TechRepublic users discuss CNET article

TechRepublic (free registration required) posted the CNET article on its website. It's member are discussing the article and how best to "fix" the problem. The comments of m.daspit are well though out (Time for Action Not Blaming).

Read More...

OFAC Amends Cuban Assets Control Regulations

From OFAC is this release:

OFAC has amended the Cuban Assets Control Regulations to clarify that, in connection with authorized sales of agricultural exports to Cuba, the term “payment of cash in advance” (PDF) means that payment is received by the seller or the seller’s agent prior to shipment of the goods from the U.S. port at which they are loaded. This conforms to the common understanding of the term in international trade finance. A general license is included authorizing the processing of payments received for Commerce-approved agricultural exports to Cuba that are shipped prior to receipt of payment for a limited time. The general license only applies when the goods are shipped from the port at which they are loaded on or before March 24, 2005 and also requires that payment must be received by a U.S. banking institution on or before March 24, 2005 and prior to transfer of title to, and control of, the goods to the Cuban purchaser.

Read More...

Who designed the NavBar?

According to this post:

The idea and initiative for the new navbar belongs entirely to the team at Google. Stopdesign helped Google with the navbar’s visual design and the basic code.

It's interesting is that the Stopdesign blog does not have the NavBar because it uses Movable Type blogging software. I wonder if they knew anything that we didn't know? : )

Read More...

Spyware, Hacking, Law, and Liability

My colleague, Alvin Borromeo, has described in detail his struggle with spyware on our firm blog and in Spyware Snags Blogger Users.

Spyware has become big news in the past year because it has wreaked havoc in infecting millions of computers nationwide. Spyware is the mass assault progeny of hacking, with many victims targeted simultaneously. The effects of your average spyware attack are felt by many more people or companies than the effects of your average hack.

Hackers can cause a great deal of damage, but imagine the damage that could be caused by multiple hackers. That's the damage of spyware.

For instance, phone numbers, photographs, and diary entries from Paris Hilton's cell phone appeared online, apparently as the result of a successful hack. Celebrities like Lindsay Lohan, Eminem, Christina Aguilera, and Anna Kournikova presumably kept their phone numbers private for a reason. Paris Hilton chose to confine certain photographs to her cell phone, too.

Now, imagine that a successful spyware attacker stole personal information from a number of cell phones or computers. Spyware attacks typically do not attract the kind of publicity that follows Paris Hilton, Britney Spears, or even Don Knotts, but they can affect many victims. A successful spyware attacker might steal personal information from thousands of computers, like passwords or web sites visited, by insertingan "information collection program" surreptitiously into each computer .

Congress and state legislatures have begun to respond to the threats posed by spyware. Utah passed the first spyware law in the U.S. last year, although a federal court has held up enforcement of the new law as it considers a constitutional challenge to it. California has passed a spyware law, and the U.S. House and Senate have considered competing spyware bills. State and federal legislators are debating the definition of "spyware" and the acts that new laws should penalize. At the same time, they are considering ways to limit the scope of liability to protect legitimate activities, like monitoring networks or providing software updates.

In the meantime, those who develop or transmit software programs can take into account new laws, legislation under consideration, and court or regulatory decisions on alleged spyware law violations.

As Congress and the states pass laws and as courts and enforcement bodies mete out punishment, a more solid framework will develop for holding those who spread spyware accountable.

For more information on spyware legislation, law, and liability, see my Privacy and Security Update or my article, New Spyware Laws Raising Potential Liability Concerns.

Read More...

Another spyware and blog article

Internet News article: A Higher Google Standard?

Read More...

The e-mail that started it all

My e-mail to Declan McCullagh started the spyware and blogspot discussion when he passed it on to his politechbot readers. Thanks Declan for providing the medium to spread the word.

Read More...

Ben Edelman

I neglected to link to Ben Edelman's excellent research on the spyware and blogspot issue, but then again a lot of you got to our blog from Ben's site.

Another Ben left a comment about porn on blogspot sites. His blog post on the subject is here.

