GILC Alert
Volume 7, Issue 6
27 August 2003
Welcome to the Global Internet Liberty Campaign Newsletter.
Welcome to GILC Alert, the newsletter of the Global Internet Liberty
Campaign. We are an international organization of groups working for
cyber-liberties, who are determined to preserve civil liberties and human
rights on the Internet.
We hope you find this newsletter interesting, and we very much hope that
you will avail yourselves of the action items in future issues.
If you are a part of an organization that would be interested in joining
GILC, please contact us at <gilc@gilc.org>.
If you are aware of threats to cyber-liberties that we may not know about,
please contact the GILC members in your country, or contact GILC as a whole.
Please feel free to redistribute this newsletter to appropriate forums.
===============================================
Free expression
[1] California DVD code decision means more battles ahead
[2] Protests grow over Euro copyright directive
[3] U.S. gov't urges High Court to support Net censor law
[4] German court ruling curbs Internet anonymizing software
[5] Vietnamese Net dissident's jail term reduced
[6] U.S., Spanish court cases bar users from providing weblinks
[7] Hollywood appeals Grokster Net file sharing decision
[8] Thai gov't minister proposes more online curbs
[9] German court upholds legality of deep weblinks
[10] Indian gov't plans new online censor law
[11] Japanese gov't plans mobile phone content controls
[12] Chinese gov't to use only Chinese software
Privacy
[13] Hollywood claims it won't go after small downloaders
[14] Mblast and Sobig computer bugs hit hard
[15] U.S. gov't plans mini-TIA spy databases
[16] U.S. gov't pushes Net phone tap law expansion
[17] Study: lack of online privacy leads to discrimination
[18] British firm rolls out mobile phone tracking system
[19] Australian Big Brother ISP plan, Net user ID scheme panned
[20] Korean plan may have serious mobile phone privacy impact
[21] U.S. schools install web spy cameras to watch kids
[22] Global Privacy Report Published
[23] New analysis of UK data retention proposals released
[24] New GILC member: IP Justice
==================================================================
[1] California DVD code decision means more battles ahead
==================================================================
A new court ruling signals that there will be yet another round of legal
battles over a controversial DVD-related computer program.
The case centers on DeCSS, a primitive program that was created to help
users of the Linux computer operating system watch DVDs on their
machines. Four years ago, the DVD Copy Control Association (DVD CCA) sued
Andrew Bunner and hundreds of other people claiming that they violated
California trade secret law by publishing (or providing weblinks to) the
code. A state trial court agreed with DVD CCA and granted an injunction
banning Internet posting of DeCSS. An appeals panel overturned the trial
court ruling, saying that Bunner's activities were protected under the
First Amendment of the United States Constitution, which guarantees the
right to free speech.
The California Supreme Court held that "restrictions on the dissemination
of computer codes in the form of DeCSS are subject to scrutiny under the
First Amendment." However, the court also held that the ban on publication
of DeCSS was a content-neutral restriction that is "not subject to strict
scrutiny" under the First Amendment. Rather, the court saw the protection
of trade secrets as a significant government interest and stated that there
must be "a balance between the government interest and the magnitude of the
speech restriction." In the end, the high court admitted that its decision
was "quite limited" and sent the case back to the lower appeals court for
further examination of the trade secrets issue, focusing in particular on
whether the information embodied in DeCSS actually was a trade secret.
Free expression advocates remain confident that the ban on DeCSS
publication will eventually be lifted. David Greene, Executive Director of
the First Amendment Project who argued the case on behalf of Bunner, said
his group was "heartened that the court acknowledged that trade secret
injunctions must be subject to a high level of First Amendment scrutiny. We
are confident that, having looked at the facts, the Court of Appeal will
remove the restriction on Bunner's right to republish publicly available
information." Similarly, Cindy Cohn from the Electronic Frontier Foundation
(EFF-a GILC member) explained: "The appeals court can now examine the movie
industry's fiction that DeCSS is still a secret and that a publication ban
is necessary to keep the information secret. DeCSS is obviously not a trade
secret since it's available on thousands of websites, T-shirts, neckties,
and other media worldwide."
The text of the California Supreme Court's ruling is available under
http://www.eff.org/IP/Video/DVDCCA_case/20030825_bunner_decision.php
An EFF press release regarding the California Supreme Court's decision is
posted under
http://eff.org/IP/Video/DVDCCA_case/20030825_eff_bunner_pr.php
Read Carrie Kirby, "Court rules against DVD copying/Trade secrets must be
protected, judges say," San Francisco Chronicle, 26 August 2003, page B1 at
http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2003/08/26/BU289410.DTL
See "Free speech no issue in DVD case," BBC News Online, 26 August 2003 at
http://news.bbc.co.uk/1/hi/entertainment/film/3181671.stm
Read John Borland, "DVD-copying code loses free speech shield," CNet News,
25 August 2003 at
http://news.com.com/2102-1028_3-5067665.html
=======================================================
[2] Protests grow over Euro copyright directive
=======================================================
Resistance is growing against a European proposal that may curtail free
speech and data privacy online.
The draft European Intellectual Property Enforcement Directive is intended
to simplify the enforcement of copyrights, patents, and trademarks
throughout the continent. The Directive includes language that bans the
use, manufacture, importation and distribution of "illegal technical
devices" that could circumvent technologies designed to protect any
industrial property right. The proposal also contains provisions that
essentially would give intellectual property holders broad subpoena powers
to collect personal information. The proposal's general outlines have drawn
comparisons to the United States Digital Millennium Copyright Act (DMCA),
which contains broadly similar language and has been savaged by many
cyberliberties experts.
Indeed, an analysis commissioned by the Foundation for Information Policy
Research (FIPR-a GILC member) dubbed the Directive a "EuroDMCA" that, if
implemented, would prove harmful to individual users: "The law on
`intellectual property' - copyrights, patents and trademarks - has always
been a difficult balance between protecting incumbent companies and
fostering competition. The Directive seeks to shift the balance strongly in
favour of the incumbents and against competitors. This will create winners
and losers. The winners will mostly be large companies, such as Microsoft
and Disney; the losers will include some large companies (such as phone
companies) but also a lot of small firms and civil society interests."
