GLOBAL

INTERNET

LIBERTY

CAMPAIGN



NEWS

 GILC Actions 

 Presswire 


ISSUES

 Free Speech 

 Privacy 

 Cryptography

 Access


RESOURCES

 GILC Alert 

 Mailing List
 GILC Events 


ABOUT GILC

 Principles

 Members 

 Mail GILC 


Home Page

US Site
European Mirror

 

GILC Alert
Volume 6, Issue 5

July 23, 2002

 

Welcome to the Global Internet Liberty Campaign Newsletter.

             

Welcome to GILC Alert, the newsletter of the Global Internet Liberty Campaign. We are an international organization of groups working for cyber-liberties, who are determined to preserve civil liberties and human rights on the Internet.

We hope you find this newsletter interesting, and we very much hope that you will avail yourselves of the action items in future issues.

If you are a part of an organization that would be interested in joining GILC, please contact us at gilc@gilc.org.

If you are aware of threats to cyber liberties that we may not know about, please contact the GILC members in your country, or contact GILC as a whole.

Please feel free to redistribute this newsletter to appropriate forums.


Free expression

[1] Beijing Net censorship grows after cybercafe fire
[2] Greenpeace Stop Esso website logo flap
[3] Danish court rules against deep weblinks
[4] New Zimbabwe Internet censorship case
[5] Tunisian gov't jails Net protestor
[6] ICANN nixes public elections
[7] Spain approves controversial Info Society bill
[8] Italian police censor US-hosted sites
[9] Korean music website loses in court
[10] Yahoo email censorship program revealed
[11] 2600 magazine's Net speech fight ends
[12] Australian bill would hide Net censor details
[13] New initiative to protect anonymous speech online

Privacy

[14] French LOPSI bill endangers Net privacy
[15] British Net personal info sharing plan shelved
[16] Australian government rejects email spying plan
[17] Microsoft Palladium plan causes privacy worries
[18] Korean e-commerce privacy abuses revealed
[19] US bill would allow Hollywood computer attacks

[20] New GILC member: Stop 1984


[1] Beijing Net censorship grows after cybercafe fire

Over the past month, the mainland Chinese government has tightened its grip on Internet dissent through a number of harsh measures.

Among other things, Chinese authorities have forced many cybercafes across the country to shutdown. Government agents have closed nearly 2400 Internet cafes in Beijing alone; similar efforts have been launched in other cities, including Shanghai, Guangzhou (Canton), Tianjin and Shenzhen. Although a few cybercafes have since reopened, they are being required to get or renew government licences, and to install powerful Internet blocking packages such as Filter King. Filter King not only censors such items as foreign news and religious information, but can also record users' attempts to access banned information and send reports to the police. In addition, the Chinese government has pressured many Internet service providers and Web portals to sign "self-discipline" agreements requiring them to curb "the spread of harmful information," including materials deemed "harmful to national security or social stability."

These moves came after a deadly fire at a Beijing cybercafe several weeks ago. Although Chinese officials claim that these measures were necessary due to public safety concerns, many observers believe that the fire merely provided an excuse for the government to clamp down on Internet free speech. These suspicions were bolstered when the Chinese government tried to use the tragedy to justify certain initiatives, such as the use of Filter King, which had little or nothing to do with fire prevention. Indeed, some experts have suggested that Beijing's censorial measures were at least partly responsible for the tragedy by forcing people into unsafe environments in order to express themselves freely online.

Meanwhile, new programs are being developed to counter the effects of Beijing-sponsored censorware. One of these programs, dubbed Six-Four (in reference to the 4 June 1989 government massacre of Chinese students in Tienanmen Square), is a special peer-to-peer protocol that will allow users to create virtual private networks and tunnel past Internet blocking schemes. Six-Four, which was unveiled at a recent H2K2 hackers conference in New York, will be formally released sometime next year.

For further information, visit the Digital Freedom Network (DFN-a GILC member) website under http://dfn.org/news/china/cafe-reopen.htm

See "Beijing Internet cafes reopen after fire," Reuters, 18 July 2002 at http://news.zdnet.co.uk/cgi-bin/uk/printer_friendly.cgi?id=2119332

To read the text of the "Public Pledge on Self-Discipline for China Internet Industry," click http://dfn.org/voices/china/selfdiscipline.htm

See "Net portals pledge to axe 'subversive content'," South China Morning Post, 16 July 2002 at http://www.asiamedia.ucla.edu/Weekly2002/07.16.2002/China4.htm

See "China internet firms 'self-censoring'," BBC News Online, 5 July 2002 at http://news.bbc.co.uk/hi/english/world/asia-pacific/newsid_2098000/2098530.stm

Read "Deadline tightens mainland Net crackdown," South China Morning Post, 1 July 2002 at http://www.asiamedia.ucla.edu/Weekly2002/07.02.2002/China3.htm

