« January 15, 2006 - January 21, 2006 | Main | January 29, 2006 - February 4, 2006 »

January 28, 2006

FCC Rules on CALEA Internet Wiretaps Challenged

The FCC's rules on Internet wiretapping are being challenged in court by a coalition of Universities, Internet providers, libraries and advocacy groups.  The challenge is to the rules implemented under the Communications Assistance for Law Enforcement Act (CALEA) which require telephone companies to rewire their networks and switches to give police access to features that include touch tones pressed during a call, conference call information, call waiting data, among other information.

The FCC has applied these same requirements to broadband Internet access services and Internet phone services.  The brief argues that the law was never intended to apply to these entities and points to a provision in one of the House reports that makes that statement explicitly.

The story is here, here, and for background, here.

January 28, 2006 | Permalink | Comments (0) | TrackBack

January 27, 2006

Maryland Anti-Spam Law Snares New York Marketer

A Maryland Appellate Court has ruled that Maryland's Anti-Spam law applies to out of state spammers.  A lower court had ruled that the law was unconstitutional because it sought to regulate commerce over state lines.  The appellate judge rejected the appeal of New York marketer Joseph M. Frevola that he shouldn't be liable under the law as he would have no idea if his messages would be opened in Maryland.  The Appeals judge said "This allegation has little more validity than one who contends he is not guilty of homicide when he shoots a rifle into a crowd of people without picking a specific target, and someone dies." Ouch.

In an ironic turn of phrase, Frevola's attorney said that this ruling opens the door to people making a living by extracting damages from email marketers.  Frevola has since gone out of business, so there is some question as to whether this ruling will be further appealed.

The AP story via the Houston Chronicle is here.  The opinion in the case MaryCLE, LLC v. First Choice Internet is here.

January 27, 2006 | Permalink | Comments (0) | TrackBack

FTC Levies Largest Fine Against Consumer Data Provider

ChoicePoint, Inc. has settled charges by the Federal Trade Commission over the compromise of 163,000 consumer financial records in its database.  According to the FTC, at least 800 hundred cases of identity theft resulted from the breach.  ChoicePoint is to pay $10 million in civil penalties and an additional $5 million for consumer redress.

From the FTC press release:

The FTC charged that ChoicePoint violated the Fair Credit Reporting Act (FCRA) by furnishing consumer reports – credit histories – to subscribers who did not have a permissible purpose to obtain them, and by failing to maintain reasonable procedures to verify both their identities and how they intended to use the information.

The FTC charged that ChoicePoint violated the Fair Credit Reporting Act (FCRA) by furnishing consumer reports – credit histories – to subscribers who did not have a permissible purpose to obtain them, and by failing to maintain reasonable procedures to verify both their identities and how they intended to use the information.

The agency also charged that ChoicePoint violated the FTC Act by making false and misleading statements about its privacy policies. ChoicePoint had publicized privacy principles that address the confidentiality and security of personal information it collects and maintains with statements such as, “ChoicePoint allows access to your consumer reports only by those authorized under the FCRA . . . ” and “Every ChoicePoint customer must successfully complete a rigorous credentialing process. ChoicePoint does not distribute information to the general public and monitors the use of its public record information to ensure appropriate use.”

The stipulated final judgment and order requires ChoicePoint to pay $10 million in civil penalties – the largest civil penalty in FTC history – and to provide $5 million for consumer redress. It bars the company from furnishing consumer reports to people who do not have a permissible purpose to receive them and requires the company to establish and maintain reasonable procedures to ensure that consumer reports are provided only to those with a permissible purpose. ChoicePoint is required to verify the identity of businesses that apply to receive consumer reports, including making site visits to certain business premises and auditing subscribers’ use of consumer reports

The full text of the release is here.  The same page contains links to the District Court complaint and other legal documents in the case.

January 27, 2006 | Permalink | Comments (0) | TrackBack

January 26, 2006

Microsoft Antitrust Problems In The News

This story seems to be moving fast given the deadlines involved.  In Europe, the European Commission has granted Microsoft a one month delay in complying with the EU's antitrust ruling against the company.  Microsoft is obligated to provide programming details that would allow server products from other companies to inter-operate with its own software.  The deadline was Wednesday, but has been extended to February 15th.  Without the extension, Microsoft was liable for fine of 2 million Euros a day, or $2.4 million American.

