TLJ News from August 1-5, 2008

DOJ Announces Cyber Crime Indictments

8/5. On August 5, 2008, Attorney General Michael Mukasey and other government officials announced a series of criminal prosecutions that the Department of Justice (DOJ) states is the "largest hacking and identity theft case ever prosecuted" by the DOJ. See, DOJ release.

On August 5 a grand jury of the U.S. District Court (DMass) returned an indictment that charges Albert Gonzalez with computer fraud, wire fraud, access device fraud, aggravated identity theft and conspiracy in connection with his participation in a scheme to obtain the credit and debit card numbers by wardriving and hacking into the wireless computer networks of major retailers, including TJX Companies, BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW.

The DOJ also charged Christopher Scott and Damon Patrick Toey by criminal information.

The DOJ release adds that "Once inside the networks, they installed ``sniffer´´ programs that would capture card numbers, as well as password and account information, as they moved through the retailers’ credit and debit processing networks."

Also on August 5, the U.S. District Court (SDCal) unsealed an indictment previously returned by a grand jury of the District Court that charges Maksym Yastremskiy and Aleksandr Suvorov with crimes related to the sale of the stolen credit card data that Gonzalez and others illegally obtained.

The U.S. District Court (SDCal) also unsealed a third indictment that charges Hung-Ming Chiu, Zhi Zhi Wang and a third unknown defendant identified only as Delpiero with with conspiracy to possess unauthorized access devices, trafficking in unauthorized access devices, trafficking in counterfeit access devices, possession of unauthorized access devices, and aggravated identity theft.

The DOJ also charged Sergey Pavolvich, Dzmitry Burak, and Sergey Storchak by criminal information.

The DOJ release states that the indictment of Gonzalez "alleges that after they collected the data, the conspirators concealed the data in encrypted computer servers that they controlled in Eastern Europe and the United States. They allegedly sold some of the credit and debit card numbers, via the Internet, to other criminals in the United States and Eastern Europe. The stolen numbers were ``cashed out´´ by encoding card numbers on the magnetic strips of blank cards. The defendants then used these cards to withdraw tens of thousands of dollars at a time from ATMs. Gonzalez and others were allegedly able to conceal and launder their fraud proceeds by using anonymous Internet-based currencies both within the United States and abroad, and by channeling funds through bank accounts in Eastern Europe."

Gonzalez is in custody in the U.S. Yastremskiy is in custody in Turkey. Suvorov is in custody in Germany. The U.S. seeks extradition of both.

See also, DOJ document [PDF] titled "Fact Sheet: Department of Justice Efforts to Combat Cyber Crime".

FCC Grants Qwest Forbearance Previously Deemed Granted to Verizon

8/5. The Federal Communications Commission (FCC) adopted and released a Memorandum Opinion and Order (MO&O) [41 pages in PDF] granting in part and denying in part Qwest's petition that the FCC forbear from from applying Title II of the Communications Act and its Computer Inquiry rules to certain broadband services.

Summary of MOO. The MO&O states that "we grant substantial forbearance relief to Qwest with regard to its existing packet-switched broadband telecommunications services and its existing optical transmission services. We also grant Qwest forbearance from its obligations under the Computer Inquiry rules in connection with these services, conditioned on its compliance with the Computer Inquiry obligations that apply to all non-incumbent local exchange carrier (LEC) facilities-based wireline carriers." (Footnote omitted.)

It continues that "In all other respects, Qwest’s request for forbearance is denied. In particular, we deny forbearance from any statutory or regulatory requirement that applies to common carriers or LECs generally regardless of whether they are incumbents or competing carriers. We also deny forbearance, except as stated above with regard to the Computer Inquiry rules, from any statutory or regulatory requirements that apply to Qwest in its capacity as an incumbent LEC or Bell Operating Company (BOC)."

This MO&O adds that "Qwest must meet its public policy obligations under Title II and the Commission’s implementing rules with respect to the services at issue." A footnote identifies "e.g., 47 U.S.C. §§ 222, 225, 229, 251(a)(2), 254, 255."

§222 is titled "Privacy of customer information" and pertains to CPNI.

§225 is titled "Telecommunications services for hearing-impaired and speech-impaired individuals".

§229 is titled "Communications Assistance for Law Enforcement Act compliance". It mandates that carriers maintain wiretap and other surveillance capabilities. FCC rules have extended CALEA mandates to certain non-carriers.

§151(a)(2) provides that "Each telecommunications carrier has the duty ... not to install network features, functions, or capabilities that do not comply with the guidelines and standards established pursuant to section 255 or 256 of this title".

§254 pertains to universal service.

§255 is titled "Access by persons with disabilities".

§256 is titled "Coordination for interconnectivity".

The FCC's MO&O concludes that "This preserves important public policies related to 911, emergency preparedness, customer privacy, and universal service in connection with the broadband services for which we grant relief."

This MO&O also states that it was adopted on July 22, 2008. The FCC did not release, or announce, this MO&O at that time.

This MO&O is FCC 08-168 in WC Docket No. 06-125.

Deemed Granting of Verizon's Petition for Forbearance. The FCC previously extended similar regulatory relief to Verizon. See, story titled "FCC Announces that Verizon Petition for Forbearance is Deemed Granted" in TLJ Daily E-Mail Alert No. 1,334, March 22, 2006.

In March 2006 there were two Republican Commissioners who supported forbearance (Martin and Tate) and two Democratic Commissioners who opposed forbearance (Copps and Adelstein). Now, there is fifth Commission (McDowell), a Republican who supported forbearance.

The relevant statute provides that petitions for forbearance are deemed granted if the FCC does not grant or deny the petition within the time limit. Hence, the Verizon petition was deemed granted because of the 2-2 split, while the Qwest petition was granted by MO&O because 3 of 5 Commissioners supported it.

