Tech Law Journal Daily E-Mail Alert
December 11, 2003, 9:00 AM ET, Alert No. 797.
Home Page | Calendar | Subscribe | Back Issues | Reference
3rd Circuit Rules on Application of ECPA to Stored E-Mail

12/10. The U.S. Court of Appeals (3rdCir) issued its opinion [15 pages in PDF] in Fraser v. Nationwide, a case involving, among other issues, the application of the Electronic Communications Privacy Act (ECPA) to an employer's search of an employee's stored e-mail communications on a company server. The Appeals Court held that there was no violation of the ECPA.

Richard Fraser was an independent insurance agent with a contract with Nationwide Mutual Insurance Co. Nationwide terminated his contract following a search of Fraser's e-mail stored on its main file server, where all of his e-mail was stored. It found drafts of letters to other insurance companies. It concluded he was disloyal, and terminated his contract.

Fraser filed a complaint in U.S. District Court (EDPa) against Nationwide alleging violations of Title I and II of the Electronic Communications Privacy Act of 1986 (ECPA), which is codified at 18 U.S.C. § 2510, et seq. He also pled wrongful termination and other claims not addressed here. The District Court granted summary judgment to Nationwide on the ECPA claims.

The Appeals Court affirmed.

Fraser first argued that Nationwide violated the ECPA by intercepting his e-mail. This claim is based on Title I of the ECPA. The Appeals Court rejected this argument on the basis that an intercept of e-mail must occur contemporaneously with its transmission to constitute an intercept within the meaning of the ECPA.

18 U.S.C. § 2511 provides, in part, that "any person who (a) intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication ... shall be subject to suit ..."

18 U.S.C. § 2510(4) defines ''intercept'' as "the aural or other acquisition of the contents of any wire, electronic, or oral communication through the use of any electronic, mechanical, or other device".

The Appeals Court concluded that "Every circuit court to have considered the matter has held that an ``intercept´´ under the ECPA must occur contemporaneously with transmission." The Court added that "While Congress's definition of ``intercept´´ does not appear to fit with its intent to extend protection to electronic communications, it is for Congress to cover the bases untouched. We adopt the reasoning of our sister circuits and therefore hold that there has been no "intercept" within the meaning of Title I of ECPA."

Fraser also argued that National violated the ECPA by unlawfully accessing stored communications. This claim is based on Title II of the ECPA. The Court rejected this argument too.

18 U.S.C. § 2701(a) provides, in part, that " whoever -- (1) intentionally accesses without authorization a facility through which an electronic communication service is provided; or (2) intentionally exceeds an authorization to access that facility; and thereby obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system shall be punished as provided in subsection (b) of this section."

18 U.S.C. § 2510(17), in turn, defines "electronic storage" as "(A) any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission thereof; and (B) any storage of such communication by an electronic communication service for purposes of backup protection of such communication."

The District Court rejected Fraser's argument based on its interpretation that Fraser's e-mail messages were not in backup storage. The Appeals Court provided a different analysis. He relied on the exception for access by service providers.

18 U.S.C. § 2701(c) provides that Subsection (a) of this section does not apply with respect to conduct authorized -- (1) by the person or entity providing a wire or electronic communications service;"

The Appeals Court wrote that "we read § 2701(c) literally to except from Title II's protection all searches by communications service providers. Thus, we hold that, because Fraser's e-mail was stored on Nationwide's system (which Nationwide administered), its search of that e-mail falls within § 2701(c)'s exception to Title II." (Parentheses in original.)

Thus, under this opinion, employers are free to search through their employee's stored e-mail that is on a company administered system, without violating the ECPA. This opinion would also appear to support the argument that if a third party asked an employer or other service provider to search stored e-mail, and it complied, that too would fall within the Section 2701(c) exception. However, the Court did not address this.

This case is Richard Fraser, et al. v. Nationwide Mutual Insurance Co., et al., U.S. Court of Appeals for the Third Circuit, No. 01-2921, Judges Sloviter, Ambro and Becker presiding, an appeal from the U.S. District Court for the Eastern District of Pennsylvania, D.C. No. 98-cv-06726, Judge Anita Brody presiding.

