From: Christopher Chiu [mailto:[log in to unmask]] 
Sent: Monday, September 11, 2000 3:05 PM
To: GILC announce
Subject: GILC Alert


GILC Alert
Volume 4, Issue 8
September 11, 2000

Welcome to the Global Internet Liberty Campaign Newsletter.

Welcome to GILC Alert, the newsletter of the Global Internet Liberty
Campaign. We are an international organization of groups working for
cyber-liberties, who are determined to preserve civil liberties and human
rights on the Internet.
We hope you find this newsletter interesting, and we very much hope that you
will avail yourselves of the action items in future issues.
If you are a part of an organization that would be interested in joining
GILC, please contact us at <[log in to unmask]>.
If you are aware of threats to cyber-liberties that we may not know about,
please contact the GILC members in your country, or contact GILC as a whole.
Please feel free to redistribute this newsletter to appropriate forums.

===============================================
Free Expression
[1] Mainland China "kills" online dissent
[2] DVD ruling endangers free speech
[3] ICANN elections controversy
[4] Online protests of new Korean censorship plan
[5] Domain name decisions spark debate
[6] US mega-blocking bill introduced
[7] Ticketmaster ruling spares weblinks for now
[8] New Russian anonymous email service
[9] Women outnumber men online in US
[10] Singaporean "courtesy" censorship rules
[11] Press companies sue over net cellular content

Privacy and Encryption
[12] US Gov't mum on Carnivore spyware
[13] UK plans corporate and government net tapping
[14] US CALEA ruling mixed on privacy
[15] New Indian surveillance scheme
[16] Japanese net tapping law in effect
[17] TrustE tracked visitors
[18] Survey: Americans worried about privacy
[19] New Spector software spies on users
[20] For sale: student email addresses
[21] Drug websites track users
[22] Wearable computers erode privacy

===============================================
[1] Mainland China "kills" online dissent
===============================================
Communist Chinese authorities had previously promised a crackdown on
dissent. Recent events suggest that they are delivering on that promise.

The state-run Xinhua news agency is reporting the development of new
"killing" censorship software. This program targets controversial material
when it is downloaded or viewed on a target computer. After an initial
warning, the software shuts down or "kills" any application used to view the
offending files. The new device also monitors usage of computers in real
time, which allows officials using the program to actively prevent the
viewing of certain materials. Although the software is supposedly targeted
at pornography, Communist officials previously have used similar products to
prevent the spread of pro-democracy information in cyberspace.

Mainland Chinese officials are also backing up their new technology by
renewing their efforts to hunt down and silence online dissidents. Jiang
Shihua, a high school computer instructor who also owned an Internet café,
was recently arrested for posting several articles on the Information
Superhighway that criticized Communist officials. He is now charged with
"incitement to subvert state power" and faces a potential ten-year stay in a
Chinese labor camp. Earlier in the month, government agents had shutdown a
pro-democracy website, www.xinwenming.net, and were launching new efforts to
clamp down on unsolicited e-mails, which many human rights groups had used
to supply news and information to readers throughout the country.

These attempts have met with resistance and reproach in a variety of forms.
One group, Human Rights in China (HRIC), went so far as to duplicate
xinwenming.net on its own site, along with a statement from the original
page's authors that denounced Beijing's apparent attempts at censorship. In
the Jiang Shihua case, free speech advocates such as Robert Menard of
Reporters Sans Frontieres (RSF) have excoriated Communist authorities.
Menard argued that this Communist Chinese attempt to mete out "punishment
for expression of a peaceful opinion is a serious violation of human
rights."

For more on Beijing's new "killing" censorship program, read "Bon Voyage,
Voyeurs: New Anti-Pornographic Software Developed," China Online, August 29,
2000 at
http://www.insidechina.com/localpress/chonline.php3?id=193691

Further information on Censorship in China is available in a special news
bulletin from the Digital Freedom Network (DFN-a GILC member) under
http://dfn.org/Voices/Asia/china/jiangshihua.htm

The HRIC mirror of Xinwenming (in Chinese) is located at
http://www.hrichina.org/Xinwenming/index.htm

Read "Press Freedom Group Urges Release of Chinese Cyber-Dissident," Agence
France Presse, August 23, 2000 at
http://www.insidechina.com/news.php3?id=191742
 See also "China To Crackdown On Junk E-Mail Senders," Agence France Presse,
August 23, 2000 at
http://www.insidechina.com/news.php3?id=191713

More information is available in "Demanding Release," Reuters, August 23,
2000 at
http://www.abcnews.go.com/sections/tech/DailyNews/chinanet000823.html

===============================================
[2] DVD ruling endangers free speech
===============================================
A recent decision regarding a controversial DVD-related computer program may
have serious implications for online free speech.

