E-Commerce Law Week, Issue 393

Congress Blows Smoke on Internet Freedom, While the Real Fires Burn On
Last month, the US House of Representatives shanghaied representatives from four Internet companies before a panel of fuming members (and, more to the point, the television cameras) in order to deliver a bipartisan tongue-lashing. The subject? The companies' kowtowing to pressure from the Chinese government to assist it in censoring speech and tracking down dissidents.  Representative Tom Lantos (D-CA) called the practices of Yahoo!, Google, Microsoft, and Cisco "abhorrent" and "a disgrace." Representative Christopher Smith (R-NJ), Chairman of the House subcommittee on human rights, rhetorically asked whether the companies would have provided Anne Frank's location to the Nazis. Ouch. But this is the same august body, mind you, that to date has refused even to hold a hearing into warrantless domestic wiretapping of US citizens' phone calls and emails by the National Security Agency. Still, even if their priorities seem a bit askew, the representatives have identified an important issue -- how global Internet companies should deal with foreign governments that demand help in censoring speech and stifling political dissent. 

And it wasn't just idle talk. Representative Smith introduced a bill, the "Global Online Freedom Act of 2006" (H.R. 4780), which would forbid Internet companies from locating search engines in "Internet-restricting countries," obeying demands from such countries to censor search results and web content, and providing assistance in identifying a web user "except for legitimate foreign law enforcement purposes as determined by the Department of Justice." The bill would also restrict exports of technology that could be used to facilitate censorship. It's doubtful the bill will make it far in its current form; despite its admirable goals, it's ridden with crucial ambiguities.  Still, if anything remotely like this bill were enacted, it would hoist Internet companies onto the horns of a true conflict-of-laws dilemma: foreign countries would require them to do things that US law would forbid them to do. The end result would not be that US Internet companies would refuse to cooperate with China and other totalitarian regimes; they would likely stop doing business in those countries entirely. And if that happened, would "Global Internet Freedom" really have been advanced?

Jack Abramoff Works Overtime for Gambling Bill, Sort Of
These days, members of Congress are jumping at any chance to publicly distance themselves from disgraced former uber-lobbyist Jack Abramoff.  And all that posturing could have one unexpected result: a major push in the House to explicitly ban Internet gambling of all sorts. That push began on February 16 when Rep. Robert Goodlatte (R-VA) introduced the "Internet Gambling Prohibition Act" (H.R. 4777). The bill would amend the Wire Wager Act to clarify that the Act’s prohibitions include gambling over the Internet as well as cellphones and other wireless devices, and would expand its existing prohibition on gambling to clearly include casino-type games (like Internet poker and blackjack), not just sports-betting. These amendments are noteworthy because they seem to confirm the view of many observers that -- despite the Justice Department’s assertions to the contrary -- non-sports betting over the Internet is not clearly illegal under existing law.  Indeed, Representative Goodlatte's public statements to that effect will make any criminal prosecutions of Internet poker and similar gaming operations all the more difficult, unless and until his bill is enacted. So what’s the Abramoff connection? Well, it was the aggressive lobbying on behalf of gambling interests by Abramoff himself that killed earlier versions of Goodlatte’s bill.  So any Congressman looking to loudly proclaim his or her independence from the former lobbyist is likely to jump on this particular bandwagon.

Failure to Encrypt Data Does Not Constitute Negligence, Court Says
To encrypt or not to encrypt? Sure, the query may not have quite the existential implications of Hamlet's quandary, but when it comes to businesses' securing non-public personal information, it is certainly a question, if not the question. The answer, however, may depend on whom you ask. The Federal Trade Commission ("FTC") probably would say "definitely," and judging from its past enforcement actions, it might even consider failure to encrypt sensitive information -- at least along with other security omissions -- an unfair trade practice. But a federal district court in Minnesota recently came to a different conclusion.

In Guin v. Brazos Higher Education Service Corporation, Inc., the court dismissed a lawsuit that charged a student-loan provider with negligence in failing to encrypt a customer database that was subsequently stolen. The court noted that the Gramm-Leach-Bliley Act (GLBA) does not specifically mandate encryption and that "the FTC does not provide regulations regarding whether data should be encrypted when stored on the hard drive of a computer." The court's conclusions are probably unique to the facts of the case -- which involved a lone individual looking at loan portfolios, as opposed to a large financial institution processing credit card information. Still, the decision shines one more light on the evolving standard of care when it comes to data security. That standard may vary depending on the specific circumstances of each case, including not only the nature of the business and the sensitivity of the information being processed, but also the reasonably anticipated risks. This decision could also give heart to any company willing to challenge the FTC in an enforcement action brought in part on the basis of a failure to encrypt.

Steptoe & Johnson and Corporate Counsel Magazine Continue Teleconference Series
On March 22, 2006, from 12:30 p.m. to 1:45 p.m., Steptoe & Johnson and Corporate Counsel will present "Managing Multi-National Corporate Governance: SOX and Data Protection." Please join US Securities and Exchange Commission Director of International Affairs, Ethiopis Tafara, French Commission Nationale de l’Informatique et des Libertes Senior Legal Advisor, Clarisse Girot, and Steptoe partners, Bob McLaughlin and Maury Shenk, for a discussion of managing the emerging tensions between the Sarbanes-Oxley Act whistleblower provisions and EU data protection law.

The teleconference is toll-free, and there is no charge to participate. For additional information or to register, please contact Alycia Polley (telephone 202.457.5436).

Questions and comments about E-Commerce Law Week are always welcome. Please send your feedback to Sally Albertazzie.