[Politech] Events: At Stanford law school on security, privacy [priv]

From: Declan McCullagh (declan@private)
Date: Tue Oct 14 2003 - 06:24:22 PDT

  • Next message: Declan McCullagh: "[Politech] Event: Economist and Cato Institute in SF on telecom (10/15)"

    Date: Tue, 7 Oct 2003 17:35:10 -0700
    To: declan@private
    From: Lauren Gelman <gelman@private>
    Subject: SLS Center for Internet and Society
    Content-Type: multipart/alternative; 
    Hey Declan-- How about a one-time mailing to Politech of all the cool stuff 
    we're doing this year...
    Two events we are hosting-- one on Computer Security and Vulnerability 
    reporting 11/22/03, the other a Call for Papers for an Internet Privacy 
    Symposium 3/13-14/04-- and v1.2 of our new cyberlaw newsletter "Packets." 
    People who want more info can visit our website at cyberlaw.stanford.edu
    Cybersecurity, Research & Disclosure
    November 22, 2003
    Stanford Law School
    Stanford Law School's Center for Internet and Society will host a day-long 
    exploration of the relationship between computer security, privacy, and 
    disclosure of information about security vulnerabilities.  This is the 
    must-attend conference for researchers, academics, practitioners, 
    government officials and CTO and CIOS interested in formulating disclosure 
    practices or policies that would promote security research, constructive 
    information sharing, remediation and commercial interests, and determining 
    how such policies could be put into effect?
    Questions to be addressed include:
    *   Does public disclosure of vulnerabilities motivate the vendor to 
    release more secure software, and if so, does this benefit sufficiently 
    outweigh potential risks that the information will be misused?
    *   How can independent researchers be adequately compensated for the 
    valuable service they provide to vendors and customers while encouraging 
    responsible reporting?
    *   Does the commercialization of security information promote security, or 
    should reporting be an academic or governmental function?
    *   What practices or policies facilitate communication between vendors and 
    researchers. What should the researcher do? What should the vendor do? 
    Should practices differ for small vendors, ISPs or website owners?
    *   When does disclosure best promote security and minimize exploitations, 
    and how much information should be disclosed at a given point in time, and 
    to whom?
    *   What policies or practices encourage the installation of patches?
    *   How can disclosure policies promote computer security? How can we work 
    towards consensus on such a policy? Encourage compliance with the policy? 
    What would the policy include, and what are the security tradeoffs? Is 
    there a role for regulation or government intervention in this area, or are 
    market incentives sufficient?
    Register now at: http://cyberlaw.stanford.edu/security/
    A Stanford Law School Symposium: Securing Privacy in the Internet Age
    What legal regimes or market initiatives would best prevent the 
    unauthorized disclosure of private information while also promoting 
    business innovation?
    March 13-14 2004
    Stanford Law School
    As individuals do more - shopping, talking, working - on-line, they leave 
    private information behind in databases stored on Internet-connected 
    servers. Companies store proprietary data on networked servers connected to 
    the Internet. Computer security experts struggle to develop technology and 
    best practices to protect this information from unauthorized intruders or 
    inadvertent leaks. Are private initiatives sufficient to protect private 
    and confidential information, or should the law allocate the responsibility 
    of keeping the server secure, and if so, on whom? And will the imposition 
    of this legal and economic burden impede further exponential advances like 
    those the computer industry has made in the past decade?
    The Center for Internet and Society (CIS), part of the Law, Science and 
    Technology Program (LST)  at Stanford Law School announces an open call for 
    papers addressing the ways in which application of various legal doctrines 
    could induce software vendors, hardware companies and system administrators 
    to adopt security-enhancing practices, report unauthorized disclosures of 
    private information, properly value and remedy harm flowing from privacy 
    breaches, while promoting vigorous competition and innovation.
