Have you heard about Homeland Security's Real ID cards, the European Union's warning to Microsoft and the recent cases involving spammers, eBay and YouTube? Browse through twenty short articles on recent happenings in the field.

HOMELAND SECURITY DATA MINING RAISES FLAGS

The Government Accountability Office (GAO) has issued a report detailing possible privacy violations of the Department of Homeland Security's new data-mining program. Currently, Homeland Security is testing a data-mining program that would attempt to spot terrorists by combing vast amounts of information about average Americans, such as flight and hotel reservations. Similar to a Pentagon program nixed by Congress in 2003 over concerns about civil liberties, the new program could begin as soon as next year. Called Analysis, Dissemination, Visualization, Insight and Semantic Enhancement (ADVISE), the program is on the cutting edge of analytical technology that applies mathematical algorithms to uncover hidden relationships in data. The idea is to troll a universe of information, including audio and visual, and extract suspicious people, places and other elements based on their links and behavioral patterns. The privacy violations involve the government's use of citizens' private information without proper notification to the public and using the data for a purpose different than originally envisioned. The issue is whether pattern-based data mining - searching for bad guys without a known suspect - can succeed without invading people's privacy and violating their civil liberties. The GAO's report may be found at http://www.gao.gov/new.items/d07293.pdf

NATIONAL COMPUTER FORENSICS INSTITUTE ANNOUNCED

On March 9th, the Department of Homeland Security and Alabama state officials unveiled the National Computer Forensic Institute in Hoover, Alabama. The Institute will provide services in the field of computer forensics and digital evidence analysis. The institute will be developed by the U.S. Secret Service and will be partially funded by the department's National Cyber Security Division. It will serve as a national cyber crimes training facility where state and local police officers, as well as prosecutors and judges, will be offered training and equipment. The facility will include classrooms, a computer forensic lab with an advanced research and development area, an evidence vault, storage and server rooms, public education exhibit space, and a conference room. Training will be based on the current U.S. Secret Service curriculum and include: basic electronic crimes investigation, network intrusion investigation and computer forensics. The announcement may be found at http://www.dhs.gov/xnews/releases/pr_1173477460607.shtm

HOMELAND SECURITY COUGHS UP DETAILS ON REAL ID

On March 1st, the Department of Homeland Security announced that hundreds of millions of Americans would have until 2013 to be outfitted with new, digital ID cards, in a long-awaited announcement that reveals details of how the new identification plan will work. The announcement offers a five-year extension to the deadline for states to issue the ID cards, and proposes creating the equivalent of a national database that would include details on all 240 million licensed drivers. The Real ID cards must include all drivers' home addresses and other personal information printed on the front and in a two-dimensional barcode on the back. The barcode will not be encrypted because of "operational complexity," which means that businesses like bars and banks that require ID would be capable of scanning and recording customers' home addresses. A radio frequency identification (RFID) tag is under consideration. Homeland Security is asking for input on how the licenses could incorporate "RFID-enabled vicinity chip technology, in addition to" the two-dimensional barcode requirement. States must submit a plan of how they'll comply with the Real ID Act by October 7, 2007. If they don't, their residents will not be able to use IDs to board planes or enter federal buildings starting on May 11, 2008. Homeland Security is considering standardizing a "unique design or color for Real ID licenses," which would effectively create a uniform national ID card. The draft regulations arrive amid a groundswell of opposition to the Real ID Act from privacy groups, libertarians and state officials. The draft rules, which are not final and will be subject to a public comment period, also include a more detailed estimate of how much it will cost to comply. The National Conference of State Legislatures and other state groups estimated last year that states would have to spend more than $11 billion. But Homeland Security says the total cost - including the cost to individuals - will be $23.1 billion over a 10-year period. Further information may be found at http://www.dhs.gov/xnews/releases/pr_1172834392961.shtm and http://www.dhs.gov/xprevprot/laws/gc_1172767635686.shtm

