Saturday, September 29, 2007

MIRLN - Misc. IT Related Legal News [9-29 September 2007; v10.13]

**************Introductory Note**********************

MIRLN (Misc. IT Related Legal News) is a free product of the American Bar Association’s Cyberspace Law Committee and Dickinson Wright PLLC. Dickinson Wright’s IT & Security Law practice group is described at http://tinyurl.com/joo5y.

Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at http://www.abanet.org/dch/committee.cfm?com=CL320000 (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley (vpolley@REMOVETHISSTRINGvip-law.com) with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN editions are archived at www.vip-law.com and blogged at http://mirln.blogspot.com/.

**************End of Introductory Note***************

GREECE FINES ERICSSON HELLAS IN TAPPING CASE (Reuters, 6 Sept 2007 - Greece’s privacy watchdog has fined the Greek unit of telecom equipment maker Ericsson more than 7 million euros over a wiretapping scandal that rocked the country last year. In 2006 the Greek government revealed that more than 100 people, including the prime minister, senior ministers, journalists and activists, had their mobile phones tapped for about a year around the Athens 2004 Olympics. “The Hellenic Authority for Information and Communication Security and Privacy (ADAE) decided to fine Ericsson Hellas 7.36 million euros ($10 million) in relation to the wiretap issue,” ADAE said in a statement released late on Wednesday. It gave no further details. ADAE has said Ericsson Hellas’s equipment was used in the phone tapping. Ericsson Hellas said it planned to appeal the decision. In December 2006 ADAE also fined the Greek unit of Vodafone (VOD.L: Quote, Profile, Research) 76 million euros for a “number of infringements attributed to the company”, also without giving details. Vodafone Hellas has rejected the decision, saying it considers the fine illegal and is appealing the decision. The bugged phones were found to have been tapped mostly before and during the Athens Games by unknown eavesdroppers. The case became public after Vodafone Greece informed the government of its concerns when it suspected its equipment was being used. The government went public with the case almost a year after it was informed by Vodafone, prompting questions in the media about whether foreign intelligence services were involved. At the time, the Greek government said Ericsson-supplied software was used to tap phones from June 2004 until March 2005. Calls were relayed to unknown destinations via four mobile phone antennas in central Athens. The bugging stopped when Vodafone Greece discovered the software and removed it from the system. http://www.reuters.com/article/technology-media-telco-SP/idUSL0682035520070906?pageNumber=1&sp=true [Editor: Excellent technical discussion of the yet-unsolved wiretapping techniques employed: http://www.spectrum.ieee.org/jul07/5280]

SHUTTING DOWN BIG DOWNLOADERS (Washington Post, 7 Sept 2007) - The rapid growth of online videos, music and games has created a new Internet sin: using it too much. Comcast has punished some transgressors by cutting off their Internet service, arguing that excessive downloaders hog Internet capacity and slow down the network for other customers. The company declines to reveal its download limits. “You have no way of knowing how much is too much,” said Sandra Spalletta of Rockville, whose Internet service was suspended in March after Comcast sent her a letter warning that she and her teenage son were using too much bandwidth. They cut back on downloads but were still disconnected. She said the company would not tell her how to monitor their bandwidth use in order to comply with the limits. http://www.washingtonpost.com/wp-dyn/content/article/2007/09/06/AR2007090602545.html

- and -

YOUR LOSS OF PRIVACY IS A PACKAGE DEAL (L.A. Times, 12 Sept 2007) - The all-you-can-eat packages of voice, video and Internet services offered by phone and cable companies may be convenient, but they represent a potentially significant threat to people’s privacy. Take, for example, Time Warner Cable, which has about 2 million customers in Southern California. The company offers a voice-video-Net package called “All the Best” for $89.85 for the first 12 months. But for anyone who has the wherewithal to read Time Warner’s 3,000-word California privacy policy, you discover that not only does the company have the ability to know what you watch on TV and whom you call, but also that it can track your online activities, including sites you visit and stuff you buy. Remember all the fuss when it was revealed last year that Google Inc. kept voluminous records of people’s Web searches, and that federal authorities were demanding a peek under the hood? Multiply that privacy threat by three. Internet, TV, phone - it’s hard to imagine a more revealing glimpse of your private life. “All your eggs are in one communications basket,” said Beth Givens, director of the Privacy Rights Clearinghouse in San Diego. “If a company wants to, it can learn a great deal about you - and it probably wants to.” More often than not, it’ll also want to turn a fast buck by selling at least a portion of that info to marketers. All leading telecom companies are aggressively pushing these bundled service plans after investing billions of dollars in high-speed digital networks. For consumers, the upside is often a hefty savings compared with acquiring the same services from multiple providers. The downside is that you’re making intimate details of virtually all your network activities available to a single company - and possibly government officials. Earlier this month, a federal judge shot down a section of the USA Patriot Act that allowed warrantless access to telecom companies’ databases. He didn’t seem impressed that few phone companies and Internet providers had fought government efforts to get consumers’ data. http://www.latimes.com/business/la-fi-lazarus12sep12,0,7306749.column?coll=la-home-center

F.B.I. DATA MINING REACHED BEYOND INITIAL TARGETS (New York Times, 9 Sept 2007) - The F.B.I. cast a much wider net in its terrorism investigations than it has previously acknowledged by relying on telecommunications companies to analyze phone-call patterns of the associates of Americans who had come under suspicion, according to newly obtained bureau records. The documents indicate that the Federal Bureau of Investigation used secret demands for records to obtain data not only on individuals it saw as targets but also details on their “community of interest” — the network of people that the target was in contact with. The bureau stopped the practice early this year in part because of broader questions raised about its aggressive use of the records demands, which are known as national security letters, officials said. The community of interest data sought by the F.B.I. is central to a data-mining technique intelligence officials call link analysis. Since the attacks of Sept. 11, 2001, American counterterrorism officials have turned more frequently to the technique, using communications patterns and other data to identify suspects who may not have any other known links to extremists. The concept has strong government proponents who see it as a vital tool in predicting and preventing attacks, and it is also thought to have helped the National Security Agency identify targets for its domestic eavesdropping program. But privacy advocates, civil rights leaders and even some counterterrorism officials warn that link analysis can be misused to establish tenuous links to people who have no real connection to terrorism but may be drawn into an investigation nonetheless. Typically, community of interest data might include an analysis of which people the targets called most frequently, how long they generally talked and at what times of day, sudden fluctuations in activity, geographic regions that were called, and other data, law enforcement and industry officials said. The bureau had declined to discuss any aspect of the community of interest requests because it said the issue was part of an investigation by the Justice Department inspector general’s office into national security letters. An initial review in March by the inspector general found widespread violations in the F.B.I.’s use of the letters, but did not mention the use of community of interest data. The scope of the demands for information could be seen in an August 2005 letter seeking the call records for particular phone numbers under suspicion. The letter closed by saying: “Additionally, please provide a community of interest for the telephone numbers in the attached list.” The requests for such data showed up a dozen times, using nearly identical language, in records from one six-month period in 2005 obtained by a nonprofit advocacy group, the Electronic Frontier Foundation, through a Freedom of Information Act lawsuit that it brought against the government. The F.B.I. recently turned over 2,500 pages of documents to the group. The boilerplate language suggests the requests may have been used in many of more than 700 emergency or “exigent” national security letters. Earlier this year, the bureau banned the use of the exigent letters because they had never been authorized by law. A federal judge in Manhattan last week struck down parts of the USA Patriot Act that had authorized the F.B.I.’s use of the national security letters, saying that some provisions violated the First Amendment and the constitutional separation of powers guarantee. In many cases, the target of a national security letter whose records are being sought is not necessarily the actual subject of a terrorism investigation and may not be suspected at all. Under the Patriot Act, the F.B.I. must assert only that the records gathered through the letter are considered relevant to a terrorism investigation. Matt Blaze, a professor of computer and information science at the University of Pennsylvania and a former researcher for AT&T, said the telecommunications companies could have easily provided the F.B.I. with the type of network analysis data it was seeking because they themselves had developed it over many years, often using sophisticated software like a program called Analyst’s Notebook. “This sort of analysis of calling patterns and who the communities of interests are is the sort of things telephone companies are doing anyway because it’s central to their businesses for marketing or optimizing the network or detecting fraud,” said Professor Blaze, who has worked with the F.B.I. on technology issues. Such “analysis is extremely powerful and very revealing because you get these linkages between people that wouldn’t be otherwise clear, sometimes even more important than the content itself” of phone calls and e-mail messages, he said. “But it’s also very invasive. There’s always going to be a certain amount of noise,” with data collected on people who have no real links to suspicious activity, he said. Officials at other American intelligence agencies, like the National Security Agency and the Central Intelligence Agency, have explored using link analysis to trace patterns of communications sometimes two, three or four people removed from the original targets, current and former intelligence officials said. But critics assert that the further the links are taken, the less valuable the information proves to be. “Getting a computer to spit out a hundred names doesn’t have any meaning if you don’t know what you’re looking for,” said Michael German, a former F.B.I. agent who is now a lawyer for the American Civil Liberties Union. “If they’re telling the telephone company, ‘You do the investigation and tell us what you find,’ the relevance to the investigation is being determined by someone outside the F.B.I.” http://www.nytimes.com/2007/09/09/washington/09fbi.html?ex=1346990400&en=1b5857def0f51a89&ei=5090&partner=rssuserland&emc=rss

A MEDICAL PUBLISHER’S UNUSUAL PRESCRIPTION: ONLINE ADS (New York Times, 10 Sept 2007) - By some measures, the medical publishing world has met the advent of the Internet with a shrug, sticking to its time-honored revenue model of charging high subscription fees for specialized journals that often attract few, if any, advertisements. But now Reed Elsevier, which publishes more than 400 medical and scientific journals, is trying an experiment that stands this model on its head. Over the weekend it introduced a Web portal, www.OncologySTAT.com, that gives doctors free access to the latest articles from 100 of its own pricey medical journals and that plans to sell advertisements against the content. The new site asks oncologists to register their personal information. In exchange, it gives them immediate access to the latest cancer-related articles from Elsevier journals like The Lancet and Surgical Oncology. Prices for journals can run from hundreds to thousands of dollars a year. Elsevier hopes to sign up 150,000 professional users within the next 12 months and to attract advertising and sponsorships, especially from pharmaceutical companies with cancer drugs to sell. The publisher also hopes to cash in on the site’s list of registered professionals, which it can sell to advertisers. Mainstream publishers have wrestled for years with the question of how to charge for online content in a way that neither alienates potential readers nor cannibalizes their print properties. So far, few definitive answers have emerged. Reed Elsevier, which is based in London, is taking a risk that its readers will drop their paid subscriptions and switch allegiance to the new Web site, which will offer searches and full texts of the same content from the moment of publication. http://www.nytimes.com/2007/09/10/business/media/10journal.html?ex=1347076800&en=cf44a9765c793ac9&ei=5090&partner=rssuserland&emc=rss

