Bytes in BriefBytes in Brief®
Issue 63
September 2002
|
BYTES IN BRIEF® by
Editors: Sharon D. Nelson, Esq. and John W. Simek
Associate Editor: Amelia C. Hierholzer
Editor Emeritus: G.V. Nelson
9500+ subscribers worldwide
© 2001 Sensei Enterprises, Inc./Nelson & Wolfe.
All rights reserved. This newsletter may not be reproduced
or redistributed in any manner except with consent
of the copyright owner. Distributed by Silver Law Inc.
under license.
|
 |
COURT ORDERS ICANN TO OPEN BOOKS
On July 29th, the Los Angeles Superior Court ruled that the Internet
Corporation of Assigned Names and Numbers must produce corporate
documents requested by ICANN North American Elected Director Karl
Auerbach. Auerbach said he requested to see the corporate records in
November 2000, but ICANN imposed a condition, requiring him to sign an
agreement that gave ICANN discretion to govern his access to and copying
of the records. Auerbach refused, believing that the limitations on his
rights as a director were unwarranted, a position with which the court
agreed. The documents at issue include ICANN's financial ledger, its
contracts and agreements with employees, and documents related to ICANN's
law firm, such as engagement letters and invoices. If ICANN appeals, the
case would probably last throughout the remainder of Auerbach’s term as a
director, which ends this year, effectively prohibiting him from ever
examining the records in question. The decision in the case may be found
at
http://www.eff.org/Cases/Auerbach_v_ICANN/
UCITA CHANGES PROPOSED BY NCCUSL
The Uniform Computer Information Transactions Act has been controversial
from the start. The vendor-supported law, which sets default rules for
software contracts, has met unexpectedly stiff resistance from a
committed coalition of corporations, consumer groups and library
entities. Hoping to increase the number of states willing to adopt UCITA,
changes have been proposed by the National Conference of Commissioners on
Uniform State Laws (NCCUSL) at its annual meeting in Tucson, Arizona,
July 26th-August 2nd. The most notable change includes the removal of the
"self-help" provision that allows vendors to remotely disable
software. The NCCUSL also altered the law to make it clear that
state-enacted consumer laws would supercede UCITA, to make unenforceable
any contract provision which prohibits criticism of a software product,
to allow reverse engineering done for the purpose of ensuring
interoperability, and to protect open-source software from UCITA’s
provisions. The NCCUSL will submit the revised UCITA to the American Bar
Association for review. UCITA has been enacted only in Maryland and
Virginia. The Amendments may be found at
http://www.law.upenn.edu/bll/ulc/ucita/UCITA_Amds_AM02.htm
RELIGIOUS E-MAIL BAN CHALLENGED IN TEXAS
On August 1st, the American Center for Law and Justice (ACLJ) filed suit
in federal district court challenging a Dallas school district that has a
policy prohibiting employees from sending religious e-mails. The district
allegedly threatened to revoke the e-mail privileges of employee LaDonna
DeVore because she e-mailed a message containing information about
President Bush’s proclamation of a National Day of Prayer. The ACLJ is
challenging the policy, which bans "religious worship" and
"proselytizing," on First Amendment grounds because it focuses
on religious speech while permitting e-mail of a wide variety of private
messages, including jokes and invitations. Further information may be
found at
http://www.aclj.org/news/pressreleases/020801_email_policy.asp
DOJ BEGINS CRIMINAL PROBE OF AOL
On August 1st, the U.S. Department of Justice announced that it has begun
a criminal investigation into the accounting practices of AOL Time
Warner, specifically targeting the dealings of the online division based
in Northern Virginia. Concurrently, a civil investigation is being
undertaken by the Securities and Exchange Commission. AOL Time Warner
said that its accounting conforms to generally accepted accounting
principles which have been sanctioned by its auditor, Ernst & Young
LLP. The criminal investigation focuses on a series of business
transactions from 2000-2002. In one instance, AOL inherited an
