(c) 2004 charles g. gray1 global telecommunications regulation tcom 5173 cyberlaw and advanced...
TRANSCRIPT
(c) 2004 Charles G. Gray 1
Global Telecommunications RegulationTCOM 5173
Cyberlaw and Advanced Technologies
Charles G. Gray
(c) 2004 Charles G. Gray 2
Evolution of Privacy in the US• No specific “right to privacy” in the United
States Constitution– No roots in Europe
• 75% of the population in villages less than 600 (in 1800)
– No basis in early “Common Law”– People who chose to move could create a new
identity – no records kept, and no info shared
• Telephones invaded privacy (1880s)
• Newspapers expanded circulation
(c) 2004 Charles G. Gray 3
Development of Privacy Law• Tort law – Harvard Law Review – 1890
– Invasion of privacy– Unreasonable intrusion
• Hacking, viruses, junk e-mail
– Unreasonable public disclosure – private facts– False light
• Gives false perception, even if not defamatory
– Appropriation of a person’s name or likeness• However, “public persons” have less privacy due to
“implied consent” by becoming a public figure
(c) 2004 Charles G. Gray 4
Right to Privacy vs. “Need to Know”• Consent
– Implied or express– CPNI – customers do not always understand
• Right to collect information for valid business purposes– Service delivery, billing, etc.
• Public right to know about government agencies and some public persons– “Sunshine laws”, open meetings and records,
FOIA
(c) 2004 Charles G. Gray 5
Wiretapping and the Law• Fourth Amendment protection against
government searches and seizures.– Requires a warrant based on “probable cause”– Warrants issued by courts-courts able to adapt
to new technology quicker than legislation
• Olmstead vs. US – 1928• CA-34 Sec 605 attempted to respond to
Olmstead• Goldman vs. US – 1942• 1876-1967 wiretapping by the federal
government was legal – without a warrant
(c) 2004 Charles G. Gray 6
Supreme Court Reversal 1967• Fourth Amendment applies to “people” –
not places– Katz vs. US – public phone booth– Berger vs. New York – eavesdropping of
“aural” communications• “Any wire or oral communication that can be
understood by the human ear”
• Legal foundation for electronic privacy (Lead to Title III of the Omnibus Crime Control and Safe Streets act of 1968)
(c) 2004 Charles G. Gray 7
Important Legislation • Crime Control and Safe Streets Act – 1968
– Title III – “Wiretap Act”• Prohibits unauthorized wiretaps (common carriers)• All wiretaps require federal court order/supervision
• Electronic Communications Privacy Act (ECPA) of 1986– Prohibits unauthorized interception
• In transit• In storage
• Includes private networks, but not interceptions outside of the US (Echelon)
(c) 2004 Charles G. Gray 8
CALEA - 1994• Communications Assistance for Law
Enforcement Act of 1994 – Digital Telephony Act– All “providers and carriers” to ensure that law
enforcement can conduct legal interceptions and electronic surveillance
• Equipment facilities and services to meet specified criteria (Section 103)
• Exceptions – Information service providers, private networks
• Decryption not required
(c) 2004 Charles G. Gray 9
ECPA of 1996• Update of 1986 law due to technology
advancements
• Adds electronic mail
• Includes “any provider of wire or electronic communications” – not just common carriers
• Disclosure of the identity of parties or existence of a communication is NOT covered
• Inadvertent discovery of criminal activity may be disclosed to law enforcement officers
(c) 2004 Charles G. Gray 10
Personal Information in Government Databases
• Federal Records Act of 1950– Disposal requires approval of the Archivist of
the US
• Applies to e-mail – Agencies must retain and manage electronic
documents– Most work of public officials is public record
and subject to disclosure
(c) 2004 Charles G. Gray 11
The Privacy Act of 1974• Government’s protection of private
information
• Government may not conceal the existence of any databases
• No disclosure to other individuals or agencies without a court order, except for criminal law enforcement activity
• Disclosing agency must keep a record of what they told, and to whom
(c) 2004 Charles G. Gray 12
Privacy Act Requirements (1)• Name and location of the system
• Categories of individuals on whom records are maintained
• Types of records maintained
• Record of routine uses of the system
• Policies and practices related to storage, control, retention, and disposal
• Title and address of the responsible person
(c) 2004 Charles G. Gray 13
Privacy Act Requirements (2)• Procedures for notifying an individual that
records are being maintained
• Procedures for individuals to gain access to their information – how to contest it
• Categories of sources or records in the system
(c) 2004 Charles G. Gray 14
Computer Matching and Privacy Protection Act
• 1988 and 1989 Congress amended the Privacy Act of 1974
• Prohibits federal agencies from comparing their databases with other agencies or with private databases– Could any comparisons have avoided 9/11?– Any effect on counter terrorism activities today?– Is this law good or not?