Subsequently, a coalition of 48 groups issued an open letter expressing
concern "about the impact on civil liberties, innovation, and competition
posed by the European Union's proposed IP Enforcement Directive." Among
other things, the letter pointed out how the anticircumvention provisions
of the Directive would erode "the public's fair use (fair dealing) and
freedom of expression rights by outlawing all technologies, including
software, that are capable of bypassing technical restrictions." The
initiative, which was spearheaded by IP Justice (a GILC member), attracted
support from a number of other GILC member organizations, including
Association Electronique Libre, Associazione per la Liberta nella
Comunicazione Elettronica Interattiva, Austrian Association for Internet
Users (Verein fuer Internet Benutzer Oesterreichs-VIBE!AT), Bits of
Freedom, Computer Professionals for Social Responsibility, the CryptoRights
Foundation, Cyber-Rights & Cyber-Liberties UK, Digital Rights!
Denmark, Electronic Frontier Finland, the Electronic Frontier Foundation,
the Electronic Privacy Information Center, Foederverein Informationstechnik
und Gesellschaft, FIPR, Privacy International, Quintessenz, Swiss Internet
Users Group, Stop1984, and XS4ALL.
The letter is posted at
http://www.ipjustice.org/codeletter.shtml
A press release regarding the letter is available under
http://www.ipjustice.org/081103codepress.shtml
To read the FIPR-commissioned analysis of the Directive, click
http://www.cl.cam.ac.uk/~rja14/draftdir.html
The draft Directive is available under
http://www.europa.eu.int/cgi-bin/eur-lex/udl.pl?REQUEST=Service-Search&LANGU
AGE=en&GUILANGUAGE=en&SERVICE=all&COLLECTION=com&DOCID=503PC0046
==========================================================
[3] U.S. gov't urges High Court to support Net censor law
==========================================================
Will the United States Supreme Court revive a controversial Internet
censorship law?
That is essentially the question being asked by U.S. government officials.
The case involves the so-called Child Online Protection Act (COPA), which
made it a crime to use the Internet to pass along "for commercial purposes"
information considered "harmful to minors." The statute was enacted in
response to the 1997 Reno v. American Civil Liberties Union decision, in
which the U.S. Supreme Court struck down the Communications Decency Act and
applied traditional free speech protections to the Information
Superhighway. COPA was soon challenged by the American Civil Liberties
Union (ACLU-a GILC member) on behalf of 17 groups and individuals,
including fellow GILC members the Electronic Privacy Information Center and
the Electronic Frontier Foundation.
The U.S. Supreme Court's subsequent ruling reflected deep divisions among
the Justices regarding various aspects of the case. Justice Clarence
Thomas, who wrote the majority opinion, held that "COPA's reliance on
community standards to identify 'material that is harmful to minors' does
not by itself render the statute substantially overbroad" and therefore
violate U.S. constitutional free speech protections. However, Thomas added
that the scope of this decision was "quite limited" and that the Court was
not sure whether COPA might be an unconstitutional restriction on free
expression for other reasons. Citing these reasons, the Court maintained a
ban on COPA enforcement and sent the case back to a lower appeals court for
further examination of these issues.
Earlier this year, the appeals court once again struck down COPA as
unconstitutional. Among other things, the 3-judge panel was especially
concerned with the "harmful to minors" standard, noting that "while COPA
penalizes publishers for making available improper material for minors, at
the same time it impermissibly burdens a wide range of speech and exhibits
otherwise protected for adults." The panel also noted that the statute was
vague with regard to what was suitable for minors, and the law did not take
into account the concept that "materials that have 'serious literary,
artistic, political or scientific value' for a sixteen-year-old" may not
"have the same value for a minor who is three years old. ... Web publishers
who seek to determine whether their Web sites will run afoul of COPA cannot
tell which of these 'minors' should be considered in deciding the
particular content of their Internet postings."
The U.S. Justice Department has since appealed the panel's latest ruling to
the Supreme Court. The decision was met with dismay from a free speech
advocates; ACLU associate legal director Ann Beeson said she "thought the
Justice Department would have better things to do with its time than to
defend what is clearly an unconstitutional law." Indeed, a number of
experts have questioned whether this latest attempt to revive COPA will
succeed.
To read the latest appeals court ruling (in PDF format), click
http://caselaw.lp.findlaw.com/data2/circs/3rd/991324p.pdf
The text of the Supreme Court's prior COPA decision is available under
http://caselaw.lp.findlaw.com/scripts/getcase.pl?court=US&vol=000&invol=00-1293
An ACLU archive of documents regarding this case is posted at
http://www.aclu.org/Cyber-Liberties/Cyber-Liberties.cfm?ID=12039&c=59
Read "DOJ Pushes Stiffer Porn Law," Associated Press, 13 August 2003 at
http://wired.com/news/politics/0,1283,60018,00.html
==============================================================
[4] German court ruling curbs Internet anonymizing software
==============================================================
A decision by a local court in Germany may make it more difficult to engage
in anonymous free speech online.
A trial court (Amtsgericht) in Frankfurt am Main has ruled that anonymisers
without backdoors for law enforcement purposes are illegal. The case
involved the AN.ON anonymizing service, which utilizes a Java Anonymizing
Proxy (JAP) from TU Dresden. The German Federal Office of Criminal
Investigation Office (BKA) required workers at the research project AN.ON
to store information collected regarding a user (as identified through that
person's Internet Protocol address) for a certain period and to turn over
that data for law enforcement purposes.
The independent national data security center in Schleswig-Holstein
objected to this procedure. Helmut Baeumler, the national data-security
commissioner in Schleswig Holstein, said that the Office's actions were
"obviously illegal." Although the court threw out the center's complaint,
the decision has been challenged and might be overturned by a higher court.
Not surprisingly, cyberliberties experts have expressed anxiety over these
developments. A spokesperson from Stop1984 (a GILC member) explained that
her group simply did "not agree" with "the idea of an anonymizer being used
for surveillance. Privacy, especially in times when it is so easy to grab
data and personal information, should be essential and a service providing
this privacy should not be forced into tricking their customers into
thinking they are private when they are not." Stop1984 has since created a
list of 73 public proxies which are known to be compatible to JAP in order
"to help people to regain their privacy."
