Issue 46 April 2001	BYTES IN BRIEF® by Editors: Sharon D. Nelson, Esq. and John W. Simek Associate Editor: Amelia C. Hierholzer Editor Emeritus: G.V. Nelson 9500+ subscribers worldwide © 2001 Sensei Enterprises, Inc./Nelson & Wolfe. All rights reserved. This newsletter may not be reproduced or redistributed in any manner except with consent of the copyright owner. Distributed by Silver Law Inc. under license.

ACLU AND ALA SUE TO STOP NET FILTERING

On March 20th, the American Civil Liberties Union and the American Library Association filed separate suits challenging a new law that requires schools and libraries that receive federal funds to filter Web content. Both suits alleged that compelling schools to filter content unconstitutionally violates the First Amendment. The suits were filed in the U.S. District Court in Philadelphia and target the Children's Internet Protection Act (CHIPA), a law passed in December of 2000 to force schools and libraries to filter out offensive images or lose federal funding. The suits also charge that the filtering law discriminates against people who rely on libraries for Internet access. Further information and a copy of the ACLU complaint may be found at http://www.aclu.org/features/f032001a.html

N.Y. BUSBOY BUSTED IN MASSIVE IDENTITY THEFT CASE

The federal government has taken over the prosecution of 32 year old Abraham Abdallah, with the federal complaint superceding the state indictment filed earlier in March in Brooklyn, NY. The March 22nd complaint, filed in Manhattan federal court, alleges that Abdallah attempted to bilk $22 million from some of the country's richest and most famous citizens. Abdallah, who was arrested on March 7th, allegedly targeted Paul Allen, Steven Spielberg, Ted Turner, Warren Buffett, Michael Eisner, and Oprah Winfrey, among others. The complaint charges Abdallah with one count of wire and one count of mail fraud. If convicted, he faces a maximum sentence of 30 years in prison and a $1 million fine on each count. Abdallah has been charged with other white collar crimes in the past and pled guilty in 1998 to a $100,000 phony credit card scheme. Police said that his most recent crimes including breaking into the accounts of 217 people listed by Forbes Magazine as being some of the wealthiest people in the U.S. Allegedly, Abdallah used telephones and computers in Brooklyn public libraries to contact credit-reporting companies to obtain confidential information about his victims' accounts. Further information may be found at http://www.ecommercetimes.com/perl/story/8363.html

NAPSTER INJUNCTION ISSUED: SONGS BEING BLOCKED

On March 6th, federal district court Judge Marilyn Hall Patel issued her modified court injunction in the Napster case. A three judge panel from the 9th Circuit had ruled on February 12th that Napster could be held liable for copyright infringement and that an injunction was required. The panel instructed Judge Patel to modify her earlier injunction requiring the recording companies to identify the songs which have been infringed. The order calls on both Napster and the recording companies to track down infringing music files. It gave Napster 72 hours to filter out any music identified as infringing. However, the music companies must first identify the songs and prove that they own or control the copyrights in the works. One major flaw in the procedure is that the screening system can depend on the accuracy of file names, and there may be variations, perhaps intentionally on the part of Napster users, to foil the screening process. Napster has stated that it will try file-blocking in good faith while it is in the process of transitioning to a new membership-based service. Further information can be found at http://www.napster.com/ and http://www.riaa.org

Shortly after the injunction was issued, press reports indicated that Napster users were utilizing software that allows them to mask and unmask their MP3 files by using Pig Latin encryption of file names. Experts suggested that while Napster may quickly defeat these software dodges, others would take their place. Information about these software programs may be found at http://www.napcameback.com and at http://www.aimster.com

EMUSIC SUES NAPSTER

On March 7th, the Internet music company EMusic.com Inc. sued Napster for copyright infringement and unfair competition in the U.S. District Court in San Francisco. EMusic, which calls itself a legitimate alternative to Napster, licenses and sells music as MP3 files, a compression format that turns music from compact discs into much smaller digital files. EMusic charges that Napster has flatly rejected its requests to filter out and effectively block EMusic tracks from being traded on Napster. Further information may be found at http://www.emusic.com/about/pr/pr155.html