Read More...

More spyware coverage

CNET News picked up the story (Spyware infiltrates blogs).

Read More...

MT Law moves to Firefox

An update for all interested, Mallory & Tsibouris Co., LPA switched to Firefox today.

Read More...

eWeek article on blogspot and spyware

eWeek writer Matt Hicks interviewed me yesterday regarding my experience with spyware and blogspot. His article, Spyware Snags Blogger Users, was published today.

Read More...

Blogspot and referrer spammers

First, I'm not piling on Blogger and Google, Blogger's owners. I'm a true junkie of both services. But, here's a post from Little Green Footballs that claims that blogspot host "referrer spammers, with subdomain names like paris-hilton-video.blogspot.com, paris-hilton-video-tape.blogspot.com, superbowl-janet-jackson.blogspot.com, paris-nicky-hilton.blogspot.com, etc., etc., ad nauseam"

Related posts:
Spyware on Blogspot?
Update - another blogspot blog that transmitts viruses and spyware

Read More...

Open Source Minefield

TechNewsWorld article, Open-Source Licensing Minefield Looms, on the dangers of mixing open source code with proprietary code.

Because incompatible licenses are mostly a result of mixing open-source code with proprietary software, the threat of license violations is most pressing for developers who grew up working on proprietary software, according to Bill Weinberg, open-source architecture specialist at the Open Source Development Labs.

Read More...

Update - another blogspot blog that transmitts viruses and spyware

Update to my Spyware on Blogspot? post.

Gilbert Wesley Purdy over at Obiter Dicta experienced the same issue I warned of January 24, 2005: using the "next blog" button on blogspot hosted blogs may bring you to a blog that can infect your computer with a virus or spyware. Gilbert's excellent account of his time consuming experience can be found here.

Because our old blogspot blog is still operational with the "next blog" button, I put the following warning on all of the blog pages:

CAUTION: Mallory & Tsibouris Co., LPA does not endorse the use of the "Next Blog" icon at the upper right hand corner of this blog. Please see this post for further information.

Below is Blogger's response to my concerns. My experience prompted me to move my blog from mtlaw.blogspot.com to mt-law.com/blog:

Hi there,

Thanks for your email. In this version 1.0 release of the Blogger Navbar,the NextBlog button brings users to a random blog that 1) has a navbar, 2) was recently updated and 3) is listed as a public blog. Right now, it's impossible to know what sort of blog you're going to land on. However, we are working on how best to help our users avoid content they don't want tosee along with other ideas and upgrades to the Navbar. Your feedback is appreciated in this process.

Please note that you can turn the Navbar on or off at your leisure if you use Blogger's FTP option together with your own hosting provider. This option is located in the "Template" section of your Blogger account. Users of Blogger's free hosting service do not have the option of turning the Navbar off.

Sincerely,Blogger SupportOriginal Message
Follows:------------------------From: Alvin Borromeo {U 754807} Subject: Use of
Next BlogDate: Sun, 23 Jan 2005 06:56:50 -0800 (PST) I used the "Next Blog" feature and went to nana294.blogspot.com [WARNING, don't go to the site on the left]. My PC immediatly gave me messages indicative of spyware being loaded onto mymachine. Sure enough, my browser now opens up to searchmiracle.com.How do you remove the "Next Blog" feature from my weblog?

Read More...

U.S. and International Responses to Terrorist Financing

Center for Contemporary Conflict article from Anne L. Clunan: U.S. and International Responses to Terrorist Financing.

Ms. Clunan does an excellent job outlining the various national and international anti-money laundering laws and how they apply to counter-terrorist financing. She also lays out pre-9/11 and post 9/11 responses to terrorist financing.

Introductory paragraph:

According to one well-informed observer, the U.S. effort to combat terrorists' access to financial resources has been dubbed "the most successful part" of the global community's counter-terrorism strategy since the Al Qaida September 11, 2001 attacks on the United States. This longevity of this success, I argue, hinges on the United States' ability to continue to frame the nascent pre-9/11 international anti-money laundering regime as a counter-terrorist financing regime. The international norms and practices that make up the new counter-terrorist financing (CTF) frame have rapidly spread in the past three years. However the ultimate effectiveness, measured in terms of implementation and enforcement, of the new CTF regime depends on states' redefinition of their national interests to include combating terrorist finance.

