3rd Circuit Rules on Application of ECPA to
Stored E-Mail |
12/10. The U.S. Court of Appeals
(3rdCir) issued its
opinion [15
pages in PDF] in Fraser
v. Nationwide, a case involving, among other issues, the application of the
Electronic Communications Privacy Act (ECPA) to an employer's search of an
employee's stored e-mail communications on a company server. The Appeals Court
held that there was no violation of the ECPA.
Richard Fraser was an independent insurance agent with a contract with
Nationwide Mutual Insurance Co. Nationwide terminated his contract following a
search of Fraser's e-mail stored on its main file server, where all of his
e-mail was stored. It found drafts of letters to other insurance companies. It
concluded he was disloyal, and terminated his contract.
Fraser filed a complaint in U.S.
District Court (EDPa) against Nationwide alleging violations of Title I and
II of the Electronic Communications Privacy
Act of 1986 (ECPA), which is codified at
18 U.S.C. § 2510, et seq.
He also pled wrongful termination and other claims not addressed here. The District
Court granted summary judgment to Nationwide on the ECPA claims.
The Appeals Court affirmed.
Fraser first argued that Nationwide violated the ECPA by intercepting his e-mail.
This claim is based on Title I of the ECPA. The Appeals Court rejected this argument
on the basis that an intercept of e-mail must occur contemporaneously with its
transmission to constitute an intercept within the meaning of the ECPA.
18 U.S.C. § 2511
provides, in part, that "any person who (a) intentionally intercepts,
endeavors to intercept, or procures any other person to intercept or endeavor to intercept,
any wire, oral, or electronic communication ... shall be subject to suit ..."
18 U.S.C. § 2510(4)
defines ''intercept'' as "the aural or other acquisition of the
contents of any wire, electronic, or oral communication through the use of any
electronic, mechanical, or other device".
The Appeals Court concluded that "Every circuit court to have
considered the matter has held that an ``intercept´´ under the ECPA must occur
contemporaneously with transmission." The Court added that "While
Congress's definition of ``intercept´´
does not appear to fit with its intent to extend protection to electronic
communications, it is for Congress to cover the bases untouched. We adopt the
reasoning of our sister circuits and therefore hold that there has been no
"intercept" within the meaning of Title I of ECPA."
Fraser also argued that National violated the ECPA by unlawfully accessing
stored communications. This claim is based on Title II of the ECPA. The Court
rejected this argument too.
18 U.S.C.
§ 2701(a) provides, in part, that "
whoever -- (1) intentionally accesses without authorization a facility through which
an electronic communication service is provided; or (2) intentionally exceeds an
authorization to access that facility; and thereby obtains, alters, or prevents authorized
access to a wire or electronic communication while it is in electronic storage
in such system shall be punished as provided in subsection (b) of this
section."
18
U.S.C. § 2510(17), in turn, defines "electronic storage" as "(A) any
temporary, intermediate storage of a wire or electronic communication incidental
to the electronic transmission thereof; and (B) any storage of such
communication by an electronic communication service for purposes of backup
protection of such communication."
The District Court rejected Fraser's argument based on its interpretation
that Fraser's e-mail messages were not in backup storage. The Appeals Court
provided a different analysis. He relied on the exception for access by service
providers.
18 U.S.C.
§ 2701(c) provides that Subsection (a) of this section does not apply with
respect to conduct authorized -- (1) by the person or entity providing a wire or electronic
communications service;"
The Appeals Court wrote that "we read § 2701(c) literally to except from
Title II's protection all searches by communications service providers. Thus, we
hold that, because Fraser's e-mail was stored on Nationwide's system (which
Nationwide administered), its search of that e-mail falls within § 2701(c)'s
exception to Title II." (Parentheses in original.)
Thus, under this opinion, employers are free to search through their
employee's stored e-mail that is on a company administered system, without
violating the ECPA. This opinion would also appear to support the argument that
if a third party asked an employer or other service provider to search stored
e-mail, and it complied, that too would fall within the Section 2701(c)
exception. However, the Court did not address this.
This case is Richard Fraser, et al. v. Nationwide Mutual Insurance Co.,
et al., U.S. Court of Appeals for the Third Circuit, No. 01-2921, Judges
Sloviter, Ambro and Becker presiding, an appeal from the U.S. District
Court for the Eastern District of Pennsylvania, D.C. No. 98-cv-06726, Judge
Anita Brody presiding.
|
|
|
World Summit on the Information Society |
12/10. The first phase of the United Nation's World Summit on the Information
Society (WSIS) is being held in Geneva, Switzerland on December 10-12, 2004. The
second phase will be held in Tunisia in 2005.
