3/22. The Senate Judiciary Committee (SJC) announced that its Subcommittee on Crime and Drugs will hold a field hearing titled "Video Laptop Surveillance: Does Title III Need to Be Updated?" at the federal courthouse in Philadelphia, Pennsylvania, on Monday, March 29.

Laptops can be used for video surveillance in many ways. However, this hearing will address a set of issued raised by a complaint filed in the U.S. District Court (EDPa) last month in Robbins v. Lower Marion School District. See, related stories in this issue titled "Class Action Complaint Alleges School District Use of Laptops to Surveil Students" and "Analysis of Claims in Robbins v. Lower Marion School District".

The complaint [17 pages in PDF] alleges violation of various federal and state laws related to government surveillance. The complaint alleges that a school district in suburban Philadelphia secretly used webcams in internet connected laptops issued to high school students to monitor their activities.

The allegations contained in the complaint, if true, describe an affront by school officials to the privacy interests of students and their families. Whether or not these allegations, if true, also constitute one or more violations of federal law is a matter that lies within the exclusive province of the judicial branch to decide. It has not yet done so.

The Chairman of the Subcommittee on Crime and Drugs is Sen. Arlen Specter (D-PA). He, and all of the other members of the Subcommittee, are elected members of the legislative branch.

The hearing will be held in a courtroom of the U.S. District Court for the Eastern District of Pennsylvania. This is the same court in which the Robbins case is pending.

This SJC hearing is an affront to the doctrine of separation of powers between the judiciary and legislative branches that is embodied in the Constitution.

The witnesses will be Kevin Bankston (Electronic Frontier Foundation), Robert Richardson (Computer Security Institute), Larry Silver (Langsam Stevens & Silver), Marc Rotenberg (Electronic Information Privacy Center), and John Livingston ( Absolute Software Corporation).

The hearing will be held in Courtroom 3B, U.S. District Court (EDPa), 900 Market Street, Philadelphia, Pennsylvania.

3/22. Blake, Michael and Holly Robbins filed a complaint [17 pages in PDF] in the U.S. District Court (EDPa) on February 11, 2010, against the Lower Marion School District (LMSD) and others alleging violation of the Electronic Communications Privacy Act (18 U.S.C. § 2511), Computer Fraud and Abuse Act (18 U.S.C. § 1030), and Stored Communications Act (18 U.S.C. § 2701), violation of their rights under the 4th Amendment (42 U.S.C. § 1983), and violation of other laws, in connection with the school district's alleged clandestine and unauthorized use of school issued laptop computers to engage in remotely controlled webcam monitoring of students in their homes.

On March 8, 2010, David Ebby, President of the Board of Directors of the LMSD, gave a speech at a school board meeting in which he disclosed some information regarding the school district's activities and the lawsuit.

On March 22, 2010, the Senate Judiciary Committee (SJC) announced that it will hold a hearing on the topic in Philadelphia on March 29. The Senate will begin is Spring recess at the end of this week.

Summary of Complaint. The plaintiffs are Michael and Holly Robbins (parents) and Blake Robbins (their laptop wielding son). They also seek to represent a class of similarly situated persons. The complaint states that this would be about 1,800 students at two high schools in the district, and their immediate family members.

The defendants are the LMSD, located in suburban Philadelphia, Pennsylvania, and its Board of Directors and Superintendent.

The complaint alleges that "Unbeknownst to Plaintiffs and the members of the Class, and without their authorization, Defendants have been spying on the activities of Plaintiffs and Class members by Defendants' indiscriminate use of and ability to remotely activate the webcams incorporated into each laptop issued to students by the School District."

The complaint states that every student in two high schools receives a personal laptop, but no documents or disclosures reveals any reference "to the fact that the school district has the ability to remotely activate the embedded webcam at any time the school district wished to intercept images from that webcam of anyone or anything appearing in front of the camera at the time of activation".

The complaint contains no allegation that school district ever activated any audio microphone in any of these personal laptops. Nor does the complaint allege that the school district ever intercepted any voice over internet protocol communications, email or data. Nor does the complaint allege that the school district ever accessed any student's stored documents on any of these personal laptops or any student's data stored elsewhere.

The complaint contains no allegation that the school district's activation of  webcams extended to any laptop or computer owned by a student.

The complaint also alleges that an LMSD Assistant Principal "informed minor Plaintiff that the School District was of the belief that minor Plaintiff was engaged in improper behavior in his home, and cited as evidence a photograph from the webcam embedded in the minor Plaintiff's personal computer issued by the School District".

The plaintiffs seek money, including compensatory damages and punitive damages, as well as injunctive relief.

For a summary and analysis of the claims pled in the complaint, see related story in this issue titled "Analysis of Claims in Robbins v. Lower Marion School District".

The complaint also alleges that the laptop webcams captured images of students and/or their parents "in compromising or embarrassing positions, including, but not limited to, in various states of dress or undress".

The complaint adds that "Should discovery disclose that Defendants are in possession of images constituting child pornography" under Pennsylvania state law, then "Plaintiffs will amend this Complaint".

LMSD Statements. Board President David Ebby stated on March 8 that the school district "immediately disabled" the application. He also announced the commencement of an internal investigation.

