Issue 54 December 2001	BYTES IN BRIEF® by Editors: Sharon D. Nelson, Esq. and John W. Simek Associate Editor: Amelia C. Hierholzer Editor Emeritus: G.V. Nelson 9500+ subscribers worldwide © 2001 Sensei Enterprises, Inc./Nelson & Wolfe. All rights reserved. This newsletter may not be reproduced or redistributed in any manner except with consent of the copyright owner. Distributed by Silver Law Inc. under license.

SUPREME COURT DENIES CERT IN WASHINGTON SPAM CASE

On October 29th, the U.S. Supreme Court rejected an appeal challenging Washington state's anti-spam law. The Court denied the petition without comment, allowing a Washington state court to continue with a lawsuit against Jason Heckel, an alleged spammer. The state of Washington had sued Heckel in 1998, claiming that he violated the law by spamming millions to increase sales of his book, which includes a segment on how to use unsolicited e-mail to make money. The King County Superior Court in Seattle will hear the case, which involves the allegation that Heckel and his company, Natural Instincts, not only spammed millions but also used bogus return addresses and third party domain addresses without permission. The state is allowed to ask for as much as $2,000 per violation of its anti-spam statute. At the moment, only 19 states have anti-spam laws, and commentators believe the refusal to review this case may encourage other states to adopt such laws. Further information may be found at http://www.zdnet.com/zdnn/stories/news/0,4586,5099046,00.html

CALIFORNIA COURT REJECTS BAN ON DECSS PUBLICATION

On November 1st, the Court of Appeal for the State of California ruled that DeCSS (De-Content Scrambling System), the controversial code used to descramble DVDs, may be published online. The suit had been brought by the DVD Copy Control Association (DVDCCA). The DVDCCA brought suit under the Uniform Trade Secrets Act, charging that the disclosure of the code to descramble CSS was a violation of its trade secrets. The defendants in the case include Jon Johansen, the 15-year-old Norwegian who created DeCSS, and Andrew Bunner, who posted the DeCSS code on his web site. Though the trial court had barred the posting, the decision was appealed and the appellate court said that enjoining the publication of DeCSS would violate the First Amendment and that the DVDCCA's right to protect its trade secrets did not justify the imposition of a prior restraint. A similar case in New York had said that source code was not protected by freedom of speech because it could be compiled into a functional program. The California court ruled that although the source code is capable of such compilation, it does not destroy the expressive nature of the code itself. The court made it clear that it was offering no opinion as to whether a permanent injunction might be issued at the end of the trial. It also upheld the DVDCCA's right to bring action against anyone who violates the Uniform Trade Secrets Act by conduct, as opposed to speech, or who was contractually bound by a "click-through" agreement not to disclose the code. The court also said that anyone who infringed DVDCCA copyrights would be liable under copyright law. The court's decision can be found at http://www.courtinfo.ca.gov/opinions/documents/H021153.PDF

NEW YORK COURT UPHOLDS BAN ON DECSS PUBLICATION

On November 28th, the Second Circuit Court of Appeals in New York upheld a lower court order prohibiting publishing or linking to DeCSS, the DVD decrypting code, upholding the Digital Millennium Copyright Act (DMCA) and preventing the web site 2600 from posting links to the code. The DMCA prohibits the circumvention of copy protection and the distribution of devices that can be used to bypass copyrights even if users of the devices don't do anything illegal once they've broken the security. The court found that computer code is speech and therefore entitled to some First Amendment protection. However, the court concluded that the material in this case is "content-neutral," and therefore entitled to considerably less protection than "expressive" content such as poetry or a novel. While acknowledging the difficulties in placing limits on linking, the appeals court essentially agreed with the lower court's reasoning "that the DMCA, as applied to the defendants' linking, served substantial governmental interests and was unrelated to the suppression of free speech." The opinion in the case may be found at http://www.eff.org/Cases/MPAA_DVD_cases/20011128_ny_appeal_decision.html

