GILC Alert Volume 4, Issue 2 February 22, 2000 Welcome to the Global Internet Liberty Campaign Newsletter. Welcome to GILC Alert, the newsletter of the Global Internet Liberty Campaign. We are an international organization of groups working for cyber-liberties, who are determined to preserve civil liberties and human rights on the Internet. We hope you find this newsletter interesting, and we very much hope that you will avail yourselves of the action items in future issues. If you are a part of an organization that would be interested in joining GILC, please contact us at <gilc@gilc.org>. If you are aware of threats to cyber-liberties that we may not know about, please contact the GILC members in your country, or contact GILC as a whole. Please feel free to redistribute this newsletter to appropriate forums. ====================================================================== Free Expression [1] Hollywood seeks ban on DVD web links [2] China: "Big Mama" is watching [3] Burma silences political sites [4] British Telecom to cloister controversial sites? [5] Australia: restrict domain names [6] Africa Online expands [7] Secret censorship software revelations [8] Upcoming Internet free expression conference [9] Future Euro E-commerce meetings Privacy and Encryption [10] DoubleClick may have tracked 90 million U.S. households [11] E-commerce sites attacked [12] EU members resume ECHELON debate [13] New British surveillance scheme [14] Russian gov't expands Net tapping [15] Italy mediates data privacy dispute [16] Renewed push for ENFOPOL [17] Report: data insecurity hurts e-commerce [18] Study: E-firms want money more than privacy [19] New software "shredder" for old e-mail ====================================================================== [1] Hollywood seeks ban on DVD web links ====================================================================== A new round of legal wrangling over Internet DVD discussions will begin next month. The entertainment industry, through the DVD Content Control Association (DVD CCA) and the Motion Picture Association of America (MPAA), have now sued to prevent Internet users from linking to websites that have DeCSS. DeCSS was a primitive program to help users of the Linux operating system play DVDs on their computers. A court in New York will set a trial date for one of these cases sometime within the next few weeks. Previously, courts in both New York and California had already issued preliminary injunctions that barred computer users from posting DeCSS on their websites. Many experts are concerned that these actions may stifle free expression in cyberspace. Robin Gross of the Electronic Frontier Foundation (EFF--a GILC member) noted that the motion picture industry's attempted ban on links to DeCSS were "a quick way to kill speech on the Net". EFF currently represents defendants in both the New York and California cases. These concerns were echoed at a recent panel discussion held in New York City, which included Allonn Levy from EFF and Barry Steinhardt from the American Civil Liberties Union (ACLU--a GILC member). The forum was part of the Linux World expo held during the first week of February. Steinhardt noted that the day's discussions "really made it clear that this case is not about piracy, but about the ability of Linux users to play DVDs on their machine. As one participant put it, 'I just want to play a movie on my computer.'" Meanwhile, a GILC member statement has been issued, which expresses the belief that "intellectual property owners should not be allowed to expand their property rights at the expense of free speech, legal reverse-engineering of software programs for interoperability reasons and discussions of technical and scientific issues on the internet." Additional signatories for the statement are still being sought. For more information, see Carl S. Kaplan, "Judge May Be Hollywood's Friend in Fight Over DVD Code", N.Y. Times, February 11, 2000, at (registration required) http://www.nytimes.com/library/tech/00/02/cyber/cyberlaw/11law.html Coverage of the LinuxWorld debate can be seen under Jeff Howe, "DVD Open Forum Minus the Forum", Wired News, Feb. 4, 2000, at http://www.wired.com/news/politics/0,1283,34135,00.html For further information, visit http://www.opendvd.org To view a GILC member statement on this subject, see http://www.gilc.org/speech/DVD-CSS.html ====================================================================== [2] China: "Big Mama" is watching ====================================================================== Forget George Orwell's "Big Brother". Mainland China's "Big Mama" may even scarier. Recent reports have indicated that Chinese censorship of the Internet transmissions to a larger extent than previously believed. The Chinese government has fostered a vast army of "volunteers" known as "Big Mamas" to comb through websites, chat rooms, and private e-mails for subversive material. Under this allegedly self-regulatory scheme, the thought control aspect of "Big Mamas" can take variety of insidious