From: Chris ChiuTo: GILC announce (E-mail)
Sent: 04/05/01 16:17
Subject: GILC Alert
GILC AlertVolume 5, Issue 3
May 4, 2001
Welcome to the Global Internet Liberty Campaign Newsletter.
Welcome to GILC Alert, the newsletter of the Global Internet Liberty
Campaign. We are an international organization of groups working for
cyber-liberties, who are determined to preserve civil liberties and
human
rights on the Internet.
We hope you find this newsletter interesting, and we very much hope that
you
will avail yourselves of the action items in future issues.
If you are a part of an organization that would be interested in joining
GILC, please contact us at <[log in to unmask]>.
If you are aware of threats to cyber-liberties that we may not know
about,
please contact the GILC members in your country, or contact GILC as a
whole.
Please feel free to redistribute this newsletter to appropriate forums.
===============================================
Free expression
[1] Korean censorware plans draw fire
[2] US libraries, schools face blocking deadline
[3] Mainland China jails more Net dissidents
[4] Malaysian news sites face uphill battle
[5] DVD battles rage Down Under and in US
[6] 2TheMart and MeltroniX Net speech cases
[7] Domain name deals spark anger
[8] Anti-fair use standards fail again
[9] Holocaust site flap Down Under
[10] Ford sues over anti-General Motors Net name
[11] Hollywood spies then sues Net speakers
[12] Internet usage worldwide varies heavily
[13] Whistleblower website launched
[14] Australian censor system largely dormant
Privacy
[15] Cybercrime pact lurches forward
[16] iRobots webcams spy on children
[17] Communist China plans Carnivore-type spyware
[18] New British cyberspy agency created
[19] Euro hearing on ECHELON surveillance
[20] US-EU flap over Safe Harbor contracts
[21] Microsoft SmartTags & Hailstorm privacy woes
[22] EBay pulls an Amazon, waters down privacy policy
[23] Biometric software faces privacy & technical woes
[24] EU panel questions Australian privacy laws
[25] DoubleClick suffers security breach
[26] German gov't searches Net music lovers' homes
[27] Privacy surveys reflect public unease
[28] Sales problems for invasive CueCat, TiVo devices
[29] Digital hospital sparks privacy concerns
[30] Upcoming Japan privacy meetings
===============================================
[1] Korean censorware plans draw fire
===============================================
Controversy continues to surround Korean government plans to block both
domestic and overseas websites.
The Korean Ministry of Information and Communication is pushing a
special
Internet ordinance that essentially would require blocking software to
be
installed in cybercafes and other public computing facilities. A special
Information Communication Ethics Committee already has drawn up a list
of
some 119 000 "anti social" sites that they deem objectionable. This
list,
which apparently includes numerous overseas webpages, will soon be
provided
to software developers for incorporation within blocking packages.
Authorities will also work with Internet service providers to make sure
access to any questionable webpages will be denied; criminal penalties
will
be levied on those who aid and abet access to such sites. However, many
questions about this plan have yet to be answered, including what
criteria
will be used to determine which sites should be blocked, or even the
precise
pages that have banned.
The measure, which is expected to take effect this July, has drawn heavy
criticism over its potentially damaging impact on freedom of expression.
Some of these concerns were aired in a recent meeting at the Sejong
Cultural
Art Center in Seoul; at the event, Chang Yeo Kyung from Jinbonet argued
that
the proposal will not protect children, but will only ensure "that the
rights of parents and the public will be seriously violated." Opponents
of
the ordinance specifically focused on how virtually all blocking
programs
were prone to errors and tended to block many sites that had no
controversial content whatsoever. These groups are now suing in court in
the
hopes of striking down the new restrictions.
See Kim Deok-hyun, "120,000 Internet sites blacklisted," Korea Times,
May 2,
2001 at
http://www.hankooki.com/kt_tech/200105/t2001050217201245110.htm
See also Kim Deok-hyun, "Internet Filtering Ordinance Spurs New Debate,"
Korea Times, Apr. 23, 2001 at
http://www.hk.co.kr/kt_tech/200104/t20010-42316411745110.htm
Read "Seoul taking action against foreign pornographic sites," Korea
Herald,
Apr. 11, 2001 at
http://www.koreaherald.com/SITE/data/html_dir/2001/04/11/200104110036.as
p
=================================================
[2] US libraries, schools face blocking deadline
=================================================
Protests are mounting over a new Internet blocking law that affects
educational institutions throughout the United States.