U.S. AGENCIES FLUNK TECH SECURITY

According to testimony at a Congressional hearing on November 9th, U.S. agencies almost uniformly deserve a flunking grade in technological security. The grades were issued by a subcommittee of the House Committee on Government Reform. The subcommittee said there were basic problems such as failing to install upgrade patches and complying with existing security policies and procedures. Roughly two thirds of U.S. agencies received flunking grades. Rep. Stephen Horn, who has graded agencies on several information technology management topics over the years, gave the government an overall grade of F for its effort to secure IT systems, with 16 of 24 agencies surveyed receiving the failing grade, including the departments of Defense, Justice, Labor, Commerce, Agriculture, Commerce, Education, Interior, and Energy. Further information on the issue may be found at http://www.gao.gov/new.items/d02231t.pdf

FCC ASKS $100,000 FINE AGAINST SBC IN DSL INVESTIGATION

The Federal Communications Commission proposed to fine the telephone giant SBC Communications $100,000 for hindering a probe into its possible discrimination in providing high speed Internet service and maintenance. The FCC had asked SBC, which is the dominant local phone company in much of the Midwest, to give it information about providing and maintaining DSL service to affiliated and unaffiliated ISPs. SBC stated in late 2000 that it could not provide the information, but said in April of 2001 that its data showed that both affiliated and unaffiliated ISPs were treated the same. Once again, the FCC asked for the information in a sworn statement. The company proffered the information, but refused to do so in a sworn statement. Further information may be found at http://www.siliconvalley.com/docs/news/reuters_wire/1621254l.htm

HOUSE PASSES ENERGY CYBER-SECURITY BILLS

On November 1st, the U.S. House of Representatives passed an appropriations bill, by a vote of 399-29, which significantly increases cyber-security measures at Energy Department facilities. Roughly $14.0 million was appropriated for the Office of Independent Oversight and Performance Assurance, which controls online security operations within the department. Particular concerns have been expressed about the safeguards and security operations at the NNSA (National Nuclear Security Administration) and the relevant imbalance of physical versus cyber-security. The NNSA was founded in March 2000 as the Energy Department unit responsible for carrying out national security responsibilities, including the safeguarding of the U.S. nuclear weapons and materials stockpile. On November 14th, the House passed the Commerce-Justice-State (CJS) appropriations bill, which includes funding for programs designed to fight cyber-crime, child pornography and intellectual property theft. Further information may be found at 
http://www.newsbytes.com/cgi-bin/udt/im.display.printable?client.id=newsbytes&story.id=171765 and http://www.newsbytes.com/news/01/172166.html

YAHOO NOT BOUND BY FRENCH COURT'S HATE SPEECH RULING

On November 7th, U.S. District Court Judge Jeremy Fogel ruled that French law does not supercede the First Amendment, and that Yahoo is not bound by a French court's ruling that it must filter out hate speech for French users, or face a $13,000-per-day fine. The court considered whether it is appropriate under the First Amendment of the United States Constitution for another nation to regulate speech in the U.S. on Internet servers located in the United States simply because that speech can be accessed by citizens of other countries. The French ruling stated that Yahoo must prevent French users from viewing or participating in any auctions of Nazi-related memorabilia. The ruling further required that French visitors to Yahoo be shielded from "any other site or service that may be construed as an apology for Nazism." Yahoo had said it could not selectively deny access to French users and that it was not subject to the French court's jurisdiction because the Internet servers for Yahoo's auction sites are based wholly in the United States. Yahoo now generally prohibits sales of Nazi merchandise on its auction sites, but it asked the U.S. court to issue a declaratory judgment holding that the French court has no authority over the content on its U.S.-based Web servers. Further information may be found at http://www.infoworld.com/articles/hn/xml/01/11/09/011109hnyahoo.xml?1109fram

EUROPE ADOPTS FIRST CYBERCRIME TREATY

On November 8th, the 43-nation Council of Europe adopted a convention on cybercrime, the first international treaty on criminal offences committed over the Internet. The treaty criminalizes activities such as online fraud and online child pornography and sets up global law enforcement procedures for conducting computer searches, intercepting e-mails, and extraditing criminal suspects. Thirty member countries signed the treaty on November 23rd, as well as the U.S., Canada, Japan and South Africa. Civil rights groups and ISPs have fought the treaty, saying that its language is vague and that it imposes burdensome requirements on ISPs. The treaty will come into effect when five states, including at least three CoE member states, ratify it. The 15-member European Union is pushing for its own separate law against cybercrime, which is expected to use the convention as a starting point.Further information may be found at http://www.zdnet.com/zdnn/stories/news/0,4586,2823645,00.html