On December 9, the WSIS released a
document
[MS Word] titled "Draft Declaration of Principles: Building the Information
Society: a global challenge in the new Millennium".
It states that "radio frequency spectrum should be managed in the public
interest". It states that there should be "universal service obligations".
Also, it states that there should be "stability, predictability and fair
competition".
The document also addressed intellectual property rights (IPR) protection. While it
includes numerous statements regarding access to information and the importance of the
public domain, it also references IPR. It states that "Intellectual
Property protection is important to encourage innovation and creativity in the
information society; similarly, the wide dissemination, diffusion, and sharing
of knowledge is important to encourage innovation and creativity. Facilitating
meaningful participation by all in intellectual property issues and knowledge
sharing through full awareness and capacity building is a fundamental part of an
inclusive Information Society."
The document
also contains the following statement. "Information in the
public domain should be easily accessible to support the Information Society,
and protected from misappropriation."
The document also addressed freedom of speech. It states that "everyone
has the right to freedom of opinion and expression" and "We reaffirm our
commitment to the principles of freedom of the press".
However, it adds this: "We call for the responsible use and treatment of
information by the media". And, it provides that "Nothing in this
declaration shall be construed as impairing, contradicting, restricting or
derogating ... national laws".
This document also states that "Diversity of media
ownership should be encouraged, in conformity with national law, and taking into
account relevant international conventions. We reaffirm the necessity of
reducing international imbalances affecting the media, particularly as regards
infrastructure, technical resources and the development of human skills."
The document also addresses cyber security. It states that
"Strengthening the trust framework, including information security
and network security, authentication, privacy and consumer protection, is a
prerequisite for the development of the Information Society and for building
confidence among users of ICTs. A global culture of cyber-security needs to be
promoted, developed and implemented in co-operation with all stakeholders and
international expert bodies. These efforts should be supported by increased
international co-operation. Within this global culture of cyber-security, it is
important to enhance security and to ensure the protection of data and privacy,
while enhancing access and trade."
The document briefly mentions spam. "Spam is a significant and growing
problem for users, networks and the Internet as a whole. Spam and cyber-security
should be dealt with at appropriate national and international levels."
Finally, the document addresses open source software. It states that "Access
to information and knowledge can be promoted by increasing
awareness among all stakeholders of the possibilities offered by different
software models, including proprietary, open-source and free software, in order
to increase competition, access by users, diversity of choice, and to enable all
users to develop solutions which best meet their requirements. Affordable access to
software should be considered as an important component of a truly inclusive
Information Society."
See also, WSIS
document [MS Word] titled "Draft Plan of Action".
On December 9, David Gross of the U.S.
Department of State gave a
speech in Geneva regarding information and communications
technologies (ICT) and the U.S. position at the WSIS.
Gross (at right) is the
Deputy Assistant Secretary of State for International Communications and Information
Policy, in the Bureau of Economic and Business Affairs.
He stated that "The rise of the Internet also promised to make possible an
unprecedented exchange of information and knowledge. In the process, it promised
to challenge censorship and erode the foundations of authoritarianism. In the
most optimistic and simplistic formulations, the mere introduction of the
Internet was going to unhinge authoritarian regimes and lead to a flowering of
democracy. Some of these promises have been fulfilled but not everywhere and not
equally. Undoubtedly, more people in more countries have access to more
information than ever before. ICT has even played a significant role in
promoting political change."
He continued that "The truth is that the Internet often defies
but alone cannot defeat the
forces of repression. Some countries use firewalls and force users to connect to
the Internet through state-controlled networks. Some limit their citizens'
access to computers, register users, monitor e-mails and impose punitive
deterrents. Still others use patronage and censorship to shape what their
citizens know. Some try to do all of these things. These countries are
attempting -- vainly I believe -- to deflect the course of history. With the aim
of maintaining political control, they run the risk of undermining much of the
promise of the Internet and denying their peoples a richer more rewarding life.
Freedom to express, innovate and exchange are the lifeblood of the progress
these countries and their peoples desire."
He argued that the WSIS' "overriding vision for the information
society should be one that
promotes political and economic freedom in order to offer our citizens the
opportunity to access and utilize information to better their lives."
