Bytes in BriefBytes in Brief^®

Issue 64 October 2002 BYTES IN BRIEF® by Editors: Sharon D. Nelson, Esq. and John W. Simek Associate Editor: Amelia C. Hierholzer Editor Emeritus: G.V. Nelson 9500+ subscribers worldwide © 2001 Sensei Enterprises, Inc./Nelson & Wolfe. All rights reserved. This newsletter may not be reproduced or redistributed in any manner except with consent of the copyright owner. Distributed by Silver Law Inc. under license. WARDRIVING AND WARCHALKING: WIRELESS NETWORKS AT RISK New technology seems to spawn new terminology at an alarming rate. For the uninitiated, wireless networks have now bred a peculiar culture that engages in a phenomenon known as wardriving. Wardriving means driving by facilities with wireless networks and looking for an unprotected SMTP port on a company’s server which could be used for any nefarious purpose, but is most often used by spammers who take advantage of the unprotected port to do drive-by spamming. From the point of view of the server, the wardriver has appropriately logged on and is part of the network, so it obediently sends out the spam e-mail. Wardriving spammers avoid bandwidth costs, avoid the ire of legitimate ISPs and make it much more difficult to track the spam back to the spammer, a useful tactic considering the penalties. Needless to say, a company used by the wardriving spammer could find itself cut off by its ISP since the spam will have originated from the company’s network. Experts estimate that between 60 and 80% of wireless networks are insecure, usually because system administrators keep the default settings when they install wireless access points. Warchalking refers to the hackers who draw a chalk symbol on a company’s wall or the pavement in front of the company to indicate the presence of a wireless networking node, and to indicate whether it is open or closed. Further information may be found at http://zdnet.com.com/2102-1105-956886.html U.S. CYBERSECURITY PLAN STILL IN DRAFT MODE Reportedly bowing to lobbyist pressure, the White House released its cybersecurity guidelines for businesses and consumers on September 18th, but in draft form. The final plan was deferred to allow a 60-day public comment period. The draft plan had drawn opposition from business groups tsaid that some of the recommendations would cost millions. In the weeks preceding the draft plan’s release, officials dropped the concept of banning wireless networks until their security was approved and of creating an Internet security fund from industry contributions and tax dollars. The plan may be found at http://www.whitehouse.gov/pcipb/cyberstrategy-draft.pdf AUTOMATED NEWS FROM GOOGLE DEBUTS So who needs a news editor? In an innovative approach to presenting the news, search engine Google debuted Google News, which is run completely by algorithms that constantly select stories from 4,000 web sites. There are some comical bugs, photos mismatched with stories and the like, but the freshness of the approach is appealing. Google has yet to figure out what it will do with the new service or how to make it profitable. In a throwback to the dot-com era, Google has simply put its new technology "out there" and says it will figure out how to fund it later, perhaps through a mix of advertising, subscription fees and syndication sales. The news service has two components: a browsable directory that looks like a streamlined CNN.com and a searchable database similar to other news search services from Lycos, Ask Jeeves and AlltheWeb. The innovative part is the automatically created directory resembling a digital newspaper, with computers dictating story placement. It presents summary pages in eight categories and contains headlines on about 60 topics, all refreshed every 15 minutes. Google contends it is not competing with news organizations but actually is driving traffic to their sites since there is no original content, but only links back to the news organizations. As yet, no one knows whether the news sites will object to Google’s deep links, which bypass home pages to get to a story. The Google news site may be found at http://news.google.com/ PA SUPREME COURT ALLOWS STUDENT EXPULSION OVER WEB SITE On September 25th, the Pennsylvania Supreme Court ruled that the Bethlehem Area School District did not violate a student's First Amendment rights when it expelled him for creating a derogatory web site. Although the court acknowledged that a posted list of reasons why one of his teachers should die did not constitute a "true threat," the court said the school district still had the right to punish the student. J.S. v. Bethlehem Area School District also creates a standard in which speech "aimed at a specific school and/or its personnel is brought onto the school campus or accessed at school by its originator ... will be considered on-campus speech." The court found that the student web site created a significant enough disturbance at the school, including physical and emotional problems suffered by the targeted teacher, to warrant the student's expulsion, especially because the web site created an actual and substantial interference with the work of the school. The opinion in the case may be found at http://caselaw.lp.findlaw.com/data2/pennsylvaniastatecases/supreme/j-111-2001co1.pdf CA ATTORNEY GENERAL SUES SPAMMER On September 26th, California’s Attorney General, Bill Lockyer, filed the first state-led lawsuit against a spammer. The suit alleges that PW Marketing of Canyon Country in Los Angeles County sent millions of illegal unsolicited e-mails advertising tools for spamming, including how-to books for $39 and lists of e-mail addresses of California residents. The suit named PW Marketing executives Paul Willis and Claudia Griffin, who also have been the subject of a Federal Trade Commission suit. It seeks an injunction against the executives and civil penalties of at least $2 million. The suit, filed in Santa Clara County Superior Court, accuses the company of violating several sections of California anti-spam law because they did not include a toll-free number for recipients to call to stop additional e-mails, a valid return address or the "ADV:" subject line label required of advertising messages. The state also charged that the company used so-called open relays, illegally tapping into the network connections of unsuspecting computer owners to send hard-to-trace e-mails. The complaint in the case may be found at http://caag.state.ca.us/newsalerts/2002/02-111.pdf SPAM ROCKETS TO 36% OF E-MAIL If you think you’ve seen a steady increase of spam in your e-mail, you’re right. Brightmail, a leading provider of anti-spam technology reported that spam now constitutes 36% of e-mail. Woefully, statistics suggest that spam may constitute the majority of e-mail in the near future. The market research company Gartner has estimated that a company of 10,000 employees loses more than $13 million a year in lost productivity resulting from spam. Current spam statistics may be found at http://www.brightmail.com/press-vpk.html NO SUMMARY JUDGMENT IN ARISTA V. MP3BOARD On August 29th, Judge Sidney H. Stein of the Southern District of New York denied the summary judgment motions of both parties in Arista Records Inc. v. MP3Board Inc. Arista sued search engine MP3Board for copyright infringement based on hyperlinks to pirated music. MP3Board.com is a web site which helps users search the Internet for music files on third party web sites. MP3Board insists it is simply an information location tool and that its links constitute free speech. It therefore distinguishes itself from Napster, which was an active intermediary in the distribution of pirated music. The court found that MP3Board’s activities are not constitutionally protected because they did not constitute fair use. Moreover, the court found there were issues of facts as to whether MP3Board had taken part in contributory or vicarious copyright infringement. Because there were issues of fact, Arista’s summary judgment motion was also denied. A third party, the Recording Industry Association of America (RIAA) did have its motion for summary judgment granted, removing it from the case. MP3Board had sued the RIAA for sending notices of copyright infringement to MP3Board's Internet providers, forcing the search engine to close several times in 1999 and 2000. RIAA threatened to sue the providers unless they terminated MP3Board’s Web access or unless the site itself removed thousands of links to music files. MP3Board alleged that such actions constituted tortious interference and knowing material misrepresentation of infringement in violation of the Digital Millennium Copyright Act. The court rejected the arguments, finding that the RIAA’s notice letters were protected as "simple pre-litigation demand" letters. Further information may be found at http://www.law.com/jsp/printerfriendly.jsp?c=LawArticle&t=PrinterFriendlyArticle&cid=1030343777119 9TH CIRCUIT DECLINES TO RECONSIDER SEX.COM CASE It was reported on September 5th that the Ninth Circuit Court of Appeals, in an unpublished decision, refused to hear the appeal of Steven Michael Cohen, the former operator of the sex.com site. Cohen fled the country to avoid criminal prosecution. The court wrote "in light of Cohen’s status as a fugitive from justice and his egregious abuse of the litigation process, we exercise our discretion to dismiss his appeal." Cohen filed the appeal trying to quash a $65 million judgment handed down against him last year for using a forged letter to steal the valuable domain from its original owner, Gary Kremen. The appellate judges cited the "fugitive disentitlement doctrine," which stipulates that individuals may begin procedures to recoup their confiscated property from the government only when they return to this country to face criminal charges. Further information may be found at http://www.wired.com/news/print/0,1294,54962,00.html NAPSTER: THE FAT LADY SANG Napster, the leading Internet song-swapping service, officially closed shop on September 3rd after a U.S. bankruptcy court in Delaware blocked its sale to German media giant Bertelsmann AG. Bertelsmann had made a $9 million offer to creditors to buy the company’s assets but record labels and songwriters argued against the deal, saying it was not a fair price. Napster terminated all but a few of its then remaining 42 staff and prepared for Chapter 7 liquidation. It is still possible that Bertelsmann will pick up some of Napster's assets out of liquidation. Under Chapter 7 liquidation, a trustee is appointed by the court