Yesterday, the company surprised the Commission and Neelie Kroes, Europe's chief antitrust officer, with an offer to show rivals the source code for Windows that deals with the communication protocols at issue.  Microsoft would charge fees and require non-disclosure agreements for the views.  Kroes said she didn't know if this act on the part of Microsoft would bring the company into compliance with the ruling.  She said that all she had was Microsoft's announcement and a press release, which was not enough for her to make a statement.  She did note that the source code for Windows was never a requirement under the EU's order.  She also stated that the documentation for the protocols is what is important. 

Other analysts echo the fact that source code is one thing, but documentation on how to use it is quite another. As to the documentation Microsoft had already given, it was described by the EC monitor as totally unfit.

In a similar complaint, the Justice Department told a federal judge on the 17th of January that Microsoft is behind in documenting its Microsoft Communications Protocol Program.  More on this here.

January 26, 2006 | Permalink | Comments (0) | TrackBack

January 25, 2006

Editing Documents at the NSA

The National Security Agency, the same one ordered by President Bush to institute of program of domestic wiretaps without a court order, has issued a document that tells agency members how to sanitize documents in Microsoft Word before converting them to PDF.  The problems this address include giving away the information that was intended to remain secret.

The document informs that placing a graphic over another graphic doesn't get rid of the first graphic, or that black boxes over text can be removed to reveal the hidden text.  It works for print, but doesn't work for electronic.

Metadata is another issue.  Word has this habit of keeping editing history and other metadata such as authorship as part of the document.  Some of this information may conflict with statements in the content which puts the credibility of the document at risk.  Whoops.

The story is here, and the memo is here.

January 25, 2006 | Permalink | Comments (0) | TrackBack

Google Starts China Service With Censored Pages

If you read the story in the China Daily, the story sounds like another innocuous business story.  Google's presence in China has been through a Chinese language version of its .com address.  Now there will be a purely Chinese version with a .cn address.  The story ends with this paragraph:  "Initially, Google's Chinese service will be limited to searching Web pages and images. The company also will provide local search results and a special edition of its news service."

To find out what makes this special edition so special, look at this story from the London Times (Timesonline.com).  Google apparently is making some search results unavailable at the behest of the Chinese government, and some stories not receiving any coverage by Google News China. 

Google, according to its own statements, recognizes the trade-offs for doing business in China with its mission statement, but believe that the company can have a more positive impact competing in China under these circumstances. 

The discussion at SearchEngineWatch describes how Google had been censored by the Chinese government without any help from the company.  The Chinese had apparently placed overlay blocking on the .com site as well as other sites the government found objectionable. There's also commentary about how censorship occurs in France and Germany over Nazi related information. 

One positive note about Google's action is that no one has gone to jail over it.  So far.  We'll see how they react when they confront that situation.

January 25, 2006 | Permalink | Comments (0) | TrackBack

January 23, 2006

New Paper From FirstMonday.org on Cryptography

The Legal and Practical Implications of Recent Attacks on 128-bit Cryptographic Hash Functions
by Praveen Gauravaram, Adrian McCullagh and Ed Dawson

Abstract: This paper discusses the legal and practical implications of attacks, presented at Crypto '2004, against various 128-bit hash functions and in particular MD5 due to its wide usage. These attacks are significant because a number of important applications depend on MD5. It is argued in this paper that the MD-x style of hash function designs for various applications can be a single point of failure. New hash function design schemes with some strict security properties should be developed in order to avoid new attacks in the future.

Find it in the peer-reviews Internet journal here.

January 23, 2006 | Permalink | Comments (1) | TrackBack

RIM Moves Closer to the Brink

The brink of what, no one is quite sure of.  RIM and NTP have been litigating whether RIM's Blackberry service infringes on a number of NTP's patents.  The case has been litigated in the District Court, the Court of Appeals for the Federal Circuit, the Supreme Court, the Patent Office, and now the Supreme Court again, which just turned down another appeal from RIM.  This one involved the question of the reach of U.S. patent laws given that RIM is based in Canada.

The District Court judge will not wait for the Patent Office to finish its review of NTP's patents even though that office has preliminarily rejected claims by NTP for two of its patents.  The administrative review continues parallel to the District Court's action.  RIM claims it has a workaround ready to put in place that would avoid a disruption of service but has been pretty mum about what that would entail. 

Briefs are due in the District Court by February 1st followed by a hearing to determine what's next.  NTP proposed that government customers be exempt from an injunction.  If that happens, Dick Cheney's Blackberry as parodied on an episode of the Fox comedy American Dad appears to be safe.  RIM has said, however, that any service cutoff forced by an injunction could not easily distinguish between corporate and government customers. 

Read about it here, here, and here.

January 23, 2006 | Permalink | Comments (0) | TrackBack