IRS Information Security Weaknesses Put Taxpayer Data at Risk

4/15. The Government Accountability Office (GAO) released a report [30 pages in PDF] titled "Information Security: Internal Revenue Service Needs to Remedy Serious Weaknesses over Taxpayer and Bank Secrecy Act Data".

This report finds that the Internal Revenue Service (IRS) "has not effectively implemented controls over key financial and tax processing systems", and that these "weaknesses impair IRS’s ability to ensure the confidentiality, integrity, and availability of its sensitive financial and taxpayer data and FinCEN’s Bank Secrecy Act data".

The report finds that the "IRS has not implemented effective electronic access controls to prevent, limit, or detect unauthorized access to computing resources from the internal IRS computer network."

The report also finds that the IRS has not "effectively implemented certain other information security controls relating to physical security, segregation of duties, and service continuity".

The report concludes that "These information security control weaknesses exist primarily because IRS has not fully implemented an agency-wide information security program to effectively protect the information and information systems that support the operations and assets of the agency."

The IRS has a long history of information security weakness. See for example, story titled "Sen. Grassley Condemns IRS for 2,300 Missing Computers" in TLJ Daily E-Mail Alert No. 342, January 9, 2002; story titled "IRS Loses More Computers, Jeopardizes Taxpayer Info" in TLJ Daily E-Mail Alert No. 493, August 16, 2002; story titled "GAO Report Finds That Computer Weaknesses At IRS Put Taxpayer Data At Risk" in TLJ Daily E-Mail Alert No. 673, June 4, 2003; and story titled "IRS Data Vulnerable" in TLJ Daily E-Mail Alert No. 145, March 16, 2001.

The just released GAO report states that the "IRS has made progress".

Sen. Stabenow Introduces Bill to Create Position of Special Trade Prosecutor

4/15. Sen. Debbie Stabenow (D-MI), Sen. Lindsey Graham (R-SC), and Sen. Evan Bayh (D-IN) introduced S 817, an untitled bill to create the position of Special Trade Prosecutor in the Office of the U.S. Trade Representative (USTR), with the rank of Ambassador. The position would require Senate confirmation.

Sen. Stabenow (at right) stated in the Senate that "Under the current structure of the office of the U.S. Trade Representative, we are asking our Trade Representative to do too much. Quite simply, the office is not able to deliver. The current structure demands that they negotiate trade agreements with foreign nations and simultaneously enforce other agreements with those same countries--all without damaging the U.S.'s ability to negotiate the next trade deal. It's not working. And, while significant portions of our trade imbalances are not caused by lax enforcement, much of it is." See, Congressional Record, April 15, 2005, at Pages S3748-9.

She continued that the USTR has filed no complaints with the World Trade Organization (WTO) regarding widespread counterfeiting of automotive parts in the People's Republic of China.

She said that "the U.S. government has failed to file any complaints at the WTO, despite the Chinese government's repeated and widespread violations of WTO rules". She added, "Counterfeit automotive products are a big problem in my home State of Michigan".

Specifically, S 817 would amend Section 141 of the Trade Act of 1974, which is codified at 19 U.S.C. § 2171.

It would provide that there shall be in the Office of the USTR "3 Deputy United States Trade Representatives, 1 Chief Agricultural Negotiator, and 1 Special Trade Prosecutor. The 3 Deputy United States Trade Representatives, the Chief Agricultural Negotiator, and the Special Trade Prosecutor shall be appointed by the President, by and with the advice and consent of the Senate. As an exercise of the rulemaking power of the Senate, any nomination of a Deputy United States Trade Representative, the Chief Agricultural Negotiator, or the Special Trade Prosecutor submitted to the Senate for its advice and consent, and referred to a committee, shall be referred to the Committee on Finance. Each Deputy United States Trade Representative, the Chief Agricultural Negotiator, and the Special Trade Prosecutor shall hold office at the pleasure of the President and shall have the rank of Ambassador".

It would also provide that "The principal function of the Special Trade Prosecutor shall be to ensure compliance with trade agreements relating to United States manufactured goods and services. The Special Trade Prosecutor shall have the authority to investigate and recommend prosecuting cases before the World Trade Organization and under trade agreements to which the United States is a party. The Special Trade Prosecutor shall recommend administering United States trade laws relating to foreign government barriers to United States goods and services."

See also, Sen. Stabenow's release.

Martin Named Defense Commissioner

4/15. The Federal Communications Commission (FCC) released an order [PDF] that names Kevin Martin the "Defense Commissioner".

This order states that the responsibilities include "(1) representing the Commission in interagency matters pertaining to homeland security, national security and emergency preparedness, and defense matters, including matters pertaining to continuity of government during national emergencies; (2) serving as the principal point of contact for the Commission on all matters pertaining to the Department of Homeland Security; (3) developing emergency programs covering service provision by wireless and wireline telecommunications carriers, broadcast, cable, and satellite facilities, as well as radio frequency assignment, investigation, and enforcement; and (4) assuming the duties of the Commission under certain emergencies."

The emergency powers of the Defense Commissioner are set forth in 47 C.F.R. § 0.181. This rule provides, in part, that the Defense Commissioner has the authority, "In the event of enemy attack, or the imminent threat thereof, or other disaster resulting in the inability of the Commission to function at its offices in Washington, D.C., to assume all of the duties and responsibilities of the Commission and the Chairman ..."

This order is FCC 05-85. It was adopted on April 13, and released on April 15, 2005.

People and Appointments

4/15. Michael Benson was named EVP and CIO of Directv. He previously worked for Businessedge Solutions, Inc. See, Directv release.

4/15. Michael Battle was named Director of the Executive Office for United States Attorneys (EOUSA) at the Department of Justice (DOJ), effective June 6, 2005. He has been the U.S. Attorney for the Western District of New York since January of 2002. He will replace Mary Beth Buchanan.

Senate Commerce Committee Again Approves Sen. Allen's MSI Tech Grant Bill

4/14. The Senate Commerce Committee approved S 432, the "Minority Serving Institution Digital & Wireless Technology Opportunity Act of 2005", by unanimous consent, without amendment.

