Issue 52 October 2001	BYTES IN BRIEF® by Editors: Sharon D. Nelson, Esq. and John W. Simek Associate Editor: Amelia C. Hierholzer Editor Emeritus: G.V. Nelson 9500+ subscribers worldwide © 2001 Sensei Enterprises, Inc./Nelson & Wolfe. All rights reserved. This newsletter may not be reproduced or redistributed in any manner except with consent of the copyright owner. Distributed by Silver Law Inc. under license.

ANTITERRORISM ACT OF 2001 CRAFTED

The Federal Bureau of Investigation has been circulating drafts of the Antiterrorism Act of 2001 to Congressional lawmakers, seeking to beef up the right of law enforcement authorities to engage in electronic surveillance. The Act would allow officials to obtain wiretap authority for an individual rather than a phone number, and permit wider seizure of voice mail messages and the interception of "computer trespasser" communications. The measure would also require that an Internet Service Provider be compelled to make disclosures of its customers' electronic communications "if the provider reasonably believes that an emergency involving immediate danger of death or serious physical injury of any person requires disclosure." As we go to press, multiple versions of the bill are floating around and negotiators are meeting to determine what portions of the legislation may be removed or altered. Some members of Congress are attempting to draft an alternative to the Act, one which is less extreme, and which particularly alters the Act's view of "hacking as terrorism." One version of the Act may be found at http://www.eff.org/Privacy/Surveillance/20010919_ata_bill_draft.html

NEW COALITION URGES CONGRESS TO CONSIDER PRIVACY INTERESTS

A new privacy coalition has formed in the wake of the terrorist attacks against the U.S. Called In Defense of Freedom, it consists of about 150 organizations, including the American Civil Liberties Union, the Leadership Conference on Civil Rights, the Council on American-Islamic Relations, and Americans for Tax Reform. This highly disparate group held a press conference on September 20th, making clear that the first item on their agenda is to challenge portions of the Antiterrorism Act of 2001, as proposed by the FBI. Somewhat humorously, the group asked lawmakers to pledge, at a minimum, that they would not vote for a bill they had not actually read. The group is specifically concerned about the expansion of wiretapping and electronic surveillance powers, new immigration laws designed to make it easier to detain suspects, and provisions which make it easier for authorities to obtain warrants for and information about suspects. The bill would essentially treat low-level computer trespass as hacking and would allow the U.S. government to utilize information illegally collected by foreign authorities. The group has released a 10-point statement of principles that it asks Congress to consider before enacting laws in the wake of the recent terrorist attacks. Specifically, the group would like the bill de-aggregated, so that its provisions may be debated and acted upon separately. The Act may be found at http://www.cdt.org/security/010911response.shtml. In Defense of Freedom, and its 10-point statement of principles, may be found at http://www.indefenseoffreedom.org

LEGAL TECHAID FORMED TO AID N.Y. DISPLACED LAWYERS

According to the New York State Bar Association, 14,000 lawyers were displaced by the destruction of the World Trade Center. In response, Ross Kodner, the President of MicroLaw, founded Legal TechAid, a group of legal IT professionals willing to offer pro bono assistance to displaced attorneys in New York City. MicroLaw's LegalAid site provides a wealth of listings to help affected attorneys, including a list of all those legal IT professionals who have volunteered to assist, with their contact information and their areas of expertise. The site may be found at http://www.microlaw.com/nyrelief. Further assistance may also be found through the New York State Bar at http://www.nysba2.org/wtc

FEAR OF CYBERATTACKS GROWS

A special Congressional Commission, The Advisory Panel to Assess Domestic Response Capabilities for Terrorism Involving Weapons of Mass Destruction, has warned that future terrorist attacks against the U.S. might occur in conjunction with cyberattacks meant to maximize the impact of physical weaponry. Disruption of communications is believed to be a particular emphasis of Osama bin Laden. The Commission is planning to speed up the release of its third report, originally due in December, to include proposals to help address its concerns in light of the September 11th attack. Further information may be found at http://www.rand.org/nsrd/terrpanel/

DISASTER RELATED SCAMS PROLIFERATE ON NET

The Coalition Against Unsolicited Commercial Email (CAUCE) and the SpamCon Foundation have issued warnings that con artists are concocting online frauds to profit from the terrorist attacks on September 11th. Most of the scams arrive through spam or postings in community forums soliciting donations for victims and survivors of the attacks. A typical message claims to be part of an "Express Relief Fund" or "Victims Survivor Fund." Another widespread e-mail solicited donations for the Red Cross, but the link leads to a web site unconnected with the Red Cross. The agencies caution would-be donors to verify the solicitor's identity through another medium such as the telephone before donating money through credit cards or sending checks. Donors should also be wary of official-looking web sites that may be posturing as genuine charities. Further information may be found at http://www.cauce.org

