COURT UPHOLDS MICROSOFT’S EUROPEAN PENALTIES

On December 22nd, the European Court of First Instance ruled that Microsoft must comply with the penalties imposed by the European Commission in March even as the company's appeal works its way through the system. The Commission ruled in March that Microsoft used its monopoly in operating systems to try to manipulate the markets for media players and work group server operating systems. It ordered the company to offer a version of Windows without its bundled media player and to share more technical detail with rivals. Those orders will now take effect. "The evidence adduced by Microsoft is not sufficient to show that implementation of the remedies imposed by the Commission might cause serious and irreparable damage," the court said in a statement. The company, however, has the right to appeal the decision to the president of the European Court of Justice. Any appeal would have to be lodged within the next two months. Microsoft is working on a special version of Windows, excluding Media Player, for the European market. That product is expected to be available for manufacturers in January and work its way through to resellers by February. Microsoft said the pricing should be the same as that of existing versions of Windows. Microsoft had already covered the monetary portion of the penalties, depositing $600 million in an escrow account. Legal documents in the case may be found at http://www.microsoft.com/presspass/legalnews.asp

On December 16th, the Federal Trade Commission (FTC) issued its final regulations governing what law enforcement authorities will consider spam subject to the terms of the Can-Spam Act. The regulations state that bulk e-mail is commercial if it includes advertising and promotion or if the subject line or beginning of the message would be reasonably considered to be advertising or promotion. The rules are similar to the proposed rules that were published in August. The new rules cover e-mail messages that have both commercial and transactional (such as information about a purchase) or relationship (such as information about a product update) content. The final rules also require companies to clearly label sexually explicit e-mails. Further information may be found at http://www.ftc.gov/opa/2004/12/canspamfrn.htm

On December 15, 2004, the Federal Communications Commission (FCC) voted to examine whether to modify its rule prohibiting the use of cellular telephones on airborne aircraft. At the same time, the FCC says it's making it easier for companies to offer wireless Internet access. The FCC and the Federal Aviation Administration for years have banned mobile-phone use in airplanes on the theory that phone signals can interfere with a plane's navigation system or disrupt mobile-phone service beneath a plane. The FAA, whose regulations trump those of the FCC in the matter, also is studying the effectiveness of the current ban. A decision by the FAA isn’t likely to be made before 2006. Besides conducting its own inquiry into its phone ban, the FCC is asking for public input on the matter. Instructions for commenting on the issue may be found at http://hraunfoss.fcc.gov/edocs_public/attachmatch/DOC-255742A1.doc

A Maryland Circuit Court judge has ruled that the state’s anti-spam law is unconstitutional because it seeks to regulate commerce outside of Maryland’s borders. The decision resulted in the dismissal of a lawsuit against a New York e-mail marketer and effectively overturns Maryland's 2002 Commercial Electronic Mail Act. Maryland's law allows residents who receive e-mail with certain false information to sue for damages. A separate criminal statute enacted in October adds criminal penalties of up to $25,000 and 10 years in prison. The federal CAN SPAM law that took effect in 2004 and does not allow individuals to sue spammers. That law superseded most state laws unless, like Maryland, they specifically addressed deceptive or fraudulent e-mail. Further information may be found at http://www.cnn.com/2004/LAW/12/14/spam.lawsuit.ap/index.html

On December 15th, it was announced that America Online (AOL) had reached a settlement with the Department of Justice (DOJ). Time Warner and AOL agreed to pay the federal government $210 million to settle criminal and civil charges following a long-running probe of questionable accounting and dealmaking that inflated AOL's revenue and profit before and after the company merged with Time Warner. The agreements have been approved by Justice and the enforcement division of the Securities and Exchange Commission, but the proposed SEC agreement still must be reviewed by the commissioners of the agency, who have the right to alter, amend or reject the proposed settlement. Part of the settlement requires AOL to accept a strict new set of controls on the company. AOL is now required to hire a corporate monitor approved by DOJ and to disclose serious wrongdoing discovered internally to the government. The settlement requires AOL to give the Justice Department every letter it receives threatening private litigation against AOL. The agreement also makes the Justice Department a party to normally private communications between AOL and its parent company, media giant Time Warner Inc. The company could be subject to criminal prosecution if it fails to live up to the terms of the agreement. Justice officials filed a criminal complaint against America Online but agreed to defer prosecution for two years and to dismiss the complaint at the end of that period if the company cooperates fully with authorities. However, AOL could be prosecuted as a corporate entity if it commits various crimes in the future. As part of the settlement, the firm waived its right to assert that the statute of limitations had expired. Further information may be found at http://www.usdoj.gov/opa/pr/2004/December/04_crm_790.htm

