Issue 44 February 2001	BYTES IN BRIEF® by Editors: Sharon D. Nelson, Esq. and John W. Simek Associate Editor: Amelia C. Hierholzer Editor Emeritus: G.V. Nelson 9500+ subscribers worldwide © 2001 Sensei Enterprises, Inc./Nelson & Wolfe. All rights reserved. This newsletter may not be reproduced or redistributed in any manner except with consent of the copyright owner. Distributed by Silver Law Inc. under license.

FBI FORMS INFRAGARD PROGRAM

On January 5th, the Federal Bureau of Investigation and the National Infrastructure Protection Center (NIPC) introduced the National InfraGard Program. The NIPC, in conjunction with representatives from private industry, the academic community, and the public sector, developed the "InfraGard" initiative to expand direct contacts with the private sector infrastructure owners and operators and to share information about cyber intrusions, exploited vulnerabilities, and infrastructure threats. Currently, all 56 field offices of the FBI have opened an InfraGard chapter, with a total of 518 company members across the nation. The National InfraGard Program provides four basic services to its members: an intrusion alert network using encrypted e-mail; a secure website for communication about suspicious activity or intrusions; local chapter activities and a help desk for questions. The critical  component of InfraGard is the ability of industry to provide information on intrusions to the local FBI Field Office using secure communications in both a "sanitized" and detailed format. The local FBI Field Offices can use the detailed submission to initiate an investigation while the NIPC at FBI Headquarters can analyze that information to determine if the intrusion is a broader attack on numerous sites. The NIPC can simultaneously use the sanitized version to inform other members of the intrusion without compromising the confidentiality of the reporting company. Further information about the National InfraGard Program may be obtained from your local FBI Field Office. For additional information about the National Infrastructure Protection Center, you may inquire via e-mail at nipc@fbi.gov. The FBI's press release regarding the program may be found at  http://www.fbi.gov/pressrm/pressrel/pressrel01/infragard.htm

AOL SUES PORN SPAMMERS

Late in December, America Online sued Cyber Entertainment Networks, owners John Bennett and Joseph Elkind, and eight  employees and 29 webmasters under contract to promote Cyber Entertainment's web sites. The suit has drawn a lot of attention because, if successful, it would establish liability for ISPs that cause spam mail to be sent or knowingly conspire with spammers. The suit was filed in the U.S. District Court for the Eastern District of Virginia. It seeks an injunction against further spamming and damages of $10 for each unsolicited e-mail or $25,000 for each day an unsolicited message was transmitted. AOL's lawsuit charges that despite Cyber Entertainment's no-spam policy, the company knowingly encourages Webmasters to send unsolicited emails promoting its network of porn sites. The company promotes its Web sites by authorizing other Webmasters to drive traffic to it and compensates them by means of a commission on sales. Cyber Entertainment claims to have a zero tolerance for spam and says it does not profit from unsolicited e-mail. The suit, however, charges that the defendants conspired with each other to send unsolicited e-mail and says Cyber Entertainment knew or should have known that the webmasters they contracted with were sending unsolicited bulk e-mail. The suit was filed under a number of statutes, including the Virginia Computer Crimes Act and the Federal Computer Fraud and Abuse Act. Further information may be found at http://news.cnet.com/news/0-1005-200-4361564.html?tag=st.ne.1002.bgif.ni

MICROSOFT SITES NAILED TWICE

Because of a technician's error in configuring domain name servers, several of Microsoft's sites were inaccessible on January 23rd and 24th. On January 25th and 26th, Microsoft was further embarrassed by denial of service attacks that brought down many of its sites. Impacted were Microsoft.com, MSN.com, Encarta, Homeadvisor, Expedia, Hotmail and Carpoint. Experts gave Microsoft a black eye for housing its domain name servers in a single location, with no room for failover. Microsoft's DNS architecture meant that its system was sitting behind a single router and therefore vulnerable to denial of service attacks. Experts faulted Microsoft for sloppy practices for having four name servers on the same subnet but noted that many other companies probably have similar vulnerabilities because they have not paid proper attention to router configuration and redundant network design principles. Further 
information may be found at http://www.infoworld.com/articles/hn/xml/01/01/26/010126hnmsdos.xml

