COURT STRIKES DOWN PART OF PATRIOT ACT

On September 28th, the United States District Court for the Southern District of New York issued a ruling in Doe v. Ashcroft, finding that section 505 of the Patriot Act is unconstitutional. U.S. District Judge Victor Marrero ruled in favor of the ACLU, which challenged the power the FBI has to demand confidential financial records from companies as part of terrorism investigations. The court also struck down parts of the Patriot Act requiring Internet and telephone companies to surrender customer records sought in terrorism investigations and permanently barring notice to clients that their data was given to the authorities. Marrero held that this permanent ban was a violation of free-speech rights. In his ruling, Marrero prohibited the Department of Justice and the FBI from issuing special administrative subpoenas, also known as national security letters. But he delayed enforcement of his judgment pending an appeal expected to be filed by the government. The Department of Justice said it was reviewing the ruling.The decision in Doe v. Ashcroft may be found at http://www.nysd.uscourts.gov/rulings/04CV2614_Opinion_092904.pdf

Progressive Corp., an auto insurance company, is debuting a program under which drivers will receive a discount of up to 25% on their auto insurance if they agree to have an electronic monitor installed in their vehicle. The monitor tracks driving time and behavior. If you have a heavy foot or frequently brake suddenly, this information would be transmitted to the insurer. Ohio-based Progressive plans to expand its TripSense pilot program to 5,000 Minnesota customers. Progressive says it will use the data only for potential discounts and not to penalize customers whose devices reveal risky driving habits. Use of the device is not mandatory to receive insurance. The American Civil Liberties Union in Minnesota has expressed concern that, if Progressive successfully obtains market share with this program, it will be copied by other insurance companies who may then demand that drivers surrender their privacy if they wish to get preferred rates or who may deny coverage altogether. Many automakers already install so-called black boxes that record information for investigations into a crash or malfunction, although the data is not routinely transmitted. Further information may be found at http://www.cumberlink.com/articles/2004/09/08/editorial/editorial/daily01.txt

On August 27th, VeriSign Inc. re-filed its lawsuit against the Internet Corporation for Assigned Names and Numbers, the organization the company claims goes beyond its powers by regulating VeriSign's domain name business. The company filed the complaint in the Superior Court of the State of California in Los Angeles, claiming breach of contract and asking the court to rule that ICANN should stay out of its business. VeriSign complains that the contracts it has with ICANN to run the .com and .net registries do not allow ICANN to regulate new domain name services such as the controversial Site Finder service that VeriSign wishes to offer. The suit requests a declaratory judgment. Gone from the complaint are all the antitrust conspiracy theories, which seemed far-fetched to many critics, and were viewed as VeriSign’s attempt to have its case heard in federal court. Having had the case thrown out by a federal judge, VeriSign was forced to refile in state court. Further information may be found at http://www.internetnews.com/ec-news/article.php/3402031

Prolific offenders and pedophiles are now monitored in some parts of England by satellite. Under a pilot program, criminals in Greater Manchester, West Midlands and Hampshire will be outfitted with an electronic device that can be tracked by satellite around the clock. A control station that records the location of the offender to within a few meters will monitor the device. If the offender enters an area they are excluded from, the police are alerted. The system will also be used to prevent sex offenders from going to playgrounds and schools and to stop people convicted of domestic violence from approaching their victims. Offenders will be required to wear the device as part of a community sentence, or as a condition of their release from prison. If the technology works, the Home Office will massively expand it in England and Wales. Home Secretary David Blunkett has dubbed the program "a prison without bars." Advocates say the tagging systems will allow families to stay together, a key to rehabilitation. Further information may be found at http://news.bbc.co.uk/2/hi/uk_news/3620024.stm

