There’s a short but interesting article on wired.com regarding Congress’s apparent overreaction about the possibility of Second Life (“SL”)–or any virtual world, for that matter–being used by terrorists to launder funds.  While the article downplays the potential for such abuse given SL’s low retention and transaction rates among users, it misses the point.  Yes, for the moment our government may be overreacting as only a post-9/11 government can.  But its fears are not unfounded even if somewhat overzealous.

First, despite the relatively “unpopulated” nature of SL and other virtual worlds, it’s foolhardy to think that their appeal won’t continue to grow—for both good and bad guys.  As of March of 2008, it’s been reported that SL has 13 million registered accounts.  While many users have more than one account and many accounts are inactive or used infrequently, the fact still remains that virtual worlds and MMORPGs are growing at a phenomenal rate.  One study estimated that this market will increase from $3.4 billion to $13 billion in 2011.  Also even in the absence of such statistics, moving from the margin to the mainstream is the usual trajectory that technology takes.  There’s no reason to think that SL and MMORPGs won’t do the same.  It just takes time.  Furthermore, despite the Wired article’s emphasis on SL’s low retention and transaction rates, there’s a reason that Congress is looking to tax virtual assets and property.  A great deal of real money is being made in the virtual world.  So it’s only logical that the government investigate the criminal implications of using these forums.  They’ll only become more and not less “populated.”

Second, terrorists—despite their evil and depraved nature—are, sadly, quite creative.  It’s naive to think that they won’t be using virtual worlds in the same manner in which they now use the internet, e-mail, or any other technology to recruit followers, disseminate their hate, and devise attacks.  Laundering money may be at the bottom of their list, but it’s probably there.  While virtual worlds will hopefully provide a way to track and monitor such people, these technologies may nevertheless be quite appealing to increasingly savvy criminals who intend to do us great harm.  At least our govenment is asking the right questions.  Time will tell if it arrives at the right answers.

According to the AG, the site lured consumers to conduct an initial free search and then enticed them to purchase a “membership” for $24.95 which would give them the details they needed to claim any assets that the search uncovered.  The problem was that everyone apparently qualified for unclaimed assets—even superheroes and cartoon characters.  When the AG’s undercover investigators input names such as “Batman” and “Wily E. Coyote,” the site stated that they had multiple unclaimed assets waiting for them.  Not surprisingly, no details or information about a person’s supposed unclaimed assets were ever provided by the site once the $24.95 fee was paid.

In many ways, this is a standard type of consumer action that one would expect an AG to undertake:  A service was advertised, money was paid, and nothing was provided.  What was interesting, however, was one of the disclosures that the site allegedly failed to make.  According to the AG, the site—among other things—failed to inform consumers that its unclaimed money database is based upon publicly available sources which could generally be accessed without charge.

While this was just one part of the AG’s complaint, it’s somewhat troubling if the AG is attempting to establish precedent that a for-profit content or database website would have to make disclosures that its information is available from free public sources.  The internet is replete with such services.  For example, while many lawyers can find cases, statutes, and other public records for free, for-profit services such as Westlaw and Lexis provide the same service for what can sometimes be a hefty fee.  Would a disclosure be warranted in this instance?  Perhaps not just yet . . . .

Again, given some of the overtly fraudulent conduct alleged in the AG’s complaint, this is only one small part of the action.  But all AGs are given a great deal of discretion when deciding to pursue those businesses that it deems to be engaging in unfair or deceptive practices.  And most businesses settle or fold once the AG has them in its sights, especially given the lengthy and expensive proceedings that can ensue, as well as all of the negative publicity that such actions generate.  The proverbial “slippery slope” gets even slipperier if aggressive and politically-motivated AGs (i.e., those seeking higher office) are specifically looking for “high value targets” upon which to focus their energies.  And failure to put appropriate disclaimers on a site are particularly easy targets to pursue.

This monitoring is known as “deep-packet inspection” and it divides every aspect of a user’s data into packets that an ISP can analyze for content.   First, as a general matter, whenever I see anything with the words “deep” and “inspection” in a title, I get somewhat concerned without even having to read any further (similar to how the FBI first named its now infamous packet-sniffing software ”Carnivore,” but later changed it to the more benign-sounding “DCS1000″).  From a more substantive perspective, however, it represents a considerable escalation of an ISP’s ability to monitor its users.  Barring any legislative or regulatory action, it won’t be long until all ISPs engage in this practice.  According to the article, only 100,000 users are affected at the moment.

As usual, the ISPs gain their users’ consent by burying the monitoring in their lengthy customer service agreements.  According to the article, one ISP—Knology—has a 27 page agreement and only makes vague reference to the system.  Few people actually have the time and energy to read them, and those that do will not necessarily understand them anyway.  The lawyers that draft them are not exactly known for their clarity, especially when it comes to a controversial subject such as this.  In fact, according to one Knology executive, there’s no violation of privacy at all.

