Saturday, August 18, 2007

MIRLN - Misc. IT Related Legal News [29 July - 18 August 2007; v10.11]

**************Introductory Note**********************

MIRLN (Misc. IT Related Legal News) is a free product of the American Bar Association’s Cyberspace Law Committee and Dickinson Wright PLLC. Dickinson Wright’s IT & Security Law practice group is described at http://tinyurl.com/joo5y.

Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at http://www.abanet.org/dch/committee.cfm?com=CL320000 (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley (vpolley@REMOVETHISSTRINGvip-law.com) with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN editions are archived at www.vip-law.com and blogged at http://mirln.blogspot.com/.

**************End of Introductory Note***************

DIGITAL DNA COULD FINGER HARRY POTTER LEAKER (TimesOnline, 19 July 2007) - A few lines of ‘digital DNA’ could allow the publishers of Harry Potter to find and finger the person apparently responsible for leaking the final adventures of the boy wizard. A leaked version of what is claimed to be the latest Harry Potter novel, painstakingly photographed page by page, has been posted on the internet before the book’s worldwide release on Friday and circulated via file-sharing networks. But computer experts said today that the identity of the person behind the leak could be revealed by tracing the digital camera that was used. Information contained on the photographs uploaded to file-sharing websites could provide a trail which leads back to the photographer, said experts at Canon, the imaging company. By examining the vital information - or ‘metadata’ - built into each photo, the company’s technical officers have established the serial number of the camera that was used, which could in turn lead to the identity of the camera’s owner. The information, known as Exchangeable Image File Format (Exif) data, has already revealed that the camera used was a Canon Rebel 350. Because the model is three years old, the device would likely have been serviced at least once since it was purchased, in which case the owner’s name would be known. The serial number itself would not necessarily give away the name of the owner, Canon said, as it can only match serial numbers with owners if the purchaser registers the device after buying it. Every time a Canon camera is serviced, however, the serial number and owner are logged together. “In theory, we can find out which country the camera was sold in and in turn the warranty and service centre records in that country could be checked,” Vic Solomon, a product intelligence officer at Canon’s UK head office, said. “It would take a lot of work, but there’s a good chance they could find him or her. A post on the digg.com website claimed that the serial number of the camera which photographed the pages claimed to be from the unpublished Harry Potter, was 560151117. Canon’s head office in Japan confirmed that a serial number would reveal the country in which the camera was sold and possibly also the store, but declined to give any further information about the device used in this case. http://entertainment.timesonline.co.uk/tol/arts_and_entertainment/books/article2104250.ece

MARINE COURT MARTIAL USES LIVE INTERNET VIDEO (Wired, 24 July 2007) - A military justice tribunal convened to probe the killings of 24 civilians in Haditha, Iraq, faced a daunting problem last month: how to fairly take testimony and allow cross-examination of a slew of service members deployed around the globe in the middle of a war. Their solution was the internet. While the hearing was held at this Marine base about 40 miles north of San Diego, half-a-dozen witnesses, including a two-star general at the Pentagon, a first lieutenant in Kuwait and a Marine on a ship steaming toward Iraq, gave testimony over a live two-way video stream, in an unprecedented trial by video that earned mixed reviews from lawyers. Many criminal courts already conduct arraignments of incarcerated suspects by video - with the defendant’s waiver of the right to appear. But little else in court proceedings has been done by video conferencing, and in a criminal-justice system resistant to change, adoption has been slow. So the Marines took a page from international courts, which routinely marshal testimony from far-flung places and have found video links nearly indispensable. During the testimony, the link to Kuwait held steady, while the links to the Pentagon and the personnel carrier were interrupted several times. “Ships are moving targets and it can be tough to locate and lock,” Brunnell adds. The video testimony was praised by some lawyers in the case, where three enlisted men have been charged with murder, and four officers face dereliction of duty and filing false report charges for not investigating the November 2005 deaths of 24 Iraqis. “We might not have gotten some of the testimony without it,” says Charles Gittens, who represents one of the officers. “They would have declared the general unavailable and, let’s face it, some of these (active-duty Marine) witnesses may not live to trial.” Other attorneys, including Brian Rooney, who represents Lt. Col. Jeffrey Chessani, say their clients were cheated of a fair hearing by the technology. “The whole idea is to allow the tryer of fact to observe the person being questioned,” Rooney says, citing the constitutional right to confront an accuser. “You pick up a little of the body cues from how their hands are held, from their eyes, from how they sit.” The seriousness of the occasion may be lost on the witness, Rooney says. In the Haditha case, one witness, 1st Lt. Adam Mathes, sprawled out carelessly in a conference-room chair during his testimony from Kuwait. And Maj. Gen. Richard Huck’s aides were reading and making faces while the general waited for the video conferences to resume. http://www.wired.com/politics/law/news/2007/07/video_trial