On September 2nd, the Center for Democracy and Technology (CDT) and various other groups filed a brief in support of the Department of Justice’s appeal of the First Circuit’s U.S. v. Councilman decision. The U.S. Department of Justice (DOJ) has asked a full appeals court to review the controversial ruling, which holds that an e-mail provider did not violate federal wiretapping laws by allegedly reading messages meant for customers. In a highly unusual move, civil liberties groups banded together to join the government's request to the full 1st Circuit Court of Appeals to revisit a three-judge panel's decision in June. The decision cleared Bradford Councilman, formerly vice president of the online bookseller Interloc, of federal wiretapping charges. The panel's majority concluded that because the interception happened when the messages were stored on a hard drive - even temporarily - rather than in transit, Councilman did not violate the Wiretap Act. The panel said that federal law might be out of step with the times, but left the remedy to Congress. The DOJ’s brief argues that "Internet service providers would be free to access the private e-mail of their customers without criminal liability and criminals and corporate spies could monitor private e-mail without violating the Wiretap Act." The brief further warns that "under the rule adopted by the panel, digital phone calls could be captured without violating the Wiretap Act." The CDT’s brief says, "The panel's approach guts privacy protections. It would allow federal, state or local law enforcement agents to install monitoring devices that impose the functional equivalent of a wiretap without needing to satisfy the Wiretap Act." The CDT’s brief in this case may be found at http://www.cdt.org/wiretap/20040902cdt.pdf

Adware company Claria (formerly known as GATOR) quietly settled suits brought by Wells Fargo, Quicken Loans and other online businesses, which charged that its delivery of pop-up ads violated their trademarks. Previously, it also settled suits with UPS, Hertz, L.L. Bean, Tiger Direct and Six Continents. Terms of the settlements were not disclosed. Claria still faces a lawsuit from retail florist Teleflora, which filed its case in April 2004. Claria has appealed the court to have the case considered individually as opposed to being part of the consolidated case. The settlements leave in doubt the legality of Claria’s business model. Its advertising software piggybacks on free downloads such as peer-to-peer application Kazaa, supporting them by delivering targeted ads to users when they use search engines or visit particular sites, sometimes using trademarks or competitor’s names to trigger delivery. Further information may be found at http://news.com.com/2100-1024-5333003.html

On August 25th, in an unpublished decision, Judge Leonie Brinkema of the U.S. District Court for the Eastern District of Virginia ruled that insurance company Geico can sue Google and Overture Services for allegedly selling ads linked to Geico’s trademarks. The ruling said "that plaintiffs have alleged facts sufficient to support their claims that advertisers make a 'trademark use' of Geico's marks and that defendants may be liable for such trademark use." The judge did grant Google and Overture's motions to dismiss claims of tortious interference and statutory business conspiracy. Further information may be found at http://www.pcworld.com/news/article/0,aid,117686,00.asp

On September 2nd, the U.S. Copyright Office issued its own version of the controversial Induce Act, which attempts to prohibit file swapping services like Kazaa and Morpheus while making legal the legitimate functions of such things as portable hard drives and MP3 players. The original Induce Act received heated criticism for potentially making illegal such products as Apple’s iPod that might "induce" users to commit copyright infringement. A ruling by a federal appeals court in August holding that the Grokster and Morpheus file-swapping networks are legal have left the Recording Industry of America (RIAA) and their allies scrambling to pass legislation that would supercede the appellate court’s ruling. The Copyright Office’s draft says anyone who "intentionally induces" copyright violations can be found liable, with "induce" defined as one or more "affirmative, overt acts that are reasonably expected to cause or persuade another person or persons" to violate copyright law. The Copyright Office’s version of the bill may be found at http://www.corante.com/importance/archives/Copyright_Office_Discussion_Draft_Alt ernative_INDUCE_Act.pdf

On September 1st, an Anne Arundel County judge in Maryland rejected a challenge to the state's touch-screen voting machines, saying they are more accurate than the paper ballots plaintiffs are seeking to make optional for the November elections. Circuit Court Judge Joseph P. Manck called the concern that the electronic machines might be vulnerable to tampering "a very real fear," but he found that Maryland officials had taken all reasonable steps to protect the integrity of the voting process. Last summer, Johns Hopkins University computer scientists reported that hackers could easily crack the computer code. In January, consultants hired by the state announced that they were able to gain control of the system, corrupt vote counts and delete election results. The decision was subsequently upheld by the Maryland Court of Appeals. Further information may be found at http://truevotemd.org/

