E-Commerce Law Week, Issue 377

New York Banks Get Rocks in Their Trick or Treat Bags
October 31 is the day for ghouls and goblins and other scary things.  But New York financial institutions got an early Halloween fright in a decision handed down on October 20 by the New York Court of Appeals, the Empire State's highest court.  In Regatos v. North Fork Bank, Civ. No. 142,  the court held that banks could not contractually shorten the statutory time limit for customers to object to an allegedly fraudulent transfer from their accounts, and also that the statutory period begins running when the customer receives actual notice of the transfer, and not "constructive notice" such as the receipt of account statements showing the transactions.  Although the decision was an interpretation of state law, it may signal a broader judicial trend favoring customers' rights over the interests of financial institutions when it comes to shouldering the burden of financial fraud.  Even more interestingly, the court's decision was animated by the strong policy interest in banks' instituting, and following, reasonable security procedures.  Given the increase in both identity theft and computer hacking, phishing, and other cyber frauds, this ruling is particularly significant when it comes to online banking and electronic funds transfers.

Court Requirement of More Specificity in Internet Pen/Trap Orders is a Two-Edged Sword for ISPs
When the USA PATRIOT Act extended the applicability of pen registers and trap and trace orders to electronic communications, civil libertarians and others worried that these orders would allow the government to obtain the contents of Internet communications upon a minimal showing of "relevance" to an investigation.  Given the way email and web-browsing work, the line between mere "dialing, routing, addressing, and signaling" information available through these orders and "contents" of a communication is not always clear. To address these concerns, a decision handed down last week imposed a requirement that a pen/trap order not simply state what an Internet service provider (ISP) must disclose, but also what it must not.  But what the court gaveth, so it tooketh away.  For it also required that the order include a provision stating that the ISP would be held in contempt of court if it mistakenly disclosed information that would constitute "contents" of a communication.  The decision is thus very much a two-edged sword for ISPs.

Courts Require Probable Cause Before Allowing Government to Use Cellphones as Tracking Devices
Federal courts in Texas and New York just threw a wrench in the government’s plans to use cell phones as tracking devices with less than a showing of probable cause.  On October 14 (In re Application for Pen Register and Trap/Trace Device with Cell Site Location Authority (S.D.T.X)) and October 24 (In the Matter of an Application of the United States For an Order (1) Authorizing the Use of a Pen Register and a Trap and Trace Device and (2) Authorizing Release of Subscriber Information and/or Cell Site Information  (E.D.N.Y), two magistrate judges in Texas and New York independently rebuffed the government's theory that it could obtain prospective cell site information, on a continuing basis, using a combination of pen register/trap and trace and subscriber information orders, which require much less than probable cause.  Until this issue is resolved by higher courts once and for all, expect the government to continue to advance its "imaginative" legal theories across the country.  Telephone companies and Internet service providers will both want to be alert to such theories, given the ramifications of responding to an order that turns out to be similarly creative but ultimately wrong. 

Big Phone Companies Get Together and Get Naked
In approving the SBC-AT&T and Verizon-MCI mergers on October 31, the Federal Communications Commission (FCC) announced that the merging parties had agreed to a "naked DSL" condition that could be particularly important to the development of Voice over Internet Protocol (VoIP) telephony provided by competing service providers. The condition indicates that SBC (soon to be renamed AT&T) and Verizon, by far the two largest providers of DSL service in the United States, have agreed to begin to offer DSL service to customers, without any requirement that traditional voice phone service also be provided. Of course, the price and other terms on which AT&T and Verizon ultimately offer naked DSL services will have a significant impact on the competitive effect of these services in the market. The constraints on such terms may become clearer when the FCC releases its full orders on the two mergers, probably within the next month or so. But the FCC has clearly expressed reluctance to intervene aggressively in the broadband market. So many of the terms of naked DSL service will likely not be apparent until the services are introduced in a year or so.

French Give a Qualified 'Non' to Snooping of P2P IP Addresses
On October 24, the French data protection authority, the Commission Nationale de I'Informatique et Libertes (CNIL), dealt a blow to music industry enforcement efforts against peer-to-peer (P2P) file-sharing by announcing that it would not permit the automated monitoring of users of P2P file sharing systems.  The CNIL concluded such monitoring could lead to "a massive collection of personal data" and allow "exhaustive and continuous surveillance" of P2P sites "beyond that which was necessary for the fight against piracy".  The CNIL's stance runs counter to its own ruling in April authorizing similar P2P site surveillance by the Syndicat des Editeurs de Logiciels de Loisirs (SELL), a trade association representing French video game producers, whose members include video game industry heavyweights such as Sega, Sony, and Atari.  Defending its apparent volte-face, the CNIL noted that SELL had pledged to send messages to suspected P2P site users itself, rather than asking ISPs to act as third party intermediaries, and had agreed to take an anonymous approach in communicating with suspected violators.  In French, we believe that's what is called "une distinction sans différence." In any event, if French Culture Minister Renaud Donnedieu de Vabres is to be believed, forthcoming consideration in the French Parliament of the implementation of the EU Copyright Directive might allow the music industry anti-piracy initiative to move forward.  Consideration of the EU Copyright Directive by the French Parliament is scheduled to begin in December.

Questions and comments about E-Commerce Law Week are always welcome.  Please send your feedback to Sally Albertazzie.