The case centers around DeCSS--a primitive computer program to help users of
the Linux operating system play DVDs on their computers. The entertainment
industry, through the DVD Content Control Association (DVD CCA) and the
Motion Picture Association of America (MPAA), had sued to prevent Internet
users from linking to websites that have DeCSS. In New York, the motion
picture industry is suing 2600 Magazine, which is defended by the Electronic
Frontier Foundation (EFF-a GILC member). Previously, courts in both New York
and California had issued preliminary injunctions that barred computer users
from posting DeCSS on their websites. Many experts fear that these actions
may stifle free expression in cyberspace.

In his ruling, Judge Lewis Kaplan banned individuals from providing links to
(or publishing) information about the DVD Content Scrambling System (CSS) on
the World Wide Web. Curiously, he compared dissemination of such programs to
"the assassination of a political figure." Kaplan analogized the work of
these researchers who developed DeCSS and 2600 magazine on the Internet to a
"propagated outbreak epidemic" that came from "a poisoned well" and "spreads
from person to person." An appeal of the ruling is expected shortly.

Judge Kaplan's ruling is available (in PDF format) under
http://www.2600.com/dvd/docs/2000/0817-decision.pdf

For a 2600 editorial on the ruling, see
http://www.2600.com/news/2000/0821.html

Read David Streitfeld, "Judge Backs Hollywood In DVD Movie Case," Washington
Post, August 18, 2000, page E1, at
http://www.washingtonpost.com/wp-dyn/articles/A47253-2000Aug17.html

See also Declan McCullagh, "Only News That's Fit to Link," Wired News,
August 23, 2000 at
http://www.wired.com/news/print/0,1294,38360,00.html

===============================================
[3] ICANN elections controversy
===============================================
The group responsible for the Internet domain name system is facing
criticism that it suffers a democracy deficit.

The Internet Corporation for Assigned Names and Numbers (ICANN) has issued a
complex system for people to run for the Board if they are not chosen by its
official Nominating Committee. Under this system, hopefuls must submit a
list of personal information about themselves to ICANN, then collect
nominations. The number of nominations required is 2% of the electorate in a
given region (e.g. North America) or 20 people, whichever is greater. What
is more, would-be candidates must get endorsements from citizens in at least
two countries.

In a related move, the current board has decided to cap the number of
candidates per region. Because ICANN had an official Nominating Committee
pre-select several candidates for each region, this decision effectively
limited the number of ballot slots available for publicly nominated
candidates.

Many observers worry that this complicated scheme will prevent publicly
supported candidates from getting on the ballot. Furthermore, a number of
experts have pointed out that the vast majority of candidates selected by
the Nominating Committee have strong links to big businesses or government
agencies. In the end, considerable doubts have been raised as to whether the
Board members who are eventually elected will truly be representative of the
full Internet community.

For further details, visit the Internet Democracy Project website at
http://www.internetdemocracyproject.org

See also David McGuire, "ICANN Official Defends Board Nominees-Update,"
Newsbytes, August 2, 2000 at
http://www.newsbytes.com/pubNews/00/153107.html

==================================================
[4] Online protests of new Korean censorship plan
==================================================
What do you if the government tries to censor the Internet? Try organizing a
really big online sit-in.

That is apparently what happened in South Korea. The Korean Information and
Communications Ministry has proposed a ratings system that would force web
site creators to label themselves if their materials could somehow be
considered harmful to teenagers. A Ministry spokesperson explained that once
the ratings system was implemented, troublesome websites could then be
blocked off. The agency intends to submit this bill to the National Assembly
within the next few months, and the entire system could be up and running by
the middle of next year.

Critics have scoffed at this scheme, claiming that it would amount to de
facto government censorship. Chang Yeo-kyong from Internet rights group
Progressive Network noted that these "so-called voluntary ratings will be
reviewed by a government committee, which suggests government's coercive
control over the Internet." Hundreds of enraged Internet users
simultaneously visited the Ministry's home page and disrupted service for
hours, apparently as part of massive "click-in" protest. Against this
backdrop, numerous politicians from the Korean Democratic Labor Party will
oppose the bill when the Assembly begins considering the proposal this fall.

See "Net users block site to protest rating system," Associated Press,
August 29, 2000, at
http://news.cnet.com/news/0-1005-200-2642059.html

===============================================
[5] Domain name decisions spark debate
===============================================
Want to set up a protest website? Eager to pay homage to your favorite city
via the World Wide Web? Not so fast.