CALIFORNIA ATTORNEY HAS DUTY TO SURRENDER CLIENT PROPERTY STORED IN ELECTRONIC FORM (Pike & Fisher, 10 September 2007) - The California State Bar’s ethics committee has concluded that an attorney must release to a former client electronic copies of e-mail, pleadings, discovery papers, and transactional documents, so long as these materials already exist in electronic form. — California State Bar Ethics Opinion No. 2007-174, 2007 ILRWeb (P&F) 2491 - DIGEST: An attorney is ethically obligated, upon termination of employment, promptly to release to a client, at the client’s request: (1) an electronic version of e-mail correspondence, because such items come within a category subject to release; (2) an electronic version of the pleadings, because such items too come within a category subject to release; (3) an electronic version of discovery requests and responses, because such items are subject to release as reasonably necessary to the client’s representation; (4) an electronic deposition and exhibit database, because such an item itself contains items that come within categories subject to release; and (5) an electronic version of transactional documents, because such items are subject to release as reasonably necessary to the client’s representation. The attorney’s ethical obligation to release any electronic items, however, does not require the attorney to create such items if they do not exist or to change the application (e.g., from Word (.doc) to WordPerfect (.wpd)) if they do exist. Prior to release, the attorney is ethically obligated to take reasonable steps to strip from each of these electronic items any metadata reflecting confidential information belonging to any other client.- Opinion at http://www.ilrweb.com/pfdocuments/ilrpdfs/calbarop2007-174.pdf

MOBILE PHONES HELP SECURE ONLINE BANKING (PC World, 11 Sept 2007) - Bank of America Corp. customers can now use their mobile phones to make online banking more secure. This option comes as part of a new service called SafePass, which was unveiled Monday by BofA. Customers will be able to sign up for SafePass to add an extra level of security for some banking transactions. The SafePass system, which uses authentication technology developed by VeriSign Inc., sends a six-digit code to the customer’s mobile phone. The code can be used only once, and it expires 10 minutes after being issued, making it harder for criminals to steal money from BofA accounts. BofA customers can require this SafePass code for certain types of online banking activity such as transferring large amounts of money or logging on from a new computer. SafePass works in conjunction with the SiteKey anti-phishing technology that BofA rolled out two years ago, said Mike Pennella, an e-commerce enterprise services executive with BofA. “This is really just another layer in our security strategy,” he said. Unlike SiteKey, however, SafePass is not a mandatory feature, Pennella added. SafePass will be available to BofA customers in most U.S. states this week, with California users coming online later this month and some northwestern U.S. customers getting service even later than that, Pennella said. Next year, the company will also begin offering a credit-card-sized card, built by Innovative Card Technologies Inc., that can be used to generate similar access codes without requiring a mobile phone. http://www.pcworld.com/printable/article/id,137057/printable.html#

GOOGLE DENIES OWNERSHIP OF USERS’ WORDS (CNET, 12 Sept 2007) - Google has denied suggestions that the terms and conditions for its Google Docs & Spreadsheets service mean that it owns any user’s content published in the application. Google Docs is part of the Google Apps platform, which offers a Web-based calendar, e-mail and document management system, and allows users to publish and share documents. The controversy centers on Google’s use of the word “public” in its terms and conditions for Google Docs. One clause states, “By submitting, posting or displaying Content on or through Google services which are intended to be available to the members of the public, you grant Google a worldwide, nonexclusive, royalty-free license to reproduce, adapt, modify, publish and distribute such content on Google services for the purpose of displaying, distributing and promoting Google services.” In response to the concerns raised, Google Australia issued a statement, which reads, “We don’t claim ownership or control over content in Google Docs & Spreadsheets, whether you’re using it as an individual or through Google Apps. http://www.news.com/2100-1030_3-6207535.html

CANADA SAYS NEW GOOGLE MAP COULD BREAK PRIVACY LAW (Reuters, 12 Sept 2007) - The Street View feature of Google Maps, with its close-up views of city streets and recognizable shots of people, could violate a Canadian law protecting individual privacy, officials said on Wednesday. Google Inc introduced street-level map views in May, giving web users a series of panoramic, 360-degree images of nine U.S. cities. Some of the random pictures feature people in informal poses who can clearly be identified. Canada’s Privacy Commissioner Jennifer Stoddart wrote to Google in early August asking for more details. She said if the Street View product were expanded to Canada without being amended, it could well violate privacy laws. The images were produced in partnership with Canadian firm Immersive Media Corp, which says it has taken similar street level pictures of major Canadian cities. Canadian law obliges businesses wishing to disclose personal information about individuals to first obtain their consent. Stoddart said pictures of people on Street View were clear enough to be considered personal information. http://news.yahoo.com/s/nm/20070912/wr_nm/google_dc_1;_ylt=Ao9STNwnCwpi3VbMSBYwXEgE1vAI

- and -

GOOGLE: WE HEAR (AND SEE A FUZZY RENDITION OF YOU), CANADA (Globe & Mail, 24 Sept 2007) - The man in charge of Google’s privacy policy says the Internet giant is working on a version of its controversial Street View service that won’t breach Canadian privacy rules, after federal privacy commissioner Jennifer Stoddart raised concerns about the service earlier this month. Peter Fleischer, Google’s global privacy counsel, said in an interview from Montreal on Monday the company understands Canada has “struck a different balance” than the U.S. has in terms of what is public and what is private, and that Google is sensitive to those differences. http://www.theglobeandmail.com/servlet/story/RTGAM.20070924.wgtgoogprivacy0924/BNStory/Technology/?page=rss&id=RTGAM.20070924.wgtgoogprivacy0924

ARTICLE 29 WORKING PARTY ADOPTS OPINION ON DEFINITION OF PERSONAL DATA (Hunton & Williams’ European Privacy & E-Commerce Alert, 13 Sept 2007) - On June 20, 2007, the Article 29 Working Party adopted Opinion 4/2007 providing guidance on a common understanding of the concept of personal data as defined in Directive 95/46/EC. The opinion analyzes each of the four elements of the definition of personal data, i.e., “any information”, “relating to”, “an identified or identifiable” and “natural person” with supporting examples taken from the practice of national DPAs. Finally, the opinion discusses situations in which national dat protection laws may apply to data that fall outside the scope of the definition set out in Directive 95/46/EC. This guidance will be used by the Article 29 Working Party in further work on identity management and on RFID. http://www.hunton.com/emailblast/pdfs/EMKT-1411EUPrivacyandE-CommerceAlertSept2007.pdf The full text of the opinion is available at: http://ec.europa.eu/justice_home/fsj/pri- vacy/docs/wpdocs/2007/wp136_en.pdf

TAPES CONTAINING PATIENT RECORDS STOLEN FROM U-M (Ann Arbor News, 13 Sept 2007) - More than 8,000 former and current patients of two clinics affiliated with the University of Michigan are being notified that computer tapes containing their personal information were stolen last weekend. The tapes contained patient records as a backup to a billing system. They were kept in a lock box in an administrative office at the U-M School of Nursing. The U-M is sending letters today Friday to 4,513 people whose patient records included their names, addresses and medical information used in billing. Another 4,072 people will receive a different version of the letter because their records also included their Social Security numbers, and U-M recommends they contact one of the three credit reporting agencies to place a fraud alert on their credit report. It is at least the third time over the past 12 months that U-M has notified patients, employees or former students that their personal information may have fallen into the wrong hands and could be used in identity theft scams. http://blog.mlive.com/annarbornews/2007/09/tapes_containing_patient_recor.html

JUSTICE SAYS NO TO PRIVATE PCS FOR TELEWORK (FCW.com 13 Sept 2007) - Because of security concerns, the Justice Department now forbids all employees from using their private PCs or digital assistants to access agency e-mail or other files, the department’s top information security officer has said. Previously, some Justice Department employees had been allowed to use their private personal computers for e-mailing, said Dennis Heretick, the Justice Department’s chief information security officer. Instead, the agency wants employees who telework or work at remote locations to use government-issued laptops, docking stations or Blackberries. Unlike employees’ personal devices, Justice can ensure that government-issued systems are fully encrypted and monitored. “My very strong recommendation is not to allow people to use home computers to telecommute unless you don’t care about the security of the information they’re working with,” said Heretick, speaking at the 2007 Telework Exchange Town Hall Meeting on Sept. 12. http://www.fcw.com/article103746-09-13-07-Web&printLayout

SEARCHING BY LAND, AIR AND THE WEB (New York Times, 16 Sept 2007) - At 6 a.m. last Friday, Andy Chantrill, a 25-year-old software designer, had just completed his 14th straight hour searching for Steve Fossett, the millionaire aviator and adventurer who vanished in northern Nevada on Sept. 3. But Mr. Chantrill had not been hiking the rugged countryside or flying over it in one of the many aircraft that have been looking for signs of the small plane that Mr. Fossett piloted without filing a flight plan. No, Mr. Chantrill was in his flat in Castle Donington, England, hunched over his laptop and scouring digital satellite images of parts of the 17,000-square-mile search area where officials believe Mr. Fossett’s plane probably crashed. Welcome to the new world of search and rescue. Two Internet giants, Amazon.com and Google, have joined forces to coordinate a “distributed search” on the Web where the latest satellite pictures are being examined by a volunteer army of more than 20,000 people around the world. The search is made possible by Amazon’s Mechanical Turk, an interactive Internet application that enables potentially large numbers of people to perform tasks online that are coordinated by computers. In the search for Mr. Fossett, Google has been providing satellite images of the search area which have been reduced to manageable size — quadrants representing 278 square feet, at a resolution that makes them appear as if the terrain is being viewed from a height of 1,500 feet. The images are then distributed to volunteers who have registered online to help with the search. Each image is reviewed by 10 volunteers, who have an hour to examine it on their computers. If they see nothing, they check a box and move on to the next image. If one of them spots something that merits closer scrutiny, the information is passed on to search coordinators in Nevada. Amazon first used its Mechanical Turk to assist a search operation earlier this year for James Gray, a renowned Microsoft computer scientist, who failed to return from what was to have been a daylong solo sailing trip to scatter his mother’s ashes in the Pacific Ocean west of San Francisco. He was never found, but the potential for the technology as a search tool for missing vehicles, aircraft and boats took hold among the scientists who helped. http://www.nytimes.com/2007/09/16/weekinreview/16basics.html?ex=1347595200&en=750904d25983ca92&ei=5090&partner=rssuserland&emc=rss

NEW YORK TIMES TO END PAID INTERNET SERVICE (Reuters, 18 Sept 2007) - The New York Times Co said on Monday it will end its paid TimesSelect Web service and make most of its Web site available for free in the hopes of attracting more readers and higher advertising revenue. TimesSelect will shut down on Wednesday, two years after the Times launched it, which charges subscribers $7.95 a month or $49.95 a year to read articles by columnists such as Maureen Dowd and Thomas Friedman. The trademark orange “T’s” marking premium articles will begin disappearing Tuesday night, said the Web site’s Vice President and General Manager Vivian Schiller. The move is an acknowledgment by The Times that making Web site visitors pay for content would not bring in as much money as making it available for free and supporting it with advertising. “We now believe by opening up all our content and unleashing what will be millions and millions of new documents, combined with phenomenal growth, that that will create a revenue stream that will more than exceed the subscription revenue,” Schiller said. Figuring out how to increase online revenue is crucial to the Times and other U.S. newspaper publishers, which are struggling with a drop in advertising sales and paying subscribers as more readers move online. “Of course, everything on the Web is free, so it’s understandable why they would want to do that,” said Alan Mutter a former editor at the San Francisco Chronicle and proprietor of a blog about the Internet and the news business called Reflections of a Newsosaur. “The more page views you have, the more you can sell,” he said. “In the immediate moment it’s a perfectly good idea.” Starting on Wednesday, access to the archives will be available for free back to 1987, and as well as stories before 1923, which are in the public domain, Schiller said. Users can buy articles between 1923 and 1986 on their own or in 10-article packages, the company said. Some stories, such as film reviews, will be free, she said. American Express will be the first sponsor of the opened areas on the site, and will have a “significant advertising presence” on the homepage and in the opinion and archives sections, the company said. http://news.yahoo.com/s/nm/20070918/wr_nm/newyorktimes_dc_4;_ylt=AqJqwBn0JJr3qQO7Rz99UTAE1vAI