forms. Censors often appear on chat boards and warn participants to "Stick to the topic" rather than criticize the government. In other instances, messages which appear counter-revolutionary are made to quietly disappear at the hands of these purportedly patriotic "volunteers". These moves come after Beijing recently expanded its rules on state secrets. The revised system requires businesses and individuals who use the Internet to register with the government or face harsh penalties. Under this regime, applicants have to provide copies of the software that they possess (particular encryption programs), as well as serial numbers and user lists. These efforts are apparently an attempt to track down and silence political dissidents. For further information, see "In China, The Net Grows Up", Reuters, Jan. 25, 2000, at http://abcnews.go.com/sections/tech/DailyNews/china_webpolice000125.html See also "China tightens Net security", USAToday.com, January 26, 2000, at http://www.usatoday.com/life/cyber/tech/cth217.htm ====================================================================== [3] Burma silences political sites ====================================================================== The Burmese government has issued new rules which bar political dissent on the Internet. The new regulations prohibit any commentary considered to be "detrimental to government policies". Myanmar Post and Telecommunications, which is the country's sole Internet service provider, issued these standards several weeks ago, according to Burmese television. These moves come months after Reporters Sans Frontieres had labeled the ruling Burmese regime one of the twenty greatest enemies of the Internet, along with such countries as North Korea, Libya and Iraq. For background information, see James Miles, "Burmese ban on political websites", BBC News, Jan. 20, 2000, at http://news.bbc.co.uk/hi/english/world/asia-pacific/newsid_611000/611836.stm Visit the homepage of Reporters Sans Frontieres at http://www.rsf.fr ====================================================================== [4] British Telecom to cloister controversial sites? ====================================================================== Several corporate executives, including a high-level official at British Telecom (BT), are currently discussing plans to restrict websites with controversial content through their domain names. These discussions were brought to light in an e-mail message from John C. Lewis, BT's representative to the International Corporation for Assigned Names and Numbers (ICANN). ICANN was created several years ago to deal with several Internet protocol related issues, including domain name registration. In the message, which had been accidentally sent to a public list, Lewis suggested that sites with offensive material should be branded with special domain names. In particular, Lewis said that such webpages should be allowed to use some of the new domain names categories that ICANN is currently formulating. Afterwards, Lewis claimed that these measures were necessary to protect "vulnerable members of the community." For Lewis' original message, visit http://www.dnso.org/clubpublic/ga-full/Arc00/msg00090.html ====================================================================== [5] Australia: restrict domain names ====================================================================== The Australian government now supports restrictions on the public's right to register domain names. This position is spearheaded by Australian Communications Minister Richard Alston, who has previously pushed for national Internet content controls. In this latest move, Alston wants domain name registrants to provide proof upfront that they are the company named in their website, before their applications can be approved. The proposal was ostensibly designed to prevent fraudulent use of the domain name system, popularly known as "cyber-squatting". For further information, see "Australia supports global cyber-squatting regulations", ABC News (Australia), Jan. 31, 2000, at http://www.abc.net.au/news/newslink/nat/newsnat-31jan2000-47.htm ====================================================================== [6] Africa Online expands ====================================================================== More Africans have access to the Internet than ever before, in part due to the efforts of the other AOL--Africa Online. Africa Online was originally founded by several graduates of the Massachusetts Institute of Technology (MIT). The company now provides Internet access to at least half a dozen African nations. Recently, the firm bought out Net2000, one of the largest Internet service providers in Kenya. Africa Online executives are now hoping to expand their coverage through deregulation and the development of new E-touch centers to provide centralized communications facilities. For more details, visit http://www.hrea.org/lists/huridocs-tech/markup/msg00413.html Africa Online's homepage is located at: http://www.africaonline.com ====================================================================== [7] Secret censorship software revelations ====================================================================== Recent events have provided a glimpse at a top secret project which may be able to censor Internet content. On December 9-10, 1999, the World Intellectual Property Organization (WIPO) held a "Workshop on Service Provider Liability" in Geneva, Switzerland. Among the papers presented was a document that mentioned the German Rights Protection System (RPS). RPS is a highly secretive software package which is reportedly capable of filtering out controversial materials from cyberspace. While few details on RPS have been made publicly available, many observers fear that this potentially powerful program might be used to stifle free expression on the Internet. Reports indicate that RPS is already being field tested. A recent article in the German publication Telepolis suggests that in spring 2000, German Internet Service Providers who have border gateway routers may be asked to install the program, in an effort to stamp out questionable content. For press coverage of RPS developments(in German), read Christiane Schulzki-Haddouti, "Dialog mit Hindernissen", Heise Telepolis, Feb. 17, 2000, at http://www.heise.de/tp/deutsch/inhalt/te/5806/1.html For more information, visit http://www.wipo.int/eng/meetings/1999/osp/doc/osp_lia3.doc A PDF version of this file is available at ftp://ftp.fitug.de/pub/eu/OSP_LIA3.PDF See also http://www.wipo.int/eng/meetings/1999/osp/ ====================================================================== [8] Upcoming Internet free expression conference ====================================================================== On February 25, the Electronic Frontier Foundation (EFF--a GILC member), along with the Berkman Center for Internet & Society, will be sponsoring a conference entitled "Signal or Noise? The Future of Music on the Net". This meeting will be held in Cambridge, Massachusetts and will focus on free expression in cyberspace. The event will include panel discussions, technological demonstrations, speeches, and even a free concert. More information on the Berkman event is available at http://cyber.law.harvard.edu/events/netmusic ====================================================================== [9] Future Euro E-commerce meetings ====================================================================== The French cyberliberties group Imaginons un Reseau Internet Solidaire (IRIS) will be giving several presentations on e-commerce in the coming months. One of these presentations will be given at a meeting of the European Parliamentarians Internet Group (EPING). EPING was formed recently in order "to enhance understanding of online technology issues in the Parliament, with as much cross-party input as possible." On March 1 in Brussels, EPING will host a discussion entitled "Caching, Monitoring, Hosting, Piracy: Where are we at?", at which IRIS will give a report designed to further "solidarity and democracy in Internet policy". In addition, IRIS will also make a presentation at a March 22 workshop organized by the European Commission's Joint Research Centre. This particular report will describe IRIS' experience in mediating international e-commerce disputes. A likely topic of debate at this gathering will be a European Parliament draft e-commerce directive regarding consumer protection. A number of observers fear that the draft directive does not do enough to protect individual Internet users. In particular, several experts have suggested that the directive ought to provide better alternative dispute resolution measures, so that consumers can get their claims resolved with greater ease. Details on the March 1 EPING conference can be seen at http://www.eping.org/agenda.html Detail on the March 22 Workshop can be seen at : http://dsa-isis.jrc.it/ADR/ ====================================================================== [10] DoubleClick may have tracked 90 million U.S. households ====================================================================== An Internet advertising firm may have violated the privacy of some 90 million American households. DoubleClick, which provides banner ads to many websites, has admitted to tracking viewers through the Internet. It apparently places digital identification numbers in files known as "cookies" on a user's hard drive, which it matches with name and address information that has been collected by its partners. Recently, DoubleClick expressed its intention to match this data with more extensive information contained in millions of files maintained by its merger partner Abacus Direct. When DoubleClick purchased Abacus Direct last year, it said it would not engage in this form of computer matching. These moves have led to lawsuits and fierce criticism. The Electronic Privacy Information Center (EPIC--a GILC member) has filed a public complaint with the United States Federal Trade Commission over DoubleClick's apparently deceptive practices. Similarly, a