GILC Alert
Volume 6, Issue 7
22 October 2002
Welcome to the Global Internet Liberty Campaign Newsletter.
Welcome to GILC Alert, the newsletter of the Global Internet Liberty
Campaign. We are an international organization of groups working for
cyber-liberties, who are determined to preserve civil liberties and human
rights on the Internet.
We hope you find this newsletter interesting, and we very much hope that you
will avail yourselves of the action items in future issues.
If you are a part of an organization that would be interested in joining
GILC, please contact us at <gilc@gilc.org>.
If you are aware of threats to cyber-liberties that we may not know about,
please contact the GILC members in your country, or contact GILC as a whole.
Please feel free to redistribute this newsletter to appropriate forums.
===============================================
Free expression
[1] Greek government backs down on gaming ban
[2] New proposals to enhance digital fair use rights
[3] China arrests another Net critic
[4] Protests grow over Spanish LSSI Net speech law
[5] US bill would target foreign Net censorship
[6] Internet Archive censors anti-Scientology site
[7] Cybercafe chain faces Hollywood copyright threats
[8] US gov't renews domain system deal with ICANN
[9] UN report: African Net usage growing, but still lags
Privacy
[10] Hollywood asks court for Verizon Internet user records
[11] Leaked memo reveals US gov't illegal email spying
[12] Flap over Norwegian Net portal tracking scheme
[13] U.S. Court hears Internet provider warrants case
[14] Amazon.com privacy policy revisions criticized
[15] Digital Angel tracking implant still in legal limbo
[16] Belgium plans national digital signature ID cards
[17] Bugbear computer virus still causing trouble
[18] US cybersecurity report released
[19] British Celldar trackers worry privacy experts
[20] Korean cell phone tracking bill poses privacy problems
[21] New campaign coming against data retention proposals
[22] Upcoming Central European Cyberliberties Conference
==================================================
[1] Greek government backs down on gaming ban
==================================================
Greek authorities have made an apparent retreat in a heated controversy over
a new law that bans the public playing of electronic games.
The law, which was approved about three months ago, had been applied to
games played on computers, mobile phones and consoles in cybercafes and
other public places. Although it was supposedly adopted as an anti-gambling
move, the measure did not distinguish between gambling and computer games.
The government then arrested nearly 50 individuals for allegedly violating
the measure; the first case involved 2 people who were playing chess online.
These developments generated fierce protests from many citizens who feared
that the law would be used as a pretext for government repression. Indeed,
more than 30 000 people signed an online petition against the legislation,
and hundreds of demonstrators appeared during a court hearing for one of the
arrestees, shouting "No to censorship on the Internet."
Since then, the government has issued a memorandum to police stations around
the country, stating that only the playing of gambling-related games should
be prosecuted under the new law. The document also mentions that the measure
should cause "no problem" for "any citizen, or tourist visiting Greece,
using or owning electronic or other games such as Playstation, Gameboy, XBox
etc." While opponents of the legislation were pleased with this latest move,
there is concern that the memorandum itself might not have the force of law,
and that a court challenge may be necessary to prevent future government
abuse.
For more on the petition against the Greek gaming ban, click
http://www.petitiononline.com/mod_perl/signed.cgi?comp5932
See "Greece lets the games begin again," Reuters, 25 September 2002 at
http://news.com.com/2102-1040-959365.html
See also "Reprieve for Greek gamers," BBC News Online, 24 September 2002 at
http://news.bbc.co.uk/1/hi/technology/2279042.stm
For press coverage of this story in German (Deutsch), read "Darf man das?"
Spiegel Online, 19 September 2002 at
http://www.spiegel.de/netzwelt/politik/0,1518,214621,00.html
See also "Chaos in griechischen Internet-Cafes: Erlaubt oder verboten?"
Heise Online, 19 September 2002 at
http://www.heise.de/newsticker/data/wst-19.09.02-000/
============================================================
[2] New proposals to enhance digital fair use rights
============================================================
Several efforts are underway that may help protect traditional free speech
rights in the digital domain.
Two recently unveiled bills would amend the much-criticized United States
Digital Millennium Copyright Act (DMCA). One plan, sponsored by U.S.
Representative Rick Boucher, would permit users to circumvent copy
protection schemes "if such circumvention does not result in an infringement
of the copyright" in a given work, which would ostensibly include making use
of the work for research, public commentary, and educational or other
salutary purposes. The bill would also allow the manufacture, distribution
and "noninfringing use" of hardware or software "capable of enabling
significant noninfringing use of a copyright work"-a provision that might
apply to such items as music sharing software and optical disc burners. The
proposal would also require special labeling for copy-protected CDs.
The other bill, submitted by fellow Rep. Zoe Lofgren, would permit users to
circumvent copy protection schemes "if ... necessary to make a
non-infringing use" when the copyright owner "fails to make publicly
available the necessary means to perform such non-infringing use without
additional cost or burden" to the user. Lofgren's proposal would also
permit people who lawfully obtain or receive digital works (which presumably
includes compact discs and Internet streaming broadcasts) "to reproduce,
store, adapt or access" such works (1) for archival purposes, so long as
illegal copies are destroyed or "rendered permanently inaccessible," and (2)
to be able to enjoy the work on a "preferred digital media device," so long
as the "performance or display is not public." Additionally, the bill would
explicitly extend the "first sale doctrine" to cover digital works; this
doctrine essentially allows lawfully purchased copyrighted items (such as
books) to be resold or traded without having to get copyright holder's
permission.
