huridocs-tech GILC NEWS ALERT, 25 January 1999

GLOBAL INTERNET LIBERTY CAMPAIGN (GILC) NEWS ALERT
January 25, 1999

Current News Items:
[1]  France Removes Restrictions on Encryption
[2]  Hearing for Injunction begins this Week in ACLU v. Reno II
[3]  Code-Breaking Contest Won Again by EFF, Distributed.Net
[4]  China Jails Computer Engineer Accused of  Subversion
[5]  Court Upholds Calif. Library's Uncensored Net Access Policy 
[6]  India May Prohibit Purchase of Weak U.S. Crypto Products
[7]  China to Regulate Internet Access Cafes
[8]  Guyanese Government Will Permit Unfiltered Net Access
[9]  UNESCO Holds Meeting To Limit Spread of Online Child Porn
[10] EF Australia Posts Uncensored Crypto Report
[11] Report On Implementation of Privacy Directive Online
[12] Norwegian Supreme Court Finds Hacking Not Illegal

============================================================
[1] France Removes Restrictions on Encryption
============================================================

French officials this week announced dramatic liberalization of its
cryptography laws and that it will allow Gallic computer users to work with
any strength of encryption technology, Meryem Marzouki  (a GILC Member)
said.  

Some civil libertarians praised the change, but added that there is a
downside to the new law since law enforcement will be provided expanded
surveillance authority under the changes.

Until now, France has had restrictive encryption laws, criminalizing any
unauthorized use of crypto-products and only permitting use of weak
products without government authorization with only 40 bit strength.
According to French civil  liberties groups, there has been a broad range
of pressure from privacy advocates, users and businesses that the French
restrictions on cryptography not only infringe on privacy, but also deter
the growth of electronic commerce because it is not secure.  Moreover,
pressure to change the French policy also came from other EU member
countries that have a more liberalized approach. 

In the announcement made by Prime Minister Jospin, he said that until new
legislation is in place, the level for free use of encryption inside France
would be raised administratively from the current 40-bit level to 128 bits
effect immediately.

Jospin announced that his administration would send forward proposed
legislation allowing complete freedom in the use of all cryptography,
abolishing the requirement to use trusted third
parties, and providing instead increase funding for the police, combined
with enhanced authority to demand plaintext in the course of an investigation.

“We acquired the conviction today that the legislation of 1996 is not
adapted any more.  Indeed, it strongly restricts the use of cryptology in
France, without allowing besides for the public
authorities fighting as much effectively against criminal intrigues whose
encryption could facilitate the dissimulation,” Jospin said.

Information about the changes can be found online at: 
	<http://www.premier-ministre.gouv.fr/PM/D190199.HTM>
Also at 	<http://www.internet.gouv.fr>

To learn more about Cryptography regulations from all over the world, see
the Global Interent Liberty Campaign’s Report: Cryptography and Liberty: An

International Survey of Encryption Policy. A world survey of crypto
policies released in February 98 finding that most countries do not
restrict the use of encryption. Online at:
	<http://www.gilc.org/crypto/>

============================================================
[2] Hearing for Injunction Held Last Week in ACLU v. Reno, Round 2
============================================================

A three-day hearing was held last week before federal Judge Lowell A. Reed,
Jr. in Philadelphia in GILC members, including the American Civil Liberties
Union’s  (ACLU’s)  battle  against a second Congressional attempt at
unconstitutional Internet censorship.

The ACLU spent the first day-and-a-half to present expert and other
witnesses and plaintiffs; attorneys for the Department of Justice had the
next day-and-a-half.  A ruling is expected by February 1, when an agreement
to suspend the law expires. In November, Judge Reed halted enforcement of a
federal Internet censorship law until its constitutionality is resolved in
court.
	
ACLU v. Reno II, as the new case is called, was filed by the American Civil
Liberties Union (ACLU) with the Electronic Privacy Information Center
(EPIC), the Electronic Frontier Foundation (EFF) and volunteer lawyers as
co-counsel on behalf of 17 individuals and organizations.  All three
organizations are members of GILC.  Complete information about the case,
including the latest legal documents and the ACLU and government witness
lists, are available on the ACLU website at <http://www.aclu.org>

This second round challenges the new so-called "Child Online Protection
Act" which makes it a federal crime to "knowingly" communicate "for
commercial purposes" material considered "harmful to minors." Penalties
include fines of up to $50,000 for each day of violation, and up to six
months in prison if convicted of a crime. The government also has the
option to bring a civil suit against individuals under a lower standard of
proof, with the same financial penalty of up to $50,000 per violation.

