tag:blogger.com,1999:blog-270607572024-02-20T19:00:54.630-05:00Technology Law BlogA discussion of current developments in technology lawBill McComashttp://www.blogger.com/profile/07670814671308040514noreply@blogger.comBlogger99125tag:blogger.com,1999:blog-27060757.post-41979349729790649662008-10-24T15:54:00.002-04:002008-10-24T16:00:06.797-04:00New Report On Identity TheftUS AG, Michael B. Mukasey, and FTC Chairman William Kovacic recently announced the publication of <a href="http://www.idtheft.gov/reports/IDTReport2008.pdf">a new report</a> on identity theft. In April of '07, the President's Identity Theft Task Force published a <a href="http://www.idtheft.gov/reports/StrategicPlan.pdf">strategic plan</a>, listing 31 recommendations, for combating identity theft. This new report details the steps the government has taken to accomplish the recommendations set out in the original report.Bill McComashttp://www.blogger.com/profile/07670814671308040514noreply@blogger.com0tag:blogger.com,1999:blog-27060757.post-1312783112116282572008-10-03T15:26:00.002-04:002008-10-03T15:33:09.747-04:00Net Neutrality As An Anitrust IssueI recently came across <a href="http://www.ft.com/cms/s/0/bac78ca4-8ee8-11dd-946c-0000779fd18c.html?nclick_check=1">this article</a> discussing the <a href="http://technologylawblog.blogspot.com/2008/08/ftcs-ruling-on-net-neutrality.html">FCC's Comcast ruling</a>. The article, which references <a href="http://www.reg-markets.org/publications/abstract.php?pid=1171">a journal article</a> written by Cornell professor Alfred Kahn, suggests that the issue of net neutrality should best be dealt with by the antitrust courts.Bill McComashttp://www.blogger.com/profile/07670814671308040514noreply@blogger.com0tag:blogger.com,1999:blog-27060757.post-67637468123941710422008-09-19T16:00:00.004-04:002008-10-03T15:02:08.883-04:00VA Spam Law OverturnedThe Virginia Supreme Court <a href="http://voices.washingtonpost.com/securityfix/2008/09/virginia_anti-spam_law_overtur.html?hpid=news-col-blogs">recently ruled</a> that the state's anti-spam law is unconstitutional. The <a href="http://www.spamsuite.com/node/423">Court</a> wrote that: "the statute is unconstitutionally overbroad on its face because it prohibits the anonymous transmission of all unsolicited bulk e-mails including those containing political, religious or other speech protected by the First Amendment to the United States Constitution." See this <a href="http://www.washingtonpost.com/wp-dyn/content/article/2008/09/12/AR2008091201211.html?hpid=topnews">Washington Post article</a> for more.Bill McComashttp://www.blogger.com/profile/07670814671308040514noreply@blogger.com0tag:blogger.com,1999:blog-27060757.post-11123527717206471102008-09-12T15:42:00.002-04:002008-09-12T15:48:30.209-04:00Compliance With The Red Flag RulesThis <a href="http://washington.bizjournals.com/boston/stories/2008/09/08/daily26.html">article</a> reports that less than-third of US banks will be compliant with the <a href="http://www.fdic.gov/news/board/07Oct16nine.pdf">Red Flag rules</a> by the November 1 deadline. All told, U.S. financial institutions are expected to spend more than $200 million on compliance with the rules. For more on the Red Flag rules, see <a href="http://technologylawblog.blogspot.com/search?q=red+flag">these posts</a>.Bill McComashttp://www.blogger.com/profile/07670814671308040514noreply@blogger.com0tag:blogger.com,1999:blog-27060757.post-35774408392634270662008-09-05T16:18:00.001-04:002008-09-05T16:21:50.084-04:00Comcast Appeals FCC DecisionFollowing on a <a href="http://technologylawblog.blogspot.com/2008/08/ftcs-ruling-on-net-neutrality.html">previous post</a>, Comcast yesterday <a href="http://online.wsj.com/article/SB122055137368500197.html?mod=googlenews_wsj">appealed</a> the FCC ruling that it violated the Agency's net-neutrality principles. Take a look at the <a href="http://blog.wired.com/27bstroke6/files/comcastappeals.pdf">petition for review</a> filed with the US Court of Appeals for the DC Circuit.Bill McComashttp://www.blogger.com/profile/07670814671308040514noreply@blogger.com0tag:blogger.com,1999:blog-27060757.post-7839960657132202202008-08-26T16:58:00.003-04:002008-08-26T17:07:25.668-04:00ABA Issues Outsourcing Ethics OpinionJust <a href="http://www.abanet.org/abanet/media/release/news_release.cfm?releaseid=435">yesteday</a>, the ABA issued Ethics Opinion opinion 08-451 (not available online) dealing with the outsourcing of legal services. In brief, the Opinion permits outsourcing assuming both the attorney and the outsourcees adhere to certain standards of ethics and competence. See this <a href="http://www.abajournal.com/news/aba_ethics_group_oks_outsourcing_but_nixes_at_least_some_fee_mark_ups/#When:19:12:01Z">ABA Journal article</a> as well as this <a href="http://www.mddailyrecord.com/article.cfm?id=8393&type=UTTM">Daily Record article</a> (subscription) for more.Bill McComashttp://www.blogger.com/profile/07670814671308040514noreply@blogger.com0tag:blogger.com,1999:blog-27060757.post-48652996612055348382008-08-22T14:52:00.005-04:002008-08-22T15:28:38.826-04:00FCC's Ruling On Net NeutralityFollowing on <a href="http://technologylawblog.blogspot.com/2008/08/fcc-rules-on-net-neutrality.html">my post</a> from a little while back, the FCC finally published their <a href="http://hraunfoss.fcc.gov/edocs_public/attachmatch/FCC-08-183A1.pdf">Order</a> regarding Comcast's violation of the Agency's net neutrality principles. The Order <a href="http://www.bizjournals.com/baltimore/stories/2008/08/18/daily33.html?ana=e_du">gives Comcast</a> 30 days to disclose their method for managing internet traffic.Bill McComashttp://www.blogger.com/profile/07670814671308040514noreply@blogger.com0tag:blogger.com,1999:blog-27060757.post-16015102522342804372008-08-11T16:29:00.004-04:002008-08-12T14:36:09.206-04:00ID Theft Ring UncoveredProsecutors <a href="http://www.ktnv.com/Global/story.asp?S=8799776">announced</a> that they have uncovered the identities of the thieves behind the T.J. Max, Barnes & Noble, and The Sports Authority identity theft cases. The case, which involves 11 people, is being dubbed the largest identity theft case ever prosecuted. The thieves reportedly stole 40 million confidential records. <a href="http://www.pcworld.com/article/149485/massive_identity_theft_exposes_troubling_trend.html">Investigators say</a> the suspects obtained their information largely through hacking into wireless networks. See <a href="http://news.technology.findlaw.com/hdocs/docs/cyberlaw/080508indictment.html">here</a> for a copy of the indictment.Bill McComashttp://www.blogger.com/profile/07670814671308040514noreply@blogger.com0tag:blogger.com,1999:blog-27060757.post-214047971442454992008-08-05T15:01:00.004-04:002008-08-05T15:17:07.643-04:00New Copyright Suit Against YouTubeYouTube now faces a <a href="http://money.cnn.com/news/newsfeeds/articles/djf500/200807301025DOWJONESDJONLINE000654_FORTUNE5.htm">new copyright suit</a>. Italian media company Mediaset has sued YouTube, alleging the video-sharing website unlawfully made use of thousands of copyrighted video clips. This latest suit comes after a similar suit by Viacom for $1 billion.Bill McComashttp://www.blogger.com/profile/07670814671308040514noreply@blogger.com0tag:blogger.com,1999:blog-27060757.post-22813947173614369932008-08-01T14:12:00.006-04:002008-08-01T15:50:11.511-04:00FCC Rules On Net NeutralityThe FCC <a href="http://hraunfoss.fcc.gov/edocs_public/attachmatch/DOC-284286A1.pdf">issued</a> its much anticipated ruling today on <a href="http://online.wsj.com/article/SB121760649709704897.html?mod=googlenews_wsj">net-neutrality</a>, alleging that Comcast interfered with the free nature of the web when it wrongly slowed some of