VERISIGN REACHES DEAL WITH ICANN

VeriSign has agreed with the Internet Corporation for Assigned Names and Numbers (ICANN) that it will operate the .org registry through December 2002, when non-profit organizations worldwide will take over. It will operate the .net registry until early 2006 and the .com registry until the end of 2007. VeriSign will invest at least $200 million over 10 years in operational improvements in the registries it operates. Other registrars will also have access to VeriSign's global zone resolution and distribution facilities. The agreement must now be approved by ICANN's directors, the Commerce Department, and VeriSign's board. It will also be up for discussion at the next ICANN Board meeting on April 2, 2001. ICANN asks Internet users to comment on the agreement at its site, http://www.icann.org

NEW.NET DEBUTS 20 DOMAINS WITHOUT ICANN APPROVAL

In a frontal assault defying ICANN, a new domain name registrar called New.net announced on March 5th that it would begin selling an additional 20 top level domains (TLDs) for $25.00 per year. The new domains include .kids, .travel, .law, .med, .sport, .tech, .mp3 and .xxx. The TLDs work with the existing domain name system (DNS) infrastructure and New.net says it has partnered with the infrastructure service company UltraDNS to make access to those TLDs efficient. New.net has agreements with Earthlink, Excite@Home and Net Zero ensuring that their customers can reach the new TLDs. Other Internet users will have to download a plug-in to their browser to activate the TLDs. ICANN said it had no comment on the company's announcement. New.net can be found at http://www.new.net

FBI INTERNET FRAUD REPORT RELEASED

An FBI Internet Fraud Report, released on March 7th, said that the two most reported instances of Net fraud are phony auction sites and online shopping sites that do not deliver the promised merchandise. Auction fraud comprised 74% of all complaints and undelivered merchandise 22%. Although consumers tend to fear having their credit cards numbers stolen or misused, only five percent of consumer complaints involved these activities. The report is a joint effort by the FBI and the National White Collar Crime Center (NWCCC), a nationwide network supported by the Justice Department that helps law enforcement agencies combat economic and high-tech crimes. In its first six months of operation, the government Internet Fraud Complaint Center recorded 20,000 complaints of which 5,273 were classified as fraud by law enforcement agencies. The report also shows that California ranks first in the number of online victims and criminals, followed by Florida, Texas, Pennsylvania and New York. The report may be found at http://www.ifccfbi.gov/strategy/6monthreport.pdf

CALIFORNIA THROWS OUT LIBRARY NET FILTERING CASE

An appeals court in San Francisco threw out a lawsuit brought by a woman who charged that her local library was liable for not installing content filters that would have prevented her 12 year old son from downloading pornography. The plaintiff charged the City of Livermore public libraries with negligence, nuisance, premises liability and waste of public funds. The case had been dismissed in 1999 by an Alameda County superior court judge. The appeals panel said it would not reinstate the case in part because it was built on "hypotheticals" involving intentional provisioning of obscene pornography to minors, and not simply a lack of enforcement of library policy. The court found a critical distinction between providing harmful material itself and offering computers where minors could themselves obtain the material. The court's decision is thought to be the first case challenging a library's refusal to censor online content. The court noted that the new federal filtering law will take effect in April but Livermore Public Library will not be forced to comply since it does not currently receive federal funding. The court's decision in Kathleen R. et al v. City of Livermore may be found at http://www.courtinfo.ca.gov/opinions/documents/A086349.PDF

FLORIDA SUPREME COURT RULES FOR AOL IN CHILD PORN CASE

On March 8th, the Florida Supreme Court upheld a lower court ruling which absolved America Online in a child pornography case, ruling 4-3 that it should not be held liable for the illegal actions of its customers. The court relied strongly on the Communications Decency Act, maintaining that the federal law shielded AOL from liability. Doe v. America Online was filed by the mother of an 11 year old boy who was persuaded by a convicted pedophile to make a pornographic video which the pedophile then peddled to other pedophiles using his AOL account. The mother charged that AOL violated Florida law by allowing the pedophile to sell the materials. However, the Florida Court ruled that the Communications Decency Act specifically insulates Internet providers from prosecution for materials transmitted over their networks. The decision may be found at http://www.flcourts.org/sct/sctdocs/