Also, "The final Summit Declaration and Plan of Action should promote press freedom
and preserve intellectual property rights that fuel knowledge creation and
innovation."
The Department of State elaborated on the WSIS. On December 10, 2003, the
Department of State's Office of the Spokesman released a
statement
which says that "We believe that the keys to prosperity in the Information
Society are education, individual creativity and an environment of economic and
political freedom. Access to information is at the core of a truly inclusive
Information Society."
This statement continues that "The delegates to the WSIS identified
and achieved consensus on a series of
difficult issues that represent key challenges presented by the Information
Society. First, States have affirmed their commitment to freedom of the press,
as well as to the independence, pluralism and diversity of the media. The United
States believes that the principle free flow of information, as enshrined in the
Universal Declaration of Human Rights, lies at the heart of the Information
Society. Second, states agreed that achieving ubiquitous and affordable access
to ICT infrastructure and services requires a stable, predictable and fair
national economic climate that can attract private capital and the development
of human capacity through education and training."
"The WSIS also recognized that building confidence and security in the use of
ICTs is a critical element of the Information Society and that all stakeholders
must act nationally and cooperate internationally to foster a global culture of
cyber security. The United States welcomes the plan of action that will involve
all participants in this global effort. In addition, a global consensus was
developed around a multi-stakeholder approach to the Internet."
The State Department statement concludes that "The WSIS also
acknowledged the importance of intellectual property to the
Information Society. The United States believes that the contributions made to
the Information Society by creators and inventors are essential. Through
existing intellectual property protection agreements these contributions are
protected so that innovation and creativity by all people are encouraged. The
wide dissemination of knowledge is also important to the Information society and
we are pleased to have this reaffirmed by the WSIS."
See also,
transcript of David Gross's December 3 briefing on the WSIS.
|
|
|
FBI Publishes CALEA Final Notice of Capacity |
12/5. The Federal Bureau of Investigation
(FBI) published a
notice in the Federal Register that it titles "Final notice of capacity".
This pertains to the FBI's implementation of the Communications
Assistance for Law Enforcement Act (CALEA), which is codified at 47 U.S.C. § 1001,
et seq.
The FBI also requests comments on this "Final notice of capacity". The
deadline to submit comments to the FBI is February 3, 2004. This notice states
that "at the end of the comment period, the FBI will review any such comments it
receives and publish a finalized notice in the Federal Register." See, Federal Register, December 5, 2003, Vol. 68, No. 234, at Pages 68112 -
68121.
|
Pen Registers and Trap and Trace Devices
Pen registers and trap and trace (PR&TT) devices are telephone industry
concepts. The former are used to obtain outgoing phone numbers. The latter
are used to obtain incoming numbers. Before passage of the PATRIOT Act in
late 2001, the relevant statute referenced "wire" communications.
The Act provides that the concept of a PR is expanded from merely
capturing phone numbers, to capturing routing and addressing information in
any electronic communications, including internet communications. It
similarly expands the concept of TT devices.
PR&TT orders do not authorize a law enforcement authority to obtain the
content of communications. Court orders authorizing PR&TT devices do not
require a showing of probable cause, as is the case for wiretaps, which
enable law enforcement authorities to obtain the content of communications.
The PATRIOT Act serves as the legal authority for technologies that monitor
e-mail systems, such as the FBI's Carnivore.
See also, articles titled "Bush Signs Anti Terrorism Bill", "Pen Registers
and Trap and Trace Devices", and "Key Tech Related Provisions of the Anti
Terrorism Bill", in
TLJ Daily
E-Mail Alert No. 296, October 29, 2001. |
|
Background. The just published notice discusses at length the meaning of the term
"simultaneously", which is used in
47
U.S.C. § 1003. Section 1003 addresses the required capacity of
telecommunications carriers to conduct electronic surveillance. That is, it goes
to the "actual number of communication interceptions, pen registers, and trap
and trace devices ..." and the "maximum capacity required to accommodate all of
the communication interceptions, pen registers, and trap and trace devices ..."
It requires the Attorney General to publish a notice in the Federal Register of the
actual number and maximum capacity that he estimates that government agencies authorized
to conduct electronic surveillance may conduct and use "simultaneously".
The FBI previously issued a final
notice [94 pages in PDF], on March 12, 1998. However, the
U.S. Telecom Association (USTA) and others
challenged that final notice. See, original
complaint
filed in the U.S.