An AN.ON press release regarding these developments is available at
http://www.inf.tu-dresden.de/~hf2/anon/presseinfoANON.html
An English-language version of this release is posted under
http://www.datenschutzzentrum.de/material/themen/presse/anonip_e.htm
For further background information about AN.ON, click
http://anon.inf.tu-dresden.de/
For more details about Stop1984's list of alternative anonymizing proxies,
click
http://stop1984.com/index.php?lang=en&text=japstop.txt
See Christiane Schulzki-Haddouti, "Nicht mehr ganz anonym:
Anonymisier-Dienst JAP protokolliert Zugriffe," Heise Online, 18 August 2003 at
http://www.heise.de/newsticker/data/uma-18.08.03-001/
===================================================================
[5] Vietnamese Net dissident's jail term reduced
===================================================================
An appeals court in Vietnam has decided that an Internet activist should
remain in jail, albeit for a shorter time than previously anticipated.
Pham Hong Son allegedly wrote and translated several pro-democracy papers
that were then posted online. Vietnamese authorities had initially
questioned him on this subject and seized various personal items, including
computer equipment and numerous documents. When the government denied his
requests to reclaim his belongings, he posted an open letter on the
Internet to protest their decision. Vietnamese officials subsequently
convicted him of spying and using the Internet to distribute critiques of
the government. A trial court sentenced him to 13 years in jail, plus 3
years of house arrest after he leaves prison. Earlier this week, the
Vietnamese Supreme Court of Appeal reduced his expected prison term to 5
years but retained the earlier 3 years house arrest sentence. Outside
observers (such as diplomats and foreign reporters) were excluded from both
the trial court and Supreme Court proceedings.
Human rights advocates remain deeply troubled by the Pham's plight. In a
statement, Amnesty International said that while the organization welcomed
"the unprecedented move to reduce his prison term," it was "dismayed that
Dr Pham Hong Son remains in prison for the peaceful expression of his
political beliefs." The organization reiterated its call "for his immediate
and unconditional release." Similarly, Brad Adams of Human Rights Watch
(HRW-a GILC member) complained: "Pham Hong Son's first trial was a sham.
The Supreme Court should do better, by admitting international observers
and resisting political directives predetermining the verdict. Jailing
writers and cyber-dissidents shows Hanoi's complete intolerance for any
sort of peaceful dissent and has a chilling effect on all debate in Vietnam."
Further information regarding the case is available from the HRW website under
http://www.hrw.org/press/2003/08/vietnam082603.htm
The Amnesty International statement is posted at
http://web.amnesty.org/library/Index/ENGASA410252003?open&of=ENG-VNM
Read "Vietnamese dissident sentence cut," BBC News Online, 26 August 2003 at
http://news.bbc.co.uk/1/hi/world/asia-pacific/3182449.stm
===================================================================
[6] U.S., Spanish court cases bar users from providing weblinks
===================================================================
Two recent legal disputes have cast doubt on the legality of Internet weblinks.
In one case, a Spanish court has ordered the closure of Donkeymedia.com.
The website in question allowed people to post various comments and had
numerous weblinks to areas of the Internet where people could download
files using peer-to-peer programs. Among other things, the court claimed
that Donkeymedia's actions constituted an intellectual property crime; the
ban is expected to last at least 6 months. The decision is believed to be
the first time in Spain that a website has been shutdown over the weblinks
it contained. Curiously, the presiding judge ordered the closure without
deciding whether the webpages to which Donkeymedia had weblinked contained
illegal material.
The other case involves Sherman Austin, an activist who hosted a website
that contained information on how to manufacture bombs and provided a
weblink from his site (RaisetheFirst.com) to the other website. The United
States Justice Department prosecuted Austin under an obscure law that
barred the "distribution of information relating to explosives, destructive
devices, and weapons of mass destruction with the intent that such
information be used in furtherance of a federal crime of violence." His
prosecution came despite the fact that bomb manufacturing information is
widely available in the United States from a variety of sources (including
libraries and bookstores). Although Austin agreed to a plea deal, presiding
Judge Stephen Wilson sentenced him to a year in jail-a term that was three
times longer than what the prosecutor had recommended under the agreement.
Austin will also have to comply with a number of other harsh measures,
including a criminal fine, monitoring of !
his computer usage, and a ban on associating with "any person or group that
"espouses violence or physical force as means of intimidation, or achieving
economic, social, or political change." Lee Tien from the Electronic
Frontier Foundation (EFF-a GILC member) expressed concern over the impact
that this ruling would have on free speech that is otherwise guaranteed
under the First Amendment of the U.S. Constitution: "Sherman Austin's jail
sentence for distributing bomb-making information raises serious First
Amendment questions. Leaving aside the question of the constitutionality of
the bomb-making information distribution law, a year in jail and the
onerous probation conditions Austin now faces are out of sync with the
character of the alleged crime."
An EFF press release regarding the RaisetheFist.com case is posted at
http://www.eff.org/br/20030807_eff_pr.php
See "Man jailed for linking to bomb sites," Associated Press, 5 August 2003 at
http://www.cnn.com/2003/TECH/internet/08/05/anarchist.prison.ap/index.html
For more on the Donkeymedia case, read "Una juez ordena el cierre de un
sitio sobre P2P en Espana," DelitosInformaticos.com, 5 August 2003 at
http://www.delitosinformaticos.com/propiedadintelectual/noticias/10600791482
9072.shtml
==============================================================
[7] Hollywood appeals Grokster Net file sharing decision
==============================================================
Entertainment industry leaders are appealing a court ruling regarding the
legality of Internet file trading software.
The case involved a lawsuit by several major entertainment companies
against a number of organizations that distributed free Internet
file-trading programs, including Grokster and Streamcast Networks (which
provides Morpheus software). The plaintiffs claimed that the defendants
should be held liable for copyright infringement. However, a Federal trial
court in the United States disagreed and ruled in favor of Grokster and
Streamcast. Presiding judge Stephen Wilson pointed out that the software
provided by Grokster and Streamcast was capable of many non-infringing uses
(such as "distributing movie trailers, free songs or other non-copyrighted
works; using the software in countries where it is legal; or sharing the
works of Shakespeare"), and compared them to videocassette recorders and
other types of "copying equipment," the sale of which, according to past
U.S. Supreme Court precedents, does not constitute contributory
infringement. The court also relied on the fact that Gro!
kster and Streamcast did not have the ability to control users and did
little to "actively facilitate ... infringing activity" by their users.
