Saturday, September 29, 2007

MIRLN - Misc. IT Related Legal News [9-29 September 2007; v10.13]

**************Introductory Note**********************

MIRLN (Misc. IT Related Legal News) is a free product of the American Bar Association’s Cyberspace Law Committee and Dickinson Wright PLLC. Dickinson Wright’s IT & Security Law practice group is described at http://tinyurl.com/joo5y.

Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at http://www.abanet.org/dch/committee.cfm?com=CL320000 (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley (vpolley@REMOVETHISSTRINGvip-law.com) with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN editions are archived at www.vip-law.com and blogged at http://mirln.blogspot.com/.

**************End of Introductory Note***************

GREECE FINES ERICSSON HELLAS IN TAPPING CASE (Reuters, 6 Sept 2007 - Greece’s privacy watchdog has fined the Greek unit of telecom equipment maker Ericsson more than 7 million euros over a wiretapping scandal that rocked the country last year. In 2006 the Greek government revealed that more than 100 people, including the prime minister, senior ministers, journalists and activists, had their mobile phones tapped for about a year around the Athens 2004 Olympics. “The Hellenic Authority for Information and Communication Security and Privacy (ADAE) decided to fine Ericsson Hellas 7.36 million euros ($10 million) in relation to the wiretap issue,” ADAE said in a statement released late on Wednesday. It gave no further details. ADAE has said Ericsson Hellas’s equipment was used in the phone tapping. Ericsson Hellas said it planned to appeal the decision. In December 2006 ADAE also fined the Greek unit of Vodafone (VOD.L: Quote, Profile, Research) 76 million euros for a “number of infringements attributed to the company”, also without giving details. Vodafone Hellas has rejected the decision, saying it considers the fine illegal and is appealing the decision. The bugged phones were found to have been tapped mostly before and during the Athens Games by unknown eavesdroppers. The case became public after Vodafone Greece informed the government of its concerns when it suspected its equipment was being used. The government went public with the case almost a year after it was informed by Vodafone, prompting questions in the media about whether foreign intelligence services were involved. At the time, the Greek government said Ericsson-supplied software was used to tap phones from June 2004 until March 2005. Calls were relayed to unknown destinations via four mobile phone antennas in central Athens. The bugging stopped when Vodafone Greece discovered the software and removed it from the system. http://www.reuters.com/article/technology-media-telco-SP/idUSL0682035520070906?pageNumber=1&sp=true [Editor: Excellent technical discussion of the yet-unsolved wiretapping techniques employed: http://www.spectrum.ieee.org/jul07/5280]

SHUTTING DOWN BIG DOWNLOADERS (Washington Post, 7 Sept 2007) - The rapid growth of online videos, music and games has created a new Internet sin: using it too much. Comcast has punished some transgressors by cutting off their Internet service, arguing that excessive downloaders hog Internet capacity and slow down the network for other customers. The company declines to reveal its download limits. “You have no way of knowing how much is too much,” said Sandra Spalletta of Rockville, whose Internet service was suspended in March after Comcast sent her a letter warning that she and her teenage son were using too much bandwidth. They cut back on downloads but were still disconnected. She said the company would not tell her how to monitor their bandwidth use in order to comply with the limits. http://www.washingtonpost.com/wp-dyn/content/article/2007/09/06/AR2007090602545.html

- and -

YOUR LOSS OF PRIVACY IS A PACKAGE DEAL (L.A. Times, 12 Sept 2007) - The all-you-can-eat packages of voice, video and Internet services offered by phone and cable companies may be convenient, but they represent a potentially significant threat to people’s privacy. Take, for example, Time Warner Cable, which has about 2 million customers in Southern California. The company offers a voice-video-Net package called “All the Best” for $89.85 for the first 12 months. But for anyone who has the wherewithal to read Time Warner’s 3,000-word California privacy policy, you discover that not only does the company have the ability to know what you watch on TV and whom you call, but also that it can track your online activities, including sites you visit and stuff you buy. Remember all the fuss when it was revealed last year that Google Inc. kept voluminous records of people’s Web searches, and that federal authorities were demanding a peek under the hood? Multiply that privacy threat by three. Internet, TV, phone - it’s hard to imagine a more revealing glimpse of your private life. “All your eggs are in one communications basket,” said Beth Givens, director of the Privacy Rights Clearinghouse in San Diego. “If a company wants to, it can learn a great deal about you - and it probably wants to.” More often than not, it’ll also want to turn a fast buck by selling at least a portion of that info to marketers. All leading telecom companies are aggressively pushing these bundled service plans after investing billions of dollars in high-speed digital networks. For consumers, the upside is often a hefty savings compared with acquiring the same services from multiple providers. The downside is that you’re making intimate details of virtually all your network activities available to a single company - and possibly government officials. Earlier this month, a federal judge shot down a section of the USA Patriot Act that allowed warrantless access to telecom companies’ databases. He didn’t seem impressed that few phone companies and Internet providers had fought government efforts to get consumers’ data. http://www.latimes.com/business/la-fi-lazarus12sep12,0,7306749.column?coll=la-home-center

