GLOBAL INTERNET LIBERTY
CAMPAIGN
NEWS
ISSUES
RESOURCES
ABOUT
GILC
GILC Alert
January 25, 1999
Welcome to the Global Internet Liberty Campaign Newsletter
Welcome to GILC Alert, the newsletter of the Global Internet Liberty Campaign. We are an international organization of groups working for cyber-liberties, who are determined to preserve civil liberties and human rights on the Internet.
We hope you find this newsletter interesting, and we very much hope that you will avail yourselves of the action items in future issues.
If you are a part of an organization that would be interested in joining GILC, please contact us at gilc@gilc.org.
If you are aware of threats to cyber liberties that we may not know about, please contact the GILC members in your country, or contact GILC as a whole.
Please feel free to redistribute this newsletter to appropriate forums.
[1] France Removes Restrictions on Encryption
[2] Hearing for Injunction begins this Week in ACLU v. Reno II
[3] Code-Breaking Contest Won Again by EFF, Distributed.Net
[4] China Jails Computer Engineer Accused of Subversion
[5] Court Upholds Calif. Library's Uncensored Net Access Policy
[6] India May Prohibit Purchases of Weak U.S. Encryption Products
[7] China to Regulate Internet Access Cafes
[8] Guyanese Government Will Permit Unfiltered Net Access
[9] UNESCO Holds Meeting To Limit Spread of Online Child Porn
[10] Electronic Frontiers Australia Obtains Uncensored Crypto Report
[11] Report On Implementation of Data Privacy Directive Available
[12] The Internet Society France to hold a "Virtual" Session of Parliament
[13] Norwegian Supreme Court Finds Hacking Not Illegal
[1] France Removes Restrictions on Encryption
French officials this week announced dramatic liberalization of its cryptography laws and that it will allow Gallic computer users to work with any strength of encryption technology, Meryem Marzouki (a GILC Member) said.
Some civil libertarians praised the change, but added that there is a downside to the new law since law enforcement will be provided expanded surveillance authority under the changes.
Until now, France has had restrictive encryption laws, criminalizing any unauthorized use of crypto-products and only permitting use of weak products without government authorization with only 40 bit strength.
According to French civil liberties groups, there has been a broad range of pressure from privacy advocates, users and businesses that the French restrictions on cryptography not only infringe on privacy, but also deter the growth of electronic commerce because it is not secure. Moreover, pressure to change the French policy also came from other EU member countries that have a more liberalized approach.
In the announcement made by Prime Minister Jospin, he said that until new legislation is in place, the level for free use of encryption inside France would be raised administratively from the current 40-bit level to 128 bits effect immediately.
Jospin announced that his administration would send forward proposed legislation allowing complete freedom in the use of all cryptography, abolishing the requirement to use trusted third parties, and providing instead increase funding for the police, combined with enhanced authority to demand plaintext in the course of an investigation.
"We acquired the conviction today that the legislation of 1996 is not adapted any more. Indeed, it strongly restricts the use of cryptology in France, without allowing besides for the public authorities fighting as much effectively against criminal intrigues whose encryption could facilitate the dissimulation," Jospin said.
Information about the changes can be found online at: http://www.premier-ministre.gouv.fr/PM/D190199.HTM
Also at http://www.internet.gouv.fr
To learn more about Cryptography regulations from all over the world, see the Global Interent Liberty Campaign's Report: Cryptography and Liberty: An International Survey of Encryption Policy. A world survey of crypto policies released in February 98 finding that most countries do not restrict the use of encryption. Online at: http://www.gilc.org/crypto/
[2] Hearing for Injunction Held Last Week in ACLU v. Reno, Round 2
A three-day hearing was held last week before federal Judge Lowell A. Reed, Jr. in Philadelphia in GILC members, including the American Civil Liberties Union's (ACLU's) battle against a second Congressional attempt at unconstitutional Internet censorship.