World Summit on the Information Society

12/10. The first phase of the United Nation's World Summit on the Information Society (WSIS) is being held in Geneva, Switzerland on December 10-12, 2004. The second phase will be held in Tunisia in 2005.

On December 9, the WSIS released a document [MS Word] titled "Draft Declaration of Principles: Building the Information Society: a global challenge in the new Millennium".

It states that "radio frequency spectrum should be managed in the public interest". It states that there should be "universal service obligations". Also, it states that there should be "stability, predictability and fair competition".

The document also addressed intellectual property rights (IPR) protection. While it includes numerous statements regarding access to information and the importance of the public domain, it also references IPR. It states that "Intellectual Property protection is important to encourage innovation and creativity in the information society; similarly, the wide dissemination, diffusion, and sharing of knowledge is important to encourage innovation and creativity. Facilitating meaningful participation by all in intellectual property issues and knowledge sharing through full awareness and capacity building is a fundamental part of an inclusive Information Society."

The document also contains the following statement. "Information in the public domain should be easily accessible to support the Information Society, and protected from misappropriation."

The document also addressed freedom of speech. It states that "everyone has the right to freedom of opinion and expression" and "We reaffirm our commitment to the principles of freedom of the press".

However, it adds this: "We call for the responsible use and treatment of information by the media". And, it provides that "Nothing in this declaration shall be construed as impairing, contradicting, restricting or derogating ... national laws".

This document also states that "Diversity of media ownership should be encouraged, in conformity with national law, and taking into account relevant international conventions. We reaffirm the necessity of reducing international imbalances affecting the media, particularly as regards infrastructure, technical resources and the development of human skills."

The document also addresses cyber security. It states that "Strengthening the trust framework, including information security and network security, authentication, privacy and consumer protection, is a prerequisite for the development of the Information Society and for building confidence among users of ICTs. A global culture of cyber-security needs to be promoted, developed and implemented in co-operation with all stakeholders and international expert bodies. These efforts should be supported by increased international co-operation. Within this global culture of cyber-security, it is important to enhance security and to ensure the protection of data and privacy, while enhancing access and trade."

The document briefly mentions spam. "Spam is a significant and growing problem for users, networks and the Internet as a whole. Spam and cyber-security should be dealt with at appropriate national and international levels."

Finally, the document addresses open source software. It states that "Access to information and knowledge can be promoted by increasing awareness among all stakeholders of the possibilities offered by different software models, including proprietary, open-source and free software, in order to increase competition, access by users, diversity of choice, and to enable all users to develop solutions which best meet their requirements. Affordable access to software should be considered as an important component of a truly inclusive Information Society."

See also, WSIS document [MS Word] titled "Draft Plan of Action".

On December 9, David Gross of the U.S. Department of State gave a speech in Geneva regarding information and communications technologies (ICT) and the U.S. position at the WSIS.

David GrossGross (at right) is the Deputy Assistant Secretary of State for International Communications and Information Policy, in the Bureau of Economic and Business Affairs.

He stated that "The rise of the Internet also promised to make possible an unprecedented exchange of information and knowledge. In the process, it promised to challenge censorship and erode the foundations of authoritarianism. In the most optimistic and simplistic formulations, the mere introduction of the Internet was going to unhinge authoritarian regimes and lead to a flowering of democracy. Some of these promises have been fulfilled but not everywhere and not equally. Undoubtedly, more people in more countries have access to more information than ever before. ICT has even played a significant role in promoting political change."

He continued that "The truth is that the Internet often defies but alone cannot defeat the forces of repression. Some countries use firewalls and force users to connect to the Internet through state-controlled networks. Some limit their citizens' access to computers, register users, monitor e-mails and impose punitive deterrents. Still others use patronage and censorship to shape what their citizens know. Some try to do all of these things. These countries are attempting -- vainly I believe -- to deflect the course of history. With the aim of maintaining political control, they run the risk of undermining much of the promise of the Internet and denying their peoples a richer more rewarding life. Freedom to express, innovate and exchange are the lifeblood of the progress these countries and their peoples desire."

He argued that the WSIS' "overriding vision for the information society should be one that promotes political and economic freedom in order to offer our citizens the opportunity to access and utilize information to better their lives."

Also, "The final Summit Declaration and Plan of Action should promote press freedom and preserve intellectual property rights that fuel knowledge creation and innovation."