F.B.I. DATA MINING REACHED BEYOND INITIAL TARGETS (New York Times, 9 Sept 2007) - The F.B.I. cast a much wider net in its terrorism investigations than it has previously acknowledged by relying on telecommunications companies to analyze phone-call patterns of the associates of Americans who had come under suspicion, according to newly obtained bureau records. The documents indicate that the Federal Bureau of Investigation used secret demands for records to obtain data not only on individuals it saw as targets but also details on their “community of interest” — the network of people that the target was in contact with. The bureau stopped the practice early this year in part because of broader questions raised about its aggressive use of the records demands, which are known as national security letters, officials said. The community of interest data sought by the F.B.I. is central to a data-mining technique intelligence officials call link analysis. Since the attacks of Sept. 11, 2001, American counterterrorism officials have turned more frequently to the technique, using communications patterns and other data to identify suspects who may not have any other known links to extremists. The concept has strong government proponents who see it as a vital tool in predicting and preventing attacks, and it is also thought to have helped the National Security Agency identify targets for its domestic eavesdropping program. But privacy advocates, civil rights leaders and even some counterterrorism officials warn that link analysis can be misused to establish tenuous links to people who have no real connection to terrorism but may be drawn into an investigation nonetheless. Typically, community of interest data might include an analysis of which people the targets called most frequently, how long they generally talked and at what times of day, sudden fluctuations in activity, geographic regions that were called, and other data, law enforcement and industry officials said. The bureau had declined to discuss any aspect of the community of interest requests because it said the issue was part of an investigation by the Justice Department inspector general’s office into national security letters. An initial review in March by the inspector general found widespread violations in the F.B.I.’s use of the letters, but did not mention the use of community of interest data. The scope of the demands for information could be seen in an August 2005 letter seeking the call records for particular phone numbers under suspicion. The letter closed by saying: “Additionally, please provide a community of interest for the telephone numbers in the attached list.” The requests for such data showed up a dozen times, using nearly identical language, in records from one six-month period in 2005 obtained by a nonprofit advocacy group, the Electronic Frontier Foundation, through a Freedom of Information Act lawsuit that it brought against the government. The F.B.I. recently turned over 2,500 pages of documents to the group. The boilerplate language suggests the requests may have been used in many of more than 700 emergency or “exigent” national security letters. Earlier this year, the bureau banned the use of the exigent letters because they had never been authorized by law. A federal judge in Manhattan last week struck down parts of the USA Patriot Act that had authorized the F.B.I.’s use of the national security letters, saying that some provisions violated the First Amendment and the constitutional separation of powers guarantee. In many cases, the target of a national security letter whose records are being sought is not necessarily the actual subject of a terrorism investigation and may not be suspected at all. Under the Patriot Act, the F.B.I. must assert only that the records gathered through the letter are considered relevant to a terrorism investigation. Matt Blaze, a professor of computer and information science at the University of Pennsylvania and a former researcher for AT&T, said the telecommunications companies could have easily provided the F.B.I. with the type of network analysis data it was seeking because they themselves had developed it over many years, often using sophisticated software like a program called Analyst’s Notebook. “This sort of analysis of calling patterns and who the communities of interests are is the sort of things telephone companies are doing anyway because it’s central to their businesses for marketing or optimizing the network or detecting fraud,” said Professor Blaze, who has worked with the F.B.I. on technology issues. Such “analysis is extremely powerful and very revealing because you get these linkages between people that wouldn’t be otherwise clear, sometimes even more important than the content itself” of phone calls and e-mail messages, he said. “But it’s also very invasive. There’s always going to be a certain amount of noise,” with data collected on people who have no real links to suspicious activity, he said. Officials at other American intelligence agencies, like the National Security Agency and the Central Intelligence Agency, have explored using link analysis to trace patterns of communications sometimes two, three or four people removed from the original targets, current and former intelligence officials said. But critics assert that the further the links are taken, the less valuable the information proves to be. “Getting a computer to spit out a hundred names doesn’t have any meaning if you don’t know what you’re looking for,” said Michael German, a former F.B.I. agent who is now a lawyer for the American Civil Liberties Union. “If they’re telling the telephone company, ‘You do the investigation and tell us what you find,’ the relevance to the investigation is being determined by someone outside the F.B.I.” http://www.nytimes.com/2007/09/09/washington/09fbi.html?ex=1346990400&en=1b5857def0f51a89&ei=5090&partner=rssuserland&emc=rss

A MEDICAL PUBLISHER’S UNUSUAL PRESCRIPTION: ONLINE ADS (New York Times, 10 Sept 2007) - By some measures, the medical publishing world has met the advent of the Internet with a shrug, sticking to its time-honored revenue model of charging high subscription fees for specialized journals that often attract few, if any, advertisements. But now Reed Elsevier, which publishes more than 400 medical and scientific journals, is trying an experiment that stands this model on its head. Over the weekend it introduced a Web portal, www.OncologySTAT.com, that gives doctors free access to the latest articles from 100 of its own pricey medical journals and that plans to sell advertisements against the content. The new site asks oncologists to register their personal information. In exchange, it gives them immediate access to the latest cancer-related articles from Elsevier journals like The Lancet and Surgical Oncology. Prices for journals can run from hundreds to thousands of dollars a year. Elsevier hopes to sign up 150,000 professional users within the next 12 months and to attract advertising and sponsorships, especially from pharmaceutical companies with cancer drugs to sell. The publisher also hopes to cash in on the site’s list of registered professionals, which it can sell to advertisers. Mainstream publishers have wrestled for years with the question of how to charge for online content in a way that neither alienates potential readers nor cannibalizes their print properties. So far, few definitive answers have emerged. Reed Elsevier, which is based in London, is taking a risk that its readers will drop their paid subscriptions and switch allegiance to the new Web site, which will offer searches and full texts of the same content from the moment of publication. http://www.nytimes.com/2007/09/10/business/media/10journal.html?ex=1347076800&en=cf44a9765c793ac9&ei=5090&partner=rssuserland&emc=rss