The article is silent as to how long an ISP actually retains all of this information, but presumably can retain it indefinitely.  And even if it doesn’t, once the information is disclosed and sold to advertisers, copies of it could continue to reside in cyberspace even if the ISP purges its records.  The article is also silent as to how such information could easily be disclosed to law enforcement or to parties involved in civil litigation.  So the march towards “zero privacy” continues. <sigh>

Under federal law, congressional staff members who earn more than $110,000 per year are required to file disclosure forms which list, among other things, their detailed financial holdings.  Why shouldn’t such staffers be subject to almost as much scrutiny as their bosses?  If they have the ear of some of the most powerful politicians in the world and serve as their handlers and gatekeepers, it only seems fair that the voters know if their financial interests may perhaps be influencing how their bosses vote on certain issues.  (Like issues involving privacy, for example.)  We sometimes forget that behind any politician is a group of people who write these influential laws.

And therein lies the irony:  Congress wrote these disclosure laws to help prevent public corruption and instill a sense of confidence in our public officials.  All staffers are obviously aware of them when they took their jobs.  So disclosure doesn’t seem to be the issue—it is the law, after all—but the dissemination that’s problematic.  Oh well, welcome to the internet age.  If congressional staffers really live in that much of a bubble where they think that they’re somehow exempt from close scrutiny in these politically polarizing times, then perhaps they’re as out of touch as some of the people they advise.

But the staffers have some legitimate concerns as well.  Some of the documents, which have since been redacted by the site, reportedly contained social security and bank account numbers.  Given the prevalence and ease of identity theft, this information obviously has to be removed prior to posting.  And if there is an instance of identity theft that can actually be traced back to the site (which is very unlikely), the site could conceivably be held liable.  There is such a thing as being too transparent.  While I may want to know if a staff member for a senator on the Finance Committee has large holdings in Fidelity, I don’t need to know the account numbers.  And we don’t want to dissuade smart, talented, and motivated people from joining the government if every conceivable detail of their financial lives is made public and widely disseminated.  Beyond these obvious concerns, however, sites like LegiStorm may help to keep Big Brother from getting too big . . . at least for a little while.

The court found that when each party typed his name at the end of his respective e-mail prior to sending it, this signified each party’s “intent to authenticate” the e-mail’s contents.  Thus, the e-mails fell within the scope of the modification provision of the employment agreement, and the contract was deemed to have been modified in accordance with the e-mail’s contents.

There’s nothing remarkable about this ruling.  It relates back to the standard caveat nowadays that parties need to be careful about what they put in their e-mails, as they can obviously impact legal rights.  In this instance, if the parties didn’t want the e-mails to be considered writings, they should have had an express provision in the employment agreement which excluded e-mails from modifying the contract.

In fact, provisions such as these are becoming increasingly common as more and more people communicate via e-mail.  It depends, however, upon the client.  I have several technology clients who prefer e-mails and pdfs to actual paper when communicating with just about everyone, including their customers, prospects, employees, contractors, and attorneys.  While this may be easier and more efficient, it’s also easy—given the daily deluge of e-mails—to delete or overlook them (especially if they get caught in spam filters).  Thus, for those of you who prefer to communciate this way, just be aware of the potential ramifications.

This isn’t the first time that the Street View feature has raised privacy concerns, both here or abroad, when it made its debut last year.  Still, the Borings’ suit illustrates the shape of things to come with respect to the growing conflict between privacy rights and First Amendment rights.  Expect more lawsuits like this, especially as sites like Google continually roll out more and more features to provide detailed and information-rich experiences for their users.

By and large, there’s no expectation of privacy on a public street, so Google hasn’t broken any laws.  Anybody and their property can be photographed on a public street at any time.  And the company does provide a means by which people can submit a request that certain images be removed.  Nevertheless, it’s still a bit creepy and just because a company has the right to do something doesn’t mean that it should do it.  Unless you’re Google—who has piles and piles of money.

Of course, the problem with suing the 800 pound gorilla is that the gorilla has the resources to fight back.  And Google isn’t exactly known for rolling over and writing large checks to make litigants go away.  But despite Google’s claim that there’s no merit to the lawsuit—a common response from the company—the Borings’ case may have some teeth to it.  It appears that Google may have trespassed onto the Borings’ property in order to take the picture.  If so, then Google may indeed be in the wrong.

Damages, however, are another matter.  Assuming that the Borings’ privacy was violated, it’s hard to see how a picture of their home—which has apparently since been removed by Google—has either devalued their property or caused them mental suffering (which usually has to be severe in order to be compensable).  So if there are damages here, they seem somewhat nominal in nature.  But as any trial attorney knows, when you have either a sympathetic plaintiff or,  as in this case, an unsympathetic defendant (or both),  and a potentially unpredictable jury which may have the ability to award punitive damages, discretion on Google’s part may indeed be the better part of valor.  So perhaps the case will go away quietly.  Until the next one pops up.