MICROSOFT SETTLES WITH SUN

Sun Microsystems announced on January 23rd that it had it settled its suit with Microsoft. Microsoft agreed to pay Sun $20 million to settle a trademark infringement suit filed in 1997 after Microsoft added proprietary code to the Java language. The suit alleged that Microsoft illegally sold incompatible versions of Java designed to run optimally on Windows. The settlement also terminates all of Microsoft's Java licenses and prohibits Microsoft from using the Java trademark in any new products. Microsoft is allowed to sell its existing products that support older versions of Java but can't modify current implementations except for such things as bug fixes. Microsoft now says it will release development tools this year that translate Java code into .Net. Further information and the Settlement Agreement may be found at http://www.microsoft.com/presspass/java/default.asp

IRS EXPANDS ELECTRONIC FILING

The Internal Revenue Service announced on January 2nd that it has expanded its electronic filing program to allow millions of taxpayers to file paperless tax returns. Taxpayers who sign up with the IRS for a "Self-Select" personal identification number (PIN) will now be permitted to file their entire tax return online, using the PIN as a legally acceptable electronic signature. Further information may be found at http://ftp.fedworld.gov/pub/irs-news/ir-01-01.pdf

US FIRMS SLOW TO AGREE TO EU SAFE HARBOR ACCORD

By the beginning of January, only twelve U.S. companies had agreed to the European Union Safe Harbor agreement that allows U.S. firms to engage in private data transfers with individuals and companies in the European Union. The Commerce Department is now presenting a series of seminars to educate American companies about the benefits of the Safe Harbor agreement. Safe Harbor is a voluntary program, under which U. S. companies must adhere to certain data protection "principles," but are still encouraged to pursue the traditional US industry approach of self-regulation. The Federal Trade Commission (FTC) provides enforcement backup for privacy violations. Also, companies must consent to some form of third-party dispute resolution mechanism, either through the EU or through a US-based organization such as BBBOnline or TrustE. Information on eligibility and requirements for the Safe Harbor agreement can be found at: http://www.export.gov/safeharbor

TECHNOLAWYER ANNUAL AWARDS

On January 11th, the popular TechnoLawyer legal online community announced the winners of its annual awards, determined by the votes of its members. Some of the winners include: Favorite Accounting Solution – Quickbooks; Favorite Case Management Solution – Time Matters; Favorite Document Assembly/Automation Solution – Hot Docs/Hot Docs Pro; Favorite Document Management Solution – WORLDDOX; Favorite Handheld Computer – Palm Series; Favorite Handheld Application – AvantGo; Favorite Knowledge Management Solution – CaseMap/TimeMap; Favorite Legal Research Tool – Westlaw; Favorite Legal Web Site – FindLaw; Favorite New Legal Application – TimeMap; Favorite Online CLE Provider – Law.com; Favorite Legal Technology Publication – Law Office Computing; Favorite Time-Billing Solution – Timeslips; Favorite Word Processing Solution – Microsoft Word. The full list of award recipients and runners-up, as well as information on joining the TechnoLawyer community, may be found at http://www.technolawyer.com

WEST GROUP ACQUIRES FINDLAW

On January 26th, West Group announced that it had acquired the venerable legal portal FindLaw. FindLaw will operate as an independent subsidiary and FindLaw co-founders Stacey Stern and Tim Stanley will remain in their executive positions. West Group stated that everything existing on FindLaw today will remain and that West Group will invest in and expand FindLaw's content. Skeptics regarded the news glumly, concerned that the best free legal site on the Net might cease to be the best and cease to be free in the future. Further information may be found at http://www.westgroup.com/newsinfo/wgnews/presrlse/2001/wg/findlaw.htm