For more on attempts to restrict cyber-café operations in Hong Kong, see "Cyber-café regulations unveiled," South China Morning Post, July 18, 2002 at http://www.asiamedia.ucla.edu/Weekly2002/07.16.2002/HongKong9.htm

For more on Filter King censorware, read "Cyber-cafes 'ordered to install spy programs' after fire," South China Morning Post, 29 June 2002 at http://www.asiamedia.ucla.edu/Weekly2002/06.25.2002/China13.htm

For further details in French (Francais), read Jerome Thorel, "Les portails chinois pretent serment a la censure politique," ZDNet France, 17 July 2002 at http://news.zdnet.fr/story/0,,t118-s2119285,00.html

For information in German (Deutsch), see Katja Seefeldt, "China macht das Netz dicht," Heise Telepolis, 17 July 2002 at http://www.heise.de/tp/deutsch/inhalt/te/12924/1.html

Read "Hackers target web censorship," BBC News Online, 15 July 2002 at http://news.bbc.co.uk/hi/english/sci/tech/newsid_2129000/2129390.stm

See also Eric Auchard, "Hackers Take Aim," Reuters, 15 July 2002 at http://www.cbsnews.com/stories/2002/07/12/tech/printable515044.shtml


[2] Greenpeace website logo flap

A veteran environmental group is facing several lawsuits in connection with doctored logos that were posted on its protest websites.

In one of these cases, Greenpeace, along with several coalition partners, has been waging a campaign against petroleum giant Esso, claiming that the firm has done "more than any oil company to block international action on global warming." As part of this campaign, it created a special logo based on Esso's insignia, but replaced the double "s" in Esso with a double dollar sign ("$$"). These logos were posted on several Greenpeace-related websites, including a special "Stop Esso" webpage in France. The oil conglomerate's French subsidiary then sued Greenpeace's French division and the division's webhost (Internet FR) in a Paris court, on the grounds that the altered Esso symbols damaged its reputation (while curiously claiming that the lawsuit had nothing to do with Greenpeace's right to protest). The presiding judge threw out the lawsuit against the webhost, but issued a preliminary injunction against Greenpeace France's use of the doctored Esso logo pending a full trial; if Greenpeace fails to comply, it could be fined 5000 Euros per day.

In a statement, Greenpeace called the ruling "a blow to freedom of expression on the Internet" and "climate protection." One of the group's spokespeople Stephanie Tunmore, labeled the lawsuit as "just another attempt by Esso to use its money as a means of continuing its dirty business unhindered. ... Esso's action in taking Greenpeace to court has simply made its bad reputation worse." A number of cyberliberties groups have spoken out in support of Greenpeace, including Imaginons un Reseau Internet Solidaire (IRIS-a GILC member), which expressed concern over how trademark laws increasingly were being used to stifle criticism and otherwise threaten noncommercial activities.

Subsequently, another company sued Greenpeace on similar grounds. Nuclear processing firm Areva has launched a legal action against Greenpeace France, Greenpeace New Zealand and Internet FR, over another protest logo, which had a stylized skull as the shadow of the firm's corporate symbol. A formal hearing date on this second lawsuit has yet to be scheduled.

For more on the Areva lawsuit in French (Francais), read Christophe Guillemin, "Greenpeace France a nouveau assigne pour detournement de logo," ZDNet France, 18 July 2002 at http://news.zdnet.fr/story/0,,t118-s2119386,00.html

To see Greenpeace's anti-Areva logo, click http://www.greenpeace.fr/campagnes/nucleaire/retraitement/index.php3

To read the text of the Stop Esso ruling (in PDF format), click http://archive.greenpeace.org/esso/essofrdecision.pdf

A Greenpeace press release on this subject is posted under http://www.greenpeace.org/news/details?news_id=17797

The French Stop Esso website is located at http://greenpeace.fr/stopesso/

For an Esso press release on this subject (in PDF format), click http://www.esso.com/eaff/essofrance/pdf/Esso_France_lawsuit_against_Greenpea ce_july_8.pdf

An IRIS press release about the French Esso case is available at http://www.iris.sgdg.org/info-debat/comm-esso0602.html


[3] Danish court rules against deep weblinks

A Danish court has ruled that an online news service can provide weblinks to only the front pages of other Internet sites.

The case involved a lawsuit by the Danish Newspaper Publishers' Association against Newsbooster, which had provided so-called deep links to individual Danish newspaper articles. Presiding Judge Michael Kistrup held that Newsbooster's practices violated Danish copyright and marketing laws. He barred Newsbooster from creating deep links to any web content owned by Association members. The judge also went so far as to ban the service from "reproducing and publishing headlines from the Internet versions" of Association publications. The case will now be sent to the Danish Maritime and Commercial Court, which will decide whether to confirm Kistrup's order within the next few weeks.

