E-Commerce Law Week, Issue 409

House Passes Cable Franchising Act With VoIP 911 and Weak Net Neutrality Provisions
The Communications Opportunity, Promotion, and Enhancement Act of 2006 passed the House of Representatives on June 8 by a vote of 321-101. The bill would update the Telecommunications Act of 1996 to allow phone companies to obtain national franchises for the provision of video services over their high-speed networks, creating real competition for cable companies. The bill also includes several provisions that dictate how VoIP services must handle emergency 911 calls. And it quickly became a vehicle for "net neutrality" proposals, as purveyors of net content such as Amazon.com, Google, Microsoft, and Yahoo! warned of the possibility of a "two-tiered" information highway where providers' own video and voice content (and that of others willing to pay a "toll") takes the fast lane to customer's homes, while competitors' packets remain stuck in traffic. But in the end the House merely paid lip service to net neutrality, rejecting an amendment that would have barred discriminating among different types of content and services. Still, the war over is far from over. During Senate Commerce Committee hearings on its version of the communications bill, net neutrality issues was -- and is still -- a hot topic. Ultimately, whatever the Senate decides, the issue will likely be resolved behind the closed doors of a Conference Committee. And with all the public attention being focused on net neutrality, there's a danger that the significant issues for VoIP stemming from E911 requirements could get lost in the shuffle.

People Who Live in Glass Houses ... Shouldn't Expect Privacy
What must a website publisher or an Internet service provider do to guard the privacy of web postings or emails in order to fall within the legal protections of the Stored Communications Act (SCA) (18 USC § 2701 et seq.), or the Electronic Communications Privacy Act (of which the SCA is a part)? With hacking perpetually on the rise, companies looking to ferret out the sources of leaked trade secrets, and social networking sites trying to strike the right balance between openness and exclusivity, these questions are of keen interest to all sorts of e-commerce companies. In a case involving alleged site-snooping by DirecTV and its lawyers, Snow v. DirecTV, Inc., the Eleventh Circuit held that simply requiring website users to register, create a password, and agree to the terms of a "clickwrap" agreement was not enough to obtain SCA protection because the site was still "readily accessible to the general public." Instead, website owners need to do something more to limit access by the public, such as actually screening registrants in some fashion. This holding seems correct as far as it goes.  Fortunately, the court declined to take up broader arguments by DirecTV that could have limited ISPs' ability to enforce their Terms of Service and website publishers' ability to create restricted-access sites altogether.

Federal Government Gives New Meaning to "Leading By Example"
In recent months, major data security breaches have been reported at four federal agencies:  the Department of Veterans Affairs, the Department of Energy's National Nuclear Security Administration (NNSA), the Social Security Administration, and the Internal Revenue Service. Intensive media coverage, suits by veterans alleging a violation of the Privacy Act, and rafts of letters from disgruntled constituents have fanned the fading embers of interest in data security legislation on the Hill. If lawmakers had become almost inured to the daily drumbeat of private sector breaches, the latest evidence of complete disorder in the government's own house would seem to have given the issue new urgency. Moreover, the breach at the NNSA makes clear that lax federal data security not only can cause the usual risks of identity theft and fraud, but also can jeopardize national security. Still, the large number of competing legislative vehicles and the scant time left for legislative action in this session could mean that no federal data security bill (with preemption of state breach notification laws) will be passed until sometime next year -- unless there's a truly disastrous event that causes Congress to move with unusual dispatch. Then again, the last time Congress moved quickly after a catastrophe, it produced the USA PATRIOT Act. So careful what you wish for.

Company Computer Usage Policies Don't Count Unless They're Enforced, Court Says
As if employers didn't already have enough reasons to monitor their employees, computer usage, the U.S. District Court for the Eastern District of New York recently gave them yet another one. In Curto v. Medical World Communications, Inc., Judge Denis R. Hurley affirmed a magistrate judge's finding that the extent to which a company actually enforces its computer usage policy is relevant to the issue of whether an employee waived the attorney-client privilege by sending and storing communications on company-owned laptops. The court upheld the magistrate's ruling that the employee, despite violating the company's policy prohibiting personal use of company computers, had not waived her right to assert attorney-client privilege for emails and documents on company laptops. Although this decision dealt with the narrow issue of waiver of attorney-client privilege, its reasoning could affect how courts treat employees' claims that their employers violated their privacy by monitoring their communications and computer usage. The message to employers is: if you've got a computer usage policy, you'd better enforce it or it might not do you any good.

Back to the Future: Phone Phreaking Enters the VoIP Age
Once upon a time, a few scraggly, tech-savvy phone enthusiasts discovered that by whistling the right tones into their receivers, they could hijack Ma Bell's switching system, enabling free long-distance calling and other mischief. And thus the art of "phreaking" -- the great granddaddy of modern-day hacking -- was born. With the advent of digital switching and separate lines for voice and signaling information, it seemed as if phreaking's heyday had come and gone.  But as everything old is new again, the rise of Voice over Internet Protocol (VoIP) technology has second-gen phreaks singing the same song, second verse.  Whether or not this latest iteration will be "a little bit louder and a little bit worse" remains to be seen, but already a scheme to steal and re-sell VoIP routing services has reportedly netted its alleged perpetrators more than a million dollars -- as well as criminal complaints from the FBI. The techniques may have changed, but as long as people feel the need to "reach out and touch someone," phreaks will continue to search for a way to do it for free. While some traditional telcos will try to use this incident to portray VoIP as inherently insecure, at least part of the scheme exploited vulnerabilities in the networks of VoIP customers and others. And the reality is that the content of VoIP calls -- particularly peer-to-peer calls that do not interconnect with the Public Switched Telephone Network -- is more secure than that of calls on the regular PSTN call, since it is encrypted.

Questions and comments about E-Commerce Law Week are always welcome. Please send your feedback to Sally Albertazzie.