California citizen has filed suit claiming that DoubleClick has violated her privacy. In addition, US law makers such as Senator Robert Torricelli are now proposing new rules to restrict the use of cookies to track Internet users. DoubleClick has since revised its policies so that customers can "opt-out" of the tracking system. However, many observers, including Marc Rotenberg of EPIC, believe these latest moves would do very little to protect personal information concerning individuals in cyberspace. For more information, see "Privacy: Outrage on the Web", Business Week, Feb. 14, 2000, at http://www.businessweek.com/2000/00_07/b3668065.htm EPIC's complaint can be viewed (in PDF format) at http://www.epic.org/privacy/internet/ftc/DCLK_complaint.pdf See also Will Rodger, "Privacy bill would control 'cookies'", USAToday.com, Feb. 10, 2000, at http://www.usatoday.com/life/cyber/tech/cth319.htm To read what experts think of DoubleClick's revised policies, see Chris Oakes, "DoubleClick Plan Falls Short", Wired News, Feb. 14, 2000, at http://www.wired.com/news/business/0,1367,34337,00.html ====================================================================== [11] E-commerce sites attacked ====================================================================== The hunt for the culprits behind a slew of attacks on several well-known websites, including Yahoo and eBay, has raised new concerns about government intrusions into cyberspace. Investigators currently suspect that the attacks came from the United States and Germany. These electronic assault waves temporarily disabled Yahoo, eBay, Buy.com, Amazon, CNN, and other popular places on the Internet. In response, US President Clinton held a private strategy session with several top computing executives--a meeting that was closed to the general public. However, while the search continues for the people who caused these disruptions, many experts are concerned that these attacks will be used as a pretext for a variety of unnecessarily intrusive measures. Lou Dobbs, who has worked as an analyst for CNN in the past, pointed out that "We are still in the earliest stages of the Internet." He further noted, "For people to start crying out for more stringent penalties is to begin the invitation to regulation that is probably something we don't want, certainly not at this stage." Similarly, James X. Dempsey from the Center for Democracy and Technology (CDT--a GILC member) was concerned "that the recent attacks will serve as justification for ... government mandates that will be harmful to civil liberties and the positive aspects ... of the Internet." These fears come in light of new software which might empower law enforcement agents to enter private computers without notice. This program, known as NetEraser, was developed with the help of the US Central Intelligence Agency (CIA). It allows government officials to secretly invade other people's computers by frequent altering the Internet protocol address of the intruder's machine. While this tool could aid in the search for cyberattack suspects, some observers fear it may be used to spy on innocent citizens. For more press coverage of the search for cyber-vandals, see Jonathan Dube, "FBI Narrows Hunt for Cyber Attackers, ABCNews.com (US), Feb. 15, 2000, at http://abcnews.go.com/sections/tech/DailyNews/webattacks000215.html For more of Dobbs' comments, see Steve Kettmann, "Net Regs? A Little Dobbs'll Do Ya", Wired News, Feb. 14, 2000, at http://www.wired.com/news/politics/0,1283,34322,00.html See also John Schwartz, "Crackdown Sought on Net Abuses", Washington Post, Feb. 14, 2000, page A9, at http://www.washingtonpost.com/wp-srv/business/feed/a49527-2000feb14.htm For more on NetEraser, read Barbara Starr, "Spies vs. Hackers", ABCNews.com (US), Feb. 16, 2000, at http://abcnews.go.com/sections/tech/DailyNews/CIAVC000216.html ====================================================================== [12] EU members resume ECHELON debate ====================================================================== New efforts are being made to bring a super-secret spying network out into the open. These moves are centered around ECHELON, a highly classified system designed to intercept communications from around the world. ECHELON is reportedly operated by the US National Security Agency (NSA), in conjunction with several other intelligence agencies, including Great Britain's Government Communications Headquarters (GCHQ), and Australia's Defence Signals Directorate (DSD). According to experts, ECHELON is capable of intercepting e-mail messages, faxes, telephone conversations. On February 23, the Civil Liberties Committee of the European Parliament is scheduled to discuss a new report which documents some of ECHELON's activities. This report, known as "Intelligence Capabilities 2000", was written by Duncan Campbell, a Scottish investigative journalist. It describes in great detail how ECHELON captures satellite feeds, Internet data packets, and undersea cable transmissions through a variety of