SENATE APPROVES REAL ID ACT

On May 10th, the Senate unanimously approved the Real ID Act, which now heads to President Bush for signature. Its proponents, including the Bush administration, say it's needed to stop illegal immigrants from obtaining drivers' licenses. The act is scheduled to take effect in May 2008 and will require Americans to obtain federally approved ID cards with "machine readable technology" that abides by Department of Homeland Security specifications. Anyone without such an ID card will be effectively prohibited from traveling by air or Amtrak, opening a bank account, or entering federal buildings. The Act was incorporated in an Iraq military spending bill. The text of the Act may be found by entering the bill number (H.R. 1268) at http://thomas.loc.gov/home/thomas.html

On April 28th, New York Attorney General Eliot Spitzer filed a lawsuit against Internet marketing company Intermix Media, alleging that it is a source of adware and spyware that hinder online commerce and security. Spitzer’s office, describing the suit as the "most sweeping case to date involving programs that redirect Web addresses, add toolbars and deliver pop-up ads," said it arose from a six-month investigation of Intermix. The probe found that Intermix was installing advertising software on home computers without informing the owners that it was doing so. Intermix issued a statement denying the allegations, though it admitted that at least some of the charges were true during the course of the Spitzer investigation. Beyond the allegations that applications were secretly installed, the suit also alleges that Intermix undertook significant measures to protect the programs it secretly installed, hiding the applications in places on computers where they would be hard to find and sometimes making the software impossible for people to remove. Spitzer is seeking a court order that bars Intermix from secretly installing spyware, an accounting of any revenue the company generated through the spyware and adware applications products, along with financial penalties against the company. The case was filed under New York's General Business Law, which is aimed at preventing companies from creating false advertising and engaging in deceptive business practices. Further information may be found at http://www.oag.state.ny.us/press/2005/apr/apr28a_05.html

On May 23rd, the House of Representatives passed two bills designed to punish those who install spyware on people's computers without their knowledge. After abandoning efforts to merge the two measures into a single bill, the House voted 395-1 to pass legislation that would send some spyware distributors to jail for up to five years, and 393-4 in favor of another bill that would impose heavy fines on people and companies that install spyware on people's computers without their permission. The House passed two nearly identical bills in October of 2004, but concerns in the Senate, including how best to punish spyware purveyors while protecting legitimate businesses, prevented passage. The Spy Act requires businesses to obtain permission before placing computer programs on people's computers, an opt-in procedure. Technology companies generally prefer "opt-out" language that allows consumers to request that programs not be uploaded to their computers, but doesn't force companies to ask permission every time. The bill also outlaws some of the most insidious practices associated with spyware, including many of the gimmicks used to trick people into installing the programs. Violators could be fined up to $3 million per violation. The Internet Spyware Prevention Act has been less controversial. It focuses on some of spyware distributors' more overtly criminal activities and imposes jail terms of up to five years on those who use software to illegally gain access to a computer. The text of the bills may be found by entering the bill numbers (H.R. 29 and H.R. 744) at http://thomas.loc.gov/

On May 16th, the Supreme Court struck down protectionist state laws banning direct sales to consumers by out-of-state vineyards.The decision ends what the court described as an "ongoing low level trade war" in which some 24 states made it illegal for residents to order wine from out-of-state producers but not from in-state vineyards. In a 5-4 ruling, the court said these laws violate the Constitution's Commerce Clause, which mandates the free flow of trade among the states. The decision was a defeat for wine wholesalers, who object to all direct sales, and for all the states that have such bans or partial bans, among them New York and Michigan, which were litigants in the case. The litigants opposing lifting the bans argued that regulation of alcohol is an exception to the Commerce Clause because the 21st Amendment to the Constitution, which repealed Prohibition, also gave the states unusual powers to regulate the sale of wine, beer and liquor. The court said those powers do not override the Commerce Clause. The decision in Granholm v. Heald may be found at http://www.supremecourtus.gov/opinions/04pdf/03-1116.pdf

On May 18th, Florida State Circuit Court Judge Elizabeth Maass handed down a $1.45 billion jury verdict against Morgan Stanley for deceiving billionaire Ronald Perelman over a business deal. Frustrated at Morgan Stanley's repeated failure to provide Perelman's attorneys with e-mails, Judge Maass handed down a pretrial ruling that effectively found the bank had conspired to defraud Perelman when he sold Coleman to appliance maker Sunbeam in 1998. Morgan Stanley was working for Sunbeam, which entered bankruptcy in 2001, rendering worthless the shares Perelman had received in part payment for Coleman. In a rare step, Maass switched the burden of proof to Morgan Stanley, and instructed the jury solely to decide whether Perelman had relied on Morgan Stanley. Further information may be found at http://www.philly.com/mld/philly/business/11748676.htm

