GLOBAL INTERNET LIBERTY
CAMPAIGN
NEWS
ISSUES
RESOURCES
ABOUT
GILC
GILC Alert
October 22, 2002
Welcome to the Global Internet Liberty Campaign Newsletter.
Welcome to GILC Alert, the newsletter of the Global Internet Liberty Campaign. We are an international organization of groups working for cyber-liberties, who are determined to preserve civil liberties and human rights on the Internet.
We hope you find this newsletter interesting, and we very much hope that you will avail yourselves of the action items in future issues.
If you are a part of an organization that would be interested in joining GILC, please contact us at gilc@gilc.org.
If you are aware of threats to cyber liberties that we may not know about, please contact the GILC members in your country, or contact GILC as a whole.
Please feel free to redistribute this newsletter to appropriate forums.
Free expression
[1] Greek government backs down on gaming ban
[2] New proposals to enhance digital fair use rights
[3] China arrests another Net critic
[4] Protests grow over Spanish LSSI Net speech law
[5] US bill would target foreign Net censorship
[6] Internet Archive censors anti-Scientology site
[7] Cybercafe chain faces Hollywood copyright threats
[8] US gov't renews domain system deal with ICANN
[9] UN report: African Net usage growing, but still lagsPrivacy
[10] Hollywood asks court for Verizon Internet user records
[11] Leaked memo reveals US gov't illegal email spying
[12] Flap over Norwegian Net portal tracking scheme
[13] U.S. Court hears Internet provider warrants case
[14] Amazon.com privacy policy revisions criticized
[15] Digital Angel tracking implant still in legal limbo
[16] Belgium plans national digital signature ID cards
[17] Bugbear computer virus still causing trouble
[18] US cybersecurity report released
[19] British Celldar trackers worry privacy experts
[20] Korean cell phone tracking bill poses privacy problems
[21] New campaign coming against data retention proposals[22] Upcoming Central European Cyberliberties Conference
[1] Greek government backs down on gaming ban
Greek authorities have made an apparent retreat in a heated controversy over a new law that bans the public playing of electronic games.
The law, which was approved about three months ago, had been applied to games played on computers, mobile phones and consoles in cybercafes and other public places. Although it was supposedly adopted as an anti-gambling move, the measure did not distinguish between gambling and computer games. The government then arrested nearly 50 individuals for allegedly violating the measure; the first case involved 2 people who were playing chess online. These developments generated fierce protests from many citizens who feared that the law would be used as a pretext for government repression. Indeed, more than 30 000 people signed an online petition against the legislation, and hundreds of demonstrators appeared during a court hearing for one of the arrestees, shouting "No to censorship on the Internet."
Since then, the government has issued a memorandum to police stations around the country, stating that only the playing of gambling-related games should be prosecuted under the new law. The document also mentions that the measure should cause "no problem" for "any citizen, or tourist visiting Greece, using or owning electronic or other games such as Playstation, Gameboy, XBox etc." While opponents of the legislation were pleased with this latest move, there is concern that the memorandum itself might not have the force of law, and that a court challenge may be necessary to prevent future government abuse.
For more on the petition against the Greek gaming ban, click http://www.petitiononline.com/mod_perl/signed.cgi?comp5932
See "Greece lets the games begin again," Reuters, 25 September 2002 at http://news.com.com/2102-1040-959365.html
See also "Reprieve for Greek gamers," BBC News Online, 24 September 2002 at http://news.bbc.co.uk/1/hi/technology/2279042.stm
For press coverage of this story in German (Deutsch), read "Darf man das?" Spiegel Online, 19 September 2002 at http://www.spiegel.de/netzwelt/politik/0,1518,214621,00.html
See also "Chaos in griechischen Internet-Cafes: Erlaubt oder verboten?" Heise Online, 19 September 2002 at http://www.heise.de/newsticker/data/wst-19.09.02-000/
[2] New proposals to enhance digital fair use rights
Several efforts are underway that may help protect traditional free speech rights in the digital domain.
Two recently unveiled bills would amend the much-criticized United States Digital Millennium Copyright Act (DMCA). One plan, sponsored by U.S. Representative Rick Boucher, would permit users to circumvent copy protection schemes "if such circumvention does not result in an infringement of the copyright" in a given work, which would ostensibly include making use of the work for research, public commentary, and educational or other salutary purposes. The bill would also allow the manufacture, distribution and "noninfringing use" of hardware or software "capable of enabling significant noninfringing use of a copyright work"-a provision that might apply to such items as music sharing software and optical disc burners. The proposal would also require special labeling for copy-protected CDs.
The other bill, submitted by fellow Rep. Zoe Lofgren, would permit users to circumvent copy protection schemes "if ... necessary to make a non-infringing use" when the copyright owner "fails to make publicly available the necessary means to perform such non-infringing use without additional cost or burden" to the user. Lofgren's proposal would also permit people who lawfully obtain or receive digital works (which presumably includes compact discs and Internet streaming broadcasts) "to reproduce, store, adapt or access" such works (1) for archival purposes, so long as illegal copies are destroyed or "rendered permanently inaccessible," and (2) to be able to enjoy the work on a "preferred digital media device," so long as the "performance or display is not public." Additionally, the bill would explicitly extend the "first sale doctrine" to cover digital works; this doctrine essentially allows lawfully purchased copyrighted items (such as books) to be resold or traded without having to get copyright holder's permission.
