8/21. A grand jury of the U.S. District Court (EDLa) returned an indictment that charges Leni de Abreu Neto with conspiracy to violate 18 U.S.C. § 1030, the computer hacking statute, in violation of 18 U.S.C. § 371, in connection with his involvement with a botnet scheme.

The indictment states that Neto is a Brazilian. It also states that Nordin Nasiri, a 19 year old resident of the Netherlands, who was not indicted, created a botnet that infected over 100,000 internet connected computers worldwide. Neto was involved with Nasiri in the sale of the botnet to an unnamed party in the U.S. to be used to distribute spam e-mail messages. The sale price was €25,000.

The Department of Justice (DOJ) stated in a release that "Neto was apprehended by Dutch authorities on July 29, 2008, in the Netherlands and is currently in confinement in the Netherlands pending resolution of extradition proceedings. Nasiri was also apprehended by Dutch authorities and is being prosecuted by Dutch authorities in the Netherlands."

The indictment does not charge Neto with conspiracy to violate the federal CAN SPAM Act, which is codified at 18 U.S.C. § 1037.

Botnet is a slang term of recent origin that is used to describe a collection of software robots that reside on a collection of compromised computers, almost always without the authority or knowledge of the owners or operators, that are controlled remotely for various nefarious purposes. The compromised computers are often referred to as zombies. The purposes for forming botnets include sending spam, running denial of service attacks, committing click fraud, and spyware.

The indictment states that the controller of a bot, or bot herder, accomplishes "the installation of bot code on computers by using a computer of computers to electronically scan or search computers connected to the Internet for particular security vulnerabilities or weaknesses, and using computer code written to exploit those vulnerabilities to compromise or ``hack´´ the computer, and install bot code. Once on a computer, the bot code allowed the person who controlled it to instruct the infected computer to perform various functions without the authorization or knowledge of the computer's owner, including launching denial of service attacks designed to disable targeted computer systems, and sending spam emails."

The indictment states that Nasiri created the botnet at issue in this case, and that Neto used it. Then, Nasiri agreed with Nasiri "to act as an intermediary for the leasing, and subsequently the sale, of the botnet to a third party known to be interested installing computer code on infected bot computers that would allow the sending of ``spam´´ email ..."

The indictment further states that Neto "did knowingly cause the transmission of a program, information, code and command" and intentionally caused damage to a protected computer within the meaning of subsection 1030(e)(2), and caused loss to 1 or more persons of at least $5,000, in violation of subsections 1030(a)(5)(A)(i) and 1030(a)(5)(B)(i).

While the DOJ was able to obtain an indictment in this case, there is legislation pending in the Congress that would make it easier to prosecute botnet herders. See, Section 9 of HR 2290 [LOC | WW], the "Cyber-Security Enhancement Act of 2007", and story titled "Rep. Schiff and Rep. Chabot Introduce Bill to Expand § 1030" in TLJ Daily E-Mail Alert No. 1,583, May 18, 2007.

HR 2290 would allow prosecution when 10 or more computers are compromised within one year, without any minimum dollar amount of damage.

Section 1030 currently contains vague language that serves as the basis for some criminal prosecutions, and civil actions, not contemplated by the members of Congress who drafted and voted for this section and its amendments.

For example, on May 15, 2008, a grand jury of the U.S. District Court (CDCal) returned a four count indictment [PDF] that charges Lori Drew with violation of Section 1030 in connection with her violation of the terms of service of the social networking web site MySpace. See, story titled "Lori Drew Pleads Not Guilty in Section 1030 Case" in TLJ Daily E-Mail Alert No. 1,794, June 23, 2008.

John Morris, of the Center for Democracy and Technology (CDT), stated in a May 19, 2008, release that Drew indictment represents "a gross and inappropriate expansion of federal power to regulate speech and communications over the Internet".

See also, story titled "Law Professors Argue for Dismissal of MySpace Section 1030 Prosecution" in TLJ Daily E-Mail Alert No. 1,810, August 11, 2008.