That's apparently the message being given in a series of decisions from
various intellectual property and domain name arbitrators. Several months
ago, the Internet Corporation for Assigned Names and Numbers (ICANN) adopted
a controversial Uniform Domain Name Dispute Resolution Policy (UDRP) that
many critics charge fails to protect free speech. Subsequently, in all but
two arbitration cases under the UDRP, corporations have won the rights to
domain names of "-sucks" websites that protest their policies, such as
"walmartcanadasucks.com" (which was awarded to the North American retail
giant Walmart). Another recent ruling, this time from the World Intellectual
Property Organization (WIPO), states that the Barcelona City Council had
"better rights" to the domain name www.barcelona.com than the prior
registrants. In the past, two Spaniards ran Barcelona.com as a tourism
portal, with advertising from Pepper Media. It is not clear why the City
Council did not use some other easily recognizable domain name (such as
"barcelona.gov.es") instead of going to arbitration.

The ruling further fuels concerns over the extent to which WIPO or ICANN
will recognize the free speech possibilities of domain names. Despite calls
to create many more new top-level domains (like ".sucks" for protest
websites), ICANN has instituted "very stringent" criteria for considering
these inquiries. Among other things, ICANN is charging $50,000 nonrefundable
fees from anyone who submits such proposals, as well as requiring applicants
to fill out a series complicated forms. Moreover, many corporations are
taking matters into their own hands by registering domain names that could
be used by protestors. For example, telecommunications giant Verizon has
registered over 700 names (and spent US $50,000), including
Verizonsucks.com, in an apparent attempt to silence its critics.

For more on corporate attempts to register potential protest website domain
names, read David Streitfeld, "Making Bad Names for Themselves," Washington
Post, September 8, 2000, page A1, at
http://www.washingtonpost.com/wp-dyn/articles/A30525-2000Sep7.html

To learn more about UDRP arbitration result statistics, read Gwendolyn
Mariano & Evan Hansen, "Parody sites sucked into cybersquatting squabbles,"
CNet News, August 24, 2000 at
http://news.cnet.com/news/0-1005-200-2604599.html

For further details on the Barcelona.com controversy, see Louise Ferguson,
"Geographic Domains on Shaky Ground," The Industry Standard, August 11, 2000
at
http://www.thestandard.com/article/display/1,1151,17627,00.html

More details can be seen under Anick Jesdanun, "Board Accepting Ideas For
New Net Suffixes," Washington Post, August 4, 2000, page E3, at
http://washingtonpost.com/wp-dyn/articles/A34275-2000Aug3.html

Additional details on Verizon's mass domain name registration drive, read
Stefan C. Friedman, "[log in to unmask]," New York Post,
August 15, 2000 at
http://www.nypost.com/business/9655.htm

See also
http://www.internetdemocracyproject.org

===============================================
[6] US mega-blocking bill introduced
===============================================
Troubled by various proposals to block content on the Internet? Would you
feel any better if they were combined into one big package?

That is the approach that's been taken in a recent plan being considered by
the United States Congress. The so-called "Children's Internet Protection
Act" is actually an amendment to a Labor-Health and Human Resources funding
bill. This scheme combines several different filtering plans, and would
essentially require high schools and libraries to include blocking software
on all of their computers. Institutions that refused to do so (or implement
policies to that effect) would receive federal funding.

Educators and cyberliberties groups have savaged this omnibus package
because it may severely restrict the flow of information online. The
American Civil Liberties Union (ACLU-a GILC member) bemoaned the fact that
although "a unanimous 1997 Supreme Court decision ruling that said the
Internet should have the same free speech protections as more traditional
media, members of Congress continue to introduce legislation aimed at
censoring free speech on the web." Moreover, the ACLU expressed fear that
these new plans "could prevent students without home computers from
realizing the full potential of information available on the Internet.
Because they can be so restrictive and overreaching, blocking programs
significantly reduce the amount and diversity of speech and information
available to individuals." Similar concerns were expressed by the Center for
Democracy and Technology (CDT-a GILC member).

For the text of this bill (in PDF Format), visit
http://www.cdt.org/legislation/106th/speech/000807cipa.pdf

To see an ACLU action item regarding recent Congressional filtering
legislation, visit
http://www.aclu.org/action/blocking106.html

================================================
[7] Ticketmaster ruling spares weblinks for now
================================================
Should it be a crime to tell people where to find information on another
website?

The answer is apparently not clear, based on developments in a recent case.
Ticketmaster Online-City Search Inc. had sued a rival, Tickets.com, for
providing weblinks to pages inside Ticketmaster.com, rather than
Ticketmaster.com's frontpage. According to one lawyer for Ticketmaster, the
actions of Tickets.com constituted "an unlawful trespass on our personal
property." In spite of the apparently anachronistic nature of this lawsuit,
a Federal judge refused to throw out the case; however, the court also
refused to issue a preliminary injunction that would force Tickets.com to
stop their practices immediately.

Many experts are concerned that a ruling in favor of Ticketmaster might make
it harder to find things along the Information Superhighway, as well as
curtailing freedom of expression. In particular, these observers fear that
such a decision might severely crimp the operation of search engines (such
as Google and Yahoo) or news websites that provide links to additional
background information.