its customers' Internet traffic. Consumer groups had initially <a href="http://www.publicknowledge.org/pdf/fp_pk_comcast_complaint.pdf">sued</a> Comcast but then later <a href="http://www.publicknowledge.org/pdf/fp_et_al_nn_declaratory_ruling.pdf">asked the FCC</a> for a declaratory ruling on the matter. The FCC's opinion effectively changes the playing field by making the US government a regulator of the internet. The FCC's Memorandum Opinion and Order (FCC 08-183) is not yet available online.Bill McComashttp://www.blogger.com/profile/07670814671308040514noreply@blogger.com0tag:blogger.com,1999:blog-27060757.post-6517551078279041802008-07-29T17:08:00.001-04:002008-07-29T17:11:58.129-04:00Identity Theft Monitoring ServicesMany companies offer these services as additional protection for identity theft. Are they worth purchasing? Are they effective? Privacy Rights Clearinghouse recently published <a href="http://www.privacyrights.org/fs/fs33-CreditMonitoring.htm">this new guide</a>: "Straight Talk about Identity Theft Monitoring Services."Bill McComashttp://www.blogger.com/profile/07670814671308040514noreply@blogger.com0tag:blogger.com,1999:blog-27060757.post-73462702620132685662008-07-24T16:49:00.004-04:002008-07-24T17:03:27.842-04:00Unsolicited Text Message Suit Given Go AheadTMobile's <a href="http://www.foxbusiness.com/story/markets/industries/telecom/hagens-berman-t-mobile-loses-important-battle-cell-phone-text-messaging-case/">attempt to dismiss</a> a class action suit filed by disgruntled TMobile users has been dismissed. The suit, <a href="http://classactiondefense.jmbm.com/zald_class_action_defense_ord.pdf"><em>Zaldivar v. T-Mobile USA</em></a>, alleges that TMobile forces cell phone users to pay for unsolicited text messages. Filed on July 15 in the Federal District Court for the Western District of Washington state, the suit <a href="http://classactiondefense.jmbm.com/2008/07/tmobile_class_action_defense_c.html">alleges</a> breach of contract, unjust enrichment, and violations of <a href="http://apps.leg.wa.gov/rcw/default.aspx?Cite=19.86&full=true">Washington’s Consumer Protection Act</a>.Bill McComashttp://www.blogger.com/profile/07670814671308040514noreply@blogger.com0tag:blogger.com,1999:blog-27060757.post-21850294017446516892008-07-15T16:20:00.003-04:002008-07-15T16:29:23.514-04:00Net Neutrality Suit On HoldJon Hart's suit against Comcast has been <a href="http://www.washingtontimes.com/news/2008/jul/14/comcast-buys-time-in-case-on-neutrality/">put on hold</a>. Hart, a Comcast subscriber had sued Comcast alleging that the company is violating <a href="http://hraunfoss.fcc.gov/edocs_public/attachmatch/FCC-05-151A1.doc">FCC net neutrality principles</a> by interfering with certain types of internet traffic. The case has been put on hold until an FCC investigation into the matter has been concluded. The <a href="http://blog.wired.com/27bstroke6/files/hart_v_comcast.pdf">suit</a>, originally filed in California Superior Court, has since been removed to federal court.Bill McComashttp://www.blogger.com/profile/07670814671308040514noreply@blogger.com0tag:blogger.com,1999:blog-27060757.post-14182520979799471332008-07-09T17:14:00.005-04:002008-07-15T16:32:04.374-04:00Deadline For Red Flag Rules ApproachingWith the so-called <a href="http://www.fdic.gov/news/board/07Oct16nine.pdf">Red Flag rules</a> set to become effective on Nov. 1, the FTC is beginning a campaign to help educate the public on the details of the new regs. The FTC recently published an <a href="http://www.ftc.gov/bcp/edu/pubs/business/alerts/alt050.shtm">Alert</a> to help companies better understand the law. The Red Flag rules require certain types of companies to implement identity theft prevention programs. See this <a href="http://technologylawblog.blogspot.com/2008/02/most-recent-national-law-journal.html">previous post</a> for more info.Bill