This bill is similar to a bill that the Senate approved in 2003, S 196 (108th Congress). The companion bill in the House was HR 2183 (108th).

Sen. George Allen (R-VA), and others, introduced this bill on February 17, 2005. It  would create a new office at the National Science Foundation (NSF) named the Office of Minority Serving Institution Digital and Wireless Technology. The bill would also authorize the appropriation of $250,000,000 for each of the fiscal years 2006 through 2010 for grants to be administered by this new office.

The institutions eligible for grants would include "a historically Black college or university", "a Hispanic-serving institution", and "a tribally controlled college or university".

Grants could be used "to acquire the equipment, instrumentation, networking capability, hardware and software, digital network technology, wireless technology, and infrastructure". Grants could also be used "to develop and provide educational services, including faculty development, to prepare students or faculty ...". Grants could also be used to provide teacher training, and to "implement joint projects and consortia to provide education regarding technology".

See also, stories titled "Sen. Allen Introduces Bill to Create Technology Grant Program for MSIs" in TLJ Daily E-Mail Alert No. 586, January 20, 2003; "Senate Committee Approves Technology Grant Program for Minority Serving Institutions" in TLJ Daily E-Mail Alert No. 623, March 14, 2003; "Senate Passes Technology Grant Bill" in TLJ Daily E-Mail Alert No. 655, May 5, 2003; "Rep. Forbes Introduces Bill to Provide Grants for Digital and Wireless Technology for MSIs" in TLJ Daily E-Mail Alert No. 669, May 29, 2003; and House Science Committee Holds Hearing on MSI Tech Grant Bill" in TLJ Daily E-Mail Alert No. 695, July 10, 2003.

Senate Commerce Committee Again Approves Junk Fax Bill

4/14. The Senate Commerce Committee (SCC) amended and approved S 714, the "Junk Fax Prevention Act of 2005".

Sen. Gordon Smith (R-OR), and seven other members of the SCC, introduced this bill on April 6, 2005.

The SCC's Subcommittee on Trade, Tourism, and Economic Development held a hearing on this bill on April 13.

Sen. Smith (at right) stated that "S. 714 would create a statutory exception to the current communications law prohibiting the faxing of unsolicited advertisements to individuals without their “prior express invitation or permission.” This bill would not legalize the sending of junk faxes or blast faxes which have been prohibited for 13 years and will continue to be prohibited under this bill. This bill is about continuing legitimate fax communications between businesses and customers." See, opening statement.

He elaborated that "In July of 2003, the FCC reconsidered its Telephone Consumer Protection Act (TCPA) rules and elected to eliminate the ability for businesses to contact their customers even where there exists an established business relationship. The effect of the FCC’s rule would be to prevent a business from sending a fax solicitation to any person, whether it is a supplier or customer, without first obtaining prior written consent. This approach, while seemingly sensible, would impose significant costs on businesses in the form of extensive record keeping. Recognizing the problems created by this rule, the Commission has twice delayed the effective date, with the current extension of stay expiring on June 30, 2005."

See also, prepared testimony [18 pages in PDF] of Dave Feeken (a real estate broker from Kenai, Alaska), prepared testimony [13 pages in PDF] of Jon Bladine (News-Register Publishing Company, McMinnville, Oregon), and prepared testimony [15 pages in PDF] of Steve Kirsch (Propel Software Corporation).

This bill establishes an exception to the prohibition against the sending of unsolicited faxes without express consent for parties with an "established business relationship". Specifically, this bill would amend 47 U.S.C. § 227(b)(1) to provide that "It shall be unlawful for any person within the United States ... (C) to use any telephone facsimile machine, computer, or other device to send, to a telephone facsimile machine, an unsolicited advertisement, unless -- (i) the unsolicited advertisement is from a sender with an established business relationship with the recipient; and (ii) the unsolicited advertisement contains a notice meeting the requirements under paragraph (2)(D), except that the exception under clauses (i) and (ii) shall not apply with respect to an unsolicited advertisement sent to a telephone facsimile machine by a sender to whom a request has been made not to send future unsolicited advertisements to such telephone facsimile machine that complies with the requirements under paragraph (2)(E)".

The bill also provides for annual reports from the Federal Communications Commission (FCC), and a report by the Government Accountability Office (GAO).

The SCC unanimously approved two amendments offered by Sen. Barbara Boxer (D-CA). One amendment requires that consumers be permitted to opt out of receiving further faxes by contacting the sender at any time during the day; the bill as introduced provides that the opt out be during regular business hours. The second amendment provides that the FCC may commence a rule making proceeding to limit the duration of an established business relationship three months after enactment of the bill; the bill as introduced specifies 18 months after enactment.

The Senate approved a related bill at the end of the 108th Congress. See, S 2603 (108th) and HR 4600 (108th).

4/14. The Motion Picture Association of America (MPAA) and ESS Technology announced that they have settled the litigation initiated by MPAA members in April of 2004. See, joint release [PDF].

ESS Technology makes digital video processor and imaging sensor semiconductors for home entertainment, and camera enabled cellular phone markets, including chips for DVD recorders, DVD players, VCD players, and digital media players.

DVD is sometimes known as Digital Versatile Disc. CSS is a Content Scrambling System for DVD to protect intellectual property rights by means of encryption. The DVD Copy Control Association (DVD CCA) is a not-for-profit corporation that licenses CSS to manufacturers of DVD hardware, discs and related products.

The MPAA filed a complaint in Superior Court for Los Angeles County, California, on April 5, 2004, alleging that ESS Technology had failed to ensure that all of its customers were duly licensed by the DVD CCA. The MPAA sought injunctive relief and damages. This is case number BC 313276.

The MPAA and ESS Technology stated in their joint release that "ESS will sell chips only to DVD CCA licensees under the terms of a permanent injunction".

See also, ESS Technology's disclosures regarding this litigation in the "Legal Proceedings" section of its August 9, 2004 Form 10-Q, filed with the Securities and Exchange Commission (SEC).

