GILC Alert
Volume 8, Issue 4
7 May 2004
Welcome to the Global Internet Liberty Campaign Newsletter.
Welcome to GILC Alert, the newsletter of the Global Internet Liberty
Campaign. We are an international organization of groups working for
cyber-liberties, who are determined to preserve civil liberties and human
rights on the Internet.
We hope you find this newsletter interesting, and we very much hope that
you will avail yourselves of the action items in future issues.
If you are a part of an organization that would be interested in joining
GILC, please contact us at <gilc@gilc.org>.
If you are aware of threats to cyber-liberties that we may not know about,
please contact the GILC members in your country, or contact GILC as a whole.
Please feel free to redistribute this newsletter to appropriate forums.
===============================================
Free expression
[1] Jailed Vietnamese Net dissident on hunger strike
[2] Controversial French digital economy bill in final phases
[3] Shanghai cybercafe users face further restrictions
[4] Net journalists detained in the Maldives
[5] RIAA launches a further round of file-sharer lawsuits
[6] Vietnam website blocking broader than previously thought
[7] New Canadian copyright proposal might stifle Net speech
[8] Google feature blocks many non-controversial websites
[9] Japanese gov't plans crippling of digital TV
[10] North Korean protestors start Internet radio service
[11] New joint initiative to defend cyberliberties
Privacy
[12] European Union considers new data retention plan
[13] Continued controversy over Google Gmail privacy flaws
[14] Spyware problems may lead more U.S. legislation
[15] Debate over U.S. spy-friendly Net tapping rules heats up
[16] Microsoft belatedly releases several new security patches
[17] Serious security flaw in vital Internet protocol system
[18] Studies indicate Internet privacy awareness lags
[19] U.S. Big Brother Awards for 2004 handed out
[20] EFF Pioneer Awards winners announced
===================================================================
[1] Jailed Vietnamese Net dissident on hunger strike
===================================================================
A Vietnamese journalist has started a hunger strike to protest his
continued detainment in connection with his online speech activities.
Nguyen Vu Binh had, among other things, written a number of articles
regarding political and economic reforms in the Southeast Asian nation,
including "Thoughts on the Sino-Vietnamese border agreements"-an essay that
savaged a 5 year old treaty between China and Vietnam. He was then
arrested, convicted of espionage and sentenced to seven years in jail, plus
three years of house arrest. Earlier this week, an appeals panel held a
hearing that lasted less than two hours and confirmed the earlier sentence.
Upon hearing the appeals verdict, Vu Binh roared: "To me, either freedom or
death. If the authorities won't release me, I will start my hunger strike
now." He began his hunger strike shortly after the judicial proceedings
ended. He remains behind bars in a prison located in the capital, Hanoi;
few details are available as to his current condition.
Not surprisingly, a number of free speech groups have criticized the
Vietnamese government in connection with these developments. In a
statement, Reporters Sans Frontieres (RSF-a GILC member) disparaged "this
abusive use of a charge of espionage. What connection can there be between
posting articles on the Internet, campaigning for human rights and
espionage? This conviction reminds us that freedom of expression is
constantly trampled underfoot in Vietnam, on the Internet as in other
media." The Committee to Protect Journalists (CPJ-a GILC member) has
expressed similar sentiments.
For further information, visit the CPJ website at
http://www.cpj.org/news/2004/Vietnam06may04na.html
See also the RSF website under
http://www.rsf.org/article.php3?id_article=10293
===================================================================
[2] Controversial French digital economy bill in final phases
===================================================================
French legislators may soon give final approval to a proposal that critics
say could have a detrimental impact on cyberliberties.
The French digital economy bill (known as le projet de loi sur la confiance
dans l'économie numérique or LEN), which is supposed to help France comply
with a June 2000 European Union (EU) directive, includes language that
would make Internet service providers liable for content on websites that
they host. Among other things, they would have to "act promptly" to take
down material "after becoming aware of their unlawful nature" or face legal
retribution-a process that currently requires judicial approval. The bill
also essentially eliminates the doctrine that email should be treated as
"private correspondence," creating the possibility that such messages could
be intercepted more easily by third parties. Over the past several months,
the French National Assembly and Senate have each adopted versions of the
bill. Earlier this week, the Assembly approved a revised draft that
resolves the differences between the two versions; a Senate vote on this
revised version is expected to take place next week (13 May).
Many groups remain staunchly opposed to the bill. Reporters Sans Frontieres
(RSF-a GILC member), along with several other organizations, has requested
meetings with top French government ministers to voice their concerns about
LEN. In a letter to Nicolas Sarkozy, the French Minister of Economy,
Finance and Industry, the organizations noted that, despite various
amendments, "the main problem posed by this bill is unchanged. It makes
Internet hosts responsible for censoring web content in the absence of any
judicial role." Opposing this provision as well as three others in the
draft law, Imaginons un Reseau Internet Solidaire (IRIS-a GILC member), in
a joint action with the French Human Rights League (LDH), filed papers
(including a detailed brief) asking the French parliamentary opposition to
submit the proposal to the French Constitutional Council for further
review. These demands were buttressed by a strong anti-LEN petition drive
launched by the two groups that has garnered over 13 000 individual and 260
organizational signatories. In response to these efforts, Socialist members
of parliament announced on 6 May that they would indeed forward the
proposal on to the Council.