As an attorney who drafts these contracts, this article is much ado about nothing.  Yes, ISPs put all sorts of language into these agreements to make sure that their services are not abused by users.  But simply because an ISP has the right to read a user’s e-mail or block a user from accessing certain sites doesn’t mean that it will actually do so.  The article makes it sound inevitable.

An ISP, like every other business in America, is keenly aware of the public relations disaster that would result if it was disclosed that they routinely read their users’ e-mails, blocked access to websites, or simply terminated their users accounts due to overusage, without good cause.  They would quickly and perhaps permanently lose users as the media and blogosphere savaged them.  And as they know all too well, everything in cyberspace lives on indefinitely.

But think of the public relations disaster that would result if it was disclosed that an ISP was aware or suspected that a user was engaging in wide scale spamming, copyright infringement, or the downloading of child pornography.  Or that certain users were hogging bandwidth to the point that other subscribers’ service was affected, while the ISP took a laissez-faire attitude?  It’s not exactly a model of corporate responsibility in these post-Sarbanes Oxley times.  The blogosphere would again be buzzing, albeit for different reasons.  You’re damned if you do, and damned if you don’t.

Furthermore, some of these clauses are economic necessities.  The RIAA has begun targeting ISPs whose users engage in massive and sustained downloading of copyrighted music through their networks.  If an ISP suspects that a user is downloading copyrighted material and does nothing, it can be held liable for contributory copyright infringement in certain instances.  But by terminating the offending user’s account, it may insulate itself from liability.  The “fine print” of the contract allows an ISP to do so.

Is an ISP contract really that different from signing a lease with a landlord?  A landlord has the right to access your apartment with or without notice and can potentially invade your privacy.  A landlord puts certain restrictions as to how its property can be used and how many people can live in it.  And a landlord can evict you under the right circumstances.  While internet access is certainly important nowadays, so is having a place to live.  Yet many tenants have rules not unlike what their ISPs impose, but don’t assume that their landlords will exercise them indiscriminately.

So the contractual provisions such as those described in the article are not necessarily a bad thing.  It all depends upon the circumstances.  If an ISP does include a provision that a court finds to be unfair or onerous, it can be struck from the contract (to say nothing of the scrutiny the ISP would get from that state’s attorney general).  So it’s not as if an ISP can do anything it wants.  While it may sound like this is a case of “ISPs gone wild,” the simple fact is that—for the moment at least—this was an article in search of a story.  But when an ISP does overreach or overreact, I’m sure we’ll hear about it somehow.

According to the French health ministry, 90% of the country’s estimated 30,000 to 40,000 anorexics are young women, who are supposedly under constant pressure from the fashion, advertising, and movie industries to attain unhealthy weight levels.  No one will deny that encouraging young, impressionable girls to starve themselves, vomit, lie to doctors, and take appetite suppressants are bad things.  But the idea of trying to ban and fine websites—and jail the site operators—is a draconian cure that’s worse than the disease.

And talk about a slippery slope.  What’s next?  How about sites that encourage excessive weight gain? Or consumption of fried foods?  Or excessive exercise (surely that’s killed quite a few people)?  And how does one even define “excessive thinness” anyway, let alone “incitement”?  The French ban doesn’t have quite the same urgency to it as the “incitement to imminent lawless action” standard articulated by the Supreme Court in Brandenburg v. Ohio to ban certain speech in extraordinary situations.  While encouraging anorexia is appalling, it certainly doesn’t rise to the level of mandating censorship.  The French government may be asking the right questions, but it’s getting the wrong answers.

Of course such a law could never be passed in America.  Or rather, it could never go into effect.  It would be struck down by the courts so quickly on content discrimination, overbreadth, and/or vagueness grounds that the ink wouldn’t have time to dry.  Our democracy subscribes to the “marketplace of ideas” concept which provides that a free exchange of ideas will allow for the creation of the best policies and practices.  Quite simply, the cure for bad speech is good speech—or at least, more speech.  (While our government can curtail advertising for things such as smoking and alcohol, “commercial speech” is subject to some restriction and regulation.)

This isn’t the first time that France has demonstrated its tendency towards censorship.  In November of 2000, a French court ordered Yahoo! to stop selling Nazi memorabilia to French internet shoppers on auction sites due to France’s law that banned incitement of racial hatred.  (The French do like that “incitement” standard, don’t they?) Of course, this is the same country that passed a law banning the use of foreign words on television shows, radio broadcasts, business communications, and public service announcements if the French language had a “suitable local equivalent” which could be used instead.  What chutzpah!  What cojones!  Oh well, c’est la vie . . . .