PIRACY BRINGS $3.5 MILLION BSA FINE (PC World, 18 Sept 2007) - The Business Software Alliance has collected a record settlement of nearly US$3.5 million from an international media firm that was using unlicensed software, the trade group announced Tuesday. The settlement between BSA and the company, which BSA declined to name for legal reasons, followed a criminal complaint the trade group made on behalf of members Microsoft Corp., Adobe Systems Inc., Avid Technology Inc. and Autodesk Inc. The BSA complaint led to police raids on the company’s premises last year, the trade group said. BSA did its own investigation of the company’s software licenses and alleged copyright infringement. The settlement with the company requires it to delete all unlicensed software products and purchase the licenses for the software it plans to use. The large penalties were the result of an extended period of unlicensed software use, BSA said. “This situation came about because we relied on a single individual to keep us compliant and manage our software assets across multiple-locations during a period of significant expansion,” an unnamed source at the company said in a BSA news release. “The management were shocked at the scale of the situation and recognize that by having software management processes and tools in place this could have been avoided.” http://www.pcworld.com/article/id,137307-c,copyright/article.html

AMD WANTS INTEL TO RECOVER MISSING E-MAILS (SiliconValley.com, 18 Sept 2007) - Intel may have lost the equivalent of “220 years” worth of e-mail messages and documents sought by Advanced Micro Devices in its antitrust suit against its larger rival, an attorney for AMD told the Mercury News. Intel told federal district court in March it had failed to preserve some documents - mainly e-mail - related to the suit, pointing the blame at human error and an auto-delete system. Intel is seeking to recover the documents with a remedial effort costing it more than $20 million. The lost volume is the equivalent to the e-mail 220 people would generate in a year, said Mark Samuels, an attorney at O’Melveny & Myers for AMD. “There is no doubt we are going to have an incomplete record,” said Samuels. “It’s really quite serious from our perspective.” But Intel spokesman Chuck Mulloy questioned the AMD figure. Intel has already turned over 40 million pages of documents and many millions more are coming, he said. How many documents have been lost? “We don’t know what that number is,” Mulloy said. “It could be very, very small.” He said Intel doesn’t believe the missing documents will affect AMD’s ability to pursue its case. AMD certainly isn’t dissuaded. AMD urged the court in a filing last week to order Intel to move ahead with the remedial plan. http://www.siliconvalley.com/news/ci_6925399?nclick_check=1

SECURITY BREACH SEVERITY WORSENS, STUDY FINDS (Network World, 19 Sept 2007) - The number of reported security breaches is down, yet the average severity of breaches has doubled, according to a new study. The Computing Technology Industry Association (CompTIA) study, based on data collected from more than 1,000 IT professionals, revealed that 34% of organizations reported a major security breach in 2006, down from 38% in 2005 and 58% in 2004. But respondents rated the average severity of breaches as 4.8 (with 10 being most severe), up from between 2.3 and 2.6 in previous years. That might not be surprising given the number of headline-grabbing breaches, such as the TJX breach in which tens of millions of credit and debit card numbers were stolen. “Compared to last year, more than half of all organizations report that security threats associated with the use of handheld devices, spyware, voice over IP, wireless networking and remote/mobile access have increased significantly over the previous 12 months,” the report reads. CompTIA says security policies and training can help prevent organizations from falling victim to attacks. Of those polled, 62% said their organization has written IT security policies in place, compared with 47% two years ago. Of those who have written security policy, 81% said the policy is specific to information on how to secure remote and mobile employees. The average cost of a security breach in 2006 was $369,388; CompTIA estimates the average costs savings of providing IT security training to staff could be $352,000. CompTIA also estimates IT organizations can save $656,000 by having IT employees with security certifications. http://www.networkworld.com/news/2007/091807-security-breach-severity.html

A WEEKLONG WEB AFTERLIFE FOR NBC SHOWS (Hollywood Reporter, 19 Sept 2007) - NBC will make episodes of its programs available for download on its Web site for one week after their original broadcast, the network said Wednesday. The move follows NBC’s recent decision not to renew its contract with Apple Inc., when it expires in December, because of a dispute over pricing and bundling on the electronics firm’s iTunes platform. The new initiative, dubbed NBC Direct, will start in beta in October and will make episodes available for download from NBC.com (http://NBC.com) on Windows-based PCs. Once downloaded, the content will be encrypted so that it can’t be viewed more than a week after the first network airing. A mix of veteran and new shows will be available at launch: “Heroes,” “The Office,” “30 Rock,” “Friday Night Lights,” “Late Night With Conan O’Brien,” “The Tonight Show With Jay Leno,” “Life” and “Bionic Woman.” NBC said it would expand the initiative in the next several months to include DRM-protected episodes compatible with Macs and portable devices and a peer-to-peer distribution network. The network said that, it would provide further business models in 2008, including download-to-own, rental and subscription. http://news.yahoo.com/s/nm/20070920/wr_nm/nbc_dc_1;_ylt=ArgPWB_49730CIPBzQKiXo0E1vAI

CT RULES CONTRACT TERMS ON WEBSITE BINDING EVEN IF NOT READ (BNA’s Internet Law News, 20 Sept 2007) - BNA’s Electronic Commerce & Law Review reports that a federal court in Alabama has ruled contract terms posted on a website were an enforceable part of a printed contract that clearly made reference to them. The court said that the Web-posted terms were part of the contract even though the other party refused to visit the Web site and review the terms. Case name is Conference America Inc. v. Conexant Sys. Inc.

NOT-SO-WILY EDITS OF LAW FIRM WIKI INFO (ABA Journal, 21 Sept 2007) - New software has exposed the apparent edits being made to Wikipedia law firm listings by not-so-wily insiders. Contributions to the online encyclopedia, which is made up of information provided (and edited) by those who visit the Wikipedia site, used to be anonymous. But now new software allows the Web addresses of contributors to be identified, reports New York Lawyer (reg. req.), in a reprint of a Legal Times article. Perhaps not surprisingly, many of those providing information seem to be doing so about their own law firms, the article says. “Some are humorous, like the Ropes & Gray editor who described the firm’s summer associate program as a litany of ‘baseball games, theater, and epic parties in Boston to begin and end a summer of ecstacy [sic].’”But on Covington & Burling’s Wikipedia page, several entries have been edited or deleted altogether, most notably info about the firm’s lobbying on behalf of Halliburton.” http://www.abajournal.com/weekly/not_so_wily_edits_of_law_firm_wiki_info

DIGITAL MEDIA COMPANY SUED OVER OPEN-SOURCE VIOLATION (TechWorld, 21 Sept 2007) - A digital video is being sued for failing to adhere to the terms of an open-source licence. Monsoon Multimedia The Software Freedom Law Center has filed against Monsoon Multimedia, in what is believed to be the first case of its type in the US. The SFLC filed the suit on Wednesday on behalf of the developers of BusyBox, Erik Andersen and Rob Landley. The suit charges Monsoon with using BusyBox under the GNU General Public License version 2 but failing to publish its source code. Under the terms of the licence, distributors of software that uses the licensed software must make their source code available. Failing to do so is considered copyright infringement. BusyBox, members of the public and the SFLC legal team notified Monsoon of its responsibilities, but Monsoon has not yet published the code, said Dan Ravicher, legal director at SFLC. While it’s relatively common for licensees to neglect to share their code, parties typically work through the issue without having to go to court, he said. This case is a last resort after Monsoon failed to rectify the situation, he said. The suit is necessary because from a legal perspective, copyright owners can start to lose rights if they don’t act to protect them, he said. http://www.techworld.com/applications/news/index.cfm?newsID=10144&pagtype=all

COMPANY WILL MONITOR PHONE CALLS TO TAILOR ADS (New York Times, 24 Sept 2007) - Companies like Google scan their e-mail users’ in-boxes to deliver ads related to those messages. Will people be as willing to let a company listen in on their phone conversations to do the same? Pudding Media, a start-up based in San Jose, Calif., is introducing an Internet phone service today that will be supported by advertising related to what people are talking about in their calls. The Web-based phone service is similar to Skype’s online service — consumers plug a headset and a microphone into their computers, dial any phone number and chat away. But unlike Internet phone services that charge by the length of the calls, Pudding Media offers calling without any toll charges. The trade-off is that Pudding Media is eavesdropping on phone calls in order to display ads on the screen that are related to the conversation. Voice recognition software monitors the calls, selects ads based on what it hears and pushes the ads to the subscriber’s computer screen while he or she is still talking. A conversation about movies, for example, will elicit movie reviews and ads for new films that the caller will see during the conversation. Pudding Media is working on a way to e-mail the ads and other content to the person on the other end of the call, or to show it on that person’s cellphone screen. “We saw that when people are speaking on the phone, typically they were doing something else,” said Ariel Maislos, chief executive of Pudding Media. “They had a lot of other action, either doodling or surfing or something else like that. So we said, ‘Let’s use that’ and actually present them with things that are relevant to the conversation while it’s happening.” http://www.nytimes.com/2007/09/24/business/media/24adcol.html?ex=1348286400&en=2b872e9e7df0ee8f&ei=5090&partner=rssuserland&emc=rss

SEARCH PRIVACY AND PERSONALIZED SEARCH (Google’s Jane Horvath, 24 Sept 2007) - Online privacy isn’t always an easy thing to understand—or to explain. When I recently joined the company, I was happy to learn that Google was continuing with the effort to make our privacy practices (and your choices) even clearer and more accessible. We are using YouTube to post videos that explain how, when, and why we collect information about searches, and how you can protect your privacy while using our search engine. If you watched the first privacy video, you learned about some of the information we collect (IP addresses, cookies, and search queries) and how we use this information to improve your search experience as well as prevent against fraud and other abuses. We appreciated all of the feedback we got in response to the first video. In response to your requests for more detailed information, in our second video we’re offering a closer look at personalization and the privacy tools available when you choose to personalize your search. Personalization has been an area that raises concerns about privacy, and we want you to understand how we personalize search results while protecting your privacy. [Editor: More, including links to YouTube videos.] http://googleblog.blogspot.com/2007/09/search-privacy-and-personalized-search.html

