HOUSE PASSES ELECTRONIC ID ACT

On February 10th, the House of Representatives passed (261-161) a broad set of rules designed to compel states to issue all adults federally approved electronic identification cards, including driver's licenses. Under the rules, federal employees would reject licenses or identity cards that don't comply with the law’s requirements, which could restrict Americans' access to airplanes, trains, national parks, federal courthouses and other areas controlled by the federal government. The Real ID Act requires that driver's licenses and other ID cards must include a digital photograph, anticounterfeiting features and undefined "machine-readable technology, with defined minimum data elements" that could include a magnetic strip or RFID tag. The Department of Homeland Security would be charged with drafting the details of the regulation. Republican politicians argued that the new rules were necessary to thwart terrorists, saying that four of the September 11, 2001, hijackers possessed valid state-issued driver's licenses. States would be required to demand proof of the person's Social Security number and confirm that number with the Social Security Administration. They would also have to scan in documents showing the person's date of birth and immigration status, and create a massive store so that the (scanned) images could be retained in electronic storage in a transferable format permanently. Another portion of the bill says that states would be required to link their DMV databases if they wished to receive federal funds. Among the information that must be shared: All data fields printed on drivers' licenses and identification cards, and complete drivers' histories, including motor vehicle violations, suspensions and points on licenses. About 95 percent of the House Republicans voted for the bill. More than three-fourths of the House Democrats opposed it. The text of the bill may be found by entering the bill number (H.R. 418) at http://thomas.loc.gov

On February 7th, President Bush presented Congress with a $2.6 trillion budget for the federal government that would modestly reduce some social programs while boosting overall spending on information and surveillance technology. The White House has proposed spending hundreds of millions of dollars on computer security, technology upgrades and aerial surveillance devices as part of a seven percent increase in information technology spending by federal agencies. Also included in Bush's 2006 budget is a proposal to make the research and development tax credit permanent. The Department of Homeland Security would receive $174.8 million so border police could buy "inspection and surveillance technology, unmanned aerial vehicles and replacement aircraft." The Justice Department benefits include $181.5 million earmarked for "information-sharing technology, $20.1 million for deploying an improved fingerprint database, and about $3 million for "cyberfraud and computer forensic assistance." The budget documents may be found at http://www.whitehouse.gov/omb/budget/fy2006/

On February 11th, the Florida Appeals Court, Fifth District, ruled that Beverly Ann O'Brien illegally obtained records of husband James' online conversations with another woman as the two played Yahoo Dominoes together. "It is illegal and punishable as a crime under (state law) to intercept electronic communications," wrote Judge Donald Grincewicz on behalf of a three-judge panel. The court barred Beverly O'Brien from revealing the contents of the intercepted conversations, and said the chat records could not be introduced as evidence in the couple's divorce proceedings. At issue in this case was whether use of the spyware, called Spector, violated Florida's wiretapping law. The law says anyone who intentionally intercepts any electronic communication commits a criminal act. Beverly O'Brien's lawyers argued that the monitoring didn't fall under the law's prohibitions and was kin to reading a stored file on her husband's computer, which would not be treated as wiretapping. However, the court concluded that "because the spyware installed by the wife intercepted the electronic communication contemporaneously with transmission, copied it and routed the copy to a file in the computer's hard drive, the electronic communications were intercepted in violation of the Florida Act." The decision in O’Brien v. O’Brien may be found at http://www.5dca.org/Opinions/Opin2005/020705/5D03-3484.pdf

State governments working on a national Internet sales tax system are planning the data infrastructure that they and retailers will need to manage the collection of taxes on most e-commerce transactions. Working together as part of the Streamlined Sales Tax Project, 40 states and the District of Columbia have issued two requests for bids from technology companies to design the software and Web-based networks to track millions of online purchases and process the appropriate sales tax payments. The project’s members are now seeking bids to build a registration system where all Internet retailers, the giants and the mom and pop operations, would go to declare their intent to collect and remit taxes on online sales made to customers in the project's participating states. The states plan to award contracts to multiple vendors who would provide sales tax collection systems to online retailers. As currently projected, Web merchants would pay nothing for the services. Instead, the vendors would take a small cut from the revenues. Currently, 19 states have modified their sales tax codes to make it easier for retailers to collect taxes on Internet sales. By October 2005, the states hope to have a voluntary collection system working in at least 15 states representing roughly one-fourth of the U.S. population. It is their hope that Congress would then be more likely to endorse a mandatory, national Internet sales tax system. A study released in July 2004 by the National Governors Association and the National Conference of State Legislatures estimated that state and local governments lost $15.5 billion to $16.1 billion in 2003 in revenue from untaxed Internet sales. The states hope to award the contract for building the central registration system by March 4th. The initial term of the contract is for one year, but it may be renewed for a term of up to four more years. Further information may be found at http://www.streamlinedsalestax.org/

