GILC Alert Volume 4, Issue 6 July 5, 2000 Welcome to the Global Internet Liberty Campaign Newsletter. Welcome to GILC Alert, the newsletter of the Global Internet Liberty Campaign. We are an international organization of groups working for cyber-liberties, who are determined to preserve civil liberties and human rights on the Internet. We hope you find this newsletter interesting, and we very much hope that you will avail yourselves of the action items in future issues. If you are a part of an organization that would be interested in joining GILC, please contact us at <gilc@gilc.org>. If you are aware of threats to cyber-liberties that we may not know about, please contact the GILC members in your country, or contact GILC as a whole. Please feel free to redistribute this newsletter to appropriate forums. =============================================== Free Expression [1] British Telecom: We Own All Links [2] Mainland China arrests Net dissident [3] ICANN in turmoil [4] Internet Democracy Project launched [5] US Court strikes down Net censorship law [6] War over French censorship bill [7] EBay ruling threatens links [8] New EU copyright law threatens online discussions [9] Russian drug law hurts free speech [10] ".sex" proposal criticized [11] British web tag controversy [12] New Zealand lifts domain name ban [13] Artificial Intelligence blocking software a failure [14] New blocking software spies on Internet users [15] Africa One expands Net's reach Privacy and Encryption [16] White House website tracked users [17] New EU-US privacy standards under fire [18] UK surveillance plan bad for business [19] New US Net privacy bill introduced [20] Euro anti-anonymity plan scrapped [21] US gov't spied on Mrs. Clinton? [22] Free ISPs weak on privacy [23] AOL and Barnesandnoble.com leak user info [24] Lie-detector software creates paranoia [25] Biometric anti-piracy software threatens privacy =============================================== [1] British Telecom: We Own All Links =============================================== We patented Internet linking technology years ago, and it's time everyone on the Information Superhighway paid us for this privilege. That seems to be the message being sent by British Telecom (BT). The company alleges that it possesses intellectual property rights over all links based on a patent it filed in the 1970s (which was granted in 1989). A BT spokesperson crowed that the firm "patented the principle of the hyperlink in the mid-70s when people were still wearing kipper ties and flares." The communications giant has since hired intellectual property lawyers such as Dr. Ken Gray, who are now demanding licensing fees from Internet service providers in the United States. However, when viewed under a microscope, BT's arguments contain several apparent flaws. For one thing, the language contained in the cited patent (no. 4,873,662) is extremely vague, and might be used to describe virtually any type of network file transfer, including processes that British Telecom had no hand in inventing. For example: "Information for display at a terminal apparatus of a computer is stored in blocks the first part of which contains the information which is actually displayed at the terminal and the second part of which contains information relating to the display and which may be used to influence the display at the time or in response to a keyboard entry signal." Moreover, it is unclear just why BT waited for decades to assert its purported intellectual property rights. Finally, many experts believe there are strong public policy reasons to disregard BT's claim because of its potentially destructive impact on Internet free expression. For more details, see Barry Fox, "The Net strikes back," New Scientist, July 1, 2000, at http://www.newscientist.com/news/news_224539.html Further press coverage is available under Tim Richardson, "BT claims ownership of hyperlinks," The Register (UK), June 19, 2000 at http://www.theregister.co.uk/content/6/11450.html See also Thorold Barker, "BT holds US 'hyperlink' patent," The Financial Times, June 19, 2000 at http://news.ft.com/ft/gx.cgi/ftc?pagename=View&c=Article&cid=FT3WW2PHO9C =============================================== [2] Mainland China arrests Net dissident =============================================== It seems Communist China is still trying to prevent people from talking about the Tienanmen massacre, over a decade after the fact. Mainland Chinese authorities in Chengdu have arrested Huang Qi and shut down his website, www.6-4tianwang.com. His crime: posting information about the 1989 demonstrations and their subsequent put-down by the Chinese army. He also provided details on the repression of the Falun Gong spiritual movement and corruption in the Communist party. For these actions, Huang faces charges that he subverted state power, and may end up spending ten years in prison. After he was taken into custody, statements were posted on his website strongly condemning Chengdu officials for its apparent "political persecution." Many observers fear that Huang's arrest is part of a new wave of Internet repression by Communist agents. Chinese President Jiang Zemin recently admonished online dissidents to watch what they say, calling their words "distortion on the Internet" and saying that his government cannot allow such criticism to go on. Additional details are available in a June 26, 2000 press release from Human Rights Watch (a GILC member) located at http://www.hrw.org/press/2000/06/china0626.htm Read "China Shuts down Political Website, Arrests Founder," Agence France Presse, June 7, 2000 at http://www.insidechina.com/news.php3?id=166625 For more on President Jiang's warnings, see "Chinese president warns against Internet's negative impact," Agence France Presse, June 19, 2000 at http://www.insidechina.com/news.php3?id=170049 =============================================== [3] ICANN in turmoil =============================================== The main organization responsible for