• When do the advantages outweigh the disadvantages?
(c) 2004 Charles G. Gray 15
FOIA of 1976
• Balance need for privacy and need for open information from government agencies
• Agencies must provide place and method for requesting information
• Denied parties may sue an agency, and recover court costs and attorneys fees
• Most states have enacted similar laws
(c) 2004 Charles G. Gray 16
Exemptions to the FOIA
• Unwarranted invasion of personal privacy• National defense• Internal personnel rules of an agency• Confidential financial information, trade
secrets, medical files, geological information, or inter-agency memoranda
• Investigatory records only under subpoena• Executive Privilege• TIA (More on this later)
(c) 2004 Charles G. Gray 17
Illegal Computer Access
• Congressional investigation revealed that:– Over 50% of respondents to a survey showed
that they had been victims of computer crime– Computer crime involves more than financial
harm– “Pirate” bulletin boards existed solely to
provide passwords and other “hacker” information
• The ABA substantiated the findings
• Existing laws were powerless
(c) 2004 Charles G. Gray 18
Computer Fraud and Abuse Act of 1988 (1)
• National security information• Records of financial institutions, credit
cards, credit reporting agencies• Intentionally accessing government
computers• Accessing a “federal interest” computer• Intentional altering or damaging
computerized information belonging to another
(c) 2004 Charles G. Gray 19
Computer Fraud and Abuse Act of 1988 (2)
• Preventing authorized use of a “federal interest computer”– Involving loss of more than $1000 per year– Medical treatment information
• Trafficking in passwords
(c) 2004 Charles G. Gray 20
Exceptions to the CFAA
• Access for authorized law enforcement with appropriate court orders
• Access to perform authorized repairs
• “Time bombs” – automatic termination capabilities if a user fails to pay
(c) 2004 Charles G. Gray 21
National Information Infrastructure Protection Act
• Passed in 1996 to strengthen the 1988 Act
• Better defines a “computer”
• Not restricted to government computers or financial databases– Protects any computer involved in interstate or
international communications
• Primary federal law dealing with worms, viruses, and denial of service attacks
(c) 2004 Charles G. Gray 22
Harassing Communications• Telephone Harassment Act of 1968
– Covers “obscene, lewd, filthy, indecent” calls– Anonymous calls– Essentially ineffective
• Telephone Consumer Protection Act – 1991– Prohibits auto-dial calls to emergency numbers– Must give the phone number of the telemarketer– Disconnect within five seconds of hang-up– Prohibits calls if “called party” pays (cell, etc.)– Prohibits “junk” fax
(c) 2004 Charles G. Gray 23
SPAM• Not covered by the TCPA of 1991• Delays or interferes with delivery of valid
mail• Occupies computer/memory space• Heavy use may cause Internet “gridlock”• Spoofing hides the originator
– May result in large number of undeliverable messages returned to the ISP (storage problem)
• Courts are resolving cases, trying to balance “freedom of speech” vs. “Intrusion”
(c) 2004 Charles G. Gray 24
Privacy, Pornography and Children• Child Online Protection Act (COPA) of
1998 (update to CA 34 at USC 47)
• Child Pornography Prevention Act (CPPA) of 1996
• Protection of Children from Sexual Predators Act (PCSPA) of 1998
• Children’s Internet Protection Act (CIPA) of 1999 – Freedom of speech challenges abound
(c) 2004 Charles G. Gray 25
Cookies
• Original definition: “Persistent state client object”
• Can be session-based or “persistent”
• Use can be: – beneficial – Harmful– Invasive
• DoubleClick, Focalink, NetGravity
• Targeted advertisements
(c) 2004 Charles G. Gray 26
Spying and Cyberstalking