EVIDENCE OBTAINED THROUGH SPYWARE ADMITTED IN OHIO

On February 14th, the District Court for the Southern District of Ohio ruled that evidence obtained in a divorce case through the use of spyware could be admitted. Judge Thomas Rose refused to grant an injunction preventing the evidence from being admitted, noting that the Electronic Communications Privacy Act does not permit courts to disallow such evidence, saying that appeals courts "have concluded that Congress intentionally omitted illegally intercepted electronic communications from the category of cases in which the remedy of suppression is available." Jeffery Havlicek admitted installing monitoring software on the family computer. He also admitted to downloading e-mail from his wife, Amy's, Web-based e-mail account, but claimed it was authorized because she had chosen to save her username and password through the browser's "remember me" feature. Though Rose declined to grant the injunction, he did say that, "disclosure of the information in state court by Jeffery Havlicek or his attorney might be actionable civilly or criminally." He suggested that the "remember me" option probably didn't give Jeffery an implied right to view his wife's e-mail messages. The case may be found on Westlaw – the cite is 2007 WL 539534 (S.D.Ohio) Potter v. Havlicek.

EFF LAWSUIT SEEKS RELEASE OF SECRET SURVEILLANCE ORDERS

On February 27th, the Electronic Frontier Foundation (EFF) filed suit against the Department of Justice, demanding records about secret new court orders that supposedly authorize the government's highly controversial electronic surveillance program that intercepts and analyzes millions of Americans' communications. When press reports forced the White House to acknowledge the program in December of 2005, the administration claimed that the massive program could be conducted without warrants or judicial authorization of any kind. However, in January of this year, Attorney General Alberto Gonzales announced that the Foreign Intelligence Surveillance Court (FISC) had authorized collection of some communications and that the surveillance program would now operate under its approval. EFF's suit comes after the Department of Justice failed to respond to a Freedom of Information Act (FOIA) request for records concerning the purported changes in the program. EFF's suit demands the immediate release of the FISC orders regarding the surveillance program and any FISC rules and guidelines associated with such orders. The FOIA's complaint filed against the Justice Department may be found at http://www.eff.org/flag/oipr/oipr_complaint.pdf

EU WARNS MICROSOFT THERE MAY BE MORE FINES COMING

On March 1st, the European Union issued a formal warning to Microsoft, threatening further penalties against the software giant over its pricing of protocol licenses. The European Commission alleges that Microsoft has failed to adhere to the EC's historic 2004 order, which in part calls for the software giant to share interoperability information with its rivals, at "reasonable and nondiscriminatory" terms, so that their products would work with Microsoft's operating system. "Microsoft has agreed that the main basis for pricing should be whether its protocols are innovative," Neelie Kroes, European Commissioner for Competition, said in a statement. "The Commission's current view is that there is no significant innovation in these protocols. I am, therefore, again obliged to take formal measures to ensure that Microsoft complies with its obligations." Microsoft will have four weeks to respond to the Commission's allegations that its pricing is unreasonable because of a lack of innovation. Should the Commission find Microsoft's response lacking, it could initiate daily fines until the software maker comes into compliance with the March 2004 order. Further information may be found at http://europa.eu/rapid/pressReleasesAction.do?reference=IP/07/269&format=HTM L&aged=0&language=EN&guiLanguage=en

$3 MILLION FROZEN IN CYBER FRAUD CASE

On March 7th, the Securities and Exchange Commission announced that a federal judge had frozen $3 million belonging to an Eastern European cyber-ring in an online stock manipulation case involving seven major brokerages, the largest asset freeze to date in such cases. The ring's members lived in Russia, Latvia, Lithuania and the British Virgin Islands, and profited at least $733,000 from December 2005 to December 2006 in a complex scheme that combined hacking with traditional "pump-and-dump" market manipulation, according to the SEC complaint filed in the U.S. District Court in Washington. Using a technique growing in popularity with cyber-criminals, the hackers apparently simply hacked into victims' trading accounts and bought the shares themselves. The ring's money is in 75 accounts kept by a Raleigh, N.C., securities broker, Pinnacle Capital Markets, in the name of a Latvian bank, JSC Parex Bank, the SEC said. The $3 million represents the profit the hackers allegedly made and the brokerages' loss to reimburse clients. The freeze order issued by District Judge Ricardo M. Urbina is the first step in a legal process to seek recovery of the money and impose civil penalties. Further information may be found at http://www.sec.gov/news/press/2007/2007-33.htm

