Issue 43 January 2001	BYTES IN BRIEF® by Editors: Sharon D. Nelson, Esq. and John W. Simek Associate Editor: Amelia C. Hierholzer Editor Emeritus: G.V. Nelson 9500+ subscribers worldwide © 2001 Sensei Enterprises, Inc./Nelson & Wolfe. All rights reserved. This newsletter may not be reproduced or redistributed in any manner except with consent of the copyright owner. Distributed by Silver Law Inc. under license.

CIA FIRES EMPLOYEE CHATTERS

The CIA revealed on November 30th that it fired four employees and disciplined 18 others for their participation in a secret chat room set up within the CIA's classified computer systems. Apparently, the origins of the chat room were from the mid 1980's when an unofficial users' group was created on the mainframe. As the agency changed computing environments from the mainframe-based system, the unauthorized databases were moved as well. The CIA indicated that, over time, some 160 employees were involved. Although there was no evidence of the disclosure of classified information via the chat room, the activities conducted there "were a clear and serious violation of the trust expected of all agency employees." Four employees had their security clearances revoked, making them ineligible to work at the agency. Eighteen others received letters of reprimand and most of those employees also received suspensions without pay. Further information may be found at http://news.cnet.com/news/0-1005-200-3944154.html?tag=st.ne.1002.thed.ni

COURT SAFEGUARDS ANONYMITY OF WEB POSTERS

Software company Dendrite International, based in N.J., filed a suit in May alleging that false and defamatory information about the company was posted on Yahoo by anonymous authors. The suit also charged the posters with divulging company trade secrets in violation of their employment contracts. On November 28th, Superior Court Judge Kenneth MacKenzie ruled against Dendrite's petition to publicly identify the posters, finding that strict evidentiary standards compelling identification of the posters had not been met. Further information may be found at http://www.newsbytes.com/news/00/158764.html

FTC HALTS WORK AT HOME PYRAMID SCHEME

A spam e-mail promising that "You Can Earn $50,000 in 90 Days" raked in more than $430,000 before the FTC caught up with the spammer. The old-fashioned pyramid scheme worked by charging a registration fee for the work at home materials and then sending registrants instructions to send out the same spam e-mail that they had responded to. In essence, any payment received would be based on the number of people recruited. The FTC reached a settlement with DP Marketing, based in Connecticut, on November 29th. The settlement required company officials David Martinelli Jr. and Deanna Plourde to pay the FTC $72,000, the total of the remaining company assets. DP Marketing closed after the FTC filed its complaint in July 1999. Further information may be found at http://www.ftc.gov/opa/2000/11/dpfinal.htm

FIRST VOLLEY: OPEN ACCESS BRIEFS FILED WITH FCC

December 1st was the deadline for concerned parties to file the first round of statements with the Federal Communications  Commission for its review of whether and how to regulate Internet service providers' access to U.S. cable networks. To no one's surprise, AT&T, the largest cable operator in the U.S., reiterated its stance that the market, not the government, should determine the fate of open access and the broadband market. Opposing AT&T's position was a wide array of local telephone companies, Internet service providers, and consumer groups, who argue that competition can only be preserved by mandating open access. Further information is available at http://news.cnet.com/news/0-1004-200-3957311.html

REPORT FINDS INCREASE IN INFRASTRUCTURE SECURITY

Early in December, the National Partnership for Critical Infrastructure Security delivered a report to the White House which  concluded that there has been significant progress in protecting the national private sector infrastructures from cyberattacks, but that more security is still needed. Telecommunications, transportation, and electric power representatives were among those who contributed to the report which will be used as the basis for the next version of the Clinton administration's plan detailing how government and private industry need to work together to safeguard the security of the nation's infrastructure. The banking and  energy industries remain at the forefront of progress in this area, while telecommunications, transportation and waterways have a lot of work remaining. To assist in cybersecurity efforts, there will soon be an Information Sharing and Analysis Center (ISAC) for the IT community, which will offer a secure database, analytical tools and other software that will permit officials to submit reports about information security threats, vulnerabilities, incidents and solutions. Information about U.S. efforts to protect its infrastructure is available from the National Infrastructure Protection Center, located at http://www.nipc.gov/