District Court (DC) on August 19, 1998 by the USTA.
The District Court granted summary judgment in favor of the FBI on all issues.
On appeal, the U.S.
Court of Appeals (DCCir) reversed in part, with instruction that the matter
be remanded to the FBI. The Court of Appeals issued its
opinion
on January 18, 2002. The Appeals Court affirmed the District Court's grant of summary
judgment on the USTA's cost recovery claim, but reversed on the notice of capacity claim.
The District Court case is USTA v. FBI, D.C. No. 98cv02010, Judge
Hogan presiding. The Appeals Court case is USTA v. FBI, A.C. No. 00-5386,
Judges Williams, Ginsburg and Henderson presiding.
The main gist of the some of the disputes between service providers and the FBI,
on the subject of capacity, as well as on some other matters, has been economic.
It goes to who bears the burden and expense of complying with the FBI's demands.
Making networks, systems and
services capable of being tapped, intercepted and monitored requires
considerable expense and effort. And the more intercepts there are, the greater
the cost. Normally, when law enforcement entities acquire things, like cars,
computers or employees, they purchase or hire these in the marketplace. And,
these law enforcement entities need to go to their legislatures to obtain funds
to make these acquisitions. CALEA imposes an entirely different regime for the
acquisition of interception of communications. It requires that the service
providers must give intercepts to the law enforcement entities for free.
Whenever something is free, consumption tends to go up.
Since the FBI does not bear the cost of interception, it
has aggressively sought expansive interpretations of its authority under the CALEA,
knowing that the costs of meeting its demands will be borne by taxpayers,
consumers of communications services, and service providers.
Service providers have not been thrilled with this regime, and the demands of
the FBI. Moreover, service providers tend not to like to snoop on their
customers. And, they certainly do not want their customers to be left with the
impression that widespread surveillance is going on.
Summary of December 5 Notice. The just published notice addressed
several subjects. First, the FBI reasserted its position that the interception
of multiple communications in a single day should be counted as a single item
for the purposes of Section 1003.
The Appeals Court wrote that the 1998 notice "treated interceptions as
``simultaneous´´ if they occur on the same day, even though they may each only
take moments and do not overlap in the least. ... USTA objects to both these
decisions. And rightly so." However, the Appeals Court did not vacate. Rather,
it wrote that "we reverse the judgment of the district court, with instructions
to remand the case to the agency for a more adequate explanation".
Now, on remand, the FBI continues to assert that "we believe that capacity
requirements are most appropriately based on a number of surveillances being
conducted on the same day, not on a number of overlapping interceptions." That
is, the FBI still wants to count the interception of two phone calls (or two
numbers dialed, two e-mail addresses, and etc.) in one day as a single item.
This is the very interpretation that the Appeals Court condemned in its 2002
opinion.
Second, the just published notice addresses the breakdown of capacity
requirements by type of surveillance. That is, the 1998 notice did not
differentiate between the interception of content and the use of pen register or
trap and trace devices.
The Appeals Court wrote that the 1998 notice "insisted that these statements
of ``actual number´´ and ``capacity´´ were properly in terms that drew no
distinction between different types of interceptions (e.g., communications
content versus mere pen registers), even though they differ heavily in their
actual demands on capacity." (Parentheses in original.)
The Court added that "content interceptions might require up to five delivery
channels because of multiple participants on a call, while others, such as pen
registers and trap and trace devices, typically use only a single channel." The
Court criticized this approach, reversed, and instructed the District Court to
remand to the FBI for a more adequate explanation.
And now, the just published notice states that "The FBI has considered this
issue and continues to find that it is appropriate, given the statutory
requirements, to state the capacity requirements for each geographic
region as a single actual and single maximum number."
FBI Interpretation of CALEA. Congress passed the CALEA in 1994 to enable law
enforcement authorities to maintain
their existing wiretap capabilities in new telecommunications devices. The Congress had
cell phones in mind. The CALEA provides that wireline, cellular, and broadband PCS
carriers must make their equipment capable of certain surveillance functions.
This notice of capacity contains an FBI interpretation of the CALEA. It also contains an FBI
interpretation of some of the statutes authorizing electronic surveillance by
government entities, including the Omnibus Crime Control and Safe Streets Act of
1968 (and especially, its Title III), the Electronic Communications Privacy Act
(ECPA), and the PATRIOT Act, but not the Foreign Intelligence Surveillance
Act (FISA). Finally, the notice contains an FBI interpretation of the
relationship between the CALEA and various statutes authorizing electronic
surveillance.