.BIZ DOMAIN DEBUTS

On November 7th, the newest top-level domain name debuted. The .biz domain is intended to provide businesses with an alternative to the congested .com domain name. The latest address suffix joins the original domains .com, .org, and .net. Last year, the Internet Corporation for Assigned Names and Numbers, (ICANN) selected seven new generic top-level domain names including .biz, .info, .name, .pro, .museum, .aero, and .coop. The general purpose domain, .info, became live in October and the new domain, .biz, is solely for use by businesses. Companies can register for a .biz address through http://www.neulevel.biz

FBI/SANS "TOP TWENTY" LIST OF NET VULNERABILITIES

The SANS Institute in Bethesda, Maryland, working with the FBI, has developed a top 20 list of common vulnerabilities that leave Internet sites open to attacks. The list includes descriptions of the vulnerabilities, the recommended means to fix them, and descriptions of any products that administrators can use to assist in the repair efforts or to confirm that repairs have been successful. The most commonly identified problems this year are with Microsoft IIS, which is very widespread and relatively easy to break into. Many administrators are not even aware that they have IIS, which is automatically installed with Windows 2000 and Windows XP, depending on which installation features are chosen. The list is constantly evolving so repeat visits to the site are required to stay on top of current vulnerability information. The SANS "Top 20" list may be found at http://www.sans.org/top20.htm

ADULT SITES SETTLE FTC FRAUD CHARGES

The Federal Trade Commission announced on November 5th that the operators of Playgirl.com and other adult sites have agreed to pay $30 million to settle charges that they illegally billed thousands of customers for what were advertised as free services. Crescent Publishing Group and 64 affiliated corporations also agreed to post a $2 million bond before continuing to operate the sites. The FTC and the Attorney General of New York state alleged in their complaint that visitors to Playgirl.com, Highsociety.com and dozens of other Web sites were asked to provide credit card numbers to prove that they were old enough to view adult material. Although they were told that access to the site was free, they were charged recurring monthly fees of between $20 and $90. The charges appeared on credit card statements under a variety of different names, making it difficult to have them removed. The FTC said the settlement requires the defendants to get express permission from consumers before billing them in the future, and requires them to keep records to ensure compliance. The $30 million will be distributed to consumers who have been defrauded by Crescent Publishing. The final order in the case may be found at http://www.ftc.gov/os/2001/11/crescentstip.pdf

$100 MILLION OF COUNTERFEIT GOODS SEIZED

On November 16TH, law enforcement authorities in Los Angeles announced that they had seized counterfeit hardware and software valued at more than $100,000,000.00, saying it was the largest such seizure ever made. Four individuals were arrested in connection with the case, which is believed to involve a ring which moved the merchandise from Asia to Los Angeles. Products seized included suspected counterfeits of Windows XP, Windows 2000, Windows NT and Microsoft Office 2000 Professional software, along with manuals, user license agreements, decals for windows and bar code labels. Arrested were Vincent Koo, Tony Lu, Wilson Liu, and Lisa Chen. As part of the sting operation, an undercover customs agent accepted bribes to allow smugglers to ship merchandise into the country. More arrests are expected. Further information may be found at http://www.latimes.com/technology/la-000091876nov17.story

TWO YEAR EXTENSION OF NET TAX BAN BECOMES LAW

On November 15th, the Senate approved a two year extension of the current moratorium on new Internet taxes. The bill was signed by President Bush on November 28th. The Internet Tax Freedom Act, first passed in 1998, lapsed October 21st. The Senate allowed the ban to expire as several members expressed state concerns about lost revenue from e-commerce. The ban is now in place until November 1, 2003. The Act may be found at http://thomas.loc.gov/cgi-bin/bdquery/z?d107:h.r.01552:

ARMY DEBUTS WORLD'S LARGEST INTRANET

On November 15th, it was announced that the U.S. Army had officially opened the world's largest intranet, connecting more than 1 million soldiers, support personnel and veterans worldwide. It is referred to as the Army Knowledge Online Portal (AKO) because it opens onto hundreds of the Army's internal websites, servers and information sources. It has 70 terabytes of storage, more than three times that of the Library of Congress. It's a total aggregation of all the information the Army has, all the documents, manuals and files. The intranet is expected to serve between 1 and 3 million users when all personnel have registered to use it. All soldiers on active duty have already been ordered to sign up and they are subscribing to the AKO at a rate of between 10,000 and 30,000 a day. Although the AKO requires users to sign on with a user name and password, the site will not be used to transmit top secret information. The AKO project, which was started five months ago, was rushed to completion after the recent terrorist attacks. Further information may be found at http://www.wired.com/news/technology/0,1282,48183,00.html

EUROPEAN UNION VOTES TO RESTRICT COOKIES

On November 13th, the European Parliament voted to adopt an amendment to the draft directive on electronic data collection and privacy to restrict the use of cookies. If the vote is ratified, web sites will have to explicitly ask users to accept cookies, which are small pieces of code used primarily by commercial web sites to track users and their purchasing behavior. Privacy groups have been critical of cookies because of their technical vulnerabilities and potential privacy problems in the event of a computer breach. The Interactive Advertising Bureau (IAB) warned that British companies could lose £187 million ($270 million) if the directive was ratified. The IAB plans to lobby national governments in advance of the reading of the amendment by the Council of Ministers, expected in December Further information may be found at http://www.zdnet.com/zdnn/stories/news/0,4586,2824264,00.html

MUSIC PUBLISHERS SUE FILE-SWAPPING SERVICES

The National Music Publisher's Association filed suit on November 20th against the parent companies of music file-swapping services Music City, Grokster and Kazaa, alleging copyright infringement. The suit was filed in Los Angeles federal court and is expected to be more difficult to win than the cases again Scour and Napster, which actually assisted site visitors in swapping songs. MusicCity, however, merely makes software that allows individuals to swap computer files. A copy of the complaint may be found at http://www.nmpa.org/legal/Musiccity_.pdf

HOUSES PASSES COMPUTER SECURITY ENHANCEMENT ACT

On November 27th, the House of Representatives passed the Computer Security Enhancement Act by a vote of 391-4. It amends the National Institute of Standards and Technology (NIST) Act to give NIST the responsibility for providing guidance and assistance to federal agencies for protecting the security and privacy of sensitive information in interconnected federal computer systems. The bill excepts national security systems. A copy of the bill may be found at http://thomas.loc.gov/cgi-bin/bdquery/z?d107:H.R.1259:

DRUG COMPANY LOSES SECOND SLAPP CASE

Hollis-Eden Pharmaceuticals, based in California, first sued Gregory Alcus for allegedly defaming the company on a Yahoo message board in December of 2000 and Superior Court Judge Kevin Enright dismissed the case on March 28th. The court held that Alcus was protected by a California law written to shield individuals from retaliatory lawsuits by corporations that feel they have been disparaged. These are called SLAPP suits "Strategic Litigation Against Public Participation." Under the anti-SLAPP statute, a corporation must show it has a "probability of success" on its claims of defamation. On March 21st, shortly before the first case was dismissed, Alcus posted another comment the company said was defamatory on the Yahoo message board. Alcus questioned why the company had not released results from a clinical trial and accused the company of withholding information to manipulate its stock. Once again, the company's suit has been dismissed, the court finding that the company had not shown it was likely to prevail. By Hollis-Eden's own admission, the tests had been completed and the results had not been released. Hollis-Eden has appealed the first decision and is expected to appeal its latest defeat as well. Information about SLAPP and cases filed under it may be found at http://www.sirius.com/~casp/welcome.html

CALIFORNIA APPEALS COURT UPHOLDS ONLINE SPEECH

On November 15th, a California Court of Appeal issued a decision in ComputerXPress v. Lee Jackson et al, another SLAPP case. ComputerXpress had filed suit against eight defendants after a proposed merger collapsed. The company alleged nine causes of action against defendants, including fraud, trade libel and interference with prospective economic advantage. The defendants were charged with making numerous false and disparaging statements about the company on the Internet. The defendants had moved for dismissal under SLAPP, but the court denied the motion, finding that none of the online statements were covered by SLAPP. The appellate court agreed with the trial court on four causes of action, but reversed on the remaining five. The court held that postings on an Internet message board constituted a "public forum," as defined in the anti-SLAPP statute. It further ruled that the defendants posted opinions as shareholders of ComputerXpress, not competitors, and the matter was therefore an issue of public interest in a public company. Though the content of the postings may have been disparaging, the court found that their tone and content identified them as statements of opinion and not fact. The opinion in the case may be found at http://www.courtinfo.ca.gov/opinions/documents/E027841.PDF