These plans have been warmly received by many cyberlibertarians, who have excoriated the DMCA for its negative impact on free expression. In a statement, the Electronic Frontier Foundation (EFF-a GILC member) noted: "Since the DMCA's passage in 1998, it has been used not against copyright pirates, but instead to chill the legitimate activities of scientists, journalists, and computer programmers. Rep. Boucher's bill will go a long way toward restoring in the digital world the traditional balance between the rights of the public and those of copyright owners." EFF also welcomed "Rep. Lofgren's bill as an important step toward creating a fair and balanced copyright law for the digital age."
Meanwhile, in an unusual move, the U.S. Copyright Office is asking for suggestions about possible new exceptions to the DMCA. EFF's Fred von Lohmann explained that though the Copyright Office's announcement came with little fanfare, it nevertheless constitutes an important opportunity to curb the DMCA's excesses: "We're already planning to submit comments and organize comments by others. We're hoping that by the time the December deadline rolls around, a lot more people will be aware of this." The deadline for public comments is 18 December 2002.
The text of the Boucher bill (in PDF format) is available under http://www.house.gov/boucher/docs/BOUCHE_025.pdf
Further details about the Boucher bill are posted at http://www.house.gov/boucher/internet.htm
The text of the Lofgren bill is available under http://www.house.gov/lofgren/press/107press/021002_act.htm
For more background information on the Lofgren bill, click http://www.house.gov/lofgren/press/107press/021002_sections.htm
To read an EFF press release regarding these proposals, click http://www.eff.org/IP/DMCA/20021003_eff_pr.html
For more on the DMCA's effect on computer research, read John Lettice, "If I tell you that I'll have to kill you: Red Hat fights the DMCA," The Register (UK), 16 October 2002 at http://www.theregister.co.uk/content/4/27636.html
Read "Bills Would Bolster the Right to Copy," Washington Post, 4 October 2002, page E5, at http://www.washingtonpost.com/wp-dyn/articles/A41031-2002Oct3.html
For coverage in German (Deutsch), read "US-Abgeordnete fordert Recht auf private Kopie digitaler Medien," Heise Online, 2 October 2002 at http://www.heise.de/newsticker/data/anw-02.10.02-002/
The U.S. Copyright Office announcement is available (in PDF format) under http://www.copyright.gov/1201/fr2002-4.pdf
See "Anti-hacking copyright law to get review," CNet News, 11 October 2002 at http://news.com.com/2102-1023-961783.html
[3] China arrests another Net critic
Chinese government agents have arrested another author for his Internet writings.
Chen Shaowen allegedly published 40 articles that were published on several foreign Web sites. His activities raised the eyebrows of Chinese authorities, who eventually arrested him for "using the Internet to subvert state power." State-run media accused him of "repeatedly browsing reactionary websites, ... fabricating, distorting and exaggerating relevant facts, and vilifying the Chinese Communist Party and the socialist system." There is no word yet as to whether Chen has formally been charged.
The arrest was met with protests from free speech advocates. The Committee to Protect Journalists (CPJ-a GILC member) issued a strongly worded letter condemning the Chinese "government's routine use of subversion charges to suppress online speech. Chen Shaowen has done nothing more than peacefully express an independent viewpoint, a right that is protected under China's constitution as well as the International Covenant on Civil and Political Rights, which China has signed. We call for Chen's immediate and unconditional release."
Meanwhile, reports indicate that China has taken several other moves to restrict the flow of information via the Internet. Chinese authorities have purportedly begun using new technology involves the use of "packet sniffers" that can detect keywords in transmissions that pass through the Information Superhighway. Once detected, not only can the information itself be blocked, but the recipient's computer crashes, forcing the user to shutdown or reboot. Chinese officials have also banned minors from entering cybercafes and barred the building of such establishments near schools.
The CPJ letter about Chen Shaowen is posted at http://www.cpj.org/protests/02ltrs/China24sept02pl.html
Read "China arrests Web writer for subversion," Reuters, 25 September 2002 at http://news.com.com/2102-1023-959409.html
For coverage in German (Deutsch), read "Haftgrund Internet," Spiegel Online, 25 September 2002 at http://www.spiegel.de/netzwelt/politik/0,1518,215538,00.html
For more on China's rumored new sniffer-based censorship system, read Geoffrey York, "China stifling dissent on Internet," The Globe and Mail, 5 October 2002, page A14 at http://www.theglobeandmail.com/servlet/ArticleNews/PEstory/TGAM/20021005/UCHINMM/
International/international/international_temp/3/3/32/More information is available from the Human Rights in China website under http://iso.hrichina.org/iso/news_item.adp?news_id=982
Read "China passes tough new regulations on Internet access and cafes," China News Digest, 13 October 2002 at http://cnd-f.cnd.org/Global/02/10/13/021013-2.html
See "China bans minors from Net cafes," Reuters, 11 October 2002 at http://news.com.com/2102-1023-961734.html
[4] Protests grow over Spanish LSSI Net speech law
A new Spanish law is continuing to draw fierce criticism over its impact on free speech over the Internet.