Readers may wish to assess whether or not the FBI's interpretations of
these statutes are consistent with the language of these statutes.
For example, the FBI asserts that "Congress enacted the CALEA in 1994 to
require telecommunications carriers to ensure that their networks have the
capability to enable local police, Federal officers and all other law
enforcement agencies to conduct lawfully authorized electronic surveillance."
However, the language of the CALEA provides that not all lawfully authorized
electronic surveillance is covered by the CALEA. Specifically, the CALEA provides
that its requirements "do not apply to (A) information services; or (B) equipment,
facilities, or services that support the transport or switching of communications for
private networks or for the sole purpose of interconnecting telecommunications
carriers."
Moreover, when the Congress passed the PATRIOT Act in 2001, it amended
18 U.S.C. § 3127 to provide that
the old phone industry concepts of pen registers and trap and trace devices
apply to electronic communications, including internet communications. (See,
Section 216.) However, the PATRIOT did not expand FBI authority, or expand
service provider obligations, under the CALEA.
To the contrary, the PATRIOT Act provided (at Section 222) that "nothing in
this Act shall impose any additional technical obligation or requirement on a
provider of wire or electronic communication service or other person to furnish
facilities or technical assistance". Moreover, the legislative history of this
language is that it was offered by Representatives who were concerned about the
FBI's history of expansive implementation of the CALEA. See, story titled "No Technology
Mandates", and other stories about the markup of the PATRIOT Act, in
TLJ Daily E-Mail
Alert No. 279, October 4, 2001.
The point is that the FBI's December 5 notice asserts that "lawfully
authorized electronic surveillance" is subject to CALEA. Yet, surveillance of
certain information services is lawful, but not covered by CALEA.
The FBI notice does not explain its reasoning. However, the FBI's ex parte
communications and closed meetings with the Federal Communications Commission (FCC)
Commissioners and staff regarding the application of the CALEA to voice over internet
protocol (VOIP) services may provide the basis of its assertion.
It simply asserts that services like VOIP should be classified as
telecommunications services, and hence, is subject to CALEA. See, story titled
"FBI Wants Broadband Internet
Access Classified As A Telecommunications Service So That CALEA Will Apply" in
TLJ Daily E-Mail
Alert No. 707, July 30, 2003.
|
|
|
|
FCC Announces Agenda for
December 17 Meeting |
12/10. The Federal Communications Commission
(FCC) released the
agenda [PDF] for its Wednesday, December 17 meeting.
First, The FCC will consider a Notice of Proposed Rulemaking (NPRM) regarding
the use of cognitive radio technologies and software defined radios.
This is ET Docket No. 03-108 and ET Docket No. 00-47.
Second, the FCC will consider a Third Report and
Order and Second Further NPRM regarding the administration of its e-rate
subsidy program. This is CC Docket No. 02-6.
Finally, the FCC will consider a Report and Order regarding
licensing and service rules for the Dedicated Short Range Communications (DSRC)
Service in the Intelligent Transportation Systems (ITS) Radio Service in the
5.850-5.925 GHz band. This is WT Docket No. 01-90, ET
Docket No. 98-95, and RM-9096.
There is nothing on the just released
agenda pertaining to several other anticipated items, such as the regulation of
voice over internet protocol (VOIP) services, or digital television must carry
and multicasting requirements.
The meeting will be held at 9:30 AM Room TW-C305
(Commission Meeting Room), at 445 12th Street, SW. The meeting will be open to
the public, and web cast.
|
|
|
Washington Tech Calendar
New items are highlighted in red. |
|
|
Thursday, December 11 |
Day two of a two day symposium hosted by the
National Institute of Standards and Technology
(NIST) titled "Building Trust and Confidence in Voting Systems".
The topics to be addressed include computer security. See,
notice
and symposium web site. The registration
deadline is December 2. Location: NIST, Red Auditorium, Building 101.
Day one of a two day conference hosted by the
Power Line Communications Association (PLCA).
Acting head of the National
Telecommunications and Information Administration (NTIA) Michael Gallagher
is scheduled to speak at 3:00 PM. For more information, contact
Craig Schaar. Location: Troutman Sanders,
Conference Center, 401 Ninth Street, NW.
