ACLU CHALLENGES NATIONAL SECURITY LETTERS

On May 25th, new documents were released in the extraordinary suit that the American Civil Liberties Union (ACLU) filed against the U.S. government on April 6th. The suit challenges the FBI's unchecked authority to issue "National Security Letters" (NSLs), which demand sensitive customer records from Internet Service Providers and other businesses without judicial oversight. Before the Patriot Act, the FBI could use the NSL authority only against suspected terrorists and spies. Section 505 of the Patriot Act allows the FBI to use NSLs to obtain information about anyone. The ACLU filed the lawsuit under seal to avoid penalties for violating the NSL statute's broad gag provision, a provision that the ACLU is challenging on First Amendment grounds. After filing the case, it took nearly three weeks for the ACLU to reach an agreement with the government that allowed the disclosure of anything about the case. A redacted version of the complaint is available along with other pleadings but many details about the case are still under seal. Proposed new legislation, the "Anti-Terrorism Intelligence Tools Improvement Act of 2003" (H.R. 3179), would enhance the government's secret power to obtain personal records without judicial review, limit judicial discretion over the use of secret evidence in criminal cases, eliminate important foreign intelligence wiretapping safeguards, and allow the use of secret intelligence wiretaps in civil cases without notice or an opportunity to suppress illegally-acquired evidence. Further information and pleadings may be found at http://www.aclu.org/SafeandFree/SafeandFree.cfm?ID=15543&c=262

On April 30th, California Secretary of State Kevin Shelley announced that he was decertifying all electronic touch-screen voting machines in the state due to security concerns and lack of voter confidence. He also said that he was passing along evidence to the state's attorney general to bring criminal and civil charges against voting-machine-maker Diebold Election Systems for fraud. Additionally, Shelley declared that no county or vendor would be able to make last-minute changes to voting systems. Also, all counties will have to provide voters with the option of voting on a provisional paper ballot if they feel uncomfortable casting votes on the paperless e-voting machines. Voting companies would bear the brunt of the estimated $1 million cost for providing extra provisional ballots to every county. Shelley noted that the vendors caused the erosion in voter confidence, so they will have to pay for the solution. Counties will not be able to purchase any new e-voting machines unless the machines can produce a voter-verified paper trail that voters can use to authenticate that their vote was recorded accurately. Shelley announced that the state would have in place by May 30th a standard for a voter-verified paper trail on voting systems. The Federal Election Commission is also moving to create its own standards and testing procedures for such a function so that new voting systems that offer an audit trail could be put in place. There is currently only one machine that is fully certified by federal and state authorities- the Vote-Trakker by Avante International Technology. A second company, AccuPoll, just received federal certification for its system and is working on state certification. Further information may be found at http://www.ss.ca.gov/elections/touchscreen.htm

On April 28th, the U.S. Department of Justice filed a criminal complaint against four men from the Detroit area, the first case filed under the Can-Spam Act. The suit, filed in the U.S. District Court of Michigan, alleges that Daniel J. Lin, James J. Lin, Mark M. Sadek and Christopher Chung violated the terms of the Can-Spam Act by creating massive e-mail campaigns that marketed fraudulent weight loss products. The four men are accused of generating hundreds of thousands of different e-mails that hid their identities and advertised a weight loss patch. The e-mails were sent out under a variety of company names, including AIT Herbal, Avatar Nutrition and Phoenix Avatar, identified collectively as the Avatar Companies. The e-mails were allegedly sent to millions of e-mail accounts over the course of several years. The Federal Trade Commission, also involved in investigating the operation, said in the filing that it had received more than 10,000 complaints regarding the Avatar operation and had discovered 97 different Web site domain names purportedly being used by the involved individuals to advertise the diet patches. Investigators then followed a paper trail via the U.S. Postal Service, which led them to the four men. A medical expert confirmed that the so-called diet patch was ineffective. Further information may be found at http://www.usdoj.gov/opa/pr/2004/April/04_crm_281.htm

