GILC Alert
Volume 7, Issue 9
19 December 2003
Welcome to the Global Internet Liberty Campaign Newsletter.
Welcome to GILC Alert, the newsletter of the Global Internet Liberty
Campaign. We are an international organization of groups working for
cyber-liberties, who are determined to preserve civil liberties and human
rights on the Internet.
We hope you find this newsletter interesting, and we very much hope that
you will avail yourselves of the action items in future issues.
If you are a part of an organization that would be interested in joining
GILC, please contact us at <gilc@gilc.org>.
If you are aware of threats to cyber-liberties that we may not know about,
please contact the GILC members in your country, or contact GILC as a whole.
Please feel free to redistribute this newsletter to appropriate forums.
===============================================
Free expression
[1] Hollywood suffers defeat in Net file sharing case
[2] Controversial world info summit held
[3] Christian Chinese online activist arrested
[4] Zimbabwean gov't arrests 14 online dissenters
[5] Protests mount against Iran Net censorship
[6] Tunisian Net dissident finally freed
[7] DVD programmer awaits appeals court ruling
[8] Diebold backs down on Internet copyright threats
[9] Report on Vietnam Net speech curbs released
Privacy
[10] Bush Backs International Cybercrime Plan
[11] Planned VeriPay human implants pose privacy problems
[12] Microsoft security flaws affect automated bank tellers
[13] US gov't gets still more spy powers
[14] Study: many British websites poor on privacy
[15] Yahoo and Excite fix webmail security hole
[16] Controversy grows over South Korean mobile phone security
[17] New privacy-friendly Cryptophone unveiled
================================================================
[1] Hollywood suffers defeat in Net file sharing case
================================================================
A major telecommunications company has scored a significant victory over a
recording industry trade group in a heavily watched online copyright and
privacy case.
Several months ago, the Recording Industry Association of America (RIAA)
requested data concerning a subscriber of telecom giant Verizon. The RIAA
claimed that the individuals in question had engaged in copyright
infringement through peer-to-peer music file trading over the Internet. The
Association argued that it had the power to gather such information under
the United States Digital Millennium Copyright Act (DMCA) even though it
had not actually filed a lawsuit yet. The cited DMCA provision essentially
says that copyright owners can request a U.S. Federal court to subpoena
"information sufficient to identify the alleged infringer" from a "service
provider." Verizon initially refused, claiming that this power can only be
used when infringing material is stored or controlled on the service
provider's network. A number of privacy groups, including GILC members the
Electronic Frontier Foundation (EFF), Computer Professionals for Social
Responsibility (CPSR) and the Electronic Privacy Information Center (EPIC),
filed legal papers expressing opposition to the RIAA's demands. Earlier
this week, an appeals court in the United States rejected a prior decision
on the matter and sided with Verizon, saying "[i]t is not the province of
the courts ... to rewrite [copyright law] in order to make it fit a new and
unforeseen Internet architecture, no matter how damaging that development
has been to the music industry." This new ruling may make it more difficult
for the RIAA to identify people who trade files on peer-to-peer networks.
The decision came just as the RIAA sued another 41 Internet users who
supposedly have engaged in copyright infringement by sharing music files
online. All told, the RIAA has filed lawsuits against 384 alleged
file-sharers this year, although it is not clear whether all of these
people have actually broken any laws. In addition, as part of this third
wave, the Association has contacted 90 other individuals beforehand, urging
them to settle or face litigation. According to the RIAA, some 220 people
have agreed to settlements.
The Association's legal attacks on Internet users have met with resistance
from various quarters, including consumers, cyberlibertarians and industry
leaders. In addition to the Verizon case mentioned earlier, SBC, another
major Internet service provider (ISP), is continuing to fight against
several RIAA subpoenas regarding its users. Meanwhile, the ACLU recently
agreed to represent a student at the University of North Carolina whose
personal information has been subpoenaed by the RIAA in preparation for a
lawsuit.
The fierce battles in the United States over the legality of Net file
sharing have begun to spill over into other countries. The Dutch Supreme
Court has just decided that the Kazaa file-sharing program is legal and
that the makers of the program cannot be held responsible for its users'
actions. In Japan, two men were arrested for supposedly sharing copyrighted
films and games via the Information Superhighway. In Argentina, a spokesman
for recording industry trade group CAPIF (short for Camara Argentina de
Productores de Fonogramas y Videogramas) said his organization was not
filing mass lawsuits directly against online music file sharers, but would
"stay alert and report infringements to whom it may concern," including
ISPs, leading to 309 website takedowns and 395 email address deactivations
between July and October of this year. Meanwhile, the Copyright Board of
Canada has ruled that, among other things, downloading copyrighted music
through the Internet is legal, but uploading such files is illegal.