On February 1st, it was announced that a new Software Freedom Law Center (SFLC) had been launched. The center was set up by the open source community’s top legal expert, Eben Moglen. Moglen established the SFLC with the assistance of open source and Linux promotion consortium Open Source Development Labs (OSDL) to provide pro bono legal services to non-profit open source groups, including best practices, licensing, defense and litigation support, and legal consulting. "The Law Center is being established to provide legal services to protect the legitimate rights and interests of free and open source software projects and developers, who often do not have the means to secure the legal services they need," Moglen said in a statement. Moglen is a professor of law and legal history at Columbia Law School and general counsel for the Free Software Foundation. An initial $4 million to fund the New York-based center came from OSDL, a Linux consortium funded by computing industry giants such as IBM, Hewlett-Packard, Intel and others. The website for the Software Freedom Law Center may be found at http://www.softwarefreedom.org/

SPAM: 95% OF E-MAIL BY 2006?

Spam experts expect spam to proliferate at an increasing rate thanks to a new spamming ploy, turning ISPs into spam relaying zombies. On February 4th, the SpamHaus Project, a U.K. based anti-spam compiler of blacklists, announced that new software has been created that takes over a computer and then uses it to transmit spam through the mail server of the computer’s Internet service provider. This means the junk mail appears to come from the ISP, making it very hard for an anti-spam blacklist to block it. Previously, zombie PCs have been used as mail servers themselves, sending spam e-mails directly to recipients. The new Trojan is able to order proxies to send spam upstream to the ISP, according to Steve Linford, director of SpamHaus. Linford predicts that ISPs will see a growth in the volume of bulk mail they send and receive over the next two months, with spam levels rising from 75 percent of all e-mail to around 95 percent within a year. Further information may be found at http://www.spamhaus.org/news.lasso?article=156

In a report published on February 4th, the anti-spam group Spamhaus charged that MCI is hosting illegal spam operations and making an estimated $5 million a year to keep those operations running. Spamhaus said it has repeatedly notified MCI that it is helping to host 187 known spam gangs around the world, and that it has become known as a top spam haven in the world. The Spamhaus report is titled "Should ISPs Be Profiting From Knowingly Hosting Spam Gangs?" The report may be found at http://www.spamhaus.org/news.lasso?article=158

On January 31st, a New Jersey appellate court ruled that an owner of an online discussion board is not responsible for derogatory, malicious and even potentially defamatory comments posted to it. The creator of the "Eye on Emerson" Web site was held to be not liable for remarks that referred to local politicians in terms such as "hate mongering political boob" and allegations that they abused their authority over the Emerson, N.J., police department. "In the context of traditional media, such as newspapers and magazines, the publisher of defamatory statements might well be exposed to liability for conduct such as that alleged," the judges said. But because Congress broadly immunized Internet service providers as part of the 1996 Communications Decency Act, the court concluded that owners of discussion boards also benefit from the law's protections. A portion of the Communications Decency Act says that "no provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider." A number of other courts have reached similar conclusions. The decision in Donato et al v. Moldow may be found at http://lawlibrary.rutgers.edu/courts/appellate/a5942-02.opn.html

On February 1st, the Federal Trade Commission (FTC) released its annual fraud and identity theft report, finding that Americans lost at least $548 million to identity theft and consumer fraud last year. The FTC said it received 635,000 consumer complaints in 2004. Identity theft topped the list with 247,000 complaints, up 15 percent from the previous year. Internet-related fraud accounted for more than half of the remaining complaints as scammers found victims through Web sites or unsolicited e-mail. Auction fraud was the most common Internet scam, followed by complaints about online shopping and Internet access service. The FTC’s report may be found at http://www.consumer.gov/sentinel/pubs/Top10Fraud2004.pdf

On February 7th, it was reported that a high-powered coalition of anti-spyware vendors was collapsing. The Consortium of Anti-Spyware Technology vendors (COAST) suffered the loss of three of its founding members, Webroot Software Inc., Aluria Software LLC and Computer Associates International Inc.’s PestPatrol. Another founder, Lavasoft Inc., left the consortium earlier and accused COAST's leadership of adopting an "overt agenda to concentrate on revenue generation." The latest withdrawals stem from the decision by COAST to allow membership to 180solutions Inc., a Washington-based search marketing company that uses questionable tactics to install ad-serving software on computers. The departing companies made it clear that they were uncomfortable with the idea of adware firms using COAST membership as a marketing tool. Further information may be found at http://www.infoworld.com/article/05/02/08/HNcoastfallsapart_1.html