The Department of State elaborated on the WSIS. On December 10, 2003, the Department of State's Office of the Spokesman released a statement which says that "We believe that the keys to prosperity in the Information Society are education, individual creativity and an environment of economic and political freedom. Access to information is at the core of a truly inclusive Information Society."

This statement continues that "The delegates to the WSIS identified and achieved consensus on a series of difficult issues that represent key challenges presented by the Information Society. First, States have affirmed their commitment to freedom of the press, as well as to the independence, pluralism and diversity of the media. The United States believes that the principle free flow of information, as enshrined in the Universal Declaration of Human Rights, lies at the heart of the Information Society. Second, states agreed that achieving ubiquitous and affordable access to ICT infrastructure and services requires a stable, predictable and fair national economic climate that can attract private capital and the development of human capacity through education and training."

"The WSIS also recognized that building confidence and security in the use of ICTs is a critical element of the Information Society and that all stakeholders must act nationally and cooperate internationally to foster a global culture of cyber security. The United States welcomes the plan of action that will involve all participants in this global effort. In addition, a global consensus was developed around a multi-stakeholder approach to the Internet."

The State Department statement concludes that "The WSIS also acknowledged the importance of intellectual property to the Information Society. The United States believes that the contributions made to the Information Society by creators and inventors are essential. Through existing intellectual property protection agreements these contributions are protected so that innovation and creativity by all people are encouraged. The wide dissemination of knowledge is also important to the Information society and we are pleased to have this reaffirmed by the WSIS."

See also, transcript of David Gross's December 3 briefing on the WSIS.

FBI Publishes CALEA Final Notice of Capacity

12/5. The Federal Bureau of Investigation (FBI) published a notice in the Federal Register that it titles "Final notice of capacity". This pertains to the FBI's implementation of  the Communications Assistance for Law Enforcement Act (CALEA), which is codified at 47 U.S.C. § 1001, et seq.

The FBI also requests comments on this "Final notice of capacity". The deadline to submit comments to the FBI is February 3, 2004. This notice states that "at the end of the comment period, the FBI will review any such comments it receives and publish a finalized notice in the Federal Register." See, Federal Register, December 5, 2003, Vol. 68, No. 234, at Pages 68112 - 68121.

Pen Registers and Trap and Trace Devices

Pen registers and trap and trace (PR&TT) devices are telephone industry concepts. The former are used to obtain outgoing phone numbers. The latter are used to obtain incoming numbers. Before passage of the PATRIOT Act in late 2001, the relevant statute referenced "wire" communications.

The Act provides that the concept of a PR is expanded from merely capturing phone numbers, to capturing routing and addressing information in any electronic communications, including internet communications. It similarly expands the concept of TT devices.

PR&TT orders do not authorize a law enforcement authority to obtain the content of communications. Court orders authorizing PR&TT devices do not require a showing of probable cause, as is the case for wiretaps, which enable law enforcement authorities to obtain the content of communications.

The PATRIOT Act serves as the legal authority for technologies that monitor e-mail systems, such as the FBI's Carnivore.

See also, articles titled "Bush Signs Anti Terrorism Bill", "Pen Registers and Trap and Trace Devices", and "Key Tech Related Provisions of the Anti Terrorism Bill", in TLJ Daily E-Mail Alert No. 296, October 29, 2001.

Background. The just published notice discusses at length the meaning of the term "simultaneously", which is used in 47 U.S.C. § 1003. Section 1003 addresses the required capacity of telecommunications carriers to conduct electronic surveillance. That is, it goes to the "actual number of communication interceptions, pen registers, and trap and trace devices ..." and the "maximum capacity required to accommodate all of the communication interceptions, pen registers, and trap and trace devices ..." It requires the Attorney General to publish a notice in the Federal Register of the actual number and maximum capacity that he estimates that government agencies authorized to conduct electronic surveillance may conduct and use "simultaneously".

The FBI previously issued a final notice [94 pages in PDF], on March 12, 1998. However, the U.S. Telecom Association (USTA) and others challenged that final notice. See, original complaint filed in the U.S. District Court (DC) on August 19, 1998 by the USTA. The District Court granted summary judgment in favor of the FBI on all issues.