To read an IRIS and LDH joint open letter to the Socialists regarding LEN,
click
http://www.ldh-france.org/actu_derniereheure.cfm?idactu=822
For further information, see
http://www.iris.sgdg.org/actions/len/
Visit the RSF website at
http://www.rsf.org/article.php3?id_article=9751
See also
http://www.droit-technologie.org/1_2.asp?actu_id=917
Read Estelle Dumout, "L'Assemblee nationale valide le texte de compromis
sur la LCEN," ZDNet France, 6 May 2004 at
http://zdnet.fr/actualites/internet/0,39020774,39151706,00.htm
===================================================================
[3] Shanghai cybercafe users face further restrictions
===================================================================
Internet users in Shanghai will soon have to overcome still more hurdles in
order to go online.
For years, people who wished to use cybercafes in China's largest city have
had to face numerous constraints, including software that blocked access to
various websites deemed taboo by Chinese authorities. Now Shanghai
government officials have started implementing further restrictions. Among
other things, special software is being installed on Shanghai cybercafe
computers that requires customers to provide their identity numbers (or
passport numbers, if they are foreigners) when they login. The software
also will notify the authorities if a given user visits certain places on
the Information Superhighway that are banned by the government, such as
websites that provide information about the banned Falun Gong spiritual
movement. Finally, state officials have placed surveillance cameras in
Internet cafes, presumably to help officials track down and arrest
violators. The Shanghai rollout of this scheme is meant as a test that,
depending on the results, could lead to implementation of similar controls
in communities all across the Land of the Dragon.
These developments came as public concern continues to mount over the
plight of a noted Chinese Internet dissident. Yang Jianli, the editor of
ChinaEWeekly.com, was arrested two years ago while conducting an
investigation of worker strikes in the northeastern part of the country. He
remains in detention despite the fact that has yet to be convicted (much
less sentenced) for any crime. Reports indicate he has been placed in
solitary confinement, denied access to a lawyer, and been handcuffed for
weeks at a time.
These and other efforts by Chinese government agents to censor criticism
have led to an astonishingly sharp rebuke from a noted scholar. Jiao
Guobiao, a Beijing University journalism professor, lashed out at Chinese
government censors in an essay that has been widely circulated via the
Information Superhighway. Among other things, he called censorship orders
by Chinese officials "totally groundless, absolutely arbitrary, at odds
with the basic standards of civilisation, and as counter to scientific
common sense as witches and wizardry. They take money from the parties
referred to in reports. They distort the media's sense of right and wrong
and justice. They are killing the constitution." Not surprisingly, Chinese
authorities have now banned the essay.
Read "China's censorship machine endures," Taipei Times, 4 May 2004 at
http://www.asiamedia.ucla.edu/article.asp?parentid=10890
See Jonathan Watts, "Chinese professor attacks state censors," The Guardian
(UK), 4 May 2004 at
http://www.guardian.co.uk/china/story/0,7369,1208925,00.html
For more on the Yang Jianli case, visit the Reporters Sans Frontieres
(RSF-a GILC member) website at
http://www.rsf.org/article.php3?id_article=9937
Read Bill Savadove, "New system to monitor Net surfing," South China
Morning Post, 29 April 2004 at
http://www.asiamedia.ucla.edu/article.asp?parentid=10742
See "Shanghai cameras spy on web users," BBC News Online, 22 April 2004 at
http://news.bbc.co.uk/1/hi/world/asia-pacific/3648813.stm
See also "Shanghai cracks down on internet cafes," Associated Press, 22
April 2004 at
http://www.guardian.co.uk/online/news/0,12597,1200862,00.html
===================================================================
[4] Net journalists detained in the Maldives
===================================================================
Freedom of expression advocates have expressed concern over the continued
detention of three people who were involved with producing an online newspaper.
Ahmed Didi, Ibrahim Luthfee and Mohamed Zaki founded and worked on
Sandhaanu, an independent online publication in the Maldives that included
criticism of the government regarding various political issues. They were
arrested along with their secretary, Fathimath Nisreen, nearly two years
ago and charged with treason, defamation, and incitement to violence. In a
three day trial, and after their requests for legal representation were
denied, they were convicted of defamation; Didi, Luthfee, and Zaki were
sentenced to life imprisonment and one year of banishment, while Nisreen
received a 10-year prison sentence plus one year of banishment. Luthfee
escaped in May 2003, but the others remain behind bars. Though President
Maumoon Abdul Gayoom reduced their sentences as part of a prison reform
measure, reports indicate their conditions remain dire. Didi and Zaki have
placed in solitary confinement, and the authorities have rejected pleas
from doctors for Didi's early release in order to undergo much-needed heart
bypass surgery. While Nisreen was technically released from prison last
December, she has since been confined to Feeali Island, which is just south
of the South Asian nation's capital, Male.
Free speech groups have deplored the situation. In a letter to the
country's president, Maumoon Abdul Gayoom, the Committee to Protect
Journalists (CPJ-a GILC member) condemned the continued detention of the
three journalists and called for their immediate release. Among other
things, CPJ questioned the legality of the government's actions, noting
that "the Maldives' constitution protects its citizens' right to 'express
his conscience and thoughts orally or in writing or by other means.'"
