GLOBAL

INTERNET

LIBERTY

CAMPAIGN



NEWS

 GILC Actions 

 Presswire 


ISSUES

 Free Speech 

 Privacy 

 Cryptography

 Access


RESOURCES

 GILC Alert 

 Mailing List
 GILC Events 


ABOUT GILC

 Principles

 Members 

 Mail GILC 


Home Page

US Site
European Mirror

 

GILC Alert
Volume 4, Issue 8

September 11, 2000

 

Welcome to the Global Internet Liberty Campaign Newsletter

             

Welcome to GILC Alert, the newsletter of the Global Internet Liberty Campaign. We are an international organization of groups working for cyber-liberties, who are determined to preserve civil liberties and human rights on the Internet.

We hope you find this newsletter interesting, and we very much hope that you will avail yourselves of the action items in future issues.

If you are a part of an organization that would be interested in joining GILC, please contact us at gilc@gilc.org.

If you are aware of threats to cyber liberties that we may not know about, please contact the GILC members in your country, or contact GILC as a whole.

Please feel free to redistribute this newsletter to appropriate forums.


Free Expression

[1] Mainland China "kills" online dissent
[2] DVD ruling endangers free speech
[3] ICANN elections controversy
[4] Online protests of new Korean censorship plan
[5] Domain name decisions spark debate
[6] US mega-blocking bill introduced
[7] Ticketmaster ruling spares weblinks for now
[8] New Russian anonymous email service
[9] Women outnumber men online in US
[10] Singaporean "courtesy" censorship rules
[11] Press companies sue over net cellular content

Privacy and Encryption

[12] US Gov't mum on Carnivore spyware
[13] UK plans corporate and government net tapping
[14] US CALEA ruling mixed on privacy
[15] New Indian surveillance scheme
[16] Japanese net tapping law in effect
[17] TrustE tracked visitors
[18] Survey: Americans worried about privacy
[19] New Spector software spies on users
[20] For sale: student email addresses
[21] Drug websites track users
[22] Wearable computers erode privacy


[1] Mainland China "kills" online dissent

Communist Chinese authorities had previously promised a crackdown on dissent. Recent events suggest that they are delivering on that promise.

The state-run Xinhua news agency is reporting the development of new "killing" censorship software. This program targets controversial material when it is downloaded or viewed on a target computer. After an initial warning, the software shuts down or "kills" any application used to view the offending files. The new device also monitors usage of computers in real time, which allows officials using the program to actively prevent the viewing of certain materials. Although the software is supposedly targeted at pornography, Communist officials previously have used similar products to prevent the spread of pro-democracy information in cyberspace.

Mainland Chinese officials are also backing up their new technology by renewing their efforts to hunt down and silence online dissidents. Jiang Shihua, a high school computer instructor who also owned an Internet café, was recently arrested for posting several articles on the Information Superhighway that criticized Communist officials. He is now charged with "incitement to subvert state power" and faces a potential ten-year stay in a Chinese labor camp. Earlier in the month, government agents had shutdown a pro-democracy website, www.xinwenming.net, and were launching new efforts to clamp down on unsolicited e-mails, which many human rights groups had used to supply news and information to readers throughout the country.

These attempts have met with resistance and reproach in a variety of forms. One group, Human Rights in China (HRIC), went so far as to duplicate xinwenming.net on its own site, along with a statement from the original page's authors that denounced Beijing's apparent attempts at censorship. In the Jiang Shihua case, free speech advocates such as Robert Menard of Reporters Sans Frontieres (RSF) have excoriated Communist authorities. Menard argued that this Communist Chinese attempt to mete out "punishment for expression of a peaceful opinion is a serious violation of human rights."

For more on Beijing's new "killing" censorship program, read "Bon Voyage, Voyeurs: New Anti-Pornographic Software Developed," China Online, August 29, 2000 at http://www.insidechina.com/localpress/chonline.php3?id=193691

Further information on Censorship in China is available in a special news bulletin from the Digital Freedom Network (DFN-a GILC member) under http://dfn.org/Voices/Asia/china/jiangshihua.htm

The HRIC mirror of Xinwenming (in Chinese) is located at http://www.hrichina.org/Xinwenming/index.htm

Read "Press Freedom Group Urges Release of Chinese Cyber-Dissident," Agence France Presse, August 23, 2000 at http://www.insidechina.com/news.php3?id=191742

See also "China To Crackdown On Junk E-Mail Senders," Agence France Presse, August 23, 2000 at http://www.insidechina.com/news.php3?id=191713

More information is available in "Demanding Release," Reuters, August 23, 2000 at http://www.abcnews.go.com/sections/tech/DailyNews/chinanet000823.html


[2] DVD ruling endangers free speech

A recent decision regarding a controversial DVD-related computer program may have serious implications for online free speech.

