GILC Alert, Volume 5, Issue 3

Subject: [huridocs-tech] GILC Alert, Volume 5, Issue 3
Date: Fri, 4 May 2001 11:17:56 -0400
GILC Alert
Volume 5, Issue 3
May 4, 2001

Welcome to the Global Internet Liberty Campaign Newsletter.

Welcome to GILC Alert, the newsletter of the Global Internet Liberty
Campaign. We are an international organization of groups working for
cyber-liberties, who are determined to preserve civil liberties and human
rights on the Internet.
We hope you find this newsletter interesting, and we very much hope that you
will avail yourselves of the action items in future issues.
If you are a part of an organization that would be interested in joining
GILC, please contact us at <gilc@gilc.org>.
If you are aware of threats to cyber-liberties that we may not know about,
please contact the GILC members in your country, or contact GILC as a whole.
Please feel free to redistribute this newsletter to appropriate forums.

===============================================
Free expression
[1] Korean censorware plans draw fire
[2] US libraries, schools face blocking deadline
[3] Mainland China jails more Net dissidents
[4] Malaysian news sites face uphill battle
[5] DVD battles rage Down Under and in US
[6] 2TheMart and MeltroniX Net speech cases
[7] Domain name deals spark anger
[8] Anti-fair use standards fail again
[9] Holocaust site flap Down Under
[10] Ford sues over anti-General Motors Net name
[11] Hollywood spies then sues Net speakers
[12] Internet usage worldwide varies heavily
[13] Whistleblower website launched
[14] Australian censor system largely dormant

Privacy
[15] Cybercrime pact lurches forward
[16] iRobots webcams spy on children
[17] Communist China plans Carnivore-type spyware
[18] New British cyberspy agency created
[19] Euro hearing on ECHELON surveillance
[20] US-EU flap over Safe Harbor contracts
[21] Microsoft SmartTags & Hailstorm privacy woes
[22] EBay pulls an Amazon, waters down privacy policy
[23] Biometric software faces privacy & technical woes
[24] EU panel questions Australian privacy laws
[25] DoubleClick suffers security breach
[26] German gov't searches Net music lovers' homes
[27] Privacy surveys reflect public unease
[28] Sales problems for invasive CueCat, TiVo devices
[29] Digital hospital sparks privacy concerns
[30] Upcoming Japan privacy meetings

===============================================
[1] Korean censorware plans draw fire
===============================================
Controversy continues to surround Korean government plans to block both
domestic and overseas websites.

The Korean Ministry of Information and Communication is pushing a special
Internet ordinance that essentially would require blocking software to be
installed in cybercafes and other public computing facilities. A special
Information Communication Ethics Committee already has drawn up a list of
some 119 000 "anti social" sites that they deem objectionable. This list,
which apparently includes numerous overseas webpages, will soon be provided
to software developers for incorporation within blocking packages.
Authorities will also work with Internet service providers to make sure
access to any questionable webpages will be denied; criminal penalties will
be levied on those who aid and abet access to such sites. However, many
questions about this plan have yet to be answered, including what criteria
will be used to determine which sites should be blocked, or even the precise
pages that have banned.

The measure, which is expected to take effect this July, has drawn heavy
criticism over its potentially damaging impact on freedom of expression.
Some of these concerns were aired in a recent meeting at the Sejong Cultural
Art Center in Seoul; at the event, Chang Yeo Kyung from Jinbonet argued that
the proposal will not protect children, but will only ensure "that the
rights of parents and the public will be seriously violated." Opponents of
the ordinance specifically focused on how virtually all blocking programs
were prone to errors and tended to block many sites that had no
controversial content whatsoever. These groups are now suing in court in the
hopes of striking down the new restrictions.

See Kim Deok-hyun, "120,000 Internet sites blacklisted," Korea Times, May 2,
2001 at
http://www.hankooki.com/kt_tech/200105/t2001050217201245110.htm

See also Kim Deok-hyun, "Internet Filtering Ordinance Spurs New Debate,"
Korea Times, Apr. 23, 2001 at
http://www.hk.co.kr/kt_tech/200104/t20010-42316411745110.htm

Read "Seoul taking action against foreign pornographic sites," Korea Herald,
Apr. 11, 2001 at
http://www.koreaherald.com/SITE/data/html_dir/2001/04/11/200104110036.asp

=================================================
[2] US libraries, schools face blocking deadline
=================================================
Protests are mounting over a new Internet blocking law that affects
educational institutions throughout the United States.

The so-called "Children's Internet Protection Act" essentially requires high
schools and libraries to include blocking software on their computers.
Institutions that refuse to do so (or refuse to implement policies to that
effect) would lose federal funding. CIPA is now being challenged in court by
several groups, including the American Civil Liberties Union (ACLU-a GILC
member) and the American Library Association.

The law was to take effect on April 20, 2001, but deadline for compliance
has been pushed back until July 1, 2001 at the earliest. These delays came
partly at the behest of cyberlibertarians, who expressed concerns about the
law's effectiveness and potential harm to freedom of expression. Indeed, the
Electronic Frontier Foundation (EFF-a GILC member) mobilized street protests
in New York and California to vent frustration over CIPA, as well as a
special BayFF forum.

For an ACLU press release on the subject, click
http://www.aclu.org/news/2001/n041901b.html

Read Brian Krebs, "Web Filters At Schools, Libraries By July 2002,"
Newsbytes, Apr. 6, 2001 at
http://www.newsbytes.com/news/01/164204.html

For more on EFF-sponsored street protests, visit
http://www.eff.org/Censorship/Censorware/20010420_chipa_protest_pics.html

For more on the EFF BayFF forum on censorware, see
http://www.eff.org/br/br1.html

===============================================
[3] Mainland China jails more Net dissidents
===============================================
With a flurry of arrests, mainland China has apparently started a new
offensive against its online critics.

Reports indicate mainland Chinese authorities have arrested several
activists, including Guo Qinghai, who had written numerous online opinion
pieces that urged reforms, and Lu Xinhua, who sent messages to various Web
sites overseas and documented human rights abuses. Another online dissident,
Chi Shouzhu, was held after he printed out material from a pro-democracy
website. He had been released just a few months ago after serving a decade
in jail for his participation in the 1989 Tienanmen demonstrations.
Meanwhile, fellow Internet activist Leng Wenbao was subjected to two hours
of police interrogation while his house was ransacked and his computer was
seized. Government agents are also holding Yang Zili, the proprietor of
www.lib.126.com, which included articles on the suppression of the Falun
Gong spiritual movement, economic disparities in Chinese society and
critiques of communism.

Additionally, Chinese commisars have banned the opening of any new
cybercafes for at least three months, in an apparent attempt to stifle
various forms of Internet content. Similar initiatives are being launched at
the local level, including Shanghai. In some areas, the computers in these
establishments are being fitted with "information purifiers" that block
access to various controversial websites. The crackdown may have a
far-reaching impact because the vast majority of the population does not
have home Internet access, and must depend on cybercafes to get on the
Information Superhighway.

Not surprisingly, these moves have met with dismay from free speech
advocates. Robert Menard from Reporters Sans Frontieres (RSF) said that
while "China escaped condemnation at the Human Rights Commission of the
United Nations, this ... new wave of repression reminds us that China is
still an enemy of the Internet and of freedom of expression."

For the latest details, see the following bulletin from the Digital Freedom
Network (DFN-a GILC member) under
http://dfn.org/focus/china/guo-sentence.htm

For more of Menard's remarks, click
http://www.rsf.fr/uk/html/asie/cplp01/lp01/190401.html

Read "Online activists arrested in China," Guardian Unlimited, Apr. 19, 2001
at
http://www.guardianunlimited.co.uk/internetnews/story/0,7369,475164,00.html

See also "China internet café debate heats up," BBC News Online, Apr. 29,
2001 at
http://news.bbc.co.uk/hi/english/world/monitoring/media_reports/newsid_13020
00/1302309.stm

Read Sue Bruell, "Beijing to Forbid Opening of New Cyber Cafes," China News
Digest, Apr. 14, 2001 at
http://www.cnd.org/Global/01/04/15/010415-2.html

See also "State Council tightens control over Internet cafes," China Online,
Apr. 17, 2001 at
http://www.chinaonline.com/issues/internet_policy/newsarchive/secure/2001/ap
ril/C01041201.asp

Read "Shanghai sets strict content restrictions for TV, radio on Web," China
Online, Mar. 26, 2001 at
http://www.chinaonline.com/issues/internet_policy/NewsArchive/Secure/2001/Ma
rch/C01032304.asp

See also "China cracks down on file-swapping sites," Bloomberg News, Mar.
27, 2001 at
http://news.cnet.com/news/0-1005-200-5262396.html

===============================================
[4] Malaysian news sites face uphill battle
===============================================
Malaysian online journalists are facing a barrage of harassment from
government agents.