Despite lawmakers' claims that the new bill is "narrowly tailored" to apply
only to minors, ACLU Staff Attorney Ann Beeson said that the constitutional
flaws in this law are identical to the flaws that led the Supreme Court to
strike down the original CDA.  

"Whether you call it the 'Communications Decency Act' or the 'Congress
Doesn't Understand the Internet Act,' it is still unconstitutional and it
still reduces the Internet to what is fit for a six-year-old," said Beeson,
a member of the original ACLU v. Reno legal team.

Although proponents claim that the law applies only to commercial websites,
nonetheless, the groups said in legal papers, the law "bans a wide range of
protected  expression that is provided for free on the Web by organizations
and entities who also happen to be communicating on the Web 'for commercial
purposes.'"

In the November ruling granting a temporary restraining order, Judge Reed
said that the groups had shown "a likelihood of success on the merits of at
least some of their claims" that the federal Internet censorship law
violates the First Amendment rights of  adults. The government, Judge Reed

said, presented "no binding authority or persuasive reason" why the court
should not enjoin "total enforcement" of the law pending an outcome. 

============================================================
[3] Code-Breaking Contest Won Again by Distributed.Net, Electronic Frontier
Foundation 
============================================================

Distributed.Net, a worldwide coalition of computer enthusiasts along with
the Electronic  Frontier Foundation's (EFF) "Deep Crack," specially
designed supercomputer,  and a network of nearly 100,000 PCs on the
Internet, together won a competition to crack information coded with the
United States government's  Data Encryption Standard (DES) in a
record-breaking 22 hours and 15 minutes.

The groups beat the record set last year by the EFF computer alone which
won the RSA Data Security's DES Challenge breaking the DES code in 56 hours.

The  DES  algorithm is commonly available technology first adopted by the
US government in 1977.  The 56-bit DES algorithm is still widely used by
financial services and other industries worldwide to protect sensitive
on-line applications, despite growing concerns about its vulnerability. 

More than two dozen international organizations that are members of GILC
launched a campaign against restrictions on cryptography to 56-bit DES,
because it is a weak standard and stating that strong encryption is vital
to promoting human rights. 

“[The] failure to protect the free use and distribution of cryptographic
software will jeopardise the life and freedom of human rights activists,
journalists and political activists all over the world,” GILC members said
in the RESOLUTION IN SUPPORT OF THE FREEDOM TO USE CRYPTOGRAPHY, online at:
<http://www.gilc.org/crypto/oecd-resolution.html>.

RSA has been sponsoring a series of DES-cracking contests to highlight the
need for encryption stronger than the current 56-bit standard widely used
to secure both U.S. and international commerce. 

"As today's demonstration shows, we are quickly reaching the time when
anyone with a standard desktop PC can potentially pose a real threat to
systems relying on such vulnerable security," said Jim Bidzos, president of
RSA Data Security, Inc. "It has been widely known that 56-bit keys, such as
those offered by the governmentá ás DES standard, offer only marginal
protection against a committed adversary."

As part of the contest, RSA awarded a $10,000 prize to the winners at a
special ceremony held during the RSA Conference. The goal of this DES
Challenge contest was not only to recover the secret key used to
DES-encrypt a plain-text message, but to do so faster than previous winners
in the series. 

"EFF believes strongly in providing the public and industry with reliable
and honest evaluations of the security offered by DES. We hope the result
of today's DES Cracker demonstration delivers a wake-up call to those who
still believe DES offers adequate security," said John Gilmore, EFF
co-founder and project leader. 

"The government's current encryption policies favoring DES risk the
security of the national and world infrastructure." 


The Electronic Frontier Foundation began its investigation into DES
cracking in 1997 to determine just how easily and cheaply a hardware-based
DES Cracker (i.e., a code-breaking machine to crack the DES code) could be
constructed. Less than one year later and for well under U.S. $250,000, the
EFF, using its DES Cracker, entered and won the RSA DES Challenge II-2
competition in less than 3 days, proving that DES is not very secure and
that such a machine is inexpensive to design and build.