These plans have been warmly received by many cyberlibertarians, who have
excoriated the DMCA for its negative impact on free expression. In a
statement, the Electronic Frontier Foundation (EFF-a GILC member) noted:
"Since the DMCA's passage in 1998, it has been used not against copyright
pirates, but instead to chill the legitimate activities of scientists,
journalists, and computer programmers. Rep. Boucher's bill will go a long
way toward restoring in the digital world the traditional balance between
the rights of the public and those of copyright owners." EFF also welcomed
"Rep. Lofgren's bill as an important step toward creating a fair and
balanced copyright law for the digital age."
Meanwhile, in an unusual move, the U.S. Copyright Office is asking for
suggestions about possible new exceptions to the DMCA. EFF's Fred von
Lohmann explained that though the Copyright Office's announcement came with
little fanfare, it nevertheless constitutes an important opportunity to curb
the DMCA's excesses: "We're already planning to submit comments and organize
comments by others. We're hoping that by the time the December deadline
rolls around, a lot more people will be aware of this." The deadline for
public comments is 18 December 2002.
The text of the Boucher bill (in PDF format) is available under
http://www.house.gov/boucher/docs/BOUCHE_025.pdf
Further details about the Boucher bill are posted at
http://www.house.gov/boucher/internet.htm
The text of the Lofgren bill is available under
http://www.house.gov/lofgren/press/107press/021002_act.htm
For more background information on the Lofgren bill, click
http://www.house.gov/lofgren/press/107press/021002_sections.htm
To read an EFF press release regarding these proposals, click
http://www.eff.org/IP/DMCA/20021003_eff_pr.html
For more on the DMCA's effect on computer research, read John Lettice, "If I
tell you that I'll have to kill you: Red Hat fights the DMCA," The Register
(UK), 16 October 2002 at
http://www.theregister.co.uk/content/4/27636.html
Read "Bills Would Bolster the Right to Copy," Washington Post, 4 October
2002, page E5, at
http://www.washingtonpost.com/wp-dyn/articles/A41031-2002Oct3.html
For coverage in German (Deutsch), read "US-Abgeordnete fordert Recht auf
private Kopie digitaler Medien," Heise Online, 2 October 2002 at
http://www.heise.de/newsticker/data/anw-02.10.02-002/
The U.S. Copyright Office announcement is available (in PDF format) under
http://www.copyright.gov/1201/fr2002-4.pdf
See "Anti-hacking copyright law to get review," CNet News, 11 October 2002
at
http://news.com.com/2102-1023-961783.html
==================================================
[3] China arrests another Net critic
==================================================
Chinese government agents have arrested another author for his Internet
writings.
Chen Shaowen allegedly published 40 articles that were published on several
foreign Web sites. His activities raised the eyebrows of Chinese
authorities, who eventually arrested him for "using the Internet to subvert
state power." State-run media accused him of "repeatedly browsing
reactionary websites, ... fabricating, distorting and exaggerating relevant
facts, and vilifying the Chinese Communist Party and the socialist system."
There is no word yet as to whether Chen has formally been charged.
The arrest was met with protests from free speech advocates. The Committee
to Protect Journalists (CPJ-a GILC member) issued a strongly worded letter
condemning the Chinese "government's routine use of subversion charges to
suppress online speech. Chen Shaowen has done nothing more than peacefully
express an independent viewpoint, a right that is protected under China's
constitution as well as the International Covenant on Civil and Political
Rights, which China has signed. We call for Chen's immediate and
unconditional release."
Meanwhile, reports indicate that China has taken several other moves to
restrict the flow of information via the Internet. Chinese authorities have
purportedly begun using new technology involves the use of "packet sniffers"
that can detect keywords in transmissions that pass through the Information
Superhighway. Once detected, not only can the information itself be blocked,
but the recipient's computer crashes, forcing the user to shutdown or
reboot. Chinese officials have also banned minors from entering cybercafes
and barred the building of such establishments near schools.
The CPJ letter about Chen Shaowen is posted at
http://www.cpj.org/protests/02ltrs/China24sept02pl.html
Read "China arrests Web writer for subversion," Reuters, 25 September 2002
at
http://news.com.com/2102-1023-959409.html
For coverage in German (Deutsch), read "Haftgrund Internet," Spiegel Online,
25 September 2002 at
http://www.spiegel.de/netzwelt/politik/0,1518,215538,00.html
For more on China's rumored new sniffer-based censorship system, read
Geoffrey York, "China stifling dissent on Internet," The Globe and Mail, 5
October 2002, page A14 at
http://www.theglobeandmail.com/servlet/ArticleNews/PEstory/TGAM/20021005/UCH
INMM/International/international/international_temp/3/3/32/
More information is available from the Human Rights in China website under
http://iso.hrichina.org/iso/news_item.adp?news_id=982
Read "China passes tough new regulations on Internet access and cafes,"
China News Digest, 13 October 2002 at
http://cnd-f.cnd.org/Global/02/10/13/021013-2.html
See "China bans minors from Net cafes," Reuters, 11 October 2002 at
http://news.com.com/2102-1023-961734.html
====================================================
[4] Protests grow over Spanish LSSI Net speech law
====================================================
A new Spanish law is continuing to draw fierce criticism over its impact on
free speech over the Internet.
Spanish government officials have signaled their intention to use LSSI
(short for La Ley de Servicios de la Sociedad de la Informacion y de
Comercio electronico) to control online content. Towards that end, the
measure, among other things, requires webmasters to publish personal
information about themselves through their webpages. Violators may be forced
to pay EUR 600 000 in fines. In addition, the bill includes provisions
allowing customer data to be retained for up to 1 year, which government
agents may access with the consent of a judge. Objections from cyber-rights
activists led the government to alter language contained in a previous LSSI
draft that permitted government "administrative authorities" to shut down
websites-a power that, in the past, had required court approval.