arbitration award from another company and settled the case by accepting
an advertising deal. In another transaction, AOL operated as an
advertising agent for eBay, Inc. but booked the revenue from the sales as
AOL’s own revenue. AOL Time Warner certified its financial results on
August 14th in compliance with Securities and Exchange Commission (SEC)
Order 4-460 and the Sarbanes-Oxley Act of 2002. The corporate statement
references the alleged irregularities and may be found at
http://media.aoltimewarner.com/media/press_view.cfm?release_num=55252695
PRINCETON MAKES UNAUTHORIZED VISITS TO YALE WEB SITE
Yale University officials announced that they found 18 unauthorized
log-ins to their site for prospective students traceable to computers at
Princeton, including 14 from computers in its admissions office. The Yale
site permitted undergraduate applicants to see if they had been accepted
to the university. Applicants could access the site and information about
their own status simply by using their Social Security numbers and birth
dates, which other schools they applied to might have on file. A
Washington Post report said Princeton admission officials accessed the
account of fashion model Lauren Bush, the president's niece. Stephen
LeMenager, Princeton's associate dean and director of admissions, said
the school checked Yale's site simply to see how secure it was. Princeton
gained access to the Web site using information from students who had
applied to both schools. The site included a notice that only students,
not parents or others, were allowed to access the site, warning that Yale
would investigate and act on any unauthorized use. Further information
may be found at
http://www.usatoday.com/tech/news/internetprivacy/2002-07-30-ivy-hack_x.htm
COUNTY CLERK IS HACKED: INDICTMENT HANDED DOWN
In Harris County Texas, the old courthouse couldn’t handle more computer
lines, so the County intended to install a wireless service to connect
personal computers used by court clerks to the County network. In March,
Stefan Puffer was indicted on two counts of fraud for allegedly hacking
into the wireless system, which has now been taken out of service due to
its vulnerability. Puffer showed a county official and a reporter how he
was able to use his laptop computer and a $60 to $75 wireless card to tap
into the clerk's system. Reportedly, it cost the county $5,000 to clean
up after the alleged breach, although no files were compromised. Puffer
could face five years in prison and a $250,000 fine on each count.
Further information may be found at
http://www.theregus.com/content/55/25766.html
MICROSOFT SETTLES PASSPORT PRIVACY CASE
On August 8th, Federal Trade Commission Chairman Timothy Muris announced
that Microsoft would tighten security for the personal information it
collects from users of its Passport Internet services as part of its
settlement with the FTC. An FTC investigation had concluded earlier that
Microsoft made false promises about how secure it kept the consumer
information it gathered. The FTC also found that Microsoft misled users
about the kind of information it was collecting. The settlement requires
Microsoft to stop such practices and to implement a "comprehensive
information security program." Microsoft agreed to pay $11,000 per
day for any future violation and to submit to an audit of its security
program every two years for the next two decades. The settlement covers
Passport, which allows consumers to use a single log-in to access
multiple Web sites; Passport Wallet, which collects and stores consumers'
credit card numbers so that users can make purchases at participating Web
sites; and Kids Passport, which allows parents to create Passport
accounts for their children that limit the amount of personal information
collected about them. Further information as well as the case documents
may be found at
http://www.ftc.gov/opa/2002/08/microsoft.htm
20 CHARGED IN NET CHILD MOLESTATION RING
On August 9th, the U.S. Customs Service announced that 20 people in the
U.S. and Europe had been arrested for their participation in a global
child molestation ring, accused of posting pornographic photos of minors
on the Net. In many cases, the minors were the children of ring members.