The ACLU will have the first day-and-a-half to present expert and other witnesses and plaintiffs; attorneys for the Department of Justice will have the next day-and-a-half. A ruling is expected by February 1, when an agreement to suspend the law expires. In November, Judge Reed halted enforcement of a federal Internet censorship law until its constitutionality is resolved in court.
ACLU v. Reno II, as the new case is called, was filed by the American Civil Liberties Union (ACLU) with the Electronic Privacy Information Center (EPIC), the Electronic Frontier Foundation (EFF) and volunteer lawyers as co-counsel on behalf of 17 individuals and organizations. All three organizations are members of GILC. Complete information about the case, including the latest legal documents and the ACLU and government witness lists, are available on the ACLU website at http://www.aclu.org
This second round challenges the new so-called "Child Online Protection Act" which makes it a federal crime to "knowingly" communicate "for commercial purposes" material considered "harmful to minors." Penalties include fines of up to $50,000 for each day of violation, and up to six months in prison if convicted of a crime. The government also has the option to bring a civil suit against individuals under a lower standard of proof, with the same financial penalty of up to $50,000 per violation.
Despite lawmakers' claims that the new bill is "narrowly tailored" to apply only to minors, ACLU Staff Attorney Ann Beeson said that the constitutional flaws in this law are identical to the flaws that led the Supreme Court to strike down the original CDA.
"Whether you call it the 'Communications Decency Act' or the 'Congress Doesn't Understand the Internet Act,' it is still unconstitutional and it still reduces the Internet to what is fit for a six-year-old," said Beeson, a member of the original ACLU v. Reno legal team.
Although proponents claim that the law applies only to commercial websites, nonetheless, the groups said in legal papers, the law "bans a wide range of protected expression that is provided for free on the Web by organizations and entities who also happen to be communicating on the Web 'for commercial purposes.'"
In the November ruling granting a temporary restraining order, Judge Reed said that the groups had shown "a likelihood of success on the merits of at least some of their claims" that the federal Internet censorship law violates the First Amendment rights of adults. The government, Judge Reed said, presented "no binding authority or persuasive reason" why the court should not enjoin "total enforcement" of the law pending an outcome.
[3] Code-Breaking Contest Won Again by Distributed.Net, Electronic Frontier Foundation
Distributed.Net, a worldwide coalition of computer enthusiasts along with the Electronic Frontier Foundation's (EFF) "Deep Crack," specially designed supercomputer, and a network of nearly 100,000 PCs on the Internet, together won a competition to crack information coded with the United States government's Data Encryption Standard (DES) in a record-breaking 22 hours and 15 minutes.
The groups beat the record set last year by the EFF computer alone which won the RSA Data Security's DES Challenge breaking the DES code in 56 hours.
The DES algorithm is commonly available technology first adopted by the US government in 1977. The 56-bit DES algorithm is still widely used by financial services and other industries worldwide to protect sensitive on-line applications, despite growing concerns about its vulnerability.
More than two dozen international organizations that are members of GILC launched a campaign against restrictions on cryptography to 56-bit DES, because it is a weak standard and stating that strong encryption is vital to promoting human rights.
"[The] failure to protect the free use and distribution of cryptographic software will jeopardise the life and freedom of human rights activists, journalists and political activists all over the world," GILC members said in the RESOLUTION IN SUPPORT OF THE FREEDOM TO USE CRYPTOGRAPHY, online at: http://www.gilc.org/crypto/oecd-resolution.html.
RSA has been sponsoring a series of DES-cracking contests to highlight the need for encryption stronger than the current 56-bit standard widely used to secure both U.S. and international commerce.
"As today's demonstration shows, we are quickly reaching the time when anyone with a standard desktop PC can potentially pose a real threat to systems relying on such vulnerable security," said Jim Bidzos, president of RSA Data Security, Inc. "It has been widely known that 56-bit keys, such as those offered by the government· ·s DES standard, offer only marginal protection against a committed adversary."
As part of the contest, RSA awarded a $10,000 prize to the winners at a special ceremony held during the RSA Conference. The goal of this DES Challenge contest was not only to recover the secret key used to DES-encrypt a plain-text message, but to do so faster than previous winners in the series.