AMENDED COURT RULING SUGGESTS THAT FBI NEEDS A WARRANT FOR SPYWARE (ArsTechnica, 26 July 2007) - If the FBI believes you have committed a crime—for example, setting up a massive ecstasy laboratory inside an insulated sea/land container near Escondido, California—they have the power to gather “pen register” information on you without a warrant. This information includes phone numbers dialed, IP addresses of web sites visited, and e-mail addresses contacted. But can the government collect this information from a person’s PC using spyware and still do so without a warrant? That question was raised by the widely-covered Ninth Circuit ruling in US v. Forrester. The court ruled that the FBI has the right to electronic pen register information like e-mail addresses, but it did not say how the FBI had gathered this information. That led commentators to wonder if the FBI was using the CIPAV spyware that it has deployed in other recent cases (in the linked case, a warrant was obtained before CIPAV was used) to gather this information. If so, was the court really saying that the Feds could go around implanting spyware on computers with only minimal judicial oversight? Apparently not. The sharp eyes at Wired note that the court has now amended the ruling in the US v. Forrester case to remove this ambiguity. The brief addition (PDF) simply states that the surveillance in question was done the traditional way, at a local ISP office. In this case, the data was collected using a “mirror port” on a PacBell Internet router in San Diego. While the court does not come out and say that the FBI does need a warrant before installing CIPAV on a suspect’s computer, the new language certainly suggests that the court is attempting to limit the scope of its initial ruling so that it applies only to more traditional pen register tools. http://arstechnica.com/news.ars/post/20070726-ninth-circuit-suggests-that-fbi-needs-a-warrant-for-spyware.html

CALIFORNIA REPORT SLAMS E-VOTING SYSTEM SECURITY (Computerworld, 27 July 2007) - Researchers commissioned by the state of California have found security issues in every electronic voting system they tested, California Secretary of State Debra Bowen said Friday. The report was published Friday as part of a complete review of the state’s e-voting systems initiated earlier this year by Bowen’s office. Its findings were not encouraging for backers of e-voting. “The security teams were able to bypass both physical and software security in every system they tested,” Bowen said Friday during a conference call with media. The report documents 15 security problems found in the devices. For example, researchers were able to exploit bugs in the Windows operating system used by the Diebold GEMS election management system to circumvent the system’s audit logs and directly access data on the machine. They were able to get a similar level of access to Sequoia WinEDS data as well. Testers were also able to overwrite firmware, bypass locks on the systems, forge voter cards, and even secretly install a wireless device on the back of a GEMS server. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9028262 [Editor: Good commentary by Bruce Schneier at http://www.schneier.com/crypto-gram-0708.html#1]

CONTRACTS CAN’T BE CHANGED ONLINE WITHOUT NOTICE, COURT RULES (Computerworld, 27 July 2007) - A federal appeals court has ruled that companies can’t change their contracts and post those revisions online without notifying customers first. The ruling by the U.S. Court of Appeals for the Ninth Circuit paves the way for Joe Douglas, a customer of telephone company Talk America Holdings Inc., to file a class-action suit against the company. Talk America has since merged with Cavalier Telephone LLC in Richmond, Va. According to the court documents, Douglas signed a contract for service with America Online Inc. The business was then acquired by Talk America, which continued to provide telephone service to AOL’s former customers. However, Talk America changed the contract AOL had with its customers and posted those changes on its Web site without notifying the customers first. The company added several provisions, including an increase in prices, an arbitration clause and a class-action suit waiver. Douglas continued using the service for four years, unaware that the new company had made any changes. Since his monthly charges were automatically billed to his credit card, Douglas didn’t realize that the cost of his service had changed. When Douglas became aware of the new charges, he sued in federal court in California, charging Talk America with violating the Federal Communications Act, breach of contract and violating other California consumer protection laws. Talk America asked the court to force Douglas into arbitration, which it did. Douglas then appealed that decision to the federal appeals court, which ruled that companies couldn’t arbitrarily change their contracts and post those changes on their Web sites without notifying their customers. The court said that because a contract was an agreement between two parties, one of the parties couldn’t change it unless the other party agreed to the change. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9028240&source=rss_news10 Decision at http://pub.bna.com/eclr/0675424_071807.pdf; ABA Business Law Section members may access presentation materials from the 11 August 2007 Cyberspace Committee presentation “Website Agreements: ‘I Didn’t Agree to Those Terms, Did I?’” at http://www.abanet.org/buslaw/mo/premium-cl/programs/ann07/11.pdf

- but -

DELL CANADA CASE SETS STANDARD FOR ONLINE CONTRACTS (MichaelGeist.ca, 30 July 2007) - My weekly Law Bytes column (Toronto Star version, The Tyee version, homepage version) examines the recent Supreme Court of Canada decision involving Dell Computer, online contracting, and mandatory arbitration clauses. Late on a Friday afternoon in April 2003, Dell Computer’s Canadian website featured a pair of erroneous prices for the Axim, the company’s handheld computer. Rather than listing the two versions of the device correctly at $379 and $549, the site indicated that the price was $89 and $118. Dell blocked access to the pages the following day, however, the mistakes remained accessible throughout the weekend via a direct hyperlink. Dell typically sold about three Axims each weekend, yet on this particular April weekend, 354 Quebec-based consumers placed 509 orders. Olivier Dumoulin was among those consumers and when Dell refused to honour the mistaken price, he joined forces with a Quebec-based consumer group to launch a class action lawsuit against the company. Dell tried to block the suit, arguing that its consumer contract provided that all disputes were to be resolved by arbitration. The Dell case wound its way through the Canadian court system, concluding with a Supreme Court of Canada decision last month. Quebec trial and appellate courts both sided with Dumoulin, ruling that the arbitration clause was not enforceable and that the consumer class action could proceed. The Supreme Court overturned those decisions, concluding that the arbitration clause was enforceable and that the use of a hyperlink was sufficient. Dell unsurprisingly welcomed the decision, maintaining that the ability to use arbitration “will lead to the fair and efficient resolution of cases for consumers and business alike.” Consumer groups were furious, stating that the decision marked “a dark day for online shoppers in Canada.” Yet a closer examination of the decision and the current state of e-commerce in Canada suggests that neither side is right. Dell may extol the virtues of arbitration clauses, however, the reality is that they have been largely eliminated from Canadian e-commerce contracts by provincial legislation in Ontario, British Columbia, and Quebec (the Quebec law was passed after the Dell incident) that bars companies from using such clauses to block potential class action lawsuits. Indeed, a review of the consumer contracts used by many leading Canadian e-commerce companies reveals that the overwhelming majority - including Chapters, Expedia, Future Shop, Best Buy, Sears, eBay, Rogers, Bell, the Bay, Zip, Roots, and Toys R Us - do not include a binding arbitration clause. Exceptions to this general rule include Amazon.ca (which maintains that it operates outside Canada) and Bose Canada (which appears to be violating Ontario law). The effect of the Supreme Court’s online contracting comments may be more far reaching. The Court concluded that contractual terms and conditions can be enforceable even if the consumer is required to click on a hyperlink to access them (ie. the terms are not found on the ordering page itself). It emphasized that the terms and conditions must be “reasonably accessible” and expressed the view that a hyperlinked document meets that standard. http://www.michaelgeist.ca/content/view/2141/135/