The so-called "Children's Internet Protection Act" essentially requires
high
schools and libraries to include blocking software on their computers.
Institutions that refuse to do so (or refuse to implement policies to
that
effect) would lose federal funding. CIPA is now being challenged in
court by
several groups, including the American Civil Liberties Union (ACLU-a
GILC
member) and the American Library Association.
The law was to take effect on April 20, 2001, but deadline for
compliance
has been pushed back until July 1, 2001 at the earliest. These delays
came
partly at the behest of cyberlibertarians, who expressed concerns about
the
law's effectiveness and potential harm to freedom of expression. Indeed,
the
Electronic Frontier Foundation (EFF-a GILC member) mobilized street
protests
in New York and California to vent frustration over CIPA, as well as a
special BayFF forum.
For an ACLU press release on the subject, click
http://www.aclu.org/news/2001/n041901b.html
Read Brian Krebs, "Web Filters At Schools, Libraries By July 2002,"
Newsbytes, Apr. 6, 2001 at
http://www.newsbytes.com/news/01/164204.html
For more on EFF-sponsored street protests, visit
http://www.eff.org/Censorship/Censorware/20010420_chipa_protest_pics.htm
l
For more on the EFF BayFF forum on censorware, see
http://www.eff.org/br/br1.html
===============================================
[3] Mainland China jails more Net dissidents
===============================================
With a flurry of arrests, mainland China has apparently started a new
offensive against its online critics.
Reports indicate mainland Chinese authorities have arrested several
activists, including Guo Qinghai, who had written numerous online
opinion
pieces that urged reforms, and Lu Xinhua, who sent messages to various
Web
sites overseas and documented human rights abuses. Another online
dissident,
Chi Shouzhu, was held after he printed out material from a pro-democracy
website. He had been released just a few months ago after serving a
decade
in jail for his participation in the 1989 Tienanmen demonstrations.
Meanwhile, fellow Internet activist Leng Wenbao was subjected to two
hours
of police interrogation while his house was ransacked and his computer
was
seized. Government agents are also holding Yang Zili, the proprietor of
www.lib.126.com, which included articles on the suppression of the Falun
Gong spiritual movement, economic disparities in Chinese society and
critiques of communism.
Additionally, Chinese commisars have banned the opening of any new
cybercafes for at least three months, in an apparent attempt to stifle
various forms of Internet content. Similar initiatives are being
launched at
the local level, including Shanghai. In some areas, the computers in
these
establishments are being fitted with "information purifiers" that block
access to various controversial websites. The crackdown may have a
far-reaching impact because the vast majority of the population does not
have home Internet access, and must depend on cybercafes to get on the
Information Superhighway.
Not surprisingly, these moves have met with dismay from free speech
advocates. Robert Menard from Reporters Sans Frontieres (RSF) said that
while "China escaped condemnation at the Human Rights Commission of the
United Nations, this ... new wave of repression reminds us that China is
still an enemy of the Internet and of freedom of expression."
For the latest details, see the following bulletin from the Digital
Freedom
Network (DFN-a GILC member) under
http://dfn.org/focus/china/guo-sentence.htm
For more of Menard's remarks, click
http://www.rsf.fr/uk/html/asie/cplp01/lp01/190401.html
Read "Online activists arrested in China," Guardian Unlimited, Apr. 19,
2001
at
http://www.guardianunlimited.co.uk/internetnews/story/0,7369,475164,00.h
tml
See also "China internet cafi debate heats up," BBC News Online, Apr.
29,
2001 at
http://news.bbc.co.uk/hi/english/world/monitoring/media_reports/newsid_1
3020
00/1302309.stm
Read Sue Bruell, "Beijing to Forbid Opening of New Cyber Cafes," China
News
Digest, Apr. 14, 2001 at
http://www.cnd.org/Global/01/04/15/010415-2.html
See also "State Council tightens control over Internet cafes," China
Online,
Apr. 17, 2001 at
http://www.chinaonline.com/issues/internet_policy/newsarchive/secure/200
1/ap
ril/C01041201.asp
Read "Shanghai sets strict content restrictions for TV, radio on Web,"
China
Online, Mar. 26, 2001 at
http://www.chinaonline.com/issues/internet_policy/NewsArchive/Secure/200
1/Ma
rch/C01032304.asp
See also "China cracks down on file-swapping sites," Bloomberg News,
Mar.
