2007) -- The Wall St. Journal online has today published a lengthy and truly astonishing article by Harvard Government Professor Harvey Mansfield, which expressly argues that the power of the President is greater than “the rule of law.” The article bears this headline: The Case for the Strong Executive -- Under some circumstances, the Rule of Law must yield to the need for Energy. And it is the most explicit argument I have seen yet for vesting in the President the power to override and ignore the rule of law in order to receive the glories of what Mansfield calls “one-man rule.” That such an argument comes from Mansfield is unsurprising. He has long been a folk hero to the what used to be the most extremist right-wing fringe but is now the core of the Republican Party. He devoted earlier parts of his career to warning of the dangers of homosexuality, particularly its effeminizing effect on our culture. [snip] But reading Mansfield has real value for understanding the dominant right-wing movement in this country. Because he is an academic, and a quite intelligent one, he makes intellectually honest arguments, by which I mean that he does not disguise what he thinks in politically palatable slogans, but instead really describes the actual premises on which political beliefs are based. And that is Mansfield’s value; he is a clear and honest embodiment of what the Bush movement is. In particular, he makes crystal clear that the so-called devotion to a “strong executive” by the Bush administration and the movement which supports it is nothing more than a belief that the Leader has the power to disregard, violate, and remain above the rule of law. And that is clear because Mansfied explicitly says that. And that is not just Mansfield’s idiosyncratic belief. He is simply stating -- honestly and clearly -- the necessary premises of the model of the Omnipotent Presidency which has taken root under the Bush presidency. http://www.salon.com/opinion/greenwald/2007/05/02/mansfield/ [Editor: I am *NOT* articulating ABA views in deciding to run this excerpt, only my own. Me? I think there’s nothing more important than the rule of law (slippery slope, and all that). The Journal’s article can be found here: http://opinionjournal.com/federation/feature/?id=110010014]
PERSPECTIVE: EVEN IN NET LITIGATION, IT’S ALL ABOUT LOCATION (CNET, 2 May 2007) -- The Web site DontDateHimGirl.com allows women to make anonymous postings about specific men. So it was that a defamation lawsuit got filed with respect to statements made on the site about one particular man. But the case was just dismissed for failure of personal jurisdiction, offering a signal lesson in why the details of the law matter. Let’s take a closer look at the facts of the case. On May 24, 2006, a profile of the plaintiff appeared on the DontDateHimGirl site. Additional postings about the man appeared later. In a lawsuit filed in state court in Pennsylvania, the plaintiff claimed that the profiles were false and misrepresented him as being a herpes-ridden gay or bisexual who had transmitted a sexually transmitted disease and had sired different children. The court determined that whether the use of an Internet Web site permits it to exercise jurisdiction over an out-of-state company under Pennsylvania’s Long-Arm Act required the court to look to a “sliding scale” of contacts. Namely, the more contacts by the defendants with the state of Pennsylvania, the more likely it is appropriate for the court to decide that it has personal jurisdiction over the defendants. The court then embarked on an analysis of those contacts in this case. The court first noted that the server for the DontDateHimGirl.com site is located in Florida, not Pennsylvania, and that all Web site operations take place in Florida. The court also concluded that the site does not specifically solicit residents of Pennsylvania to post profiles on the site. However, the defendants apparently are aware that Pennsylvania residents will post profiles on the site. The court concluded that the defendants do not perform a “significant amount of commercial business over the Internet” as directly impacting Pennsylvania sufficient to warrant personal jurisdiction over the defendants in the state. The court also found that while DontDateHimGirl.com maintains an online store on its server where users can purchase clothing and accessory items, the store has made sales to only six Pennsylvania residents, for less than five percent of the total sales of the store. After analyzing the foregoing facts, the court concluded that the defendants do not perform