The White House moved to protect what they call an “Identity Ecosystem” through a new cybersecurity initiative. On June 25th, a post on the White House blog called The National Strategy for Trusted Identities in Cyberspace proposed a system developed jointly by the government and private enterprise to simplify the management of online identities. The goal would be to have users’ online reputations vetted by a participating vendor, “vouching” for them across the Internet. For example, if a user is verified through Google or Facebook, she could simply use her login to simplify an Amazon or eBay purchase.

The idea is hardly new. OpenID has been working towards a similar goal for some time, partnering with some of the biggest names on the Internet. Google, Yahoo, Verisign, and WordPress all have incorporated the OpenID interface into their systems, giving users the option to use it along side or in place of their local logins. The Open ID website even has a page welcoming the government, linking to the the draft memo for the government’s program. The primary goals of both systems are being easy to use, cost-efficient, voluntary, and secure. The potential applications for the system include digital transactions, social media conformity, and allowing “anonymous” blogging.

The plan is not without its critics. The Department of Homeland Security set up a website allowing for user-rated commenting on the proposal; the top 5 all present compelling arguments against the system. The DHS comments focus more on the natural risk of centralizing users’ personal information and better informing the public on how to protect their information. However, there has been somewhat less discussion on how a system a system designed to verify one’s identity would preserve anonymity. But, as a few tech blogs have pointed out, it doesn’t. It merely shortens the subpoena’s trip from complainant to records custodian while facially preserving anonymity to the casual reader. But given the public’s indifference towards sharing their identity by using their Facebook accounts to log-in to various sites across the Internet, is it likely to be a concern?

The Protecting Cyberspace as a National Asset Act of 2010 has passed its first hurdle.  As SC Magazine reports, The Senate Homeland Security and Governmental Affairs Committee unanimously passed an amended version of the controversial cybersecurity bill by voice vote last week.  The bill, introduced by Sens. Joe Lieberman (I-CT), Susan Collins (R-ME) and Tom Carper (D-DE), grants emergency power over critical infrastructure to the President, as well as creates cybersecurity offices in both the White House and U.S. Department of Homeland Security.  The bill’s next stop is the full Senate floor.

Critics of the bill continue to voice their opposition, believing the legislation gives the president an Internet “kill switch.” The American Civil Liberties Union, Center for Democracy and Technology, as well as numerous other privacy groups, recently sent a letter to Lieberman and other lawmakers detailing their concern.  The groups state in the letter that “while the bill makes it clear that it does not authorize electronic surveillance beyond that authorized in current law, we are concerned that the emergency actions that could be compelled could include shutting down or limiting Internet communications that might be carried over covered critical infrastructure systems.”  The groups state that the bill fails to define critical infrastructure and thus there are concerns that “it includes elements of the Internet that Americans rely on every day to engage in free speech and to access information.”

However, according to a fact sheet about the bill issued by Lieberman and Collins, the President already has broad authority in the communication realm.  They say this is articulated in The Communications Act of 1934, which provides “nearly unchecked authority to the President” to close any wire communication facility or station.  Specifically, the President does not have to give advance notification to Congress to exercise his power, which can last up to six months after the “state or threat of war” has expired

The current legislation, on the other hand, will limit this authority and make it “far less likely” for a
president to use this power.  “[The cybersecurity bill] would bring presidential authority to respond to a major cyber attack into the 21st century by providing a precise, targeted and focused way for the president to defend our most sensitive infrastructure,” Lieberman and Collins state in the fact sheet.  Under the new bill, the president’s authority is limited to 30-day increments and may be extended beyond 120 days only with Congressional approval.  Additionally, the president must use the “least disruptive means feasible” in his response and his authority does not authorize the government to “take over” critical infrastructure.

In a June 11th ruling, the U.S. Court of Appeals for the Federal Circuit upheld a lower court’s holding in Advanced Magnetic Closures, Inc. v. Rome Fastener Corp that a patent was unenforceable because of inequitable conduct.  The court found that both the materiality and intent prongs required for inequitable conduct were met when a company owner falsely identified himself as the sole inventor of a patent, while withholding the identity of the true inventor.  In the opinion, Judge Gajarsa reaffirmed that “when named inventors deliberately conceal a true inventor’s involvement, the applicants have committed inequitable conduct and the patent is unenforceable even as to an innocent co-inventor.”