27, 2001 at
http://news.cnet.com/news/0-1005-200-5262396.html
===============================================
[4] Malaysian news sites face uphill battle
===============================================
Malaysian online journalists are facing a barrage of harassment from
government agents.
In the latest move, Malaysian government agents arrested ten people,
including Raja Petra Kamaruddin, who is webmaster of Freeanwar.com, and
Malaysiakini.com reporter Hisammuddin Rais. The arrests were presumably
an
attempt to undercut support of Anwar Ibrahim, the former deputy prime
minister who was imprisoned in September 1998 under suspicious
circumstances. Kamaruddin, Rais and at least 5 other detainees were
charged
with violating the country's Internal Security Act, which allows
individuals
to held indefinitely without a trial.
Malaysian authorities have also put additional pressure on various
corporations to either block online criticism or engage in
self-censorship.
These efforts apparently led multinational webhost Tripod.com to
shutdown
nearly a dozen opposition sites. Similarly, AgendaMalaysia recently
relaunched its webpage with less content than before; in a thinly-viewed
dig
at Internet activists, the news agency's editor, Rozaid Rahman,
proclaimed
that his group was "not going to change the world. That is a daydream."
For further details, visit the freeanwar.com website under
http://www.freeanwar.com/facnews/suaramappeal270401.htm
For a special bulletin on this subject from the Digital Freedom Network
(DFN-a GILC member), click
http://dfn.org/focus/malaysia/jailed-activists.htm
See K. Kabilan, "Missing websites: no word from Tripod," Malaysiakini,
Mar.
19, 2001 at
http://www.malaysiakini.com/News/2001/03/2001031910.php3?print=1
See also "New Tack for Malaysian News Site," Reuters, Apr. 4, 2001 at
http://www.wired.com/news/politics/0,1283,42828,00.html
===============================================
[5] DVD battles rage Down Under and in US
===============================================
The fight over DVD-related speech restrictions has now reached
Australian
shores.
The battle centers around the copy protection and regional coding
schemes
used in digital video discs. Previously, computer researchers had
created
DeCSS--a primitive computer program to help users of the Linux operating
system play DVDs on their computers. Over the past year, the
entertainment
industry, through the DVD Content Control Association (DVD CCA) and the
Motion Picture Association of America (MPAA), has waged legal battles in
both New York and California to prevent Internet users from linking to
websites that have DeCSS. Many experts fear that these actions may
stifle
free expression in cyberspace.
In Australia, where interest in DVDs is growing, machines that are sold
Down
Under generally cannot play discs from the other countries due to the
regional coding. Users who wish to view DVDs from, say, Japan must
modify
their players, but the process brings legal problems (including possible
nullification of the product warranty). These difficulties have led some
experts, such as Allan Fels of the Australian Competition and Consumer
Commission, to suggest the coding restrictions contained on DVDs
actually
violate the country's trade practices laws. There are additional
concerns
that these code-based restraints may have a significant detrimental
impact
on free speech, from preventing fair use of materials contained on DVDs
to
abetting controversial content rating systems.
Meanwhile, in the United States, the next round of legal battles over
DeCSS
took place May 1. The Electronic Frontier Foundation (EFF-a GILC
member),
which is defending 2600 magazine against the MPAA, recently added a new
member to its DeCSS legal team: Stanford Law School Dean Kathleen
Sullivan,
who conducted oral arguments before a panel of 3 Federal appeals court
judges. During this session, she suggested that copyright laws such as
the
Digital Millennium Copyright Act were acting as a "digital
straightjacket"
that hampered fair use and other free speech rights: "It's as if the
laws,
as applied, say you can't print a blueprint of a copying machine."
However,
at least one panelist seemed less than receptive to these arguments.
Judge
Jon Newman countered that the law does not necessarily allow individuals
"to
make fair use in the most technologically modern way". Newman further
pooh-poohed the idea that fair use and other free speech doctrines fully
apply to the Internet, suggesting at one point that newspapers such as
the
New York Times did not "need the digital format to write their reviews."
A
ruling is expected in several weeks.
