Monday, 15 March 2004

FBI proposes expansive broadband "wiretap" rules

Declan McCullaugh and Ben Charny report on C|Net that Uncle Fed issued a proposal for expedited rulemaking [pdf] which would grant him new and expansive "wiretapping" powers for broadband Internet services. In this case, Uncle Fed is backed by the Federal Bureau of Investigations (FBI), Department of Justice (DOJ) and the Drug Enforcement Agency (DEA).

Two months ago, Uncle Fed asked the Federal Communications Commission (FCC) to do this dirty work for him. FCC Chairman Michael Powell paid some lip service to security concerns at the time, but he has apparently let the request languish. (At least, I have not seen the media report any subsequent FCC actions.) Around that time, I blogged on the word wiretap and complained that it makes a poor analogy to surveillance of digital communications ("Wiretapping & VoIP"). I would like to make the same comment again now and point out that Uncle Fed's newest proposal supports my point even more clearly.

I promise to write more on this in the near future. Unfortunately, I do not have time today to write a multi-volume treatise on the dangers these regulations would pose to civil liberties.

Posted at 8:40:16 PM | Permalink
| Comments (0)
Trackback URL:
Topics: Civil Liberties, Cybercrime, Politics, Privacy, Technology, VoIP

Sunday, 14 March 2004


The controversial and invasive web site DoctorsKnow.Us has been shut down by its operators. The site claims to have attempted to list every patient who has ever filed a medical malpractice lawsuit. Doctors and insurers might potentially have used this information to deny treatment or coverage to "litigious patients" — otherwise known as "patients who had asserted their rights." (Via TechLawAdvisor, via

Quoth the site's home page:

DoctorsKnow.Us has permanently ceased operations as of 3/9/04. The controversy this site has ignited was unanticipated and has polarized opinions regarding the medical malpractice crisis. Our hope is that this controversy will spark a serious discussion that results in changes that are equitable to both patients and physicians. All charges that have been collected will be returned to members and trial members.

Doctors.Know.Us, L.L.C.

Posted at 3:12:01 PM | Permalink
| Comments (0)
Trackback URL:
Topics: Privacy

Friday, 12 March 2004

Blundering through security

It appears the U.S. Patent & Trademark Office (PTO) has removed the infamous ricin patent (No. 3,060,165) from its online database. The PTO boasts that it provides all patents since 1976 in searchable text and images of patent pages from 1790. Obviously, this is now false. (Via Ernest, via Dan Gillmor, via Bruce Schneier.)

Half the developed world's patent offices make this patent available over the Internet. Considering that the patent was granted in 1965, I think a few paper copies might also exist. Therefore, this is about as effective a security measure as requiring travelers to show a driver's license before they board an airplane — that is to say, wholly ineffective. All this does is inconvenience the law-abiding American public when it tries to do research.

Ernest makes the important point that the fundamental principal underlying our patent system is that inventors get exclusive rights to their inventions in exchange for full disclosure of the invention to the public. This is hardly the first case where the public has been shortchanged in the name of security. Ernest also has the best summary comment thus far (hyperlink original):

Rest assured Senator, the lack of the patent in the US database means that terrorists will never be able to figure out how to make ricin because even web-savvy bloggers can't get the information very easily .... ooops. Never mind.

Posted at 1:17:51 PM | Permalink
| Comments (0)
Trackback URL:
Topics: Civil Liberties, Politics, Skeptical Inquiry, Technology

FTC Chair continues to question do-not-spam registry

The San Jose Mercury News reports that FTC Chair Timothy Muris continues to question the wisdom of a do-not-spam registry. The CAN-SPAM Act requires the FTC to consider implementing such a registry. Yesterday, Muris reiterated the same reasons he cited when he questioned the registry idea before the bill became a law. His argument appears to boil down to a jurisdicitonal problem: "The problem, he said, is tracking down the spammers. Many are overseas. Many use aliases or conceal their identities by routing e-mail through hacked or unprotected computers." This argument has at least three major flaws.

First, Muris seems to be focusing on one provision of the Act to the exclusion of others. The core protection of the Act is its prohibition on sending unsolicited commercial email to individuals who have requested not to receive it. However, it is an additional violation — with separate civil and criminal penalties — to disguise the origin and routing information in the header of such messages. The Act grants both a substantive right and a right of action in federal court to any ISP adversely affected by such behavior. Therefore, the pool of potential plaintiffs includes all service providers whose computers were "hacked or unprotected" and used to send spam, in addition to the ISPs whose customers received illegal spam. With that many potential plaintiffs, at least one of them will have the will and means to fight the good fight. Indeed, four titans filed a major CAN-SPAM lawsuit earlier this week ("Spam's Tet Offensive").