For the latest details, see "Blow to online music piracy fight," BBC News
Online, 19 December 2003 at
http://news.bbc.co.uk/1/hi/technology/3335063.stm
Read John Borland, "Court: RIAA lawsuit strategy illegal," CNET News, 19
December 2003 at
http://news.com.com/2102-1027_3-5129687.html
See "Dutch court tosses out attempt to control Kazaa," Reuters, 19 December
2003 at
http://news.com.com/2102-1027_3-5129661.html
See also John Borland, "RIAA launches new file-swapping suits," CNET News,
3 December 2003 at
http://news.com.com/2102-1027_3-5113108.html
For background information, visit the Electronic Frontier Foundation (EFF-a
GILC member) website under
http://eff.org/share/
For background on the RIAA-Verizon case, click
http://www.eff.org/Cases/RIAA_v_Verizon/
See "Japanese 'file-swappers' arrested," BBC News Online, 5 December 2003 at
http://news.bbc.co.uk/1/hi/entertainment/music/3293649.stm
Read Jim Hu, "Canada ruling won't stop music lawsuits," CNET News, 16
December 2003 at
http://news.com.com/2102-1027_3-5126053.html
See Flavio Bustos, "Argentina Won't Copy RIAA Tactic," Wired News, 18
December 2003 at
http://wired.com/news/digiwood/0,1412,61531,00.html
See also John Borland, "Canada deems P2P downloading legal," CNET News, 12
December 2003 at
http://news.com.com/2102-1025_3-5121479.html
For coverage in German (Deutsch), see "Kanadische Musikindustrie plant
Klagen gegen Tauschboersen-Nutzer," Heise Online, 17 December 2003 at
http://www.heise.de/newsticker/data/anw-17.12.03-002/
===============================================
[2] Controversial world info summit held
===============================================
The first phase of a World Summit on the Information Society (WSIS) has
ended without firm decisions on several pressing issues.
The WSIS, which is being organized by the International Telecommunications
Union under the auspices of the United Nations (UN), is supposed to foster
discussion regarding the socio-economic impact of new technologies. The
goal of the Summit is "to develop and foster a clear statement of political
will and a concrete plan of action for achieving the goals of the
Information Society, while fully reflecting all the different interests at
stake." However, even before the first phase of the summit began last week
in Geneva, negotiators remained bitterly divided over a host of issues,
including (1) whether to create a special fund to help bridge the digital
divide, (2) whether to shift managerial responsibility over the Internet
away from the Internet Corporation for Assigned Names and Numbers (ICANN)
to the United Nations and (3) whether the Summit documents would include a
commitment to human rights online.
For the time being, negotiators made several deals just prior to the Summit
that largely avoided hard decisions on these issues until the next Summit
phase, which is scheduled to take place in Tunisia nearly two years from
now. Under one such agreement, developing nations would pool resources to
help bridge the digital divide, while various industrialized countries
(including the United States, the European Union and Japan) would merely
study the problem. Under a second deal, a UN group will be formed to study
Internet governance and to report its findings at the Tunisia meeting. A
third compromise package led to inclusion of a commitment to press freedom
(as described in the UN's Universal Declaration of Human Rights) in the
official WSIS Declaration of Principles.
Cyberliberties groups remain hopeful that a more concrete commitment to
human rights and bridging the digital divide will come in the near future.
In a press release, a civil society Human Rights Caucus (which includes
many GILC member organizations) expressed relief "that a major setback in
the international consensus on human rights has been avoided in the final
declaration of Principles. ... But beyond principles, there is the question
of enforcement. The Plan of Action is devoid of any mechanism to advance
the human rights agenda." Moreover, there are lingering concerns over
whether the WSIS is being run in a sufficiently transparent and democratic
manner, as a number of groups, including Reporters Sans Frontieres (RSF-a
GILC member) and Human Rights in China were excluded from WSIS proceedings.
For a Human Rights Caucus analysis of the first WSIS phase (in PDF format),
visit the website of Imaginons un Reseau Internet Solidaire (IRIS-a GILC
member) under
http://www.iris.sgdg.org/actions/smsi/hr-wsis/hris-pr-121203-en.pdf
Further background information regarding the WSIS is available from the
IRIS website via
http://www.iris.sgdg.org/actions/smsi/hr-wsis/
The final draft of the WSIS Declaration of Principles and Plan of Action is
posted at
http://www.itu.int/wsis/documents/doc_multi.asp?lang=en&id=1154|1155
To read a civil society declaration regarding the WSIS and the "Centrality
of Human Rights" in cyberspace (in RTF format), click
http://www.worldsummit2003.de/download_en/WSIS-CS-Decl-08Dec2003-eng.rtf
Read Alfred Hermida, "UN summit pledges net for all," BBC News Online, 12
December 2003 at
http://news.bbc.co.uk/1/hi/technology/3314921.stm
See "UN Summit fails to bridge digital divide," Associated Press, 12
December 2003 at
http://www.guardian.co.uk/online/news/0,12597,1105849,00.html
For coverage in Spanish (Espanol), see "Piden que se reducza la brecha
digital entre los paises ricos y pobres," La Nacion (AR), 17 December 2003 at
http://www.lanacion.com.ar/03/12/17/dg_555994.asp
For more information regarding various civil society groups that were
excluded from the Summit, visit the Reporters Sans Frontieres (RSF-a GILC
member) website under
http://rsf.fr/article.php3?id_article=8657
===========================================================
[3] Christian Chinese online activist arrested
===========================================================
The Chinese government has arrested a man for posting Christian materials
online.