The decision provoked derision and scorn from many observers, who fear that it will hurt free speech and rob the Information Superhighway of its utility. As legal expert Victor Angeleno pointed out: "Linking is the way the Web works. If judges continue to rule on a case-by-case basis against linking, the Web will simply unravel."

To read a transcript of Judge Kistrup's ruling, click http://www.newsbooster.com/?pg=judge&lan=eng

Read Michelle Delio, "Deep Link Foes Get Another Win," Wired News, 8 July 2002 at http://www.wired.com/news/print/0,1294,53697,00.html

For further background information, see Lisa M. Bowman, "Linking threats under the radar?" CNet News, 3 July 2002 at http://news.com.com/2100-1023-941556.html


[4] New Zimbabwe Internet censorship case

Attempts by the government of Zimbabwe to punish a journalist for his Internet articles may have serious global free speech implications.

Andrew Meldrum wrote an article regarding a claim by the Zimbabwe Daily News that ruling party sympathizers had cut off the head of a woman in a politically-motivated killing. Meldrum's article was posted on the website of the British newspaper, The Guardian (which is otherwise unavailable in Zimbabwe). Subsequently, officials in Zimbabwe charged him under the country's so-called Access to Information and Protection of Privacy Act, which has been derided by human rights advocates for helping to stifle free speech while permitting massive government surveillance. Prosecutors claimed that the laws of Zimbabwe should apply to Meldrum even though the offending article was posted on a server in Britain. Although the trial court cleared the reporter of charges that he "published falsehoods," the government of Zimbabwe then tried to deport him, claiming he was a "security risk." The deportation order has been stayed pending a hearing before the country's Supreme Court.

The Meldrum case is believed to be the first instance where a country attempted to apply its criminal laws to postings on an overseas Internet news site. Previous legal disputes focused on the extraterritorial effect of civil laws (such as defamation) on the Information Superhighway. Ironically, some experts believe that the case may have a damaging impact on the government of Zimbabwe, which previously had argued that the Act was largely domestic in nature in response to the Act's many critics abroad.

For the latest details, read "Zimbabwe reporter wins reprieve," BBC News Online, 17 July 2002 at http://news.bbc.co.uk/hi/english/world/africa/newsid_2133000/2133512.stm

For further information, visit the Digital Freedom Network (DFN-a GILC member) website under http://dfn.org/news/zimbabwe/meldrum2.htm

See also Geoffrey Robertson, "Mugabe versus the Internet," The Guardian, 17 June 2002 at http://www.guardian.co.uk/internetnews/story/0,7369,739026,00.html


[5] Tunisian gov't jails Net protestor

Tunisian authorities have arrested the proprietor of a prominent local news website.

Zouhair Yahyaoui founded and edited TUNeZINE, which included coverage of political affairs in the North African nation and materials from opposition party leaders. Recently, he republished a letter written by his uncle that deplored the country's legal system. He was then charged with "knowingly putting out false news" and "stealing" Internet connection time from the cybercafe where he worked. A Tunisian court sentenced him to 2 years and 4 months in jail, which was only reduced by 4 months on appeal.

Not surprisingly, these events have alarmed free speech advocates. Robert Menard from Reporters Without Borders called the arrest and prosecution of Yahyaoui "outrageous" and added that Tunisian "President Ben Ali has committed all kinds of abuses against his opponents. When is this going to stop?"

For more information in French (Français), visit the TUNeZINE website at http://www.tunezine.com/

See also Christophe Guillemin, "Pas de miracle pour le cyberdissident tunisien," ZDNet France, 12 July 2002 at http://news.zdnet.fr/story/0,,t118-s2118983,00.html

For English language coverage, read Dermot McGrath, "Tunisian Net Dissident Jailed," Wired News, 13 June 2002 at http://www.wired.com/news/print/0,1294,53186,00.html


[6] ICANN nixes public elections

The organization tasked with running the Internet domain name system has decided to eliminate public elections from its governance structure.

In a resolution, the Internet Corporation for Assigned Names and Numbers has approved a "Blueprint" that, among other things, does not include any plans to resume ICANN public elections. Instead, under this scheme, an ICANN Nominating Committee would select Board members. This decision received a strongly negative response from many quarters; the Center for Democracy & Technology (CDT-a GILC member) issued a joint statement with Common Cause calling the Blueprint "fatally flawed in critical areas." Similarly, Jamie Love from the Consumer Project on Technology savaged the plan as a "cynical, top-down staff-board-managed PR [Public Relations] exercise that will ... be used by the board to pack key committees ... with cronies."

