GILC Alert Volume 4, Issue 10 December 19, 2000 Welcome to the Global Internet Liberty Campaign Newsletter. Welcome to GILC Alert, the newsletter of the Global Internet Liberty Campaign. We are an international organization of groups working for cyber-liberties, who are determined to preserve civil liberties and human rights on the Internet. We hope you find this newsletter interesting, and we very much hope that you will avail yourselves of the action items in future issues. If you are a part of an organization that would be interested in joining GILC, please contact us at <gilc@gilc.org>. If you are aware of threats to cyber-liberties that we may not know about, please contact the GILC members in your country, or contact GILC as a whole. Please feel free to redistribute this newsletter to appropriate forums. =============================================== Free Expression [1] Mainland China restricts Net news [2] Only 7 new domain names approved [3] French court ruling boosts blocking [4] New Australian net censorship rules [5] US court rulings support anonymous Net speakers [6] Indian portal case threatens online speech [7] Yahoo's new "inspector" hurts free expression [8] US candidate sites blocked by filters Privacy and Encryption [9] US gov't conducts blackbag net tapping break-ins [10] Carnivore spyware report criticized [11] UK plan: keep everyone's emails for 7 yrs [12] Euro anti-privacy "cybercrime" treaty drafted [13] New Zealand gov't pushes cybertapping plan [14] IBM backs controversial data-profiling plan [15] Yahoo unveils crypto email service [16] UK workplace Net surveillance woes [17] Airline wants IDs of protest site's visitors [18] Study: US Internet users want privacy safeguards [19] Nightclub biometric card privacy problems [20] New GILC member: Privacy Ukraine =============================================== [1] Mainland China's new Net censorship rules =============================================== In its fight against online democracy activists, Mainland China trying several new approaches that may include Western technology. Chinese officials have launched a special Golden Shield Project, which will include web surveillance cameras in public places and registration files on every man, woman and child in the country. The idea is to help government agents shut down demonstrations or other such activity with greater speed. The Project will also include filtering software to find and block out politically taboo messages along the Information Superhighway. What is notable about this endeavor is that several major Western companies, including Cisco, Sun Microsystems and Nortel Networks are marketing their products and expertise to Communist Chinese leaders for use within the Golden Shield. Besides these measures, Beijing has also announced new heavy restrictions on Internet news reporting. Under these rules, private websites cannot publish "news" unless they first get approval from Communist officials. After receiving the blessing of the government, these websites still cannot report the news themselves, but generally must use content provided by state-run news agencies under special contracts. Even after jumping over these hurdles, the operators of these webpages must hire a cadre of experts to oversee their operations-experts who essentially would have to come from government owned news bureaus. Human rights groups and free speech advocates have voiced fears that these developments will severely curtail online expression, and have expressed considerable dismay over the apparent willingness of Western firms to cooperate with Chinese censors. Judy M. Chen of Human Rights in China said that "the full potential of the Internet to contribute to China's political and social development needs to be fostered by strong and principled adherence to agreed global standards of human rights - freedom of expression and information. Companies which claim to support such values should, at the very least, demonstrate their unwillingness to be associated with the use of technology for repression by avoiding selling such equipment to the security services in China." The Digital Freedom Network (DFN-a GILC member) posted Ms. Chen's comments under http://dfn.org/focus/china/multinationals.htm Read Martin Fackler, "The Great Fire Wall of China?" Associated Press, Nov. 8, 2000 at http://abcnews.go.com/sections/tech/DailyNews/chinanet001108.html See also "China targets 'enemies' on net," BBC News, Nov. 7, 2000 at http://news.bbc.co.uk/hi/english/world/asia-pacfic/newsid_1010000/1010708.st m ====================================================== [2] Only 7 new domain names approved ====================================================== Will we soon see many new Internet domain names, including .health, .union and so forth? Not exactly. That is according to the Internet Corporation for Assigned Names and Numbers (ICANN). ICANN, which is charged with handling the Internet domain name system, decided to approve only 7 new domain names: .biz, .pro, .coop, .museum, .aero, .name, and .info. The decision came despite increasing evidence that desirable space in current domain names like .com and .org was quickly disappearing, and the opinions of numerous technologists that perhaps millions of new domain names could be introduced without a significant threat to Internet stability. Moreover, the application process itself was apparently hamstrung by ICANN's self-described "very stringent criteria," which included a $50,000 nonrefundable application fee-a fee that seemed to discourage many potential proposals to benefit private individuals and noncommercial groups (such as .humanrights). ICANN's refusal to approve these new domain names has sparked considerable protests, particularly from failed applicants. Duncan Pruett of the International Confederation of Free Trade Unions (ICFTU) lamented ICANN's refusal to back his organizations' proposal from .union, and said that "the ICANN Board's suggestion that the ICFTU, whose affiliates include 216 national trade union centres from all over the world, is not representative of the global trade union community is astonishing. While some board members had certainly done their homework, others seemed to do little justice to