Section 10(c) of the Communications Act, which is codified at 47 U.S.C. § 160(c), provides, in part, that "Any telecommunications carrier, or class of telecommunications carriers, may submit a petition to the Commission requesting that the Commission exercise the authority granted under this section with respect to that carrier or those carriers, or any service offered by that carrier or carriers. Any such petition shall be deemed granted if the Commission does not deny the petition for failure to meet the requirements for forbearance under subsection (a) of this section within one year after the Commission receives it, unless the one-year period is extended by the Commission. The Commission may extend the initial one-year period by an additional 90 days if the Commission finds that an extension is necessary to meet the requirements of subsection (a) of this section. The Commission may grant or deny a petition in whole or in part and shall explain its decision in writing."

The just released MO&O states that "We also decline in the context of this forbearance petition to explain, clarify, or otherwise address the forbearance that Verizon was deemed granted by operation of law".

Furthermore, it reject the argument that the deemed granted status of the Verizon forbearance petition has "precedential value, or binds or otherwise limits our responsibility to evaluate Qwest’s forbearance petition and the other petitions that are before us on their merits."

See also, story titled "House Subcommittee Holds Hearing on FCC Forbearance Procedures" in TLJ Daily E-Mail Alert No. 1,799, July 24, 2008.

Statements by Commissioners. FCC Commissioner Robert McDowell wrote in his statement [PDF] that this MOO streamlines "regulation of the enterprise broadband market" and brings "Qwest into regulatory parity with other similarly situated price cap carriers".

FCC Chairman Kevin Martin wrote in his statement [PDF] that "Broadband access is essential to an expanding Internet-based information economy. Promoting broadband deployment is one of the highest priorities of the FCC. To accomplish this goal, the Commission seeks to establish a policy environment that facilitates and encourages broadband investment, allowing market forces to deliver the benefits of broadband to consumers. Today, we take another step in establishing a regulatory environment that encourages such investments and innovation".

FCC Commissioners Michael Copps and Jonathan Adelstein wrote in their joint dissenting statement [PDF] that the FCC "continues down its ill-considered road of granting far-reaching forbearance to petitioners seeking relief from Title II and Computer Inquiry obligations associated with certain broadband enterprise services. As was the case in last year’s AT&T Title II and Computer Inquiry Forbearance Order addressing largely the same issues raised by Qwest here, there is insufficient evidence to support forbearance in this case."

They added that the "is bent on continuing its headlong rush to eliminate large swaths of its rules under the guise of forbearance and absent the kind of industry-wide reviews that would enable us to assess the marketplace as a whole. We believe this is an egregious mistake."

July 25 MOO. On July 25, 2008, the FCC adopted and released a Memorandum Opinion and Order (MO&O) [39 pages in PDF] in which its denied four petitions for forbearance submitted by Qwest Communications.

Qwest requested that the FCC forbear from applying its loop and transport unbundling rules, promulgated pursuant to 47 U.S.C. § 251(c) and 47 U.S.C. § 271(c)(2)(B)(ii), in Denver, Colorado, Minneapolis St. Paul, Minnesota, Phoenix, Arizona, and Seattle, Washington.

See, story titled "FCC Denies Forbearance Petitions" in TLJ Daily E-Mail Alert No. 1,800, July 25, 2008.

FCC Releases XM Sirius Merger Order

8/5. The Federal Communications Commission (FCC) released the text [109 pages in PDF] of its Memorandum Opinion and Order and Report and Order (MO&O and R&O) approving the merger of XM and Sirius, subject to price controls, programming mandates, non-commercial and educational (NCE) channel set asides, and other rents and restrictions.

The FCC also released an accompanying Order and Consent Decree [25 pages in PDF] that fines (nominally a "voluntary contribution") XM $17,394,375 Million, and an Order and Consent Decree [24 pages in PDF] that fines Sirius $2,200,000, for operating terrestrial repeaters at variance from their specification, and authorizing non-compliant FM modulators.

The FCC approved the merger on July 25, 2008, by a vote 3-2, without a public meeting. See, story titled "FCC Approves XM Sirius Merger" in TLJ Daily E-Mail Alert No. 1,800, July 25, 2008. The FCC issued a release [PDF] describing its decision on July 28, 2008.

On March 24, 2008, the Department of Justice's (DOJ) Antitrust Division announced that it will not challenge the merger. It imposed no conditions. See, story titled "DOJ Won't Challenge XM Sirius Merger" in TLJ Daily E-Mail Alert No. 1,736, March 25, 2008.

Doe Plaintiffs File Second Amended Complaint in AutoAdmit Case

8/5. Two anonymous plaintiffs, identified as Doe I and Doe II, filed their second amended complaint [20 pages in PDF] in U.S. District Court (DConn) against Matthew C. Ryan and others alleging online publicity, infliction of emotional distress, defamation and copyright infringement, in connection with postings on the AutoAdmit web site, which focuses on discussions of admissions to posh colleges and law schools.

The complaint alleges that the plaintiffs are female law students at Yale Law School who have been the subject of numerous postings in the AutoAdmit web site. The items quoted in the complaint are in the nature of student trash talk about women who gain admission to top schools.

The complaint alleges copyright infringement (based upon publication of photographs), appropriation of name or likeness, unreasonable publicity, publicity that places another in a false light before the public, intentional infliction of emotional distress, negligent infliction of emotional distress, and libel.

All of these claims are state law claims, except copyright infringement. The large number of anonymous defendants suggests that complete diversity of citizenship will not exist. Thus, the copyright claim may be asserted for the purpose of manufacturing federal question jurisdiction.

The two plaintiffs filed their original complaint [17 pages in PDF] on June 8, 2007, naming as defendants Anthony Ciolli, administrator of the AutoAdmit web site, and numerous anonymous speakers. Ciolli is not named as a defendant in the just filed second amended complaint.

That case is Doe I and Doe II v. Matthew C. Ryan, et al., U.S. District Court for the District of Connecticut, D.C. No. 307CV00909 CFD.