BUSINESSES ASSAILED BY CYBERCRIME

In spite of using more security technology, the 2001 Computer Crime and Security Survey released by the Computer Security Institute found that businesses on the Net continue to lose more and more to cybercrime. The survey, released on March 12th, found that cybercrimes accounted for $378 million in losses among the 186 companies that were able to quantify their losses in 2000. The average loss was $2 million per company. The vast majority of the loss was attributable to trade secret pirates, financial fraud, and the cost of repairing damages from computer viruses. Viruses hit about 94% of the respondents, 73% lost money due to laptop theft, and 57% were victimized by insider Net abuse. Organizations that found themselves the victim of attacks via the Internet increased from 38% in the 1996 survey to 70% in 2000. Further information and a copy of the report may be found at http://www.gocsi.com/prelea_000321.htm

DOUBLECLICK PREVAILS IN CLASS ACTION SUIT

On March 28th, a New York federal judge dismissed a class action suit against DoubleClick, Inc., holding the company's gathering of personal data over the Net doesn't violate federal law. The ruling in In re Doubleclick Inc. Privacy Litigation is the first to address whether the use of cookies (files which track users' activity on the Net) violate consumer privacy. While the ruling was a victory for Doubleclick, legal experts expect more battles under state law. Plaintiffs claimed that DoubleClick, the largest Internet advertising service, was liable for invasion of privacy, unjust enrichment and trespass under the Electronic Communications Privacy Act, the Federal Wiretap Act and the Computer Fraud and Abuse Act. Judge Naomi Buchwald of the U.S. District Court for the Southern District of New York said she found no evidence "in the legislative or judicial history of these acts to suggest that Congress intended to prohibit conduct like DoubleClick's." With regard to the electronic privacy statute, Buchwald agreed with DoubleClick that its use of cookies to collect information met an exception to the law, namely that such activity was authorized by its affiliated web sites and intended for their use. DoubleClick collects demographic information about users through its cookies in order to provide targeted banner advertisements to more than 11,000 affiliated web sites. The decision in the case may be found at http://www.nysd.uscourts.gov/courtweb/pdf/D02NYSC/01-03797.PDF

MICROSOFT ANNOUNCES SOFTWARE SUPPORT TERMINATION

On March 30th, Microsoft announced that it would stop supporting Windows 95, Windows 1.x through 3.x, Windows for Workgroups, and DOS versions up to 6.22 at the end of 2001. Losing support on June 30, 2003 are Windows NT 4 Workstation and Windows 98. Further information may be found at http://www.microsoft.com/windows/lifecycleconsumer.asp

SEC SUES COMPANY TARGETING FUNDAMENTALISTS

On March 12th, the Securities and Exchange Commission announced it had filed a lawsuit in federal court in Miami against Families On Line and its two chief officers. The officers were also indicted on federal charges of alleged securities fraud and the SEC's request to freeze their assets was granted. The company offered filtered access to the Internet, but also sold $3.9 million of its unregistered securities, primarily to fundamentalist Christians. The offers failed to disclose that both officers are convicted felons who used $1.8 million of investor funds for luxury vehicles, vacations and merchandise from adult-oriented stores. The company also told investors that Dean Witter would underwrite an initial public offering and that the projected revenue in the first year would be $330 million. Further information may be found at http://www.sec.gov/litigation/litreleases/lr16930.htm

SEC SETTLES WITH "TOKYO JOE"

The Securities and Exchange Commission announced on March 8th that it has settled the enforcement action it brought last year against Yun Soo Oh Park, the Internet stock picker known as "Tokyo Joe," and the company Park controls, Tokyo Joe's Societe Anonyme Corp. Under the terms of the settlement, Park and Societe Anonyme consented to entry of a federal District Court order that permanently enjoins them from violating the antifraud and other provisions of the federal securities laws, and orders Park and Societe Anonyme to pay $324,934 in ill-gotten gains and $429,696 in civil penalties, for a total monetary payment of $754,630. Park allegedly defrauded members of his Societe Anonyme by failing to disclose that, in several instances, he had already purchased shares of the stock that he was recommending and that he planned to sell his shares in the buying flurry and subsequent price rise. The Commission also charged that Park touted one company to members of Societe Anonyme and to the public without disclosing that he had received shares of stock in the company in exchange for his recommendation. Further information may be found at http://www.sec.gov/news/press/2001-26.txt