"EFF believes strongly in providing the public and industry with reliable and honest evaluations of the security offered by DES. We hope the result of today's DES Cracker demonstration delivers a wake-up call to those who still believe DES offers adequate security," said John Gilmore, EFF co-founder and project leader.
"The government· ·s current encryption policies favoring DES risk the security of the national and world infrastructure."
The Electronic Frontier Foundation began its investigation into DES cracking in 1997 to determine just how easily and cheaply a hardware-based DES Cracker (i.e., a code-breaking machine to crack the DES code) could be constructed. Less than one year later and for well under U.S. $250,000, the EFF, using its DES Cracker, entered and won the RSA DES Challenge II-2 competition in less than 3 days, proving that DES is not very secure and that such a machine is inexpensive to design and build.
[4] China Jails Computer Engineer Accused of Subversion
A Chinese court on Wednesday (January 20) sentenced a software engineer accused of using the Internet for the purpose of "inciting to overthrow state power" to two years in jail, Reuters reports.
Lin Hai, a Shanghai software engineer, was arrested last March after sending 30,000 Chinese email addresses to VIP Reference, an Internet pro-democracy newsletter based in Washington and New York. In December, a Shanghai court adjourned without delivering a verdict on Lin.
Lin's wife criticized the sentence as being harsh even though his sentence is shorter than the decade-long terms issued against other dissidents, Reuters reports.
The publication that Lin is accused of sending email addresses to is VIP Reference, a publication that is based in the US and distributes reports on dissident activities, human rights, and essays in the promotion of freedom of speech and democracy to more than 250,000 email addresses in China.
Lin previously pled not guilty to a charge of inciting subversion of state power by providing local email addresses to a U.S.-based dissident publication. In December, he told the court hat he is not a member of the VIP Reference network, which court documents describe as a hostile foreign organization.
Before the December hearing, members of GILC, launched an online action alert campaign on behalf of Lin and other scientists and dissidents jailed in China. In addition to the online action alert, GILC member, the Digital Freedom Network (DFN) also has further information about Lin on their web site at: http://www.dfn.org/Alerts/freesci/freesci.html
[5] Court Upholds Calif. Public Library's Uncensored Net Access Policy
In a ruling endorsing on-line free speech in libraries, the Alameda County Superior Court last week (January 14, 1999) dismissed a lawsuit seeking to require the Livermore Library to censor Internet use by patrons. The ruling in Kathleen R. v City of Livermore marks the second time that the court has rejected an attempt by Kathleen R. to force the Livermore library to abandon its open access policy governing Internet use.
"The court's ruling ... sets an important precedent for libraries in California and across the nation," said Ann Brick, staff attorney with the American Civil Liberties Union of Northern California, (a GILC member) who filed a friend of the court brief in support of the library. "By upholding the Library's open access policy, the court not only vindicates the judgment of the library board in adopting the policy, it vindicates the First Amendment values on which the policy rests."
Last October, the Alameda County Superior Court dismissed the lawsuit's original complaint in which Kathleen R. argued that the library's open access policy constituted a public nuisance. In her amended complaint, Kathleen R. claimed she had a constitutional right to force the library to discontinue its open access policy. Following a hearing on January 13, Judge Hernandez dismissed the second complaint today, stating that no further amended complaint could be submitted to the court, thereby dismissing the entire lawsuit.
The Livermore Public Library's policy on Internet use specifically informs its patrons that material available over the Internet may be controversial, that the library is not responsible for the content of material available on the Internet, and that parents are responsible for supervising the Internet use of their children. "The library's policy is sensitive both to First Amendment concerns and the concerns of parents," Brick noted. "It enables each family to be sure that its children use the Internet in a manner that is consistent with its own values without imposing those values on other families." Brick noted that this position has long been espoused by the American Library Association and the majority of libraries across the country.