Spanish government officials have signaled their intention to use LSSI (short for La Ley de Servicios de la Sociedad de la Informacion y de Comercio electronico) to control online content. Towards that end, the measure, among other things, requires webmasters to publish personal information about themselves through their webpages. Violators may be forced to pay EUR 600 000 in fines. In addition, the bill includes provisions allowing customer data to be retained for up to 1 year, which government agents may access with the consent of a judge. Objections from cyber-rights activists led the government to alter language contained in a previous LSSI draft that permitted government "administrative authorities" to shut down websites-a power that, in the past, had required court approval.
Although the final version leaves the power to close Internet sites in the hands of judges, many experts believe that the law still poses a serious threat to freedom of expression online. Jose Manuel Gomez of Kriptopolis (a GILC member) warned that LSSI clearly was "passed for controlling web contents and to force editors to self-censure. As a protest we've closed our own site (about 500,000 visits per month until then) from October 1. The Law became effective on October 12 and from that very moment many Web sites have *spontaneously* decided to go off-line to support the closedown, to protest against the law or simply because of fears of the way that inquisitorial new law will be applied in Spain from now on." The list of organizations that have closed down their sites now stands at over 200, and several other groups (including fellow GILC member Stop 1984) have expressed their solidarity against LSSI. Meanwhile, there is a campaign underway to have the law examined by the Spanish Constitutional Council.
For more on Kriptopolis' anti-LSSI campaign, click http://www.kriptopolis.com/
To read the text of the LSSI law, click http://www.lssice.com/legislacion/lssice.html
A special dossier on this subject (created by the Madrid newspaper El Pais) is available under http://www.elpais.es/temas/dossieres/lssice/index.html
Read John Leyden, "Web sites blackout over Spanish monitoring law," The Register (UK), 14 October 2002 at http://www.theregister.co.uk/content/6/27589.html
For further information in German (Deutsch), see Ralf Streck, "Umstrittenes spanisches Internetgesetz in Kraft," Heise Telepolis, 14 October 2002 at http://www.heise.de/tp/deutsch/inhalt/te/13416/1.html
[5] US bill would target foreign Net censorship
Technical measures to route around various national Internet censorship schemes might soon get a boost.
United States Representatives Chris Cox and Tom Lantos have introduced a bill to would create an Office of Global Internet Freedom. The Director of this entity would "develop and implement a comprehensive global strategy to combat state-sponsored and state-directed Internet jamming, and persecution of those who use the Internet." The new body would also compile annual reports on this subject, including a list of "countries that pursue policies of Internet censorship, blocking and other abuses; provide information concerning the government agencies or quasi-governmental organizations that implement Internet censorship, and describe with the greatest particularity practicable the technological means by which such blocking and other abuses are accomplished." The yearly budget for this Office is pegged at US $50 million for 2 years.
A number of experts hope that the bill, if passed, will improve the ability of people worldwide to speak freely online. Cory Doctorow at the Electronic Frontier Foundation (EFF-a GILC member) explained that the bill "isn't about imposing one country's ideology on another, but rather about letting people freely choose which ideologies, ideas and people to be exposed to and making up their own mind about what's right. Rather than broadcasting any nation's message, this is allowing people to receive any message they choose to receive."
The text of the bill (in PDF format) is available under http://policy.house.gov/assets/ACF876.pdf
Read Mitch Wagner, "Fighting Net Censorship Abroad," Wired News, 3 October 2002 at http://www.wired.com/news/print/0,1294,55530,00.html
[6] Internet Archive censors anti-Scientology site
For the second time this year, legal threats have led an organization to remove links to a website that protests a controversial religious sect.
The Internet Archive is an initiative to build "a digital library of Internet sites and other cultural artifacts in digital form." Until recently, the Archive included webpages from Xenu.net, which contains material that criticizes the Church of Scientology. A lawyer representing the Scientologists sent a letter to the Archive with a curious claim. Although the text of the letter itself has not been disclosed to the public, according an Archive spokesperson, the Church of Scientology "asserted ownership of" the Xenu-related webpages stored by the Archive, despite the fact that all of the pages were actually created by the proprietor of Xenu.net, Andreas Heldal-Lund. The Archive subsequently barred access to the contested pages; Archive visitors who wished to see the Xenu.net material received error messages saying that the requested information was "not available."
The incident came several months after a lawyer representing the Scientologists sent a letter to Internet portal company Google claiming that Xenu.net's activities violated the United States Digital Millennium Copyright Act (DMCA) and demanding that the search engine remove any links to the site. Google initially deleted links to numerous Xenu-related webpages, but later restored some Xenu.net listings within a few days. This apparent attempt to silence online criticism through claims of copyright infringement had generated strong concern from many free speech experts.
The Internet Archive home page is located at http://archive.org
Read Lisa M. Bowman, "Net archive silences Scientology critic," CNet News, at http://news.com.com/2102-1023-959236.html
For further information in German (Deutsch), read "Internet-Archiv blockiert Scientology-Kritiker," Heise Online, 25 September 2002 at http://www.heise.de/newsticker/data/wst-25.09.02-001/
[7] Cybercafe chain faces Hollywood copyright threats
A global business mogul has lashed out at the recording industry as one of his businesses is locked in a battle over alleged copyright violations.