In the latest move, Malaysian government agents arrested ten people,
including Raja Petra Kamaruddin, who is webmaster of Freeanwar.com, and
Malaysiakini.com reporter Hisammuddin Rais. The arrests were presumably an
attempt to undercut support of Anwar Ibrahim, the former deputy prime
minister who was imprisoned in September 1998 under suspicious
circumstances. Kamaruddin, Rais and at least 5 other detainees were charged
with violating the country's Internal Security Act, which allows individuals
to held indefinitely without a trial.

Malaysian authorities have also put additional pressure on various
corporations to either block online criticism or engage in self-censorship.
These efforts apparently led multinational webhost Tripod.com to shutdown
nearly a dozen opposition sites. Similarly, AgendaMalaysia recently
relaunched its webpage with less content than before; in a thinly-viewed dig
at Internet activists, the news agency's editor, Rozaid Rahman, proclaimed
that his group was "not going to change the world. That is a daydream."

For further details, visit the freeanwar.com website under
http://www.freeanwar.com/facnews/suaramappeal270401.htm

For a special bulletin on this subject from the Digital Freedom Network
(DFN-a GILC member), click
http://dfn.org/focus/malaysia/jailed-activists.htm

See K. Kabilan, "Missing websites: no word from Tripod," Malaysiakini, Mar.
19, 2001 at
http://www.malaysiakini.com/News/2001/03/2001031910.php3?print=1

See also "New Tack for Malaysian News Site," Reuters, Apr. 4, 2001 at
http://www.wired.com/news/politics/0,1283,42828,00.html

===============================================
[5] DVD battles rage Down Under and in US
===============================================
The fight over DVD-related speech restrictions has now reached Australian
shores.

The battle centers around the copy protection and regional coding schemes
used in digital video discs. Previously, computer researchers had created
DeCSS--a primitive computer program to help users of the Linux operating
system play DVDs on their computers. Over the past year, the entertainment
industry, through the DVD Content Control Association (DVD CCA) and the
Motion Picture Association of America (MPAA), has waged legal battles in
both New York and California to prevent Internet users from linking to
websites that have DeCSS. Many experts fear that these actions may stifle
free expression in cyberspace.

In Australia, where interest in DVDs is growing, machines that are sold Down
Under generally cannot play discs from the other countries due to the
regional coding. Users who wish to view DVDs from, say, Japan must modify
their players, but the process brings legal problems (including possible
nullification of the product warranty). These difficulties have led some
experts, such as Allan Fels of the Australian Competition and Consumer
Commission, to suggest the coding restrictions contained on DVDs actually
violate the country's trade practices laws. There are additional concerns
that these code-based restraints may have a significant detrimental impact
on free speech, from preventing fair use of materials contained on DVDs to
abetting controversial content rating systems.

Meanwhile, in the United States, the next round of legal battles over DeCSS
took place May 1. The Electronic Frontier Foundation (EFF-a GILC member),
which is defending 2600 magazine against the MPAA, recently added a new
member to its DeCSS legal team: Stanford Law School Dean Kathleen Sullivan,
who conducted oral arguments before a panel of 3 Federal appeals court
judges. During this session, she suggested that copyright laws such as the
Digital Millennium Copyright Act were acting as a "digital straightjacket"
that hampered fair use and other free speech rights: "It's as if the laws,
as applied, say you can't print a blueprint of a copying machine." However,
at least one panelist seemed less than receptive to these arguments. Judge
Jon Newman countered that the law does not necessarily allow individuals "to
make fair use in the most technologically modern way". Newman further
pooh-poohed the idea that fair use and other free speech doctrines fully
apply to the Internet, suggesting at one point that newspapers such as the
New York Times did not "need the digital format to write their reviews." A
ruling is expected in several weeks.

For the latest on the New York court battle, see Declan McCullagh, "DVD
Piracy Judges Resolute," Wired News, May 2, 2001 at
http://www.wired.com/news/digiwood/0,1412,43470,00.html

See Caitlin Fitzsimmons, "Restricting DVDs 'illegal': ACCC," Australian IT,
Mar. 27, 2001 at
http://australianit.news.com.au/common/storyPage/0,3811,1836144%255E1286,00.
html

For further background information on the growing popularity of DVDs in
Australia, see Adrian Kerr, "Philips predicts VCR demise," ZDNet Australia,
May 2, 2001 at
http://www.zdnet.com/zdnn/stories/news/0,4586,2714548,00.html

For an EFF press release on the hiring of Dean Sullivan, visit
http://www.eff.org/IP/Video/MPAA_DVD_cases/20010402_eff_sullivan_pr.html

For more on a possible ban on T-shirts containing DeCSS information, read
John Naughton, "Been there, outlawed it-banned the T-shirt," The Observer,
Apr. 1, 2001 at
http://www.guardianunlimited.co.uk/internetnews/story/0,7369,466363,00.html

===============================================
[6] 2TheMart & MeltroniX Net speech cases
===============================================
Free speech activists are cheering over a recent court ruling that protected
the personal information of several online speakers.

The case centered around 2TheMart.com, which tried to uncover the identities
of some 23 people who had posted critical comments about the company. The
move was opposed by GILC members the American Civil Liberties Union (ACLU)
and the Electronic Frontier Foundation (EFF). A United States Federal judge
eventually quashed this request. Aaron Caplan, an attorney with the local
(Washington State) ACLU affiliate, noted that the decision was important
because "[t]here are a number of situations where, if people don't feel it
is safe for them to speak anonymously, they may not speak at all. It is
important for people to have that outlet for speech, persuasion and
organization."

However, another court case is brewing in California, where computer
manufacturer MeltroniX is trying to discover the names of several online
detractors. The company is suing these Internet users for making allegedly
"vicious, defamatory and damaging comments," and is asking a court to award
punitive and financial damages. The corporation has even gone so far as to
call personal information regarding these people as "a matter of public
record" and that it would monitor them to enforce what it called
"responsible posting."

An EFF press release on the 2TheMart decision is available at
http://www.eff.org/Legal/Cases/2TheMart_case/20010420_eff_2themart_pr.html

For more on the recent Seattle anonymous free speech victory, see David
McGuire, "Court Ruling A Boon For Online Anonymity-ACLU," Newsbytes, Apr.
20, 2001 at
http://www.newsbytes.com/news/01/164776.html

See also Stefanie Olsen, "Court backs right to free speech on Web," ZDNet
News, Apr. 20, 2001 at
http://www.zdnet.com/zdnn/stories/news/0,4586,5081526,00.html

For more on the MeltroniX controversy, see Linda Hamilton, "Chatroom posters
to be sued and outed," The Register (UK), Apr. 9, 2001 at
http://www.theregister.co.uk/content/6/18192.html

=================================================
[7] Domain name deals spark anger
=================================================
Several new agreements on the future of .com, .edu and other Internet
suffixes are raising concern among many members of the Internet community.

In one of the these deals, the Internet Corporation of Assigned Names and
Numbers (ICANN) awarded domain name giant Verisign the right to control the
.com registry for at least 6 more years. ICANN also approved contracts that
would grant Verisign powers over .org for at least one more year and .net
for 4 years. The decision came despite intense opposition from a several
quarters, including ICANN's own Names Council. This opposition arose partly
because of the apparently undemocratic approach with which these contracts
were conceived, as well as fears that the agreements will hurt competition
and free expression. Indeed, ICANN's Board of Directors refused to make a
final decision on this matter during its public meetings Down Under, but
made their move during a private conference call that had been scheduled
specifically for this purpose. These contracts may yet be countermanded,
however, as several leading United States politicians have petitioned for
greater oversight of these and other ICANN activities.

Meanwhile, the U.S. Commerce Department (through its subdivision, the
National Telecommunications and Information Administration) is planning to
turn control over .edu to Educause--a Washington D.C.-based group that
lobbies on behalf of colleges and their corporate partners. The decision was
taken with virtually no opportunity for public comment. Some observers have
expressed concern over whether Educause will impose restrictions on the use
of .edu, particularly in regard to educational institutions based outside
the United States. These and other subjects are expected to be major topics
for discussion at ICANN's upcoming June meetings in Stockholm.