People and Appointments

8/5. Alison Pepper joined the Interactive Advertising Bureau (IAB) as Director of Public Policy. She was previously Manager for Government Affairs at Experian. Mike Zaneis remains the IAB's VP of Public Policy. See, IAB release.

More News

8/5. Sony Corporation announced in a release that it has agreed to acquire Bertelsmann AG's 50% stake in Sony BMG. Sony added that the new company will be named "Sony Music Entertainment Inc.", and will be wholly owned subsidiary of Sony Corporation of America.

8/5. The U.S. District Court (DC) issued its opinion [15 pages in PDF] in Verizon v. CWA, AFL-CIO, granting Verizon's motion for partial vacation of an arbitration award rendered under a collective bargaining agreement between Verizon and the Communications Workers of America (CWA). This pertains to wage rates for certain Verizon employees. This case is Verizon Washington, D.C., Inc. v. Communications Workers of America, AFL-CIO, U.S. District Court for the District of Columbia, D.C. No. No. 07-1460 (PLF), Judge Paul Friedman presiding.

8/5. The U.S. Court of Appeals (8thCir) issued its opinion [15 pages in PDF] in NECA-IBEW Pension Fund v. Hutchinson Technology, a class action securities case against Hutchinson Technology, which makes suspension assemblies for hard disk drives, alleging violation of Section 10b of the Securities Exchange Act. The District Court dismissed the complaint for failing to meet the heightened pleading standards for falsity and scienter required by the Private Securities Litigation Reform Act (PSLRA). The Court of Appeals affirmed. This case is NECA-IBEW Pension Fund v. Hutchinson Technology, Inc., et al., U.S. Court of Appeals for the 8th Circuit, App. Ct. No. 07-2622, an appeal from the U.S. District Court for the District of Minnesota. Judge Smith wrote the opinion of the Court of Appeals, in which Judges Bye and Colloton joined.

8/5. The U.S. Court of Appeals (3rdCir) issued its opinion [36 pages in PDF] in E.T. Browne Drug v. Cococare Products, a trademark dispute. The District Court granted summary judgment to Cococare, concluding that the term at issue is generic and thus not entitled to protection under trademark law. The Court of Appeals affirmed with a different analysis. It concluded that there are genuine issues of material fact on the genericness issue, but that E.T. Browne failed to present evidence as to secondary meaning. However, it remanded to the District Court to write an appropriate order. This case is E.T. Browne Drug Co. v. Cococare Products, Inc., U.S. Court of Appeals for the 3rd Circuit, App. Ct. Nos. 06-4543 and 06-4658, appeals from the U.S. District Court for the District of New Jersey, D.C. No. 03-cv-05442, Judge Peter Sheridan presiding. Judge Ambro wrote the opinion of the Court of Appeals, in which Judges Sloviter and Louis Pollak, sitting by designation, joined.

8/5. A grand jury of the U.S. District Court (EDVa) returned an indictment that charges John Kenneth Leighnor, Jr., with three counts of mail fraud and eight counts of aggravated identity theft in connection with his involvement "in an ongoing identity theft scheme that he coordinated from the Federal Correctional Institute in Petersburg, Virginia". See, release of the Office of the U.S. Attorney for the Eastern District of Virginia.

Mike Gallagher8/5. The Entertainment Software Association (ESA), which, among other things, brings judicial challenges to state laws that attempt to regulate video games, announced in a release that the state of California paid it $282,794 for attorney's fees "after the state attempted to defend an unconstitutional law restricting the constitutional rights of video game publishers, developers and consumers". Mike Gallagher (at left), head of the ESA, stated in this release that "California deserves more from its legislators than pursuing flawed legislation. ... Rather than tackling real problems affecting Californians, they chose to waste time, money and state resources. It is shameful that legislators pursued personal agendas in spite of the facts."

FTC's Chief Administrative Law Judge Will Leave FTC

8/4. Stephen McGuire, Chief Administrative Law Judge for the Federal Trade Commission (FTC), will leave the FTC. He will become Vice President for Compliance & Ethics at the University of Louisville Hospital in Louisville, Kentucky. McGuire is from Louisville. See, FTC release.

McGuire is the administrative law judge who presided in the FTC's administrative action against Rambus.

On June 19, 2002, the FTC filed an administrative complaint against Rambus alleging anti-competitive behavior in connection with its participation in a standard setting body for dynamic random access memory (DRAM) products. See, story titled "FTC Files Administrative Complaint Against Rambus" in TLJ Daily E-Mail Alert No. 455, June 20, 2002.

On February 17, 2004, McGuire dismissed the FTC's complaint. See, story titled "ALJ Dismisses FTC Complaint Against Rambus" in TLJ Daily E-Mail Alert No. 839, February 18, 2004.

However, on August 2, 2006, the Commission reversed his decision. The FTC opinion [120 pages in PDF] concluded that Rambus unlawfully monopolized the markets for four computer memory technologies that have been incorporated into industry standards for DRAM chips. See, story titled "FTC Holds That Rambus Unlawfully Monopolized Markets" in TLJ Daily E-Mail Alert No. 1,427, August 8, 2006.

But then, on April 22, 2008, the U.S. Court of Appeals (DCCir) issued its opinion [24 pages in PDF], setting aside the FTC's order. That case is Rambus v. FTC, U.S. Court of Appeals for the District of Columbia, App. Ct. Nos. 07-1086 and 07-1124, petitions for review of final orders of the FTC.

See, story titled "Court of Appeals Rules in Rambus v. FTC" in TLJ Daily E-Mail Alert No. 1,752, April 23, 2008.

See also, the FTC's web page that lists and hyperlinks to pleading in its proceeding titled "In the Matter of Rambus Incorporated", which is FTC Docket No. 9302.

Devices That Interfere With Cable TV's Pay Per View Billing Violate Both DMCA and Section 553

8/4. The U.S. Court of Appeals (1stCir) issued its opinion in Coxcom v. Chafee, affirming the summary judgment of the District Court for a cable television company against sellers of electronic devices that prevented the cable company from receiving pay per view billing information from subscribers' set top boxes. See, full story.