As ICANN continues to move forward with its plans for reorganization, many observers believe that the debate will continue at many other levels, including the United States government, which retains considerable control over ICANN operations. Indeed, several ranking U.S. Congressmen sent a letter to U.S. Commerce Secretary Donald Evans stating that they "desire to see some specific concepts included in any reform package to ensure legitimacy and the continued existence" of ICANN. Among other things, they argued that the domain body "needs to be an independent review process that provides complainants with a fair, speedy, and unbiased resolution." The Congressmen also suggested that the Department of Commerce should only renew its Memorandum of Understanding with ICANN for a "short-term ... unless and until ICANN can show that reforms, necessary to limit its authority and provide for accountability and transparency, have been implemented."

The text of the ICANN resolution is posted under http://www.icann.org/minutes/prelim-report-28jun02.htm#EvolutionandReform

For a joint Common Cause-CDT statement on ICANN's decision, click http://www.cdt.org/press/020628press.shtml

The text of Congressmen's letter to Secretary Evans is available at http://energycommerce.house.gov/107/letters/06202002_628.htm

See "Net body under pressure," BBC News Online, 3 July 2002 at http://news.bbc.co.uk/hi/english/sci/tech/newsid_2088000/2088911.stm

Read "ICANN to Net users: No, you can't," Reuters, 28 June 2002 at http://news.com.com/2100-1023-940291.html

See also David McGuire, "ICANN Critics Consider Options," WashingtonPost.com, 28 June 2002 at http://www.washingtonpost.com/wp-dyn/articles/A60596-2002Jun28.html

For further background information, click http://www.internetdemocracyproject.org


[7] Spain approves controversial Info Society bill

The Spanish government has approved a proposal that critics warn will seriously erode human rights on the Internet.

The LSSI bill (meaning La Ley de Servicios de la Sociedad de la Informacion y de Comercio electronico) will essentially allow "administrative authorities" within the government to shut down websites. Previously, this exercise of this power required court approval. Spanish government officials have hinted that they plan to use these powers to control online content. In addition, the bill includes provisions allowing customer data to be kept for up to a year, which government agents may access with the consent of a judge.

The bill has drawn heavy fire as a serious threat to civil liberties (particularly freedom of speech). For example, although several conditions were introduced to clarify in which way "administrative authorities" are able to shut down sites, a number of observers believe these supposed safeguards are not enough, and that the power to shutdown sites should stay in the hands of judges. These and other concerns have led some experts to claim that the LSSI is unconstitutional; at least one cyberliberties group, Kriptopolis (a GILC member), is campaigning to have the LSSI examined by the Spanish Constitutional Council.

For more on Kriptopolis' anti-LSSI campaign, click http://www.kriptopolis.com/net/index.php

To read the text of the LSSI bill in Spanish (Espanol), click http://www.lssice.com/legislacion/lssice.html

See "El Congreso aprueba la 'Ley de Internet' con el voto en contra de PSOE, IU y PNV," ElPais.es, 27 June 2002 at http://www.elpais.es/articulo.html?anchor=elpepunet&xref=20020627elpepunet_1&type=Tes&date=


[8] Italian police censor US-hosted sites

Italian government agents have censored Internet content that was hosted in the United States.

A Vatican state newspaper had brought the websites to the attention of Italian police. According to local authorities, the 5 sites contained harsh language, which is illegal under Italian law, and included sexual imagery alongside verbal references to God and the Virgin Mary. In response, Italian law enforcement officials, who claimed that the content essentially offended the "dignity of the people," used the password of one of alleged site creators to remove both the text and the images, replacing them with the seals of their special unit and the following proviso: "Site seized by the Head of Rome's Special Police Force on the orders of Rome's Chief Prosecutor." The site's authors have yet to be charged with a crime.

This apparent cross-border attempt to censor Internet content is seen by many experts as a setback for free expression. Last year, a U.S. Federal court ruled that French speech restrictions could not be enforced in the United States against content posted in the U.S. by online portal company Yahoo. The case is currently on appeal.

To see one of the targeted websites (after it was censored), click http://www.porcamadonna.com/

Read "Net extends reach of national governments," Associated Press, 22 July 2002 at http://www.usatoday.com/tech/news/techpolicy/2002-07-22-borderless-internet_ x.htm

See "Italy gags 'porno' Virgin Mary sites," BBC News Online, 10 July 2002 at http://news.bbc.co.uk/hi/english/world/europe/newsid_2119000/2119780.stm


[9] Korean music website loses in court

A court has ruled against the proprietors of a Korean file-trading webpage.