DOJ SUPPORTS EUROPEAN CYBERCRIME PROPOSAL

On December 1st, the Department of Justice announced that it was endorsing in principle a controversial European proposal to strengthen cybercrime laws. Though there has been a firestorm of protests in Europe from privacy, civil liberties and human rights advocates, the DOJ said that the central provisions of the Council of Europe's draft convention "are consistent with the existing framework of U.S. law and procedure." The pact is the first multilateral effort to deal with the cross border nature of computer related crime such as the propagation of malicious code to disrupt web sites, computer fraud, copyright infringement and distribution of child pornography. The treaty will be ready for signature sometime next year and the U.S. will decide at that point whether to become a party to the pact. One controversial element of the treaty requires stringent data retention by Internet service providers, which privacy advocates worry will be used to track dissidents and persecute minorities. Further information about the treaty is available at http://www.usdoj.gov/criminal/cybercrime/COEFAQs.htm

TOUGH PRIVACY LAW TAKES EFFECT IN CANADA

Canada's Personal Information Protection and Electronic Documents Act, effective on January 1, 2001, requires businesses to provide Canadian citizens guarantees regarding the collection and use of personal data. Under the new law, companies must obtain a customer's consent before sharing data with affiliates or commercial partners and must afford customers access to review that data. At the outset, the law will apply only to certain regulated businesses in Canada, including airlines, banks, telecommunication companies, and broadcasting firms. Almost all businesses will be included within the law's purview by 2004. The new law will compel U.S. companies which exchange information with the nation's largest trading partner to sign contracts committing them to abide by the new law. Since the law contains no grandfather clause exempting data collected prior to the law's enactment, it is likely that the contractual impact will be felt immediately. Further information may be found at  http://www.alstonbird.com/docs/Advisories/199709/Canada.htm

FBI HACKS COMPUTER OF ALLEGED MOBSTER

According to documents unsealed by a N.J. federal court, the Federal Bureau of Investigation obtained a court order in the summer of 1999 to break into the Essex County office of racketeering suspect Nicodemo Scarfo Jr. and install software on his PC which would relay all of his computing activities to FBI agents. The FBI told the court that this unusual action was necessary to overcome the PGP encryption used on the computer. Based upon the information collected, the FBI brought racketeering, gambling, loansharking and extortion charges against Scarfo. Scarfo appeared without counsel on December 5th and was ordered to appear with counsel by January 11th. The FBI's evidence is expected to be challenged in pre-trial proceedings. Further information may be found at http://inq.philly.com/content/inquirer/2000/12/04/front_page/JMOB04.htm

FEW NATIONS HAVE ADEQUATE CYBERCRIME LAWS

A study released on December 7th by the consulting firm McConnell International concluded that only a small percentage of countries have adequate computer crime laws. Of the 52 countries surveyed, only nine have laws covering even half of the most prevalent computer crimes. Denial of service attacks and computer trespass are examples of new age crimes which are often unprotected under antiquated laws. 33 of the countries said that they had not updated their laws to address any kind of computer crimes. According to the Computer Emergency Response Team Coordination Center (CERT/CC), computer crime in the first three quarters of this year increased 54% over 1999. A copy of the report may be found at http://www.mcconnellinternational.com/services/securitylawproject.cfm

FAX SPAMMER TARGETS THE WRONG FAX LINE

The publishers of "Bytes in Brief" were among those irked to receive a fax spam which invited us to dial a 900 number at the cost of $2.95 per minute to vote on an array of public opinion polls. Rep. Goodlatte and a number of other politicians were similarly irked and numerous complaints went to both the Federal Bureau of Investigation and the Federal Communications Commission. The spammer was 21st Century Fax, which has now been fined more than $1 million by the FCC for violating the Telephone Consumer Protection Act and the FCC's rules against faxing unsolicited ads. The company was fined $4,500 for each reported initial offense and $10,000 for each subsequent offense after consumers had requested to be removed from the faxing list. Further information may be found at http://www.newsbytes.com/news/00/159113.html

AMAZON'S PRIVACY POLICY UNDER TRANSATLANTIC FIRE

On December 4th, the Electronic Privacy Information Center (EPIC) and Junkbusters Corp. asked the Federal Trade Commission to determine whether Amazon.com Inc. deceived U.S. consumers when it changed its privacy policy in September to allow the disclosure of personal data. Concurrently, the London-based human rights group Privacy International asked the U.K. Data Protection Commission to prohibit Amazon's U.K. affiliate from processing customer data until it complies with the European data protection law. Privacy International Director Simon Davies said Amazon is violating the European data law, including the obligation to show its U.K. customers all information held about them and to delete it upon their request. EPIC and Junkbusters alleged that Amazon's policy changes are inconsistent with its previous statements that it would never disclose customer information to third parties, and are therefore deceptive and illegal under the U.S. FTC Act. The revised policy doesn't include an option offered in the past that permitted users to request that their personal information not be sold. The groups asked the FTC to prohibit Amazon from disclosing information about customers without their prior consent, and to require Amazon to offer customers the option to delete parts of or all the information about their identity and purchases. They also asked that Amazon be compelled to tell each customer, if requested, exactly what information has been disclosed to other companies and to provide customers with complete access to their profiles. Further information may be found at http://www.thestandard.com/article/display/0,1151,20586,00.html