2nd Circuit Reverses in Remote Storage DVR Copyright Case

8/4. The U.S. Court of Appeals (2ndCir) issued its opinion [44 pages in PDF] in Cartoon Network v. CSC Holdings, reversing the judgment of the District Court, and holding that CSC's Remote Storage Digital Video Recorder (RS-DVR) system does not violate the Copyright Act by infringing plaintiffs' exclusive rights of reproduction and public performance. See, full story.

FCC Announces Tentative Agenda for August 22 Event

8/4. The Federal Communications Commission (FCC) has scheduled an event titled "Open Meeting" for Friday, August 22, 2008. On August 4 it released a document [PDF] titled in part "Tentative Agenda". It lists seven items.

1. This tentative agenda discloses that the FCC may adopt a Memorandum Opinion and Order on Reconsideration regarding "issues raised in petitions for reconsideration of the Roaming Report and Order".

The FCC adopted its roaming order on August 7, 2007, and released the text [73 pages in PDF] on August 16, 2007. It is FCC 07-143 in WT Docket No. 05-265. It provides that CMRS carriers have roaming obligations as to Title II services. See also, story titled "FCC Adopts CMRS Roaming Order and NPRM" in TLJ Daily E-Mail Alert No. 1,623, August 15, 2007.

See, SpectrumCo's October 1, 2007, petition for reconsideration [18 pages in PDF], Sprint Nextel's October 1, 2007, petition for reconsideration [10 pages in PDF], T-Mobile USA's October 1, 2007, petition for reconsideration [9 pages in PDF], MetroPCS's October 1, 2007, petition for reconsideration [27 pages in PDF], and Leap Wireless's September 28, 2007, petition for reconsideration [26 pages in PDF].

And see, AT&T's November 6, 2007 opposition [16 pages in PDF] and SouthernLINC's November 6, 2007 opposition [27 pages in PDF].

2. This tentative agenda discloses that the FCC may adopt a Notice of Proposed Rulemaking (NPRM) and Order regarding "the operation of broadcast low power auxiliary stations (including wireless microphones) within the 700 MHz Band". (Parentheses in original.)

For discussions of this issue see March 10, 2008, essay by Michael Marcus titled "Wireless Mics are a Legitimate Use of Spectrum: They Deserve More from FCC than Benign Neglect that Allows Most Users Only Criminal Spectrum Squatting", and March 25, 2008, essay by Harold Feld of the Public Knowledge titled "The 19 Billion Dollar Loophole".

See also, 47 C.F.R. § 74.802.

3. This tentative agenda discloses that the FCC may adopt a NPRM that requests public comments regarding "implementing the New and Emerging Technologies (NET) 911 Improvement Act of 2008".

On July 23, 2008, President Bush signed into law HR 3403 [LOC | WW], the "New and Emerging Technologies 911 Improvement Act of 2008". See, White House release.

This bill requires interconnected VOIP service providers to provide 911 and E911 services. The FCC already mandated this by rulemaking in 2005. This bill affirms, revises, and further defines the legal framework. It also requires the FCC to write implementing regulations.

The FCC adopted its 911 VOIP order on May 19, 2005, and released the text [90 pages in PDF] on June 3, 2005. See story titled "FCC Releases VOIP E911 Order" in TLJ Daily E-Mail Alert No. 1,148, June 6, 2005. See also, stories titled "FCC Adopts Order Expanding E911 Regulation to Include Some VOIP Service Providers", "Summary of the FCC's 911 VOIP Order", "Opponents of FCC 911 VOIP Order State that the FCC Exceeded Its Statutory Authority", and "More Reaction to the FCC's 911 VOIP Order", in TLJ Daily E-Mail Alert No. 1,139, May 20, 2005.

4. This tentative agenda discloses that the FCC may adopt a Notice of Inquiry (NOI) that requests public comment regarding "ways to improve the management and administration of the Universal Service Fund".

5. This tentative agenda discloses that the FCC may adopt a Fourth Report & Order that amends Part 76 of the FCC's rules regarding carriage of digital television broadcast signals. See, 47 C.F.R. Part 76. Subpart D pertains to carriage of television broadcast signals.

6. This tentative agenda discloses that the FCC may adopt an Order regarding "Fireside Media and its participation in Auction No. 37". See, FCC's web page for Auction 37.

7. This tentative agenda discloses that the FCC may adopt a Notice of Apparent Liability for Forfeiture and Order for DTV Tuner Violation.

People and Appointments

8/4. Rita Lewis was named Senior Vice President of the National Cable & Telecommunications Association (NCTA). She will manage the NCTA's government relations team. She has replaces Steve Vest. See, NCTA release.

8/4. Steve Vest joined Time Warner as Senior Vice President for Global Public Policy.

8/4. Jane Creel was named Vice President for Finance and Operations of the Technology Policy Institute (TPI).

House Commerce Committee Leaders Send Interrogatories to Internet Companies Regarding Advertising Practices

8/1. Rep. John Dingell (D-MI) and other leaders of the House Commerce Committee (HCC) sent a bipartisan letter [PDF] to Google, Yahoo, Microsoft, and 30 other internet companies regarding "the growing trend of companies tailoring Internet advertising based upon consumers' Internet search, surfing, or other use".

Rep. John Dingell The letter is signed by Rep. Dingell (at right), Rep. Joe Barton (R-TX), Rep. Ed Markey (D-MA) and Rep. Cliff Stearns (R-FL), the Chairman and ranking Republicans on the HCC and its Subcommittee on Telecommunications and the Internet.

The four wrote that "questions have been raised regarding the applicability of privacy protections in the Communications Act of 1934, the Cable Act of 1984, the Electronic Communications Privacy Act, and other statutes to such practices, and whether legislation is needed to ensure that the same protections apply regardless of the particular technologies or companies involved."