Soribada (which means "sea of sound") was created by two Korean brothers and allowed users to trade MP3 music files with each other. Soon afterwards, 16 members of the Recording Industry Association of Korea, including the association's chairman Park Kyung-Joon, sued Soribada on copyright infringement grounds in the hopes of shutting down the service. This past week, a local court in Korea sided with the RIAK, holding that the "operators of Soribada should not allow Netizens to download or upload MP3 files of songs belonging to the firms Chairman Park and the 15 others." Towards that end, the tribunal imposed a 200 million won fine (USD 170,000) on the brothers (to be paid within 7 days) and essentially ordered them not to use their servers for file-trading purposes.

Many Internet users have expressed outrage over the ruling, claiming that it will damage free expression over the Information Superhighway. One of them complained: "It's nonsense that the recording industry is insisting that free exchanges of music files among members of Soribada constitutes a breach of property rights. Soribada only plays a role of the middleman in the exchange." Jinbonet, a Korean cyberliberties group, noted that the legal battle waged against Soribada reflected an antiquated view of copyrights that failed to take technological advances into account: "The law enforcement authorities must understand the paradox of copyrighted music in this new era of digital media. The decision shows that our society still approaches online copyright issues from the offline point of view." An appeal of the ruling is expected shortly.

For the latest details, see Kim Deok-hyun, "Online Music Fans Challenge Ruling," Korea Times, 15 July 2002 at http://www.hankooki.com/kt_tech/200207/t2002071519543645110.htm

See also Lee Chi-dong, "Ruling Against 'Soribada' Bans MP3 Sharing," Korea Times, 12 July 2002 at http://www.hankooki.com/times/200207/t2002071218004240110.htm


[10] Yahoo email censorship program revealed

Internet giant Yahoo has confirmed that it censors its customers' email messages through an elaborate word-changing scheme.

Under this scheme, which was used for Yahoo's free email service, replaced words in email messages (and attached files) with other terms. For example, "mocha" was converted to "espresso" and "expression" into "statement." The program even altered portions of words (such as "eval"), so "evaluate" was turned into "reviewuate" and "medieval" becomes "medireview". This censorship system has been operational since at least March 2001, apparently without any notice to the people who were affected.

The company said its program is designed to prevent the spread of computer viruses-a claim that was viewed with skepticism by many observers. Technology expert Richard M. Smith charged, "You don't need to change text of e-mail," and suggested other methods by which Yahoo could stop malicious attackers (such as deactivating Javascript programming commands.

See Stefanie Olsen, "Yahoo Mail puts words in your mouth," CNet News, 17 July 2002 at http://news.com.com/2100-1023-944315.html

Read "Yahoo admits mangling e-mail," BBC News Online, 19 July 2002 at http://news.bbc.co.uk/hi/english/sci/tech/newsid_2138000/2138014.stm

See also "Yahoo! Can Make You Seem Like Yo-Yo," CBS News Online, 18 July 2002 at http://www.cbsnews.com/stories/2002/07/18/tech/printable515524.shtml


[11] 2600 magazine's Net speech fight ends

A closely watched Internet copyright case has ended in disappointment for free speech activists.

The case, which had lasted over 2 years, revolved around DeCSS--a primitive computer program that was meant to help users of the Linux operating system view DVDs on their machines. 2600 magazine provided information about DeCSS information on its website, the Motion Picture Association of America (MPAA) sued the publication under the Digital Millennium Copyright Act (DMCA). Last year, a United States Federal appeals panel upheld a trial court ruling against 2600 magazine that, among other things, bars the publication from even linking to other websites that contain DeCSS.

After the panel refused a request to reconsider its decision, 2600 decided not to appeal the case to the U.S. Supreme Court. The Electronic Frontier Foundation (EFF-a GILC member), which had represented the magazine during its long legal battle, expressed the hope that a future dispute "will provide a better foundation for the Supreme Court to act on the problems created by the Digital Millennium Copyright Act." EFF staff attorney Robin Gross added that, in the meantime, "EFF and 2600 magazine will strive to ensure that the public need not sacrifice its side of the copyright bargain to Hollywood's fears of piracy."

An EFF press release on this subject is posted under http://www.eff.org/IP/Video/MPAA_DVD_cases/20020703_eff_2600_pr.html

See Lisa M. Bowman, "Copyright fight comes to an end," CNet News, 3 July 2002 at http://news.com.com/2100-1023-941685.html


[12] Australian bill would hide Net censor details

New legislation could make it more difficult to determine what the Australian government has censored online.

Proposed changes to the country's Freedom of Information (FOI) Act would curb access to records regarding a controversial Internet scheme to regulate web content. Under this complaint-based regime, which was created nearly 3 years ago, certain websites are supposed to be screened out or taken down based on guidelines that had previously been applied to films. The list of affected webpages includes sites that contain "verbal references to ... suicide, crime, corruption, marital problems, emotional trauma, drug and alcohol dependency, death and serious illness, racism, [or] religious issues."