On appeal, the U.S. Court of Appeals (DCCir) reversed in part, with instruction that the matter be remanded to the FBI. The Court of Appeals issued its opinion on January 18, 2002. The Appeals Court affirmed the District Court's grant of summary judgment on the USTA's cost recovery claim, but reversed on the notice of capacity claim.

The District Court case is USTA v. FBI, D.C. No. 98cv02010, Judge Hogan presiding. The Appeals Court case is USTA v. FBI, A.C. No. 00-5386, Judges Williams, Ginsburg and Henderson presiding.

The main gist of the some of the disputes between service providers and the FBI, on the subject of capacity, as well as on some other matters, has been economic. It goes to who bears the burden and expense of complying with the FBI's demands.

Making networks, systems and services capable of being tapped, intercepted and monitored requires considerable expense and effort. And the more intercepts there are, the greater the cost. Normally, when law enforcement entities acquire things, like cars, computers or employees, they purchase or hire these in the marketplace. And, these law enforcement entities need to go to their legislatures to obtain funds to make these acquisitions. CALEA imposes an entirely different regime for the acquisition of interception of communications. It requires that the service providers must give intercepts to the law enforcement entities for free. Whenever something is free, consumption tends to go up.

Since the FBI does not bear the cost of interception, it has aggressively sought expansive interpretations of its authority under the CALEA, knowing that the costs of meeting its demands will be borne by taxpayers, consumers of communications services, and service providers.

Service providers have not been thrilled with this regime, and the demands of the FBI. Moreover, service providers tend not to like to snoop on their customers. And, they certainly do not want their customers to be left with the impression that widespread surveillance is going on.

Summary of December 5 Notice. The just published notice addressed several subjects. First, the FBI reasserted its position that the interception of multiple communications in a single day should be counted as a single item for the purposes of Section 1003.

The Appeals Court wrote that the 1998 notice "treated interceptions as ``simultaneous´´ if they occur on the same day, even though they may each only take moments and do not overlap in the least. ... USTA objects to both these decisions. And rightly so." However, the Appeals Court did not vacate. Rather, it wrote that "we reverse the judgment of the district court, with instructions to remand the case to the agency for a more adequate explanation".

Now, on remand, the FBI continues to assert that "we believe that capacity requirements are most appropriately based on a number of surveillances being conducted on the same day, not on a number of overlapping interceptions." That is, the FBI still wants to count the interception of two phone calls (or two numbers dialed, two e-mail addresses, and etc.) in one day as a single item. This is the very interpretation that the Appeals Court condemned in its 2002 opinion.

Second, the just published notice addresses the breakdown of capacity requirements by type of surveillance. That is, the 1998 notice did not differentiate between the interception of content and the use of pen register or trap and trace devices.

The Appeals Court wrote that the 1998 notice "insisted that these statements of ``actual number´´ and ``capacity´´ were properly in terms that drew no distinction between different types of interceptions (e.g., communications content versus mere pen registers), even though they differ heavily in their actual demands on capacity." (Parentheses in original.)

The Court added that "content interceptions might require up to five delivery channels because of multiple participants on a call, while others, such as pen registers and trap and trace devices, typically use only a single channel." The Court criticized this approach, reversed, and instructed the District Court to remand to the FBI for a more adequate explanation.

And now, the just published notice states that "The FBI has considered this issue and continues to find that it is appropriate, given the statutory requirements, to state the capacity  requirements for each geographic region as a single actual and single maximum number."

FBI Interpretation of CALEA. Congress passed the CALEA in 1994 to enable law enforcement authorities to maintain their existing wiretap capabilities in new telecommunications devices. The Congress had cell phones in mind. The CALEA provides that wireline, cellular, and broadband PCS carriers must make their equipment capable of certain surveillance functions.

This notice of capacity contains an FBI interpretation of the CALEA. It also contains an FBI interpretation of some of the statutes authorizing electronic surveillance by government entities, including the Omnibus Crime Control and Safe Streets Act of 1968 (and especially, its Title III), the Electronic Communications Privacy Act (ECPA), and the PATRIOT Act,  but not the Foreign Intelligence Surveillance Act (FISA). Finally, the notice contains an FBI interpretation of the relationship between the CALEA and various statutes authorizing electronic surveillance.