Although the final version leaves the power to close Internet sites in the
hands of judges, many experts believe that the law still poses a serious
threat to freedom of expression online. Jose Manuel Gomez of Kriptopolis (a
GILC member) warned that LSSI clearly was "passed for controlling web
contents and to force editors to self-censure. As a protest we've closed our
own site (about 500,000 visits per month until then) from October 1. The Law
became effective on October 12 and from that very moment many Web sites have
*spontaneously* decided to go off-line to support the closedown, to protest
against the law or simply because of fears of the way that inquisitorial new
law will be applied in Spain from now on." The list of organizations that
have closed down their sites now stands at over 200, and several other
groups (including fellow GILC member Stop 1984) have expressed their
solidarity against LSSI. Meanwhile, there is a campaign underway to have the
law examined by the Spanish Constitutional Council.
For more on Kriptopolis' anti-LSSI campaign, click
http://www.kriptopolis.com/
To read the text of the LSSI law, click
http://www.lssice.com/legislacion/lssice.html
A special dossier on this subject (created by the Madrid newspaper El Pais)
is available under
http://www.elpais.es/temas/dossieres/lssice/index.html
Read John Leyden, "Web sites blackout over Spanish monitoring law," The
Register (UK), 14 October 2002 at
http://www.theregister.co.uk/content/6/27589.html
For further information in German (Deutsch), see Ralf Streck, "Umstrittenes
spanisches Internetgesetz in Kraft," Heise Telepolis, 14 October 2002 at
http://www.heise.de/tp/deutsch/inhalt/te/13416/1.html
============================================================
[5] US bill would target foreign Net censorship
============================================================
Technical measures to route around various national Internet censorship
schemes might soon get a boost.
United States Representatives Chris Cox and Tom Lantos have introduced a
bill to would create an Office of Global Internet Freedom. The Director of
this entity would "develop and implement a comprehensive global strategy to
combat state-sponsored and state-directed Internet jamming, and persecution
of those who use the Internet." The new body would also compile annual
reports on this subject, including a list of "countries that pursue policies
of Internet censorship, blocking and other abuses; provide information
concerning the government agencies or quasi-governmental organizations that
implement Internet censorship, and describe with the greatest particularity
practicable the technological means by which such blocking and other abuses
are accomplished." The yearly budget for this Office is pegged at US $50
million for 2 years.
A number of experts hope that the bill, if passed, will improve the ability
of people worldwide to speak freely online. Cory Doctorow at the Electronic
Frontier Foundation (EFF-a GILC member) explained that the bill "isn't about
imposing one country's ideology on another, but rather about letting people
freely choose which ideologies, ideas and people to be exposed to and making
up their own mind about what's right. Rather than broadcasting any nation's
message, this is allowing people to receive any message they choose to
receive."
The text of the bill (in PDF format) is available under
http://policy.house.gov/assets/ACF876.pdf
Read Mitch Wagner, "Fighting Net Censorship Abroad," Wired News, 3 October
2002 at
http://www.wired.com/news/print/0,1294,55530,00.html
============================================================
[6] Internet Archive censors anti-Scientology site
============================================================
For the second time this year, legal threats have led an organization to
remove links to a website that protests a controversial religious sect.
The Internet Archive is an initiative to build "a digital library of
Internet sites and other cultural artifacts in digital form." Until
recently, the Archive included webpages from Xenu.net, which contains
material that criticizes the Church of Scientology. A lawyer representing
the Scientologists sent a letter to the Archive with a curious claim.
Although the text of the letter itself has not been disclosed to the public,
according an Archive spokesperson, the Church of Scientology "asserted
ownership of" the Xenu-related webpages stored by the Archive, despite the
fact that all of the pages were actually created by the proprietor of
Xenu.net, Andreas Heldal-Lund. The Archive subsequently barred access to the
contested pages; Archive visitors who wished to see the Xenu.net material
received error messages saying that the requested information was "not
available."
The incident came several months after a lawyer representing the
Scientologists sent a letter to Internet portal company Google claiming that
Xenu.net's activities violated the United States Digital Millennium
Copyright Act (DMCA) and demanding that the search engine remove any links
to the site. Google initially deleted links to numerous Xenu-related
webpages, but later restored some Xenu.net listings within a few days. This
apparent attempt to silence online criticism through claims of copyright
infringement had generated strong concern from many free speech experts.
The Internet Archive home page is located at
http://archive.org
Read Lisa M. Bowman, "Net archive silences Scientology critic," CNet News,
at
http://news.com.com/2102-1023-959236.html
For further information in German (Deutsch), read "Internet-Archiv blockiert
Scientology-Kritiker," Heise Online, 25 September 2002 at
http://www.heise.de/newsticker/data/wst-25.09.02-001/
============================================================
[7] Cybercafe chain faces Hollywood copyright threats
============================================================
A global business mogul has lashed out at the recording industry as one of
his businesses is locked in a battle over alleged copyright violations.
Stelios Haji-Iannou is the architect of the EasyGroup business empire, which
includes the European airline EasyJet and the EasyInternet Café chain.
Several music companies, including Sony Music and the British Phonographic
Industry (which represents Universal, Virgin and EMI) have sued EasyGroup,
claiming that that it should be liable for music that allegedly has been
downloaded illegally by EasyInternet Café customers. Sony went so far as to
ask the court for a "gag order" to prevent public discussion of the
dispute-a request that was denied.