Stelios Haji-Iannou is the architect of the EasyGroup business empire, which includes the European airline EasyJet and the EasyInternet Café chain. Several music companies, including Sony Music and the British Phonographic Industry (which represents Universal, Virgin and EMI) have sued EasyGroup, claiming that that it should be liable for music that allegedly has been downloaded illegally by EasyInternet Café customers. Sony went so far as to ask the court for a "gag order" to prevent public discussion of the dispute-a request that was denied.
Haji-Iannou blasted the lawsuit, calling it "crazy," and complained about the entertainment industry's harsh treatment of the Internet community: "The record companies are criminalising ordinary users. What we're saying is that they have to give people a way to getting music without breaking the law. They are more interested in protecting their profit margins. ... They don't understand that their model of doing business can't survive. They are going to be squeezed out if they don't adapt."
Indeed, a number of entertainment company leaders are now starting focus more of their energies on improved music download systems rather than legal threats. Towards that end, OD2, a digital music company founded by singing legend Peter Gabriel, sponsored a special Digital Download Day where Internet users could legally sample and download songs for free. The promotional event, which received support from several major music labels including EMI, BMG and Warner Music, proved extremely popular, as some 15 000 users visited DigitalDownloadDay.com every hour and the website's servers struggled to cope with the strain.
For more on the EasyInternet Café case, read Richard Adams, "Digital piracy spat goes to court," The Guardian, 27 September 2002 at http://www.guardian.co.uk/internetnews/story/0,7369,800002,00.html
See Graeme Wearden, "EasyInternetCafe faces gag in CD-burning row," ZDNet UK, 19 September 2002 at http://news.zdnet.co.uk/cgi-bin/uk/printerfriendly.cgi?id=2122548&tid=269
For more on Digital Download Day, read Owen Gibson, "Let the music download," The Guardian, 7 October 2002 at http://www.guardian.co.uk/internetnews/story/0,7369,806002,00.html
See "Free download day a hit with fans," Reuters, 3 October 2002 at http://news.com.com/2102-1023-960650.html
See also "Fans 'swamp' download offer," BBC News Online, 3 October 2002 at http://news.bbc.co.uk/1/hi/entertainment/music/2296535.stm
For press coverage in German (Deutsch), read "'Digital Download Day': Zeit fur Zuckerbrot," Spiegel Online, 2 October 2002 at http://www.spiegel.de/netzwelt/netzkultur/0,1518,216584,00.html
[8] US gov't renews domain system deal with ICANN
Despite calls to the contrary, the United States government has agreed to let a controversial organization run the Internet domain name system for another year.
The U.S. Commerce Department has renewed and revised its Memorandum of Understanding (MoU) with the Internet Corporation for Assigned Names and Numbers (ICANN). The agreement, which was scheduled to expire last month, will now last until 30 September 2003. The decision came despite concern from many observers over ICANN's apparently undemocratic ways. A number of public interest groups either had called for tougher standards to be inserted into the MoU or for the Commerce Department to open up a bidding process that might allow other organizations to take over ICANN's job. Ironically, in announcing the deal, U.S. assistant commerce secretary Nancy Victory admitted that her department "is frankly disappointed that ICANN's progress on the MoU tasks thus far has moved so slowly."
Indeed, soon after the renewal of the MoU, an ICANN committee proposed new bylaws that would radically change the way the organization deals with the general public. For example, ICANN would no longer hold direct public elections for Board seats, but instead would have an official Nominating Committee and several Supporting Organizations each select Directors. The Bylaws would also essentially allow ICANN's Board to keep its discussions and decisions secret when they relate to "personnel or employment matters, legal matters (to the extent the Board determines it is necessary or appropriate to protect the interests of ICANN), matters that ICANN is prohibited by law or contract from disclosing publicly, and other matters that the Board determines, by a three-quarters (3/4) vote of Directors present at the meeting and voting, are not appropriate for public distribution." In addition, ICANN would appoint an "international arbitration provider" to handle requests for independent review of ICANN decisions; parties that make such requests but do not win risk having to pay "all costs of the IRP Provider" as well as their own expenses.
ICANN is expected to discuss these changes during meetings in Shanghai at the end of this month. Also on the conference agenda are negotiations to transfer control of the .org top-level domain to the Internet Society, and implementation of internationalized domain names.
The revised MoU is posted under http://www.icann.org/general/amend5-jpamou-19sep02.htm
A U.S. government press release regarding the revised MoU is available at http://www.ntia.doc.gov/ntiahome/press/2002/icann_09192002.htm
To read proposed new bylaws for ICANN, click http://www.icann.org/committees/evol-reform/proposed-bylaws-02oct02.htm
An ICANN press release on its .org decision is posted at http://www.icann.org/announcements/announcement-14oct02.htm
Read "Non-profit net name gets new owner," BBC News Online, 15 October 2002 at http://news.bbc.co.uk/1/hi/technology/2329199.stm
See Robert MacMillan, "Internet Society Picked As Manager of '.org'," Washington Post, 15 October 2002, page E5 at http://www.washingtonpost.com/wp-dyn/articles/A25445-2002Oct14.html
For more information on the upcoming ICANN conference in Shanghai, click http://www.icann.org/shanghai/
[9] UN report: African Net usage growing, but still lags
We have come far, but we still have so far to go.