Readers may wish to assess whether or not the FBI's interpretations of these statutes are consistent with the language of these statutes.

For example, the FBI asserts that "Congress enacted the CALEA in 1994 to require telecommunications carriers to ensure that their networks have the capability to enable local police, Federal officers and all other law enforcement agencies to conduct lawfully authorized electronic surveillance."

However, the language of the CALEA provides that not all lawfully authorized electronic surveillance is covered by the CALEA. Specifically, the CALEA provides that its requirements "do not apply to (A) information services; or (B) equipment, facilities, or services that support the transport or switching of communications for private networks or for the sole purpose of interconnecting telecommunications carriers."

Moreover, when the Congress passed the PATRIOT Act in 2001, it amended 18 U.S.C. § 3127 to provide that the old phone industry concepts of pen registers and trap and trace devices apply to electronic communications, including internet communications. (See, Section 216.) However, the PATRIOT did not expand FBI authority, or expand service provider obligations, under the CALEA.

To the contrary, the PATRIOT Act provided (at Section 222) that "nothing in this Act shall impose any additional technical obligation or requirement on a provider of wire or electronic communication service or other person to furnish facilities or technical assistance". Moreover, the legislative history of this language is that it was offered by Representatives who were concerned about the FBI's history of expansive implementation of the CALEA. See, story titled "No Technology Mandates", and other stories about the markup of the PATRIOT Act, in TLJ Daily E-Mail Alert No. 279, October 4, 2001.

The point is that the FBI's December 5 notice asserts that "lawfully authorized electronic surveillance" is subject to CALEA. Yet, surveillance of certain information services is lawful, but not covered by CALEA.

The FBI notice does not explain its reasoning. However, the FBI's ex parte communications and closed meetings with the Federal Communications Commission (FCC) Commissioners and staff regarding the application of the CALEA to voice over internet protocol (VOIP) services may provide the basis of its assertion.

It simply asserts that services like VOIP should be classified as telecommunications services, and hence, is subject to CALEA. See, story titled "FBI Wants Broadband Internet Access Classified As A Telecommunications Service So That CALEA Will Apply" in TLJ Daily E-Mail Alert No. 707, July 30, 2003.

FCC Announces Agenda for December 17 Meeting

12/10. The Federal Communications Commission (FCC) released the agenda [PDF] for its Wednesday, December 17 meeting.

First, The FCC will consider a Notice of Proposed Rulemaking (NPRM) regarding the use of cognitive radio technologies and software defined radios. This is ET Docket No. 03-108 and ET Docket No. 00-47.

Second, the FCC will consider a Third Report and Order and Second Further NPRM regarding the administration of its e-rate subsidy program. This is CC Docket No. 02-6.

Finally, the FCC will consider a Report and Order regarding licensing and service rules for the Dedicated Short Range Communications (DSRC) Service in the Intelligent Transportation Systems (ITS) Radio Service in the 5.850-5.925 GHz band. This is WT Docket No. 01-90, ET Docket No. 98-95, and RM-9096.

There is nothing on the just released agenda pertaining to several other anticipated items, such as the regulation of voice over internet protocol (VOIP) services, or digital television must carry and multicasting requirements.

The meeting will be held at 9:30 AM Room TW-C305 (Commission Meeting Room), at 445 12th Street, SW. The meeting will be open to the public, and web cast.

Washington Tech Calendar
New items are highlighted in red.
Thursday, December 11

Day two of a two day symposium hosted by the National Institute of Standards and Technology (NIST) titled "Building Trust and Confidence in Voting Systems". The topics to be addressed include computer security. See, notice and symposium web site. The registration deadline is December 2. Location: NIST, Red Auditorium, Building 101.

Day one of a two day conference hosted by the Power Line Communications Association (PLCA). Acting head of the National Telecommunications and Information Administration (NTIA) Michael Gallagher is scheduled to speak at 3:00 PM. For more information, contact Craig Schaar. Location: Troutman Sanders, Conference Center, 401 Ninth Street, NW.