Deadline to submit comments to the
Federal Communications Commission (FCC) in
response to its Notice of Inquiry (NOI) regarding the impact that communications
towers may have on migratory birds. See,
notice in the Federal Register, September 12, 2003, Vol. 68, No. 177, at
Pages 53696 - 53702. This is Docket No. WT 03-187, and FCC 03-205. The FCC
adopted this NOI on August 8, 2003, and released it on August 20, 2003. See
also, story titled "FCC Release NOI On Communications Towers and Migratory
Birds" in TLJ Daily E-Mail Alert No. 723, August 21, 2003.
|
|
|
Friday, December 12 |
Day two of a two day conference hosted by the
Power Line Communications Association (PLCA).
For more information, contact Craig Schaar.
Location: Troutman Sanders,
Conference Center, 401 Ninth Street, NW.
12:00 NOON. The Progress
and Freedom Foundation (PFF) will host a panel discussion titled "The Next
Step in Telecom: Deregulation of Retail Rates". The speakers will be Randolph
May (PFF), Joseph Kraemer (LECG), Blair Levin (Legg Mason Equity Research), John
Morabito (Qwest), and John Windhausen (Association for Local Telecommunications
Services). Lunch will be served. To register, contact Rebecca Fuller at 202
289-8928 or rfuller@pff.org. Location: Room
B-369, Rayburn Building.
Deadline to submit comments to the
Office of the U.S. Trade Representative (USTR)
regarding barriers to U.S. exports of goods, services and overseas direct
investment for inclusion in the USTR's annual National Trade
Estimate Report on Foreign Trade Barriers (NTE). The USTR seeks comments on,
among other issues, lack of intellectual property protection, trade
restrictions affecting electronic commerce, and technology transfer
requirements. See,
notice in the Federal Register, October 31, 2003, Vol. 68, No. 211, at
Pages 62159 - 62160.
Deadline to submit reply comments to the Federal
Communications Commission (FCC) in response to SBC
Communications' petition requesting that the FCC forbear from applying
the terms of 47 U.S.C.
§ 271(c)(2)(B) to the extent, if any, those provisions impose unbundling
obligations on SBC that this FCC has determined should not be imposed on incumbent
local exchange carriers pursuant to
47 U.S.C. § 251. See, FCC
notice [PDF]. This is WC Docket No. 03-235.
Deadline to submit comments to the
Federal Communications Commission (FCC) regarding
Northland Networks' petition
pursuant to 47 U.S.C. §
252(e)(5) requesting that the FCC preempt the jurisdiction of the
New York Public Service Commission to resolve
a dispute between Northland and Verizon regarding
reciprocal compensation and change of law provisions of their interconnection agreements.
This is WC Docket No. 03-242. See, FCC
notice [PDF].
|
|
|
Monday, December 15 |
The
Supreme Court will begin a recess. (It will return from recess on January
12, 2004.)
9:30 AM. The U.S. Court of Appeals
(DCCir) will hear oral argument in Verizon v. FCC, No. 03-1080.
Judges Randolph, Rogers and Garland will preside. Location: 333 Constitution Ave. NW.
9:30 AM. The U.S. Court of Appeals
(DCCir) will hear oral argument in Cellco Partnership v. FCC, No.
02-1262. Judges Randolph, Rogers and Garland will preside. Location: 333
Constitution Ave. NW.
Day one of a seven day trial in USA v. First
Data & Concord EFS, Inc., in the U.S.
District Court (DC), D.C. No. 03-2169 (RMC). See,
Scheduling and Case Management
Order [9 pages in PDF] and
story
titled "DOJ Sues to Stop Merger of PIN Debit Networks", also published in
TLJ Daily E-Mail Alert No. 765, October
24, 2003. Location: U.S. Courthouse, 333 Constitution Ave., NW.
TIME? The Department
of Homeland Security's (DHS)
Homeland
Security Advanced Research Projects Agency (HSARPA) will host a one-day
workshop to obtain feedback from the academic community
on how to work with the DHS's research and development program." See, DHS
release. Location?
Deadline to register to attend the December 17
meeting of the
National Institute of Standards and Technology's
(NIST) Board of Overseers of the Malcolm Baldrige National Quality Award. Contact
Virginia Davis at virginia.davis@nist.gov
or 301 975-2361. See,
notice in the Federal Register, November 25, 2003, Vol. 68, No. 227, at
Page 66075.