The case centers around DeCSS--a primitive computer program to help users of the Linux operating system play DVDs on their computers. The entertainment industry, through the DVD Content Control Association (DVD CCA) and the Motion Picture Association of America (MPAA), had sued to prevent Internet users from linking to websites that have DeCSS. In New York, the motion picture industry is suing 2600 Magazine, which is defended by the Electronic Frontier Foundation (EFF-a GILC member). Previously, courts in both New York and California had issued preliminary injunctions that barred computer users from posting DeCSS on their websites. Many experts fear that these actions may stifle free expression in cyberspace.

In his ruling, Judge Lewis Kaplan banned individuals from providing links to (or publishing) information about the DVD Content Scrambling System (CSS) on the World Wide Web. Curiously, he compared dissemination of such programs to "the assassination of a political figure." Kaplan analogized the work of these researchers who developed DeCSS and 2600 magazine on the Internet to a "propagated outbreak epidemic" that came from "a poisoned well" and "spreads from person to person." An appeal of the ruling is expected shortly.

Judge Kaplan's ruling is available (in PDF format) under http://www.2600.com/dvd/docs/2000/0817-decision.pdf

For a 2600 editorial on the ruling, see http://www.2600.com/news/2000/0821.html

Read David Streitfeld, "Judge Backs Hollywood In DVD Movie Case," Washington Post, August 18, 2000, page E1, at http://www.washingtonpost.com/wp-dyn/articles/A47253-2000Aug17.html

See also Declan McCullagh, "Only News That's Fit to Link," Wired News, August 23, 2000 at http://www.wired.com/news/print/0,1294,38360,00.html


[3] ICANN elections controversy

The group responsible for the Internet domain name system is facing criticism that it suffers a democracy deficit.

The Internet Corporation for Assigned Names and Numbers (ICANN) has issued a complex system for people to run for the Board if they are not chosen by its official Nominating Committee. Under this system, hopefuls must submit a list of personal information about themselves to ICANN, then collect nominations. The number of nominations required is 2% of the electorate in a given region (e.g. North America) or 20 people, whichever is greater. What is more, would-be candidates must get endorsements from citizens in at least two countries.

In a related move, the current board has decided to cap the number of candidates per region. Because ICANN had an official Nominating Committee pre-select several candidates for each region, this decision effectively limited the number of ballot slots available for publicly nominated candidates.

Many observers worry that this complicated scheme will prevent publicly supported candidates from getting on the ballot. Furthermore, a number of experts have pointed out that the vast majority of candidates selected by the Nominating Committee have strong links to big businesses or government agencies. In the end, considerable doubts have been raised as to whether the Board members who are eventually elected will truly be representative of the full Internet community.

For further details, visit the Internet Democracy Project website at http://www.internetdemocracyproject.org

See also David McGuire, "ICANN Official Defends Board Nominees-Update," Newsbytes, August 2, 2000 at http://www.newsbytes.com/pubNews/00/153107.html


[4] Online protests of new Korean censorship plan

What do you if the government tries to censor the Internet? Try organizing a really big online sit-in.

That is apparently what happened in South Korea. The Korean Information and Communications Ministry has proposed a ratings system that would force web site creators to label themselves if their materials could somehow be considered harmful to teenagers. A Ministry spokesperson explained that once the ratings system was implemented, troublesome websites could then be blocked off. The agency intends to submit this bill to the National Assembly within the next few months, and the entire system could be up and running by the middle of next year.

Critics have scoffed at this scheme, claiming that it would amount to de facto government censorship. Chang Yeo-kyong from Internet rights group Progressive Network noted that these "so-called voluntary ratings will be reviewed by a government committee, which suggests government's coercive control over the Internet." Hundreds of enraged Internet users simultaneously visited the Ministry's home page and disrupted service for hours, apparently as part of massive "click-in" protest. Against this backdrop, numerous politicians from the Korean Democratic Labor Party will oppose the bill when the Assembly begins considering the proposal this fall.

See "Net users block site to protest rating system," Associated Press, August 29, 2000, at http://news.cnet.com/news/0-1005-200-2642059.html


[5] Domain name decisions spark debate

Want to set up a protest website? Eager to pay homage to your favorite city via the World Wide Web? Not so fast.