CALIFORNIA ATTORNEY HAS DUTY TO SURRENDER CLIENT PROPERTY STORED IN ELECTRONIC FORM (Pike & Fisher, 10 September 2007) - The California State Bar’s ethics committee has concluded that an attorney must release to a former client electronic copies of e-mail, pleadings, discovery papers, and transactional documents, so long as these materials already exist in electronic form. — California State Bar Ethics Opinion No. 2007-174, 2007 ILRWeb (P&F) 2491 - DIGEST: An attorney is ethically obligated, upon termination of employment, promptly to release to a client, at the client’s request: (1) an electronic version of e-mail correspondence, because such items come within a category subject to release; (2) an electronic version of the pleadings, because such items too come within a category subject to release; (3) an electronic version of discovery requests and responses, because such items are subject to release as reasonably necessary to the client’s representation; (4) an electronic deposition and exhibit database, because such an item itself contains items that come within categories subject to release; and (5) an electronic version of transactional documents, because such items are subject to release as reasonably necessary to the client’s representation. The attorney’s ethical obligation to release any electronic items, however, does not require the attorney to create such items if they do not exist or to change the application (e.g., from Word (.doc) to WordPerfect (.wpd)) if they do exist. Prior to release, the attorney is ethically obligated to take reasonable steps to strip from each of these electronic items any metadata reflecting confidential information belonging to any other client.- Opinion at http://www.ilrweb.com/pfdocuments/ilrpdfs/calbarop2007-174.pdf

MOBILE PHONES HELP SECURE ONLINE BANKING (PC World, 11 Sept 2007) - Bank of America Corp. customers can now use their mobile phones to make online banking more secure. This option comes as part of a new service called SafePass, which was unveiled Monday by BofA. Customers will be able to sign up for SafePass to add an extra level of security for some banking transactions. The SafePass system, which uses authentication technology developed by VeriSign Inc., sends a six-digit code to the customer’s mobile phone. The code can be used only once, and it expires 10 minutes after being issued, making it harder for criminals to steal money from BofA accounts. BofA customers can require this SafePass code for certain types of online banking activity such as transferring large amounts of money or logging on from a new computer. SafePass works in conjunction with the SiteKey anti-phishing technology that BofA rolled out two years ago, said Mike Pennella, an e-commerce enterprise services executive with BofA. “This is really just another layer in our security strategy,” he said. Unlike SiteKey, however, SafePass is not a mandatory feature, Pennella added. SafePass will be available to BofA customers in most U.S. states this week, with California users coming online later this month and some northwestern U.S. customers getting service even later than that, Pennella said. Next year, the company will also begin offering a credit-card-sized card, built by Innovative Card Technologies Inc., that can be used to generate similar access codes without requiring a mobile phone. http://www.pcworld.com/printable/article/id,137057/printable.html#

GOOGLE DENIES OWNERSHIP OF USERS’ WORDS (CNET, 12 Sept 2007) - Google has denied suggestions that the terms and conditions for its Google Docs & Spreadsheets service mean that it owns any user’s content published in the application. Google Docs is part of the Google Apps platform, which offers a Web-based calendar, e-mail and document management system, and allows users to publish and share documents. The controversy centers on Google’s use of the word “public” in its terms and conditions for Google Docs. One clause states, “By submitting, posting or displaying Content on or through Google services which are intended to be available to the members of the public, you grant Google a worldwide, nonexclusive, royalty-free license to reproduce, adapt, modify, publish and distribute such content on Google services for the purpose of displaying, distributing and promoting Google services.” In response to the concerns raised, Google Australia issued a statement, which reads, “We don’t claim ownership or control over content in Google Docs & Spreadsheets, whether you’re using it as an individual or through Google Apps. http://www.news.com/2100-1030_3-6207535.html

CANADA SAYS NEW GOOGLE MAP COULD BREAK PRIVACY LAW (Reuters, 12 Sept 2007) - The Street View feature of Google Maps, with its close-up views of city streets and recognizable shots of people, could violate a Canadian law protecting individual privacy, officials said on Wednesday. Google Inc introduced street-level map views in May, giving web users a series of panoramic, 360-degree images of nine U.S. cities. Some of the random pictures feature people in informal poses who can clearly be identified. Canada’s Privacy Commissioner Jennifer Stoddart wrote to Google in early August asking for more details. She said if the Street View product were expanded to Canada without being amended, it could well violate privacy laws. The images were produced in partnership with Canadian firm Immersive Media Corp, which says it has taken similar street level pictures of major Canadian cities. Canadian law obliges businesses wishing to disclose personal information about individuals to first obtain their consent. Stoddart said pictures of people on Street View were clear enough to be considered personal information. http://news.yahoo.com/s/nm/20070912/wr_nm/google_dc_1;_ylt=Ao9STNwnCwpi3VbMSBYwXEgE1vAI

