Events: At Stanford law school on security, privacy [priv]

[Declan McCullagh <declan () well com>]

---

Date: Tue, 7 Oct 2003 17:35:10 -0700
To: declan () well com
From: Lauren Gelman <gelman () law stanford edu>
Subject: SLS Center for Internet and Society
Content-Type: multipart/alternative; 
boundary="============_-1146549181==_ma============"

Hey Declan-- How about a one-time mailing to Politech of all the cool stuff 
we're doing this year...
Two events we are hosting-- one on Computer Security and Vulnerability 
reporting 11/22/03, the other a Call for Papers for an Internet Privacy 
Symposium 3/13-14/04-- and v1.2 of our new cyberlaw newsletter "Packets." 
People who want more info can visit our website at cyberlaw.stanford.edu

Thx!!
______________________________________


Cybersecurity, Research & Disclosure
November 22, 2003
Stanford Law School
http://cyberlaw.stanford.edu/security/

Stanford Law School's Center for Internet and Society will host a day-long 
exploration of the relationship between computer security, privacy, and 
disclosure of information about security vulnerabilities.  This is the 
must-attend conference for researchers, academics, practitioners, 
government officials and CTO and CIOS interested in formulating disclosure 
practices or policies that would promote security research, constructive 
information sharing, remediation and commercial interests, and determining 
how such policies could be put into effect?

Questions to be addressed include:

*   Does public disclosure of vulnerabilities motivate the vendor to 
release more secure software, and if so, does this benefit sufficiently 
outweigh potential risks that the information will be misused?
*   How can independent researchers be adequately compensated for the 
valuable service they provide to vendors and customers while encouraging 
responsible reporting?
*   Does the commercialization of security information promote security, or 
should reporting be an academic or governmental function?
*   What practices or policies facilitate communication between vendors and 
researchers. What should the researcher do? What should the vendor do? 
Should practices differ for small vendors, ISPs or website owners?
*   When does disclosure best promote security and minimize exploitations, 
and how much information should be disclosed at a given point in time, and 
to whom?
*   What policies or practices encourage the installation of patches?
*   How can disclosure policies promote computer security? How can we work 
towards consensus on such a policy? Encourage compliance with the policy? 
What would the policy include, and what are the security tradeoffs? Is 
there a role for regulation or government intervention in this area, or are 
market incentives sufficient?

Register now at: http://cyberlaw.stanford.edu/security/

________________

CALL FOR PAPERS

A Stanford Law School Symposium: Securing Privacy in the Internet Age

What legal regimes or market initiatives would best prevent the 
unauthorized disclosure of private information while also promoting 
business innovation?

March 13-14 2004
Stanford Law School
http://cyberlaw.stanford.edu/privacysymposium/

As individuals do more - shopping, talking, working - on-line, they leave 
private information behind in databases stored on Internet-connected 
servers. Companies store proprietary data on networked servers connected to 
the Internet. Computer security experts struggle to develop technology and 
best practices to protect this information from unauthorized intruders or 
inadvertent leaks. Are private initiatives sufficient to protect private 
and confidential information, or should the law allocate the responsibility 
of keeping the server secure, and if so, on whom? And will the imposition 
of this legal and economic burden impede further exponential advances like 
those the computer industry has made in the past decade?

The Center for Internet and Society (CIS), part of the Law, Science and 
Technology Program (LST)  at Stanford Law School announces an open call for 
papers addressing the ways in which application of various legal doctrines 
could induce software vendors, hardware companies and system administrators 
to adopt security-enhancing practices, report unauthorized disclosures of 
private information, properly value and remedy harm flowing from privacy 
breaches, while promoting vigorous competition and innovation.

In the selection process, papers offering new perspectives, novel analysis, 
or innovative prescriptions will be given preference. Proposals from legal 
and other academics, economists, lawyers, scientists and technologists, as 
well as new voices are encouraged.  Some suggested topics are posted on the 
conference website at: http://cyberlaw.stanford.edu/privacysymposium/

The event is funded by a generous grant from the cy pres fund established 
in the Supnick et al. v. Amazon.com, Inc. and Alexa Internet, Inc. 
litigation. We are able to offer free admission to the symposium and 
anticipate a large audience of academics, executives, students, and U.S. 
and foreign policy makers. Those selected to present papers will be 
reimbursed for two- week advance purchased coach airfare to California and 
for two nights stay at the Westin, Palo Alto hotel.
Interested parties should submit a 200 word abstract describing the 
proposed paper to; http://cyberlaw.stanford.edu/privacysymposium/form.html. 
The deadline for submissions is October 13 and the selected presenters will 
be notified by mail by November 3. The website also allows visitors to 
register to be notified when we finalize the symposium schedule.