Successful implementation of the CTF frame internationally unfortunately may result only from other countries being attacked:

Internationally, the issue of counter-terrorist financing competes with a slew of other items on states' bilateral and multilateral agendas. I argue that the primary cause of success of international implementation of CTF norms outside of the OECD is not U.S. power and pressure, but the exogenous shock of terrorist attacks in the countries in question.

Read More...

License Proliferation Biggest Threat to Open Source

Sun Microsystem's announcement that the source code for Solaris 10 will be made available under the OSI (Open Source Initiative) approved Common Development and Distribution License (CDDL) has been met with disappointment in some development circles, according to an Internet News article.

"I think the largest threat, right now, to the open source community is license proliferation -- not Microsoft, not any other threat," [Dan Ravicher, executive director of the Public Patent Foundation (PUBPAT)] said. "If we start to fragment the open source community, which happens when you have licenses that are incompatible with one another, we really divide up ourselves."

Related posts here and here.

Read More...

File Under: Negotiate, Negotiate, Negotiate

Listening to Mike & Mike in the Morning on 1460 The Fan and heard this surprising "admission" from New York Yankees General Manager Brian Cashman (paraphrasing):

When we send over our initial contracts, we include things that are both enforceable and unenforceable (with respect to Major League Baseball's Collective Bargaining Agreement). Not all agents catch them, but the good ones do and point out the unenforceable portions out and tell us to remove those provisions. We then talk privately and say, yea he's right, and we then remove the provision.

As every lawyer will tell you, everything's negotiable. So, when you get that "take it or leave it contract" for the first time, read it and negotiate! If the other party is not willing to negotiate, then you may just have to walk away from the deal.

Read More...

Proximity Searches and Google

For any of you who use Westlaw or Lexis (where I used to work), you are no doubt familiar with proximity searches and the value it provides in cutting through the information clutter. For example, the search { technology w/5 agreement } will return documents where the word "technology" is within 5 words of the word "agreement." Technology can come before or after agreement, it just has to be within 5 words of each other.

Unfortunately, Google does not (yet) have a proximity search feature similar to Westlaw or Lexis. However, there is a WORKAROUND that I discovered by accident. And that's the use of an asterisk between words in quotations.

For example, the search { "technology agreement" } will give you the exact phrase "technology agreement." That most of you already know. However, what if you didn't necessarily want the an exact phrase, but wanted the words to be close to each other. Then use the asterisk.

The search { "technology * agreement" } will return results where the word "technology" appears exactly one word before the word "agreement."

The search { "technology * * agreement" } will return results where the word "technology" appears exactly two words before the word "agreement."

The search { "technology * * * * * * * * * * agreement" } will return results where the word "technology" appears exactly ten words before the word "agreement."

And so on.

Of course, I'm not the only one to discover this neat little trick. In writing this post, I did a Google search for proximity searching on Google. And came up with this Google API Proximity Search. It's a form that allows you to conduct proximity searches within 3 words of each other. It essentially combines multiple searches into one search result. Although, the first word still must appear first in the results.

Happy searching.

Read More...

Did you know that farmers sign technology agreements when buying seed?

Farmers that purchase Monsanto's seeds must sign a "Monsanto Technology/Stewardship Agreement" (samples: 2003 Agreement, 2002 Agreement).

The Agreement require, among others, that the farmer agree:

• To use Seed containing Monsanto Technologies solely for planting a single commercial crop.
  
• Not to supply any Seed containing patented Monsanto Technologies to any other person or entity for planting. Not to save any crop produced from this Seed for planting and not to supply Seed produced from this Seed to anyone for planting.

Monsanto aggressively protects its patent rights and enforces its agreements according to this AP story, via Yahoo! News: Enforcing single-season seeds, Monsanto sues American farmers.