- and -

GOOGLE: WE HEAR (AND SEE A FUZZY RENDITION OF YOU), CANADA (Globe & Mail, 24 Sept 2007) - The man in charge of Google’s privacy policy says the Internet giant is working on a version of its controversial Street View service that won’t breach Canadian privacy rules, after federal privacy commissioner Jennifer Stoddart raised concerns about the service earlier this month. Peter Fleischer, Google’s global privacy counsel, said in an interview from Montreal on Monday the company understands Canada has “struck a different balance” than the U.S. has in terms of what is public and what is private, and that Google is sensitive to those differences. http://www.theglobeandmail.com/servlet/story/RTGAM.20070924.wgtgoogprivacy0924/BNStory/Technology/?page=rss&id=RTGAM.20070924.wgtgoogprivacy0924

ARTICLE 29 WORKING PARTY ADOPTS OPINION ON DEFINITION OF PERSONAL DATA (Hunton & Williams’ European Privacy & E-Commerce Alert, 13 Sept 2007) - On June 20, 2007, the Article 29 Working Party adopted Opinion 4/2007 providing guidance on a common understanding of the concept of personal data as defined in Directive 95/46/EC. The opinion analyzes each of the four elements of the definition of personal data, i.e., “any information”, “relating to”, “an identified or identifiable” and “natural person” with supporting examples taken from the practice of national DPAs. Finally, the opinion discusses situations in which national dat protection laws may apply to data that fall outside the scope of the definition set out in Directive 95/46/EC. This guidance will be used by the Article 29 Working Party in further work on identity management and on RFID. http://www.hunton.com/emailblast/pdfs/EMKT-1411EUPrivacyandE-CommerceAlertSept2007.pdf The full text of the opinion is available at: http://ec.europa.eu/justice_home/fsj/pri- vacy/docs/wpdocs/2007/wp136_en.pdf

TAPES CONTAINING PATIENT RECORDS STOLEN FROM U-M (Ann Arbor News, 13 Sept 2007) - More than 8,000 former and current patients of two clinics affiliated with the University of Michigan are being notified that computer tapes containing their personal information were stolen last weekend. The tapes contained patient records as a backup to a billing system. They were kept in a lock box in an administrative office at the U-M School of Nursing. The U-M is sending letters today Friday to 4,513 people whose patient records included their names, addresses and medical information used in billing. Another 4,072 people will receive a different version of the letter because their records also included their Social Security numbers, and U-M recommends they contact one of the three credit reporting agencies to place a fraud alert on their credit report. It is at least the third time over the past 12 months that U-M has notified patients, employees or former students that their personal information may have fallen into the wrong hands and could be used in identity theft scams. http://blog.mlive.com/annarbornews/2007/09/tapes_containing_patient_recor.html

JUSTICE SAYS NO TO PRIVATE PCS FOR TELEWORK (FCW.com 13 Sept 2007) - Because of security concerns, the Justice Department now forbids all employees from using their private PCs or digital assistants to access agency e-mail or other files, the department’s top information security officer has said. Previously, some Justice Department employees had been allowed to use their private personal computers for e-mailing, said Dennis Heretick, the Justice Department’s chief information security officer. Instead, the agency wants employees who telework or work at remote locations to use government-issued laptops, docking stations or Blackberries. Unlike employees’ personal devices, Justice can ensure that government-issued systems are fully encrypted and monitored. “My very strong recommendation is not to allow people to use home computers to telecommute unless you don’t care about the security of the information they’re working with,” said Heretick, speaking at the 2007 Telework Exchange Town Hall Meeting on Sept. 12. http://www.fcw.com/article103746-09-13-07-Web&printLayout

SEARCHING BY LAND, AIR AND THE WEB (New York Times, 16 Sept 2007) - At 6 a.m. last Friday, Andy Chantrill, a 25-year-old software designer, had just completed his 14th straight hour searching for Steve Fossett, the millionaire aviator and adventurer who vanished in northern Nevada on Sept. 3. But Mr. Chantrill had not been hiking the rugged countryside or flying over it in one of the many aircraft that have been looking for signs of the small plane that Mr. Fossett piloted without filing a flight plan. No, Mr. Chantrill was in his flat in Castle Donington, England, hunched over his laptop and scouring digital satellite images of parts of the 17,000-square-mile search area where officials believe Mr. Fossett’s plane probably crashed. Welcome to the new world of search and rescue. Two Internet giants, Amazon.com and Google, have joined forces to coordinate a “distributed search” on the Web where the latest satellite pictures are being examined by a volunteer army of more than 20,000 people around the world. The search is made possible by Amazon’s Mechanical Turk, an interactive Internet application that enables potentially large numbers of people to perform tasks online that are coordinated by computers. In the search for Mr. Fossett, Google has been providing satellite images of the search area which have been reduced to manageable size — quadrants representing 278 square feet, at a resolution that makes them appear as if the terrain is being viewed from a height of 1,500 feet. The images are then distributed to volunteers who have registered online to help with the search. Each image is reviewed by 10 volunteers, who have an hour to examine it on their computers. If they see nothing, they check a box and move on to the next image. If one of them spots something that merits closer scrutiny, the information is passed on to search coordinators in Nevada. Amazon first used its Mechanical Turk to assist a search operation earlier this year for James Gray, a renowned Microsoft computer scientist, who failed to return from what was to have been a daylong solo sailing trip to scatter his mother’s ashes in the Pacific Ocean west of San Francisco. He was never found, but the potential for the technology as a search tool for missing vehicles, aircraft and boats took hold among the scientists who helped. http://www.nytimes.com/2007/09/16/weekinreview/16basics.html?ex=1347595200&en=750904d25983ca92&ei=5090&partner=rssuserland&emc=rss