Google filed a registration with the Securities and Exchange Commission on April 29th, seeking to raise $2.7 billion in an eclectic auction-style offering which will give the founders rare control over the company. Google will create two classes of shares with different voting rights, a move that aims to guarantee that founders Sergey Brin and Larry Page will maintain decision-making authority. With the filing, Google for the first time released its financial results, finally revealing specifics about the company's profitability. The company generated $961.9 million in revenue in fiscal 2003 and posted $105.6 million in net profit. That marked the third consecutive year of profits for the Web's most popular search engine. During the most recent quarter, which ended March 31st, Google collected $389.6 million in revenue and posted a $64 million profit. The IPO process itself will be Dutch auction-based. Google’s press release announcing the SEC filing may be found at http://www.google.com/press/pressrel/reg_statement.html. An amended SEC filing was filed in late May and information about that filing may be found at http://www.usatoday.com/money/industries/technology/2004-05-16-google-nonvoting_ x.htm

AXA, a French-owned international insurance and asset management company, has sued Google for trademark infringement in a French court. The suit arises from Google’s AdWords pay-per-click advertising service that allows marketers to pay to have their ads appear when someone searches for a specific term. AXA alleges that searching on its name will bring up ads for its competitors. Google has faced a flurry of these suits. Formerly, Google’s advertising policy did not allow for selling trademarks as keywords. But in April, Google announced that it would allow advertisers to include the trademarked terms of others in their keyword ad purchases. However, it will not allow others' trademarks to be used in the ads themselves. The new policy applies only to North America. On May 18th, it was announced that auto insurance company Geico had sued Google and Overture Services for trademark infringement in similar cases. Geico is seeking damages as well as injunctions against Google’s and Overture’s sales of trademarks as keywords. Further information may be found at http://www.internetnews.com/ec-news/print.php/3345621

On May 5th, Microsoft announced that it has adopted an e-mail program developed by IronPort Systems, Inc. that will allow legitimate marketers to pass safely through spam filters by paying a bond. The Hotmail and MSN e-mail services have 170 million regular users. The "Bonded Sender" service will guarantee that marketers who post a cash bond and adhere to a set of guidelines will have their e-mail delivered. Participating marketers must show a history of responsible marketing and provide a simple way for recipients to opt out of future mailings. If the guidelines are abused, the marketers could forfeit a cash bond of up to $20,000. Further information may be found at http://www.microsoft.com/presspass/press/2004/may04/05-05IronportPR.asp

The Federal Trade Commission (FTC) announced on May 3rd that Microsoft Chairman Bill Gates will have to pay an $800,000 fine to settle charges that he violated financial reporting laws in connection with his investment portfolio. The FTC said Gates violated the Hart-Scott-Rodino Premerger Notification Act by not reporting that he had exceeded a 10 percent holding in ICOS. The commission said that because Gates had earlier failed to report reaching the 10 percent threshold in conjunction with his holdings of Republic Services, the commission felt that it needed to seek a fine. Gates has agreed to settle. A lawyer for Gates' investment arm said Gates was not personally involved in the transaction in question. Further information may be found at http://www.ftc.gov/opa/2004/05/gates.htm

On May 4th, Pfizer Inc. said it had filed lawsuits against the operators of five Web sites for selling generic versions of its cholesterol-lowering drug Lipitor. The lawsuits, which were filed in U.S. District courts in Delaware and Connecticut, seek to stop further sales of generic Lipitor and claim damages for patent infringement. Lipitor is still under patent in the United States. Some of the five sites say their product comes from India, which does not recognize drug patents. The suits also seek to remove references to Lipitor in advertising materials and to eliminate computer links that misdirect patients to illegal, unapproved drugs. The defendants are Online Rx DrugStore, Generic Lipitors, B.M. International, WorldMedsRX and Offshore Pharma. Further information may be found at http://www.pfizer.com/are/news_releases/2004pr/mn_2004_0504.html

