Stay current by reading recent court decisions: a father's consent to search son's password-protected computer, MySpace help in catching sex offenders, Google working with state governments' public records, copyright infringement and online music sharing and a case of the White House spy.

MICROSOFT v. AT&T: DOES U.S. PATENT LAW APPLY TO EXPORTED SOFTWARE?

On April 30, 2007, in a 7-1 decision, the U.S. Supreme Court decided whether U.S. patent law applied to software exported overseas. Microsoft sends foreign manufacturers a master version of Windows, which the manufacturers then copy and install onto computers manufactured and sold abroad. Specifically at issue in this case was whether software could be considered a "component" of a patented invention under 35 U.S.C. § 271(f). Also at issue was whether Microsoft violated the same statute because it "supplied" a "component" of a patented invention with the intent that it be "combined" with other components overseas in a way that would be illegal if done in the United States. The Court determined that, because Microsoft does not export the copy of Windows installed on the foreign-made computers from the United States, Microsoft does not "supply . . . from the United States" "components" of those computers, and therefore is not liable under §271(f) as currently written. The full opinion may be found here.

---

CAN SOMEONE ELSE LET THE POLICE SEARCH YOUR COMPUTER?

An April 24th decision by the 10th Circuit has received a lot of press. Here are the facts: Homeland Security agents obtained permission from the defendant’s elderly father, who lived in the same house, to search his son’s computer for contraband. Although the defendant was not home when the officers arrived, his room was unlocked and the door was ajar. After receiving consent from the defendant’s father, the officers searched his computer using EnCase forensic software, which allowed them to bypass any password protections. Although the defendant’s computer was password protected, the officers did not check to see if the computer was in fact password protected prior to conducting the search. The 10th Circuit upheld the defendant’s conviction finding that the defendant’s father had the authority to consent to a search of his son’s computer. The court determined that the officers reasonably believed that the father had the authority to consent to the search and were not required to inquire further as to whether or not the father actually had access to the computer or its contents. The court’s full opinion may be found here.

---

PATENT REFORM ACT OF 2007: WHAT CHANGES WILL IT MAKE?

 In late April, a bipartisan group from the Senate and the House introduced identical patent-reform legislation that many believe has a good chance of passing. The Patent Reform Act of 2007 attempts to streamline the patent process by providing for a post-grant review proceeding and switching to a first-to-file system. The new post-grant proceeding would allow anyone to seek the cancellation of an issued patent within twelve months of its issuance; or a party may petition for cancellation at any time if the party can establish that the continuing existence of the patent causes that party significant economic harm. Petitions must be in writing and include copies of patents and prior publications relied upon by the petitioner. The newly created Patent Trial and Appeal Board would determine whether the petition raised "sufficient grounds" to challenge the patent. An important aspect of the post-grant proceeding is that the statutory presumption of validity attributed to a patent during litigation would not apply in the post-grant proceeding, which will make it easier for poor quality issued patents to be invalidated. However, if a party loses a petition to cancel, that party would be precluded in subsequent litigation from asserting the invalidity of the patent claim "on any ground which the cancellation petitioner raised during the post-grant review proceeding." In addition, the Act would switch the United States to a first-to-file patent system that is followed by nearly all foreign countries. Under the proposed system, the first person to file a patent application for a claimed invention is entitled to any patent rights. The text of the proposed Senate bill may be found by searching for S.1145 at http://thomas.loc.gov and the House bill may be found by searching for H.R.1908 here.

---

OBAMA TAKES BACK HIS "MYSPACE"

Joe Anthony, a paralegal from Los Angeles, began running the Barack Obama MySpace page about two and one-half years ago. At first, that arrangement was fine with the Obama Campaign, which worked with Anthony on the content, promoted the link and even had the password to make changes. As the site became more popular, the campaign became concerned about an outsider controlling the content, and it told Anthony it wanted him to turn it over; however, Anthony refused and asked to be compensated for his work. MySpace reluctantly stepped in to settle the dispute and decided that Obama should have the right to control http://www.myspace.com/barackobama. MySpace also decided that Anthony had the right to take all the friends who signed up while he was in control. Anthony wrote on his MySpace blog that he was heartbroken that the Obama campaign was "bullying" him out of the page he built. He initially said the candidate lost his vote, but Obama may have begun to win it back after a phone call that Anthony called a great honor. Anthony said he was so nervous that he doesn't remember exactly what Obama said, but the candidate expressed his appreciation and they agreed everyone learned a lesson in this case. Anthony’s blog regarding the incident may be found here. Obama’s campaign blog regarding the incident may be found at here.