NEW YORK TIMES TO END PAID INTERNET SERVICE (Reuters, 18 Sept 2007) - The New York Times Co said on Monday it will end its paid TimesSelect Web service and make most of its Web site available for free in the hopes of attracting more readers and higher advertising revenue. TimesSelect will shut down on Wednesday, two years after the Times launched it, which charges subscribers $7.95 a month or $49.95 a year to read articles by columnists such as Maureen Dowd and Thomas Friedman. The trademark orange “T’s” marking premium articles will begin disappearing Tuesday night, said the Web site’s Vice President and General Manager Vivian Schiller. The move is an acknowledgment by The Times that making Web site visitors pay for content would not bring in as much money as making it available for free and supporting it with advertising. “We now believe by opening up all our content and unleashing what will be millions and millions of new documents, combined with phenomenal growth, that that will create a revenue stream that will more than exceed the subscription revenue,” Schiller said. Figuring out how to increase online revenue is crucial to the Times and other U.S. newspaper publishers, which are struggling with a drop in advertising sales and paying subscribers as more readers move online. “Of course, everything on the Web is free, so it’s understandable why they would want to do that,” said Alan Mutter a former editor at the San Francisco Chronicle and proprietor of a blog about the Internet and the news business called Reflections of a Newsosaur. “The more page views you have, the more you can sell,” he said. “In the immediate moment it’s a perfectly good idea.” Starting on Wednesday, access to the archives will be available for free back to 1987, and as well as stories before 1923, which are in the public domain, Schiller said. Users can buy articles between 1923 and 1986 on their own or in 10-article packages, the company said. Some stories, such as film reviews, will be free, she said. American Express will be the first sponsor of the opened areas on the site, and will have a “significant advertising presence” on the homepage and in the opinion and archives sections, the company said. http://news.yahoo.com/s/nm/20070918/wr_nm/newyorktimes_dc_4;_ylt=AqJqwBn0JJr3qQO7Rz99UTAE1vAI

PIRACY BRINGS $3.5 MILLION BSA FINE (PC World, 18 Sept 2007) - The Business Software Alliance has collected a record settlement of nearly US$3.5 million from an international media firm that was using unlicensed software, the trade group announced Tuesday. The settlement between BSA and the company, which BSA declined to name for legal reasons, followed a criminal complaint the trade group made on behalf of members Microsoft Corp., Adobe Systems Inc., Avid Technology Inc. and Autodesk Inc. The BSA complaint led to police raids on the company’s premises last year, the trade group said. BSA did its own investigation of the company’s software licenses and alleged copyright infringement. The settlement with the company requires it to delete all unlicensed software products and purchase the licenses for the software it plans to use. The large penalties were the result of an extended period of unlicensed software use, BSA said. “This situation came about because we relied on a single individual to keep us compliant and manage our software assets across multiple-locations during a period of significant expansion,” an unnamed source at the company said in a BSA news release. “The management were shocked at the scale of the situation and recognize that by having software management processes and tools in place this could have been avoided.” http://www.pcworld.com/article/id,137307-c,copyright/article.html

AMD WANTS INTEL TO RECOVER MISSING E-MAILS (SiliconValley.com, 18 Sept 2007) - Intel may have lost the equivalent of “220 years” worth of e-mail messages and documents sought by Advanced Micro Devices in its antitrust suit against its larger rival, an attorney for AMD told the Mercury News. Intel told federal district court in March it had failed to preserve some documents - mainly e-mail - related to the suit, pointing the blame at human error and an auto-delete system. Intel is seeking to recover the documents with a remedial effort costing it more than $20 million. The lost volume is the equivalent to the e-mail 220 people would generate in a year, said Mark Samuels, an attorney at O’Melveny & Myers for AMD. “There is no doubt we are going to have an incomplete record,” said Samuels. “It’s really quite serious from our perspective.” But Intel spokesman Chuck Mulloy questioned the AMD figure. Intel has already turned over 40 million pages of documents and many millions more are coming, he said. How many documents have been lost? “We don’t know what that number is,” Mulloy said. “It could be very, very small.” He said Intel doesn’t believe the missing documents will affect AMD’s ability to pursue its case. AMD certainly isn’t dissuaded. AMD urged the court in a filing last week to order Intel to move ahead with the remedial plan. http://www.siliconvalley.com/news/ci_6925399?nclick_check=1