    In the selection process, papers offering new perspectives, novel analysis, 
    or innovative prescriptions will be given preference. Proposals from legal 
    and other academics, economists, lawyers, scientists and technologists, as 
    well as new voices are encouraged.  Some suggested topics are posted on the 
    conference website at: http://cyberlaw.stanford.edu/privacysymposium/
    The event is funded by a generous grant from the cy pres fund established 
    in the Supnick et al. v. Amazon.com, Inc. and Alexa Internet, Inc. 
    litigation. We are able to offer free admission to the symposium and 
    anticipate a large audience of academics, executives, students, and U.S. 
    and foreign policy makers. Those selected to present papers will be 
    reimbursed for two- week advance purchased coach airfare to California and 
    for two nights stay at the Westin, Palo Alto hotel.
    Interested parties should submit a 200 word abstract describing the 
    proposed paper to; http://cyberlaw.stanford.edu/privacysymposium/form.html. 
    The deadline for submissions is October 13 and the selected presenters will 
    be notified by mail by November 3. The website also allows visitors to 
    register to be notified when we finalize the symposium schedule.
    Papers will be due May 3, 2004. The Symposium Editors will select the 
    papers which will be  published in a scholarly volume under a Creative 
    Commons license that will allow authors to submit their papers to other 
    publications, including law journals.
    The Symposium Editors are:
    *  Margaret Jane Radin, Wm. Benjamin Scott and Luna M. Scott Professor of 
    Law, Director, Stanford Program in Law, Science and Technology
    *  Anupam Chander, Professor, UC Davis School of Law, Visiting Professor 
    Stanford Law School, Spring 2004
    *  Lauren Gelman, Assistant Director, Center for Internet and Society, 
    Stanford Law School
    If you have questions, you are welcome to contact Lauren Gelman, at 
    gelman@private The conference is organized by the Center for Internet 
    and Society, part of the Program on Law Science and Technology at Stanford 
    Law School.
    * * * * Packets * * * *
    Vol. 1, No. 2 // 10.7.03
    Packets is production of the Stanford Center for Internet & Society (CIS). 
    It is written by members of the Stanford Law and Technology Association 
    (SLATA), and edited by CIS staff, fellows and volunteer attorneys.
    Our purpose is to provide the legal community with a concise description of 
    recently decided cyberlaw-related cases.   Click "For More" for longer, 
    more detailed summaries hosted on our website, along with a keyword 
    searchable archive of past packets. http://cyberlaw.stanford.edu/packets/
    We urge you to forward Packets wherever you please, and to take from it any 
    content you'd like.
    The writers on the Packets Editorial Board are: Carl G. Anderson, Rob 
    Courtney, JuNelle Harris, Rena Kaminsky, Rachel Kovner, Todd Lewellen, 
    Stephany Lin, Stephen Bruce Lindholm, Jia Liu, Grace Park, Ji-Hyun Park, 
    Jef Pearlman, Kateryna Rakowsky, Stuart M. Rosenberg, Neil A. Rubin, and 
    Jim Sojoodi.
    Vol. 1, No. 2
    Verisign Settles FTC Complaint for False Advertising to Take Competitors' 
    Domain Name Registrants
    Verisign and the Federal Trade Commission have reached a settlement 
    stemming from charges that Verisign's Network Solutions unit tricked 
    customers of competing domain name registrars into renewing and 
    transferring their domain name with Network Solutions. Pursuant to the 
    settlement, Verisign is to provide the expiration date of the registrant's 
    domain name registration in all its future notices and to disclose whether 
    the renewal would transfer a registrant's domain name from its previous 
    registrar to Verisign. Verisign did not make any admissions of liability or 
    FTC v. Network Solutions, Inc., No. 03-1907 (D.D.C., Sept. 12, 2003).
    For more:
    Headline: Advertisers in the UK Must Get Explicit Permission Before 
    Marketing By E-mail
    The UK's Advertising Standards Authority ruled that e-marketers must 
    receive explicit consent before marketing to consumers by e-mail. 
    Recipients of unsolicited commercial e-mails filed a complaint against the 
    Training Guild (a Southampton seminar provider) , alleging that their 
    marketing violated the CAP Code's requirements that (1) e-mails make clear 
    that they are marketing communications, and (2) advertisers get explicit 
    consent before sending e-mails to consumers. The ASA rejected the first 
    complaint, finding the subject heading "Business Seminars - Telesales & 
    Selling Skills made Easy" sufficient to put consumers on notice that the 
    e-mails at issue were marketing communications. However, the ASA upheld the 
    second complaint, stating that it was the advertiser's responsibility to 
    ensure recipients had given explicit consent.