The United Parcel Service has announced a new service for firms that wish to recycle used and obsolete electronic devices and components. UPS Supply Chain Solutions, a division of UPS, will repair or recycle old equipment through its Asset Recovery and Recycling Management service. For refurbished devices, UPS will also offer resale and remarketing services. The service is aimed at hardware manufacturers and businesses that have a lot of aging equipment. UPS said its distribution facilities could be used as consolidation points by technology companies to return used and damaged electronic components for collection. It also can handle pick-up and shipment of old and excess inventory directly from companies' distribution centers. Pricing for the new service will depend on several factors, including the type of products being recycled, the volume of gear and the distance the gear is being transported. Further information may be found at http://www.ups-scs.com/solutions/asset_recovery.html

On May 13th, IronPort Systems, which owns SpamCop, announced that Judge Saundra Brown Armstrong of the U.S. District Court in the Northern District of California had dissolved a temporary restraining order against IronPort. The TRO had been granted at the request of the online marketing company OptInRealBig, which claimed it had lost business when SpamCop alerted Internet Service Providers about bulk unsolicited e-mail generated by OptInRealBig. The dissolution order in the case may be found at http://spamnews.com/pub/richter-ironport/dissolution_of_ex_parte_TRO.pdf

On May 13th, the Department of Justice (DOJ) announced that a nationwide investigation into child pornography trafficking utilizing Internet file-sharing networks had culminated in 1,000 investigations and 65 arrests. The ongoing investigation focuses on the growing use of "peer-to-peer," or P2P, networks that allow users to connect computers directly with one another to exchange files rather than using traditional Internet servers that are easier to track. Charges against the 65 people arrested so far have included possession and distribution of child pornography and sexual abuse of children. The maximum sentence for a federal child pornography distribution conviction is 20 years in prison. Further information may be found at http://www.usdoj.gov/opa/pr/2004/May/04_crm_331.htm

On May 18th, the Internet Corp for Assigned Names and Numbers (ICANN) said it had persuaded a judge to fundamentally dismiss an antitrust suit filed against it by VeriSign, Inc., which ICANN defines as its "de facto regulator." The judge dismissed the first of seven claims in VeriSign's complaint, which was filed in February. VeriSign has until June 7th to amend the complaint. The suit centers around services such as Site Finder, which ICANN told VeriSign to turn off following public outcry last fall, and Waiting List Service, which ICANN has approved but only after long delays. VeriSign believes ICANN is acting outside of its U.S. government mandate by preventing these services coming to market in a timely manner or at all. ICANN often says it is acting in the best interest of the stability of the Internet. The claim that was dismissed alleged that ICANN violated the Sherman Act, the Federal antitrust law. The judge dismissed this cause of action because of VeriSign's failure factually to allege a conspiracy and injury to competition. Because that claim was the only allegation of Federal law being violated, the Federal judge hearing the case did not rule on the other claims of the suit. The decision in the case may be found at http://www.icann.org/legal/verisign-v-icann/dismissal-order-18may04.pdf

On May 20th, the American Civil Liberties Union (ACLU) announced that the company which administers the multistate Matrix law enforcement database gave the U.S. government a list of 120,000 people who scored high on a computer profile it said was designed to identify likely terrorists. The Florida firm that created the list is Seisint, which says that its "High Terrorism Factor" list has led to scores of arrests. The ACLU has asked for a government investigation to determine who had access to the list of 120,000 people and how the information was used. It called the data-mining program a chilling invasion of privacy that allows police to investigate millions of law-abiding citizens without their knowledge. Last year, Seisint won a contract to run the Multistate Anti-Terrorist Information Exchange, a pilot program known as Matrix that permits law enforcement agencies share information and rapidly sort through billions of computerized records to track criminals. Matrix was launched in 2002 with 13 states that included more than half of the U.S. population, but many have dropped out due to cost and privacy concerns. The five states that still participate - Florida, Pennsylvania, Connecticut, Michigan and Ohio - contain about 19 percent of the U.S. population. The Department of Homeland Security (DHS) gave the program $8 million last year. One document released by the ACLU shows that the funding agreement gave DHS "managerial oversight and control" of the program. Further information may be found at http://www.aclu.org/Privacy/Privacy.cfm?ID=15834&c=130

