E-Commerce Law Week, Issue 453April 28, 2007
Barney Frank Rolls the Dice
Online gambling companies have been down on their luck of late. Beginning last summer, a run of bad news forced many internet gambling companies to abandon the lucrative U.S. market – including arrests of industry executives and the passage last year of the Unlawful Internet Gambling Enforcement Act (UIGEA) (see Title VIII), which is intended to cut off the flow of funds to online gambling sites. But legislation introduced on April 26 by Representative Barney Frank (D-MA) could help these companies turn their luck around. The bill would effectively legalize the business of online gambling in the United States by creating a licensing scheme, while permitting individual states, Indian tribes, and sports leagues to bar betting within their jurisdiction or on their games. (Oddly, though, the bill also states that it does not “alter” or “limit” other state and federal gambling laws – including the federal Wire Act, which have been the basis for several recent prosecutions.) But any celebration by online gaming companies would be premature. It’s not clear how strongly Rep. Frank intends to push his bill or how much support the bill has in the House or Senate. Still, this is the first good news online gambling outfits have had in a while.
Government Seeks to Amend FISA, Expand Warrantless Surveillance Power
First the Administration said that the National Security Agency needed the ability to engage in warrantless surveillance of Americans’ international communications because the Foreign Intelligence Surveillance Act was too limiting. Then in January it announced that it had come up with an “innovative” reading of FISA that apparently would permit the same sort of broad-scale, untargeted surveillance that the warrantless program had involved, so that it could discontinue the so-called “Terrorist Surveillance Program” (TSP) and go back to using FISA orders. But recently the Administration proposed sweeping amendments to FISA that would allow more warrantless surveillance. The timing of the Administration’s proposal is rather surprising, coming on the heels of the Inspector General’s report on abuses of National Security Letters and in the midst of the controversy over the firing of eight U.S. Attorneys. In this charged political environment, and with the Democrats now in control of Congress, it is unlikely the Administration’s bill will go very far. The fact that the Administration is pushing this proposal, though, suggests that it might not be so confident in its new, innovative reading of the existing terms of FISA. It also suggests some concern that courts currently considering legal challenges to the TSP might not buy the government’s claim that the President has the “inherent” constitutional authority to engage in warrantless surveillance even in violation of FISA. In light of all this, communications providers that receive FISA orders or Attorney General certifications demanding information should proceed with caution.
Canada’s Privacy Commissioner Eases Conflict-of-Laws Conundrum
Last October, we reported that Canada’s Privacy Commissioner had joined several European institutions in investigating whether the Society for Worldwide Interbank Financial Telecommunications (SWIFT), a Brussels-based international banking consortium, had inappropriately disclosed personal banking information to the U.S. government. These disclosures were made pursuant to administrative subpoenas issued under the U.S. Treasury’s “Terrorist Finance Tracking Program,” and provided information about global financial transactions. The E.U.’s Article 29 Working Party found that SWIFT’s disclosures ran afoul of the EU Data Protection Directive. But Canada’s Privacy Commissioner has now concluded that SWIFT’s disclosure of data derived from Canadian financial institutions did not violate Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) since the data was disclosed by the consortium’s U.S. arm, and PIPEDA “allow[s] SWIFT to respond to a valid subpoena issued in the United States.” In a related inquiry, the Commissioner found that the Royal Bank of Canada did not breach PIPEDA by sharing Canadians’ personal information with SWIFT. The Commissioner’s rulings ease the potential conflicts-of-law conundrums that companies can face when they receive lawful demands for information in one country for data involving residents of another country. But it is not at all clear that other countries, especially those in Europe, will follow Canada’s lead. Nor does the Canadian Commissioner’s ruling address other conflict-of-laws situations, such as where one country demands data that is held in another country and protected by that nation’s data protection laws.
Wardriving In Worcestershire
It was announced last month in the UK that two individuals had been arrested and cautioned (a step short of prosecution), in separate incidents in Worcestershire, for “piggy-backing” on unsecured domestic WiFi connections. Both individuals had apparently been engaged in “wardriving” (i.e., driving around looking for an open WiFi connection), and were caught surfing the Internet in cars outside the homes of their “victims.” The legal basis for the cautions was “dishonestly obtaining electronic communications services with intent to avoid payment” in violation of the UK Communications Act 2003 which was also asserted as the basis for a 2005 UK prosecution of Gregory Straszkiewicz for similar conduct. And there probably is an alternative basis for such UK prosecutions under the UK Computer Misuse Act 1990, which was recently amended to expand its scope. In the US, the federal Computer Fraud and Abuse Act provided the basis for the first known US prosecution for wardriving in 2004, involving access to the network of a Lowe’s store.
Questions and comments about E-Commerce Law Week are always welcome. Please send your feedback to Sally Albertazzie.