Zhang Shengqi was arrested several weeks ago. He allegedly published
articles written by jailed Christian church historian Liu Fenggang via the
Information Superhighway. After being arrested at the home of his fiancé,
Chinese government agents searched the house and confiscated some 20 items,
including Zhang's mobile phone and various Liu Fenggang-authored materials.
He has since been charged with exposing state secrets.
Free speech advocates have expressed outrage over Zhang's detainment.
Robert Menard, the Secretary-General of Reporters Sans Frontieres (RSF-a
GILC member), explained: "Zhang's is the first case of a cyber-dissident
jailed for expressing support for the banned Christian church. He has been
accused of exposing state secrets, when in fact he only published articles
about the government crackdown on his religious community. We condemn this
abusive use of the concept of 'state secrets,' regularly used by the
authorities to make unfair arrests. We hope that, as in the cases of
cyber-dissidents Liu Di and Ouyang Yi, the law will recognise that Zhang
Shengqi's imprisonment is unjustified."
The arrest comes as Chinese courts have sentenced several prominent Chinese
dissidents to multi-year jail terms over their online activities. Li Zhi, a
civil servant, received an 8-year sentence after he allegedly criticized
the Chinese government through the Information Superhighway and contacted
foreign groups online. Yan Jun, a biology professor, will spend the next 2
years behind bars for posting several controversial essays on the Internet,
including one that called for the release of former communist party leader
Zhao Ziyang, who had expressed support for the 1989 Tienanmen Square
protestors. According to published reports, Yan had been beaten so severely
in prison that he had to be hospitalized. Meanwhile, Liu Di has been
released from jail for the time being, albeit under harsh terms (including
a ban on speaking to foreigners). Liu, who had been studying at Beijing
University, had, among other things, expressed support for Huang Qi, the
proprietor of the "Tianwing Missing Persons Website" who was detained on
charges of "instigation to subvert state power" after he republished essays
written by other people about the 1989 Tiananmen massacre, the Falun Gong
spiritual movement and other topics deemed taboo by the government.
In addition to these legal battles, there is growing evidence that the
Chinese government is expanding its technological capability to censor the
Internet with the help of Western companies. According to RSF, at least 14
leading international high-technology companies were either "selling
material directly helping the government to spy on and crack down on people
using the Internet," or simply closing "their eyes to the situation." For
example, "Cisco Systems supplies special online spying systems while Intel
just sells its standard products. Yahoo! agreed to change its portal and
search-engine to facilitate censorship in exchange for access to the
Chinese market, while South Korea's Samsung is simply selling its goods to
a neighbouring country." RSF sent a letter to each company's Chief
Executive Officer together with the first issue of a monthly newsletter
called Internet Repression News; RSF secretary-general Robert Menard
explained that his organization was asking the targeted companies "to bear
in mind the contents of the newsletter when making their business decisions."
For more on the arrest of Zhang Shengqi, visit the RSF website under
http://www.rsf.fr/article.php3?id_article=8800
See also
http://www.peacehall.com/news/gb/english/2003/12/200312172351.shtml
For more on the Li Zhi case, see
http://www.rsf.org/article.php3?id_article=8078
Additional details concerning Yan Jun are posted under
http://www.rsf.org/article.php3?id_article=8752
For more about Liu Di, click
http://www.rsf.org/article.php3?id_article=8418
Read "China continues online crackdown," South China Morning Post, 11
December 2003 at
http://www.asiamedia.ucla.edu/article.asp?parentid=5541
For more regarding Western aid to Chinese online censors, click
http://rsf.fr/article.php3?id_article=8668
Read "Firms helping China 'spy on web,'" BBC News Online, 4 December 2003 at
http://news.bbc.co.uk/1/hi/world/asia-pacific/3290081.stm
=================================================
[4] Zimbabwean gov't arrests 14 online dissenters
=================================================
Over a dozen people in Zimbabwe have been arrested over their online
attempts to organize protests.
The case revolves around an email message that called for protests against
the country's president, Robert Mugabe. The message took the nation's
rulers to task for its economic policies and for "propaganda on the radio,
TV and newspapers." The arrests were made pursuant to a recently-enacted
law that, among other things, gave the Zimbabwean government the power to
conduct email surveillance. Although the 14 detainees were released on
bail, they are expected to appear in court shortly.
The case has drawn considerable concern from free speech advocates, who
note that the Mugabe regime has been relentless in censoring criticism,
including shutting down the country's leading independent newspaper, the
Daily News. Robert Menard, the Secretary-General of Reporters Sans
Frontieres (RSF-a GILC member), warned: "Robert Mugabe has already gagged
the traditional news media and we must now speak out so that the Internet
does not meet the same fate. The Zimbabwean opposition is increasingly
using the Internet to distribute information criticising the regime and
this right must not be denied them." Indeed, reports suggest that the
Zimbabwean government is planning to introduce further measures that would
expand its powers to silence dissent along the Information Superhighway.