McComashttp://www.blogger.com/profile/07670814671308040514noreply@blogger.com1tag:blogger.com,1999:blog-27060757.post-91707367995785757192008-07-08T14:41:00.004-04:002008-07-08T14:53:20.925-04:00McAfee's Spam ExperimentIn an effort to better understand spam, McAfee recently <a href="http://www.internetnews.com/security/print.php/3756586">commissioned 50 people</a> to surf the net without any anti-spam/spyware protection for a period of a month. At the end of a month, the 50 participants had received 104,000 unsolicited messages, totalling around 70 messages a day for each participant. One of the findings was the amount emanating from outside the US. Of the 104,000 letters, only 23,233 were in English. During the month-long experiment, McAfee encouraged the participants to log their experiences in a blog. Check out the blog <a href="http://www.mcafeespamexperiment.com/us/">here</a>.Bill McComashttp://www.blogger.com/profile/07670814671308040514noreply@blogger.com0tag:blogger.com,1999:blog-27060757.post-41642894099687384622008-07-08T10:35:00.003-04:002008-07-08T11:26:03.902-04:00New Spam Rules Go Into Effect<a href="http://edocket.access.gpo.gov/2008/pdf/E8-11394.pdf">New CAN-SPAM rules</a>, published in May, went into effect yesterday. Among other things, the new rules clarify who is obligated to comply with CAN-SPAM, clarify the definition of “sender,” and include new unsubscribe requirements. See <a href="http://www.indystar.com/apps/pbcs.dll/article?AID=/20080707/BUSINESS/80707005/1003/BUSINESS">this article</a> for more info. For help complying with CAN-SPAM, including the new rules, see this <a href="http://email.exacttarget.com/uploadedFiles/Resources/Whitepapers/CAN-SPAM%20Compliance%20for%20Email%20Marketing.pdf">White Paper</a> from ExactTarget (free registration required).Bill McComashttp://www.blogger.com/profile/07670814671308040514noreply@blogger.com0tag:blogger.com,1999:blog-27060757.post-86599965297066628422008-07-03T09:53:00.003-04:002008-07-03T09:59:21.109-04:002008 Security Breach ReportThe <a href="http://www.idtheftcenter.org/">Identity Theft Resource Center</a> recently published their <a href="http://idtheftmostwanted.org/ITRC%20Breach%20Report%202008.pdf">2008 security breach incidence report</a>. For each incident the report provides the number the exposed records, the breach type (print or electronic), and a link to a news article about the incident. So far in '08, the report counts 346 security breach incidents totalling upwards of 16 million exposed records.Bill McComashttp://www.blogger.com/profile/07670814671308040514noreply@blogger.com0tag:blogger.com,1999:blog-27060757.post-4866431213058137172008-07-03T09:43:00.003-04:002008-07-03T09:49:23.603-04:00California Expands Identity Theft LawCalifornia Governor Arnold Schwartzenegger <a href="http://www.informationweek.com/news/security/privacy/showArticle.jhtml?articleID=208802209">recently</a> signed into law <a href="http://www.leginfo.ca.gov/pub/07-08/bill/sen/sb_0601-0650/sb_612_bill_20080701_chaptered.pdf">SB 612</a> which makes it easier to prosecute identity theft crimes in California. Under the old system, prosecutions could only take place where the crime occurred, which is usually in the perpetrators' towns or cities. With the passage of this bill, prosecutors can now charge people with identity theft in the jurisdictions where the <em>victims</em> live. This is significant because prosecutors are generally more aggressive when they're fighting criminals in their home town.Bill McComashttp://www.blogger.com/profile/07670814671308040514noreply@blogger.com0tag:blogger.com,1999:blog-27060757.post-61775518187301716752008-06-30T17:06:00.003-04:002008-06-30T17:16:53.905-04:00New Guidelines To Deal With SPAM<a href="http://www.redorbit.com/news/technology/1454647/new_guidelines_introduced_to_reduce_email_spam/">This article</a> discusses