He also disclosed that the application installed on the student laptops is made by LanRev. He described it as a "security application".

The LMSD also describes the use of this application in a web page titled "Laptop Security FAQ". The LMSD describes the application as a "tracking-security feature" intended to "recover lost, stolen or missing student laptops".

The LMSD adds that "Upon a report of a suspected lost, stolen or missing laptop, the feature was activated by the district's and technology department. The tracking-security feature took a still image from the webcam and  a screenshot."

This company has been acquired by Absolute Software Corporation. The SJC announced that John Livingston, the Chairman and CEO of Absolute Software, will testify at its hearing on March 29.

Absolute Software states in its web site that it makes products for "tracking, managing and securing mobile computers and devices for better data protection, easier IT asset management and managed computer theft recovery".

This case is Blake Robbins, et al. v. Lower Marion School District, et al., U.S. District Court for the Eastern District of Pennsylvania.

3/22. This article summarizes and analyzes the major claims alleged in the complaint [17 pages in PDF] in Robbins v. Lower Marion School District. The complaint alleges that the school district engaged in clandestine and unauthorized use of school issued laptop computers with remotely controlled video cameras to monitor students in their homes.

While these allegations, if true, sound inherently objectionable, the major legal theories pled in the complaint -- under the ECPA/Wiretap Act, Computer Fraud and Abuse Act, and Stored Communications Act -- are quite arguably inapplicable to the factual allegations pled in the complaint.

Electronic Communications Privacy Act. The complaint alleges violation of the Electronic Communications Privacy Act (ECPA).

In 1968 the Congress enacted the Omnibus Crime Control and Safe Streets Act of 1968. Title III of this Act addressed wiretaps in the context of analog telephone networks, and bugs. Title III is also sometimes referred to as the Wiretap Act. (There is also a Wire Act, a different statute that deals with gambling.) In 1986 the Congress enacted the ECPA, amending the Wiretap Act, to include "electronic communications", and thereby bring internet based communications technologies within the scope of the statute.

The core of the statute is prohibiting interception or bugging of the conversions, phone calls, and electronic communications of others. The alleged activities of the school district fall short of violating this statute because there is no allegation interception of any communications.

The statute provides at 18 U.S.C. § 2511 that "any person who ... intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication ... shall be punished ..."

It also provides that "any person who ... intentionally uses, or endeavors to use, the contents of any wire, oral, or electronic communication, knowing or having reason to know that the information was obtained through the interception of a wire, oral, or electronic communication in violation of this subsection ... shall be punished ..."

The complaint references both of these prohibitions.

The statute also provides, at 18 U.S.C. § 2520, for private rights of action for violation of the above quoted prohibitions: "any person whose wire, oral, or electronic communication is intercepted, disclosed, or intentionally used in violation of this chapter may in a civil action recover from the person or entity, other than the United States, which engaged in that violation such relief as may be appropriate".

18 U.S.C. § 2510 defines an "electronic communication" as "any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectronic or photooptical system that affects interstate or foreign commerce ..." Transfer of  images and video in digital format over the internet can be an "electronic communication".

But, there is no transfer or communication of electronic data in this case. Nor is there any interception of any communication.

The older provisions of the statute address wiretaps and bugs, which go to oral communications. The complaint in this case goes to images, which cannot implicate the prohibition on intercepts of wire or oral communications.

The complaint therefore cites the ECPA amendments, and alleges interception of "electronic communications". But, the complaint alleges no interception. For example, were students sending email or electronic data back and forth, and if the school district were intercepting those, that would be electronic communications intercepts. But, the complaint does not allege this.

Also, a student may carry on a conversation with others at home when the school district activates the web cam on the laptop of that student. But, a web cam cannot capture these oral communications. If the school district had instead activated a microphone in the laptop, that would be an oral communications intercept. But the complaint does not allege this.

The facts alleged in the complaint therefore quite arguable do not constitute a violation of Section 2511.

Computer Fraud and Abuse Act. The Computer Fraud and Abuse Act (CFAA), which is codified at 18 U.S.C. § 1030, is the federal computer hacking statute. It prohibits many types of conduct, and allows a private right of action for violation of some but not all of these prohibitions.

But first, it should be recalled that the Congress enacted changes to Section 1030 in the 110th Congress in HR 5938 [LOC | WW], which combined the "Former Vice President Protection Act" with the "Identity Theft Enforcement and Restitution Act". Former President Bush signed it into law on September 26, 2008. It is now Public Law No. 110-326. For an explanation of the changes to Section 1030 enacted in this statute, see story titled "House Passes Section 1030 Bill" in TLJ Daily E-Mail Alert No. 1,826, September 16, 2008. The plaintiffs' original complaint quotes some language from the statute as it existed prior to enactment of HR 5938.

Subsection 1030(a) contains the basic prohibitions. The complaint pleads violation of subsection 1030(a)(2)(C): "Whoever ... intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains ... information from any protected computer;"

Subsection 1030(b) is brief, and addresses conspiracy.

Subsection 1030(c) provides criminal penalties, but is nevertheless key to this civil action because the private right of action subsection refers back to this subsection.

