GLOBAL INTERNET LIBERTY
CAMPAIGN
NEWS
ISSUES
RESOURCES
ABOUT
GILC
GILC Alert
August 2, 2000
Welcome to the Global Internet Liberty Campaign Newsletter
Welcome to GILC Alert, the newsletter of the Global Internet Liberty Campaign. We are an international organization of groups working for cyber-liberties, who are determined to preserve civil liberties and human rights on the Internet.
We hope you find this newsletter interesting, and we very much hope that you will avail yourselves of the action items in future issues.
If you are a part of an organization that would be interested in joining GILC, please contact us at gilc@gilc.org.
If you are aware of threats to cyber liberties that we may not know about, please contact the GILC members in your country, or contact GILC as a whole.
Please feel free to redistribute this newsletter to appropriate forums.
Free Expression
[1] ICANN's plans draw fire
[2] DVD weblinks trial nearly over
[3] US Gov't threatens Cryptome.org
[4] French anonymity bill passes
[5] Will the Internet Age reach Cuba?
[6] Malaysia to imprison online critics
[7] Yahoo: blocking software not effective
[8] Journalism website shutdown in Fiji
[9] Upcoming filtering workshopPrivacy and Encryption
[10] Carnivore spy program controversy
[11] UK surveillance plan approved
[12] US "blackbag" search proposal scrapped
[13] EU launches Echelon probe
[14] US commission approves weak privacy plan
[15] Toysmart.com settlement found wanting
[16] Kids software tracks users
[17] Dutch business hurt by gov't email spies
[18] Microsoft's new privacy indicator
[19] EU approves Safe Harbor plan
[20] US workplace monitoring bill[21] In Memoriam: Bruce Ennis
[1] ICANN's plans draw fire
Critics are scoffing at several recent decisions made by the main organization responsible for administering the domain name system.
The Internet Corporation for Assigned Names and Numbers (ICANN) recently held meetings in Yokohama, Japan. At this meeting, ICANN's Board of Directors passed a resolution requiring individuals applying for the right to operate new top-level domain names to pay a non-refundable US $50,000 fee upfront. Many experts worry that this charge will prevent Internet users, noncommercial entities and small business from creating and utilizing new domain names. Moreover, there are concerns that domain name space has become so scarce that individuals cannot register the domain name of their choice, including people who wish to protest well-known companies, without fear of legal liability (e.g. verizonreallysucks.com).
Another resolution essentially reduces the number of publicly elected At-Large Board members (from nine to five). The current Board passed this resolution despite charges that this move threatens attempts to democratize Internet Governance. The Center for Democracy and Technology (CDT-a GILC member) expressed concerns that similar proposals (which would completely phase out elected At-Large Board members) would essentially "exclude an important public voice" from ICANN governance.
In response to these concerns, a number of organizations are joining together to form a special Civil Society Internet Forum. The Forum came about through a special meeting in Yokohama that was sponsored by the Internet Democracy Project, an initiative spearheaded by 3 GILC member organizations: Computer Professionals for Social Responsibility (CPSR), the Electronic Privacy Information Center (EPIC), and the American Civil Liberties Union (ACLU). The goal of this Forum is to launch a new framework for the creation of a global Internet community. The Forum will soon organize a series of meetings to educate and organize civil society organizations and individuals on matters regarding Internet governance and human rights principles.
Transcripts of the ICANN's meetings in Yokohama are available at http://cyber.law.harvard.edu
For further information, visit the Internet Democracy Project website at http://www.internetdemocracyproject.org
[2] DVD weblinks trial nearly over
The courtroom battle over DVD weblinks may be drawing to a close.
The case centers around DeCSS-a primitive program to help users of the Linux operating system play DVDs on their computers. The entertainment industry, through the DVD Content Control Association (DVD CCA) and the Motion Picture Association of America (MPAA), has sued to prevent Internet users from linking to websites that have DeCSS. In New York, the motion picture industry is suing 2600 Magazine, which is defended by the Electronic Frontier Foundation (EFF-a GILC member). Previously, courts in both New York and California had issued preliminary injunctions that barred computer users from posting DeCSS on their websites. Many experts fear that these actions may stifle free expression in cyberspace.
