(c) 2004 Charles G. Gray1 Global Telecommunications Regulation TCOM 5173 Cyberlaw and Advanced...

(c) 2004 Charles G. Gray 1

Global Telecommunications RegulationTCOM 5173

Cyberlaw and Advanced Technologies

Charles G. Gray


Evolution of Privacy in the US• No specific “right to privacy” in the United

States Constitution– No roots in Europe

• 75% of the population in villages less than 600 (in 1800)

– No basis in early “Common Law”– People who chose to move could create a new

identity – no records kept, and no info shared

• Telephones invaded privacy (1880s)

• Newspapers expanded circulation


Development of Privacy Law• Tort law – Harvard Law Review – 1890

– Invasion of privacy– Unreasonable intrusion

• Hacking, viruses, junk e-mail

– Unreasonable public disclosure – private facts– False light

• Gives false perception, even if not defamatory

– Appropriation of a person’s name or likeness• However, “public persons” have less privacy due to

“implied consent” by becoming a public figure


Right to Privacy vs. “Need to Know”• Consent

– Implied or express– CPNI – customers do not always understand

• Right to collect information for valid business purposes– Service delivery, billing, etc.

• Public right to know about government agencies and some public persons– “Sunshine laws”, open meetings and records,

FOIA


Wiretapping and the Law• Fourth Amendment protection against

government searches and seizures.– Requires a warrant based on “probable cause”– Warrants issued by courts-courts able to adapt

to new technology quicker than legislation

• Olmstead vs. US – 1928• CA-34 Sec 605 attempted to respond to

Olmstead• Goldman vs. US – 1942• 1876-1967 wiretapping by the federal

government was legal – without a warrant


Supreme Court Reversal 1967• Fourth Amendment applies to “people” –

not places– Katz vs. US – public phone booth– Berger vs. New York – eavesdropping of

“aural” communications• “Any wire or oral communication that can be

understood by the human ear”

• Legal foundation for electronic privacy (Lead to Title III of the Omnibus Crime Control and Safe Streets act of 1968)


Important Legislation • Crime Control and Safe Streets Act – 1968

– Title III – “Wiretap Act”• Prohibits unauthorized wiretaps (common carriers)• All wiretaps require federal court order/supervision

• Electronic Communications Privacy Act (ECPA) of 1986– Prohibits unauthorized interception

• In transit• In storage

• Includes private networks, but not interceptions outside of the US (Echelon)


CALEA - 1994• Communications Assistance for Law

Enforcement Act of 1994 – Digital Telephony Act– All “providers and carriers” to ensure that law

enforcement can conduct legal interceptions and electronic surveillance

• Equipment facilities and services to meet specified criteria (Section 103)

• Exceptions – Information service providers, private networks

• Decryption not required


ECPA of 1996• Update of 1986 law due to technology

advancements

• Adds electronic mail

• Includes “any provider of wire or electronic communications” – not just common carriers

• Disclosure of the identity of parties or existence of a communication is NOT covered

• Inadvertent discovery of criminal activity may be disclosed to law enforcement officers


Personal Information in Government Databases

• Federal Records Act of 1950– Disposal requires approval of the Archivist of

the US

• Applies to e-mail – Agencies must retain and manage electronic

documents– Most work of public officials is public record

and subject to disclosure


The Privacy Act of 1974• Government’s protection of private

information

• Government may not conceal the existence of any databases

• No disclosure to other individuals or agencies without a court order, except for criminal law enforcement activity

• Disclosing agency must keep a record of what they told, and to whom


Privacy Act Requirements (1)• Name and location of the system

• Categories of individuals on whom records are maintained

• Types of records maintained

• Record of routine uses of the system

• Policies and practices related to storage, control, retention, and disposal

• Title and address of the responsible person


Privacy Act Requirements (2)• Procedures for notifying an individual that

records are being maintained

• Procedures for individuals to gain access to their information – how to contest it

• Categories of sources or records in the system


Computer Matching and Privacy Protection Act

• 1988 and 1989 Congress amended the Privacy Act of 1974

• Prohibits federal agencies from comparing their databases with other agencies or with private databases– Could any comparisons have avoided 9/11?– Any effect on counter terrorism activities today?– Is this law good or not?

• When do the advantages outweigh the disadvantages?