Subsection 1030(d) addresses the authority of the Secret Service and Federal Bureau of Investigation (FBI).

Subsection 1030(e) contains definitions, which are critical in this case.

Subsection 1030(f) contains an exemption from liability for law enforcement and intelligence activities.

Subsection 1030(g) provides for private rights of action.

At the core of the statute are the concepts of accessing a protected computer "without authorization", or "exceeding authorized access". This presents one obstacle to the plaintiffs' CFAA claim. All of the laptops at issue were owned by the school district. Thus, it was accessing computers that it owned. It authorized itself.

Also, the statute is directed at protecting computers, computer systems, and the data stored thereon. The CFAA does not protect what is outside of the protected computers, except to the extent that damaging a computer system causes outside damage. In the present case, the school district caused no damage to the laptops, or data thereon, and is merely alleged to have used the laptops to surveil activity outside of the laptops. The CFAA is not directed at this type of activity.

Also, for private rights of action under the CFAA, there must be loss, physical injury, or damage. And this is lacking.

Subsection 1030(g) provides in part that "Any person who suffers damage or loss by reason of a violation of this section may maintain a civil action against the violator to obtain compensatory damages and injunctive relief or other equitable relief. A civil action for a violation of this section may be brought only if the conduct involves 1 of the factors set forth in subclauses (I), (II), (III), (IV), or (V) of subsection (c)(4)(A)(i). Damages for a violation involving only conduct described in subsection (c)(4)(A)(i)(I) are limited to economic damages."

The language of Subsection 1030(c)(4)(a)(i)(I)-(V) is as follows:

(I) loss to 1 or more persons during any 1-year period (and, for purposes of an investigation, prosecution, or other proceeding brought by the United States only, loss resulting from a related course of conduct affecting 1 or more other protected computers) aggregating at least $5,000 in value;

(II) the modification or impairment, or potential modification or impairment, of the medical examination, diagnosis, treatment, or care of 1 or more individuals;

(III) physical injury to any person;

(IV) a threat to public health or safety;

(V) damage affecting a computer used by or for an entity of the United States Government in furtherance of the administration of justice, national defense, or national security

Subsection 1030(e) defines "damage" to be "any impairment to the integrity or availability of data, a program, a system, or information".

The plaintiffs must allege and prove one of these five items. But, most likely, they cannot. II through V are all clearly inapplicable. II only deals with medical matters. III requires physical injury. IV requires a public safety threat. V requires damage to a computer used for justice or national defense. The plaintiffs complaint therefore appears to rely on I.

This is tenuous, because the statute defines "loss" as "any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service".

The caption to the CFAA count refers to "THEFT OF INTELLECTUAL PROPERTY UNDER THE CFAA".

There is no crime of, or private right of action for, theft of IP. Rather, infringement is actionable. The complaint may be making the argument the school district has inflicted "economic damages" "aggregating at least $5,000 in value" by infringing the students' copyrights in their photographs. But, who is the author and copyright holder -- the student who opens and turns on the laptop, or the school district employee who activates the remote webcam, and saves images? Are pictures from a remotely activated webcam even copyrightable subject matter? Where is the creativity? Even if the student is a copyright holder, and infringement has occurred, how has the student suffered $5,000 in damages. Can the student rely upon statutory damages, when Section 1030 requires both "economic damages" and "reasonable cost to any victim". Can the student show that he or she has suffered economic loss when the school district has not published and sold the pictures, and when there is arguably no market value for the webcam pictures at issue?

The point is that the plaintiffs are unlikely to be able to meet the economic loss requirement of a CFAA claim.

Finally, the complaint may lack the requisite allegations of interstate commerce. Congressional authority to enact Section 1030 is based upon the "interstate commerce" clause of the Constitution. The specific prohibition relied upon by the plaintiffs previously required "interstate or foreign communication", but that clause was removed in 2008. The statute's definition of "protected computer" still requires that the computer be "used in or affecting interstate or foreign commerce or communication". While the Congress and federal courts have employed all manner of legal contortion to read the word "interstate" out of the Constitution, the facts remain that the students, the laptops, and the monitoring in this case all took place within one narrow vicinity inside of the state of Pennsylvania.

Rep. Bobby Scott (D-VA) stated in the House in 2008 that "to address the increasing number of computer hacking crimes that involve computers that may be located within the same State, the bill removes the current proof requirement that a computer's information must be stolen through an interstate or international communication. The fact that you are using Internet will still satisfy the interstate commerce requirements of the Constitution."

In conclusion, the plaintiffs face many high and perhaps insurmountable hurdles to prevailing in this case on a CFAA claim.

Stored Communications Act. The complaint also alleges violation of the Store Communications Act (SCA), which is codified at 18 U.S.C. § 2701, et seq. 18 U.S.C. § 2707 provides for a private right of action for violation of the prohibitions of Section 2701.

Subsection 2701(a) provides in part that "whoever ... intentionally accesses without authorization a facility through which an electronic communication service is provided; or ... intentionally exceeds an authorization to access that facility ... and thereby obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system shall be punished ..."

Section 2702 contains further prohibitions. For example, "a person or entity providing an electronic communication service to the public shall not knowingly divulge to any person or entity the contents of a communication while in electronic storage by that services". However, the complaint alleges violation of Section 2701, but not Section 2702.