Deadline for federal branch agency Chief
Information Officers (CIOs) to submit reports to the
Office of Management and Budget (OMB)
regarding the E-Government Act of 2002. See, November 21, 2003
memorandum from Karen Evans (Administrator for E-Government, Information
and Technology Policy at the OMB) to the CIOs.
|
|
|
Tuesday, December 16 |
8:30 AM - 5:00 PM. Day one of a two day meeting of the
National Institute of Standards and Technology's
(NIST) Information Security and Privacy
Advisory Board (ISPAB). The agenda includes "Overview of Program
Activities of the NIST Information Technology Laboratory's Computer Security
Division", "Update by OMB on
Privacy and Security Issues", and "Briefing by
Department of Homeland Security Office Privacy Officer
Nuala
Connor-Kelly". See,
notice in the Federal Register, November 21, 2003, Vol. 68, No. 225, at
Page 65681. Location: Gaithersburg Hilton Hotel, 620 Perry Parkway,
Gaithersburg, MD.
1:30 - 4:30 AM. The
Executive Office of the President's (EOP)
Office of Science and Technology Policy's (OSTP)
National Science and
Technology Council's (NSTC) Committee on Technology and Committee on Homeland
and National Security will hold a meeting that is closed to the public. For more
information, contact John Hoyt at john.hoyt@dhs.gov
or 202 772-9959. Location: White House Conference Center, Truman Room.
Deadline to submit reply comments to the
Federal Communications Commission (FCC) in
response to its Notice of Proposed Rulemaking (NPRM) regarding implementation of
47 U.S.C. § 272(b)(1).
This NPRM is FCC 03-272 in WC Docket No. 03-228. The FCC adopted this NPRM on
November 3, 2003, and released it on November 4, 2003. For more information,
contact Christi Shewman at 202 418-1686 or
christi.shewman@fcc.gov. See,
notice in the Federal Register, November 21, 2003, Vol. 68, No. 225 at
Pages 65665 - 65667.
|
|
|
Wednesday, December 17 |
8:30 AM - 3:00 PM. The
National Institute of Standards and Technology's
(NIST) Board of Overseers of the Malcolm Baldrige National Quality Award will
hold a meeting. The deadline to register to attend is December 15. Contact
Virginia Davis at virginia.davis@nist.gov
or 301 975-2361. See,
notice in the Federal Register, November 25, 2003, Vol. 68, No. 227, at
Page 66075. Location: NIST, Administration Building, Lecture Room A, Gaithersburg,
MD.
8:30 AM - 5:00 PM. Day one of a two day meeting of the
National Institute of Standards and Technology's
(NIST) Information Security and Privacy
Advisory Board (ISPAB). The agenda includes "Overview of Program
Activities of the NIST Information Technology Laboratory's Computer Security
Division", "Update by OMB on
Privacy and Security Issues", and "Briefing by
Department of Homeland Security Office Privacy Officer
Nuala
Connor-Kelly". See,
notice in the Federal Register, November 21, 2003, Vol. 68, No. 225, at
Page 65681. Location: Gaithersburg Hilton Hotel, 620 Perry Parkway,
Gaithersburg, MD.
9:30 AM. The Federal Communications
Commission (FCC) will hold a meeting. See,
agenda [PDF]. Location: FCC, 445 12th Street, SW,
Room TW-C05 (Commission Meeting Room).
12:15 - 1:30 PM. The Federal
Communications Bar Association's (FCBA) Wireless Committee will host a luncheon
panel discussion titled "Wireless Telecommunications Bureau: Current Topics
and Vision for the Future". The speakers will include John Muleta,
Chief of the WTB. The price to attend is $15. For more
information, contact laura.phillips@dbr.com
or charla.rath@verizonwireless.com.
RSVP to wendy@fcba.org. Location: Sidley
Austin, 1501 K Street, NW, 6th Floor.
|
|
|
ChoicePoint Database Acquisitions
Prompted Criticism in Mexico |
12/8. The Electronic Privacy Information
Center (EPIC) published in its web site a heavily redacted copy of a
memorandum
[PDF scan] titled "MEDIA HAMMERS U.S. ON ALLEGED PURCHASE OF DATABASE
INFORMATION". This memorandum was sent from the U.S. Embassy in Mexico City to the
Department of State in Washington DC, and other government entities. It pertains
to ChoicePoint's purchase
of Mexican databases.