In the New York trial, both sides have finished calling witnesses, and are preparing to submit their final briefs. While the outcome is still in doubt, presiding judge Lewis Kaplan was visibly moved by the testimony from the defense. One of these witnesses, Professor David Touretzky, noted that banning DeCSS would have a terrible impact on free discourse, and said: "I've been programming computers since I was 12 years old, and I'm very concerned when events take place that threaten my ability to express myself." Subsequently, Judge Kaplan stated that he found "what Professor Touretzky had to say today extremely persuasive and educational about computer code." A decision is expected within the next few weeks.
For press coverage, see Larry Neumeister, "DVD Trial Testimony Ends," Associated Press, July 26, 2000 at http://www.abcnews.go.com/sections/tech/DailyNews/dvd000726.html
See also John Borland, "Hollywood looks to kill hyperlinks in copyright fights," CNet News, July 25, 2000 at http://news.cnet.com/news/0-1005-200-234-2094.html
[3] US Gov't threatens Cryptome.org
The United States government is threatening legal action against an architect who posted a controversial document on his website.
John Young runs Cryptome.org, which houses numerous files related to government surveillance and Internet policy. He recently uploaded a document that includes contact information for various officials in the Japanese Public Security Investigation Agency (PSIA). The document was provided by Hironari Noda, a former employee and critic of PSIA who has written a book entitled "CIA Spy Training: An Experience of One Agent of the PSIA." Noda's list was entitled "The Most Incompetent Intelligence Agency in the World."
Subsequently, the U.S. Federal Bureau of Investigations (FBI) admonished Mr. Young, telling him to remove the document from Cryptome. He refused, and later noted: "There's nothing wrong with me putting this stuff up in the U.S. It's not wrong or illegal." Curiously, after this exchange took place, Young's website suffered a denial of service attack that knocked Cryptome offline. The culprit behind the attack is still unknown.
For further details, read Declan McCullagh, "Attack on Spy Activist's Site," Wired News, July 24, 2000 at http://www.wired.com/news/print/0,1294,37746,00.html
[4] French anonymity bill passes
The French Assembly has approved a new bill that may have serious repercussions for online free speech.
The bill will create a complex system that would force web authors to register their identities and make them available to the government. The scope of the new law includes web sites and web forums. On June 28, the French legislature adopted a new version of the plan. In this new version, there is no penalty to users who fail to identify themselves, and Internet service providers do not have to check the identification provided by their users. However, the law requires Internet Service Providers to take "appropriate actions" to deal with inappropriate content, and empowers an administrative body, the 'Conseil d'Etat' to define the data that should be kept by the host provider.
Subsequently, members of the French legislature (from various opposition parties) sent the act to the Constitutional Council (CC) to determine whether the new law violates the French Constitution. On July 27, the Council decided that the provisions imposing liability on ISPs (for failing to take appropriate steps when informed of illegal/harmful content) were unconstitutional. In particular, the Council held that the proposal's standards regarding criminal conduct were too vague. It is unclear at this point whether the law will be amended to remove the offending language.
In the meantime, a number of cyberliberties groups, including Imaginons un Reseau Internet Solidaire (IRIS-a GILC member) have blasted the proposal, particularly because the new scheme will would force Internet service providers (ISPs) to act as judges and try to flush out whistleblowers and other anonymous speakers, as well as screen out controversial Internet content, for fear of liability. An IRIS Declaration protesting the measure has garnered signatures from over 70 organizations, including many GILC members.
IRIS has an extensive collection of materials on this bill under http://www.iris.sgdg.org/actions/loi-comm/
The full text of the Constitutional Council's decision is available (in French) at http://www.conseil-constitutionnel.fr/decision/2000/2000433/2000433dc.htm
[5] Will the Internet Age reach Cuba?
Cuba is trying to join the online world, but government censorship and bureaucracy are apparently hampering progress.
Past attempts to bring the Internet to the Caribbean nation had run into major technical difficulties. Some of these problems were due to the country's telephone system, which was ill-suited to modern data transfer processes. However, the government is now launching capital improvement programs that hopefully will bring new phone lines (and Internet access) to millions of Cubans. In addition, grants from various sources, including the World Bank, are helping universities and other organizations go online.
However, these efforts to bring Cuba into the Internet Age continue to face several serious obstacles. For one thing, the nation's Communist leaders have considerable powers with which to censor online material. Cubans are often unable to visit websites hosted in other countries, and Havana still has the power to review all personal e-mail. Furthermore, high access fees have prevented many of the countries' residents from logging in. In addition, those people who can afford to pay the fees must then prove they are researchers or working for certain government-approved institutions before they are allowed onto the Information Superhighway.