The complaint pleads with vagueness that the defendants' "use of software/hardware to remotely activate the webcams complained of and to obtain their images constitutes an unauthorized acquisition of stored electronic communications in violation of the SCA".

The essence of Section 2701 is protecting stuff stored on a computer. While the students at the two high schools in question likely store lots of stuff on their school issued laptops, the school district is not alleged to have accessed that stuff. Rather, it is alleged to have used the laptops to engage in video surveillance. The SCA is not directed at this activity.

First, there is an "authorization" issue. The school district owns the laptops which it has allegedly accessed. It can argue that it authorized itself and its employees to access its own property.

Second, Section 2701 pertains to a "facility through which an electronic communication service is provided". The plaintiffs must therefore argue that every student with a laptop is an "electronic communications service" provider.

Section 2510 provides the definition of "electronic communication service". It is "any service which provides to users thereof the ability to send or receive wire or electronic communications". These students with laptops do not meet this definition.

If the plaintiffs argue the students are providing an electronic communication service to the school district employees who monitor them -- a very tenuous argument -- then there is also the exception provided in subsection 2701(c), which provides that subsection 2701(a) does not apply to "conduct authorized ... by a user of that service with respect to a communication of or intended for that user".

There is also the matter that subsection 2701(a) requires obtaining "a wire or electronic communication while it is in electronic storage". The plaintiffs must therefore argue that webcam image or video is a "wire or electronic communication" and that it is in storage on the student's laptop.

A "wire communication" is a term or art. Section 2510 restricts it to an "aural transfer". Images and video are not aural.

Section 2510 defines an "electronic communication" as "any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectronic or photooptical system that affects interstate or foreign commerce ..." Transfer of  images and video can be an "electronic communication".

However, there remains the requirement of obtaining the stuff while in "electronic storage". Section 2510 defines electronic storage as "any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission thereof; and ... any storage of such communication by an electronic communication service for purposes of backup protection of such communication".

In the present case, the allegation is not that students are operating a web cam on their laptops, and storing images and video on these laptops, which the school district then accesses for the purpose of obtaining copies of the images. This would be obtaining something in electronic storage. Rather, the allegation is that the school district is activating and operating the web cam itself, and then storing images or video on another computer. The school district is creating, not accessing, images.

Finally, as with the CFAA count, there are interstate commerce issues.

In short, the SCA claim is likely untenable for multiple reasons, but most especially, the necessity of asserting that every student with a laptop is an "electronic communications service" provider.

4th Amendment and Section 1983. 42 U.S.C. § 1983 provides a private right of action for violation of Constitutional rights by a state government. The right at issue in this case is the 4th Amendment protection against unreasonable searches and seizures.

Section 1983 provides in relevant part as follows: "Every person who, under color of any statute, ordinance, regulation, custom, or usage, of any State or Territory or the District of Columbia, subjects, or causes to be subjected, any citizen of the United States or other person within the jurisdiction thereof to the deprivation of any rights, privileges, or immunities secured by the Constitution and laws, shall be liable to the party injured in an action at law, suit in equity, or other proper proceeding for redress, ..."

The 4th Amendment provides in full that "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

The Supreme Court has held that the 4th Amendment applies to the states. The school district in this case is a political subdivision of the state of Pennsylvania.

For the 4th Amendment to apply, there must be a search, by the government, that is unreasonable, and without a search warrant issued by the court. The school district did not go to the court for a search warrant in the present case. Moreover, it is a government entity.

Hence, the remaining issues are whether the alleged activities of the school district constitute a search within the meaning of the 4th Amendment, and if so, were these searches unreasonable.

The act of activating the webcam and taking pictures is arguably a search.

Other Counts. Finally, the complaint alleges a federal privacy claim, and two Pennsylvania state law claims. This article does not attempt to analyze the merits of these claims.

Elections and Legislation. In a democratic state operating under the rule of law the people can rely upon numerous processes to protect them from abuse and misconduct of their government. Among these processes are the filing of complaints with the judiciary alleging violation of statutes, and seeking injunctive relief and monetary damages, as the plaintiffs have done in this case.

However, other processes include elections and the legislative process. Public schools are political subdivisions of state governments. They are regulated by state law, and funded in part by state appropriations. They are administered by locally elected officials.

So, for example, in situations such as the present one, voters who reside within the boundaries of a school district can vote the members of the school board out of office, and replace them with new members more committed to respecting the privacy interests of students and their families.

Similarly, voters can elect and petition members of the state legislative branch to write state education laws that bar the sort of surveillance alleged in this case.

When school districts engage in the sort of privacy invasive activities alleged in the Robbins case, electoral and legislative processes can often be relied upon to correct any existing abuses, and deter future abuses.

Such electoral and legislative processes are also more likely to be effective in situations, such as the present one, where the government's conduct targets a huge and diverse group of people, rather than an individual or a small, discreet and insular minority.

Thus, even if the claims pled in the complaint are dismissed by pretrial dispositive motions, the privacy interests of students and families in LMSD and elsewhere may be protected by other political processes.