OpenNet Initiative Releases Report on Internet Filtering in PR China

4/14. The OpenNet Initiative (ONI) released a report [58 pages in PDF] titled "Internet Filtering in China in 2004-2005: A Country Study". It found that internet filtering in the People's Republic of China is "pervasive, sophisticated, and effective. It comprises multiple levels of legal regulation and technical control. It involves numerous state agencies and thousands of public and private personnel. It censors content transmitted through multiple methods, including Web pages, Web logs, on-line discussion forums, university bulletin board systems, and e-mail messages."

The ONI report addresses what content is filtered. It finds that while there is filtering of many Chinese political topics, such as Taiwanese and Tibetan independence, and the Tiananmen Square massacre, "most major American media sites, such as CNN, MSNBC, and ABC, are generally available in China (though the BBC remains blocked). Moreover, most sites we tested in our global list’s human rights and anonymizer categories are accessible as well."

The report also addresses the technology of filtering. It finds that "Filtering takes place primarily at the backbone level of China’s network, though individual Internet service providers also implement their own blocking. Our research confirmed claims that major Chinese search engines filter content by keyword and remove certain search results from their lists. Similarly, major Chinese Web log (“blog”) service providers either prevent posts with certain keywords or edit the posts to remove them. We found also that some keyword searches were blocked by China’s gateway filtering and not the search engines themselves."

This report was prepared by Jonathan Zittrain, John Palfrey and others. The ONI is a partnership of the Citizen Lab at the Munk Centre for International Studies at the University of Toronto, the Berkman Center for Internet & Society at Harvard Law School, and the Advanced Network Research Group at the University of Cambridge.

See also, stories titled "AEI Panel Advocates Freeing the Chinese Internet" and "Technology of Internet Censorship" in TLJ Daily E-Mail Alert No. 416, April 23, 2002.

People and Appointments

4/14. President Bush nominated Rep. Robert Portman (R-OH) to be the U.S. Trade Representative (USTR). Bush had previously announced that he would make this nomination. See, White House release. The Senate Finance Committee announced that it will hold a hearing on the nomination on Thursday, April 21, at 10:00 AM.

4/14. The Senate Judiciary Committee reported the following nominations, with the recommendation that they be confirmed: Thomas Griffith (to be a Judge of the U.S. Court of Appeals for the District of Columbia), James Dever (U.S. District Court for the Eastern District of North Carolina), and Robert Conrad (U.S. District Court for the Western District of North Carolina). See, Congressional Record, April 14, 2005, at Page S3652.

More News

4/14. The Center for Democracy and Technology (CDT) announced in a release that Attorney General Alberto Gonzales met with Jerry Berman (President of the CDT), Anthony Romero (Executive Director of the ACLU), and David Cole (Georgetown University Law School) to discuss USA PATRIOT Act reauthorization and related issues. Berman stated that "The fact that Attorney General Gonzalez actively called this meeting and that he indicated a willingness to start a dialog about the PATRIOT Act is significant ... Whether this will lead to privacy enhancements is an open question, but it certainly shows an improvement over the closed door policy over the past four years."

4/14. The House Judiciary Committee's Subcommittee on Crime, Terrorism, and Homeland Security postponed its hearing titled "Oversight Hearing of the Department of Justice to Examine the Use of Section 218 of the USA PATRIOT Act". This is the section that changed the standard for issuance of a FISA order. This hearing had been scheduled for April 14. The Subcommittee has not yet rescheduled this hearing. However, the Subcommittee has scheduled, for Thursday, April 21, a hearing titled "Oversight Hearing on the Implementation of the USA PATRIOT Act: Sections of the Act that Address -- Crime, Terrorism, and the Age of Technology".

4/14. The House Appropriation's Committee's Subcommittee on Science, State, Justice, and Commerce, and Related Agencies postponed its hearing on the Federal Communications Commission. This hearing had been scheduled for April 14. It has been rescheduled for April 26.

4/14. The House Commerce Committee's Subcommittee on Telecommunications and the Internet held a hearing titled "The ORBIT Act: An Examination of Progress Made in Privatizing the Satellite Communications Marketplace".  See, prepared testimony [9 pages in PDF] of Donald Abelson (Chief of the Federal Communications Commission's International Bureau), prepared testimony [7 pages in PDF] of Phillip Spector (Intelsat Global Service Corporation), prepared testimony [14 pages in PDF] of JayEtta Hecker (Government Accountability Office), prepared testimony [16 pages in PDF] of Daniel Goldberg (New Skies Satellites B.V.), and prepared testimony [6 pages in PDF] of Alan Auckenthaler (Inmarsat Ventures Limited).

4/14. The House Armed Services Committee and the House International Relations Committee held a joint hearing titled "EU Arms Embargo Against China". One of the witnesses was Peter Lichtenbaum, the acting Under Secretary for Industry and Security at the Department of Commerce. He discussed the U.S. export control regime on dual use technologies, including electronics. See, prepared testimony of Lichtenbaum.

4/14. The European Commission announced in a release that it "launched legal proceedings against ten EU Member States to remedy infringements of EU rules on electronic communications. It points to defects in national laws, and incorrect practical application of EU rules, in Germany, Italy, Latvia, Malta, the Netherlands, Austria, Poland, Portugal, Slovakia and Finland. The opening of these proceedings follows concerns identified in the Commission’s Implementation Reports on the electronic communications sector, the most recent of which was published at the end of 2004."

4th Circuit Rules DBS Providers Can Sue Pirates for Damages

4/13. The U.S. Court of Appeals (4thCir) issued its opinion [9 pages in PDF] in Directv v. Nicholas, a case regarding civil actions by satellite television providers against individuals who use pirate access devices to avoid paying for service. The Court of Appeals held that a satellite company may maintain an action for damages under 18 U.S.C. § 2520 against someone who has violated 18 U.S.C. § 2511.

Directv provides satellite television programming. It encrypts its transmissions to prevent unauthorized viewing of pay per view and premium programs. Its customers purchase access devices from it to decrypt the satellite transmissions.

Directv asserts that Dennis Nicholas used a pirate access devices to decrypt Directv signals, without paying Directv.