That's apparently the message being given in a series of decisions from various intellectual property and domain name arbitrators. Several months ago, the Internet Corporation for Assigned Names and Numbers (ICANN) adopted a controversial Uniform Domain Name Dispute Resolution Policy (UDRP) that many critics charge fails to protect free speech. Subsequently, in all but two arbitration cases under the UDRP, corporations have won the rights to domain names of "-sucks" websites that protest their policies, such as "walmartcanadasucks.com" (which was awarded to the North American retail giant Walmart). Another recent ruling, this time from the World Intellectual Property Organization (WIPO), states that the Barcelona City Council had "better rights" to the domain name www.barcelona.com than the prior registrants. In the past, two Spaniards ran Barcelona.com as a tourism portal, with advertising from Pepper Media. It is not clear why the City Council did not use some other easily recognizable domain name (such as "barcelona.gov.es") instead of going to arbitration.

The ruling further fuels concerns over the extent to which WIPO or ICANN will recognize the free speech possibilities of domain names. Despite calls to create many more new top-level domains (like ".sucks" for protest websites), ICANN has instituted "very stringent" criteria for considering these inquiries. Among other things, ICANN is charging $50,000 nonrefundable fees from anyone who submits such proposals, as well as requiring applicants to fill out a series complicated forms. Moreover, many corporations are taking matters into their own hands by registering domain names that could be used by protestors. For example, telecommunications giant Verizon has registered over 700 names (and spent US $50,000), including Verizonsucks.com, in an apparent attempt to silence its critics.

For more on corporate attempts to register potential protest website domain names, read David Streitfeld, "Making Bad Names for Themselves," Washington Post, September 8, 2000, page A1, at http://www.washingtonpost.com/wp-dyn/articles/A30525-2000Sep7.html

To learn more about UDRP arbitration result statistics, read Gwendolyn Mariano & Evan Hansen, "Parody sites sucked into cybersquatting squabbles," CNet News, August 24, 2000 at http://news.cnet.com/news/0-1005-200-2604599.html

For further details on the Barcelona.com controversy, see Louise Ferguson, "Geographic Domains on Shaky Ground," The Industry Standard, August 11, 2000 at http://www.thestandard.com/article/display/1,1151,17627,00.html

More details can be seen under Anick Jesdanun, "Board Accepting Ideas For New Net Suffixes," Washington Post, August 4, 2000, page E3, at http://washingtonpost.com/wp-dyn/articles/A34275-2000Aug3.html

Additional details on Verizon's mass domain name registration drive, read Stefan C. Friedman, "Verizon'sreallymad@hackerquarterly.com," New York Post, August 15, 2000 at http://www.nypost.com/business/9655.htm

See also http://www.internetdemocracyproject.org


[6] US mega-blocking bill introduced

Troubled by various proposals to block content on the Internet? Would you feel any better if they were combined into one big package?

That is the approach that's been taken in a recent plan being considered by the United States Congress. The so-called "Children's Internet Protection Act" is actually an amendment to a Labor-Health and Human Resources funding bill. This scheme combines several different filtering plans, and would essentially require high schools and libraries to include blocking software on all of their computers. Institutions that refused to do so (or implement policies to that effect) would receive federal funding.

Educators and cyberliberties groups have savaged this omnibus package because it may severely restrict the flow of information online. The American Civil Liberties Union (ACLU-a GILC member) bemoaned the fact that although "a unanimous 1997 Supreme Court decision ruling that said the Internet should have the same free speech protections as more traditional media, members of Congress continue to introduce legislation aimed at censoring free speech on the web." Moreover, the ACLU expressed fear that these new plans "could prevent students without home computers from realizing the full potential of information available on the Internet. Because they can be so restrictive and overreaching, blocking programs significantly reduce the amount and diversity of speech and information available to individuals." Similar concerns were expressed by the Center for Democracy and Technology (CDT-a GILC member).

For the text of this bill (in PDF Format), visit http://www.cdt.org/legislation/106th/speech/000807cipa.pdf

To see an ACLU action item regarding recent Congressional filtering legislation, visit http://www.aclu.org/action/blocking106.html


[7] Ticketmaster ruling spares weblinks for now

Should it be a crime to tell people where to find information on another website?

The answer is apparently not clear, based on developments in a recent case. Ticketmaster Online-City Search Inc. had sued a rival, Tickets.com, for providing weblinks to pages inside Ticketmaster.com, rather than Ticketmaster.com's frontpage. According to one lawyer for Ticketmaster, the actions of Tickets.com constituted "an unlawful trespass on our personal property." In spite of the apparently anachronistic nature of this lawsuit, a Federal judge refused to throw out the case; however, the court also refused to issue a preliminary injunction that would force Tickets.com to stop their practices immediately.