LOSS FOR THE STUDENT PRESS (InsideHigherEd, 30 July 2007) - First Amendment lawsuits by student journalists at public universities become moot when the plaintiffs graduate, according to a decision by the U.S. Court of Appeals for the 10th Circuit. The ruling came in an appeal by two former editors of The Kansas State Collegian, who charged that their First Amendment rights were violated in 2004 when the university removed Ron Johnson, a journalism professor, as the newspaper’s adviser. The appeals court ruled that “because defendants can no longer impinge upon plaintiffs’ exercise of freedom of the press, plaintiffs’ claims for declaratory and injunctive relief are moot.” The court went on to say that “there is no reasonable expectation that [the former editors] will be subjected, post-graduation, to censorship by defendants.” The court noted that the current editors could sue over their First Amendment rights, but since they had not done so earlier, their interests could not be considered now. http://insidehighered.com/news/2007/07/30/kstate

TV DOWNLOADS ‘USE UNDERHAND TACTICS’ (The Guardian, 30 July 2007) - Experts have warned that the new breed of TV download services may leave some web surfers struggling to cope with slow internet connections. Services such as Channel 4’s 4oD, the BBC iPlayer and Sky Anytime allow users to download TV programmes and watch them on their computers. But many consumers are unaware that the system continues to send files to and from a computer even when the program appears to have been closed. Ian Fogg, a broadband analyst with Jupiter Media, said this could drastically reduce the speed of some viewers’ internet connections. When testing the BBC iPlayer software, for example, his colleagues found that their web surfing slowed to a crawl - even though they had closed the application. “It’s coming across quite underhand, and the consumer has no visible way of switching it off,” he said. “Many will notice that their internet connections may be running slower, but will not necessarily know why.” Mr. Fogg said the issue could also affect users who have limits on the amount of material they can send and receive each month. Some users may incur financial penalties from their internet service provider for breaking the terms and conditions for using their broadband connection. http://www.guardian.co.uk/technology/2007/jul/30/news.digitalvideo

ADMISSIBILITY OF E-MAILS CRITICAL FOR SUCCESS ON SUMMARY JUDGMENT (Duane Morris client alert, 31 July 2007) - Ensuring that e-mails are admissible as evidence in support of a motion for summary judgment may be vital to the success of the motion. In Lorraine v. Markel American Insurance Co., the U.S. District Court for the District of Maryland denied Motions for Summary Judgment, without prejudice to re-file, based on each party’s failure to ensure the admissibility of their proposed e-mail evidence in support of their petitions to enforce an arbitrator’s award. Chief Magistrate Judge Paul W. Grimm’s opinion provides a detailed and thoughtful approach to the necessity of ensuring that e-mails are admissible evidence for summary judgment under Federal Rule of Civil Procedure 56(e) as well as at trial. Whether Electronically Stored Information (“ESI”) is admissible depends on an analysis of the applicability of a number of Federal Rules of Evidence: relevance (Rule 401), authenticity (Rule 901(a)), hearsay covered by an exception (Rules 801, 803, 804 and 807), originals or duplicates (Rules 1001-1008), and whether the probative value outweighs the possible prejudice (Rule 403). In making the analysis, the Court directed particular attention to the parties’ failure to attempt any authentication of the critical e-mails. The party offering the document into evidence need only make a prima facie showing of the authenticity of the document. The Court noted that while the standard is relatively low, counsel often fail to meet even this “minimal showing.” Judge Grimm referred to this omission as a “self-inflicted injury which can be avoided by thoughtful advance preparation.” Judge Grimm’s opinion relies on newly amended Federal Rules of Evidence and provides guidelines for the admission of ESI, including authentication and overcoming hearsay objections. Internet website postings and chat rooms create unique obstacles to authentication, since these sites often consist of postings of third parties that may not be within the control of the sponsor of the website. The authentication issues focus on whether the exhibit accurately reflects the web posting and whether the owner is actually responsible for the postings. http://www.duanemorris.com/alerts/alert2578.html