For an Educause press release on the .edu takeover, click
http://www.educause.edu/news/2001/04/edudomain.html

Read Mark Ward, "Domain dispute drags on," BBC News Online, Apr. 20, 2001 at
http://news.bbc.co.uk/hi/english/sci/tech/newsid_1287000/1287432.stm

To read a letter from US Congressmen regarding new ICANN-Verisign contracts,
click
http://www.house.gov/commerce/letters/03302001_150.htm

For more on calls for greater oversight of ICANN, see Juliana Gruenwald,
"ICANN Issues Hitting Commerce Department," Interactive Week, Apr. 9, 2001
at
http://www.zdnet.com/intweek/stories/news/0,4164,2705712,00.html

For more on ICANN's Stockholm meetings, click
http://www.icann.org/stockholm

=================================================
[8] Anti-fair use standards fail again
=================================================
Troubles continue to mount for various technical measures which many experts
feel may curb the free flow of information online.

Under the proposed SigningStation system, consumers would have to disclose
their identities and have entertainment companies assign them a special
individualized digital key. After customers purchase a given digital video
or music product, they would use key for authentication, and only then would
be able to view or hear what they had bought. However, experts wonder
whether SigningStation will unnecessarily restrict the ability of
individuals to make fair use of legally obtained digital materials. In
addition, the complex identification requirements are raising serious
privacy concerns. These considerations have fueled speculation over whether
the entire plan is the financially viable.

Similar concerns have already led IBM to shelve Content Protection for
Removable Media (CPRM), which would have placed copy protection software and
special digital markings on each individual's hard drive (as well as
removable drives and other such systems). Nevertheless, Microsoft is pushing
a somewhat analogous scheme called "Secure PC" that is designed to prevent
computer users from duplicating audio files, as well as anti-copying regimes
in its latest version of Windows Media Player. Ironically, Microsoft is
itself being sued by InterTrust, which claims the copy protection schemes
used in the Media Player have infringed on InterTrust's patents. It remains
to be seen whether any of these systems will achieve commercial acceptance
or what impact they would have on Internet free expression.

For more on InterTrust's patent lawsuit against Microsoft's copy-protection
schemes, read John Borland, "Anti-piracy company sues Microsoft," Apr. 27,
2001 at
http://news.cnet.com/news/0-1005-200-5744735.html

For more on SigningStation, see David P. Hamilton, "Start-up locks to media
files," Wall Street Journal, Apr. 23, 2001 at
http://www.zdnet.com/zdnn/stories/news/0,4586,2710873,00.html

See John Borland, "Anti-privacy plans for hardware fail," CNet News, Apr. 2,
2001 at
http://news.cnet.com/news/0-1005-200-5422475.html

See also John Lettice, "MS plans 'Secure PC' that won't copy pirated audio
files," The Register (UK), Mar. 23, 2001 at
http://www.theregister.co.uk/content/4/17851.html

=================================================
[9] Holocaust site flap Down Under
=================================================
Attempts to shutdown a controversial Australian website have raised
troubling questions over Internet censorship.

The site in question was the brainchild of Dr. Fredrick Toben, a former
school instructor who questioned much of the forensic evidence related to
the Holocaust. The materials contained on Toben's webpages drew the ire of
Kathleen McEvoy, the Commissioner of Australia's Human Rights & Equal
Opportunity Commission (HREOC). She claimed that the site violated the
country's Racial Discrimination Act and ordered that the offending webpages
be taken down. The Executive Council of Australian Jewry is now attempting
to enforce the HREOC order through the courts.

These moves have generated opposition from free speech advocates. Irene
Graham from Electronic Frontiers Australia (EFA-a GILC member) noted that
"the HREOC decision ... does not provide any indication at all" of what
specific speech is illegal and worried that these vague standards may chill
expression online. Moreover, she charged that these "futile" and
"counterproductive" bans "don't take into account the technology of the
Internet and the worldwide nature of the Internet." A court hearing on this
matter has been postponed until June 12, 2001.

See Penelope Debelle, "Free speech row on Holocaust website," Fairfax IT,
Apr. 9, 2001 at
http://it.mycareer.com.au/e-commerce/20010409/A35206-2001Apr9.html

====================================================
[10] Ford sues over anti-General Motors Net name
====================================================
Several efforts to prevent domain name trademark violations may erode free
speech and privacy rights online.

The Ford Motor Company is suing 2600 magazine over a domain name that
criticizes General Motors. Ford's rationale was that the term might confuse
"the public into believing that somehow Ford has approved (of the tactic) or
is somehow involved." Curiously, General Motors had already threatened legal
action against 2600 several months ago; a GM spokesperson has since said
that his company "absolutely and totally" supports Ford in its attempted
domain name takedown. A court hearing is scheduled for May 2, 2001.

These moves comes after the World Intellectual Property Organization issued
a report calling for further trademark-based restrictions on domain names,
including the use of geographic and personal terms. Under these new regimes,
Internet users would be completely excluded from using certain terms
(including the names of well-known drug products and international
organizations), even if those terms are used for such purposes as public
criticism or commentary. In an editorial, 2600 retorted that there should be
"many more top-level domains that are dedicated to a specific purpose,
rather than attempts to control and manipulate every use of a particular
name or word throughout all Internet domains. Unfortunately, WIPO doesn't
appear to see it that way. ... [T]his 'additional protection' is likely to
cause great harm to the remaining freedoms of the net."

WIPO is also urging Whois databases (which contain personal information
about domain name holders) to be expanded and standardized, thus making them
searchable by virtually anyone on the Internet. However, skeptics fear that
this last idea will curb anonymous free speech and undercut online privacy.
These fears have grown strong in Australia, where the lack of privacy
protections for this kind of data have led to numerous reported incidents of
fraud.

WIPO's interim report is available via
http://wipo2.wipo.int/process2/rfc/rfc3/index.html

To read a 2600 editorial on WIPO's report, see "WIPO Recommends Banning
Certain Names and Words From Domains," 2600, Apr. 16, 2001 at
http://www.2600.com/news/display.shtml?id=255

For a schedule of WIPO regional consultations, click
http://www.wipo.int/pressroom/en/releases/2001/p260.htm

Read Steven Bonisteel, "WIPO Says: Keep Whois Open (And Keep It Accurate),"
Newsbytes, Apr. 20, 2001 at
http://www.newsbytes.com/news/01/164786.html

For more on fraudulent use of domain name registrant data, read Kate
Mackenzie, "'Hijackers' lead to domain changes," Australian IT, Apr. 12,
2001 at
http://australianit.news.com.au/common/storyPage/0,3811,1887934%5E442,00.htm
l

For further background information, visit
http://www.internetdemocracyproject.org



===========================================================
[11] Hollywood's legal threats against Net speakers
===========================================================
Legal threats from the entertainment industry have forced a university
professor to remain silent about his software research.

The case revolves around the Secure Digital Music Initiative (SDMI), a
software standard that several major entertainment conglomerates are
supporting as a way to discourage copying of sound files. SDMI's creators
tried to demonstrate the strength of this software by challenging computer
programmers to crack the code. Professor Eric Felten of Princeton University
agreed to participate, but was then told by SDMI's sponsors not to reveal
the results of his work. Prof. Felten balked at these restrictions and
withdrew his official participation, deciding instead to conduct independent
investigations of SDMI along with several other scientists. After his team
discovered a way to break through SDMI's protections, he received a warning
from the SDMI consortium saying that "Any disclosure of information gained
from participating in the Public Challenge would be outside the scope of
activities permitted by the Agreement and could subject you and your
research team to actions under the Digital Millennium Copyright Act." Felten
and his fellow researchers eventually conceded to these demands; he later
expained: "Litigation is costly, time consuming and uncertain, regardless of
the merits of the other side's case. Ultimately, we, the authors, reached a
collective decision not to expose ourselves, our employers and the
conference organizers to litigation."

Meanwhile, powerful forces from the entertainment industry are also clamping
down on the use of software through surveillance and similarly-styled legal
warnings. The Motion Picture Association of America (MPAA) is using software
developed by Ranger Online to spy on Internet users and find people who use
various types of duplication products such as Gnutella. MPAA has used the
collected information to send hundreds of cease-and-desist letters, despite
the fact that Gnutella and other similar programs can be used for
noninfringing purposes. Yet despite the intimidating language contained in
these letters, MPAA attorney Ken Jacobsen claimed that his group was merely
trying "trying to do is educate the population about what is appropriate,
both from an ethical standpoint and from a legal standpoint."

