E-Commerce Law Week, Issue 384

Congress Postpones Patriot Act Renewal, Setting Stage for Civil Liberties Slugfest in January
Earlier this year, it seemed a safe bet that the provisions of the USA PATRIOT Act scheduled to expire on December 31 would be extended or made permanent without too much fuss.  But a crescendo of court decisions and revelations about government surveillance practices -- particularly the widespread use of National Security Letters to obtain information without any judicial review -- helped stoke a passionate debate, and caused lawmakers from both parties to oppose renewal of the sunsetting measures unless changes were made to protect civil liberties. Still, a deal seemed imminent when House and Senate conferees reached a compromise agreement -- until the revelation of a massive program of warrantless wiretapping by the National Security Agency of US persons' international phone calls and emails. This growing scandal gave a bipartisan group of Patriot Act opponents added clout in their threat to filibuster the conference agreement. In the end, lawmakers could only agree to disagree, passing a bill on December 22 that extended the Patriot Act for another five weeks and let everyone go home for the holidays.  But it's unlikely that the delay will help proponents push through the existing version of the conference agreement without additional changes. Indeed, the debate will only grow more fierce, since the extended Patriot debate will occur in the same month as other highly charged congressional action, including hearings concerning the NSA wiretapping program and confirmation hearings for Supreme Court nominee Samuel Alito. So buckle your seatbelts, because January is going to be one helluva ride.

In Europe Too, Terrorism Takes Its Toll on Privacy
In a world worried by increased risks of terrorism, the question being asked -- just about everywhere -- is not whether those risks justify less privacy, but how much less.  In the United States, the recent fight over extension of the USA PATRIOT Act and the scandal over domestic surveillance by the National Security Agency without court approval suggest that limits are being reached (at least until there is another major terrorist event in the US).  But in Europe, where the legislative reaction after September 11, 2001, was generally more muted than in the United States (although not inconsiderable), the forces of privacy have recently been beating a rather disorganized retreat.  A recent case in point is the approval on December 15 by the French Senate of a Law Against Terrorism.  Among other things, this law would require providers of Internet access to the public to retain a year of their customers' Internet communications traffic data.  Access to this data would be available to a large number of French law enforcement bodies, with relatively limited procedural protections.  The proposed French law would also substantially increase the legal authority for video surveillance in public places, again providing broad access for law enforcement to the images obtained.

FTC Report Card Grades CAN-SPAM Act as Effective, But Urges Passage of US SAFE WEB Act to Bolster International Enforcement
The success -- or lack thereof -- of the "Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act of 2003" has been hotly debated since the statute was signed into law two years ago.  But now, at least for Congress and the Federal Trade Commission (FTC), the verdict is finally in: CAN-SPAM has been "effective."  On December 20, the FTC released its report, entitled, "Effectiveness and Enforcement of the CAN-SPAM Act: A Report to Congress," which details the effectiveness of the Act and the need for certain modifications.  The FTC concludes that CAN-SPAM has been effective in:  (1) providing a roadmap of "best practices" for legitimate marketers to use in crafting their email campaigns; and (2) increasing the efficiency of enforcement against spammers by both law enforcement and Internet service providers.  The FTC concedes, however, that problems with spam persist.  First, the "international dimension" of spam, which "[has] not changed materially" since the statute's enactment, can frustrate the FTC's ability to go after both spammers and the sellers who pay for spam.  Second, despite a decrease in the total amount of spam reaching consumers' inboxes, spam is increasingly becoming "a vehicle for identity theft" and for the delivery of viruses and other malware.  To solve these lingering issues, the FTC will continue to encourage industry to develop and deploy "domain-level authentication" -- which should be in place in the "near future" -- and recommends that Congress pass the "Undertaking Spam, Spyware, and Fraud Enforcement With Enforcers Beyond Borders Act of 2005" (or the "US SAFE WEB Act"), which would enhance the FTC's ability "to combat illegal spam sent internationally."  Somehow, though, the FTC's Report failed to mention the proliferation of legislation with long, forced names and cutesy acronyms which have been clogging the statute books in recent years.  Now there's a problem we'd like to see fixed.

Questions and comments about E-Commerce Law Week are always welcome.  Please send your feedback to Sally Albertazzie.