============================================================
[4] China Jails Computer Engineer Accused of Subversion
============================================================

A Chinese court on Wednesday (January 20) sentenced a software engineer
accused of using the Internet for the purpose of  "inciting to overthrow
state power" to two years in jail, Reuters reports.

Lin Hai, a Shanghai software engineer, was arrested last March after
sending 30,000 Chinese email addresses to VIP Reference, an Internet
pro-democracy newsletter based in Washington and New York. In December, a
Shanghai court adjourned without delivering a verdict on Lin.

Lin’s wife criticized the sentence as being harsh even though his sentence
is shorter than the decade-long terms issued against other dissidents,
Reuters reports.

The publication that Lin is accused of sending email addresses to is VIP
Reference, a publication that is based in the US and distributes reports on
dissident activities, human rights, and essays in the promotion of freedom
of speech and democracy to more than 250,000 email addresses in China.

Lin previously pled not guilty to a charge of inciting subversion of state
power by providing local email addresses to a U.S.-based dissident
publication.  In December, he told the court hat he is not a member of the
VIP Reference network, which court documents describe as a hostile foreign
organization.

Before the December hearing, members of GILC, launched an online action
alert campaign on behalf of Lin and other scientists and dissidents jailed
in China.  In addition to the online action alert, GILC member, the Digital
Freedom Network (DFN) also has further information about Lin on their web
site at: 	<http://www.dfn.org/Alerts/freesci/freesci.html>

The full Reuters article is online at:
<http://dailynews.yahoo.com/headlines/wr/story.html?s=v/nm/19990120/wr/china
_8.html>

============================================================
[5] Court Upholds Calif. Public Library's Uncensored Net Access Policy 
============================================================

In a ruling endorsing on-line free speech in libraries, the Alameda County
Superior Court last week (January 14, 1999) dismissed a lawsuit seeking to
require the Livermore Library to censor Internet use by patrons. The ruling
in Kathleen R. v City of Livermore marks the second time that the court has
rejected an attempt by Kathleen R. to force the Livermore library to
abandon its open access policy governing Internet use. 

"The court's ruling ... sets an important precedent for libraries in
California and across the nation," said Ann Brick, staff attorney with the

American Civil Liberties Union of Northern California, (a GILC member) who
filed a friend of the court brief in support of the library. "By upholding
the Library's open access policy, the court not only vindicates the
judgment of the library board in adopting the policy, it vindicates the
First Amendment values on which the policy rests." 

Last October, the Alameda County Superior Court dismissed the lawsuit's
original complaint in which Kathleen R. argued that the library's open
access policy constituted a public nuisance. In her amended complaint,
Kathleen R. claimed she had a constitutional right to force the library to
discontinue its open access policy. Following a hearing on January 13,
Judge Hernandez dismissed the second complaint today, stating that no
further amended complaint could be submitted to the court, thereby
dismissing the entire lawsuit. 

The Livermore Public Library's policy on Internet use specifically informs
its patrons that material available over the Internet may be controversial,
that the library is not responsible for the content of material available
on the Internet, and that parents are responsible for supervising the
Internet use of their children. "The library's policy is sensitive both to
First Amendment concerns and the concerns of parents," Brick noted. 

"It enables each family to be sure that its children use the
Internet in a manner that is consistent with its own values without
imposing those values on other families." Brick noted that this position
has long been espoused by the American Library Association and the majority
of libraries across the country. 

============================================================
[6] India May Prohibit Purchases of Weak U.S. Encryption Products
============================================================

India’s Defense Research and Development Organization (DADO) has announced
that it may prohibit the purchase of encryption software made in the US
because the products are too weak, the Economic Times reports (January 12,
1999).

The reports state that "the DADO's concern about US-developed software
stems from one basic insecurity - the data traffic and network security
software that comes from the US can be easily
hacked into and could prove to be a security hazard."

Because US software vendors can export only encryption software products
with 56 bit strength, the Indian government said the quality of US products
exported to India are á ádoubtful from a "security point of view."

Indian officials have also said that they are developing an indigenous
secure communications tools within the next few months, so as to obviate
the need for American products.

The full article is online at: <http://www.economictimes.com/120199/lead2.htm>

==========================================================
[7] China to Regulate Internet Access Cafes
==========================================================

China has ordered tight controls on Internet cafes offering public access
to stop the spread of pornography and gambling, Reuters reports. 

Businesses providing online services must register with local officials
providing details about their business operations, including the names of

all Web surfers using the company's computers under a new directive,
according to Reuters. 