The House will meet at 10:30 AM for morning hour, and at 12:00 NOON for legislative business. The agenda includes consideration, under suspension of the rule, of HR 4098 [LOC | WW], the "Secure Federal File Sharing Act". See, Rep. Hoyer's schedule for week of March 22, and schedule for March 23.

The Senate will meet at 2:15 PM. It will begin consideration of HR 4872 [LOC | WW], the "Health Care and Education Reconciliation Act".

8:00 AM - 6:00 PM. The TechAmerica will host an event titled "20th Annual Federal CIO Survey Conference". See, conference web site. Location: Grand Hyatt, 1000 H St., NW.

9:00 AM - 12:30 PM. The Technology Policy Institute (TPI) will host an event titled "FCC's National Broadband Plan: The Early Reaction". The speakers will include Blair Levin (FCC), Thomas Lenard (TPI), James Cicconi (AT&T), Kyle McSlarrow (NCTA), Peter Pitsch (Intel), Gregory Rosston (Stanford Institute for Economic Policy Research), Thomas Tauke (Verizon), John Mayo (Georgetown Center for Business and Public Policy), Robert Crandall (Brookings Institution), Walter McCormick (USTelecom), Lee Rainie (Pew Internet and America Life Project), Robert Shapiro (Georgetown Center for Business and Public Policy), and Joseph Waz (Comcast). See, registration page. For more information, contact Ashley Creel at 202-828-4405. Location: National Press Club, First Amendment Lounge, 13th floor, 529 14th St., NW.

RESCHEDULED FOR APRIL 14. 9:30 AM. The Senate Judiciary Committee (SJC) will hold a hearing titled "Oversight of the Department of Justice". The witness will be Attorney General Eric Holder. See, notice. Location: Room 226, Dirksen Building.

10:00 AM - 12:00 NOON. The House Science Committee's (HSC) Subcommittee on Technology and Innovation will hold a hearing titled "NIST Structure and Authorities, Its Role in Technical Standards, and Federal Coordination on Technical Standards". The HSC will webcast this event. Location: Room 2318, Rayburn Building.

1:00 PM. The Securities and Exchange Commission (SEC) will host a public seminar on eXtensible Business Reporting Language (XBRL), which enables interactive data. See, notice. Location: SEC, 100 F St., NE.

2:30 PM. The Senate Homeland Security and Government Affairs Committee's (SHSGAC) Subcommittee on Federal Financial Management, Government Information, Federal Services, and International Security will hold a hearing titled "Removing the Shroud of Secrecy: Making Government More Transparent and Accountable". The witnesses will include Vivek Kundra (EOP), Aneesh Chopra (EOP), David Ferriero (National Archives and Records Administration), Rob Pinkerton (Adobe Systems), and others. See, notice. Location: Room 342, Dirksen Building.

2:30 PM. The Senate Commerce Committee (SCC) will hold a hearing titled "Reviewing the National Broadband Plan". FCC Chairman Julius Genachowski will testify. See, FCC staff report [376 pages in PDF] titled "A National Broadband Plan for Our Future" and story titled "FCC Releases National Broadband Plan" in TLJ Daily E-Mail Alert No. 2,058, March 15, 2010. See, SCC notice. Location: Room 253, Russell Building.

4:00 - 6:00 PM. The House Intelligence Committee (HIC) will hold a closed hearing titled "FY11 Budget: National Cyber Security". See, notice. Location: Room HVC-304, Capitol Building.

The House will meet at 10:00 AM for legislative business. See, Rep. Hoyer's schedule for week of March 22.

8:00 - 9:00 AM. The Federal Communications Bar Association's (FCBA) Privacy and Data Security Committee will host an event titled "Coffee and Croissants with London Data Privacy Partner, Cynthia O'Donoghue". Register with Desiree Logan at dlogan at reedsmith dot com or 202-414-9318. Location: Reed Smith, East Tower, 1301 K St., NW.

8:30 AM - 5:00 PM. Day one of a two day meeting of the Department of the Interior's (DOI) U.S. Geological Survey's (USGS) National Geospatial Advisory Committee (NGAC). See, notice in the Federal Register, March 5, 2010, Vol. 75, No. 43, at Page 10309. Location: One Washington Circle Hotel, 1 Washington Circle, NW.

9:00 AM - 4:00 PM. The Office of the National Coordinator for Health Information Technology's HIT Policy Committee will meet. See, notice in the Federal Register, February 26, 2010, Vol. 75, No. 38, at Pages 8954-8955. Location: Omni Shoreham Hotel, 2500 Calvert St., NW.

10:00 AM. The House Ways and Means Committee (HWMC) will hold a hearing titled "China's Exchange Rate Policy". The HWMC will webcast this event. See, notice. Location: Room 1100, Longworth Building.

10:00 AM. The House Appropriations Committee's (HAC) Subcommittee on Commerce, Justice, State and Related Agencies will hold a hearing titled "National Science Foundation Budget Overview". The witness will be Arden Bement (NSF Director). Location: Room H-309, Capitol Building.