To read the CPJ letter, click
http://www.cpj.org/protests/04ltrs/Maldives28apr04pl.html
===================================================================
[5] RIAA launches a further round of file-sharer lawsuits
===================================================================
A major recording industry trade group has sued still more Internet users
over their alleged file-sharing activities.
The Recording Industry Association of America (RIAA) has launched yet
another wave of lawsuits against Internet users who it claims have engaged
in copyright infringement by sharing music files online. As with previous
waves, the RIAA mentioned its targets by their supposed IP addresses, and
is trying to discover the true identities of the people it sued. In total,
the Association has sued 2454 alleged file-sharers in the U.S. over the
past year. The RIAA's efforts have encountered staunch opposition from
various groups, including GILC members the American Civil Liberties Union
and EFF as well as Public Citizen. Responding to this latest round of legal
battles, Fred von Lohmann from the Electronic Frontier Foundation (EFF-a
GILC member) chided the RIAA, saying: "The lawsuits against students and
individuals are not working and we hope the record industry will come to
its senses and arrive at a new strategy."
In addition, several entertainment companies have developed a new spy
system to hunt down people who share copyrighted files along the
Information Superhighway. The Automatic Copyright Notice System (ACNS) is
installed by Internet service providers and is supposed to automatically
cut off online access to alleged file-sharers. ACNS apparently also sends
notices of ostensibly illegal behavior to targeted individuals and can keep
the access restrictions in place until those individuals delete various
downloaded files. The University of California at Los Angeles is currently
testing ACNS on its computers. EFF's von Lohmann questioned whether the
system will actually be effective: "Whether it's an opening gambit for the
recording industry to try to tell universities how to design their computer
systems, we'll have to wait and see. The trouble I have with this, there
will be countermeasures, and who is going to absorb costs to constantly
modify this system to make it work? Do universities really want to be drawn
into the arms race?"
See "US sues 477 more 'song-swappers,'" BBC News Online, 29 April 2004 at
http://news.bbc.co.uk/1/hi/entertainment/music/3668989.stm
Read "RIAA Sues 477 More People," Associated Press, 28 April 2004 at
http://wired.com/news/print/0,1294,63263,00.html
See also John Borland, "RIAA files new round of file-swapping suits," CNET
News, 28 April 2004 at
http://zdnet.com.com/2100-1104-5201637.html
Read "UCLA becomes Hollywood enforcer," P2Pnet.net News, 29 April 2004 at
http://p2pnet.net/story/1327
See Stefanie Olsen, "Hollywood's new lesson for campus file swappers," CNET
News, 19 April 2004 at
http://news.com.com/2102-1027_3-5194341.html
===================================================================
[6] Vietnam website blocking broader than previously thought
===================================================================
Free speech groups are expressing alarm over the extent to which the
Vietnamese government censors online materials, based on new research.
For years, Vietnamese authorities have blocked their citizens from
accessing various parts of cyberspace, especially online materials
regarding political speech or human rights. Last week, investigators from
the OpenNet Institute (see item [11] below) found that this blocking system
was far more extensive than previously thought. For example, the list of
affected webpages includes the website of the International Freedom of
Expression Exchange, which is managed by Canadian Journalists for Free
Expression (CJFE-a GILC member) and includes an extensive collection of
materials regarding free speech issues, including online censorship.
Ironically, these revelations came around the time of World Press Freedom
Day, which took place on 3 May. CJFE Chair Arnold Amber complained: "While
much of the world is celebrating the importance of free expression,
Internet users in Vietnam can't find out what's going on outside their
borders because of government filtering. ... CJFE urges the Vietnamese
authorities to remove their filters immediately."
Additional information is available via
http://ifex.org/en/content/view/full/58616/?PHPSESSID=f7296c07af4c0ca528b03c4332d9eeda
===================================================================
[7] New Canadian copyright proposal might stifle Net speech
===================================================================
Free speech experts are worried about a legislative effort to abrogate a
Canadian court decision that upheld the legality of sharing music files via
the Internet.
The Canadian Heritage and Industry Ministries will soon meet to draft an
amendment to the country's copyright act that would make file sharing
illegal. The amendment is a response to a recent decision by Canadian judge
Konrad von Finckenstein, who rejected a Canadian Recording Industry
Association (CRIA) request to identify 29 Internet users who it claimed had
engaged in illegal sharing of copyrighted files. Von Finckenstein instead
held that "[d]ownloading a song for personal use does not amount to
infringement." The draft amendment may come very soon; Heritage Minister
Helene Scherrer has stated that her agency "will make it a priority so it
is done as quickly as possible."
Not surprisingly, freedom of expression advocates deplored the prospect of
a new anti-file sharing bill. Howard Knopf of the Canadian Internet Policy
and Public Internet Clinic severely criticized the Minister Scherrer's
stance: "It strikes me that the minister's first job is to defend the
interests of the public and not the music industry. It's a
multibillion-dollar industry and hardly needs assistance."