For further details, read Maria F. Durand, "Cuba Goes Online," ABCNews.com (US), July 24, 2000 at http://www.abcnews.go.com/sections/world/DailyNews/cubainternet000721.html
[6] Malaysia to imprison online critics
Watch what you say online, at least if you're in Malaysia. You could end up in prison, be forced to pay heavy fines, or both.
The Malaysian government has enacted a new Communications and Multimedia Act, which criminalizes various forms of Internet speech. Violators face one-year prison sentences as well as fines of up to M$50,000 (more than US $13,000). Authorities are apparently worried about organizations that have used the Information Superhighway to express their grievances with the current political system. The list of website creators ranges from supporters of former deputy Prime Minister Anwar Ibrahim to various religious groups to anti-government protestors.
Oddly enough, Malaysian officials had been trying to spur greater Internet use. It is unclear these efforts will be jeopardized by the new legislation.
See "Malaysia warns Internet abuse could lead to imprisonment," Associated Press, July 26, 2000 at http://technology.scmp.com/Internet/DAILY/20000726125847504.asp
[7] Yahoo: blocking software not effective
Blocking software doesn't work.
That's what Yahoo is claiming before a French court. The Internet firm was recently sued allowing auctions of Nazi memorabilia on its site in the United States. The suit was made pursuant to French laws that generally prohibit such goods from even being advertised, much less sold. The court previously ruled against Yahoo and threatened fines of over US $150,000 per day if the company did not block French Internet users from accessing the US page. However, the firm stated that compliance with the court's edict would be impossible, arguing that current computer programs to block questionable Internet content are not effective.
The court has now pushed the compliance date back by several weeks in order to allow further discussion of these technical issues.
See Jean Eaglesham "Court defers Yahoo! ruling," Financial Times.com, July 24, 2000.
[8] Journalism website shutdown in Fiji
University officials have closed down a student website that gave extensive critical coverage of recent events in Fiji.
Administrators at the University of the South Pacific halted operations at Pacific Journalism Online (PJO)-a webpage that includes an award winning online newspaper, Wansolwara. The school's Vice-Chancellor, Esekia Solofa, cited "security reasons" and suggested that if the website's activities were not abated, "the whole of USP might have been at risk." Solofa also compared PJO's situation to that of Fiji television stations, many of which have suffered extensive damage at the hands of militants affiliated with coup leader George Speight. However, many people believe that censorship, not "security reasons," were behind the school's actions. These critics set up several mirror websites, including at least one in Australia and two in the United States.
In the latest development, University officials lifted its ban, but with a major catch. School administrators allowed Pacific Journalism Online to continue operations, but strictly barred students from issuing any new reports on events in Fiji. In response, the proprietors of PJO have sent their freshly written news items overseas to the mirror sites previously mentioned. Thus, PJO readers in Fiji may have to visit offshore webpages to find out about current events at home.
To see the Australian mirror of Pacific Journalism Online, visit http://www.journalism.uts.edu.au/archive/fiji_coup/index.html
To see a US mirror of Pacific Journalism Online, visit http://www.sidsnet.org/pacific/usp/journ/
[9] Upcoming filtering workshops
Troubled by Internet censorship plans? The Bertelsmann Foundation is holding workshops, hoping to convince people otherwise.
In the past, the Foundation has supported new industry-based "Codes of Conduct" to restrict the posting of controversial material online. These and other policy stances have drawn considerable criticism from numerous experts, many of whom believe that the Codes might be the first step toward Internet censorship on a global scale. Nevertheless, the Foundation is moving ahead through a series of meetings to discuss implementation of these purportedly "voluntary" schemes. The latest in this series of meetings will happen on September 8 in Gutersloh, Germany, and will focus on "Profile Development for a Voluntary Self-Rating and Filtering System." Oddly enough, this meeting is targeted at "Churches, Unions, Civil Liberties Organizations, and Media Supervisory Bodies."
Many cyberliberties advocates continue to be skeptical of these plans, and are concerned that these workshops will merely divert attention toward technical aspects without addressing the root issue: whether these new systems will stifle free expression in cyberspace.
For more information, visit http://www.stiftung.bertelsmann.de/internetcontent/english/frameset.htm?cont ent/c2400.htm
[10] Carnivore spy program controversy
A new US Government Internet surveillance program has led to an outpouring of public criticism.