That is essentially the message presented by a new report from the United Nations Information and Communications Technologies Task Force regarding African Internet usage. Among other things, the report indicates that more Africans are online than ever before. The study cites statistics showing that, during the last 18 months, the number of Internet dial-up connections in Africa has increased by 20 percent, while the rate of growth in Internet connections through corporate or shared networks is still higher. Meanwhile, the number of mobile phones activated during the last 5 years has exceeded the number of landlines installed over the past 100 years.
However, the extent of Internet connectivity in Africa varies greatly from region to region, and generally falls far short of the levels seen on other continents. In many areas of Africa, approximately 1 in 250 people use the Internet; by comparison, nearly half the populations of both North America and in Europe are online. U.N. Secretary-General Kofi Annan stressed the importance of efforts to bridge this Digital Divide: "It is not, of course, a magic formula that is going to solve all the problems. But it is a powerful tool for economic growth and poverty eradication, which can facilitate the integration of African countries into the global economy."
Read "Internet, Mobile Phones Taking Off in Africa-UN," This Day (Nigeria), 3 October 2002 at http://allafrica.com/stories/200210030347.html
See "Africans embrace mobiles and the net," BBC News Online, 2 October 2002 at http://news.bbc.co.uk/1/hi/technology/2290486.stm
[10] Hollywood asks court for Verizon Internet user records
A United States court has heard oral arguments as to whether a major Internet service provider (ISP) must divulge personal information about one of its customers to several entertainment conglomerates.
The Recording Industry Association of America (RIAA) has requested data concerning a customer of telecom giant Verizon. The RIAA claims that the individual in question had engaged in copyright infringement through Internet peer-to-peer music file trading. The Association has argued that the U.S. Digital Millennium Copyright Act (DMCA) allows it to gather such information without having to file a lawsuit first. More specifically, the RIAA has cited a portion of the DMCA which says that copyright owners can request a U.S. Federal court to subpoena "information sufficient to identify the alleged infringer" from a "service provider."
Several cyberliberties groups, including GILC members Computer Professionals for Social Responsibility, the Electronic Frontier Foundation and the Electronic Privacy Information Center, filed a friend-of-the-court brief asking the court to reject the RIAA's request, claiming that it will undermine individual privacy online and chill anonymous free speech. Telecom companies are also concerned about the potential liability and costs they could face should such requests be permitted under the law; Eric Holder, who represents Verizon, explained: "We don't want to be the policeman in this process."
During the hearing, presiding judge John Bates gave few clear indications as to which way he would rule. Although Bates complained that the "statute is not organized as being consistent with the argument for either side," he discounted record industry claims of illegal activity and necessity: "Here, there's only an allegation of infringement." A formal ruling is expected shortly.
See "Online Music Piracy: Naming Names," Associated Press, 4 October 2002 at http://www.cbsnews.com/stories/2002/10/03/tech/main524304.shtml
Read Declan McCullagh, "Verizon, RIAA in copyright showdown," CNet News, 4 October 2002 at http://news.com.com/2102-1023-960838.html
For coverage in German (Deutsch), read "Musikindustrie lasst gegen Verizon nicht locker," Heise Online, 7 October 2002 at http://www.heise.de/newsticker/data/anw-07.10.02-001/
The aforementioned amicus brief is available via http://www.eff.org/Cases/RIAA_v_Verizon/20020830_eff_amicus.html
[11] Leaked memo reveals US gov't illegal email spying
Can law enforcement agents be trusted to protect the privacy of innocent citizens?
That is the question that is being posed in the wake of a newly declassified United States government memorandum. The memo, which was sent to all field offices of the U.S. Federal Bureau of Investigation (FBI), discloses several incidents attributed to "difficulties in ... management of electronic surveillances and physical searches" authorized under the Foreign Intelligence Surveillance Act (FISA). In one such case, due to alleged mistakes in renewing a given search warrant, an FBI field office illegally intercepted email messages "even though there was no authorization" to do so under the relevant warrant. In another instance, FBI agents captured and listened to the mobile phone conversations of an innocent person, without realizing that the suspect had relinquished the account and that the phone company had transferred the targeted phone number to another person. The memo also admits that other violations such as "unauthorized searches, incorrect addresses, and incorrect interpretations" of warrants had occurred recently.
These revelations have generated anger among civil rights advocates and a number of politicians. U.S. Congressman William Delahunt said that even if these privacy violations were unintentional, they demonstrated "an incredible level of incompetence." Similarly, U.S. Senator Patrick Leahy warned that "the extent, variety and seriousness of the violations recounted in this FBI memo show again that the secret FISA process breeds sloppiness unless there's adequate oversight."
The memo (in PDF format) is available under http://www.fas.org/irp/agency/doj/fisa/ec.pdf
Read Dan Eggen, "FBI Misused Secret Wiretaps, According to Memo," Washington Post, 10 October 2002 at http://online.securityfocus.com/news/1105
For further information on FISA issues, visit the Electronic Privacy Information Center (EPIC-a GILC member) website under http://www.epic.org/privacy/terrorism/fisa/default.html
[12] Flap over Norwegian Net portal tracking scheme
Privacy experts remain concerned over the way two Internet portals collect and handle user personal information.