FOIA of 1976

• Balance need for privacy and need for open information from government agencies

• Agencies must provide place and method for requesting information

• Denied parties may sue an agency, and recover court costs and attorneys fees

• Most states have enacted similar laws


Exemptions to the FOIA

• Unwarranted invasion of personal privacy• National defense• Internal personnel rules of an agency• Confidential financial information, trade

secrets, medical files, geological information, or inter-agency memoranda

• Investigatory records only under subpoena• Executive Privilege• TIA (More on this later)


Illegal Computer Access

• Congressional investigation revealed that:– Over 50% of respondents to a survey showed

that they had been victims of computer crime– Computer crime involves more than financial

harm– “Pirate” bulletin boards existed solely to

provide passwords and other “hacker” information

• The ABA substantiated the findings

• Existing laws were powerless


Computer Fraud and Abuse Act of 1988 (1)

• National security information• Records of financial institutions, credit

cards, credit reporting agencies• Intentionally accessing government

computers• Accessing a “federal interest” computer• Intentional altering or damaging

computerized information belonging to another


Computer Fraud and Abuse Act of 1988 (2)

• Preventing authorized use of a “federal interest computer”– Involving loss of more than $1000 per year– Medical treatment information

• Trafficking in passwords


Exceptions to the CFAA

• Access for authorized law enforcement with appropriate court orders

• Access to perform authorized repairs

• “Time bombs” – automatic termination capabilities if a user fails to pay


National Information Infrastructure Protection Act

• Passed in 1996 to strengthen the 1988 Act

• Better defines a “computer”

• Not restricted to government computers or financial databases– Protects any computer involved in interstate or

international communications

• Primary federal law dealing with worms, viruses, and denial of service attacks


Harassing Communications• Telephone Harassment Act of 1968

– Covers “obscene, lewd, filthy, indecent” calls– Anonymous calls– Essentially ineffective

• Telephone Consumer Protection Act – 1991– Prohibits auto-dial calls to emergency numbers– Must give the phone number of the telemarketer– Disconnect within five seconds of hang-up– Prohibits calls if “called party” pays (cell, etc.)– Prohibits “junk” fax


SPAM• Not covered by the TCPA of 1991• Delays or interferes with delivery of valid

mail• Occupies computer/memory space• Heavy use may cause Internet “gridlock”• Spoofing hides the originator

– May result in large number of undeliverable messages returned to the ISP (storage problem)

• Courts are resolving cases, trying to balance “freedom of speech” vs. “Intrusion”


Privacy, Pornography and Children• Child Online Protection Act (COPA) of

1998 (update to CA 34 at USC 47)

• Child Pornography Prevention Act (CPPA) of 1996

• Protection of Children from Sexual Predators Act (PCSPA) of 1998

• Children’s Internet Protection Act (CIPA) of 1999 – Freedom of speech challenges abound


Cookies

• Original definition: “Persistent state client object”

• Can be session-based or “persistent”

• Use can be: – beneficial – Harmful– Invasive

• DoubleClick, Focalink, NetGravity

• Targeted advertisements


Spying and Cyberstalking

• Altavista, Yahoo, Lycos, Excite

• American Information Network

• 411.com

• The Stalker’s Home Page

• WebCrawler

• Cable Communications Policy Act (1984)– Obstacle to investigations– Requires prior notice to the subscriber and a

court order


Identity Theft

• Identity Theft and Assumption Deterrence Act (Identity Theft Act) 1998– Does not require forfeiture of property gained

from the crime– Treats most as misdemeanors instead of felony– Relevant agencies disorganized– Does not prohibit making information available

• West Publishing Information America

• CBD Info Tek

• International Research Bureau


Modern Technologies

• Email and Voicemail– Government systems controlled by the FRA,

Privacy Act of 1974, FOIA, TA-96– Public systems – ECPA – Users have a “strong

expectation” of privacy, similar to the telephone network

– Private systems – employees seldom have any privacy rights at all

• Cordless/wireless phones – excluded from the ECPA


Professional Privacy

Attorneys, counselors, physicians and clergy are warned that they lose their professional privacy relationship when using a cordless or wireless (cell) phone


International Privacy Concerns

• We will spend a couple of hours later in the course concentrating on the “Directive on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of such Data”– The “EU Personal Data Directive”


Issues With the Internet

• Electronic commerce/contracts

• Jurisdiction

• Trademarks and domain names

• Copyright

• Taxes

• Cybersquatting

• Trade Secrets

• Voice over IP (VoIP)


Electronic Commerce

• Uniform Commercial Code for Electronic Commerce (PL 106-229, 30 June 2000)

• Uniform Computer Information Transactions Act (state level)– Opposed by many, including 32 state Attorneys

General and the American Library Association, with many others

• Uniform Electronic Transactions Act (state)– Passed by Missouri, California, Utah, et al– Still opposed by many organizations


Contracts• FTC resources on e-commerce (www.ftc.gov)

• Adhesion contracts– Shrinkwrap licenses– Point-and-click licenses

• EU Directive on E-commerce (nonbinding)

• G-10 Working Group on E-payment systems

• White House paper 1997 – – Industry lead the way in setting standards– Government should encourage predictable rules