Numerous companies (including Microsoft) have launched analogous efforts
around the world-efforts have also led to new legislation in several
European nations, including Hungary. These attempts have renewed concerns
about the future of online free speech in the face of intellectual
property-based strictures.

For more on the threats leveled at Prof. Felton, read "Researchers cave in
to SDMI legal threat," Associated Press, Apr. 26, 2001 at
http://news.cnet.com/news/0-1005-200-5737707.html

See also Elizabeth Wasserman, "Breaking the Code Crackers," The Industry
Standard, May 7, 2001 issue at
http://www.thestandard.com/article/0,1902,24076,00.html

Read Lisa M. Bowman, "Broadband fans busted over Gnutella," CNet News, Apr.
17, 2001 at
http://news.cnet.com/news/0-1005-200-5641576.html

For more about Ranger Online spyware, visit
http://www.rangerinc.com/1/index.htm

For more on new EU copyright restrictions, see Thomas C. Greene, "EU
Sanctifies copyrights a la DMCA," The Register (UK), Apr. 11, 2001 at
http://www.theregister.co.uk/content/6/18255.html

For more on Microsoft/police copyright efforts, read Glenn Simpson,
"Microsoft urges global antipiracy effort," Wall Street Journal, Apr. 2,
2001 at
http://www.zdnet.com/zdnn/stories/news/0,4586,2703424,00.html

For additional details on harsh Hungarian copyright laws, see John Horvath,
"Criminal Society," Heise Telepolis, Mar. 24, 2001 at
http://www.heise.de/tp/english/inhalt/te/7211/1.html

See also Matt Ford, "Big Brother on track to find the pirates," Fairfax IT,
Apr. 9, 2001 at
http://it.mycareer.com.au/software/20010409/A35305-2001Apr9.html

================================================
[12] Internet usage worldwide varies heavily
================================================
New studies indicate that much of the world is coming online, but progress
has been uneven.

This is particularly true in Africa, according to statistics compiled by the
International Telecommunications Union. Somalia, for example, only has about
200 Internet users out of a population of over 7 million people. South
Africa, on the other hand, has 1.8 million cybercitizens-roughly 60% of all
Internet users on the continent. Indeed, outside of South Africa, less than
0.2% of the population is connected to the Information Superhighway.

In other parts of the globe, the Internet has grown at higher rates. This is
particularly true in Europe; home Internet use (as measured by time spent
online) has tripled in France and Spain and nearly doubled in the United
Kingdom. Another nation experiencing an Internet boom is Korea, which has
been helped by a surge in wireless websurfers. South Korea also has the
world's highest rate of broadband connectivity-a rate that is more double
that of the United States.

Read Jenny Sinclair, "Why the Internet is out of Africa," Fairfax IT, Apr.
9, 2001 at
http://it.mycareer.com.au/e-commerce/20010409/A35302-2001Apr9.html

For more on burgeoning European Internet usage, read Steve Gold, "Internet
Usage Increasing in Europe, Despite Downturn," Newsbytes, May 2, 2001 at
http://www.newsbytes.com/news/01/165210.html

See also "European Net traffic rockets," Reuters, Mar. 28, 2001 at
http://www.zdnet.com/zdnn/stories/newsbursts/0,7407,2702024,00.html

For more on the growth of the Internet in Britain, read Julia Snoddy, "UK
Net user numbers grow despite dot.coms crash," The Guardian, Apr. 24, 2001
at
http://www.guardianunlimited.co.uk/internetnews/story/0,7369,477523,00.html

Read "OECD broadband figures show Korea leads," Total Telecom, May 1, 2001
at
http://www.totaltele.com/vprint.asp?txtID=39503

See also "South Korea Leads World Broadband Net Race," Reuters, Apr. 23,
2001 at
http://www.thestandard.com/article/0,1902,23891,00.html

For more on general Korean Internet usage, read "Korea No. 1 in use of
multimedia sites," Korea Herald, May 4, 2001 at
http://www.koreaherald.com/SITE/data/html_dir/2001/05/04/200105040010.asp

See also "Korean users of wireless Internet total 18.52 mil." Korea Herald,
Apr. 18, 2001 at
http://www.koreaherald.com/SITE/data/html_dir/2001/04/18/200104180009.asp

========================================
[13] Whistleblower website launched
========================================
Will a new webpage help workers expose corporate abuses?

The British firm Forensic Accounting has launched an initiative specifically
targeted at employees who wish to vent their concerns to higher-ups without
fear of reprisal. Informants who visit the website can post surreptitious
warnings of possible criminal activity on the job, without having to pay any
fees. Afterwards, the site's operators will forward entries to management
teams of companies that subscribe to the service, as well as offer advice.

Raj Bairoliya, managing director of Forensic Accounting, stressed the
importance of this venue for anonymous free speech: "The whistleblower's lot
has not been a happy one. Most people are too scared because there is
nothing in it but a downside." The plan has received support from several
groups, including Public Concern at Work, which is dedicated to helping
employees who have suffered reprisals for reporting corporate misdeeds.
However, the website raises questions as to whether the authorities or major
companies are making sufficient efforts to protect anonymity online. Indeed,
George Staple from the British Fraud Advisory Panel noted that past efforts
at helping whistleblowers had not been particularly successful, partly
because the issue of protecting the identities of corporate informants "is
not high enough on the agenda of most company managements."

See Michael Peel, "SURVEY-CLASSIFIED RECRUITMENT: Justice at a price,"
Financial Times, Apr. 26, 2001 at
http://globalarchive.ft.com/globalarchive/article.html?id=010426001244&query
=Forensic+Accounting

See also Michael Peel, "Whistleblower website welcomed," Financial Times,
Apr. 11, 2001 at
http://news.ft.com/ft/gx.cgi/ftc?pagename=View&c=Article&cid=FT3UM9WGFLC&liv
e=true&tagid=IXLC078IH7C&Collid=Any

================================================
[14] Australian censor system largely dormant
================================================
Does Australia really have a serious problem with harmful online material?

That's what many experts are wondering based on a new report. Nearly two
years ago, the Australian government created a complaint-based regime that,
depending on the circumstances, would screen out websites based on film
guidelines.
Adult theme websites, which are defined to include "verbal references to
...suicide, crime, corruption, martial problems, emotional trauma, drug and
alcohol dependency, death and serious illness, racism, [or] religious
issues" would be likely candidates for censure.

The plan took effect in January 2000. However, a subsequent
government-commissioned study revealed showed that out of nearly six million
of Australian cybercitizens, only 124 complaints were received during the
first three months of the new regime. A later report issued this past April
indicates that the massive wave of filings expected by some of the law's
backers still had yet to take place. For example, between July and December
2000, the Australian
Broadcasting Authority sent take-down notices to only 6 sites regarding
content Down Under; notices were sent to a mere 22 sites over the entire
year.

According to many observers, these findings illustrate how the entire scheme
has been a waste of resources. Irene Graham, executive director of
Electronic Frontiers Australia (EFA-a GILC member) noted that the Australian
government "seems to be spending its time either referring overseas sites to
content filter makers, or issuing take-down notices for domestic sites that
could largely have been caught through existing laws. The government
trumpets this as having made the Internet safe for children, but we think
that's merely giving a sense of false security to parents. What they're
doing is making, at best, a miniscule difference to how safe the Internet is
for children."

The report is available via
http://www.dcita.gov.au/nsapi-graphics/?MIval=dca_dispdoc&ID=5651

For press coverage, read Stewart Taggart, "Questioning the Oz Net Censors,"
Wired News, Apr. 24, 2001 at
http://www.wired.com/news/print/0,1294,43182,00.html

=================================================
[15] Cybercrime pact lurches forward
=================================================
Despite intense criticism, European politicians are moving ahead with a
European cybercrime plan that may erode online privacy.

Under this Council of Europe treaty, signatory countries would enact laws
that might make it easier for government agents to search computers and
conduct real-time surveillance on private citizens through
telecommunications networks. The convention includes provisions that may
allow law enforcement officials greater access to many types of personal
security information, such as encryption keys. Additionally, the scheme
could pressure Internet service providers (ISPs) to monitor and retain
records on customer activities, under threat of legal liability.
Furthermore, the draft would have signatories create new penalties for
copyright infringement. European Union officials are now pushing for new
sections that would ban websites containing language deemed hateful or
inflammatory, an apparent extension of a controversial French ruling against
Yahoo regarding Nazi memorabilia on its auction pages.

The treaty has been the subject of intense criticism for months. Joe McNamee
of the European Internet Service Provider Association (EuroISPA) worried
that the treaty would require the collection of vast amounts of personal
data, and said that while "[n]obody's opposed to fighting cybercrime," his
group and others were "opposed to fighting innocent people and privacy."
There are also serious complaints regarding the secretive nature with which
the entire plan was conceived. On that point, Gus Hosein of Privacy
International (a GILC member) called the procedure used to create the treaty
"the worst process I've seen so far when it comes to transparency in
government." Yet despite these concerns, the Council's parliamentary
assembly approved the current draft, and sent the matter into the hands of
an experts panel that compile a final version. Full assent could come as
early as June 2001.

European nations apparently are not the only countries coming up with new
cybercrime plans. Thailand is considering new laws that would allow
government agents greater surveillance powers in cyberspace-standards that
are broadly similar to those contained in the CoE treaty (including
penalties for copyright infringement). In Australia, law enforcement
officials are also proposing new amendments that would carry stiff
punishments for various Internet activities, including decade-long jail
sentences.

For more of Mr. Hosein's remarks, read Rick Perera, "Cybercrime treaty a
step closer to becoming law," Infoworld.com, Apr. 25, 2001 at
http://www.infoworld.com/articles/hn/xml/01/04/25/010425hntreaty.xml

For German language information, see "Europarat verabschiedet
Cybercrime-Abkommen," Heise Online, Apr. 25, 2001 at
http://www.heise.de/newsticker/data/ame-25.04.01-000/

Read Karnjana Karnjanatawe, "Thai Computer Crime Law Nears Public Hearing,"
Bangkok Post, Mar. 21, 2001 at
http://www.newsbytes.com/news/01/163424.html

Further details regarding Australian cybercrime plans, see Megan McAuliffe,
"Australian hackers face jail time," ZDNet Australia, Apr. 9, 2001 at
http://www.zdnet.com/zdnn/stories/news/0,4586,2705803,00.html

See also David Adams, "Momentum grows for e-crime centre," Fairfax IT, Mar.
28, 2001 at
http://it.mycareer.com.au/industry/20010328/A32552-2001Mar28.html

========================================
[16] iRobots spy on children
========================================
Who wants an android to spy on their kids?

That's what some people are wondering with the introduction of iRobot. This
device, according to the manufacturer, is a "multi-purpose home robot that
can be controlled from anywhere in the world." iRobot includes a live-action
camera and microphone mounted on a six-wheel chassis. Images and sounds
collected by the robot are then broadcast along the Internet by wireless.
Computer users can control this device through their web browser. The entire
package is being marketed as a way for parents to monitor their children,
but is also being supplied to the United States Defense Advanced Projects
Research Agency (DARPA) and various corporations for surveillance purposes.

The company has conceded that personal web cameras "could lead to situations
where we are being monitored 24 hours a day, and privacy is a thing of the
past. For example, if you wanted to be able to see what was going on at your
house, you would have to install and wire cameras in every room. That's a
lot of cameras, and for your family, it means never knowing if you are being
watched or not." Curiously, the company claims this privacy problem does not
apply to its product because "iRobot-LE(tm) is not a web cam," despite later
assertions such as: "iRobot-LE is a serious appliance that can bring the
power of the Internet out of the study and into the kitchen or living room
when you are at home." Indeed, the corporation also admits through its
privacy policy that it uses digital information files known as "cookies" to
track users and places the burden on consumers to opt-out of its data
collection system.

The iRobot privacy policy is posted at
http://www.irobot.com/privacy/privacy.asp

Further company information on iRobot is posted at
http://www.irobot.com/ir/ir_not.asp

See Peter H. Lewis, "Remotely interesting," Fortune, Apr. 2, 2001 at
http://www.fortune.com/indexw.jhtml;jsessionid=I1YMXDJQHAFBYQAMEHTSFFSABQQ4K
IV3?doc_id=200978&channel=artcol.jhtml&_DARGS=%2Ffragments%2Ffrg_morestories
.jhtml.1_A&_DAV=artcol.jhtml

Read Eric Auchard, "I Spy," Reuters, Apr. 17, 2001 at
http://abcnews.go.com/sections/scitech/DailyNews/spycameras010417.html

==================================================
[17] Beijing plans Carnivore-type spyware
==================================================
Mainland China is looking for a new way to monitor Internet users, and it
appears to be taking a hint from the United States.

Reports indicate that the Chinese government is developing a new "black box"
system to wiretap the Internet. While details are only beginning to emerge,
the device is apparently derived from technology previously used in airline
cockpit data recorders. The goal of this "black box," however, is to allow
Chinese officials to watch over and hunt down dissidents and possible
opponents to the current ruling regime.

The entire system appears to be broadly similar to Carnivore-a device
developed by the United States government. Carnivore is attached to the
server of a given Internet service provider and intercepts all Internet
transmissions that come through the server, then parses out pertinent
material, based on keywords provided by the administrator. Carnivore and its
successor DCS 1000 have come under heavy criticism over the past few months
as being serious threats to online privacy. Some of these concerns were
reiterated by privacy advocates in a recent discussions with US Attorney
General John Ashcroft.

See "China Plans to Build Internet Monitoring System," China News Daily,
Mar. 20, 2001 at
http://www.cnd.org/Global/01/03/20/010320-3.html

For more on current discussions of Carnivore, see Brian Krebs, "Groups Urge
Ashcroft To Act On Carnivore, Privacy Issues," Newsbytes, May 3, 2001 at
http://www.newsbytes.com/news/01/165261.html

==================================================
[18] New British cyberspy agency created
==================================================
The British government is launching a new cybercrime center that is causing
concern among privacy advocates.

British Home Secretary Jack Straw recently unveiled a National Hi-Tech Crime
Unit. This unit will have several dozen employees, consisting of law
enforcement agents and information technology experts, and will focus on
crimes that involve the Internet. While precise details on operations are
not readily available, operatives are expected to collect information
regarding online activities for possible future action or prosecution. The
entire enterprise will cost an estimated 25 million pounds sterling.

The move is being seen with a certain degree of apprehension, due in part to
the sweeping powers this agency may have under the controversial Regulation
of Investigatory Powers Act (RIP) that was enacted last year. RIP requires
the creation of a special center with links to Britain's Internet service
providers (ISPs), which will allow law enforcement officials to spy on the
online activities of most UK citizens. Many people worry that the Act will
enable government agents to conduct wide scale searches into the activities
of private Internet users. Yaman Akdeniz of Cyber-Rights and Cyber-Liberties
UK (a GILC member) warned that "this partnership could turn ISPs into an arm
of the law enforcement agencies because there are a lot of requirements on
them for data collection and analysis." Similar sentiments have been aired
over an analogous arrangement in the Netherlands.

See Mark Ward, "Cybercops arrest online liberty," BBC News Online, Apr. 18,
2001 at
http://news.bbc.co.uk/hi/english/sci/tech/newsid_1283000/1283127.stm

Read Sarah Left, "Government launches cyber-crime unit," Guardian Unlimited,
Apr. 18, 2001 at
http://www.guardianunlimited.co.uk/internetnews/story/0,7369,474518,00.html

See also Jelle van Buuren, "Dutch Government and ISP's Reach Compromise On
Interception of The Internet," Heise Telepolis, Apr. 25, 2001 at
http://www.heise.de/tp/english/inhalt/te/7458/1.html

==================================================
[19] Euro hearing on ECHELON surveillance
==================================================
More details may soon be revealed about a super-secret global surveillance
system.

A committee of European Parliament members will soon visit the United States
in an attempt to discover more details about ECHELON. ECHELON is popularly
used to describe a system that is designed to intercept communications from
around the world. It is supposedly operated by the United States National
Security Agency in conjunction with several other intelligence agencies.
Reports suggest that ECHELON is capable of intercepting e-mail messages,
faxes, and telephone conversations.