SECURITY BREACH SEVERITY WORSENS, STUDY FINDS (Network World, 19 Sept 2007) - The number of reported security breaches is down, yet the average severity of breaches has doubled, according to a new study. The Computing Technology Industry Association (CompTIA) study, based on data collected from more than 1,000 IT professionals, revealed that 34% of organizations reported a major security breach in 2006, down from 38% in 2005 and 58% in 2004. But respondents rated the average severity of breaches as 4.8 (with 10 being most severe), up from between 2.3 and 2.6 in previous years. That might not be surprising given the number of headline-grabbing breaches, such as the TJX breach in which tens of millions of credit and debit card numbers were stolen. “Compared to last year, more than half of all organizations report that security threats associated with the use of handheld devices, spyware, voice over IP, wireless networking and remote/mobile access have increased significantly over the previous 12 months,” the report reads. CompTIA says security policies and training can help prevent organizations from falling victim to attacks. Of those polled, 62% said their organization has written IT security policies in place, compared with 47% two years ago. Of those who have written security policy, 81% said the policy is specific to information on how to secure remote and mobile employees. The average cost of a security breach in 2006 was $369,388; CompTIA estimates the average costs savings of providing IT security training to staff could be $352,000. CompTIA also estimates IT organizations can save $656,000 by having IT employees with security certifications. http://www.networkworld.com/news/2007/091807-security-breach-severity.html

A WEEKLONG WEB AFTERLIFE FOR NBC SHOWS (Hollywood Reporter, 19 Sept 2007) - NBC will make episodes of its programs available for download on its Web site for one week after their original broadcast, the network said Wednesday. The move follows NBC’s recent decision not to renew its contract with Apple Inc., when it expires in December, because of a dispute over pricing and bundling on the electronics firm’s iTunes platform. The new initiative, dubbed NBC Direct, will start in beta in October and will make episodes available for download from NBC.com (http://NBC.com) on Windows-based PCs. Once downloaded, the content will be encrypted so that it can’t be viewed more than a week after the first network airing. A mix of veteran and new shows will be available at launch: “Heroes,” “The Office,” “30 Rock,” “Friday Night Lights,” “Late Night With Conan O’Brien,” “The Tonight Show With Jay Leno,” “Life” and “Bionic Woman.” NBC said it would expand the initiative in the next several months to include DRM-protected episodes compatible with Macs and portable devices and a peer-to-peer distribution network. The network said that, it would provide further business models in 2008, including download-to-own, rental and subscription. http://news.yahoo.com/s/nm/20070920/wr_nm/nbc_dc_1;_ylt=ArgPWB_49730CIPBzQKiXo0E1vAI

CT RULES CONTRACT TERMS ON WEBSITE BINDING EVEN IF NOT READ (BNA’s Internet Law News, 20 Sept 2007) - BNA’s Electronic Commerce & Law Review reports that a federal court in Alabama has ruled contract terms posted on a website were an enforceable part of a printed contract that clearly made reference to them. The court said that the Web-posted terms were part of the contract even though the other party refused to visit the Web site and review the terms. Case name is Conference America Inc. v. Conexant Sys. Inc.

NOT-SO-WILY EDITS OF LAW FIRM WIKI INFO (ABA Journal, 21 Sept 2007) - New software has exposed the apparent edits being made to Wikipedia law firm listings by not-so-wily insiders. Contributions to the online encyclopedia, which is made up of information provided (and edited) by those who visit the Wikipedia site, used to be anonymous. But now new software allows the Web addresses of contributors to be identified, reports New York Lawyer (reg. req.), in a reprint of a Legal Times article. Perhaps not surprisingly, many of those providing information seem to be doing so about their own law firms, the article says. “Some are humorous, like the Ropes & Gray editor who described the firm’s summer associate program as a litany of ‘baseball games, theater, and epic parties in Boston to begin and end a summer of ecstacy [sic].’”But on Covington & Burling’s Wikipedia page, several entries have been edited or deleted altogether, most notably info about the firm’s lobbying on behalf of Halliburton.” http://www.abajournal.com/weekly/not_so_wily_edits_of_law_firm_wiki_info

DIGITAL MEDIA COMPANY SUED OVER OPEN-SOURCE VIOLATION (TechWorld, 21 Sept 2007) - A digital video is being sued for failing to adhere to the terms of an open-source licence. Monsoon Multimedia The Software Freedom Law Center has filed against Monsoon Multimedia, in what is believed to be the first case of its type in the US. The SFLC filed the suit on Wednesday on behalf of the developers of BusyBox, Erik Andersen and Rob Landley. The suit charges Monsoon with using BusyBox under the GNU General Public License version 2 but failing to publish its source code. Under the terms of the licence, distributors of software that uses the licensed software must make their source code available. Failing to do so is considered copyright infringement. BusyBox, members of the public and the SFLC legal team notified Monsoon of its responsibilities, but Monsoon has not yet published the code, said Dan Ravicher, legal director at SFLC. While it’s relatively common for licensees to neglect to share their code, parties typically work through the issue without having to go to court, he said. This case is a last resort after Monsoon failed to rectify the situation, he said. The suit is necessary because from a legal perspective, copyright owners can start to lose rights if they don’t act to protect them, he said. http://www.techworld.com/applications/news/index.cfm?newsID=10144&pagtype=all