After the standards took effect, Electronic Frontiers Australia (EFA-a GILC member) requested documents from the Australian Broadcasting Authority (ABA) regarding what sites had been the subject of complaints. However, many of the documents that the ABA released in response were heavily redacted, including such basic information as the URLs and names of webpages that had been taken down. The new FOI amendments would allow the ABA and the Office of Film and Literature Classification (OFLC) to prevent the release of such documents altogether.

Free speech advocates are urging the government to reject the proposal. EFA Executive Director Irene Graham warned that the noted that the planned FOI changes would greatly limit public oversight: "The ABA and OFLC could write the name of a 'prohibited' web page on any document they don't want to release and the entire document would then be exempt." She called the proposal "an admission by the Government that its Internet censorship laws have failed to achieve their objective. If material the government claims has been 'taken down' was not still accessible, there would be no reason to use FOI law as a tool of censorship."

An EFA press release on this subject is available under http://www.efa.org.au/Publish/PR020719.html


[13] New initiative to protect anonymous speech online

A number of groups have started a joint initiative to help defend the right of people to speak anonymously through the Information Superhighway.

This new undertaking specifically focuses on cases where people have chosen to publish critical comments online without using their actual names, such as company whistleblowers. Oftentimes, the targets of such criticism have launched lawsuits and tried to get personal details about those speakers from the relevant Internet service providers (ISPs) through subpoenas. In many instances, even though the underlying lawsuits were without merit, the identities of the speakers were revealed without their knowledge, leading to harassment and abuse.

As part of the new project, Internet service providers are being urged to include in their privacy policies a promise that they will notify any customer whose personal information or identity is subpoenaed. In addition, an informational Web site has been created that includes answers to "Frequently Asked Questions" and legal briefs. Among the list of organizations who participating in this endeavor are several GILC members, notably the Electronic Privacy Information Center, the Center for Democracy and Technology, the Electronic Frontier Foundation, and the American Civil Liberties Union.

For further details, click http://www.cyberslapp.org


[14] French LOPSI bill endangers Net privacy

Controversy has arisen over a new French proposal that may have a serious negative impact on Internet privacy rights.

On 17 July 2002, the French National Assembly adopted in its first reading a Law for Orientation and Programming for Internal Security (Loi d'Orientation et de Programmation pour la Securite Interieure-LOPSI). Among other things, the plan will grant law enforcement authorities direct access to the personal data of Internet users, which will be retained by telecom operators and Internet service providers. This would change current laws that mandate government agents to file a requisition addressed to the relevant telecommunications provider before they can get the desired personal information. LOPSI was submitted to the Assembly through an emergency procedure, and a draft document is expected to appear this fall detailing and implementing the means for such direct access. The government's purported justification for such a provision is to overcome "the incapacity of the public or private institutions [including] telecom operators ... to answer within [a] reasonable time the requisitions carried out by the legal senior police officers at the request of the judicial authority".

The proposal has already generated a fair amount of criticism. In a detailed analysis, Imaginons un Reseau Internet Solidaire (IRIS-a GILC member) noted that LOPSI would abrogate one of the few procedural checks left against government surveillance-the required filing of a requisition. By removing this requirement, IRIS warned that the legal regime would increase the likelihood of abuse. Moreover, the group raised the possibility that the LOPSI and its progeny could be used to coalesce personal information into a single centralized database, making it even easier for government agents to spy on unsuspecting innocent civilians.

To many observers, LOPSI represents just the latest in a series of French government moves that have badly eroded privacy rights online. Previously, the French government had approved a package of security measures popularly known as LSQ (short for "la Loi n°2001-1062 du 15 novembre 2001 sur la Sécurité Quotidienne"), which contained language allowing "technical data involved in a communication" to be kept for up to one year. IRIS filed a complaint against LSQ with the European Commission, but the Commission has yet to make a formal decision on the matter.

An IRIS press release on this subject is available at http://www.iris.sgdg.org/info-debat/comm-lopsi0702.html

To read an IRIS analysis of LOPSI, click http://www.iris.sgdg.org/documents/lopsi.html

For background information on LSQ and other French data privacy issues, see http://www.iris.sgdg.org/documents/pvipm-conf/


[15] British Net personal info sharing plan shelved

After a firestorm of controversy, the British government has held off plans to expand the list of officials who could conduct online surveillance. But questions remain as to whether officials in the United Kingdom have already overstepped their Internet snooping powers.

The Regulation of Investigatory Powers (RIP) act has been in the center of a heated debate that has lasted several years. The act mandated telecommunications providers to facilitate government surveillance of email, mobile phone, fax and Internet activities. Since its introduction, the act has been opposed by Internet users and civil rights groups who feared a huge encroachment on individual privacy of ordinary citizens, as well as by industry leaders who were alarmed at the prohibitive costs of buying and implementing the technology.

