Monday, 15 March 2004
FBI proposes expansive broadband "wiretap" rules
Declan McCullaugh and Ben Charny report on C|Net that Uncle Fed issued a proposal for expedited rulemaking [pdf] which would grant him new and expansive "wiretapping" powers for broadband Internet services. In this case, Uncle Fed is backed by the Federal Bureau of Investigations (FBI), Department of Justice (DOJ) and the Drug Enforcement Agency (DEA).
Two months ago, Uncle Fed asked the Federal Communications Commission (FCC) to do this dirty work for him. FCC Chairman Michael Powell paid some lip service to security concerns at the time, but he has apparently let the request languish. (At least, I have not seen the media report any subsequent FCC actions.) Around that time, I blogged on the word wiretap and complained that it makes a poor analogy to surveillance of digital communications ("Wiretapping & VoIP"). I would like to make the same comment again now and point out that Uncle Fed's newest proposal supports my point even more clearly.
I promise to write more on this in the near future. Unfortunately, I do not have time today to write a multi-volume treatise on the dangers these regulations would pose to civil liberties.
The controversial and invasive web site DoctorsKnow.Us has been shut down by its operators. The site claims to have attempted to list every patient who has ever filed a medical malpractice lawsuit. Doctors and insurers might potentially have used this information to deny treatment or coverage to "litigious patients" — otherwise known as "patients who had asserted their rights." (Via TechLawAdvisor, via RangelMd.com)
Quoth the site's home page:
DoctorsKnow.Us has permanently ceased operations as of 3/9/04. The controversy this site has ignited was unanticipated and has polarized opinions regarding the medical malpractice crisis. Our hope is that this controversy will spark a serious discussion that results in changes that are equitable to both patients and physicians. All charges that have been collected will be returned to members and trial members.
It appears the U.S. Patent & Trademark Office (PTO) has removed the infamous ricin patent (No. 3,060,165) from its online database. The PTO boasts that it provides all patents since 1976 in searchable text and images of patent pages from 1790. Obviously, this is now false. (Via Ernest, via Dan Gillmor, via Bruce Schneier.)
Half the developed world's patent offices make this patent available over the Internet. Considering that the patent was granted in 1965, I think a few paper copies might also exist. Therefore, this is about as effective a security measure as requiring travelers to show a driver's license before they board an airplane — that is to say, wholly ineffective. All this does is inconvenience the law-abiding American public when it tries to do research.
Ernest makes the important point that the fundamental principal underlying our patent system is that inventors get exclusive rights to their inventions in exchange for full disclosure of the invention to the public. This is hardly the first case where the public has been shortchanged in the name of security. Ernest also has the best summary comment thus far (hyperlink original):
Rest assured Senator, the lack of the patent in the US database means that terrorists will never be able to figure out how to make ricin because even web-savvy bloggers can't get the information very easily .... ooops. Never mind.
The San Jose Mercury News reports that FTC Chair Timothy Muris continues to question the wisdom of a do-not-spam registry. The CAN-SPAM Act requires the FTC to consider implementing such a registry. Yesterday, Muris reiterated the same reasons he cited when he questioned the registry idea before the bill became a law. His argument appears to boil down to a jurisdicitonal problem: "The problem, he said, is tracking down the spammers. Many are overseas. Many use aliases or conceal their identities by routing e-mail through hacked or unprotected computers." This argument has at least three major flaws.
First, Muris seems to be focusing on one provision of the Act to the exclusion of others. The core protection of the Act is its prohibition on sending unsolicited commercial email to individuals who have requested not to receive it. However, it is an additional violation — with separate civil and criminal penalties — to disguise the origin and routing information in the header of such messages. The Act grants both a substantive right and a right of action in federal court to any ISP adversely affected by such behavior. Therefore, the pool of potential plaintiffs includes all service providers whose computers were "hacked or unprotected" and used to send spam, in addition to the ISPs whose customers received illegal spam. With that many potential plaintiffs, at least one of them will have the will and means to fight the good fight. Indeed, four titans filed a major CAN-SPAM lawsuit earlier this week ("Spam's Tet Offensive").
Second, national borders are not as big a problem as Muris would have us believe. A huge proportion of spam advertises goods and services that are on sale in the U.S. or at least made available for purchase by people within the U.S. These sellers must have either (1) assets located in the U.S. or (2) mechanisms for moving money out of the U.S. Otherwise, they would have no means to sell things to Americans. U.S. authorities can attach those assets or garnish those money flows to enforce a judgment under the CAN-SPAM Act. Internet-based transactions depend on credit cards or other payment clearinghouses that overwhelmingly have physical presences in the U.S. — think Visa, MasterCard, and PayPal. We may not be able to put a citizen of the Caymen Islands in an American jail for violating CAN-SPAM, but we can ensure that he makes no money from those activities.
Finally, the Act goes to some length to apply liability to spam customers and vendors. By "customer," I mean someone who hires the services of a spammer to advertise a product — i.e., someone who buys the advertising space. By "vendors," I mean someone who sells goods or services to a spamming outfit. Both of these bases for liability require notice to the customer or vendor. However, this notice should be easy to serve (to customers, at least), because spam would be useless if it failed to identify the product being sold and how to buy it. Thus, we have even more people on the hook for sending illegal spam. Once one of these people goes to jail or gets socked with a $1 million judgment, I believe the demand for spam will decline precipitiously.