Previously, consumer watchdogs Public Information Research had filed a formal complaint with the Norwegian government against Fast Search and AlltheWeb.com. According to the complaint, the two companies had used tiny image files, known as "webbugs", to track site visitors. More specifically, these webbugs were located at the bottom of the webpages, and allegedly allowed users to be identified by their Internet protocol numbers and search queries. Additionally, users who stayed long enough on the sites would receive text files or "cookies" from Internet advertising giant DoubleClick, which could also be used for tracking purposes. PIR argued that this practice "is especially serious because this information is transmitted quietly to DoubleClick with every search results page, whether or not the searcher ever clicks on any ad served by DoubleClick. In other words, it appears that DoubleClick is building up their profiling capacity at a rate of 2 million queries per day, many of which will end up with unique ID numbers from their cookie." Neither company had posted a privacy policy delineating these alleged practices.
Not long afterwards, both firms published privacy statements on their websites that mentioned, among other things, their relationships with DoubleClick and their search query tracking systems. However, a spokesperson for PIR expressed less-than-total satisfaction with the companies' latest moves, and noted that, for instance, the firms were continuing to collect personal data about visitors using webbugs. "The only way to disable this Web bug is to use a browser that allows you to block third-party images. There aren't many browsers that can do this, and setting this option can hamper surfing. Still, this is a big improvement over no privacy policy at all, because it at least acknowledges that there are possible issues, even though it dismisses them too quickly."
Read Stefanie Olsen, "Search firm caves in to privacy pressure," CNet News, 2 October 2002 at http://news.com.com/2102-1023-960509.html
See also Stefanie Olsen, "Search firm takes heat for sharing data," CNet News, 20 September 2002 at http://news.com.com/2102-1023-958813.html
[13] U.S. Court hears Internet provider warrants case
When the government goes to an Internet service provider (ISP) to search a customer's email account, should a police officer be present?
A United States Federal appeals court may soon provide an answer to this question. The case centers on a police-initiated search of a Yahoo email account, where the relevant law enforcement agents did not actually go to the provider's premises, but faxed a search warrant to the company from several thousands of kilometers away. Despite this absence of police, the Yahoo technicians performed the search on the government's behalf. At trial, the presiding judge held that, since the police failed to physically appear at Yahoo's offices at the time of the warrant was served, the search was illegal.
The case has drawn the attention of many privacy experts. The Electronic Privacy Information Center (EPIC-a GILC member) filed a friend of the court brief, arguing that a police officer must "be physically present when a search warrant is served." The group based its arguments on numerous precedents indicating that that "[f]ormal procedures-including the requirement of an officer's presence at the service of a search warrant-have been in place since the 1700s to safeguard individuals from unwarranted intrusion upon their privacy by government officials, and to discourage governmental abuse of power by ensuring guarantees of trustworthiness and accountability." Moreover, EPIC charged that this procedural safeguard was "particularly important as emerging technological innovations pose new challenges to personal privacy. ... [T]he characteristics of the Internet do not negate the requirement of an officer's presence for the service of a warrant."
EPIC's friend-of-the-court brief in this case is available (in PDF format) at http://www.epic.org/privacy/bach/brief.pdf
Background material on the case is posted under http://www.epic.org/privacy/bach/
Further information (including an audio recording of the oral arguments) is available via http://www.ca8.uscourts.gov/tmp/021238.html
[14] Amazon.com privacy policy revisions criticized
A leading online bookseller continues to receive negative reviews over the way it handles customer information.
Nearly two years ago, Amazon.com added language to privacy policy saying that it would treat sensitive "customer information" as merely "business assets" that could be bought or sold as the company continued to develop its business, in contrast to prior statements that it would never buy or sell customer data. In addition, the company removed a past feature of its website, which allowed consumers to completely opt out of these types of information transfers (by sending e-mail to never@amazon.com). Instead, the company allowed users limited access to their files, apparently without allowing them to fully opt-out. In response, the Electronic Privacy Information Center (EPIC-a GILC member) and another privacy advocacy group, Junkbusters, filed a complaint with the United States Federal Trade Commission (FTC), arguing that Amazon's apparent weakening of its privacy policies constituted a deceptive trade practice. The FTC decided not to take action against the company, but numerous state regulators took up the charge.
In an agreement with those state regulators, Amazon recently announced additional changes to its privacy policies. For example, the company added new language saying that while it may transfer customer information as part of a sale or purchase of one of its "stores, subsidiaries or business units," such records will be "subject to the promises made in any pre-existing Privacy Notice." However, Amazon's latest privacy rule revisions have failed to assuage its critics. In a letter, EPIC and Junkbusters asked various consumer protection officials to take "further action" because "Amazon's policy and practices are still an ongoing threat to the privacy and intellectual freedom of millions of consumers in the United States." The authors of the letter called the new language regarding sale of businesses "plainly hypocrisy," especially since "Amazon promised never to sell customer information; now it is saying that it may do so, recently adding the 'clarification' that the buyer will be subject to the same promises that it originally made, and then abrogated."
Meanwhile, new data indicates many U.S. consumers remain worried about their privacy online. A recent study suggests that only 22 percent of Americans think online purchasing data transactions are safe, while only 31 percent of consumers who do financial transactions via the Internet believe their personal information is secure.