An RSF press release on this subject is posted at
http://www.rsf.fr/article.php3?id_article=8593
Read "Arrests over anti-Mugabe e-mails," BBC News Online, 21 November 2003 at
http://news.bbc.co.uk/1/hi/world/africa/3227008.stm
See also
http://allafrica.com/stories/200312160333.html
===============================================
[5] Protests mount against Iran Net censorship
===============================================
A lively debate has erupted over efforts by the government of Iran to
censor cyberspace.
For years, Iranian authorities have blocked numerous websites, including a
number of webpages that called for reforms or otherwise criticized the
country's leaders. More recently, the Iranian government reportedly
extended this ban to various segments of the Google Internet search engine
site and jailed Sina Motallebi, a journalist and online activist. Last
week, during the first phase of the World Summit on the Information Society
(see item [1] above), hundreds of Internet users posted complaints about
this censorship scheme via a webpage that was dedicated to covering the
Summit. Hossein Derakshan, a prominent Iranian web blogger, explained that
the postings were meant to "grab the attention of delegates and
participants in Geneva. The Iranian officials are very defensive over these
kind of things and if there is enough public pressure, they'd definitely
change their attitudes. EU [European Union] delegates could play a great
role in this - EU pressure once forced Iran to suspend the stoning law, and
they could do it for the Net censorship too."
In response, the Iranian government issued a number of somewhat confusing
and contradictory statements regarding its attempts to block online
content. The nation's President, Mohammad Khatami, claimed that while
"criticism is OK" and is not censored, his government was indeed "exerting
greater control" over websites "that are not compatible with Islam."
Curiously, Khatami went so far as to suggest that, despite strong evidence
to the contrary, "[e]ven political websites that are openly opposed to the
Iranian Government ... are available to the Iranian people."
Read Aaron Scullion, "Iran's president defends web control," BBC News
Online, 12 December 2003 at
http://news.bbc.co.uk/1/hi/technology/3312841.stm
See also Aaron Scullion, "Iranian bloggers rally against censorship," BBC
News Online, 11 December 2003 at
http://news.bbc.co.uk/1/hi/technology/3310493.stm
For background information on the Motallebi case, visit the website of
Reporters Sans Frontieres (RSF-a GILC member) under
http://www.rsf.org/rubrique.php3?id_rubrique=20
====================================================
[6] Tunisian Net dissident finally freed
====================================================
The proprietor of a noted Tunisian news website has finally been released
from prison.
Zouhair Yahyaoui was the founder and editor of TUNeZINE, which included
coverage of political affairs in the North African nation and materials
from opposition party leaders. The Tunisian government arrested, tortured
and jailed him for republishing via the Internet a letter written by his
uncle that criticized the country's legal system. During his time in jail,
he had to share a cell with 100 other inmates, and prison authorities have
reportedly denied Yahyaoui medical treatment even though he has been
suffering from a variety of serious ailments. Yahyaoui went on several
hunger strikes over the past year as a call to his supporters to keep up
the pressure in order to obtain his freedom.
Human rights advocates generally have expressed exhilaration at Yahyaoui's
release, but as Robert Menard, the Secretary-General of Reporters Sans
Frontieres (RSF-a GILC member), explained: "His release cannot make us
forget how he was ill-treated in prison, where he [was] sent for simply
stating his opinion. The Tunisian regime has made a gesture by releasing
him, but is still very far from allowing free expression in the country,
especially online.
For more about the Yahyaoui case, click
http://www.tunezine.com
An RSF press release about Yahyaoui's release is posted at
http://www.rsf.fr/article.php3?id_article=8557
===============================================
[7] DVD programmer awaits appeals court ruling
===============================================
In a closely watched case, a Norwegian teenager is now waiting for an
appeals court to decide whether he committed a crime by creating a
DVD-related computer program.
In 1999, Jon Johansen created DeCSS to help Linux operating system users
watch DVDs on their machines. Norwegian authorities briefly detained him in
early 2000 for his activities but released him soon afterwards. Nearly 2
years later, he was arrested once more on the theory that by developing
DeCSS, he violated a Norwegian law against break-ins. Presiding judge Irene
Sogn subsequently cleared Johansen of the charges and held that, among
other things, there was "no evidence" that he had used DeCSS for illegal
purposes.
The Norwegian government (on behalf of the Motion Picture Association of
America) then appealed the decision. During proceedings before the Oslo
Appeals Court, Johansen's attorney, Halvor Manshaus, insisted that the case
revolved around the consumer's fair use rights: "When you buy a DVD film,
you are buying the right to watch it. How you choose to do that is up to
you." A verdict is expected by 22 December; further appeals would go to the
Norway Supreme Court.
See "Satser penger pa at DVD-Jon frikjennes," Aftenposten, 12 December 2003 at
http://www.aftenposten.no/nyheter/nett/article.jhtml?articleID=690242
Read Peter Sayer, "Verdict In 'DVD Jon' Appeal Expected Dec. 22," IDG News
Service, 15 December 2003 at
http://www.pcworld.idg.com.au/index.php?id=770282526&fp=2&fpid=1
See "Norwegian DVD piracy retrial ends," Reuters, 11 December 2003 at
http://news.com.com/2102-1025_3-5120669.html
====================================================
[8] Diebold backs down on Internet copyright threats
====================================================
In the face of mounting opposition, an embattled voting machine company has
decided not to sue its online critics.