For more information, read Steven Bonisteel, "Ticketmaster Gets Setback In
'Deep-Linking' Suit," Newsbytes, August 15, 2000 at
http://www.newsbytes.com/pubNews/00/153665.html

To read the court's decision not to grant a preliminary injunction, click
http://www.gigalaw.com/library/ticketmaster-tickets-2000-08-10-p1.html

===============================================
[8] New Russian anonymous email service
===============================================
It may be getting easier for Russians to speak freely online.

Quickmail.ru is a new Russian language service that provides users with
web-based e-mail access. What makes the service special is that it doesn't
require people to log in, register or otherwise personal information about
themselves-they can simply go to the site and starting typing. While users
can't receive messages through Quickmail, they can send messages to any
e-mail address and talk about any subject. Moreover, as one spokesperson
explained, the system was designed to be "convenient," adding that his
company "worked on the principle of doing good for the majority."

Quickmail is just one of several new technologies from around the world
(including a new AT&T project called Publius) that may help online
dissidents, whistleblowers and other concerned citizens make their voices
heard without fear of reprisals or censorship. Yet despite the potential
benefits of Quickmail, rival Internet companies have threatened to block any
messages from the service, based on purported concerns over "incorrect use."

Read Melissa Akin, "New E-Mail Invites Excesses," St. Petersburg Times,
August 8, 2000 at
http://www.sptimes.ru/archive/times/592/news/b_email.htm

See also John Borland, "AT&T vows no censorship on new network," CNet News,
August 7, 2000 at
http://news.cnet.com/news/0-1004-200-2458275.html

===============================================
[9] Women outnumber men online in US
===============================================
The majority of American Internet users are women, not men.

That's the conclusion of a new report from Media Metrix and Jupiter
Communications. The report, based on statistics collected this past May,
found that 50.4% of Internet users in the United States were women.  This is
a vast increase from 1996, when women only constituted 38% of the American
Internet population. The jump was especially large among girls from 12 to 17
years old, where percentage of users rose by 126 percent. Many of these
teenage cybernauts were apparently drawn by content or expression-based
websites, including webpages that provided interesting news articles or
music. Moreover, according to Media Metrix Analyst Anne Rickert, "This is
definitely not a one-time outnumbering of men. It's a trend that suggests
women are favorably positioned for further growth in the years to come."

See Leslie Walker, "Teen Girls Help Create Female Majority Online,"
Washington Post, August 9, 2000, page E3, at
http://washingtonpost.com/wp-dyn/articles/A58646-2000Aug8.html

===============================================
[10] Singaporean "courtesy" censorship rules
===============================================
Be polite while you're on the Internet, or else...at least if you're in
Singapore.

The official Singapore Courtesy Council has issued stringent rules in the
past regarding many types of conduct, including telling people to
immediately remove crying children from movie theaters. Now the Council has
promulgated codes of conduct for Internet users. The Council lambasted
people who use "rude" language, "use short forms and do not address people
properly." The agency is also looking at ways to promote self-censorship in
order to discourage "vulgar" speech.

These warnings are further evidence of efforts by Singaporean authorities to
restricting online expression. A recent United States government human
rights audit noted that the Singaporean leadership "does not classify
regulation of the Internet as censorship, the SBA [Singapore Broadcast
Authority] directs service providers to block access to web pages that, in
the Government's view, undermine public security, national defense, racial
and religious harmony, and public morals." In addition, officials in
Singapore have often used such concerns as a pretext to conduct widespread
secret surveillance on ordinary Internet users.

Read "Mind your p's and q's on Net," The Straits Times, August 8, 2000 at
http://straitstimes.asia1.com.sg/singapore/sin14_0808_prt.html

To read the latest U.S. State Department Human Rights Report on Singapore,
click
http://www.state.gov/www/global/human_rights/1999_hrp_report/singapor.html

==================================================
[11] Press companies sue over net cellular content
==================================================
Do you enjoy reading web excerpts of articles from major news agencies? An
upcoming court case may put your habits on ice.

Several major news corporations, including The New York Times Co., the Cable
News Network division of Time Warner, The Washington Post Co., and Gannett
(which publishes USA Today) are suing GoSMS.com. GoSMS had taken articles
from websites of these companies and transmitted them to cellular telephone
users, 160 words at a time. The plaintiffs are alleging copyright and
trademark infringement along with a variety of other claims, including false
advertising and unfair competition.

GoSMS chief executive Yuval Golan countered that his company was "justified"
in providing these excerpts to its customers, and noted that his firm is not
making any money from this activity. Moreover, Golan mentioned that many of
cellular phone users had displays with limited capabilities and would not
have been able to read the plaintiffs' web articles without a service
similar to GoSMS.