ANONYMOUS MESSAGE RESULTS IN $675,000 LIBEL VERDICT

Lawyers for a former doctor at Emory University School of Medicine say that he has won the first libel verdict based on an anonymous Internet message. A U.S. District Judge awarded Dr. Sam D. Graham, Jr. $675,000. Graham was forced to resign from Emory when a message was posted on a Yahoo board suggesting that he had taken kickbacks from a urology company after giving his department's business to the company. The anonymous poster later proved to be Dr. Jonathan R. Oppenheimer, then a staff pathologist working at the urology company, but who now owns a laboratory company called Prost-Data. Further information is available at http://www.iht.com/articles/4665.html

STATES MOBILIZE TO TAX E-COMMERCE

A group of tax and policy officials from 39 states, meeting under the aegis of a group known as the Streamlined Sales Tax Project, expects to finalize model tax simplification legislation shortly. Proposed legislation was unveiled by the group on December 7th. Major brick and mortar retailers support the legislation, claiming that Internet sales without taxes are unfair and harmful to them. E-tailers claim, unsurprisingly, that the legislation would have a chilling affect on Internet commerce. The draft legislation may be found at http://www.geocities.com/streamlined2000/usautaagrmt2.pdf

CREDITCARDS.COM VICTIMIZED BY EXTORTION

Privately held Creditcards.com is a business-to-business site that works with Web merchants so they can accept credit card payments. More than 55,000 of its customers' credit card numbers were posted online when Creditcards.com refused to pay an extortion demand. Angered by the refusal, the extortionist hacked into their system and then posted the card numbers on December 11th. The company is working with the FBI on the case. Further information may be found at http://news.cnet.com/news/0-1007-200-4115920.html?tag=st.ne.1002.tgif.ni

NEW INTERNET RATING SYSTEM DEBUTS

On December 13th, the Internet Content Rating Association (ICRA) unveiled a new Internet rating system designed to permit parents to tailor the type and level of explicit Internet content to which their children may have access. Web site operators use the system to rate their site content and to put it in context. For instance, there may be nudity on a site, but in a purely artistic or medical context, which is therefore distinguished from pornography. The ICRA was formed by some of the major Internet content providers, including America Online, British Telecom, and Microsoft. The rating system may be found at http://www.icra.org

DOJ TEAM EXONERATES CARNIVORE

On December 14th, a team of researchers from the Illinois Institute of Technology released their final report on Carnivore, the Federal Bureau of Investigation's e-mail surveillance system. The report concluded that "when Carnivore is used in accordance with a (court) order, it provides investigators with no more information than is permitted by a given court order." The report was immediately challenged by privacy groups which maintain that Carnivore sifts through millions of non-criminal e-mail messages as part of its function and therefore compromises individual privacy. Carnivore opponents have also suggested that the Illinois team has too many ties to the Clinton administration to be seen as objective in its findings. The report may be found at http://www.usdoj.gov/jmd/publications/carniv_final.pdf

CA SUPREME COURT GIVES "DVD PIRATES" A VICTORY

On December 13th, the California State Supreme Court ordered a lower court to reconsider its decision not to dismiss Texan Matt Pavlovich from the trade secrets litigation in California undertaken by the DVD Copy Control Association (DVD CCA). Pavlovich is one of 21 defendants, most of whom are not California residents. The California Supreme Court said that the Appeals Court for the Sixth District in California must explain why a Texan can be held liable under a state law claim. The DVD CCA claims all the parties named in its lawsuit have violated the California Uniform Trade Secret Act through their exposure of the essence of the Content Scrambling System (CSS) by distributing DeCSS, freely available software that can crack the industry CSS's encryption scheme. Further information may be found at http://news.cnet.com/news/0-1005-200-4159594.html?tag=st.ne.1002.thed.ni