Many experts are concerned that a ruling in favor of Ticketmaster might make it harder to find things along the Information Superhighway, as well as curtailing freedom of expression. In particular, these observers fear that such a decision might severely crimp the operation of search engines (such as Google and Yahoo) or news websites that provide links to additional background information.

For more information, read Steven Bonisteel, "Ticketmaster Gets Setback In 'Deep-Linking' Suit," Newsbytes, August 15, 2000 at http://www.newsbytes.com/pubNews/00/153665.html

To read the court's decision not to grant a preliminary injunction, click http://www.gigalaw.com/library/ticketmaster-tickets-2000-08-10-p1.html


[8] New Russian anonymous email service

It may be getting easier for Russians to speak freely online.

Quickmail.ru is a new Russian language service that provides users with web-based e-mail access. What makes the service special is that it doesn't require people to log in, register or otherwise personal information about themselves-they can simply go to the site and starting typing. While users can't receive messages through Quickmail, they can send messages to any e-mail address and talk about any subject. Moreover, as one spokesperson explained, the system was designed to be "convenient," adding that his company "worked on the principle of doing good for the majority."

Quickmail is just one of several new technologies from around the world (including a new AT&T project called Publius) that may help online dissidents, whistleblowers and other concerned citizens make their voices heard without fear of reprisals or censorship. Yet despite the potential benefits of Quickmail, rival Internet companies have threatened to block any messages from the service, based on purported concerns over "incorrect use."

Read Melissa Akin, "New E-Mail Invites Excesses," St. Petersburg Times, August 8, 2000 at http://www.sptimes.ru/archive/times/592/news/b_email.htm

See also John Borland, "AT&T vows no censorship on new network," CNet News, August 7, 2000 at http://news.cnet.com/news/0-1004-200-2458275.html


[9] Women outnumber men online in US

The majority of American Internet users are women, not men.

That's the conclusion of a new report from Media Metrix and Jupiter Communications. The report, based on statistics collected this past May, found that 50.4% of Internet users in the United States were women. This is a vast increase from 1996, when women only constituted 38% of the American Internet population. The jump was especially large among girls from 12 to 17 years old, where percentage of users rose by 126 percent. Many of these teenage cybernauts were apparently drawn by content or expression-based websites, including webpages that provided interesting news articles or music. Moreover, according to Media Metrix Analyst Anne Rickert, "This is definitely not a one-time outnumbering of men. It's a trend that suggests women are favorably positioned for further growth in the years to come."

See Leslie Walker, "Teen Girls Help Create Female Majority Online," Washington Post, August 9, 2000, page E3, at http://washingtonpost.com/wp-dyn/articles/A58646-2000Aug8.html


[10] Singaporean "courtesy" censorship rules

Be polite while you're on the Internet, or else...at least if you're in Singapore.

The official Singapore Courtesy Council has issued stringent rules in the past regarding many types of conduct, including telling people to immediately remove crying children from movie theaters. Now the Council has promulgated codes of conduct for Internet users. The Council lambasted people who use "rude" language, "use short forms and do not address people properly." The agency is also looking at ways to promote self-censorship in order to discourage "vulgar" speech.

These warnings are further evidence of efforts by Singaporean authorities to restricting online expression. A recent United States government human rights audit noted that the Singaporean leadership "does not classify regulation of the Internet as censorship, the SBA [Singapore Broadcast Authority] directs service providers to block access to web pages that, in the Government's view, undermine public security, national defense, racial and religious harmony, and public morals." In addition, officials in Singapore have often used such concerns as a pretext to conduct widespread secret surveillance on ordinary Internet users.

Read "Mind your p's and q's on Net," The Straits Times, August 8, 2000 at http://straitstimes.asia1.com.sg/singapore/sin14_0808_prt.html

To read the latest U.S. State Department Human Rights Report on Singapore, click http://www.state.gov/www/global/human_rights/1999_hrp_report/singapor.html


[11] Press companies sue over net cellular content

Do you enjoy reading web excerpts of articles from major news agencies? An upcoming court case may put your habits on ice.

Several major news corporations, including The New York Times Co., the Cable News Network division of Time Warner, The Washington Post Co., and Gannett (which publishes USA Today) are suing GoSMS.com. GoSMS had taken articles from websites of these companies and transmitted them to cellular telephone users, 160 words at a time. The plaintiffs are alleging copyright and trademark infringement along with a variety of other claims, including false advertising and unfair competition.

