DOJ SEEKS NEW ANTIPIRACY POWERS

On October 12th, the U.S. Department of Justice (DOJ) released an extensive report recommending transformation of intellectual property laws, calling peer to peer piracy a widespread problem that will require more spending, more FBI agents and more power for prosecutors. The report endorses two controversial copyright bills strongly favored by the entertainment industry that would criminalize "passive sharing" on file-swapping networks and permit lawsuits against companies that sell products that "induce" copyright infringement. The report asks Congress to introduce legislation that would permit wiretaps to be used in investigating serious intellectual-property offenses and that would create a new crime of the "importation" of pirated products. It also suggests stationing FBI agents and prosecutors in Hong Kong and Budapest, Hungary, to aid local officials and "develop training programs on intellectual-property enforcement." The report may be found at http://www.cybercrime.gov/IPTaskForceReport.pdf

The nation’s first felony spam trial began on October 25th in state court in Loudoun, Virginia. Jeremy Jaynes, Richard Rutowski and Jessica DeGroot are accused of sending thousands of spam e-mails through false return e-mail addresses and false Internet routing information in 2003. Jaynes, once rated one of the top 10 spammers by watchdog group Spamhaus Project, worked with his sister, DeGroot, and an accomplice, Rutowski, the criminal complaint alleges. All three face up to 15 years in jail and fines of up to $10,000. All three have pleaded not guilty. Virginia officials are pressing their case because several Internet service providers, including America Online, have e-mail servers in the state. About 80% of Internet traffic flows through Virginia. Further information may be found at http://www.usatoday.com/tech/news/2004-10-25-spam_x.htm

America Online filed a federal lawsut on October 27th accusing various John Doe defendants of violating federal and state laws by sending bulk unsolicited messages known as "spim" to instant message accounts and Internet chat rooms. The suit was filed in the U.S. District Court for the Eastern District of Virginia, and marked the first time AOL had targeted spim in a legal action. Further information may be found at http://www.newsfactor.com/story.xhtml?story_title=AOL-Takes-Spimmers-and-Spammer s-to-Court&story_id=27987

It was reported by The Washington Post on October 27th that the Bush-Cheney reelection campaign has barred people outside the United States from viewing its website following an electronic attack that took down the campaign's Internet address for six hours in the preceding week, according to computer security experts. Since midnight on October 25th, no one outside the United States except people in Canada could view the site. Internet users from other countries instead see a white page featuring the message: "Access denied: You don't have permission to access www.georgewbush.com on this server." The Bush campaign reportedly did not return repeated calls for comment. Also on October 25th, the Bush campaign hired Akamai Technologies Inc. to manage its web data. Akamai has more than 1,000 clients, including Microsoft, Yahoo and Federal Express. Akamai stores Web content on thousands of Internet servers around the world, a tactic experts say makes its customers' sites more resistant to disruption from electronic attacks. The Bush/Cheney web site may be viewed (though apparently not if you are outside of the U.S. or Canada) at http://www.georgewbush.com/

SUPREME COURT DECLINES TO HEAR RIAA APPEAL

On October 12th, the Supreme Court declined to consider an appellate court decision holding that the Recording Industry Association of America (RIAA) must file a formal lawsuit before it can get Internet Service Providers to turn over the names of customers suspected of sharing copyrighted songs over peer-to-peer networks. As a consequence of that decision, the RIAA must file "John Doe" lawsuits to get the customer names. The Supreme Court rejected the appeal by the recording industry without any comment. The denial may be found at http://supct.law.cornell.edu/supct/html/101204.ZOR.html

On October 14th, the Federal Communications Commission (FCC) approved nationwide deployment of new technology that carries high-speed Internet connections over electric power lines. "Broadband-over-powerline" allows subscribers to connect to the Internet by plugging a modem into a conventional electrical outlet. Supporters said it could become a major alternative to cable modem and phone connections if FCC approval helps it attract investment and the participation of major utility companies. The FCC had limited the new technology to pilot projects while it studied the concerns of critics, including amateur radio operators who said it could interfere with their signals. The FCC unanimously approved wider use of the technology after finding that the interference was manageable. It also set rules for monitoring interference. Further information may be found at http://www.contracostatimes.com/mld/cctimes/9926264.htm?1c