DOJ WON'T PURSUE MICROSOFT BREAKUP

On September 6th, the Department of Justice did a complete "about face" and said it would no longer seek a breakup of Microsoft, but would instead seek to establish regulations governing Microsoft's conduct. The DOJ also announced that it would not pursue its claim that Microsoft had violated antitrust law by tying its browser to the Windows operating system. The government is expected to seek restrictions which would prohibit Microsoft from giving discounts to hardware or software developers in exchange for promoting or distributing other Microsoft products. Microsoft would also have to monitor and report on all alterations to Windows which slow or degrade the performance of third party applications such as browsers, e-mail clients, multimedia software, instant messaging software and voice recognition software. Though some of state attorneys general involved in case indicated that they would follow the DOJ's lead, the attorneys general from New York and California have indicated that they might pursue their own sanctions if they are dissatisfied with the DOJ's ultimate outcome. Specifically, they want the DOJ to consider the implications of the new Windows XP operating system as part of the current case. Microsoft has been working on a settlement proposal, which is expected to be combative about the need for conduct restrictions.

On September 12th, Microsoft filed another brief with the U.S. Supreme Court, asking it to reverse the decision of the appellate court, arguing that the entire case had been tainted by the misconduct of trial judge Thomas Penfield Jackson. Jackson gave secret interviews to journalists before issuing his ruling disparaging Microsoft and comparing its executives to common criminals. Microsoft said that the appeals court's decision to uphold portions of Jackson's ruling "cannot be reconciled with the decisions of other (courts) that have ordered new trials for far less egregious violations . . ." The Department of Justice, in an August 31st brief, urged the Supreme Court to reject Microsoft's appeal and said that the company's argument "rests squarely on a mischaracterization of the court of appeals' ruling."

On September 20th, the Justice Department, 18 states and Microsoft filed a joint status report with U.S. District Judge Colleen Kollar-Kotelly at her request. Though there were some areas of agreement, there were more areas of disagreement. The parties could not come to an agreement on a proposed schedule. The government would like to have the remedy hearing begin on February 4, 2002 with discovery proceeding until then. Microsoft argued that it "is premature to attempt to establish a schedule for discovery and other procedures leading up to a remedy hearing until the (trial) court has determined what types of relief can be considered in light of the Court of Appeals' decision." Legal experts expect that Microsoft will try to delay proceedings as much as possible in order to get Windows XP established in the marketplace.

On September 28th, Judge Kollar-Kotelly told the parties in a status hearing that settlement talks should proceed 24 hours a day, seven days a week until the November 2nd deadline. If the parties have not settled by October 12th, the judge said she would appoint a mediator to expedite settlement. If there is no settlement by November 2nd, Kollar-Kotelly said she expects hearings to begin in March to determine what sanctions should apply to prevent future violations of antitrust law by Microsoft. Pleadings in the case may be found at http://www.microsoft.com/presspass/legalnews.asp

JUDGE HALTS USE OF RED LIGHT CAMERAS

On September 4th, San Diego Superior Court Judge Ronald Styn threw out 300 tickets for running a red light, saying that the evidence provided by the cameras used was "so untrustworthy and unreliable, it should not be admitted." Approximately 60 cities and counties in the U.S. utilize similar cameras. Styn called the San Diego program flawed because it allows the private company that operates the red light cameras to collect a part of the $271 fine for each ticket issued. The company receives about $70 for each ticket. Because the company decides whether a motorist should be ticketed, the judge found there was a conflict of interest. Specifically, he held that the program violates a state law that does not allow such law enforcement programs to be operated by private companies. He did, however, rule that using a camera to gather evidence is not unconstitutional. Further information may be found at http://www.usatoday.com/life/cyber/tech/2001-09-05-judge-nixes-red-light-cams.htm

HUSBAND CHARGED WITH COMPUTER TRESPASS

Divorce attorneys have been warning that criminal charges would begin appearing in divorce cases involving computer trespass between spouses, and a Michigan husband has in fact been charged because he installed surveillance software called eBlaster on his wife's computer to permit him to track her computer usage and to read all of her e-mail and messages. Steven Paul Brown was charged with installing an eavesdropping device, eavesdropping, using a computer to commit a crime and having unauthorized computer access. He faces possible jail time of up to five years. Further information may be found at http://www.latimes.com/technology/wire/sns-ap-hackers-charged0906sep06.story