See "News firms sue over wireless access to content," Associated Press,
August 8, 2000 at
http://news.cnet.com/news/0-1004-200-2468835.html

==================================================
[12] US Gov't mum on Carnivore spyware
==================================================
The United States government is dragging its feet in providing details on
one of its newest surveillance schemes.

That's what many privacy advocates are saying as they seek information about
Carnivore. Carnivore is a device that is attached to the server of a given
Internet service provider. This device intercepts all Internet transmissions
that come through the server, then parses out pertinent material, based on
chosen keywords. The US Department of Justice (DoJ) has confirmed that
Carnivore can monitor private e-mail messages as well as activity on the
World Wide Web and in chat rooms. The US Federal Bureau of Investigations
(FBI) then decides which particular communications it believes it is
entitled to review.

The revelations about Carnivore sparked considerable public concern over the
system's potential privacy ramifications. In a recent hearing before the US
Senate Judiciary Committee, James Dempsey from the Center for Democracy and
Technology (CDT-a GILC member) argued that "as a black box controlled by the
FBI and inserted into the network of an Internet service provider to search
through thousands or millions of messages, including those of innocent
people, Carnivore is not the right solution." Dempsey added that "Carnivore
is the latest in a series of wake-up calls about the perils facing personal
privacy in the digital age." Similar concerns were voiced at a House
subcommittee hearing held later that day by Gregory Nojeim of the American
Civil Liberties Union (ACLU-a GILC member) and Marc Rotenberg of the
Electronic Privacy Information Center (EPIC-a GILC member).

In addition, both EPIC and the ACLU have filed Freedom of Information Act
(FOIA) requests for more details on the Carnivore system. After a Federal
judge ordered the Department of Justice to formally respond to EPIC's
request, the DoJ sent a cryptic, noncommittal statement suggesting that it
might provide some documents within 45 days and at successive intervals
afterwards. Unsatisfied with this statement, EPIC filed papers asking a
court to force complete disclosure by December 1, 2000.

Meanwhile, the DoJ is soliciting contractors to do an internal review of
Carnivore's privacy implications. However, many observers are worried that
this review will not go far enough in determining whether Carnivore in
itself unlawfully violates the privacy of Internet users. EPIC General
Counsel David Sobel noted: "I don't think any review of this kind could
answer all of the questions that have been raised. If that's the intention,
that this process is going to put all of those concerns to rest, I don't
think it's going to accomplish that. Which is why we are pursuing our FOIA
request as aggressively as we are."

Indeed, a number of colleges have already turned down FBI offers to perform
the review, including the Massachusetts Institute of Technology (MIT). An
MIT spokesperson complained the FBI wanted "a rubber stamp" that the FBI's
entreaty "is not a request for an independent report."

See Will Rodger, "Carnivore unlikely to be validated," USA Today, September
5, 2000 at
http://www.usatoday.com/news/ndstue06.htm

To read testimony from the September 6, 2000 Senate Committee hearings on
Carnivore, click
http://www.senate.gov/~judiciary/wl96200f.htm

To read testimony from the September 6, 2000 House subcommitee hearings,
visit
http://www.house.gov/judiciary/cons0906.htm

For further details, see Frank James, "U.S. Seeks University Experts to
Review FBI's E-Mail Probes," Chicago Tribune, August 25, 2000, at
http://www.chicagotribune.com/news/nationworld/article/0,2669,SAV-0008250314
,FF.html

For the Department of Justice's solicitation for Carnivore reviewers (in PDF
Format), visit
http://www.usdoj.gov/jmd/pss/CarnivoreRFP-82400.pdf

See also "Carnivore Slow to Spill Its Guts," The Industry Standard, August
17, 2000 at
http://www.thestandard.com/article/display/1,1151,17758,00.html

===================================================
[13] UK plans corporate and government net tapping
===================================================
British Internet users may have to watch what they type at work as well as
at home.

The United Kingdom recently adopted the highly controversial Regulation of
Investigatory Powers Act (RIP). The Act essentially forces Internet Service
Providers to build so-called "black boxes" into their networks, thereby
allowing the government to monitor their customers. The RIP scheme would
also allow the British government to demand private encryption keys,
passwords and other such information-those who refuse to comply may face up
to two years in prison. Not surprisingly, the bill had been lambasted by a
wide spectrum of groups, including Cyber-Rights & Cyber-Liberties UK (a GILC
member), which expressed fears that the RIP proposal (even with an added
Code of Practice) did not sufficiently protect personal privacy. Similar
concerns were expressed by several other GILC members, including Privacy
International and Index on Censorship. Public debate over the new measure
was further fueled by a British Chamber of Commerce report that suggested
the implementation of the RIP plan would cost an estimated 46 billion pounds
(US $69.9 billion).