On October 5th, the U.S. House of Representatives voted 399-1 to approve legislation that prohibits "taking control" of a computer, surreptitiously modifying a Web browser’s home page or disabling antivirus software without authorization. The Spy Act would also create a complicated set of rules governing software capable of transmitting information across the Internet. It would give the Federal Trade Commission authority to police violations of the law and to levy fines of up to $3 million in the most pernicious cases. A similar bill is pending in the Senate. The text of the Act may be found by entering the bill number (H.R. 2929) at http://thomas.loc.gov/

On October 8th, major movie studios and record labels asked the U.S. Supreme Court to overturn the Grokster decision, which had absolved peer-to-peer networks of responsibility when their users download copyrighted material without permission. In August, a federal appeals court upheld an April 2003 U.S. District Court decision that these services should not be held liable for the illegal behavior of their users. The petition filed with the Supreme Court charges that lower courts erred in letting peer-to-peer networks profit from copyright infringement. According to the petition, peer-to-peer networks "inflict massive and irreparable harm" upon the entertainment industry, with more than 2.6 billion infringing music files and 400,000 to 600,000 illegal copies of movies downloaded every month. They went on to argue that the industry stands to lose billions more as Internet bandwidth and computing power increases. The petition may be found at http://www.eff.org/IP/P2P/MGM_v_Grokster/20041008_Grokster_final_petition.pdf

On October 8th, the Department of Homeland Security announced that Amit Yoran, director of the National Cyber Security Division of the Department of Homeland Security, had resigned a little more than a year after joining the agency. Yoran was responsible for carrying out most of the initiatives outlined in the Bush Administration's National Strategy to Secure Cyberspace. Yoran said he resigned because he had completed what he set out to do and felt it was time to move on. Further information may be found at http://federaltimes.com/index.php?S=416205

On October 12th, the Federal Trade Commission (FTC) announced that it had filed the nation’s first case against software companies accused of infecting computers with spyware and then trying to sell them the solution. The FTC is seeking an injunction to get the companies, owned by the same person, to stop, and to offer restitution to consumers. The FTC requested and got a temporary restraining order from the U.S. District Court for the District of New Hampshire against Seismic Entertainment Productions, Smartbot.Net and Sanford Wallace. The FTC said the companies secretly installed the software on computers, causing systems to be overwhelmed by pop-up advertisements, and then sent them messages saying they needed to buy "Spy Wiper" or "Spy Deleter" for $30. The FTC alleges the defendants have unfairly changed consumers' Web browsers, installed advertising and other software programs, and compelled purchase of anti-spyware software. The temporary restraining order in the case states that "the defendants are hereby required to remove, within 24 hours, from any Web site, bulletin board, or Internet server controlled by defendants any software script that exploits Web browser security vulnerabilities." The complaint in FTC v. Seismic Entertainment Productions et al may be found at http://www.ftc.gov/os/caselist/0423142/0423142.htm

It was reported on October 1st that the United States Patent and Trademark Office (PTO) had preliminarily rejected Microsoft’s file allocation table (FAT) patent as being unpatentable, citing the existence of prior art. The PTO said of the technologies comprising FAT: "It would have been obvious to one having ordinary skill in the art at the time." The PTO reviewed the patent after the non-profit legal group Public Patent Foundation (PUBPAT) asked for the review in April, concerned about the implications for competitors if Microsoft's patent was upheld and it decided to go after royalties. The FAT provides a means of storing and retrieving files that are often scattered across a disk and held in different sizes. The FAT file system is a ubiquitous format used to exchange media, like MP3s and picture files, between Windows-based PCs and non-Windows PCs, like MP3 players or camera phones. Last November, Microsoft released FAT under a commercially reasonable, non-exclusive license charging licensees $0.25 per unit up to a limit of $250,000. Microsoft said it has 90 days in which to respond to the PTO. Further information may be found at http://www.cbronline.com/article_news.asp?guid=19024272-2626-4698-B224-1D623A273 64D

On September 27th, a California man pleaded guilty to spamming people through unsecured hot spots, the first such conviction under the Can-Spam Act. Nicholas Tombros admitted that he had driven around Venice, California last year in search of unprotected wireless hot spots and that he had used them to distribute unsolicited mail that advertised pornographic websites. Tombros pled guilty to unauthorized access to a computer to distribute multiple commercial spam messages. He is scheduled to be sentenced on December 6th and faces a maximum penalty of three years in prison. Further information may be found at http://news.com.com/2100-7351_3-5390722.html