AAA OFFERS B-T0-B GUIDELINES

On January 4th, the American Arbitration Association released a set of guidelines intended to help e-commerce companies resolve disputes. The guidelines were created in collaboration with 20 major companies, including Microsoft, AT&T, FedEx and PepsiCo and target online marketplace disputes between buyers and sellers. Two to three percent of online business transactions require conflict resolution. The AAA also intends to create dispute resolution applications that will allow companies to use the Internet to resolve disputes. The dispute management protocol may be found at http://www.adr.org

YAHOO BANS NAZI AND KKK MEMORABILIA

Clearly in response to recent legal battles waged in Europe, Yahoo announced on January 3rd that it would halt the auctioning of Nazi and KKK materials. In implementing a new tough policy against the auctioning of "hate" items, Yahoo will add a new monitoring program, which will automatically screen new listings for offensive content and bring them to Yahoo's attention for review. Concurrently, Yahoo announced that it would begin charging an auction listing fee, ranging from 20 cents to $2.25 based on the value of the item being listed. The revised guidelines may be found at http://auctions.yahoo.com/phtml/auc/us/promo/revisedguidelines.html

SUPREME COURT ALLOWS VA COMPUTER RESTRICTIONS TO STAND

On January 8th, the U.S. Supreme Court declined to review an opinion of the 4th Circuit Court of Appeals, which upheld a state law barring state employees from using state computers to access pornographic material. The law says that no state employee may access sexually explicit material using a state-owned or state-leased computer, "except to the extent required in conjunction with a bona fide, agency-approved research project or other agency-approved undertaking." Six university professors had challenged the law. Critics contended that because the law defined nudity as sexually explicit material, it could affect material used by professors in courses such as art history, human sexuality, English literature and psychology. A federal judge ruled in February 1998 that the law violated the First Amendment rights of state employees, but the decision was overturned by the 4th Circuit in June 2000 by an 8-4 vote. Further information may be found at http://www.timesdispatch.com/MGBV33VXQHC.html

STATES WILL BATTLE MICROSOFT IF BUSH WON'T

The state attorneys general involved in the antitrust battle against Microsoft say they will pursue the case even if the new administration backs away from it. The U.S. Court of Appeals will hear oral arguments in February. Microsoft has announced that its lead counsel will be Richard Urowsky, who successfully represented it in earlier appeals. The government said it will utilize two attorneys from the Office of the Solicitor General, David Frederick and Jeffrey Minear, who have had limited involvement in the case since it was filed in 1998. The Democrats fired their final round on January 12th, when the Justice Department submitted a 150 page brief in advance of the upcoming oral arguments. It is generally conceded that the highly partisan statements made by trial judge Thomas Penfield Jackson have weakened the government's case. Ken Starr has entered the fray, having been hired by a Microsoft foe, the Project to Promote Competition & Innovation in the Digital Age. Starr helped draft an amicus brief filed in the case on January 12th. The apparent hope is that the involvement of a strong conservative figure will add strength to the arguments made by the government and its allies. The last episode of the month occurred on January 29th, when Microsoft filed a 75 page reply brief arguing that concessions in the government's appeal brief about the public benefit of incorporating Internet technologies in Windows and partisan public comments by Judge Jackson constituted grounds for the appellate court to overturn the lower court's decision ordering the break-up of Microsoft. Court pleadings in the case may be found at http://www.cadc.uscourts.gov

MICROSOFT SCORES IN CLASS ACTION SUITS

On January 12th, U.S. District Court Judge Frederick Motz granted Microsoft's motion to dismiss more than half of a set of consolidated class action claims alleging that it had overcharged consumers for its Windows operating system. The Maryland federal court's ruling dismissed the suits finding that damage claims against alleged antitrust violators may be filed only by individuals or companies that directly purchased the items in question from the defendant. In the dismissed cases, claimants had purchased the operating system as part of a pre-installed package coming with the computer from a store, or directly from the computer manufacturer. While the judge nullified the claims for monetary damages, he recognized the claimants' right to injunctive relief – if plaintiffs prevail in these cases, the decision could compel Microsoft to sever the Internet Explorer browser from the Windows operating system. The judge has ordered the discovery process to continue in the remaining class action cases where plaintiffs bought the Windows operating system directly. Further information may be found at http://www.microsoft.com/presspass/legal/ca