Over the past several months, experts have questioned the security of
machines manufactured by Diebold Election Systems. These concerns reached a
crescendo after several documents were posted online that contained
information regarding vulnerabilities in Diebold voting software, including
email warnings from Diebold technicians about various security flaws.
Diebold subsequently threatened to sue various people and groups
individuals who either hosted or provided weblinks to those documents,
claiming their actions constituted copyright infringement. The list of
targeted groups included Online Policy Group (OPG-a GILC member), which
hosted an Independent Media Group site that had weblinks to the Diebold
papers in question.
Diebold's threats led to a strong backlash. On the legal front, OPG, along
with two college students who also received threats from Diebold, filed a
lawsuit hoping to stop the election machine company from issuing further
legal threats against Internet service providers (ISPs). In addition,
Dennis Kucinich, a member of the United States House of Representatives and
a U.S. Presidential candidate, called for a formal Congressional
investigation and lambasted Diebold's actions as an "abuse" of the U.S.
"Digital Millennium Copyright Act, using copyright to suppress speech
rather than fulfill the Constitution's purpose for copyright, to 'promote
progress.'"
Eventually, the company agreed in court not to sue or issue further legal
threats regarding the released documents, and would send retractions of its
threats to ISPs who had received them. Wendy Seltzer from the Electronic
Frontier Foundation (EFF-a GILC member), which represented OPG in this
case, expressed relief with this result: "We're pleased that Diebold has
retreated and the public is now free to continue its interrupted
conversation over the accuracy of electronic voting machines. We continue
to seek a court order to protect posters, linkers, and the ISPs who host them."
An EFF press release on this subject is posted at
http://eff.org/Legal/ISP_liability/OPG_v_Diebold/20031201_eff_pr.php
See Kim Zetter, "Diebold Backs Off Legal Challenge," Wired News, 2 December
2003 at
http://wired.com/news/print/0,1294,61243,00.html
Read Paul Festa, "Diebold retreats; lawmaker demands inquiry," CNET News, 1
December 2003 at
http://news.com.com/2100-1028-5112430.html
See Steven T. Dennis, "E-mail stolen from Diebold is a call to gouge
Maryland," (Maryland) Gazette, 10 December 2003 at
http://www.gazette.net/200350/montgomerycty/state/191617-1.html
Additional background information is available from the website of the
Stanford Law School Center for Internet and Society under
http://cyberlaw.stanford.edu/about/cases/diebold_evoting.shtml
Representative Kucinich's letter on this subject (in PDF format) is posted at
http://www.house.gov/kucinich/issues/Jud-Cmte-Invstgn.pdf
See also
http://www.house.gov/kucinich/issues/voting.htm
====================================================
[9] Report on Vietnam Net speech curbs released
====================================================
A new report indicates that recent actions by the Vietnamese government
have left online "freedom of expression under threat."
The Amnesty International survey cited a number of reasons to be
"increasingly concerned about human rights in cyberspace for people in Viet
Nam, in particular the fundamental rights to freedom of expression,
information, peaceful assembly and the right to privacy." The authors of
the report noted that "the Internet's popularity has increased slowly but
steadily" in the Southeast Asian nation even though "the cost of a computer
and a dial-up connection is still prohibitively high for the vast majority
of Vietnamese people living outside urban areas." However, accessing many
websites, especially diaspora webpages, "can be difficult for people inside
Viet Nam. Access to some sites is blocked. Some of the blocking is left to
self-censorship by Internet Service Providers (ISPs) as required by law.
The relative ease with which electronic footsteps can be traced and
possible public ignorance about the increasingly sophisticated methods for
monitoring have made expressing a dissenting opinion more dangerous. ISPs
and individual Internet users are obliged by law to facilitate easy access
for security agencies to networks and computers." Moreover, "individuals
have been arrested for, inter alia, exchanging e-mails with contacts in the
Vietnamese diaspora, posting articles critical of the government on the
Internet, and expressing dissenting opinions."
The study made several recommendations to improve the situation, including
the immediate and unconditional release of nearly a dozen people "who have
been detained for the peaceful exercise of their rights to freedom of
expression and access to information" via the Internet. Amnesty
International also called on the Vietnamese government to "ensure that
freedom of expression and related rights are protected from arbitrary
interference whilst fulfilling the legitimate concerns and obligations of
the state to protect its security and the rights of its citizens," and to
"remove restrictions on management of the Internet, including ISPs,
creation of personal websites, and operation of Internet cafés to guarantee
the rights to freedom of expression, information, and assembly as set out
in international standards, as well as inviolability of domicile and
privacy as established in the Vietnamese Constitution."
The report is posted at
http://www.web.amnesty.org/library/index/engasa410372003
==========================================================
[10] Bush Backs International Cybercrime Plan
==========================================================
The United States government may soon consider a Council of Europe (CoE)
treaty that critics say will severely erode Internet privacy.