LAWYERS INCREASINGLY USE PDFS AND PDAS, ACCORDING TO 2007 LEGAL TECHNOLOGY SURVEY (ABA, 25 Sept 2007) - When the ABA Legal Technology Resources Center conducted its annual survey, it uncovered some interesting facts. According to the annual Legal Technology Survey report, 91 percent of survey respondents said that PDF creation software is available at their firms, up from 82 percent, in 2006. And, the use of the real-time email function in PDAs has increased significantly, up 14 percent from last year. The study itself is a comprehensive look at how legal practitioners use technology. For this year’s report, more than 1,800 ABA lawyer members in private practice answered some 150 questions about law office technology, litigation and courtroom technology, web and communication technology, and online research and mobile technology. The survey focused on technology use, not product use. The study also found that:
* Slightly more than one quarter (28 percent) of respondent firms have e-discovery initiatives; however, 71 percent of large firms (more than 100 attorneys) have electronic discovery initiatives.
* The number of lawyers making electronic discovery requests on behalf of their clients has substantially increased in the past year. Only 26 percent of lawyers responding to the survey say they never made electronic discovery, compared to 69 percent in the 2006 survey. [Editor: There’s more] http://www.abanet.org/media/youraba/200709/resultsAreIn_08.html

STATE DEPARTMENT LAUNCHES FIRST BLOG (US Department of State, 25 Sept 2007) - Welcome to the State Department’s first-ever blog, Dipnote. As a communicator for the Department, I have the opportunity to do my fair share of talking on a daily basis. With the launch of Dipnote, we are hoping to start a dialogue with the public. More than ever, world events affect our daily lives-what we see and hear, what we do, and how we work. I hope Dipnote will provide you with a window into the work of the people responsible for our foreign policy, and will give you a chance to be active participants in a community focused on some of the great issues of our world today… http://blogs.state.gov/index.php/entires/welcome/

RULING EASES GOVERNMENT’S EFFORTS FOR CELL PHONE TRACKING (ComputerWorld, 26 Sept 2007) - A federal court in Massachusetts has ruled that the government doesn’t need probable cause to obtain a warrant allowing it to use a person’s cell phone to track his past movements. According to the ruling by the U.S. District Court in Massachusetts, law enforcement officials only need to show the information is “relevant to an ongoing investigation.” The decision stems from an appeal by the government of a magistrate judge’s ruling that required members of law enforcement to show probable cause before they could be issued a warrant to gain access to an individual’s past movements from cell phone providers. Cell phone companies can track a customer’s movements by identifying the cell tower or towers through which his calls were handled. The case is sealed because it is part on an ongoing criminal investigation. The government wanted to obtain a court order requiring certain carriers to turn over information about a customer’s cellular telephone records. While the magistrate judge allowed the government access to the customer’s subscriber information, the judge rejected the government’s bid to gain access to the customer’s historical cell site information (or where the customer was). According to court documents, the issue before the district court judge was whether obtaining a warrant for historical cell information should be treated like obtaining a warrant for real-time cell information (where the customer is), which most courts have ruled requires probable cause, in part because under the Fourth Amendment to the Constitution, citizens have a reasonable expectation of privacy. The district court judge decided that under the federal Stored Communications Act, the government could obtain a warrant for historical cell data by showing that data was relevant to an ongoing investigation. In addition, the district court ruled that an individual’s past movements were not protected under the Fourth Amendment because the government wasn’t looking to track the individual’s real-time or future movements. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9039000&source=rss_topic146

CANADIAN TAXMAN GOES BROWSING ON EBAY (Globe & Mail, 27 Sept 2007) - Canadians who sell a lot of stuff on eBay best beware – the taxman is watching. The Canada Revenue Agency has won a Federal Court order requiring eBay Canada Ltd. to turn over the names, addresses, phone numbers and e-mail addresses of all high-volume sellers on the popular website. The CRA wants to find out whether those individuals or companies are reporting the income they made from online sales in 2004 and 2005. “The CRA is seeking to verify compliance with the obligations and duties under the Income Tax Act of certain Canadian taxpayers selling goods in an online marketplace,” said an affidavit filed in court by Aziz Fazal, a Toronto tax officer who heads an audit group within the CRA that is leading the probe. “In particular, the CRA seeks to verify the reporting of income by certain Canadian taxpayers selling goods via the eBay marketplace.” http://www.theglobeandmail.com/servlet/story/RTGAM.20070926.wrebay27/BNStory/Technology/?page=rss&id=RTGAM.20070926.wrebay27

RAM DISPUTE, PART DEUX: COURT UPHOLDS ORDER TO PRESERVE AND PRODUCE SERVER LOGS (Steptoe & Johnson’s E-Commerce Law Week, 28 Sept 2007) - Hollywood studios love a good sequel, whether it’s a follow-up to a hit movie or a court ruling that aids Tinseltown in its fight against pirated films. The studios recently got a taste of the latter, when a federal court in California upheld a magistrate’s earlier ruling that, under Federal Rule of Civil Procedure 34 (which permits discovery of relevant “electronically stored information”), the operators of the TorrentSpy website could be compelled to preserve and produce data stored - even if only temporarily - in the RAM of a web server. While this decision - in Columbia Pictures, Inc., v. Bunnell - may cheer Big Content, like many Hollywood sequels, it is sure to leave some observers cold. If adopted by other courts, this ruling could greatly increase the volume of communication records, website logs, and search terms that parties must retain and produce during litigation. http://www.steptoe.com/publications-4873.html Magistrate’s ruling at http://www.steptoe.com/assets/attachments/3028.pdf

A PROSECUTION TESTS THE DEFINITION OF OBSCENITY (New York Times, 28 Sept 2007) - Sometime early next year, Karen Fletcher, a 56-year-old recluse living on disability payments, will go on trial in federal court here on obscenity charges for writings distributed on the Internet to about two dozen subscribers. In an era when pornography has exploded on the Web almost beyond measure, Ms. Fletcher is one of only a handful of people to have been singled out for prosecution on obscenity charges by the Bush administration. She faces six felony counts for operating a Web site called Red Rose, which featured detailed fictional accounts of the molesting, torture and sometimes gruesome murders of children under the age of 10, mostly girls. What has attracted the attention of First Amendment scholars and lawyers is that Red Rose — which Ms. Fletcher says is an effort to help her deal with her own pain from child sexual abuse — was composed entirely of text without any images. Although a narrowly divided Supreme Court said in 1973 that images were not necessary to label a work obscene, there has not been a successful obscenity prosecution in the country that did not involve drawings or photographs since then. Courts have overturned or blocked convictions connected to other nonillustrated books, including the well-known “Fanny Hill: Memoirs of a Woman of Pleasure,” on the basis that sexual images have a fundamentally different impact than words alone. Prof. Laurence H. Tribe of Harvard Law School, a leading constitutional scholar, said that although the court had not ruled out the possibility that text alone might be obscene, “the idea that the written word alone can be prosecuted pushes to the limit the underlying rationale of the obscenity law.” But Professor Tribe noted that even though the Fletcher case did not involve images, courts might view “patently offensive descriptions of sexual acts with children” as prosecutable under obscenity laws. While pornography by itself is not illegal, it can be prosecuted as obscenity if it fits the definition laid out by the Supreme Court more than 30 years ago. Under that ruling, Miller v. California, a work may be deemed obscene if, taken as a whole, it lacks artistic, literary or scientific merit, depicts certain conduct in a patently offensive manner, and violates contemporary community standards. http://www.nytimes.com/2007/09/28/us/28obscene.html?ex=1348632000&en=97b961d620056ea0&ei=5090&partner=rssuserland&emc=rss

SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu.
2. Edupage, http://www.educause.edu/pub/edupage/edupage.html.
3. SANS Newsbites, sans@sans.org.
4. NewsScan and Innovation, http://www.newsscan.com.
5. Internet Law & Policy Forum, http://www.ilpf.org.
6. BNA’s Internet Law News, http://ecommercecenter.bna.com.
7. Crypto-Gram, http://www.schneier.com/crypto-gram.html.
8. McGuire Wood’s Technology & Business Articles of Note, http://tinyurl.com/ywsusp
9. Steptoe & Johnson’s E-Commerce Law Week, www.steptoe.com
10. Readers’ submissions, and the editor’s discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/us/ or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.

Saturday, September 08, 2007

MIRLN - Misc. IT Related Legal News [19 August - 8 September 2007; v10.12]

**************Introductory Note**********************

MIRLN (Misc. IT Related Legal News) is a free product of the American Bar Association’s Cyberspace Law Committee and Dickinson Wright PLLC. Dickinson Wright’s IT & Security Law practice group is described at http://tinyurl.com/joo5y.

Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at http://www.abanet.org/dch/committee.cfm?com=CL320000 (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley (vpolley@REMOVETHISSTRINGvip-law.com) with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN editions are archived at www.vip-law.com and blogged at http://mirln.blogspot.com/.

**************End of Introductory Note***************

COST OF DATA BREACH AT TJX SOARS TO $256M (Boston Globe, 15 August 2007) - TJX Cos. said its costs from the largest computer data breach in corporate history, in which thieves stole more than 45 million customer credit and debit card numbers, have ballooned to $256 million. The figure is more than 10 times the roughly $25 million the Framingham retailer estimated just three months ago, though at the time it cautioned it didn’t know the full extent of its exposure from the breach. The costs include fixing the company’s computer system and dealing with lawsuits, investigations, and other claims stemming from the breach, which lasted more than a year before the company discovered the problem in December. TJX disclosed the higher costs in its second-quarter earnings report, released yesterday. For that quarter alone, costs related to the data theft lowered TJX’s profit by $118 million, or 25 cents a share, after accounting for taxes. Yet the company noted that strong sales during the same period suggested customers were not scared away from its stores, which include TJ Maxx and Marshalls. After the disclosure yesterday, shares fell 8 cents to close at $27.58 on the New York Stock Exchange, 8 percent below their level the day before TJX disclosed the security breach in January. http://www.boston.com/business/globe/articles/2007/08/15/cost_of_data_breach_at_tjx_soars_to_256m/ and http://www.forbes.com/markets/2007/08/14/tjx-retail-update-markets-equity-cx_jl_0814markets31.html

ABA LAUNCHES LEGAL RESOURCE SITE FOR SMALL ONLINE BUSINESSES (ComputerWorld, 16 August 2007) - Want to start an online business? Well, you’re probably going to have some questions, right? But if you don’t want to spend $200 or more an hour for an attorney, you can log onto Safeselling.org and get some questions answered. The American Bar Association launched the online resource at its annual meeting last week to help individuals and small business owners with questions about setting up, launching and operating an online store or other e-commerce venture. Among the sections covered are obtaining a domain name, selling out of state and how to verify who your customers are. “We wanted the site to be intuitive for the typical small business owner,” said Jonathan Rubens, editorial director of the site, in a statement. “From obtaining a domain name to protecting customer privacy, our Safeselling.org site offers a complete range of logically listed minitopics to help our target audience find the facts they need.” The site also advises users on such issues as including the products and services they can sell online as well as those that are prohibited; how to draft a terms and conditions agreement; laws and regulations governing online sales; taxes; payment processing; as well as delivery and return processes. Safeselling.org is a companion site to Safeshopping.org, a site that provides information to consumers about buying online. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9031043&source=NLT_PM&nlid=8