EBAY VINDICATED IN COPYRIGHT INFRINGEMENT CASE

On September 6th, U.S. District Court Judge Robert Kelleher issued a summary judgment in favor of eBay in a case involving the sale of bootlegged copies of a Charles Manson documentary called "Manson." Robert Hendrickson, the co-director and co-producer of the documentary, filed suit against eBay, alleging that the auction site failed to prevent the sale of illegal DVD copies of his film. Kelleher ruled that eBay had abided by its responsibilities under the Digital Millennium Copyright Act (DMCA) to guard against infringement. The DMCA requires auction sites to shut down auctions of infringing materials once they have notice from a copyright or trademark owner of the infringement. Hendrickson had never provided eBay with notice of the infringement. Further information may be found at http://www.usatoday.com/life/cyber/ccarch/2001/09/13/sinrod.htm

MAFIABOY SENTENCED TO EIGHT MONTHS

'Mafiaboy,' the Canadian teenager who wreaked havoc for a week in February of 2000, shutting down many major Internet sites, will spend the next eight months in a juvenile detention center. Judge Gilled Ouellet, who presided over the trial in Quebec's Youth Court, sentenced him on September 12th. Mafiaboy will also serve one year of probation after his release from the detention center. During his probation, he will be allowed to attend school and have a part-time job. He was also ordered by Ouellet to donate $250 to charity. Further information may be found at http://news.cnet.com/news/0-1005-200-7141694.html

ICANN PROTECTS COUNTRY DOMAIN NAMES

The Internet Corporation for Assigned Names and Numbers voted on September 10th to prevent the domain names of countries from being given to cybersquatters using fraudulent applications to claim them during the pre-registration period for trademark holders who want to lock up the .info domain. The .info domain became available on September 19th, the first time an unrestricted domain has been added to the Internet since 1985. Its implementation has been controversial as 10 to 25 percent of the 53,000 names registered thus far appear to be based on questionable trademarks. Afilias, the company sponsoring .info has said it will challenge all questionable registrations in December. ICANN board members voted 11-7 to prevent any more country names from being registered by outsiders, and to require Afilias to hand over recovered domain names to the countries involved. Country names will be taken from an official list established by the International Organization for Standardization. ICANN's ban will expire in March of next year. The board also voted to approve plans for the dot-aero, dot-coop and dot-museum domains, allowing managers of those domains to bring them online when they are ready. Further information is available at http://www.icann.org/minutes/prelim-report-10sep01.htm

LUCK WAS A LADY, TOO MUCH SO

Oh, those hackers. CryptoLogic, Inc. a Canadian software company that develops online casinos, admitted in early September that a hacker had cracked one of its gaming servers, altering the craps and video slot games so that players consistently won. The hack occurred in late August, and allowed 140 gamblers to win $1.9 million. Every roll of the dice in craps came up doubles and the slots showed cherries across the board. The attack affected two of CryptoLogic's 19 casino operating licensees. The winners were permitted to keep the money since they were believed to be innocent of any wrongdoing. CryptoLogic believes that the intrusion was probably someone with inside knowledge of its systems and is cooperating with investigators. CryptoLogic will absorb $600,000 of the misappropriated winnings, and a $1.3 million insurance claim will cover the remainder. CryptoLogic's web site may be found at http://www.cryptologic.com

EUROPE WARNS AGAINST ECHELON

Times have certainly changed quickly, but on September 5th, the European Union voted 367-159, with 34 abstentions, to adopt 44 recommendations designed to counter Echelon, the worldwide spy network led by the United States. Though the U.S. has denied the existence of Echelon, the EU accepted a 140-page report confirming Echelon's existence and reporting that it operates in cooperation with Britain, Canada, Australia and New Zealand. The purpose of Echelon, according to the report, is primarily to monitor private and commercial communications, not military communications. The report calls for closer European cooperation in setting up a joint encryption and intelligence-gathering system. It also recommends that sensitive information sent by e-mail be encrypted. Also included is a recommendation that the EU and the U.S. draw up rules strengthening international laws on data and privacy protection. Further information may be found at http://www.europarl.eu.int/committees/echelon_home.htm