The Council of Europe's Convention on Cybercrime would, among other things,
require countries to authorize government agents to install spytools on the
servers of Internet service providers (ISPs) and thereby intercept all
Internet transmissions that come through the servers. The treaty requires
signatory nations to comply with foreign investigators, even when they are
investigating activities that are not crimes on domestic soil. The
Convention, however, does not require countries to enact any specific
procedural protections. The treaty was signed by many countries back in
2001 (including the Great Britain, Germany, France, the U.S., Japan and
South Africa), but had since languished. To date, only 4 countries have
ratified the Convention: Albania, Croatia, Estonia and Hungary.
U.S. President George W. Bush is now calling on Congress to ratify the
treaty, asking the U.S. Senate to "give early and favorable consideration
to the Cybercrime Convention, and that it give its advice and consent to
ratification." Curiously, Bush claimed that "the Convention contains
safeguards that protect civil liberties and other legitimate interests,"
but failed to acknowledge the fact that the treaty does not actually
require signatory nations to implement specific procedural safeguards.
Many observers have objected to the Convention because it may allow
unnecessary governmental intrusions into cyberspace. The Global Internet
Liberty Campaign had condemned a past draft of the convention as "a
document that threatens the rights of the individual while extending the
powers of police authorities, creates a low-barrier protection of rights
uniformly across borders, and ignores highly-regarded data protection
principles. Although some changes have been made ... we remain dissatisfied
with the substance of the convention."
Indeed, an analysis by Cyber-Rights & Cyber-Liberties UK (a GILC member)
indicates many of these thorny problems remain unsolved in the latest
version of the treaty. In "An Advocacy Handbook for the Non Governmental
Organizations" regarding the convention, the group noted that the treaty,
among other things, betrays a "serious lack of commitment to data
protection principles" and fails to provide concrete measures to prevent
abuses, such as subjecting surveillance powers to judicial warrants.
"Although the Cyber-Crime Convention states in its preamble that a proper
balance needs to be ensured between the interests of law enforcement
agencies and respect for fundamental human rights, the balance is certainly
in favour of the law enforcement agencies. ... It should be remembered ...
that 'the mission of the Council of Europe and of its organs is to prevent
the establishment of systems and methods that would allow "Big Brother" to
become master of the citizen's private life.' But the Cyber-Crime
Convention unfortunately suggests otherwise."
To read the Cyber-Rights & Cyber-Liberties handbook on the CoE Convention
(in PDF format), click
http://www.cyber-rights.org/cybercrime/coe_handbook_crcl.pdf
The text of the treaty is available via
http://conventions.coe.int/Treaty/EN/WhatYouWant.asp?NT=185
To read the text of President Bush's message, click
http://www.whitehouse.gov/news/releases/2003/11/20031117-11.html
See Declan McCullagh, "Bush backs international cybercrime plan," CNET
News, 19 November 2003 at
http://news.zdnet.co.uk/business/0,39020645,39117978,00.htm
For more details on GILC concerns regarding the CoE Cybercrime Convention,
click
http://www.gilc.org/privacy/coe-letter-1200.html
==========================================================
[11] Planned VeriPay human implants pose privacy problems
==========================================================
The manufacturers of a controversial subdermal tracking device are now
planning to expand its functions to include credit card payments.
Verichip--a device that can carry individualized data (such as a person's
name, current condition, medical records and unique identifiication number)
and is designed to be imbedded under a person's skin. When a special
external scanner is pointed at a Verichip, "a number is displayed by the
scanner" and the stored information is transmitted "via telephone or
Internet." Verichip's maker, Applied Digital Systems (ADS), is marketing
its product for such purposes as "identification, various law enforcement
and defense uses and search and rescue." ADS has now announced plans for a
service that would allow Verichip recipients to make consumer payments by
scanning their implants.
Privacy advocates had already expressed serious concerns about the device.
Chris Hoofnagle from the Electronic Privacy Information Center (EPIC-a GILC
member) warned: "When your bank card is compromised, all you have to do is
make a call to the issuer. In this case, you have to make a call to a
surgeon. It doesn't make sense to go from a card, which is controlled by an
individual, to a chip, which you cannot control." Security expert Richard
M. Smith explained that the ADS' latest plans might prove unpopular:
"VeriPay will offer some conveniences over RFID credit cards, but I think
most people will be creeped out with the idea of putting little radio
transmitters in their bodies."
The official Verichip website is located at
http://www.4verichip.com
Read Declan McCullagh, "Chip implant gets cash under your skin," CNET News,
25 November 2003 at
http://news.com.com/2102-1041_3-5111637.html
See also Julia Scheeres, "When Cash Is Only Skin Deep," Wired News, 25
November 2003 at
http://wired.com/news/technology/0,1282,61357,00.html
===============================================================
[12] Microsoft security flaws affect automated bank tellers
===============================================================
Security holes in the world's most popular computer operating system are
now having a negative impact on financial privacy.
It was recently revealed that a number of automated teller machines (ATMs)
had to be shutdown after they were infected with the Nachi computer bug.
Also known as the Welchia worm, the bug takes advantage of a known flaw in
an auto-update function in the latest versions of the Microsoft Windows
operating system (notably Windows NT 4.0, Windows 2000, Windows XP and
Windows Server 2003). The bug was ostensibly designed to cure machines of
another Windows-related worm, Mblast, but instead disrupted millions of
computers around the world. Diebold, which manufactured the ATMs, had
previously used IBM's OS/2 operating systems for their machines, but had
switched to Windows at the behest of banks.
