Subpoenas - President uses Powers Under IEEPA to Access Financial Records

As has been widely reported, President Bush has exercised the authority given to him under the International Emergency Economic Powers Act (IEEPA) to issue administrative subpoenas to banking institutions in order to gain access financial transaction information. IEEPA is a relatively old law that has been used for decades by the President to control financial transactions between U.S. citizens (including corporations) and foreign nations and individuals. For example, using IEEPA, the Department of Treasury, restricts U.S. citizens from doing business with North Korea. This recent use of IEEPA is important for Internet infrastructure providers for two reasons: first, it again highlights the need for a subpoena policy to ensure that you can differentiate between subpoenas and other requests for information you are required to respond to, and those that are simply requests. As a second matter, Internet infrastructure providers need to be aware of U.S. laws that regulate financial transactions. These laws, typically administered by the Department of Treasury, contain broad prohibitions on doing business with certain individuals and entities. Unlike laws that specifically target Internet transactions, these laws do not contain “safe harbors” for innocent violations. Washington Post Article Office of Foreign Assets Control Web Site

Copyright – DMCA may be revised

C|NET has reported that Rep. Lamar Smith is preparing to introduce legislation that will significantly alter the Digital Millennium Copyright Act (DMCA). The DMCA has two provisions that affect Internet Infrastructure providers: a safe harbor provision protecting them from liability for third party copyright infringement; and an “anti-circumvention” provision prohibiting circumvention of anti-copying software. C|NET reports that the new bill will significantly increase the penalties for attempting to commit copyright infringement, give the Department of Justice enhanced powers to fight copyright infringement, and prohibit the possession of anti-circumvention devices if such a possession might lead to distribution. This new bill is important to Internet Infrastructure providers because it appears to significantly limit the broad insulation from liability they currently have under the DMCA, and adds a potential new avenue for liability by criminalizing the possession of anti-circumvention devices if they might be distributed. C|Net Article

Copyright - Content / Google loses case claiming image search service violates copyrights

The U.S. District Court for the Central District of California recently held that Google is engaging in copyright infringement when it displays thumbnails of copyrighted images through its image search service. However the court denied claims that Google’s activities amounted to vicarious and contributory infringement. The Court’s complicated holding is important to Internet infrastructure providers because it adopted a “server based” test in its analysis. The Court held that direct infringement occurred where the content resides, not where it is displayed. In the context of a Google image search, the small thumbnail image resides on Google’s servers. However the full sized image, which is linked through the thumbnail, resides on a non-Google server. Adopting this analysis strengthens the concept that ultimate responsibility for unlawful uses, such as copyright infringement, lies with the entity having control of the servers, rather than the entity through which the information is conveyed. Decision

Communications Decency Act – Craig’s List Sued for Housing Discrimination

The Chicago Lawyers’ Committee for Civil Rights Under Law has sued Craig’s List for posting ads containing statements that indicated a housing preference that’s prohibited by law. For example “white’s only.” Craig’s List has presented two relevant defenses: first that it removes offensive listings flagged by users; second that it is not a publisher under the Communications Decency Act (CDA), and therefore not responsible for the acts of its users. The CDA provides a broad safe harbor for “interactive computer services” who are classified more like telephone companies than newspapers for the purposes of liability for speech based claims. In other words, an interactive computer service is merely a conduit for the speech. The Committee charges that because Craig’s List can exercise editorial control over the list, it should be classified more like a newspaper, and not within this safe harbor. This case is important since more and more third party Internet providers are adding features to their services that move them from mere conduits. As you add services and features to your services, you should always calculate your potential liability for speech related law suits into your business plan. Complaint

Privacy – EFF Sues AT&T for Turning Over Database to NSA

As has been widely reported, President Bush authorized the National Security Agency to gain access to telephone records of U.S. citizens. The Electronic Frontier Foundation, has filed suit against AT&T alleging that it cooperated with the NSA and provided access to a large database containing certain telephone records. The suit is based on Federal privacy statutes and the California unfair business practices statute. EFF also makes Constitutional arguments. At base, the suit alleges that AT&T disclosed the records when it should have known that a warrant was required. Basically, EFF argues that AT&T is cooperating with the NSA, when it should have requested a warrant. The aspect of the suit based on California law argues that individuals doing business with AT&T expected their records to be kept private, and cooperating with the NSA was a breach of this expectation. This suit has two lessons for providers of Internet infrastructure services: first that simply cooperating with law enforcement officials, without receiving some type of protection from them is risky. Second, your contracts with customers should always disclose that you will cooperate with law enforcement, and may disclose information a customer considers private. EFF press release Complaint

Searches – Learning from Google’s Response to the Department of Justice

As most know, Google has refused to comply with a Department of Justice subpoena for records related to queries entered into its search engine. What has not been discussed, in detail, is one of the grounds for Google’s objection: that the subpoena is overly broad, unduly burdensome and unlikely to lead to the production of relevant evidence. This is an important criteria for Internet infrastructure providers to remember. Civil litigants who don’t understand how your business works often subpoena information wildly unrelated to their goals. Understanding that you are not generally required to respond to subpoenas of that nature and developing a method of communicating that knowledge to the requesting party, may do a lot to minimize the amount of work you are required to do to comply with subpoenas of that type. Internet News Article

Prohibited Communications – New Law Criminalizes Anonymous “Annoying” Posts

A revision to an anti-harassment law gives the Department of Justice the power to prosecute people who post “annoying” comments anonymously. As might be expected, the term “annoying” is not defined in the legislation. Because this is a criminal law, it provides no private right of action – meaning the Department of Justice must enforce this provision. However, Internet infrastructure providers should begin to expect speech related abuse complaints to cite this law as a reason to terminate customers and as a potential source of liability for the provider. Cnet Article Library of Congress versions of the Bill

SPAM – Private Entities May Block CAN-SPAM Compliant E-mail

The Supreme Court let stand a lower court decision that the CAN-SPAM Act did not pre-empt more restrictive private anti-spam rules. As noted in an earlier post, the plaintiff made two arguments. First that CAN-SPAM created a standard that private entities were required to honor. Second that the University of Texas infringed free speech rights by blocking legitimate e-mail. Both arguments were rejected. The Supreme Court’s decision solidifies the general understanding among Internet infrastructure providers that they may implement e-mail policies that differ from the CAN-SPAM Act. ecommerce times article