On May 19th, Suffolk Superior Court Judge Allan van Gestel refused a request by Massachusetts Secretary of State William Galvin to read Gillette’s e-mail as part of his investigation into the proposed $57 billion acquisition by Procter & Gamble (P&G). However, van Gestel did order Gillette to turn over copies of e-mails between executives and investment bankers who helped set the deal's value. Galvin has questioned whether P&G paid too little in the deal, and said he has an obligation to local shareholders and employees to ensure there was no fraud. Both companies' shareholders are scheduled to vote on the merger next month. Gillette has said executives preserved all e-mails related to the deal since P&G's offer was disclosed in January. Before that, however, e-mails were deleted as part of routine maintenance of the company's massive network, according to Gillette, arguing that workers were under no obligation to retain them and that Galvin had no right to search the system. Van Gestel agreed, saying Gillette's estimated 18,500 e-mail users and 7 million internal monthly messages mean that "any request to examine the kinds of electronic and computerized devices listed ... is nearly impossible to comply with." He also said he had no authority to force Gillette to turn over the electronic materials, which may include confidential trade information or violate attorney-client privilege. Further information may found at http://www.mercurynews.com/mld/mercurynews/news/breaking_news/11689032.htm

On April 27th, President Bush signed legislation aimed at helping parents keep their children from seeing sex scenes, violence and obscene language in movie DVDs. The legislation, called the Family Entertainment and Copyright Act, creates an exemption in copyright laws to make sure companies selling filtering technology won't go under due to a flood of lawsuits. The bill gives legal protections to the nascent filtering technology that helps parents automatically skip or mute sections of commercial movie DVDs. The bill originated when Hollywood studios and directors sued to stop the manufacture and distribution of such electronic devices for DVD players. The movies' creators had argued that changing their content, even though it might be considered offensive, would violate their copyrights. The text of the Act may be found by entering the bill number (S. 167) at http://thomas.loc.gov/

On May 6th, the U.S. Court of Appeals for the D.C. Circuit ruled that the Federal Communications Commission (FCC) does not have the authority to prohibit the manufacture of computer and video hardware that doesn't have copy protection technology known as the "broadcast flag." The regulations, which the FCC created in November 2003, had been intended to limit unauthorized Internet redistribution of over-the-air TV broadcasts. The FCC rules would have outlawed many digital TV receivers and tuner cards beginning on July 1st. "The broadcast flag regulations exceed the agency's delegated authority under the statute," a three-judge panel unanimously concluded. "The FCC has no authority to regulate consumer electronic devices that can be used for receipt of wire or radio communication when those devices are not engaged in the process of radio or wire transmission." This will send the fight back to Capitol Hill, as the decision notes that the FCC has no power to act until Congress confers that power by enacting a law explicitly authorizing the broadcast flag. The decision in American Library Association et al v. FCC may be found at http://pacer.cadc.uscourts.gov/docs/common/opinions/200505/04-1037b.pdf

On May 3rd, a Minnesota appellate court ruled that the presence of encryption software on a computer may be viewed as evidence of criminal intent. Ari David Levie, who was convicted of taking illegal photographs of a nude 9-year-old girl, argued on appeal that the PGP encryption utility on his computer was irrelevant and should not have been admitted as evidence during his trial. PGP stands for Pretty Good Privacy and is sold by PGP Inc. of Palo Alto, California. However, the court ruled 3-0 that the trial judge was correct to let that information be used when handing down a guilty verdict. "We find that evidence of appellant's Internet use and the existence of an encryption program on his computer was at least somewhat relevant to the state's case against him," Judge Randall wrote. The decision in Minnesota v. Levy may be found at http://caselaw.lp.findlaw.com/scripts/getcase.pl?court=mn&vol=apppub/0505/op a040381-0503&invol=1

On May 4th, the largest American VoIP company and the largest phone company struck a deal that allows Vonage’s customers to access the Enhanced 911 emergency services network of Verizon Communications, Inc. Vonage said it plans to spend more than $10 million by the end of the year to set up a 911 service for its New York City-based VoIP users using Verizon's wireless and wireline E 911 network. Vonage will pay at least $1 million per month for the service on an ongoing basis. Vonage said it expects to ink a similar deal with Qwest Communications in the next several weeks. Under the deal, when a Vonage customer calls 911 within Verizon's territory, emergency services staff will receive the caller's physical location and callback number, similar to the way landline and mobile calls are handled. Historically, this information for VoIP callers was not sent to 911 services. When Vonage customers opted in for its existing 911 service, their calls were not always routed to appropriate emergency personnel. The deal means Vonage can offer customers a more comparable service to traditional phone services than before. Two states have already filed suit against Vonage, Connecticut and Texas, accusing the company of misrepresenting its ability to connect customers to 911 emergency dispatchers. Further information may be found at http://www.vonage.com/corporate/press_index.php?PR=2005_05_04_0