TRADING HALTED FOR 35 FIRMS WHO SPAM

On March 8th, the Securities and Exchange Commission (SEC) halted trading for 35 companies as part of its "Operation Spamalot," a campaign to block e-mails promoting stocks to unsuspecting investors. The crackdown against investment spam amounts to the biggest such action in the history of the Securities and Exchange Commission. Authorities said the decision to halt trading at 35 penny-stock companies, including a California business that provides computer security services, is merely the first step in a systematic effort to root out the people who sent misleading stock promotions and those who profited from them. Officials selected the 35 companies because they were the subject of repeated spam initiatives or particularly egregious claims about their operations or financial performance. Schonfeld said regulators are trying to assess whether a ring of stock promoters might be responsible for multiple spam messages involving different companies and whether executives at some of the companies may have played a role. Further information may be found at http://www.sec.gov/news/press/2007/2007-34.htm

VONAGE ORDERED TO PAY $58 MILLION TO VERIZON

On March 8th, a federal jury in Alexandria ordered Vonage Holdings, an Internet telephone company, to pay $58 million to Verizon Communications for infringing its patents in a case that raised the possibility that Vonage could be barred from conducting much of its business. Verizon asked the court to issue a permanent injunction preventing Vonage from using the technology for connecting its Internet network to the public telephone system. That order was granted on March 23rd but is not immediately effective and the court will hear arguments for and against staying the order in April. Vonage's phone calls run over high-speed Internet lines and are marketed as a cheap substitute for traditional local phone service, which is a large part of Verizon's business. Vonage argued that Verizon filed the suit in an attempt to stifle competition. In addition to the award for past damages, the jury ordered Vonage to pay future royalties of 5.5 percent for the patented technologies if the company is allowed to continue using them. Verizon filed the suit in 2006, alleging that the Internet challenger had violated five patents, including two related to billing, and asked the court to award triple damages on the grounds that the infringement was willful. The jury ruled that the violation was not willful and awarded Verizon far less than the $197 million it had sought. Vonage has said it will appeal. Further information may be found at http://pr.vonage.com/releasedetail.cfm?ReleaseID=235198

GEORGIA APPEALS COURT UPHOLDS BLOGGER VERDICT

On March 7th, the Court of Appeals of Georgia upheld a libel verdict against a blogger who complained online that his lawyer wouldn't return the $3,000 he had paid the lawyer before hiring another attorney to handle his DUI case. David Milum, the defendant, charged on his website, among many other things, that the lawyer had paid a judge $25,000 for the release of a drug dealer. Attorney Rafe Banks III thereafter sued Milum for libel and won a $50,000 judgment in Forsyth County Superior Court on January 27, 2006, which the appellate court upheld. The decision in Milum v. Banks may be found at http://www.lexisone.com (free registration required).

CONTRACT INSUFFICIENT TO SUE EBAY SELLER

On February 27th, in the Civil Court of the City of New York, Judge Philip S. Straniere ruled that a single eBay transaction between a New York buyer and an out-of-state seller is insufficient to establish personal jurisdiction in a breach of contract action. One sale, "without more, does not constitute sufficient purposeful availment to satisfy the minimum contacts necessary to justify summoning across state lines, to a New York court, the seller of an allegedly non-conforming good," the judge said. Plaintiff Masood H. Sayeedi purchased a "Chevy 350 hi-nickel" engine from Missouri resident Timothy Walser for $1,444. The eBay listing promised a "new" engine, "fresh from the shop" and "built by a pro," according to Sayeedi's complaint. After winning the auction and receiving the engine, Sayeedi took it to UN Auto Repair in Queens, N.Y., where he was charged $1,150 for repairs. According to the mechanic's report, the connecting rod had broken and the camshaft had been damaged. Sayeedi then initiated an action for breach of contract. To determine whether the New York Civil Court Act's long-arm statute conferred jurisdiction over Walser, Straniere applied a two-pronged "minimum contacts" test. The court asked whether Walser either transacted business within New York City or, in the alternative, contracted elsewhere to supply goods in New York "to a degree sufficient to satisfy constitutionally mandated minimum contacts." Straniere answered both factors in the negative, and dismissed the case. The decision in Sayeedi v. Walser may be found at http://www.nylawyer.com/adgifs/decisions/030607straniere.pdf

