The Federal Trade Commission announced the release of a new Final Rule regarding the "Definitions and Implementation Under the CAN-SPAM Act" on May 12, 2008, which revises the Code of Federal Regulations implementing rules regarding CAN-SPAM, 16 C.F.R. Part 316. While largely reinforcing its observations in its Notice of Proposed Rulemaking, the Commission adopted a few new interpretations of defined terms, and offered some insight regarding CAN-SPAM implementation. The Commission:

1. Clarified that the definition of "person" includes organizations, commercial and non-profits alike;

2. Addressed scenarios where a single commercial e-mail contains advertisements for the products or services of multiple entities, and clarified who would be the "sender" of such an e-mail;

3. Addressed affiliate marketing schemes, and in certain situations extended CAN-SPAM liability to marketing entities and sellers whose affiliates send unsolicited commercial messages that violate CAN-SPAM.

4. Permitted the use of Post Office boxes and private mail boxes to satisfy the "valid physical postal address" requirement of CAN-SPAM, provided that the boxes are accurately registered pursuant to postal regulations;

5. Reiterated that recipients of commercial e-mail messages may not be charged a fee or any form of consideration to opt-out of future mailings, and should be required to provide no more personal information than their e-mail addresses to exercise their opt-out options.

6. Discussed "forward-to-a-friend" programs, and potential CAN-SPAM liability of a seller that includes such functionality on its Web site.

The Final Rule becomes effective 45 days after its publication in the Federal Register.

Perkins Coie Partner Al Gidari was quoted Monday in a story focusing on NeuStar, a company that runs a digital directory for telephone companies. The story explains how the FBI sought access a few years ago to one of NeuStar's databases that "contained 310 million phone numbers in the United States and Canada."

The Administrator of U.S. Courts has released the 2007 Wiretap Report, and the number of wiretaps is up 20% over 2006.  But the real story is that the increase was fueled by state wiretaps; federal wiretaps actually decreased.  The Wiretap Report is published each year, and it never fails to disappoint.  Read the full post for the details....

The article, entitled "ISPs, Not Government, to be Affected by Holding," discusses the impact of the ruling in New Jersey v. Reid.

Author Declan McCullagh blogged on proposals for warrantless surveillance of the Internet presented by FBI Director Robert Mueller and Republican Representative Darrell Issa of California at a hearing on Capitol Hill. Gidari raised the issue of how such a plan will conflict with more restrictive state laws.

The Ponemon Institute has released the “Consumer's Report Card on Data Breach Notification.” This study of 1,795 people indicated that 31 percent said they terminated their relationship with the organization after learning that their personal information may have been released as a result of a data breach. 26 percent of respondents took no action after being notified and 57 percent said they lost trust and confidence in the organization.

Other key findings are:

• 63 percent of survey respondents said notification letters they received offered no direction on the steps the consumer should take to protect their personal information;
• 55 percent of respondents had been notified of two or more data breaches in the previous 24 months;
• More than 55 percent of respondents state that the notification about the data breach occurred more than one month after the incident;
• More than 50 percent of respondents rated the timeliness, clarity, and quality of the notification as either fair or poor;
• Less than one-third of respondents said that the organization offered services to protect them from further harms; of those who opted into such services, 97 percent rated them good to excellent; and
• Two percent of respondents that had been notified of a data breach experienced identity theft as a result of the breach, while 64 percent were unsure if they were a victim of identity theft. 

The New York Times recently reported on a sophisticated phishing scheme that targets executives by sending them what appears to be an official subpoena. The email includes an embedded link that purports to offer a copy of the entire subpoena, but which, when clicked, actually downloads keylogger software as well as software that permits remote control of the compromised computer. The New York Times article can be found here. A related article from SC Magazine can be found here. While the scheme is a sophisticated example of social engineering, all employees and particularly executives should be informed that (1) subpoenas are not served by email and (2) all suspect emails should be forwarded to IT before clicking an any links.

In Avila v Valentin-Maldonado, 2008 WL 747076 (D. Puerto Rico March 19, 2008), the court refused to dismiss plaintiffs' claim that defendants' surreptitious video surveillance of their locker-break room infringed upon their reasonable expectation of privacy secured by the Fourth Amendment.

The article, "FBI Data Transfers Via Telecoms Questioned," describes little-known electronic connections between telecommunications firms and FBI monitoring personnel. 

Long before today’s debates over changing the Foreign Intelligence Surveillance Act, another wiretapping feud, between government in one camp and technology and civil liberties groups in the other, helped shape the balance of power in the Information Age.  Perkins Coie Partner Al Gidari is quoted in this article on the government's role in the development of standards for CALEA (Communications Assistance for Law Enforcement Act).