On December 3rd, the U.S. Court of Appeals for the District of Columbia ruled that a lower court in March didn't give the Interior Department enough of a chance to state its case before ordering the agency to take its websites and e-mail systems offline. Though an expert had shown that hackers could easily tamper with Indian trust funds, there was no evidence that anyone had actually tampered with the accounts. Had the lower court considered evidence that the department had taken steps to improve its computer security, "there would have been no factual basis for disconnecting Interior's IT computer systems from the Internet," Appeals Court Judge Judith Rogers wrote. The appeals court had allowed Interior to stay online temporarily while it considered the case. Internet operations at the agency have been shut down three times since 2001, when a court-appointed investigator found that hackers could easily steal money from a system that allocates royalties to 300,000 Indians for use of their land. The shutdowns are related to a class action lawsuit between the agency and Indians who say that the government lost track of billions of dollars in oil, gas and mineral royalty payments. The decision in the case may be found at http://caselaw.findlaw.com/data2/circs/DC/035262A.pdf

Computer Associates International (CA) has labeled Kazaa the premiere spyware threat on the Internet. Through its PestPatrol research, CA found that Kazaa posed a greater threat than other programs in its top five spyware list because of its widespread popularity. Kazaa claims that its software has been downloaded 214 million times. CA gave Kazaa a high "clot factor," its measure of how much a program slows a machine by adding unnecessary registry entries and directories. Adware program Ezula came in second in the company's top five, beating Adopt.hotbar.com and GameSpy Arcade. CA’s top spyware listings may be found at http://www3.ca.com/securityadvisor/pest/

In early December, German-based Lycos offered visitors a screensaver program that promised to foil spammers by flooding their websites with junk traffic. Tens of thousands signed up for the program. When a computer with the free Lycos screensaver is idle, the program sends junk commands to websites identified by Lycos as spam purveyors. By eating up bandwidth, the sites overload and slow down. Lycos chose its targets by reviewing lists of suspect sites identified by independent spam monitors such as SpamCop. The company said it checks each manually to make sure it genuinely carries products promoted by spam. Lycos said it takes care not to crash spam servers altogether, ensuring that they will never go below 5% bandwidth. On December 3rd, Lycos pulled the controversial program after coming under fire from both security experts and spammers. Lycos Europe drew criticism from some members of the security community over the screensaver, saying that the company is engaging in vigilantism and crossing the line by launching what are essentially DDoS (distributed denial of service) attacks on spammers' sites, even though the intent was to cripple the sites rather than bringing them down entirely. Further information may be found at http://www.infoworld.com/article/04/12/03/HNlycospullsscreensaver_1.html

Short-term "payday" lenders are moving to the Internet in droves, charging annual interest rates as high as 780 percent and automatically debiting late fees and other charges from customer bank accounts. This is the primary conclusion of a report released on November 30th by the Consumer Federation of America (CFA). The CFA notes a plethora of abuses by the lenders, many of whom don’t get licensed in the states in which they operate and fail to comply with state consumer protection laws. Payday loans are small, quick cash loans with high interest rates, designed as an advance against a borrower's next paycheck when the loan is due in full. The high fees, typically $15 to $30 per $100 loaned for two weeks, make the business extremely lucrative. The CFA estimated that there are approximately 22,000 storefront payday loan outlets in the United States generating roughly $40 billion a year in loans and $6 billion in finance charges. One payday marketer cited by the CFA estimated that more than 70 million consumers took out payday loans over the Internet last year. CFA said enforcing state licensing rules is difficult because online payday lenders often change their Web addresses and provide little information on the parent company online. The report found that few payday lenders adequately disclose their finance charges online. Many of the contracts include difficult-to-find clauses that automatically refinance the loan and debit the financing fees directly from a consumer's bank account. The study may be found at http://www.consumerfed.org/Internet_Payday_Lending113004.PDF