MICROSOFT VS. DOJ: A DEAL IS STRUCK

The Department of Justice and Microsoft announced on November 2nd that they had signed a deal in the DOJ's antitrust suit against Microsoft. Gone was the threat of a breakup, replaced by restrictions on Microsoft's future conduct. Without making any admission of wrongdoing, Microsoft agreed to various anti-retaliatory provisions and to treat computer makers equally in a host of instances, regardless of the manufacturers' relationships with Microsoft competitors or the decision of what to place on the desktop of the machines they manufacture. Microsoft will tell its developers about formerly confidential programming interfaces that products like Word or Excel rely on to link to Windows code. Additionally, Microsoft's ability to cut sweetheart deals with those who promote its products was sharply reduced. A panel of three independent experts will have complete access to Microsoft's facilities, systems, and employees to monitor compliance with the settlement agreement over the next five years.

Sun Microsystems, calling the settlement ineffectual to protect competitors, said that it may file a civil antitrust suit against Microsoft. Sun also said that if Microsoft isn't forced to share technical information with third parties, particularly about its .NET initiative, Microsoft will end up owning the Internet, as well as the desktop.

Nine states and the District of Columbia ultimately determined that they would reject the settlement. The nine states are Connecticut, Iowa, California, Florida, Kansas, Massachusetts, Minnesota, Utah and West Virginia.

It is estimated that the states have spent roughly $20 million in the three year case against Microsoft, which has $31.6 billion in cash reserves, and spent more than $100 million on lawyers. Microsoft is working out agreements to reimburse the other nine states in the case, which negotiated a final settlement along with the Justice Department. Under federal law, the Justice Department is not entitled to any reimbursement in antitrust cases it wins. On November 16th, Microsoft took the unusual step of offering to pay the nine remaining states and the District of Columbia all litigation costs incurred thus far if they will join the settlement. Some of the states immediately declared the offer irrelevant saying that Microsoft is already obliged to pay those fees because it has been found to have violated antitrust laws.

Microsoft had asked U.S. District Judge Colleen Kollar-Kotelly to delay any court proceedings by the remaining states until she decides whether the settlement is in the best interest of consumers. But on November 6th, she refused Microsoft's request and set an aggressive schedule to move forward on both issues. She set a time frame of 60 days for public comment on the proposed settlement. She also allowed the states that are pursuing the case to begin gathering witnesses and evidence in preparation for hearings in March on what other restrictions might be imposed on the company. The parties' proposed final judgment in the case may be found at http://www.microsoft.com/presspass/trial/nov01/11-02settlement.asp

MICROSOFT SETTLES ANOTHER ANTITRUST CASE

Microsoft announced on November 20th that it had reached a settlement which would dismiss more than 100 pending antitrust cases against the company. The majority of the cases were brought after the federal ruling finding antitrust violations. If approved by a federal judge in Baltimore, the agreement would increase the Microsoft presence in schools, where rival Apple Computer has traditionally dominated. Under the terms of the settlement, Microsoft would donate software, services, training and software licenses for reconditioned computers, with a value of more than $1 billion, to qualifying schools. The donations would go to public elementary and secondary schools at which 70 percent of students are eligible for federal meal assistance, translating into roughly 14% of American schools. As part of the settlement, Microsoft would set up a foundation to distribute the donations. Apple, which currently holds about 23% of the computer market in the nation's schools, has publicly attacked the proposed settlement and filed a 30 page brief opposing it on November 26th. The settlement must be approved by the U.S. District Court in Baltimore. Apple said it is mystified by a settlement which allows Microsoft to make inroads into education, one of the few markets left in which Microsoft does not have monopoly power. The proposed settlement may be found at http://www.microsoft.com/presspass/legal/ca/11-20settlement.asp