Similarly, the court refused to impose vicarious copyright liability on
Grokster and Streamcast because did not have "a right and ability to
supervise the infringing activity."
The plaintiffs have now appealed the Judge Wilson's ruling-a ruling that
had been warmly embraced by free speech advocates. Nevertheless, Wayne
Russo, the president of Grokster, remains confident: "We expect to prevail,
and if we do not, we will take this to the Supreme Court if we must. We
clearly have the law on our side, something the plaintiffs obviously have a
difficult time accepting."
An archive of documents in this case is available from the Electronic
Frontier Foundation (EFF-a GILC member) at
http://www.eff.org/IP/P2P/MGM_v_Grokster/
See "Song-swappers face new court fight," BBC News Online, 20 August 2003 at
http://news.bbc.co.uk/1/hi/entertainment/music/3166237.stm
===================================================
[8] Thai gov't minister proposes more online curbs
===================================================
After undergoing an online curfew, Internet users in Thailand may soon face
more restrictions, if a leading government minister has his way.
Previously, Thai government had implemented a new system that blocked
several overseas and local websites between 10PM and 6AM. While the curfew
supposedly is meant to prevent children from playing games through computer
networks, the ban affects all Thai Internet users, no matter what their age
or where they are located in the country. It is also unclear if the
blocking is actually limited to gaming sites. The curfew is supposed to
last until at least September 30. Many members of Thailand's online
community are outraged by the government's online curfew and have flooded
digital chat rooms with angry messages.
Since then, Surapong Suebwonglee, the country's Information and
Communciations Technology Minister, has called for a new system to force
Internet users to supply information from their national ID cards. More
specifically, online game servers would be required to collect such data
from users, ostensibly in order to determine their age. The Minister
reportedly did not address the apparent privacy implications of his
proposal. He went on to suggest that cybercafes avoid charging bulk rates
for Internet access, so as to deter young people from going online-a move
that could also deter economically disadvantaged individuals from accessing
the Information Superhighway.
Read "Thailand proposes ID cards for game servers," CNETAsia, 28 July 2003 at
http://news.zdnet.co.uk/internet/0,39020369,39115285,00.htm
=========================================================
[9] German court upholds legality of deep weblinks
=========================================================
According to a court in Germany, it is alright to provide direct access to
documents on a given website without having to go through the front page of
the site.
The German Federal Supreme Court (Bundesgerichtshof) has upheld the
legality of deep weblinks. The decision in a case where media company
Verlagsruppe Holtzbrinck, which publishes the German newspaper
Handelsblatt, sued news search engine Paperboy.de. Paperboy had provided
weblinks to individual newspaper and magazine articles rather than pointing
those links at the homepages of the respective publications. The company
claimed that Paperboy's actions constituted unfair competition (by
bypassing advertisements on those homepages) as well as copyright
infringement. Verlagsruppe Holtzbrinck had won at the trial court level but
lost in an intermediate appeals tribunal.
The Supreme Court then ruled in favor of Paperboy. It held that the search
engine had not violated copyright law because, as reported in the German
American Law Journal, "the copyright owner has already made the articles
publicly accessible." In addition, the court rejected the unfair
competition claim because, in its view, website owners do not have the
right to force users to access their websites via a specific route.
For more on the German deep weblinks ruling, click
http://www.out-law.com/php/page.php?page_id=deeplinkingwinsco1058955367
=========================================================
[10] Indian gov't plans new online censor law
=========================================================
A new initiative by the government of India may make it more difficult to
access online information.
The Indian department of information technology has issued an order laying
out procedures for blocking websites. Under the order, many types of
Internet content can be censored, including "websites promoting hate
content, slander or defamation of others, promoting gambling, promoting
racism, violence and terrorism and other such material." The measure
empowers numerous government agencies to submit complaints to the director
of Cert-In, a new governmental body. A committee of officials, including
representatives from Cert-In, the department of information technology and
the law or home ministry would vet the complaints and make a spot decision
without a hearing as to "whether the website is to be blocked or not."
The plan has already drawn a fair amount of criticism. Technology law
expert Somasekhar Sundaresan called the proposal "the first formal step
towards Internet censorship in Indian law. The order provides the State
with sweeping powers to police Internet content."
Read Shabnam Minwalla, "Watch what you surf, Net police are here," Times of
India, 1 August 2003 at
http://timesofindia.indiatimes.com/cms.dll/html/uncomp/articleshow?msid=105813
=======================================================
[11] Japanese gov't plans mobile phone content controls
=======================================================
The Japanese government is planning a new system that may restrict
information that can be accessed via mobile phones.
The Japanese Public Management, Home Affairs, Posts and Communications
Ministry wants to implement a system for rating and filtering Internet
content that is accessible through cellular phones. Under the plan, the
Internet Association of Japan, an industry trade group, will create a
database with ratings of sites containing such content. The government
would then require mobile phone manufacturers to install special software
on their devices to block content based on the database and to develop a
password system that would ostensibly prevent children from bypassing the
blocking. The list of sites that could be affected by this measure has yet
to be released, although dating sites reportedly are to be included in this
scheme.
Although the Ministry hopes to have the entire system in place by the 2006
fiscal year, there are questions as to whether the scheme will work. For
one thing, blocking software of the type envisioned under the scheme might
not run properly on mobile phones due to their relatively small memory
capacities. In addition, it is unclear what impact this proposal will have
on Internet free expression.
Read "Ministry to filter sites to mobiles," Asahi Shimbun, 30 July 2003 at
http://www.asahi.com/english/national/K2003073000326.html
==================================================
[12] Chinese gov't to use only Chinese software
==================================================
The mainland China is trying to phase out the use of foreign software in
government offices throughout the Land of the Dragon.
China's State Council has issued an edict telling government agencies to
purchase only locally produced software the next time they upgrade their
computers. More specifically, these agencies will only buy hardware with
locally manufactured software and operating systems preinstalled.
Exceptions will only be made for special circumstances and upon request. A
Council spokesperson said that the measure would be take effect at the end
of 2003.