For the latest on the New York court battle, see Declan McCullagh, "DVD
Piracy Judges Resolute," Wired News, May 2, 2001 at
http://www.wired.com/news/digiwood/0,1412,43470,00.html
See Caitlin Fitzsimmons, "Restricting DVDs 'illegal': ACCC," Australian
IT,
Mar. 27, 2001 at
http://australianit.news.com.au/common/storyPage/0,3811,1836144%255E1286
,00.
html
For further background information on the growing popularity of DVDs in
Australia, see Adrian Kerr, "Philips predicts VCR demise," ZDNet
Australia,
May 2, 2001 at
http://www.zdnet.com/zdnn/stories/news/0,4586,2714548,00.html
For an EFF press release on the hiring of Dean Sullivan, visit
http://www.eff.org/IP/Video/MPAA_DVD_cases/20010402_eff_sullivan_pr.html
For more on a possible ban on T-shirts containing DeCSS information,
read
John Naughton, "Been there, outlawed it-banned the T-shirt," The
Observer,
Apr. 1, 2001 at
http://www.guardianunlimited.co.uk/internetnews/story/0,7369,466363,00.h
tml
===============================================
[6] 2TheMart & MeltroniX Net speech cases
===============================================
Free speech activists are cheering over a recent court ruling that
protected
the personal information of several online speakers.
The case centered around 2TheMart.com, which tried to uncover the
identities
of some 23 people who had posted critical comments about the company.
The
move was opposed by GILC members the American Civil Liberties Union
(ACLU)
and the Electronic Frontier Foundation (EFF). A United States Federal
judge
eventually quashed this request. Aaron Caplan, an attorney with the
local
(Washington State) ACLU affiliate, noted that the decision was important
because "[t]here are a number of situations where, if people don't feel
it
is safe for them to speak anonymously, they may not speak at all. It is
important for people to have that outlet for speech, persuasion and
organization."
However, another court case is brewing in California, where computer
manufacturer MeltroniX is trying to discover the names of several online
detractors. The company is suing these Internet users for making
allegedly
"vicious, defamatory and damaging comments," and is asking a court to
award
punitive and financial damages. The corporation has even gone so far as
to
call personal information regarding these people as "a matter of public
record" and that it would monitor them to enforce what it called
"responsible posting."
An EFF press release on the 2TheMart decision is available at
http://www.eff.org/Legal/Cases/2TheMart_case/20010420_eff_2themart_pr.ht
ml
For more on the recent Seattle anonymous free speech victory, see David
McGuire, "Court Ruling A Boon For Online Anonymity-ACLU," Newsbytes,
Apr.
20, 2001 at
http://www.newsbytes.com/news/01/164776.html
See also Stefanie Olsen, "Court backs right to free speech on Web,"
ZDNet
News, Apr. 20, 2001 at
http://www.zdnet.com/zdnn/stories/news/0,4586,5081526,00.html
For more on the MeltroniX controversy, see Linda Hamilton, "Chatroom
posters
to be sued and outed," The Register (UK), Apr. 9, 2001 at
http://www.theregister.co.uk/content/6/18192.html
=================================================
[7] Domain name deals spark anger
=================================================
Several new agreements on the future of .com, .edu and other Internet
suffixes are raising concern among many members of the Internet
community.
In one of the these deals, the Internet Corporation of Assigned Names
and
Numbers (ICANN) awarded domain name giant Verisign the right to control
the
.com registry for at least 6 more years. ICANN also approved contracts
that
would grant Verisign powers over .org for at least one more year and
.net
for 4 years. The decision came despite intense opposition from a several
quarters, including ICANN's own Names Council. This opposition arose
partly
because of the apparently undemocratic approach with which these
contracts
were conceived, as well as fears that the agreements will hurt
competition
and free expression. Indeed, ICANN's Board of Directors refused to make
a
final decision on this matter during its public meetings Down Under, but
made their move during a private conference call that had been scheduled
specifically for this purpose. These contracts may yet be countermanded,
however, as several leading United States politicians have petitioned
for
greater oversight of these and other ICANN activities.
Meanwhile, the U.S. Commerce Department (through its subdivision, the
National Telecommunications and Information Administration) is planning
to
turn control over .edu to Educause--a Washington D.C.-based group that
lobbies on behalf of colleges and their corporate partners. The decision
was
taken with virtually no opportunity for public comment. Some observers
have
expressed concern over whether Educause will impose restrictions on the
use
of .edu, particularly in regard to educational institutions based
outside
the United States. These and other subjects are expected to be major
topics
for discussion at ICANN's upcoming June meetings in Stockholm.