The British Department of Trade and Industry is now trying to piggyback
additional guidelines that would allow businesses to monitor their workers.
In an attempt to appease employers, the Department has extended the deadline
for suggestions to October 24, 2000. However, the agency did not provide any
details on whether these regulations would violate the European Human Rights
Act, which the British government is scheduled to sign within a few weeks.
In addition, the Department did not address the many loopholes contained
within the act, which in many cases would allow monitoring of Internet users
without their knowledge.

The full text of the RIP proposal as adopted is available from the
Foundation of Information Policy Research at
http://www.fipr.org/rip/ripa2000.htm

For more details on the lawful business practices regulations, read "UK
Delays Work Email Legislation," Reuters, August 25, 2000 at
http://www.wired.com/news/print/0,1294,38447,00.html

For further background information, visit the Cyber-Rights & Cyber-Liberties
UK homepage at
http://www.cyber-rights.org

==================================================
[14] US CALEA ruling mixed on privacy
================================================== A recent ruling on
several controversial surveillance standards may strengthen the privacy of
people online.

The case involved the Communications Assistance for Law Enforcement Act
(CALEA), a controversial law enacted in 1994, which requires the
telecommunications industry to design its systems in compliance with
technical requirements from the United States Federal Bureau of
Investigations (FBI) to facilitate electronic surveillance. In negotiations
over the last few years, the FBI and industry representatives were unable to
agree upon those standards, resulting in a recent ruling by the United
States Federal Communications Commission (FCC). The FCC had approved rules
that, among other things, would enable the Bureau to track the physical
locations of cellular phone users and potentially monitor Internet traffic.

Subsequently, several different groups, including GILC members the
Electronic Privacy Information Center (EPIC), the Electronic Frontier
Foundation (EFF), the Center for Democracy and Technology (CDT) and the
American Civil Liberties Union (ACLU), challenged the decision on the
grounds that the FCC ruling exceeded the requirements of CALEA and
frustrated the privacy interests protected by Federal statutes and the US
Constitution. A US Federal appeals court held that law enforcement agencies
must get a court order or other lawful authorization before they could use
new surveillance capabilities. Indeed, the court held that the FCC "was
simply mistaken" when it interpreted certain technical standards to expand
"the authority of law enforcement agencies to obtain the contents of
communications." The three judge panel also struck down several provisions
of the FCC ruling, including a section that allow government officials to
intercept numbers dialed after a user had connected through phone lines
(which might include such things as password information and personal
identification numbers).

This decision casts doubt on several government surveillance initiatives,
including Carnivore--a US government device that intercepts all Internet
transmissions that come through the server, then parses out pertinent
material, based on chosen keywords (see item 12 above). Legal scholars have
noted that the court's heightened protection for personal information would
seem to bar Carnivore's wholesale collection of data.

For further information, read Oscar S. Cisneros, "These Wires Were Made for
Tapping," Wired News, August 14, 2000 at
http://www.wired.com/news/print/0,1294,38170,00.html

See also Kalpana Srinivasan, "Court Throws Out Some Wiretapping Rules,"
Associated Press, August 16, 2000 at
http://www.foxnews.com/national/081600/digital_wiretapping.sml

More details are available in "FCC Ordered to revise digital wiretap rules,"
Bloomberg News, August 15, 2000 at
http://www.usatoday.com/life/cyber/tech/cti400.htm

==================================================
[15] New Indian surveillance scheme
==================================================
New rules from the Indian government may make it more difficult for Internet
users to protect their privacy.

Under this regime, the official "Telecom Authority shall have full rights to
monitor all the traffic" that comes through cable-based networks. "The
license shall ensure that the bandwidth provider...gives the complete
monitoring rights to the Telecom Authority." As a part of this plan, the
government is imposing yearly fees of 2,000,000 rupees in order to defray
the costs of monitoring. Oddly enough, Indian officials have even gone so
far as to ban voice communications through the Internet.

This announcement has been met with considerable skepticism. The burgeoning
Indian computing industry is complaining that government interference will
prevent them from making full use of the bandwidth and hampering growth.
These charges are also aimed at official policies that allowed state-run
companies to monopolize numerous aspects of the Internet service industry.
It remains to be seen what precise effect these regulations will have on
privacy in cyberspace.

Read "India unveils rules for private Internet gateways," Reuters, August
14, 2000 at
http://www.totaltele.com/view.asp?ArticleID=29883&pub+tt&categoryid=626

==================================================
[16] Japanese net tapping law in effect
==================================================
A wide spectrum of groups fear that a new Japanese law will erode privacy in
cyberspace.

The Communications Interception Law, which was passed in 1999, has finally
come into force. Among other things, the new statute allows Japanese law
enforcement officials access to private e-mail accounts if they are
investigating certain types of crime, which can even include
immigration-related offences. The measure had received negative reviews from
many quarters, ranging from opposition party leaders to computer scientists.
Indeed, polls showed that a majority of the public did not support the bill
and feared that the new standards would have a deleterious effect on
individual privacy.