See Keith Damsell, "Minister vows to fight music file swapping," The Globe
and Mail (CA), 13 April 2004, page B5 at
http://www.theglobeandmail.com/servlet/ArticleNews/TPStory/LAC/20040413/RMUSI13/TPBusiness/Canadian
To read the text of the Canadian court decision (in PDF format), click
http://www.fct-cf.gc.ca/bulletins/whatsnew/T-292-04.pdf
===================================================================
[8] Google feature blocks many non-controversial websites
===================================================================
A special feature provided world's most popular Internet search engine is
apparently preventing users from reaching many non-controversial webpages.
A CNET News investigation has revealed that Google's SafeSearch program has
a tendency to block access to websites whose addresses contain certain
strings of characters (such as "sex") without regard to context. One
example is PartsExpress.com, which sells spare parts for electronic
audiovisual equipment. Another victim of SafeSearch's blocking is
ALittleGirlsBoutique.com, an e-tailer that markets children's clothing,
hats, shoes and accessories. These mistakes come despite Google's
assertions that SafeSearch only denies access to websites "containing
pornography and explicit sexual content." Indeed, when asked about this
issue, Matt Cutts, who developed SafeSearch, admitted that the program does
not check the context of the affected websites and that it tends censor out
innocent websites.
Cyberliberties experts were not surprised by this research, noting that the
problems posed by Internet blocking software have been known for years.
Karen Schneider, the proprietor of the Librarian's Index to the Internet,
called SafeSearch "certainly evocative of the very primitive
CyberSitter-type tools of the mid-1990s." Representatives from several of
the blocked sites have complained about Google's techniques; Gareth
Roelofse from RomansInSussex.co.uk noted that this censor system has been
"a challenge" to his organization "because its target audience is school
children."
Read Declan McCullagh, "Google's chastity belt too tight," CNET News, 23
April 2004 at
http://news.com.com/2102-1032_3-5198125.html
===================================================================
[9] Japanese gov't plans crippling of digital TV
===================================================================
Several prominent Japanese media groups have decided to adopt a new system
that may restrict the right of consumers to enjoy digital television
broadcasts and the Information Superhighway.
The Japanese National Association of Commercial Broadcasters as well as
Japanese state television (NHK) have begun implementing measures to prevent
people from making copies of digitally televised programs. Under this
scheme, special copy-protection signals will be mixed into digital
television transmissions. Consumers will have to pick up special B-CAS
decoder cards and insert them into their respective television sets in
order to watch digital TV programs. The system will be applied programs
broadcast via terrestrial channels as well as satellite signals.
These moves have already generated a flood of consumer complaints. At least
20 000 people have called their broadcasters about the scheme; about 25% of
these callers have reported that they have lost their B-CAS cards. A number
of consumer electronics companies are also grumbling about the copy
protection system, which they fear will lead to reduced sales. Moreover,
questions remain as to whether the system will have a detrimental impact on
digital free speech.
See "NHK, TV broadcasters to block digital copying," Japan Times, 2 April
2004 at
http://www.asiamedia.ucla.edu/article.asp?parentid=9738
Read "TV broadcasters to enhance digital program copy control," Japan
Today, 1 April 2004 at
http://www.japantoday.com/e/?content=news&cat=4&id=293524
===================================================================
[10] North Korean protestors start Internet radio service
===================================================================
Several people who have defected from North Korea have begun an online
radio service to agitate for democracy in their former homeland.
Free North Korea Broadcasting was created by 20 North Korean exiles. Its
daily broadcasts are available via the Information Superhighway and include
a variety of programs, including open discussions of human rights issues in
the East Asian nation, political dialogues and stories about refugees'
experiences. The group's president and chief writer, Kim Sung-min,
explained: "Our program aims to help North Koreans know better about their
actual situation and to let the rest of world know about the reality of the
North Korean government. [Our aim is also] to finally lead the nation to
become a democratic nation like South Korea." However, there are concerns
as to whether the target audience will actually be able to listen to these
broadcasts, since only a handful of North Koreans have Internet access.
The Free North Korea Broadcasting website is located at
http://www.freenk.net
See Kim Tae-jong, "'Radio Free North Korea' Aims to Promote Democracy in
North," Korea Times, 25 April 2004 at
http://times.hankooki.com/lpage/nation/200404/kt2004042517271144430.htm
See also "NK defectors launch Internet radio," Korea Times, 20 April 2004 at
http://www.asiamedia.ucla.edu/article.asp?parentid=10469
===================================================================
[11] New joint initiative to defend cyberliberties
===================================================================
A recently launched initiative may help protect civil liberties online.
OpenNet Initiative (ONI) is a collaborate effort by three different
academic institutions: the Advanced Network Research Group at Cambridge
University, Harvard University's Berkman Center for Internet & Society and
Citizen Lab, which is based at the University of Toronto. As explained by
one participant, ONI is meant to "fuse cutting-edge intelligence-derived
techniques with a networked model of analysis that includes some of the
brightest minds in this field - we are striving to become the eyes and ears
on digital censorship worldwide." ONI is currently in the process of doing
several research projects, including case studies on Internet free speech
restrictions as well as techniques to circumvent such restrictions.
The official ONI website is located at
http://www.opennetinitiative.net/
See Clark Boyd, "'Net ninjas' take on web censorship," BBC News Online, 18
April 2004 at
http://news.bbc.co.uk/1/hi/technology/3632757.stm
===================================================================
[12] European Union considers new data retention plan
===================================================================
Privacy experts have voiced concern over a proposal submitted to the
European Union that would require the retention of customer communications
data.