GoSMS chief executive Yuval Golan countered that his company was "justified" in providing these excerpts to its customers, and noted that his firm is not making any money from this activity. Moreover, Golan mentioned that many of cellular phone users had displays with limited capabilities and would not have been able to read the plaintiffs' web articles without a service similar to GoSMS.

See "News firms sue over wireless access to content," Associated Press, August 8, 2000 at http://news.cnet.com/news/0-1004-200-2468835.html


[12] US Gov't mum on Carnivore spyware

The United States government is dragging its feet in providing details on one of its newest surveillance schemes.

That's what many privacy advocates are saying as they seek information about Carnivore. Carnivore is a device that is attached to the server of a given Internet service provider. This device intercepts all Internet transmissions that come through the server, then parses out pertinent material, based on chosen keywords. The US Department of Justice (DoJ) has confirmed that Carnivore can monitor private e-mail messages as well as activity on the World Wide Web and in chat rooms. The US Federal Bureau of Investigations (FBI) then decides which particular communications it believes it is entitled to review.

The revelations about Carnivore sparked considerable public concern over the system's potential privacy ramifications. In a recent hearing before the US Senate Judiciary Committee, James Dempsey from the Center for Democracy and Technology (CDT-a GILC member) argued that "as a black box controlled by the FBI and inserted into the network of an Internet service provider to search through thousands or millions of messages, including those of innocent people, Carnivore is not the right solution." Dempsey added that "Carnivore is the latest in a series of wake-up calls about the perils facing personal privacy in the digital age." Similar concerns were voiced at a House subcommittee hearing held later that day by Gregory Nojeim of the American Civil Liberties Union (ACLU-a GILC member) and Marc Rotenberg of the Electronic Privacy Information Center (EPIC-a GILC member).

In addition, both EPIC and the ACLU have filed Freedom of Information Act (FOIA) requests for more details on the Carnivore system. After a Federal judge ordered the Department of Justice to formally respond to EPIC's request, the DoJ sent a cryptic, noncommittal statement suggesting that it might provide some documents within 45 days and at successive intervals afterwards. Unsatisfied with this statement, EPIC filed papers asking a court to force complete disclosure by December 1, 2000.

Meanwhile, the DoJ is soliciting contractors to do an internal review of Carnivore's privacy implications. However, many observers are worried that this review will not go far enough in determining whether Carnivore in itself unlawfully violates the privacy of Internet users. EPIC General Counsel David Sobel noted: "I don't think any review of this kind could answer all of the questions that have been raised. If that's the intention, that this process is going to put all of those concerns to rest, I don't think it's going to accomplish that. Which is why we are pursuing our FOIA request as aggressively as we are."

Indeed, a number of colleges have already turned down FBI offers to perform the review, including the Massachusetts Institute of Technology (MIT). An MIT spokesperson complained the FBI wanted "a rubber stamp" that the FBI's entreaty "is not a request for an independent report."

See Will Rodger, "Carnivore unlikely to be validated," USA Today, September 5, 2000 at http://www.usatoday.com/news/ndstue06.htm

To read testimony from the September 6, 2000 Senate Committee hearings on Carnivore, click http://www.senate.gov/~judiciary/wl96200f.htm

To read testimony from the September 6, 2000 House subcommitee hearings, visit http://www.house.gov/judiciary/cons0906.htm

For further details, see Frank James, "U.S. Seeks University Experts to Review FBI's E-Mail Probes," Chicago Tribune, August 25, 2000, at http://www.chicagotribune.com/news/nationworld/article/0,2669,SAV-0008250314 ,FF.html

For the Department of Justice's solicitation for Carnivore reviewers (in PDF Format), visit http://www.usdoj.gov/jmd/pss/CarnivoreRFP-82400.pdf

See also "Carnivore Slow to Spill Its Guts," The Industry Standard, August 17, 2000 at http://www.thestandard.com/article/display/1,1151,17758,00.html


[13] UK plans corporate and government net tapping

British Internet users may have to watch what they type at work as well as at home.

The United Kingdom recently adopted the highly controversial Regulation of Investigatory Powers Act (RIP). The Act essentially forces Internet Service Providers to build so-called "black boxes" into their networks, thereby allowing the government to monitor their customers. The RIP scheme would also allow the British government to demand private encryption keys, passwords and other such information-those who refuse to comply may face up to two years in prison. Not surprisingly, the bill had been lambasted by a wide spectrum of groups, including Cyber-Rights & Cyber-Liberties UK (a GILC member), which expressed fears that the RIP proposal (even with an added Code of Practice) did not sufficiently protect personal privacy. Similar concerns were expressed by several other GILC members, including Privacy International and Index on Censorship. Public debate over the new measure was further fueled by a British Chamber of Commerce report that suggested the implementation of the RIP plan would cost an estimated 46 billion pounds (US $69.9 billion).