JUDGES HOLD HEARING ON PUBLIC ACCESS TO COURT RECORDS

On March 16th, the Subcommittee on Privacy and Electronic Access to Case Files, a panel of eight judges created last year by the Judicial Conference of the U.S., held a hearing examining the security and privacy issues involved in the government's plan to link files from all federal courts into a single system called PACER (Public Access to Electronic Court Records). Representatives from many organizations testified, including the Electronic Privacy Information Center (EPIC), the American Association of Law Libraries, the National Newspaper Association, the Social Security Administration, the Electronic Frontier Foundation, the National Association of Consumer Bankruptcy Attorneys, the Reporters Committee for Freedom of the Press, and the Justice Department. So far, only eight of the 201 federal courts have converted to a fully electronic system allowing digital documents to be open to the public, but it is anticipated that a new PACER system will be completed by the Administrative Office of the Courts in 2005, allowing users to search all federal court documents from a single site for a nominal fee. The plan concerns privacy and consumer groups, who note that many court case files may contain medical records, personnel files, tax returns or other proprietary information. However, the plan has been supported by journalists, investigators, marketers, victims rights groups, and database archive firms. The subcommittee's comments will be reviewed by the Court Administration and Case Management Committee, which could make a recommendation to the Judicial Conference in time for its biannual meeting in September. The AO received more than 240 comments on the plan, which may be found at http://www.privacy.uscourts.gov

ANONYMOUS PLAINTIFF V. AOL: YOU LOSE

In a novel case, a plaintiff identified only as an Indianapolis-based "Anonymous Publicly Traded Company" sued America Online in an attempt to learn the names of five people who posted criticism of the company on AOL message boards. The company said the John Does posted "defamatory and disparaging material misrepresentations." A Virginia appellate court refused the company's attempt to remain anonymous. On March 2nd, the Virginia Supreme Court ruled that the company must reveal its identity if it proceeds with the suit, overturning a lower-court ruling that had allowed the case to progress. The company had claimed that revealing its identity would cause economic hardship but the court said that anonymous plaintiffs have been allowed to proceed only in cases involving the threat of physical harm or social stigma. The decision in AOL v. Anonymous Publicly Traded Company may be found at http://www.courts.state.va.us/opinion/1000974.doc

CALIFORNIA MAKES SPAMMERS FELONS

Michael Persaud and Frank Kriticos have been charged by California authorities with three counts of disrupting computer services, doing so to cause injury and illegally using someone else's domain name. They face more than four years in prison if convicted. They are charged with crashing the computer systems of Veritools, a debugging software company, by rerouting tens of thousands of unsolicited e-mails on behalf of a refinancing company through its servers, pretending to be a Veritools affiliate. The hearing in the case has been continued until April to allow the defendants to secure counsel. Criminal convictions for spamming are still rare, so the case has attracted national attention. Several anti-spam bills are currently pending before Congress, including one introduced in March, the Anti-Spamming Act of 2001, which would make it illegal to forge e-mail originating addresses or time stamps. Further information about the Act may be found at http://www.newsfactor.com/perl/story/8223.html

CANADA CONSIDERS BANNING CHILD PORN ACCESS

A bill introduced in Canada on March 14th would outlaw accessing child porn as opposed to creating or distributing it. Violators would face up to five years in jail. The bill would also impose penalties of up to ten years for the electronic transmission of child pornography. It would cover transmission by e-mail attachments and the distribution of e-mail addresses where such pornography can be viewed. An essential element of the crime is knowledge that such material is being transmitted. The British are reportedly considering a similar law. Further information may be found at http://www.zdnet.com/zdnn/stories/news/0,4586,2696520,00.html