In spite of the bill's passage, many network providers and privacy groups
have continued the fight. Under current Japanese laws, government agents
must include an observer from the company whose network is being tapped.
However, several companies, including NTT DoCoMo (the country's biggest
mobile telecom carrier), are refusing to send such witnesses. Meanwhile,
cyberliberties groups such as Japanese Net Workers against Surveillance
Taskforce (NaST-a GILC member) have organized public protests asking
legislators to repeal the new statute. NaST (along with several other
organizations) recently submitted a formal petition with 100,000 signatories
to the Diet (Japanese parliament), asking representatives to repeal the new
wiretapping statute.

For further information (in Japanese), visit the NaST homepage at
http://www.jca.apc.org/privacy/

For English-language details on the new law and the NaST petition, visit
http://www.apc.org/english/news/archive/jca_001.htm

See also Martyn Williams, "Japan's Police Gain Right to Tap Phone, E-Mail,"
The Industry Standard, August 15, 2000 at
http://www.thestandard.com/article/display/1,1151,17697,00.html

==================================================
[17] TrustE tracked visitors
==================================================
A group that supported industry attempts at privacy self-regulation
apparently tracked computer users through its website.

Over the past few years, TrustE encouraged its corporate partners to write
better privacy policies and has given away seals of approval. However, a
security group named Interhack recently discovered that TrustE's website was
using digital identification files called "cookies" and tiny images (known
as "webbugs") to monitor visitors online. This practice was not even
mentioned in TrustE's own privacy policy. After a reporter contacted TrustE
asking for comments, the tracking system was discontinued. A spokesperson
for the group admitted that TrustE had allowed a major information and
marketing company, Internet.com, to monitor traffic on its website, but that
the organization "cut all ties with Internet.com so that we could
investigate this further."

This incident cast further doubts as to whether computer companies or other
self-regulatory initiatives can be trusted to protect online privacy. TrustE
had already drawn criticism for failing to withdraw seals of approval from
companies like RealNetworks that had secretly tracked users. Interhack
president Matt Curtin pointed out that TrustE had "been making a lot of
noise about making policy that will protect privacy, and they have a policy
that does not disclose what exactly they are giving out. They really ought
to know better."

For more details, read "Net privacy firm tracked site visitors," Associated
Press August 25, 2000 at
http://www.usatoday.com/life/cyber/tech/cti444.htm

To see TrustE's privacy policy, click
http://www.truste.com/TRUSTe_privacy.html

==================================================
[18] Survey: Americans worried about privacy
==================================================
"The vast majority of American Internet users want the privacy playing field
tilted towards them and away from online companies. They think it is an
invasion of their privacy for these businesses to monitor users' Web
browsing."

That is according to a recent report by the Pew Internet & American Life
Project. The study, entitled "Trust and privacy online," found that a
whopping 86% of Internet users want policy that would force Internet
companies to ask them permission before using information about them (a
procedure known as "opt-in"). A majority of the Internet users surveyed
(54%) believe that "Web sites' tracking of Internet users is harmful because
it invades their privacy." Additionally, "94% of Internet users want privacy
violators to be disciplined." A number of respondents have taken matters
into their own hands by providing false personal information, as well as
using encryption and anonymizing software.

"Trust and privacy online" is available at
http://www.pewinternet.org/reports/toc.asp?Report=19

==================================================
[19] New Spector software spies on users
==================================================
Several new software packages may be jeopardizing Internet privacy.

One of these programs, known as "Spector," secretly takes screen shots of
the monitor on a target computer every few seconds, then saves these shots
for future viewing. Spector can capture a whole host of personal
information--including passwords, private e-mail messages, downloaded
images, chat room dialogue and financial data--all without the target
individual's knowledge or consent. Even more alarmingly, a spokesperson for
Spectorsoft (which manufactures Spector) said that sales of the product had
risen by 900% over the past year. The software maker has now introduced a
new version (called eBlaster) that allows easier monitoring from another
computer.

The widespread use of these programs has led to several disturbing
developments. For one thing, some people have started to buy and use this
software simply to invade people's privacy; as one aficionado admitted,
"It's kind of like an addiction." Not surprisingly, the Florida Attorney
General's office has launched an investigation to determine whether
Spectorsoft's products violate state privacy laws.