It defies belief, but until recently, violent criminals incarcerated in Missouri could play video games that simulate murder, carjacking and the killing of police officers. The superintendent of the Jefferson City Correctional Center, with a gift for understatement, told reporters "We didn’t closely review these." The state’s new maximum-security prison yanked dozens of violent Sony PlayStation 2 games from its recreation center after a reporter noted their content. Inmates had been playing the games for months. The prison even offered one of the most violent games on the market, "Hitman: Contracts," in which players use everything from meat hooks to silencer-equipped pistols to carry out brutal contract killings. Further information may be found at http://www.usatoday.com/tech/news/2004-12-02-mizzou-prison-games_x.htm

On December 6th, the U.S. Bankruptcy Court in San Francisco auctioned off 39 web services patents owned by Commerce One, a bankrupt software company in the process of liquidating its assets. The patents cover a set of key technical protocols known as Web services, a popular method for exchanging business documents over the Internet. The protocols are in wide use today: Microsoft, IBM and other software companies large and small have incorporated them into their programs. The winning bidder was a company called JGR Acquisitions. JGR's business, its owners, its location and its plans for the newly acquired patents all remain mysteries. Although the patents may be too broad to enforce or may be otherwise invalidated if challenged, major industry players are concerned that infringement suits may follow. Some fear that the new owner of the patents will seek royalties for technology that Commerce One had invited the industry to use freely. Further information may be found at http://news.com.com/Web+services+patents+fetch+15.5+million/2100-1038_3-5480341. html

On December 6th, the Federal Trade Commission (FTC) announced that Alyon Technologies had agreed to forgive $17 million in customers’ bills as part of a settlement agreement. In exchange for the forgiven bills, the FTC will stop its investigations of Alyon, which had been accused of illegally billing unknowing customers for a dial-up connection to pornographic Web sites. Also as part of the settlement, the New Jersey-based company will forgive $22 million in bills incurred before June 15, 2003, for customers who dispute the claims. Customers with bills for the same time period who have disputed the claims will be credited. The FTC estimates more than 200,000 customers will be affected. The company also agreed to obtain verifiable consent from customers and to inform customers of their right to dispute charges in future bills. The company must also refrain from installing programs or spyware on customers' computers. The FTC said Alyon billed consumers $4.99 a minute for dial-up Internet connections to adult Web sites. Customers would see a pop-up for the site, hit a button to agree to terms or close the window and Alyon would download a program onto the user's computer. That program would then disconnect users from their own connection and dial a new provider. Subscribers to the phone numbers would then receive bills, regardless of whether they had authorized the purchase or visited the site. Further information may be found at http://www.ftc.gov/opa/2004/12/alyonsettlement.htm

On December 7th, the DVD Copy Control Association (DVD CCA), the group that owns the copy-protection technology contained on DVDs, filed suit in state court in Santa Clara County, California, against a company called Kaleidescape, saying it offers products that illegally make copies of DVDs. Kaleidescape said it has worked closely with the DVD CCA for more than a year, and will fight the suit. Kaleidescape creates expensive consumer electronics networks that upload the full contents of as many as 500 DVDs to a home server, and allow the owner to browse through the movies without later using the DVDs themselves. That's exactly what the copy-protection technology on DVDs, called Content Scramble System (CSS) was meant to prevent, according to the DVD CCA. Further information may be found at http://www.ecommercetimes.com/story/Home-Theater-Maker-Kaleidescape-Hit-with-Cop yright-Suit-38851.html