The United Kingdom, France, Ireland and Sweden are urging the European
Union (EU) to adopt a Draft Framework Decision on this issue. If
implemented, telecommunications companies would have to keep customer
traffic and location data for 1-3 years (or even longer depending "upon
national criteria") and allow law enforcement agents to access this data.
The draft is written broadly to include data generated by a number of
different systems, such as communications carried through "Internet
Protocols including Email, Voice over Internet Protocols, world wide web,
file transfer protocols, network transfer protocols, hyper text transfer
protocols, voice over broadband and subsets of Internet Protocols numbers -
network address translation data." The plan also includes language that
covers other technologies such as "Short Message Services, Electronic Media
Services and Multi Media Messaging Services" as well as "[f]uture
technological developments that facilitate the transmission of
communications." Signatories would have to comply with the Framework
Decision "within two years following the date of adoption."
The draft has already drawn criticism from cyberliberties groups. Ben Hayes
from Statewatch (a GILC member) suggested that the proposal was deeply
misguided: "What is needed is good intelligence on specific threats, rather
than mass surveillance of everyone, generating more data than can usefully
be analyzed. ... This proposal is disproportionate, unnecessary and has no
place in a democracy."
The Draft Framework Decision is available (in PDF format) at
http://register.consilium.eu.int/pdf/en/04/st08/st08958.en04.pdf
A Statewatch analysis of the Draft Framework Decision is posted under
http://www.statewatch.org/news/2004/apr/21dataretention.htm
===================================================================
[13] Continued controversy over Google Gmail privacy flaws
===================================================================
Concern continues to grow over the privacy implications of a
recently-launched webmail service.
Gmail is provided by Internet search engine giant Google. Among other
things, as described in the official Gmail privacy policy, Google computers
automatically scan through emails sent or received by Gmail customers, then
uses the collected information to serve text ads or other "related
information in Google's extensive database. ... Advertisers receive a
record of the total number of impressions and clicks for each ad."
Moreover, under the terms of this policy, Google may send information
regarding "other Google services" to Gmail users, and those customers "will
not be given the opportunity to opt-out of receiving" such messages. The
policy also mentions that "residual copies of email may remain on our
systems, even after you have deleted them from your mailbox or after the
termination of your account."
The rollout of Gmail prompted a firestorm of criticism from privacy
advocates. In a Freedom of Information Act (FOIA) request, the Electronic
Privacy Information Center (EPIC-a GILC member) compared Gmail's scanning
abilities to the much-maligned United States government Total Information
Awareness program as well as the Internet spy tool developed by the U.S.
Federal Bureau of Investigations (FBI) previously known as Carnivore. EPIC,
along with the Privacy Rights Clearinghouse and World Privacy Forum, also
sent a letter to California state attorney general Bill Lockyer charging
that Gmail may violate local wiretapping laws. Privacy International (a
GILC member) has filed a slew of complaints on this subject with government
regulators in 16 countries as well as the European Commission and the
European Union (EU) Article 29 Data Protection Working Group.
In the meantime, a local legislator in the United States has introduced a
bill designed to protect the privacy of webmail users. Sponsored by
California state senator Liz Figueroa, the proposal generally bars
providers of "e-mail or instant messaging services to California customers"
from reviewing, examining, or otherwise evaluating "the content of a
customer's outgoing or incoming e-mail or instant messages." The bill
contains several exceptions, such as (1) instances where the relevant
"subscriber has consented" to such scanning, (2) court orders or (3)
filtration of "unsolicited e-mail for removing spam or for managing
computer viruses or other malicious programs."
The EPIC Gmail FOIA request is posted under
http://www.epic.org/privacy/gmail/foirequest.html
The letter to Bill Lockyer is available at
http://www.epic.org/privacy/gmail/agltr5.3.04.html
See also "Google denies FBI interest in Gmail," CNET News, 30 April 2004 at
http://news.zdnet.co.uk/business/0,39020645,39153367,00.htm
To read the text of the bill, click
http://www.leginfo.ca.gov/pub/bill/sen/sb_1801-1850/sb_1822_bill_20040420_amended_sen.html
Privacy International's Gmail complaint is available (in PDF format) under
http://www.privacyinternational.org/issues/internet/gmail-complaint.pdf
See "Google's Gmail could be blocked," BBC News, 13 April 2004 at
http://news.bbc.co.uk/1/hi/business/3621169.stm
===================================================================
[14] Spyware problems may lead more U.S. legislation
===================================================================
During a recent hearing, Federal lawmakers in the United States signaled
that they are willing pass anti-spyware legislation that might protect
Internet privacy.
This concern centers on advertising utilities that are often
surreptitiously bundled with other downloaded computer programs and can be
installed with little notice to the user, particularly if the given
machine's web browser uses low security settings. Once installed, these
programs track users' Internet surfing habits and display advertisements
based on this information. For example, one of these programs, Gator,
watches the terms people enter into the Google search engine and serves up
ads pursuant to those terms. Gator also targets specific host names and
even federal government websites for advertising opportunities. Recent
studies as well as a workshop hosted by the U.S. Federal Trade Commission
(FTC) have revealed that spyware has become increasingly common. For
example, a spokesperson from Internet security firm MacAfee mentioned at
the workshop that his company had detected more than 14 million spyware
programs by March 2004, up from nearly 2 million last August.