LAWYERS FIND REAL REVENUE IN VIRTUAL WORLD (Law.com, 31 July 2007) - Stevan Lieberman, an intellectual property partner with the D.C. boutique of Greenberg & Lieberman, was hanging around the office when Justin Davis, a businessman, contacted him for advice on trademark law. Davis owns a jewelry store and he wanted Lieberman to make sure his store name wasn’t taken by someone else. Turns out, it was. So Lieberman helped him pick a new name, JCNY Collection, and trademark it. Pretty standard day at the office, you might say. Except for one thing: The jewelry store in question doesn’t really exist. Nor does the jewelry - at least not in the realm of traditional Newtonian physics. And although Lieberman has an actual law office, that isn’t where Davis found him. Instead, Davis saw Lieberman’s law firm ad in a place far removed from Washington, a place that only exists as an endless stream of ones and zeroes. Not long ago, when lawyers spoke of “virtual law firms” or the “paperless office,” they meant being able to share electronic documents and hold video teleconferences. Here, the whole office disappears, or at least is radically transformed, into computer code, along with the people, furniture, conference rooms, copying machines - everything, in fact, except for the bad coffee. Don’t misunderstand. Stevan Lieberman is a real-life attorney, and he does practice intellectual property law at a real D.C. firm called Greenberg & Lieberman. It’s just that he and his firm have opted to expand into the relatively uncharted territory of Second Life, an online simulated universe with more than 8 million users - and growing. Take that, DLA Piper. And while Second Life might initially seem like make-believe or child’s play, the firm is filing real trademark applications, landing real clients and making real money through the virtual world. By Lieberman’s reckoning, the firm has pulled in nearly $20,000 in revenue from its Second Life office in the past year. Not exactly enough to make the D.C. 20, but impressive, given that overhead is almost nil. The office is staffed by attorneys, sort of. Every living, breathing person who enters Second Life acquires an alter ego, a digital character called an avatar that can look like pretty much anything. Short, tall, muscular, thin, hot-pink hair. You can even have wings or fur in Second Life, and no one will look at you twice. Lieberman’s avatar, “Navets Potato,” went through several incarnations, including a floating head covered in flames. And a friend of his created an avatar that looks like a bowl of jelly. “It’s really funny to watch it talk,” he says. “You can do anything as far as your imagination goes.” http://www.law.com/jsp/legaltechnology/pubArticleLT.jsp?id=1185820702695&rss=newswire

CT RULES ATTORNEYS HAVE DUTY TO WHITE LIST COURT EMAIL (BNA’s Internet Law News, 2 August 2007) - BNA’s Electronic Commerce & Law Report reports that a federal court in Colorado has ruled that attorneys have a duty to add courts to their spam filter whitelists. The court said that adding the courts to an approved “whitelist” to circumvent a filter is easy to do, and should be done by lawyers as a matter of course. The court said that lawyers who choose not to allow court e-mails will not be granted leniency when important e-mails are blocked. Case name is Pace v. United Servs. Auto. Ass’n.

CAROLINA COURT LAYS DOWN THE LAW ON CHATTEL RUSTLING (Steptoe & Johnson’s E-Commerce Law Week, 2 August 2007) - Another court has ruled that the common law tort of trespass to chattels applies in the cyber realm. In Burgess v. American Express Company Inc., a North Carolina court found that Burgess’ allegations that advertisers had “damaged his computer and invaded his property” by using programs to “illegally place unwanted ‘pop-up’ advertisements on his computer” stated a “viable claim” for trespass to chattels. The court noted that Burgess’ amended complaint successfully alleged the two elements of trespass to chattels required under North Carolina common law: “(1) actual or constructive possession of the ... goods in question at the time of the trespass; and (2) unauthorized, unlawful interference or dispossession of the property.” http://www.steptoe.com/publications-4730.html

CALIFORNIAN CAN BE SUED IN N.J. FOR ALLEGED LIBEL ON INTERNET (Law.com, 6 August 2007) - New Jersey’s long-arm jurisdiction over Internet disputes just got a little longer. A state appeals court ruled Thursday that a California resident accused of making libelous statements in a Web-based forum can be sued in New Jersey because the material was “targeted” toward a New Jersey audience. Many state courts have ruled that posting libelous material in open forums that can be seen everywhere does not vest jurisdiction in the victim’s state. Where the libeler posts the comments is what counts. But in Goldhaber v. Kohlenberg, A-5114-05, the allegedly libelous material was not only directed at a New Jersey resident; it included disparaging or insulting references to a town, a police department and the New Jersey resident’s neighbors. Given such targeting, the defendant had reason to foresee he would be hauled into court in New Jersey, Judge Dorothea Wefing said, joined by Judges Lorraine Parker and Joseph Yannotti. http://biz.yahoo.com/law/070806/9ccf743ee1ba9dc69b3f44d7f25d9ec0.html Decision at http://pdfserver.amlaw.com/nj/Goldhaber.pdf

JUDGE BLOCKS CALIF. BAN ON SELLING VIOLENT VIDEO GAMES TO MINORS (SiliconValley.com, 6 August 2007) - A federal judge on Monday blocked a new state law that would have prohibited the sale of violent video games to children. U.S. District Court Judge Ronald Whyte found that the law was unconstitutional, echoing a recent string of rulings in other states where similar laws were struck down after challenges by video game industry groups. The law prohibits the sale or rental of violent video games to anyone under the age of 18 and requires that such games be clearly labeled. Retailers who violated the act would be fined up to $1,000 for each violation. Gov. Arnold Schwarzenegger, who signed the law in 2005, vowed to appeal. “Many of these games are made for adults and choosing games that are appropriate for kids should be a decision made by their parents,” Schwarzenegger said in a statement. “I will vigorously defend this law and appeal it to the next level.” The law had been on hold since the video game industry’s Video Software Dealers Association and Entertainment Software Association sued California officials, asking that it be overturned on the grounds that such games are protected forms of expression under the First Amendment. http://www.siliconvalley.com//ci_6559323?IADID=Search-www.siliconvalley.com-www.siliconvalley.com