These latest snafus are fueling long-standing concerns over whether
Microsoft is doing enough to protect the privacy of computer users.
Security expert Bruce Schneier explained that Microsoft's dominant position
as a software manufacturer tends to exacerbate the impact of its privacy
failings: "Specific-purpose machines, like microwave ovens and until now
ATM machines, never got viruses, Now that they are using a general purpose
operating system, Diebold should expect a lot more of this in the future."
Indeed, Microsoft has recently announced plans to install its software in
automobiles.
Meanwhile, researchers have discovered more security flaws in another
widely used Microsoft program: Internet Explorer (IE). One of the holes
pertains to a common fraud tactic that leads people (such as individuals
who have clicked weblinks in email messages) to a phony webpage that is
made to look like a well-known Internet company (such as eBay), where they
are asked to provide their personal information. This tactic can often be
detected by comparing the domain name displayed in the browser's address
bar with the website. However, experts have discovered that IE can be
fooled into displaying a phony domain name as well, making it much more
difficult to detect such Internet misdirection ruses. Computer researchers
have also discovered a number of scripting vulnerabilities in IE that could
allow scripts across supposedly secure domains, so that attackers from the
Internet could go through IE and execute commands on the victim's machine
that are only supposed to be carried out by the victim.
Read "Worm hits Windows-based ATMs," Reuters, 9 December 2003 at
http://news.com.com/2102-7349_3-5117285.html
See "Microsoft Software in Every Car?" Associated Press, 30 November 2003 at
http://wired.com/news/autotech/0,2554,61412,00.html
Read Paul Festa, "IE bug lets fake sites look real," CNET News, 10 December
2003 at
http://news.com.com/2102-7355_3-5119440.html
For coverage in Spanish (Espanol), see "Grave vulnerabilidad en Internet
Explorer y otros navegadores," DelitosInformaticos.com, 15 December 2003 at
http://www.delitosinformaticos.com/seguridad/noticias/10714911834870.shtml
See also Matthew Broersma, "New flaws reported in IE 6," CNET News, 28
November 2003 at
http://news.com.com/2102-1002_3-5112198.html
===============================================================
[13] US gov't gets still more spy powers
===============================================================
Lawmakers in the United States have approved a plan that some observers say
will further undermine the privacy of people online.
The plan, which was part of an annual intelligence agency funding bill,
involves the use of National Security Letters, which are issued at the sole
discretion of the Federal Bureau of Investigation (FBI) to get personal
information. Legislation passed in 2001 had already allowed the FBI the
ability to get financial records and telecommunications data (including
Internet logs) through such requests. Congress has now approved an
expansion of this power so that the FBI can get information via National
Security Letters from a wider range of organizations. The list of
businesses and groups that could be affected by this change includes
e-tailers and online auction houses (such as eBay) as well as travel
agencies and even post offices.
The change has been severely criticized by privacy groups. Timothy Edgar of
the American Civil Liberties Union (ACLU-a GILC member) warned: "The more
that checks and balances against government abuse are eroded, the greater
that abuse. We're going to regret these initiatives down the road."
An ACLU press release on this subject is posted at
http://www.aclu.org/SafeandFree/SafeandFree.cfm?ID=14434&c=206
Read Ryan Singel, "Congress Expands FBI Spying Power," Wired News, 24
November 2003 at
http://wired.com/news/politics/0,1283,61341,00.html
===============================================================
[14] Study: many British websites poor on privacy
===============================================================
A recent report suggests that many British websites are in violation of new
rules designed to protect personal information.
Compiled by WebAbacus, the study focused on the Britain's top 90 e-commerce
sites. The report found that 98% of the sites surveyed did not fully comply
with the Privacy and Electronic Communications (EC Directive) Regulations
of 2003, which took effect earlier this month. Twenty-four percent of the
websites that were studied had no privacy policy at all, and another twelve
percent had no information about digital identification numbers in files
known as "cookies." Only two percent allowed users to opt-out of
cookie-type Internet tracking schemes with one click of a mouse, as the new
law essentially requires.
These revelations have led to concern from government regulators. The
British Information Commissioner was "very surprised" so many websites had
failed to comply the rules, which had been in the works from quite some
time. As for ways to improve the situation, Assistant Information
Commissioner Phil Jones suggested that, at a minimum, "There should be
transparency. People should know what is going on with the information
collected about them."
A WebAbacus press release on this report is available via
http://www.webabacus.com/80256A8C0032AF34/(httpPublicDocuments)/WebAbacusCoo
kieLegislationResearch?OpenDocument
Read "Top UK sites 'fail privacy test,'" BBC News Online, 11 December 2003 at
http://news.bbc.co.uk/1/hi/technology/3307705.stm
===============================================================
[15] Yahoo and Excite fix webmail security hole
===============================================================
Yahoo and Excite have repaired a security glitch that affected their
popular web e-mail services.
