E-Commerce Law Week, Issue 456

RUSSIA ATTACKS ESTONIA!?

In the physical world, an attack by one country against another yields affirmative, declaratory news headlines.  In the cyber world, however, there's often a question mark, since positive attribution of the attack to its source is often difficult, if not impossible.  The ongoing cyber attacks on Estonian government and private sector websites, which on their face appear to originate in Russia, are the most recent example.  The attacks have been going on since mid-April, in response to Estonia's relocation of a war memorial honoring Soviet Red Army soldiers.   Estonian officials have all-but-explicitly blamed the Russian government and requested assistance from Estonia's NATO allies, but Russia denies involvement.  The episode demonstrates the difficult predicament governments and companies alike can find themselves in during a major cyber onslaught, especially where the country-of-apparent-origin is not only unhelpful in investigating and halting the attacks, but may itself be the perpetrator of them.  So far, Estonia seems largely to have limited its response to defensive measures -- building up its cyber security, investigating the incident, and calling on NATO to put pressure on Russia to halt the attacks.  The United States has remained mostly mum, apparently wanting NATO to take the lead in fashioning a response.  In all likelihood, Russia will eventually dial things down, after it feels it has made its point.  Companies around the world should take this incident as a reminder that even the best security measures may be of little help in preventing a concerted  denial-of-service  attack by sophisticated adversaries, and that they should institute, and rehearse, a clear emergency response plan for dealing with major attacks on their information systems.

Supreme Court's Patent Rulings A Mixed Bag for Tech Companies

Two patent rulings by the U.S. Supreme Court at the end of April could have a big impact on how tech companies do business.  In Microsoft Corp. v. AT&T Corp., the Court found that Section 271(f) of the Patent Act, which creates infringer liability for those who "suppl[y]" from the United States "components" of a "patented invention" for combination abroad, does not apply to computer software that is sent to a foreign manufacturer and then copied for installation on computers, since the copies, not the original version of the exported software, become components of the machines.  In KSR Int'l Co. v. Teleflex Inc., the Court held that, when assessing whether the subject matter of a patent is "obvious" (and the patent therefore invalid), courts should eschew rigid criteria and instead use an "expansive and flexible" approach that recognizes the "inferences and creative steps that a person of ordinary skill in the art would employ" and considers the "needs created by developments in the field of endeavor."  The Court's rulings are a mixed bag for tech companies.  On the whole, they cut against the rights of patent holders.  But since most big tech companies both hold their own patents and use inventions arguably subject to someone else's patents, the import of the Court's decisions will depend on the circumstances of each case.

Feds Close Gambling Gateway, But Many Portals Remain Open For Business

The online gambling crackdown in the United States continues.  In a May 9 indictment filed in Utah, the Department of Justice charged a broad range of defendants with RICO conspiracy, bank fraud, Wire Act violations, and money laundering, all stemming from their alleged involvement in a scheme to hide the identity of online gambling transactions from financial institutions.  The defendants include several individuals, an online payment processor known as CurrenC WorldWide, an affiliated financial services company with no legitimate operations, dummy organizations allegedly used for money laundering, and at least five Internet gambling websites.  According to DoJ, the centerpiece of the operation was a web-service known as "the Gateway," a means of purposefully miscoding credit card transactions in order to fool banks into accepting online gambling transactions.  The indictment marks another milestone in the Justice Department's effort to extend its crusade against online gambling to payment processors and other service providers.

When "You've Got Mail" Means "You've Been Served"

Following the Ninth Circuit's watershed decision in Rio Properties, Inc., v. Rio International Interlink (2002), which upheld service by email on a Costa Rican Internet sports gambling organization, federal courts in New York, Tennessee, and West Virginia have authorized service by email on foreign defendants under Federal Rule of Civil Procedure 4(f)(3), which permits service on those outside the United States "by other means not prohibited by international agreement as may be directed by the court."  Most recently, in Williams-Sonoma Inc. v. FriendFinder Inc., a federal court in California held that the plaintiff could serve foreign owners of allegedly infringing websites by email.  These cases suggest that, when foreign defendants prove elusive, plaintiffs may be able to use modern communications technologies, such as email, to effect service.

Questions and comments about E-Commerce Law Week are always welcome.  Please send your feedback to Sally Albertazzie.