CONSULTING FIRM PAYS $300K FOR ILLEGALLY USING COPYRIGHTED CONTENT (ComputerWorld, 17 August 2007) - A California-based market research company has agreed to pay a $300,000 settlement for illegally distributing copyrighted articles, research reports and other information without proper licenses or permission to employees via e-mail newsletters. The Software & Information Industry Association (SIIA), a Washington-based trade group for software vendors and content providers, announced Thursday (download PDF) that it had reached the copyright infringement settlement with Knowledge Networks Inc. in Menlo Park, Calif. The SIIA said it learned about the activities at Knowledge Networks after receiving an anonymous tip from an informant, who is being paid a $6,000 reward. Scott Bain, the SIIA’s litigation counsel, said the case is the first to be settled under a new Corporate Content Anti-Piracy Program, which expands the trade group’s protective blanket beyond its existing software piracy programs. “It recently became obvious that while there has been progress on the software side, there’s another problem with infringement of [published] content,” Bain said. Companies often use newspaper, magazine and newswire stories, newsletters, databases and other kinds of information without obtaining licenses or permissions from the content owners, he added. “It’s gotten worse with the advent of online delivery,” Bain said. “It’s just so easy to copy and forward [information] that people do it without thinking.” In the Knowledge Networks case, the SIIA said, company employees received e-mail messages with newsletters that included articles copyrighted by members of the trade group such as the Associated Press, Reed Elsevier and United Press International. As part of the settlement, Knowledge Networks agreed to create an internal program to avoid future infringements. The program will include educating executives and other employees about copyright compliance and licensing issues, and ensuring that proper licenses are obtained for use of copyrighted materials. Bain said that the $300,000 payment being made by Knowledge Networks is “far more” than the materials would have cost the company if they had been acquired legally. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9031239&source=NLT_PM&nlid=8

COMPANIES CLAMPING DOWN ON MESSAGING (AP, 20 August 2007) - Whenever a doctor, nurse or administrator in Georgia’s DeKalb Medical Center sends an e-mail, the message detours through a special box in the three-hospital system’s computing cluster. The box analyzes the e-mail, scanning for sensitive information like patient names, prescription histories and Social Security numbers. More than 1,200 times a month, the box finds such private data and automatically routes the message to a server that encrypts it for secrecy before sending it to its original destination. Sometimes, though, the box is unsure what to do, so it asks Sharon Finney. Finney is the information security administrator, which makes her responsible for keeping the hospital in tune with medical privacy laws. Several times a week, the messaging-control system, set up by Proofpoint Inc., alerts Finney to e-mails awaiting her review. “What I’m looking for is not so much someone sending out something intentional or volumes of info” inappropriately leaving the hospital, she says. “I’m looking at, is this a legitimate recipient?” Maybe an e-mail address was mistyped, for example, or one too many people was copied in on a spreadsheet with patient account numbers. Such careful oversight is becoming more common. Many organizations, fearful that inside information can slip out through innumerable digital avenues, now govern precisely what employees can or cannot put into e-mails, instant messages, Web postings and even offline documents. But employers can’t hold their workers’ hands all the time — so they’re increasingly turning to software that tries to do it for them. http://news.yahoo.com/s/ap/20070820/ap_on_hi_te/office_computer_control_2;_ylt=AozYizAkODePCGaBrp.H05cE1vAI

IN GOOGLE EARTH, A SERVICE FOR SCANNING THE HEAVENS (New York Times, 22 August 2007) - After turning millions of Internet users into virtual explorers of the world with Google Earth, the Internet search giant is now hoping to turn many of them into virtual stargazers. Google is unveiling within Google Earth today a new service called Sky that will allow users to view the skies as seen from Earth. Like Google Earth, Sky will let users fly around and zoom in, exposing increasingly detailed imagery of some 100 million stars and 200 million galaxies. “You will be able to browse into the sky like never before,” said Carol Christian, an astronomer with the Space Telescope Science Institute, a nonprofit academic consortium that supports the Hubble Space Telescope. While other programs allow users to explore the skies, they typically combine a mix of representations of stars and galaxies that are overlaid with photographs, Ms. Christian said. “These are really the images of the sky. Everything is real.” The Sky imagery was stitched together from more than one million photographs from scientific and academic sources, including the Sloan Digital Sky Survey, the Palomar Observatory at the California Institute of Technology and the NASA-financed Hubble. Google said that it developed the project strictly because some of its engineers were interested in it, and that it had no plans to make money from it for now. http://www.nytimes.com/2007/08/22/technology/22sky.html?ex=1345435200&en=54c20b9d89f2e2df&ei=5090&partner=rssuserland&emc=rss

TOP LAWYERS BILL $1,000 AN HOUR (ABA Journal, 22 August 2007) - Lawyers at some of New York’s top firms are billing $1,000 an hour. The move was a reluctant one for some law firms, the Wall Street Journal (sub. req.) reports. “We have viewed $1,000 an hour as a possible vomit point for clients,” a partner at one New York firm told the newspaper. Firms that have hit the four-figure mark for top partners include: Simpson Thacher & Bartlett; Cadwalader, Wickersham & Taft; and Fried, Frank, Harris, Shriver & Jacobson. The Wall Street Journal’s Law Blog ran photos of the top billers and proclaimed them members of a new elite fraternity: the Law Blog Thousand-Dollar Bar. Barry Ostrager of Simpson Thacher says he’s worth the high price. “I haven’t personally experienced resistance to my billing rates,” he told the newspaper. “The legal marketplace is very sophisticated.” Some clients agree. Mike Dillon, the general counsel of Sun Microsystems Inc., says the pay is lower than that of major league baseball players, who make the equivalent of $15,000 per hour. “One thousand dollars for very seasoned lawyers who can solve complex problems doesn’t seem to be inappropriate,” he told the newspaper. http://www.abajournal.com/weekly/top_lawyers_bill_1000_an_hour

CT RULES CONTRACT MAY BE UNCONSCIONABLE EVEN WHEN TERMS READ (BNA’s Internet Law News, 23 August 2007) - BNA’s Electronic Commerce & Law Report reports that a federal court in California has ruled that a click-through contract of adhesion subject to a class action waiver can be void for substantive unconscionability notwithstanding clear notice of applicable terms and conditions. The court said that notice of applicable terms and conditions eliminated the possibility that a party would be surprised, but it did not eliminate oppression. Case name is Brazil v. Dell Inc.

“SOFTWARE AS A SERVICE” MAY LACK KEY BANKRUPTCY PROTECTION OF TRADITIONAL LICENSING (McGuire Woods client alert, 23 August 2007) - Software as a Service (SaaS) is more than a buzzword in the software industry. It is a rapidly growing business model for software deployment that, according to industry reports, is a $5.1 billion business in 2007 and continuing to grow rapidly. SaaS generally consists of a vendor hosting and managing software on its computers, with the end-user connecting over the Internet to use it remotely. Unlike a traditional software license, the end user does not receive a copy of the software and it is not installed on the end user’s computer. The trendsetting example for large enterprises was salesforce.com; other examples include WebEx, Google Docs and Spreadsheets, and Comdev’s oDesktop. As SaaS solutions become more ubiquitous, there are bound to be SaaS vendors that fail financially and seek protection under bankruptcy law. Corporate IT departments, and the lawyers supporting them, should be aware that one of the key legal protections a licensee has in the event of a vendor bankruptcy under the traditional software licensing model may not be available or effective in the SaaS model. Under a traditional software delivery model (i.e., physical delivery and installation of the software on the licensee’s computer), if the vendor used the bankruptcy law to abrogate the license agreement (“rejection” in bankruptcy terminology), the licensee had the protection of Section 365(n) of the Bankruptcy Code to elect to retain its intellectual property rights. But in the case of SaaS solutions, it is unclear if the same protection exists. Section 365(n) only applies when the debtor is a licensor of a right to intellectual property. Although SaaS contracts provide the SaaS customer a right to access intellectual property (e.g., copyrighted or patented software), by its nature, a SaaS agreement is a services contract and it is not at all certain that the customer is actually using the underlying intellectual property in any way that requires a license. The SaaS vendor hosts, supports and maintains the software on its own equipment, merely allowing the customer to interact with it remotely. Without an intellectual property license, the customer does not have an ability to retain its rights under Section 365(n). Although it is by no means certain that a license under the protection of Section 365(n) can be created merely be saying that a license exists, SaaS customers can help lay the groundwork for this protection by including express license grant language in the SaaS agreement clearly articulating what it is that is being licensed and including language stating that the parties intend to obtain the protection of Section 365(n). For example: “SaaS Vendor hereby grants a license to the Software. This is an intellectual property license subject to 11 U.S.C. Section 365(n). Failure of SaaS Vendor to perform its continuing obligations under this Agreement constitutes a material breach excusing SaaS Customer from performing.” http://www.mcguirewoods.com/news-resources/item.asp?item=2785

CANADIAN PRIVACY COMMISSIONER ISSUES DATA BREACH NOTIFICATION GUIDANCE (Steptoe & Johnson’s E-Commerce Law Week, 23 August 2007) - Canada’s Office of the Privacy Commissioner has released voluntary guidelines for responding to data breaches involving the personal information of residents of the Great White North. The guidelines, which are summarized in an accompanying checklist and were drafted in consultation with the private sector, are intended to lead organizations through the “four key steps” of breach response: containment and preliminary assessment, risk evaluation, notification, and prevention. The guidelines define a breach as the “unauthorized access to or collection, use, or disclosure of personal information,” where such activity is “unauthorized” if it violates the Personal Information Protection and Electronic Documents Act or similar provincial privacy legislation. Although voluntary, these guidelines could help shape future Canadian breach notification legislation. http://www.steptoe.com/publications-4771.html Guidelines here: http://www.privcom.gc.ca/media/nr-c/2007/nr-c_070801_guidelines_e.pdf

WHAT STATE SECRETS? NATIONAL INTELLIGENCE DIRECTOR COPS TO SPYING PROGRAM (ArsTechnica, 23 August 2007) - In an in-depth interview with the El Paso Times yesterday, National Intelligence Director Mike McConnell offered new details about the government’s surveillance activities and the administration’s recent full-court press for expanded wiretapping powers. McConnell described the hectic week of negotiations that led up to the passage of this month’s FISA legislation, and he denied charges that he had negotiated in bad faith. Several versions of the legislation were circulated on Capitol Hill in the last week before the August recess, and McConnell said he didn’t have time to review the Senate’s latest draft until Friday evening. At that point, he found provisions he considered unacceptable and insisted that the Senate pass a different version that had first circulated two days earlier. The Senate passed McConnell’s preferred version and adjourned, forcing the House to either pass the Senate’s language or no language at all. McConnell charged that as a result of press reports and Congressional debates regarding surveillance activities, “some Americans are going to die.” That’s because disclosures about surveillance activities will tip off terrorists to the existence of American surveillance programs and prompt them to use alternate communication methods, making it more difficult for the authorities to stop terrorist attacks before they occur. McConnell also acknowledged “under the president’s program, the terrorist surveillance program, the private sector had assisted us. Because if you’re going to get access you’ve got to have a partner and they were being sued.” Although he didn’t mention AT&T by name, McConnell’s statement appears to be a tacit admission of the accusations in the Electronic Frontier Foundation’s lawsuit against AT&T. That’s a surprising admission because in April, McConnell filed a sworn statement that “The disclosure of any information that would tend to confirm or deny... an alleged classified intelligence relationship between the NSA and MCI/Verizon, would cause exceptionally grave harm to the national security.” EFF lost no time in pointing out the inconsistency. “On the government’s theory, the truth that is as plain as the nose on your face remains secret until the private sectors’ assistance has been officially acknowledged by the Administration,” writes Derek Slater on the EFF blog. “The evidence already on the record is sufficient to move forward with the case, but McConnell’s statement should absolutely settle the question.” McConnell must have realized that his statements would weaken the government’s state secret arguments, suggesting that the White House may have decided to shift its legal strategy in the telecom liability cases. The administration may be worried about an embarrassing legal setback if the Ninth Circuit rejects its state secrets argument. McConnell may have concluded that going public about the program would help him obtain legislation from Congress granting telecom companies retroactive blanket immunity for their participation in the wiretapping program. http://arstechnica.com/news.ars/post/20070823-what-state-secrets-national-intelligence-director-cops-to-spying-program.html