Second, national borders are not as big a problem as Muris would have us believe. A huge proportion of spam advertises goods and services that are on sale in the U.S. or at least made available for purchase by people within the U.S. These sellers must have either (1) assets located in the U.S. or (2) mechanisms for moving money out of the U.S. Otherwise, they would have no means to sell things to Americans. U.S. authorities can attach those assets or garnish those money flows to enforce a judgment under the CAN-SPAM Act. Internet-based transactions depend on credit cards or other payment clearinghouses that overwhelmingly have physical presences in the U.S. — think Visa, MasterCard, and PayPal. We may not be able to put a citizen of the Caymen Islands in an American jail for violating CAN-SPAM, but we can ensure that he makes no money from those activities.

Finally, the Act goes to some length to apply liability to spam customers and vendors. By "customer," I mean someone who hires the services of a spammer to advertise a product — i.e., someone who buys the advertising space. By "vendors," I mean someone who sells goods or services to a spamming outfit. Both of these bases for liability require notice to the customer or vendor. However, this notice should be easy to serve (to customers, at least), because spam would be useless if it failed to identify the product being sold and how to buy it. Thus, we have even more people on the hook for sending illegal spam. Once one of these people goes to jail or gets socked with a $1 million judgment, I believe the demand for spam will decline precipitiously.

Mr. Muris, I encourage you to rethink your position.

Posted at 6:40:50 AM | Permalink
| Comments (0)
Trackback URL:
Topics: Spam

Thursday, 11 March 2004

Spam's Tet Offensive

Yesterday, four major email providers teamed up to file CAN-SPAM lawsuits against alleged spammers: America Online, Microsoft, EarthLink, and Yahoo!. They spread the fun around four different states (California, Washington, Georgia, and Virginia) and three different federal circuits (9th, 11th, and 4th, respectively).

Loyal DTM :<| readers know that this is not the first civil lawsuit filed under the CAN-SPAM Act. However, this does appear to be the first well-funded enforcement action and could produce the statutory maximum civil liability award of $1 million per ISP-plaintiff. These well-connected companies might also hand the feds a criminal case on a silver platter, and the defendants are at risk of incurring serious jail time.

I sound like a broken record when I say this, but it will take a high-profile, high-dollar judgment against a spammer before consumers feel the real effect of the CAN-SPAM Act. Words on a page are nice if you are a librarian, but words on a page do not strike fear into the hearts of businessmen until they cause other businessmen to go to prison.

News coverage: C|Net, San Jose Mercury News, Washington Post, New York Times.

Posted at 10:06:29 PM | Permalink
| Comments (0)
Trackback URL:
Topics: Spam

FTC "primary purpose" spam rule is a chance to revisit Central Hudson

Yesterday the Federal Trade Commission (FTC) announced that it would begin hearing public comments today on a rule that the CAN-SPAM Act requires it to propound — a definition that permits a determination whether an email's "primary purpose" is commercial. (Click here to read the proposed rule and here to submit a comment.)

The statute applies to commercial messages, so someone has to define precisely what commercial means. Naturally, Congress passed that buck to the FTC. The U.S. Supreme Court has grappled with the definition of "commercial speech" since it first recognized the concept in 1976, in Virginia Pharmacy (abstract). I rarely agree with Clarence Thomas, but I find his logic on commercial speech unassailable. There is simply no articulable definition that captures all commerciality without also capturing noncommercial elements. Likewise, there is no articulable definition that avoids capturing noncommercial speech without missing large swaths of the commercial sector. To borrow two terms from another line of constitutional jurisprudence, all definitions of "commercial speech" that have ever been suggested have been overinclusive or underinclusive. How can we justify regulating a class of speech that we cannot even define?

Since 1995, Justice Thomas has consistently railed against the commercial-speech doctrine of Central Hudson. In the last few years, the Court seems to have been moving slowly, reluctantly towards his position in 44 Liquormart, Ruben, and Glickman. Although he lost the Glickman fight, it was a 5-4 decision, and the commercial speech issue was not squarely implicated. With a challenge to the FTC's "primary purpose" rule propounded under CAN-SPAM — no matter what the final rule actually says — there will be no room for the Court to dodge the underlying First Amendment question. One can only hope the case rises that far.

