E-Commerce Law Week, Issue 346

BIS Publishes Request for Comment on Inspector General's Proposed Changes to Export Regulations
Last month, we reported that the US government was testing the waters for tougher restrictions on US companies that employ foreign nationals who may have access to controlled technology. In particular, we reported that a notice would soon be published requesting comment on the Commerce Department Office of Inspector General's March 2004 report titled "Deemed Export Controls May Not Stop the Transfer of Sensitive Technology to Foreign Nationals in the U.S." On March 28, the Bureau of Industry and Security published the expected notice in the Federal Register, requesting comment on the report's proposed revisions to the Export Administration Regulations (EAR). Most significantly for U.S. industry, the notice and report propose to decide the nationality of foreign nationals based on their country of birth, rather than their country of most recent citizenship.

Canadian Legislators Gear Up -- Copyright Reform Bill On Its Way
Hear that? It's the sound of the world of copyright law creaking under the weight of new technologies (although only in the world of copyright lawyers is the Internet still considered "new" technology). The World Intellectual Property Organization is thinking about a new copyright treaty, the U.S. Supreme Court is considering what action to take in the Grokster case, and now the Canadian government is proposing changes to its Copyright Act that would grant ISPs safe harbor from copyright liability when they act solely as "intermediaries" -- although ISPs would have to take certain actions to curb the misuse of their facilities for copyright infringement.

New Security Threat? Software Vendor Seeks to Hush Disclosure of Vulnerabilities
When a computer security firm or individual locates a vulnerability in a program, the accepted industry practice is to notify the software vendor so that a patch for the vulnerability can be released. More controversial is whether to publicly disclose details of the vulnerability after the patch is released. Researchers at British computer security firm Next Generation Security (NGS) Software Ltd. recently announced their intent to publish details associated with vulnerabilities in a commercial database product developed by Sybase, Inc. Their plans changed, however, when Sybase officials sent NGS a letter threatening legal action if NGS published such information. Sybase based its threat on a clause in its end-user license agreement (EULA) that prohibits users from publishing the results of "benchmark or performance tests," which is a common EULA clause that has not typically been used to prevent the dissemination of vulnerability information. Nevertheless, as a result of Sybase's letter, the NGS researchers decided to stay quiet about the details of the security flaws. Since then, several computer security experts have criticized Sybase, arguing that legal threats of this kind hurt users and vendors by preventing the dissemination of critical security information.

FCC Prevents States from Forcing ILECs to Unbundle DSL/Voice
Regional phone companies have been hit hard as millions of traditional phone customers increasingly are deciding to unplug their land-lines and switch to cellular phones or voice-over IP (VoIP) services instead. Incumbent telecommunications carriers have coped with these losses by offering traditional phone service bundled together with other products. Some states have tried to force regional phone companies to "unbundle" their services. A Federal Communications Commission (FCC) opinion released on March 25 deals a limited blow to this effort by barring state regulators from imposing certain unbundling obligations. The FCC issued its opinion in response to a December 2003 petition for declaratory ruling filed by BellSouth. But because the FCC's order was on fairly narrow federal vs. state grounds -- and may raise more questions than it answers -- the FCC issued a Notice of Inquiry (NOI) with its decision, seeking comment on the broader questions surrounding service bundling, including whether such practices harm competition. Comments on the NOI are due 60 days after publication in the Federal Register.

Questions and comments about E-Commerce Law Week are always welcome. Please send your feedback to Sally Albertazzie.