Deadline to submit comments to the Federal Communications Commission (FCC) in response to its Notice of Inquiry (NOI) regarding the impact that communications towers may have on migratory birds. See, notice in the Federal Register, September 12, 2003, Vol. 68, No. 177, at Pages 53696 - 53702. This is Docket No. WT 03-187, and FCC 03-205. The FCC adopted this NOI on August 8, 2003, and released it on August 20, 2003. See also, story titled "FCC Release NOI On Communications Towers and Migratory Birds" in TLJ Daily E-Mail Alert No. 723, August 21, 2003.

Friday, December 12

Day two of a two day conference hosted by the Power Line Communications Association (PLCA). For more information, contact Craig Schaar. Location: Troutman Sanders, Conference Center, 401 Ninth Street, NW.

12:00 NOON. The Progress and Freedom Foundation (PFF) will host a panel discussion titled "The Next Step in Telecom: Deregulation of Retail Rates". The speakers will be Randolph May (PFF), Joseph Kraemer (LECG), Blair Levin (Legg Mason Equity Research), John Morabito (Qwest), and John Windhausen (Association for Local Telecommunications Services). Lunch will be served. To register, contact Rebecca Fuller at 202 289-8928 or Location: Room B-369, Rayburn Building.

Deadline to submit comments to the Office of the U.S. Trade Representative (USTR) regarding barriers to U.S. exports of goods, services and overseas direct investment for inclusion in the USTR's annual National Trade Estimate Report on Foreign Trade Barriers (NTE). The USTR seeks comments on, among other issues, lack of intellectual property protection, trade restrictions affecting electronic commerce, and technology transfer requirements. See, notice in the Federal Register, October 31, 2003, Vol. 68, No. 211, at Pages 62159 - 62160.

Deadline to submit reply comments to the Federal Communications Commission (FCC) in response to SBC Communications' petition requesting that the FCC forbear from applying the terms of 47 U.S.C. § 271(c)(2)(B) to the extent, if any, those provisions impose unbundling obligations on SBC that this FCC has determined should not be imposed on incumbent local exchange carriers pursuant to 47 U.S.C. § 251. See, FCC notice [PDF]. This is WC Docket No. 03-235.

Deadline to submit comments to the Federal Communications Commission (FCC) regarding Northland Networks' petition pursuant to 47 U.S.C. § 252(e)(5) requesting that the FCC preempt the jurisdiction of the New York Public Service Commission to resolve a dispute between Northland and Verizon regarding reciprocal compensation and change of law provisions of their interconnection agreements. This is WC Docket No. 03-242. See, FCC notice [PDF].

Monday, December 15

The Supreme Court will begin a recess. (It will return from recess on January 12, 2004.)

9:30 AM. The U.S. Court of Appeals (DCCir) will hear oral argument in Verizon v. FCC, No. 03-1080. Judges Randolph, Rogers and Garland will preside. Location: 333 Constitution Ave. NW.

9:30 AM. The U.S. Court of Appeals (DCCir) will hear oral argument in Cellco Partnership v. FCC, No. 02-1262. Judges Randolph, Rogers and Garland will preside. Location: 333 Constitution Ave. NW.

Day one of a seven day trial in USA v. First Data & Concord EFS, Inc., in the U.S. District Court (DC), D.C. No. 03-2169 (RMC). See, Scheduling and Case Management Order [9 pages in PDF] and story titled "DOJ Sues to Stop Merger of PIN Debit Networks", also published in TLJ Daily E-Mail Alert No. 765, October 24, 2003. Location: U.S. Courthouse, 333 Constitution Ave., NW.

TIME? The Department of Homeland Security's (DHS) Homeland Security Advanced Research Projects Agency (HSARPA) will host a one-day workshop to obtain feedback from the academic community on how to work with the DHS's research and development program." See, DHS release. Location?

Deadline to register to attend the December 17 meeting of the National Institute of Standards and Technology's (NIST) Board of Overseers of the Malcolm Baldrige National Quality Award. Contact Virginia Davis at or 301 975-2361. See, notice in the Federal Register, November 25, 2003, Vol. 68, No. 227, at Page 66075.

Deadline for federal branch agency Chief Information Officers (CIOs) to submit reports to the Office of Management and Budget (OMB) regarding the E-Government Act of 2002. See, November 21, 2003 memorandum from Karen Evans (Administrator for E-Government, Information and Technology Policy at the OMB) to the CIOs.

