New Guidelines To Deal With SPAM

This article discusses new guidelines released by The Messaging Anti-Abuse Working Group (MAAWG) intended to reduce spam. According to the article, the new guidelines (which do not appear to be available online) recommend that ISPs use separate servers for received and forwarded e-mails, and that they block port 25, through which spam travels. Even if the guidelines were successfully adopted, though, there's no indication that they would be successful. Still, this might be a start.

Texas AG Settles With EZCORP Over Identity Theft

The Texas Attorney General's Office announced a settlement yesterday with EZCORP over the company's failure to adequately safeguard customer's personal information. Apparently, the company had simply dumped 483 customer records laden with social security numbers and other highly sensitive information in the trash. The AG's office filed suit under Texas Business & Comm. Code Section 48-102, claiming the company had failed to implement "reasonable procedures" to safeguard customers personal information. The AG's website includes a picture of a credit application that was found in the trash.

Web Site Liability For Third Party Content

The question of when a website owner becomes liable for content posted by third parties has been around for some time. As far back as 1997, the Courts were already dealing with this issue (See Zeran v. AOL). In the past several months a number of new opinions on this issue have appeared. In May of this year, the 9th Circuit case Fair Housing Council v. Roommates.com tackled the issue of whether an online roommate matching website should be held liable for violation of the federal housing discrimination laws, since certain postings discriminated against particular groups. The Court held that the website could be held liable because it used drop-down menus to limit users' choice as to the content of their listing. As a result, the safeharbor provisions of the Communications Deceny Act (CDA) did not apply. On the other hand, in March of this year, the 7th Circuit in Chicago Lawyer's Committee v. Craigslist found Craigslist immune under the CDA for user posted listings which likewise discriminated against certain groups. The distinction between the two rulings appears to be that once a website operator takes an active involvement in the generation of content (as was the case in the Fair Housing decision), the safeharbor provisions of the CDA no longer apply.

Suing For Identity Theft Using RICO

Check out this National Law Journal article, "RICO And Data Thieves" (subscription). Historically, data theft has been largely prosecuted using the Computer Fraud and Abuse Act (CFAA). The author, Nick Akerman, suggests that filing suit under the Racketeer Influenced and Currupt Organizations (RICO) statute might have some advantages. As the author points out, RICO, unlike the CFAA, provides for treble damages and attorney fees.

The Ethics of Viewing Metadata

The controversy over whether an attorney is permitted to view the metadata of documents they receive from opposing counsel has been ongoing for some time. A number of jurisdictions--including Florida (Ethics Opinion 06-2) and New York (Ethics Opinion 749)--prohibit an attorney from making use of the metadata. The ABA (Ethics Opinion 06-442), on the other hand, permits it. Boris Reznikov recently published this excellent article on the current state of the legal ethics debate on metadata.

Do Data Breach Laws Reduce Identity Theft?

A new working paper entitled "Do Data Breach Laws Reduce Identity Theft?" (Carnegie Mellon University) analyzes the effect of data breach laws on the presence of identity theft. Although the authors acknowlege limitations to their study, they conclude that they found no statistically significant effect that data breach laws reduce identity theft. This is one more indication that an effective approach to tackling the problem of identity theft requires more than enacting legislation alone.

New York Internet Sales Tax Setting A Trend?

A highly controversial New York law recently went into effect. Under the new law (Chapter 57, Laws 2008, Part KK-1), New York becomes the first state to require internet sales companies to collect sales tax. Will this new law set a trend for other states? According to this National Law Journal article (subscription), legislators in Colorado, Florida, Illinois, Kansas and Minnesota are also considering passing similar laws. For a fuller explanation of the law, see this technical bulletin. A number of retailers--Amazon.com and Overstock.com--have already filed suit. See Overstock's Complaint here.

Vulnerabilities of Printers and Copiers

This AP article, quoting the European Network and Information Security Agency, warns that printers and copiers could be the weak link in a company's cyber defense program. For more on this, see this post by Bruce Schneier responding to a presentation by Brendan O'Connor.