[6] India May Prohibit Purchases of Weak U.S. Encryption Products
India's Defense Research and Development Organization (DADO) has announced that it may prohibit the purchase of encryption software made in the US because the products are too weak, the Economic Times reports (January 12, 1999).
The reports state that "the DADO's concern about US-developed software stems from one basic insecurity - the data traffic and network security software that comes from the US can be easily hacked into and could prove to be a security hazard."
Because US software vendors can export only encryption software products with 56 bit strength, the Indian government said the quality of US products exported to India are · ·doubtful from a "security point of view."
Indian officials have also said that they are developing an indigenous secure communications tools within the next few months, so as to obviate the need for American products.
[7] China to Regulate Internet Access Cafes
China has ordered tight controls on Internet cafes offering public access to stop the spread of pornography and gambling, Reuters reports.
Businesses providing online services must register with local officials providing details about their business operations, including the names of all Web surfers using the company's computers under a new directive, according to Reuters.
``Some business operators are using the bars as a front to engage in gambling or pornography,'' a recent Chinese Ministry report said. ''Authorities believe this is posing a threat to the hearts and minds of the youths."
According to recent estimates, the number of Chinese online has grown two more than two million, however, the growth has also been accompanied by government concerns about social threats because of access to online communications and has increased crack downs against users.
[8] Guyanese Government Will Permit Unfiltered Net Access
Citing a commitment to free expression, the Guyanese government announced this week that it is lifting restrictions requiring content blocking of any information about sex, racism and explosives from users based in this South American country, according to the Associated Press.
In 1995, when high speed Internet first became available in Guyana, former President Cheddi Jagan required filtering and blocking devices to be installed in order to prevent the growth of "immoral content" and the adult industry in the region.
However, according to the Associated Press report, about one-third of the Guyana Telephone and Telegraph Co.'s income comes from international sex lines.
In order to circumvent the blocking firewall, users had to apply for permission to use unfiltered technology. The AP report also stated that Guyanese users complained that faulty filters blocked content about AIDS, anti-racism sites and the US Independent Counsel's Report by Kenneth Starr's urging the impeachment of President Clinton.
[9] UNESCO Holds Meeting To Limit Spread of Online Child Porn
Representatives from around the world gathered this week for a two day conference in Paris to discuss how to combat online child pornography.
The conference was organized by the United Nations Educational Scientific and Cultural Organization (Unesco), which called for new laws to reduce child pornography and for greater participation by Internet Service Providers in monitoring and removing such content.
Officials at the meeting said that one obstacle to curtailing child pornography on the net is that there is no uniformity in national laws dealing with dissemination of such images.
According to news reports, UNESCO officials called for the design of filtering search engines to block access to sites that contain child pornography and for the creation of a global group to monitor content.
However, even without new legislation, law enforcement officials have stepped up efforts against individuals disseminating child pornography online in the past two years and have arrested hundreds of suspects. Numerous arrests against alleged offenders have been made as a result of sting operations where police have posed as customers wishing to purchase such images or as minors.
[10] Electronic Frontiers Australia Obtains Uncensored Govt Crypto Report
Electronic Frontiers Australia (EFA) has obtained access to an uncensored copy of the Australian Government's report "Review of Policy relating to Encryption Technologies." The report was originally slated for release in 1997 but withdrawn by the government after it was printed because of "sensitive" information it contained.
The report had been commissioned by the Attorney-General's Department to open up the cryptography debate in Australia.
Last year EFA's request for a copy of the report under the Australian Freedom of Information Act, was rejected for law enforcement, public safety and national security reasons. Eventually, EFA obtained a censored copy in June 1997, with the allegedly sensitive portions whited out.
Among the items that were censored in the version sent to EFA (which are now available) are:
Paragraphs censored for reasons of national security, defense or international relations: a statement that there are "design flaws" in US and British key recovery proposals; an opinion that export controls are of dubious value; commentary that US agencies sought to dominate public discussion of encryption policy.
Paragraphs censored because they are classified as "internal working documents": a recommendation that "hacking" by law enforcement agencies should be above the law; recommendation that authorities be given the power to demand encryption keys, in contravention of the principle of non self-incrimination.