administering the domain name system is facing a host of financial and political crises. Recently, some 30 domain name registries refused to pay fees that were requested by ICANN, the International Corporation of Assigned Names and Numbers. ICANN, which theoretically governs the assigning of .com, .org, and similar Internet addresses, had previously tried to charge these organizations (under the umbrella of CENTR-the Council of National Top-level domain registries) proportionate to the number of domain names they had assigned. In a press release, CENTR retorted: "Any request by ICANN for a funding contribution based on the number of domain names is fundamentally unacceptable to CENTR members." CENTR pointed out the fact that "there are no contracts, funding 'arrangements' or binding relationships presently in place between CENTR members and ICANN." Among other things, the various registries hinted that they wanted greater participation "in the planning of both the expenditure and the funding aspects of the ICANN budget," as well as ICANN recognition of "the sovereign right of the local Internet community in each CENTR country to manage its own ccTLD [Internet Country Code Top-Level Domain Name Registry]." This battle comes just as ICANN announced its plans for a massive conference in Yokohama. The meetings, scheduled for July 13-17, will include consideration of important by-law changes and as well as discussion of numerous proposals to change the domain name structure. Many of these suggestions would create new domain name extensions such as .bank (for financial institutions), .sucks (for protest websites), .union (for labor unions), .xxx (for sexually oriented websites-see item [10] below) and so on. In addition, ICANN will soon conduct global elections for 5 At-Large members on its Board of Directors. Any Internet user can vote (regardless of citizenship or nationality), but the voter registration period ends within a few weeks. The Center for Democracy and Technology (CDT-a GILC member), together with Common Cause, have started a drive to promote public awareness and active participation in these proceedings. To see CDT's action page regarding ICANN voter registration, click http://www.cdt.org/action/icann To sign up for ICANN's Board elections, visit http://members.icann.org/join_now.htm For more details on the ICANN Yokohama meeting, visit http://www.icann.org/yokohama For additional press coverage of ICANN events, read Aaron Pressman, "New domains at last," The Industry Standard, June 27, 2000 at http://www.cnn.com/2000/TECH/computing/06/27/new.domains.idg/index.html To see the CENTR press release, click http://www.centr.org/doc/press/20000605-icann.html =============================================== [4] Internet Democracy Project launched =============================================== There is a new effort to further open governance and human rights on the Internet. The Internet Democracy Project is a joint initiative by several GILC members: the American Civil Liberties Union Foundation (ACLU), Computer Professionals for Social Responsibility (CPSR) and the Electronic Privacy Information Center (EPIC). "The goals of the Internet Democracy Project are to encourage participation by non-governmental organizations in Internet Governance and promote the principles of a civil society," said CPSR Chair Hans Klein. The Project initially will focus ICANN and the elections it has scheduled this fall for 5 at large seats on its Board of Directors. But the project does not intend to focus solely on ICANN. "ICANN may be the most prominent organization in some corners of the globe, but it is hardly the only group that will affect the future of the Internet," EPIC Executive Director Marc Rotenberg. "Our work will be much broader and we will encourage the participation of the Public Voice at every opportunity." Similarly, ACLU Associate Director Barry Steinhardt noted that the "real need to focus the attention of civil society on the seemingly technical issues that organizations like ICANN are addressing. If our voices are not heard while the governance structures are being created it may be too late." The Project has scheduled a "Forum on Open Society and ICANN Elections" on July 13, 2000 to discuss various ICANN related matters. The forum will be held in Yokohama and will coincide with the ICANN meetings scheduled for July 13-17. For further details, visit http://www.internetdemocracy.net =============================================== [5] US Court strikes down Net censorship law =============================================== A United States appeals court has struck down a Federal statute that threatened to curtail Internet free speech. The so-called "Child Online Protection Act" essentially banned individuals from using the Internet to communicate any information considered "harmful to minors." While the ban was supposedly limited to commercial speech, due to the vague wording of the statute, the law would have applied to most online forms of expression. Offenders faced up to six-month jail terms and $150,000 US for each day of violation. The American Civil Liberties Union (ACLU-a GILC member) challenged the law in court, along with 17 other groups and individuals, including two other GILC members: the Electronic Privacy Information Center (EPIC-a GILC member) and the Electronic Frontier Foundation (EFF-a GILC member). The United States Court of Appeals for the 3rd Circuit eventually struck down the Act as an unconstitutional abridgement of free speech. The court noted that "[b]ecause of the peculiar geography-free nature of cyberspace, a 'community standards' test would essentially require every Web communication to abide by the most restrictive community's standards." Moreover, the Court of Appeals agreed that the statute unacceptably "imposes a burden on speech that is protected for adults." For an ACLU press release on this subject, visit http://www.aclu.org/news/2000/n062200b.html =============================================== [6] War