INTEL MAY HAVE LOST E-MAILS IN AMD CASE

On March 6th, lawyers for Intel said that the company might have lost some internal e-mails that it was required to produce in a lawsuit brought by Advanced Micro Devices (AMD). In a letter to U.S. District Court Judge Joseph Farnan Jr., one of Intel's lawyers revealed that some internal e-mails were missing, despite the company's efforts to preserve documents related to the case. The lawyer blamed the possible loss of e-mails on human error. For instance, when Intel employees were instructed to retain e-mails on their hard drives, some employees did not move e-mails from their sent folder to the hard drives, assuming that the company's e-mail servers would preserve them. Instead, the e-mail servers regularly delete e-mails after a certain amount of time has passed. Other employees wrongly assumed that Intel's IT department was automatically saving their e-mails, while some may not have saved all of their e-mails. In addition, Intel failed to notify hundreds of employees to retain e-mails related to the case. The lawyer said that the allegedly lost e-mails were generated "primarily" after AMD filed suit against Intel on June 27, 2005, but earlier e-mails could not be ruled out as among those missing. AMD's 2005 suit alleges that Intel engaged in anti-competitive practices to bolster a monopolistic position in the PC processor market. AMD claims that Intel coerced 38 hardware manufacturers, including Dell and Sony, into using only Intel processors or discontinuing use or promotion of AMD products. The alleged threats include forcing manufacturers into exclusive relationships, or offering deep discounts or marketing subsidies in exchange for discontinuing the use of AMD products. The suit, filed in U.S. District Court for the District of Delaware, covers Intel operations in North America, Asia, and Europe. Further information may be found here.

HUMAN ERROR CAUSES MOST DATA LOSS

A new report from the IT Policy Compliance Group says that humans account for three-quarters of incidents where sensitive data is lost. The report says a fifth of organizations are hit by 22 or more sensitive data losses a year, with customer, financial, corporate, employee and IT security data lost because it is stolen, leaked or destroyed. It states that user error is responsible for half of all sensitive data losses, with policy violations, deliberate or accidental, accounting for another 25 percent. The report also notes that businesses are seeing an 8 percent loss of revenue and a similar loss of customers in the wake of publicly reported data breaches, while notifying customers and restoring data costs another $73 per customer record. Further information may be found at http://www.itpolicycompliance.com/research_reports/data_protection/read.asp?ID=9

VIACOM SUES GOOGLE AND YOUTUBE FOR $1 BILLION

On March 13th, Viacom sued Google and its subsidiary, YouTube, for $1 billion claiming that they were guilty of copyright infringement. The suit was filed in the U.S. District Court for the Southern District of New York, and alleges that almost 160,000 unauthorized clips of Viacom's programming have been available on YouTube and that these clips had been viewed more than 1.5 billion times. In addition to damages, Viacom said it wants an injunction prohibiting Google and YouTube from further copyright infringement. Further information may be found at http://www.viacom.com/view_release.jhtml?inID=10000040&inReleaseID=227614

COURTS WILL RELEASE TRIAL TAPES ONLINE

The federal judiciary has approved a pilot program to make free audio recordings of court proceedings available online. Although a court's participation in the program is voluntary, U.S. District Judge Thomas F. Hogan, the executive committee chairman of the policy-making Judicial Conference, said he ultimately expects the system to be widely used. News organizations and open-government groups applauded the decision, which will allow the files to be played on television and radio and posted on Internet news sites and blogs. At present, recording devices and cameras are prohibited in all federal courtrooms. However, in some high-profile cases, the Supreme Court releases audio recordings of oral arguments. Some federal trial courts, such as the one in Philadelphia, sell daily audio recordings of hearings. The pilot program, set to launch in the next few months, would put those recordings on the court's electronic records database for download. Judges will have discretion over when to turn the recorder off, such as during an FBI informant's testimony or when a rape victim takes the stand. Further information may be found at http://www.firstamendmentcenter.org/news.aspx?id=18306

MORGAN STANLEY DECISION REVERSED

On March 21st, Morgan Stanley won a reversal of the $1.58 billion verdict given to billionaire Ron Perelman for misleading him in a deal to sell Coleman Co. to Sunbeam Corp. The Florida Court of Appeal in West Palm Beach ruled that Perelman failed to prove his entitlement to damages in the original trial. The latest decision will be appealed in a case that could end up in the Florida Supreme Court. Perelman, the chairman of cosmetics giant Revlon Inc., accused Morgan Stanley of conspiring with client Sunbeam to mislead him about the company's financial health. Because of this, he sold camping supplies maker Coleman Co. to Sunbeam in 1988 - months before Sunbeam restated earnings and ahead of its 2001 bankruptcy. After the 2-1 vote, Judge Carole Y. Taylor wrote in her opinion that because there was no proof at trial on the correct measure of damages, the final judgment for compensatory damages should be reversed. Further information may be found at http://www.abcnews.go.com/Business/wireStory?id=2970910

SO WHAT'S YOUR IDENTITY WORTH?