Directv filed a civil complaint in U.S. District Court (EDNC) against Nicholas alleging, among other things, that it is entitled to damages under 18 U.S.C. § 2511 and 18 U.S.C. § 2520. (The other counts are not at issue in the present appeal.)

18 U.S.C. § 2511(1) criminalizes pirate access. It provides, in part, that "any person who -- (a) intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication ... shall be punished ..."

18 U.S.C. § 2520, among other things, creates a private right of action for violation of § 2511. It provides, in part, that "Except as provided in section 2511(2)(a)(ii), any person whose wire, oral, or electronic communication is intercepted, disclosed, or intentionally used in violation of this chapter may in a civil action recover from the person or entity, other than the United States, which engaged in that violation such relief as may be appropriate."

The Court of Appeals wrote that there is no dispute that "the government could criminally proceed against Nicholas for his alleged conduct". Moreover, it is undisputed that "satellite television transmissions constitute electronic communications under § 2510(12)", and that "the act of using a device to decrypt encrypted satellite television transmissions unquestionably falls under the definition of ``interception´´ as defined in § 2510(4). Thus, the Court of Appeals wrote that "under the plain language of the statutes, using a pirate access device to intercept the encrypted satellite transmissions of a satellite television provider constitutes a violation of § 2511(1)(a)".

The issue in this case is whether satellite company can recover damages under 18 U.S.C. § 2520 against the person who access its signal in violation of 18 U.S.C. § 2511(1)(a).

The Court of Appeals concluded that "the plain language of the statutes decidedly favors DIRECTV and provides it a cause of action. As evinced by the plain language of the section, § 2520(c) provides two methods of computing damages. One method is applicable to interceptions of transmissions that are not encrypted. The other method is applicable to all other actions, including those that intercept encrypted satellite transmissions. Because DIRECTV alleges that Nicholas intercepted its encrypted satellite transmissions, DIRECTV may maintain its private cause of action against Nicholas."

It should also be recalled that on June 16, 2004, the U.S. Court of Appeals (11thCir) issued its opinion [12 pages in PDF] in Directv v. Treworgy, holding that 18 U.S.C. § 2520 does not provide a private right of action against persons who possess devices used to intercept satellite transmissions in violation of 18 U.S.C. § 2512(1)(b). Section 2512 criminalizes manufacturing, assembling, possessing, and selling pirate access devices, while Section 2511 criminalizes using those devices to actually intercept signals.

See, story titled "11th Circuit Limits Private Suits by DBS Providers Against Pirates" in TLJ Daily E-Mail Alert No. 922, June, 21, 2004.

This case is Directv Incorporated v. Dennis Nicholas, U.S. Court of Appeals for the 4th Circuit, No. 04-1845, an appeal from the U.S. District Court for the Eastern District of North Carolina, at Raleigh, D.C. No. CA-03-697-5-BO, Judge Terrence Boyle presiding.

In the present case the Court of Appeals reversed the District Court. President Bush has nominated the reversed Judge, Terrence Boyle, for a seat on the U.S. Court of Appeals for the 4th Circuit. He is one of many judicial nominees being blocked by Senate Democrats.

Senate Commerce Committee Announces Subcommittee Memberships

4/13. The Senate Commerce Committee released its list [3 pages in PDF] of assignments to subcommittees.

There is no longer a Subcommittee on Communications. Sen. Ted Stevens (R-AK), the Chairman of the Committee, stated in January that communications, including internet communications, issues will be addressed by the full Committee.

There is a new Subcommittee on Technology, Innovation, and Competitiveness. It will be chaired by Sen. John Ensign (R-NV). The other Republican members will be Sen. Stevens, Sen. Conrad Burns (R-MT), Sen. Trent Lott (R-MS), Sen. Kay Hutchison (R-TX), Sen. George Allen (R-VA), Sen. John Sununu (R-NH), and Sen. Jim DeMint (R-SC).

Sen. John Kerry (D-MA) will be the ranking Democrat on the Technology Subcommittee. The other Democratic members will be Sen. Daniel Inouye (D-HI), Sen. Jay Rockefeller (D-WV), Sen. Byron Dorgan (D-ND), Sen. Ben Nelson (D-FL), and Sen. Mark Pryor (D-AR).

Sen. Allen will chair the Subcommittee on Consumer Affairs, Product Safety, and Insurance. This Subcommittee may end up with jurisdiction over technology related consumer protection bills, such as those pertaining to spyware. Sen. Pryor will be the ranking Democrat on this Subcommittee.

FCC Releases Order Regarding Waiver of Newspaper Broadcast Cross Ownership Rule

4/13. The Federal Communications Commission (FCC) adopted and released an order [11 pages in PDF] in its proceeding titled "In the matter of Counterpoint Communications, Inc. (Transferor) and Tribune Television Company (Transferee): Request for Extension of Waiver of Section 73.3555(d) of the Commission’s Rules for Station WTXX(TV), Waterbury, CT".

This order extends the waiver of the newspaper broadcast cross-ownership rule as applied to the Hartford Courant newspaper and broadcast station WTXX. The FCC denied a permanent waiver. The order applies, and elaborates on, the public interest standard for granting waivers of the newspaper broadcast cross-ownership rule.

The order also states that "We also do not intend to continue the practice of allowing waivers to remain in force through inaction for long periods of time. Rather, we expect to address compliance with the terms of waivers as their expiration dates approach."

Commissioners Jonathan Adelstein and Michael Copps wrote in a concurring statement [PDF] that "Given Tribune’s documented efforts, as well as the significant possibility that either the station might go dark or service to the community would be reduced without additional time for Tribune to divest, we will reluctantly concur."

This order is FCC 05-83.

Senate Judiciary Committee Holds Hearing on Data Security

4/13. The Senate Judiciary Committee held a hearing titled "Securing Electronic Personal Data: Striking a Balance Between Privacy and Commercial and Governmental Use".

Other Congressional Committees have already held related hearings. See, stories titled "House Subcommittee Holds Hearing on Data Aggregators" in TLJ Daily E-Mail Alert No. 1,096, March 16, 2005; "Senate Banking Committee Holds Hearing on Data Security" in TLJ Daily E-Mail Alert No. 1,093, March 11, 2005.