    The Training Guild, UK ASA Adjudication (Sept. 10, 2003).
    For more:
    Attachmnent of GPS Devices to Private Vehicles Requires a Warrant
    William Bradley Jackson was convicted of first degree murder on October 5, 
    2000 in the death of his daughter. Jackson appealed to the Supreme Court of 
    Washington, raising, inter alia, whether a warrant was required under Wash. 
    Const. art. I,  7 for the installation and use of a global positioning 
    system (GPS) device on his vehicle; and, if so, whether the two warrants 
    issued in this case were supported by probable cause. The court held that a 
    warrant is required before authorities can install and use a GPS device on 
    a private vehicle under Wash. Const. art. I,  7. However, the court found 
    that the two warrants in this case were valid, and, therefore, there was no 
    constitutional violation.
    State v. Jackson, No. 72799-6, 2003 Wash. LEXIS 659 (Wash. Sept. 11, 2003)
    For more:
    Federal Court Strikes Down FTC's National Do-not-call List, Allows Other 
    Telemarketer Regulations
    Several groups representing telemarketing firms sued the Federal Trade 
    Commission (FTC), challenging the FTC's "creation of a national do-not-call 
    registry, its prohibition of abandoned calls, and its restrictions on the 
    use of pre-acquired account information". The plaintiffs claimed that the 
    FTC did not have Congressionally delegated authority to implement these 
    measures. The District Court for the Western District of Oklahoma granted 
    summary judgment for the plaintiffs in the matter of the do-not-call 
    registry and enjoined the FTC from enforcing its use. The court granted the 
    FTC's cross-motion for summary judgment for the defendant in the other two 
    matters, allowing them to enforce the regulations.
    2003 U.S. Dist. LEXIS 16650.
    For more:
    Register.com Settles Class Action Suit
    Internet domain name registrar Register.com issued a Notice of Class Action 
    Settlement and Hearing on August 12, 2003, agreeing to pay $5.00 to its 
    registrants in settlement of a lawsuit brought by an owner of an Internet 
    website, alleging that the registrar's advertisements constituted a 
    deceptive consumer-oriented business practice and breached the covenant of 
    good faith and fair dealing. The New York Supreme Court will hold a hearing 
    on November 3, 2003, to determine whether the proposed Settlement is fair, 
    reasonable in the best interests of the Settlement Class, adequately 
    represented by the plaintiffs, and issue a final order or judgment in 
    approving the proposed settlement.
    Zurakov v. Register.Com, Inc. 760 N.Y.S.2d 13, N.Y.A.D. 1 Dept., 2003.
    For more:
    Although Product Distributor's Web Activity Did not Create Minimum Contacts 
    with Forum State, Personal Jurisdiction Held Proper on the Basis of 
    Purchases from In-State Manufacturer
    In this District of Kansas case arising from the defendants' sales to 
    plaintiff of a reptile care product, Judge Carlos Murguia denied 
    defendants' motions to dismiss for lack of personal jurisdiction. The court 
    found that (1) one of the defendants offered to sell the product in Kansas 
    through a website, and (2) both defendants purchased the product from a 
    Kansas manufacturer. Although the offer to sell the product through the 
    website did not confer jurisdiction, the purchases from the Kansas 
    manufacturer created the 'minimum contacts' with Kansas sufficient for 
    personal jurisdiction because these purchases were necessary to the 
    transactions from which the plaintiff's claims arose.
    Robert Pound v. Airosol Company, Inc., et al., No. 02-2632-CM (D. Kan. 2003)
    For more:
    FTC Proposes Settlement of Unfair Practice Charges with AOL, CompuServe
    On September 23, the Federal Trade Commission (FTC) published a proposed 
    consent order settling complaints with AOL and its subsidiary, CompuServe. 