VOTE-SWAPPING WEB SITES ARE LEGAL, APPEALS COURT (FINALLY) SAYS (Wired, 6 August 2007) - It took seven years, but a federal appeals court has finally vindicated the creators of vote-swapping Web sites that let Al Gore and Ralph Nader fans support their chosen candidates in the 2000 presidential election. The purpose of the sites, which included the now-defunct voteswap2000.com and votexchange2000.com, was to let a Nader supporter in a state where George Bush might win “swap” his vote with a Gore supporter in a state like Texas where Republican victory was practically assured. There was no actual way to enforce the swap. But the killjoys who inhabit government bureaucracies were nevertheless unamused and came up with the bizarre claim that operating a vote-swap site was a criminal act. California Secretary of State Bill Jones even threatened to prosecute voteswap2000.com and votexchange2000.com (which immediately shut their virtual doors in response). Fortunately, the site operators-Alan Porter, Patrick Kerr, Steven Lewis, and William Cody-had the means to force the issue and take the state of California to court. They met with little luck before a federal district judge. But on Monday, the 9th U.S. Circuit Court of Appeals ruled that “the websites’ vote-swapping mechanisms as well as the communication and vote swaps they enabled were constitutionally protected” and California’s spurious threats violated the First Amendment. The 9th Circuit did not decide whether the threats violated the U.S. Constitution’s Commerce Clause. Here’s the key graf: “Both the websites’ vote-swapping mechanisms and the communication and vote swaps that they enabled were...constitutionally protected. At their core, they amounted to efforts by politically engaged people to support their preferred candidates and to avoid election results that they feared would contravene the preferences of a majority of voters in closely contested states. Whether or not one agrees with these voters’ tactics, such efforts, when conducted honestly and without money changing hands, are at the heart of the liberty safeguarded by the First Amendment.” http://news.com.com/8301-10784_3-9755958-7.html?part=rss&subj=news&tag=2547-1_3-0-5 Decision at http://www.ca9.uscourts.gov/ca9/newopinions.nsf/CDA37DE3FAC4A07F8825732F005897FF/$file/0655517.pdf?openelement

SPAM CASE TOSSED; PLAINTIFF MUST PAY $111K (Computerworld, 8 August 2007) - A U.S. District Court has ordered a Washington state man who sued spammers under the CAN-SPAM Act and lost his case to pay the legal fees of the defendants. In its decision released last week, the U.S. District Court for the Western District of Washington at Seattle ordered the plaintiff, James Gordon, owner of Omni Innovations LLC, to pay $111,440 to Virtumundo Inc. in Overland Park, Kan. In May, the court ruled against Gordon, saying that he and other recipients of spam have no standing under the federal CAN-SPAM Act because they have not been “adversely affected” within the meaning of the law. The court said the recipient of the spam must be adversely affected in the same way that an Internet service provider would be, meaning he would have problems such as network and bandwidth slowdowns, greater demands on personnel or require new equipment. “I believe this ruling represents the first time that a CAN-SPAM plaintiff has been ordered to pay attorneys’ fees and costs to a defendant,” said Eric Goldman, assistant professor and director of the High Tech Law Institute at the Santa Clara University School of Law, in as blog. “As a result, it’s a leading example that courts can and do grow tired of bogus antimarketing lawsuits, and perhaps it will serve as an expensive warning to CAN-SPAM plaintiffs to ensure the merits of their lawsuit.” http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9029679&intsrc=hm_list

DOUBTS ARISE OVER FATE OF BREATHALYZER SOURCE CODE IN MINN. CASE (CNET, 10 August 2007) - An attorney for a Minnesota man accused of drunken driving says he doesn’t think the manufacturer of a breathalyzer will meet a court-imposed deadline of August 17 to turn over its source code. If that happens, his client could go free. As CNET News.com reported earlier this week, the Minnesota Supreme Court ruled late last month that source code for the Intoxilyzer 5000EN, made by a Kentucky-based company called CMI, must be handed to defense attorneys for use in a case involving charges of third-degree DUI against a man named Dale Lee Underdahl. CMI’s historic resistance to such demands has led to charges being dropped in at least one case outside of Minnesota. In this case, the high court concluded that language in the contract between CMI and the state indicates the source code belongs by extension to Minnesota, rejecting the state public safety commissioner’s earlier argument that the state was not entitled to the code because of its confidential, copyrighted and proprietary nature. The decision effectively means it’s now up to the state to do what it takes to enforce that contract-including suing the company, if necessary. http://news.com.com/Doubts+arise+over+fate+of+breathalyzer+source+code+in+Minn.+case/2100-7348_3-6202038.html?tag=nefd.top