For an Educause press release on the .edu takeover, click
http://www.educause.edu/news/2001/04/edudomain.html
Read Mark Ward, "Domain dispute drags on," BBC News Online, Apr. 20,
2001 at
http://news.bbc.co.uk/hi/english/sci/tech/newsid_1287000/1287432.stm
To read a letter from US Congressmen regarding new ICANN-Verisign
contracts,
click
http://www.house.gov/commerce/letters/03302001_150.htm
For more on calls for greater oversight of ICANN, see Juliana Gruenwald,
"ICANN Issues Hitting Commerce Department," Interactive Week, Apr. 9,
2001
at
http://www.zdnet.com/intweek/stories/news/0,4164,2705712,00.html
For more on ICANN's Stockholm meetings, click
http://www.icann.org/stockholm
=================================================
[8] Anti-fair use standards fail again
=================================================
Troubles continue to mount for various technical measures which many
experts
feel may curb the free flow of information online.
Under the proposed SigningStation system, consumers would have to
disclose
their identities and have entertainment companies assign them a special
individualized digital key. After customers purchase a given digital
video
or music product, they would use key for authentication, and only then
would
be able to view or hear what they had bought. However, experts wonder
whether SigningStation will unnecessarily restrict the ability of
individuals to make fair use of legally obtained digital materials. In
addition, the complex identification requirements are raising serious
privacy concerns. These considerations have fueled speculation over
whether
the entire plan is the financially viable.
Similar concerns have already led IBM to shelve Content Protection for
Removable Media (CPRM), which would have placed copy protection software
and
special digital markings on each individual's hard drive (as well as
removable drives and other such systems). Nevertheless, Microsoft is
pushing
a somewhat analogous scheme called "Secure PC" that is designed to
prevent
computer users from duplicating audio files, as well as anti-copying
regimes
in its latest version of Windows Media Player. Ironically, Microsoft is
itself being sued by InterTrust, which claims the copy protection
schemes
used in the Media Player have infringed on InterTrust's patents. It
remains
to be seen whether any of these systems will achieve commercial
acceptance
or what impact they would have on Internet free expression.
For more on InterTrust's patent lawsuit against Microsoft's
copy-protection
schemes, read John Borland, "Anti-piracy company sues Microsoft," Apr.
27,
2001 at
http://news.cnet.com/news/0-1005-200-5744735.html
For more on SigningStation, see David P. Hamilton, "Start-up locks to
media
files," Wall Street Journal, Apr. 23, 2001 at
http://www.zdnet.com/zdnn/stories/news/0,4586,2710873,00.html
See John Borland, "Anti-privacy plans for hardware fail," CNet News,
Apr. 2,
2001 at
http://news.cnet.com/news/0-1005-200-5422475.html
See also John Lettice, "MS plans 'Secure PC' that won't copy pirated
audio
files," The Register (UK), Mar. 23, 2001 at
http://www.theregister.co.uk/content/4/17851.html
=================================================
[9] Holocaust site flap Down Under
=================================================
Attempts to shutdown a controversial Australian website have raised
troubling questions over Internet censorship.
The site in question was the brainchild of Dr. Fredrick Toben, a former
school instructor who questioned much of the forensic evidence related
to
the Holocaust. The materials contained on Toben's webpages drew the ire
of
Kathleen McEvoy, the Commissioner of Australia's Human Rights & Equal
Opportunity Commission (HREOC). She claimed that the site violated the
country's Racial Discrimination Act and ordered that the offending
webpages
be taken down. The Executive Council of Australian Jewry is now
attempting
to enforce the HREOC order through the courts.
These moves have generated opposition from free speech advocates. Irene
Graham from Electronic Frontiers Australia (EFA-a GILC member) noted
that
"the HREOC decision ... does not provide any indication at all" of what
specific speech is illegal and worried that these vague standards may
chill
expression online. Moreover, she charged that these "futile" and
"counterproductive" bans "don't take into account the technology of the
Internet and the worldwide nature of the Internet." A court hearing on
this
matter has been postponed until June 12, 2001.
See Penelope Debelle, "Free speech row on Holocaust website," Fairfax
IT,
Apr. 9, 2001 at
http://it.mycareer.com.au/e-commerce/20010409/A35206-2001Apr9.html
====================================================
[10] Ford sues over anti-General Motors Net name
====================================================
Several efforts to prevent domain name trademark violations may erode
free
speech and privacy rights online.