• Altavista, Yahoo, Lycos, Excite
• American Information Network
• 411.com
• The Stalker’s Home Page
• WebCrawler
• Cable Communications Policy Act (1984)– Obstacle to investigations– Requires prior notice to the subscriber and a
court order
(c) 2004 Charles G. Gray 27
Identity Theft
• Identity Theft and Assumption Deterrence Act (Identity Theft Act) 1998– Does not require forfeiture of property gained
from the crime– Treats most as misdemeanors instead of felony– Relevant agencies disorganized– Does not prohibit making information available
• West Publishing Information America
• CBD Info Tek
• International Research Bureau
(c) 2004 Charles G. Gray 28
Modern Technologies
• Email and Voicemail– Government systems controlled by the FRA,
Privacy Act of 1974, FOIA, TA-96– Public systems – ECPA – Users have a “strong
expectation” of privacy, similar to the telephone network
– Private systems – employees seldom have any privacy rights at all
• Cordless/wireless phones – excluded from the ECPA
(c) 2004 Charles G. Gray 29
Professional Privacy
Attorneys, counselors, physicians and clergy are warned that they lose their professional privacy relationship when using a cordless or wireless (cell) phone
(c) 2004 Charles G. Gray 30
International Privacy Concerns
• We will spend a couple of hours later in the course concentrating on the “Directive on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of such Data”– The “EU Personal Data Directive”
(c) 2004 Charles G. Gray 31
Issues With the Internet
• Electronic commerce/contracts
• Jurisdiction
• Trademarks and domain names
• Copyright
• Taxes
• Cybersquatting
• Trade Secrets
• Voice over IP (VoIP)
(c) 2004 Charles G. Gray 32
Electronic Commerce
• Uniform Commercial Code for Electronic Commerce (PL 106-229, 30 June 2000)
• Uniform Computer Information Transactions Act (state level)– Opposed by many, including 32 state Attorneys
General and the American Library Association, with many others
• Uniform Electronic Transactions Act (state)– Passed by Missouri, California, Utah, et al– Still opposed by many organizations
(c) 2004 Charles G. Gray 33
Contracts• FTC resources on e-commerce (www.ftc.gov)
• Adhesion contracts– Shrinkwrap licenses– Point-and-click licenses
• EU Directive on E-commerce (nonbinding)
• G-10 Working Group on E-payment systems
• White House paper 1997 – – Industry lead the way in setting standards– Government should encourage predictable rules
(c) 2004 Charles G. Gray 34
Jurisdiction - Internet Disputes • Jurisdiction is the “power of the court to
decide a matter in controversy” (Black’s Law Dictionary)
• Subject matter or person (who does not reside in the state where the court sits)– The law of the state must confer jurisdiction– Jurisdiction must comport with the “due
process” clause of the 14th Amendment• Defendant must have at least minimum contacts
with the forum state• Consistent with the notion of “fair play and
substantial justice”
(c) 2004 Charles G. Gray 35
Creating Jurisdiction
• Yes - Selling into a state may create jurisdiction (Ohio)
• Yes - Advertising a toll-free number on a Web site (Connecticut)
• Yes - Publishing a web site available in the “forum state” (Missouri)
• No – Web site for a nightclub in Missouri was not enough to establish jurisdiction in New York
(c) 2004 Charles G. Gray 36
Trademarks and Domain Names• US trademark law based on the Lanham Act
(15 USC 1051-1127) (state laws and common law apply as well)
• Prohibits use in commerce that may cause confusion, mistake, or deception
• Internet considerations– Posting trademarked materials (Playboy
Enterprises vs. Frena, Florida, 1993)– URL domain names that violate trademarks
• Trademarks are “national”
(c) 2004 Charles G. Gray 37
Copyrights• Literary works, paintings, songs, motion pictures,