While details regarding the glitch have been slow to emerge, reports
indicate that attackers could have exploited the flaw by sending doctored
messages to webmail users that, if opened, would allow them to run
malicious code (such as computer worms) on the victims' machines. Although
the company has software designed to stop computer bugs, researchers from
Finjan Software discovered that this barrier could overcome with ease. Both
Yahoo and Excite were told about the problem during the past few weeks and
have now remedied the situation.
Read "Yahoo fixes a hole where the mail gets in," Reuters, 10 December 2003 at
http://news.com.com/2102-1012_3-5118671.html
See also John Leyden, "Yahoo! fixes Web mail vuln," The Register (UK), 11
December 2003 at
http://www.theregister.co.uk/content/55/34459.html
=====================================================================
[16] Controversy grows over South Korean mobile phone security
=====================================================================
A heated debate has arisen in South Korea over the security of mobile phones.
The debate centers on mobile phones that use Code Division Multiple Access
(CDMA) technology. Unlike rival systems, CDMA phones had been advertised as
being highly secure due to the use of encryption for wireless
transmissions. However, in a recent interview with a Korean news agency,
Qualcomm chairman Irwin Jacobs admitted that it was indeed possible for
calls made through CDMA mobile phones to be intercepted, particularly as
the transmissions are running through wires between base stations. Jacobs
also admitted that the United States government had requested that Qualcomm
provide mobile phones with a higher level of security than their current
CDMA versions.
The security of mobile phones has become subject of national importance in
South Korea, where a number of lawmakers have made heavy use of
encryption-enabled phones to prevent espionage by political rivals. The
tension over this issue is such that opposition leaders have signaled that
they planned a perjury lawsuit against the country's information and
communications minister, Chin Dae-je, for claiming that CDMA phones could
not be wiretapped.
Read Kim Sung-jin, "Wiretapping of CDMA Phone Calls Possible," Korea Times,
19 November 2003 at
http://times.hankooki.com/lpage/biz/200311/kt2003111918034011860.htm
===============================================================
[17] New privacy-friendly Cryptophone unveiled
===============================================================
A German company has developed a new security-friendly phone that has drawn
attention from privacy advocates.
The Cryptophone was developed by a division of Berlin-based CSMK and
includes free encryption software that uses two algorithms (AES and
Twofish). Under the scheme, calls using the mobile handset can only be
decoded by a handset or computer running the same encryption program, which
can be downloaded via the Internet and run on any device that uses
Microsoft Windows. The company has also made the underlying source code
available for public inspection.
A number of experts have expressed hope that the new device will help
protect individual privacy, but are concerned that its benefits may be
undercut by various forces, including new wiretapping legislation and
costs. Simon Davies of Privacy International (a GILC member) called the
Cryptophone "a tremendous step forward, because the level of surveillance
by authorities is breathtaking. ... I would not trust governments to leave
it alone." Ian Brown from the Foundation for Information Policy Research
(FIPR-a GILC member) worried that "[n]ot many average consumers will pay
that kind of money. The people who will be using it are in businesses."
The official Cryptophone website is located at
http://www.cryptophone.de/
See "Germany Touts High-Security Phone," Reuters, 18 November 2003 at
http://wired.com/news/technology/0,1282,61289,00.htm
=========================================================
ABOUT THE GILC NEWS ALERT:
=========================================================
The GILC News Alert is the newsletter of the Global Internet Liberty
Campaign, an international coalition of organizations working to protect
and enhance online civil liberties and human rights. Organizations are
invited to join GILC by contacting us at
gilc@gilc.org.
To alert members about threats to cyber liberties, please contact members
from your country or send a message to the general GILC address.
To submit information about upcoming events, new activist tools and news
stories, contact:
Christopher Chiu
GILC Coordinator
American Civil Liberties Union
125 Broad Street, 17th Floor
New York, New York 10004
USA
Or email:
cchiu@aclu.org
More information about GILC members and news is available at
http://www.gilc.org
You may re-print or redistribute the GILC NEWS ALERT freely.
This edition of the GILC Alert will be found on the World Wide Web under
http://www.gilc.org/alert/alert79.html
To subscribe to the Alert, or to change your subscription options
(including unsubscribing), please visit
http://www.2rad.net/mailman/listinfo/gilc-announce
========================================================
PUBLICATION OF THIS NEWSLETTER IS MADE POSSIBLE BY A
GRANT FROM THE OPEN SOCIETY INSTITUTE (OSI)
========================================================
========== HURIDOCS-Tech listserv ==========
Send mail intended for the list to <huridocs-tech@hrea.org>.
Archives of the list can be found at:
http://www.hrea.org/lists/huridocs-tech/markup/maillist.php
To subscribe to the list, send a message to <majordomo@hrea.org>,
with the following text in the message: subscribe huridocs-tech
To unsubscribe from the list, send a message to <majordomo@hrea.org>,
with the following text in the message: unsubscribe huridocs-tech
If you have problems (un)subscribing, contact <owner-huridocs-tech@hrea.org>.
[Reply to this message] [Start a new topic] [Date Index] [Thread Index] [Author Index] [Subject Index] [List Home Page] [HREA Home Page]