Papers will be due May 3, 2004. The Symposium Editors will select the 
papers which will be  published in a scholarly volume under a Creative 
Commons license that will allow authors to submit their papers to other 
publications, including law journals.

The Symposium Editors are:

*  Margaret Jane Radin, Wm. Benjamin Scott and Luna M. Scott Professor of 
Law, Director, Stanford Program in Law, Science and Technology
*  Anupam Chander, Professor, UC Davis School of Law, Visiting Professor 
Stanford Law School, Spring 2004
*  Lauren Gelman, Assistant Director, Center for Internet and Society, 
Stanford Law School

If you have questions, you are welcome to contact Lauren Gelman, at 
gelman () stanford edu. The conference is organized by the Center for Internet 
and Society, part of the Program on Law Science and Technology at Stanford 
Law School.

__
* * * * Packets * * * *
Vol. 1, No. 2 // 10.7.03
-=-=-=-=-=-=-=-=-=-=-=-=-=-

Packets is production of the Stanford Center for Internet & Society (CIS). 
It is written by members of the Stanford Law and Technology Association 
(SLATA), and edited by CIS staff, fellows and volunteer attorneys.

Our purpose is to provide the legal community with a concise description of 
recently decided cyberlaw-related cases.   Click "For More" for longer, 
more detailed summaries hosted on our website, along with a keyword 
searchable archive of past packets. http://cyberlaw.stanford.edu/packets/

We urge you to forward Packets wherever you please, and to take from it any 
content you'd like.

The writers on the Packets Editorial Board are: Carl G. Anderson, Rob 
Courtney, JuNelle Harris, Rena Kaminsky, Rachel Kovner, Todd Lewellen, 
Stephany Lin, Stephen Bruce Lindholm, Jia Liu, Grace Park, Ji-Hyun Park, 
Jef Pearlman, Kateryna Rakowsky, Stuart M. Rosenberg, Neil A. Rubin, and 
Jim Sojoodi.

-=-=-=-=-=-=-=-=-=-=-=-=-=-

Contents
Vol. 1, No. 2

-=-=-=-=-=-=-=-=-=-=-=-=-=-

Verisign Settles FTC Complaint for False Advertising to Take Competitors' 
Domain Name Registrants

Verisign and the Federal Trade Commission have reached a settlement 
stemming from charges that Verisign's Network Solutions unit tricked 
customers of competing domain name registrars into renewing and 
transferring their domain name with Network Solutions. Pursuant to the 
settlement, Verisign is to provide the expiration date of the registrant's 
domain name registration in all its future notices and to disclose whether 
the renewal would transfer a registrant's domain name from its previous 
registrar to Verisign. Verisign did not make any admissions of liability or 
wrongdoing.
FTC v. Network Solutions, Inc., No. 03-1907 (D.D.C., Sept. 12, 2003).

For more:
http://cyberlaw.stanford.edu/packets/vol_1_no_2/001555.shtml

-=-=-=-=-=-=-=-=-=-=-=-=-=-

Headline: Advertisers in the UK Must Get Explicit Permission Before 
Marketing By E-mail

The UK's Advertising Standards Authority ruled that e-marketers must 
receive explicit consent before marketing to consumers by e-mail. 
Recipients of unsolicited commercial e-mails filed a complaint against the 
Training Guild (a Southampton seminar provider) , alleging that their 
marketing violated the CAP Code's requirements that (1) e-mails make clear 
that they are marketing communications, and (2) advertisers get explicit 
consent before sending e-mails to consumers. The ASA rejected the first 
complaint, finding the subject heading "Business Seminars - Telesales & 
Selling Skills made Easy" sufficient to put consumers on notice that the 
e-mails at issue were marketing communications. However, the ASA upheld the 
second complaint, stating that it was the advertiser's responsibility to 
ensure recipients had given explicit consent.
The Training Guild, UK ASA Adjudication (Sept. 10, 2003).