FCC GIVES AOL/TIME WARNER A GREEN LIGHT

The Federal Communications Commission blessed the merger between America Online, Inc. and Time Warner on January 11th, but with conditions. The FCC conditions involve AOL-Time Warner's provisions of high-speed Internet and IM over cable TV systems, and the ownership relationship between AT&T Corp. and New York's Time Warner Inc. The FCC wants to ensure that AOL-Time Warner allows unaffiliated service providers to control the first screen, has a direct billing arrangement with high-speed subscribers, and allow the same technical quality as to the affiliated AOL-Time Warner Internet provider. AOL-Time Warner must interoperate with competitors when it starts to deploy its advanced IM services, such as streaming video. It must also show that there is an industry-wide IM standard, or demonstrate that it has entered into contracts with competitors. The company must enter into an agreement with at least one competing provider as soon as AOL-Time Warner deploys advanced instant messaging. Within 180 days, the company must enter into agreements with two more companies. Further information may be found at http://www.fcc.gov/aol_tw.html

TOYSMART SUIT SETTLES

When Toysmart.com, the online toy store, went into bankruptcy, it tried to sell its customer data to satisfy its creditors. It did this in spite of having a privacy policy that said it would never share customer data with a third party. The Federal Trade Commission, all 50 state attorneys general, and privacy groups sued to stop the sale. The suit has finally settled thanks to Walt Disney Co., Toysmart's majority stakeholder, which offered to buy the database and destroy it. The judge in the case approved the plan to destroy the database on January 25th. In response to this case, many firms are expected to alter their privacy policies to allow the sale of data under specific circumstances. Further information may be found at http://www.infoworld.com/articles/hn/xml/01/01/31/010131hntoysmart.xml

COURT VICTORY AGAINST "BOTS"

A new decision is helping companies protect themselves against those pesky "bots," automatic search programs that crawl through web sites extracting and copying data. The latest battleground was the federal district court in Manhattan, in which Register.com Inc., a domain registrar, charged that Verio Inc, was sending a software robot to search its customer database for sales leads. Register.com charged Verio with trespass to chattels, breach of contract and other claims. Judge Barbara S. Jones issued an injunction on December 9th barring Verio from using robots to harvest data from Register.com, finding the plaintiff would likely prevail on its claims. Verio appealed the ruling to the United States Court of Appeals for the Second Circuit in Manhattan on January 3rd. It has also filed a petition with ICANN to terminate Register.com's accreditation. Further information may be found at  http://home.verio.com/company/newsroom/2001/in_01_03_01.cfm

PTO TELLS CONGRESS TO STAY OUT OF CYBERSQUATTING

A report issued by the United States Patent and Trademark Office in January says that Congress should, for now, refrain from passing further anti-cybersquatting laws and should refrain from formulating a list of political candidate domain names to protect them from cyberquatters. The PTO said that the government does not have the resources to compile and maintain such a list, and that it strays into dangerous territory by trying to do so. Additionally, the report concluded that there are satisfactory remedies available to politicians and candidates now, both through the courts and through the domain name dispute process of the World Intellectual Property Organization. The report was in response to a Congressional mandate to the Commerce Department to study the procedures for new domain name regulation and to determine whether there should be a second level domain available only to government officials or candidates. The report may be found at http://www.uspto.gov/web/offices/dcom/olia/tmcybpiracy/repcongress.pdf