On February 10th, the 9th Circuit agreed to reconsider its earlier refusal to have U.S. courts intervene in a battle involving Yahoo and the sale of Nazi paraphernalia in France. In August 2004, a three-judge panel of the U.S. 9th Circuit Court of Appeals rejected Yahoo's appeal and held that a lower court did not have jurisdiction over two French groups that have worked to halt auctions of Nazi-related items on Yahoo's Internet site. In May 2000, a French court granted the groups' request and ordered Yahoo to bar access to Nazi items and to remove related messages, images and literature on its auction site. Yahoo's French subsidiary, at http://www.yahoo.fr, now removes all Nazi material from its site in accordance with French law. France bars sales of Nazi-related memorabilia, and Yahoo was subject to fines for not following those rules. On Thursday, the 9th Circuit agreed to set aside the three-judge panel's 2-1 ruling and have the full 11-judge en banc panel reconsider the August decision. The legal fight dates back more than four years. Yahoo sued in U.S. federal court in December 2000, asking the court to declare the French court's orders "not recognizable or enforceable in the United States." It later said that the French court's orders violated its First Amendment rights. The 9th Circuit’s order in the case may be found at http://www.ca9.uscourts.gov/coa/newopinions.nsf/9858BF5F58366BF488256FA4005DDF31 /$file/0117424ebo.pdf?openelement

On February 14th, the Securities and Exchange Commission (SEC) announced that Wall Street investment bank J.P. Morgan Chase & Co. will pay $2.1 million in fines to settle accusations that it failed to retain e-mails sought in investigations of stock research analyst misconduct. J.P. Morgan will pay $700,000 each to the SEC, the New York Stock Exchange and brokerages regulator NASD over record-keeping rule issues. J.P. Morgan also will review "its procedures regarding the preservation of electronic mail communications." According to the SEC, J.P. Morgan failed to retain all the e-mails sought because backup tapes could not be found in storage facilities, other tapes were damaged or contained errors, or backup tapes were not made for some periods. J.P. Morgan declined to comment. The investment bank reached its settlement without confirming or denying wrongdoing, as is customary in such SEC agreements. Further information may be found at http://www.sec.gov/litigation/admin/34-51200.htm

Microsoft, eBay and Visa announced on February 14th that they had joined the Phish Report Network, a new anti-phishing initiative. The project hopes to slow the spread of phishing attacks by reporting deceptive Web sites to a central database operated by WholeSecurity, an IT security company based in Austin, Texas. Once a site has been reported to the network and confirmed as fraudulent, the organization notifies all of its members about the URL, allowing companies to block the suspect site and encourage their customers to follow suit. Phishing schemes typically consist of e-mail messages that appear to come from trusted companies. These messages attempt to lure people to bogus Web sites, where they're asked to divulge sensitive personal information, such as bank account details and Social Security numbers. Once armed with that data, criminals will often use it to commit identity theft. The Phish Report Network website may be found at http://www.phishreport.net/

The Motion Picture Association of America (MPAA) announced on February 10th that it had reached a settlement with file swapping site LokiTorrent. The site has agreed to close and to provide Hollywood lawyers with access to its full server logs, including data that could expose hundreds of thousands of people to copyright lawsuits. The data provided by the onetime file-swapping hub would provide "a roadmap to others who have used LokiTorrent to engage in illegal activities," the MPAA asserted. The site's operator is required to pay a settlement fee of close to $1 million. Like other big BitTorrent sites, LokiTorrent had served as a clearinghouse for links to pirated copies of movies, TV shows, software and music. The site provided access to more than 30,000 different files in October 2004. Similar suits were filed by the MPAA across the U.S. during February. Visitors to LokiTorrent’s website now get a warning from the MPAA, which may be found at http://www.lokitorrent.com/

For the fifth straight year, at least half of all federal agencies received a grade of "D" or worse on the House Government Reform Committee's annual cyber-security report card. Agencies that received failing marks include the departments of Agriculture, Commerce, Energy, Health and Human Services, Housing and Urban Development, and Veterans Affairs. A grade of "D" was awarded to the departments of Defense and Treasury, as well as the National Aeronautics and Space Administration and the Small Business Administration. The grades were based on internal assessments by the agencies and evaluations by the White House Office of Management and Budget. Agencies were graded on how well they met the requirements set out in the Federal Information Security Management Act (FISMA). The report card may be found at http://reform.house.gov/UploadedFiles/2004%20Computer%20Security%20Report%20card %202%20years.pdf