The British Department of Trade and Industry is now trying to piggyback additional guidelines that would allow businesses to monitor their workers. In an attempt to appease employers, the Department has extended the deadline for suggestions to October 24, 2000. However, the agency did not provide any details on whether these regulations would violate the European Human Rights Act, which the British government is scheduled to sign within a few weeks. In addition, the Department did not address the many loopholes contained within the act, which in many cases would allow monitoring of Internet users without their knowledge.

The full text of the RIP proposal as adopted is available from the Foundation of Information Policy Research at http://www.fipr.org/rip/ripa2000.htm

For more details on the lawful business practices regulations, read "UK Delays Work Email Legislation," Reuters, August 25, 2000 at http://www.wired.com/news/print/0,1294,38447,00.html

For further background information, visit the Cyber-Rights & Cyber-Liberties UK homepage at http://www.cyber-rights.org


[14] US CALEA ruling mixed on privacy

A recent ruling on several controversial surveillance standards may strengthen the privacy of people online.

The case involved the Communications Assistance for Law Enforcement Act (CALEA), a controversial law enacted in 1994, which requires the telecommunications industry to design its systems in compliance with technical requirements from the United States Federal Bureau of Investigations (FBI) to facilitate electronic surveillance. In negotiations over the last few years, the FBI and industry representatives were unable to agree upon those standards, resulting in a recent ruling by the United States Federal Communications Commission (FCC). The FCC had approved rules that, among other things, would enable the Bureau to track the physical locations of cellular phone users and potentially monitor Internet traffic.

Subsequently, several different groups, including GILC members the Electronic Privacy Information Center (EPIC), the Electronic Frontier Foundation (EFF), the Center for Democracy and Technology (CDT) and the American Civil Liberties Union (ACLU), challenged the decision on the grounds that the FCC ruling exceeded the requirements of CALEA and frustrated the privacy interests protected by Federal statutes and the US Constitution. A US Federal appeals court held that law enforcement agencies must get a court order or other lawful authorization before they could use new surveillance capabilities. Indeed, the court held that the FCC "was simply mistaken" when it interpreted certain technical standards to expand "the authority of law enforcement agencies to obtain the contents of communications." The three judge panel also struck down several provisions of the FCC ruling, including a section that allow government officials to intercept numbers dialed after a user had connected through phone lines (which might include such things as password information and personal identification numbers).

This decision casts doubt on several government surveillance initiatives, including Carnivore--a US government device that intercepts all Internet transmissions that come through the server, then parses out pertinent material, based on chosen keywords (see item 12 above). Legal scholars have noted that the court's heightened protection for personal information would seem to bar Carnivore's wholesale collection of data.

For further information, read Oscar S. Cisneros, "These Wires Were Made for Tapping," Wired News, August 14, 2000 at http://www.wired.com/news/print/0,1294,38170,00.html

See also Kalpana Srinivasan, "Court Throws Out Some Wiretapping Rules," Associated Press, August 16, 2000 at http://www.foxnews.com/national/081600/digital_wiretapping.sml

More details are available in "FCC Ordered to revise digital wiretap rules," Bloomberg News, August 15, 2000 at http://www.usatoday.com/life/cyber/tech/cti400.htm


[15] New Indian surveillance scheme

New rules from the Indian government may make it more difficult for Internet users to protect their privacy.

Under this regime, the official "Telecom Authority shall have full rights to monitor all the traffic" that comes through cable-based networks. "The license shall ensure that the bandwidth provider...gives the complete monitoring rights to the Telecom Authority." As a part of this plan, the government is imposing yearly fees of 2,000,000 rupees in order to defray the costs of monitoring. Oddly enough, Indian officials have even gone so far as to ban voice communications through the Internet.

This announcement has been met with considerable skepticism. The burgeoning Indian computing industry is complaining that government interference will prevent them from making full use of the bandwidth and hampering growth. These charges are also aimed at official policies that allowed state-run companies to monopolize numerous aspects of the Internet service industry. It remains to be seen what precise effect these regulations will have on privacy in cyberspace.

Read "India unveils rules for private Internet gateways," Reuters, August 14, 2000 at http://www.totaltele.com/view.asp?ArticleID=29883&pub+tt&categoryid=626


[16] Japanese net tapping law in effect

A wide spectrum of groups fear that a new Japanese law will erode privacy in cyberspace.

