VERISIGN SUES ICANN OVER SITE FINDER

On February 26th, VeriSign filed suit against the Internet Corporation for Assigned Names and Numbers (ICANN), claiming that it had unlawfully been prevented from adding new features to .com and .net. The suit was filed in the central district of California and alleges that ICANN has morphed from a modest technical coordinating body into the "de facto regulator of the domain name system." The lawsuit alleges breach of contract and antitrust violations, focusing heavily on VeriSign’s currently suspended Site Finder service, which redirected expired or nonexistent .com and .net domains to VeriSign’s web site. ICANN ordered VeriSign to cease employing Site Finder based on complaints from network administrators and software developers. The suit asks the court to prohibit ICANN from doing anything to interfere with Site Finder’s reinstatement. The complaint in VeriSign v. ICANN may be found at http://www.politechbot.com/docs/verisign.complaint.p1of2.022604.pdf

On February 24th, the U.S. Supreme Court issued its ruling in Doe v. Chao, which raised questions about the ability to sue the government for revealing personal information. The court ruled that the plaintiff needed to prove that the privacy violation caused actual harm, which the majority of the court found this plaintiff failed to do. Justices ruled 6-3 against a coal miner who sought $1,000 in damages after his Social Security number was revealed. He sued under the Privacy Act, a 1974 law that prohibits routine data collection on ordinary Americans and protects people from having their government records intentionally disclosed. The Supreme Court said the Virginia man, known as Buck Doe, had to prove the government's violation of the privacy law actually harmed him. Justice David H. Souter, writing for the majority, said it is not enough to argue that someone suffers "presumed damages" when information about them is improperly made public. The decision in Doe v. Chao may be found at http://www.supremecourtus.gov/opinions/03pdf/02-1377.pdf

On February 10th, the 9th Circuit Court of Appeals reversed a trial court decision summary judgment ruling that America Online (AOL) qualified for a Digital Millennium Copyright Act (DMCA) safe harbor in a copyright infringement action brought by science fiction author Harlan Ellison. The case arose when one of the defendants, Stephen Robertson, posted some of Ellison’s short stories on a peer-to-peer file sharing network, USE-NET, to which AOL subscribers have access. The court ruled that it was difficult to conclude that AOL had "reasonably implemented" a policy against repeat infringers as required by the safe harbor provisions. The court did uphold the dismissal of contributory and vicarious copyright infringement claims against AOL. The decision in Ellison v. AOL may be found at http://www.ca9.uscourts.gov/ca9/newopinions.nsf/9B0A55634A78267788256E35007C151D /$file/0255797.pdf?openelement

MICROSOFT SOURCE CODE LEAKED

On February 20th, Microsoft released a statement about the recent leaking of source code for Windows 2000 and NT. Microsoft noted that it became aware of the illegal code being posted on the Internet on February 12th. According to the company, subsequent investigation showed that this was not the result of any breach of Microsoft’s corporate network or internal security, nor was it related to Microsoft’s Shared Source Initiative or its Government Security Program. Microsoft is working with the Federal Bureau of Investigation and other law enforcement authorities to trace the source of the leaks. Microsoft is sending letters explaining to individuals who have already downloaded the source code that such actions are in violation of the law. Additionally, Microsoft has instituted the use of alerts on several peer-to-peer clients where such illegal sharing of the source code has taken place. These alerts are designed to inform any user who conducts specific searches on these networks to locate and download the source code that such activity is illegal. Further information may be found at http://www.microsoft.com/presspass/press/2004/Feb04/02-12windowssource.asp

On February 17th, the 10th Circuit Court of Appeals upheld the validity of the Federal Trade Commission’s "Do Not Call" registry. The ruling dismissed telemarketers' claims that the registry violates free speech rights and is unfair because it does not apply to charities and political solicitations. The 10th U.S. Circuit Court of Appeals called the registry "a reasonable fit." The court said "We hold that the do-not-call registry is a valid commercial speech regulation because it directly advances the government's important interests in safeguarding personal privacy and reducing the danger of telemarketing abuse without burdening an excessive amount of speech." The decision in Mainstream Marketing Service v. FTC may be found at http://www.ca10.uscourts.gov/opinions/03-1429.pdf