FTC APPROVES AOL-TIME WARNER MERGER

The Federal Trade Commission unanimously approved the merger of America Online and Time Warner, Inc. on December 14th. AOL's $111 billion acquisition of Time Warner finally got the FTC green light after the companies and regulators agreed on a broad set of requirements designed to ensure competition with high speed Internet access and content over cable networks. Under the agreement, at least one America Online Inc. competitor will be licensed to offer high-speed Internet over Time Warner's cable infrastructure in cities it serves before AOL itself can offer service over Time Warner's lines. The FTC will select a trustee to monitor and review complaints that arise from competitors. AOL-Time Warner will be subject to civil sanctions if it violates the accord, which has legal force upon approval of the FTC commissioners, and it must report any complaints about unfair competitive practices. The Federal Communications Commission must still approve the merger before it can be consummated. AOL's rivals would like to see the FCC require that AOL allow its instant messaging service to operate with competitors' services. AOL has said it is working on interoperability but refuses to give a timetable for completion and says it will not proceed at the expense of its members' privacy and security. AOL and Time Warner urged the FCC to conclude its review so that the merger could be concluded by year's end. Otherwise, the companies noted, they will need to file over 10,000 partial-year state and local income tax returns, make additional filings with the Securities and Exchange Commission, duplicate audit and accounting reviews, and modify internal accounting systems. Nonetheless, the Wall Street Journal reported on December 28th that the FCC might not make its decision by year's end. Further information, including links to the FTC Consent Order and other case documents, may be found at http://www.ftc.gov/opa/2000/12/aol.htm

FALSE ID SITE SHUT DOWN BY FTC

The Federal Trade Commission announced on December 12th that a web site which enabled consumers to make false identity documents had been shut down by a court order. Info Word, of Tarzana, California, had been selling templates of state ID cards and birth certificates, as well as programs generating bogus Social Security numbers and bar codes. The temporary restraining order was issued by the U.S. District Court for the Central District of California. The FTC is seeking to shut down Info Word permanently and recover all income that proprietor Jeremey Martinez made through the sale of his documents. According to the Social Security Administration, allegations of identity theft jumped from 27,000 in fiscal 1998 to 62,000 in fiscal 1999, making it the fastest growing crime in the U.S. Further information may be found at http://www.ftc.gov/opa/2000/12/martinez.htm

YAHOO APPEALS NAZI AUCTION DECISION TO U.S. COURT

It was announced on December 22nd that the Internet portal Yahoo has appealed a French court decision which orders Yahoo to restrict the access of French residents to a Yahoo auction site selling Nazi memorabilia. The decision was appealed to a U.S. federal court in San Jose, California, asking it to block the French court from enforcing its order. Yahoo operates a French auction site that abides by local laws banning the sale of Nazi memorabilia. However, it maintains it cannot block people in France from going to sites in other countries to access the Nazi material, and that because of this, it is technologically impossible to enforce the French court order. Further information may be found at http://www.msnbc.com/news/507110.asp?cp1=1#BODY

EGGHEAD GETS HACKED

Egghead announced on December 22nd that a hacker had broken into its computer systems and possibly its customer database. Egghead said in a statement that it is moving to protect its customers' credit-card accounts and the security of the site. Egghead has been alerting its customers' credit card issuers and banks to the possible compromise of customers' data. Law enforcement authorities are conducting a criminal investigation. Further information may be found at http://www.smh.com.au/news/0012/27/text/bizcom3.html

CLINTON ISSUES STRONG MEDICAL PRIVACY RULES

On December 20th, President Clinton issued strong rules on medical privacy, firmly establishing the first federal protection of individuals' medical records. The new regulations, promulgated under the security and privacy portions of the Health Insurance Portability and Accountability Act (HIPAA), will be fully implemented within two years. They will subject doctors, hospitals, nursing homes, and others to stiff penalties if patients' data is mishandled. The new regulations permit consumers to review and copy their medical records, as well as have mistakes corrected. Institutions handling medical information must obtain a patient's written consent before divulging health information, even for routine purposes. Third-party companies that electronically store or host patient records will also have to implement privacy standards. Disclosure of personal medical data with intent to sell the data, for example, is punishable with a fine of up to $250,000 and up to 10 years in prison. Further information may be found at http://www.whitehouse.gov/WH/new/html/Wed_Dec_20_141343_2000.html