Sen. Patrick Leahy (D-VT), the ranking Democrat on the Committee, wrote in his prepared statement that "Increasingly, those who trade in digital dossiers have no direct relationship with the individuals and faces behind the numbers or letters that identify them, so the normal market discipline of disgruntled consumers does not necessarily save the companies from themselves. Even where there is a direct relationship, individuals often have no idea what companies are doing with their personal data or even what kinds of information is being collected about them. What are these companies doing with this information, who do they sell it to, and why?"

Sen. Leahy (at right) stated that "Insecure databases are now low-hanging fruit for hackers looking to steal identities or otherwise misuse data for financial gain. This is especially true as more and more of Americans’ personal information is being processed abroad."

He also discussed possible legislation. "We need to consider rules that will guarantee Americans the right to see what information has been collected about them and to make corrections where necessary. We need to consider rules that will ensure Americans are notified when there has been a security breach involving their digitized personal information. We also need to create baseline expectations for data security programs and practices, and penalize government contractors that don’t comply. We also need to look at how to protect increasingly public, yet vulnerable, sensitive data such as Social Security numbers, which are the keys to unlocking so much of our financial and personal lives."

Sen. Russ Feingold (D-WI) wrote in his prepared statement that "The lack of information about government use of commercial data is even more worrisome in the context of data mining programs. A government law enforcement or intelligence agency searching for patterns of criminal or terrorist activity in vast quantities of public and private information raises serious privacy and civil liberties issues -- not to mention questions about the effectiveness of these types of searches. More than two years after Congress first learned about Total Information Awareness, there is still much we do not know about the federal government’s other work on data mining."

He added that he plans to "reintroduce in the next few days my Data Mining Reporting Act, which would require all federal agencies to report to Congress on data mining programs used to find a pattern indicating terrorist or other criminal activity and how these programs implicate the civil liberties and privacy of all Americans." See, S 1544 from the 108th Congress.

Sen. Feingold added that "The bill does not end funding for any program, does not determine the rules for use of the technology or threaten any ongoing investigation that uses data mining technology. But it would allow Congress to conduct a thorough review of the costs and benefits of the practice of data mining and make considered judgments about which programs should go forward and which should not."

Also, Rep. Howard Berman (D-CA) introduced HR 1502, the "Civil Liberties Restoration Act of 2005", on about April 6, 2005. The bill is not yet in the Thomas web site. It is 36 pages in PDF. Title IV of the bill, beginning at page 28, addresses several privacy related issues. Section 402, which pertains to data mining, is based on the language of S 1544 (108th Congress), and HR 2490 (108th Congress). It would require "The head of each department or agency of the Federal Government that is engaged in any activity to use or develop data-mining technology shall each submit a public report to Congress on all such activities of the department or agency under the jurisdiction of that official." These bills set out in detail the required content of these periodic reports.

HR 1502's definition of the term "data mining" is crucial. It provides that data mining is "a query or search or other analysis of 1 or more electronic databases, where -- (A) at least 1 of the databases was obtained from or remains under the control of a non-Federal entity, or the information was acquired initially by another department or agency of the Federal Government for purposes other than intelligence or law enforcement; (B) the search does not use a specific individual’s personal identifiers to acquire information concerning that individual; and (C) a department or agency of the Federal Government is conducting the query or search or other analysis to find a pattern indicating terrorist or other criminal activity."

There are also legislative proposals to regulate data aggregators. For example, on March 2, 2005, Rep. Ed Markey (D-MA), the ranking Democrat on the House Commerce Committee's Subcommittee on Commerce, Trade and Consumer Protection, introduced HR 1080, the "Information Protection and Security Act". This bill would require information brokers to comply with a set of new fair information practice rules. It would give enforcement authority to the Federal Trade Commission (FTC) and states. It would also allow a private cause of action. See also, S 500, the "Information Protection and Security Act", introduced by Sen. Bill Nelson (D-FL) on March 3, 2005.

Federal Trade Commission (FTC) Chairman Deborah Majoras testified at the hearing. She wrote in her prepared testimony that "Data brokers provide information services to a wide variety of business and government entities. The information they provide may help credit card companies detect fraudulent transactions or assist law enforcement agencies in locating potential witnesses." She also reviewed the existing statutes that regulate disclosures of consumer information, including the Fair Credit Reporting Act (FCRA), Title V of the Gramm Leach Bliley Act (GLBA), and Section 5 of the Federal Trade Commission Act (FTC Act).

See also, prepared testimony of Chris Swecker (FBI), prepared testimony of Larry Johnson (Secret Service), and prepared testimony of William Sorrell (National Association of Attorneys General).

The Committee also heard from representatives of ChoicePoint, LexisNexis, and Acxiom, which have sold, disclosed and/or lost large quantities of personally identifying information to criminals.

Douglas Curling, P/COO of ChoicePoint, wrote in his prepared testimony about the data aggregation activities of his company.

In February, ChoicePoint wrote in its web site that "a small number of very organized criminals posing as legitimate companies gained access to personal information about consumers", and that this was "a fraud committed against us". ChoicePoint also estimated that it released information to identity thieves on 144,778 individuals. See, story titled "ChoicePoint Describes Its Sale of Data to Identity Thieves" in TLJ Daily E-Mail Alert No. 1,081, February 23, 2005.

He also discussed legislative proposals. He advocated "increased resources for law enforcement efforts to combat identity theft and stronger penalties for the theft of personally identifiable data". He also advocated a "preemptive national notification law", which would preempt California's notification law. He also wrote that "we support providing consumers with the right to access and question the accuracy of public record information used to make decisions about them".

Curt Sanford, P/CEO of LexisNexis, wrote in his prepared testimony [14 pages in PDF] about recent disclosures of data by Seisint. Reed Elsevier acquired Seisint last year, and made it a part of its LexisNexis unit. See also, story titled "Reed Elsevier Reveals Fraudulent Access to Databases of Personal Information" in TLJ Daily E-Mail Alert No. 1,093, March 11, 2005.