It seems that Mr. Wallace, in his infinite wisdom, decided to ignore a California federal district court’s order that he turn over requested documents to MySpace, one of the many plaintiffs who have sued him over the years (including AOL, Concentric Network Corp.,  Compuserve, Bigfoot, and the Federal Trade Commission), and provide a deposition to MySpace’s counsel.  According to the complaint, Mr. Wallace ran a phishing scam on MySpace and spammed thousands of its users.  Some people will just never learn.

The Spam King claimed that he was unable to comply because he was unaware of the requests and court orders, as he doesn’t accept mail (why might that be?) and also stated that he had a difficult time finding counsel (yes, we lawyers are always reluctant to take on new clients during a recession).

The court didn’t buy it—no surprise there—and entered a default judgment against him.  Mr. Wallace is no stranger to default judgments:  He had previously been defaulted in May of 2006 in an action brought by the FTC and ordered to pay a fine of $4,089,500.  Moral of the story for Mr. Wallace:  Don’t break the law.  Moral of the story for everyone else:  Don’t ignore court orders.

In a separate recent spam case, Edward Davidson, who sent hundreds of thousands of e-mails with false headers, was sentenced to 21 months in prison and ordered to pay $715,000 to the IRS.  I suspect, however, that the bulk of the prison sentence was for the tax evasion charges, as it’s only a misdemeanor under the CAN-SPAM act to falsify header information.  Yet Mr. Davidson reportedly made at least $3.5 million sending out these e-mails.  And who says crime doesn’t pay?

While these cases are always satisfying to read, they are few and far between.  Spam is here to stay, regardless of the number of criminal prosecutions brought or default judgments entered.  First, the CAN-SPAM act only applies to spammers in the U.S.  A growing amount of spam is coming from overseas.  Most—if not all—of these foreign spammers are beyond the reach of U.S. law.

Furthermore, many American spammers are reportedly using foreign servers to send their spam into this country.  Of course, if they could be identified, then the CAN-SPAM Act could be used against them (but it probably wouldn’t stop them anyway—just ask Sanford Wallace).  But you have to identify them first, which is exceedingly difficult when the servers are located outside of the U.S.

So until the stakes for spammers increase substantially and other countries jump on the enforcement bandwagon, sending spam is still quite profitable—fines, penalties, and imprisonment notwithstanding.  Death penalty for spam, anyone?

The bill heads to the House floor for a full vote this summer.  The Senate version of the bill is currently in committee.  Even if it passes Congress, there’s no guarantee that the President will sign it into law.  The White House reportedly has “very serious concerns with the legislation.”  So a veto is still possible.

Not surprisingly, the bill is championed by the music and movie business, as well as by other industries that have a great deal invested in their intellectual property (“IP”).  However, the Department of Justice has serious misgivings about the bill, particularly when it comes to a White House official who could interfere with the DOJ’s independence in matters involving criminal enforcement of IP laws.

The DOJ is rightly concerned that such a position could become “easily politicized.”  But what can’t in Washington anymore?  The DOJ certainly isn’t immune either.  Remember the Alberto Gonzalez scandal last year regarding the politically-motivated firings of federal prosecutors who were not perceived as being loyal enough to the Republican party and the current administration?  So politics is inescapable.  It’s only a matter of degree.

But the DOJ has a point and common sense will hopefully prevail.  While the DOJ is obviously not immune from political pressure either, it’s certainly more immune than a White House official is—at least in theory.  And installing an official beholden to the concerns of certain industries only sends yet another message to empower special interest groups with large checkbooks.  At a time when election-year politicians, watchdog groups, and voters alike are decrying the massive influence of lobbyists, installation of an “IP Czar” will only serve to escalate the rhetoric.

Second, as a general matter, never trust the title of any position that has the word “czar” in it, even informally.  I regard that as somewhat—oh, what’s the word?— “undemocratic.”  Few will deny that IP theft and infringment threatens the viability of numerous industries.  But creating a special Cabinet-level position is not the answer.

Despite the House’s attempt to “clarify” and limit the czar’s role to “coordinat[ing] anti-piracy efforts across government” and not to “making policy,” what does this really mean from a practical perspective?  Wide scale coordination efforts seem to imply a certain amount of policy-making authority.  And historically, “czars” usually haven’t been subject to too much control.

Besides, why an “IP Czar” anyway?  Why not create an “Outsourcing Czar?”  With some studies estimating that 1 million to 2.5 million American jobs have been lost due to outsourcing, this issue affects far more people across many more industries.  Or how about a “Healthcare Czar?”  That’s an issue which affects everyone.  Oh yes, that’s right.  The common man has no lobbyist.  All we have are legislators.