FEDERAL JUDGES AND EMPLOYEES WILL BE MONITORED

On September 19th, the Judicial Conference approved a compromise measure that permits some tracking of the Internet use by judges and court employees, such as the downloading of pornography and music. A previous provision that would have permitted the monitoring of e-mail was abandoned. Prior to this, there had been no policy governing computer use for the 30,000 federal court employees, including about 1,800 judges. The Administrative Office of the U.S. Court in Washington will oversee monitoring. Supervisors would be notified of suspicious activity such as lengthy downloading times. Employees could be disciplined for downloading pornography or music, gambling online or using their computers for personal matters during work. Some sites, including Napster, will simply be blocked. The Conference also recommended that courts begin placing all civil cases online, with certain personal identifiers removed. Within two years, the Conference will revisit the issue of placing criminal cases online. Further information may be found at http://www.uscourts.gov/Press_Releases/jc901a.pdf

APPEALS COURT REBUFFS NAPSTER/PARTIAL SETTLEMENT

A three judge panel of the 9th Circuit Court of Appeals refused to continue its temporary stay of a District Court order issued on July 11th that demanded 100% compliance with an earlier copyright infringement prohibition. The panel refused to examine the various prohibitions defined by the trial court in a preliminary injunction against the music file swapping service issued on March 5th. The September 17th ruling also orders both sides to stop peppering the court with briefs. The parties were sternly instructed to "refrain from filing any further papers in the office of the clerk of this court" related to the appeals, unless those documents relate to future orders of the court or are citations of relevant cases that could be kept to a single page. Napster announced on September 24th that it had partially settled the case and made a deal with major music publishers. As part of the deal, Napster has agreed to pay $26 million to settle its ongoing legal disputes with music publishers and songwriters. Record labels are continuing with their own litigation, which means Napster is still faced with possible substantial legal damages. According to the terms of the deal, the owners of music-publishing rights will receive one-third of the royalties that Napster will pay content owners, leaving two-thirds of those royalties for record labels. It is not clear exactly how much money that will be, or what proportion of Napster's revenues that figure might represent. Napster has said it would pay an advance of $10 million against future licensing fees. Legal documents in the case may be found at http://www.napster.com/pressroom/legal.html

CDA HELD TO PROTECT AMAZON.COM

A Washington state appeals court ruled on September 17th that the Communications Decency Act (CDA) immunizes Amazon.com from liability for possibly defamatory comments posted on its web site by customers attacking an author. Author Jerome Schneider attempted to hold Amazon.com responsible for the posts, alleging defamation and tortious interference with a business expectancy. One of the posts suggested that Schneider, whose books often discuss tax avoidance methods, is a felon. After Amazon.com raised the CDA defense, the complaint was revised to drop the defamation claim and allege negligent misrepresentation and breach of contract, arguing that Amazon.com had decision making authority over the content. The CDA says that an "interactive computer service provider" can escape being judged as the "publisher or speaker of any information provided by another information content provider." Schneider's lawyers argued that Amazon.com isn't an ISP like America Online, whose service actually connects people to the Internet. The appellate judges said that they saw little difference between AOL's role as a bulletin board host and Amazon.com's provision of a free-for-all book review service.

VOYEURDORM WINS COURT BATTLE

VoyeurDorm, the rampagingly successful soft-core porn site, has won its legal battle against the city of Tampa, Florida, which was trying to close its Internet doors. Tampa lawyers argued that the VoyeurDorm home, based in the residential neighborhood of Wellswood, was an adult business, and therefore in violation of city zoning regulations. But the 11th Circuit Court of Appeals disagreed, and overturned the lower court's decision on September 21st finding that because the public does not and cannot attend the actual activities of VoyeurDorm, it does not fall afoul of the city ordinance. About 80,000 VoyeurDorm members pay $34.95 per month to watch the "real life" activities of 13 young women observed by 55 continuously operating webcasting cameras. Further information may be found at http://www.wired.com/news/politics/0,1283,47104,00.html

NIMDA: A WORM WITH A TWIST

NIMDA, a virulent new worm/virus hybrid (Admin spelled backwards to tweak system administrators) took the world by storm. First appearing on September 18th, the worm could be spread by visiting infected web sites or via e-mail, even when the attachment was not opened. If Code Red had previously infected your server, the worm could spread by exploiting the back door that Code Red left behind. The worm/virus exploits multiple vulnerabilities of various Microsoft products and can cause systems to overload and crash with the constant self-replication activity. Anti-virus companies scrambled to write a fix and Microsoft hustled to offer patches. Microsoft's information on NIMDA, preventing it and combating it, may be found at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/topics/Nimda.asp