On May 3rd, security software maker Webroot released a study concluding that the number of computers infected with spyware applications remains relatively high despite growing awareness of the epidemic and modest success in controlling it. Webroot's independent research and data gathered by its Spy Audit service, which uses software designed to look for spyware, showed that 88 percent of the consumer machines in the study harbored some form of unwanted program during the first quarter of 2005. Among businesses, Webroot found similarly overwhelming results, with spyware on 87 percent of all the corporate PCs it studied. Spyware is now estimated to generate an astonishing $2 billion in revenue annually. Based on statistics published by the Internet Advertising Bureau, spyware could represent almost 25 percent of the entire online advertising industry. The report contends that spyware exploits have crippled some businesses, particularly financial-services companies, in some cases by stealing customer data. Spyware infection also has slowed the growth of e-commerce by eroding consumer trust in online security. The report may be found at http://www.webroot.com/stateofspyware

On May 12, the Federal Trade Commission (FTC) announced that it has proposed five changes to the CAN-SPAM Act to clarify the law for senders and enhance protection for receivers. The most notable changes include one that would clarify who is responsible when multiple parties are involved, and another that would shorten the sender's opt-out response period to three days. In cases where multiple advertisers or service providers are involved, the FTC proposes that, when only one advertiser controls the content of the message, determines the e-mail addresses to which the message is sent, and is identified as the sender in the "from" line, that advertiser will be considered the sender. The same ruling would apply even where one or more service providers controls those tasks, so an advertiser need not satisfy all three criteria, but no other advertiser may satisfy any of them without being considered an additional sender, required to meet the opt-out requirements. Another change would eliminate any potential hurdles a sender may put up to prevent a user from unsubscribing, such as requiring a password or a fee to unsubscribe. The proposed change would not allow a sender to ask for any information other than the user's e-mail address and opt-out preferences, or require the user to take any steps other than sending a reply e-mail message or visiting a single Web page. Further information may be found at http://www.ftc.gov/opa/2005/05/canspamfrn.htm

On May 9th, a minor (John Doe) and his parents filed a $10 million suit against Yahoo Inc. and a man who once operated a Yahoo Groups site where members traded child pornography. The lawsuit, filed in the U.S. District Court for the Eastern District of Texas, charged that Yahoo breached its duties by allowing co-defendant Mark Bates and others to share child pornography on a site, called Candyman, that Bates created and moderated via the Yahoo Groups service. Bates pleaded guilty in 2002 to setting up the Candyman group site for the trade and distribution of child pornography. The site attracted thousands of users and was in operation for two months before Yahoo closed it down in February 2001. Among other things, the plaintiffs alleged that Yahoo was aware of the activity on the site and that it took no action to block or remove the pornographic images of Doe and other children. Generally, the Communications Decency Act shields Web sites from responsibility for material posted by users unless they have knowledge of the contraband material. Further information may be found at http://www.allheadlinenews.com/articles/2231902630

On May 9th, U.S. District Judge Patrick Duffy threw out a South Carolina state law barring distribution of sexually explicit pictures to minors over the Internet, saying it violates the First Amendment and Congress' authority over interstate commerce. The court found that Internet filters are an equally effective and less restrictive alternative to keep such material from minors. The challenge was brought by booksellers and publishers, some of whom operate Web sites with material on topics like obstetrics, sexual health, visual art and poetry. They argued the law would prevent adults from access to constitutionally protected material. Further information may be found at http://www.signonsandiego.com/news/computing/20050511-1442-internet-minors.html

On May 11th, Massachusetts Attorney General Tom Reilly filed suit seeking a court order to close down one of the world’s largest spam rings, accused of hawking bogus prescription drugs, mortgages, and porn. The suit was filed against seven people, but the leader of the rings is allegedly Massachusetts resident Leo Kuvayev. On the same day, Suffolk Superior Court Judge Ralph Gants issued an emergency order that effectively shut down dozens of websites linked to the defendants, as well as to two Internet companies. Criminal charges have not yet been filed in the case, and Kuvayev's whereabouts are apparently unknown. The suit alleges that Kuvayev and the other defendants sent millions of unsolicited emails by recruiting "affiliates" who also transmitted spam that tried to lure consumers to Kuvayev's websites. The sites allegedly sold counterfeit prescription drugs, pirated software, home mortgage loan offers, fake Rolex watches and pornography. Microsoft assisted in the investigation which preceded the filing. Further information may be found at http://www.ago.state.ma.us/sp.cfm?pageid=986&id=1426