8/22. Thomas C. Rushing III, Brian C. Rue, William Lance Partridge pled guilty in U.S. District Court (WDTex) to violation of federal criminal copyright laws in connection with their operation of web sites that sold a counterfeit software by download. The Department of Justice (DOJ) stated in a release that "The software sold by the defendants had a combined retail value of $2,500,000."

8/19. Kathleen Gain pled guilty in U.S. District Court (WDWash) to acquiring a controlled substance, hydrocodone, by misrepresentation, deception, and subterfuge, for internet based pharmacies. The U.S. Attorneys Office for the Western District of Washington stated in a release that Gain "worked for multiple internet pharmacy prescription drug web sites". It added that "These web sites were acting in violation of law. The basic method of operation was that an individual would order prescription drugs on the web site, the web site would employ physicians to authorize the prescriptions, and the drugs would be delivered to the purchaser’s residence or the purchaser would pick up the drugs at a pharmacy."

8/15. The U.S. District Court (EDVa) sentenced Kifah Maswadi to serve 15 months in prison and pay $415,900 in restitution for criminal copyright infringement. He sold pirated video game systems. See, release of the Department of Justice's (DOJ) Computer Crimes and Intellectual Property Section (CCIPS).

8/13. The U.S. District Court (DConn) sentenced Michael Dolan to serve 84 months in prison following his plea of guilty to one count of conspiracy to commit fraud in connection with access devices, and one count of aggravated identity theft, in connection with his participation in an internet spamming and phishing operation that involving the sending of fake e-mail messages that purported to attach greeting cards to AOL members. Recipients' attempts to open the card would cause the downloading of a software trojan that would prevent the recipient from accessing AOL without providing names, credit card numbers, bank account numbers, Social Security account numbers, and other personal information, which information went to Dolan rather than AOL. The District Court also sentenced a co-conspirator, Keith Riedel, to time already served. He pled guilty to one count of conspiracy to commit fraud in connection with access devices. Several other co-conspirators have yet to be sentenced. See, release of the Department of Justice's (DOJ) Computer Crimes and Intellectual Property Section (CCIPS).

8/25. Federal Communications Commission (FCC) Commissioner Robert McDowell named Rosemary Harold his new Legal Advisor for media issues. She replaces Cristina Pauzé. Harold has worked at the FCC since December of 2005, most recently as Deputy Chief of the Media Bureau. Before joining the FCC, she worked at the law firm of Wiley Rein. See, FCC release [PDF].

8/26. The Federal Communications Commission (FCC) released a document [2 pages in PDF] titled "Public Notice" that announces that the FCC has proposed to the Office of Management and Budget (OMB) changes to its annual reporting forms that request certain employee data from multichannel video programming distributors (MVPDs) (FCC Form 395-A) (OMB Control No. 3060-0095) and from broadcasters (FCC Form 395-B) (OMB Control No. 3060-0390). This item is FCC 08-194 in MM Docket No. 98-204.

8/25. The Federal Communications Commission (FCC) released its Notice of Proposed Rulemaking (NPRM) in its proceeding titled "In the Matter of Implementation of the NET 911 Improvement Act of 2008". It adopted this item on August 22, and announced it and released the text [34 pages in PDF] on August 25, 2008. This item had been on the agenda for the FCC's event titled "Open Commission Meeting" scheduled for August 22. However, the FCC cancelled this meeting just prior to its scheduled start time. This NPRM is FCC 08-195 in WC Docket No. 08-171.

8/25. The Federal Communications Commission (FCC) released its Notice of Inquiry (NOI) in its proceeding titled "In the Matter of Development of Devices Capable of Supporting Multiple Audio Entertainment Services". It adopted this item on August 22, and announced it and released the text [34 pages in PDF] on August 25, 2008. This NOI is FCC 08-196 in MB Docket No. 08-172.