The program, known as "Carnivore," is a device that is attached to the server of a given Internet service provider. This device intercepts all Internet transmissions that come through the server, then parses out pertinent material, based on chosen keywords. A spokesman from the US Federal Bureau of Investigations (FBI) confirmed that Carnivore can monitor private e-mail messages as well as activity on the World Wide Web and in chat rooms.
These revelations have sparked outrage from across the political spectrum. The list of critics includes the American Civil Liberties Union (ACLU-a GILC member). At a recent Congressional hearing, ACLU Associate Director Barry Steinhardt charged that "Carnivore is roughly equivalent to a wiretap capable of accessing the contents of the conversations of all of the phone company's customers, with the 'assurance' that the FBI will record only conversations of the specified target. This 'trust us, we are the Government' approach is the antithesis of the procedures required under our wiretapping laws." Similar concerns were aired by the Center for Democracy and Technology (CDT-a GILC member).
Besides these comments, several policymakers and organizations are taking formal action. Congressman Bob Barr will soon submit a proposal that would restrict the government's power to conduct surveillance on the Internet. In addition, at least two formal requests for more details about Carnivore have already been submitted: one from the Electronic Privacy Information Center (EPIC-a GILC member) and another from the ACLU. A Federal judge has now ordered the United States Department of Justice to formally respond to EPIC's request by August 16.
Yet despite these developments, US Attorney General Janet Reno refused to stop the use of Carnivore while an internal review takes place. Oddly enough, Reno also stated: "I think it's very important for the American people to feel that they are the master of technology, not that technology is mastering them."
The Carnivore controversy has heightened concerns about the erosion of online privacy. A recent study conducted by USA Today.com has revealed that government agencies have stepped up their efforts to conduct searches of Internet users' computer data. The report shows that the number of search warrants served on America Online (the country's biggest Internet service provider) has risen by more than 800% between 1997 and 1999.
To read the testimony presented at the Congressional hearing, visit http://www.house.gov/judiciary/con07241.htm
See also D. Ian Hopper, "'Carnivore' to continue," Associated Press, July 28, 2000 at http://www.abcnews.go.com/sections/tech/DailyNews/carnivore0728.html
For more on EPIC's request for information concerning Carnivore, visit http://www.epic.org/privacy/litigation/carnivore_release.html
The ACLU's request for information on Carnivore is located at http://www.aclu.org/news/2000/n071400a.html
To read about the judicial ruling on EPIC's request, read Bill Miller, "Judge Rules on Net Tap," Washington Post, August 3, 2000, page E1, at http://washingtonpost.com/wp-dyn/articles/A25897-2000Aug2.html
For the USA Today.com report, read Will Rodger, "Search warrants for online data soar," USA Today.com, July 27, 2000 at http://www.usatoday.com/life/cyber/tech/cti289.htm
[11] UK surveillance plan approved
This fall, British Internet users can expect Big Brother to watch their every move online.
Both houses of Parliament have approved a new bill that will require all Internet traffic in the UK to be sent through a division of the M.I.5-the chief investigatory agency of the British government. The Regulation of Investigatory Powers bill (RIP) would authorize more government agencies to conduct electronic surveillance. The bill would also expand the types of data that can be intercepted, including "traffic data" such as passwords and lists of visited websites. Additionally, the proposal would force cybernauts to either provide encryption keys to the police when requested, or prove in court that they don't have such keys.
This legislation has derided a broad coalition of groups, including cyberliberties advocates and computing firms. A myriad of minor amendments (including a Code of Practice and a requirement that wiretapping requests must be in writing) failed to quiet the privacy and cost concerns that the bill posed. Indeed, in a press release, Cyber-Rights & Cyber-Liberties UK (a GILC member) questioned the utility of these amendments. In particular, the group pointed out that "the safeguards within the Code of Practice are inadequate as there is not even a mention of such offences that may be related to failure to comply with any provisions of the draft Code of Practice."
Strangely enough, Charles Clarke, a minister from the British Home Office (which initially proposed RIP), claimed that "propaganda is needed" to mollify critics. However, a recent study by the British Chamber of Commerce suggests that RIP may require much more than mere spin control. According to that study, British companies firms will have to shell out an estimated 46 billion pounds (US $69.9 billion) just to comply with the new law. The Chamber of Commerce's report apparently did not take into account the potentially priceless impact that the legislation may have on privacy in cyberspace. Indeed, Claranet, Britain's largest independent Internet Service provider, is already planning to move offshore in order to avoid RIP's onerous provisions.