new guidelines released by <a href="http://www.maawg.org/">The Messaging Anti-Abuse Working Group</a> (MAAWG) intended to reduce spam. According to the article, the new guidelines (which do not appear to be available online) recommend that ISPs use separate servers for received and forwarded e-mails, and that they block port 25, through which spam travels. Even if the guidelines were successfully adopted, though, there's no indication that they would be successful. Still, this might be a start.Bill McComashttp://www.blogger.com/profile/07670814671308040514noreply@blogger.com0tag:blogger.com,1999:blog-27060757.post-65529457145573467542008-06-24T15:32:00.003-04:002008-06-24T15:44:16.972-04:00Texas AG Settles With EZCORP Over Identity TheftThe Texas Attorney General's Office <a href="http://www.legalnewsline.com/news/213715-abbott-reaches-600000-settlement-with-ezcorp-over-its-document-handling">announced a settlement yesterday</a> with EZCORP over the company's failure to adequately safeguard customer's personal information. Apparently, the company had simply dumped 483 customer records laden with social security numbers and other highly sensitive information in the trash. The AG's office <a href="http://www.oag.state.tx.us/newspubs/releases/2007/050307ezpawn_pop.pdf">filed suit</a> under <a href="http://tlo2.tlc.state.tx.us/statutes/docs/BC/content/htm/bc.004.00.000048.00.htm#48.102.00">Texas Business & Comm. Code Section 48-102</a>, claiming the company had failed to implement "reasonable procedures" to safeguard customers personal information. The AG's website includes a <a href="http://www.oag.state.tx.us/newspubs/releases/2007/050307ezpawn.pdf">picture</a> of a credit application that was found in the trash.Bill McComashttp://www.blogger.com/profile/07670814671308040514noreply@blogger.com0tag:blogger.com,1999:blog-27060757.post-56599868301578306972008-06-16T17:39:00.005-04:002008-06-16T17:50:15.475-04:00Web Site Liability For Third Party ContentThe question of when a website owner becomes liable for content posted by third parties has been around for some time. As far back as 1997, the Courts were already dealing with this issue (See <a href="http://pacer.ca4.uscourts.gov/opinion.pdf/971523.P.pdf"><em>Zeran v. AOL</em></a>). In the past several months a number of new opinions on this issue have appeared. In May of this year, the 9th Circuit case <a href="http://www.ca9.uscourts.gov/ca9/newopinions.nsf/F71559D8162BA7EE8825741F00771BC1/$file/0456916.pdf?openelement"><em>Fair Housing Council v. Roommates.com</em></a> tackled the issue of whether an online roommate matching website should be held liable for violation of the federal housing discrimination laws, since certain postings discriminated against particular groups. The Court held that the website could be held liable because it used drop-down menus to limit users' choice as to the content of their listing. As a result, the safeharbor provisions of the <a href="http://www4.law.cornell.edu/uscode/html/uscode47/usc_sec_47_00000230----000-.html">Communications Deceny Act</a> (CDA) did not apply. On the other hand, in March of this year, the 7th Circuit in <a href="http://www.ca7.uscourts.gov/fdocs/docs.fwx?submit=rss_sho&shofile=07-1101_021.pdf"><em>Chicago Lawyer's Committee v. Craigslist</em></a> found Craigslist immune under the CDA for user posted listings which likewise discriminated against certain groups. The distinction between the two rulings appears to be that once a website operator takes an active involvement in the generation of content (as was the case in the Fair Housing decision), the safeharbor provisions of the CDA no longer apply.Bill McComashttp://www.blogger.com/profile/07670814671308040514noreply@blogger.com0tag:blogger.com,1999:blog-27060757.post-82778905077313003842008-06-16T12:50:00.004-04:002008-06-16T13:01:16.529-04:00Suing For Identity Theft Using RICOCheck out this National Law Journal article, "<a href="http://www.law.com/jsp/nlj/PubArticleNLJ.jsp?id=1202421973773">RICO And Data Thieves</a>" (subscription). Historically, data theft has been largely prosecuted using the <a href="http://www.