Fears about possible ECHELON privacy abuses led the European Parliament to
form a temporary investigatory committee. At a committee hearing held a few
weeks ago, several witnesses expressed concern about ECHELON's potential
threat to individual rights. One of them, Yaman Akdeniz from Cyber-Rights &
Cyber-Liberties UK (a GILC member), noted that "[i]f the current allegations
are true, all law abiding European citizens and companies are at risk of
being monitored every day without any legal basis. ... [W]e are particularly
concerned about the lack of democratic oversight on data being intercepted,
stored and processed with systems like Echelon."

Afterwards, members of the EP panel decided to visit the United States on a
fact-finding mission that will include discussions with various U.S.
politicians and intelligence officials. Marc Rotenberg, executive director
of the Electronic Privacy Information Center (EPIC-a GILC member), welcomed
the move as "a very important step. It's a proactive effort by government
officials to address the problem of international surveillance." The visit
is scheduled to take place the week of May 8, 2001.

For more on the EP members' visit to the United States, read Declan
McCullagh, "Euros Continue Echelon Probe," Wired News, Apr. 24, 2001 at
http://www.wired.com/news/privacy/0,1848,43270,00.html

A statement from Mr. Akdeniz (presented at the EP hearing) is available
under
http://www.cyber-rights.org/reports/echelon_ya.htm

The agenda for the hearing is posted under
http://wwwdb.europarl.eu.int/ep/owa/p_calag.oj?ipid=0&imn=9062&ilg=EN&iorig=
tempcom

Other related documents are available at
http://www.europarl.eu.int/meetdocs/committees/temp/20010322/TEMP20010322.ht
m

Press coverage is available from Kieren McCarthy, "European Parliament
continues Echelon investigation," The Register (UK), Mar. 22, 2001 at
http://www.theregister.co.uk/content/8/17800.html

For further background information, visit
http://www.echelonwatch.org

==================================================
[20] US-EU flap over Safe Harbor contracts
==================================================
Contracts meant to implement a trans-Atlantic privacy plan have met with
some resistance from the United States government.

The European Union and the United States had previously agreed to new
standards for handling the personal information of EU citizens. Under the
plan, known as Safe Harbor, U.S. companies would have to notify European
users how their private data is being handled and how it is being collected.
Concerned individuals would be allowed reasonable access to their files, and
could refuse to allow other companies to receive such information. This
self-regulatory system is only voluntary, but American firms that join Safe
Harbor could avoid lawsuits from the governments of EU countries. Moreover,
these rules are not as strong as the stringent regulations required by many
European nations.

This compromise was formulated several months ago to avoid a possible trade
war between the EU and the US. Since then, however, the administration of US
President Bush sent a letter criticizing proposed model contracts that are
designed to allow companies to comply with this agreement. The letter called
the draft clauses "unduly burdensome requirements that are incompatible with
real world operations." In response, a spokesperson for the European
Commission said that "The US administration's letter appears to be based on
a total, complete and utter absence of understanding of what the Commission
is doing. We are aiming to make life easier for companies transferring data
from the EU to countries outside the EU by clarifying the provisions in
contracts which would best ensure adequate protection of personal data."

See Glenn R. Simpson, "Bush opposes Euro privacy rules," Wall Street
Journal, Mar. 27, 2001 at
http://www.zdnet.com/zdnn/stories/news/0,4586,2701370,00.html

See Peronet Despeignes & Deborah Hargreaves, "INTERNATIONAL ECONOMY: EU-US
clash over personal data: private right or commercial opportunity?"
Financial Times, Mar. 29, 2001 at
http://globalarchive.ft.com/globalarchive/articles.html?id=010329000406

==================================================
[21] Microsoft SmartTags & Hailstorm privacy woes
==================================================
How would you like to have your most personal details stored by a central
computer system in Seattle?

That's apparently what Microsoft is asking people to do under its new
Hailstorm plan. The scheme would use a "Passport" identity system for
individuals to use personalized calendars, address books and e-wallets. This
information would then be accessible to a whole host of recipients,
including programmers and advertisers, who could sift through this data and
send files to Hailstorm users. Should these users change email addresses,
the updated contact information would be sent along to financial
institutions and other corporations.

Many observers have raised alarms over the intrusive nature of these plans,
as well as the apparent lack of privacy protection for the personal data
stored within Hailstorm. Jason Catlett of Junkbusters said he was against
letting Microsoft becoming "the de facto government of the United States,
issuing passports and controlling identity and wallets for all consumers."
Skeptics also pointed to Passport's privacy policies, which previously
allowed "Microsoft and its affiliated companies permission to: Use, modify,
copy, distribute, transmit, publicly display, publicly perform, reproduce,
publish, sublicense, create derivative works from, transfer, or sell"
virtually any user-provided information. The company has since revised its
policy to say these rights only apply to "feedback or suggestions to
Microsoft concerning the Passport Web Site or the Passport Service."

Hailstorm is not the only new Microsoft project that is sparking privacy
concerns. The software giant is also receiving criticism over its latest
version of Office (XP), which apparently includes expanded use of Smart
Tags. These bits of code, which can be attached to numerous types of files
(such as spreadsheets, Word documents and so on) could also reportedly be
used as a backdoor for fraudsters. Experts have also criticized Microsoft's
embrace of Platform for Privacy Preferences (P3P) technology in its latest
version of within Internet Explorer; the Electronic Privacy Information
Center (EPIC-a GILC member) described P3P as "a complex and confusing
protocol that will make it more difficult for Internet users to protect
their privacy." Meanwhile, scientists have discovered serious security flaws
in both Internet Explorer and Outlook and as well as its Windows 2000 server
software, which Microsoft is looking to remedy with software patches.

For further details on the latest Microsoft security flaws, read Mark Ward,
"Microsoft warns of 'serious' software hole," BBC News Online, May 2, 2001
at
http://news.bbc.co.uk/hi/english/sci/tech/newsid_1308000/1308267.stm

For more on Smart Tags, see John Lettice, "Smart tagging in Office XP-what
Melissa did next?" The Register (UK), Apr. 6, 2001 at
http://www.theregister.co.uk/content/4/18160.html

For more on HailStorm, read Leslie Walker, "Gates's Bold New Persona: Your
ID Manager," Washington Post, Mar. 29, 2001, Page E1 at
http://washingtonpost.com/ac2/wp-dyn/A9711-2001Mar29?language=printer

Further details on P3P's lukewarm reception, see Lisa M. Bowman, "Privacy
experts rip IE cookie cutter," ZDNet News, Mar. 22, 2001 at
http://www.zdnet.com/zdnn/stories/news/0,4586,5080018,00.html

See also Leslie Walker, "Browser Aimed at Protecting Users' Privacy,"
Washington Post, Mar. 29, 2001, Page E4 at
http://washingtonpost.com/ac2/wp-dyn/A9146-2001Mar28?language=printer

For more on Microsoft Explorer & Outlook security flaws, read Michelle
Delio, "IE Hole Surrenders Your Computer," Wired News, Mar. 30, 2001 at
http://www.wired.com/news/technology/0,1282,42750,00.html

For more on Microsoft Passport user data leaks, see Stefanie Olsen, "Privacy
terms revised for Microsoft Passport," CNet News, Apr. 4, 2001 at
http://news.cnet.com/news/0-1005-200-5508903.html

Further details on potential other Office XP flaws, are available from John
Lettice, "'Universal' key claimed to disable MS Office XP security," The
Register (UK), Mar. 26, 2001 at
http://www.theregister.co.uk/content/4/17869.html

======================================================
[22] EBay pulls an Amazon, waters down privacy policy
======================================================
Should consumers put much faith in the privacy policies of e-tailers?

Many experts are suggesting the answer is no, after a recent decision by
EBay. The popular online auction site altered its privacy statement to allow
the company to give out personal information about its users in a number of
circumstances, including if the corporation was taken over by another firm.
The move comes after online bookseller Amazon made a similar alteration in
its privacy policy several months ago, allowing sensitive "customer
information" to be treated as merely "business assets" that could be bought
or sold as the company continued to develop its business.

Not surprisingly, the change has yielded strong protests from privacy
advocates. Andrew Shen from the Electronic Privacy Information Center
(EPIC-a GILC member) noted that companies like EBay are able to carry out
these practices because in part because regulators such as the United States
Federal Trade Commission (FTC) not going far enough in protect personal
information. "This is the problem with the FTC only using its prohibitions
against unfair and deceptive practices, instead of establishing a privacy
standard."

The revised EBay policy becomes effective May 15, 2001.

