Issue 73 July 2003	BYTES IN BRIEF® by Editors: Sharon D. Nelson, Esq. and John W. Simek. Associate Editors: Jaime W. Burgess and Anthony J. Stefano Editor Emeritus: G.V. Nelson. 10000 + subscribers worldwide.® 2003 Sensei Enterprises, Inc. All rights reserved. This newsletter may not be reproduced or redistributed in any manner except with consent of the copyright owner. Distributed by this site under license.

On June 23rd, the Supreme Court upheld the Children's Internet Protection Act (CIPA), which requires libraries to filter Web content or lose certain federal funds. CIPA, passed in 2000, was designed to prevent children from being exposed to indecent material on the Internet. Opponents argued that CIPA violated the free-speech rights of adults and could prevent minors from getting information about topics such as breast cancer or the Holocaust. In a 6-3 decision, the Court said that libraries could turn off the software upon request, so that people could have more access to Web material. The court said that protecting minors from viewing inappropriate material was a substantial government interest and that filtering software is currently the best method for achieving that objective. The decision in U.S. et al v. American Library Association et al may be found at http://www.supremecourtus.gov/opinions/02pdf/02-361.pdf

A new unclassified report, entitled "Failing to Keep Up With the Information Revolution," offers a scathing evaluation of the CIA's use of information technology for intelligence analysis, calling its networking and information-searching capabilities primitive and saying that the agency's emphasis on secrecy fundamentally discourages IT use and adoption by CIA analysts. The study was conducted by a scholar, Bruce Berkowitz, working with the CIA's Sherman Kent Center for Intelligence Analysis, a think tank attached to the analyst training center in the CIA's Directorate of Intelligence (DI). The report appeared in the most recent edition of the intelligence-community publication Studies in Intelligence. Berkowitz found that DI analysts lack access to even the most common information-searching technology for conducting intelligence analysis, such as Web-based search engines. He places much of the blame on the CIA’s mania for security, which creates a "risk exclusion" rather than "risk management" approach to the adoption of technology. The study may be found at http://www.cia.gov/csi/studies/vol47no1/article07.html

On May 27th, the U.S. Western District Court of Oklahoma dismissed a suit against search engine Google brought by SearchKing, an Oklahoma City web hosting and advertising network. SearchKing complained that Google's PageRank algorithm had devalued SearchKing's PageRank score, bumping it and its ad network out of listings. The Web-hosting company operated an ad network that sold text links on popular Web sites to get them a better listing in Google results. Late last year, SearchKing's top listing was restored on Google, but SearchKing sought $75,000 in damages. Judge Vicki Miles-LaGrange dismissed the case on the grounds that Google's formula for calculating the popularity of a Web page, or "PageRank," constitutes opinions protected by the First Amendment. The court ruling stated, "The court simply finds there is no conceivable way to prove that the relative significance assigned to a given Web site is false . . . Accordingly, the court concludes Google's PageRanks are entitled to full constitutional protection." Further information may be found at http://news.com.com/2102-1032_3-1011740.html?tag=ni_print

On May 29th, the Federal Trade Commission (FTC) announced that it had reached a settlement with Leasecomm, a Massachusetts company accused of cheating tens of thousands of consumers with deceptive work-at-home and Internet-business opportunities. As part of the settlement with the FTC and eight states, Leasecomm has agreed to cancel $24 million in court judgments against its customers. Leasecomm Corp. and its parent company, MicroFinancial Inc., also agreed to pay a $1 million fine to cover the states' legal and law enforcement costs. Consumers had to sign contracts requiring payments of $3,000 to $4,000 over three or four years, according to the FTC. The contracts were written to ensure that customers had to pay even when vendors used fraud or the products failed to perform as advertised. The contracts allowed the company to sue in Massachusetts rather than where consumers lived and purchased the business opportunity. Most people could not afford to travel to contest the charges and had default judgments entered against them. Leasecomm won about 27,000 default judgments in the past three years. If consumers did not pay the judgments, Leasecomm tried to collect by garnishing their wages or going after their bank accounts, according to the FTC. Under the terms of the settlement, Leasecomm must bring any new lawsuits where customers live or signed contracts. Consumers who are the subject of more than 2,000 pending lawsuits can have their cases moved to local jurisdictions. Further information may be found at http://www.ftc.gov/ro/leasecomm