proposals which represent large investments of time and money." Similarly, the World Health Organization, whose application for .health was also rejected, said that it was "extremely disappointed with this outcome" and that it would "begin immediately to explore ways of recourse." Meanwhile, ICANN is also facing criticism over its decision to conduct a "clean-sheet" study regarding its internal structures and procedures. Many experts fear that this study may lead to the end of ICANN public elections and cause the organization to become even less democratic than before. An official ICANN press release on the introduction of new Top-Level domains is located at http://www.icann.org/announcements/icann-pr16nov00.htm An ICFTU press release on ICANN's rejection of .union is available at http://www.icftu.org/displaydocument.asp?Index=991211910&Language=EN For more on the WHO's response to ICANN's domain name decision, see http://www.who.int/inf-pr-2000/en/state2000-10.html For comments from the American Civil Liberties Union (ACLU-a GILC member) regarding this process, click http://www.internetdemocracyproject.org/ACLUcomments.htm For further analysis, read Ben Charny, "Did ICANN help the rich get richer?" ZDNet News, Nov. 17, 2000 at http://www.zdnet.com/filters/printerfriendly/0,6061,2655497-2,00.html See also Mark Ward, "New net domains remain in short supply," BBC News Online, Nov. 21, 2000 at http://news.bbc.co.uk/low/english/sci/tech/newsid_1033000/1033835.stm For further background information, visit http://www.internetdemocracyproject.org ==================================================== [3] French court ruling boosts blocking ==================================================== A French court ruling against a major web portal company could have a serious detrimental impact on Internet free speech. Yahoo was recently sued for allowing auctions of Nazi memorabilia on its site in the United States. The suit was made pursuant to French laws that generally prohibit such goods from even being advertised, much less sold. The court ruled against Yahoo and required the company to block French Internet users from accessing the webpages in question within three months. If Yahoo fails to comply, it will have to pay fines amounting to US $13,000 per day. The ruling has generated criticism from a number of experts. In a press release, Imaginons un réseau Internet solidaire (IRIS-a French GILC member) argued that the court's decision was distressing because it imposed filtering on the basis of French citizenship (supposedly deduced from the ISP's IP number) or on the basis of a mere declaration of citizenship. Moreover, IRIS contended that the ruling even went beyond the bounds of French law, which does permit people to view such materials. Similarly, Alan Davidson of the Center for Democracy and Technology (CDT-a GILC member) said that the ruling "would lead to a lowest-common-denominator world where the most restrictive rules of any country would govern all speech on the Internet. What happens when the government of China decides to prosecute a human rights group in the U.S. for publishing dissident materials that are legal here but illegal there?" Since the decision, Yahoo has stated that it will defy the court ruling on jurisdictional grounds. The firm also insisted compliance with the court's edict would be impossible because current computer programs to block questionable Internet content are not effective. However, there is now a similar push to block Yahoo sites in Germany, where prosecutors are planning to sue the corporation for allowing the sale of Hitler's "Mein Kampf" to German citizens, which is forbidden under German law. An English-language translation of the decisions is posted at http://www.istf.org/archive/yahoo_france.html IRIS's press release (in French) is posted at http://www.iris.sgdg.org/info-debat/comm-yahoo1100.html More information on developments in Germany is available from Steve Kettmann, "German Hate Law: No Denying It," Wired News, Dec. 15, 2000 at http://www.wired.com/news/print/0,1294,40669,00.html Read Simon Johanson, "Toben says he won't return for German trial," The Age (Australia), Dec. 13, 2000 at http://www.theage.com.au/frontpage/2000/12/13/FFXA25UEOGC.html See also Steve Gold, "Germany Landmark Nazi Ruling," Newsbytes, Dec. 12, 2000 at http://www.newsbytes.com/news/00/159301.html For more on Yahoo's refusal to abide by the French court ruling, see "Yahoo! Will Ignore Ban," CBS News, Nov. 20, 2000 at http://cbsnews.com/now/story/0,1597,250927-412,00.shtml See also Pierre-Antoine Souchard, "France Calls for Net 'Zoning'," Associated Press, Nov. 21, 2000 at http://washingtonpost.com/wp-dyn/articles/A46742-2000Nov20.html ==================================================== [4] New Australian net censorship rules ==================================================== Cyberliberties groups are warning that new South Australian rules may have a chilling effect on Internet expression. While details are sketchy, the South Australian Attorney-General, Trevor Griffin said that the bill would "make it illegal to make available online matter which would be illegal if left in a public place offline." However, the legislation would apparently include criteria that had previously been used for films and video tapes, which are more restrictive than those applicable to books, pamphlets and other printed materials. Furthermore, the proposal may make it illegal simply to make sexually explicit material available via the Internet, even if it is legal to distribute such materials to adults by regular mail throughout Australia. Hence, experts are suggesting that these rules would in fact ban material online that is legal offline, contrary to Mr. Griffin's assertions. The SA State legislation is apparently intended to complement and enforce Commonwealth legislation, which became effective on 1 January 2000 and similarly censors material online that can legally be published and distributed offline. Not surprisingly, free speech advocates have fiercely resisted this plan. Electronic Frontiers Australia (EFA-a GILC member) issued a statement arguing that "parents are better placed than Governments to determine whether a problem exists with their child's