Mounting public concern about these programs led a committee of the U.S.
House of Representatives to hold a hearing on the subject. During the
session, many members of Congress rejected arguments industry leaders and
the FTC to go slow on anti-spyware proposals. Representative Jay Inslee,
who has introduced a bill to ban spyware, said the FTC's stance was
"absolutely astounding ... when we have hundreds of thousands of violations
every day." Indeed, committee chairman Joe Barton chided one FTC official
by calling him "the only person in this country that wants spyware on their
computer." In addition to Inslee's proposal, there are at least two other
anti-spyware bills that have submitted to Congress and a brand new state
anti-spyware law in Utah.
Read Matthew Daly, "House probes spyware/computer software to collect
personal data," Associated Press, 29 April 2004 at
http://www.sfgate.com/cgi-bin/article.cgi?f=/news/archive/2004/04/29/financial1736EDT0363.DTL
See also Declan McCullagh, "FTC officials blast spyware measures," CNET
News, 29 April 2004 at
http://news.com.com/2100-1023_3-5202016.html
Read "Spying software watches you work," BBC News Online, 29 April 2004 at
http://news.bbc.co.uk/1/hi/technology/3669213.stm
See "PCs 'infested' with spy programs," BBC News Online, 16 April 2004 at
http://news.bbc.co.uk/1/hi/technology/3633167.stm
See also Declan McCullagh, "Few solutions pop up at FTC adware workshop,"
CNET News, 19 April 2004 at
http://news.com.com/2100-1028_3-5195222.html
For further information in German (Deutsch), see "Studie: Spyware ist stark
verbreitet," Heise Online, 16 April 2004 at
http://www.heise.de/newsticker/meldung/46576
Chinese-language coverage is available via
http://www.cyberbees.org/blog/archives/003414.html
===================================================================
[15] Debate over U.S. spy-friendly Net tapping rules heats up
===================================================================
A wide range of groups have called on the United States government not to
implement new standards to make it easier to spy on broadband networks as
well as phone calls made over the Internet.
These groups have responded to a recent petition by the U.S. Federal Bureau
of Investigations (FBI), the U.S. Department of Justice (DOJ) and the U.S.
Drug Enforcement Administration (DEA) to the Federal Communications
Commission (FCC). In that joint petition, the FBI, DOJ and DEA urged the
FCC to rule that the Communications Assistance for Law Enforcement Act
(CALEA) applies to broadband networks as well as phone calls made via the
Information Superhighway (including those made using the Voice over IP
protocol). CALEA generally requires telecom firms to build surveillance
capabilities into their networks, but exempts information services, most
notably the Internet. Nevertheless, the FBI, DOJ and DEA called on the
Commission "to promulgate general rules that provide for the establishment
of benchmarks and deadlines for CALEA compliance with future CALEA-covered
technologies and services that are comparable to those requested [in the
current petition] for CALEA packet-mode compliance." If the FCC were to
agree to the petitioners' wishes, telecommunications companies would
essentially have to build spyware into broadband Internet systems as well
as broadband telephony networks.
Many groups, especially cyberliberties organizations, have expressed
serious concern over these developments. In comments filed with the FCC,
the Electronic Privacy Information Center (EPIC-a GILC member) said it
opposed the DOJ petition "on the ground that it impermissibly seeks to
extend the narrow, legislatively authorized reach of CALEA from
telecommunications providers to Voice over IP ... services and broadband
Internet Service Providers ... . Any such expansion of CALEA's reach,
should it be deemed necessary, must be effectuated by Congress-not the
Commission-particularly in light of the unique privacy issues that arise
when surveillance capabilities are mandated for packet-mode communications.
Further, DOJ has not demonstrated that the existing CALEA regime is in any
way inadequate to address its needs." Similar concerns were expressed by a
number of other GILC member organizations, including the Electronic
Frontier Foundation, the American Civil Liberties Union and the Center for
Democracy and Technology.
For a complete archive of comments filed with the FCC, click
http://gullfoss2.fcc.gov/cgi-bin/websql/prod/ecfs/comsrch_v2.hts?ws_mode=retrieve_list&id_proceeding=RM-10865
Read Ben Charny, "Feds asked to hang up on FBI's wiretap proposal," CNET
News, 13 April 2004 at
http://news.com.com/2102-1034_3-5190685.html
See also Ben Charny, "Pushing to wiretap 'push to talk,'" CNET News, 15
April 2004 at
http://news.com.com/2102-1039_3-5192653.html
=========================================================================
[16] Microsoft belatedly releases several new security patches
=========================================================================
Microsoft has finally released fixes for 20 security flaws in several of
its products, just before a new computer bug that took advantage of these
holes made its appearance.
The software giant made available 4 patches to cover the flaws. Taken
together, the problems could have allowed attackers to not only take over
victims' machines, but also spread worms (such as MSBlast) to other
computers via the Internet. The list of programs affected by these flaws
read like a laundry list of Microsoft products, including Windows 2003,
Windows XP, Windows NT, Internet Explorer, Outlook and Outlook Express.
Some of these problems had apparently been reported to Microsoft months
ago, but the company held off releasing the fixes until recently, claiming
that its guarded approach would be more convenient for consumers.