``Some business operators are using the bars as a front to engage in
gambling or pornography,'' a recent Chinese Ministry report said.
''Authorities believe this is posing a threat to the hearts and minds of
the youths."

According to recent estimates, the number of Chinese online has grown two
more than two million, however, the growth has also been accompanied by
government concerns about social threats because of  access to online
communications and has increased crack downs against users.

============================================================
[8] Guyanese Government Will Permit Unfiltered Net Access
============================================================

Citing a commitment to free expression, the Guyanese government announced
this week that it is lifting restrictions requiring content blocking of any
information about sex, racism and explosives from users based in this South
American country, according to the Associated Press.

In 1995, when high speed Internet first became available in Guyana, former
President Cheddi Jagan required filtering and blocking devices to be
installed in order to prevent the growth of "immoral content" and the adult
industry in the region.  

However, according to the Associated Press report, about one-third of the
Guyana Telephone and Telegraph Co.'s income comes from international sex
lines. 

In order to circumvent the blocking firewall, users had to apply for
permission to use unfiltered technology. The AP report also stated that
Guyanese users complained that faulty filters  blocked content about AIDS,
anti-racism sites and the US Independent Counsel's Report by Kenneth
Starr's urging the impeachment of President Clinton.

Last September, GILC released a report "Regardless Of Frontiers: Protecting
The Human Right to Freedom of Expression on the Global Internet," that
concluded that the Internet's uniquely open, global, decentralized and
user-controlled nature, the Universal Declaration of Human Rights and other
international human rights agreements should be read as offering especially
strong protection to freedom of expression on-line.
<http://www.gilc.org/speech/report/>

For more information, see the "Statement on Filtering, Ratings Systems and
the Impact of Self-Regulation and Filtering on Human Rights to Freedom of
Expression" to the OECD by various members of GILC. The statement discusses
to role of ISPs, anonymity, self-regulation and freedom of expression.  

	<http://www.gilc.org/speech/ratings/gilc-oecd-398.html>

============================================================
[9] UNESCO Holds Meeting To Limit Spread of Online Child Porn
============================================================

Representatives from around the world gathered this week for a two day
conference in Paris to discuss how to combat online child pornography.  

The conference was organized by the United Nations Educational Scientific
and Cultural Organization (Unesco), which called for new laws to reduce
child pornography and for greater participation by Internet Service

Providers in monitoring and removing such content. 

Officials at the meeting said that one obstacle to curtailing child
pornography on the net is that there is no uniformity in national laws
dealing with dissemination of such images.

According to news reports, UNESCO officials called for the design of
filtering search engines to block access to sites that contain child
pornography and for the creation of a global group to monitor content.

However, even without new legislation, law enforcement officials have
stepped up efforts against individuals disseminating child pornography
online in the past two years and have arrested hundreds of suspects.
Numerous arrests against alleged offenders have been made as a result of
sting operations where police have posed as customers wishing to purchase
such images or as minors.

============================================================
[10] Electronic Frontiers Australia Obtains Uncensored Govt Crypto Report
============================================================

Electronic Frontiers Australia (EFA) has obtained access to an uncensored
copy of the Australian Government's report "Review of Policy relating to
Encryption Technologies." The report was originally slated for release in
1997 but withdrawn by the government after it was printed because of
"sensitive" information it contained.   

The report had been commissioned by the Attorney-General's Department to
open up the cryptography debate in Australia.

Last year EFA's request for a copy of the report under the Australian
Freedom of Information Act, was rejected for law enforcement, public safety
and national security reasons.  Eventually, EFA obtained a censored copy in
June 1997, with the allegedly sensitive portions whited out. 

Among the items that were censored in the version sent to EFA (which are
now available)  are: 

Paragraphs censored for reasons of national security, defense or
international relations: a statement that there are "design flaws" in US
and British key recovery proposals; an opinion that export controls are of
dubious value; commentary that US agencies sought to dominate public
discussion of encryption policy. 

Paragraphs censored because they are classified as "internal working
documents": a recommendation that "hacking" by law enforcement agencies
should be above the law; recommendation that authorities be given the power
to demand encryption keys, in contravention of the principle of non
self-incrimination.

The full version of the report is now online at:
<http://www.efa.org.au/Issues/
Crypto/Walsh/index.htm> The originally censored parts are highlighted in red.