use of the Internet." Indeed, the group noted that potentially far-reaching impact the proposal would have, and said that "The physical location of Internet content is a matter of little relevance. A content provider in any Australian State or Territory can have content hosted elsewhere in Australia or any other country." In the end, EFA held that such "legislative attempts to regulate content on the Internet should be abandoned." See EFA's coverage of this issue by visiting http://www.efa.org.au/Campaigns/sabill.html Read Megan McAuliffe, "South Australian government censors Net," ZDNet Australia, Nov. 9, 2000 http://www.zdnet.com.au/news/dailynews/story/0,2000011358,20106865,00.htm ==================================================== [5] US court rulings support anonymous Net speakers ==================================================== Several recent court rulings may help protect the anonymity of speakers online. In one of these cases, Melvin v. Doe, a Pennsylvania jurist, Joan Orie Melvin, tried to discover the identity of her online critics as part of a defamation lawsuit. State court Judge R. Stanton Wettick Jr. ruled that "anonymous Internet speakers, unlike the national media, are vulnerable because they lack power or money. Without anonymity, speakers will be less willing to express controversial positions because of fears of reprisal." He held that the identity of defendant may not be disclosed until that person has had an opportunity to prove that the defamation lawsuit is groundless. Ann Beeson of the American Civil Liberties Union (ACLU-a GILC member), who was a part of the litigation team, noted the importance of this ruling, explaining that "[u]ntil today, a public official or employer claiming defamation could get a court to disclose the name of an anonymous Web author simply by filing a lawsuit." Similarly, in New Jersey, Dendrite International sued four anonymous Internet users (including two purported employees) for their statements about the company. New Jersey Superior Court Judge Kenneth C. MacKenzie denied Dendrite's request to unmask these speakers. Subsequently, Paul Levy of Public Citizen (which intervened in the case) praised the decision: "By setting forth strict evidentiary standards for compelled identification, and then showing that these standards can produce real protection for anonymity, this decision is a tremendous victory for free speech." For an ACLU press release regarding the Melvin decision, click http://www.aclu.org/news/2000/n111500a.html For more on the New Jersey decision, read Martin Stone, "Judge Protects Web-Posters' Anonymity," Newsbytes, Nov. 30, 2000 at http://www.newsbytes.com/news/00/158764.html ==================================================== [6] Indian portal case threatens online speech ==================================================== Should a person be held responsible for questionable Internet content that is located on another person's website? That is the question being posed by an upcoming criminal trial against the proprietors of an Indian search engine. The case arose when a law student complained that Rediff.com allowed access to pornographic material. Subsequent police inquiry revealed that the website did not create or contain any such files, and acted as a normal general purpose portal for all types of Internet content. Nevertheless, Judge S. Bhosie claimed that search engines ought to incorporate filters to block out objectionable sites, and ordered that Rediff directors be put on trial. The defendants could be sentenced to two years in prison. Bhosie apparently disregarded arguments made by numerous experts that filtering software programs are flawed and block out many types of valuable Internet speech, including sites that have no adult content whatsoever. A Rediff spokesperson held that "[e]ven God cannot alter the way a search engine works. Either you ban Indian sites from using search engines, which is a ridiculous idea, or you live with the fact that any Indian user will be able to access porn sites." Read Manu Joseph, "Porn a Thorn for Indian Portal," Wired News, Dec. 4, 2000 at http://www.wired.com/news/print/0,1294,40432,00.html ==================================================== [7] Yahoo's new "inspector" hurts free expression ==================================================== One of the world's most popular websites is launching a new program that may severely curtail Internet expression. A Yahoo executive admitted that the firm will hire a special "inspector" to monitor its Messenger system for questionable content. Martina King, the managing director of Yahoo in the United Kingdom, said that her company is working with law enforcement officials as part of this project. Under this plan, if the inspector discovers certain types of "unacceptable use," the police will be notified and joint operations will be carried out to silence or prosecute the offender. Oddly enough, she even said that if these officials suggest Yahoo should shutdown its chat rooms as a proper way to deal with the purported problems of adult material, she would carry it out, as part of "a zero-tolerance strategy." King has further suggested that Yahoo may require computer users to register using credit card information, then transfer this data along to the police. It is unclear what effect these measures will have on Internet privacy as well as freedom of expression. Read Richard Barry & Wendy McAuliffe, "Yahoo! vows to stop pedophiles," ZDNet News, Nov. 24, 2000 at http://www.zdnet.com/zdnn/stories/news/0,4586,2656730,00.html ==================================================== [8] US candidate sites blocked by filters ==================================================== A number of American politicians are thinking twice about the supposed virtues of Internet filtering software. This comes after the websites of several government office seekers were blocked by such programs as CyberPatrol. Jeffery Pollock, a conservative Christian candidate for the United States House of Representatives, said that he "was quite baffled" when his election homepage was shutout. Pollock had previously stated that "We should demand that all public schools and libraries install and configure Internet Filters." He