However, the incident, along with several similarly slow security patch
rollouts over the past year or so, has provoked continued criticism over
Microsoft's apparently lax efforts to protect its users' personal
information. Marc Maiffret from eEye Digital Security (which discovered a
number of the problems that were the subject of the patches) warned: "These
releases confirm a trend that has been happening with Microsoft security
lately--that they are willing to leave customers vulnerable for long
periods of time, all in order to try to bundle security fixes, which leads
to the (impression) of having less vulnerabilities. This is completely
unacceptable."
Indeed, shortly after Microsoft's release of the patches, a new Sasser
computer bug that exploits one of the aforementioned security problems hit
numerous machines around the world. Sasser is spread via the Internet but
does not require users to click an email attachment, as commonly happens
with many other computer bugs. Among the organizations severely affected by
Sasser were the Taiwanese postal service, Australian Railcorp trains, the
British Coastguard, Goldman Sachs, British Airways and Deutsche Post, as
well as several Hong Kong government agencies.
Read "Sasser Net worm set for long life," BBC News Online, 6 May 2004 at
http://news.bbc.co.uk/1/hi/technology/3689561.stm
See Robert Lemos, "Sasser keeps squirming into homes, businesses," CNET
News, 4 May 2004 at
http://news.com.com/2102-7349_3-5205815.html
See also "Hunt is on for Sasser worm writer," BBC News, 5 May 2004 at
http://news.bbc.co.uk/1/hi/technology/3687583.stm
For press coverage in Spanish (Espanol), see "Intentan frenar al virus
Sasser, que afecta a millones de usuarios," Clarin.com, 3 May 2004 at
http://www.clarin.com/diario/2004/05/03/um/m-752943.htm
Read Robert Lemos, "Microsoft warns of a score of security holes," CNET
News, 13 April 2004 at
http://news.com.com/2102-7349_3-5190818.html
See "4 New Microsoft Security Patches," Associated Press, 13 April 2004 at
http://www.cbsnews.com/stories/2004/04/02/tech/main609982.shtml
See also Ina Fried, "Microsoft shuffles execs to combat security flaws,"
CNET News, 12 April 2004 at
http://news.com.com/2102-1009_3-5190183.html
===================================================================
[17] Serious security flaw in vital Internet protocol system
===================================================================
Agencies on both sides of the Atlantic have issued warnings regarding a
security flaw in an important Internet protocol.
The British National Infrastructure Security Coordination Centre and the
United States Computer Emergency Readiness Team (CERT) have issued warnings
over a security hole in the Transmission Control Protocol (TCP), a
fundamental communications protocol that underpins the Internet. The hole
would allow an attacker to guess the identifiers that are placed on
Internet data packets with greater ease than previously thought possible.
Using this knowledge, an attacker could thereby tamper with the packets and
cause targeted machines to go offline or otherwise cause system outages. It
is unclear when the problem first appeared; for example, one expert has
pointed to evidence suggesting that the flaw may have been around since
1996. Although there are no reports that anyone has tried to exploit this
problem, numerous Internet service providers have taken precautionary measures.
The CERT warning is posted under
http://www.us-cert.gov/cas/techalerts/TA04-111A.html
Read Michael Kanellos, "Exploit found for Net flaw, but risks remote," CNET
News, 22 April 2004 at
http://news.com.com/2102-7355_3-5198103.html
See "Hackable bug found in net's heart," BBC News Online, 21 April 2004 at
http://news.bbc.co.uk/1/hi/technology/3646223.stm
Read "Flaw Could Cripple Entire Net," Associated Press, 20 April 2004 at
http://www.wired.com/news/technology/0,1282,63143,00.html
See Sam Varghese, "TCP flaw reporting over the top: researcher," Sydney
Morning Herald, 22 April 2004 at
http://www.smh.com.au/articles/2004/04/22/1082530277560.html
=========================================================================
[18] Studies indicate Internet privacy awareness lags
=========================================================================
New research suggests that efforts to educate Internet users on how to
protect their personal information still have very far to go.
The research came in the form of two reports, one of which was commissioned
by the Infosecurity Europe trade show, while the other was conducted by the
firm RSA Security. Both of them indicated that many people are very lax as
to how they handle their personal details online, including passwords. For
example, the Infosecurity study found that more than 70% of respondents
would divulge their computer password for a chocolate bar, while another
34% gave out such information (without a chocolate bar or any other
compensation) when asked whether their passwords were related to the name
of a child or pet. Similarly, the RSA Security survey discovered that,
among other things, a third of the people questioned shared their computer
passcodes or otherwise wrote them down-a practice frowned upon by many
privacy advocates.
Many experts hope that these results will at least help galvanize privacy
education efforts. Tony Neate from the British National Hi-Tech Crime Unit
warned that cases of identity fraud and other abuses of personal
information "can only increase if people do not become more aware of their
responsibilities to protect their virtual identities."