A new website, Star38.com, now offers subscribers a Web interface to a Caller ID spoofing system that lets users appear to be calling from any number they may choose. Though Caller ID spoofing has been around for a while, this appears to be the first commercial venture based on providing this service. The service charges a twenty-five cent connection fee for each call and seven to fourteen cents per minutes. SecurityFocus says it tested the system and that it worked as advertised. The user fills out a simple Web form with his phone number, the number he wants to call, and the number he wants to appear to be calling from. Within two seconds, the system rings back, and patches the user through to the destination. The recipient sees only the spoofed number displayed on Caller I.D. Any number works, from nonsense phone numbers like "123 4567" to the number for the White House switchboard. Further information may be found at http://www.securityfocus.com/news/9419

On September 6th, the 6th Circuit Court of Appeals ruled that rap artists should pay for every musical sample included in their work, including minor, unrecognizable snippets of music. Lower courts had previously ruled that artists must pay when they sample another artist’s work. However, it has been legal to use musical snippets -a note here, a chord there - so long as it wasn't identifiable. The appellate court said federal laws aimed at stopping piracy of recordings applies to digital sampling. The case at issue is one of at least 800 lawsuits filed in Nashville over lifting snippets of music from older recordings for new music. The case centers on the NWA song "100 Miles and Runnin," which samples a three-note guitar riff from "Get Off Your Ass and Jam" by '70s funk-master George Clinton and Funkadelic. In the two-second sample, the guitar pitch has been lowered, and the copied piece was "looped" and extended to 16 beats. The sample appears five times in the new song. The decision in Bridgeport Music v. Dimension Films may be found at http://pacer.ca6.uscourts.gov/opinions.pdf/04a0297p-06.pdf

On September 10th, U.S. District Judge Jan DuBois found that Pennsylvania Statute 7330 was unconstitutional. The law compels Internet Service Providers (ISPs) to block access to Web sites accused of hosting child pornography. The law allowed the state to impose criminal charges on Internet Service Providers for permitting access to Web sites considered inappropriate. Public-interest groups such as the Center for Democracy and Technology (CDT) and the American Civil Liberties Union had challenged the law a year ago, claiming that it was unconstitutional, since many blocked sites contained no child porn. The judge found little evidence that the law had reduced the production of child pornography but found "an abundance of evidence that implementation of the Act has resulted in massive suppression of speech protected by the First Amendment." The decision may be found at http://www.cdt.org/speech/pennwebblock/20040910memorandum.pdf

On September 1st, U.S. Magistrate Judge Ronald Hedges imposed $566,838 in sanctions against Samsung Electronic Co. and related entities for destroying e-mail in a patent infringement case. In Mosaid Technologies Inc. v. Samsung Electronics Co., Mosaid alleged that Samsung, a Korean electronics company, infringed its patents for dynamic random access memory, or DRAM, chips. Samsung was required to preserve and disclose the e-mails even though Mosaid did not expressly ask for them in its document request, Hedges found. "No reasonable litigant could believe that [Mosaid's definition of "document"] did not include e-mails," he wrote. Samsung pointed to its own explicit discovery request for e-mails, but the judge found that merely "underscores defendants' belief that e-mails were an essential source of evidence." Hedges called the e-mail deletions "breathtaking and absolute spoliation" comprising at the very least "extremely reckless behavior." Hedges denied Mosaid's request to sanction Samsung with a finding of infringement but held that, on top of the monetary sanctions, he would tell the jury it could draw adverse inferences from Samsung's failure to produce the e-mails. Further information may be found at http://www.law.com/jsp/article.jsp?id=1094073288555

On September 7th, the Privacy Rights Clearinghouse, a San Diego-based nonprofit consumer advocacy group, filed a lawsuit alleging that supermarket chain Albertsons and its pharmacy units, SavOn, Osco, and Jewel-Osco, violated the privacy rights of thousands of customers by selling confidential medical information to drug companies, or otherwise sharing such information with them. Albertsons denies the charges. A number of leading pharmaceutical companies are also named in the lawsuit, initially as "Doe Defendants." These alleged "aiders and abettors" include Allergan, Aventis, AstraZeneca, Bristol-Meyers Squibb, Eli Lilly, Galderma, GlaxoSmithKline, Merck, Novartis, Otsuka America Pharmaceuticals, Pfizer, Proctor & Gamble, Schering Plough, TAP Pharmaceutical Products, Teva Pharmaceutical, and Wyeth. The suit charges that Albertsons violated California's Confidentiality of Medical Information Act, which prohibits pharmacies from selling, sharing, or otherwise using any medical information for any purpose, according to the plaintiff. The complaint in the case may be found at http://www.privacyrights.org/ar/PharmComplaint.htm