On February 15th, ChoicePoint confirmed that criminals had accessed its database of consumer records, potentially viewing the personal data of about 35,000 Californians and resulting in at least one case of identity fraud. The Atlanta company, which provides consumer data services to insurance companies, other businesses and government agencies, said the unidentified individuals posed as legitimate business people in order to gain access to the data. Among the data available through the company's services, and possibly accessed by the criminals, are consumers' names, addresses, Social Security numbers and credit reports. ChoicePoint currently maintains 19 billion public records on U.S. residents. By February 18th, the incident took on more serious proportions as the Los Angeles task force in charge of the criminal investigation confirmed that at least 700 people had their identities stolen during the yearlong scam by still unknown con artists who had signed up as clients of ChoicePoint. The task force leader, sheriff's lieutenant Robert Costa, said the number of people vulnerable to identity theft in the case could reach 500,000. That's a much higher number than the latest estimate acknowledged by ChoicePoint, which finally sent warning letters to a total of 145,000 people in various states after receiving a lot of complaints. ChoicePoint and other privately owned aggregators of personal information operate with virtually no federal oversight, and critics argue that federal regulation is needed. The FBI, the Secret Service and U.S. Immigration and Customs Enforcement, the largest investigative arm of the Department of Homeland Security, have now joined the probe. Thus far, it has been confirmed that the scammers used stolen identities and faxed applications to ChoicePoint from Kinko's stores, opening up 50 accounts though which they received a great deal of consumer data for months. ChoicePoint’s statement regarding the incident may be found at http://www.choicepoint.com/news/statement_0205_1.html

On February 12th, it was reported that there had been a break-in on January 25th at Science Applications International Corp. (SAIC) of San Diego. The computers which were stolen placed a number of the nation’s most influential former military and intelligence officials at risk of identity theft because the computers contained the Social Security numbers and other personal information about tens of thousands of past and present company employees. SAIC handles many sensitive government contracts, including information security contracts. It has a reputation for hiring former high government officials. Those former officials, along with the rest of a 45,000-person workforce in which a significant percentage of employees hold government security clearances, were informed last week that their private information may have been breached and they need to take steps to protect themselves from fraud. David Kay, who was chief weapons inspector in Iraq after nearly a decade as an executive at SAIC, said he has devoted more than a dozen hours to shutting down accounts and safeguarding his finances. He said the successful theft of personal data, by thieves who smashed windows to gain access, does not speak well of a company that is devoted to keeping the government's secrets secure. Ben Haddad, an SAIC spokesman, said that the theft occurred in an administrative building where no sensitive contracting work is performed. Haddad said the company does not know whether the thieves targeted specific computers containing employee information or if they were simply after hardware to sell for cash. Further information may be found at http://www.saic.com/cover-archive/announce/012805.html

On February 15th, the 9th Circuit Court of Appeals refused to consider the issue of whether federal courts have jurisdiction over out-of-state Internet retailers. In an 8-3 decision, the judges decided the issue was moot because the parties, Maine-based L.L. Bean Inc. and Gator.com Corp. of Redwood City, California, settled after last summer's oral argument. Gator.com agreed to pay L.L. Bean, but the amount remained under seal at the 9th Circuit. Both sides had asked the court to keep the issue alive and included a provision in their confidential settlement agreement that said Gator.com would pay L.L. Bean $10,000 more if the panel decided in favor of the well-known outdoor apparel retailer. Underscoring the settlement, the judges said a live controversy must "persist throughout all stages of the litigation." The court said, "Although the parties have negotiated a 'side bet' concerning our resolution of this appeal, that wager does not alter the fact that the personal jurisdiction issue is wholly divorced from any live case or controversy." The opinion in Gator.com v. L.L. Bean may be found at http://www.ca9.uscourts.gov/ca9/newopinions.nsf/F43A980D299ECAF988256FA8007A2836 /$file/0215035.pdf?openelement