COMPANY WILL MONITOR PHONE CALLS TO TAILOR ADS (New York Times, 24 Sept 2007) - Companies like Google scan their e-mail users’ in-boxes to deliver ads related to those messages. Will people be as willing to let a company listen in on their phone conversations to do the same? Pudding Media, a start-up based in San Jose, Calif., is introducing an Internet phone service today that will be supported by advertising related to what people are talking about in their calls. The Web-based phone service is similar to Skype’s online service — consumers plug a headset and a microphone into their computers, dial any phone number and chat away. But unlike Internet phone services that charge by the length of the calls, Pudding Media offers calling without any toll charges. The trade-off is that Pudding Media is eavesdropping on phone calls in order to display ads on the screen that are related to the conversation. Voice recognition software monitors the calls, selects ads based on what it hears and pushes the ads to the subscriber’s computer screen while he or she is still talking. A conversation about movies, for example, will elicit movie reviews and ads for new films that the caller will see during the conversation. Pudding Media is working on a way to e-mail the ads and other content to the person on the other end of the call, or to show it on that person’s cellphone screen. “We saw that when people are speaking on the phone, typically they were doing something else,” said Ariel Maislos, chief executive of Pudding Media. “They had a lot of other action, either doodling or surfing or something else like that. So we said, ‘Let’s use that’ and actually present them with things that are relevant to the conversation while it’s happening.” http://www.nytimes.com/2007/09/24/business/media/24adcol.html?ex=1348286400&en=2b872e9e7df0ee8f&ei=5090&partner=rssuserland&emc=rss

SEARCH PRIVACY AND PERSONALIZED SEARCH (Google’s Jane Horvath, 24 Sept 2007) - Online privacy isn’t always an easy thing to understand—or to explain. When I recently joined the company, I was happy to learn that Google was continuing with the effort to make our privacy practices (and your choices) even clearer and more accessible. We are using YouTube to post videos that explain how, when, and why we collect information about searches, and how you can protect your privacy while using our search engine. If you watched the first privacy video, you learned about some of the information we collect (IP addresses, cookies, and search queries) and how we use this information to improve your search experience as well as prevent against fraud and other abuses. We appreciated all of the feedback we got in response to the first video. In response to your requests for more detailed information, in our second video we’re offering a closer look at personalization and the privacy tools available when you choose to personalize your search. Personalization has been an area that raises concerns about privacy, and we want you to understand how we personalize search results while protecting your privacy. [Editor: More, including links to YouTube videos.] http://googleblog.blogspot.com/2007/09/search-privacy-and-personalized-search.html

LAWYERS INCREASINGLY USE PDFS AND PDAS, ACCORDING TO 2007 LEGAL TECHNOLOGY SURVEY (ABA, 25 Sept 2007) - When the ABA Legal Technology Resources Center conducted its annual survey, it uncovered some interesting facts. According to the annual Legal Technology Survey report, 91 percent of survey respondents said that PDF creation software is available at their firms, up from 82 percent, in 2006. And, the use of the real-time email function in PDAs has increased significantly, up 14 percent from last year. The study itself is a comprehensive look at how legal practitioners use technology. For this year’s report, more than 1,800 ABA lawyer members in private practice answered some 150 questions about law office technology, litigation and courtroom technology, web and communication technology, and online research and mobile technology. The survey focused on technology use, not product use. The study also found that:
* Slightly more than one quarter (28 percent) of respondent firms have e-discovery initiatives; however, 71 percent of large firms (more than 100 attorneys) have electronic discovery initiatives.
* The number of lawyers making electronic discovery requests on behalf of their clients has substantially increased in the past year. Only 26 percent of lawyers responding to the survey say they never made electronic discovery, compared to 69 percent in the 2006 survey. [Editor: There’s more] http://www.abanet.org/media/youraba/200709/resultsAreIn_08.html

STATE DEPARTMENT LAUNCHES FIRST BLOG (US Department of State, 25 Sept 2007) - Welcome to the State Department’s first-ever blog, Dipnote. As a communicator for the Department, I have the opportunity to do my fair share of talking on a daily basis. With the launch of Dipnote, we are hoping to start a dialogue with the public. More than ever, world events affect our daily lives-what we see and hear, what we do, and how we work. I hope Dipnote will provide you with a window into the work of the people responsible for our foreign policy, and will give you a chance to be active participants in a community focused on some of the great issues of our world today… http://blogs.state.gov/index.php/entires/welcome/

RULING EASES GOVERNMENT’S EFFORTS FOR CELL PHONE TRACKING (ComputerWorld, 26 Sept 2007) - A federal court in Massachusetts has ruled that the government doesn’t need probable cause to obtain a warrant allowing it to use a person’s cell phone to track his past movements. According to the ruling by the U.S. District Court in Massachusetts, law enforcement officials only need to show the information is “relevant to an ongoing investigation.” The decision stems from an appeal by the government of a magistrate judge’s ruling that required members of law enforcement to show probable cause before they could be issued a warrant to gain access to an individual’s past movements from cell phone providers. Cell phone companies can track a customer’s movements by identifying the cell tower or towers through which his calls were handled. The case is sealed because it is part on an ongoing criminal investigation. The government wanted to obtain a court order requiring certain carriers to turn over information about a customer’s cellular telephone records. While the magistrate judge allowed the government access to the customer’s subscriber information, the judge rejected the government’s bid to gain access to the customer’s historical cell site information (or where the customer was). According to court documents, the issue before the district court judge was whether obtaining a warrant for historical cell information should be treated like obtaining a warrant for real-time cell information (where the customer is), which most courts have ruled requires probable cause, in part because under the Fourth Amendment to the Constitution, citizens have a reasonable expectation of privacy. The district court judge decided that under the federal Stored Communications Act, the government could obtain a warrant for historical cell data by showing that data was relevant to an ongoing investigation. In addition, the district court ruled that an individual’s past movements were not protected under the Fourth Amendment because the government wasn’t looking to track the individual’s real-time or future movements. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9039000&source=rss_topic146