NOVELL WINS RIGHTS TO UNIX COPYRIGHTS (Computerworld, 11 August 2007) - A judge in the U.S. District Court for the District of Utah, Central Division, found that Novell is the owner of the Unix and UnixWare copyrights, dismissing SCO’s charges of slander and breach of contract. The judge also ruled that SCO owes Novell for SCO’s licensing revenue from Sun Microsystems Inc. and Microsoft Corp. SCO is obligated to pass through to Novell a portion of that revenue, the judge said. In the ruling, the judge said SCO must pay Novell, but the amount will be determined in a trial, said Pamela Jones, founder and editor of Groklaw, a Web site that follows legal issues related to open-source software. In another major blow to SCO, the judge said that because Novell is the owner of the Unix copyrights, it can direct SCO to revoke its copyright-infringement claims against IBM Corp. and Sequent. Novell has done so already, but SCO has not honored that direction. “SCO can’t sue IBM for copyright infringement on copyrights it doesn’t own,” Jones said. The ruling is good news for organizations that use open-source software products, said Jim Zemlin, executive director of The Linux Foundation. “From the perspective of someone who is adopting open-source solutions to run in the enterprise, it proves to them that the industry is going to defend the platform, and that when organizations attack it from a legal perspective, that the industry collectively will defend it,” he said. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9030298&source=rss_topic146

CONGRESS SAYS ATTORNEY GENERAL CAN’T BE TRUSTED, EXPANDS HIS AUTHORITY TO ENGAGE IN WARRANTLESS WIRETAPPING. HUH? (Steptoe & Johnson’s E-Commerce Law Week, 11 August 2007) - Who would have thought it. In recent weeks the Attorney General has been under fire from members of Congress - mostly Democrats, but also some Republicans - for allegedly misleading Congress about the NSA’s warrantless wiretapping program, his knowledge of the FBI’s abuse of National Security Letters, and his involvement in the firing of U.S. Attorneys. Nevertheless, Congress saw fit to amend the Foreign Intelligence Surveillance Act (FISA) in a way that greatly expands the power of the self-same Attorney General - along with the Director of National Intelligence - to wiretap the communications of Americans within the United States without a warrant. The law, signed by the President on August 5, actually expands the warrantless wiretapping program that the government terminated in January, since the new law is not limited to suspected terrorists. The only limitation of this new authority is that the Attorney General and DNI must certify that the surveillance is “directed at” a person “reasonably believed” to be outside the United States and that a “significant purpose” of the surveillance is to collect “foreign intelligence.” If so, then no court order is needed, even if the other party to the conversation is a U.S. citizen located in the United States and the wiretap takes place in the United States. Congress did reject a provision that would have retroactively immunized communications providers from any legal liability for assistance they provided to the government after September 11, 2001 (though the law does provide immunity for any assistance going forward). Also, the new authority has a six-month sunset, and many Democrats are already calling for legislative changes. But one thing should be clear nearly six years since the enactment of the USA PATRIOT Act - once new powers have been granted to the government, Congress is unlikely to pull them back substantially even with the help of an automatic sunset provision. As Tevye might have put it: “Sunset, sunrise.” http://www.steptoe.com/publications-4761.html

GOOGLE’S PHOTOS OF SYDNEY GO ALL FUZZY (Sydney Morning Herald, 13 August 2007) - Much of Sydney’s CBD as it appears in the satellite images on Google Maps Australia has been fuzzed out, just weeks before the APEC summit. Google says the imagery was downgraded as a result of a “commercial issue” with a supplier, but the move has aroused speculation it was done at the request of police in order to minimise the risk of a terrorist attack during the September summit, where Sydney will play host to 21 world leaders including U.S. President George W. Bush. Google has in the past been accused of censoring its maps due to national security concerns by governments, most recently in June when it updated its maps of Washington D.C. but maintained older, blurry images for most of the downtown area. Users of Google Maps Australia could previously zoom in for satellite views as close as 25m above the ground in much of Sydney, but now maps of the CBD are blurry even when zoomed out to 300m. Where users could once make out individual people, tree branches and garbage bin lids they can now only view vague outlines of objects. Curiously, the high-resolution satellite images, which were introduced as part of a Google Maps Australia upgrade earlier this year, appear to have been rolled back to lower quality versions for the Sydney CBD only, and not for suburbs like Bondi Beach and Point Piper. http://www.smh.com.au/news/web/fuzzy-photos-over-sydney/2007/08/13/1186857396182.html

DOD EXPANDS ENCRYPTION MANDATE (FCW.com, 13 August 2007) - The Defense Department has tightened its rules for protecting sensitive but unclassified information. In what likely is the first time in government, DOD’s chief information officer, John Grimes, is requiring DOD to encrypt all sensitive but unclassified data stored on mobile devices. Grimes’ July 3 memo mandates that such data stored on mobile devices must be encrypted in compliance with the National Institute of Standards and Technology’s Federal Information Processing Standard 140-2. The term mobile devices describes laptop PCs, personal digital assistants and removable storage media, such as thumb drives and compact discs. The memo is more than just a reminder to DOD employees to encrypt sensitive information and comply with the Office of Management and Budget policy, said Dave Wennergren, DOD’s deputy CIO. “It mandates encryption not only for high-impact, personally identifiable information records, but for all nonpublicly released information that is contained on mobile computing devices and removable storage media.” http://www.fcw.com/article103467-08-13-07-Print