a “significant amount of commercial business over the Internet” as directly impacting Pennsylvania sufficient to warrant personal jurisdiction over the defendants in the state. Indeed, the court viewed the defendants’ activities as no more than “general advertising with the added convenience of an online registry.” The court recognized that the DontDateHimGirl.com Web site, like other sites, is accessible to anyone connected to the Internet anywhere in the world. The court rejected the notion that a defendant can be hauled into court in any state for any controversy, regardless of contacts with that particular state. This would violate principles of due process, according to the court. http://news.com.com/Even+in+Net+litigation%2C+its+all+about+location/2010-1028_3-6180169.html?tag=nefd.top
ARMY SQUEEZES SOLDIER BLOGS, MAYBE TO DEATH (Wired, 2 May 2007) -- The U.S. Army has ordered soldiers to stop posting to blogs or sending personal e-mail messages, without first clearing the content with a superior officer, Wired News has learned. The directive, issued April 19, is the sharpest restriction on troops’ online activities since the start of the Iraq war. And it could mean the end of military blogs, observers say. Military officials have been wrestling for years with how to handle troops who publish blogs. Officers have weighed the need for wartime discretion against the opportunities for the public to personally connect with some of the most effective advocates for the operations in Afghanistan and Iraq -- the troops themselves. The secret-keepers have generally won the argument, and the once-permissive atmosphere has slowly grown more tightly regulated. Soldier-bloggers have dropped offline as a result. The new rules obtained by Wired News require a commander be consulted before every blog update. “This is the final nail in the coffin for combat blogging,” said retired paratrooper Matthew Burden, editor of The Blog of War anthology. “No more military bloggers writing about their experiences in the combat zone. This is the best PR the military has -- it’s most honest voice out of the war zone. And it’s being silenced.” Army Regulation 530--1: Operations Security (OPSEC) restricts more than just blogs, however. Previous editions of the rules asked Army personnel to “consult with their immediate supervisor” before posting a document “that might contain sensitive and/or critical information in a public forum.” The new version, in contrast, requires “an OPSEC review prior to publishing” anything -- from “web log (blog) postings” to comments on internet message boards, from resumes to letters home. Active-duty troops aren’t the only ones affected by the new guidelines. Civilians working for the military, Army contractors -- even soldiers’ families -- are all subject to the directive as well. But, while the regulations may apply to a broad swath of people, not everybody affected can actually read them. In a Kafka-esque turn, the guidelines are kept on the military’s restricted Army Knowledge Online intranet. Many Army contractors -- and many family members -- don’t have access to the site. Even those able to get in are finding their access is blocked to that particular file. http://www.wired.com/politics/onlinerights/news/2007/05/army_bloggers New rule at http://blog.wired.com/defense/files/army_reg_530_1_updated.pdf; OPSEC rule at http://blog.wired.com/defense/files/army_reg_530_1_updated.pdf
GUIDELINES FOR OUTSOURCING GROW (National Law Journal, 3 May 2007) -- Responding to a growing trend of outsourcing legal services to other countries, three bar associations in the last year have issued opinions that aim to provide ethical guidelines for lawyers. The Los Angeles County Bar Association was the first to tackle the issue when it delivered an opinion in June 2006. It was followed by the Association of the Bar of the City of New York in August and, most recently, by the San Diego County Bar Association in January. The opinions are meant to guide lawyers considering outsourcing to foreign countries -- a cost-saving strategy an increasing number of law firms are relying on for myriad services. They range from advising attorneys when they must inform clients that work is being outsourced to charging “appropriate” fees. A 2005 study by Forrester Research, a technology and market research company in Cambridge, Mass., predicted that the value of legal outsourcing work to India could rise from $80 million to $4 billion by 2015. Prism Legal Consulting of Arlington, Va., which advises law firms on a number of issues, found more than 60 offshore legal services companies in October, compared with only 20 in March 2005. Paul Dutka, a partner in New York’s Weil, Gotshal & Manges who chairs the New York City bar association’s Committee on Professional and Judicial Ethics, said legal outsourcing will continue to command attention. http://www.law.com/jsp/llf/PubArticleLLF.jsp?id=1178096674507&rss=newswire