FTC REQUESTS PUBLIC COMMENT ON PRIVACY PROVISIONS

The FTC is seeking public comment on new interpretations of provisions of the Fair Credit Reporting Act that permit companies to share consumer information with their affiliates without incurring the obligations of consumer reporting agencies. The privacy rules, which now include an opt-out provision, are similar to those proposed by federal banking agencies as a result of the Gramm-Leach-Bliley Act. The fair credit act sets legal standards for the collection, use, and communication of credit data about consumers. Comments must be received by January 31, 2001. Further information may be found at http://www.ftc.gov/opa/2000/12/fcra.htm

NEW SOFTWARE BLOCKS FILTERING PROGRAMS

In response to the recent passage of legislation requiring the use of Internet filtering software in federally funded schools and libraries, an organization called Peacefire announced on December 18th that it has devised software designed to block many of the popular filtering programs, including Net Nanny, Cyber Patrol, and CYBERsitter. The new federal law was passed as an addendum to the massive congressional spending package. It requires schools and libraries receiving federal "E-rate" funding to install approved filtering software on their computers. The E-rate program supplies funds to help poor and rural schools and libraries connect to the Internet. The American Civil Liberties Union has said that it will challenge the legislation. The "Peacefire" software is available at http://www.peacefire.org

WEB ACCESS RULES PUBLISHED FOR GOVERNMENT SITES

On December 21st, the federal government published standards for government web sites intended to make them accessible to people with disabilities. Federal sites are required to comply with the standards by June 21, 2001. The rules were issued by the Architectural and Transportation Barriers Compliance Board, an independent federal agency. The standards cover controls, keyboards, software, telecommunications functions, multimedia products, information kiosks and transaction machines. The rules require that "individuals with disabilities, who are members of the public seeking information or services from a federal agency, have access to and use of information and data that is comparable to that provided to the public who are not individuals with disabilities, unless an undue burden would be imposed on the agency." As an example, web sites that use pictures as navigational aids must make text equivalents available so that blind users may use text-to-speech devices to navigate. The accessibility standards may be found at http://www.access-board.gov/news/508-final.htm

NEW SEC RULE PROVES BOON TO WEBCASTERS

Under the new fair disclosure rule of the Securities and Exchange Commission, Regulation FD (SEC Regulation on Fair Disclosure), webcasters are happily shouldering the burden of providing a record number of webcasting services. Under the new rule, companies which previously gave company performance information only to selected analysts must now provide the same information to the public via a webcast, press release or SEC filing. Corporate webcast conference calls are projected to triple in 2001 as a result of the new rule. Regulation FD was introduced in October 2000 and immediately caused a spike in Webcast conference calls, but the heaviest activity to date is expected to begin in a few weeks when companies report their quarterly earnings results for the period ending in late December. An audio webcast costs anywhere from $500 to $2,500 per event and CCBN.com reports that it has hosted as many as 25,000 listeners on a corporate audio conference call. Further information may be found at http://www.infoworld.com/articles/hn/xml/00/12/27/001227hnwebcast.xml

ONLINE SCHOOL FOR K-12 DEBUTS

Author William Bennett and Knowledge Universe Learning Group announced on December 27th the formation of the first Internet-based school for kindergarten through 12th grade. K12, located in McLean, VA, will offer a full curriculum as well as supplementary learning and assessment tools over the Internet. It will begin enrollment and offer its first education program in the fall of 2001. Bennett, a former U.S. Education secretary, cited public concern for access to high-quality primary and secondary education and the burgeoning alternative education market as motivations for developing the school. He says the K12 curriculum will focus on traditional educational content and proven methods while employing advanced technologies and graphics to promote more engaging, productive learning. Further information may be found at http://www.courierpress.com/cgi-bin/view.cgi?200012/29+online122900_news.html+20001229

PLEA BARGAIN SIGNED IN EMULEX CASE

On December 29th, Mark Jakob, a 23 year-old former community college student, pled guilty to one count of wire fraud and two counts of securities fraud. He faces a maximum prison sentence of 46 months and a maximum fine of $220 million, plus $110 million in restitution to Emulex shareholders. In his plea agreement, Jakob admitted creating a false press release about Emulex stating that it was under SEC investigation and had lowered its reported earnings figure for the previous quarter. The false press release also said Emulex's chief executive had resigned. Besides the criminal charges, Jakob faces a civil lawsuit brought by the U.S. Securities and Exchange Commission, which seeks to recover the profits he made by trading Emulex shares. A federal judge in October froze approximately $400,000 of Jakob's assets. Further information may be found at http://abcnews.go.com/sections/business/DailyNews/emulext_001229.html