On February 26th, U.S. Senators Conrad Burns (R-Mont.), Ron Wyden (D-Ore.), and Barbara Boxer (D-Calif.), introduced legislation to prohibit spyware, adware, and other invasive software from being secretly installed on Americans’ computers. For the first time, the SPYBLOCK (Software Principles Yielding Better Levels of Consumer Knowledge) Act would prohibit installing software on somebody else's computer without notice and consent, and would require reasonable "uninstall" procedures for all downloadable software. Spyware, adware and other hidden programs often secretly piggyback on downloaded Internet software without the user’s knowledge, transmitting information about computer usage and generating pop-up advertisements. Frequently such software is designed to be virtually impossible to uninstall. The text of the Act may be found by entering the bill number (S. 2131) at http://thomas.loc.gov/

On February 10th, the Center for Democracy and Technology (CDT) filed a complaint with the Federal Trade Commission (FTC) alleging that software developer Mail Wiper and its marketing affiliate Seismic Entertainment Productions have used deceptive practices and hijacked Web browsers, changing a user’s home page, to frighten consumers into buying their anti-spyware products. CDT asked regulators to launch an investigation of Mail Wiper, which produces a product called "Spy Wiper," and Seismic. It wants them to block the companies from such practices in the future. Confronted with evidence of controversial marketing practices by partner Seismic, Mail Wiper claimed ignorance, telling the CDT that it was not aware of and did not condone any irresponsible behavior that its affiliates might be engaged in. Nevertheless, the CDT decided to file a complaint against both companies, in part reacting to numerous protests from consumers. The complaint in the case may be found at http://www.cdt.org/privacy/20040210cdt.pdf

On February 10th, MX Logic, a manufacturer of mail-filtering software, released data showing that only 3 percent of bulk commercial e-mail includes a valid address and a valid link to opt out of future messages, as required by the CAN-SPAM act. In fact, the amount of spam has continued to grow since the law went into effect at the beginning of the year. As much as 60 percent of the e-mail sent in January was spam, up from 58 percent in December, according to San Francisco-based Brightmail, one of the largest spam-filtering companies. To conduct its survey, MX Logic analyzed 10,000 random pieces of commercial e-mail over a 30-day period ending in February to detect a valid postal address and an opt-out link. In the first week of January, it surveyed 1,000 messages in the same fashion and found that only 1 percent of e-mail complied with the law. Further information may be found at http://www.mxlogic.com/news_events/CAN-SPAM.2_10_04.html

On January 29th, the Federal Trade Commission (FTC) and its counterparts in 26 other countries began to send e-mail messages to tens of thousands of people thought to be accountable for open relays and open proxies that spammers are using to send unsolicited e-mail. An open relay is a mail server configured so that any unauthenticated user can use it as a relay point for mail to any recipient. Likewise, open proxies, often misconfigured Web servers, will permit spam to be sent anonymously. The FTC's "Secure Your Server" e-mail cautions that unless the recipient takes action, "our network connections may become clogged with traffic; your administrative costs may increase; or your Internet Service Provider may shut down your Internet service." Servers identified in the campaign were collected from existing antispam blacklists such as the Open Relay Database and the Open Proxy Database. The notifications will be sent to owners of the range of Internet addresses that the open proxies or relays inhabit and not normally to end users. Other nations participating in the campaign include the United Kingdom, Canada, Australia, Singapore, Japan, Switzerland and South Korea. The FTC’s "Secure Your Server" e-mail and accompanying press release may be found at http://www.ftc.gov/bcp/conline/edcams/spam/secureyourserver/index.htm

On January 28th, the Federal Trade Commission (FTC) announced that pornographic spam e-mail will have to be clearly labeled by mid-June to allow Internet users to easily filter it out. Unsolicited pornography will have to bear a label reading "SEXUALLY-EXPLICIT-CONTENT:" in the subject line, and the messages themselves will not be allowed to contain graphic material. The recently passed "CAN-SPAM" act required the FTC to develop labels for pornographic e-mail. An FTC study released last spring found that 17 percent of pornographic offers contained images of nudity that appeared whether a recipient wanted to see them or not. Further information may be found at http://www.internetnews.com/bus-news/article.php/3306041