Haji-Iannou blasted the lawsuit, calling it "crazy," and complained about
the entertainment industry's harsh treatment of the Internet community: "The
record companies are criminalising ordinary users. What we're saying is that
they have to give people a way to getting music without breaking the law.
They are more interested in protecting their profit margins. ... They don't
understand that their model of doing business can't survive. They are going
to be squeezed out if they don't adapt."
Indeed, a number of entertainment company leaders are now starting focus
more of their energies on improved music download systems rather than legal
threats. Towards that end, OD2, a digital music company founded by singing
legend Peter Gabriel, sponsored a special Digital Download Day where
Internet users could legally sample and download songs for free. The
promotional event, which received support from several major music labels
including EMI, BMG and Warner Music, proved extremely popular, as some 15
000 users visited DigitalDownloadDay.com every hour and the website's
servers struggled to cope with the strain.
For more on the EasyInternet Café case, read Richard Adams, "Digital piracy
spat goes to court," The Guardian, 27 September 2002 at
http://www.guardian.co.uk/internetnews/story/0,7369,800002,00.html
See Graeme Wearden, "EasyInternetCafe faces gag in CD-burning row," ZDNet
UK, 19 September 2002 at
http://news.zdnet.co.uk/cgi-bin/uk/printerfriendly.cgi?id=2122548&tid=269
For more on Digital Download Day, read Owen Gibson, "Let the music
download," The Guardian, 7 October 2002 at
http://www.guardian.co.uk/internetnews/story/0,7369,806002,00.html
See "Free download day a hit with fans," Reuters, 3 October 2002 at
http://news.com.com/2102-1023-960650.html
See also "Fans 'swamp' download offer," BBC News Online, 3 October 2002 at
http://news.bbc.co.uk/1/hi/entertainment/music/2296535.stm
For press coverage in German (Deutsch), read "'Digital Download Day': Zeit
fur Zuckerbrot," Spiegel Online, 2 October 2002 at
http://www.spiegel.de/netzwelt/netzkultur/0,1518,216584,00.html
=======================================================
[8] US gov't renews domain system deal with ICANN
=======================================================
Despite calls to the contrary, the United States government has agreed to
let a controversial organization run the Internet domain name system for
another year.
The U.S. Commerce Department has renewed and revised its Memorandum of
Understanding (MoU) with the Internet Corporation for Assigned Names and
Numbers (ICANN). The agreement, which was scheduled to expire last month,
will now last until 30 September 2003. The decision came despite concern
from many observers over ICANN's apparently undemocratic ways. A number of
public interest groups either had called for tougher standards to be
inserted into the MoU or for the Commerce Department to open up a bidding
process that might allow other organizations to take over ICANN's job.
Ironically, in announcing the deal, U.S. assistant commerce secretary Nancy
Victory admitted that her department "is frankly disappointed that ICANN's
progress on the MoU tasks thus far has moved so slowly."
Indeed, soon after the renewal of the MoU, an ICANN committee proposed new
bylaws that would radically change the way the organization deals with the
general public. For example, ICANN would no longer hold direct public
elections for Board seats, but instead would have an official Nominating
Committee and several Supporting Organizations each select Directors. The
Bylaws would also essentially allow ICANN's Board to keep its discussions
and decisions secret when they relate to "personnel or employment matters,
legal matters (to the extent the Board determines it is necessary or
appropriate to protect the interests of ICANN), matters that ICANN is
prohibited by law or contract from disclosing publicly, and other matters
that the Board determines, by a three-quarters (3/4) vote of Directors
present at the meeting and voting, are not appropriate for public
distribution." In addition, ICANN would appoint an "international
arbitration provider" to handle requests for independent review of ICANN
decisions; parties that make such requests but do not win risk having to pay
"all costs of the IRP Provider" as well as their own expenses.
ICANN is expected to discuss these changes during meetings in Shanghai at
the end of this month. Also on the conference agenda are negotiations to
transfer control of the .org top-level domain to the Internet Society, and
implementation of internationalized domain names.
The revised MoU is posted under
http://www.icann.org/general/amend5-jpamou-19sep02.htm
A U.S. government press release regarding the revised MoU is available at
http://www.ntia.doc.gov/ntiahome/press/2002/icann_09192002.htm
To read proposed new bylaws for ICANN, click
http://www.icann.org/committees/evol-reform/proposed-bylaws-02oct02.htm
An ICANN press release on its .org decision is posted at
http://www.icann.org/announcements/announcement-14oct02.htm
Read "Non-profit net name gets new owner," BBC News Online, 15 October 2002
at
http://news.bbc.co.uk/1/hi/technology/2329199.stm
See Robert MacMillan, "Internet Society Picked As Manager of '.org',"
Washington Post, 15 October 2002, page E5 at
http://www.washingtonpost.com/wp-dyn/articles/A25445-2002Oct14.html
For more information on the upcoming ICANN conference in Shanghai, click
http://www.icann.org/shanghai/
===============================================================
[9] UN report: African Net usage growing, but still lags
===============================================================
We have come far, but we still have so far to go.
That is essentially the message presented by a new report from the United
Nations Information and Communications Technologies Task Force regarding
African Internet usage. Among other things, the report indicates that more
Africans are online than ever before. The study cites statistics showing
that, during the last 18 months, the number of Internet dial-up connections
in Africa has increased by 20 percent, while the rate of growth in Internet
connections through corporate or shared networks is still higher. Meanwhile,
the number of mobile phones activated during the last 5 years has exceeded
the number of landlines installed over the past 100 years.