On May 20th, Reps. Kendrick Meek and Jim Turner introduced that a bill that would establish a federal chief privacy officer position, as well as separate positions at every federal department and agency. Additionally, the Strengthening Homeland Innovation by Emphasizing Liberty, Democracy, and Privacy Act (also known as the Shield Privacy Act) would establish a 10-member commission, appointed by various government bodies, for overseeing privacy and civil-liberty freedoms related to homeland security initiatives. The privacy czar, who would be appointed by the president and positioned in the Office of Management and Budget, would hold primary responsibility for privacy policies throughout the federal government. The czar would ensure that technologies procured by the federal government would not erode privacy protections, as designated under the Privacy Act of 1974. The czar would also evaluate legislative and regulatory proposals involving the federal government's collection and use of Americans' personal information. The czar would present an annual report to Congress concerning each federal agency's activities and violations related to privacy.The text of the bill may be found by entering the bill number (H.R. 4414) at http://thomas.loc.gov/

Spyware and adware are applications which either feed advertising to software already running on your computer or, worse, collect data about your Internet surfing habits, then broadcast that data to marketers. Often, you don't even realize that you've installed these applications because they either piggyback on free software that serves another purpose, such as screen savers or weather programs or, often, download and install via unscrupulous Web sites. The end result is that your browser may have its home page changed and you may see a rapid increase in the number of pop-up ads that clutter your desktop while you surf. There are several programs that can help you determine whether your machine is infected. ZDNET reviewed five anti-spyware and ad-ware programs, selecting Spybot Search and Destroy as the Editor’s Choice. This program is free. Other programs required payment and were not judged to be quite as effective but they include Ad-aware 6.0, PestPatrol 4.2, McAfee AntiSpyware, and Webroot’s Spy Sweeper. Further information may be found at http://reviews-zdnet.com.com/4520-3513_16-5134965-1.html

In Kane County, Illinois, probation officers monitor those charged with or found guilty of sex crimes through the use of a global positioning system tracking device that offenders must carry by court order. If an offender comes within 300 feet of his alleged victim’s home or their elementary school, he could go to jail. The May launch of the Kane County system is the first time a Chicago-area criminal justice agency has used GPS monitoring. Electronic monitoring has long been commonplace for people on parole or probation. Their ankle bracelets send an alarm if they leave their homes, but the devices don't show where they go. GPS tracking fills in the blanks, according to proponents. Kane County's system relies on a tracking device the size of a pocket dictionary, worn on the waist like a pager. If a probationer takes it off and travels more than 50 feet away, the accompanying ankle bracelet takes note. The system doesn't give a person's location in real time. It transmits the movements only when the tracker is put into a docking station, which is connected by phone to a computer. The wearer's location throughout the day then shows up as dots on a map. Green means it was a permissible area; red means a restricted line was crossed. Kane County pays $7.50 a day per individual monitored, funded by a $9,000 state grant. Further information may be found at http://www.chicagotribune.com/technology/chi-0405200397may20,1,5465703.story?col l=chi-techtopheds-hed

On May 19th, Federal Trade Commission (FTC) regulations went into effect requiring that unsolicited commercial e-mail that contains sexually oriented material include the words "SEXUALLY-EXPLICIT" in the subject line. The rule also bars graphic images from appearing in the opening body of the message. Instead, the recipient must take some action in order to see the objectionable material, either by scrolling down in the e-mail or by clicking on a provided link. Spammers who violate the rule face possible imprisonment and criminal fines of up to $250,000 for individuals and $500,000 for an organization. The immediate verdict is that spammers are blithely ignoring the regulations. Further information and a link to the rule and a complaint form may be found at http://www.ftc.gov/opa/2004/05/sexexplicit.htm