On February 4th, the Fraudulent Online Identity Sanctions Act was introduced in the House of Representatives by Reps. Lamar Smith and Howard Berman. The act would add as much as seven years to prison sentences given to anyone committing fraud through a Web site registered under a false name or contact information. It would also permit copyright owners to seek larger monetary damages from people who falsify their registration information to run Web sites that distribute copyrighted material without permission. Smith and Berman drafted the bill after receiving complaints from the entertainment and software industries that much of their material is made available for free on Web sites whose owners are impossible to track down because their domain name registrations often contain made-up names and phone numbers. The proposal is expected to generate opposition from privacy advocates who say that information like home addresses and telephone numbers should not be made available if the registrant does not want it revealed. Privacy advocates say that the information, if made available on WHOIS, would make the databases a hunting ground for unscrupulous marketers, identity thieves and stalkers. Proponents argue that the bill would not affect people who are trying to safeguard their privacy because it only makes it a crime to submit false registration data when it is done to help commit a crime. The text of the Act may be found by entering the bill number (H.R. 3754) at http://thomas.loc.gov/

On February 2nd, President Bush proposed a $2.4 trillion federal budget, the largest in history, which would increase spending for information technology and computer crime investigation. The budget year would begin on October 1, 2004. The bill asks Congress to ignore a widening deficit of $521 billion and to increase defense spending by 7 percent and homeland security spending by 10 percent. Total federal spending on information technology would grow to $59.8 billion, up slightly from the $59.1 billion requested by Bush last year. The Defense Department takes a large portion, with a proposed $27.4 billion, followed by the Department of Health and Human Services with $5 billion and the Department of Homeland Security at $4.4 billion. While funding for most federal agencies would only grow by a few percent, notable exceptions were the Justice Department and the Department of Homeland Security, which would each get an increase of around 10 percent. The Department of Homeland Security's National Cyber Security Division, which distributed information about the Blaster worm and SoBig virus, would receive $80 million. The Justice Department's spending on cybercrime would leap from the $157 million allocated by Congress for the 2003 fiscal year to $265 million. The agency's Internet Crimes Against Children program, which investigates child pornography and enticement cases, would receive a $2 million increase, to $14.5 million. Bush's request for the National Institute of Standards and Technology (NIST) would increase the budget from $497 million to $522 million. The budget request may be found at http://www.whitehouse.gov/omb/budget/fy2005/budget.html

On February 3rd, The United States Attorney's Office for the Northern District of California announced that Alec Scott Papierniak, 20, of Mankato, Minnesota, pleaded guilty in federal court in San Jose, to one count of wire fraud in violation of 18 U.S.C. § 1343. Papierniak was able to siphon money from online accounts after he tricked users into handing over their user names and passwords via bogus security alerts. These bogus alerts directed users to a deceptive Web site run by Papierniak, instead of the genuine PayPal site. Papierniak engaged in his fraudulent conduct for two years until he was apprehended in September of 2003. He confessed to stealing in excess of $30,000 and has agreed to pay restitution to his victims. Papierniak pleaded guilty to a specimen charge involving theft of $10,000 from one account and is scheduled to return for sentencing by US District Judge James Ware on May 10th. Wire fraud is punishable by up to 20 years imprisonment but the guilty plea is expected to lessen his sentence. The Department of Justice press release may be found at http://www.usdoj.gov/usao/can/press/html/2004_02_03_papierniak.html

After intense criticism, the Pentagon announced on February 5th that it was scrapping the Secure Electronic Registration and Voting Experiment (SERVE) until the current system can guarantee the security of the voting process or a new system is designed. The system had been intended to let Americans who are overseas vote in the upcoming elections. The decision comes on the heels of a January report by four experts who gave failing grades to Internet voting. The report argues that creating an e-voting system that guarantees each person votes once and protects the voter's identity is impossible with the current state of the Internet. Further information may be found at http://www.computerworld.com/securitytopics/security/story/0,10801,89902,00.html

In a report released on February 9th, VeriSign stated that online fraud, site hacking and identity theft are rapidly escalating. VeriSign tracked a 176 percent increase in the number of probes potential hackers launched during the holidays. The study tabulated the numbers of attacks registered by corporate firewalls and network intrusion systems in order to develop its security conclusions. In addition, VeriSign said e-commerce merchants rejected as too risky some 7 percent of all orders placed online during the holidays, with most being turned down because of questionable credit card numbers or suspected identity theft. According to the report, the United States continues to lead all countries in total volume of online fraud. Indonesia ranked highest among all nations in percentage of fraud per transaction, followed by Nigeria, Pakistan, Ghana and Israel. Further information may be found at http://www.verisign.com/corporate/news/2004/pr_20040209.html