To see the full text of the bill, visit http://www.publications.parliament.uk/pa/ld199900/ldbills/104/2000104.htm
For press coverage of Claranet's flight from RIP, read Jamie Doward, "Net firms set to flee RIP," The Observer, July 30, 2000 at http://www.observer.co.uk/Print/0,3858,4045645,00.html
See Laura Rohde, "U.K. Passes E-Mail Snooping Bill Into Law," The Industry Standard, July 27, 2000, at http://www.thestandard.com/article/display/0,1151,17179,00.html
[12] US "blackbag" search proposal scrapped
Here's an idea for stopping drug use-have government agents secretly break into private homes and install surveillance devices on people's computers.
A recent US proposal would have authorized law enforcement officials to carry out these so-called "blackbag" operations. The Methamphetamine Anti-Proliferation Act would have allowed police officers to conduct these activities in the name of drug interdiction. The bill also included a provision that would have made it illegal for news websites to link to webpages about topics like medical marijuana and hemp production by threatening them with jail time. Still another portion of the Act would have forced Internet Service Providers to remove users' web pages without due process on the basis of mere allegations by the government.
Numerous experts savaged the Act as a blow against online privacy and free speech. Rachel King, a Legislative Counsel to the American Civil Liberties Union (ACLU-a GILC member), worried that "some members of Congress appear to be saying that no cost is too high when it comes to cultivating a tough on crime image." The host of critics included such noted figures as US Supreme Court Chief Justice William Rehnquist and Representative Maxine Waters. Bowing to these concerns, the House Judiciary Committee removed these the controversial provisions for the Act. The ACLU's Marvin Johnson applauded this latest development, saying that the Committee "bravely withstood pressure to expand some of the worst elements of the so-called war on drugs."
An ACLU press release on this subject is available at http://www.aclu.org/news/2000/n072500a.html
For additional details, see David McGuire, "Judiciary Committee Removes Net Provisions From Drug Bill," Newsbytes, July 27, 2000, at http://www.computeruser.com/news/00/07/27/news19.html
[13] EU launches Echelon probe
The European Union is forming a new committee to investigate a super-secret surveillance network.
This system, known as ECHELON, is designed to intercept communications from around the world. ECHELON is reportedly operated by the United States National Security Agency in conjunction with several other intelligence agencies, and is supposed to be capable of intercepting e-mail messages, faxes, and telephone conversations. Concerns about ECHELON's potentially invasive nature were heightened by a recent Congressional hearing, where the directors of both the Central Intelligence Agency (CIA) and NSA refused to provide details on the legal standards by which ECHELON operates.
The European Parliament has now voted to create a temporary committee to investigate charges that ECHELON is being used to invade individual privacy and to conduct economic espionage. However, this new body will not have the power to call witnesses or subpoena classified documents. For this reason, the Green Party has expressed fears that the committee "is in danger of being no more than a mere talkingshop."
Read Steve Kettmann, "U.S. Eyes Europe's Echelon Probe," Wired News, July 6, 2000 at http://www.wired.com/news/print/0,1294,37411,00.html
See also Jelle van Buuren, "European Parliament votes against inquiry committee on Echelon," Heise Telepolis, July 5, 2000, at http://www.heise.de/tp/english/inhalt/te/6891/1.html
[14] US commission approves weak privacy plan
A new code of conduct that supposedly protects Internet users' privacy is getting many harsh reviews.
The code was not created by privacy advocates, but the Network Advertising Initiative (NAI), an advertising industry coalition that includes DoubleClick. DoubleClick, which provides banner ads to many websites, recently admitted to tracking viewers through the Internet by placing digital identification numbers in files known as "cookies" on a user's hard drive, which it matches with name and address information that has been collected by its partners. Recently, despite initial claims to the contrary, DoubleClick expressed its intention to match this data with more extensive information contained in millions of files maintained by its merger partner Abacus Direct. Subsequently, DoubleClick shelved its data-matching plan after a storm of public criticism.
Against this backdrop, NAI drew up a set of rules for network advertisers to follow. Under this agreement, members pledged not to use certain types of personally identifiable information for marketing purposes, such as sexual orientation, Social Security numbers, medical information, and financial data. The plan also theoretically requires its members to tell consumers about profiling activities, such letting them know when they place "cookies". However, companies that sign on to this scheme would not have to ask consumers permission to collect data, but can force Internet users to go through a potentially arduous procedure to opt out of data collection and get access to the files that have been compiled about them.