The Communications Interception Law, which was passed in 1999, has finally come into force. Among other things, the new statute allows Japanese law enforcement officials access to private e-mail accounts if they are investigating certain types of crime, which can even include immigration-related offences. The measure had received negative reviews from many quarters, ranging from opposition party leaders to computer scientists. Indeed, polls showed that a majority of the public did not support the bill and feared that the new standards would have a deleterious effect on individual privacy.

In spite of the bill's passage, many network providers and privacy groups have continued the fight. Under current Japanese laws, government agents must include an observer from the company whose network is being tapped. However, several companies, including NTT DoCoMo (the country's biggest mobile telecom carrier), are refusing to send such witnesses. Meanwhile, cyberliberties groups such as Japanese Net Workers against Surveillance Taskforce (NaST-a GILC member) have organized public protests asking legislators to repeal the new statute. NaST (along with several other organizations) recently submitted a formal petition with 100,000 signatories to the Diet (Japanese parliament), asking representatives to repeal the new wiretapping statute.

For further information (in Japanese), visit the NaST homepage at http://www.jca.apc.org/privacy/

For English-language details on the new law and the NaST petition, visit http://www.apc.org/english/news/archive/jca_001.htm

See also Martyn Williams, "Japan's Police Gain Right to Tap Phone, E-Mail," The Industry Standard, August 15, 2000 at http://www.thestandard.com/article/display/1,1151,17697,00.html


[17] TrustE tracked visitors

A group that supported industry attempts at privacy self-regulation apparently tracked computer users through its website.

Over the past few years, TrustE encouraged its corporate partners to write better privacy policies and has given away seals of approval. However, a security group named Interhack recently discovered that TrustE's website was using digital identification files called "cookies" and tiny images (known as "webbugs") to monitor visitors online. This practice was not even mentioned in TrustE's own privacy policy. After a reporter contacted TrustE asking for comments, the tracking system was discontinued. A spokesperson for the group admitted that TrustE had allowed a major information and marketing company, Internet.com, to monitor traffic on its website, but that the organization "cut all ties with Internet.com so that we could investigate this further."

This incident cast further doubts as to whether computer companies or other self-regulatory initiatives can be trusted to protect online privacy. TrustE had already drawn criticism for failing to withdraw seals of approval from companies like RealNetworks that had secretly tracked users. Interhack president Matt Curtin pointed out that TrustE had "been making a lot of noise about making policy that will protect privacy, and they have a policy that does not disclose what exactly they are giving out. They really ought to know better."

For more details, read "Net privacy firm tracked site visitors," Associated Press August 25, 2000 at http://www.usatoday.com/life/cyber/tech/cti444.htm

To see TrustE's privacy policy, click http://www.truste.com/TRUSTe_privacy.html


[18] Survey: Americans worried about privacy

"The vast majority of American Internet users want the privacy playing field tilted towards them and away from online companies. They think it is an invasion of their privacy for these businesses to monitor users' Web browsing."

That is according to a recent report by the Pew Internet & American Life Project. The study, entitled "Trust and privacy online," found that a whopping 86% of Internet users want policy that would force Internet companies to ask them permission before using information about them (a procedure known as "opt-in"). A majority of the Internet users surveyed (54%) believe that "Web sites' tracking of Internet users is harmful because it invades their privacy." Additionally, "94% of Internet users want privacy violators to be disciplined." A number of respondents have taken matters into their own hands by providing false personal information, as well as using encryption and anonymizing software.

"Trust and privacy online" is available at http://www.pewinternet.org/reports/toc.asp?Report=19


[19] New Spector software spies on users

Several new software packages may be jeopardizing Internet privacy.

One of these programs, known as "Spector," secretly takes screen shots of the monitor on a target computer every few seconds, then saves these shots for future viewing. Spector can capture a whole host of personal information--including passwords, private e-mail messages, downloaded images, chat room dialogue and financial data--all without the target individual's knowledge or consent. Even more alarmingly, a spokesperson for Spectorsoft (which manufactures Spector) said that sales of the product had risen by 900% over the past year. The software maker has now introduced a new version (called eBlaster) that allows easier monitoring from another computer.

The widespread use of these programs has led to several disturbing developments. For one thing, some people have started to buy and use this software simply to invade people's privacy; as one aficionado admitted, "It's kind of like an addiction." Not surprisingly, the Florida Attorney General's office has launched an investigation to determine whether Spectorsoft's products violate state privacy laws.