Sanford wrote that "unauthorized persons, primarily using IDs and passwords of legitimate customers, may have accessed personally-identifying information, such as social security numbers (SSNs) and driver's license numbers (DLNs). In the majority of instances, IDs and passwords were stolen from Seisent customers that had legally permissible access to SSNs and DLNs for legitimate purposes, such as verifying identities and preventing and detecting fraud." He added that "At no time was the LexisNexis or Seisint technology infrastructure hacked into or penetrated ..."

He also wrote that "We recognize that additional legislation may be necessary ... including requiring notification in the event of a security breach where there is a substantial risk of harm to consumers ... [and] that any such legislation contain federal preemption ..." He also advocated "legislation that imposes more stringent penalties for identity theft and other cybercrimes".

Jennifer Barrett of Acxiom wrote in her prepared testimony that Acxiom supports "federal preemptive legislation requiring notice to consumers in the event of a security breach, where such breach places consumers at risk of identity theft or fraud".

The Committee also heard from James Dempsey, the Executive Director of the Center for Democracy & Technology (CDT). He wrote in his prepared testimony that the recent security breaches "have highlighted the need for a more substantial legal framework at the national level for entities collecting, using and selling personal data".

He offered several legislative recommendations. First, "entities, including government entities, holding personal data should be required to notify individuals in the event of a security breach". Second, "Since notice only kicks in after a breach has occurred, Congress should require entities that electronically store personal information to implement security safeguards, similar to those required by California AB 1950 and the regulations under Gramm-Leach-Bliley." Third, "Congress should impose tighter controls on the sale, disclosure and use of Social Security numbers and should seek to break the habit of using the SSN as an authenticator." Fourth, "Congress should address the federal government’s growing use of commercial databases, especially in the law enforcement and national security contexts." Fifth, "Congress should examinee the ``Fair Information Practices´´ that have helped define privacy in the credit and financial sectors and adapt them as appropriate to the data flows of this new technological and economic landscape.

Also, on April 13, the U.S. Court of Appeals (4thCir) issued its opinion [17 [pages in PDF] in U.S. v. Bush, an appeal from a criminal conviction and sentencing of an identity thief. The Appeals Court affirmed the District Court. It announced no new significant interpretation of law. However, the Court's recitation of the underlying facts of the case provides one example of just what it is that an identity thief does with other people's personal information.

More News

4/13. The Senate Finance Committee held a hearing on the U.S. Dominican Republic Central America Free Trade Agreement (CAFTA). The acting U.S. Trade Representative (USTR), Peter Allgeier, wrote in his prepared testimony [11 pages in PDF] that "This is also a trade agreement for the digital age, providing state-of-the-art protections and nondiscriminatory treatment for digital products such as U.S. software, music, text, and videos. Protections for U.S. patents, trademarks and trade secrets are strengthened, and several are Chile plus provisions, such as strong patent protection by 2007 for certain modified plant varieties."

4/13. The Federal Communications Commission (FCC) published in its web site its brief [21 pages in PDF] in Kidd Communications v. FCC. This case is Kidd Communications v. FCC, U.S. Court of Appeals for the District of Columbia, No. 04-1274, an appeal from a final order of the FCC. The Court of Appeals' schedule of oral arguments does not yet list this case.

4/13. The U.S. Court of Appeals (4thCir) issued its opinion in Bonner v. Dawson, a copyright case involving the recoverability of infringer's profits under 17 U.S.C. § 504(b) for the infringement of a copyright in an architectural design for a building. The Court of Appeals affirmed the District Court's denial the plaintiff's motion for judgment as a matter of law on this issue. This case is Kenneth Bonner v. Bruce Dawson and Terry Bishop, U.S. Court of Appeals for the 4th Circuit, No. 04-1440, an appeal from the U.S. District Court for the Western District of Virginia, at Harrisonburg, Judge Glen Conrad presiding, D.C. No. CA-02-65-GEC.

FTC Files CAN SPAM Act Complaint

4/12. The Federal Trade Commission (FTC) and the state of California filed a civil complaint [24 pages in PDF] in U.S. District Court (NDCal) against Optin Global, Inc., Vision Media Limited Corp., Rick Yang, and Peonie Pui Ting Chen alleging violation of the FTC Act, the CAN SPAM Act, and various California state statutes in connection with their sending commercial email messages.

The complaint alleges that the defendants sent messages that "contain false header information, fail to notify recipients of their opt-out rights, fail to include functioning opt-out mechanisms, contain deceptive subject headings, fail to identify that they are advertisements, and/or fail to include the sender's valid postal address". The complaint adds that consumers have forwarded "over 1,870,000" such messages to the FTC.

The complaint identifies that one of the purposes of this e-mail was to seek mortgage lending leads to sell to third parties. No mortgage lenders or financial institutions are defendants in this action.

The CAN SPAM Act's full title is "Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003". It was enacted by the Congress as S 877 in the 108th Congress. It is now Public Law No. 108-187.

The FTC and California seek preliminary and permanent injunctive relief, civil penalties and damages. See also, FTC release.

5th Circuit Rules in Employment Discrimination Case Against Outsourcing Software Company

4/12. The U.S. Court of Appeals (5thCir) issued its opinion [25 pages in PDF] in Keelan v. Majesco, an employment discrimination case brought by U.S. workers against a software company alleging discrimination on the basis of national origin. The Court of Appeals affirmed the District Court's summary judgment for the employer.

Majesco Software is a company that is based in Irving, Texas, which is part of the Dallas metropolitan area. It is a subsidiary of Mastek, an Indian software company based in Bombay, India.

Mastek is in the business of providing outsourced software and information technology solutions and technicians for business customers. Majesco sells Mastek's software and services in the U.S.

Ivor Keelan and David Sullivan are former employees of Majesco Software. They assert that they were discriminated against while employed, and terminated, because they were Americans, rather than Indians. Keelan was terminated by Majesco in November of 2001. Sullivan left to take employment with another company, but asserts constructive discharge.