According to the article, Monsanto has sued farmer Homan McFarling for saving seed from one harvest and replanting the seeds the following season. A no-no according to Monsanto's Technology Agreement. But a practice past down from generation to generation.

"My daddy saved seed. I saved seed," said McFarling.

McFarling is not alone. According to the Center for Food Safety's Monsanto vs. U.S. Farmers report (PDF):

• Monsanto has filed 90 lawsuits based upon purported violations of its technology agreement and its patents on genetically engineered seed technology.
• These cases involve 147 farmers and 39 small businesses/farm companies
  

The Center describes Monsanto's practice as follows:

Monsanto's position as a leader in the field of agricultural biotechnology and its success in contractually binding farmers to its genetically engineered seeds result from its concerted effort to control patents on genetic engineering technology, seed germplasm, and a farmer's use of its engineered seed. Monsanto begins the process of seizing control of farmers' practices by getting them to sign the company's technology agreement upon purchasing patented seeds. This agreement allows Monsanto to conduct property investigations, exposes the farmer to huge financial liability, binds the farmer to Monsanto's oversight for multiple years, and includes a
variety of other conditions that have effectively defined what rights a farmer does and does not have in planting, harvesting, and selling genetically engineered seed.

Monsanto defends it's practice as protecting its investment in its Intellectual Property. The AP article has this to say in Monsanto's defense:

The company said the licensing agreement protects its more than 600 biotech-related patents and ensures a return on its research and development expenses, which amount to more than $400 million annually.

"We have to balance our obligations and our responsibilities to our customers, to our employees and to our shareholders," said Scott Baucum, Monsanto's chief intellectual property protector.

World wide concern?

Monsanto's licensing contracts and litigation tactics are coming under increased scrutiny as more of the planet's farmland comes under genetically engineered cultivation.

Some even worry that big agri-business is influencing US-Iraq policy. For example, many point to the Coalition Provisional Authority's Order 81 (PDF) as yet another example of the Bush administration restricting, rather than liberating, the Iraqi people. Order 81 amends Iraq's patent laws and adds a new Plant Variety Protection law. One commentator suggest that:

Basically Order 81 is outlawing the prehistoric practice of saving seeds for next year's crop ... A farmer buying seeds these days does not own the seeds. He merely buys the use of the plants and plant products produced for the season planted. Corporate America is intent on retaining ownership of any future food products by successful lobbying for legislation to prevent the collection and storage of seed produced during that season, claiming ownership by virtue of genetic development. Ergo, the next season, the farmer has to buy rights to the plants all over again...At the new adjusted price. And he probably grew the seeds, collected, stored them and returned them to the seed company because they claim they created them. All so he could buy them again.

Well, that's not actually the case. This whole overreaction was probably due to an original report by Focus on the Global South and GRAIN, which "is an international non-governmental organisation (NGO) which promotes the sustainable management and use of agricultural biodiversity based on people's control over genetic resources and local knowledge."

The original article may have given the impression that Order 81 prohibits saving seed from season to season, however the organizations issued a corrected article (albeit still sensationally titled Iraq's new patent law: A declaration of war against farmers) with the following clarification:

CLARIFICATION - February 2005

The report jointly issued by Focus on the Global South and GRAIN in October 2004 on Iraq's new patent law has received a lot of attention worldwide. It has also generated a misunderstanding that we wish to clarify.

The law does not prohibit Iraqi farmers from using or saving "traditional" seeds. It prohibits them from reusing seeds of "new" plant varieties registered under the law - in practical terms, this means they cannot save those seeds for re-use. The report has been revised to express this more clearly.

But, I digress. The moral of the story is, read your agreements, especially when it affects your livelihood.

Read More...

Competitive Intelligence - search patent and trademark filings

Every wonder where your competitor's technology is headed? Search the U.S. Patent and Trademark Office's patent and trademark databases. Or, how about the European Patent Office's patent database. Or, go to one of the many links to other country intellectual property offices.