The memorandum, which was written in April of 2003, states that "In the last
three days, local media have run front-page stories on the alleged purchase by
Atlanta-based ChoicePoint of the Federal Electoral Institute's (IFE) electoral
registry that includes 60 million Mexican voters' data, and another database
with information on six million drivers licenses from Mexico City." (The
original memorandum was written in all capitals.)
"Mexican editorials have decried the alleged sale of information to the
American company, spinning conspiracy theories about the information's likely
use and misuse by the CIA, FBI, and DEA." The memorandum adds that "Prominent
members of Congress have begun to speak out negatively on the issue", and that
"a potential firestorm may be brewing."
The memorandum was also sent to the Department of Justice (DOJ), Department
of Homeland Security (DHS), Department of the Treasury, the Central Intelligence
Agency (CIA), and other government entities.
ChoicePoint states in its web site
that it "has grown from the nation's premier source of data to the insurance
industry into the premier provider of decision-making intelligence to businesses
and government. Through the identification, retrieval, storage, analysis and
delivery of data, ChoicePoint serves the informational needs of businesses of
all sizes, as well as federal, state and local government agencies."
It further states that "Through unique filtering and delivery capabilities,
ChoicePoint Public Records Group provides access to billions of public records.
Our revolutionary technology – unprecedented in the information industry – makes
us the preferred provider for government agencies and Fortune 1000 companies."
On May 13, 2003, the EPIC published a heavily redacted copy of a
Federal Bureau of Investigation (FBI)
memorandum
[16 page PDF scan] titled "GUIDANCE REGARDING THE USE OF CHOICEPOINT FOR FOREIGN
INTELLIGENCE COLLECTION OR FOREIGN COUNTERTERRORISM INVESTIGATIONS".
The memorandum is dated September 17, 2001. On the question of whether the
FBI may use ChoicePoint's private database, the memorandum's key sections are
redacted.
See,
story
titled "FBI Legal Memorandum Addresses FBI Use of Internet and Private
Databases" in TLJ
Daily E-Mail Alert No. 661, May 14, 2003.
The EPIC obtained these document in response to requests made pursuant to the
Freedom of Information Act (FOIA).
|
|
|
More News |
12/10. The U.S. District Court (DUtah)
ordered a permanent injunction against
ClearOne Communications. On January 15, 2003, the
Securities and Exchange Commission (SEC) filed
a civil complaint alleging violation of federal securities laws in connection
with ClearOne's inflating company revenues and net income by engaging in
improper revenue recognition. This case is SEC v. ClearOne Communications, Inc.,
et al., D.C. No. 2:03 CV-0055 DAK. See, SEC
release.
|
|
|
|
|
Why Would Anybody Want to Launch a DDOS
Attack on SCO? |
12/10. SCO stated in a
release that
"it experienced a large scale distributed denial of service (DDoS) attack." It
added that the attack caused its web site and corporate operational traffic "to
be unavailable during the morning hours including e-mail, the company intranet,
and customer support operations".
SCO stated that it is "working with law enforcement officials" and that it
deplores these "cyber terrorist attacks".
SCO wrote a letter to Linux customers on May 12, 2003 in which it asserted
that "SCO holds the rights to the UNIX operating system software" and that the
"vast majority of UNIX software used in enterprise applications today is a
derivative work of the software originally distributed under our UNIX Licenses."
It continued in this letter that "In recent years, a UNIX-like operating
system has emerged and has been distributed in the enterprise marketplace by
various software vendors. This system is called Linux. We believe that Linux is,
in material part, an unauthorized derivative of UNIX."
SCO has also sued IBM in connection with its allege use of SCO's proprietary
UNIX code.
This is not the first DDOS attack on SCO.
|
|
|
About Tech Law Journal |
Tech Law Journal publishes a free access web site and
subscription e-mail alert. The basic rate for a subscription
to the TLJ Daily E-Mail Alert is $250 per year. However, there
are discounts for subscribers with multiple recipients. Free one
month trial subscriptions are available. Also, free
subscriptions are available for journalists,
federal elected officials, and employees of the Congress, courts, and
executive branch. The TLJ web site is
free access. However, copies of the TLJ Daily E-Mail Alert are not
published in the web site until one month after writing. See, subscription
information page.
Contact: 202-364-8882; E-mail.
P.O. Box 4851, Washington DC, 20008.
Privacy
Policy
Notices
& Disclaimers
Copyright 1998 - 2003 David Carney, dba Tech Law Journal. All
rights reserved. |
|
|