elaborate methods. The meeting is expected to draw a number of interested parties, including representatives from the electronic publication Quintessenz (a GILC member). Press coverage is available from Adam Sage, "French to sue US and Britain over network of spies", The Times (UK), Feb. 10, 2000, at http://www.the-times.co.uk/news/pages/tim/2000/02/10/timfgneur01007.html?999 Read "Intelligence Capabilities 2000" by clicking http://www.echelonwatch.org ====================================================================== [13] New British surveillance scheme ====================================================================== New British proposals to expand government surveillance powers have met a firestorm of controversy. Among other things, the Regulation of Investigatory Powers Bill would punish individuals for failing to provide encryption keys to law enforcement agents. Violators face up to two years in prison and heavy fines. The bill would also require defendants to prove their innocence through a complicated scheme, whereby the accused must essentially show "that the key was not in his possession", "that it was not reasonably practicable for him to make a disclosure of the key", "that as soon after that time as it was reasonably practicable for him to make a disclosure of the key", and so on. Many observers wonder whether the measure will curb personal privacy in cyberspace. Caspar Bowden from the Foundation for Information Policy Research (FIPR) warned that the bill "could make a criminal out of anyone who uses encryption to protect their privacy on the internet". In particular, he worried that the burden of proof might lead to the wrongful conviction of people who, in good faith, and had lost or misplaced their encryption keys. A copy of the bill can be seen at http://www.publications.parliament.uk/pa/cm199900/cmbills/064/00064--j.htm#4 9 More press coverage can be seen at "Surveillance bill under fire", BBC News, Feb. 10, 2000 http://news.bbc.co.uk/hi/english/sci/tech/newsid_638000/638041.stm Visit FIPR's homepage at http://www.fipr.org ====================================================================== [14] Russian gov't expands Net tapping ====================================================================== Moscow is broadening its surveillance powers over the Internet. Russia's Federal Security Service (Federal'naya sluzhba bezopasnosti, or FSB) had previously developed technology to monitor Internet transmissions coming in and out of Russia. However, Russian President Vladimir Putin has now authorized several other government agencies to use the same systems. The list of agencies includes tax bureaus and the interior ministry police. These moves have instilled fear in many Russian citizens. The origins of FSB came from the KGB, and under regulations such as SORM (System for Ensuring Investigated Activity), FSB has broad powers to conduct intelligence operations both inside and outside Russia. Boris Pustintsev of Citizens' Watch described the new measure as "the end of all email privacy." For more information, see Jen Tracy, "New KGB Takes Internet by SORM", Mother Jones News, Feb. 4, 2000, at http://www.motherjones.com/news_wire/sorm.html ====================================================================== [15] Italy mediates data privacy dispute ====================================================================== The fight between the United States and the EU over data privacy standards may yet reach a peaceful resolution. The Italian government's chief privacy officer, Stefano Rodota, is pushing for a settlement. He proposed a system of contractual agreements between EU and US business entities as a potential solution. He noted that such a procedure to protect privacy would be best for both sides, particularly from a political perspective. The two factions are hoping to have a standardized privacy protection scheme worked out by March. Further details are available under "Italy Urges Truce in US-EU Data Privacy Battle", Newsbytes, Feb. 9, 2000, at http://www.cnnfn.com/news/technology/newsbytes/143575.html ====================================================================== [16] Renewed push for ENFOPOL ====================================================================== European officials continue to debate plans for a massive European surveillance network. This network, known as ENFOPOL, would be built by EU member nations. However, there is considerable disagreement among the various countries concerned as to legality and extent of such systems. Furthermore, a panel of the European Parliament has moved to delete provisions of a draft convention on mutual assistance in Criminal Matters. The Committee on Citizens' Freedoms and Rights, Justice and Home Affairs is seeking the removal of article 18, which would allow EU members to conduct surveillance in another EU country without that other country's technical assistance. For more coverage of the European Parliament's actions, see Jelle van Buuren, "European Parliament Rejects Bordercrossing