The full version of the report is now online at: http://www.efa.org.au/Issues/Crypto/Walsh/index.htm.
The originally censored parts are highlighted in red.
[11] Report On Implementation of Data Privacy Directive Available Online
A report prepared over the course of a year by four privacy experts (Charles Raab, Colin Bennett, Nigel Waters and Bob Gellman) and for the European Commission on the implementation of Articles 25 and 26 of the EU Data Protection Directive is available online.
The report contains 30 empirical case studies of the international transfer of personal data from Europe to 6 jurisdictions (Canada, US, Japan, Australia, New Zealand, Hong Kong). These cases represent five different transfer categories: sensitive information in airline reservations systems; human resources data; electronic commerce; medical data; and subcontracted outsourcing. For each transfer, we gained the collaboration of certain partner organizations to give us a realistic sense of the nature of the personal data transferred and the means of communication. We then made certain evaluations about the "adequacy" of protection according to a common evaluative methodology.
The final report entitled "Application of a methodology designed to assess the adequacy of the level of protection of individuals with regard to processing personal data" has just been published and can be found under the "Reports" section at: http://europa.eu.int/comm/dg15/en/public/index.htm#5
[12] The Internet Society France to hold a "Virtual" Session of Parliament
Autrans, France (January 8, 1999) -- The Internet Society France plans to sponsor a "virtual" session of parliament this March to vote on a law governing the Internet during the second-annual Fete de l'Internet, French Internet Day.
The idea is to allow all interested Internet users to participate in the entire process of drafting, revising and passing a law, ISOC France said in a statement. The French senate, which is working alongside ISOC to put on the event, will then pass a mock law, based on user input.
Through ISOC France's Web site, Internet users can participate in drafting the mock law, which will be aimed at creating a new structure for governing the Internet. During the drafting process, participants will target issues such as data privacy, intellectual property rights, consumer protection, the regulation of encryption and the use of the Internet to spread illegal and indecent content.
After an initial draft of the law is presented later this month, users can also participate in the amendment process. The idea is to get people thinking about how existing laws concerning the Internet France should be adapted, ISOC said.
The real-world event, called "Internet Law: Conquering a Global Village," will take place March 19 to March 29.
ISOC France http://www.isoc.asso.fr/
France's Internet Festival http://www.fete-internet.asso.fr/index.asp
[for the entire story, look at http://www.sunworld.com/swol-01-1999/swol-01-if.html?0118a ]
[13] Norwegian Supreme Court Finds Hacking Not Illegal
Norway's Supreme Court ruled last week that is not a crime to attempt to break into another person's or entity's computer system, USA Today reports ( January 14, 1999).
However, the Court did found that it is a crime once a person has actually broken into a computer system without authorization. The ruling is a result of an attempt by a computer security company to break into the University of Oslo's computers through the Internet.
According to USA Today, the security company determined where there are entry points in the university's computer security, but did not break in, tamper with, or steal any information.
ABOUT THE GILC NEWS ALERT:
The GILC News Alert is the newsletter of the Global Internet Liberty Campaign, an international coalition of organizations working to protect and enhance online civil liberties and human rights. Organizations are invited to join GILC by contacting us at gilc@gilc.org. To alert members about threats to cyber liberties, please contact members from your country or send a message to the general GILC address.
To submit information about upcoming events, new activist tools and news stories, contact: GILC Coordinator, American Civil Liberties Union 125 Broad Street 17thFloor, New York, New York 10004 USA. email: gilcedit@aclu.org
More information about GILC members and news is available at http://www.gilc.org. You may re-print or redistribute the GILC NEWS ALERT freely. To subscribe to the alert, please send an mail to gilc-announce@gilc.org with the following message in the body: subscribe gilc-announce
PUBLICATION OF THIS NEWSLETTER IS MADE POSSIBLE BY A GRANT FROM THE OPEN SOCIETY INSTITUTE (OSI)