On May 20th, U.S. Attorney General Alberto Gonzales announced that the Justice Department will launch a national sex offender registry Web site that will allow users to check state databases with a single search. Gonzales and other Justice Department officials said that within 60 days they expect to have the site available for public use and searches, with at least 20 states participating in the registry. By fall, they expect to have online information from the 48 states that have public sex offender registries. It will be up to each state to decide whether to link into the new system. Under the Justice Department's registry, an individual can enter a name, zip code, county or other query to search for registered sex offenders. Officials said policy concerns over privacy issues and misuse of the data would be avoided because the states keep control of the data, rather than creating a federal database. They said the registry cannot be used by employers to screen applicants for jobs. That would violate FBI policy and would be inconsistent with the noncriminal justice background checks in the Interstate Crime Control and Privacy Compact. The text of Gonzales’ speech may be found at http://www.usdoj.gov/ag/speeches/2005/052005agremarksnpr.htm

On May 19th, the Federal Communications Commission voted unanimously that Net phone operators must be able to steer 911 calls to the geographically appropriate emergency call center. In addition, the calls themselves must be accompanied by the originating address and phone number. By late September, Net phone providers must offer 911 service equivalent to that available over landline or cell phones, the FCC ruled. Further information may be found at http://hraunfoss.fcc.gov/edocs_public/attachmatch/DOC-258818A1.pdf

On May 18th, the American Management Association and the ePolicy Institute released a study showing that the chances that your employer is monitoring your technology use at work are increasing. The report found that companies are more consistently enforcing technology policies. About a quarter of employers have fired workers for misusing the Internet, another 25 percent have terminated employees for e-mail misuse and 6 percent have fired employees for misusing office telephones. The survey, which involved 526 U.S. companies, found that 5 percent use GPS technology to monitor cell phones and 8 percent use GPS to track company vehicles. About 75 percent of companies monitor workers' Web site connections, and 65 percent use software to block connections to inappropriate Web sites. Computer monitoring takes various forms, according to the study, with 36 percent of employers tracking "content, keystrokes and time spent at the keyboard." Another 50 percent of companies store and review employees' computer files. Companies also keep an eye on e-mail, with 55 percent retaining and reviewing messages. The number of employers who monitor the amount of time employees spend on the phone and track the numbers called has jumped to 51 percent, up from 9 percent in 2001. Fifty-one percent of the companies surveyed use video monitoring to counter theft, violence and sabotage, up from 33 percent in 2001. The number of companies that use video surveillance to track employees' on-the-job performance has also increased, with 10 percent now videotaping selected job categories and 6 percent videotaping all employees. The report may be found at http://www.amanet.org/press/amanews/ems05.htm

On May 15th, Alanco Technologies announced a contract with the Los Angeles County jail involving a pilot project to track inmates with radio frequency identification bracelets (RFID). The first phase will involve setting up an RFID system in the 1,800-inmate east facility of the Pitchess Detention Center in Castaic, California, by fall 2005. If it succeeds, and funding can be obtained, the county will spread the system throughout its prison facilities. In prison networks with such technology, RFID readers are planted throughout a jail in such large numbers that bracelet-wearing inmates can be continually tracked. When an inmate comes within range of a sensor, it detects his or her presence and records the event in a database. Thus, if an assault occurs at night, prison officials can look at the RFID logs and identify who was at the scene at the time of the incident. Tampering with the bracelet sends an alarm to the system. The system can also warn of gang gatherings. Guards also wear RFID tags in these facilities. Further information may be found at http://www.alanco.com/releases/051505.asp

On May 25, it was reported that the CIA was conducting a war game to simulate an electronic assault against the United States. The three-day exercise, known as "Silent Horizon," was meant to test the ability of government and industry to respond to escalating Internet disruptions over many months. The exercise took place in Charlottesville, Virginia. The simulated attacks were carried out five years in the future by a fictional new alliance of anti-American organizations that included anti-globalization hackers. Further information may be found at http://www.msnbc.msn.com/id/7983981/

On May 20th, the Association of American University Presses (AAUP), a 125-member nonprofit group of scholarly publishers, sent a letter to Google, whose Google Print for Libraries launched in December with the support of Harvard, Stanford and Michigan university libraries. In the letter, the association posed a series of detailed questions to Google about the project and its scope, given that the company is making a copy of books still in copyright without explicit permission from each publisher, creating the potential for financial harm to its members. The entire project is based upon a very broad claim of fair use, according to the AAUP. The AAUP questions Google's right to digitize the entirety of copyrighted works in the first place, even if publishers can opt out after the fact. The letter may be found at http://www.aaupnet.org/aboutup/issues/0865_001.pdf

On May 26th, the Senate Select Committee on Intelligence considered in closed session a draft bill that would both renew and expand various USA PATRIOT Act powers. The Electronic Frontier Foundation obtained a copy of the draft bill, along with the committee's summary of it, and has made them available to journalists and interested citizens. The text of the draft bill may be found at http://www.eff.org/news/archives/2005_05.php#003594