Not surprisingly, privacy advocates have derided the plan, in part because it still allows corporate entities many ways to track of Internet users without the users' consent. Indeed, Marc Rotenberg of the Electronic Privacy Information Center (EPIC-a GILC member) warned that "every American home with a computer effectively becomes a Nielsen family" under the new scheme. Yet despite this criticism, the United States Federal Trade Commission (FTC) approved the plan. Ironically, Jodie Bernstein, the head of the FTC's Bureau of Consumer Protection, said that "NAI played a valuable and constructive role in developing these principles which serve as the basis for protecting consumer privacy."
EPIC also released a report (along with Junkbusters) entitled "Network Advertising Initiative: Principles not Privacy." This document decries the NAI's principles because they "perpetuate the secretive tracking of Internet users and run counter to the standards that consumers want. The Principles place the burden of privacy protection squarely on the consumer by relying on opt-out for both tracking of Internet users and linking of profiles to personally identifying information."
The EPIC report is available at http://www.epic.org/privacy/internet/NAI_analysis.html
For further details, John Schwartz and Robert O'Harrow Jr., "Online Privacy Code Gets FTC's Support," Washington Post, July 28, 2000, Page E3, at http://washingtonpost.com/wp-dyn/articles/A56288-2000Jul27.html
[15] Toysmart.com settlement found wanting
Watch out if you provide personal information to a dot-com. If that company goes belly up, your file could be sold to virtually anyone.
That's apparently the situation with Toysmart.com, which filed for bankruptcy several months ago. It tried to sell 250,000 files that included customers' credit card numbers, as well as their names and addresses. This move seems to contradict Toysmart's own privacy policy, which said that the company would never sell such data. Subsequently, the United States Federal Trade Commission (FTC) sued the dot-com for deceptive trade practices. However, in a surprising move, the FTC settled with Toysmart, allowing the bankrupt e-tailer to sell most of its customer files, under certain conditions. These conditions include destroying data collected from Internet users who were 13 years old or younger.
Unsatisfied with this result, nearly 38 states have stepped in to block the settlement. Under this blizzard of legal attacks, Toysmart shelved its attempted customer list sale.
For more information, see "Toysmart drops customer list sale," Associated Press, July 27, 2000, at http://www.usatoday.com/life/cyber/tech/cti292.htm
[16] Kids software tracks users
A major toy manufacturer is defending itself against charges that some of its most popular products threatened Internet privacy.
The controversy centers around Mattel Interactive's Brodcast program. The program is apparently laced into nearly 100 other Mattel child software packages, including Reader Rabbit and Arthur's Reading Games. Several Internet users discovered that the product secretly sends information about the user back to Mattel through the Internet. This data is heavily encrypted, making it virtually impossible for consumers to discover what sort of information is being collected.
After these revelations, a Mattel spokesperson initially claimed that this tracking system would actually benefit its customers, and said that Brodcast "was originally designed to offer consumers additional product content and to communicate fixes. That was the only intention." Another spokesperson suggested that the program "wasn't utilized very much because of our company situation." Nevertheless, after numerous complaints, Mattel has promised to provide patch that will allow users to uninstall Brodcast from their computers.
Similar charges have recently been leveled against an Internet toy retailer. Privacy experts are charging that Toysrus.com, along with several other e-tailers (including Lucy.com) have been secretly sending information about users to a major data marketing firm, Coremetrics. The website apparently collects this data using tiny images (known as "webbugs") and Javascript programs embedded in its website, along with digital identification files (known as "cookies"). According to reports, the information collected (then forwarded to Coremetrics) includes customer names and addresses. As with Broadcast, the information is heavily encrypted, so most consumers won't be able to discover what information is being collected. Moreover, the practice seems to conflict with Toysrus' own privacy policy, which states, "We do not share any personally identifying data about our guests with anyone outside of Toysrus.com, its parent, affiliates, subsidiaries, operating companies and other related entities." Interestingly, after this practice was discovered, Lucy.com relaunched its website and included Coremetrics-related information in its new privacy statement.