Example: eWeek article "Intel's Mystery Mark, VIIV, Sparks Intrigue."

Recent trademark filings from Intel Corp. are raising speculation that the world's largest chip maker may be preparing to create a new global brand. The question is, what does VIIV mean?

"Intel Inside VIIV" and "Intel VIIV" were filed as U.S. trademarks last month by the Santa Clara, California-based chip maker, known for its Pentium and Centrino brands. A square graphic, resembling an inkblot or a starfield, was also filed around the same time.

Competitive Intelligence resources:

Competitive Intelligence and the Internet: Going for the Gold

Patent and trademark knowledge offers valuable early warning for a competitor's future direction. Today, your competitors are patenting and naming the technologies, products and services they will be marketing in just a few years.

Competitive Intelligence: A Librarian's Empirical Approach (PDF)

Society of Competitive Intelligence Professionals

Read More...

Ohio Spam Bill Signed Into Law

Governor Bob Taft has signed a bill (HB 383, news release) that prohibits deceptive or misleading internet advertisements. It also prohibits using a false e-mail account to send spam, including the use of false routing information, registration information, or falsifying the right to use five or more Internet protocol addresses. Spammers are also prohibited from gaining unauthorized access to a computer to transmit commercial electronic mail messages. The new Ohio law is similar to the federal CAN-SPAM Act (the law in PDF or html; the regs in PDF), and includes stronger penalties.

Bill summary:

To amend section 2923.01 and to enact section 2913.421 of the Revised Code to prohibit a person from transmitting multiple commercial electronic mail messages, falsifying routing information in those messages, falsifying registration information for multiple electronic mail accounts, or falsifying the right to use five or more internet protocol addresses, and to prohibit unauthorized access to a computer to transmit multiple commercial electronic mail messages.

Read More...

Oracle's commitment to supporting PeopleSoft suits Ohio

On October 1, 2004, the State of Ohio awarded PeopleSoft a contract to update the state's outdated financial and human resources systems. (Press Release here in PDF).

This January 20, 2005 press release says the following regarding Oracle's commitment to PeopleSoft products:

The state announced its selection of PeopleSoft software on October 1, 2004. On December 13, 2004, Oracle Corporation and PeopleSoft USA, Inc. announced that Oracle would acquire PeopleSoft. Oracle has made a public commitment to continued support and enhancement for PeopleSoft products, and the PMO is confident that the state's investment in PeopleSoft will be protected for years to come.

But, according to eWeek, some analysts do not see the same commitment from Oracle. Analysts: Project Fusion Is the Death Knell for PeopleSoft Apps:

Paul Hamerman, vice president of enterprise applications for Forrester Research Inc., agreed that Oracle sent mixed signals on product support. "While they say these products will be supported until 2013, they also said they'll continue to follow the existing PeopleSoft support schedule, with some modifications," he said. "That means customers can't stay on current releases indefinitely. Various releases over time will be desupported, so customers will have to continue to upgrade applications periodically in order to be supported. Eventually, they'll be encouraged to migrate to the next-generation product."

Oracle's Project Fusion press release.

Description of OAKS Project, which stands for "Ohio Administrative Knowledge System".

Related post.

Read More...

More on compliance costs

Related post.

FinanceTech article: IT Spending for Compliance: From SOX 404 to Comprehensive Compliance

Financial Insights estimates that North American financial services firms spent less than $30 million on external solutions for SOX 404 compliance in 2003. We estimate that this number will double in 2004. ... Spending by North American financial institutions on solutions that can automate SOX 404 processes will grow strongly, at 40 percemt annually, over the next five years, to reach $300 million by 2008.

Read More...

$1 Million to comply with Section 404 of SOX

Electronic Clearing House Inc. estimated that its cost to comply with Section 404 of the Sarbanes-Oxley Act (PDF, html) will be approximately $1,000,000 in FY 2005. This figure is "comprised almost equally among added auditor expenses, accounting consultants and internal staff additions that will be required."

Reprint of press release on TMCnet.com.