CANADIAN TAXMAN GOES BROWSING ON EBAY (Globe & Mail, 27 Sept 2007) - Canadians who sell a lot of stuff on eBay best beware – the taxman is watching. The Canada Revenue Agency has won a Federal Court order requiring eBay Canada Ltd. to turn over the names, addresses, phone numbers and e-mail addresses of all high-volume sellers on the popular website. The CRA wants to find out whether those individuals or companies are reporting the income they made from online sales in 2004 and 2005. “The CRA is seeking to verify compliance with the obligations and duties under the Income Tax Act of certain Canadian taxpayers selling goods in an online marketplace,” said an affidavit filed in court by Aziz Fazal, a Toronto tax officer who heads an audit group within the CRA that is leading the probe. “In particular, the CRA seeks to verify the reporting of income by certain Canadian taxpayers selling goods via the eBay marketplace.” http://www.theglobeandmail.com/servlet/story/RTGAM.20070926.wrebay27/BNStory/Technology/?page=rss&id=RTGAM.20070926.wrebay27

RAM DISPUTE, PART DEUX: COURT UPHOLDS ORDER TO PRESERVE AND PRODUCE SERVER LOGS (Steptoe & Johnson’s E-Commerce Law Week, 28 Sept 2007) - Hollywood studios love a good sequel, whether it’s a follow-up to a hit movie or a court ruling that aids Tinseltown in its fight against pirated films. The studios recently got a taste of the latter, when a federal court in California upheld a magistrate’s earlier ruling that, under Federal Rule of Civil Procedure 34 (which permits discovery of relevant “electronically stored information”), the operators of the TorrentSpy website could be compelled to preserve and produce data stored - even if only temporarily - in the RAM of a web server. While this decision - in Columbia Pictures, Inc., v. Bunnell - may cheer Big Content, like many Hollywood sequels, it is sure to leave some observers cold. If adopted by other courts, this ruling could greatly increase the volume of communication records, website logs, and search terms that parties must retain and produce during litigation. http://www.steptoe.com/publications-4873.html Magistrate’s ruling at http://www.steptoe.com/assets/attachments/3028.pdf

A PROSECUTION TESTS THE DEFINITION OF OBSCENITY (New York Times, 28 Sept 2007) - Sometime early next year, Karen Fletcher, a 56-year-old recluse living on disability payments, will go on trial in federal court here on obscenity charges for writings distributed on the Internet to about two dozen subscribers. In an era when pornography has exploded on the Web almost beyond measure, Ms. Fletcher is one of only a handful of people to have been singled out for prosecution on obscenity charges by the Bush administration. She faces six felony counts for operating a Web site called Red Rose, which featured detailed fictional accounts of the molesting, torture and sometimes gruesome murders of children under the age of 10, mostly girls. What has attracted the attention of First Amendment scholars and lawyers is that Red Rose — which Ms. Fletcher says is an effort to help her deal with her own pain from child sexual abuse — was composed entirely of text without any images. Although a narrowly divided Supreme Court said in 1973 that images were not necessary to label a work obscene, there has not been a successful obscenity prosecution in the country that did not involve drawings or photographs since then. Courts have overturned or blocked convictions connected to other nonillustrated books, including the well-known “Fanny Hill: Memoirs of a Woman of Pleasure,” on the basis that sexual images have a fundamentally different impact than words alone. Prof. Laurence H. Tribe of Harvard Law School, a leading constitutional scholar, said that although the court had not ruled out the possibility that text alone might be obscene, “the idea that the written word alone can be prosecuted pushes to the limit the underlying rationale of the obscenity law.” But Professor Tribe noted that even though the Fletcher case did not involve images, courts might view “patently offensive descriptions of sexual acts with children” as prosecutable under obscenity laws. While pornography by itself is not illegal, it can be prosecuted as obscenity if it fits the definition laid out by the Supreme Court more than 30 years ago. Under that ruling, Miller v. California, a work may be deemed obscene if, taken as a whole, it lacks artistic, literary or scientific merit, depicts certain conduct in a patently offensive manner, and violates contemporary community standards. http://www.nytimes.com/2007/09/28/us/28obscene.html?ex=1348632000&en=97b961d620056ea0&ei=5090&partner=rssuserland&emc=rss

SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu.
2. Edupage, http://www.educause.edu/pub/edupage/edupage.html.
3. SANS Newsbites, sans@sans.org.
4. NewsScan and Innovation, http://www.newsscan.com.
5. Internet Law & Policy Forum, http://www.ilpf.org.
6. BNA’s Internet Law News, http://ecommercecenter.bna.com.
7. Crypto-Gram, http://www.schneier.com/crypto-gram.html.
8. McGuire Wood’s Technology & Business Articles of Note, http://tinyurl.com/ywsusp
9. Steptoe & Johnson’s E-Commerce Law Week, www.steptoe.com
10. Readers’ submissions, and the editor’s discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/us/ or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.

No comments: