Issue 71 May 2003	BYTES IN BRIEF® by Editors: Sharon D. Nelson, Esq. and John W. Simek Associate Editor: Amelia C. Hierholzer Editor Emeritus: G.V. Nelson 9500+ subscribers worldwide © 2001 Sensei Enterprises, Inc./Nelson & Wolfe. All rights reserved. This newsletter may not be reproduced or redistributed in any manner except with consent of the copyright owner. Distributed by Silver Law Inc. under license.

MICROSOFT ENHANCES WI-FI SECURITY

On March 31st, Microsoft released a Windows XP update that increases wireless network security. The update alters how the operating system connects to 802.11 (Wi-Fi) networks and base stations. Under the old system, everyone would use the same encrypted key to connect. With the update, there is a means to configure a separate key for each computer connecting to the network. The update adds support for Wi-Fi Protected Access (WPA), which is intended to replace the current standard, Wired Equivalent Privacy (WEP). WPA has been approved by the Wi-Fi Alliance, the group responsible for establishing standards governing wireless networking. WPA is a definite security improvement, but it may offer some complications since Wi-Fi firmware will also need to be updated to support the security technology. Base stations, PC Cards, USB devices and wireless networking components integrated into notebooks will all need to be updated to support WPA. WPA is meant to be a temporary measure, while a broader, more effective security standard called 802.11i wends its way through the standards bodies – it is expected to be available in final form later this year and probably will not appear in new products until sometime in 2004. Further information may be found at http://news.com.com/2102-1039-994719.html?tag=ni_print

PayPal, the online payment service owned by eBay, has been charged with violating provisions in the USA Patriot Act by processing online gambling payments. According to eBay’s annual report, filed on March 31st with securities regulators, the U.S. Attorney for the Eastern District of Missouri is asking eBay to surrender nine months of the gambling income in settlement. Under the Patriot Act, it is unlawful to transmit funds known to have derived from a criminal offense, or that are intended to promote or support illegal activities. The annual report indicates that PayPal received 6% of its 2002 revenue from online gambling, but says that the company acted in the good faith belief that its conduct did not violate the Act. Last August, PayPal reached a settlement with New York’s Attorney General, in which it agreed to pay $200,000 in penalties and to cease processing payments for New York online gambling merchants. eBay no longer permits PayPal to process online gambling payments. Further information may be found at http://www.bayarea.com/mld/mercurynews/business/5530966.htm

On April 4th, the Federal Communications Commission (FCC) made public a petition from AOL Time Warner, asking to be excused from the FCC’s instant messaging interoperability requirements. The petition asks the FCC to remove a restriction forbidding America Online from offering video streaming through its popular instant messaging (IM) services. The FCC currently requires AOL to open its IM network to competitors if it launches "advanced" high-speed IM services as a condition to approving AOL's January 2001 merger with Time Warner. The petition argues that AOL's IM services, AOL Instant Messenger and ICQ, face more competition from Microsoft and Yahoo, both of which have launched video conferencing features on their respective IM clients. The petition also takes issue with the order's original argument that AOL's dominance would increase given the lack of interoperability since MSN and Yahoo now have millions of users. Further information may be found at
http://www.fcc.gov/transaction/aol-tw/instantmessaging.html

On April 3rd, the antispam company Habeas announced that it had sued a number of bulk e-mailers, charging them with using its trademarked haiku poetry without permission. The haiku is inserted into the header of an e-mail in an attempt to indicate to filters that the accompanying message is not spam to make sure legitimate e-mail goes through. The antispam filters and technology of such companies as Spam Assassin, AOL and Juno recognize Habeas’ haikus. The suits were filed in federal court in San Jose, California. One suit is against financial services marketing company Intermark Media and its affiliate Avalend, claiming the companies included the Habeas mark in their e-mails to ensure the messages got through. The other suit names Dale Heller and companies that advertised in Heller's e-mails, alleging they broke a contract by attaching the Habeas mark to spam messages. Further information may be found at http://www.habeas.com/about/prs.htm#fivesuits

U.S. Sentators Ron Wyden and Conrad Burns joined their House of Representatives colleague Christopher Cox by introducing bills that propose making the current moratorium on Internet taxes permanent. The current moratorium, set to expire in November 2003, includes taxes on Internet access, multiple state taxation of a single item bought online, and discriminatory taxes that treat Internet purchases differently than other types of sales. Wyden and Cox sponsored the original three-year moratorium in 1998. It was extended for another two years in 2001 in legislation sponsored by Wyden and Cox and the two have again filed bills (H.R. 49 and S. 51) to keep the Internet tax-free. If Congress passes a permanent moratorium, it would probably not apply to the growing demand to enforce sales taxes on Internet sales. The text of the bills may be found by entering the bill numbers at http://thomas.loc.gov

On April 3rd, the Recording Industry Association of America (RIAA) asked three federal district courts for permanent injunctions shutting down the file-sharing systems found inside computer networks at Princeton University, Rensselaer Polytechnic Institute in Troy, N.Y., and Michigan Technological University in Houghton, Michigan. The suits also ask for the highest damages allowable by law, which range up to $150,000 per copyright infringement. The four student defendants were chosen because the RIAA found their sites to be among the most active. The RIAA suits allege that the four defendants offered between 27,000 and 1 million songs each for free trading. The complaints in the suits may be found at http://www.riaa.org/legal.cfm

On April 15th, America Online (AOL) announced that it had filed five lawsuits against individuals and companies that allegedly transmitted spam to its members. The lawsuits, filed with the U.S. District Court for the Eastern District of Virginia, seek at least $10 million in total damages along with injunctions to immediately stop the alleged practices. The defendants named in AOL's latest round of lawsuits are alleged to have engaged in sending fraudulent and misleading e-mails peddling pornography, software products, college degrees, male organ growth, steroids and mortgage leads. Some defendants are named; others are so-called John Does. AOL said the defendants sent 1 billion e-mails that resulted in 8 million complaints among its members. Further information may be found at http://media.aoltimewarner.com/media/press_view.cfm?release_num=55253129

On April 10th, the House and Senate overwhelmingly approved the Child Abduction Prevention Act, which strengthens penalties for pedophiles, provides funding for a national child-abduction alert system and bolsters prohibitions against child pornography. The Act will give jail time to online pornographers who deliberately mask their sites behind innocuous domain names. The bill also bans the distribution of "virtual" child pornography - legal pornographic images of adults that have been digitally altered to look like children having sex. The House version of the Act may be found by entering H.R. 1104 at http://thomas.loc.gov

The Justice Department has contracted for the development of a computerized catalog of thousands of child porn photographs seized from suspects and collected from the Internet. The images will be placed in a Child Victim Identification Program (CVIP), which will allow law enforcement agents around the country to use advanced image-recognition software to compare digital pictures. "The primary goal is to identify and rescue children who are currently being abused," according to Mike Netherland, acting director of the Cyber Smuggling Center at the Bureau of Customs and Border Protection, which developed the system. By matching newly found photographs against old ones seized around the globe, the system will be able to tell investigators whether an image is new, or has been circulating among pedophiles for years. It can also tell whether an exploited child depicted in a photograph has ever been identified by a law enforcement agency or a missing children's group. If a new picture surfaces, it may depict a victim that authorities can search for. Investigators in several countries have contributed pictures to the system, as have the FBI, Secret Service, Postal Inspection Service and exploited-children groups. The catalog has been in development since 1999, but actual deployment began in January of 2003 and the CVIP should be in full operation within 90 days. The software works by examining the shapes and coloring of the images in any single photograph and determining if they match previously collected images. While it isn't accurate enough to identify individual faces, it can find photographs with identical shape patterns. Similar matching systems already exist, but they are smaller and less sophisticated. The system used by the National Center for Missing and Exploited Children compares image files by analyzing their digital components, including the number of pixels. Further information may be found at http://www.cnn.com/2003/US/Northeast/04/05/porn.database.ap/

On April 14th, U.S. Distrct Judge J. Frederick Motz rejected class action status for more than 60 suits pending against Microsoft though he allowed a more limited lawsuit alleging overpricing to proceed. Motz rejected class action status for the 60 suits, saying it would be difficult to identify a group of plaintiffs who would be considered typical buyers of Microsoft's software. The ruling makes it more difficult for plaintiffs' lawyers to extract multimillion-dollar settlements from Microsoft. The consumer lawsuits alleged that Microsoft had abused its monopoly and overpriced its software. In the suit which was allowed to proceed, there was a smaller group of consumers who had bought Microsoft products directly from the company's web site. The opinion in the case may be found at http://www.microsoft.com/presspass/legal/ca/04-14-03Opinion_ClassCertification.p df

On April 15th, Microsoft confirmed that it has agreed to pay up to $202 million to settle class action suits in Florida accusing it of violating the state’s antitrust and unfair competition laws by overcharging for its software. The money will be distributed among consumers and businesses that bought Microsoft's operating systems, productivity suite, spreadsheet, or word processing software between November 16, 1995 and December 31, 2002, for use in Florida. The settlement was filed Tuesday in Miami-Dade Circuit Court and has been given preliminary approval by Judge Henry H. Hamage. A hearing for final approval of the deal was set for November 24, 2003. The terms require Microsoft to pay a maximum of $202 million, to be distributed in the form of vouchers that can be used to buy a desktop, laptop, or tablet computer from any manufacturer, running any operating system and software. Microsoft will provide half of any settlement money that goes unclaimed to needy public schools in Florida in the form of vouchers. Those vouchers will also be good for computer equipment, software, and training from any manufacturer. Further information may be found at http://www.microsoft.com/presspass/press/2003/Apr03/04-15FloridaSettlementPR.asp

On April 17th, the E-Government Act of 2002 went into effect, creating an Office of Information within the Office of Management and Budget (OMB) to focus on the plan. Funding, however, may be an issue as it could face a $40 million budget shortfall that may slow down development. The intent of the Act is to use the Internet and computer systems to deliver information to agency workers and the general public more efficiently. The Bush administration had requested $45 million for the project this year, but Congress cut that number to $5 million. The text of the E-Government Act may be found at http://thomas.loc.gov/cgi-bin/bdquery/z?d107:SN00803:@@@L&summ2=m&;

On April 18th, it was announced that White House cybersecurity adviser Howard Schmidt will resign from his post at the end of April, raising concerns about the Bush administration's commitment to implementing its strategy for protecting the nation's critical information infrastructure. The former chief of security at Microsoft, Schmidt became chair of the President's Critical Infrastructure Protection Board in February following the departure of his predecessor, Richard Clarke. Schmidt played a key role in drafting the administration's recently released cybersecurity strategy, and has spent the last two years building ties with the private sector in a joint effort to protect the nation's most important information systems from cyber-attack. Schmidt's departure would leave the administration without a high-ranking official solely in charge of cybersecurity. Further information may be found at http://www.computerworld.com/securitytopics/security/story/ 0,10801,80549,00.html

On April 15th, it was reported that a Georgia court had blocked two students from presenting information at a Georgia security and hackers' conference on how to break into and modify a university electronic transactions system. Washington D.C.-based education software company Blackboard convinced a Georgia state court to block the students' presentation, which was scheduled to be given at the Interz0ne conference. Blackboard sells a "smart card" network used at more than 200 colleges and the students purportedly proposed describing how to override the system to circumvent building security, obtain free soft drinks and avoid paying for laundry. Blackboard argued that the restraining order blocked the publication of information gained illegally, which would have harmed the company's commercial interests and those of its clients. Conference organizers contended that the students' free speech rights were abridged. One of the students, Georgia Institute of Technology's Billy Hoffman, had threatened to give away code allowing any computer to emulate Blackboard's technology, according to the company. The restraining order was grounded primarily in federal and Georgia state anti hacking laws and a state trade secrets act. Blackboard said the information which would have been presented came after one of the students had physically broken into a network and switching device on his campus and subsequently figured out a way to mimic Blackboard's technology. A preliminary injunction was granted with a hearing on a permanent injunction to follow. Further information may be found at http://newsobserver.com/24hour/technology/story/858522p-6005850c.html

On April 17th, the Federal Trade Commission (FTC) announced that it had filed a lawsuit against a pornographic spam operation that it said has grossed more than $1 million in commissions and generated nearly 50,000 consumer complaints from a recent bulk e-mail campaign. The complaint, filed in the U.S. District Court for the Northern District of Illinois, Eastern Division, charges that the millions of e-mail already sent violate the FTC Act, which prohibits deceptive and misleading acts in commerce. The e-mails allegedly contain deceptive subject lines, bogus reply information, and sexually explicit material designed to drive commerce to an adult Web site. The suit is the first to target deceptive subject lines. The defendant, Brian Westby, used innocent subject lines such as "New movie info" to encourage people to open sexually explicit messages urging people to visit the adult web site "Married But Lonely," according to the complaint. The Westby complaint is the FTC’s second effort to address "spoofing," e-mail that uses false "reply to" or "from" information that makes it appear that an innocent third party is the sender. Further information may be found at http://www.ftc.gov/opa/2003/04/westby.htm

It just figures. When the government decided to set up a national "do not call" list to help get rid of unwanted telemarketing calls, it sought bids to operate the list. AT&T’s technical prowess and low bid helped one of its subsidiaries to win the multimillion dollar contract, in spite of the fact that the Federal Communications Commission (FCC) has recorded more complaints about AT&T’s telemarketing than any other company. FCC data reveals that 5,714 complaints were lodged against AT&T's telemarketing practices in 2001, 2002 and the first three months of 2003. That was 22 percent more than the number of complaints received about MCI, which generated the second-highest number of complaints, and more than three times the number received about third-ranked Sprint Communications Co. More than one-fifth of the complaints lodged against AT&T were allegations that AT&T did not honor requests to be placed on the company's do-not-call list, the same sort of list that AT&T's Government Solutions subsidiary is being asked to run on a national level. The Federal Trade Commission is running the national do-not-call list. Though stating that "AT&T had the best proposal at the best price," an FTC spokesman noted, "The irony of the fact that it was an AT&T subsidiary that won the contract was not lost on us." At present, AT&T is not required to observe the rules of the national do-not-call list because telecommunications companies are regulated by the FCC, not the FTC. The FCC is reviewing its telemarketing rules to see if they should be revised to make telephone companies subject to the same rules as most other firms. Congress has mandated that a decision must be made by early September. Further information may be found at http://www.msnbc.com/news/904102.asp?cp1=1#BODY

On April 21st, Universal Music and EMI filed suit against venture capitalists Hummer Winbland Venture Partners and two of the firm’s partners, alleging that they contributed to the copyright violations committed by Napster, Inc. The federal suit seeks punitive damages, along with $150,000 per violation. Clearly, the suit is meant to discourage investment in other file-swapping companies which have arisen in Napster’s wake. The suit alleges that the venture capitalists knew Napster was providing infringing materials to its users and that the firm controlled Napster's activities through its $13 million investment in May 2000. At its height, Napster boasted 60 million users. Further information may be found at http://www.forbes.com/business/newswire/2003/04/23/rtr948785.html

A federal court in California has reversed itself in a case involving the Taxes.com domain and an attempt to stop the use of a competitor's name on the site and within its metatags. The new holding is that using a competitor's name in the course of conveying truthful information does not violate trademark law. The ruling notes that "While the evidence submitted to the Court demonstrates that Defendants' website does contain frequent references to J.K. Harris, these references are not gratuitous; rather, Defendants' web site refers to J.K. Harris by name in order to make statements about it." The decision in JK Harris v Taxes.com may be found at http://www.eff.org/IP/20030328_taxes-com_amended_prelim_injunc.php

On April 8th, the 4th Circuit Court of Appeals struck down a North Carolina state law that restricted shipments of wine from out-of-state online retailers. The court ruled that the law violates the Commerce Clause by imposing unreasonable protectionist restrictions. The decision in Beskind et al v. Easley may be found at http://pacer.ca4.uscourts.gov/opinion.pdf/021432.P.pdf

On April 3rd, the Digital Media Association and the RIAA agreed to a proposal submitted to the U.S. Copyright Office for royalty fees that Internet radio services must pay record companies for webcasting their songs. The proposal would require large Internet companies to pay 0.0726 cents for each song webcast from their radio services, up from the 0.07 cents a song established by the Librarian of Congress last year. The 0.0762 cent rate, as well as a rate of 1.17 cents per aggregate hour, covers individual streams for subscription and non-subscription services. The recording industry would also receive 10.9 percent of subscription revenue but no less than 27 cents a month per subscription. The proposal, which must undergo public hearings before a decision is made, will not affect smaller webcasters, such as college stations and start-ups. Further information may be found at
http://www.nj.com/news/ledger/index.ssf?/base/news-7/1049442769179950.xml

ICANN's Nominating Committee has issued a broad call for candidates for the ICANN Board of Directors, the Interim At-Large Advisory Committee, and the Generic Names Supporting Organization Council. The deadline for submission is May 5th. Full explanations about the positions available and documents to be submitted by interested candidates may be found at
http://www.icann.org/committees/nom-comm/formal-call-05apr03.htm

The fourth annual survey of e-government by consulting firm Accenture reveals the increasingly sophisticated use many national authorities are making of the Internet. The report ranks the 22 governments according to the extent and complexity of their Web use. Canada, for the third year running, has been found to have the most sophisticated e-government. Ranked just below Canada are the U.K., the U.S., Singapore and Australia. Further information may be found at http://news.bbc.co.uk/2/hi/technology/2928597.stm

On April 7th, a federal judge dismissed an ACLU lawsuit aimed at diluting the Digital Millennium Copyright Act. The ACLU's suit, filed against filtering-software company N2H2 last July on behalf of Harvard Law School student Ben Edelman, claimed the law unconstitutionally interfered with researchers' ability to investigate and evaluate the effectiveness of Internet filtering software. The Judge ruled there was no protected constitutional interest that outweighed N2H2's right to protect its copyrighted property from an "invasive and destructive trespass." The decision in Edelman v. N2H2 may be found at
http://cyber.law.harvard.edu/people/edelman/edelman-v-n2h2/order-040703.pdf

On April 10th, the 6th Circuit Court of Appeals issued a decision that considers whether the use of trademark in the "post domain" path may constitute trademark infringement. At issue was a web page that sold a portable computer stand at the URL "2zsolutions.com/desks/floor/laptraveler/dkfl-lt.htm." A competitor sued over the use of the word "laptraveler." The court, noting that post-domain paths do not typically signify source, denied the claim, finding that "it is unlikely that the presence of another's trademark in the post-domain path of a URL would ever violate trademark law." The decision in Interactive Products Corporation v. a2z Mobile Office Solutions may be found at http://laws.findlaw.com/6th/03a0111p.html