10:30 AM - 12:30 PM. The House Science Committee's (HSC) Subcommittee on Technology and Innovation will hold a hearing titled "Supporting Innovation in the 21st Century Economy". The witnesses will include Aneesh Chopra (EOP's Office of Science and Technology Policy), Rob Atkinson (Information Technology and Innovation Foundation), Dan Breznitz (Georgia Tech University), and Paul Holland (Foundation Capital). The HSC will webcast this event. Location: Room 2318, Rayburn Building.

2:00 PM. The House Oversight and Government Reform Committee's (HOGRC) Subcommittee on Government Management, Organization and Procurement Subcommittee will hold a hearing titled "Federal Information Security: Current Challenges And Future Policy Considerations". See, notice. The HOGRC will webcast this event. Location: Room 2154, Rayburn Building.

2:00 - 4:00 PM. The House Intelligence Committee (HIC) will hold a closed hearing titled "FY11 Budget: DoJ Intelligence". See, notice. Location: Room HVC-304, Capitol Building.

2:00 PM. The Federal Communications Commission's (FCC) Advisory Committee on Diversity for Communications in the Digital Age will meet. See, notice in the Federal Register, February 5, 2010, Vol. 75, No. 24, at Pages 6031-6032. Location: FCC, Commission Meeting Room, 445 12th St., SW.

2:30 PM. The Senate Judiciary Committee (SJC) will hold a hearing on the nominations of Goodwin Liu to be a Judge of the U.S. Court of Appeals (9thCir) and Kimberly Mueller to be Judge of the U.S. District Court for the Eastern District of California. See, notice. The SJC will webcast this event. Location: Room 226, Dirksen Building.

2:30 PM. The Federal Trade Commission's (FTC) Bureau of Economics (BOE) will host a seminar presented by Simon Anderson (University of Virginia Department of Economics). His research focuses on advertising, search and information. For more information, contact Loren Smith lsmith2 at ftc dot gov or Tammy John tjohn at ftc dot gov. Location: FTC, Conference Center, 601 New Jersey Ave., NW.

2:30 PM. Deputy U.S. Trade Representative Demetrios Marantis and the People's Republic of China's Vice Minister of Commerce Zhong Shan will hold a closed meeting.

5:00 PM. Deadline to submit comments to the Executive Office of the President's (EOP) Office of Management and Budget's (OMB) Intellectual Property Enforcement Coordinator regarding coordination of federal efforts to enforce intellectual property rights. See, notice in the Federal Register, February 23, 2010, Vol. 75, No. 35, at Page 8137-8139.

TIME? The U.S.-China Economic and Security Review Commission will hold a hearing titled "China's Industrial Policy and its Pillar Industries". This event is open to the public. Location: Room 236, Russell Building, Capitol Hill.

The House will meet at 10:00 AM for legislative business. See, Rep. Hoyer's schedule for week of March 22.

8:30 AM - 4:30 PM. Day two of a two day meeting of the Department of the Interior's (DOI) U.S. Geological Survey's (USGS) National Geospatial Advisory Committee (NGAC). See, notice in the Federal Register, March 5, 2010, Vol. 75, No. 43, at Page 10309. Location: One Washington Circle Hotel, 1 Washington Circle, NW.

10:00 AM. The Senate Judiciary Committee (SJC) will hold an executive business meeting. The agenda includes consideration of S 3111 [LOC | WW], the "Faster FOIA Act of 2010", a bill to create a powerless commission that would write a toothless report on why federal officials do not comply with the federal Freedom of Information Act (FOIA), which is codified at 5 U.S.C. § 552. The agenda also includes consideration judicial nominees: Sharon Coleman (to be a Judge of the U.S. District Court for the Northern District of Illinois), Gary Feinerman (USDC/NDIll), and William Martinez (USDC/DColo). The SJC rarely follows its published agendas. The SJC will webcast this event. See, notice. Location: Room 226, Dirksen Building.

10:00 AM. The House Commerce Committee's (HCC) Subcommittee on Communications, Technology, and the Internet (SCTI) will hold a hearing on the FCC staff report [376 pages in PDF] titled "A National Broadband Plan for Our Future". See, HCC notice, and story titled "FCC Releases National Broadband Plan" in TLJ Daily E-Mail Alert No. 2,058, March 15, 2010. Location: Room 2123, Rayburn Building.

2:00 PM. The House Appropriations Committee's (HAC) Subcommittee on Commerce, Justice, State and Related Agencies will hold a hearing titled "USPTO FY 2011 Budget Overview". The witness will be David Kappos (head of the U.S. Patent and Trademark Office). Location: Room H-309, Capitol Building.

6:00 - 8:00 PM. The Federal Communications Bar Association's (FCBA) Young Lawyers Committee will host an event titled "Happy Hour". For more information, contact Nguyen Vu at nguyen dot vu at bingham dot com or Micah Caldwell at mcaldwell at fh-law dot com. Location: Mackey's Public House, 1823 L St., NW.

The House will meet at 9:00 AM for legislative business. See, Rep. Hoyer's schedule for week of March 22.

RESCHEDULED FOR MARCH 31. 9:00 AM. The Federal Communications Commission's (FCC) Public Safety and Homeland Security Bureau (PSHSB) will hold a meeting regarding the public safety and homeland security related portions of the FCC's March 16, 2010, staff report [376 pages in PDF] titled "National Broadband Plan". Location: FCC, Commission Meeting Room.