---

GOOGLE HELPS STATES MAKE PUBLIC RECORDS MORE ACCESSIBLE

By providing free consulting and software, Google is helping state governments make reams of public records that are now unavailable or hard to find online easily accessible. The Internet search company hopes to eventually persuade federal agencies to employ the same tools, an effort that excites advocates of open government but worries some consumer privacy experts. Google has announced that it has already partnered with four states — Arizona, California, Utah and Virginia — to remove technical barriers that had prevented its search engine, as well as those of Microsoft and Yahoo, from accessing tens of thousands of public records dealing with education, real estate, health care and the environment. These newly available records will not be exclusive to the search engines owned by Google, Yahoo and Microsoft. Despite the obvious benefits of this Google initiative for those conducting Web searches, privacy advocates said they are worried about unintended consequences, cautioning that some records may contain personal and confidential information that should not be widely available. Google’s press release regarding its efforts can be found here.

---

COURT ORDERS UNIVERSITY TO HAND OVER STUDENT IDS TO RIAA

As many as 53 University of Wisconsin-Madison students could face lawsuits by the music recording industry after a federal judge, on April 25th, ordered the university to surrender their names and other information for sharing digital music files over the Internet. The day before, sixteen record companies represented by the Recording Industry Association of America filed a lawsuit in U.S. District Court seeking the names associated with 53 Internet connections presumably associated with copyright infringement. The judge signed an order requiring UW-Madison to relinquish the names, addresses, telephone numbers, e-mail addresses and Media Access Control (MAC) addresses for each of the 53 individuals. The lawsuit and decision came as no surprise to the university, which last month declined to send out "settlement letters" from the RIAA to alleged copyright violators among UW-Madison students. The RIAA's "John Doe" lawsuit asks that users associated with the 53 IP (Internet Protocol) addresses - a series of numbers given to a computer connection on the Internet - be turned over to the record companies named in the lawsuit. John Doe lawsuits are a routine step that the RIAA takes to learn the identities of those whom it suspects of illegally sharing copyrighted music over the Internet. Generally, RIAA investigators monitor peer-to-peer file-sharing networks and take down the IP addresses of those who are sharing files. The RIAA used to directly subpoena the names of those subscribers from Internet service providers, but in 2003 an appeals court ruled that such information could only be obtained under the supervision of a judge. That led to the use of John Doe lawsuits. Most of the more than 30 file sharing lawsuits heard in the federal court in Madison have ended in default judgments or stipulated settlements. Judgments have ranged between $5,000 and $15,000. The university’s press release can be found here.

---

TECHNOLOGY HELPS CATCH WHITE HOUSE SPY

Leandro Aragoncillo, an FBI intelligence analyst and a career Marine who had served under two vice presidents in the White House, was stealing information in an attempt to foster a political coup in the Philippines, his home country. On the morning of August 5th, 2005 and after nearly four years of espionage, federal agents watched him at his desk, via video surveillance, as he downloaded a classified document, copied it onto a disc and dropped it into a bag beside his desk. A little more than a month later, federal agents executed search warrants on the houses of Aragoncillo and his U.S.-based conspirator, Michael Ray Aquino, a resident of the Philippines who was in the country on a visa. Both men were arrested that day after agents found more than 736 classified documents between the two homes. As of May, 2007, both Aragoncillo and Aquino have pleaded guilty and are awaiting sentencing this summer in U.S. District Court in Newark, N.J. Aragoncillo faces a maximum of 15 to 20 years based on his plea agreement. Technology played a major role in helping the government build a strong case against Aragoncillo and Aquino. The e-mails sent, the phone calls made and the stolen information that one man actually archived on a set of CDs like a catalogue of wrong-doing all left a digital trail that was their ultimate undoing. The government first began investigating Aragoncillo when Aquino, was arrested in March of 2005 for overstaying his tourist visa, and Aragoncillo went to the U.S. Immigration and Customs Enforcement office and vouched for Aquino, identifying himself as an FBI employee. Immigration agents thought it was odd and reported it to the FBI, which soon began to take a look at the computer queries Aragoncillo had been running. Since his queries were unrelated to Aragoncillo’s job, the FBI began to look deeper. The government reported that investigators then found a discarded e-mail on his FBI account that referred to Hotmail accounts, a Yahoo account and an alias. After obtaining court orders, the government was able to have Hotmail and Yahoo begin collecting the e-mail addresses of his co-conspirators. In addition, that led them to IP addresses and then actual physical addresses. Aragoncillo pleaded guilty last spring. Aquino also cut a deal. Charges have not been brought against the other conspirators but the investigation continues. The prosecutor filed a classified brief to the court outlining what the government says is the damage done to the United States in the four years of espionage that touched two governments, several federal agencies and even the White House. The indictment filed against Aragoncillo may be found here.