To read the aforementioned EPIC and Junkbusters letter, click http://www.epic.org/privacy/amazon/amazonltr10.8.02.html
Read Troy Wolverton, "Privacy groups target Amazon again," 8 October 2002 at http://news.com.com/2102-1017-961136.html
See "Online Angst," CBS Marketwatch.com, 16 October 2002 at http://www.cbsnews.com/stories/2002/10/16/tech/printable525796.shtml
[15] Verichip tracking implant still in legal limbo
The use of a controversial tracking device designed to be implanted under a person's skin remains on hold, pending the results of a United States government probe.
Verichip can carry individualized data (such as a person's name, current condition, medical records and unique identification number) and is designed to be imbedded under a person's skin. When a special external scanner is pointed at a Verichip, "a number is displayed by the scanner" and the stored information is transmitted "via telephone or Internet." Verichip's maker, Applied Digital Systems (ADS), is marketing its product for such purposes as "identification, various law enforcement and defense uses and search and rescue." Company officials are now working to include Global Positioning System (GPS) technology to allow Verichip recipients to be tracked via the Information Superhighway.
Besides arousing strong concern from privacy advocates, these developments have drawn the ire of the U.S. Food and Drug Administration (FDA), which started investigating ADS several months ago. Wally Pellerite from the FDA's Office of Compliance complained that the information ADS was "releasing in press releases and on television shows contradicted the information they gave" to his organization. He also warned that Verichip "is a technological advance that we haven't really looked at before, and it may have inherent risks." A formal FDA decision may come by the end of the year.
Read Julia Scheeres, "No Cyborg Nation Without FDA's OK," Wired News, 8 October 2002 at http://www.wired.com/news/print/0,1294,55626,00.html
[16] Belgium plans national digital signature ID card
Plans by the government of Belgium to roll-out new complex ID cards are already generating serious criticism over their potential privacy implications.
Under the plan, every Belgian citizen would have to get an identification card with their names, photographs and 2 digital certificates. One certificate would be used for authentication, while the other would be used as a signature. The signature file would ostensibly be required when conducting transactions with banks or the government, including the payment of taxes. Children would receive special forms of the cards with most of the features contained in the adult version, except for the signature function.
Many experts fear that the plan will have a strongly negative impact on human rights in cyberspace. Simon Davies of Privacy International (a GILC member) pointed out that it "is an ancient privacy principle that integration of data damages the integrity and rights of users. Your e-commerce identity should not be linked with day-to-day authentication. There are issues with data linkage as well as the possibility of massive technological failure."
See "Belgium plans digital ID cards," BBC News Online, 4 October 2002 at http://news.bbc.co.uk/1/hi/technology/2295433.stm
[17] US cybersecurity report released
A much-anticipated draft report from the United States government about security in cyberspace has finally been released.
Among other things, the study suggests that "each user of cyberspace must play a role in protecting it," and that the U.S. government "alone cannot secure cyberspace. ... The Federal government should not intrude into homes and small businesses, into universities, or local agencies and departments to create secure computer networks." Instead, the report recommends such measures as "making it easier for home users and small businesses to keep current with anti-virus software, software patches and firewalls," as well as "encouraging and helping facilitate the installation and use of firewalls on all broadband Internet connections." Similarly, the report encourages "Internet service providers, antivirus software companies, and operating system/application software developers" to consider joint efforts to make it easier for the home user and small business to obtain security software and updates automatically and in a timely manner."
The report (in PDF format) is posted under http://www.whitehouse.gov/pcipb/cyberstrategy-draft.pdf
Public comments on this report may be submitted (no later than 18 November 2002) to feedback@cybersecurity.gov
Read Carrie Kirby, "Cybersecurity plan unveiled/Panel's strategies on hacking, viruses had Silicon Valley input," San Francisco Chronicle, 19 September 2002, page B3 at http://sfgate.com/cgi-bin/article.cgi?f=/c/a/2002/09/19/BU151260.DTL
See Brian Krebs, "Cybersecurity Draft Plan Soft on Business, Observers Say," WashingtonPost.com, 19 September 2002 at http://www.washingtonpost.com/wp-dyn/articles/A35812-2002Sep18.html
See also "Cyber Security Report Spreads Burden," CBS News Online, 18 September 2002 at http://www.cbsnews.com/stories/2002/09/17/tech/printable522287.shtml
For coverage in German (Deutsch), read "Vorschlage fur eine US-Strategie zur besseren Cyber-Sicherheit," Heise Online, 19 September 2002 at http://www.heise.de/newsticker/data/anw-18.09.02-008/
[18] Bugbear computer worm still causing trouble
A new computer malady has led to renewed concern over the security of personal computers.
Known as Bugbear, the worm does not require users to open an attachment to infect a given computer, and disguises itself by choosing among several possible subject headers as well as sender addresses drawn from the victim's email address book. Once inside a machine, Bugbear apparently logs keystrokes typed on the infected computer (including passwords and credit card data) and sends the information to nearly a dozen recipients. The virus also creates a "backdoor" allowing outside attackers to gain control over the machine, while forcing the computer to initiate innumerable print jobs.
Bugbear is just one of many computer pests that have exploited weaknesses in Microsoft's popular Outlook email program. The software giant's security failings have been savaged by privacy experts for years.