For more:
http://cyberlaw.stanford.edu/packets/vol_1_no_2/001556.shtml

-=-=-=-=-=-=-=-=-=-=-=-=-=-

Attachmnent of GPS Devices to Private Vehicles Requires a Warrant

William Bradley Jackson was convicted of first degree murder on October 5, 
2000 in the death of his daughter. Jackson appealed to the Supreme Court of 
Washington, raising, inter alia, whether a warrant was required under Wash. 
Const. art. I, § 7 for the installation and use of a global positioning 
system (GPS) device on his vehicle; and, if so, whether the two warrants 
issued in this case were supported by probable cause. The court held that a 
warrant is required before authorities can install and use a GPS device on 
a private vehicle under Wash. Const. art. I, § 7. However, the court found 
that the two warrants in this case were valid, and, therefore, there was no 
constitutional violation.
State v. Jackson, No. 72799-6, 2003 Wash. LEXIS 659 (Wash. Sept. 11, 2003)

For more:
http://cyberlaw.stanford.edu/packets/vol_1_no_2/001557.shtml

-=-=-=-=-=-=-=-=-=-=-=-=-=-

Federal Court Strikes Down FTC's National Do-not-call List, Allows Other 
Telemarketer Regulations

Several groups representing telemarketing firms sued the Federal Trade 
Commission (FTC), challenging the FTC's "creation of a national do-not-call 
registry, its prohibition of abandoned calls, and its restrictions on the 
use of pre-acquired account information". The plaintiffs claimed that the 
FTC did not have Congressionally delegated authority to implement these 
measures. The District Court for the Western District of Oklahoma granted 
summary judgment for the plaintiffs in the matter of the do-not-call 
registry and enjoined the FTC from enforcing its use. The court granted the 
FTC's cross-motion for summary judgment for the defendant in the other two 
matters, allowing them to enforce the regulations.
2003 U.S. Dist. LEXIS 16650.

For more:
http://cyberlaw.stanford.edu/packets/vol_1_no_2/001558.shtml

-=-=-=-=-=-=-=-=-=-=-=-=-=-

Register.com Settles Class Action Suit

Internet domain name registrar Register.com issued a Notice of Class Action 
Settlement and Hearing on August 12, 2003, agreeing to pay $5.00 to its 
registrants in settlement of a lawsuit brought by an owner of an Internet 
website, alleging that the registrar's advertisements constituted a 
deceptive consumer-oriented business practice and breached the covenant of 
good faith and fair dealing. The New York Supreme Court will hold a hearing 
on November 3, 2003, to determine whether the proposed Settlement is fair, 
reasonable in the best interests of the Settlement Class, adequately 
represented by the plaintiffs, and issue a final order or judgment in 
approving the proposed settlement.
Zurakov v. Register.Com, Inc. 760 N.Y.S.2d 13, N.Y.A.D. 1 Dept., 2003.

For more:
http://cyberlaw.stanford.edu/packets/vol_1_no_2/001559.shtml

-=-=-=-=-=-=-=-=-=-=-=-=-=-

Although Product Distributor's Web Activity Did not Create Minimum Contacts 
with Forum State, Personal Jurisdiction Held Proper on the Basis of 
Purchases from In-State Manufacturer

In this District of Kansas case arising from the defendants' sales to 
plaintiff of a reptile care product, Judge Carlos Murguia denied 
defendants' motions to dismiss for lack of personal jurisdiction. The court 
found that (1) one of the defendants offered to sell the product in Kansas 
through a website, and (2) both defendants purchased the product from a 
Kansas manufacturer. Although the offer to sell the product through the 
website did not confer jurisdiction, the purchases from the Kansas 
manufacturer created the 'minimum contacts' with Kansas sufficient for 
personal jurisdiction because these purchases were necessary to the 
transactions from which the plaintiff's claims arose.
Robert Pound v. Airosol Company, Inc., et al., No. 02-2632-CM (D. Kan. 2003)

For more:
http://cyberlaw.stanford.edu/packets/vol_1_no_2/001560.shtml

-=-=-=-=-=-=-=-=-=-=-=-=-=-

FTC Proposes Settlement of Unfair Practice Charges with AOL, CompuServe

On September 23, the Federal Trade Commission (FTC) published a proposed 
consent order settling complaints with AOL and its subsidiary, CompuServe. 
The FTC had alleged that AOL's procedures for handling customer 
cancellation requests and AOL and CompuServe's handling of a recent 
"CompuServe $400 Rebate Plan" were flawed in that: (1) some customers who 
had requested cancellation of service had continued to be billed for 
monthly service, and (2) AOL and CompuServe had failed to deliver promised 
$400 rebate checks toward consumers' purchase of a computer after the 
consumer contracted for three years of CompuServe Internet Service. The 
proposed settlement requires better procedures by AOL and CompuServe in 
both areas.
Proposed Agreement Containing Consent Order, In the Matter of Am. Online, 
Inc., and Compuserve Interactive Servs., Inc., at 
http://www.ftc.gov/os/2003/09/aolconagreement.pdf (Sep. 23, 2003).