The move is due to concerns over possible security flaws in Western-made
computer programs, as well as providing support to Chinese software makers.
Indeed, Chinese authorities already have thrown their support behind
several products in lieu of various Microsoft products. For example,
Chinese government officials are encouraging users to adopt a "Red
Flag-Linux" operating system instead of Microsoft Windows, and the
Chinese-made WPS Office 2003 rather than Microsoft Office.
Read "China blocks foreign software," CNETAsia, 18 August 2003 at
http://news.com.com/2102-1012_3-5064978.html
See also "Shanghai: School's out for Microsoft Office," CNETAsia, 26 August
2003 at
http://news.com.com/2102-1012_3-5068050.html
==============================================================
[13] Hollywood claims it won't go after small downloaders
==============================================================
After a wave of bad publicity, a major entertainment trade organization is
claiming its massive legal campaign against people who trade files over the
Internet does have limits. But many observers remain skeptical.
Over the past several months, the Recording Industry Association of America
(RIAA) has garnered hundreds of federal subpoenas for personal data
regarding computer users who allegedly shared copyrighted music files on
the Internet. The association is promising to file several hundred lawsuits
against the people identified through the subpoenas within the next eight
weeks. The RIAA's dragnet has already affected a wide cross section of
society, including grandparents to roommates to college students.
The wave of subpoenas has drawn concern from policymakers in the United
States, notably U.S. Senator Norm Coleman, who sent the RIAA a series of
questions regarding what he termed its "excessive" campaign. In a prepared
response statement, the RIAA's Cary Sherman claimed his organization was
merely "gathering evidence and preparing lawsuits only against individual
computer users who are illegally distributing a substantial amount of
copyrighted music." However, Sherman did not explain just what his
organization considered to be a "substantial amount," and an RIAA
spokesperson later refused to clarify the group's stance on this point.
More ominously, Sherman's statement mentioned that the RIAA "does not want
anyone to think that even a little illegal activity is acceptable." Coleman
is planning to hold Congressional hearings on this matter. The Senator's
efforts have been lauded by a number of groups, ranging from cyberliberties
organizations to industry leaders; NetCoalition!
, which includes numerous Internet service providers as its members, issued
a letter that cited Coleman's inquiries and warned that the RIAA's efforts
"should not be allowed to devolve into an attack on the legitimate uses of
P2P [peer-to-peer file sharing] technology."
The RIAA's data trawling exercise has also run into trouble in the courts,
as a local U.S. judge rejected several of the RIAA's subpoenas on
jurisdictional grounds. Wendy Seltzer from the Electronic Frontier
Foundation (EFF-a GILC member) applauded the decision, saying that the
ruling "requires the recording industry to file subpoenas where it alleges
that copyright infringement occurs, rather than blanketing the country from
one court in [Washington] D.C. The court ruling confirms that due process
applies to Internet user privacy nationwide." In the latest development, an
anonymous computer user in California has filed a legal motion contesting
the RIAA's subpoena efforts, essentially charging that the Association is
unconstitutionally violating her privacy rights.
Read "File swapper fights RIAA subpoena," CNet News, 21 August 2003 at
http://news.com.com/2102-1025_3-5066754.html
See "Small Downloaders Can Rest Easy," Associated Press, 19 August 2003 at
http://www.cbsnews.com/stories/2003/08/19/tech/printable569069.shtml
Read "Industry targeting big pirates," BBC News Online, 19 August 2003 at
http://news.bbc.co.uk/1/hi/entertainment/music/3162575.stm
An EFF press release regarding the judicial rejection of several RIAA
subpoenas is posted under
http://www.eff.org/IP/P2P/20030808_eff_pr.php
The Net Coalition letter is posted (in PDF format) under
http://www.netcoalition.com/keyissues/2003-08-11.453.pdf
For German language information, see "US-Internet-Provider wollen ueber
Kampf gegen P2P-Netze diskutieren," Heise Online, 11 August 2003 at
http://www.heise.de/newsticker/data/wst-11.08.03-001/
==============================================================
[14] Mblast and Sobig computer bugs hit hard
==============================================================
A series of computer bug outbreaks has led to heightened concern over
security and privacy online.
The two biggest outbreaks largely affect users of Microsoft products. The
Mblast worm takes advantage of a known flaw in an auto-update function in
the latest versions of the Microsoft Windows operating system (notably
Windows NT 4.0, Windows 2000, Windows XP and Windows Server 2003). In many
instances, Mblast causes afflicted machines to reboot repeatedly, and
includes a message criticizing Microsoft co-founder Bill Gates: "Billy
Gates why do you make this possible? Stop making money and fix your
software." The bug was also supposed to harness the power of infected
computers to launch denial-of-service attacks against Microsoft's Windows
Update site. While the attacks apparently failed to shutdown the targeted
webpage, Mblast did disrupt millions of computers worldwide.
Not long after the Mblast worm appeared, a new version of the Sobig worm
hit. Sobig F comes in the form of an email attachment (often disguised as a
configuration file or a screensaver). When the attachment is opened, Sobig
F hijacks the victim's machine and sends messages using the Microsoft
Outlook email program address book. The bug also opens a backdoor allowing
the creator of the virus to relay additional messages through the victim's
computer.
The proliferation of both computer bugs have reinforced long-standing
doubts among many observers over Microsoft's commitment to protecting
personal information about its users. Ironically after these Mblast and
Sobig outbreaks, Microsoft admitted to three newly discovered security
flaws in its popular Internet Explorer browser software.