to liquidate the assets. Further information may be found at http://www.cbsnews.com/stories/2002/09/03/tech/main520660.shtml EBAY FACES PATENT INFRINGEMENT TRIAL IN NOVEMBER Auction web site eBay will go to trial in November to defend itself against charges of patent infringement. An adverse ruling could result in an enormous royalty award and/or result in compelling eBay to alter the manner in which it does business. MercExchange founder Thomas Woolston, an inventor and patent attorney, sued eBay in 2001 after negotiations broke down over the auction site's offer to purchase his patents. eBay contacted Woolston in 2000 with an interest in buying the patents. MercExchange has made settlement overtures, but the amount sought is unavailable and the record has been sealed. The trial is scheduled for November 12th in the U.S. District Court for the Eastern District of Virginia. Three business method patents are in issue: 1) No. 5,845,265, which creates a computerized marketplace for goods using a database on one computer to store digital images, text descriptions, prices and legally binding offers that had previously been input into another computer and transmitted via the Internet or a wide area network. The patent also covers the use of a payment-processing service to permit buyers to pay for the goods they purchase; 2) No. 6,085,176, which involves a method of using software search agents on Internet-connected computers to search multiple marketplaces or electronic auctions for a particular item; and 3) No. 6,202,051, which covers a method of holding automated auctions using computers, databases and the Internet to register and link purchasers and sellers, and to facilitate sales. The patents at issue (5,845,265, 6,085,176 and 6,202,051) may be found by entering the patent numbers at http://patft.uspto.gov/netahtml/srchnum.htm ADOBE FILES SUIT AGAINST AGFA TO PROTECT FONTS On September 3rd, software publisher Adobe Systems announced that it had filed suit in the U.S. District Court in San Jose, California, asking for a court ruling that would permit it to continue using fonts developed by International Typeface, a design firm acquired by Agfa in 2000. Adobe said that it had acquired rights to use the disputed fonts some time ago, but Agfa now wants to renegotiate the agreements so that it can charge fees to Adobe customers who use the disputed fonts. Agfa has also threatened to pursue its claims to the fonts under the Digital Millennium Copyright Act (DMCA). Adobe contends its licensing agreement supersedes the DMCA. Further information may be found at http://www.adobe.com/aboutadobe/pressroom/pressreleases/200209/ 200209itc.html ICANN CHARGES VERISIGN WITH BREACHING ACCREDITATION On September 3rd, the Internet Corporation for Assigned Names and Numbers (ICANN), which manages the Internet’s global addressing system, filed a formal notice of breach of accreditation agreement with VeriSign. ICANN alleged that VeriSign had "blatantly ignored" its obligations to fix inaccuracies in its WHOIS database, citing 17 violations over the past 18 months. While all of the 150 registrars occasionally have inaccurate entries, ICANN charged that VeriSign "has exhibited a pattern of persistent violations of its contractual obligations to take reasonable steps to correct inaccurate or incomplete Whois data in spite of repeated requests and reminders by ICANN." VeriSign was threatened with the loss of its right to sell ".com" domain names if it fails to correct the problems. The company said it will comply but denies any pattern of abuse. In one flamboyant example cited by ICANN, VeriSign failed to correct an entry in which a domain name was registered to a "Toto," who listed "the yellow brick road, Oz, KS" as a street address. VeriSign has 15 working days to fix the errors. ICANN also announced the establishment of an online form that people can use to report faulty Whois data. The organization will establish a tracking system to notify registrars of reported inaccuracies. Further information may be found at http://www.icann.org/announcements/announcement-03sep02htm NEW PRIVACY SURVEY RELEASED On September 3rd, Privacy International and the Electronic Privacy Information Center released a report entitled "Privacy and Human Rights: An International Survey of Privacy Law and Developments." The report identifies four trends since the events of September 11, 2001: the swift erosion of pro-privacy laws; greater data sharing among corporations, police and spy agencies; greater eavesdropping; and sharply increased interest in people-tracking technologies, such as face-recognition systems and national ID cards. The most notable legislation in the U.S. is the USA Patriot Act, signed by President Bush on October 26, 2001. It expands all forms of electronic surveillance, permits increased information sharing between the CIA and federal police, and encourages Internet providers to work closely with police. The report may be ordered for $25.00 through EPIC at http://www.epic.org/bookstore/phr2002/ VIRGINIA SELECTED AS BEST STATE NET PORTAL My Virginia, the official home page of the Commonwealth of Virginia, was selected by the Center for Digital Government as the best state government Internet portal. The Center for Digital Government, based