On June 11th, the Federal Trade Commission (FTC) testified before Congress, asking for much broader powers in its battle against spam. A 13-page proposal drafted by the FTC would grant the agency's investigators the power to serve secret requests for subscriber information on Internet service providers, examine FBI criminal databases and swap sensitive information with foreign law enforcement agencies. The proposed legislation, titled the International Consumer Protection Enforcement Act (ICPEA) has been criticized by privacy advocates but endorsed by those frustrated with the ineffectual battle against spam. Further information may be found at http://www.ftc.gov/opa/2003/06/reauthorization.htm

On July 6th, the U.S. Court of Appeals for the District of Columbia ruled that the Federal Communications Commission (FCC) had not exceeded its authority by requiring wireless carriers to provide "number portability" by November 24th. Verizon Wireless and the Cellular Telecommunications and Internet Association had argued that the FCC could not impose the portability requirement, but the court disagreed, finding the action "permissible and reasonable." The decision will allow consumers to retain their phone numbers when they switch cellular providers. Consumer groups have long insisted that the inability to retain numbers is a huge obstacle preventing cell phone users from switching carriers to obtain better service and prices. The carriers argue that the action will raise costs while doing little to foster competition. The wireless industry estimates that number portability will cost more than $1 billion in the first year and $500 million each year thereafter. The industry says that expense will make it harder to provide better cell phone coverage and cheaper phones. The decision in the case may be found at http://pacer.cadc.uscourts.gov/docs/common/opinions/200306/02-1264a.pdf

On July 1st, a new European Union (EU) directive will take effect, requiring all Internet companies to impose value added tax (VAT) on digital sales. The law adds a 15 percent to 25 percent levy on particular Internet transactions such as software and music downloads, monthly subscriptions to an Internet service provider and on any product purchased through an online auction anywhere in the 15-member bloc of nations. The VAT is nothing new for European companies but their overseas competitors have been exempt, making foreign companies an obvious choice for the price conscious consumer. Further information may be found at http://news.com.com/2100-1019-1014519.html

On June 10th, the House of Representatives passed the Unlawful Internet Gambling Funding Prohibition Act by a 319 – 104 vote. The Act would outlaw credit card, wire transfer, and other payments used to gamble online. It cracks down on the firms that front the funds for interactive roulette, card games, and sports betting. The Act would not bar payments for state-authorized lotteries and racetracks or for peer-to-peer games without wagers. The bill will now go to the Senate. The text of the Act may be found by entering the bill number (H.R. 2143) at http://thomas.loc.gov/

On June 17th, Microsoft announced that it had filed 13 civil suits in the state of Washington against alleged spammers for inundating Microsoft customers with deceptive e-mail. It also filed two suits in the United Kingdom, where the defendants are accused of illegally harvesting Microsoft e-mail addresses for use in building spam mailing lists. Microsoft accused the defendants in the 15 suits of being collectively responsible for sending the company's customers more than 2 billion unsolicited commercial messages. Microsoft doesn't name specific defendants in some of the suits, having filed "John Doe" suits, but could gain the ability to subpoena documents that would identify the alleged spammers. Further information may be found at http://www.microsoft.com/presspass/features/2003/jun03/06-17SpamEnforcement.asp

On June 13th, New York’s Attorney General, Eliot Spitzer, announced that his office had settled with America Online’s Netscape Communications over alleged privacy violations involving its SmartDownload application. Under the terms of the settlement, Netscape will pay the state of New York $100,000, delete data collected through the application and agree to privacy audits. AOL did not admit nor deny wrongdoing in the settlement, but has already discarded tracking features in new versions of the software. Further information may be found at http://www.oag.state.ny.us/press/2003/jun/jun13b_03.html