8/22. The U.S. Court of Appeals (DCCir) issued its opinion [92 pages in PDF] in Free Enterprise Fund v. PCAOB, affirming the District Court's summary judgment for Public Company Accounting Oversight Board (PCAOB). The plaintiffs and amicus curiae parties challenged the Constitutionality of the portion of the Sarbanes Oxley Act that created the PCAOB.

8/22. The Bureau of Industry and Security (BIS) extended the deadline to submit comments in response to its Notice of Inquiry (NOI) regarding recommendations made by the Deemed Export Advisory Committee (DEAC) with respect to BIS's deemed export licensing policy. The BIS seeks comments on, among other things, whether the scope of technologies on the Commerce Control List (CCL) that are subject to deemed export licensing requirements should be narrowed, and if so, which technologies should be subject to deemed export licensing requirements. The original deadline was August 18, 2008. See, original notice in the Federal Register, May 19, 2008, Vol. 73, No. 97, at Pages 28795-28797. The new deadline is September 22, 2008. See, extension notice in the Federal Register, August 22, 2008, Vol. 73, No. 164, at Pages 49645-49646.

8/22. Federal Reserve Board (FRB) Chairman Ben Bernanke gave a speech in Jackson Hole, Wyoming, in which he metaphorically spoke of "software" as the "statutory, regulatory, and contractual frameworks and the business practices that govern the actions and obligations of market participants". He said that "one of the best ways to protect the financial system against future systemic shocks, including the possible failure of a major counterparty, is by strengthening the financial infrastructure, including both the ``hardware´´ and the ``software´´ components."

The House will not meet. It will return from its August recess on September 8.

The Senate will not meet. It will return from its August recess on September 8. It will hold momentary pro forma sessions until then to prevent President Bush from making recess appointments.

The Supreme Court will return on September 29, 2008. See, October Term 2008 calendar.

10:00 AM. The Securities and Exchange Commission (SEC) will meet. See, agenda. Location: SEC, Room L-002, 100 F St., NE.

1:00 PM. The Department of Homeland Security's (DHS) Science & Technology Directorate's Command, Control and Interoperability Division will host a demonstratation titled "Radio Over Wireless Broadband Technology". Location: Room 2154, Rayburn Building.

Deadline to submit comments to the Federal Communications Commission (FCC) in response to request for comments regarding regarding the treatment under its hearing aid compatibility rules of multi-mode and multi-band handsets and regarding the application of the de minimis exception to those rules. This request is FCC 08-68 in WT Docket No. 07-250. See, notice in the Federal Register, June 12, 2008, Vol. 73, No. 114, at Pages 33324-33326.

5:00 PM. Extended deadline to submit initial comments to the Copyright Office in response to its notice of proposed rulemaking regarding the scope and application of the Section 115 compulsory license to make and distribute phonorecords of a musical work by means of digital phonorecord deliveries. See, original notice in the Federal Register, July 16, 2008, Vol. 73, No. 137, at Pages 40802-40813. See also, extension notice in the Federal Register, August 13, 2008, Vol. 73, No. 157, at Pages 47113-47114.

Deadline to submit comments to the Securities and Exchange Commission (SEC) in response to its proposed rule that would, among other things, revise the mutual fund prospectus delivery obligations under § 5(b)(2) of the Securities Act of 1933 to permit sending or giving the key information directly to investors in the form of a summary prospectus and providing the statutory prospectus on a web site. See, notice in the Federal Register, August 6, 2008, Vol. 73, No. 152, at Page 45646.

Deadline to submit comments to the National Institute of Standards and Technology's (NIST) Computer Security Division (CSD) regarding its SP 800-68 Rev. 1 [125 pages in PDF] titled "Guide to Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist (DRAFT)".

Deadline to submit comments to the National Institute of Standards and Technology's (NIST) Computer Security Division (CSD) regarding its document [22 MB .zip file] titled "NIST Windows Security Baseline Database Application v0.2.7 (Beta)".