Read Chris Kridler, "Home-spying software prompts investigation," Gannett
News Service, August 29, 2000 at
http://www.usatoday.com/life/cyber/tech/cti451.htm

For more details, see James Walker, "Cyber-Spying," ABC News (US), August
21, 2000, at
http://abcnews.go.com/onair/WorldNewsTonight/wnt000821_cyberspying_feature.h
tml

See also Libby Copeland, "Cyber-Snooping Into A Cheating Heart," Washington
Post, August 8, 2000, page C1, at
http://washingtonpost.com/wp-dyn/articles/A52154-2000Aug7.html

==================================================
[20] For sale: student email addresses
==================================================
Hoping to go to college? You may have to give up your privacy first.

The College Board administers the heavily used Scholastic Aptitude Test
(SAT) to millions of college applicants. Now it is taking the e-mail
addresses it has collected from its test-takers and putting them up for
sale. The Board apparently has already sold other forms of personal
information to a multitude of recipients, including names and home
addresses. As Brad Quin of the College Board crowed, "We're talking about
providing colleges sometimes hundreds and thousands of names where they're
really cultivating first contact." Marketing companies are also delighted by
this move; Brian Niles from TargetX.com claimed that "Students don't want
mail, they want e-mail."

So far, the Board has failed to explain precisely how these applicants will
be able to prevent the dissemination of this personal data, short of giving
up their college dreams. Furthermore, it is highly unlikely that these
students (who must pay service fees simply to take the test) will receive
any compensation for this apparent invasion of privacy.

See "Student e-mail addresses up for sale," Associated Press, August 17,
2000, at
http://www.msnbc.com/news/447582.asp

==================================================
[21] Drug websites track users
==================================================
Looking to find out information on new drug cures? Someone may be secretly
looking over your shoulder.

Pharmatrak Inc. has recently admitted to tracking visitors to several drug
company websites. The Boston-based company did this by using digital
identification files called "cookies" and tiny images (known as "webbugs").
Pharmatrak has apparently accumulated such extensive files on users that it
can even tell what profession a visitor belongs to as well as their location
and what files they collect. Moreover, since the company is not technically
and advertising service, it falls within a loophole in a much ballyhooed
privacy arrangement that was recently endorsed by the United States Federal
Trade Commission (FTC).

Several experts have savaged this surreptitious monitoring of individuals
online. Richard M. Smith of the Privacy Foundation charged that Pharmatrak's
methods were "all hidden" and were "getting very close to that line of what
nice people don't do." One state attorney general is threatening legal
action, saying that this scheme had "taken stealth to a new low. It is a
classic example of corporate surveillance." Yet in spite of this criticism,
Pharmatrak has announced plans to step up its spying ways, stating that
"[i]n the future, we may develop products and services which collect data
that, when used in conjunction with the tracking database, could enable a
direct identification of certain individual visitors."

For further details, see Robert O'Harrow Jr., "Firm Tracking Consumers on
Web for Drug Companies," Washington Post, August 15, 2000, page E1, at
http://washingtonpost.com/wp-dyn/articles/A25494-2000Aug14.html

==================================================
[22] Wearable computers erode privacy
==================================================
Worried about your privacy online? Imagine if you were actually wearing your
computer.

Blue jeans manufacturer Levi's and electronics manufacturer Philips have
joined forces to create electronic clothing. These suits connect the wearer
to the Internet, and include cellular telephone hookups, audio players,
microphones, headphones and remote control panels. However, it is not clear
whether the designers made any attempt to preserve the privacy of the
wearer. Indeed, a Philips spokesperson noted that these clothes would allow
other people to discover very personal information about users, including
sensitive medical data such as heart rates.

As it turns out, these devices have even more serious problems besides the
privacy issues. For one thing, the jackets are prone to severe computer
crashes. Worse still, the suits apparently are not waterproof, and may
malfunction if they are worn in the rain or washed.

See "'Techno' clothing hits high street," BBC News Online, August 16, 2000
at
http://news.bbc.co.uk/low/english/sci/tech/newsid_882000/882254.stm

==========================================================
	ABOUT THE GILC NEWS ALERT:
==========================================================
The GILC News Alert is the newsletter of the Global Internet Liberty
Campaign, an international coalition of organizations working to protect and
enhance online civil liberties and human rights.  Organizations are invited
to join GILC by contacting us at
[log in to unmask]

To alert members about threats to cyber liberties, please contact members
from your country or send a message to the general GILC address.

To submit information about upcoming events, new activist tools and news
stories, contact:

Christopher Chiu
GILC Coordinator
American Civil Liberties Union
125 Broad Street, 17th Floor
New York, New York 10004
USA

Or email:
[log in to unmask]

More information about GILC members and news is available at
http://www.gilc.org

You may re-print or redistribute the GILC NEWS ALERT
freely.

To subscribe to the alert, please send e-mail to
[log in to unmask]

with the following message in the body:
subscribe gilc-announce

========================================================
PUBLICATION OF THIS NEWSLETTER IS MADE POSSIBLE BY A
GRANT FROM THE OPEN SOCIETY INSTITUTE (OSI)
========================================================


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%