Tuesday, December 16

8:30 AM - 5:00 PM. Day one of a two day meeting of the National Institute of Standards and Technology's (NIST) Information Security and Privacy Advisory Board (ISPAB). The agenda includes "Overview of Program Activities of the NIST Information Technology Laboratory's Computer Security Division", "Update by OMB on Privacy and Security Issues", and "Briefing by Department of Homeland Security Office Privacy Officer Nuala Connor-Kelly". See, notice in the Federal Register, November 21, 2003, Vol. 68, No. 225, at Page 65681. Location: Gaithersburg Hilton Hotel, 620 Perry Parkway, Gaithersburg, MD.

1:30 - 4:30 AM. The Executive Office of the President's (EOP) Office of Science and Technology Policy's (OSTP) National Science and Technology Council's (NSTC) Committee on Technology and Committee on Homeland and National Security will hold a meeting that is closed to the public. For more information, contact John Hoyt at or 202 772-9959. Location: White House Conference Center, Truman Room.

Deadline to submit reply comments to the Federal Communications Commission (FCC) in response to its Notice of Proposed Rulemaking (NPRM) regarding implementation of 47 U.S.C. § 272(b)(1). This NPRM is FCC 03-272 in WC Docket No. 03-228. The FCC adopted this NPRM on November 3, 2003, and released it on November 4, 2003. For more information, contact Christi Shewman at 202 418-1686 or See, notice in the Federal Register, November 21, 2003, Vol. 68, No. 225 at Pages 65665 - 65667.

Wednesday, December 17

8:30 AM - 3:00 PM. The National Institute of Standards and Technology's (NIST) Board of Overseers of the Malcolm Baldrige National Quality Award will hold a meeting. The deadline to register to attend is December 15. Contact Virginia Davis at or 301 975-2361. See, notice in the Federal Register, November 25, 2003, Vol. 68, No. 227, at Page 66075. Location: NIST, Administration Building, Lecture Room A, Gaithersburg, MD.

8:30 AM - 5:00 PM. Day one of a two day meeting of the National Institute of Standards and Technology's (NIST) Information Security and Privacy Advisory Board (ISPAB). The agenda includes "Overview of Program Activities of the NIST Information Technology Laboratory's Computer Security Division", "Update by OMB on Privacy and Security Issues", and "Briefing by Department of Homeland Security Office Privacy Officer Nuala Connor-Kelly". See, notice in the Federal Register, November 21, 2003, Vol. 68, No. 225, at Page 65681. Location: Gaithersburg Hilton Hotel, 620 Perry Parkway, Gaithersburg, MD.

9:30 AM. The Federal Communications Commission (FCC) will hold a meeting. See, agenda [PDF]. Location: FCC, 445 12th Street, SW, Room TW-C05 (Commission Meeting Room).

12:15 - 1:30 PM. The Federal Communications Bar Association's (FCBA) Wireless Committee will host a luncheon panel discussion titled "Wireless Telecommunications Bureau: Current Topics and Vision for the Future". The speakers will include John Muleta, Chief of the WTB. The price to attend is $15. For more information, contact or RSVP to Location: Sidley Austin, 1501 K Street, NW, 6th Floor.

ChoicePoint Database Acquisitions Prompted Criticism in Mexico

12/8. The Electronic Privacy Information Center (EPIC) published in its web site a heavily redacted copy of a memorandum [PDF scan] titled "MEDIA HAMMERS U.S. ON ALLEGED PURCHASE OF DATABASE INFORMATION". This memorandum was sent from the U.S. Embassy in Mexico City to the Department of State in Washington DC, and other government entities. It pertains to ChoicePoint's purchase of Mexican databases.

The memorandum, which was written in April of 2003, states that "In the last three days, local media have run front-page stories on the alleged purchase by Atlanta-based ChoicePoint of the Federal Electoral Institute's (IFE) electoral registry that includes 60 million Mexican voters' data, and another database with information on six million drivers licenses from Mexico City." (The original memorandum was written in all capitals.)

"Mexican editorials have decried the alleged sale of information to the American company, spinning conspiracy theories about the information's likely use and misuse by the CIA, FBI, and DEA." The memorandum adds that "Prominent members of Congress have begun to speak out negatively on the issue", and that "a potential firestorm may be brewing."