Mr. Muris, I encourage you to rethink your position.
Yesterday, four major email providers teamed up to file CAN-SPAM lawsuits against alleged spammers: America Online, Microsoft, EarthLink, and Yahoo!. They spread the fun around four different states (California, Washington, Georgia, and Virginia) and three different federal circuits (9th, 11th, and 4th, respectively).
Loyal DTM :<| readers know that this is not the first civil lawsuit filed under the CAN-SPAM Act. However, this does appear to be the first well-funded enforcement action and could produce the statutory maximum civil liability award of $1 million per ISP-plaintiff. These well-connected companies might also hand the feds a criminal case on a silver platter, and the defendants are at risk of incurring serious jail time.
I sound like a broken record when I say this, but it will take a high-profile, high-dollar judgment against a spammer before consumers feel the real effect of the CAN-SPAM Act. Words on a page are nice if you are a librarian, but words on a page do not strike fear into the hearts of businessmen until they cause other businessmen to go to prison.
Yesterday the Federal Trade Commission (FTC) announced that it would begin hearing public comments today on a rule that the CAN-SPAM Act requires it to propound — a definition that permits a determination whether an email's "primary purpose" is commercial. (Click here to read the proposed rule and here to submit a comment.)
The statute applies to commercial messages, so someone has to define precisely what commercial means. Naturally, Congress passed that buck to the FTC. The U.S. Supreme Court has grappled with the definition of "commercial speech" since it first recognized the concept in 1976, in Virginia Pharmacy (abstract). I rarely agree with Clarence Thomas, but I find his logic on commercial speech unassailable. There is simply no articulable definition that captures all commerciality without also capturing noncommercial elements. Likewise, there is no articulable definition that avoids capturing noncommercial speech without missing large swaths of the commercial sector. To borrow two terms from another line of constitutional jurisprudence, all definitions of "commercial speech" that have ever been suggested have been overinclusive or underinclusive. How can we justify regulating a class of speech that we cannot even define?
Since 1995, Justice Thomas has consistently railed against the commercial-speech doctrine of Central Hudson. In the last few years, the Court seems to have been moving slowly, reluctantly towards his position in 44 Liquormart, Ruben, and Glickman. Although he lost the Glickman fight, it was a 5-4 decision, and the commercial speech issue was not squarely implicated. With a challenge to the FTC's "primary purpose" rule propounded under CAN-SPAM — no matter what the final rule actually says — there will be no room for the Court to dodge the underlying First Amendment question. One can only hope the case rises that far.
"Yes, Microsoft did introduce BayStar to SCO." So admits a representative of BayStar. The tech world was abuzz for a week after a leaked memo linked the two Linux enemies. After SCO denied the then-rumor, BayStar now apparently admits the link.
Last week Declan announced a Politech gathering at the historic House of Shields in San Francisco (at 39 New Montgomery Street). The event is this Wednesday, 10 March, at 7pm. It should prove interesting to anyone interested in technology and politics.
Bob Park, the persistent physicist behind What's New (the weekly newsletter of the American Physical Society), has frequently blasted President Bush for his handling of science and technology issues. Today, in his usual sardonic style, Park points out a particularly egregious example:
Barely a week after 60 prominent scientists issued a statement charging the Bush administration with manipulating the science advisory process (WN 20 Feb 04), the White House delivered an eloquent response — two advocates of stem cell research were abruptly ejected from the Council on Bioethics, and replaced on the panel by three appointees whose opposition to stem cell research is solidly faith-based. Anybody else want to speak up? John Marburger, Director of the White House Office of Science and Technology Policy, has apparently been assigned the task of belittling the scientist’s statement, but the 60 prominent scientists who signed aren’t backing down.
A tiny Bay Area ISP named Hypertouch has filed the first lawsuit under the CAN-SPAM Act. The Washington Post has a sketchy article, stating only that Hypertouch sued BVWebTies LLC (producer of BobVila.com, online home of home improvement guru Bob Vila) and BlueStream Media. Fortunately, Hypertouch has a somewhat more detailed press release and has provided copies of its complaint in many formats (linked from its press release). The suit involves email containing ads for Bob Vila's "Home Again Newsletter."
I have said many times (1, 2, 3, 4, 5, 6, 7) that it will take a reasonable amount of time and a high-profile lawsuit with some big civil penalties or jail time before CAN-SPAM has the desired effect.
I got a two emails after my last post, both asking how to make Proxomitron do what I described. If two people cared enough to write, then a few more must be suffering in silence — so here is the answer.
I am not going to rewrite the Proxomitron help files, which are already excellent. I will, however, give you some entries in my URL Alias List that will help you get started with looking up legal citations. Basically, the entries have to be in this format:
…where "dotstring" is the character string you want to trigger the alias and "url" is the url you want to visit. In this example, \1 will take whatever "extra" text you type and plug it into the URL at the appropriate place.dotstring\1/ & $JUMP(url)
Here are some of my entries to get you started:
My recent favorite (one that would benefit any young IP litigator) is the patnum entry. Use this with any patent number (with or without commas, it makes no difference), and you will go instantly to the U.S. patent bearing that number. My new favorite patent is No. 5,920,923, invented by Penn Jillette, of Penn & Teller fame.
For posterity, the other entries listed above will give you (in order): sections of the California Civil Code, sections of the California Evidence Code, and Rules of the Federal Rules of Civil Procedure.