E-Commerce Law Week, Issue 496

Senate Passes Bill Granting VoIP Providers Immunity, Interconnection Rights for E-911 Services

The Federal Communications Commission first ordered interconnected voice-over-IP providers to provide E-911 service in 2005.  (Enhanced 911 or "E-911" service is a feature of the 911 calling system that ties a physical address to the calling party's telephone number.)  But, as we reported at the time, many industry players and lawmakers felt that the FCC's order came up short in two ways:  it did not guarantee covered VoIP providers the right to interconnect with the 911 networks of incumbent local exchange carriers (ILECs) under sections 251 and 271 of the Communications Act, and it did not exempt them from liability in relation to the provision of 911 services.  Enter S. 428, which passed the Senate on February 26.  Like H.R. 3403, which passed the House last November, the Senate bill would require the Commission to adopt regulations "granting IP-enabled voice service providers right of access to 9-1-1 components that are necessary to provide 9-1-1 service, on the same rates, terms, and conditions that are provided to commercial mobile service providers."  Both bills would also give interconnected VoIP providers the same immunity for the provision of emergency services currently enjoyed by wireless and wireline providers.  So, while a few differences between the House and Senate bills still need to be hammered out, it looks likely that interconnected VoIP providers will soon win some of the rights and legal protections that were conspicuously absent from the FCC's 2005 order.

Fizzling of 3Com Deal Illustrates the "Intractable Problem" of Software Assurance

Could your anti-hacking software be surreptitiously sending company secrets to a foreign power, or subtlety altering mission critical data?  Fears of such subterfuge appear to have scuttled a proposed merger between 3Com -- a U.S. corporation that provides networking hardware, software, and security solutions to many clients, including the U.S. military -- and Huawei Technologies, a Chinese corporation with reported ties to the People's Liberation Army.  3Com announced on February 20 that the parties had "withdrawn their joint filing to the Committee on Foreign Investment in the United States (CFIUS) concerning the ... proposed merger transaction."  Members of Congress, the Pentagon, and Department of Homeland Security had reportedly expressed concern about the deal, noting that Huawei Technologies could use its proposed minority stake in 3Com to put "back doors" or other secret code in 3Com security software used by the U.S. government.  According to 3Com, the parties were "unable to reach a[n] ... agreement with CFIUS" that might have mitigated such concerns.

UK Information Commissioner Requires Financial Services Company to Encrypt Laptops

The United Kingdom's Information Commissioner's Office (ICO) has required another company to encrypt all sensitive personal information stored on its laptop computers.  As we previously reported, the theft of an unencrypted laptop from a Marks & Spencer contractor led to the ICO's January ruling that that retailer must encrypt all personal information stored on its laptops.  Late last month, the ICO announced that Skipton Financial Services (SFS) had suffered a similar laptop theft, and required the company to use encryption to protect the information on its laptops.  According to the Office, the laptop -- which was stolen from an SFS contractor -- contained the unencrypted personal information of 14,000 SFS customers.  Noting that SFS "should have had appropriate encryption measures in place to keep the data secure," the ICO announced that SFS had agreed to protect against future data breaches by:  ensuring that sensitive personal data stored on the laptops of SFS and its contractors is "suitably encrypted"; assessing the data security of contractors before hiring them to process SFS data; and implementing other "appropriate" security measures.   So while governments once tried to curb the widespread use of strong encryption by companies, we are now entering an age in which encryption is being mandated -- at least where sensitive information is at issue.  Nevertheless, many countries -- including the United States and UK -- still maintain controls on exports of encryption, while other countries control the import and use of encryption as well.  Companies therefore need to be mindful of any regulations governing the export, import or use of encryption in the countries in which they operate. 

German Court Rules that Government Surveillance of PCs Violates Right to Privacy

The German Federal Constitutional Court has held that rules allowing covert government surveillance of personal computers are unconstitutional.  Finding that the constitutional rights to a core "protected private-sphere" and "informational self-determination" guarantee "the integrity and privacy of information-technical systems," the court struck down several provisions of a law of the state of North Rhine-Westphalia that allowed the government to secretly install spying software on personal computers.  But it also held that a law authorizing the use of such software to spy on German PCs could pass constitutional muster, so long as it requires the government to demonstrate a "concrete danger" of harm to the state or persons, obtain a court order, and put in place measures to protect the privacy of surveillance targets before beginning surveillance.  The German government has reportedly welcomed the ruling, claiming that it will help guide efforts to draft a new federal law permitting limited domestic surveillance of personal computers.

Questions and comments about E-Commerce Law Week are always welcome.  Please send your feedback to Sally Albertazzie.