later commented, "Now to find out that a lot of schools may have filtered out my Web site is very disturbing to me." Indeed, these concerns were bolstered by a recent study by Peacefire (a GILC member) and NetElection.org. Entitled "Blind Ballots: Web Sites of U.S. Political Candidates Censored by Censorware," this report showed that together, filtering software packages such as CyberPatrol and N2H2 Bess censored dozens of websites, including the homepages of several prominent incumbent elected officials. The report concluded that "[w]hile blocking software companies often justify their errors by pointing out that they are quickly corrected, this does not help any of the candidates listed above. Their campaigns have been sabotaged in our public schools and libraries, and corrections made after Election Day do not help them at all." The joint Peacefire/NetElection.org "Blind Ballots" study is available under http://peacefire.org/blind-ballots/ See Lisa M. Bowman, "Filtering programs block candidate sites," ZDNet News, Nov. 8, 2000 at http://www.zdnet.com/zdnn/stories/news/0,4586,2651471,00.html ===================================================== [9] US gov't conducts blackbag net tapping break-ins ===================================================== Privacy advocates are alarmed over revelations that United States law enforcement officials have conducted secret break-ins to steal passwords, encryption keys and other types of sensitive computer-related information. Previously, US government officials had sought new laws that would allow them to conduct these so-called "blackbag" jobs. These proposals came in the form of both stand alone bills (such as the Cyberspace Electronic Security Act) and provisions within other pieces of legislation (including a recent anti-Methamphetamine plan). Despite the fact that these proposals never did become law, recent court documents reveal that government officials have now gone ahead and conducted at least one break-in. Operatives from the Federal Bureau of Investigation (FBI) got a court's permission to surreptitiously enter a private building and use "recovery methods which will capture the necessary key-related information and encrypted [computer] files." While neither the FBI nor Federal prosecutors have been forthcoming with information about the break-in, reports indicated that government agents installed a keystroke-capture device so that they could intercept virtually anything that was typed into a particular computer, including password information. It is unclear at this point how many other buildings have been invaded by Federal agents or whether all of the targets of such break-ins were actually criminals at all. David Sobel of the Electronic Privacy Information Center (EPIC-a GILC member) worries: "If we're now talking about expanding (black bag jobs) to every case in which the government has an interest where the subject is using a computer and encryption, the number of break-ins is going to skyrocket. Break-ins are going to become commonplace." The court order is available at http://www.epic.org/crypto/breakin/order.pdf The FBI's prior application is located under http://www.epic.org/crypto/breakin/application.pdf Read Declan McCullagh, "FBI Hacks Alleged Mobster," Wired News, Dec. 6, 2000 at http://www.wired.com/news/print/0,1294,40541,00.html See also George Anastasia, "Scarfo case could test cyber-spying tactic," Philadelphia Inquirer, Dec. 5, 2000, at http://inq.philly.com/content/inquirer/2000/12/04/front_page/JMOB04.htm For more on the Cyberspace Electronic Security Act, visit http://www.epic.org/crypto/legislation/cesa/ For background information on the anti-Methamphetamine bill, read the following press release on this subject from the American Civil Liberties Union (ACLU-a GILC member): http://www.aclu.org/news/2000/n072500a.html =================================================== [10] Carnivore spyware report criticized =================================================== Controversy continues to grow over a US government spyware program. The device, known as Carnivore, is attached to the server of a given Internet service provider. It intercepts all Internet transmissions that come through the server, then parses out pertinent material, based on chosen keywords. The US Department of Justice (DoJ) has confirmed that Carnivore can monitor private e-mail messages as well as activity on the World Wide Web and in chat rooms. The US Federal Bureau of Investigations (FBI) then decides which particular communications it believes it is entitled to review. After considerable public outcry, the US government commissioned an "independent" review panel to see whether Carnivore complies with Federal wiretapping laws, which, however, contained a large number of White House insiders, including a former Clinton information policy advisor, and a former Justice Department official. In a draft report, the panel ignored questions about the constitutionality of Carnivore and did not conduct a number of key tests due to an apparent lack of resources. Despite the apparent failure of the team to address these root issues, and despite confirming reports that "Carnivore can collect everything that passes by on the Ethernet segment to which it is collected," the panel somehow concluded that the system "protects privacy and enables lawful surveillance better than alternatives." The report also contained curiously condescending language saying that "the public, service providers and privacy advocates ... do not understand how electronic surveillance works." The report was savaged by many organizations. In formal comments submitted to the DoJ, the American Civil Liberties Union (ACLU-a GILC member) mentioned that "[w]hen the 'independent review' ... was announced, we expressed substantial reservations about both the independence of the reviewers and the proposed scope of their review. ... Having now read the report, which we note was itself redacted and subject to the sanitizing authority of the Justice Department, our concerns have been reinforced." Among other things, the ACLU pointed out that "despite repeated assertions to the contrary from the FBI, the report concludes that Carnivore has no effective auditing function