ACLU AND ALLIES CHALLENGE ICANN DOMAIN NAMES

It was reported on January 18th that the American Civil Liberties Union and other cyber rights groups had sent a letter to the Department of Commerce, complaining about the limitations the Internet Corporation for Assigned Names and Numbers (ICANN) has placed on the number of top level domains. They contend that the restriction threatens freedom of expression. They also argue that the way in which new top level domains are selected is undemocratic and may violate federal laws that ensure public participation. The letter calls for hearings with public comment on the domain issue before the National Telecommunications and Information Administration makes final decisions. Further information may be found at http://www.aclu.org/news/2001/n011701a.html

'MAFIABOY' PLEADS GUILTY ON 55 COUNTS

On January 18th, the infamous teen hacker from Canada known as 'Mafiaboy' pled guilty to charges that he broke into Internet servers and used them to launch attacks on such sites as Amazon.com, CNN.com, and Yahoo.com. The 16 year old was facing 66 charges of mischief for his denial of service attacks and pled guilty to 55. The pleas will avoid a trial that would have detailed how investigators traced attacks back to 'Mafiaboy,' who has yet to be sentenced. Further information may be found at http://www.newsfactor.com/perl/story/6836.html

ANONYMOUS SURFING ENDANGERED BY COURT RULING

On January 8th, the Ninth Circuit Court of Appeals ruled in Konop v. Hawaiian Airlines Inc. that accessing a web site under false pretenses may be considered illegal interception of information. This ruling potentially subjects an impersonator to liability under both the Wiretap Act and the Stored Communications Act. Mr. Konop, a pilot for Hawaiian airlines, constructed a web site critical of his employer. Access to the site was controlled by a password/ID login for other employees, who had to agree not to reveal the site's content. Management gained access to the site by "borrowing" the identities of two non-management employees and thereafter took various actions against Konop. When Konop learned how management had entered the site, he filed suit alleging that the airline had engaged in illegal wiretapping. The lower court ruled in favor of the defendant, but the appellate court reversed, finding that protection against eavesdropping on modern electronic communications was added to the Wiretap Act and enacted in the Stored Communications Act by the Electronic Communications Privacy Act of 1986. The Act prohibits unauthorized interception of "electronic communications" and unauthorized access to "a facility through which an electronic communication service is provided." The opinion in the case may be found at http://guide.lp.findlaw.com/casecode/courts/9th.html by entering January 2001 as the date.

POST OFFICE DEBUTS SECURE INTERNET SERVICE

On January 16th, the U.S. Postal Service debuted a new service that permits government agencies to securely send and receive sensitive documents such as birth certificates and medical records over the Internet. The new system is an electronic version of certified mail and uses a system of passwords and ID cards embedded with computer chips to ensure that a document arrives safely to its intended recipient. The system will cost 50 cents per use, regardless of transmission size. The service is called NetPost Certified and designed for use only with government agencies. Further information may be found at http://new.usps.com/cgi-bin/uspsbv/scripts/content.jsp?D=27146&B=-10836

NET GOLIATHS DRAW THE WAGONS 'ROUND

Nineteen of the nation's largest information technology companies announced on January 16th that they will share security risk data with one another, and eventually with the federal government, in an attempt to fight off cyberthreats. Among the participants in the new Information Technology Sharing and Analysis Center are Microsoft, Intel and Cisco. The Center is a not-for-profit corporation, which will essentially share the latest security measures among its participants and help them to respond in acoordinated manner when attacks occur. Internet Security Systems will operate the IT Sharing and Analysis Center in Atlanta, coordinating the communication and collaboration among the companies. Further information may be found at http://www.internetnews.com/wd-news/article/0,,10_561211,00.html