Beginning on July 1st, California companies must warn California customers of security holes in their corporate computer networks. If a retailer finds that its database of credit card numbers may have been hacked, it must e-mail customers warning them that a hacker may have their credit card numbers. The regulation applies to any company that stores data electronically and does business in California. Companies must alert customers whenever "unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person." The bill defines personal information as an individual's first name or initial and last name, with one of the following: Social Security number; driver's license number; state identification number; or credit or debit card account number and security code. Local politicians call the regulation the first of its kind in the U.S., and it could become the model for laws nationwide. A similar bill is expected to be introduced shortly in the U.S. Senate. Further information may be found at http://www.siliconvalley.com/mld/siliconvalley/news/editorial/6151122.htm

On June 16th, West Virginia dropped out of the federal appeal of Microsoft’s antitrust settlement, leaving only Massachusetts and two industry trade groups to challenge Microsoft’s 2001 settlement with the Justice Department and a group of states. As a condition of withdrawing from the appeal, Microsoft will fund a total of $21 million in vouchers for West Virginia consumers, schools and government agencies that can be used to buy any computer hardware or software products. The West Virginia settlement is a package deal, also resolving a pending state consumer-protection case against the company and a private class-action suit, both brought in connection with the court finding that Microsoft had broken federal antitrust laws. Microsoft still faces 12 class-action suits nationwide, although it has settled the two largest, in Florida and California. Under the terms of the deal, $18 million in vouchers will be available to consumers who had purchased Microsoft products in the past. Half of any unclaimed vouchers will go to needy schools. An additional $1 million will go to schools, and $700,000 to fund consumer-protection efforts by the state. The remaining $1.3 million will cover state legal costs associated with the case. Spokesmen for the state of Massachusetts said it remains committed to the appeal. Legal documents in the antitrust case may be found at http://www.microsoft.com/presspass/legalnews.asp

On May 20th, U.S. District Judge John Coughenour, the chief federal judge in Seattle, struck down a new state law that banned the publication of personal information about police, corrections and court officers, such as their home addresses and Social Security numbers, without their permission. The law, enacted last year, made it illegal for anyone to disseminate personal information about law enforcement-related employees if it was being done for malicious reasons. The court found that the law was unconstitutional and suppressed free speech. Bill Sheehan, a computer programmer from Mill Creek, had sued the state because he was forced to take down a Web site he administers that is critical of law enforcement. The Web site also published court orders, criticism and related stories documenting illegal and unethical activities by police officers. Sheehan developed the Web site in 2000 and targeted the Kirkland Police Department, which he believed had been harassing him. Coughenour scolded the state for enacting the law, writing that "there is cause for concern when the Legislature enacts a statute proscribing a type of political speech in a concerted effort to silence particular speakers. ..." The decision in Sheehan v. Gregoire et al may be found at http://www.justicefiles.org/Coughenour%20Decision/CoughenourDecision.htm

On June 2nd, the 4th Circuit Court of Appeals overturned a lower court decision that effectively upheld an ICANN (Internet Corporation for Assigned Names and Numbers) UDRP (Uniform Domain Name Dispute Resolution Policy) decision to transfer the domain name barcelona.com to the City of Barcelona. The court ruled that it would not grant ICANN UDRP decisions any deference and ruled that the lower court erred in applying Spanish law to an Anticybersquatting Consumer Protection Act (ACPA) case. The court noted that the ACPA explicitly requires the application of U.S. law. The decision in the case may be found at http://pacer.ca4.uscourts.gov/opinion.pdf/021396.P.pdf

On June 18th, the National Association of Securities Dealers (NASD) told its 336 member firms they must save instant messages for at least three years. The Wall Street self-regulatory organization said the instant messages also couldn’t violate NASD rules governing sales literature and correspondence. The NASD released a statement, which said, "Firms have to remember that regardless of the informality of instant messaging, it is still subject to the same requirements as e-mail communications and members must ensure that their use of instant messaging is consistent with their basic supervisory and record keeping obligations." Further information may be found at http://www.nasdr.com/news/pr2003/release_03_026.html

On June 11th, it was announced that the United Kingdom’s Information Commissioner had published a new code of practice that creates penalties for employers that engage in computer surveillance of their employees without justifying intrusive monitoring and without advising employees when they are being monitored. The Employment Practice Data Protection Code covers a range of surveillance activities, including opening e-mails or voicemails, monitoring Internet usage, and the use of cameras. Serious breaches of the rules could lead to fines of corporate directors. Further information may be found at http://money.guardian.co.uk/work/story/0,1456,975109,00html