============================================================
[11] Report On Implementation of Data Privacy Directive Available Online
============================================================

A report prepared over the course of a year by four privacy experts
(Charles Raab, Colin Bennett, Nigel Waters and Bob Gellman) and for the
European Commission on the implementation of Articles 25 and 26 of the EU
Data Protection Directive is available online.


The report contains 30 empirical case studies of the international transfer
of personal data from Europe to 6 jurisdictions (Canada, US, Japan,
Australia, New Zealand, Hong Kong).   These cases represent five different
transfer categories: sensitive information in airline reservations systems;
human resources data; electronic commerce; medical data; and subcontracted
outsourcing.  For each transfer, we gained the collaboration of certain
partner organizations to give us a realistic sense of the nature of the
personal data transferred and the means of communication.   We then made
certain evaluations about the "adequacy" of protection according to a
common evaluative methodology.

The final report entitled "Application of a methodology designed to assess
the adequacy of the level of protection of individuals with regard to
processing personal data" has just been published and can be found under
the "Reports" section at:
<http://europa.eu.int/comm/dg15/en/public/index.htm#5>

Autrans, France (January 8, 1999) -- The Internet Society France plans to
sponsor a "virtual" session of parliament this March to vote on a law
governing the Internet during the second-annual Fete de l'Internet, French
Internet Day.

The idea is to allow all interested Internet users to participate in the
entire process of drafting, revising and passing a law, ISOC France said in
a statement. The French senate, which is working alongside ISOC to put on
the event, will then pass a mock law, based on user input.

Through ISOC France's Web site, Internet users can participate in drafting
the mock law, which will be aimed at creating a new structure for governing
the Internet. During the drafting process, participants will target issues
such as data privacy, intellectual property rights, consumer protection,
the regulation of encryption and the use of the Internet to spread illegal
and indecent content.

After an initial draft of the law is presented later this month, users can
also participate in the amendment process. The idea is to get people
thinking about how existing laws concerning the Internet France should be
adapted, ISOC said.

The real-world event, called "Internet Law: Conquering a Global Village,"
will take place March 19 to March 29.

ISOC France http://www.isoc.asso.fr/ France's Internet Festival

http://www.isoc.asso.fr/fete99/index.html

[for the entire story, look at

http://www.sunworld.com/swol-01-1999/swol-01-if.html?0118a ]

==========================================================
[12] Norwegian Supreme Court Finds Hacking Not Illegal
==========================================================

Norway’s Supreme Court ruled last week that is not a crime to attempt to
break into another person’s or entity’s computer system, USA Today reports
( January 14, 1999).

However, the Court did found that it is a crime once a person has actually
broken into a computer system without authorization. The ruling is a result
of an attempt by a computer security company to break into the University
of Oslo's computers through the Internet.  

According to USA Today, the security company determined where there are
entry points in the university's computer security, but did not break in,

tamper with, or steal any information.

==========================================================
	ABOUT THE GILC NEWS ALERT:
==========================================================

The GILC News Alert is the newsletter of the Global Internet Liberty
Campaign, an international coalition of organizations working to protect
and enhance online civil liberties and human rights.
Organizations are invited to join GILC by contacting us at gilc@gilc.org.
To alert members about threats to cyber liberties, please contact members
from your country or send a message to the
general GILC address. 

To submit information about upcoming events, new activist tools and news
stories, contact: A. Cassidy Sehgal-Kolbet <csehgal@aclu.org> American
Civil Liberties Union 125 Broad Street 17th
Floor, New York, New York 10004  USA

More information about GILC members and news is available at
<http://www.gilc.org/>. You may re-print or redistribute the GILC NEWS
ALERT freely.  To subscribe to the alert, please send an mail to
gilc-announce@gilc.org with the following message in the body:   subscribe
gilc-announce 

========================================================
PUBLICATION OF THIS NEWSLETTER IS MADE POSSIBLE BY A
GRANT FROM THE OPEN SOCIETY INSTITUTE (OSI)
========================================================


----------------------------------
Send mail for the 'huridocs-tech' list to 'huridocs-tech@hrea.org'.
Mail administrative request to 'majordomo@hrea.org'.
For additional assistance, send mail to: 'owner-huridocs-tech@hrea.org'.
Archives of previous messages posted to the list can be found at:
http://www.human-rights.net/huridocs-tech.