Read Jeffrey Benner, "EBay Alters Privacy Policy," Wired News, Apr. 2, 2001
at
http://www.wired.com/news/business/0,1367,42778,00.html

See also David Berlind, "eBay, Yahoo's security snafus," Enterprise, Apr. 5,
2001 at
http://www.zdnet.com/zdnn/stories/comment/0,5859,2705095,00.html

======================================================
[23] Biometric software faces privacy & technical woes
======================================================
Your computer may soon know who you are-just by the way you type.

That's the promise of a new product called BioPassword. When computer users
login with this system, the program checks the inputted typing pattern
against archived "rhythm" samples, and will only grant access if there is a
match. The software package allows "[c]onstant, automatic Password logon
monitoring, every time the computer is booted up or unlocked." In addition,
system administrators can lock BioPassword users can be locked out of their
systems and have individual computers shutdown, powered down or rebooted.

While the software is being billed as a way to enhance security, it is
unclear whether its success rates are actually higher than current login
protection schemes-particularly in light of company literature telling
BioPassword users that they no longer need to change their passwords on a
regular basis. Some of these concerns have been fueled by the problems that
have plagued a similar product, BioID SOHO, which tends to get confused
between different people, particularly on systems that have less than 5
users. The manufacturer of BioPassword admits that "environmental issues"
may have a significant effect on accuracy. Moreover, because these devices
seem to allow precise tagging and monitoring of ordinary computer users,
there are fears that they will in fact have a detrimental impact on Internet
privacy.

See Carlos A. Soto, "BioPassword Security Checks User's Typing Pattern,"
Washington Post, Apr. 5, 2001, page E4 at	
http://washingtonpost.com/wp-dyn/articles/A41021-2001Apr4.html

The BioPassword homepage is located at
http://www.biopassword.com

======================================================
[24] EU panel questions Australian privacy laws
======================================================
Concerns over Australian privacy standards have started to take on
international dimensions.

The European Commission Data Protection Working Party (which is composed of
Data Protection officials from Council of Europe member states) has issued
an opinion criticizing a proposed Australian Privacy Amendment. Among other
things, the panel noted "with concern that some sectors and activities are
excluded from the protections of the Act," including employee personal
information and small businesses. The Party also pointed out vagaries in the
language of the Amendment, which might allow data collected for one purpose
to be used for new functions.

In response, Australia's Attorney General Daryl Williams accused the
European experts of "ignorance about Australia's law and practice and do not
go to the substance of whether our law is fundamentally 'adequate' from a
trading point of view. It seems that the prescriptive approach taken in many
EU Member States is assumed to be the only acceptable way to go in many
areas of privacy protection." said that he did not accept the working
group's findings and feared placing "unnecessary burdens on business." He
also announced that "officials from Australia and the EC will continue to
talk in order to address these concerns to everyone's satisfaction. However,
Australia will only look at options that do not impose unnecessary burdens
on business."

To read the comments of the EU panel, click
http://europa.eu.int/comm/internal_market/en/media/dataprot/wpdocs/wp40en.ht
m

To read the response from Australian Attorney General Daryl Williams, visit
http://law.gov.au/aghome/agnews/2001newsag/941_01.htm

======================================================
[25] DoubleClick suffers security breach
======================================================
Recent events have left many people wondering whether DoubleClick will ever
do enough to protect online privacy.

Officials from the online advertising firm admitted that intruders had
invaded its systems. The attack was sufficiently serious that DoubleClick
shutdown a few of its servers in order to help investigators track down
perpetrators. A spokesperson termed the incident "mischievous in nature" but
claimed that the incident did not have "any serious impact to our networks."

The breach came just as a Federal judge in the United States dismissed a
privacy lawsuit against DoubleClick. The suit revolved around company's
admission that it had been tracking viewers through the Internet by placing
digital identification numbers in files known as "cookies" on a user's hard
drive, which it matches with name and address information that has been
collected by its partners. Despite initial claims to the contrary,
DoubleClick planned to match this data with more extensive information
contained in millions of files maintained by its merger partner Abacus
Direct. DoubleClick put aside its data-matching plan after a storm of public
criticism. Several consumers then took legal action against the company,
claiming that DoubleClick's cookie tracking scheme violated various state
and Federal laws. It is not clear whether the plaintiffs will now appeal the
dismissal.

See "DoubleClick: We've been hit," Reuters, Mar. 30, 2001 at
http://www.zdnet.com/zdnn/stories/news/0,4586,5080420,00.html

See also Michael Bartlett, "Attorney Fires Back At Judge In DoubleClick
Privacy Case," Newsbytes, Mar. 30, 2001 at
http://www.newsbytes.com/news/01/163925.html

======================================================
[26] German gov't searches Net music lovers' homes
======================================================
Watch out if you're downloading music off the Internet. The German
government may use force (both in person and through the network) to stop
you.

German government agents recently invaded the homes of 103 people, claiming
that they were trading online music files of "skinhead bands." As part of
this sweep, police officers seized computers and discs while pressing
charges that could lead to 3-year prison sentences. Law enforcement
officials argued that they had the right to enter these private residences
and that it was illegal for individuals to transfer these MP3 files over the
Internet. These claims came despite the fact that it is legal under German
law to listen to such materials.

In addition, German politicians are tacitly admitting their support for
plans to allow government agents to hack into private websites. German
Interior Minister Otto Schilly mentioned in a recent interview that
government agents may send voluminous amounts of email messages to offending
webpages, in the hopes of disrupting their servers. A Schilly spokesman
later tried to justify such attacks by saying that many of the sites to be
targeted sites "are put onto the Internet in foreign countries, so it's very
difficult to use German law. We have to think about all the lawful
possibilities." No one from the German government has explained precisely
what criteria would be used to determine which websites would be targeted.

These statements have alarmed many members of the privacy community. Andy
Mueller-Maguhn of the Chaos Computer Club (CCC-a GILC member) said he
expected government operatives "to say they won't do anything that is
outside of German law or the law of any other country." He further warned
that any ideas of arbitrarily hacking private websites "is not compatible
with being Minister of the Interior for any democratic government on the
planet. Of course there might be governments with that style. But normally
that's not the behavior of a democratic state or country."

Read Adam Tanner, "Germany Cracks Down on Internet Nazi Music Trade,"
Reuters, Apr. 10, 2001 at
http://www.infowar.com/law/01/law_041001d_j.shtml

See also Steve Kettmann, "German Pol Backtracks on Hack," Wired News, Apr.
10, 2001 at
http://www.wired.com/news/politics/0,1283,42961,00.html

For original story, see Frank Patalong, "Mit Hackermoden gegen Neonazis,"
Der Spiegel, Apr. 6, 2001 at
http://www.spiegel.de/netzwelt/politik/0,1518,126921,00.html

For background information, see Thomas C. Greene, "German may strike Nazi
sites with DoS attacks," The Register (UK), Apr. 9, 2001 at
http://www.theregister.co.uk/content/8/18200.html

==========================================================
[27] Privacy surveys reflect public unease
==========================================================
Recent studies suggest that people may not know precisely what threatens
their privacy online, but they don't like what they see...and those threats
are becoming more prevalent.

In a report from the Pew Internet & American Life Project, the vast majority
of respondents (62%) wanted stronger laws to protect against online
surveillance. Furthermore, two thirds of those surveyed did not necessarily
trust the government to do the right thing when wiretapping the Internet,
and nearly 80% of participants were worried about online fraud. However, the
study also showed some confusion about specific programs that may curb
privacy, and that there is a need for further public education about the
subject. For example, only about 20% of respondents were aware of the United
States government's Carnivore spyware system. Evan Hendricks of the Privacy
Times commented that the "public's simply not aware of the power of
Carnivore and the likelihood it will be abused if it's run as the FBI [U.S.
Federal Bureau of Investigations] proposes."

Meanwhile, a report from the American Management Association indicates
workplace surveillance is growing. According to the AMA's research, about 4
out of 5 major companies intercept their worker's phone calls, email or
other Internet transmissions. This percentage rose dramatically in some
industries, particularly financial firms (such as banks), where over 92% of
surveyed companies snoop on their employees. These latest figures contrast
with numbers compiled just four years ago, when about 35% of the firms
participating in the study carried out these kinds of surveillance
activities.