On May 17th, L.L. Bean filed suits against four companies it alleged use pop-up ads when some users visit its site. The suits charge that Nordstrom, J.C. Penney, Atkins and Gevalia have traded on the company’s name and infringed its trademark rights. The retailers named in the lawsuits allegedly contracted with software company Claria Corp.(formerly known as Gator), which creates programs to track online habits. These programs then create windows to display specific advertisements when a Web browser visits certain sites. The lawsuit was filed in the U.S. District Court in Portland. Further information may be found at http://www.clickz.com/news/article.php/3355321

On May 25th, Microsoft Corp., author of the Caller ID for E-mail proposal, and Meng Wong, co-founder and CTO of Pobox.com and author of the Sender Policy Framework (SPF), announced that they have agreed to converge the two proposals into one specification designed to help eliminate domain spoofing and provide greater protection against phishing schemes. By providing a unified specification, Microsoft and Wong hope to simplify industry adoption of effective e-mail authentication technology, thereby helping to more swiftly provide greater spam protection to e mail users worldwide. Caller ID and SPF aim to prevent spoofing by confirming what domain a message came from and thereby increase the effectiveness of spam filters. Under the merged proposal, organizations will publish information about their outgoing e-mail servers, such as IP addresses, in the Domain Name System (DNS) using the industry-standard XML format. Backward compatibility will be provided for the many domains that have already published information in the SPF TXT format. A formal specification will be published in June and submitted to the Internet Engineering Task Force (IETF) standards body for evaluation and review, as part of its work to define effective industry Internet e-mail standards to address the problem of spam. Further information may be found at http://www.microsoft.com/presspass/press/2004/may04/05-25SPFCallerIDPR.asp

On May 18th, the Anti-Phishing Working Group (APWP) published a report indicating a surge in the number of phishing e-mail proliferating on the Internet. The APWG received reports of more than 1,100 unique phishing campaigns in April, a 178% increase over the previous month. Phishing scams attempt to capture personal information from Internet users with a combination of unsolicited commercial e-mail messages and Web sites designed to look like legitimate online businesses. Financial services and retail companies were especially hard hit. Citibank alone was the target of 475 unique phishing scams in April. PayPal Inc. and eBay, Inc. were also the victims of numerous phishing schemes. A copy of the report may be found at http://www.antiphishing.org/APWG_Phishing_Attack_Report-Apr2004.pdf

On May 24th, Toysrus.com filed a lawsuit against Amazon.com in New Jersey, charging that Amazon.com violated the toy seller’s exclusive rights to sell toys, games and baby products on Amazon’s website. Toysrus.com says these exclusive rights extend to 2010 and that, when it made the deal in 2000, it stopped selling products on its own site to move to Amazon.com. As of May 17th, there were allegedly more than 4,000 products in exclusive categories being offered through competitive retailers on Amazon.com, violating the agreement. Toysrus.com wants a court to declare that Amazon violated the terms of the agreement, and it seeks monetary damages in the amount of $200 million. It also wants toys and games excluded from a new "retail auction" platform it says Amazon is planning to launch. Further information may be found at http://www.ecommercetimes.com/story/33993.html

On May 24th, the 9th U.S. Circuit Court of Appeals denied Microsoft's appeal that the term "windows" be considered only as it is understood by the public today, not as it was when the company's Windows was introduced in 1985, as the company's trademark litigation against Lindows continues. The case has been sent back for trial to Judge John Coughenour of the U.S. District Court in Seattle, who issued the order that Microsoft Corp. was appealing. Further information and a link to the Ninth Circuit’s order may be found at http://www.linspire.com/lindows_news_pressreleases_archives.php?id=130