Jurisdiction - Internet Disputes • Jurisdiction is the “power of the court to

decide a matter in controversy” (Black’s Law Dictionary)

• Subject matter or person (who does not reside in the state where the court sits)– The law of the state must confer jurisdiction– Jurisdiction must comport with the “due

process” clause of the 14th Amendment• Defendant must have at least minimum contacts

with the forum state• Consistent with the notion of “fair play and

substantial justice”


Creating Jurisdiction

• Yes - Selling into a state may create jurisdiction (Ohio)

• Yes - Advertising a toll-free number on a Web site (Connecticut)

• Yes - Publishing a web site available in the “forum state” (Missouri)

• No – Web site for a nightclub in Missouri was not enough to establish jurisdiction in New York


Trademarks and Domain Names• US trademark law based on the Lanham Act

(15 USC 1051-1127) (state laws and common law apply as well)

• Prohibits use in commerce that may cause confusion, mistake, or deception

• Internet considerations– Posting trademarked materials (Playboy

Enterprises vs. Frena, Florida, 1993)– URL domain names that violate trademarks

• Trademarks are “national”


Copyrights• Literary works, paintings, songs, motion pictures,

software, and “other creative products”• Registration with the US Copyright Office is not

required (but may have advantages)• “Fixation” puts the work in tangible form• Only the copyright owner can:

– Reproduce the work

– Prepare derivative works based on the original

– Distribute copies to the public

– Display the work in public

– Perform the work in public


Copyright Infringement• Direct infringement – strict liability offense

involving any of the foregoing (slide 37)• Indirect infringement

– Contributory• Knowingly permit facilities to be used for

distribution of copyrighted materials

– Vicarious• An ISP might reap financial gain from infringing

transmissions of copyrighted materials

• Case law is still evolving with different results in different courts


DMCA of 1998• Digital Millennium Copyright Act

– Implements WIPO Treaty of 1998

• Provides some limitation on liability of an ISP– “Takedown” required when ISP receives written

notification of infringement

• Provides for “fair use”, distance education, and libraries

• Many “unintended consequences”• For a summary, see the Copyright Office URL:

http://lcweb.loc.gov/copyright/legislation/dmca.pdf


U. S. Internet Tax Issues• States lose almost $15 B annually to sales tax

avoidance– Taxes are “on the books”, but no way to collect

• Oklahoma is trying this year for the first time

– 1992 US Supreme Court decision (Quill vs. Heitkamp)

– States working on plans to “harmonize” sales taxes to facilitate collection

• Congress extended the tax moratorium until November 2003 (In limbo as of February 2004)

• WalMart, Toys “R” Us and Target now collecting taxes


International Internet Taxes

• No nation can act unilaterally• President Clinton agreed with the EU to not

impose tariffs on international commerce• Taxes may be: (rules vary by country)

– Source based– Residence based

• Current consensus to to shift all Internet commerce taxes to be residence based

• Taxing off-shore gambling is not resolved


“Cybersquatting”

• Anticybersquatting Consumer Protection Act (ACPA) of 1999 (applies only in the US)

• Action against anyone who in bad faith intends to profit from another’s trademark– “Registers, traffics in, or uses a domain name that

is confusingly similar to or dilutive of that mark”– Bad faith intent to profit must be proven

• Rapidly evolving area of law – see:– http://dnlr.com/searchindex/html


Trade Secrets• Economic Espionage Act of 1996

• Covers information that must be kept secret due to economic value– Corporate strategy– Scientific formulas and recipes– Drawings, plans– Income and expense statements

• Model for over 40 states

• Many issues remain unresolved


The Homeland Security Act• Signed 25 November 2002• Created the Total Information Awareness

(TIA) System – huge database containing– E-mail– Medical records– Travel information/travel

• Country entry/exit– Education– Housing

• Now “Terrorism Information Awareness”


TIA Programs/Systems

• Babylon• Bio-ALIRT• Communicator• Speech-to-text• Evidence Extraction

and Link Discovery• FutureMap• Wargaming in the

Asymmetric Environment (WAE)

• Genesys• Genoa• Genesys II• Human ID at a

distance (HumanID)• Translingual

information detection, extraction and summarization


TIA Current Status• TIA under the DoD (DARPA), not CIA or

FBI• Admiral Poindexter was convicted in the

Iran-Contra Scandal (then reversed)• TIA on delayed (“Wyden Amendment”,

funding restricted) pending an official report to Congress

• Congress intends to approve TIA technology prior to deployment

• Exempt from the FOIA

(c) 2004 Charles G. Gray1 Global Telecommunications Regulation TCOM 5173 Cyberlaw and Advanced...

Documents

Transcript of (c) 2004 Charles G. Gray1 Global Telecommunications Regulation TCOM 5173 Cyberlaw and Advanced...