However, the extent of Internet connectivity in Africa varies greatly from
region to region, and generally falls far short of the levels seen on other
continents. In many areas of Africa, approximately 1 in 250 people use the
Internet; by comparison, nearly half the populations of both North America
and in Europe are online. U.N. Secretary-General Kofi Annan stressed the
importance of efforts to bridge this Digital Divide: "It is not, of course,
a magic formula that is going to solve all the problems. But it is a
powerful tool for economic growth and poverty eradication, which can
facilitate the integration of African countries into the global economy."
Read "Internet, Mobile Phones Taking Off in Africa-UN," This Day (Nigeria),
3 October 2002 at
http://allafrica.com/stories/200210030347.html
See "Africans embrace mobiles and the net," BBC News Online, 2 October 2002
at
http://news.bbc.co.uk/1/hi/technology/2290486.stm
===============================================================
[10] Hollywood asks court for Verizon Internet user records
===============================================================
A United States court has heard oral arguments as to whether a major
Internet service provider (ISP) must divulge personal information about one
of its customers to several entertainment conglomerates.
The Recording Industry Association of America (RIAA) has requested data
concerning a customer of telecom giant Verizon. The RIAA claims that the
individual in question had engaged in copyright infringement through
Internet peer-to-peer music file trading. The Association has argued that
the U.S. Digital Millennium Copyright Act (DMCA) allows it to gather such
information without having to file a lawsuit first. More specifically, the
RIAA has cited a portion of the DMCA which says that copyright owners can
request a U.S. Federal court to subpoena "information sufficient to identify
the alleged infringer" from a "service provider."
Several cyberliberties groups, including GILC members Computer Professionals
for Social Responsibility, the Electronic Frontier Foundation and the
Electronic Privacy Information Center, filed a friend-of-the-court brief
asking the court to reject the RIAA's request, claiming that it will
undermine individual privacy online and chill anonymous free speech. Telecom
companies are also concerned about the potential liability and costs they
could face should such requests be permitted under the law; Eric Holder, who
represents Verizon, explained: "We don't want to be the policeman in this
process."
During the hearing, presiding judge John Bates gave few clear indications as
to which way he would rule. Although Bates complained that the "statute is
not organized as being consistent with the argument for either side," he
discounted record industry claims of illegal activity and necessity: "Here,
there's only an allegation of infringement." A formal ruling is expected
shortly.
See "Online Music Piracy: Naming Names," Associated Press, 4 October 2002 at
http://www.cbsnews.com/stories/2002/10/03/tech/main524304.shtml
Read Declan McCullagh, "Verizon, RIAA in copyright showdown," CNet News, 4
October 2002 at
http://news.com.com/2102-1023-960838.html
For coverage in German (Deutsch), read "Musikindustrie lasst gegen Verizon
nicht locker," Heise Online, 7 October 2002 at
http://www.heise.de/newsticker/data/anw-07.10.02-001/
The aforementioned amicus brief is available via
http://www.eff.org/Cases/RIAA_v_Verizon/20020830_eff_amicus.html
===============================================================
[11] Leaked memo reveals US gov't illegal email spying
===============================================================
Can law enforcement agents be trusted to protect the privacy of innocent
citizens?
That is the question that is being posed in the wake of a newly declassified
United States government memorandum. The memo, which was sent to all field
offices of the U.S. Federal Bureau of Investigation (FBI), discloses several
incidents attributed to "difficulties in ... management of electronic
surveillances and physical searches" authorized under the Foreign
Intelligence Surveillance Act (FISA). In one such case, due to alleged
mistakes in renewing a given search warrant, an FBI field office illegally
intercepted email messages "even though there was no authorization" to do so
under the relevant warrant. In another instance, FBI agents captured and
listened to the mobile phone conversations of an innocent person, without
realizing that the suspect had relinquished the account and that the phone
company had transferred the targeted phone number to another person. The
memo also admits that other violations such as "unauthorized searches,
incorrect addresses, and incorrect interpretations" of warrants had occurred
recently.
These revelations have generated anger among civil rights advocates and a
number of politicians. U.S. Congressman William Delahunt said that even if
these privacy violations were unintentional, they demonstrated "an
incredible level of incompetence." Similarly, U.S. Senator Patrick Leahy
warned that "the extent, variety and seriousness of the violations recounted
in this FBI memo show again that the secret FISA process breeds sloppiness
unless there's adequate oversight."
The memo (in PDF format) is available under
http://www.fas.org/irp/agency/doj/fisa/ec.pdf
Read Dan Eggen, "FBI Misused Secret Wiretaps, According to Memo," Washington
Post, 10 October 2002 at
http://online.securityfocus.com/news/1105
For further information on FISA issues, visit the Electronic Privacy
Information Center (EPIC-a GILC member) website under
http://www.epic.org/privacy/terrorism/fisa/default.html
====================================================
[12] Flap over Norwegian Net portal tracking scheme
====================================================
Privacy experts remain concerned over the way two Internet portals collect
and handle user personal information.
Previously, consumer watchdogs Public Information Research had filed a
formal complaint with the Norwegian government against Fast Search and
AlltheWeb.com. According to the complaint, the two companies had used tiny
image files, known as "webbugs", to track site visitors. More specifically,
these webbugs were located at the bottom of the webpages, and allegedly
allowed users to be identified by their Internet protocol numbers and search
queries. Additionally, users who stayed long enough on the sites would
receive text files or "cookies" from Internet advertising giant DoubleClick,
which could also be used for tracking purposes. PIR argued that this
practice "is especially serious because this information is transmitted
quietly to DoubleClick with every search results page, whether or not the
searcher ever clicks on any ad served by DoubleClick. In other words, it
appears that DoubleClick is building up their profiling capacity at a rate
of 2 million queries per day, many of which will end up with unique ID
numbers from their cookie." Neither company had posted a privacy policy
delineating these alleged practices.