The memorandum was also sent to the Department of Justice (DOJ), Department of Homeland Security (DHS), Department of the Treasury, the Central Intelligence Agency (CIA), and other government entities.

ChoicePoint states in its web site that it "has grown from the nation's premier source of data to the insurance industry into the premier provider of decision-making intelligence to businesses and government. Through the identification, retrieval, storage, analysis and delivery of data, ChoicePoint serves the informational needs of businesses of all sizes, as well as federal, state and local government agencies."

It further states that "Through unique filtering and delivery capabilities, ChoicePoint Public Records Group provides access to billions of public records. Our revolutionary technology – unprecedented in the information industry – makes us the preferred provider for government agencies and Fortune 1000 companies."

On May 13, 2003, the EPIC published a heavily redacted copy of a Federal Bureau of Investigation (FBI) memorandum [16 page PDF scan] titled "GUIDANCE REGARDING THE USE OF CHOICEPOINT FOR FOREIGN INTELLIGENCE COLLECTION OR FOREIGN COUNTERTERRORISM INVESTIGATIONS".

The memorandum is dated September 17, 2001. On the question of whether the FBI may use ChoicePoint's private database, the memorandum's key sections are redacted.

See, story titled "FBI Legal Memorandum Addresses FBI Use of Internet and Private Databases" in TLJ Daily E-Mail Alert No. 661, May 14, 2003.

The EPIC obtained these document in response to requests made pursuant to the Freedom of Information Act (FOIA).

More News

12/10. The U.S. District Court (DUtah) ordered a permanent injunction against ClearOne Communications. On January 15, 2003, the Securities and Exchange Commission (SEC) filed a civil complaint alleging violation of federal securities laws in connection with ClearOne's inflating company revenues and net income by engaging in improper revenue recognition. This case is SEC v. ClearOne Communications, Inc., et al., D.C. No. 2:03 CV-0055 DAK. See, SEC release.

People and Appointments

Pam Olson12/10. Pam Olson (at right), Assistant Secretary for Tax Policy at the Department of the Treasury, announced her resignation, "effective after the completion of the fiscal year 2005 budget". See, statement by John Snow and Olson's letter to President Bush.

12/9. President Bush nominated Peter Hall to be a Judge of the U.S. Court of Appeals (2ndCir). He is currently the U.S. Attorney for the District of Vermont. See, White House release.

12/9. President Bush nominated James Robart to be a Judge of the U.S. District Court (WDWash). See, White House release. He is currently the managing partner of the law firm of Lane Powell Spears & Lubersky.

Why Would Anybody Want to Launch a DDOS Attack on SCO?

12/10. SCO stated in a release that "it experienced a large scale distributed denial of service (DDoS) attack." It added that the attack caused its web site and corporate operational traffic "to be unavailable during the morning hours including e-mail, the company intranet, and customer support operations".

SCO stated that it is "working with law enforcement officials" and that it deplores these "cyber terrorist attacks".

SCO wrote a letter to Linux customers on May 12, 2003 in which it asserted that "SCO holds the rights to the UNIX operating system software" and that the "vast majority of UNIX software used in enterprise applications today is a derivative work of the software originally distributed under our UNIX Licenses."

It continued in this letter that "In recent years, a UNIX-like operating system has emerged and has been distributed in the enterprise marketplace by various software vendors. This system is called Linux. We believe that Linux is, in material part, an unauthorized derivative of UNIX."

SCO has also sued IBM in connection with its allege use of SCO's proprietary UNIX code.

This is not the first DDOS attack on SCO.

About Tech Law Journal
Tech Law Journal publishes a free access web site and subscription e-mail alert. The basic rate for a subscription to the TLJ Daily E-Mail Alert is $250 per year. However, there are discounts for subscribers with multiple recipients. Free one month trial subscriptions are available. Also, free subscriptions are available for journalists, federal elected officials, and employees of the Congress, courts, and executive branch. The TLJ web site is free access. However, copies of the TLJ Daily E-Mail Alert are not published in the web site until one month after writing. See, subscription information page.

Contact: 202-364-8882; E-mail.
P.O. Box 4851, Washington DC, 20008.
Privacy Policy
Notices & Disclaimers
Copyright 1998 - 2003 David Carney, dba Tech Law Journal. All rights reserved.