E-Commerce Law Week, Issue 583

India Establishes Broad Interception, Data Retention, Cyber Security, and Website Blocking Requirements

India's Information Technology (Amendment) Act, 2008, came into effect at the end of last month, instituting significant new requirements governing the interception and decryption of communications, access to stored data,  data retention, cyber security, and website blocking.  The law also appears to authorize the government to restrict what encryption may be used in India.  Regulations implementing many of these requirements have already been "notified," while other key regulations remain to be issued.  Communications providers and other companies that do business in India thus will have to satisfy burdensome new requirements, and may be faced with even more significant restrictions in the near future. 

Did An Unlawful Search Warrant Doom A Major Securities Fraud Case?

A federal court in New York recently granted a defendant's motion to suppress email evidence obtained by the government using a warrant that was not sufficiently specific about the evidence being sought.  The case, United States v. Cioffi and Tannin, involved alleged securities fraud by two former Bear Sterns hedge fund managers.  The email that the government sought to use at trial ostensibly was evidence of one trader's knowledge and intent of the crimes.  As we've previously reported, courts have generally recognized that government agents conducting computer searches have to be able to sift through a lot of innocent information in order to find the information that constitutes evidence of the crime under investigation, since it is impossible to know in advance which precise email or which stored document will be the one with evidence of the crime.  But Cioffi reiterates that a warrant must still, at the very least, specify the particular crimes that evidence is being sought about, so that the executing officer can know with reasonable certainty which items he is authorized to seize.  Perhaps not coincidentally, both defendants were acquitted on November 10, with some commentators opining that the government's case was weak on evidence of the defendants' motive.  For communications providers, the case serves as another reminder of the importance of applying independent legal analysis of government demands for information.

UK Seeks Comment on Monetary Penalties for Data Breaches

The United Kingdom's Ministry of Justice has issued a consultation paper calling for public comment on whether to set the maximum monetary penalty for "serious" breaches of the Data Protection Act 1998 (DPA) at £500,000 (approximately $835,000).  Along with the consultation paper, the Information Commissioner's Office has issued draft guidance detailing the criteria it will use in determining whether to impose a monetary penalty.  Public comment is due by December 21, 2009. 

Note to Readers:  E-Commerce Law Week will not be published next week due to the Thanksgiving holiday in the United States.  We will resume publication in early December.

Questions and comments about E-Commerce Law Week are always welcome.  Please send your feedback to Sally Albertazzie.