Quoting Frank’s Casing Crew & Rental Tools, Inc. v. PMR Techs., Ltd., the court also said “[m]isdeeds of co-inventors, or even a patent attorney, can affect the property rights of an otherwise innocent individual.”  In addition to ruling that the patent was unenforceable, the court affirmed an award of attorney’s fees and interest in the amount of approximately $1.5 million dollars to be paid by the company.

In Advanced Magnetic Closures, Inc. v. Rome Fastener Corp., the true inventor alleged that the company owner did not list him on the patent application because the company owner believed that the true inventor’s consulting agreement with a former employer would have caused the invention to be assigned to a different entity.  It is unambiguous that, under 35 U.S.C. 102(f), a person is entitled to a patent unless “he did not himself invent the subject matter sought to be patented.”  This recent Federal Circuit ruling makes it clear that a proper determination of inventorship is essential to ensuring that a patent is valid and enforceable.  Even if the inclusion of an inventor may have a potentially adverse effect, if that person is, in fact, an inventor, then it is incumbent upon any co-inventors and the prosecuting attorney or agent to ensure that they are listed on the patent application.

Harriton High School is Pennsylvania has been using laptop webcams for a new, unconventional reason, at least according to parents. One  family has alleged that the school was using the webcam to spy on their fifteen year old son. Of course, this accusation has created a frenzy with the other parents, the school district, and civil liberties groups. One family submitted a motion to Judge Jan DuBois requesting a restraining order against the activation of the webcam which they refer to a “peeping tom technology”. The complaint further states that the school periodically turns on the cameras on the computers to monitor the student and their usage of the computer issued by the county and that “many of the images captured and intercepted may consist of images of minors and their parents or friends in compromising or embarrassing positions, including, but not limited to, in various stages of dress or undress.” The school has insisted that the camera is only turned on if the laptop was lost or stolen in order to find the missing equipment.

The Robbins’ motion was prompted by their son being accused by the assistant principle of Harriton High of taking and selling drugs. The student claims that he was eating candy but the school says that using images of the student from the webcam, they witnessed the drug handling. The Robbins said that their child was at home while using a computer that was not reported as lost or stolen and that pictures were taking of him without the permission of his parents while he was at home.

In China, sale of counterfeit gift cards to Apple’s iTunes digital media service have grown significantly over the last six months. The “cards” are just a code, which cracks the formula used by Apple to generate the large alphanumeric string that is typed into an account to redeem it for credit. The cards are currently on sale for as little as $2.60 US for a card worth $200 of products on iTunes. Apple’s problem is twofold, due to the nature of the iTunes system. Apple can’t simply pull the plug and invalidate the counterfeit codes without potentially invalidating an unknown number of actual gift cards- many of which may have already been solid legitimately. Apple also faces hight potential cost of licensing fees for the downloads made using these counterfeit cards, for which Apple receives no revenue.

The US District Court of Southern California recently issued a permanent injunction shutting down Qchex, an online bank check creation service. The idea behind Qchex was that account holders could use Qchex to create and draw checks on any bank account.to third parties for licensing, sale or merger”: possibly to pay off the $535,000 disgorgement of profits that are also part of the court’s ruling.

However, the Qchex system, which included a step to check whether or not the Qchex account holder and the actual bank account holder were the same person, was woefully inadequate. While Qchex would shut down individual accounts and ban IP addresses for “unusual behavior”, it had no true verification procedure in place to establish authority over an account.

As a result, the service was used for widespread fraud.  Users illegally drew checks from third parties, where the checks would initially clear, but later bounce, leaving people’s bank accounts frozen for investigation while they escaped with the goods. There were also cases over overcharging scams.  These involved writing a Qchex check for more than the payment required, coupled with a request to transfer back the extra money. The scammer would pocket the cash sent after the inital check cleared, and vanish before it fully bounced.

Currently, The Qchex site is shut down for “restructuring” as they intend to continue the legal fight.  In the meantime, they are offering their technology “