45 children were taken from parents and caregivers who were participants
in the group. Officials said they expect more arrests as authorities
identify additional children in the photographs, who ranged in age from 2
to 14. The children identified so far have been placed with relatives or
in foster care. The defendants communicated by e-mail and in Internet
chat sessions, according to the indictment. U.S. Customs CyberSmuggling
Center agents, working with local police departments, Interpol and the
National Center for Missing and Exploited Children, were able to identify
others alleged to be members of the ring. Each charge of sexual
exploitation of children, conspiracy to exploit children and receiving
and distributing child pornography carries a sentence of 10 to 20 years
in prison. The Justice Department is seeking extradition of the Europeans
named in the Fresno, California indictment. Further information may be
found at
http://www.customs.ustreas.gov/news/pressrelf.htm
TOTAL INFORMATION AWARENESS SYSTEM TO BATTLE TERRORISTS
On August 7th, the Defense Advanced Research Projects Agency (DARPA)
began the process of awarding contracts for the design and implementation
of a Total Information Awareness (TIA) system. The system is intended to
look for clues of an impending terrorist attack, which are often not
interpreted correctly until after the attack. The system looks toward
revolutionary advances in science, technology or systems and
"development of collaboration, automation and cognitive aids
technologies that allow humans and machines to think together about
complicated and complex problems." TIA's five-year goal is the
"total reinvention of technologies for storing and accessing
information ... although database size will no longer be measured in the
traditional sense, the amounts of data that will need to be stored and
accessed will be unprecedented, measured in petabytes." Further
information may be found at
http://www.wired.com/news/print/0,1294,54342,00.html
WHOOPS: FEDS LOSE LAPTOPS – A LOT OF THEM
On August 5th, the Justice Department’s inspector general said in a
43-page report that law enforcement groups, including the FBI, the Drug
Enforcement Administration and the U.S. Marshals Service suffer from
"a lack of accountability," and have at least 400 laptop
computers designated as missing, lost or stolen. The DEA has such poor
accounting practices, according to the Inspector General, that it could
not even provide a total count of missing laptops. Approximately half of
all FBI laptops are authorized to store secret or top secret material. A
similar report by the Treasury Department auditors found that the
Internal Revenue Service had the same problem, with 2,332 laptops lost or
misplaced over three years. Some findings seem particularly startling.
Even though the FBI's own procedures require an inventory of physical
property every two years, the last inventory was conducted before 1993.
FBI guidelines require that employees report lost property, but they
don't say when the report must be filed. Some loss reports took 23 years
to be filed, and the average time for a loss to be reported to the FBI
was over four years. Only 4 percent of the lost laptops "have so far
resulted in recommendations for disciplinary action." Further
information may be found
http://news.com.com/2100-1001-948595.html?tag=dd.ne.dht.nl-sty.0
MICROSOFT MOVES TOWARD SETTLEMENT COMPLIANCE
Although its antitrust settlement with the Justice Department has not yet
been approved in federal court, Microsoft announced a series of measures
on August 5th designed to comply with the settlement. Microsoft said it
would disclose new technical information so that other software
manufacturers could make their programs operate under Windows’ operating
systems. Microsoft General Counsel Brad Smith announced that the company
would make public 272 pieces of internal Windows computer code that would
help competing software developers make products that work properly with
Windows. Smith said the company would also license 113 protocols that
enable non-Microsoft-based computer networks to operate with Microsoft
software on individual computers. In addition, Microsoft said upcoming
updates of the new Windows XP operating system would allow computer
makers and consumers to add and remove access to some Windows features
such as Microsoft's Internet Explorer, Windows media player, and Outlook
Express. All information had been posted by August 27th. Though there was
no requirement to do so, Microsoft also filed a seven-page settlement
progress report with the federal court in Alexandria on August 28th.
Further information may be found at
http://www.microsoft.com/presspass/legal/aug02/08-05settlementmilestones.asp.
The information regarding the Settlement Program Interfaces is posted at
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnapiover/html/
api-overview.asp
DON’T LINK TO US WEB SITE
David Sorkin, an associate professor of law at The John Marshall Law
School in Chicago, is clearly having fun with his Don’t Link to Us web
site. The site exists solely to flout what Sorkin called "stupid
linking policies." The site was launched in response to recent court
decisions upholding web site conditions that banned or restricted links.