For video and text coverage, see "Passwords revealed by sweet deal," BBC
News, 20 April 2004 at
http://news.bbc.co.uk/1/hi/technology/3639679.stm
Read Owen Bowcott, "Identity theft could be next big crimewave, warns
internet firm," The Guardian (UK), 20 April 2004 at
http://www.guardian.co.uk/online/news/0,12597,1195685,00.html
=========================================================================
[19] U.S. Big Brother Awards for 2004 handed out
=========================================================================
Privacy International (PI-a GILC member) recently held its annual United
States Big Brother Awards ceremony for 2004. These prizes are designed to
spotlight some of the most serious threats to individual privacy, and were
handed out at the Computers, Freedom and Privacy (CFP) 2004 Conference. The
winners included:
*The Multistate Anti-Terrorism Information Exchange (MATRIX) system, which
received a Perversion of Justice Award for combining "public records and
private record data from multiple databases with data analysis tools,"
thereby providing "a wealth of personal information in near-real time" to
law enforcement agents.
*The Transportation Security Administration, which won a Bureaucratic
Indifference Award "for its operation of the 'No-Fly' list, a database of
individuals that is distributed to airlines for purposes of stopping or
searching suspected individuals. The list has been run so poorly that many
innocent travelers have been stopped, hassled, and searched every time they
travel."
*Northwest Airlines, which garnered a Blurring the Borders Award for
passing along three months of passenger data to the U.S. government "for
use in a data mining and passenger profiling study."
On a positive note, California State Senator Liz Figueroa won a Brandeis
award for being "one of the most important state leaders on privacy. She
authored California's medical privacy protections and the state's
do-not-call telemarketing legislation. In 2003, she was successful in
passing SB27, a law that requires offline retailers to disclose whether
they sell customers' personal information to direct marketers and to allow
individuals to opt-out of the sale. Her current privacy legislation
includes protections against identity theft, and against the sale of
children's information for direct marketing purposes."
For further information on the U.S. Big Brother Awards, visit
http://www.privacyinternational.org/bigbrother/us2004/
The official CFP 2004 website is located at
http://www.cfp2004.org
==========================================
[20] EFF Pioneer Awards winners announced
==========================================
Several weeks ago, the Electronic Frontier Foundation (EFF-a GILC member)
honored its newest Pioneer Awards laureates. These awards are given out
every year to "individuals who have made significant and influential
contributions to the development of computer-mediated communications or to
the empowerment of individuals in using computers and the Internet."
The winners for 2004 are Kim Alexander, David Dill, and Aviel Rubin "for
spearheading and nurturing the popular movement for integrity and
transparency in modern elections." Alexander is the president of the
California Voter Foundation; among other things, she "has led pioneering
efforts to develop the Internet into an effective tool for voter education
and campaign finance disclosure in California and beyond." A Professor of
Computer Science at Stanford University, David Dill founded
"VerifiedVoting.org to champion transparent and publicly verifiable
elections," and worked alongside Alexander on a special task force to
ensure that electronic voting machines in California provided
voter-verified paper trails. Aviel Rubin is Professor of Computer Science
and Technical Director of the Information Security Institute at Johns
Hopkins University; he "led the effort to expose security flaws in Diebold
computer-based voting systems." In addition, he "co-authored an analysis of
the government's planned SERVE system for Internet voting for military and
overseas civilians, which led to the cancellation of that dangerous project."
For additional details about the 2004 Pioneer Awards winners, click
http://www.eff.org/awards/pioneer/2004.php
=========================================================
ABOUT THE GILC NEWS ALERT:
=========================================================
The GILC News Alert is the newsletter of the Global Internet Liberty
Campaign, an international coalition of organizations working to protect
and enhance online civil liberties and human rights. Organizations are
invited to join GILC by contacting us at
gilc@gilc.org.
To alert members about threats to cyber liberties, please contact members
from your country or send a message to the general GILC address.
To submit information about upcoming events, new activist tools and news
stories, contact:
Christopher Chiu
GILC Coordinator
American Civil Liberties Union
125 Broad Street, 17th Floor
New York, New York 10004
USA
Or email:
cchiu@aclu.org
More information about GILC members and news is available at
http://www.gilc.org
You may re-print or redistribute the GILC NEWS ALERT freely.
This edition of the GILC Alert will be found on the World Wide Web under
http://www.gilc.org/alert/alert84.html
and on the Human Rights Education Associates (HREA-a GILC member) website via
http://www.hrea.org/lists/huridocs-tech/markup/maillist.php
To subscribe to the Alert, or to change your subscription options
(including unsubscribing), please visit
http://mail.2rad.net/mailman/listinfo/gilc-announce
========================================================
PUBLICATION OF THIS NEWSLETTER IS MADE POSSIBLE BY A
GRANT FROM THE OPEN SOCIETY INSTITUTE (OSI)
========================================================
========== HURIDOCS-Tech listserv ==========
Send mail intended for the list to <huridocs-tech@hrea.org>.
Archives of the list can be found at:
http://www.hrea.org/lists/huridocs-tech/markup/maillist.php
To subscribe to the list, send a message to <majordomo@hrea.org>,
with the following text in the message: subscribe huridocs-tech
To unsubscribe from the list, send a message to <majordomo@hrea.org>,
with the following text in the message: unsubscribe huridocs-tech
If you have problems (un)subscribing, contact <owner-huridocs-tech@hrea.org>.
[Reply to this message] [Start a new topic] [Date Index] [Thread Index] [Author Index] [Subject Index] [List Home Page] [HREA Home Page]