over French censorship bill =============================================== Cyberliberties groups from around the world have banded together against a French proposal that might curb the ability of Internet users to speak anonymously. The bill would create a complex system that would force web authors to register their identities and make them available to the government. The scope of the new law includes web sites and web forums. On June 28, the French legislature adopted a new version of the plan. In this new version, there is no penalty to users who fail to identify themselves, and Internet service providers do not have to check the identification provided by their users. However, the law requires ISPs to take "appropriate actions" to deal with inappropriate content, and empowers an administrative body, the 'Conseil d'Etat' to define the data that should be kept by the host provider. The French cyberliberties group Imaginons un Reseau Internet Solidaire (IRIS-a GILC member) blasted the revised proposal, claiming that the measure betrayed a total absence of vision and political courage. IRIS believes that the bill would force Internet service providers (ISPs) to act as judges and try to flush out whistleblowers and other anonymous speakers, as well as screen out controversial Internet content, for fear of liability. Moreover, IRIS also expressed concern over the lack of public input during the legislative process. Due to the vagueness of the plan, the group suggested that the entire proposal infringes on Article 34 of the French constitution, which requires any laws that could impact the civil liberties should be explicitly detailed. IRIS has written a Declaration of Internet Actors to protest the new measure. The Declaration has garnered signatures from over 70 organizations, including many GILC members. For more on this new bill and IRIS' Declaration of Internet Actors, visit http://www.iris.sgdg.org/actions/loi-comm/declaration.html Information on the Declaration is also available from the GILC homepage at http://www.gilc.org =============================================== [7] EBay ruling threatens links =============================================== A recent court ruling may make it harder for people to find things on the Information Superhighway. Online clearing house EBay had previously sued another company, Bidder's Edge, for providing links to specific auction listings on the EBay website. EBay claimed that this procedure constituted copyright and trademark infringement. Subsequently, a judge in United States district court issued an injunction against Bidder's Edge. The judge went further by using curiously antiquated legal theories to support his ruling. Specifically, he ruled that the links provided by Bidder's Edge trespassed on EBay's property. It is unclear whether this decision would apply to all web links--an outcome that might have grave implications for online speech. After the injunction was issued, Bidder's Edge altered its practices by sending visitors to the general Ebay website, rather than to individual pages that contained listings. A spokesperson for Bidder's Edge noted that this new system was "not ideal," but that it was the "best that we can do in light of the court order." In the meantime, Bidder's Edge is appealing the decision. See Troy Wolverton, "Bidder's Edge Changes EBay Search After Injunction," CNET News, June 8, 2000 at http://abcnews.go.com/sections/tech/CNET/cnet_biddersedge000608.html ====================================================== [8] New EU copyright law threatens online discussions ====================================================== A recent European Union proposal may limit the availability of online information. Details on this new legislation are still sketchy, but the bill apparently would strengthen copyright protection for material that is posted on the Information Superhighway. The measure has been compared to similar law in the United States-the Digital Millennium Copyright Act (DMCA). The European proposal does not directly address how liability will be assessed. This initiative comes under the auspices of the World Intellectual Property Organization (WIPO) treaty that the EU signed some time ago. Experts are concerned that the new bill would prevent people from reproducing or mirroring web materials for fear of prosecution. Indeed, it is unclear whether the proposal contains sufficient free speech protections that might allow fair use. Similar criticisms have been leveled at the DMCA and other WIPO-related statutes. For more information, read David McGuire, "EU Takes Big Step Toward Online Copyright Protection," Newsbytes, June 13, 2000 at http://www.computeruser.com/news/00/06/13/news6.html ====================================================== [9] Russian drug law hurts free speech ====================================================== A new Russian proposal may prevent the discussion of drug-related issues on the Information Superhighway. The Federation Council amended the country's laws on mass media law to prevent people from giving out information on the creation, sale and usage of illegal drugs. This prohibition applies to most forms of communications, including the Internet. The measure is broadly written and prevents individuals from even mentioning places where drugs are being sold. In addition, this plan would bar public discussion of the properties and potentially beneficial effects of certain chemical substances. A number of experts have questioned the utility of the new amendment and its potentially censorial effect. One observer from the St. Petersburg Vozvrashcheniye Foundation noted that if "there is no in-depth information about drugs in the media, the nation will be ignorant and, therefore, more vulnerable to drug abuse." Similarly, media critic Andrei Richter called the measure "useless" because "existing criminal laws are sufficient to fight drug abuse." For more information, see Anna Badkhen, "Upper House Passes Media Ban Over