On September 16th, the Federal Trade Commission (FTC) issued a report exploring whether bounties might aid in the enforcement of the Can-Spam Act. The report is cautious about the notion of using the public as spam fighters. The major hurdles cited are locating the spammer, gathering evidence that will stand up in court, and implementing a reward program that offers enough money to justify the risks involved without creating burdensome administrative costs. If those obstacles can be overcome, the FTC offers its endorsement of the concept. Insiders are most likely to be able to identify spam senders, making it important to set the reward high enough that it is more lucrative than the crime. The FTC’s report may be found at http://www.ftc.gov/reports/rewardsys/040916rewardsysrpt.pdf

On September 26th, Swiss authorities reported that they had successfully held the world’s first binding Internet vote in a national referendum. Some 2,723 people in four Geneva suburbs, roughly 22 percent of voters in the region who participated in the referendum, cast their ballots online on issues including naturalization laws, maternity leave and postal reform. It reportedly took officials 13 minutes and 5 seconds to count the contents of the virtual ballot box. All 22,000 citizens of the four suburbs received a card from local authorities giving them the three voting options. The card included a 16-character personal ID code and a 4-character security code that voters scratched to reveal. Voters could use a regular computer to visit a special Web site and type in their personal code to establish a secure connection, after which they received an online ballot form. They then had to type in the security code and their date and place of birth. A single voters' register ensured individuals could vote only once, whether online, by mail or in person. Further information may be found at http://www.technologyreview.com/articles/04/09/ap_092604.asp?trk=nl

San Francisco County Superior Court Judge Paul Alvarado has ordered Microsoft to pay $112.5 million to attorneys who successfully sued the software maker for monopolizing a segment of California's market. The award for fees and costs came in a case in which Microsoft agreed to allocate $1.1 billion for California consumers, after a small San Francisco law firm sued in state court alleging the company inflated prices by monopolizing the pre-installed software market from 1995 to 2001. The agreement provides that anyone who bought a computer in California will get vouchers worth $5 to $29 per Microsoft product. Two-thirds of the unused settlement is earmarked for poor California schools. The attorneys who sued Microsoft had requested $258 million in fees and costs. Judge Alvarado said the attorneys were entitled to about 58 percent of the request. He said some of their legal documents mirrored the federal government's successful monopoly case, and briefs from others who had sued Microsoft in other states. Further information may be found at http://www.informationweek.com/story/showArticle.jhtml?articleID=47900065

The Internet Engineering Task Force (IETF) announced in September that it had closed down the working group that was developing the Sender ID email authentication standard, saying the group has been unable to reach consensus on key issues in the time allowed. This action is believed to have occurred in part because of Microsoft Corp's disclosure that it had applied for a patent on parts of Sender ID and would require implementers to take out a free license before deploying the specifications. From the beginning, members of the group had fundamental disagreements on the nature of the record to be provided and the mechanism by which it would be checked. Microsoft’s patent claims provided a further level of complication. America Online withdrew its support from the standard as a result of the patent claims. Further information may be found at http://www.cbronline.com/article_news.asp?guid=D54118D5-D2BA-4343-9EE4-C81AA9768 A70

On September 22nd, the Motion Picture Association of America (MPAA) announced that it had sued a company that sells Internet downloads of current movies like "I, Robot" and "Spider-Man 2" without permission. The suit alleges that Click Enterprises, through a series of Web sites, tricked consumers into believing they were paying for legal versions of movies when in fact those movies are not legally available in download form. One of the Web sites identified by the MPAA, downloadmuch.com, offers unlimited access to a long list of movies and video games for $24.95 per year. Further information may be found at http://www.reuters.com/newsArticle.jhtml;?storyID=6309048