software, and “other creative products”• Registration with the US Copyright Office is not
required (but may have advantages)• “Fixation” puts the work in tangible form• Only the copyright owner can:
– Reproduce the work
– Prepare derivative works based on the original
– Distribute copies to the public
– Display the work in public
– Perform the work in public
(c) 2004 Charles G. Gray 38
Copyright Infringement• Direct infringement – strict liability offense
involving any of the foregoing (slide 37)• Indirect infringement
– Contributory• Knowingly permit facilities to be used for
distribution of copyrighted materials
– Vicarious• An ISP might reap financial gain from infringing
transmissions of copyrighted materials
• Case law is still evolving with different results in different courts
(c) 2004 Charles G. Gray 39
DMCA of 1998• Digital Millennium Copyright Act
– Implements WIPO Treaty of 1998
• Provides some limitation on liability of an ISP– “Takedown” required when ISP receives written
notification of infringement
• Provides for “fair use”, distance education, and libraries
• Many “unintended consequences”• For a summary, see the Copyright Office URL:
http://lcweb.loc.gov/copyright/legislation/dmca.pdf
(c) 2004 Charles G. Gray 40
U. S. Internet Tax Issues• States lose almost $15 B annually to sales tax
avoidance– Taxes are “on the books”, but no way to collect
• Oklahoma is trying this year for the first time
– 1992 US Supreme Court decision (Quill vs. Heitkamp)
– States working on plans to “harmonize” sales taxes to facilitate collection
• Congress extended the tax moratorium until November 2003 (In limbo as of February 2004)
• WalMart, Toys “R” Us and Target now collecting taxes
(c) 2004 Charles G. Gray 41
International Internet Taxes
• No nation can act unilaterally• President Clinton agreed with the EU to not
impose tariffs on international commerce• Taxes may be: (rules vary by country)
– Source based– Residence based
• Current consensus to to shift all Internet commerce taxes to be residence based
• Taxing off-shore gambling is not resolved
(c) 2004 Charles G. Gray 42
“Cybersquatting”
• Anticybersquatting Consumer Protection Act (ACPA) of 1999 (applies only in the US)
• Action against anyone who in bad faith intends to profit from another’s trademark– “Registers, traffics in, or uses a domain name that
is confusingly similar to or dilutive of that mark”– Bad faith intent to profit must be proven
• Rapidly evolving area of law – see:– http://dnlr.com/searchindex/html
(c) 2004 Charles G. Gray 43
Trade Secrets• Economic Espionage Act of 1996
• Covers information that must be kept secret due to economic value– Corporate strategy– Scientific formulas and recipes– Drawings, plans– Income and expense statements
• Model for over 40 states
• Many issues remain unresolved
(c) 2004 Charles G. Gray 44
The Homeland Security Act• Signed 25 November 2002• Created the Total Information Awareness
(TIA) System – huge database containing– E-mail– Medical records– Travel information/travel
• Country entry/exit– Education– Housing
• Now “Terrorism Information Awareness”
(c) 2004 Charles G. Gray 45
TIA Programs/Systems
• Babylon• Bio-ALIRT• Communicator• Speech-to-text• Evidence Extraction
and Link Discovery• FutureMap• Wargaming in the
Asymmetric Environment (WAE)
• Genesys• Genoa• Genesys II• Human ID at a
distance (HumanID)• Translingual
information detection, extraction and summarization
(c) 2004 Charles G. Gray 46
TIA Current Status• TIA under the DoD (DARPA), not CIA or
FBI• Admiral Poindexter was convicted in the
Iran-Contra Scandal (then reversed)• TIA on delayed (“Wyden Amendment”,
funding restricted) pending an official report to Congress
• Congress intends to approve TIA technology prior to deployment
• Exempt from the FOIA