On December 8th, the Senate passed by voice vote a bill earlier approved by the House of Representatives, containing a package of telecommunications measures. One provision will temporarily ease accounting rules that forced the Federal Communications Commission earlier this year to freeze millions of dollars from the so-called E-Rate program, which is used to subsidize Internet and other communications in schools as well as rural health care programs. Companies that offer long-distance telephone service, like AT&T Corp. and Verizon Communications, fund it. They typically pass on those charges to customers. Further information may be found at http://www.reuters.com/newsArticle.jhtml;?storyID=7035309

TECH FIRMS AND LAW ENFORCEMENT FORM TEAM TO FIGHT PHISHING

On December 8th, Internet companies and law enforcement agencies announced that they would team up to track down online scam artists who pose as banks and other legitimate businesses to secure confidential data, a practice known as "phishing." Businesses will now be able to notify the FBI and other authorities instantly when they see a new phishing attack, highly desirable when pursuing scam artists who close up shop quickly only to emerge somewhere else. Phishing sites are online for an average of 6.4 days before being taken down. The new effort has been dubbed Digital PhishNet. Members include Microsoft, America Online, Lycos, Digital River, VeriSign and Network Solutions. Participating law-enforcement agencies include the FBI, the Federal Trade Commission, the U.S. Secret Service and the U.S. Postal Inspection Service. Further information may be found at http://www.microsoft.com/presspass/press/2004/dec04/12-08DigPhishNetPR.asp

On December 15th, the Anti-Phishing Working Group released a report showing that phishing attacks jumped by 29% in November. The number of phishing sites, or fake Web sites set up to fool victims into handing over personal information, reached 1,518 in November. The total was up almost a third over October and three times the level in September. A total of 51 brands were hijacked by cybercriminals during the month. Financial services were again the most targeted industry, averaging 75 percent of all hijacked brands. ISPs also faced a fair share of scams, accounting for 16 percent, according to the report. The United States remained the top host country for phishing websites, accounting for 27 percent. The report may be found at http://www.antiphishing.org/APWG%20Phishing%20Activity%20Report%20-%20November%2 02004.pdf

On December 14th, the Federal Deposit Insurance Corp. (FDIC) issued a study entitled "Putting an End to Account-Hijacking Identity Theft." The study warned that U.S. banks should use more than a single password to identify online customers to prevent fraud. The study noted, "financial institutions' wider adoption of electronic payment systems, as well as the increasing number of customers using these services, have produced greater opportunities for electronic fraud." The unauthorized use of personal information to break into bank accounts, which regulators refer to as account hijacking, is one of the fastest growing forms of electronic fraud. Almost 2 million Internet users experienced fraud of this type in the 12 months ending in April 2004. The study may be found at http://www.fdic.gov/consumers/consumer/idtheftstudy/index.html

On December 16th, California unveiled a Megan’s Law Internet site containing a database of more than 60,000 sex offenders. The site contains photos, home addresses and other identifying information about those convicted of everything from rape to child molestation. Law enforcement has hailed the site as a powerful new public safety tool. Privacy advocates fear the easy access to detailed information, some of it inaccurate, puts reformed offenders into the spotlight and could lead to vigilantism. The site may be found at http://meganslaw.ca.gov/

On December 17th, Diebold announced that a California court had approved a $2.6 million settlement with the State of California and Alameda County. The state and county had sued Diebold for fraudulent claims about the security of its electronic voting machines. Diebold, whose subsidiary Diebold Election Systems manufactures the voting machines at the heart of the suit, will pay the state $2.6 million, and Alameda County another $100,000. The court ordered that $500,000 of the lump sum be used to help form a voter education and poll worker training program in California, coordinated through the University of California Institute of Governmental Studies. Diebold has also agreed to certain technology and reporting obligations that will provide election officials with a better understanding of how to use its voting machines. Further information may be found at http://www.corporate-ir.net/ireye/ir_site.zhtml?ticker=dbd&script=410&la yout=-6&item_id=655877