10:00 AM - 12:00 NOON. The Department of State's (DOS) International Telecommunication Advisory Committee (ITAC) will meet by teleconference to prepare for an April 19-30, 2010, meeting of International Telecommunication Union's (ITU) Telecommunication Standardization Sector's (ITU-T) Study Group 13 (Future networks including mobile and Next Generation Networks). See, notice in the Federal Register, March 9, 2010, Vol. 75, No. 45, at Page 10860.

12:00 NOON. The American Bar Association's (ABA) Antitrust Section will host a brown bag lunch titled "60 Minutes with the Antitrust Division". The speakers will include Christine Varney, William Cavanaugh, and Molly Boast. Location: Wilmer Hale, 1875 Pennsylvania Ave., NW.

5:00 PM. Extended deadline to submit to the Department of Commerce's (DOC) National Telecommunications and Information Administration (NTIA) applications for Comprehensive Community Infrastructure (CCI) projects under the Broadband Technology Opportunities Program (BTOP). See, notice in the Federal Register, March 8, 2010, Vol. 75, No. 44, at Page 10464.

Passover begins at sunset.

The House will not meet the week of March 29 - April 2, 2010, or the week of April 5-9, 2010. See, 2010 House calendar.

The Senate will not meet the week of March 29 - April 2, 2010, or the week of April 5-9, 2010. See, 2010 Senate calendar.

3:00 PM. Deadline to submit to the National Institute of Standards and Technology (NIST) a "Letter of Intent" to request grant money under the NIST Construction Grant Program for FY 2010. This $50 Million program subsidizes the construction of research science buildings of colleges, universities, and non-profit science research organizations. See, notice in the Federal Register, March 2, 2010, Vol. 75, No. 40, at Pages 9392-9397.

5:00 PM. Extended deadline to submit to the Rural Utilities Service (RUS) applications under the second round Notice of Funds Availability (NOFA) for the Broadband Initiatives Program (BIP). See, notice in the Federal Register, March 8, 2010, Vol. 75, No. 44, at Pages 10455-10456.

Deadline to submit comments to the Rural Utilities Service (RUS) in response to its Notice of Proposed Rulemaking (NPRM) regarding changing the requirements for Emergency Restoration Plans (ERPs) to include compliance with the requirements established by the Federal Emergency Management Agency (FEMA) for public assistance grant eligibility in the event of a declared disaster. See, notice in the Federal Register, January 26, 2010, Vol. 75, No. 16, at Pages 4006-4007.

8:45 AM - 5:00 PM. Day one of a two day meeting of the National Nanotechnology Coordination Office (NNCO) and the Executive Office of the President's (EOP) Office of Science and Technology Policy's (OSTP) National Science and Technology Council's (NSTC) Nanoscale Science, Engineering, and Technology (NSET) Subcommittee. The meeting will address "science related to environmental, health, and safety aspects of nanomaterials". See, notice in the Federal Register, February 26, 2010, Vol. 75, No. 38, at Pages 9007-9008. Location: Holiday Inn Rosslyn-Key Bridge, 1900 N. Fort Myer Drive, Arlington, VA.

9:00 AM - 5:00 PM. Day one of a two day meeting of Department of Energy's (DOE) Office of Science's Advanced Scientific Computing Advisory Committee (ASCAC). The agenda for March 30 includes "Exascale Computing". See, notice in the Federal Register, March 4, 2010, Vol. 75, No. 42, at Page 9887. Location: American Geophysical Union, 2000 Florida Ave., NW.

2:00 - 3:30 PM. The Department of Justice's (DOJ) Antitrust Division will host a seminar presented by James Roberts (Duke University) titled "Entry and Selection in Auctions". For more information, contact Patrick Greenlee at 202-307-3745 or atr dot eag at usdoj dot gov. Location: DOJ, Liberty Square Building, 450 5th St., NW.

Deadline to submit reply comments to the Federal Communications Commission (FCC) in response to its Second Further Notice of Proposed Rulemaking (2ndFNPRM) regarding the Emergency Alert System (EAS) The FCC adopted this item on January 12, 2010, and released the text [23 pages in PDF] on January 14. It is FCC 10-11 in EB Docket No. 04-296. See, notice in the Federal Register, January 29, 2010, Vol. 75, No. 19, at Pages 4760-4768.

3/22. The complaint [17 pages in PDF] in Robbins v. Lower Marion School District does not plead violation of 18 U.S.C. § 2252A.

This is a broadly worded statute that criminalizes, among other things, receiving child pornography (CP) images by computer. The age cutoff is high enough to cover images of high school students. The definition of CP covers sexual activity, including masturbation, by such students.

Moreover, the statute provides a private right of action, and punitive damages. If the courts interpret this statute literally, then school districts that use webcams to monitor students, and catch them in sexual activities, risk criminal prosecution, and civil lawsuits.

This criminal prohibition provides, in subsection 2252A(a), that "Any person who ... knowingly receives or distributes ... any child pornography that has been mailed, or using any means or facility of interstate or foreign commerce shipped or transported in or affecting interstate or foreign commerce by any means, including by computer ... shall be punished ..."