Interception of Telecommunication", Heise Telepolis, Feb. 15, 2000, at http://www.heise.de/tp/english/special/enfo/5793/1.html ====================================================================== [17] Report: data insecurity hurts e-commerce ====================================================================== According to a recent report, public fears about the security of web sites have scared away many potential e-customers. The Travel Industry Association of America (TIAA) estimated that nearly 52.2 million people got information off the Internet about such things as airfares, car rentals, and so on. However, only 32 percent of these visitors actually made reservations through the so-called "Information Superhighway". A TIAA spokesperson further noted one of the most prevalent concerns about online bookings was the potential for credit card fraud. Additional details are available under John Poirier, "Privacy fears deter e-travel bookings", Reuters, Feb. 9, 2000, at http://www.zdnet.com/filters/printerfriendly/0,6061,2435198-2,00.html ====================================================================== [18] Study: E-firms want money more than privacy ====================================================================== A new study suggests many dot-coms care more about making money than they do about protecting the privacy of their customers. Deloitte & Touche LLP, a major consulting firm based in the United States, has published a paper entitled "E-Commerce Security: A Global Status Report". In the report, researchers culled the opinions of information systems experts and auditors throughout the globe. They found that most of the people who answered the survey were far more concerned with profitability than any other aspect of e-commerce. Indeed, a spokesperson for Deloitte & Touche noted that many respondents didn't care much for trust or customer service, but simply wanted "the killer app". This paper was the culmination of a six-month effort, and was the first in a four-part plan to help companies improve their online privacy standards. More information is available from Sherman Fridman, "Profits More Important Than Security", Newsbytes, Feb. 7, 2000, at http://www.currents.net/newstoday/00/02/07/news1.html ====================================================================== [19] New software "shredder" for old e-mail ====================================================================== Want more e-mail privacy? One company has a possible solution. Disappearing Inc. has demonstrated a new program which, in the words of a spokesperson, makes "all copies of an email message self-destruct after a certain length of time". The time delay can be adjusted by the user. The software maker, which hopes to ship their product in a month or so, believes such measures would be particularly useful in the corporate environment, helping to prevent unnecessary disclosure. These fears were highlighted in a recent lawsuit by the United States Department of Justice against Microsoft, where internal corporate e-mail messages were introduced into evidence against the wishes of Microsoft's attorneys. Further details can be seen under "Email's Vanishing Act", Wired News, Feb. 7, 2000, at http://www.wired.com/news/print/0,1294,34171,00.html ========================================================== ABOUT THE GILC NEWS ALERT: ========================================================== The GILC News Alert is the newsletter of the Global Internet Liberty Campaign, an international coalition of organizations working to protect and enhance online civil liberties and human rights. Organizations are invited to join GILC by contacting us at gilc@gilc.org. To alert members about threats to cyber liberties, please contact members from your country or send a message to the general GILC address. To submit information about upcoming events, new activist tools and news stories, contact: Christopher Chiu, GILC Coordinator, American Civil Liberties Union, 125 Broad Street, 17th Floor, New York, New York 10004 USA. email: cchiu@aclu.org More information about GILC members and news is available at <http://www.gilc.org/>. You may re-print or redistribute the GILC NEWS ALERT freely. To subscribe to the alert, please send an mail to <gilc-announce@gilc.org> with the following message in the body: subscribe gilc-announce ======================================================== PUBLICATION OF THIS NEWSLETTER IS MADE POSSIBLE BY A GRANT FROM THE OPEN SOCIETY INSTITUTE (OSI) ======================================================== ---------------------------------- Send mail for the 'huridocs-tech' list to 'huridocs-tech@hrea.org'. Mail administrative requests to 'majordomo@hrea.org'. For additional assistance, send mail to: 'owner-huridocs-tech@hrea.org'. Archives of previous messages posted to the list can be found at: http://www.hrea.org/lists/huridocs-tech/markup/maillist.html
[Reply to this message] [Start a new topic] [Date Index] [Thread Index] [Author Index] [Subject Index] [List Home Page] [HREA Home Page]