Not long afterwards, both firms published privacy statements on their
websites that mentioned, among other things, their relationships with
DoubleClick and their search query tracking systems. However, a spokesperson
for PIR expressed less-than-total satisfaction with the companies' latest
moves, and noted that, for instance, the firms were continuing to collect
personal data about visitors using webbugs. "The only way to disable this
Web bug is to use a browser that allows you to block third-party images.
There aren't many browsers that can do this, and setting this option can
hamper surfing. Still, this is a big improvement over no privacy policy at
all, because it at least acknowledges that there are possible issues, even
though it dismisses them too quickly."
Read Stefanie Olsen, "Search firm caves in to privacy pressure," CNet News,
2 October 2002 at
http://news.com.com/2102-1023-960509.html
See also Stefanie Olsen, "Search firm takes heat for sharing data," CNet
News, 20 September 2002 at
http://news.com.com/2102-1023-958813.html
============================================================
[13] U.S. Court hears Internet provider warrants case
============================================================
When the government goes to an Internet service provider (ISP) to search a
customer's email account, should a police officer be present?
A United States Federal appeals court may soon provide an answer to this
question. The case centers on a police-initiated search of a Yahoo email
account, where the relevant law enforcement agents did not actually go to
the provider's premises, but faxed a search warrant to the company from
several thousands of kilometers away. Despite this absence of police, the
Yahoo technicians performed the search on the government's behalf. At trial,
the presiding judge held that, since the police failed to physically appear
at Yahoo's offices at the time of the warrant was served, the search was
illegal.
The case has drawn the attention of many privacy experts. The Electronic
Privacy Information Center (EPIC-a GILC member) filed a friend of the court
brief, arguing that a police officer must "be physically present when a
search warrant is served." The group based its arguments on numerous
precedents indicating that that "[f]ormal procedures-including the
requirement of an officer's presence at the service of a search warrant-have
been in place since the 1700s to safeguard individuals from unwarranted
intrusion upon their privacy by government officials, and to discourage
governmental abuse of power by ensuring guarantees of trustworthiness and
accountability." Moreover, EPIC charged that this procedural safeguard was
"particularly important as emerging technological innovations pose new
challenges to personal privacy. ... [T]he characteristics of the Internet do
not negate the requirement of an officer's presence for the service of a
warrant."
EPIC's friend-of-the-court brief in this case is available (in PDF format)
at
http://www.epic.org/privacy/bach/brief.pdf
Background materials on the case is posted under
http://www.epic.org/privacy/bach/
Further information (including an audio recording of the oral arguments) is
available via
http://www.ca8.uscourts.gov/tmp/021238.html
=======================================================
[14] Amazon.com privacy policy revisions criticized
=======================================================
A leading online bookseller continues to receive negative reviews over the
way it handles customer information.
Nearly two years ago, Amazon.com added language to privacy policy saying
that it would treat sensitive "customer information" as merely "business
assets" that could be bought or sold as the company continued to develop its
business, in contrast to prior statements that it would never buy or sell
customer data. In addition, the company removed a past feature of its
website, which allowed consumers to completely opt out of these types of
information transfers (by sending e-mail to never@amazon.com). Instead, the
company allowed users limited access to their files, apparently without
allowing them to fully opt-out. In response, the Electronic Privacy
Information Center (EPIC-a GILC member) and another privacy advocacy group,
Junkbusters, filed a complaint with the United States Federal Trade
Commission (FTC), arguing that Amazon's apparent weakening of its privacy
policies constituted a deceptive trade practice. The FTC decided not to take
action against the company, but numerous state regulators took up the
charge.
In an agreement with those state regulators, Amazon recently announced
additional changes to its privacy policies. For example, the company added
new language saying that while it may transfer customer information as part
of a sale or purchase of one of its "stores, subsidiaries or business
units," such records will be "subject to the promises made in any
pre-existing Privacy Notice." However, Amazon's latest privacy rule
revisions have failed to assuage its critics. In a letter, EPIC and
Junkbusters asked various consumer protection officials to take "further
action" because "Amazon's policy and practices are still an ongoing threat
to the privacy and intellectual freedom of millions of consumers in the
United States." The authors of the letter called the new language regarding
sale of businesses "plainly hypocrisy," especially since "Amazon promised
never to sell customer information; now it is saying that it may do so,
recently adding the 'clarification' that the buyer will be subject to the
same promises that it originally made, and then abrogated."
Meanwhile, new data indicates many U.S. consumers remain worried about their
privacy online. A recent study suggests that only 22 percent of Americans
think online purchasing data transactions are safe, while only 31 percent of
consumers who do financial transactions via the Internet believe their
personal information is secure.
To read the aforementioned EPIC and Junkbusters letter, click
http://www.epic.org/privacy/amazon/amazonltr10.8.02.html
Read Troy Wolverton, "Privacy groups target Amazon again," 8 October 2002 at
http://news.com.com/2102-1017-961136.html
See "Online Angst," CBS Marketwatch.com, 16 October 2002 at
http://www.cbsnews.com/stories/2002/10/16/tech/printable525796.shtml
=========================================================
[15] Verichip tracking implant still in legal limbo
=========================================================
The use of a controversial tracking device designed to be implanted under a
person's skin remains on hold, pending the results of a United States
government probe.