Drugs," The St. Petersburg Times, June 9, 2000 at http://www.sptimes.ru/archive/times/575/news/n_upper.htm ====================================================== [10] ".sex" proposals criticized ====================================================== New proposals to create online red-light districts are receiving lukewarm reviews. The United States Congress is considering plans that would require adult content providers to register using special domain names (such as .xxx or .sex, as opposed to .com). Proponents of this plan suggest that this would help shield children from harmful materials and make it easier for blocking software to screen out explicit materials. However, these plans have met with considerable skepticism from a number of observers. Jerry Berman, president of the Center for Democracy and Technology (CDT-a GILC member) noted that these measures might be "unconstitutional" because they might stifle free expression. Moreover, it is unclear whether Congress has the authority to unilaterally create new Internet domains, which are currently administered through the Internet Corporation for Assigned Names and Numbers (ICANN). For further details, see David McGuire, "Porn Panel Mulls Internet 'Red Light District,'" Newsbytes, June 13, 2000 at http://www.computeruser.com/news/00/06/13/news13.html ====================================================== [11] British web tag controversy ====================================================== Looking to attract attention to your website using catchy words? Watch out. You might be sued for trademark infringement. That is apparently the message from a recent British case. Road Tech Computer Systems sued a competitor, Mandata, for including various words as meta tags in its webpage. These tags are embedded in the source code of webpages and therefore do not appear online. However, they allow search engines to identify pertinent webpages when individuals use keywords to scan for desired information. A court found that Mandata's actions constituted trademark infringement and awarded Road Tech 15,000 pounds sterling in damages. It is not clear at this point whether the ruling would apply to the use of well-known words on all websites. However, the BBC subsequently removed several meta tags from its main webpage: "Buffy," "Austin Powers" and "star wars." Curiously, a spokesperson for the broadcasting corporation claimed that these deletions had nothing to do with the Mandata case. To read more on this subject, visit Tim Richardson, "BBC removes Star Wars, Austin Powers meta tags for no reason," The Register (UK), June 9, 2000 at http://www.theregister.co.uk/content/6/11279.html ====================================================== [12] New Zealand lifts domain name ban ====================================================== Want to vent your frustrations by using four-letter words in your domain name? It's okay to do it in New Zealand. Until recently, New Zealanders were prohibited from using seven swear words in their URLs. However, the Internet Society of New Zealand (which owns the country's domain name registrar) has now rescinded the ban. As the Society's Chairman Peter Dengate Thrush pointed out, the prior limitation "was too narrow in terms of preventing obscenity." Moreover, the policy conflicted with the group's efforts "to foster coordinated and cooperative development of the Internet." See Kim Griggs, "Kiwis Lift Lid on #*!@&! Domains," Wired News, June 6, 2000 at http://www.wired.com/news/print/0,1294,36737,00.html ========================================================= [13] Artificial Intelligence blocking software a failure ========================================================= A computer program that can intelligently block out questionable Internet content without impairing free speech? Yeah, right. That is the conclusion of a recent report from the cyberliberties group Peacefire (a GILC member) on BAIR (Basic Artificial Intelligence Routine)-a blocking software package from Exotrope, Inc. When Peacefire tried to download 50 erotic images on a test machine equipped with BAIR, the program failed to block out any of the images. Instead, the software blocked out banner advertisements and similar messages from Hotmail and CNET that had nothing to do with pornography. These surprising test results came despite claims from Exotrope that its product's superior "active information matrix" technology can screen out controversial Internet materials. Oddly enough, BAIR is one of several "approved" blocking programs that are supplied under an Australian government system to regulate Internet content. Under this plan, Australian Internet service providers (ISPs) are required to provide their customers with a blocking program from an approved list that includes BAIR and SurfWatch among others. In a recent joint press release, Peacefire and Electronic Frontiers Australia (EFA-a GILC member) criticized this scheme, especially when the provided blocking software has been shown to be ineffective. EFA Executive Director Irene Graham later noted "that because these filters are 'approved', people are being given the idea -- effectively by the Government -- that they can just install these products on their computer and their kids will be safe. Most of them don't even block everything they're supposed to block in the first place." To read Peacefire's report on BAIR, click http://peacefire.org/censorware/BAIR/ A joint EFA and Peacefire press release on this subject is available at http://www.efa.org.au/Publish/PR000629.html For press coverage of these developments, see Rachel Lebihan, "Australian controversy over government Web censorship," ZDNet Australia News, 3 July 2000 http://www.zdnet.co.uk/news/2000/26/ns-16352.html ====================================================== [14] New blocking software spies on Internet users ====================================================== Is it necessary for robots to spy on computer users just to deter people from downloading Internet content