California Anti-Phishing Law–Cal. B&P Code Sec. 22948

By Eric Goldman Going through my stack, I came across Cal. Business & Professions Code Sec. 22948-22948.3 (SB 355), California’s recently enacted anti-phishing law. In general, compared to other state anti-Internet behavior laws, this law is relatively targeted and unobjectionable….

Law Enforcement Collection of DNA

Recent legislative activity in the US Senate has brought some press attention to the touchy issue of DNA collection by law enforcement. Similar proposed and passed DNA legislation at the state and federal levels over the last several years has also drawn court challenges. As a result, a fair number of court opinions on the suject exist, enough to allow a quick look at the legal countours and legislative status of DNA collection laws.

Anti-Phishing Warning Protected by 47 USC 230

By Eric Goldman Associated Bank Corp. v. EarthLink, Inc., No. 05-C-0233-S (W.D. Wis. Sept. 13, 2005). [BNA subscription required] EarthLink’s “ScamBlocker” incorrectly identified Associated Bank’s website as a phishing site, so users trying to access the website saw a huge…

Jill, Meet Best Buy’s Friendly Human Shopbot/Profiler

I’m a little surprised this article hasn’t generated more discussion. Last week, the Washington Post ran an article about Best Buy’s efforts to segment and target its customer base. They have developed a set of consumer profiles that they describe…

Bellia on Spyware, and Searcy v. Microsoft

Patricia Bellia of Notre Dame Law School recently posted a paper on spyware and surveillance laws, Spyware and the Limits of Surveillance Law. She challenges those who believe that the Electronic Communications Privacy or the Computer Fraud and Abuse Act…

Search Engines and Privacy…AGAIN?!

News.com and the Associated Press both ran stories last week about the possible ways that Google aggregates user data in a way that theoretically threatens privacy. Hmm…this sounds familiar…haven’t we heard this story before? Yes, only about a thousand times….

FTC Settles Another Case for Failure to Use Reasonable Security

In the Matter of BJ’s Wholesale Club, Inc., File No. 042 3160. The FTC settled with BJ’S Wholesale Club over BJ’s allegedly deficient security practices. This is the second settlement of its nature in three months (the last being an…

FTC Commissioner: “Somebody has got to pay”

FTC Commissioner Orson Swindle goes off about corporate data security practices. Internet News quotes him as saying “industry has, to a great extent, been irresponsible, and somebody has got to pay.” The article also quotes him as saying the lax…

BNA on Mandatory Disclosure Laws

BNA (registration required) runs an article recapping state-level activity on mandatory security breach notification laws. Seven states (Arkansas, California, Georgia, Indiana, Montana, North Dakota, and Washington) have adopted laws, and Florida is expected to join this list soon. The laws…

Congress Mulls Mandatory Security Breach Disclosure Law

Congress is discussing a national mandatory security breach notification law. In a minor surprise, at least one legislator, Rep. Oxley, is asking the right questions. He observes: “consumers may begin to ignore those notices as just that many more pieces…