- and -

U.S. MAY INVOKE ‘STATE SECRETS’ TO SQUELCH SUIT AGAINST SWIFT (Int’l Herald Tribune, 31 August 2007) - The Bush administration is signaling that it plans to turn once again to a favorite legal tool known as the “state secrets” privilege to try to shut down a lawsuit brought against a Belgium banking cooperative that secretly supplied millions of private financial records to the U.S. government, court documents show. The lawsuit against the banking consortium, which is known as Swift, threatens to disrupt the operations of a vital national security program and to reveal “highly classified information” if it is allowed to continue, the Justice Department said in several recent court filings asserting its strong interest in seeing the lawsuit dismissed. A hearing on the future of the lawsuit was scheduled for Friday in federal court in Alexandria, Virginia. The “state secrets” privilege, allowing the government to shut down public litigation on national security grounds, was once a rarely used tool. But the Bush administration has turned to it dozens of times in terrorism-related cases in seeking to end public discussion of everything from an FBI whistle-blower’s claims to the abduction of a German terrorism suspect. Most notably, the Bush administration has sought to use the state secrets assertion to kill numerous lawsuits against telecommunications carriers over the National Security Agency’s domestic eavesdropping program, but a judge in California rejected that claim. The issue is now pending before an appeals court, where judges in a hearing two weeks ago expressed skepticism about the administration’s claims. http://iht.com/articles/2007/08/31/america/swift.php

A NEW METHOD TO DETECT SOFTWARE THEFT (IDW-online.de, 23 August 2007) - Developing software is expensive. This tempts some programmers to illegally include third-party software in their own programs. Researchers at Saarland University have developed a new method for detecting this kind of software theft. It analyzes the behavior of one program and looks for similarities in other programs. Today, most software consists of independent components, which makes it easy to include parts of a software into another program. Yet, for a code owner such theft is difficult to prove in court. David Schuler, researcher at Saarland University, developed a tool called API BIRTHMARK that measures the degree of similarity between programs. A company that suspects code theft may use API BIRTHMARK to run both its own program and a foreign program. When this yields a high degree of similarity, code theft is likely and further investigations are warranted. The novelty of Schuler’s method is that it compares the behavior of programs rather than their code. A program’s code can easily be obfuscated without destroying it. Such obfuscation tools are freely available on the internet. On the other hand, a program’s behavior is difficult to change without breaking the program, just like a birthmark. David Schuler and his co-authors Valentin Dallmeier and Christian Lindig have shown that birthmarks from Java programs are immune against the best obfuscation tools available. A paper on the birthmarking technique has been accepted at the Automated Software Engineering (ASE 2007) conference which will be held in Atlanta, USA. This year, only 37 submissions out of 312 got accepted to ASE 2007. http://idw-online.de/pages/de/news222661

LINUX FELON FORCED TO INSTALL WINDOWS (CNET, 24 August 2007) - A Linux user who was jailed for uploading a film onto a peer-to-peer service has been told he will have to switch to Windows if he wants to use a computer again. Scott McCausland, who used to be an administrator of the EliteTorrents BitTorrent server before it was shut down by the FBI, pleaded guilty in 2006 to two copyright-related charges over the uploading of Star Wars: Episode III to the Internet. As a result, he was sentenced to five months in jail and five months’ home confinement. McCausland-who also goes by the name “sk0t”-has since been released from jail, but on Tuesday he reported on his blog that the terms of his sentence meant he would have to install Windows if he wanted to use a computer during his probation. “I had a meeting with my probation officer today, and he told me that he has to install monitoring software onto my PC,” wrote McCausland. “No big deal to me...that is part of my sentence.” http://news.com.com/2100-1030_3-6204348.html [Editor: 8th Amendment?] also http://techdirt.com/articles/20070822/221127.shtml

BEIJING SOFTWARE COMPANY SUES OVER CHINESE CHARACTER FONTS IN ‘WORLD OF WARCRAFT’ (SiliconValley.com, 24 August 2007) - A Beijing-based software company has filed a lawsuit against the creator of the “World of Warcraft” and the game’s local operator for allegedly using its Chinese character fonts illegally. Founder Group’s lawsuit seeks $13.2 million in damages, company spokesman Song Zhenying said Friday. The Chinese version of “World of Warcraft,” run by Shanghai-based The9 Ltd., uses five Chinese character fonts developed by Founder without authorization, Song said. Founder employees discovered the alleged violations while playing the game. http://www.siliconvalley.com/news/ci_6709880 [Editor: font copyright claims have been around for a while, but seemingly are becoming more common.]

CONSUMER INNOVATIONS TO INFORM WEB SITE FOR SPIES (Washington Post, 25 August 2007) - Government agents may soon find valuable information through an online-recommendation system like the one on Amazon.com: Spies who read this report, it might say, also found these reports useful. That is one of several features the Office of the Director of National Intelligence might borrow from mainstream technology as it designs its new Web-based information-sharing system. The DNI is working on a new system intended to “tunnel through” the 16 different intelligence-gathering agencies in hopes of streamlining data sharing, said Michael Wertheimer, DNI’s assistant deputy director for analytic transformation and technology. The system, called A-Space, will only be open to those cleared to use it and is scheduled to go live in December. The DNI said it was taking its cues from social networking sites, Web-based mail, online maps and other commonly used online tools. Next month, it will take its concepts to a conference in Chicago, where universities, tech companies and other government agencies will be invited to scrutinize the project. “This is a revolutionary concept for us,” Wertheimer said. “This is unlike any other technology we’ve created.” This is not the government’s first attempt to imitate consumer technology. Last year, inspired by the popular user-generated encyclopedia Wikipedia, the government launched Intellipedia, an internal site aimed at information exchange in the intelligence community. http://www.washingtonpost.com/wp-dyn/content/article/2007/08/24/AR2007082401868.html

- and -

LOGGED IN AND SHARING GOSSIP, ER, INTELLIGENCE (New York Times, 2 Sept 2007) - America’s spies, like America’s teenagers, are secretive, talk in code and get in trouble if they’re not watched closely. It’s hard to imagine spies logging on and exchanging “whuddups” with strangers, though. They’re just not wired that way. If networking is lifeblood to the teenager, it’s viewed with deep suspicion by the spy. The intelligence agencies have something like networking in mind, though, as they scramble to adopt Web technologies that young people have already mastered in the millions. The idea is to try to solve the information-sharing problems inherent in the spy world — and blamed, most spectacularly, for the failure to prevent the Sept. 11 attacks. In December, officials say, the agencies will introduce A-Space, a top-secret variant of the social networking Web sites MySpace and Facebook. The “A” stands for “analyst,” and where Facebook users swap snapshots, homework tips and gossip, intelligence analysts will be able to compare notes on satellite photos of North Korean nuclear sites, Iraqi insurgents and Chinese missiles. A-Space will join Intellipedia, the spooks’ Wikipedia, where intelligence officers from all 16 American spy agencies pool their knowledge. Sixteen months after its creation, officials say, the top-secret version of Intellipedia has 29,255 articles, with an average of 114 new articles and more than 4,800 edits to articles added each workday. A separate online Library of National Intelligence is to include all official intelligence reports sent out by each agency, offering Amazon.com-style suggestions: if you liked that piece on Venezuela’s oil reserves, how about this one on Russia’s? And blogs, accessible only to other spies, are proliferating behind the security fences. “We see the Internet passing us in the fast lane,” said Mike Wertheimer, of the office of the Director of National Intelligence, who is overseeing the introduction of A-Space. “We’re playing a little catch-up.” It remains to be seen, however, whether technology alone can bring to secretive bureaucracies the connectedness that comes naturally to cybersurfers in the outside world. Skeptics say turf — the curse of the spy world — might keep analysts from using the tools. Mr. Wertheimer acknowledges that some managers discourage their people from adding to the Web encyclopedia, fearing that their agencies will lose credit for scoops. And for the intelligence world, putting the Web tools to work requires a cultural revolution. “Need to know” has long been the agencies’ mantra. The juiciest stuff is still called S.C.I., or Sensitive Compartmented Information, and walling off data offers protection against leaks and moles, or so the theory goes. But the Sept. 11 attacks revealed how hoarding information could lead to catastrophe. In a report released last month, the Central Intelligence Agency’s inspector general described a dysfunctional spy family, in which the National Security Agency refused to share intercepts from Al Qaeda with the C.I.A., and the C.I.A., in turn, withheld information from the F.B.I. More than 50 C.I.A. officers read cables in early 2000 about two future hijackers but failed to ask the State Department to put them on a watch list, the report said. To prevent such blunders, Congress created the post of director of national intelligence in late 2004 with orders to rope the 16 spy agencies into a single enterprise. The National Counterterrorism Center serves as a hub for threat information. There are plans to train analysts from different agencies together. http://www.nytimes.com/2007/09/02/weekinreview/02shane.html?ex=1346385600&en=9ef7336e97799b9a&ei=5090&partner=rssuserland&emc=rss

BREACHES OF PERSONALLY IDENTIFYING DATA NOT ENOUGH FOR CLASS ACTION (ArsTechnica, 27 August 2007) - Unless you’ve been living in a concrete bomb shelter at the end of a gravel road beside a Wyoming mountain lake (Hi, Uncle Jasper!), you’ve seen a flood of news stories over the last few years about data breaches and the resulting identity theft worries. While the breaches themselves often make news and elicit the outrage of the punditocracy, what happens months later when the victims file class action lawsuits? An appeals court decision last week provides the answer: not much. The US Court of Appeals for the Seventh District has just agreed with a lower court that consumers were not entitled to form a class against Old National Bancorp after a 2005 data breach revealed personal information including Social Security numbers and financial details. That’s because the prospective class members did not suffer any actual damage from the breach. “Significantly, the plaintiffs did not allege any completed direct financial loss to their accounts as a result of the breach,” said the court in its opinion. “Nor did they claim that they or any other member of the putative class already had been the victim of identity theft as a result of the breach.” Indiana law requires that claims for damages be based on actual rather than speculative damages. The court also noted that five other federal judges had rejected requests for “the cost of credit monitoring as an alternative award for what would otherwise be speculative and unrecoverable damages.” In a nutshell: victims can come back when there’s a demonstrated problem. Until then, they get nothing, even if they shell out privately for credit monitoring. http://arstechnica.com/news.ars/post/20070827-identity-theft-alone-not-enough-for-class-action-lawsuit.html and http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9032778&source=NLT_AM&nlid=1

SEC PUBLISHES RULE REQUIRING INTERNET POSTING OF PROXY MATERIALS (Duane Morris client alert, 28 August 2007) - The SEC recently published final regulations on Shareholder Choice Regarding Proxy Materials. The amendments to the proxy rules under the Securities Exchange Act of 1934 (“Amendments”) require issuers and other soliciting persons to post proxy materials on a publicly accessible Internet web site and to provide notice to shareholders of the availability of those materials. Issuers and other soliciting persons must follow a notice and access model, which allows two options to issuers to provide proxy materials to shareholders: (1) the “notice only” option and (2) the “full set delivery” paper option. If the issuer chooses to post its proxy materials on the Internet web site, under the “notice only” option, shareholders may elect to receive these proxy materials in paper copy format. [More, at http://www.duanemorris.com/alerts/alert2607.html]

POINT, CLICK ... EAVESDROP: HOW THE FBI WIRETAP NET OPERATES (Wired, 29 August 2007) - The FBI has quietly built a sophisticated, point-and-click surveillance system that performs instant wiretaps on almost any communications device, according to nearly a thousand pages of restricted documents newly released under the Freedom of Information Act. The surveillance system, called DCSNet, for Digital Collection System Network, connects FBI wiretapping rooms to switches controlled by traditional land-line operators, internet-telephony providers and cellular companies. It is far more intricately woven into the nation’s telecom infrastructure than observers suspected. It’s a “comprehensive wiretap system that intercepts wire-line phones, cellular phones, SMS and push-to-talk systems,” says Steven Bellovin, a Columbia University computer science professor and longtime surveillance expert. DCSNet is a suite of software that collects, sifts and stores phone numbers, phone calls and text messages. The system directly connects FBI wiretapping outposts around the country to a far-reaching private communications network. Many of the details of the system and its full capabilities were redacted from the documents acquired by the Electronic Frontier Foundation, but they show that DCSNet includes at least three collection components. http://www.wired.com/politics/security/news/2007/08/wiretap?currentPage=all [Editor: gosh.]