Keeland and Sullivan introduced evidence that Majesco personnel made statements to the effect that U.S. employees of Majesco were being forced out. However, the evidence in this case also reflected that Keelan and Sullivan were sales representatives who did not sell much, and that Majesco treated its Indian born employees the same.

Keelan and Sullivan filed a complaint in U.S. District Court (NDTex) against Majesco alleging discrimination in the terms and conditions of their employment and in Keelan's termination and Sullivan's constructive discharge. The District Court granted summary judgment to Majesco.

This appeal followed. The Court of Appeals affirmed the District Court.

This case is Ivor Keelan and David Sullivan v. Majesco Software, Inc., U.S. Court of Appeals for the 5th Circuit, No. 04-10317, an appeal from the U.S. District Court for the Northern District of Texas.

7th Circuit Rules Against Deadbeat DA in ECPA Compensation Case

4/12. The U.S. Court of Appeals (7thCir) issued is second opinion [11 pages in PDF] in Ameritech v. McCann, a case regarding a state District Attorney (DA) who requests and receives information from Ameritech, but refuses to pay, as required by § 2706 of the ECPA. The Court of Appeals held that the DA must pay, instructed the District Court to write a declaratory judgment to that effect, and specified the language to be included.

This is the second time that the Court of Appeals has issued an opinion in this case. On July 22, 2002, this Court of Appeals issued its first opinion [11 pages in PDF], holding that the 11th Amendment does not bar an electronics communications provider from suing a state law enforcement agency in federal court for prospective injunctive relief for an ongoing violation of the Electronic Communications Privacy Act (ECPA). See, story titled "7th Circuit Construes ECPA and 11th Amendment" in TLJ Daily E-Mail Alert No. 475, July 23, 2002.

The present opinion restates the holding of the first opinion. However, it also goes much. It includes an expanded basis for rejecting 11th Amendment immunity. It rejects several other arguments advanced by McCann, including Constitutional authority for the underlying statute, interpretation of the ECPA, and lack of authority to preempt state law. The present opinion directs the District Court to issue a declaratory judgment, and spells out in condescending detail the contents of that declaratory judgment. The Court of Appeals wrote that this second opinion was made necessary, not only by the "intransigence" of McCann, but also because the District Court's "neglected" to enter a "proper judgment" after the Court of Appeals reversed its previous judgment. See, full story.

Business Groups Announce Formation of Coalition to Advocate Rewrite of Telecom Laws

4/12. Representatives of business groups, and Rep. Joe Barton (R-TX), held a news conference in a House Commerce Committee hearing room to announce the formation of a coalition named TeleConsensus, which advocates updating U.S. telecommunications laws.

Rep. Barton, the Chairman of the House Commerce Committee (HCC), stated that the HCC will hold a number of hearings "this Spring and this Summer" to try to develop consensus "on what needs to be done to revamp our telecommunications laws".

He said that he plans to work "on a bipartisan basis" to "put together a bill that becomes law". He said too that communications technology has changed significantly since the last major rewrite of telecommunications laws in 1996. However, he offered no specifics regarding the likely contents of any bill. Nor did he advocate any specific statutory changes. See, full story.

Reed Elsevier's LexisNexis Revises Estimate of Security Breach Upwards

4/12. Reed Elsevier's LexisNexis stated in a release that it provided personal information on another 280,000 individuals, including names and social security numbers, to unknown persons who may use the information for criminal activity. On March 9, 2005, Reed Elsevier announced that its Seisint unit, which aggregates data on individuals, may have provided personal information on 32,000 individuals to unknown persons. Reed Elsevier acquired Seisint last year, and made it a part of its LexisNexis U.S.

Reed Elsevier's LexisNexis stated on April 12 that "In addition to the 30,000 individuals already notified, LexisNexis will begin notifying approximately 280,000 additional individuals whose information may have been acquired during these recently identified incidents." It added that "LexisNexis has concluded that unauthorized persons, primarily using IDs and passwords of legitimate Seisint customers, may have acquired personal-identifying information, such as Social Security numbers (SSN) or Driver’s License numbers (DLN), of individuals in the U.S. in some 59 incidents."

Rep. Joe Barton (R-TX), Chairman of the House Commerce Committee, stated that ""Once again we're forced to ask, why should it continue to be legal to sell a person's Social Security number without permission? Both Democrats and Republicans on this committee are determined to get to the bottom of this problem, and if it takes a new law to protect people from identity thieves, so be it."

More News

4/12. The Recording Industry Association of America (RIAA) announced that on April 13 record companies will file in U.S. District Courts around the U.S. another round a complaints against individuals alleging copyright infringement. The RIAA stated in a release that this round a lawsuits targets students at universities that make use of Internet2.

Senate Commerce Committee Holds Hearing on Universal Service and Antideficiency Act

4/11. The Senate Commerce Committee held a hearing on S 241, a bill to exempt the Universal Service Fund (USF) from the Anti-deficiency Act (ADA).

Sen. Daniel Inouye (D-HI), the ranking Democrat on the SCC, wrote in statement that "Congress must act to ensure that schools, libraries, and rural health care providers continue to receive this funding in a timely and predictable manner. I believe that enacting a permanent solution must be one of our highest priorities this session."

The ADA prohibits government expenditures and obligations in excess of the amounts available in an appropriation, fund, or apportionment. That is, it prevents federal agencies from incurring obligations, and then seeking additional appropriations from the Congress. The Office of Management and Budget (OMB), Congressional Budget Office (CBO), and Government Accountability Office (GAO) consider the USF to be a permanent indefinite appropriation.

The Federal Communications Commission's (FCC) Universal Service Administrative Company (USAC) essentially appropriates funds to schools under the FCC's e-rate program, and other universal service programs. These subsidies are funded by taxes imposed upon telecommunications carriers, which in turn, bill their customers. In September 2004, the FCC concluded that the USF was operating in violation of the ADA.

In December of 2004, the Congress enacted, and the President signed, the "Universal Service Antideficiency Temporary Suspension Act", which permits the USF to incur obligations for one year without violating the ADA. The current exemption expires at the end of 2005. S 241 would make permanent the USF's current one year exemption.