On February 12th, the Federal Trade Commission (FTC) warned consumers not to submit their e-mail addresses to a bogus Web site address that promised to reduce spam. The FTC cautioned that entering information at http://www.unsub.us (currently offline) could result in receiving more unsolicited e-mail than before or in becoming victim to identity theft. The phony site uses the same color scheme and design elements as one maintained by the FTC to sign up consumers for the national "do not call" registry, which reduces unwanted telemarketing calls. The FTC has been ordered by Congress to examine whether a similar "do not spam" list would be feasible, but the agency hasn't yet reached a conclusion and does not operate a "do not spam" Web site. Further information may be found at http://www.ftc.gov/opa/2004/02/spamcam.htm

On February 18th, Microsoft expanded its litigation against Linux seller Lindows, suing it in the Federal Court of Canada in Ottawa. The suit makes trademark infringment allegations similar to those made in the United States and Europe and seeks an injunction barring Lindows from doing business under that name. The U.S. suit, filed shortly after Lindows began business, claims the company's name infringes on Microsoft's trademark for its Windows operating system. Lindows, which sells a version of the open-source Linux operating system with an interface similar to Windows, argues the Microsoft trademark is invalid because "window" was a generic computing term at the time it was granted. The judge hearing the U.S. cases denied Microsoft's requests for an injunction against Lindows. The judge also recently ruled in Lindows' favor in declaring that the jury must consider use of the term "windows" around the time the trademark was granted. The complaint in the case may be found at http://info.lindows.com/canadasuit.pdf

On February 17th, the Recording Industry Association of America (RIAA) announced that it had filed another 531 suits against individuals for swapping music files in violation of copyright law. In accordance with a court ruling from last year, the suits are all "John Doe" suits, as the ruling directed that the RIAA must file suit before it can subpoena ISPs for information that links alleged file-swapping evidence to the subscriber names on a given ISP account. This brings the total number of people sued close to 1,500. In the latest batch of suits, as with the last, the RIAA has bundled together scores of anonymous file swappers whose apparent Internet Protocol addresses mark them as subscribers of the same ISP, and filed against them in a single lawsuit. There are five separate suits against a total of 531 anonymous Net subscribers, filed in federal courts in Philadelphia, Atlanta, Orlando and Trenton. The RIAA declined to say which ISPs were the subject of the lawsuits. A total of 381 people have now settled with the RIAA. Further information may be found at http://www.riaa.com/news/newsletter/021704.asp

On February 24th, Microsoft announced that it is launching a system to make it harder for spammers to disguise their locations, part of a broad initiative that company chairman Bill Gates said would reduce spam. Named "Caller ID for E-mail," the system would allow computers to recognize whether incoming e-mail is from a legitimate Internet address. The project is intended to foil spammers who routinely falsify their sending location in order to hide their identities, a maneuver known as spoofing. Authenticating legitimate e-mail requires some technical changes in the way e-mail is handled, and thus is dependent on widespread adoption by the firms that process the billions of e-mails sent each day. In an attempt to develop a shared approach, Microsoft’s Chairman unveiled proposed technical specifications from Microsoft. He said Microsoft's Hotmail e-mail service would immediately take the first step by electronically "publishing" the list of all of the numeric Internet addresses assigned to its computers that send out mail. That list can then be electronically checked by computers that receive e-mail. If, for example, a piece of e-mail purports to come from a Hotmail address in the "from" line, the receiving computers can check if the message actually originated from one of the Internet addresses registered to Microsoft. If not, the mail will be assumed to be fraudulent and blocked. Microsoft hopes other companies will follow suit and establish a standard way of doing business. As part of that effort, Microsoft announced a partnership to test the system with Sendmail, Inc., which processes e-mail for about 70 percent of Fortune 1000 companies, Brightmail Inc., the country's largest filtering firm, and giant Internet retailer Amazon.com, Inc. The authentication system would not prevent a smaller but escalating problem, that of spammers employing hackers to spread viruses and worms that infect computers with "Trojan" code that can use those machines to send spam. In that case, the machine sending the spam is legitimately registered and its owner unaware that it is being used to generate the spam. Further information may be found at http://www.microsoft.com/presspass/features/2004/Feb04/02-24CallerID.asp