in California, annually evaluates the web sites and electronic information services provided by state and local governments throughout the nation. My Virginia provides a variety of services, some of which are the first of their kind in the nation to be offered by a state government web site. They include: 1) Live Help - online, real-time customer service assistance via the state home page: 2) My Mobile Virginia - wireless state portal and government services available via wireless and hand held devices; 3) Online driver's license renewal service; 4) Real-time election results for both the web and wireless access; 5) My Virginia Personalized Home Page - allows citizens to customize their My Virginia home page; and 6) Consumer Assistance Portal – a complaint topic selector allowing citizens to identify the government entity with which they file a consumer complaint. My Virginia is a service of the Virginia Information Providers Network (VIPNet). VIPNet is a state entity that assists other Virginia government entities in providing information and services via the Internet. My Virginia may be found at http://www.vipnet.org/cmsportal/ SECURITY SURVEY REPORTS MODEST POST 9/11 GAINS Perceptions have changed, but security readiness is still lacking, according to a report published on September 9th by the Internet Security Alliance (ISA). Its survey of 227 information security professionals globally found that 88% believed that protecting their business information was critical to their firm’s existence. However, only 56% are prepared for cyberterrorism and information threats, which is a 20% gain since September 11, 2001. In spite of increased awareness, only one third of the respondents said they had increased security since last year. The survey results may be found at http://www.redsiren.com/survey.html FILE-SWAPPING TRIAL: BOTH SIDES SEEK A QUICK END The Recording Industry Association of America, along with other music and movie industry plaintiffs, asked for summary judgment in their suit against file-swapping services Kazaa, Morpheus and Grokster. The September 9th motion stemmed from six months of investigation that the plaintiffs said proved that the file-swappers knowingly contributed to far-reaching copyright infringement. The trade groups said that all three file-swappers were emulating the success of the now-defunct Napster, essentially becoming "candy stores of infringement that allow a user to find the most popular music and movies of our time without paying any of the rights holders." On the same day, lawyers for StreamCast Networks (Morpheus’ parent company) also asked for a quick decision, saying that Morpheus had too many legal uses to be closed because some users acted illegally. Further information and pleadings in the case may be found at http://www.eff.org/IP/P2P/MGM_v_Grokster/20020909_eff_pr.html and http://www.riaa.org/PR_story.cfm?id=556 FOURTH CIRCUIT EXTENDS USE OF IN REM IN DOMAIN NAME CASES On August 23rd, the 4th Circuit Court of Appeals ruled that aggrieved parties might use the in rem provisions of the Anticybersquatting Consumer Protection Act not only to stop bad-faith Internet domain name registration, but also to combat trademark infringement and dilution. The ruling in Harrods Ltd. v. Sixty Internet Domain Names enables the filing of infringement and dilution claims against cybersquatters without obtaining personal jurisdiction over them, by going to the jurisdiction where they registered the offending domain name. The case was originally filed two years ago in the Eastern District of Virginia by Harrods Ltd., the well-known British retailer, against 60 domain names registered by Harrods (Buenos Aires) Ltd., which was an estranged and near-defunct offshoot. The original Harrods said that all 60 names were registered in bad faith, but it elected to proceed against the names themselves because the names were registered in Virginia and Argentina has no comparable law. The 4th Circuit's decision affirmed the lower court’s finding that 54 of the names were registered in bad faith. However, the panel reversed Judge Brinkema's finding that the act did not permit Harrods UK to file its in rem infringement and dilution claims. The opinion in Harrods Ltd. v. Sixty Internet Domain Names may be found at http://caselaw.lp.findlaw.com/cgi-bin/getcase.pl?court=4th&navby=case&no =002414P ICANN RECEIVES ONE YEAR CONTRACT EXTENSION The Internet Corporation for Assigned Names and Numbers (ICANN) and the United States Department of Commerce announced on September 20th that they would extend their joint Memorandum of Understanding for another year, until September 30, 2003. This is the third extension granted under the 1998 agreement. The agreement requires closer government oversight of ICANN and more public disclosure of ICANN’s plans and actions. Critics have accused ICANN of unnecessary secrecy and failing to include the public in its decisions. ICANN said the renewal underscores the government's goal of private-sector management of the Internet as it responds to concerns about its reorganization and handling of web addresses. Further information may be found at http://www.icann.org/announcements/announcement-20sep02htm Copyright ©  2001 Nelson & Wolfe/Sensei Enterprises, Inc. All rights reserved.