For more information, read "Mattel removes software feature over privacy concerns," Associated Press, June 26, 2000 at http://news.cnet.com/news/0-1006-200-2152384.html
Further information about the Toysrus/Coremetrics controversy are available under "Net marketing firm receiving personal information," Associated Press, July 31, 2000 at http://news.cnet.com/news/0-1005-200-2403836.html
[17] Dutch business hurt by gov't email spies
Watch out if you're doing business in the Netherlands. Dutch authorities may be reading your e-mail, and if they don't like what they see, they'll come knocking on your door.
That is apparently what happened to one Dutch company that was trying to sell its industrial software overseas. The Dutch Intelligence Agency, BVD, paid the company a visit and warned them not to go through with a transaction that would have sent automated water purification technology to Iran. Curiously, a BVD employee told the firm that it had intercepted the company's e-mail messages and had searched through the messages using keywords like "water purification" and "programmable logical controllers." Past rumors have suggested that BVD conducts random searches of private e-mail and other types of Internet transmissions using keywords. Such surveillance activities are technically illegal; indeed, the Dutch Parliament is scheduled to debate on a legislation that would authorize these kinds of operations. So far, BVD has refused to comment on these allegations.
In another unrelated story, Dutch Internet Service Providers (ISPs) have annulled an agreement to allow government agents access to private user information. This agreement, which was made in 1998, came to light several weeks ago. Among other things, the plan authorizes Dutch law enforcement officials to gather confidential client information that was in the hands of some 60 Dutch ISPs. The data collected would purportedly be used in government investigations of cybercrimes that were punishable by jail terms of at least 4 years. Under the scheme, prosecutors apparently could get a whole host of information about customers, including details on how they used the Internet as well as their names and addresses. The agreement capitalizes on a loophole in Dutch privacy law that allows the holder of a personal data registry to give out that data to third parties in serious cases. Oddly enough, while government officials were allowed to get a myriad of details about online individuals, no provision was made to ensure that these files were correct, at least when these files were in the hands of free ISPs.
For further details on BVD's surveillance activities, see Jelle van Buuren, "Dutch Intelligence Suspected of Using Unauthorised Random Interception of Email Traffic," Heise Telepolis, July 31, 2000 at http://www.heise.de/tp/english/inhalt/te/8465/1.html
For more on the 1998 Dutch ISP-law enforcement agreement, read Jelle van Buuren, "Dutch Internet Providers Cancel Deal With Law Enforcement On Voluntary Assistance In Criminal Investigations," Heise Telepolis, July 20, 2000, at http://www.heise.de/tp/english/inhalt/te/8412/1.html
[18] Microsoft's new privacy indicator
Microsoft has unveiled new software designed to inform users about privacy threats, but experts agree that the program is hardly a panacea.
Among other things, the software, which is built into Microsoft's Internet Explorer, gives cybernauts information about incoming digital identification files known as "cookies." The program tells users who is providing the cookie, what the cookie contains, and whether the cookie has an expiration date. The product also gives explanations on how cookies work, with comments such as "The cookie stores information about your website visits (for example, to provide targeted ads to you)."
While these features are helpful, a number of privacy advocates have noted the limited privacy protection that this and other software packages provide. Moreover, as Andrew Shen from the Electronic Privacy Information Center (EPIC-a GILC member) stated, "There's a place for technological fixes, but there's also a place for legal changes." Towards this end, Federal legislation has been introduced to prevent the tracking of Internet users without their consent.
Read Chris Oakes, "Who's First on Cookie Features?" Wired News, July 22, 2000 at http://www.wired.com/news/print/0,1294,37723,00.html
See also Michael J. Martinez, "Microsoft Gobbling Cookies," Associated Press, July 20, 2000 at http://www.abcnews.go.com/sections/tech/DailyNews/cookies000720.html
[19] EU approves Safe Harbor plan
The European Commission has adopted a controversial proposal to protect the data privacy.
The so-called Safe Harbor proposal will require U.S. companies to protect the privacy of personal information gathered from EU consumers. These corporations will have to notify European users how their private data is being handled, how it is being collected. Concerned individuals are entitled to reasonable access to their files, and may refuse to allow other companies to receive such information. This self-regulatory system is only voluntary; however, American firms that join in this pact can avoid lawsuits from the governments of EU countries. Furthermore, these rules are not as strong as the stringent regulations required by many European nations.
Many experts have held that this agreement does not go far enough in protecting personal privacy. Moreover, these detractors have pointed out that this deal may give European citizens greater data privacy protection from American firms than US citizens. Despite these concerns, the Commission gave the plan its blessing, and hoped the US would keep its part of the bargain as soon as November 2000.