See Robert Lemos, "Microsoft warns of critical IE flaws," CNet News, 20
August 2003 at
http://news.com.com/2102-1002_3-5066511.html
For video and text coverage, see "Sobig virus 'thwarted,'" BBC News, 23
August 2003 at
http://news.bbc.co.uk/1/hi/technology/3173255.stm
See "New Worms On Cyber-Prowl," CBSNews.com, 20 August 2003 at
http://www.cbsnews.com/stories/2003/08/19/tech/main569191.shtml
Read Kim Deok-hyun, "Sobig Computer Worm Annoys Internet Users," Korea
Times, 21 August 2003 at
http://times.hankooki.com/lpage/tech/200308/kt2003082116500211790.htm
The Microsoft bulletin regarding Mblast is posted under
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS
03-026.asp
Read "Microsoft avoids Blast attack," Reuters, 18 August 2003 at
http://news.com.com/2102-1009_3-5064908.html
Read Tom Abate, "As the worm turns, computer users squirm," San Francisco
Chronicle, 13 August 2003, page A1 at
http://www.sfgate.com/cgi-bin/article.cgi?file=/c/a/2003/08/13/MN211888.DTL
See "Wiping out the web worm," BBC News, 14 August 2003 at
http://news.bbc.co.uk/1/hi/technology/3151439.stm
Read Kim Deok-hyun, "Windows Worm Warning Issued," Korea Times, 12 August
2003 at
http://times.hankooki.com/lpage/tech/200308/kt2003081217414111820.htm
For further information about Mblast in German (Deutsch), read "W32.Blaster
attackiert auch Nicht-Windows-Systeme," Heise Online, 13 August 2003 at
http://www.heise.de/newsticker/data/dab-13.08.03-002/
==============================================================
[15] U.S. gov't plans mini-TIA spy databases
==============================================================
The United States government is supporting development of data trawling
projects at the local level just as a broadly similar Federal program is
facing serious restrictions.
The Multistate Anti-Terrorism Information Exchange (called the MATRIX for
short) is a computer network reportedly designed to allow government agents
to scan and analyze massive amounts of personal data, in order to predict
and prevent terrorist acts. The precise list of information sources for
this system has yet to be released, but reportedly includes police
databases and commercial data merchants, and can pick out tidbits such as a
person's name, address, hair color and current geographic location. The
system is currently being developed by the state of Florida with financial
support from several U.S. Federal agencies; reports indicate that a number
of other states (such as New York, Virginia, Pennsylvania and Maryland)
have expressed interest in joining this project. Officials familiar with
the project have admitted that the system is far from perfect. Phil Ramer,
a special agent in charge of intelligence throughout the state of Florida,
said the MATRIX is "scary" and co!
uld be abused.
Privacy advocates have reacted to the MATRIX with alarm and have compared
it to the Federal Terrorism Information Awareness project (previously named
Total Information Awareness)-a U.S. Defense Department project which was
conceived by retired Admiral John Poindexter and is also designed to gather
and compile personal data on a grand scale (such as emails and phone calls
as well as educational, medical and financial records). In response to
public outcry over TIA's potential privacy implications, the U.S. Senate
approved a plan to halt the funding of TIA and extend an existing
restriction on the deployment and implementation of TIA (currently
scheduled to expire this September). A special conference committee will
soon be formed to resolve differences between the Senate bill and a version
passed by the U.S. House of Representatives, which includes the
deployment/implementation ban but does not bar the use of Federal money for
TIA. In the meantime, due to heavy controversy ov!
er a variety of Defense Department projects that he pioneered, Poindexter
has resigned.
For video and text coverage, see "Florida Creates 'the Matrix', a Big
Brother-Like Surveillance System with Help From Choicepoint-Related Firm,"
Democracy Now, 7 August 2003 at
http://www.democracynow.org/article.pl?sid=03/08/07/1427223
Read Lucy Morgan, "Troubled business may lose contract with state," Saint
Petersburg Times, 13 August 2003 at
http://www.sptimes.com/2003/08/13/State/Troubled_business_may.shtml
To read the text of Poindexter's resignation letter (in PDF format), visit
the Electronic Privacy Information Center (EPIC-a GILC member) website under
http://www.epic.org/privacy/profiling/tia/poindexterletter.pdf
Read Dawn S. Onley, "In his resignation, Poindexter defends projects,"
Government Computer News, 13 August 2003 at
http://gcn.com/vol1_no1/daily-updates/23110-1.html
For background information on U.S. Senate efforts to defund TIA, read Dan
Verton, "Senate Kills Data Mining Program," Computerworld, 18 July 2003 at
http://www.pcworld.com/news/article/0,aid,111626,00.asp
==============================================================
[16] U.S. gov't pushes Net phone tap law expansion
==============================================================
The United States government is continuing to push for new standards that
would make it easier to spy on phone calls made over the Internet.
The U.S. Federal Bureau of Investigations (FBI) wants the Federal
Communications Commission to rule that the Communications Assistance for
Law Enforcement Act (CALEA) applies to phone calls made over the Internet,
including transmissions using the Voice over Internet Protocol (VoIP).
CALEA, which was passed in 1994, generally requires telecom companies to
build surveillance capabilities into their networks, but exempts
information services, most notably the Internet. The FBI envisions a new
regime under which Internet service providers, including providers of
high-speed broadband connections, would be forced to install spyware in
their systems. In recent months, the FBI has stepped up the pressure on the
FCC, with additional secret meetings between agents from the FBI's
Electronic Surveillance Technology Section and senior FCC staffers.
Privacy advocates and industry leaders are worried about the FBI's efforts.
Among other things, these critics have suggested that the FBI's legal
arguments are unfounded, as CALEA specifically excludes the Internet from
its coverage-an exclusion that ought to apply to all Internet services,
including VoIP. There are also fears that the use of surveillance tools to
spy on Internet phone calls could be used for unnecessary government spying
on other types of Internet transmissions, such as surfed webpages and
private email messages. Additionally, Internet service providers are
concerned about who will be forced to pay for installing such spy devices.
Further complicating matters is the fact that there are no universal
standards for such wiretapping operations, in part because no universal
standards exist even for creating VoIP networks. Moreover, as pointed out
by David Sobel from the Electronic Privacy Information Center (EPIC-a GILC
member), "It seems that current practices !
are providing the government with full access" to VoIP communications and
that new rules are not necessary. Indeed, a spokesperson for one major VoIP
provider mentioned that they never received a request from the police to
wiretap an Internet phone call.
Read Declan McCullagh, "FBI targets Net phoning," CNet News, 29 July 2003 at
http://news.com.com/2100-1028-5056424.html
==============================================================
[17] Study: lack of online privacy leads to discrimination
==============================================================
A new report indicates that the erosion of online privacy is causing a
number of serious societal problems, most notably discrimination.