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00001030----000-.html">Computer Fraud and Abuse Act</a> (CFAA). The author, <a href="http://www.dorsey.com/akerman_nick/">Nick Akerman</a>, suggests that filing suit under the <a href="http://www.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00001961----000-.html">Racketeer Influenced and Currupt Organizations</a> (RICO) statute might have some advantages. As the author points out, RICO, unlike the CFAA, provides for treble damages and attorney fees.Bill McComashttp://www.blogger.com/profile/07670814671308040514noreply@blogger.com0tag:blogger.com,1999:blog-27060757.post-63437567303861782902008-06-13T16:26:00.004-04:002008-06-16T13:03:34.385-04:00The Ethics of Viewing MetadataThe controversy over whether an attorney is permitted to view the metadata of documents they receive from opposing counsel has been ongoing for some time. A number of jurisdictions--including <a href="http://www.floridabar.org/tfb/tfbetopin.nsf/SearchView/ETHICS,+OPINION+06-2?opendocument">Florida</a> (Ethics Opinion 06-2) and <a href="http://www.nysba.org/AM/Template.cfm?Section=Ethics_Opinions&CONTENTID=6533&TEMPLATE=/CM/ContentDisplay.cfm">New York</a> (Ethics Opinion 749)--prohibit an attorney from making use of the metadata. The <a href="http://www.pdfforlawyers.com/files/06_442.pdf">ABA</a> (Ethics Opinion 06-442), on the other hand, permits it. Boris Reznikov recently published this <a href="http://www.lctjournal.washington.edu/Vol4/a13Reznikov.html">excellent article</a> on the current state of the legal ethics debate on metadata.Bill McComashttp://www.blogger.com/profile/07670814671308040514noreply@blogger.com0tag:blogger.com,1999:blog-27060757.post-35476634517965343972008-06-13T16:10:00.002-04:002008-06-13T16:20:39.302-04:00Do Data Breach Laws Reduce Identity Theft?A new working paper entitled "<a href="http://weis2008.econinfosec.org/papers/Romanosky.pdf">Do Data Breach Laws Reduce Identity Theft</a>?" (Carnegie Mellon University) analyzes the effect of data breach laws on the presence of identity theft. Although the authors acknowlege limitations to their study, they conclude that they found no statistically significant effect that data breach laws reduce identity theft. This is one more indication that an effective approach to tackling the problem of identity theft requires more than enacting legislation alone.Bill McComashttp://www.blogger.com/profile/07670814671308040514noreply@blogger.com0tag:blogger.com,1999:blog-27060757.post-91098549825581049222008-06-06T14:14:00.003-04:002008-06-06T15:02:08.622-04:00New York Internet Sales Tax Setting A Trend?<a href="http://www.ecommerce-guide.com/news/news/article.php/3751351">A highly controversial New York law</a> recently went into effect. Under the new law (Chapter 57, Laws 2008, Part KK-1), New York becomes the first state to require internet sales companies to collect sales tax. Will this new law set a trend for other states? According to this <a href="http://www.law.com/jsp/nlj/PubArticleNLJ.jsp?id=1202421990811">National Law Journal article</a> (subscription), legislators in Colorado, Florida, Illinois, Kansas and Minnesota are also considering passing similar laws. For a fuller explanation of the law, see this <a href="http://www.tax.state.ny.us/pdf/memos/sales/m08_3s.pdf">technical bulletin</a>. A number of retailers--Amazon.com and Overstock.com--have already filed suit. See Overstock's <a href="http://www.netchoice.org/library/overstock-summons-complaint.pdf">Complaint</a> here.Bill McComashttp://www.blogger.com/profile/07670814671308040514noreply@blogger.com0