Labor Day. See, Office of Personnel Management's (OPM) list of 2008 federal holidays.

Deadline for first time manufacturers of digital to analog converter boxes to submit to the National Telecommunications and Information Administration (NTIA) notices of intent to participate in the NTIA's TV Converter Box Coupon Program. See, notice in the Federal Register, July 24, 2008, Vol. 73, No. 143, at Pages 43211-43212.

10:00 AM. The U.S. Court of Appeals (FedCir) will hear oral argument in IMX v. E-Loan, App. Ct. No. 2007-1175. Location: Courtroom 402.

Deadline for intergrovernmental review of applications for awards for Fiscal Year 2009 from the Department of Education's (DOE) Technology and Media Services for Individuals with Disabilities program. This program provides awards to "support educational media services activities designed to be of educational value in the classroom setting to children with disabilities" and to "provide support for captioning and video description of educational materials that are appropriate for use in the classroom setting". See, notice in the Federal Register, June 2, 2008, Vol. 73, No. 106, at Pages 31442-31448.

Deadline to submit reply comments regarding issues other than broadband availability mapping (BAM) to the Federal Communications Commission (FCC) in response to its Further Notice of Proposed Rulemaking (FNPRM) regarding BAM and modifications to the FCC Form 477 data collection. The FCC adopted this FNPRM on March 19, 2008, but did not release the text [81 pages in PDF] until June 12, 2008. It is FCC 08-89 in WC Docket No. 07-38.See, notice in the Federal Register, July 2, 2008, Vol. 73, No. 128, at Pages 37911-37922. See also, story titled "FCC Adopts Order Regarding Broadband Data Collection" in TLJ Daily E-Mail Alert No. 1,734, March 20, 2008.

EXTENDED TO SEPTEMBER 15. Deadline to submit reply comments to the Copyright Office in response to its notice of proposed rulemaking regarding the scope and application of the Section 115 compulsory license to make and distribute phonorecords of a musical work by means of digital phonorecord deliveries. See, original notice in the Federal Register, July 16, 2008, Vol. 73, No. 137, at Page 40802-40813. See also, extension notice in the Federal Register, August 13, 2008, Vol. 73, No. 157, at Pages 47113-47114.

Deadline to submit to the National Telecommunications and Information Administration (NTIA) applications for membership on the NTIA's Commerce Spectrum Management Advisory Committee (CSMAC). The applicable positions have two year terms that commence in in December of 2008. See, notice in the Federal Register, August 1, 2008, Vol. 73, No. 149, at Pages 44972-44973.

10:00 AM. The U.S. Court of Appeals (FedCir) will hear oral argument in Rentrop v. Spectranetics, App. Ct. No. 2007-1560. Location: Courtroom 402.

10:00 AM. The U.S. Court of Appeals (FedCir) will hear oral argument in Commonwealth Scientific v. Toshiba, App. Ct. No. 2008-1108. Location: Courtroom 203.

1:00 PM. The Department of Health and Human Services' (DHHS) American Health Information Community's (AHIC) Electronic Health Records Workgroup may meet. AHIC meetings are often noticed, but cancelled. Location: Switzer Building, 330 C St., SW.

Tech Law Journal publishes a free access web site and subscription e-mail alert. The basic rate for a subscription to the TLJ Daily E-Mail Alert is $250 per year. However, there are discounts for subscribers with multiple recipients. Free one month trial subscriptions are available. Also, free subscriptions are available for journalists, federal elected officials, and employees of the Congress, courts, and executive branch. The TLJ web site is free access. However, copies of the TLJ Daily E-Mail Alert are not published in the web site until one month after writing. See, subscription information page.

Contact: 202-364-8882.
P.O. Box 4851, Washington DC, 20008.

Privacy Policy
Notices & Disclaimers
Copyright 1998-2008 David Carney, dba Tech Law Journal. All rights reserved.