    The FTC had alleged that AOL's procedures for handling customer 
    cancellation requests and AOL and CompuServe's handling of a recent 
    "CompuServe $400 Rebate Plan" were flawed in that: (1) some customers who 
    had requested cancellation of service had continued to be billed for 
    monthly service, and (2) AOL and CompuServe had failed to deliver promised 
    $400 rebate checks toward consumers' purchase of a computer after the 
    consumer contracted for three years of CompuServe Internet Service. The 
    proposed settlement requires better procedures by AOL and CompuServe in 
    both areas.
    Proposed Agreement Containing Consent Order, In the Matter of Am. Online, 
    Inc., and Compuserve Interactive Servs., Inc., at 
    http://www.ftc.gov/os/2003/09/aolconagreement.pdf (Sep. 23, 2003).
    For more:
    Class Certification Denied in Infringement Action against Copyright 
    Clearance Center, Inc.
    The District Court of Massachusetts denied plaintiffs' motion for class 
    certification in a copyright infringement suit brought by three freelance 
    photographers against Copyright Clearance Center Inc. Defendant acts as an 
    agent for magazine publishers, licensing rights to photocopy magazine 
    articles. Plaintiffs allege that they, like most freelance photographers, 
    explicitly retain all rights beyond one-time publication in magazines; 
    therefore defendant infringes their copyright by unauthorized trafficking 
    in these images. The plaintiffs introduced evidence of the large number of 
    freelance magazine photographers in the United States and that it is 
    standard practice to retain copyright in photographs. The court ruled, 
    however, that this evidence was not sufficient to meet the numerosity and 
    typicality requirements for class certification stated in Fed. R. Civ. P 
    23, and therefore denied the motion.
    Resnick v. Copyright Clearance Center, Inc., No. 01-11520-RWZ, 2003 U.S. 
    Dist. Lexis 16516 (D. Mass. September 22, 2003).
    For more:
    Refusal to Establish Hyperlink May Violate First Amendment Rights
    Reversing a district court's grant of summary judgment, the Sixth Circuit 
    held that a city government's refusal to provide a hyperlink from its 
    website to an online tabloid monitoring city corruption may violate the 
    First Amendment rights of the tabloid publisher. Although the Court found 
    the city website to be a nonpublic forum, allowing the city broad 
    discretion in selecting participants, denying access based on the 
    participant's viewpoint is a clear violation of the First Amendment. The 
    Court held that the tabloid publisher raised an issue of material fact as 
    to whether the city's actions were based on "impermissible viewpoint 
    discrimination" and remanded to the district court for further proceedings.
    Putnam Pit, Inc. v. City of Cookeville, Tenn., 21 F.3d 834 (6th Cir. 2000).
    For more:
    Federal Court Dismisses Hyperphrase Patent Infringement Case Against Microsoft
    A federal judge in the Western District of Wisconsin granted Microsoft's 
    motion for summary judgment in a patent infringement suit filed by 
    Hyperphrase Technologies. Hyperphrase filed suit claiming that the Smart 
    Tags technology Microsoft included in its recent versions of Microsoft 
    Office XP infringed on three of Hyperphrase's patents relating to the 
    storage and retreival of information in computer systems. The judge agreed 
    with Microsoft that the Smart Tags operate differently than Hyperphrase's 
    technology and did not infringe on the patents.
    U.S.A. v. Thomas Michael Whitehead, Case No. 2:03CR53 (C.D.C.A. Sept. 19, 
    Press Release: Department of Justice Press Release No. 03-127, United 
    States Attorney, Central District of California, "Federal Jury Convicts 
    Smart-Card Hacker for Violating Digital Millennium Copyright Act," Sept. 
    22, 2003
    For more:
    Stanford Center for Internet & Society
    Crown Quadrangle, 559 Nathan Abbott Way, Stanford, CA 94305-8610
    Lauren Gelman, Esq.
    Center for Internet and Society
    Stanford Law School
    (ph) 650-724-3358http://cyberlaw.stanford.edu/
    Politech mailing list
    Archived at http://www.politechbot.com/
    Moderated by Declan McCullagh (http://www.mccullagh.org/)

    This archive was generated by hypermail 2b30 : Tue Oct 14 2003 - 06:59:13 PDT