Verichip can carry individualized data (such as a person's name, current
condition, medical records and unique identification number) and is designed
to be imbedded under a person's skin. When a special external scanner is
pointed at a Verichip, "a number is displayed by the scanner" and the stored
information is transmitted "via telephone or Internet." Verichip's maker,
Applied Digital Systems (ADS), is marketing its product for such purposes as
"identification, various law enforcement and defense uses and search and
rescue." Company officials are now working to include Global Positioning
System (GPS) technology to allow Verichip recipients to be tracked via the
Information Superhighway.
Besides arousing strong concern from privacy advocates, these developments
have drawn the ire of the U.S. Food and Drug Administration (FDA), which
started investigating ADS several months ago. Wally Pellerite from the FDA's
Office of Compliance complained that the information ADS was "releasing in
press releases and on television shows contradicted the information they
gave" to his organization. He also warned that Verichip "is a technological
advance that we haven't really looked at before, and it may have inherent
risks." A formal FDA decision may come by the end of the year.
Read Julia Scheeres, "No Cyborg Nation Without FDA's OK," Wired News, 8
October 2002 at
http://www.wired.com/news/print/0,1294,55626,00.html
======================================================
[16] Belgium plans national digital signature ID card
======================================================
Plans by the government of Belgium to roll-out new complex ID cards are
already generating serious criticism over their potential privacy
implications.
Under the plan, every Belgian citizen would have to get an identification
card with their names, photographs and 2 digital certificates. One
certificate would be used for authentication, while the other would be used
as a signature. The signature file would ostensibly be required when
conducting transactions with banks or the government, including the payment
of taxes. Children would receive special forms of the cards with most of the
features contained in the adult version, except for the signature function.
Many experts fear that the plan will have a strongly negative impact on
human rights in cyberspace. Simon Davies of Privacy International (a GILC
member) pointed out that it "is an ancient privacy principle that
integration of data damages the integrity and rights of users. Your
e-commerce identity should not be linked with day-to-day authentication.
There are issues with data linkage as well as the possibility of massive
technological failure."
See "Belgium plans digital ID cards," BBC News Online, 4 October 2002 at
http://news.bbc.co.uk/1/hi/technology/2295433.stm
==================================================
[17] US cybersecurity report released
==================================================
A much-anticipated draft report from the United States government about
security in cyberspace has finally been released.
Among other things, the study suggests that "each user of cyberspace must
play a role in protecting it," and that the U.S. government "alone cannot
secure cyberspace. ... The Federal government should not intrude into homes
and small businesses, into universities, or local agencies and departments
to create secure computer networks." Instead, the report recommends such
measures as "making it easier for home users and small businesses to keep
current with anti-virus software, software patches and firewalls," as well
as "encouraging and helping facilitate the installation and use of firewalls
on all broadband Internet connections." Similarly, the report encourages
"Internet service providers, antivirus software companies, and operating
system/application software developers" to consider joint efforts to make it
easier for the home user and small business to obtain security software and
updates automatically and in a timely manner."
The report (in PDF format) is posted under
http://www.whitehouse.gov/pcipb/cyberstrategy-draft.pdf
Public comments on this report may be submitted (no later than 18 November
2002) to
feedback@cybersecurity.gov
Read Carrie Kirby, "Cybersecurity plan unveiled/Panel's strategies on
hacking, viruses had Silicon Valley input," San Francisco Chronicle, 19
September 2002, page B3 at
http://sfgate.com/cgi-bin/article.cgi?f=/c/a/2002/09/19/BU151260.DTL
See Brian Krebs, "Cybersecurity Draft Plan Soft on Business, Observers Say,"
WashingtonPost.com, 19 September 2002 at
http://www.washingtonpost.com/wp-dyn/articles/A35812-2002Sep18.html
See also "Cyber Security Report Spreads Burden," CBS News Online, 18
September 2002 at
http://www.cbsnews.com/stories/2002/09/17/tech/printable522287.shtml
For coverage in German (Deutsch), read "Vorschlage fur eine US-Strategie zur
besseren Cyber-Sicherheit," Heise Online, 19 September 2002 at
http://www.heise.de/newsticker/data/anw-18.09.02-008/
==================================================
[18] Bugbear computer worm still causing trouble
==================================================
A new computer malady has led to renewed concern over the security of
personal computers.
Known as Bugbear, the worm does not require users to open an attachment to
infect a given computer, and disguises itself by choosing among several
possible subject headers as well as sender addresses drawn from the victim's
email address book. Once inside a machine, Bugbear apparently logs
keystrokes typed on the infected computer (including passwords and credit
card data) and sends the information to nearly a dozen recipients. The virus
also creates a "backdoor" allowing outside attackers to gain control over
the machine, while forcing the computer to initiate innumerable print jobs.
Bugbear is just one of many computer pests that have exploited weaknesses in
Microsoft's popular Outlook email program. The software giant's security
failings have been savaged by privacy experts for years.
See "Bugbear virus still rampant," BBC News Online, 8 October 2002 at
http://news.bbc.co.uk/1/hi/technology/2309105.stm
Read Burhan Wazir, "Bugbear email steals card data," The Observer, 6 October
2002 at
http://www.guardian.co.uk/internetnews/story/0,7369,805556,00.html
For video and text coverage, see "Bugbear e-mail virus causing havoc," BBC
News, 4 October 2002 at
http://news.bbc.co.uk/1/hi/technology/2298913.stm
For coverage in German (Deutsch), read "Viren-Alarm: 'Bugbear' geistert
immer noch herum," Spiegel Online, 7 October 2002 at
http://www.spiegel.de/netzwelt/technologie/0,1518,217205,00.html
========================================================
[19] British Celldar trackers worry privacy experts
========================================================
British government plans to use cellular phone masts to track people and
vehicles have causing trepidation among privacy advocates.