For more:
http://cyberlaw.stanford.edu/packets/vol_1_no_2/001561.shtml

-=-=-=-=-=-=-=-=-=-=-=-=-=-

Class Certification Denied in Infringement Action against Copyright 
Clearance Center, Inc.

The District Court of Massachusetts denied plaintiffs' motion for class 
certification in a copyright infringement suit brought by three freelance 
photographers against Copyright Clearance Center Inc. Defendant acts as an 
agent for magazine publishers, licensing rights to photocopy magazine 
articles. Plaintiffs allege that they, like most freelance photographers, 
explicitly retain all rights beyond one-time publication in magazines; 
therefore defendant infringes their copyright by unauthorized trafficking 
in these images. The plaintiffs introduced evidence of the large number of 
freelance magazine photographers in the United States and that it is 
standard practice to retain copyright in photographs. The court ruled, 
however, that this evidence was not sufficient to meet the numerosity and 
typicality requirements for class certification stated in Fed. R. Civ. P 
23, and therefore denied the motion.
Resnick v. Copyright Clearance Center, Inc., No. 01-11520-RWZ, 2003 U.S. 
Dist. Lexis 16516 (D. Mass. September 22, 2003).

For more:
http://cyberlaw.stanford.edu/packets/vol_1_no_2/001562.shtml

-=-=-=-=-=-=-=-=-=-=-=-=-=-

Refusal to Establish Hyperlink May Violate First Amendment Rights

Reversing a district court's grant of summary judgment, the Sixth Circuit 
held that a city government's refusal to provide a hyperlink from its 
website to an online tabloid monitoring city corruption may violate the 
First Amendment rights of the tabloid publisher. Although the Court found 
the city website to be a nonpublic forum, allowing the city broad 
discretion in selecting participants, denying access based on the 
participant's viewpoint is a clear violation of the First Amendment. The 
Court held that the tabloid publisher raised an issue of material fact as 
to whether the city's actions were based on "impermissible viewpoint 
discrimination" and remanded to the district court for further proceedings.
Putnam Pit, Inc. v. City of Cookeville, Tenn., 21 F.3d 834 (6th Cir. 2000).

For more:
http://cyberlaw.stanford.edu/packets/vol_1_no_2/001563.shtml

-=-=-=-=-=-=-=-=-=-=-=-=-=-

Federal Court Dismisses Hyperphrase Patent Infringement Case Against Microsoft

A federal judge in the Western District of Wisconsin granted Microsoft's 
motion for summary judgment in a patent infringement suit filed by 
Hyperphrase Technologies. Hyperphrase filed suit claiming that the Smart 
Tags technology Microsoft included in its recent versions of Microsoft 
Office XP infringed on three of Hyperphrase's patents relating to the 
storage and retreival of information in computer systems. The judge agreed 
with Microsoft that the Smart Tags operate differently than Hyperphrase's 
technology and did not infringe on the patents.

U.S.A. v. Thomas Michael Whitehead, Case No. 2:03CR53 (C.D.C.A. Sept. 19, 
2003).

Press Release: Department of Justice Press Release No. 03-127, United 
States Attorney, Central District of California, "Federal Jury Convicts 
Smart-Card Hacker for Violating Digital Millennium Copyright Act," Sept. 
22, 2003


For more:
http://cyberlaw.stanford.edu/packets/vol_1_no_2/001565.shtml

-=-=-=-=-=-=-=-=-=-=-=-=-=-

http://cyberlaw.stanford.edu/
Stanford Center for Internet & Society
Crown Quadrangle, 559 Nathan Abbott Way, Stanford, CA 94305-8610

--

Lauren Gelman, Esq.
Center for Internet and Society
Stanford Law School
(ph) 650-724-3358http://cyberlaw.stanford.edu/

_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)