VERISIGN ISSUES MICROSOFT CERTIFICATES TO IMPOSTER

Oops. It was revealed on March 23rd that VeriSign issued two certificates in January to an individual posing as a Microsoft employee. The certificates were issued on January 29th and 30th. Legitimate certificates are meant to assure people that they are accepting patches and other software from a given company. Use of the bogus certificates could affect users of Windows 95, 98, Millennium Edition, NT 4.0, and 2000. Although VeriSign has revoked the certificates, it's impossible for browsers to verify the validity of the certificates. Microsoft is working on a fix. In the meantime, use of the certificates could lure people into downloading a virus when they believe they are getting Microsoft software or updates. Until the update is ready, Microsoft is urging all Windows users to check all security-warning dialogue boxes for certificates issued either Jan. 29 or 30. Such message boxes ask people if they want to install and run the program or files signed, for example, on 1/29/01 by Microsoft. No valid Microsoft certificates were issued on those dates. Microsoft also suggests users install its Outlook E-mail Security Update, which stops malicious applications sent via e-mail from launching automatically, and its Office Document Open Confirmation Tool, which forces Web pages to request permission before opening Office documents. The FBI is investigating. Further information may be found at http://www.msnbc.com/news/548228.asp?cp1=1

HONG KONG CLAMPS DOWN ON PIRACY

Hong Kong, long a haven for software piracy, is using new laws to make a serious effort to curtail such piracy. New laws that become effective in April have caused a stampede as companies scurry to buy legal software. The new law makes the use of pirated software in businesses a criminal offense with a maximum punishment of four years in prison and a fine of HK$50,000 (approximately $6,400 US) for each copy of pirated software. The current law allows prosecution of those who sell and manufacture counterfeit software, but not those who use it. The Business Software Alliance estimates that 56% of all software used in Hong Kong is pirated. Further information may be found at http://news.excite.com/news/r/010329/02/hongkong-copyright

BUSH ADMINISTRATION ASSAILS EU PRIVACY RULES

In a letter to the European Union dated March 23rd, the Bush administration took issue with the burden that European privacy rules would place on U.S. financial institutions. The letter called the EU rules "incompatible with real-world operations." Proposed standard clauses for contracts that govern the transfer of data from EU firms to companies in the U.S. are the chief concern, said the letter to the EU's e-commerce commissioner John Moog. The European Parliament must still approve the standard clauses but they are expected to become effective this summer. The letter asks the EU to delay implementing the standard clause rules. As an example, the model contracts would require U.S. firms to notify European consumers how their personal information is used and to give European consumers access to personal information that has been collected about them. The EU privacy law would require U.S. companies to apply EU law in the United States for European consumers, which the U.S. believes infringes upon its sovereignty. Further information may be found at http://news.excite.com/news/r/010328/11/eu-us-privacy

COURT ALLOWS ABORTION PROTEST SITE TO STAND

On March 28th, a three judge panel of the 9th Circuit Court of Appeals unanimously threw out a $109 million verdict against anti-abortion activists, holding that their web site was protected by the First Amendment. The site featured wanted posters branding abortion doctors as "baby butchers" and criminals, but the panel said that the defendants could only be held liable if they authorized, ratified or directly threatened violence. Two years ago, a federal jury in Portland, Oregon, had ordered the dozen defendants to pay damages to Planned Parenthood and four doctors who had sued under federal racketeering law and a federal law, which makes it illegal to incite violence against abortion doctors. The decision in Planned Parenthood v. American Coalition for Life Activists may be found at http://www.ca9.uscourts.gov/ca9/newopinions.nsf/ 04485f8dcbd4e1ea882569520074e698/761f198cbf88f75988256a1d005e8ed1?OpenDocument

INTERNET CUSTOMERS PANIC AS MAJOR DSL NETWORK DIES

The first bankruptcy of a major provider of high speed Internet access left more than 100,000 customers frantic to find new service on March 29th as the nationwide network of NorthPoint Communication closed. The shutdown followed AT&T's $135 million deal to purchase most of NorthPoint's assets, excluding its customers. Competitors like Covad Communications and Rhythms NetConnections are picking up many of NorthPoint's customers, but industry analysts are concerned that all such companies are facing problems like those that sank NorthPoint – late payments from ISPs, a tough financing marketing, and high network maintenance costs. Anxiety about the first failure of a major DSL company has rippled throughout the telecommunications industry. When NorthPoint filed for bankruptcy, its stock had dwindled to a value of 22 cents from a high of $30. Essentially, according to AT&T, NorthPoint went bankrupt doing business with Internet service providers who either didn't pay their bills or had contracts that didn't cover NorthPoint's cost of serving them. NorthPoint's press release may be found at http://www.northpoint.net/