GOOGLE LISTS BELGIAN NEWSPAPERS AGAIN AS COPYRIGHT ROW COOLS (SiliconValley.com, 3 May 2007) -- Belgian French-language newspapers were back on Google on Thursday after agreeing that the search engine can link to their Web sites, the first signs of a thaw in a bitter copyright dispute. But neither has so far settled on a key part of the dispute: the use of newspaper story links used on Google News. In February, Google Inc. lost a lawsuit filed by the newspapers that forced it to remove headlines and links to news stories posted on its Google News service and stored in its search engine’s cache without the copyright owners’ permission. Google had earlier removed all reference to the newspapers to avoid legal trouble, meaning that a search for even the name of Belgian daily “Le Soir” would not bring up the publication’s Web site. But searchers will now find that paper and 16 others - although they will not be able to access stored versions of older content that the newspapers want to charge for. It is similar to the system used by The New York Times and others for premium content that marks stories with a “no archive” tag so it won’t be cached. In a joint statement, Google and the newspapers’ copyright group Copiepresse said they had decided that Google could once again list the newspapers on the search engine. But they made no mention of one of the main parts of their dispute, Google News, merely saying they were still in talks. http://www.siliconvalley.com/news/ci_5809436?nclick_check=1
SUPREME COURT MEETS YOUTUBE (ABA Journal, 4 May 2007) -- In a U.S. Supreme Court first, the justices have joined the Internet age, including digital access to videotaped evidence with an opinion. Scott v. Harris, No. 05-1631 (April 30). The grainy clip (Real Player), which can be reached via a hyperlink on the court’s opinions Web page, shows the view from the dashboard of a police car involved in a high-speed chase in suburban Atlanta. Although the video can’t physically be included in the published opinion, it is referenced in a footnote in which the URL is written out, notes Kathy Arberg, a spokeswoman for the court. “Because the video was referred to in the opinion, the court wanted to provide access to the video on its Web site,” Arberg says. This use of new technology is likely to be more interesting to many lawyers than the actual decision. Observers see the decision to post the clip as a milestone for the court, which has been notoriously reluctant to embrace new technology, especially cameras in its courtroom. “It’s about time,” says David Post, a professor at Temple Law School in Philadelphia. That’s because in more and more cases today, he says, “limitations of the print technology make it impossible or very difficult to actually understand the legal issues.” Post cites a Supreme Court case of more than a decade ago that he uses as a teaching tool in his copyright class. It concerned a 2 Live Crew rap cover of a famous Roy Orbison song, “Oh, Pretty Woman.” Orbison sued for copyright infringement, but 2 Live Crew successfully defended its version as a fair-use parody. Campbell v. Acuff-Rose Music 510 U.S. 569 (1994). http://www.abanet.org/journal/ereport/my4video.html
**** RESOURCES ****
PRIVACY’S OTHER PATH: RECOVERING THE LAW OF CONFIDENTIALITY (96 Georgetown Law Journal, 2007) -- Abstract: The familiar legend of privacy law holds that Samuel Warren and Louis Brandeis “invented” the right to privacy in 1890, and that William Prosser aided its development by recognizing four privacy torts in 1960. In this article, Professors Richards and Solove contend that Warren, Brandeis, and Prosser did not invent privacy law, but took it down a new path. Well before 1890, a considerable body of Anglo-American law protected confidentiality, which safeguards the information people share with others. Warren, Brandeis, and later Prosser turned away from the law of confidentiality to create a new conception of privacy based on the individual’s “inviolate personality.” English law, however, rejected Warren and Brandeis’s conception of privacy and developed a conception of privacy as confidentiality from the same sources used by Warren and Brandeis. Today, in contrast to the individualistic conception of privacy in American law, the English law of confidence recognizes and enforces expectations of trust within relationships. Richards and Solove explore how and why privacy law developed so differently in America and England. Understanding the origins and developments of privacy law’s divergent paths reveals that each body of law’s conception of privacy has much to teach the other. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=969495