Last month, the British government sought to vastly increase the number of organizations that could conduct surveillance under the RIP act. The list of agencies that would be given RIP wiretapping powers were not limited to law enforcement bodies and included such groups as the British Food Standards Agency and National Health Services-over 500 agencies in all. Proponents of the move originally maintained that there was nothing drastic about this expansion, claiming that the practice was already widespread. Cyber-libertarians, however, were quick to point out that it wasn't in fact the case: the vast majority of the requests for information were made by the police and were only requests for subscriber information, whereas the new plan would have allowed a vast number of government agencies to carry outfar more extensive and invasive surveillance.

British officials ultimately did an about-face after a blizzard of protests; within days, they announced that the plan had been shelved indefinitely. Some privacy experts, however, still fear that the plan could at some point be resurrected, presenting a renewed challenge to cyberprivacy protections. In the meantime, the RIP act itself goes into effect on August, raising alarm among Internet service providers (ISPs), who are scrambling to acquire and implement the necessary technology, as well as many individual Internet users.

See "Switch on for State Snooping", BBC News Online, 17 July 2002 at http://news.bbc.co.uk/hi/english/sci/tech/newsid_2124000/2124551.stm

Read "Tech industry questions snooping figures," BBC News Online, 26 June 2002 at http://news.bbc.co.uk/hi/english/sci/tech/newsid_2065000/2065671.stm

See Giles Turnbull, "The fax machine uprising," BBC News Online, 24 June 2002 at http://news.bbc.co.uk/hi/english/in_depth/sci_tech/2000/dot_life/newsid_2062 000/2062418.stm

See also Paul Stevens, "RIPA demands push up ISP costs," ZDNet UK, 9 July 2002 at http://techupdate.zdnet.co.uk/story/0,,t481-s2118813,00.html


[16] Australian government rejects email spying plan

In a closely watched vote, the Australian senate rejected a proposal that would have increased government surveillance powers along the nation's telecommunications networks.

The Senate voted on June 27 to reject the amendment to a part of the 'Telecommunications Interception Legislation Amendment Bill 2002', one of several anti-terrorism Bills. If passed, the amendment would have authorized a host of government agencies to capture and read various types of electronic communications without a warrant. Under this scheme, government officials would have been able to intercept transmissions as they passed through a given telecommunications provider's equipment. The types of information that could be collected under the bill included emails, mobile text communications and voice mail messages.

The proposal had been savaged by many cyberlibertarians. Irene Graham, Executive Director of Electronic Frontiers Australia (EFA-a GILC member), applauded various politicians who had opposed the bill for "protecting the privacy rights of users of new telecommunications technologies. We are delighted to see a growing number of parliamentarians showing they understand the technologies and related issues." Despite the victory, there is concern that the government may soon re-introduce the proposal in the coming months.

An EFA press release on this subject is posted under http://www.efa.org.au/Publish/PR020628.html

To read transcripts of the relevant Australian Senate proceedings (in PDF format), click http://www.aph.gov.au/hansard/senate/dailys/ds270602.pdf


[17] Microsoft Palladium plan causes privacy worries

Microsoft's plans for a new universal software platform have generated serious concern from many observers, including a number of online rights experts.

Known as Palladium, the program is meant for use on hardware designed by the Trusted Computing Platform Alliance (an industry trade group that includes Intel). The combined scheme would create a special zone within a personal computer, where software could run and private data could be stored. The type of data that might be kept in the zone could include personal details such as credit card numbers. Information inside this zone generally would not be accessible even to other programs on the same computer, but applications that run within the zone could communicate with sources from outside the given computer, such as software manufacturers. Indeed, reports indicate that the system will constantly monitor what goes on individual machines to make sure all operations are "trustworthy."

Skeptics worry that Palladium will be used to control everything that users can do on their machines. For example, Palladium could prevent people from reading or downloading files from the Internet, playing legally purchased compact discs more than a few times, making backup copies or running non-Microsoft products. Fears that the program will be used for content regulation were further fueled when Microsoft Palladium group product manager Mario Juarez acknowledged that the project's software segment would largely be based on techniques spelled out in a patent that Microsoft recently received for a Digital Rights Management Operating System. Moreover, besides the monitoring aspects, there are also serious concerns that Palladium's central repository features will erode online privacy by denying individual users control over their personal information while making it easier for outsiders to access the same data.

The Electronic Privacy Information Center (EPIC-a GILC member) has created a special dossier on Palladium under http://www.epic.org/privacy/consumer/microsoft/palladium.html

See "Microsoft's bid for secure computing," BBC News Online, 27 June 2002 at http://news.bbc.co.uk/hi/english/scitech/newsid_2067000/2067753.stm

Read Farhad Manjoo, "Can we trust Microsoft's Palladium?" Salon.com, 11 July 2002 at http://www.salon.com/tech/feature/2002/07/11/palladium/?x


[18] Korean e-commerce privacy abuses revealed

A recent survey of Internet shopping malls by the Korean government has revealed widespread flouting of privacy protection laws.