Entitled "Privacy, economics, and price discrimination on the Internet,"
the paper suggests "the powerful movement to reduce privacy that is coming
from the private sector is motivated by the incentives to price
discriminate, to charge different prices to various customers for the same
goods or services." The document notes how corporate gathering of personal
information has made it easier for those companies to charge prices from
certain individuals or groups that are far higher than otherwise should be
(such as higher prices for airline tickets bought through the Internet or
unlimited usage site licenses for the online editions of scientific
journals). The paper warns that failure to check such practices may lead to
"an Orwellian economy" where certain people may be charged higher prices
due to their social standing or because they "simply wanted to preserve
[their] privacy." Because of these pressures, the report predicts that
"privacy is likely to prove an intractable pr!
oblem that will be prominent on the public agenda for the foreseeable future."
The report is available online via
http://www.dtc.umn.edu/~odlyzko/doc/recent.html
Read "Best Deals Not Always A Click Away," Associated Press, 7 August 2003 at
http://www.cbsnews.com/stories/2003/08/07/tech/main567161.shtml
==============================================================
[18] British firm rolls out mobile phone tracking system
==============================================================
A number of recent developments have further fueled anxiety about the
privacy of mobile phone users.
Carphone Warehouse, a British company, has rolled out what is believed to
be the first major commercial service for tracking people through their
cellular phones, regardless of what telecom provider is used by the
customer who is to be located. MapAmobile is designed to provide the
geographic location of a given mobile phone user with an accuracy of
approximately 50 meters. The system works by triangulating the user's phone
signal; requests can be sent by calling a toll-free number or using text
messaging as well as via the Internet. MapAmobile is currently in operation
throughout the United Kingdom; a company spokesperson mentioned that
MapAmobile could be made available in the United States later this year.
Although MapAmobile requires the consent of the relevant mobile phone user,
privacy advocates remain concerned about the new service. Barry Hugill of
Liberty (a GILC member) discounted Carphone Warehouse's boasts about
MapAmobile's security systems: "Given that we know that schoolboys have
hacked into the Pentagon computer, nothing is secure. Once the technology
is there, it is there to be abused and I find it very hard to believe it
would be airtight. Potentially we could see stalkers moving in on the act."
The emergence of MapAmobile comes just as there is a growing debate over
whether current laws provide sufficient privacy protection for mobile phone
customers.
Read "Mobile Phones As Homing Devices," Associated Press, 6 August 2003 at
http://www.cbsnews.com/stories/2003/08/06/tech/printable566924.shtml
For background information regarding current mobile phone privacy laws, see
Declan McCullagh, "E911-aid or intrusion," CNet News, 18 August 2003 at
http://news.com.com/2102-1071_3-5064829.html
===================================================================
[19] Australian Big Brother ISP plan, Net user ID scheme panned
===================================================================
Several new proposals Down Under are drawing fierce criticism from privacy
advocates.
On one hand, the Internet Industry Association of Australia has released a
draft Cybercrime Code of Practice. The plan would essentially allow ISPs to
log information about their customers without a warrant. This data could
then be disclosed to a variety of recipients, including law enforcement
agents and private corporations, with few safeguards or restrictions. The
proposal, which had taken two years to develop, is the product of
brainstorming between the IIA and Australian law enforcement agents.
In a press release, Electronic Frontiers Australia (EFA-a GILC member)
warned that the Code "would result in massive invasion of Internet users'
privacy." EFA Executive Director Irene Graham complained that the "IIA is
acting like Big Brother - they want ISPs to log and record everything
Internet users do online. It's akin to asking a carrier to record every
telephone conversation made over its system and asking Australia Post to
photocopy every letter and record the content of every parcel it delivers."
Graham also questioned whether the Code conforms with various national
privacy laws: "The Code fails to take into sufficient account the existing
provisions of the Telecommunications Act 1997 and the Privacy Act 1988.
Compliance with various provisions of the Code is likely to place an ISP in
breach of one or both of those Acts."
In addition, the Australian government is considering a plan that would
require all Internet account holders to provide their identity card first
before they log on. The idea came to light during an Australian
Parliamentary Inquiry into Cybercrime, where a former government agent
claimed that such checks are required in France. Graham retorted that ID
checks are not, in fact, required in France, called the ID login scheme
"ludicrous" and explained that "[p]roposals to ban free email accounts and
require Internet users to be identified before obtaining Internet accounts
is not going to assist law enforcement from tracking down criminals.
There're just so many ways that you could get around it anyway... What's
the ISP supposed to do? Check every two weeks that you're still at the same
address?"
The EFA press release on the IIA Code is posted at
http://www.efa.org.au/Publish/PR030819.html
A formal EFA submission regarding the Code is available at
http://www.efa.org.au/Publish/efasubm-iiaccc.html
The IIA's draft Cybercrime Code is posted at
http://www.iia.net.au/cybercrimevt.html
Read Patrick Grey, "Aussie Internet ID plan draws scorn," ZDNet Australia,
7 August 2003 at
http://news.zdnet.co.uk/internet/security/0,39020375,39115552,00.htm
For more about the Australian Parliamentary Inquiry into Cybercrime, click
http://www.aph.gov.au/Senate/committee/acc_ctte/cybercrime/submissions/subli
st.htm
==============================================================
[20] Korean plan may have serious mobile phone privacy impact
==============================================================
The Korean government is planning to introduce new rules that might weaken
privacy rights for many mobile phone users.
While the precise language has yet to be revealed, the Korean Ministry of
Information and Communication (MIC) has drafted legislation that would
alter the way location-based information about such users would be handled.
Such data is already available to a number of recipients, including law
enforcement agents and emergency response workers. Rather than restrict the
flow of such information, the bill reportedly would encourage the
development of new systems to harness such information for commercial
purposes. Curiously, the legislation apparently would not affect all types
of mobile phones, according to MIC officials, because many of the
administrative and legal ramifications of the bill have yet to be determined.
See Kim Deok-hyun, "Bill to Protect Privacy of Mobile Phone Users," Korea
Times at
http://times.hankooki.com/lpage/tech/200308/kt2003081818361111800.htm
==============================================================
[21] U.S. schools install web spy cameras to watch kids
==============================================================
A school district in the United States has installed a new Internet-based
camera system to spy on children.