that would expose and prevent abuses." Moreover, while "the review team recommends against the immediate public release of Carnivore source code, out of the fear that Internet users will use the information to exploit its weaknesses," the ACLU argued that "[t]his fear is belied by the detailed descriptions (contained within the report) of numerous Carnivore flaws." In short, as David Sobel from the Electronic Privacy Information Center (EPIC-a GILC member) pointed out in his comments to the DoJ, "Despite FBI claims that the review has vindicated Carnivore, it has actually validated many of the privacy concerns that have been voiced by the public and members of Congress. Internet users won't find much comfort in the review team's report. Private communications are very much at risk." The Final version of the Carnivore review team report is available (in PDF Format) under http://www.usdoj.gov/jmd/publications/carniv_final.pdf To see EPIC's collection of Carnivore FOIA documents, click http://www.epic.org/privacy/carnivore/foia_documents.html The ACLU's comments on the review team draft report are available under http://www.aclu.org/news/2000/carnivore_comments.html EPIC's comments on the review team draft report are posted at http://www.epic.org/privacy/carnivore/review_comments.html A critique of the IITRI report by a special panel of experts (including Matt Blaze, Steven Bellovin and others) can be seen at http://www.crypto.com/papers/carnivore_report_comments.html See D. Ian Hopper, "'Carnivore' Report Questioned," Associated Press, Nov. 22, 2000 at http://www.abcnews.go.com/sections/tech/DailyNews/carnivore001122.html See also Brian Krebs, "Senate Judiciary Committee Keeps Pressure On FBI's Carnivore," Newsbytes, Nov. 28, 2000 at http://www.newsbytes.com/news/00/158690.html ========================================================== [11] UK plan: keep everyone's emails for 7 yrs ========================================================== Here's an idea to stop cybercrime: let the government collect and read all email messages sent along the network, then keep those messages for several years at a time. That's apparently the plan being considered by the British Home Office. Several law enforcement agencies in the United Kingdom (including M.I.5, M.I.6 and others) are seeking laws to record every email and phone call made (as well as every webpage accessed) in the nation and retain the records for 7 years. Implementation of this "data warehouse" scheme is expected to cost several million pounds. The proposal was revealed in a restricted document written by Roger Gaspar of the British National Intelligence Service on behalf of several groups, including Great Britain's Government Communications Headquarters (GCHQ). GCHQ in the past has been linked with ECHELON, a super-secret system designed to intercept communications from around the world that principally operated by the US National Security Agency (NSA). These revelations have ignited a firestorm of criticism. Opposition party leader Lord Cope stated that he and many other people "are sympathetic to the need for greater powers to fight modern types of crime. But vast banks of information on every member of the public can quickly slip into the world of Big Brother." Indeed, a number of observers believe that the plan would violate numerous international accords, including the Human Rights Act and the European Union data privacy directive. Not surprisingly, the office of the European Data Protection Commissioner has said it has "grave concerns" about the entire project. Additionally, John Wadham from the National Council for Civil Liberties (Liberty-a GILC member) warned that if the proposal is approved, "we will challenge this in the courts in this country and the European court of human rights." Read Kamal Ahmed, "Secret plan to spy on all British phone calls," The Observer, Dec. 3, 2000 at http://www.observer.co.uk/Print/0,3848,4099838,00.html The original proposal paper is available online under http://cryptome.org/ncis-carnivore.htm For more of John Wadham's remarks, see Richard Norton-Taylor, "Spies seek access to phone, email and net links," The Guardian, Dec. 4, 2000 at http://www.guardian.co.uk/uk_news/story/0,3604,406439,00.html ==================================================== [12] Euro anti-privacy treaty receives backlash ==================================================== Controversy continues to swirl around a new version of a proposed cybercrime convention, which privacy advocates say will allow massive government surveillance online. Among other things, this new draft of a Council of Europe proposal would have signatory countries enact laws that might make it easier for government agents to search computers and conduct real-time surveillance on private citizens through telecommunications networks. The convention includes provisions which may allow law enforcement officials greater access to many types of personal security information, such as encryption keys. Additionally, the scheme could make Internet service providers (ISPs) liable for their customers' content, and may lead ISPs to monitor and retain records on customer activities. Furthermore, the draft treaty mandates signatories to create new harsh penalties for copyright infringement. Minor changes were made to the convention partly in response to a previous Global Internet Liberty Campaign statement, which had condemned an earlier draft of the treaty. Subsequently, the Campaign said in a second letter that "To our dismay and alarm, the convention continues to be a document that threatens the rights of the individual while extending the powers of police authorities, creates a low-barrier protection of rights uniformly across borders, and ignores highly-regarded data protection principles. Although some changes have been made ... we remain dissatisfied with the substance of the convention. We question the validity of the process that still endures a closed environment and secrecy." In addition, many companies have expressed anxiety because they fear they will burdened with high installation costs. This has apparently already happened in the Netherlands, where Dutch Internet service providers (ISPs) have passed along the costs to