E-Commerce Law Week, Issue 347

Enlisting Business in the War on Terror
Mining business records is the flavor of the month in terrorism investigations -- so much so that FBI Director Robert Mueller  has been willing to swim against the tide of public and Congressional opinion in order to expand the FBI's access to third party records.  With parts of the USA PATRIOT Act set to expire at the end of this year (see http://www.patriotdebates.com), the debate on Capitol Hill has focused mainly on how to limit the Act’s most controversial authorities.  But Director Mueller is hoping that the FBI will emerge from the scrum with its authority expanded.  In his April 5 testimony to the Senate Judiciary Committee, Director Mueller asked for a significant expansion of the FBI’s administrative subpoena power to obtain terrorism information from third parties.  The new administrative subpoenas would not require advance approval either from judges (like section 215 of the Patriot Act) or prosecutors (like grand jury subpoenas), but the director stressed that the new subpoena authority would be subject to challenge on the part of recipients.  Relatedly, Senator John Cornyn (R-TX) introduced legislation on April 4 that would explicitly authorize a recipient of a "national security letter" (NSL) to seek judicial review in a federal court to prevent enforcement of the letter.  The status of such review is currently up in the air, after a district court ruled this past September that the NSL provisions of section 2709 of the Stored Communications Act were unconstitutional.

Georgia Becomes  First State To Pass a "ChoicePoint" Security Breach Bill
Ray Charles wasn't the only one with Georgia on his mind.  From now on, some information brokers will have to keep Georgia on their minds -- at least when it comes to data security breach notifications.  On March 31, the Georgia General Assembly won the distinction of being the first state legislature to pass a security breach notification law since ChoicePoint revealed this past February that it had sold personal information on 145,000 individuals to identity thieves.  The language of the Georgia bill (S.B. 230) closely tracks that of California’s 2002 breach notification law (S.B. 1386), except that the Georgia bill applies only to information brokers such as ChoicePoint.  Government agencies whose records are maintained for traffic safety, law enforcement, or licensing purposes, and other businesses that collect personal information on individuals as part of their business plan -- such as the credit reporting companies -- are not covered by the bill.  Once signed by Governor Sonny Perdue, the law will go into effect immediately.

New APEC Guidelines -- Does PKI Have a Heartbeat After All?In December 2003, we reported on a study which indicated that the European market for public key infrastructure (PKI) solutions was as dead as Generalissimo Francisco Franco. It's now April 2005. Franco is still dead, but PKI might still be kicking.  One sign of life was the April 1 release of a new set of PKI guidelines by the Asia-Pacific Economic Cooperation (APEC) eSecurity Task Group (eSTG).  The eSTG guidelines do have shortcomings that have long bedeviled PKI.  Despite these issues, it appears that interest in purpose-built PKI schemes will continue to experience a modest revival.  Happily, though, we are confident that Generalissimo Franco will not.

Hair-Loss Company Also Loses Online Trademark Case
What's worse than losing your hair?  Losing your trademark to a bunch of online critics.  That's what happened to a hair replacement institute recently, in a Ninth Circuit ruling that will have corporate trademark lawyers tearing out their own hair for years to come. On April 4, the United States Court of Appeals for the Ninth Circuit, in Bosley Medical Institute v. Kremer, affirming in part the lower court's ruling, held that Kremer's website did not violate the Lanham Act -- the federal trademark law -- because it did not contain commercial links or advertisements and did not offer any competing products or services for sale.  However, the Ninth Circuit decided that Bosley’s claims under the Anticybersquatting Consumer Protection Act (ACPA) were not examined properly by the district court.  Because discovery regarding those claims had not been completed, the Ninth Circuit sent the case back to the district court to reconsider those issues.

Steptoe & Johnson LLP Presents A Data Security Seminar:  "Fire Inside the Firewall:  Liability for Information Security Breaches"
Today, information security breaches are in the headlines and in the legislatures -- Congress and the states are looking to establish new information security practices.  Soon, more of these breaches could be in the courts as well, as plaintiffs seek to hold businesses liable for bad security practices.  The prospect of liability is becoming a substantial concern for all businesses that own, license, or process personal information and other computer data.  With that in mind, Steptoe & Johnson LLP is pleased to present a seminar on data security in New York City on May 13.  For more information, please contact Stuart Davis.

Questions and comments about E-Commerce Law Week are always welcome.  Please send your feedback to Sally Albertazzie.