18 U.S.C. § 2256 defines CP to include "any visual depiction, including any photograph, film, video, picture, or computer or computer-generated image or picture, whether made or produced by electronic, mechanical, or other means, of sexually explicit conduct" that "involves the use of a minor engaging in sexually explicit conduct".

This section also defines "minor" as "any person under the age of eighteen years". It defines "sexually explicit conduct" to include "masturbation", as well as a full menu of activities involving two or more persons.

Subsection 2252A(f) provides a private right of action. "Any person aggrieved by reason of the conduct prohibited under subsection (a) ... may commence a civil action for ... compensatory and punitive damages ..."

See also, 18 U.S.C. § 2252, which also criminalizes knowingly receiving images by computer that depict CP. However, it contains no private right of action.

Thus, if any LMSD employee received any webcam image of any student or other family member under the age of 18 engaged in the act of masturbation, or other sexually explicit conduct, then the person who knowingly received that image, under the literal language of Sections 2252A and 2252, has committed a criminal offense, and additionally, is subject to civil action under 2252A.

Most state and federal criminal statutes that address vice target the businesses that provide the objectionable products or services, but not the consumers or users. Gambling statutes target gambling businesses, not gamblers. Prostitution statutes target organized criminal operations and prostitutes, not johns. Drug statutes targets organized crime and drug dealers, not addicts. Prosecutors also target the financial services businesses that hide, launder and transfer the funds of the vice providing businesses, but not the financial resources of consumers.

The one major exception to this basic approach to vice is CP. While previous efforts to deal with it focused on the businesses that produced and distributed it, the internet, and in particular, peer to peer file sharing systems, have made law enforcement efforts more difficult. In reaction, statutes have been revised, and enforcement strategies changed, to target the consumers of CP.

However, the statutes now swing so broadly that they arguably can hit school district employees who monitor students remotely by webcam and catch them in sexual acts.

While most prosecutors likely would exercise their discretion to decline to prosecute, some parents and plaintiff's trial lawyers would not be so forgiving.

3/19. The Government Accountability Office (GAO) released a report [30 pages in PDF] titled "Information Security: IRS Needs to Continue to Address Significant Weaknesses". It is another in a series of GAO and other reports on data security weaknesses at the Internal Revenue Service (IRS).

This report states that "Although IRS has continued to make progress toward correcting previously reported information security weaknesses at its three computing centers, another facility, and enterprisewide, many deficiencies remain. These deficiencies, and new weaknesses identified during this year’s audit, relate to access controls, configuration management, and segregation of duties. A key reason for these weaknesses is that IRS has not yet fully implemented its agencywide information security program to ensure that controls are appropriately designed and operating effectively.

The report concludes that "These weaknesses -- both old and new -- continue to jeopardize the confidentiality, integrity, and availability of IRS’s systems and were the basis of our determination that IRS had a material weakness in internal controls over financial reporting related to information security in fiscal year 2009." (Footnote omitted.)

The report finds that the "IRS did not always (1) enforce strong password management for properly identifying and authenticating users; (2) authorize user access to permit only the access needed to perform job functions; (3) log and monitor security events on a key system; and (4) physically protect its computer resources."

See also, January 9, 2009 GAO report [30 pages in PDF], and story titled "GAO Finds IT Security Weaknesses at IRS" in TLJ Daily E-Mail Alert No. 1,883, January 14, 2009.

See also, January 2008 GAO report [31 pages in PDF] titled "Information Security: IRS Needs to Address Pervasive Weaknesses".

For further historical information, see April 15, 2005, GAO report [30 pages in PDF], and story titled "IRS Information Security Weaknesses Put Taxpayer Data at Risk" in TLJ Daily E-Mail Alert No. 1,117, April 18, 2005. See also, story titled "Sen. Grassley Condemns IRS for 2,300 Missing Computers" in TLJ Daily E-Mail Alert No. 342, January 9, 2002; story titled "IRS Loses More Computers, Jeopardizes Taxpayer Info" in TLJ Daily E-Mail Alert No. 493, August 16, 2002; story titled "GAO Report Finds That Computer Weaknesses At IRS Put Taxpayer Data At Risk" in TLJ Daily E-Mail Alert No. 673, June 4, 2003; and story titled "IRS Data Vulnerable" in TLJ Daily E-Mail Alert No. 145, March 16, 2001.

Tech Law Journal publishes a free access web site and a subscription e-mail alert. The basic rate for a subscription to the TLJ Daily E-Mail Alert is $250 per year for a single recipient. There are discounts for subscribers with multiple recipients.

Free one month trial subscriptions are available. Also, free subscriptions are available for journalists, federal elected officials, and employees of the Congress, courts, and executive branch. The TLJ web site is free access. However, copies of the TLJ Daily E-Mail Alert are not published in the web site until two months after writing.

For information about subscriptions, see subscription information page.

Tech Law Journal now accepts credit card payments. See, TLJ credit card payments page.

TLJ is published by David Carney
Contact: 202-364-8882.
carney at techlawjournal dot com
P.O. Box 4851, Washington DC, 20008.

Privacy Policy
Notices & Disclaimers
Copyright 1998-2010 David Carney. All rights reserved.