Section 404 reads:

Section 404 -- Management Assessment of Internal Controls

a. Rules Required. The Commission shall prescribe rules requiring each annual report required by section 13(a) or 15(d) of the Securities Exchange Act of 1934 to contain an internal control report, which shall--

1. state the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting; and

2. contain an assessment, as of the end of the most recent fiscal year of the issuer, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting.

b. Internal Control Evaluation and Reporting. With respect to the internal control assessment required by subsection (a), each registered public accounting firm that prepares or issues the audit report for the issuer shall attest to, and report on, the assessment made by the management of the issuer. An attestation made under this subsection shall be made in accordance with standards for attestation engagements issued or adopted by the Board. Any such attestation shall not be the subject of a separate engagement.

Read More...

Exposing Spyware, courtesy of Forbes

Forbes has a series of articles on Exposing Spyware:

• Spyware Meets Adware
• Fighting Spyware For Profit
• Fried By Spyware
• Spyware By The Numbers
• Spy Vs. Spy
• Sleuthing Spyware--And Its Corporate Sponsors
• Video: Shutting Down Spyware
• Video: Spyware's Unholy Alliance

Read More...

Off the shelf compliance?

If only it were that easy. See regulation. Goto nearest software vendor selling compliance solutions. Load software. Comply.

To paraphrase President G.W. Bush, complaince is "hard work." See this story on privacy compliance: Privacy Law Requires Hard Work.

This CIO article makes the case for Data Quality vendors to beef up their presence in the regulatory compliance software market.

The demand for solutions to help customers meet government and industry regulatory reporting requirements can be expected to grow significantly over the next few years. ... In fact, the situation is such that most businesses, regardless of size or industry, can expect to comply with some regulatory requirement, if not now then in the near future. In the United States, compliance regulations already cover a broad swath of businesses.

Read More...

We're really sorry about dropping your e-mail service, but oh, by the way, we're not liable

FindLaw's Modern Practice chronicles the legal saga of independent filmmaker Peter Hall. After completing his film, Delinquent, Peter signs up for an Earthlink e-mail account and uses it as his primary promotional vehichle. Earthlink accidently identifies Peter as a spammer and terminates his account. Earthlink retracts its allegation that Peter is a spammer, but fails to reactivate his account. A year after the Delinquent premier, Earthlink forwards to Peter all of the e-mail that his account accumulated, many of which were questions related to his movie.

Peter sues Earthlink for, among other things, breach of contract and violation of the Electronic Communications Privacy Act ("ECPA") for wrongful interception of e-mail.

Unfortunately for Peter, he loses (PDF).

We agree with the district court’s conclusion that EarthLink did not violate 18 U.S.C. § 2511(1)(a) but write to further clarify the proper interpretation of this section.

Through the enactment of ECPA, Congress amended the Federal wiretap law in order to “update and clarify Federal privacy protections and standards in light of dramatic changes in new computer and telecommunications technologies.” ...

Section 2511(1)(a) states that, except as otherwise provided, anyone who “intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any . . . electronic communication” violates ECPA. 18 U.S.C. § 2511(1)(a). The district court held that EarthLink did not “intentionally intercept anything” in violation of Section 2511(1)(a) because EarthLink “merely received and stored e-mails precisely where they were sent–to an address on the EarthLink system.” ... We hold that EarthLink’s continued reception of e-mails sent to lot99 did not constitute an “interception” under ECPA because it was conducted as part of the “ordinary course of [EarthLink’s] business.”

Read More...

Thank you PTO

The United States Patent and Trademark Office has recently released the Trademark Document Retrieval ("TDR") system.

Through TDR, a user can view and download any or all documents contained in the electronic file wrapper of all pending Trademark applications, as well as many Trademark Registrations. Currently, a user can access all pending applications and all Madrid Protocol filings, as well as many Trademark Registrations via TDR. The USPTO is in the process of converting all remaining Registrations into a digital format so as to permit future TDR access. This conversion process is expected to take several years.

Very welcome news.

Read More...