Issue 69 March 2003	BYTES IN BRIEF® by Editors: Sharon D. Nelson, Esq. and John W. Simek Associate Editor: Amelia C. Hierholzer Editor Emeritus: G.V. Nelson 9500+ subscribers worldwide © 2001 Sensei Enterprises, Inc./Nelson & Wolfe. All rights reserved. This newsletter may not be reproduced or redistributed in any manner except with consent of the copyright owner. Distributed by Silver Law Inc. under license.

GOVERNMENT BUILDS INTERNET MONITORING CENTER

For the past 15 months, the government has been quietly constructing an Internet monitoring center designed to detect and respond to cyberattacks on vital e-commerce sites and important information systems. The Global Early Warning Information System (GEWIS) is being built by the National Communications System (NCS), a defense agency established in 1962 to ensure that the government has access to adequate communications systems during national emergencies. The NCS began building the GEWIS system shortly after the September 11th attacks. The NCS asks major Internet and telecommunications providers to sell real-time data about the status of their networks. At the present time, no single entity in either the government or the private sector has more than a limited view of the overall health of the Internet. The NCS will be merged into the Department of Homeland Security on March 1st. Further information may be found at http://www.washingtonpost.com/wp-dyn/articles/A3409-2003Jan30.html

Under the Streamlined Sales Tax Project (SSTP), a state initiative to simplify sales taxes, roughly 40 states have been working to clarify their tax codes to make online collection easier. Currently, online sellers have to collect sales tax only if they have a physical presence where the buyer resides. In November 2002, SSTP participants approved a new set of guidelines, the first step toward agreeing on definitions of items to be taxed. More than 27 states plan to introduce legislation to adopt the new rules as law. The system remains voluntary because states can't make interstate commerce laws, though the SSTP intends to lobby the federal government to alter the law. Once ten states representing 20 percent of the U.S. population pass the tax rules, the governors and state legislatures of all the states participating in the SSTP will ask the federal government to make seller compliance mandatory. Some large online retailers are already collecting sales taxes based on a deal with 39 states and the District of Columbia. They include Wal-Mart Stores, Inc., Target Corp. and Toys R Us, which will collect sales taxes based on the state in which shoppers reside. Further information may be found at http://www.boston.com/dailyglobe2/048/business/ States_look_to_lay_groundwork_for_levying_Internet_sales_tax+.shtml

On January 30th, Verizon Communications appealed a court order commanding it to identify an individual file swapper to the Recording Industry Association of America (RIAA). Verizon has asked the court to stay the order pending appeal. Verizon had been sued by the RIAA after it refused to comply with a subpoena asking for the name of the subscriber, who used the Kazaa peer-to-peer file sharing service. Verizon is arguing that the subpoena, issued under the Digital Millennium Copyright Act, does not pertain to Internet service providers because the copyrighted material is not stored on their computers but rather on a user’s local hard drive. Further information may be found at http://newscenter.verizon.com/proactive/newsroom/release.vtml?id=78657

A federal district court in Seattle has ruled that Microsoft's case against Lindows.com must go to trial on the issue of whether the term ‘Lindows.com’ has infringed Microsoft's Windows trademark. In denying Lindows’ Motion for Summary Judgment, the court said it could not determine, for purposes of a summary judgment motion, whether Windows is a generic term incapable of trademark protection and that a trial would therefore be required. Microsoft applied for registration of its Windows trademark in 1990, and following a rejection of the initial registration attempt by the Patent and Trademark Office in 1993, a trademark registration was issued in 1995.

Lindows.com was founded in July 2001. The company's Lindows OS product is an operating system that is based on the Linux operating system and is capable of running applications for both the Linux and Windows environments. Microsoft filed its trademark infringement case in December 2001. Microsoft alleges that Lindows.com is using a name that violates trademark law because it trades off the goodwill of Microsoft's Windows mark, causes confusion among prospective purchasers of Windows products and dilutes the ability of the Windows trademark to distinguish Microsoft's products from those of others. Further information may be found at http://www.lindows.com/lindows_news_pressreleases_archives.php?id=36

On February 7th, it was reported that President Bush had signed a secret directive ordering the government to develop national guidelines for determining when and how the U.S. would undertake cyberattacks against foreign enemies. The National Security Presidential Directive 16 was actually signed in July of 2002 but it was not disclosed publicly until February of this year. It has been speculated that any war with Iraq would include a cyberwarfare component. In a related development, on February 14th, President Bush signed the National Strategy to Secure Cyberspace, a document intended to guide government and private industry efforts in defending critical information systems from cyberattacks. The document may be found at http://www.whitehouse.gov/pcipb/cyberspace_strategy.pdf

On February 3rd, the Fourth Circuit Court of Appeals stayed the January 21st decision of U.S. District Court Judge J. Frederick Motz, who gave Microsoft 120 days to start incorporating Sun’s Java runtime environment in Windows and Internet Explorer. The appellate court indicated that it would hear Microsoft’s appeal on an expedited basis. Microsoft filed its brief with the Fourth Circuit on February 12th, arguing that the trial court’s ruling was flawed because Sun did not prove the immediate and irreparable harm that is required for a preliminary injunction. According to the brief, "the district court intervened in what it called a 'new market' .... despite the fact that Microsoft is the new entrant in, and Sun now dominates, the alleged 'new market'." Sun contends that waiting until the antitrust case is decided could lead to the death of Java technology. On February 21st, Microsoft filed counterclaims against Sun, asking the court for attorney’s fees and damages that it said resulted from Sun’s unlawful violation of an earlier settlement over the Java programming language. Microsoft accused Sun of violating California unfair competition laws. Sun will file its opposition brief on March 7 and Microsoft will file its reply brief on March 18. Pleadings in the case may be found at http://www.microsoft.com/presspass/legalnews.asp

Commentators think the indictment of a former Boston College student on February 6th may be the first criminal prosecution of an individual for unlawfully installing a keystroke-logging device. Douglas Boudreau, 21, is charged with six counts of intercepting electronic communications and eight counts of unauthorized access to a computer system. Boudreau is charged with placing key loggers, which capture and record whatever a user does on a computer, on over 100 campus computers. He is accused of using the information he captured to add money to a stored-value card used in the campus dining and bookstore system. He is not accused of misusing credit card numbers or profiting from selling any private information. Further information may be found at http://news.com.com/2100-1023-983717.html

The parent companies of The New York Times, USA Today, The Wall Street Journal and The Washington Post and the digital branches of Knight Ridder and Conde Nast sued Gator Corp. in June 2001 over its pop-up ads but settled on February 4th. The U.S. District Court for the Eastern District Court of Virginia had granted a preliminary injunction ordering Gator to stop delivering pop-up ads at the sites run by those companies. Trial had been slated to begin in January but was delayed while settlement talks continued. Terms of the settlement were not made public. Internet users get Gator advertising software when they install a separate product for filling out online forms and remembering passwords. Gator also comes bundled with free software from other companies, including games and file sharing programs. As users surf the Internet, Gator runs in the background and delivers advertisements that plaintiffs said obscured their own ads and content. Further information may be found at http://www.atnewyork.com/news/print.php/1581401

The Justice Department has been quietly drafting a 120 page proposed bill that would significantly expand the government’s power to monitor the use of computers and the Internet in its fight against terrorism. The draft legislation is called the Domestic Security Enhancement Act (DSEA) and has not been formally introduced in Congress. Under the current version of the act, the FBI and state police would be able to monitor a user’s Internet surfing, what the user searches for on Google, and chat, e-mail and instant messaging, all without a court order for up to 48 hours, if the user is suspected of "activities threatening the national security interest." In computer crime or other felony investigations, prosecutors would be able to serve secret subpoenas on people ordering them to hand over evidence and testify in person. If served with a secret subpoena, an individual could go to jail if they disclose its receipt to anyone other than their lawyer. Prosecutors would also be able to ask judges to issue search warrants valid for the entire U.S. if someone is suspected of computer hacking. Other portions of the bill would allow the use of the FBI’s Carnivore Internet surveillance system, keystroke loggers and remotely installed spyware such as the FBI’s Magic. The DSEA would create a new federal felony of willfully using encryption during the commission of a felony, punishable by not more than five years in prison plus a major fine. The draft legislation may be found at http://www.publicintegrity.org/dtaweb/downloads/Story_01_020703_Doc_1.pdf

On February 12th, the FBI's National Infrastructure Protection Center (NIPC) warned that growing tensions between the United States and Iraq could lead to an increase in global computer hacking activities on both sides. The NIPC advises that, "regardless of the motivation, the NIPC reiterates such activity is illegal and punishable as a felony." The site also expresses the concern that "even 'patriotic hackers' can be fooled into launching attacks against their own interests by exploiting malicious code that purports to attack the other side when in fact it is designed to attack the interests of the side sending it." The NIPC also advised computer network administrators and computer users to take precautions to guard against cyber attacks while tensions between the United States and Iraq are high. The advisory may be found at http://www.nipc.gov/warnings/advisories/2003/03-002.htm

The Computer & Communications Industry Association (CCIA) filed a confidential legal complaint with the European Commission on January 31st. The complaint targets Microsoft's Windows XP operating system, alleging "it takes Microsoft's practices to a new level, illegally protecting Microsoft's existing monopolies and is illegally eliminating competition in new software and service markets." The association claims that Microsoft's bundling of multiple software products, including music and video editing programs, in its Windows platform and imposing Microsoft's proprietary technologies on users constitutes anticompetitive conduct. CCIA is a Washington-based trade group representing computer, Internet and consumer electronics companies, including AOL Time Warner, Sun Microsystems, Oracle, Yahoo and Verizon. European antitrust charges are already pending against Microsoft. A summary of the complaint may be found at http://www.ccianet.org/index.php3

On February 7th, California resident Cathy Baker filed suit against Microsoft, Symantec and various software retailers, alleging that they "concocted a scheme" to mislead consumers by forcing them to consent to software licenses they haven’t read. The suit was filed in Marin County Superior Court in San Rafael, California, and seeks class-action status on behalf of all Californians who've purchased software including Norton Antivirus 2002, Norton Systemworks and Windows XP Upgrade. The suit alleges that Microsoft, Symantec, CompUSA, Best Buy and other unnamed retailers don't allow people to read "shrink wrap" licenses before they buy a product. The suit alleges that people who don't accept the terms of the agreement cannot return software to the stores, because the stores say the packages have been opened. The complaint in the case may be found at http://www.techfirm.com/Baker-Final.pdf

On February 19th, Microsoft announced the development of Windows Rights Management Services, a new technology that will allow companies to control their internal documents by letting them determine who can see, copy, print or forward e-mail or other files. Access to documents could be set to expire, so older files would remain encrypted and unreadable. The new technolgy is part of Microsoft's 13-month-old Trustworthy Computing initiative for improving security and privacy. Further information may be found at http://www.microsoft.com/presspass/press/2003/Feb03/02-21RMSForWindowsServerPR.a sp

On February 13th, Microsoft filed a John Doe suit in the U.S. District Court for the Northern District of California, attempting to go after people who harvest e-mail addresses from Hotmail servers in order to spam subscribers. The unnamed defendants are accused of using a "dictionary attack" to discover active Hotmail accounts. A dictionary attack involves a computer program going through every entry in a dictionary in an attempt to guess passwords. Microsoft alleged violations of the Computer Fraud and Abuse Act as well as state trade secrets and trespassing laws. Further information may be found at http://news.com.com/2102-1023-985018.html

Early in February, a hacker broke into a computer database containing approximately 8 million Visa, MasterCard and American Express credit card numbers, prompting an FBI investigation. Although this was potentially one of the largest and most damaging network intrusions, thus far there has been no evidence that data has actually been used to make fraudulent purchases. The cracked database was from Data Processors International, which processes credit card transactions for merchants. Further information may be found at http://www.washingtonpost.com/ac2/wp-dyn/A32209-2003Feb19?language=printer

On February 24th, the Senate unanimously voted to ban pornography that uses both real and computer generated children. The Senate carefully drafted the new bill after last year’s Supreme Court ruling that a 1996 law banning virtual child pornography was unconstitutionally vague when it banned images that only appear to depict real children engaged in sexual activities. Specifically, the bill prohibits the pandering or solicitation of anything represented to be obscene child pornography. Following the court ruling, it requires the government to prove beyond a reasonable doubt that a person intended others to believe the material was obscene child pornography. Under an affirmative defense provision, a defendant would be required to prove that real children were not used in the production of the pornography. The bill also creates a new crime: the use of child pornography by sexual predators to entice minors to engage in sexual activity or the production of new child pornography. It also increases penalties for child pornographers. The House has yet to vote on the bill. The text of the bill may be found by entering the bill number (S. 151) at http://thomas.loc.gov/

On February 5th, the 6th Circuit Court of Appeals issued its decision in PACCAR v. TeleScan, affirming a lower court decision that a series of domain names that included trademarked truck names was likely to create initial interest confusion. The court dismissed arguments that a disclaimer disavowing affiliation absolved the site owner from liability, finding that the disclaimer came after the confusion had occurred. The court did, however, vacate the lower court's decision on the use of the trademarks within the site's metatags, noting that the lower court had failed to conduct a separate analysis onwhether the metatags would also cause consumer confusion. The decision in the case may be found at http://laws.findlaw.com/6th/03a0040p.html

On February 6th, the Ninth Circuit Court of Appeals reversed a lower court's decision and ruled in favor of Alan Porter's Votexchange2000.com, a web site that enabled Gore and Nader voters to swap their votes in the 2000 presidential elections. California's Secretary of State Bill Jones wrote to the operator of a similar site to threaten prosecution unless the web site was closed. Porter claimed that his First Amendment rights had been violated and the appellate court concluded that the "risk of First Amendment chill" was present. A lower court will now reconsider the decision. The decision may be found at http://caselaw.lp.findlaw.com/data2/circs/9th/0155585p.pdf

On February 19th, the nation's largest group of defense lawyers published a position paper arguing that people convicted of computer-related crimes tend to get stiffer sentences than comparable non-computer-related offenses. The paper was signed by the National Association of Criminal Defense Lawyers (NACDL), the Electronic Frontier Foundation (EFF) and the Sentencing Project. The groups say they are critical of today's sentences for computer crimes because they frequently exceed the seriousness of the crime and rely on damage figures that are easily inflated. Most hacking, according to the paper, represents white-collar crime rather than any form of terrorism. The position paper came in response to a public request for comment by the United States Sentencing Commission as required by the passage of the Homeland Security Act of 2002. That act would create harsher sentences, up to life in prison, for computer criminals who endanger human life with their activities. The paper may be found at http://www.eff.org/Legislation/CFAA/1030_Comments_2-19-03.pdf

On February 20th, the Federal Communications Commission voted to let states decide whether to spur competition between the regional Bell phone companies and their competitors. The decision was made as a compromise between ensuring competition and deregulation, despite arguments from the Bells that existing federal competition rules should be stricken entirely. The FCC panel’s vote was 3-2. In another split vote, the Bells scored a major victory when the panel eased restrictions requiring the Bells to provide competitors with discount access to fiber-optic lines for broadband. The Bells had argued that they would have no incentive to invest in costly new fiber-optic networks if their rivals would also reap the benefits. The Baby Bells have threatened to go to court to have the decision overturned. Further information may be found at http://www.washingtonpost.com/wp-dyn/articles/A64358-2003Feb25.html

On February 7th, the 6th Circuit Court of Appeals overturned a lower court decision to issue an injunction blocking the use of a domain name to criticize a shopping mall after the mall's owner brought a trademark infringement action. The appellate court in Taubman v. Webfeats stated that "the rooftops of our past have evolved into the internet domain names of our present. We find that the domain name is a type of public expression, no different in scope than a billboard or a pulpit, and Mishkoff has a First Amendment right to express his opinion about Taubman, and as long as his speech is not commercially misleading, the Lanham Act cannot be summoned to prevent it." Mishkoff had a total of five sites, with names such taubmansucks.com. The decision may be found at http://laws.findlaw.com/6th/03a0043p.html

Virginia's General Assembly has passed legislation that prohibits court clerks from posting on the Internet any document that includes social security numbers, dates of birth, or signatures. The bill does not restrict access to the same information in paper form at the clerk's office. Such documents would also be available online via secure networks or to people who disclose their name and address, purpose for seeking the information and citizenship status. The bill also bans Internet posting of documents featuring maiden names, financial account numbers or the name and age of minors. Opponents of the legislation argued that the bill would do little to fight identity theft because the documents would remain open to public inspection. Instead, they say it would merely hamper lawyers, real estate professionals and others who routinely use public records and would create more work for court clerks and their staff. The bill would not affect postings for law enforcement purposes or historical, genealogical or educational documents about historic people and events. Further information may be found at http://www.roanoke.com/roatimes/news/story144884.html