E-Commerce Law Week, Issue 345

Dear Feds, Send Money or the IT Infrastructure Could Get It
They say money makes the world go 'round . . . And now a group of experts are warning that without a serious cash infusion, the nation's information technology (IT) infrastructure world is at grave risk of being knocked off its axis by a terrorist or criminal attack. In a report entitled, "Cyber Security: A Crisis of Prioritization," the President’s Information Technology Advisory Committee (PITAC) -- an advisory body of IT leaders in academia and industry -- argues that the IT infrastructure of the US is "highly vulnerable to terrorist and criminal attacks." The report, made public on March 18, calls for a drastically increased federal role in supporting the development of new cybersecurity technologies. PITAC warns that short-term solutions to infrastructure vulnerability, like patching or retrofitting software, are inadequate and that only a massive deployment of money and manpower can successfully address the "large structural insecurities" of the nation's IT infrastructure. We've heard such dire warnings before, however, to little discernable effect. But perhaps the current spotlight on identity theft and data security breaches will lend some heft to the argument that the security of the nation's cyber infrastructure deserves at least as much attention as the data it carries.

Bank Regulators Beat Congress to the Punch on Security Breach Notifications
With all the Congressional activity on data security and identity theft these days, it's easy to forget that threats of new legislation are only half the story. In some industries, federal regulators are already setting guidelines for when companies should disclose security breaches. For example, the four federal financial industry regulators have issued "Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice" to instruct financial institutions on when they will be expected to report security breaches of "sensitive customer information" -- whether that information is stored electronically or in paper form. The federal regulators will view a financial institution's failure to comply with the guidance as an unsafe and unsound information security practice.

Texas AG Sues Vonage for Deceptive Advertising of 911 Emergency Services
On March 21, 2005, the Texas Attorney General (AG) filed lawsuit against the nation's largest Voice over IP (VoIP) service provider, Vonage Holdings, for deceptive advertising practices in relation to the company's claims about its ability to provide access to 911 emergency services. The suit asks a state court to order Vonage to stop saying it offers "911 calling" and change its marketing to highlight the actions customers must take in order to activate the service's 911 features. The state also asked for Vonage to pay $20,000 per violation. While Vonage's service differs from traditional phone service in several ways, the key issue at trial will be whether Vonage misrepresented how its service works.

Questions and comments about E-Commerce Law Week are always welcome. Please send your feedback to Sally Albertazzie.