PRIVACY FOUNDATION ISSUES COURT RECORDS CAUTION

On January 26, the Denver-based Privacy Foundation asked the federal government to establish a commission to investigate the privacy implications of placing all federal court records into a linked database through a system known as PACER (Public Access to Court Electronic Records). The new method of access would allow a user to search all courts from a single site. Answering the Administrative Office of the U.S. Court's request for comment, the Foundation asked the AO to find a method of editing sensitive information from publicly accessible records. The group also said that each court should "retain complete supervisory power over all court records," with the authority to deny public access. The Foundation's biggest concern was the escalation of identity theft cases. 
The Privacy Foundation's comments can be found at: http://www.privacyfoundation.org/release/story8court.html

SUPREME COURT WILL HEAR NET ACCESS APPEAL

The U.S. Supreme Court announced on January 22nd that it would hear the appeal of a ruling that prohibits the Federal  Communications Commission from regulating the prices that telephone and utility companies can charge cable operators for using their lines to offer high speed access to the Internet. Federal law requires phone and utility companies to make available wires and right-of-ways to cable operators in areas where multiple access is not possible, with the FCC setting the prices. The FCC argued that cable operators should be afforded the same price scales when offering Internet access. An appeals court ruled that because the Internet has not been defined as a cable service, the FCC cannot regulate prices. The National Cable Television Association and FCC appealed that ruling after reports that some utilities had informed cable operators that prices for carrying Internet service on so-called pole attachments would increase 500 percent. Further information may be found at http://www.newsfactor.com/perl/story/6909.html

SUPREME COURT WILL HEAR NET CHILD PORN CASE

On January 23rd, the U.S. Supreme Court agreed to hear arguments regarding the constitutionality of a 1996 law that expanded the existing federal ban on child pornography to include computer generated images designed to simulate child pornography. The Ninth Circuit Court of Appeals in San Francisco had ruled that the law was unconstitutional and the Justice Department appealed. Further information may be found at http://www.newsfactor.com/perl/story/6940.html

SOFTWARE ONLINE AUCTIONEERS ARE SUED

The Software and Information Industry Association sued two individuals on January 25th, accusing them of selling illegally copied software such as Macromedia's Dreamweaver and Adobe's Photoshop in online auctions. The suits, filed in federal district courts in Los Angeles and Chicago, represent the first time the SIIA has taken legal action against online software pirates. Further lawsuits are planned. Last year, an SIIA study showed that roughly 90 percent of software sold on auction sites such as eBay, Yahoo, and Amazon.com is illegal. Further information may be found at http://www.ecommercetimes.com/perl/story/7022.html

VOLKSWAGEN CHALKS UP ANOTHER DOMAIN NAME VICTORY

A federal appeals court upheld the opinion of the U.S. District Court for the Eastern District of Virginia on January 22nd, ruling that while it is conceivable for some entity other than Volkswagen to legally use the domain name VW.net, there was no doubt that the former domain name holder of that name was a cybersquatter. Last March, the district court had ordered that the defendant, Virtual Works, Inc., transfer the domain name to Volkswagen. The Fourth Circuit Court of Appeals unanimously found that Virtual Works had violated the Anti-cybersquatting Consumer Protection Act even though the company had registered the domain VW.net three years before the 1999 law was written. The judges found evidence of "bad faith" in that Virtual Works had offered to sell the domain name to Volkswagen. The opinion in the Virtual Works v. Network Solutions may be found at http://guide.lp.findlaw.com/casecode/courts/4th.html by entering January 2001 as the date.

SEARCHING AND SEIZING COMPUTERS: NEW DOJ GUIDELINES

In January, the Computer Crime and Intellectual Property Section of the United States Department of Justice issued a new manual entitled "Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations." The new manual supersedes Federal Guidelines for Searching and Seizing Computers (1994), as well as the Guidelines' 1997 and 1999 Supplements. The manual is designed to combine an updated version of the former Guidelines' advice on searching and seizing computers with guidance on the statutes that govern obtaining electronic evidence in cases involving computer networks and the Internet. Its stated purpose is to offer guidance rather than authority. It has no regulatory effect, and confers no rights or remedies. The manual may be found at http://www.usdoj.gov/criminal/cybercrime/searchmanual.htm