---

AMAZON AND IBM SETTLE PATENT INFRINGMENT SUITS

On May 8th, online retailer Amazon.com and IBM settled all their patent-infringement lawsuits and signed a long-term patent cross-license agreement. Under the deal, Amazon.com will pay IBM an undisclosed amount of money, and each company will let the other use some of its technology. In October 2006, IBM accused Amazon.com of infringing upon five patents related to how the site recommends products to customers, advertises and stores data. In December, Amazon.com countersued, denying the allegations and charging IBM with violating five of Amazon's patents for ventures including IBM's WebSphere business software. A brief press release issued by both companies may be found here.

---

UNION SUES TSA OVER SECURITY BREACH

The American Federation of Government Employees (AFGE) claims that the agency responsible for securing the nation’s airports violated union guidelines and federal law, which mandates a security system to be in place restricting the unauthorized release of personal data. The TSA announced in May that it had lost an external hard drive containing the personal and financial information of 100,000 current and former employees. The hard drive was found missing from a controlled area at the TSA Headquarters Office of Human Capital on May 3, 2007. The union contends the data loss is a breach of the Privacy Act of 1974 and the Aviation and Transportation Security Act, according to an advisory on the union's Web site. The suit is seeking to force the TSA to implement monitoring and encryption technology for use in mobile devices. The union is also asking for the TSA to allow workers to receive paid leave should they need to address issues caused by identity theft. The union’s press release may be found here.

---

MYSPACE TURNS OVER NAMES OF SEX OFFENDERS

On May 23rd, it was announced that MySpace had turned over the names, IP addresses, and e-mail addresses of 245 sex offenders found on its social networking website to North Carolina Attorney General Roy Cooper. North Carolina is one of several states that requested information about sex offenders from MySpace. Cooper announced that he expects to receive additional information including a list of over 7,000 sex offenders registered on MySpace throughout the country as well as details on what MySpace is doing to remove sex offenders from its site and warning other users that may have been contacted by the offenders. Cooper has already shared the information he received with law enforcement and probation officials. The press release by Roy Cooper may be found here.

---

DEPARTMENT OF HOMELAND SECURITY PROVIDES REAL ID DETAILS

In early May, the Department of Homeland Security announced draft regulations in the form of a Notice of Proposed Rulemaking to establish minimum standards for state-issued driver’s licenses and identification cards in accordance with the REAL ID Act of 2005. The 162 page document outlines not only the required security features the cards must incorporate but also the timeframe the states must meet under the Act. The Real ID cards must include all drivers' home addresses and other personal information printed on the front and in a two-dimensional barcode on the back. The barcode will not be encrypted because of "operational complexity," which means that businesses like bars and banks that require ID would be capable of scanning and recording customers' home addresses. A radio frequency identification (RFID) tag is under consideration. Homeland Security is asking for input on how the licenses could incorporate RFID-enabled vicinity chip technology, in addition to the two-dimensional barcode requirement. States must submit a plan of how they'll comply with the Real ID Act by October 7, 2007. If they don't, their residents will not be able to use IDs to board planes or enter federal buildings starting on May 11, 2008. Homeland Security is also considering standardizing a unique design or color for Real ID licenses, which would effectively create a uniform national ID card. In addition to providing details about how to comply with the Act, the draft regulation will also provide states with a more accurate estimate of how much it will cost. However, the draft regulations are not final and will be subject to a public comment period. The full document may be found here.