RELEASING INFORMATION ON COMPANY WEBSITES: SUN BREAKS NEW GROUND (TheCorporateCounsel.net blog, 14 August 2007) - Last Fall, Sun Microsystems CEO Jonathan Schwartz asked the SEC to consider allowing companies to use their websites, including blogs on their websites, as a means for satisfying public disclosure obligations under Regulation FD. In what had to have been an SEC first, Chairman Cox responded to the request by posting his letter as a comment to Jonathan Schwartz’s Blog. While by no means definitive, the Chairman’s response certainly opened the door to a dialogue about whether the public disclosure requirement of Regulation FD could be satisfied through a company’s website. The Chairman’s openness on this issue echoed the SEC’s reaction to the same question way back in 2000, when Regulation FD was originally adopted. In the adopting release for Regulation FD, the SEC indicated that “[a]s technology evolves and as more investors have access to and use the Internet, however, we believe that some issuers, whose websites are widely followed by the investment community, could use such a method. Moreover, while the posting of information on an issuer’s website may not now, by itself, be a sufficient means of public disclosure, we agree with commenters that issuer websites can be an important component of an effective disclosure process. Thus, in some circumstances an issuer may be able to demonstrate that disclosure made on its website could be part of a combination of methods, ‘reasonably designed to provide broad, non-exclusionary distribution’ of information to the public.” It now looks like Sun is going forward with a website-based approach to disseminating its earnings release, although it will not use the company’s website as the exclusive means for disseminating this information. As described in Jonathan Schwartz’s blog, Sun simultaneously posted its July 30th earnings release on the company’s website, disseminated that information to subscribers through RSS feeds, and filed a Form 8-K with the SEC. Ten minutes after the internet publication and SEC filing, Sun distributed the information through the traditional news wires. Schwartz argues that this approach “will place, for the first time, the general investing public - those with a web browser or a cell phone - on the same footing as those with access to private subscription services.” http://www.thecorporatecounsel.net/blog/archive/001551.html

TEMP JUDGE FIRED OVER MYSPACE POST (ABA Journal, 14 August 2007) - A temporary “pro tem” judge in North Los Vegas has lost his job over a post on his personal MySpace page that was reportedly hostile to prosecutors and used graphic language. Criminal defense attorney Jonathan MacArthur, 34, was substituting for another judge in North Law Vegas Justice Court, until his MySpace page caught the attention of Clark County’s top prosecutor. The Web site, to which MacArthur has since restricted access, not only included a comment that was hostile to prosecutors but also included “a graphic phrase that he said was common ‘among blacks, people who associate with blacks or in a sports context,’ “ reports the Associated Press. “He has displayed a bias against prosecutors. Therefore, I do not feel the state of Nevada would get a fair shake by him,” said District Attorney David Roger. He planned to file a motion seeking to have MacArthur recused from all criminal cases if he remained a temporary judge. MacArthur, who reportedly may seek election as a judge, said he would, with the benefit of hindsight, have opted not to put up the controversial comment. However, it was intended to provoke discussion rather than to be taken at face value, he said. “It’s obvious to the casual reader this is an overstatement just for the effect.” http://www.abajournal.com/weekly/temp_judge_fired_over_myspace_post

OUR LIVES, CONTROLLED FROM SOME GUY’S COUCH (New York Times, 14 August 2007) - Until I talked to Nick Bostrom, a philosopher at Oxford University, it never occurred to me that our universe might be somebody else’s hobby. I hadn’t imagined that the omniscient, omnipotent creator of the heavens and earth could be an advanced version of a guy who spends his weekends building model railroads or overseeing video-game worlds like the Sims. But now it seems quite possible. In fact, if you accept a pretty reasonable assumption of Dr. Bostrom’s, it is almost a mathematical certainty that we are living in someone else’s computer simulation. This simulation would be similar to the one in “The Matrix,” in which most humans don’t realize that their lives and their world are just illusions created in their brains while their bodies are suspended in vats of liquid. But in Dr. Bostrom’s notion of reality, you wouldn’t even have a body made of flesh. Your brain would exist only as a network of computer circuits. You couldn’t, as in “The Matrix,” unplug your brain and escape from your vat to see the physical world. You couldn’t see through the illusion except by using the sort of logic employed by Dr. Bostrom, the director of the Future of Humanity Institute at Oxford. Dr. Bostrom assumes that technological advances could produce a computer with more processing power than all the brains in the world, and that advanced humans, or “posthumans,” could run “ancestor simulations” of their evolutionary history by creating virtual worlds inhabited by virtual people with fully developed virtual nervous systems. Some computer experts have projected, based on trends in processing power, that we will have such a computer by the middle of this century, but it doesn’t matter for Dr. Bostrom’s argument whether it takes 50 years or 5 million years. If civilization survived long enough to reach that stage, and if the posthumans were to run lots of simulations for research purposes or entertainment, then the number of virtual ancestors they created would be vastly greater than the number of real ancestors. There would be no way for any of these ancestors to know for sure whether they were virtual or real, because the sights and feelings they’d experience would be indistinguishable. But since there would be so many more virtual ancestors, any individual could figure that the odds made it nearly certain that he or she was living in a virtual world. The math and the logic are inexorable once you assume that lots of simulations are being run. But there are a couple of alternative hypotheses, as Dr. Bostrom points out. One is that civilization never attains the technology to run simulations (perhaps because it self-destructs before reaching that stage). The other hypothesis is that posthumans decide not to run the simulations. “This kind of posthuman might have other ways of having fun, like stimulating their pleasure centers directly,” Dr. Bostrom says. “Maybe they wouldn’t need to do simulations for scientific reasons because they’d have better methodologies for understanding their past. It’s quite possible they would have moral prohibitions against simulating people, although the fact that something is immoral doesn’t mean it won’t happen.” Dr. Bostrom doesn’t pretend to know which of these hypotheses is more likely, but he thinks none of them can be ruled out. “My gut feeling, and it’s nothing more than that,” he says, “is that there’s a 20 percent chance we’re living in a computer simulation.” My gut feeling is that the odds are better than 20 percent, maybe better than even. I think it’s highly likely that civilization could endure to produce those supercomputers. And if owners of the computers were anything like the millions of people immersed in virtual worlds like Second Life, SimCity and World of Warcraft, they’d be running simulations just to get a chance to control history — or maybe give themselves virtual roles as Cleopatra or Napoleon. It’s unsettling to think of the world being run by a futuristic computer geek, although we might at last dispose of that of classic theological question: How could God allow so much evil in the world? For the same reason there are plagues and earthquakes and battles in games like World of Warcraft. Peace is boring, Dude. [Editor: There’s more, and it’s thought provoking. Reminds me of claims in the 1970s that AI would be “right-around-the-corner”, and we’re still waiting. But, this sure would explain lots of things: recent election results, why the financial markets behave as they do, etc.] http://www.nytimes.com/2007/08/14/science/14tier.html?ex=1344744000&en=22bfff4070a81187&ei=5090&partner=rssuserland&emc=rss