In last month's Newsbooster case, a Danish court ruled that the
Newsbooster web site could not link to stories within 28 associated
Danish news sites. Sites with linking bans that Sorkin has flouted
include the International Trademark Association, the American Cancer
Society, the City of Colorado Springs, Gay Wired, Texas Instruments,
Shell Oil, the Washington Post, Disney, Motorola, the Chicago Sun Times,
the Chicago Tribune, National Public Radio, Carfax, Matsushita, Autodesk,
and the Smithsonian Institution's Hirshhorn Museum and Sculpture Garden,
Michigan.gov and Law.com. Sorkin’s site may be found at
http://www.dontlink.com
JUNK FAX SUIT ASKS $2.2 TRILLION FOR JUNK FAXES
On August 22nd, a suit seeking class action status was filed in both
California state and federal district court against facsimile marketer
Fax.com, its telecommunications provider, Cox business services, and its
advertisers. The suits allege that all of the named companies are guilty
of violating federal laws that prohibit unsolicited faxes. Fax.com, in
response to the suit, has said that it has the constitutional right to
advertise by fax. Earlier this month, the Federal Communications
Commission proposed fining Fax.com $5.38 million for sending unsolicited
advertisements by fax, the largest such fine ever suggested. Fax.com
described the suit as "unfounded and absurd." The corporate
response to the suit may be found at
http://www.fax.com/Company_profile/pressroom-release.asp?IDpress=6
CDT RELEASES REPORT ON COURT RECORDS ONLINE
The Center for Democracy and Technology released a report on August 28th
detailing the current status of the states’ struggle to find a balance
between public access and privacy rights as they place court records
online. According to the report, all states put their court records
online and open them for public access to some degree, but there are
major differences in approach. Some sites are free and others are by
subscription. Some have sealed cases by areas of law, while others open
all court records. Some states have uniform state-wide policies, others
vary county by county. Some have sensitive data (such as social security
numbers, credit card numbers, phone numbers) deleted; others have such
data freely available. The report may be found at
http://www.cdt.org/publications/020821courtrecords.shtml
HYPERLINK PATENT CASE DISMISSED
A federal judge ruled on August 22nd in the Southern District of New York
that a patent, issued to British Telecommunications, Inc. prior to the
advent of the Internet, does not cover hyperlinking. British
Telecommunications Inc. v. Prodigy Communications Corp. attracted a great
deal of interest because it sought to interpret an older patent broadly
to cover Internet technology. Had BT prevailed, it was expected to seek
vast royalty payments from Internet service providers. British Telecom's
original patent application, filed in 1977, covers a system to allow
users to access text-based information via a telephone network. The
company submitted several successor applications before its "Sargent
patent" was issued in 1989. The Sargent patent describes an improved
way for multiple users, each located at a remote terminal, to access data
stored on a central computer. Communication between the terminals takes
place over a telephone network. Judge Colleen McMahon wrote that British
Telecom's patent claims "clearly provide that the central computer
is one device, in one location . . . Therefore, viewing the Internet as a
system (as BT asks me to do), it does not literally infringe the Sargent
patent, because it contains no such central computer." The case was
dismissed on a summary judgment motion. Further information may be found
at
http://www.law.com/jsp/printerfriendly.jsp?c=LawArticle&t=PrinterFriendlyArt
icle&cid=1029689057140
RUSSIA FILES CRIMINAL CHARGES AGAINST FBI AGENT
On August 15th, Russia’s Federal Security Service filed criminal charges
against FBI agent Michael Schuler for unauthorized access to computer
information. The charges allege that the agent lured two Russian hackers
to the United States and then illegally gathered evidence against them by
downloading data from their computers in Chelyabinsk, Russia. The
complaint has been forwarded to the U.S. Department of Justice for
response. The two hackers had reportedly hacked into the networks of at
least 40 U.S. corporations and then attempted to extort monies by
threatening to delete data. They also were accused of pilfering financial
information, including credit card numbers. As part of a sting, the FBI
offered one of the hackers a job. The computer he was given was equipped
with "sniffer" software recording every keystroke. Using