On January 29th, a California state appellate court upheld the constitutionality of a city law that requires cybercafes to implement security measures, including video surveillance systems. Faced with rising gang activity at Internet cafes, the number of which had grown from 3 to 22 in two years, the Orange County city of Garden Grove in 2002 placed a moratorium on more cafes. It also prohibited minors from visiting the cafes during school hours, required uniformed security guards on Friday and Saturday nights, and demanded the installation of video surveillance systems. Cafe owners filed suit, claiming violations of their free speech and privacy rights. Orange County Superior Court Judge Dennis Choate agreed, saying the ordinance was overly burdensome and not narrowly tailored to avoid First Amendment problems. However, the Santa Ana-based 4th District disagreed on both grounds, saying that the city's "time, place and manner restrictions" on First Amendment activities were narrow and were adopted for legitimate governmental reasons. A strong dissent argued that the opinion "represents a sad day in the history of civil liberties" as the majority "see[s] no infringement on privacy when a video camera is, literally, looking over your shoulder while you are surfing the Internet." The decision may be found at http://www.lessig.org/blog/archives/G032058.pdf

On January 29th, a Florida state appellate court declined to enforce America Online’s forum selection clause contained in its terms of service, saying that enforcement would deny residents the benefits of certain state acts that protect consumers. The case arose as part of a class action suit brought against AOL over difficulties in unsubscribing from the service. The decision in AOL v. Pasieka may be found at http://www.1dca.org/opinion/opinions2004/1-29-04/03-2290.pdf

On January 27th, the Ontario Superior Court of Justice asserted jurisdiction over the Washington Post in a defamation suit over an article published in the paper. The court referred to the Australian Gutnick case in noting that the article was available via the Internet in Ontario and that the plaintiff was also currently a resident in the province. However, the plaintiff was not resident in Ontario when the article was first published. The case involved Cheickh Bangoura, who headed a United Nations agency in Africa from 1994 to 1997. Mr. Bangoura's contract was not renewed after a series of articles appeared in The Washington Post that accused him of sexual harassment, financial improprieties and nepotism. Two United Nations' panels later cleared him of any wrongdoing and ordered the organization to pay him compensation. The decision in Bangoura v. Washington Post may be found at http://www.canlii.org/on/cas/onsc/2004/2004onsc10181.html

A coalition of registrars has sent a letter to the Internet Corporation for Assigned Names and Numbers (ICANN) claiming that if launched, Verisign's proposed Wait List Service (WLS) "would constitute an unlawful and fraudulent protection racket in violation of state and federal consumer protection and unfair competition laws." The letter argues that WLS violates the Federal Trade Commission Act and consumer protection laws because it deceptively makes it sound as if subscribers have a good chance of getting the domain name they are paying to wait for. It also says that WLS is anti-competitive. The letter may be found at http://www.icannwatch.org/essays/WLS-is-unlawful.pdf

On February 18th, the Federal Trade Commission (FTC) announced that it had settled claims brought under the Children's Online Privacy Protection Act (COPPA) against UMG Recordings and Bonzi Software. The UMG Recordings is the largest settlement to date, with the company agreeing to pay $400,000 to settle the action for knowingly collecting personal information from children online without first obtaining parental consent. Bonzi Software, distributor of the BonziBUDDY software, will pay civil penalties of $75,000. The Bonzi Software case is the first COPPA case to challenge the information collection practices of an online service in connection with a software product. Previous FTC COPPA cases have addressed Web site operators' information collection practices. Documents in the two cases may be found at http://www.ftc.gov/os/caselist/bonzi/bonzi.htm and  http://www.ftc.gov/os/caselist/umgrecordings/umgrecordings.htm

On February 19th, the U.S. District Court for the Northern District of California ruled that software company 321 Studios' popular DVD-copying products infringe copyright law. Judge Susan Illston granted Hollywood studios' request for an injunction against 321 Studios, saying the small software company has seven days to stop distributing its DVD-copying products. 321 Studios said it plans to modify and keep selling its product. The case was seen as a test of how far commercial software could go in assisting consumers in making backup copies of their own legally purchased digital entertainment products, such as DVDs or video games. Judge Illston wrote that copyright law makes it illegal to sell products that break through DVD antipiracy technology even if consumers do have the legal right to make personal copies of their movies. "It is the technology itself at issue, not the uses to which the copyrighted material may be put," according to the judge. "Legal downstream use of the copyrighted material by customers is not a defense to the software manufacturer’s violation of the provisions of copyright law." The decision in 321 Studios v. MGM Studios may be found at http://news.findlaw.com/hdocs/docs/mgm/321mgm22004ord.pdf