Florida officials conceded that private information about nearly 4,000 abused and neglected children was available online from April or May until the end of September. The information included the children’s names, birthdays, social security numbers, photographs, case histories and even directions to their foster homes. The files were on the website of Kids Central, a privately run children's agency. Further information may be found at http://www.informationweek.com/story/showArticle.jhtml?articleID=48800362

On October 4th, it was announced that the Coral Consortium had been formed with the hope of creating a common antipiracy language and unifying copy-proofing technologies. The Consortium includes Hewlett-Packard, Matsushita Electric Industrial, Philips Electronics, Samsung Electronics, Sony and Twentieth Century Fox, along with digital rights management (DRM) company InterTrust Technologies. The problem the group is tackling is the one familiar to anyone who owns Apple Computer's iPod music player and has been unable to play music purchased from an online music store operated by Napster, Microsoft or another Apple rival. DRM software that protects content such as music, movies and video games is proprietary, and many different companies now produce incompatible varieties. Participants say Coral will establish a set of technology specifications that will let different kinds of copy protection be translated into other varieties. Further information may be found at http://www.theregister.com/2004/10/12/coral_consortium_drm/

The State Department says it is moving closer to the day when U.S. passports will be read remotely at borders around the world, thanks to embedded chips that will broadcast on command an individual's name, address and digital photo to a computerized reader. The State Department hopes the addition of the chips, which employ radio frequency identification, or RFID technology, will make passports more secure and harder to forge. Opponents of the concept say the chips are actually a boon to identity thieves, stalkers and commercial data collectors, since anyone with the proper reader can download a person's biographical information and photo from several feet away. Four companies have received contracts from the government to deliver prototype chips and readers for evaluation. Diplomats and State Department employees will be issued the new passports as early as January, while other citizens applying for new passports will get the new version starting in the spring. Countries around the world are also in the process of including the tags in their passports, in part due to U.S. government requirements that some nations must add biometric identification in order for their citizens to visit without a visa. Current passports will remain valid until they expire.While none of the information on the chip is encrypted, the chip does also broadcast a digital signature that verifies the chip itself was created by the government. Security experts have said the U.S. government decided not to encrypt the data because of the risks involved in sharing the method of decryption with other countries. Further information may be found at http://news.zdnet.com/2100-3513_22-5425314.html

On October 18th, the American Society of Composers, Authors and Publishers (ASCAP) announced that it had reached a $1.7 billion deal with the Radio Music License Committee (RMLC) to let radio stations legally stream their on-air content over the Internet. RMLC says that the agreement allows its 12,000 member stations to program ASCAP-regulated music online simultaneously with their on-air signals. The two industry groups said the agreement is the largest licensing deal in the history of American radio. The agreement includes retroactive licensing fees for the years 2001 to 2003 and establishes a new guideline to be followed from 2004 until 2009. U.S. District Court Judge William C. Conner approved the agreement on October 15th. ASCAP’s press release may be found at http://www.ascap.com/press/2004/rmlc_101804.html

In a speech given on October 19th, Federal Communications Commission (FCC) Chairman Michael Powell said that he would seek broad regulatory authority for the federal government over Internet-based telephone services to avoid stifling the emerging market. Powell argued that letting states regulate Voice over Internet Protocol (VoIP) services would lead to a patchwork of conflicting rules like those that have ensnarled the traditional phone business for decades. After his speech, Powell told reporters he expected to introduce a proposal to the full FCC in less than a month, and certainly before a new Congress begins its session in January. Powell reiterated his belief in minimal regulation of VoIP services and said questions of its taxation and connectivity to 911 emergency assistance are best left to the federal government because the technology erodes geographic barriers. The text of the Chairman’s remarks may be found at http://hraunfoss.fcc.gov/edocs_public/attachmatch/DOC-253325A1.doc

On October 20th, McAfee announced that it had been awarded a patent to detect malicious software. U.S. patent 6,775,780, "Detecting Malicious Software By Analyzing Patterns Of System Calls Generated During Emulation," covers a broad array of programs and situations. Software emulation is a process that occurs within an insulated environment, usually within a computer system. The emulated environment allows the application to be tested for malicious behavior without much risk of harm to the computer system as a whole. According to the abstract filed with the U.S. Patent and Trademark office, the system may also compare the pattern of system calls against a suspect patterns database. Upon completing the comparison, the system will be able to determine whether malicious behavior is likely to be exhibited by the software. McAfee’s press release may be found at http://www.mcafeesecurity.com/us/about/press/corporate/2004/20041020_085856.htm