ordinary computer users by raising access fees by up to 25%. Yet despite these apparent problems, similar anti-cybercrime proposals are sprouting up around the world, from Hong Kong to Germany. To read the latest draft (no. 24 rev. 2) of the treaty, click http://conventions.coe.int/treaty/EN/projets/cybercrime24.htm The GILC letter in response to version 24-2 of the cybercrime convention is posted at http://www.gilc.org/privacy/coe-letter-1200.html For a German translation, of this statement, click http://www.quintessenz.org/gilc-coe-de-1200.html A French translation is available at http://www.iris.sgdg.org/actions/cybercrime/gilc-coe-fr-1200.html To see the first GILC statement, click http://www.gilc.org/privacy/coe-letter-1000.html For the latest press coverage on this subject, see Mark Ward, "Cybercrime treaty condemned," BBC News Online, Dec. 18, 2000 at http://news.bbc.co.uk/hi/english/sci/tech/newsid_1072000/1072580.stm "Cybercrime pact steps on privacy, groups say," Reuters, Dec. 14, 2000 at http://www.cnn.com/2000/TECH/computing/12/14/cybercrime.reut/index.html Read Robert Lemos, "Cybercrime treaty still doesn't cut it," ZDNet News, Dec. 13, 2000 at http://www.zdnet.com/zdnn/stories/news/0,4586,2664493,00.html For a special dossier of cybercrime materials created by Imaginons un Reseau Internet Solidaire (IRIS-a GILC member), visit http://www.iris.sgdg.org/actions/cybercrime For additional background information, visit the Center for Democracy and Technology website under http://www.cdt.org/international/cybercrime/ For more on the plight of Dutch ISPs, see Joris Evers, "Dutch ISPs to Pass Along Cybercrime Costs," IDG News, Dec. 4, 2000 at http://www.thestandard.com/article/display/0,1151,20571,00.html For more on the Hong Kong government's new cybercrime plans, see Adam Creed, "Hong Kong Govt Proposes New Laws To Tackle Cyber Crime," Newsbytes, Dec. 4, 2000 at http://www.newsbytes.com/news/00/158894.html For more on recent German plans for Internet surveillance, read Rick Perera, "German Officials Warn of Net 'Big Brother'," IDG News, Dec. 6, 2000 at http://www.thestandard.com/article/display/0,1151,20635,00.html ========================================================== [13] New Zealand gov't unveils cybertapping plan ========================================================== A recent New Zealand government proposal may significantly erode online privacy. The Crimes Amendment Bill would apparently allow law enforcement agents to secretly break into the computers of unsuspecting users. Under the proposal, individuals could be forced to divulge their passwords or hand over their encryption keys to the government. In addition, Internet service providers and other communications companies may have to build spyware into their networks to fulfill the requirements of New Zealand security forces. Observers have noted similarities between this scheme and similar measures adopted in other countries, such as the British Regulation of Investigatory Powers Act (RIP) and the United States Communications Assistance for Law Enforcement Act (CALEA). While the plan is supposedly meant to deter cybercrime, critics claim that the Bill is really designed to expand police surveillance powers on a massive scale. To wit, New Zealand's Information Minister Paul Swain, claimed that he had been given "an absolute assurance that law-abiding citizens who are not involved in criminal activity have nothing to fear from this legislation." However, it is not clear just what specific language would safeguard citizens from unnecessarily intrusive government behavior. Not surprisingly, the Bill has run into considerable opposition. Keith Locke, a member of New Zealand's Parliament, called the legislation "draconian" and is supporting a petition drive to keep law enforcement officials from intercepting email transmissions. He also called on fellow politicians to extend the comment period for the proposal (which currently ends on February 9), saying that the "Internet is abuzz with protest" and that the short timeframe for submissions may prevent these dissenting voices from being heard. For more on the Crime Amendment Bill, see Nicky Hager, "International co-operation in internet surveillance," Heise Telepolis, Nov. 22, 2000 at http://www.heise.de/tp/english/special/enfo/4306/1.html For more of Keith Locke's comments, read Adam Creed, "New Zealand MP Unhappy With Anti-Hacking Bill Process," Newsbytes, Nov. 30, 2000 at http://www.newsbytes.com/news/00/158760.html ========================================================== [14] IBM backs controversial data-profiling plan ========================================================== Several major corporations are formulating a new computerized database system that critics say will have an adverse impact on individual privacy. IBM, MicroStrategy Inc., First Union Corp. and several other companies are pushing a Customer Profile Exchange standard that will allow large companies to more easily transfer data files on ordinary citizens. These files will not be restricted merely to names, email addresses and telephone numbers; they will include such details as passport numbers, national identifiers, taxpayer identifications numbers, marital status, hobbies, occupations, and even smoking habits. The system will be completely automated, so that all of these tidbits can be reduced to an XML formatted file and sent on to countless companies at the click of a button. Privacy groups have expressed dismay at these developments, which they say could allow large scale corporate tracking of individuals, as well as invite fraud by creating a massive database that may then become a huge target for criminals. Lauren Gelman from the Electronic Frontier Foundation (EFF-a GILC member) noted that the dearth of strong privacy regulations that could prevent such intrusive behavior. "There are no standards for what they can and cannot do. The privacy protection is not something you can build into a system designed to ease the exchange of information." Indeed, a number of prominent lawmakers have raised red flags over the new plan. Senator Richard Shelby wrote a letter to the head of the United States Federal Trade Commission (FTC), saying that though the IBM proposal "is intended to enhance commercial activity, I am troubled that insufficient attention has been given to the negative ramifications that the use of this exchange will have on the privacy of American consumers. When this standard is put in practice, the personal information of hundreds of millions of Americans will be readily and widely available." He called for the FTC to investigate the potential privacy problems that the new database system might cause. Senator Shelby's remarks are posted at http://www.senate.gov/~shelby/press/prsrs373.htm See also Robert O'Harrow Jr., "Internet Firms Act to Ease Sharing of Personal Data," Washington Post, Dec. 5, 2000, page E1 at http://washingtonpost.com/wp-dyn/articles/A23676-2000Dec4.html ========================================================== [15] Yahoo unveils crypto email service ========================================================== One of the world's largest search engine companies will soon offer encrypted email service. To do this, Yahoo has teamed up with Zixit Corporation to add an encryption function into its free email software. Under this system, users who receive encoded transmissions will receive special notifications. The recipients would then click links contained within the notification messages to read the underlying encrypted emails, via securedelivery.com, which is run by Zixit. However, Yahoo has already informed potential applicants that "this is not an end-to-end secure service." Specifically, email messages sent under this plan are only encrypted after they travel from users' computers to Yahoo's servers. The entire system should be operational sometime within the next few months. Yahoo's new encrypted web-based email program is just one of several emerging technologies that are just now becoming available to consumers. Several weeks ago, Hush Communications and Cyber-Rights & Cyber-Liberties UK (a GILC member) joined forces to create a free service, Cyber-Rights.Net, which allows users to send and receive email that is encrypted and secured from end-to-end, assuming both the recipient and the sender use Hushmail on their computers. Because the system is web-based, registrants can utilize Cyber-Rights.Net from any location in the world that has Internet access. Cyber-Rights.Net is part of a campaign against the controversial British Regulation of Investigatory Powers Act (RIP) 2000, which passed into law this past October and has been heavily criticized by privacy advocates. Read Dick Kelsey, "Yahoo Intros Encrypted E-mail Delivery," Newsbytes, Nov. 29, 2000 at http://www.newsbytes.com/news/00/158750.html See Paul Festa, "Yahoo! delivers encrypted email," CNet News, Nov. 29, 2000 at http://news.cnet.com/news/0-1005-200-3901784.html The Cyber-Rights.net homepage is located at http://www.cyber-rights.net ========================================================== [16] UK workplace Net surveillance woes ========================================================== New questions have arisen over the extent to which British bosses can monitor their workers online. These questions come after the British Parliament enacted the much-maligned Regulation of Investigatory Powers Act (RIP), which many people feel will enable government agents to conduct wide scale searches into the activities of private Internet users. The Act includes language stating that employers have a legal right to monitor their workers. Since then, the British Data Protection Commission has issued a draft code that would place restrictions on this supposed right, including fines against firms that violate the code. Yet despite these restraints, a Commission spokesperson claimed that they did not contradict the language of RIP. This series of events has led to considerable confusion. The British Chamber of Commerce is now arguing that companies should ban all non-business use of their email systems to avoid liability under the code. By contrast, a Data Protection Commission spokesman suggested that corporations "should look at the real risks and introduce solutions that are least intrusive." It is not known whether the draft will be revised to further protect the privacy of employees before it is scheduled to become law in the spring. Read Will Knight, "Could employers ban personal email?" ZDNet UK, Nov. 28, 2000 at http://www.zdnet.co.uk/news/2000/47/ns-19354.html See also Jane Wakefield, "Cable company sacks six for email 'misuse'," ZDNet UK, Nov. 29, 2000 at http://www.zdnet.co.uk/news/2000/47/ns-19364.html ========================================================== [17] Airline wants IDs of protest site's visitors ========================================================== A major US air carrier is trying to discover personal information about its online critics. United Airlines is seeking to identify visitors to www.the-mechanic.com, which purportedly was popular with union member employees. United had previously gone to court and won a restraining order that banned its mechanics from taking part in certain labor-related job actions (such as strikes). However, the company went further by getting a subpoena for data regarding 30 or so people who had posted messages on the message board of the aforementioned site. It tried to justify its action by claiming that merely expressing views through the Internet was tantamount to engaging in the sort of job actions that were banned in the restraining order. In the words of United spokesperson Andy Plews, "It is clear the temporary restraining order is not being complied with." Dennis Sanderson, who runs www.the-mechanic.com, vehemently objected to these suggestions from airline officials, and noted the intimidating nature of United's court maneuvers: "The objective of the whole thing is to shut the Web site down. I'm no constitutional lawyer, but don't people have a right to disagree with corporate management?" For his part, Sanderson not only denied taking part in any job action, but said he had no official role in the union that represents United's mechanics and had not received any sport from the group. See Marilyn Adams & David Field, "United Seeks Identities of Web Site's Users," USA Today, Nov. 28, 2000 at http://www.usatoday.com/life/cyber/tech/cti846.htm ========================================================== [18] Study: US Internet users want privacy safeguards ========================================================== Many American Internet users would like to see stronger protection of their privacy online rights. That is the apparent conclusion of a recent study entitled "Public Records and the Responsible Use of Information." In this report, a whopping 88% of respondents said that they are at least "somewhat concerned" about the possibility that their personal data may be abused. 