On September 28th, Amazon.com and Microsoft announced the filing of several lawsuits against phishers and spammers who targeted consumers by spoofing Amazon.com's domain name and perpetrating phishing scams with spoofed Amazon.com Web sites. The two companies have teamed up in an attempt to eliminate e-mail scams that affect Internet users worldwide including customers of both companies. They are working together to identify the perpetrators as well as testing possible technical solutions that would make it more difficult to deliver fraudulent and deceptive e-mail to consumers. Amazon.com and Microsoft filed a joint federal lawsuit against a Canadian spamming operation allegedly responsible for sending millions of deceptive e-mail messages, including e-mail forgeries falsely purporting to have come from Amazon.com, Hotmail.com and other domains. The suit, filed in the U.S. District Court in Seattle, alleges that Gold Disk Canada Inc., located in Kitchener, Ontario, along with co-defendants including Barry Head and his two sons, Eric and Matthew, mounted illegal and deceptive spamming campaigns that have misused Microsoft's MSN® Hotmail® services and forged the name of Amazon.com. Further information may be found at http://www.microsoft.com/presspass/press/2004/sep04/09-28MSAmazonPhishPR.asp

On September 17th, the U.S. District Court for the Southern District of New York held that two companies and their principals committed unfair trade practices by billing unsuspecting telephone subscribers for access to pornographic Web sites that they never used. Southern District Judge Lewis A. Kaplan ordered two Bahamian corporations and two executives who he said are "at large" to pay the Federal Trade Commission (FTC) almost $18 million for the false billings and for making false or deceptive statements to telephone subscribers who called to complain about charges wrongly billed to them. The defendants were Verity International Ltd. and Automatic Communications Ltd., and the founders and former principals of both companies, Robert Green and Marilyn Shein. The case name is Federal Trade Commission v. Verity International Ltd. The decision allows the FTC to seek an order to release funds the court froze when the FTC filed its case in October 2000, with the potential to reimburse consumers for their losses. Further information may be found at http://www.ftc.gov/opa/2004/09/verity.htm

On September 22nd, Microsoft announced that it had filed nine lawsuits against individuals and companies for allegedly spamming. The suits, all filed in the last month, include eight against individuals alleged to be behind spam campaigns that offered e-mail users a variety of products including generic online drugs, tee-shirts, software, pornography and dating services. The ninth lawsuit is against a Web hosting company that catered to the spammer community by claiming to be "bulletproof," or incapable of being shut down. Microsoft filed suit against Levon Gillespie, who is described as a principal of "bulletproof" Web hosting company cheapbphosting.com, as well as various John Doe defendants who allegedly use Gillespie's services. Further information may be found at http://www.pcworld.com/news/article/0,aid,117903,00.asp

On September 1st, the 8th Circuit Court of Appeals ruled that Bill Purdy, an anti-abortion activist, violated trademark law by registering a slew of domain names, including drinkcoke.org, mycoca-cola.com, mymcdonalds.com, mypepsi.org, and my-washingtonpost.com. Purdy purchased those and other domains, and used them to point visitors to pro-life commentary and depictions of aborted and dismembered fetuses. The decision in Coca-Cola v. Purdy may be found at http://caselaw.findlaw.com/data2/circs/8th/022894P.pdf

On September 28th, the U.S. House passed the Piracy Deterrence and Education Act. The legislation would make it easier for the Justice Department to prosecute Internet users who file share more than 1,000 copyrighted files. The bill also provides that using video cameras to record films in movie theaters would become a federal crime punishable by up to three years in prison. The text of the Act may be found by entering the bill number (H.R. 4077) at http://thomas.loc.gov/

On September 28th, California Governor Arnold Schwarzenegger signed into law an anti-spyware bill that seeks to protect consumers from harmful software that is deceptively or surreptitiously installed on their computers. The Consumer Protection Against Computer Spyware Act makes it illegal for anyone to install software on someone else's computer and use it to deceptively modify settings, including a user's home page, default search page or bookmarks and outlaws the collection, through intentionally deceptive means, of personal information through keystroke-logging, tracking Web site visits, or extraction of PII (Personally Identifiable Information) from a user's hard drive. Further information may be found at http://www.internetnews.com/xSP/article.php/3415621