that others may find objectionable? One company, Heartsoft Inc., apparently believes the answer is yes. The firm has developed new blocking software that scans every graphics file that is downloaded and checks for flesh tones and curves. Based on these criteria, the program is supposed to detect nude images and cut off access. Heartsoft is packaging the program within a special Internet browser that purportedly blocks out profanity, violence and other such materials. Heartsoft is marketing its product as a way for corporations to watch over their workers. Indeed, the company hopes this new software will be used to monitor home users for any downloading of controversial content. It remains to be what effect this program may have on free expression and privacy in cyberspace. See Dick Kelsey, "Porn-Detection Software Scans Photos," Newsbytes, June 1, 2000 at http://www.computeruser.com/news/00/06/01/news2.html ====================================================== [15] Africa One expands Net's reach ====================================================== If all goes according to plan, much of Africa will be online through a massive fiber optic network by the year 2002. The network is being implemented by Africa ONE Ltd. and will be assembled by Global Crossing, Lucent Technologies Inc. and other entities. The entire project will cost $1.9 billion US, and, at the outset, will be able to handle data at the rate of 80 gigabytes per second. Africa ONE's Patricia Bagnell expressed enthusiasm over this new system, and said, "We think Africa has a lot of opportunity and growth in this area. We see this project as a very good financial investment." As part of this initiative, 20-30 landing stations will be built along the coast of Africa, as well as in Europe and the Middle East. The centerpiece of the Africa ONE network will be a fiber optic cable across the continent that will measure some 20,000 miles long (32,000 km). For further details, see "Africa One Project Targets 2002," Reuters, June 5, 2000 at http://www.wired.com/news/print/0,1294,36753,00.html ====================================================== [16] White House website tracked users ====================================================== Just say no...to cookies, not just drugs. That is apparently the lesson being learned after a recent scandal involving the United States Office of National Drug Control Policy (ONDCP). The ONDCP had engaged advertising agencies like Ogilvy and Mather to publicize the ONDCP's anti-drug message. Ogilvy and Mather, in turn, apparently contracted with Internet advertising firms such as DoubleClick to expand this effort onto the Information Superhighway. DoubleClick reportedly then created a system to monitor ordinary Internet users and then target these users for maximum exposure. The online marketing company focused on individuals who used search engines like AltaVista. DoubleClick apparently tagged people who typed in drug-related keywords (such as "growing pot" or "LSD") with computer files known as cookies, and used these cookies to record this behavior. Afterwards, the firm sent targeted ads to these people (based on the search terms they chose); these advertisements then steer users toward government-sponsored websites (notably www.freevibe.com). Internet users who venture onto these government websites are placed under further surveillance through special built-in "web bugs." In addition, experts have suggested that the profiles that are created may have been linked to real-world identities, so that these files contain the names and home addresses of countless individuals, along with details about their online activities. After this system came to light, there was a massive public outcry over its invasive nature. Privacy advocates such as Marc Rotenberg of the Electronic Privacy Information Center (EPIC-a GILC member) and Jason Catlett told Congress that "[m]onitoring citizens' use of government websites raises profound privacy and constitutional concerns." Afterwards, the White House ordered an end to the Double Click tracking scheme, and issued rules restricting the use of cookies by United States government websites. However, the new standards would still allow such websites to place cookies on visitors' computers, depending on the circumstances (including some form of user notification and approval from the head of the agency involved). Indeed, a recent investigation by Wired News showed that many U.S. Government websites were still using cookies days after the moratorium was announced. To read EPIC's letter, visit http://www.epic.org/privacy/internet/cookiegate_pr.html For press coverage of these revelations, see Declan McCullagh, "Feds' Hands Caught in Cookie Jar," Wired News, June 30, 2000 at http://www.wired.com/news/politics/0,1283,37314,00.html See also John Schwartz, "Federal Web Sites Get Privacy Check," Washington Post, June 23, 2000 at http://www.washingtonpost.com/wp-dyn/articles/A45739-2000Jun22.html ====================================================== [17] New EU-US privacy standards under fire ====================================================== A host of experts are decrying new privacy standards that were hammered out by negotiators from the European Union and the United States. Under this regime, U.S. companies will have to protect the privacy of personal information gathered from EU consumers. These corporations will have to notify European users how their private data is being handled, how it is being collected. Concerned individuals are entitled to reasonable access to their files, and may refuse to allow other companies to receive such information. This self-regulatory system is only voluntary; however, American firms that join in this pact can avoid lawsuits from the governments of EU countries. Furthermore, these rules are not as strong as the stringent regulations required by many European nations. Critics believe that this so-called safe harbor agreement does not go far enough in protecting personal privacy. Sarah