See "Bugbear virus still rampant," BBC News Online, 8 October 2002 at http://news.bbc.co.uk/1/hi/technology/2309105.stm
Read Burhan Wazir, "Bugbear email steals card data," The Observer, 6 October 2002 at http://www.guardian.co.uk/internetnews/story/0,7369,805556,00.html
For video and text coverage, see "Bugbear e-mail virus causing havoc," BBC News, 4 October 2002 at http://news.bbc.co.uk/1/hi/technology/2298913.stm
For coverage in German (Deutsch), read "Viren-Alarm: 'Bugbear' geistert immer noch herum," Spiegel Online, 7 October 2002 at http://www.spiegel.de/netzwelt/technologie/0,1518,217205,00.html
[19] British Celldar trackers worry privacy experts
British government plans to use cellular phone masts to track people and vehicles have causing trepidation among privacy advocates.
Titled "Celldar", the system uses the reflections of electromagnetic waves given off by mobile phone transmitters. It was previously thought the intensity of these reflections was too low to allow precise imaging. However, researchers have reportedly developed receivers sensitive enough to detect these electromagnetic echoes so as to permit tracking of moving objects, including people; reflections from stationary objects (such as trees) would be treated as background "noise" and filtered out. Government agents are not only looking to put the Celldar into use as quickly as possible, but they are apparently looking to enhance its abilities so that the devices can detect activity behind walls and inside private homes.
Although the efficacy of this system is still in doubt, its potential privacy implications and the government's energy in implementing Celldar have alarmed a number of experts. Simon Davies of Privacy International (a GILC member) labeled the entire scheme "an appalling idea. The Government is just capitalizing on current public fears over security to introduce new systems that are neither desirable nor necessary."
Read Jason Burke and Peter Warren, "How mobile phones let spies see our every move, The Observer, 13 October 2002 at http://www.guardian.co.uk/mobile/article/0,2763,811034,00.html
[20] Korean cell phone tracking bill poses privacy problems
The Korean government plan may make it easier to track the geographic locations of mobile phone users.
The Korean Ministry of Information and Communication (MIC) plans to introduce a bill that will require electronics manufacturers to install Global Positioning System(GPS)-enabled chips in all mobile phones. According to a spokesperson, the Ministry hopes to implement this plan by the third-quarter of 2003, and will not only allow precise pinpointing of users, but will provide "other special information." Several local companies, including SK Telecom and KTF, have already rolled out broadly similar systems using ground-based technology (as opposed to GPS, which is satellite-based).
However, there are already fears over whether the location information from this scheme will be protected. While MIC has stated it will ban the sharing of personal data with third parties, the Ministry left a number of loopholes, most notably for law enforcement agents. Thus, the bill leaves open the possibility that the system will be used for wholesale police surveillance.
Read Kim Deok-hyun, "MIC to Draft Bill for Location-Based Service," Korea Times, 17 October 2002 at http://www.hankooki.com/kt_tech/200210/t2002101719061345110.htm
[21] New campaign coming against data retention proposals
Stop1984 (a GILC member) will soon launch a new campaign to raise public awareness about proposals for telecom companies to retain data about their customers for law enforcement purposes. As part of this effort, the group is in the process of creating a special webpage to collect and coordinate anti-data retention materials provided by numerous non-governmental organizations. Stop1984 is also planning to produce post cards expressing opposition to such proposals, as well as provide background information on this subject in several languages (notably French, German, Spanish and English).
For further information (including details on how to join this campaign), email twister@stop1984.com
[22] Upcoming Central European Cyberliberties Conference
The first Central European Cyber Liberties Conference (CECLC) will be held in Vienna, Austria on 25 October 2002. The event will focus on the erosion of civil liberties online over the past year or so, including the rise in data retention proposals throughout Europe. The conference will include technical presentations as well as social events for civil rights advocates to meet with Internet activists from across the continent. In the evening the 2002 Austrian Big Brother Awards ceremony will be held to spotlight the country's greatest threats to individual privacy. Attendance for all events is free of charge. CECLC is being organized by GILC members quintessenz and VIBE!AT, with support from the Open Society Institute.
The official CECLC homepage is located at http://ceclc.quintessenz.org
For more information on the Austrian Big Brother Awards, click http://bigbrotherawards.at
ABOUT THE GILC NEWS ALERT:
The GILC News Alert is the newsletter of the Global Internet Liberty Campaign, an international coalition of organizations working to protect and enhance online civil liberties and human rights. Organizations are invited to join GILC by contacting us at gilc@gilc.org.
To alert members about threats to cyber liberties, please contact members from your country or send a message to the general GILC address.
To submit information about upcoming events, new activist tools and news stories, contact:
Christopher Chiu
GILC Coordinator
American Civil Liberties Union
125 Broad Street, 17th Floor
New York, New York 10004
USAOr email:
cchiu@aclu.orgMore information about GILC members and news is available at http://www.gilc.org.
You may re-print or redistribute the GILC NEWS ALERT freely.
To subscribe to the alert, please send an e-mail to
gilc-announce@gilc.orgwith the following message in the body:
subscribe gilc-announce
PUBLICATION OF THIS NEWSLETTER IS MADE POSSIBLE BY A GRANT FROM THE OPEN SOCIETY INSTITUTE (OSI)