On June 16th, the Nominating Committee of the Internet Corporation for Assigned Names and Numbers (ICANN) released its candidates for the ICANN board, Generic Names Supporting Organization, and Interim At-Large Advisory Committee. The candidates come from diverse geographical and professional backgrounds. Further information may be found at http://www.icann.org/announcements/announcement-16jun03htm. Biographies of the nominees may be found at http://www.icann.org/committees/nom-comm/nominee-biographies-16jun03.htm

The dot.pro domain will go live sometime in late July, but most lawyers seem distinctly unexcited about it and unlikely to move from their .com domains. The new dot.pro domain provides some additional features, such as tools to facilitate confidential communications over the Internet-specifically, digital certificates and software to encrypt e-mail. There will also be a sub-domain of law.pro. Lawyers seem particularly unenthused about the $300 per year cost of the domain, though some firms will reluctantly purchase names if only to protect the firm "brand." Further information may be found at http://www.nlj.com/business/061603bizlede.shtml

The Paris-based Organisation for Economic Co-operationand Development (OECD) has published new guidelines to tackle international fraud and spam. The guidelines promise to make it easier for member governments to collect evidence and practical help from foreign agencies, and to otherwise increase international cooperation in the prosecution of spammers and other cross-border frauds. The OECD has thirty member nations, including the U.S., Germany, Japan and United Kingdom. The guidelines may be found at http://www.oecd.org

On June 9th, a California appellate court released its decision in Net2Phone v. Los Angeles County Superior Court, ruling that a consumer contract containing a forum selection clause is not unenforceable merely by reason of the fact that the forum selection clause is disclosed to consumers via a hyperlink. Net2Phone's site contained a requirement that all disputes be litigated in New Jersey, which was disclosed to consumers via hyperlinks to its "Terms of Use" and "End User License Agreement." The court found this was enforceable against a non-contracting party that was suing on behalf of Net2Phone users as a private attorney general. The decision in the case may be found at http://www.courtinfo.ca.gov/opinions/documents/B162210.PDF

Guess Inc. agreed to settle with the Federal Trade Commission (FTC) charges that it exposed consumers' personal information to computer hackers. The FTC alleged Guess did not use reasonable or appropriate measures to prevent consumer information from being accessed at its Web site. The complaint may be found at http://www.ftc.gov/os/2003/06/guesscmp.htm and the settlement may be found at http://www.ftc.gov/os/2003/06/guessagree.htm

On June 23rd, the Electronic Frontier Foundation (EFF) and the Online Policy Group released a study documenting the effects of Internet filtering in American schools. The study found that blocking software over blocked state-mandated curriculum topics extensively. For every Web page correctly blocked, one or more was blocked incorrectly. According to the study, there are viable alternatives to Internet blocking software such as Internet use policies, media literacy education, directed use and supervised use. After testing nearly a million web pages related to state-mandated curriculums, the researchers found that of the Web pages blocked, 97-99% of a statistically significant sample were blocked using non-standard, discretionary and potentially illegal criteria that exceed the criteria demanded by the Children’s Internet Protection Act (CIPA). The study may be found at http://www.eff.org/Censorship/Censorware/net_block_report/

On June 24th, a split 9th Circuit Court of Appeals ruled that a listserv moderator has the statutory protection afforded to providers of interactive computer services under section 230 of the Communications Decency Act (CDA). In the particular case, the court remanded to the trial level to consider whether the posting in question was "provided" for the purposes of online publication. The case involved an e-mail from a tipster about artworks which he believed may have been stolen during World World II to Ton Cremers, the operator of a Web site known as Museum-Security.org. Cremers disseminated the e-mail to his listserv though the information proved to be false. The woman alleged to have stolen artworks sued both the tipster and Cremers. A dissenting opinion argued that the majority interpretation of the CDA would extend protection beyond Congressional intent and immunize the intentional spreading of falsehoods on the Internet. The essential holding in the case is that a Web site operator can be sued only for posting information that a reasonable person would have known wasn’t intended for publication. The decision in Batzel v. Cremers may be found at http://caselaw.findlaw.com/data2/circs/9th/0156380P.pdf