KNOWLEDGE NETWORKS PAYS $300,000 TO SETTLE INTERNAL COPYRIGHT COMPLAINT (InfoWorld, 16 August 2007) - Analyst firm Knowledge Networks has agreed to pay $300,000 to settle a complaint that it distributed news articles to its employees without permission of the copyright owners, a trade group announced Thursday. The Knowledge Networks settlement is the first under the Software & Information Industry Association’s Corporate Content Anti-Piracy Program, launched in October. Knowledge Networks’ marketing group had been distributing press packets to some employees on a regular basis, the SIIA said. Those packets contained articles under copyright and owned by SIIA members such as the Associated Press, United Press International, and publishing company Reed Elsevier, the trade group said. SIIA litigation counsel Scott Bain called Knowledge Networks a “reputable company that made a very costly mistake.” One of SIIA’s goals for the settlement is to deter copyright infringement and educate other companies about the need for compliance programs, he said. A Knowledge Networks spokesman declined to talk about the case in detail. “We are happy the matter has been resolved amicably,” said spokesman Dave Stanton. Knowledge Networks, based in Menlo Park, Calif., has agreed to take steps to avoid further problems, including sending its staff to an SIIA copyright course, SIIA said. http://www.infoworld.com/article/07/08/16/Firm-settles-internal-copyright-complaint_1.html

CIA, FBI COMPUTERS USED FOR WIKIPEDIA EDITS (Reuters, 16 August 2007) -People using CIA and FBI computers have edited entries in the online encyclopedia Wikipedia on topics including the Iraq war and the Guantanamo prison, according to a new tracing program. The changes may violate Wikipedia's conflict-of-interest guidelines, a spokeswoman for the site said on Thursday. The program, WikiScanner, was developed by Virgil Griffith of the Santa Fe Institute in New Mexico and posted this month on a Web site that was quickly overwhelmed with searches. The program allows users to track the source of computers used to make changes to the popular Internet encyclopedia where anyone can submit and edit entries. WikiScanner revealed that CIA computers were used to edit an entry on the U.S.-led invasion of Iraq in 2003. A graphic on casualties was edited to add that many figures were estimated and were not broken down by class. Another entry on former CIA chief William Colby was edited by CIA computers to expand his career history and discuss the merits of a Vietnam War rural pacification program that he headed. Aerial and satellite images of the U.S. prison for terrorism suspects at Guantanamo Bay, Cuba, were removed using a computer traced to the FBI, WikiScanner showed. http://news.yahoo.com/s/nm/20070816/wr_nm/security_wikipedia_dc_3;_ylt=Ahm_hF72IHIKoigXFqWhXa0E1vAI

***** RESOURCES *****
UNDERSTANDING THE SECURITY RULE IN HIPAA (ABA Publications; $80) - The Security Rule focuses on health information in electronic form. In specific, the Security Rule is designed to protect the integrity, confidentiality, and availability of electronic Protected Health Information (ePHI). The Security Rule requires entities covered by HIPAA (called “Covered Entities” here) to implement reasonable and appropriate administrative, physical, and technical safeguards to protect ePHI. These safeguards must secure ePHI while in the custody of Covered Entities, as well as in transit between such Covered Entities and others. Such safeguard must be adequate to ensure the confidentiality of the information. They must also protect against any reasonably anticipated threats and hazards to the security and integrity of the ePHI, and protect against unauthorized use or disclosure of ePHI. Therefore, assessing and managing risks are the primary challenges in HIPAA security compliance. http://www.abanet.org/abastore/index.cfm?section=main&fm=Product.AddToCart&pid=5450048

SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu.
2. Edupage, http://www.educause.edu/pub/edupage/edupage.html.
3. SANS Newsbites, sans@sans.org.
4. NewsScan and Innovation, http://www.newsscan.com.
5. Internet Law & Policy Forum, http://www.ilpf.org.
6. BNA’s Internet Law News, http://ecommercecenter.bna.com.
7. Crypto-Gram, http://www.schneier.com/crypto-gram.html.
8. McGuire Wood’s Technology & Business Articles of Note, http://tinyurl.com/ywsusp
9. Steptoe & Johnson’s E-Commerce Law Week, www.steptoe.com
10. Readers’ submissions, and the editor’s discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/us/ or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.