The Ministry of Information and Communication reported that more than a third of the companies studied had failed to comply with privacy regulations and other laws. The violations included failing to notify consumers of a privacy policy, failing to indicate the children under 14 cannot make purchases without adult permission, and failing to properly monitor what was being done with the personal information of consumers once it was obtained. In many cases, that information was leaked out either by the company itself or by affiliated organizations, such as the delivery companies, to groups that used it for spam lists.

The Ministry has imposed penalties on some of the more flagrant offenders, but recognized that this would be an area requiring continued vigilance, saying, "We will continue to monitor the activities of these Internet shopping malls to ensure that the personal information of consumers are protected."

See "Internet Shopping Malls Abuse Personal Information," Korea Times, 17 June 2002 at http://www.hankooki.com/kt_tech/200206/t2002061717301945110.htm


[19] US bill would allow Hollywood computer attacks

Should copyright holders be allowed to attack users of Internet file-trading software such as Morpheus?

That is the question being posed by United States Representative Howard Berman, who intends to introduce a new bill to legalize such efforts. Although the precise language of the bill has yet to be disclosed, Berman has outlined the proposal in a speech to the Computer and Communications Industry Association. In the speech, he said that his legislation would create a "safe harbor from liability for copyright owners that use technological means to prevent the unauthorized distribution of their copyrighted works via P2P networks." The list of permissible tactics would apparently include swamping users with phony requests to prevent downloads ("interdiction"), misleading users to sites that they did not intend to visit ("redirection") and tricking users into downloading files that they did not want ("spoofing"). Current laws (including the Federal Computer Fraud and Abuse Act) may bar copyright holders from engaging in this kind of behavior.

Many experts have questioned the wisdom of the proposal. A spokesperson for StreamCast Networks, which distributes Morpheus, said that Berman "has called for a posse of copyright vigilantes." Moreover, it is unclear what effect the bill would have on Internet free speech, particularly the right to make fair use of copyrighted works for private non-commercial purposes.

A statement from Congressman Berman about the bill is available under http://www.house.gov/berman/p2p062502.html

For the latest details, read Declan McCullagh, "Hollywood heads up anti-piracy charge," CNet News, 22 July 2002 at http://news.com.com/2100-1023-945691.html

Read Robert MacMillan, "Lawmaker Tries To Foil Illegal File-Sharing," WashingtonPost.com, 25 June 2002 at http://www.washingtonpost.com/ac2/wp-dyn/A43256-2002Jun25?language=printer

See also John Borland, "Lawmaker: Let studios hack P2P nets," CNet News, 25 June 2002 at http://news.com.com/2100-1023-939333.html

Read "Piracy fight gets serious," BBC News Online, 27 June 2002 at http://news.bbc.co.uk/hi/english/sci/tech/newsid_2069000/2069747.stm

For information in German (Deutsch), read "Mit Viren und Hacks gegn Musikborsen?" Spiegel Online, 28 June 2002 at http://www.spiegel.de/netzwelt/politik/0,1518,203063,00.html


[20] New GILC member: Stop 1984

The Global Internet Liberty Campaign has added a new member: Stop 1984. This Germany-based group is dedicated to supporting "informational self determination, data protection and freedom of speech." Towards that end, it has engaged in web-based initiatives to increase public awareness of various cyberliberties issues. In one such campaign, Stop 1984 garnered over 16 000 signatures for an open letter protesting the European Union's approval of a controversial data retention directive.

For further information, visit Stop 1984's website at http://www.stop1984.org


ABOUT THE GILC NEWS ALERT:

The GILC News Alert is the newsletter of the Global Internet Liberty Campaign, an international coalition of organizations working to protect and enhance online civil liberties and human rights. Organizations are invited to join GILC by contacting us at gilc@gilc.org.

To alert members about threats to cyber liberties, please contact members from your country or send a message to the general GILC address.

To submit information about upcoming events, new activist tools and news stories, contact:

Christopher Chiu
GILC Coordinator
American Civil Liberties Union
125 Broad Street, 17th Floor
New York, New York 10004
USA

Or email:
cchiu@aclu.org

More information about GILC members and news is available at http://www.gilc.org.

You may re-print or redistribute the GILC NEWS ALERT freely.

To subscribe to the alert, please send an e-mail to
gilc-announce@gilc.org

with the following message in the body:
subscribe gilc-announce


PUBLICATION OF THIS NEWSLETTER IS MADE POSSIBLE BY A GRANT FROM THE OPEN SOCIETY INSTITUTE (OSI)