84% of those polled were against the online display of public records that contain personal information. Over 60% of the users would be willing to pass along such information, but only if the entity seeking this data asked their permission first-a process known as opt-in. Alan Westin, a professor at Columbia University and the primary author of this report, suggested that these results show Americans are willing back new proposals that would create a baseline for privacy rights. "It would be very reassuring to the American public to have the right kind of framework legislation for (privacy on) the Internet." While several privacy bills were introduced this past year but were not approved, the apparent rise of public support for new privacy rules may spur new privacy proposals in the coming months. Read David McGuire, "Americans Cautiously Willing To Share Info Online-Study," Newsbytes, Nov. 30, 2000 at http://www.newsbytes.com/news/00/158801.html See also Brian Krebs, "Privacy, Info Reliability Key Issues For Internet Users," Newsbytes, Nov. 30, 2000 at http://www.newsbytes.com/news/00/158794.html ========================================================== [19] Nightclub biometric card privacy problems ========================================================== Privacy advocates are concerned about new biometric identification cards that are being issued by European discotheques. These cards contain sensitive personal information including the holder's fingerprints, as well as the number of times the holder has been to a particular club. The technology is in part used for identification purposes; individuals can use these cards to log on to the Internet, enter clubs, and even acquire everyday items such as beverages. However, the system also apparently allows nightspot owners and other interested parties to track users both in clubs and online. Indeed, a spokesperson for Interstrat ICT Group, one of the system's creators, boasted that "[d]ue to the stored biometrics, the card is a 'powerful' and extremely 'fair' entrance control tool." Many experts are worried that these cards will have a damaging effect on individual privacy. Indeed, it is unclear whether this system conforms with European Union data privacy directives. Yet despite these difficulties, Interstrat is hoping to expand the system into other countries, including the United States. Read Jennifer Askin, "Cyber Bouncer," ABCNews.com (US), Nov. 30, 2000 at http://www.abcnews.go.com/sections/world/DailyNews/britain_cyberbouncers0011 30.html ========================================================== [20] New GILC member: Privacy Ukraine ========================================================== The Global Internet Liberty Campaign recently welcomed a new member: Privacy Ukraine. Founded in 1999, this non-profit organization is a strong advocate of privacy rights and free expression throughout the former Soviet republic. The group has successfully launched a special project entitled "Assistance to the development of right to privacy in Ukraine." This initiative has fostered greater government deference to the privacy values, and has been involved with the revision and presentation of an alternative draft Ukrainian Data Protection directive. The project has also created a Ukrainian-language international privacy law sourcebook. In the past, Privacy Ukraine has actively cooperated with the Parliament Committee on Legal Policy, the State Telecommunication Committee, the Ministry of Justice, Council of Europe Data Protection Unit. It has also collaborated with several other GILC member organizations, including Privacy International, the Electronic Privacy Information Center (EPIC), Cyber-Rights & Cyber-Liberties UK. Privacy Ukraine can be contacted by e-mail via privacy@ukrnet.net ========================================================== ABOUT THE GILC NEWS ALERT: ========================================================== The GILC News Alert is the newsletter of the Global Internet Liberty Campaign, an international coalition of organizations working to protect and enhance online civil liberties and human rights. Organizations are invited to join GILC by contacting us at gilc@gilc.org. To alert members about threats to cyber liberties, please contact members from your country or send a message to the general GILC address. To submit information about upcoming events, new activist tools and news stories, contact: Christopher Chiu GILC Coordinator American Civil Liberties Union 125 Broad Street, 17th Floor New York, New York 10004 USA Or email: cchiu@aclu.org More information about GILC members and news is available at http://www.gilc.org You may re-print or redistribute the GILC NEWS ALERT freely. To subscribe to the alert, please send e-mail to gilc-announce@gilc.org with the following message in the body: subscribe gilc-announce ======================================================== PUBLICATION OF THIS NEWSLETTER IS MADE POSSIBLE BY A GRANT FROM THE OPEN SOCIETY INSTITUTE (OSI) ======================================================== ========== HURIDOCS-Tech listserv ========== Send mail intended for the list to <huridocs-tech@hrea.org>. Archives of the list can be found at: http://www.hrea.org/lists/huridocs-tech/ To subscribe to the list, send a message to <majordomo@hrea.org>, with the following text in the message: subscribe huridocs-tech To unsubscribe from the list, send a message to <majordomo@hrea.org>, with the following text in the message: unsubscribe huridocs-tech If you have problems (un)subscribing, contact <owner-huridocs-tech@hrea.org>.
[Reply to this message] [Start a new topic] [Date Index] [Thread Index] [Author Index] [Subject Index] [List Home Page] [HREA Home Page]