In a suit filed in U.S. District Court in San Francisco, intellectual property consultant Greg Aharonian says that computer software should not be protected by copyright laws. Instead, he says that software should be protected under patent laws, which provide more comprehensive protection, but are harder and costlier to obtain. The case seeks to clarify which laws the $100 billion U.S. software industry may use to protect its software. Many firms use both copyright and patent laws, as well as "clickwrap" agreements that mandate terms of use. Aharonian’s complaint argues that software copyright laws violate the Constitutional right to due process because they do not provide clear boundaries for appropriate use. That means industry players and courts do not have a clear picture of the rules. Further information may be found at http://www.reuters.com/newsArticle.jhtml;?storyID=7083679

On December 14th, Research in Motion (RIM) suffered another defeat when the U.S. Court of Appeals for the Federal Circuit ruled that RIM is infringing patents held by NTP, Inc. However, the court offered RIM, maker of the Blackberry, a chance to reverse the findings of infringement. The court said the district court had misconstrued one claim in the disputed patents. Since it was unclear whether the error prejudiced the jury and caused it to reach an infringement verdict, the appeals court said it was sending the case back to the district court to review that question. In 2002, a federal court jury in Richmond, Virginia, found that RIM had committed willful infringement on all the claims in five patents held by NTP, a Virginia company created to protect the patents of inventor Thomas Campana Jr., who died IN 2004. The jury awarded NTP $23 million, a royalty rate of 5.7 percent of BlackBerry sales. The court subsequently increased the award to $53.7 million and issued a permanent injunction barring RIM from manufacturing or selling BlackBerry devices. The court stayed the injunction pending the outcome of the appeal. Further information may be found at http://www.law.com/jsp/article.jsp?id=1102944935440

On December 14th, the Motion Picture Association of America (MPAA) filed suits against more than 100 operators of BitTorrent "tracker" servers that point to locations where digital files of movies, music and other content can be found. These sites help people connect to movies and other content on peer-to-peer file sharing networks. The MPAA also targeted operators of servers for the eDonkey and Direct Connect networks. The group's actions include criminal complaints and cease-and-desist orders issued to ISPs on four continents. Acting in cooperation with the MPAA, French law enforcement authorities took related action Monday, and actions by authorities in Finland and the Netherlands followed Tuesday. BitTorrent, eDonkey and Direct Connect allow millions of Internet users to share copies of movies, music, software and games. The services don't host the files themselves; instead, they point users to other users who have the files or portions of files available for sharing. The MPAA is trying to eliminate BitTorrent and its colleagues by suing people who host the tracker servers. Further information may be found at http://www.wired.com/news/digiwood/0,1412,66034,00.html

On December 1st, the District Court of Appeal for Florida (Second District) ruled that an online real estate company could continue to use property appraiser records for profit without paying royalties to the government that created them. MicroDecisions, an Orlando-based company, filed a lawsuit in 2002 against Collier County Property Appraiser Abe Skinner. MicroDecisions gathers real estate data for its website, where customers can purchase plats, maps and property value information. Skinner claimed records created in his office were copyrighted under federal law and would only allow MicroDecisions to use them for profit if they agreed to pay royalties to his office. In finding against Skinner, the court cited the overwhelming concern that access to public records remain unencumbered. The decision In Microdecisions v. Skinner may be found at http://www.2dca.org/opinion/December%2001,%202004/2D03-3346.pdf

On December 15th, the U.S. District Court for the Eastern District of Virginia issued a ruling finding that a key element of Google’s keyword advertising practices is legal. The ruling came in an ongoing trademark-infringement case filed by Geico. Geico was distressed that users searching for Geico would find that competitors’ ads would appear on the results screen. Judge Leonie Brinkema found that there was insufficient evidence to justify a finding that Geico’s trademark had been violated. Google's popular AdWords program sells "key words" to advertisers that trigger sponsored advertising links. They're priced on a sliding scale, depending on demand. Advertisers only pay if users decide to click the ads. Advertisers pay $1.53 per click, for instance, for the words "Geico Insurance." The case will continue on one remaining issue; whether ads that pop up and actually use "Geico" in their text violate trademark law. Google contends its policies expressly forbid advertisers from using trademark names in the text of ads. The search engine says it does its best to prevent such ads, and that the advertisers would be liable for any trademark violation, not Google. Further information may be found at http://www.reuters.com/newsArticle.jhtml?type=internetNews&storyID=7104675