CT RULES SINGLE EBAY SALE SUFFICIENT TO ASSERT JURISDICTION (BNA’s Internet Law News, 30 August 2007) - BNA’s Electronic Commerce & Law Report reports that the Louisiana Court of Appeal has ruled that sellers using eBay purposefully avail themselves of forums where their buyers reside by virtue of the eBay site’s interactivity. The court analyzed an eBay sale gone wrong under the interactivity test established in Zippo. The court concluded that because eBay is more than an “information only” site, all sales facilitated through it were the result of intentional contacts that would support jurisdiction. Case name is Crummey v. Morgan.

BRITISH LABOR GROUP SAYS WORKERS SHOULD BE ALLOWED TO USE FACEBOOK ON JOB (SiliconValley.com, 30 August 2007) - Employers should allow their workers to befriend, chat and “poke” each other through online networking sites while at work, Britain’s largest labor federation said Thursday. While accepting that employers were within their rights to block employees from using sites such as Facebook and MySpace, the Trades Union Congress, or TUC, said a ban “may be something of an overreaction.” “Sensible employers, realizing that their staff spend much of their waking hours in work and lead busy lives, should be trusted to spend a few minutes of their lunch break ‘poking’ their friends or making plans for outside work,” the TUC said in guidance published on its Web site. The sites can be a headache for employers and educators - especially when users affiliated with a school or company post inflammatory, indiscreet or just plain embarrassing content. Organizations as diverse as the Ministry of Defense and Oxford University have issued guidance within the past month on using the sites. The TUC said bosses needed to give their employees guidance on what was and was not acceptable online, rather than imposing a ban. It warned that in the absence of any workplace rules, British Facebook users were millions of “accidents waiting to happen.” “It’s unreasonable for employers to try to stop their staff from having a life outside work, just because they can’t get their heads around the technology,” TUC General Secretary Brendan Barber said in a statement. “Better to invest a little time in working out sensible conduct guidelines, so that there don’t need to be any nasty surprises for staff or employers.”‘ http://www.siliconvalley.com/news/ci_6760221 [Editor: The New York Times ran such a story in 1997: http://tinyurl.com/39d2e5; I agree.]

NIST ISSUES GUIDELINES ON SECURING WEB SERVICES (GCN, 30 August 2007) - The National Institute of Standards and Technology has released a 128-page guide to help organizations understand the security challenges of Web services in service-oriented architecture. NIST Special Publication 800-95, “Guide to Secure Web Services,” provides practical guidance on current and emerging standards applicable to Web services in addition to background information on the most common security threats to SOAs based on Web services. The guidelines are hardware and software independent and do not address perimeter security devices such as firewalls or access control tools. http://www.gcn.com/online/vol1_no1/44962-1.html?topic=security&CMP=OTC-RSS Guide at http://csrc.nist.gov/publications/nistpubs/800-95/SP800-95.pdf; useful introduction at http://www.stsc.hill.af.mil/CrossTalk/2007/09/0709Goertzel.html

AT RAPLEAF, YOUR PERSONALS ARE PUBLIC (CNET, 31 August 2007) - In the cozy Facebook social network, it’s easy to have a sense of privacy among friends and business acquaintances. But sites like Rapleaf will quickly jar you awake: Everything you say or do on a social network could be fair game to sell to marketers. Rapleaf, based in San Francisco, is building a business on that premise. The privately held start-up, whose investors include Facebook-backer and PayPal co-founder Peter Thiel, runs two consumer Web sites: Rapleaf.com, a people search engine that lets you retrieve the name, age and social-network affiliations of anyone, as long as you have his or her e-mail address; and Upscoop.com, a similar site to discover, en masse, which social networks to which the people in your contact list belong. To use Upscoop, you must first give the site the username and password of your e-mail account at Gmail, Hotmail, Yahoo or AOL. By collecting these e-mail addresses, Rapleaf has already amassed a database of 50 million profiles, which might include a person’s age, birth date, physical address, alma mater, friends, favorite books and music, political affiliations, as well as how long that person has been online, which social networks he frequents, and what applications he’s downloaded. All of this information could come in handy for Rapleaf’s third business, TrustFuse, which sells data (but not e-mail addresses) to marketers so they can better target customers, according to TrustFuse’s Web site. http://news.com.com/2100-1038_3-6205716.html

- and -

FACEBOOK LETS USERS CHOOSE TO PUBLICIZE THEMSELVES (Washington Post, 5 Sept 2007) - Facebook Inc, the social-network site that has enjoyed explosive growth in new members over the past three months, said it plans to let users tell the rest of the world how to find them on the site. Starting later on Wednesday, Facebook will begin notifying members they have a choice over whether to keep their listings private or to allow Facebook to make their name and profile picture available when outsiders search the site. The Palo Alto, California-based site has grown to 39 million members, up 62.5 percent from 24 million in late May. By publicizing member profiles, Facebook could attract a new wave of users. Unlike most sites on the Web, Facebook has previously denied access by search services to information on the site. But after notifying users over the next 30 days of its plans to open up basic profile listings of its members, Facebook plans to begin allowing sites like Google, Yahoo or others to “crawl,” or index, its public member profiles. http://www.washingtonpost.com/wp-dyn/content/article/2007/09/05/AR2007090500300.html

GOOGLE NEWS IN LICENSING DEALS WITH WIRE SERVICES (Reuters, 31 August 2007) - Google is giving more credit to the original reporting of news agencies like the Associated Press while setting the stage to generate advertising revenue from Google News, the company said on Friday. Josh Cohen, business product manager of Google News, said his company is looking to reduce the proliferation of the same story from multiple news sites on Google News and thereby allow it to feature a greater variety of different news stories. “When you have many versions of the same story you are not providing different perspectives,” Cohen said in a phone interview. “For the users, we will be able to display a better selection of stories with less duplication,” Cohen said. The partners, which include Britain’s Press Association, Canadian Press, Agence France-Presse and the Associated Press of the United States, will have their stories featured with the organizations’ own brands on Google News-hosted landing pages. The changes won’t affect the ranking of what stories turn up in the search results of Google News, Cohen stressed. If an AP story ranked eighth among different versions of a story previously, it would still rank eighth under the new service. http://news.com.com/2100-1024_3-6205577.html

GOOGLE SETTLES SUIT OVER AD KEYWORDS (SiliconValley.com, 1 Sept 2007) - Google settled a lawsuit with American Blind & Wallpaper Factory on Friday, ending a long-running battle about whether its keyword-advertising policy infringed trademarks. Eric Goldman, director of the High Tech Law Institute at Santa Clara University, said the outcome amounted to a “stunning victory” for Google. American Blind sued Google four years ago for selling ads to its competitors that were triggered by search terms, also known as keywords, that exactly or nearly matched its brands. A verdict that found Google had infringed trademarks could have had major implications for Internet advertising. However, the Michigan company ran into a big problem in April when Judge Jeremy Fogel, of U.S. District Court in San Jose, said in a pretrial ruling that the company’s trademarks - “American Blind” and “American Blinds” - were descriptive terms and unenforceable. Fogel did allow the case to proceed, however, based on three other trademarks, “American Blind Factory,” “Decoratetoday” and “American Blind & Wallpaper Factory.” Fogel also noted that there is a significant public interest in determining whether Google’s advertising program violated trademark law. Google has lost trademark cases overseas; however, no definitive ruling has been entered in the United States. But the two sides decided to settle. Under the terms of the pact, Google will continue to follow its current trademark policy. http://www.siliconvalley.com/news/ci_6779007

PENTAGON E-MAIL SYSTEM BREACHED (Reuters, 4 Sept 2007) - The Pentagon on Tuesday said computer hackers gained access to an unclassified e-mail system in the office of Defense Secretary Robert Gates, but declined comment on a report that the Chinese army was responsible. The security breach occurred late last spring when Defense Department monitors detected the penetration of “elements of an unclassified e-mail system” that was immediately taken off line, Pentagon spokesman Bryan Whitman told reporters. The e-mail system, located in the office of the secretary of defense, did not return to full operation for up to three weeks. “There was never any threat to the classified systems,” Whitman said. “There was no disruption to (defense) operations or adverse impact to ongoing operations that the department was conducting ... all precautionary measures were taken and the system was restored to service,” he said. Whitman spoke after the Financial Times newspaper quoted current and former U.S. officials as saying that Chinese People’s Liberation Army hackers broke into a Defense Department network in June and removed data. The Financial Times cited one source familiar with the Pentagon incident as saying there was a “very high level of confidence ... trending towards total certainty” that the Chinese army was behind it. http://news.yahoo.com/s/nm/20070904/wr_nm/china_usa_hacking_dc_4;_ylt=AlTFU9z0fnCnIQabK3L_OL8E1vAI