America Online and the nonprofit National Cyber Security Alliance released a study of online safety in October. The report concludes that most home computers are infected with spyware, malware and viruses unbeknownst to their users. For the study, researchers conducted in-person interviews and technicians were sent to review the PCs of 329 Internet customers, 194 broadband users and 135 dial-up users, in 12 states from September 15th to October 8th. Of those surveyed, 77 percent said they thought their computer was very or somewhat safe from threats, with 73 percent saying the same for viruses. Three in five said they feel very or somewhat safe from hackers. At the same time, 67 percent of those surveyed had outdated anti-virus software, with 15 percent lacking any anti-virus software at all. The study also found that 80 percent of the PC users had spyware or adware on their systems, with most not even knowing the software had been installed. Sixty-seven percent didn't have firewall protection, with half of the broadband users surfing the Net firewall-free. The study may be found at http://www.staysafeonline.info/news/safety_study_v04.pdf

On October 25th, the Recording Industry Association of America announced that it had reached a $10 million settlement with a Spanish company that briefly offered MP3s online for pennies per song. According to the RIAA, four people associated with Puretunes.com, which operated only briefly in mid-2003, collectively agreed to pay $500,000 in damages, while the holding company responsible for the Web site's operations will be responsible for $10 million. The RIAA’s press release regarding the settlement may be found at http://www.riaa.com/news/newsletter/102504.asp

On October 27th, the Internet Corporation for Assigned Names and Numbers (ICANN) announced that it had given preliminary approval for two more top level domain names: ".post" and ".travel." They may be available as early as next year. ICANN is still considering eight other domain name proposals, including ".asia," ".jobs," and ".xxx." ICANN said the decision on the two approved names had less to do with relative merit and was primarily based on the level of technical and commercial details their sponsors were able to quickly provide. Negotiations will now begin on creating and running the domain names. The process could take months, though officials warned that there was no guarantee the domains would ultimately be accepted. There are currently about 250 domain names, mostly for specific countries. The two names preliminarily approved are different from most existing names because they would be set aside for specific industries and interest groups. Applicants paid $45,000 apiece earlier this year to have their proposals considered. Further information may be found at http://www.icann.org/announcements/announcement-27oct04.htm

On September 30th, the U.S. District Court for the Northern District of California ruled that e-voting company Diebold Election Systems misused the Digital Millennium Copyright Act and ordered it to pay damages and fees. The judge found that the company knowingly misrepresented that students had infringed the company's copyright and ordered the company to pay damages and fees to two students and a nonprofit Internet service provider, Online Policy Group. The decision in Online Policy Group v. Diebold may be found at http://www.lessig.org/blog/archives/diebold.pdf

On October 5th, the First Circuit Court of Appeals decided to rehear arguments in the Councilman case, a decision that could have a profound effect on e-mail privacy. The lower court’s ruling cleared Bradford Councilman, formerly vice president of the online bookseller Interloc, of federal wiretapping charges. The panel's majority concluded that because the interception happened when the messages were stored on a hard drive - even temporarily - rather than in transit, Councilman did not violate the Wiretap Act. The panel said that federal law might be out of step with the times, but left the remedy to Congress. The original panel decision has been withdrawn pending the First Circuit's rehearing of the case, which will occur on December 8th. The court’s order in U.S. v. Councilman may be found at http://www.ca1.uscourts.gov/cgi-bin/getopn.pl?OPINION=03-1383ORD.01A

The non-profit Internet Education Foundation and Dell have combined forces to launch a campaign to help educate consumers about spyware and assist them in removing spyware from their computing systems. The Consumer Spyware Initiative (CSI) is a public awareness campaign sponsored by IEF and Dell. Its objective is to reach at least 63 million Internet users over the next year. Elements of CSI include links to several spyware troubleshooting tool kits for consumers on IEF's GetNetWise Web site (www.getnetwise.org), direct communication with millions of Dell U.S. consumer customers via e-mail and dell.com and an effort to recruit additional technology companies and industry associations to distribute GetNetWise education materials to their customers and members. Further information may be found at http://www1.us.dell.com/content/topics/global.aspx/corp/pressoffice/en/2004/2004 _10_15_dc_000?c=us&l=en&s=corp