YOUR IDENTITY HAS BEEN STOLEN: A 24-POINT RECOVERY CHECKLIST (AskTheAdvisor, 20 March 2007) -- If you are between the ages of 18 to 29 and you live in Phoenix or Los Angeles, your chances for identity theft are higher than the national average according to the Federal Trade Commission (FTC). But, if you’re over age thirty and you live in Somerset, Vermont (population 5), don’t wipe the sweat off your brow just yet. Identity theft can occur through numerous methods, and you could be the next victim no matter where you live or your age. Identity theft accounted for 255,000 — or 37 percent — of more than 686,683 complaints registered with the FTC in 2005. These figures mark the sixth year in a row where identity theft has topped the list of complaints filed with this agency. The most commonly reported form of identity theft was credit card fraud, followed by phone or utilities fraud, and bank (electronic funds transfer) and employment fraud. You can reduce your risks for identity theft, but you don’t have control over government agencies, hospitals, or retail stores that manage to lose your personal information. The following list will walk you through the steps that will help you recover your identity and restore your credit rating. [Lots of useful URLs in the web version.] http://www.yourcreditadvisor.com/blog/2007/03/your_identity_h.html
THE BEST AND WORST INTERNET LAWS (Informit.com, 20 April 2007) -- Over the past dozen years, the lure of regulating the Internet has proven irresistible to legislators. For example, in the 109th Congress, almost 1,100 introduced bills referenced the word “Internet.” Although this legislative activity doesn’t always come to fruition, hundreds of Internet laws have been passed by Congress and the states. This body of work is now large enough that we can identify some winners and losers. So in the spirit of good fun, I offer an opinionated list of my personal votes for the best and worst Internet statutes in the United States. http://www.informit.com/articles/printerfriendly.asp?p=717374&rl=1 [Editor: There’s real substance here.]
BLOGGER’S CODE OF CONDUCT (Wikipedia, ongoing) -- Tim O’Reilly called for bloggers to work together to create a Blogger’s Code of Conduct. This wiki is used for the development of this code of conduct. After a week’s discussion, we have decided to split this code into modules. Bloggers can choose the specific modules they want to apply to their new blog. Feel free to edit or add to these any of these nodes or visit the discussion page to discuss your thoughts. You can also join the mailing list to discuss this draft. Please do not simply remove points you disagree with, but discuss them on the talk page. http://blogging.wikia.com/wiki/Blogger%27s_Code_of_Conduct
CONGRESSPEDIA -- Welcome to Congresspedia, the “citizen’s encyclopedia on Congress” that anyone—including you—can edit. Congresspedia is a not-for-profit, collaborative project of the Center for Media and Democracy and the Sunlight Foundation and is overseen by an editor to help ensure fairness and accuracy. Congresspedia is part of SourceWatch, a wiki-based website documenting the people, organizations and issues shaping the public agenda. http://www.sourcewatch.org/index.php?title=Congresspedia
******* PERSONAL NOTE *******
Today my daughter, Elizabeth, graduates from the University of Florida. We’re very proud of her. Go Gators!
SOURCES:
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu.
2. Edupage, http://www.educause.edu/pub/edupage/edupage.html.
3. SANS Newsbites, sans@sans.org.
4. NewsScan and Innovation, http://www.newsscan.com.
5. Internet Law & Policy Forum, http://www.ilpf.org.
6. BNA’s Internet Law News, http://ecommercecenter.bna.com.
7. Crypto-Gram, http://www.schneier.com/crypto-gram.html.
8. McGuire Wood’s Technology & Business Articles of Note, http://tinyurl.com/ywsusp
9. Steptoe & Johnson’s E-Commerce Law Week, www.steptoe.com
10. Readers’ submissions, and the editor’s discoveries.
This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/us/ or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.
PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.
No comments:
Post a Comment