On February 16th, the U.S. Department of Justice (DOJ) announced it would appeal a recent district court ruling throwing out obscenity charges against a Los Angeles adult video production company that distributes its materials over the Internet. In the first major U.S. obscenity trial in 10 years, U.S. District Court Judge Gary Lancaster of Pittsburgh dismissed the 10-count indictment against Extreme Associates and its owners Robert Zicari and Janet Romano. Lancaster ruled individuals have the right to view the material in the privacy of their homes. The judge also said Extreme Associates has the right to distribute the material. The DOJ said in a statement, "The Department of Justice places a premium on the First Amendment right to free speech, but certain activities do not fall within those protections, such as selling or distributing obscene materials." Further information may be found at http://www.usdoj.gov/opa/pr/2005/February/05_crm_066.htm

On February 18th, authorities announced the arrest of a young man suspected of broadcasting 1.5 million ads for pornography and cheap mortgages. Federal prosecutors said it was the first criminal case involving this new form of spam, known as "spim" because it targets so-called instant messaging (IM) services. Anthony Greco, 18, was arrested Wednesday at Los Angeles International Airport, where prosecutors said they lured him from his upstate New York home for what he expected would be a meeting with the president of MySpace.com, a popular social-networking company whose users Greco allegedly spammed. Greco had threatened to tell other spammers how he sent the unsolicited instant messages to MySpace users last fall if he wasn't given an exclusive marketing contract with the company, according to a sworn investigator's statement filed in Los Angeles federal court. Greco was charged with violating a federal anti-spam law, harming MySpace computers and attempting extortion. Facing 18 years in prison if convicted, he was released under a $25,000 bond. Further information may be found at http://www.chron.com/cs/CDA/ssistory.mpl/business/3047353

On February 17th, a group of Apple computer resellers and consumers joined forces and filed a class action suit against Apple. The lawsuit, filed in the California Superior Court in San Francisco, accuses Apple of not honoring warranties, misappropriating trade secrets from its resellers, unlawful business practices and repackaging and selling refurbished machine, among other charges. The resellers claimed the company has been using confidential reseller information in order to boost sales at Apple's own stores and cut the resellers out. The resellers also claim that Apple ensured its own stores' shelves were stocked more plentifully and ahead of resellers'. Apple is further accused of deliberately undercutting the resellers' prices and failing to extend warranties while its products were being repaired. Further information may be found at http://www.appleinsider.com/article.php?id=890

On February 17th, the appellate court in the state of Washington reversed a lower court and held unenforceable a forum selection clause in AOL's terms of service which stated that Virginia courts have exclusive jurisdiction over any dispute arising in connection with the services. The plaintiffs had sued AOL (and its independent contractor ICT) in Washington state court, claiming that they had been swindled when AOL started charging them for secondary accounts for which the plaintiffs had never signed up. AOL moved to dismiss, claiming that under the terms of service, Virginia was the only place in which such suit could be brought. The trial court agreed, and dismissed the lawsuit. The appellate court reversed, finding that enforcing the provision would violate public policy. The court found that denying the ability to litigate the question in a Washington court would "undermine the very purpose" of the consumer protection act, which is to offer broad protection to its citizens.The opinion in Dix v. ICT Group, Inc. may be found at http://www.courts.wa.gov/opinions/?fa=opinions.opindisp&docid=231844MAJ

The law firm Lerach Coughlin Stoia Geller Rudman & Robbins filed suit against Dell on February 14th, accusing Dell of bait and switch practices, false advertising, fraud and deceit in sales and advertising, and breach of contract. The firm is seeking class action status for the suit, which was filed in San Francisco County Superior Court. The crux of the suit alleges that Dell advertises low prices for its computers, but people who try to purchase a machine at the advertised price find it is no longer available for that price. The suit also claims that Dell and its lending partner CIT Bank change, without notice, financing packages promoted as "easy" and "preferred," to include much higher interest rates and hidden charges. The suit alleges that Dell has violated numerous California laws and codes of conduct, including the California's Consumer Legal Remedies Act, the California Business and Professions Code and the Unruh Act. The complaint in Weber et al v. Dell may be found at http://www.lerachlaw.com/cases/dell/complaint.pdf

On February 17th, a Georgia woman sued Hewlett-Packard Co., alleging that the ink cartridges for their printers are programmed to expire on a certain date, sometimes making them useless before they are installed in a printer. The suit was filed in Santa Clara Superior court and seeks to represent anyone in the U.S. who purchased an HP inkjet printer since February 2001. HP ink cartridges use a chip technology to sense when they are low on ink and to advise users to change the cartridge. The lawsuit essentially claims that the chips shut down the cartridges at a predetermined date, of which the user is unaware, regardless of whether they are empty. The suit, which seeks class-action status, asks for restitution, damages and other compensation. Further information may be found at http://www.technewsworld.com/story/40826.html