Andrews of the Electronic Privacy Information Center (EPIC-a GILC member) questioned whether American companies could be trusted under this plan, comparing it to "the fox guarding the hens." These difficulties were echoed by the Transatlantic Consumer Dialogue (TACD), which warned in a statement that "the real danger is that notice and consent without a larger framework of Fair Information Practices could give companies a free hand to process data as they wish. An over-reliance on notice and consent would also force the consumer to accept a company's terms or lose the opportunity to do business with that company altogether." Indeed, the EU's own Citizen's Rights Committee issued a statement that was less than complimentary in describing the new plan. Despite the potential economic benefits of adopting the "safe harbor" proposal, the Committee held that "the present lack of legal data protection in the US and the very limited possibilities of legal redress warranted withholding authorization of the free movement of data until all the elements of the safe harbor system are in place and operational." A vote on the entire scheme by the European Parliament is expected shortly. To see the TACD statement, visit http://www.tacd.org/statsum2000.html For further details, see Robert MacMillan, "Parliament Pauses On EU-US Privacy Plan - Update," Newsbytes, July 03, 2000 at http://www.computeruser.com/news/00/07/03/news2.html See also Bruce Stanley, "Gimme Shelter (Online)," Associated Press, June 5, 2000 at http://www.abcnews.go.com/sections/tech/DailyNews/privacy000605.html ====================================================== [18] UK surveillance plan bad for business ====================================================== After a storm of controversy, the British government is scrambling to save a proposal that would greatly increase its computer surveillance powers. The Regulation of Investigatory Powers bill (RIP) would authorize more government agencies to conduct electronic surveillance. The bill would also expand the types of data that can be intercepted, including "traffic data" such as passwords and lists of visited websites. Additionally, the proposal would force cybernauts to either provide encryption keys to the police when requested, or prove in court that they don't have such keys. However, the plan is being savaged from a variety of groups, ranging from cyberliberties organizations to major computer conglomerates to the British Chamber of Commerce. Indeed, the bill may face a hostile reception in the House of Lords, where the proposal will be debated shortly. The British Home Office, which submitted RIP in the first place, is now seeking minor amendments to the measure in order to appease its opponents. However, critics of RIP are less than impressed. Yaman Akdeniz of Cyber-Rights & Cyber-Liberties UK (a GILC member) stated in an open letter to the House of Lords called the latest amendments merely "cosmetic." Akdeniz further noted that it made "no sense to seriously curtail the rights of all honest personal and business users of the internet while achieving nothing of significant value in the fight against criminal misuse." To read the open letter of Cyber-Rights & Cyber-Liberties (dated June 29, 2000), click http://www.cyber-rights.org/reports/hl-let2.htm To read more on this subject, see "Ministers amend net snooping bill," BBC News Online, June 27, 2000 at http://news.bbc.co.uk/ow/english/uk_politics/newsid_808000/808232.stm See also Laura Rohde, "U.K. pulls back on cybersnoop bill," IDG.net, June 26, 2000 at http://www.cnn.com/2000/TECH/computing/06/26/cybersnoop.idg/index.html ====================================================== [19] New US Net privacy bill introduced ====================================================== The United States Congress is considering a comprehensive proposal to protect the privacy of Internet users. Among other things, the Consumer Privacy Protection Act (S.2606) would prevent companies from collecting and distributing personal information about Internet users without the individuals' informed consent. Those corporations would have to give users adequate notice and access to their respective data files. Moreover, the firms would have to provide sufficient security to protect those files. The Act allows Federal and state authorities as well as private individuals to sue violators in court. The bill comes amidst rising concern over the erosion of privacy online. A recent demonstration by officials from the United States Federal Trade Commission (FTC) underlined the intrusive behavior of many dot-coms. This demonstration was held as part of a June 14 Senate Commerce Committee hearing about online privacy and profiling. Officials showed how companies place small computer files (known as "cookies") on other people's computers to track web-surfers and gather personal information. After only 15 minutes online, the FTC test computer was tagged with a whopping 124 cookies from a variety of sources. Another source of danger comes from the many dot-coms that are suffering financial difficulties. Several of these companies, such as Boo.com, Toysmart and CraftShop.com, have taken the personal information that they have collected on their users and are selling the data to a variety of interested parties. These disclosures, which can include home addresses, credit card numbers and other sensitive facts, seem to contradict the sellers' own privacy policies. Andrew Shen of the Electronic Privacy Information Center (EPIC-a GILC member) noted that these transactions proved the need for "stronger laws to prevent the exchange of customer information when companies merge or are sold." To see video coverage of the FTC's demonstration, as well as statements from witnesses, click http://www.senate.gov/~commerce/hearings/hearings.htm See also D. Ian Hopper, "Privacy-Making it Click," Associated Press, June 14, 2000 at http://www.abcnews.go.com/sections/tech/DailyNews/netprivacy000614.html To read more about