On May 21st, a New York federal judge sided with palmOne Inc. in its longstanding patent infringement litigation with Xerox Corp, ruling that Xerox’s handwriting recognition patent is invalid. Xerox has said it will appeal. PalmOne uses "Grafitti" and Xerox uses "Unistrokes," software that permits users to enter data by writing alphabet-like symbols on their screen. Judge Michael Telesca of the U.S. District Court of the Western District of New York in Rochester, where much of Xerox's operations are located, ruled that the technology in Xerox's patent had been previously invented by someone else, and ruled it invalid. Further information may be found at http://pressroom.palmone.com/investorrelations/PubNewsStory.aspx?partner=5150&am p;storyId=114652

On May 24th, a report issued by the Pew Internet & American Life Project concluded that people want more than one way to interact with government. Though citizens are taking advantage of e-government, they want more than one way to get in touch with government. Some 97 million American adults, 77% of Internet users, took advantage of e-government last year through government Web portals or e-mail. That's a 50% growth rate from 2002. But the report indicates that citizens are still more likely to turn to traditional means, phone calls or in-person visits, than the Web to interact with government. The report, entitled How Americans Get In Touch With Government, surveyed Americans last summer on how they deal with government, what methods they use, and how e-government compares with traditional methods such as the telephone or letters as a tool for citizens engaging public agencies. The report was based on a random telephone survey conducted by Princeton Survey Research Associates of 2,925 Americans age 18 and over. The Pew Internet and American Life Project is a nonprofit, nonpartisan research organization funded by the Pew Charitable Trusts to explore the social impact of the Internet. A copy of the report may be found at http://www.pewinternet.org/reports/pdfs/PIP_E-Gov_Report_0504.pdf

On April 28th, the U.S. District Court for the District of Maryland dismissed an employment suit against Canadian multinational BCE on jurisdictional grounds. The court ruled that the company had no ties to the state and that its web presence was insufficient to allow it to assert either general or specific jurisdiction over the company. The opinion in Fleetwood v. BCE may be found at http://www.mdd.uscourts.gov/Opinions152/Opinions/03_2125_Fleetwood_Memorandum.pd f

On May 6th, the Utah Court of Appeals upheld the dismissal of a class action suit against Sprint Communications claiming violation of the state anti-spam law. The case turned on whether the plaintiff had a pre-existing relationship with the e-mail sender. Because the plaintiff had originally opted in to receive e-mail from a company that advertised Sprint’s long distance telephone service, the court found that the e-mail he received was not unsolicited as defined by Utah law, even though he later opted out. The decision in Gillman v. Sprint may be found at http://www.utcourts.gov/opinions/appopin/gillman050604.htm

On May 3rd, the Connecticut Supreme Court issued a ruling setting guidelines for the admissibility of computer-generated evidence at trial. The murder case appeal involved questions concerning the admissibility of computer-enhanced digital photographs which showed that the bite marks on the victim’s breast matched an overlay of a mold of the defendant’s teeth. Many states distinguish between "computer animations," which simply present evidence using a computer and "computer simulations," which take pieces of evidence and analyze them to determine how they fit together. The court found that the difference in this case between presenting evidence and creating evidence was blurred, thus it ruled the evidence inadmissible. Nonetheless, the court upheld the murder conviction, finding that the admission of the evidence was harmless error. The decision in State v. Swinton may be found at http://www.jud.state.ct.us/external/supapp/Cases/AROcr/CR268/268cr60.pdf

On April 29th, New York State Attorney General Eliot Spitzer announced that online book retailer Barnesandnoble.com had agreed to pay $60,000 and boost Internet security after a flaw that exposed the personal information of some shoppers. The agreement stems from an investigation that found that a design flaw in the New York-based company's Web site granted access to customer information such as name, billing address and account information but not credit card numbers. The problem stemmed from Barnesandnoble.com's use of "cookie-less" shopping, which sometimes inadvertently caused a consumer's information to be posted or forwarded to third parties. Further information may be found at http://www.oag.state.ny.us/press/2004/apr/apr29a_04.html