Titled "Celldar", the system uses the reflections of electromagnetic waves
given off by mobile phone transmitters. It was previously thought the
intensity of these reflections was too low to allow precise imaging.
However, researchers have reportedly developed receivers sensitive enough to
detect these electromagnetic echoes so as to permit tracking of moving
objects, including people; reflections from stationary objects (such as
trees) would be treated as background "noise" and filtered out. Government
agents are not only looking to put the Celldar into use as quickly as
possible, but they are apparently looking to enhance its abilities so that
the devices can detect activity behind walls and inside private homes.
Although the efficacy of this system is still in doubt, its potential
privacy implications and the government's energy in implementing Celldar
have alarmed a number of experts. Simon Davies of Privacy International (a
GILC member) labeled the entire scheme "an appalling idea. The Government is
just capitalizing on current public fears over security to introduce new
systems that are neither desirable nor necessary."
Read Jason Burke and Peter Warren, "How mobile phones let spies see our
every move, The Observer, 13 October 2002 at
http://www.guardian.co.uk/mobile/article/0,2763,811034,00.html
============================================================
[20] Korean cell phone tracking bill poses privacy problems
============================================================
The Korean government plan may make it easier to track the geographic
locations of mobile phone users.
The Korean Ministry of Information and Communication (MIC) plans to
introduce a bill that will require electronics manufacturers to install
Global Positioning System(GPS)-enabled chips in all mobile phones. According
to a spokesperson, the Ministry hopes to implement this plan by the
third-quarter of 2003, and will not only allow precise pinpointing of users,
but will provide "other special information." Several local companies,
including SK Telecom and KTF, have already rolled out broadly similar
systems using ground-based technology (as opposed to GPS, which is
satellite-based).
However, there are already fears over whether the location information from
this scheme will be protected. While MIC has stated it will ban the sharing
of personal data with third parties, the Ministry left a number of
loopholes, most notably for law enforcement agents. Thus, the bill leaves
open the possibility that the system will be used for wholesale police
surveillance.
Read Kim Deok-hyun, "MIC to Draft Bill for Location-Based Service," Korea
Times, 17 October 2002 at
http://www.hankooki.com/kt_tech/200210/t2002101719061345110.htm
============================================================
[21] New campaign coming against data retention proposals
============================================================
Stop1984 (a GILC member) will soon launch a new campaign to raise public
awareness about proposals for telecom companies to retain data about their
customers for law enforcement purposes. As part of this effort, the group is
in the process of creating a special webpage to collect and coordinate
anti-data retention materials provided by numerous non-governmental
organizations. Stop1984 is also planning to produce post cards expressing
opposition to such proposals, as well as provide background information on
this subject in several languages (notably French, German, Spanish and
English).
For further information (including details on how to join this campaign),
email
twister@stop1984.com
=========================================================
[22] Upcoming Central European Cyberliberties Conference
=========================================================
The first Central European Cyber Liberties Conference (CECLC) will be held
in
Vienna, Austria on 25 October 2002. The event will focus on the erosion of
civil liberties online over the past year or so, including the rise in data
retention proposals throughout Europe. The conference will include technical
presentations as well as social events for civil rights advocates to meet
with Internet activists from across the continent. In the evening the 2002
Austrian Big Brother Awards ceremony will be held to spotlight the country's
greatest threats to individual privacy. Attendance for all events is free of
charge. CECLC is being organized by GILC members quintessenz and VIBE!AT,
with support from the Open Society Institute.
The official CECLC homepage is located at
http://ceclc.quintessenz.org
For more information on the Austrian Big Brother Awards, click
http://bigbrotherawards.at
=========================================================
ABOUT THE GILC NEWS ALERT:
=========================================================
The GILC News Alert is the newsletter of the Global Internet Liberty
Campaign, an international coalition of organizations working to protect and
enhance online civil liberties and human rights. Organizations are invited
to join GILC by contacting us at
gilc@gilc.org.
To alert members about threats to cyber liberties, please contact members
from your country or send a message to the general GILC address.
To submit information about upcoming events, new activist tools and news
stories, contact:
Christopher Chiu
GILC Coordinator
American Civil Liberties Union
125 Broad Street, 17th Floor
New York, New York 10004
USA
Or email:
cchiu@aclu.org
More information about GILC members and news is available at
http://www.gilc.org
You may re-print or redistribute the GILC NEWS ALERT freely.
To subscribe to the alert, please send e-mail to
gilc-announce@gilc.org
with the following message in the body:
subscribe gilc-announce
========================================================
PUBLICATION OF THIS NEWSLETTER IS MADE POSSIBLE BY A
GRANT FROM THE OPEN SOCIETY INSTITUTE (OSI)
========================================================
========== HURIDOCS-Tech listserv ==========
Send mail intended for the list to <huridocs-tech@hrea.org>.
Archives of the list can be found at:
http://www.hrea.org/lists/huridocs-tech/markup/maillist.php
To subscribe to the list, send a message to <majordomo@hrea.org>,
with the following text in the message: subscribe huridocs-tech
To unsubscribe from the list, send a message to <majordomo@hrea.org>,
with the following text in the message: unsubscribe huridocs-tech
If you have problems (un)subscribing, contact <owner-huridocs-tech@hrea.org>.
[Reply to this message] [Start a new topic] [Date Index] [Thread Index] [Author Index] [Subject Index] [List Home Page] [HREA Home Page]