---

COMPANIES ALREADY USING NEW SUPREME COURT PATENT RULING

On April 30, 2007, the Supreme Court handed down the decision in KRS International v. Teleflex. The decision was published along with another influential patent case, Microsoft v. AT&T. The combined effect of these decisions will likely weaken the protection given to patent holders, making it more difficult to get a patent and easier to challenge existing ones. KSR International v. Teleflex is a far-reaching ruling and the decision sends a clear message that the U.S. Patent and Trademark Office and lower courts must be more open in considering whether inventions are obvious, a common ground for denying an application. The disputed patent in the KSR case was held by Teleflex and involved an adjustable gas pedal that combined two established elements, the pedal and an electronic sensor. However, KSR, a Canadian company, challenged the patent. Although the lower court agreed with KRS, the Court of Appeals for the Federal Circuit reversed the decision in favor of KRS. The Supreme Court reversed and remanded the Court of Appeal’s decision because it concluded that the appeals court had applied the standards too rigidly and that such rigid rules deprive prior invention of their utility. Companies such as Vonage are wasting no time using the new ruling in their own patent litigation. On May 1, 2007, only one day after the decision, Vonage asked the Federal Circuit to vacate and remand the U.S. District Court's decision finding that Vonage infringed on certain Verizon technology. Vonage has asked the appeals court to send the decision back to the lower court to retry the case based on the new test for determining when an invention is too obvious to warrant patent protection. Although the court denied Vonage’s request, Vonage will have the decision to rely upon during the appeals process. View the full Supreme Court decision and Vonage’s press release.

---

THINK TANK WARNS CONSUMERS ABOUT IRS PROPOSAL

On May 4th, the Center for Democracy and Technology (CDT) issued a warning to consumers regarding a proposal in the President's 2008 budget that would require Internet businesses such as eBay and Amazon.com to collect personal data on their customers and share it with the Internal Revenue Service. The move is part of an effort by the U.S. Treasury Department to track down unreported small-business income generated by the sale of personal property on such sites. Under the proposal, online "brokers" would be required to file income statements for all customers who use their sites to conduct 100 or more separate transactions that generate $5,000 or more per year. Among the information the brokers would be required to collect would be customers' names, addresses, and taxpayer identification numbers or Social Security numbers. The proposal would be effective for sales of property on or after January 1, 2008. The biggest concern with the proposed legislation is that it could lead to a vast collection of Social Security numbers and other personal data by a lot of different commercial entities on the Web. According to the CDT, creating and maintaining such a database would not only be costly and burdensome to smaller business and private entrepreneurs but the database would also be costly to protect which might leave many consumers open to the threat of identity theft. CDT’s full statement may be found here.

---

BOUCHER INTRODUCES A BILL TO PROTECT BLOGGERS

On May 2, 2007, Representative Rick Boucher (D-Va) introduced the Free Flow of Information Act of 2007. The Act gives a more expansive definition to the concept of a "covered person" under the law than any of Congress' previous attempts at so-called reporter's shield legislation. While earlier versions based protection on ties to specific media institutions that publish newspapers, books, magazines and periodicals in print or electronic form, the new bill offers protection to anyone engaged in journalism. The bill defines journalism as "gathering, preparing, collecting, photographing, recording, writing, editing, reporting or publishing of news or information that concerns local, national or international events or other matters of public interest for dissemination to the public." Boucher claims that, although the language of the bill is broad, it is carefully constructed to protect bloggers who are regularly involved in newsgathering and reporting within the scope of that definition. View the full text of the bill and Boucher’s statement regarding the legislation may be found here

---

SURVEY SAYS COMPANIES ARE NOT PREPARED TO HANDLE DATA BREACHES

 A survey by the Ponemon Institute of more than 600 IT and security managers in midsize to large businesses shows that while companies increasingly are being hit with security and data breaches, most are lagging when it comes to implementing the proper policies and controls to prepare for and mitigate the legal, regulatory, and financial risks associated with a security failure. According to the survey, around 85% of IT and security managers say they've suffered a data breach, but less than half have a plan of action in place for when it happens again. In addition, nearly 60 percent of US-based businesses and government agencies feel they are unable to effectively assess insider threats within the company, which leaves them open to data breaches and fraud. The survey also shows that of those who suffered a data breach, 74% reported a loss of customers; 59% faced potential litigation; 33% faced potential fines, and 32% experienced a decline in share value. Although the responsibility to protect against breaches is shared within a company, the survey showed that this necessary collaboration is very weak with 42 percent of respondents saying that collaboration rarely occurs and 23 percent saying that it never occurs. The chairman of Ponemon stated that the results pointed to a number of barriers that are preventing companies from effectively combating and coping with data breaches. View Ponemon’s press release, and the full report.