Meanwhile, the Commission has moved on to a new string of proposals that would ostensibly toughen European data privacy standards. These measures would make it illegal to send unsolicited commercial e-mail without getting the recipients' consent first. Another measure would similarly force the proprietors of cellular phone networks to prevent the tracking of their users without the users' permission. The Commission may also consider plans to restrict the use of digital identification files (known as "cookies") to track individuals online.
For more on the Safe Harbor plan, read "Europe OKs U.S. Privacy Pact," Reuters, July 27, 2000 at http://www.wired.com/news/print/0,1294,37839,00.html
For further details on other EU privacy proposals, see Elizabeth De Bony, "EU to Restrict Use of Spam and Cookies," The Industry Standard, July 20, 2000 at http://www.thestandard.com/article/display/1,1151,16982,00.html
[20] US workplace monitoring bill
Is your boss watching your every move online? A new US proposal may make it easier for you to find out.
This new plan would force American employers to tell their workers whether they monitor employee activity, what activities are being monitored and what is done with the collected information. Violators could be sued by their employees and would face fines of up to US $20,000. However, workplace rights advocates have pointed out several apparent flaws in the bill. These flaws include the proposal's lack of explicit restrictions on the ability of employers to conduct surveillance. The plan is contains various ambiguities in its notice requirements, which leaves open the possibility that companies could still get off easily with vague, generalized disclosures. Indeed, Gregory Nojeim of the American Civil Liberties Union (ACLU-a GILC member) noted that employers might be able to meet the bill's requirements by simply mentioning that they engaged in "occasional" or "random" workplace monitoring.
Read "Law would compel disclosure of employee monitoring," Reuters, July 21, 2000 at http://news.cnet.com/news/0-1007-200-2309717.html
See also "Is Big Brother Watching at Work?" CBS News, July 10, 2000 at http://cbsnews.cbs.com/now/story/0,1597,213810-412,00.shtml
For more background information, see Sascha Segan, "Spying or Security?" ABCNews.com (US), July 21, 2000 at http://www.abcnews.go.com/sections/tech/DailyNews/contentsecurity000721.html
[21] In Memoriam: Bruce Ennis
Bruce J. Ennis, a champion of online free expression, died last month. In 1997 he successfully argued the case of Reno v. the American Civil Liberties Union before the United States Supreme Court.
During oral argument, Mr. Ennis noted that the Communications Decency Act would have a censorial effect on private individuals and other noncommercial speakers: "[T]he Act, by its terms, applies to both commercial and noncommercial entities. The legislative history makes clear that Government intended to regulate both commercial and noncommercial entities. It applies, by its terms, to the speech of libraries and educational institutions. None of whom, by the way, are regarded as pornographers in the common understanding of that term."
The Court's subsequent ruling established landmark protection for Internet speech. In striking down the Act, the Court acknowledged the fact that "the growth of the Internet has been and continues to be phenomenal. As a matter of constitutional tradition, in the absence of evidence to the contrary, we presume that governmental regulation of the content of speech is more likely to interfere with the free exchange of ideas than to encourage it. The interest in encouraging freedom of expression in a democratic society outweighs any theoretical but unproven benefit of censorship."
A transcript of Mr. Ennis' oral argument in Reno v. ACLU is available at http://www.aclu.org/issues/cyber/trial/sctran.html#ennis
The Supreme Court's ruling in Reno v. ACLU can be seen at http://www.aclu.org/courts/acluvreno.html
ABOUT THE GILC NEWS ALERT:
The GILC News Alert is the newsletter of the Global Internet Liberty Campaign, an international coalition of organizations working to protect and enhance online civil liberties and human rights. Organizations are invited to join GILC by contacting us at gilc@gilc.org. To alert members about threats to cyber liberties, please contact members from your country or send a message to the general GILC address.
To submit information about upcoming events, new activist tools and news stories, contact: GILC Coordinator, American Civil Liberties Union 125 Broad Street 17thFloor, New York, New York 10004 USA. email: gilcedit@aclu.org
More information about GILC members and news is available at http://www.gilc.org. You may re-print or redistribute the GILC NEWS ALERT freely. To subscribe to the alert, please send an mail to gilc-announce@gilc.org with the following message in the body: subscribe gilc-announce
PUBLICATION OF THIS NEWSLETTER IS MADE POSSIBLE BY A GRANT FROM THE OPEN SOCIETY INSTITUTE (OSI)