Read Chris Kridler, "Home-spying software prompts investigation," Gannett News Service, August 29, 2000 at http://www.usatoday.com/life/cyber/tech/cti451.htm

For more details, see James Walker, "Cyber-Spying," ABC News (US), August 21, 2000, at http://abcnews.go.com/onair/WorldNewsTonight/wnt000821_cyberspying_feature.html

See also Libby Copeland, "Cyber-Snooping Into A Cheating Heart," Washington Post, August 8, 2000, page C1, at http://washingtonpost.com/wp-dyn/articles/A52154-2000Aug7.html


[20] For sale: student email addresses

Hoping to go to college? You may have to give up your privacy first.

The College Board administers the heavily used Scholastic Aptitude Test (SAT) to millions of college applicants. Now it is taking the e-mail addresses it has collected from its test-takers and putting them up for sale. The Board apparently has already sold other forms of personal information to a multitude of recipients, including names and home addresses. As Brad Quin of the College Board crowed, "We're talking about providing colleges sometimes hundreds and thousands of names where they're really cultivating first contact." Marketing companies are also delighted by this move; Brian Niles from TargetX.com claimed that "Students don't want mail, they want e-mail."

So far, the Board has failed to explain precisely how these applicants will be able to prevent the dissemination of this personal data, short of giving up their college dreams. Furthermore, it is highly unlikely that these students (who must pay service fees simply to take the test) will receive any compensation for this apparent invasion of privacy.

See "Student e-mail addresses up for sale," Associated Press, August 17, 2000, at http://www.msnbc.com/news/447582.asp


[21] Drug websites track users

Looking to find out information on new drug cures? Someone may be secretly looking over your shoulder.

Pharmatrak Inc. has recently admitted to tracking visitors to several drug company websites. The Boston-based company did this by using digital identification files called "cookies" and tiny images (known as "webbugs"). Pharmatrak has apparently accumulated such extensive files on users that it can even tell what profession a visitor belongs to as well as their location and what files they collect. Moreover, since the company is not technically and advertising service, it falls within a loophole in a much ballyhooed privacy arrangement that was recently endorsed by the United States Federal Trade Commission (FTC).

Several experts have savaged this surreptitious monitoring of individuals online. Richard M. Smith of the Privacy Foundation charged that Pharmatrak's methods were "all hidden" and were "getting very close to that line of what nice people don't do." One state attorney general is threatening legal action, saying that this scheme had "taken stealth to a new low. It is a classic example of corporate surveillance." Yet in spite of this criticism, Pharmatrak has announced plans to step up its spying ways, stating that "[i]n the future, we may develop products and services which collect data that, when used in conjunction with the tracking database, could enable a direct identification of certain individual visitors."

For further details, see Robert O'Harrow Jr., "Firm Tracking Consumers on Web for Drug Companies," Washington Post, August 15, 2000, page E1, at http://washingtonpost.com/wp-dyn/articles/A25494-2000Aug14.html


[22] Wearable computers erode privacy

Worried about your privacy online? Imagine if you were actually wearing your computer.

Blue jeans manufacturer Levi's and electronics manufacturer Philips have joined forces to create electronic clothing. These suits connect the wearer to the Internet, and include cellular telephone hookups, audio players, microphones, headphones and remote control panels. However, it is not clear whether the designers made any attempt to preserve the privacy of the wearer. Indeed, a Philips spokesperson noted that these clothes would allow other people to discover very personal information about users, including sensitive medical data such as heart rates.

As it turns out, these devices have even more serious problems besides the privacy issues. For one thing, the jackets are prone to severe computer crashes. Worse still, the suits apparently are not waterproof, and may malfunction if they are worn in the rain or washed.

See "'Techno' clothing hits high street," BBC News Online, August 16, 2000 at http://news.bbc.co.uk/low/english/sci/tech/newsid_882000/882254.stm


ABOUT THE GILC NEWS ALERT:

The GILC News Alert is the newsletter of the Global Internet Liberty Campaign, an international coalition of organizations working to protect and enhance online civil liberties and human rights. Organizations are invited to join GILC by contacting us at gilc@gilc.org. To alert members about threats to cyber liberties, please contact members from your country or send a message to the general GILC address.

To submit information about upcoming events, new activist tools and news stories, contact: GILC Coordinator, American Civil Liberties Union 125 Broad Street 17thFloor, New York, New York 10004 USA. email: gilcedit@aclu.org

More information about GILC members and news is available at http://www.gilc.org. You may re-print or redistribute the GILC NEWS ALERT freely. To subscribe to the alert, please send an mail to gilc-announce@gilc.org with the following message in the body: subscribe gilc-announce


PUBLICATION OF THIS NEWSLETTER IS MADE POSSIBLE BY A GRANT FROM THE OPEN SOCIETY INSTITUTE (OSI)