According to the latest Internet security threat report from Symantec, the going rate for the keys to assuming someone else's identity cost between $14 and $18 per victim on underground cyber crime forums. Full identities typically include Social Security numbers, the victim's bank account information (including passwords), as well as personal information such as date of birth and the maiden name of the victim's mother. Symantec engineers monitored more than 330 different underground Internet servers used by criminals as bazaars for stolen consumer data. During the latter half of 2006, the company observed nearly 5,000 credit cards being traded and sold on the online black market. More than half of the Internet servers monitored by the company were located on computers or networks here in the United States. Further information may be found at http://www.symantec.com/about/news/release/article.jsp?prid=20070319_01

JUDGE RULES AGAINST COPA

On March 22nd, U.S. District Judge Lowell Reed Jr. ruled against a 1998 U.S. law that makes it a crime for operators of Internet sites to let anyone under the age of 17 to have access to sexual material, rebuffing the government's argument that software filters are ineffective and upholding earlier rulings that the law infringed on free-speech rights. The Philadelphia judge found that the Child Online Protection Act would not be effective in protecting children from online pornography, and that parents could shield their children by using software filters and other, less restrictive means that do not curtail adults' rights to free speech. Government attorneys are reviewing the decision and have not decided whether to appeal. Further information may be found at http://www.aclu.org/freespeech/internet/29138prs20070322.html

DEFAMATION SUIT AGAINST GOOGLE THROWN OUT

On March 20th, it was reported that Judge Jeremy Fogel of the U.S. District Court for the Northern District of California had dismissed a lawsuit against Google by parenting information site KinderStart and allowed Google to seek reimbursement of legal fees. The suit challenged the fairness of how Google calculates the popularity of Web sites in determining search results. The judge also imposed yet-to-be-determined sanctions on KinderStart legal counsel Gregory Yu for making unsupported allegations against Google. KinderStart sued Google in March 2006 alleging the Mountain View, California-based Internet company had defamed the site by cutting it from its Web search ranking system. The Norwalk, Connecticut-based company, which features links to information about raising children, accused Google of violations of antitrust, free speech, unfair competition and defamation and libel laws. In its suit, the company argued its site's sudden demotion in March 2005 to a "zero" ranking in Google's search system had severely harmed its business. The judge said that, "KinderStart had failed to explain how Google caused injury to it by a provably false statement ... as distinguished from an unfavorable opinion about KinderStart.com's importance." Further information may be found at http://www.pcworld.com/article/id,130070-c,legalissues/article.html

EFF GOES AFTER VIACOM FOR REMOVAL OF PARODY

On March 22nd, the Electronic Frontier Foundation (EFF) asked a federal court to protect the free speech rights of MoveOn.org Civic Action and Brave New Films after their satirical send-up of "The Colbert Report" was removed from YouTube following a copyright complaint from media giant Viacom. The video, called "Stop the Falsiness," was created by MoveOn and Brave New Films as a tongue-in-cheek commentary on Colbert's portrayal of the right-wing media and parodying MoveOn's own reputation for earnest political activism. The short film, uploaded to YouTube in August 2006, includes clips from "The Colbert Report" as well as humorous original interviews about show host Stephen Colbert. In March of this year, Viacom, the parent company of Comedy Central, demanded that YouTube take "Stop the Falsiness" down, claiming the video infringed its copyrights. "Our clients' video is an act of free speech and a fair use of 'Colbert Report' clips," said EFF Staff Attorney Corynne McSherry. "Viacom knows this -- it's the same kind of fair use that 'The Colbert Report' and 'The Daily Show' rely upon every night as they parody other channels' news coverage." Under the Digital Millennium Copyright Act (DMCA), a mere allegation of copyright infringement on the Internet can result in content removal, silencing a creator before any misuse is proven. The lawsuit asks for a declaratory judgment that "Stop the Falsiness" does not infringe any Viacom copyright, as well as damages and injunctive relief restraining Viacom from bringing any more copyright claims in connection with the video. Further information may be found at http://www.eff.org/news/archives/2007_03.php#005176