S. 2606, see Mary Mosquera, "Lawmakers Debate FTC Call for Privacy Legislation," TechWeb News, May 25, 2000 at http://www.techweb.com/wire/story/TWB20000525S0014 For more on the sale of private data by bankrupt dot-coms, see Greg Sandoval, "Failed dot-coms may be selling your personal information," CNET News, June 29, 2000 at http://news.cnet.com/news/0-1007-200-2176430.html ====================================================== [20] Euro anti-anonymity plan scrapped ====================================================== As expected, European government officials have dropped plans to end anonymity on the Internet. Past reports had indicated that the European Parliament's Committee for Citizens' Freedoms, Rights, Justice and Home Affairs would recommend a new law that would force Internet users to register personal information with telecommunications companies. While details of the proposal were sketchy at best, the plan apparently followed the suggestions of a recent European Commission white paper, which called for anonymous remailers to follow a "code of conduct" that included the collection of personal information from individual users and other restrictions. The initiative was bolstered by concerns that anonymous e-mail messaging would enhance the organizational powers of cyber-terrorists. However, the scheme met with a whole host of problems. Privacy advocates worried that these plans would curtail individual privacy online. In addition, the proposal reportedly suffered from highly unwieldy provisions that made it hard to enforce. Furthermore, there was virtually no public support for the scheme. Against this backdrop, the European Council of Ministers rejected the proposal. For more on this story, read Tim Richardson, "Euro MPs scrap anonymous email ban plan," The Register (UK), May 31, 2000, at http://www.theregister.co.uk/000531-000015.html See also Declan McCullagh, "Anonymity Threatened in Europe," Wired News, April 26, 2000 at http://www.wired.com/news/print/0,1294,35924,00.html ====================================================== [21] US gov't spied on Mrs. Clinton? ====================================================== According to recently declassified documents, the United States National Security Agency (NSA) may have spied on President Clinton's wife, former President Jimmy Carter, and numerous political candidates in the 1996 elections. The documents were uncovered through the efforts of the Electronic Privacy Information Center (EPIC-a GILC member). EPIC had previously sued NSA for documents regarding ECHELON-a highly secretive system designed to intercept communications from around the world. ECHELON is reportedly operated by NSA in conjunction with several other intelligence agencies, and is supposed to be capable of intercepting e-mail messages, faxes, and telephone conversations. Concerns about ECHELON's potentially invasive nature were heightened by a recent Congressional hearing, where the directors of both the Central Intelligence Agency (CIA) and NSA refused to provide details on the legal standards by which ECHELON operates. The documents provided to EPIC, although heavily censored, suggest that the NSA kept tabs on Hillary Clinton, Mr. Carter and other public figures to see when they engaged in activities that did not necessarily reflect the policy positions of the U.S. government. The memorandums apparently show how NSA operatives attempted to camouflage their surveillance efforts by using cryptic titles and code words to describe their targets (such as "Chairperson of the President's Task Force on National Health Care Reform" to describe Mrs. Clinton.). EPIC General Counsel David Sobel noted that these papers raise the possibility that the United States government is "collecting a massive amount of information that affects a great many people. If a lot of what we have heard recently is true, it's not just a former president, it's not just a first lady, it's probably all of us." To see the declassified documents, visit http://www.epic.org/privacy/nsa/documents.html For press coverage of this event, read Will Rodger, "U.S. spy agency under fire," USAToday.com, June 26, 2000 at http://www.usatoday.com/life/cyber/tech/cti146.htm ====================================================== [22] Free ISPs weak on privacy ====================================================== If it's too good to be true, it probably is-even if it's on the Internet. That's apparently the conclusion many computer users have reached after dealing with so-called free Internet service providers (ISPs). Some of these companies, such as Hotmail, allow people to receive and send e-mail without having to pay fees. Similarly, other firms such as Yahoo, Seventeen magazine and even golf websites won't charge fees while providing Internet access to individuals. Unfortunately, many of these purported benefits come at the expense of privacy. Many of these services are paid through advertising space, and many online advertisers place special "cookie" files on users' computers to track their behavior along the Information Superhighway. Worse still, a number of these providers do a poor job protecting user accounts. These problems were underlined by a recent security breach at Lycos' free email services, which apparently exposed millions of accounts. For more details on the Lycos security breaches, read Evan Hansen, "Bug bites free email services at MailCity, iVillage," CNET News, June 7, 2000 at http://news.cnet.com/news/0-1005-200-2036086.html See also "The Price of Freedom," Reuters, June 1, 2000 at http://www.abcnews.go.com/sections/tech/DailyNews/freeisps000601.html ====================================================== [23] AOL and Barnesandnoble.com leak user info ====================================================== Two major dot-coms have underlined the lack of privacy online. Intruders broke into at least 500 America Online (AOL) accounts using a special computer virus. The virus was attached to incoming e-mail messages; when