For more on the AMA study, see Romy Ribitzky, "Corporate Snooping on Rise,"
ABCNews.com (US), Apr. 18, 2001 at
http://abcnews.go.com/sections/business/DailyNews/snooping_010418.html

For further details regarding the Pew report, see Robert O'Harrow, "Opinion
Split on Web Privacy," Washington Post, Apr. 3, 2001, page E12, at
http://washingtonpost.com/wp-dyn/articles/A28560-2001Apr2.html

==========================================================
[28] Sales problems for invasive CueCat, TiVo devices
==========================================================
Can privacy concerns hurt sales?

That's some people are wondering in light of the struggles faced by two
controversial Web products. One of them, CueCat, allows users to scan
special barcodes contained on print articles and advertisements, thus
triggering their computers into accessing websites for more information.
However, scientists discovered that CueCats include special individualized
serial numbers that allow the tracking of computer users as they surf the
Internet and the creation of highly detailed profiles regarding their
behavior. Indeed, the maker of CueCats, Digital Convergence, has admitted
that it "is responsible for the creation and analysis of the largest
consumer database that provides the unique combination of Web tracking with
all forms of media." Worse still, Digital Convergence suffered a security
breach several months ago that revealed personal information files on nearly
140 000 users, including such data as customer names, email addresses and
postal codes.

Since these revelations, Digital Convergence has suffered serious marketing
problems. While 3 million CueCats have been given to consumers, only about
100 000 people have actually used them, and even those people tend not to
swipe CueCats very often (averaging 6 hits per device). During the past
month, the company withdrew its plans to publicly offer stock, claiming that
the market environment would be too hostile to such a move.

The other product, TiVo, is personal video recorder with Internet
connections that includes such features as allowing replays of television
broadcasts within seconds and advanced programming options. However,
researchers have determined that the device collects detailed information
about users' viewing habits and sends this data back to the manufacturer
through the Information Superhighway.  While the manufacturer claims that
these profiles were anonymized, a report from the Privacy Foundation
indicated that the data collected did in fact contain identifying
information (including the serial number of the individual user's machine).
These revelations led several prominent United States Congressmen to call
for a government investigation into possible trade violations. Meanwhile,
while the number of subscribers continues the climb, the increases were not
enough to dissuade the company from laying off nearly 25% of its workers in
an effort to cut costs.

See Gwendolyn Mariano, "CueCats sent to the litter box," ZDNet News, Mar.
29, 2001 at
http://www.zdnet.com/zdnn/stories/news/0,4586,5080362,00.html

The Privacy Foundation report on TiVo is posted under
http://www.privacyfoundation.org/privacywatch/report.asp?id=62&action=0

To read the Congressmen's letter on TiVo privacy concerns, click
http://www.house.gov/commerce_democrats/press/107ltr30.htm

For more on TiVo financial difficulties, read Richard Shim, "TiVo revamps
business plan, sheds workers," CNet News, Apr. 5, 2001 at
http://news.cnet.com/news/0-1006-200-5520991.html

==================================================
[29] Digital hospital sparks privacy concerns
==================================================
Concerned about the privacy of your medical records? Would you feel any
better if they were all posted online?

HealthSouth is building a digital hospital that will have devices to make it
easier to store such details in computerized form, including digitized X-ray
machines, an internal wireless data transfer system and portable computers
for every employee. All of this information will be added to fully automated
electronic patient databases. HealthSouth CEO Richard Scrushy boasted: "What
we're doing now is making a reality out of something that many people have
talked about, but no one has attempted."

However, experts from both the medical and computer programming community
have expressed reservations about whether sufficient steps have been taken
to protect the privacy of these records. Dr. Henry Vitelle, a New York
obstetrician, worries that "With all of the stories we hear about how this
website and that government computer system was hacked into, how can I feel
good about putting my patients' medical records online? I don't feel
comfortable about having records somewhere that they could be tampered with
by some joyriding hacker with no sense of the havoc he could cause." These
fears are in part based on the protocol that will be used by HealthSouth for
its internal wireless system-a protocol that has been described by at least
one group as having "major security flaws."

Similar concerns are being aired over a recent proposal Down Under. The
Australian Practice Incentives Program has been altered so that the Federal
government will pay medical practitioners to send patient data through
email. The plan is designed to entice medical professionals to make greater
use of computing technology. However, the new standards apparently do not
require doctors to protect this data (such as by using encryption) against
possible interception. Prue Power from the Australian Medical Association
argued that rather than pushing this privacy issue aside, "the Federal
Government ought to be very concerned that one of its programs would be
providing financial incentives for GPs to send clinical information in an
insecure manner."

For more about Australian online health privacy concerns, read Karen Dearne,
"Prescribing a privacy cure," Australian IT, May 1, 2001 at
http://australianit.news.com.au/common/storyPage/0,3811,1948560%5E501,00.htm
l

See also Karen Dearne, "Doctors paid for 'insecure' emails," Australian IT,
Apr. 17, 2001 at
http://australianit.news.com.au/common/storyPage/0,3811,1900441%5E442,00.htm
l

For more on HealthSouth, read Michelle Delio, "How Secure Is Digital
Hospital?" Wired News, Mar. 28, 2001 at
http://www.wired.com/news/technology/0,1282,42656,00.html

==================================================
[30] Upcoming Japan privacy conferences
==================================================
Two meetings will be held in Tokyo this month to discuss emerging trends in
the field of data privacy.

The first meeting, entitled "The Dark Side of IT Society," will take place
on May 6 and will consist of two sessions. In the afternoon, several experts
will give presentations on the recently enacted Japanese Wiretapping Law,
Biometrics, IC cards and other High-tech privacy issues. Takao Saito, the
author of "Privacy Crisis" will give the keynote speech on "Surveillance
Society and Privacy in Japan." The evening session will consist of panel
discussions between the presenters. The event is being organized by a
coalition of civil society groups, including Japanese Networkers against
Surveillance Taskforce (NaST-a GILC member), Privacy Action, the Japanese
Consumer Union, and JCA-Net, among others.

The second meeting, scheduled for the evening of May 21, will explore
numerous emerging privacy issues, particularly the ramifications of various
cybercrime proposals from around the world. This session will feature
several speakers, including Barry Steinhardt, Associate Director of the
American Civil Liberties Union (ACLU-a GILC member), and Toshimaru Ogura
from NaST.

For further information on the May 6 meeting, click
http://www.han-kanshi.net/010506flyer.html

For an English-language translation, see
http://www.han-kanshi.net/010506flyer_eng.html

or send email to
Priv-ec@jca.apc.org

Inquiries regarding the May 21 seminar should be sent to
Tomo@jca.apc.org

=========================================================
	ABOUT THE GILC NEWS ALERT:
==========================================================
The GILC News Alert is the newsletter of the Global Internet Liberty
Campaign, an international coalition of organizations working to protect and
enhance online civil liberties and human rights.  Organizations are invited
to join GILC by contacting us at
gilc@gilc.org.

To alert members about threats to cyber liberties, please contact members
from your country or send a message to the general GILC address.

To submit information about upcoming events, new activist tools and news
stories, contact:

Christopher Chiu
GILC Coordinator
American Civil Liberties Union
125 Broad Street, 17th Floor
New York, New York 10004
USA

Or email:
cchiu@aclu.org

More information about GILC members and news is available at
http://www.gilc.org

You may re-print or redistribute the GILC NEWS ALERT freely.

To subscribe to the alert, please send e-mail to
gilc-announce@gilc.org

with the following message in the body:
subscribe gilc-announce

========================================================
PUBLICATION OF THIS NEWSLETTER IS MADE POSSIBLE BY A
GRANT FROM THE OPEN SOCIETY INSTITUTE (OSI)
========================================================





========== HURIDOCS-Tech listserv ==========
Send mail intended for the list to <huridocs-tech@hrea.org>.
Archives of the list can be found at: http://www.hrea.org/lists/huridocs-tech/
To subscribe to the list, send a message to <majordomo@hrea.org>,
with the following text in the message: subscribe huridocs-tech
To unsubscribe from the list, send a message to <majordomo@hrea.org>,
with the following text in the message: unsubscribe huridocs-tech
If you have problems (un)subscribing, contact <owner-huridocs-tech@hrea.org>.
Prev by Date: New HURIDOCS manual: What is Monitoring
Next by Date: WENT2001 Announcement and Application on the Web
Previous by thread: GILC Alert, Volume 5, Issue 2
Next by thread: GILC Alert, Volume 5, Issue 5
[Reply to this message] [Start a new topic] [Date Index] [Thread Index] [Author Index] [Subject Index] [List Home Page] [HREA Home Page]