Public schools in Biloxi, Mississippi are now equipped with more than 500
webcams installed in classroom ceilings. According to Biloxi deputy school
superintendent Robert Voles, the program, which began 2 years ago, allows
school administrators to view images of students and teachers through the
Information Superhighway. The school has yet to come up with a formal
written policy as to how the cameras will be used. However, students and
their parents reportedly are not allowed to see the information that was
collected about them through the webcam system without a court order.
A number of observers fear that the webcams will have a detrimental impact
on children. Maryann Graczyk, president of the Mississippi American
Federation of Teachers, complained that the mere existence of the system
suggested that people "were willing to give up a lot of privacy ... in the
interest of safety. I'm not sure it's the right thing to do." She also
questioned why kids and their parents were not allowed access to the data
that was collected about them: "If my child in school is accused of
something ... I would certainly want to see that."
See "Back To School With Big Brother," Associated Press, 13 August 2003 at
http://www.cbsnews.com/stories/2003/08/13/national/main568105.shtml
==============================================================
[22] Global Privacy research Report Published
==============================================================
A recently-released compendium of privacy research suggests that more needs
to be done to protect personal information as governments venture further
into the Digital Age.
Entitled "A Report of Research on Privacy for Electronic Government," the
collection includes numerous case studies of privacy issues throughout the
globe, and covers such diverse topics as medical privacy in Canada,
communications surveillance legislation in Britain, and electronic voting
research in the United States as well as various privacy enhancing
technologies. Based on these case studies, the report suggests that as more
personal information in the physical world is "digitized, stored and
transmitted" in the digital domain, "and tied to physical identity,
people's privacy will be dramatically reduced." The creators of the report
therefore suggest that "we, law makers to technologists to business, all
will be asked to ensure privacy protection is embedded" in e-government
systems.
The compendium was compiled by Neoteny, a Japanese firm, and was funded by
the Japanese Ministry of Public Management, Home Affairs, Posts and
Telecommunications; Privacy International (a GILC member) was one of the
principal authors.
The report is posted under
http://joi.ito.com/joiwiki/PrivacyReport
==============================================================
[23] New analysis of UK data retention proposals released
==============================================================
A newly published study of British data retention proposals poses several
troubling questions about online privacy in the United Kingdom.
The study focuses on the relationship between the Anti-Terrorism, Crime and
Security Act 2001 and the Regulation of Investigatory Powers Act (RIPA)
2000, as well as their to data protection laws. For example, the study
explains that "[o]ne way or the other, many more terabytes of data will
have to be stored" by communications service providers about their users
"as a result of the threat or operation of Part XI" of the Anti-Terrorism,
Crime and Security Act even though there are serious doubts as to "whether
Part XI will achieve its ultimate objective of providing evidence against
nefarious activities. ... Part XI of the 2001 Act and section 102(3) in
particular should have been narrowly tailored to address national security
concerns only without providing access to such data under section 22(2) of
RIPA 2000 for other law enforcement purposes." Moreover, "RIPA ...
potentially empowers an alarmingly large range of public agencies to snoop
and for a rambling array of reasons. !
... [I]t allows intervention on the basis of standards and procedures which
are intentionally lax on the specious grounds that interception of
communications content is a much greater intrusion than the collection of
traffic data to such an extent that the latter seems hardly to matter." The
study concludes that a move away from such surveillance legislation (much
of which were adopted in haste ostensibly to combat terrorism) "is to be
welcomed," because "that approach is conducive to a lack of accountability
and proportionality ... and ... threatens an endless departure from civil
society."
"Anti-Terrorism Laws and Data Retention: War is over?", which appeared in
the Northern Ireland Legal Quarterly, was written by Yaman Akdeniz of
Cyber-rights & Cyberliberties UK (a GILC member) and Clive Walker.
See the study is available (in PDF format) at
http://www.cyber-rights.org/documents/data_retention_article.pdf
==============================================================
[24] New GILC member: IP Justice
==============================================================
The Global Internet Liberty Campaign has welcomed a new member into the
fold. IP Justice is an international civil liberties organization that
promotes balanced intellectual property law around the world. Among other
things, the organization has worked to build international coalitions and
networks between independent organizations to protect freedom of
expression, and has made efforts to raise global public awareness of the
threat to freedom posed by both legal and technological restrictions to
control intellectual property. IP Justice recently spearheaded a campaign
against the draft European Intellectual Property Enforcement Directive (see
item [2] above).
IP Justice's homepage is located at
http://www.ipjustice.org/
=========================================================
ABOUT THE GILC NEWS ALERT:
=========================================================
The GILC News Alert is the newsletter of the Global Internet Liberty
Campaign, an international coalition of organizations working to protect
and enhance online civil liberties and human rights. Organizations are
invited to join GILC by contacting us at
gilc@gilc.org.
To alert members about threats to cyber liberties, please contact members
from your country or send a message to the general GILC address.
To submit information about upcoming events, new activist tools and news
stories, contact:
Christopher Chiu
GILC Coordinator
American Civil Liberties Union
125 Broad Street, 17th Floor
New York, New York 10004
USA
Or email:
cchiu@aclu.org
More information about GILC members and news is available at
http://www.gilc.org
You may re-print or redistribute the GILC NEWS ALERT freely.
This edition of the GILC Alert will be found on the World Wide Web under
http://www.gilc.org/alert/alert76.html
To subscribe to the Alert, or to change your subscription options
(including unsubscribing), please visit
http://www.2rad.net/mailman/listinfo/gilc-announce
========================================================
PUBLICATION OF THIS NEWSLETTER IS MADE POSSIBLE BY A
GRANT FROM THE OPEN SOCIETY INSTITUTE (OSI)
========================================================
========== HURIDOCS-Tech listserv ==========
Send mail intended for the list to <huridocs-tech@hrea.org>.
Archives of the list can be found at:
http://www.hrea.org/lists/huridocs-tech/markup/maillist.php
To subscribe to the list, send a message to <majordomo@hrea.org>,
with the following text in the message: subscribe huridocs-tech
To unsubscribe from the list, send a message to <majordomo@hrea.org>,
with the following text in the message: unsubscribe huridocs-tech
If you have problems (un)subscribing, contact <owner-huridocs-tech@hrea.org>.
[Reply to this message] [Start a new topic] [Date Index] [Thread Index] [Author Index] [Subject Index] [List Home Page] [HREA Home Page]