account numbers and passwords discovered with the keystroke logging
program, agents gained access to data on the hackers’ Russian computers,
downloading it before obtaining a search warrant. One hacker has since
been convicted and the other is awaiting trial. Though lawyers had argued
that the FBI violated the Fourth Amendment rights of the hackers by
secretly obtaining passwords and account numbers, the Washington district
court in Seattle held that hackers had surrendered any expectation of
privacy when they used computers in what they believed to be the offices
of a public company. The court also said that the Fourth Amendment did
not apply to the Russian computers because "they are the property of
a non-resident and located outside the United States." The
investigators did obtain a warrant before viewing the data and the court
found that the warrant did not have to be obtained prior to downloading
the data because "the agents had good reason to fear that if they
did not copy the data, (the) defendant’s co-conspirators would destroy
the evidence or make it unavailable." Finally, the court found that
the agents acted legally, saying that Russian law did not apply to their
actions. Further information may be found at
http://asia.cnet.com/newstech/security/0,39001150,39073880,00.htm
DOUBLECLICK ENDS PROBE WITH CONCESSIONS
Online advertising company DoubleClick agreed on August 26th to pay
$450,000 and to limit its use of personal information in order to resolve
an investigation by 10 states into charges that DoubleClick profiled
users inappropriately. The probe had focused on DoubleClick’s use of
"cookies" to track the sites users visited and whether they
clicked on banner ads. Under the agreement, DoubleClick will still be
able to track users but it will have to better disclose how it does so
and give individuals access to the profiles created about them. The
company also agreed to allow an outside company to audit its privacy
promises for several years. Other states that are part of the agreement
include California, Connecticut, Massachusetts, Michigan, New Jersey and
Washington. Further information may be found at
http://www.oag.state.ny.us/press/2002/aug/aug26a_02.html
NIPRA SUES PATENT OFFICE TO RETAIN PAPER
The National Intellectual Property Researchers Association (NIPRA) filed
suit in Federal court on August 23rd, seeking to save millions of paper
documents that the Patent and Trademark Office proposes to destroy. NIPRA
says it basically supports the PTO’s attempt to make itself paperless,
but that the PTO should save hard-copy patent and trademark collections
critical to researchers because the PTO’s electronic database is
currently replete with holes and inaccuracies. Now that it has an
electronic filing system, the PTO wants to dispose of an estimated 135
million documents, comprising 200 years of archives. Presently, 30
percent of all trademark applications are filed electronically, though
e-filing will be mandatory by 2004. The PTO is considering a similar
mandatory provision for patent applications. Problems with the electronic
system include complaints that graphics are not always rendered correctly
and that trademarks are not indexed well enough to allow an accurate
search. NIPRA says that almost half of the 4,000 trademark applications
filed in one week last year were given incorrect search codes or
contained illegible or missing images. Further information may be found
at
http://www.nipra.org/PR082602.html
ZIFF DAVIS SETTLES STATES’ PRIVACY INVESTIGATION
Ziff Davis agreed on August 28th to pay $125,000 to end a multi-state
probe into an intrusion into its computer systems that exposed 12,000
subscription orders last year. As part of the settlement with the
attorneys general of Vermont, New York and California, Ziff Davis also
said it would implement security measures to guard the data on its
systems. The exposure of the subscription data for the Electronic
Gaming Monthly magazine came from what Ziff Davis called a coding
error. Subscribers and their credit card information were exposed and
some were later victims of identity theft. Ziff Davis will pay $500 to
each of the approximately 50 customers whose credit card information it
exposed in the breach. The company will also pay the three states
$100,000 total to cover their investigative costs. Further, Ziff Davis
agreed to use encryption and user authentication to safeguard customer
data both when it is being transmitted to its web site and when it is
held on its servers. Further information may be found at
http://www.ziffdavis.com/press/index.asp?page=releases&id=020828.0
and at http://www.oag.state.ny.us/press/2002/aug/aug28a_02.html
Copyright ©
2001 Nelson & Wolfe/Sensei Enterprises,
Inc. All rights reserved. |
|