Posted at 9:55:01 PM | Permalink
| Comments (0)
Trackback URL:
Topics: Civil Liberties, Spam

Satan, meet Lucifer. Lucifer, Satan.

"Yes, Microsoft did introduce BayStar to SCO." So admits a representative of BayStar. The tech world was abuzz for a week after a leaked memo linked the two Linux enemies. After SCO denied the then-rumor, BayStar now apparently admits the link.

Posted at 9:25:41 PM | Permalink
| Comments (0)
Trackback URL:
Topics: IP, Politics, Technology

Saturday, 6 March 2004

Politech gathering in San Francisco

Last week Declan announced a Politech gathering at the historic House of Shields in San Francisco (at 39 New Montgomery Street). The event is this Wednesday, 10 March, at 7pm. It should prove interesting to anyone interested in technology and politics.

Posted at 10:28:22 AM | Permalink
| Comments (0)
Trackback URL:
Topics: Miscellany

Friday, 5 March 2004

Bush "answers" criticism from scientists

Bob Park, the persistent physicist behind What's New (the weekly newsletter of the American Physical Society), has frequently blasted President Bush for his handling of science and technology issues. Today, in his usual sardonic style, Park points out a particularly egregious example:

Barely a week after 60 prominent scientists issued a statement charging the Bush administration with manipulating the science advisory process (WN 20 Feb 04), the White House delivered an eloquent response — two advocates of stem cell research were abruptly ejected from the Council on Bioethics, and replaced on the panel by three appointees whose opposition to stem cell research is solidly faith-based. Anybody else want to speak up? John Marburger, Director of the White House Office of Science and Technology Policy, has apparently been assigned the task of belittling the scientist’s statement, but the 60 prominent scientists who signed aren’t backing down.

Posted at 10:52:38 PM | Permalink
| Comments (0)
Trackback URL:
Topics: Science

First CAN-SPAM lawsuit

A tiny Bay Area ISP named Hypertouch has filed the first lawsuit under the CAN-SPAM Act. The Washington Post has a sketchy article, stating only that Hypertouch sued BVWebTies LLC (producer of, online home of home improvement guru Bob Vila) and BlueStream Media. Fortunately, Hypertouch has a somewhat more detailed press release and has provided copies of its complaint in many formats (linked from its press release). The suit involves email containing ads for Bob Vila's "Home Again Newsletter."

I have said many times (1, 2, 3, 4, 5, 6, 7) that it will take a reasonable amount of time and a high-profile lawsuit with some big civil penalties or jail time before CAN-SPAM has the desired effect.

Posted at 7:07:43 AM | Permalink
| Comments (0)
Trackback URL:
Topics: Spam

Wednesday, 3 March 2004


I got a two emails after my last post, both asking how to make Proxomitron do what I described. If two people cared enough to write, then a few more must be suffering in silence — so here is the answer.

I am not going to rewrite the Proxomitron help files, which are already excellent. I will, however, give you some entries in my URL Alias List that will help you get started with looking up legal citations. Basically, the entries have to be in this format:

dotstring\1/ & $JUMP(url)
…where "dotstring" is the character string you want to trigger the alias and "url" is the url you want to visit. In this example, \1 will take whatever "extra" text you type and plug it into the URL at the appropriate place.

Here are some of my entries to get you started:

In the first example, typing .37cfr1.56 into your browser's address bar would bring up 37 C.F.R. § 1.56, which is PTO Rule 56, requiring inventors to disclose information to the Examiner during patent prosecution. If you replace "1.56" with another section number, you would get that other section number. For example, typing 37cfr1.660 will get you 37 C.F.R. § 1.660, which requires patentees to give notice to the PTO in some cases where patents are challenged.

My recent favorite (one that would benefit any young IP litigator) is the patnum entry. Use this with any patent number (with or without commas, it makes no difference), and you will go instantly to the U.S. patent bearing that number. My new favorite patent is No. 5,920,923, invented by Penn Jillette, of Penn & Teller fame.

For posterity, the other entries listed above will give you (in order): sections of the California Civil Code, sections of the California Evidence Code, and Rules of the Federal Rules of Civil Procedure.

Posted at 10:55:39 PM | Permalink
| Comments (0)
Trackback URL:
Topics: Technology

Powered by Movable Type