They then propound 11 written interrogatories, most of which are multipart, to be answered in writing by each of the companies within one week -- Friday, August 8, 2008.

They ask, "Has your company at any time tailored, or facilitated the tailoring of, Internet advertising based on consumers' Internet search, surfing, or other use?"

They then ask the companies to describe the nature and extent of their practices.

Some of the information sought is privileged. For example, the four ask, "Has your company conducted a legal analysis of the applicability of consumer privacy laws to such practice? If so, please explain what that analysis concluded." They also ask the companies to disclose privileged attorney client communications pertaining to opt-out notices.

The four HCC leaders sent their letter to America Online (AOL), AT&T, Bresnan Communications, Bright House Networks, CableOne, Cablevision, Cbeyond, CenturyTel, Charter, Citizen Communications, Comcast, Covad, Cox, Earthlink, Google, Insight, Knology, Level 3, Mediacom, Microsoft, PAETEC, Qwest, RCN, Suddenlink, Time Warner Cable, tw telecom, WideOpenWest, TDS Telecom, United Online, Windstream Communications, Verizon, XO Communications, and Yahoo.

See also, HCC release.

FCC Asserts Authority to Regulate Network Management Practices

8/1. The Federal Communications Commission (FCC) announced that it adopted an order asserting adjudicatory authority to enforce its policy statement [3 pages in PDF] of August 5, 2005, and to regulate the network management practices of broadband service provides.

This order, which has not been released, pertains to Comcast's management of certain peer to peer traffic.

The Commission split 3-2, with Martin, Adelstein and Copps forming the majority, and McDowell and Tate dissenting.

The FCC issued a release [3 pages in PDF] that describes its not yet existent order, and each of the five Commissioners read statements at an FCC event on Friday, August 1, 2008.

This FCC release announces the FCC's "intention to exercise its authority to oversee federal Internet policy in adjudicating this and other disputes regarding discriminatory network management practices".

Comcast's Sena Fitzmaurice responded in a release that "we believe that our network management choices were reasonable, wholly consistent with industry practices and that we did not block access to Web sites or online applications, including peer-to-peer services."

Fitzmaurice added that the FCC's order "raises significant due process concerns and a variety of substantive legal questions. We are considering all our legal options and are disappointed that the commission rejected our attempts to settle this issue without further delays."

See, full story.

FCC Approves RCC Transfers to Verizon Wireless, Subject to Conditions

8/1. The Federal Communications Commission (FCC) adopted and released a Memorandum Opinion and Order and Declaratory Ruling [98 pages in PDF] that approves, subject to conditions, the transfer of control of licenses held by Rural Cellular Corporation (RCC) and its subsidiaries to Cellco Partnership d/b/a Verizon Wireless.

The FCC concluded that the transfers are in the "public interest, convenience, and necessity", subject to certain conditions.

It wrote that "Because the proposed transaction would result in the combination of overlapping mobile telephony coverage and services, we applied an initial screen to identify those markets in which there clearly is no competitive harm. The initial screen indicated that there was no competitive harm in most of the overlap markets, but identified 17 markets in which a market-by-market competitive analysis was necessary. We then conducted a market-by-market competitive analysis to examine the potential consequences of increasing Verizon Wireless’s market share and spectrum holdings in those markets. We find that competitive harm is unlikely in most of these markets, primarily because multiple other service providers in these markets would be an effective competitive constraint on the behavior of the merged entity."

It added that "With regard to six local areas, however, our case-by-case analysis indicates that competitive harms likely will result. In these areas, we impose narrowly tailored conditions that will effectively remedy the potential for these particular harms."

Commissioner Michael Copps wrote in his statement [PDF] that he dissents to "the portion of the item that includes the 700 MHz spectrum band in calculating the spectrum screen used in this transaction. The licenses won in our auction earlier this year will not even be available for use until February 2009 and it may be several years before it is ever used commercially by a majority of licensees. As I have explained in earlier statements, we have already been cavalier in applying this altered spectrum screen to prior transactions and we ought not put the cart before the horse yet again in an effort to encourage still more consolidation in the wireless industry."

Commissioner Jonathan Adelstein wrote in his statement [PDF] that it was "premature" to include this spectrum in this evaluation, but he nevertheless concurred.

See also, FCC release [PDF]. This item is FCC 08-181 in WT Docket No. 07-208.

Law Professors Argue for Dismissal of MySpace Section 1030 Prosecution

8/1. A set of groups and law professors filed an amicus curiae brief [46 pages in PDF] with the U.S. District Court (CDCal) in U.S. v. Drew, a criminal prosecution charging violation of the computer hacking statute, 18 U.S.C. § 1030, by a MySpace user who allegedly violated MySpace's terms of service.

These groups and professors argue that violating a web site's terms of service does not constitute a criminal violation of Section 1030, which is also known as the "Computer Fraud and Abuse Act", or "CFAA".

They also argue that the government's application of Section 1030 violates the First Amendment right to speak anonymously.

Finally, they argue that criminal prosecution based upon violation web site terms of service (TOS) violates due process of law because TOS do not constitute adequate notice.

Background. On May 15, 2008, a grand jury of the District Court returned a four count indictment [PDF] that charges Lori Drew with violation of the Section 1030, as well as conspiracy and aiding and abetting.

This indictment alleges that she violated the TOS of the social networking web site MySpace. It alleges that Drew is an adult woman who created a fake MySpace profile of a teenage boy, and proceeded to cyber bully a teenage girl named Megan Meier who also used MySpace.

The key allegation in the indictment regarding harassment is that Drew, using her MySpace alias, "told M.T.M., in substance, that the world would be a better place without M.T.M in it." The indictment alleges that Meier killed herself the same day.

The indictment does not charge MySpace or Fox Interactive Media, Inc.

The indictment states that "the MySpace TOS requires prospective members, members and users of the website to ... Provide truthful and accurate registration information" and to "Refrain from using any information obtained from MySpace services to harass, abuse, or harm other people".