See, prepared testimony [36 pages in PDF] of Patricia Dalton (GAO) titled "Telecommunications: Application of the Antideficiency Act and Other Fiscal Controls to FCC's E-Rate Program"; prepared testimony [5 pages in PDF] of Austin Schlick (acting General Counsel of the FCC's Wireless Competition Bureau); prepared testimony [9 pages in PDF] of Brian Talbott (Chairman of the USAC); prepared testimony [PDF] of Sheryl Abshire (Calcasieu Parish Public Schools), and prepared testimony [PDF] of Steve Hamlen (P/CEO of United Utilities, and Alaska constituent of Sen. Ted Stevens).

The level of enthusiasm for this legislation may be greater in the Senate Commerce Committee than in the House Commerce Committee (HCC). For example, the HCC has for years been investigating waste, fraud and abuse in the e-rate program. Also, Rep. Joe Barton (R-TX), the Chairman of the HCC, has suggested that the program be eliminated. See, story titled "Chairman Barton Suggests Ending E-Rate Program" in TLJ Daily E-Mail Alert No. 1,097, March 17, 2005.

Federal Circuit Vacates in Patent Suit Involving Java Technology for Phones

4/11. The U.S. Court of Appeals (FedCir) issued its opinion [PDF] in Nazomi Communications v. Arm Holdings, a patent case involving Java technology. The Court of Appeals vacated the judgment of the District Court.

Nazomi Communications develops and licenses Java hardware acceleration technology for phones and semiconductors. It is the holder of U.S. Patent No. 6,332,215, titled "Java virtual machine hardware for RISC and CISC processors". Java is a programming language that was developed by Sun Microsystems.

The abstract for the patent states that "A hardware Java accelerator is provided to implement portions of the Java virtual machine in hardware in order to accelerate the operation of the system on Java bytecodes. The Java hardware accelerator preferably includes Java bytecode translation into native CPU instructions. The combination of the Java hardware accelerator and a CPU provides a embedded solution which results in an inexpensive system to run Java programs for use in commercial appliances."

Nazomi filed a complaint in U.S. District Court (NDCal) against Arm Holdings, and related entities, alleging infringement of the '215 patent.

The District Court construed the terms of Nazomi's claims, and then granted summary judgment of noninfringement to Arm. This appeal followed.

The Court of Appeals held that the District Court erred in the claims construction, and therefore vacated and remanded. This revives Nazomi's lawsuit.

This case is Nazomi Communications, Inc. v. Arm Holdings, PLC, et al., U.S. Court of Appeals for the Federal Circuit, No. 04-1101, an appeal from the U.S. District Court for the Northern District of California, Judge Jeremy Fogel presiding. Judge Randall Rader wrote the opinion of the Court of Appeals, in which Judges Michel and Prost joined.

Philadelphia to Host Convention on Government Provided Broadband

4/11. There will be a three day convention in Philadelphia, Pennsylvania on May 2-4, 2005 titled "W2i Digital Cities Convention". See, convention web site and agenda. Philadelphia has proposed to provide Wi-Fi service to all of its residents. See also, the Philadelphia's web site named "Wireless Philadelphia".

In advance of this convention, the Progress and Freedom Foundation (PFF) released a paper [14 pages in PDF] titled "Wireless Philadelphia: A Leap Into the Unknown". This paper, which was written by the PFF's Thomas Leonard, analyzes state and local government entry into telecommunications markets in competition with commercial providers. In particular, this paper examines, and criticizes, Philadelphia's proposal to provide Wi-Fi service on a city wide basis.

The PFF paper argues that there is no evidence of market failure to justify government entry into the competitive marketplace. It also argues that the city would not be able to provide Wi-Fi service to all residents at prices lower than commercial providers. It also argues that Wi-Fi is a local technology that has not been proven to work on a city wide basis.

People and Appointments

4/11. The Senate confirmed Paul Crotty to be a Judge of the U.S. District Court for the Southern District of New York. Judge Crotty previously worked for Verizon.

4/11. President Bush nominated Lieutenant General Michael Hayden of the U.S. Air Force to be Principal Deputy Director of National Intelligence. See, White House release.

4/11. Edward Breen was nominated to be an independent director of Comcast Corporation. He is Ch/CEO of Tyco International. Before that, he worked for Motorola. And before that, he worked for General Instrument Corp., which was acquired by Motorola in 2000. See, Comcast release. Comcast also announced that Michael Armstrong "has informed Comcast's Board of Directors that, because of other commitments, he will not stand for re-election as a director at Comcast's annual meeting of shareholders, to be held this year on June 1, 2005 in Philadelphia." See, Comcast release.

4/11. Brian Roberts, the P/CEO of Comcast Corporation, was elected as Chairman of the Board of Directors of the National Cable & Telecommunications Association (NCTA). The NCTA also announced the election of other officers. See, NCTA release.

More News

4/11. Microsoft and Gateway announced that they "have entered into an agreement to resolve legal issues between the two companies and work together on the marketing and development of Gateway personal computing products. ... The agreement provides for periodic Microsoft payments to Gateway totaling an aggregate amount of $150 million over four years. As part of this agreement, Gateway will release all antitrust claims against Microsoft based on past conduct." See, Microsoft release.

4/11. Microsoft filed eight complaints in U.S. District Courts around the country in connection with the distribution of counterfeit, illicit and unlicensed software and software components. See, Microsoft release.

4/11. The U.S. Court of Appeals (8thCir) issued its opinion [PDF] in Taylor Corporation v. Four Seasons Greetings, a copyright dispute between greetings card manufacturers. This case involves issues of ownership of copyright, copying, and substantial similarity. Also, at issue before the Court of Appeals was the standard of review to be applied by the Court of Appeals in reviewing District Court findings of substantial similarity in copyright cases. This Circuit adopted the clearly erroneous standard. This case is Taylor Corporation v. Four Seasons Greetings LLC, U.S. Court of Appeals for the 8th Circuit, No. 04-1088, an appeal from the U.S. District Court for the District of Minnesota.

Go to News from April 6-10, 2005.