opened, it allowed attackers to access and edit the account data of AOL users. The criminals were apparently able to discover highly personal information including credit card numbers, as well as their real-world names and home addresses. This attack occurred despite claims from AOL that it does indeed protect user privacy and sifts through e-mails to siphon out computer pests. In another unrelated case, an ordinary user who visited online book retailer BarnesandNoble.com discovered he could access second customer's accounts and discover private tidbits, such as her phone number, address book, and past purchases. It is still not clear just why or how he was allowed to receive such personal information. Oddly enough, a spokesperson for BarnesandNoble.com downplayed the incident, claiming that the disclosure was not that serious because the victim's credit card information was never displayed on the site. For more on AOL's security snafus, read Jim Hu, "AOL security breach exposes personal info," CNET News, June 16, 2000 at http://news.cnet.com/news/0-1005-200-2091566.html See also "AOL says hackers may have stolen credit card numbers," CNN, June 17, 2000 at http://www.cnn.com/2000/TECH/computing/06/17/aol.hacker.01/index.html For further details on the BarnesandNoble.com breach, see Greg Sandoval, "Barnesandnoble.com exposes customer's information," CNET News, June 1, 2000 at http://news.cnet.com/news/0-1007-200-1997618.html ====================================================== [24] Lie-detector software creates paranoia ====================================================== Can a computer tell when a person is lying? That is the question raised by a new computer program created by Trustech. The program, known as Truster, detects stress and other characteristics when a person communicates. While the exact specifications of the software are not entirely clear, the company claims its program is sensitive enough to provide information on the extent to which the tested subject is lying. Trustech is marketing its product to a whole host of potential clients, including law enforcement agencies and corporate employers. Several experts are concerned over the potential privacy implications of this product, as well as its accuracy. Louie Jahjah of the Help Desk Institute + Call Center Institute believes that the program "is not productive or trust-building." Furthermore, the program can be used even in ordinary phone conversations without the test subjects' knowledge. To read more on this subject, see Nicole Manktelow, "This software knows when you're lying," ZDNet Australia, May 30, 2000 at http://www.zdnet.com/zdnn/stories/news/0,4586,2579038,00.html ====================================================== [25] Biometric anti-piracy software threatens privacy ====================================================== Think passwords are a bother? Would you rather have a robotic mouse scan your thumb instead? Or how about secret computerized sentries that can recognize you by the way you stroke the keyboard? Several companies are trying to put these biometric ideas into practice. Net Nanny software, which also produces Internet blocking programs, is working with Musicrypt.com to develop keystroke recognition technologies. This new product will identify users through typing patterns. While this program is initially intended to help entertainment companies protect their copyrighted music (by only allowing such files to be downloaded by identifiable paying customers), Net Nanny's creation could be used in a variety of other contexts. Another biometric program comes from ING Direct, which has created a special mouse with a built-in thumbprint scanner, as well as a robotic "hamster." Both devices read users' thumbs for identification purposes. It is unclear at this point what effect these and other inventions will have on privacy in cyberspace. To read more about NetNanny's initiative, see John Borland, "The latest in anti-piracy efforts: keystroke recognition," CNET News, June 13, 2000 at http://news.cnet.com/news/0-1005-200-2066437.html For further details on ING Direct's thumbprint scanners, read Ken Popovich, "Biometrics-better than passwords?", eWEEK, June 19, 2000 at http://msnbc.com/news/422874.asp?cp1=1 ========================================================== ABOUT THE GILC NEWS ALERT: ========================================================== The GILC News Alert is the newsletter of the Global Internet Liberty Campaign, an international coalition of organizations working to protect and enhance online civil liberties and human rights. Organizations are invited to join GILC by contacting us at gilc@gilc.org. To alert members about threats to cyber liberties, please contact members from your country or send a message to the general GILC address. To submit information about upcoming events, new activist tools and news stories, contact: Christopher Chiu GILC Coordinator American Civil Liberties Union 125 Broad Street, 17th Floor New York, New York 10004 USA Or email: cchiu@aclu.org More information about GILC members and news is available at http://www.gilc.org You may re-print or redistribute the GILC NEWS ALERT freely. To subscribe to the alert, please send e-mail to gilc-announce@gilc.org with the following message in the body: subscribe gilc-announce ======================================================== PUBLICATION OF THIS NEWSLETTER IS MADE POSSIBLE BY A GRANT FROM THE OPEN SOCIETY INSTITUTE (OSI) ======================================================== ---------------------------------- Send mail for the 'huridocs-tech' list to <huridocs-tech@hrea.org>. Mail administrative requests to <majordomo@hrea.org>. For additional assistance, send mail to: <owner-huridocs-tech@hrea.org>. Archives of previous messages posted to the list can be found at: http://www.hrea.org/lists/huridocs-tech/markup/maillist.html
[Reply to this message] [Start a new topic] [Date Index] [Thread Index] [Author Index] [Subject Index] [List Home Page] [HREA Home Page]