It alleges that Drew's registration with MySpace, use of MySpace information, and sending communications to Meier, constituted intentionally accessing "a computer used in interstate and foreign commerce without authorization and in excess of authorized access, and by means of an interstate communication, obtain information from that computer to further a tortious act, namely infliction of emotional distress, in violation of 18 U.S.C. §§ 1030(a)(2)(C), (c)(2)(B)(2).

See also, story titled "Lori Drew Pleads Not Guilty in Section 1030 Case" in TLJ Daily E-Mail Alert No. 1,784, June 23, 2008.

Amicus Brief. The amici argue first that "A MySpace account holder does not gain unauthorized access or exceed authorized access to MySpace servers by disregarding conditions set forth in that service's" TOS.

They also argue that "Individuals have the qualified right to speak anonymously, including on the internet, so criminal prosecution for failing to supply accurate identifying information to an online communications service endangers First Amendment rights. Yet one of the alleged violations of the MySpace terms of service on which the Government bases this Indictment is Defendant’s use of a fictitious name in registering for an account."

They add that "Under the Government's construction of the CFAA, speech that violates any terms of service would be unauthorized or in excess of authorization and potentially criminal. If the comment policy of a web site specified ``no comments favorable to Democrats´´ or ``no comments that are off-topic´´ or ``no bad stuff´´ those expressions too would be swept into the reach of the CFAA."

Third, the amici offer a due process notice argument. They argue that "Grounding criminal liability under section 1030(a)(2)(C), as the Government seeks to do here, on an interpretation of ``access without authorization´´ and/or ``exceeds authorized access´´ that is based entirely on whether a person has fully complied with the vagaries of privately created, frequently unread, generally lengthy and impenetrable terms of service would strip the statute of adequate notice to citizens of what conduct is criminally prohibited and render it hopelessly and unconstitutionally vague."

The amici offers several points in support of their due process argument.

The assert that "The fallacy of any notion that internet users are on ``fair notice´´ that disregarding the terms of service of the many web sites and web services they visit puts them at risk of serious criminal liability is revealed by the widespread (and widely accepted) understanding that large numbers of users never read these terms, or read and understand only limited portions of them." (Parentheses in original.)

The amici also note that "Many terms of service contain clauses which state that the website owner can unilaterally change the terms at any time, and that continued use of the website implies acceptance of the new terms."

Finally, they argue that "Many web site terms contain conditions that are themselves vague, arbitrary or even fanciful. They are not written by their private drafters with the precision and care that would be expected -- indeed required -- of operative provisions in a criminal statute. Yet operative criminal provisions are precisely what routine business terms would be transformed into under the Government's interpretation of § 1030(a)(2)(C)."

Case Information. The groups and law professors associated with this brief include the Electronic Frontier Foundation (EFF), Public Citizen, Center for Democracy and Technology (CDT), Susan Brenner (University of Dayton), Lauren Gelman (Stanford), Llewellyn Gibbons (University of Toledo), Eric Goldman (Santa Clara University), Mark Lemley (Stanford), Philip Malone (Harvard Law School's Berkman Center), William McGeveran (University of Minnesota), Paul Ohm (University of Colorado), Malla Pollack (Barclay School of Law), Michael Risch (West Virginia University), Jason Schultz (UC Berkeley), Brian Slocum (University of the Pacific), Daniel Solove (George Washington University), and Robert Weisberg (Stanford).

The District Court has scheduled a hearing or September 4, 2008, at 8:30 AM.

This case is U.S. v. Lori Drew, U.S. District Court for the Central District of California, D.C. No. CR-08-0582-GW, Judge George Wu presiding.

Groups Argue E-Mail System Hacking Violates Wiretap Act

8/1. Three groups filed amicus briefs with the U.S. Court of Appeals (9thCir) in Bunnell v. MPAA, a case involving the question of whether acquiring e-mail by hacking into e-mail systems to cause forwarding to the hacker that is contemporaneous to the transmission of the e-mail constitutes a violation of the federal Wiretap Act.

The District Court held that there is no violation of the Wiretap Act because there is no interception. Rather, there was accessing of something in electronic storage.

On August 1, 2008, three groups concerned with privacy in the context of information technologies filed amicus curiae briefs urging the Court of Appeals to reverse the District Court. See, brief [21 pages in PDF] of the Electronic Privacy Information Center (EPIC) and brief [38 pages in PDF] of the Electronic Frontier Foundation (EFF). Stanford's Center for Internet and Society also filed an amicus brief. The plaintiffs / appellants filed their redacted brief [163 pages in PDF] on July 22, 2008.

This case arises out of ongoing battles between operators of peer to peer systems and the movie and record industries. However, while the fate of Justin Bunnell and the MPAA may not be of concern to readers, the issue in this case is significant for the privacy of e-mail communications.

There are two important statutes, the Wiretap Act and Stored Communications Act (SCA). The Wiretap Act offers more procedural protections when the government seeks access. The Wiretap Act offers more remedies to injured parties. Also, the Wiretap Act affects a wider range of actors; the SCA provides an exemption for service providers. Hence, if Bunnell prevails on this issue, e-mail privacy will be enhanced.

There are other issues on appeal not covered in this story, including trade secrets, federal preemption of the California Invasion of Privacy Act, and the California Unfair Competition Law.

Statute. The Stored Communications Act (SCA) is codified at 18 U.S.C. §§ 2701-2712. However, the plaintiffs assert violation of the Wiretap Act, which is codified at 18 U.S.C. §§ 2510-2522.

18 U.S.C. § 2511 provides, in part, that "any person who ... intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication ... shall be punished".

It also provides that "any person who ... intentionally uses, or endeavors to use, the contents of any wire, oral, or electronic communication, knowing or having reason to know that the information was obtained through the interception of a wire, oral, or electronic communication in violation of this subsection ... shall be punished".