FEC RESOLVED TWO MATTERS INVOLVING INTERNET ACTIVITY; APPLIES MEDIA EXEMPTION TO POLITICAL BLOGS (FEC, 4 Sept 2007) - The Federal Election Commission announced today that it has unanimously resolved two complaints alleging that Internet blog activity is subject to Commission regulation, finding that the activity is exempt from regulation under the media or volunteer exemption. In Matter Under Review (MUR) 5928, the Commission determined that Kos Media, L.L.C., which operates the website DailyKos, did not violate the Federal Election Campaign Act. The Commission rejected allegations that the site should be regulated as a political committee because it charges a fee to place advertising on its website and it provides “a gift of free advertising and candidate media services” by posting blog entries that support candidates. The Commission determined that the website falls squarely within the media exemption and is therefore not subject to federal regulation under the Act. Since 1974, media activity has been explicitly exempted from federal campaign finance regulation. In March 2006, the Commission made clear that this exemption extends to online media publications and that “costs incurred in covering or carrying a news story, commentary, or editorial by any broadcasting station. . . , Web site, newspaper, magazine, or other periodical publication, including any Internet or electronic publication,” are not a contribution or expenditure unless the facility is owned by a political party, committee, or candidate. With respect to MUR 5928, the FEC found that Kos Media meets the definition of a media entity and that the activity described in the complaint falls within the media exemption. Thus, activity on the DailyKos website does not constitute a contribution or expenditure that would trigger political committee status. The Commission therefore found no reason to believe Kos Media, DailyKos.com, or Markos Moulitsas Zuniga violated federal campaign finance law. In MUR 5853, the Commission rejected allegations that Michael L. Grace made unreported expenditures when he leased space on a computer server to create a “blog” which advocated the defeat of Representative Mary Bono in the November 2006 election. The Commission also rejected allegations that Grace coordinated these expenditures with Bono’s opponent in the race, David Roth, and found that no in-kind contributions to Roth’s campaign resulted from Grace’s blogging activity. The Commission also found that the respondent did not fraudulently misrepresent himself in violation of 2U.S.C. § 441h. The Act exempts from regulation volunteer activity by individuals. In the FEC’s Internet regulations, the Commission clarified that an individual’s use, without compensation, of equipment and personal services for blogging, creating, or hosting a website for the purpose of influencing a Federal election are not expenditures subject to the restrictions of campaign finance law. Even if there were some costs or value associated with Mr. Grace’s blog, these costs are exempt from Commission regulations. The FEC therefore found no reason to believe Mr. Grace or the Roth campaign violated federal campaign finance law. http://www.fec.gov/press/press2007/20070904murs.shtml

SURFING THE NET IS NOW WORK FOR LAWYERS (ABA Journal, 4 Sept 2007) - When a Minnesota doctor recently saw a young patient with an unusual bulging eye, he had no trouble finding multiple experts to consult with him right away about the case. Dozens of physicians offered suggestions via a social networking site exclusively for physicians. Such sites are a growing trend, offering an alternative to Facebook and other mainstream social networks for doctors and other professionals, reports the Wall Street Journal. It says an online suggestion on 25,000-member Sermo.com helped Dr. Michael Tomblyn diagnose a fast-growing cancer in his 21-year-old patient. A new social networking site for attorneys called LawLink launched last week after two years of development. It already has 200 members, according to Steven Choi, an Oakland, Calif., civil litigator who is one of its founders. Free to members—who must be licensed attorneys—the site is intended to serve as a forum for referrals, discussion of professional issues and information-sharing, Choi tells ABAJournal.com. Still on the drawing board is Legal OnRamp, a similar online, members-only community of corporate in-house counsel and the law firm attorneys that represent their companies. It is the brainchild of Mark Chandler, general counsel of Cisco Systems. He envisions a limited-access site that serves both as a marketplace for corporations to find qualified legal counsel and as an information-sharing forum for discussion of issues and strategies, according to the ABA Journal. Members of the LawLink site can post a photo, profile and brochure about themselves; view the same information in linked networks of colleagues; post and view classified ads seeking anything from a law firm employee to a date; or surf the site to participate in discussion forums and meet other attorneys. “I’ve been involved in the Internet since the inception, and I’m very familiar with the social networking sites,” Choi says. “It was just my own desire that there would be a social networking site for attorneys, only for attorneys, not for anybody else.” http://www.abajournal.com/weekly/surfing_the_net_is_now_work_for_lawyers/

HBO BUYS FILM MADE IN SECOND LIFE (Reuters, 4 Sept 2007) - HBO said on Tuesday it has acquired the rights to a short-form documentary shot entirely within Second Life, as entertainment companies increasingly turn to virtual worlds as a source for new content. “My Second Life: The video diaries of Molotov Alta” purports to tell the story of a man who “disappeared from his California home” and began issuing video dispatches from Second Life. The popular virtual world, which has its own currency and a growing economy, has drawn millions of users who create alter egos called avatars d interact with people from around the world. HBO, the premium channel owned by Time Warner Inc, paid a six-figure sum for the rights, Douglas Gayeton, who made the film, said in an interview. Gayeton, who uses the avatar Molotov Alta in Second Life, said the documentary is scheduled for release in 2008. Second Life has hosted dozens of real world companies in the past year, usually as a means of promoting products like cars or movies. However, Hollywood has been increasingly interested in using worlds like Second Life as virtual movie sets, a process known as machinima. For example, CBS created a machinima Super Bowl ad for its TV show “Two and a Half Men,” and will feature footage shot within Second Life in an upcoming episode of its popular show CSI. http://news.yahoo.com/s/nm/20070904/wr_nm/hbo_secondlife_dc_2;_ylt=AvSsMuNa9NRLl.pKC84BUd0E1vAI Episode 1 online at http://youtube.com/watch?v=wa7u0a9pUSs

- and -

GO INTO REAL AND VIRTUAL DEBT WITH SECOND LIFE’S METACARD (Wired, 5 Sept 2007) - Just what Second Life needed. After the collapse of virtual bank Ginko Financial last month, a Singapore company has come along and is readying the first “virtual credit card” for Second Life. Compliments of FirstMeta, the so-called MetaCard works just like its real-life counterparts. You’ll be able to obtain basic and gold versions (what, no Platinum?) and fully succumb to that “buy it now, figure out how to pay for it later” spirit we here in the U.S. have fully embraced. Okay, that’s not entirely true. For one thing, the basic card is subject to an avatar check and actually provides only a relatively small credit limit of 5000 Lindens, or about $18.60, per month. The Gold, on the other hand, pushes that credit limit up to 10,000 Lindens, or $37.20 per month, according to FirstMeta. Keep in mind the card also can only be used at certain in-world stores, which at the time of writing number about 75. While FirstMeta says there are no maintenance, minimum balance or withdrawal fees, interest will be charged to balances at between 0.13 and 0.15 percent a day, compounding, which is equivalent to a 47.45% to 54.75% annual percentage rate - which by any measure is an exorbitant amount of interest. Interestingly, FirstMeta is offering Second Life citizens credit that is linked to a real world account, making that line between the real and virtual money even fuzzier. Linden Lab has already weighed in on the whole virtual banking matter, so it’ll be interesting to see how a financial services company that would, in the real world, be subject to regulatory laws does in the metaverse. http://blog.wired.com/business/2007/09/go-into-real-an.html

DHS KILLS DATA-MINING PROGRAM THAT USED PERSONAL INFORMATION WITHOUT PROTECTING PRIVACY (SiliconValley.com, 5 Sept 2007) - The Homeland Security Department scrapped an ambitious anti-terrorism data-mining tool after investigators found it was tested with information about real people without required privacy safeguards. The department has spent $42 million since 2003 developing the software tool known as ADVISE, the Analysis, Dissemination, Visualization, Insight and Semantic Enhancement program, at the Lawrence Livermore and Pacific Northwest national laboratories. It was intended for wide use by DHS components, including immigration, customs, border protection, biological defense and its intelligence office. Pilot tests of the program were quietly suspended in March after Congress’ Government Accountability Office warned that “the ADVISE tool could misidentify or erroneously associate an individual with undesirable activity such as fraud, crime or terrorism.” Since then, Homeland Security’s inspector general and the DHS privacy office discovered that tests used live data about real people rather than made-up data for one to two years without meeting privacy requirements. The inspector general also said ADVISE was poorly planned, time-consuming for analysts to use and lacked adequate justifications. ADVISE was one of the broadest of 12 data-mining projects in the agency. A DHS research official said in 2004 it would be able to ingest 1 billion pieces per hour of structured information, such as databases of cargo shippers, and 1 million pieces per hour from unstructured text, such as government intelligence reports. The system was supposed to identify links between bits of information that could otherwise go unnoticed. And it would graphically display results in charts of relationships and links. A DHS workshop report in 2004 said it hoped to answer queries like: “Identify any suspicious group of individuals that passed through customs at JFK (airport in New York) in January 2004.” The GAO said in March that DHS should notify the public about how an individual’s personal information would be verified, used and protected before ADVISE was implemented on live data. Then, in separate reports released without fanfare in July and August, the DHS inspector general and privacy office concluded that between 2004 and 2007, three pilot tests of ADVISE used personally identifiable information without first issuing required privacy impact assessments. The privacy office said this “created unnecessary privacy risks.” http://www.siliconvalley.com/news/ci_6809649

JUSTICE DEPARTMENT OPPOSES ‘NET NEUTRALITY’ LAWS (SiliconValley.com, 6 Sept 2007) - The Justice Department on Thursday said Internet service providers should be allowed to charge a fee for priority Web traffic. The agency told the Federal Communications Commission, which is reviewing high-speed Internet practices, that it is opposed to “Net neutrality,” the principle that all Internet sites should be equally accessible to any Web user. Several phone and cable companies, such as AT&T Inc., Verizon Communications Inc. and Comcast Corp., have previously said they want the option to charge some users more money for loading certain content or Web sites faster than others. The Justice Department said imposing a Net neutrality regulation could hamper development of the Internet and prevent service providers from upgrading or expanding their networks. It could also shift the “entire burden of implementing costly network expansions and improvements onto consumers,” the agency said in its filing. Such a result could diminish or delay network expansion and improvement, it added. The agency said providing different levels of service is common, efficient and could satisfy consumers. As an example, it cited that the U.S. Postal Service charges customers different guarantees and speeds for package delivery, ranging from bulk mail to overnight delivery. “Whether or not the same type of differentiated products and services will develop on the Internet should be determined by market forces, not regulatory intervention,” The agency’s stance comes more than two months after Federal Trade Commission Chairwoman Deborah Platt Majoras cautioned policy makers to enact Net neutrality regulation. http://www.siliconvalley.com/news/ci_6818144?nclick_check=1

***** RESOURCES ******
NIXONTAPES.ORG - Between 1971 and 1973, President Richard Nixon secretly recorded 3,700 hours of his phone calls and meetings. These recordings were made in the Oval Office (commonly designated by the abbreviation “OVAL”), his hideaway office in the Executive Office Building (“EOB”), the Cabinet Room (“CAB”), Camp David (“CDHW”), and on various White House telephones (“WHT”). Currently, approximately 2,100 hours of these tapes have been declassified, released, and are available to the public. However, neither the National Archives and Records Administration (NARA) nor the Nixon Presidential Library has made official transcriptions. Instead, they have left this monumental task-a task that NARA once estimated took 100 hours of staff time to transcribe 1 hour of tape-to researchers. The purpose of this website is to make these transcripts available, side-by-side multiple audio formats, to members of the public who are not able to travel to the National Archives. http://www.nixontapes.org/

SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu.
2. Edupage, http://www.educause.edu/pub/edupage/edupage.html.
3. SANS Newsbites, sans@sans.org.
4. NewsScan and Innovation, http://www.newsscan.com.
5. Internet Law & Policy Forum, http://www.ilpf.org.
6. BNA’s Internet Law News, http://ecommercecenter.bna.com.
7. Crypto-Gram, http://www.schneier.com/crypto-gram.html.
8. McGuire Wood’s Technology & Business Articles of Note, http://tinyurl.com/ywsusp
9. Steptoe & Johnson’s E-Commerce Law Week, www.steptoe.com
10. Readers’ submissions, and the editor’s discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/us/ or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.