The plaintiffs do not allege that the MPAA hacked or intercepted. However, the plaintiffs allege that the MPAA knew or had reason to know of the hacker's alleged violation of the Wiretap Act.

18 U.S.C. § 2510 provides definitions for the Wiretap Act.

It defines "intercept" to mean "the aural or other acquisition of the contents of any wire, electronic, or oral communication through the use of any electronic, mechanical, or other device".

It defines "wire communication" to mean "any aural transfer made in whole or in part through the use of facilities for the transmission of communications by the aid of wire, cable, or other like connection between the point of origin and the point of reception (including the use of such connection in a switching station) furnished or operated by any person engaged in providing or operating such facilities ...". (Parentheses in original.)

It should be noted that the Electronic Communications Privacy Act of 1986 (ECPA), Public Law No. 99-508, added the phrase "any electronic storage of such communication" to the definition of "wire communication". Title II of the ECPA enacted the SCA. However, the inclusion of "electronic storage" within the definition of "wire communication" was removed by Section 209 of the USA PATRIOT Act in 2001.

Section 2510 defines "oral communication" to mean "any oral communication uttered by a person exhibiting an expectation that such communication is not subject to interception under circumstances justifying such expectation, but such term does not include any electronic communication".

It defines "electronic communication" to mean "any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectronic or photooptical system that affects interstate or foreign commerce, but does not include -- (A) any wire or oral communication; (B) any communication made through a tone-only paging device; (C) any communication from a tracking device ...; or (D) electronic funds transfer information stored by a financial institution ..." (Parentheses in original.)

The parties do not dispute that e-mail is an "electronic communication".

Section 2510 defines "electronic communications system" to mean "any wire, radio, electromagnetic, photooptical or photoelectronic facilities for the transmission of wire or electronic communications, and any computer facilities or related electronic equipment for the electronic storage of such communications".

It defines "electronic storage" to mean "any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission thereof" and "any storage of such communication by an electronic communication service for purposes of backup protection of such communication".

Proceedings Below. The plaintiffs before the U.S. District Court (CDCal), and appellants before the Court of Appeals, are Justin Bunnell, Forrest Parker, Wes Parker, and Valence Media, Ltd. The District Court's order states that they "own and operate a website as part of an online computer network known as ``BitTorrent´´, which is a peer-to-peer network that facilitates the copying and distribution of large files". See also, BitTorrent web site.

The defendant below, and appellee before the Court of Appeals, is the Motion Picture Association of America (MPAA).

Another person, Rob Anderson, hacked into the e-mail system used by the plaintiffs. (The District Court's order places the word hacked within quotation marks.) The order states that "Once he obtained access to the administrative functions of Plaintiffs' email server software, he enabled the software's ``copy and forward´´ function. Anderson configured the server software to that every incoming and outgoing email message would also be copied and forwarded to his anonymous Google email account."

Anderson later sold copies of some of this e-mail to the MPAA for $15,000.

Also, there was a separate civil action in the U.S. District Court (CDCal), Columbia Pictures, et al. v. Justin Bunnell, et al., CV-06-1093, in which MPAA members sued Bunnell asserting various theories of secondary copyright infringement liability (inducement, contributory, and vicarious) in connection with their operation of the TorrentSpy web site. That case was active at the time that the District Court issued the order under appeal. However, TorrentSpy has since shut down, and the District Court ruled in favor of the movie companies.

In the present action Bunnell and others filed a complaint in the District Court alleging, among other claims, violation of the federal Wiretap Act.

The District Court issued its order [12 pages in PDF] granting summary judgment to the MPAA on August 22, 2007. It held that there was no interception within the meaning of the Wiretap Act.

It wrote that "An electronic communication may not simultaneously be actionable under both the Wiretap Act and the SCA." Moreover, "the duration of the storage of the electronic communication is immaterial", as is whether they had been read by the intended recipient.

Precedent. The District Court relied upon Konop v. Hawaiin Airlines, 302 F.3d 868 (9th Cir. 2002), Theofel v. Farey-Jones, 359 F.3d 1066 (9th Cir. 2004), and Quon v. Arch Wireless, 445 F.Supp.2d 1116 (2007).

In Konop, the Court of Appeals held that the unauthorized accessing of messages posted to a password protected web site does not violate the Wiretap Act because the Wiretap Act only covers messages intercepted during transmission, not those intercepted in storage. See, opinion [39 pages in PDF] and story titled "9th Circuit Rules on Application of Wiretap Act and Stored Communications Act to Secure Web Sites" in TLJ Daily E-Mail Alert No. 498, August 26, 2002.

In Theofel, the Appeals Court held that overbroad Rule 45, FRCP, subpoenas for e-mail messages may give rise to a private right of action under the Stored Communications Act or the Computer Fraud and Abuse Act, but not the Wiretap Act. See, August 28, 2003, opinion [15 pages in PDF] and story titled "9th Circuit Holds That An Unlawful Subpoena to ISP for E-Mail Can Violate the Stored Communications Act" in TLJ Daily E-Mail Alert No. 729, August 29, 2003. See also, February 17, 2004, amended opinion [23 pages in PDF].

The District Court's opinion in Quon v. Arch Wireless has since been affirmed in part and reversed in part by the June 18, 2008, opinion [PDF] of the Court of Appeals.

The District Court's opinion does not cite US v. Councilman, 418 F.3d 67. On August 11, 2005, the U.S. Court of Appeals (1stCir) issued its divided en banc opinion holding that the Wiretap Act does apply to e-mail in transient storage.

EPIC Brief. The EPIC urges the Court of Appeals to reverse the District Court. It focuses on the language of the statute, its legislative history, and its interpretation by the 1st Circuit in its opinion in Councilman.

The EPIC brief states that "According to the Defendant's theory, the absence of the phrase ``electronic storage´´ in the definition of ``electronic communication,´´ when viewed in light of its inclusion in the definition of ``wire communication,´´ reflects an intention to exclude stored electronic communications from the Wiretap Act's protections."

The EPIC brief argues that this misconstrues the statute, and the analysis in Councilman.

"The fact that the communications intercepted in this case were briefly in ``electronic storage´´ tells us nothing about whether the Defendant's conduct violated the Wiretap Act."

The EPIC brief continues that "To appreciate this point in greater detail, it helps to step back and recall Congress's basic goal of expanding the electronic privacy laws in light of technological change when it passed ECPA in 1986. By the mid 1980s, computer networks had created a new kind of private, non-voice communication susceptible to interception -- electronic communications -- and also introduced a new form of both wire and electronic communications -- stored communications subject to one-time access. ECPA dealt with each development under different Titles of the Act. To protect ongoing and continuous accesses to the new communications, Title I of ECPA extended the highly protective Wiretap Act to computers; in the argot of the Wiretap Act, Congress added ``electronic communications´´ where the law before had protected only ``wire communications.´´ Then, Congress regulated one-time access to stored electronic communications by creating Title II of ECPA," the SCA.

"These significant changes left a category unaddressed, however: they did not address how to regulate one-time access to stored wire communications such as voicemail." The EPIC brief argues that the Congress' odd method of addressing voicemail led to the addition of the "electronic storage" phrase to the definition of "wire communication".

The EPIC brief argues that "Congress added ``electronic storage´´ to the definition of wire communications in order to apply the Wiretap Act to circumstances involving criminal investigators who seek one-time access to stored voicemail", and not to exclude stored electronic communications from the Wiretap Act's protections.

Then, in Section 209 of the USA PATRIOT Act, the Congress granted "stored voicemail the SCA's lesser protections ... The PATRIOT Act adds ``wire communications´´ to the Stored Communications Act and removes the ``electronic storage´´ clause from the definition of wire communication."

See also, story titled "House Crime Subcommittee Holds Hearing on § 209 of PATRIOT Act, Stored Communications and VOIP" in TLJ Daily E-Mail Alert No. 1,125, April 29, 2005.

EFF Brief. The EFF brief also urges the Court of Appeals to reverse the District Court. It focuses on 9th Circuit precedent, and particularly the Konop case.

The EFF brief argues that the Konop case is distinguishable from the present case, because the present case, but not Konop, involved "contemporaneous acquisition of the communication".

Moreover, in the present case "the acquisition occurred before the communications were placed in storage on the server, when the server first acquired them". That is, the EFF brief argues that not even a momentary storage before the forwarding can lead to the conclusion that stored communications were accessed, because the intercept occured before momentary storage.

The EFF brief states that "The legally relevant moment of acquisition was not when the emails were copied and forwarded by the reconfigured server, but rather, when the reconfigured server first acquired the emails transmitted to it. To ``intercept´´ is to acquire using a device; as already explained, the relevant device here was the reconfigured email server being used by Anderson; therefore, the relevant ``acquisition´´ was the initial acquisition by the email server."

This case is Justin Bunnell, et al., v. MPAA, U.S. Court of Appeals for the 9th Circuit, App. Ct. No. No. 07-56640, an appeal from the U.S. District Court for the Central District of California, D.C. No. CV-06-03206-FMC, Judge Florence Marie Cooper presiding.

People and Appointments

8/1. Troy Paredes was sworn in as a Commissioner of the Securities and Exchange Commission (SEC). See, SEC release.

8/1. The National Telecommunications and Information Administration (NTIA) announced that it is seeking applications for membership on the NTIA's Commerce Spectrum Management Advisory Committee (CSMAC). The applicable positions have two year terms that commence in in December of 2008. The deadline to submit applications is September 2, 2008. See, notice in the Federal Register, August 1, 2008, Vol. 73, No. 149, at Pages 44972-44973.

8/1. The AeA (once an acronym for American Electronics Association) hired Eric Ebenstein as a manager and counsel of domestic policy. The AeA stated in a release that he will work in the Washington DC office and handle "e-commerce issues at the state and federal levels, and will also serve as a regional director for AeA’s State Government Affairs program in the Southeast Region". He was previously a trial attorney at the Department of Transportation.

More News

8/1. The Government Accountability Office (GAO) released a report [59 pages in PDF] titled "Information Technology: Agencies Need to Establish Comprehensive Policies to Address Changes to Projects’ Cost, Schedule, and Performance Goals". This report states that "about 48 percent of the federal government’s major IT projects have been rebaselined". It adds that "Of those rebaselined projects, 51 percent were rebaselined at least twice and about 11 percent were rebaselined 4 times or more."

8/1. The Government Accountability Office (GAO) released a report [52 pages in PDF] titled "Veterans Affairs: Continued Action Needed to Reduce IT Equipment Losses and Correct Control Weaknesses", another in a series of GAO reports on theft, loss and misappropriation of information technology (IT) equipment at the Department of Veteran's Affairs. It states that as of May 15, 2008, "approximately 62,800 recorded IT equipment items could not be located, of which over 9,800 could have stored sensitive information. Because VA does not know what, if any, sensitive information resided on the equipment, notifications to potentially affected individuals could not be made".

8/1. Chandresh Shah and Gerald Morris each pled guilty in U.S. District Court (SDCal) to one count of conspiracy to illegally distribute controlled substances in connection with their participation in an internet based pharmacy. Matthew Friedrich, the acting Assistant Attorney General in charge of the Criminal Division, stated in a Department of Justice (DOJ) release that "By prescribing drugs to patients they had never even met, much less diagnosed, these two physicians facilitated the illegal sale of pharmaceuticals over the Internet."

8/1. The Federal Communications Commission (FCC) adopted, but did not release, a Report and Order and Further Notice of Proposed Rulemaking regarding the collection regulatory fees. The FCC issued a short release, and four Commissioners wrote statements. See, statement of Michael Copps, statement of Jonathan Adelstein, statement of Deborah Tate, and statement of Robert McDowell. This item is FCC 08-182 in MD Docket No. 08-65.

Go to News from July 26-31, 2008.