The Ford Motor Company is suing 2600 magazine over a domain name that
criticizes General Motors. Ford's rationale was that the term might
confuse
"the public into believing that somehow Ford has approved (of the
tactic) or
is somehow involved." Curiously, General Motors had already threatened
legal
action against 2600 several months ago; a GM spokesperson has since said
that his company "absolutely and totally" supports Ford in its attempted
domain name takedown. A court hearing is scheduled for May 2, 2001.
These moves comes after the World Intellectual Property Organization
issued
a report calling for further trademark-based restrictions on domain
names,
including the use of geographic and personal terms. Under these new
regimes,
Internet users would be completely excluded from using certain terms
(including the names of well-known drug products and international
organizations), even if those terms are used for such purposes as public
criticism or commentary. In an editorial, 2600 retorted that there
should be
"many more top-level domains that are dedicated to a specific purpose,
rather than attempts to control and manipulate every use of a particular
name or word throughout all Internet domains. Unfortunately, WIPO
doesn't
appear to see it that way. ... [T]his 'additional protection' is likely
to
cause great harm to the remaining freedoms of the net."
WIPO is also urging Whois databases (which contain personal information
about domain name holders) to be expanded and standardized, thus making
them
searchable by virtually anyone on the Internet. However, skeptics fear
that
this last idea will curb anonymous free speech and undercut online
privacy.
These fears have grown strong in Australia, where the lack of privacy
protections for this kind of data have led to numerous reported
incidents of
fraud.
WIPO's interim report is available via
http://wipo2.wipo.int/process2/rfc/rfc3/index.html
To read a 2600 editorial on WIPO's report, see "WIPO Recommends Banning
Certain Names and Words From Domains," 2600, Apr. 16, 2001 at
http://www.2600.com/news/display.shtml?id=255
For a schedule of WIPO regional consultations, click
http://www.wipo.int/pressroom/en/releases/2001/p260.htm
Read Steven Bonisteel, "WIPO Says: Keep Whois Open (And Keep It
Accurate),"
Newsbytes, Apr. 20, 2001 at
http://www.newsbytes.com/news/01/164786.html
For more on fraudulent use of domain name registrant data, read Kate
Mackenzie, "'Hijackers' lead to domain changes," Australian IT, Apr. 12,
2001 at
http://australianit.news.com.au/common/storyPage/0,3811,1887934%5E442,00
.htm
l
For further background information, visit
http://www.internetdemocracyproject.org
===========================================================
[11] Hollywood's legal threats against Net speakers
===========================================================
Legal threats from the entertainment industry have forced a university
professor to remain silent about his software research.
The case revolves around the Secure Digital Music Initiative (SDMI), a
software standard that several major entertainment conglomerates are
supporting as a way to discourage copying of sound files. SDMI's
creators
tried to demonstrate the strength of this software by challenging
computer
programmers to crack the code. Professor Eric Felten of Princeton
University
agreed to participate, but was then told by SDMI's sponsors not to
reveal
the results of his work. Prof. Felten balked at these restrictions and
withdrew his official participation, deciding instead to conduct
independent
investigations of SDMI along with several other scientists. After his
team
discovered a way to break through SDMI's protections, he received a
warning
from the SDMI consortium saying that "Any disclosure of information
gained
from participating in the Public Challenge would be outside the scope of
activities permitted by the Agreement and could subject you and your
research team to actions under the Digital Millennium Copyright Act."
Felten
and his fellow researchers eventually conceded to these demands; he
later
expained: "Litigation is costly, time consuming and uncertain,
regardless of
the merits of the other side's case. Ultimately, we, the authors,
reached a
collective decision not to expose ourselves, our employers and the
conference organizers to litigation."
Meanwhile, powerful forces from the entertainment industry are also
clamping
down on the use of software through surveillance and similarly-styled
legal
warnings. The Motion Picture Association of America (MPAA) is using
software
developed by Ranger Online to spy on Internet users and find people who
use
various types of duplication products such as Gnutella. MPAA has used
the
collected information to send hundreds of cease-and-desist letters,
despite
the fact that Gnutella and other similar programs can be used for
noninfringing purposes. Yet despite the intimidating language contained
in
these letters, MPAA attorney Ken Jacobsen claimed that his group was
merely
trying "trying to do is educate the population about what is
appropriate,
both from an ethical standpoint and from a legal standpoint."
Numerous companies (including Microsoft) have launched analogous efforts
around the world-efforts have also led to new legislation in several
European nations, including Hungary. These attempts have renewed
concerns
about the future of online free speech in the face of intellectual
property-based strictures.
For more on the threats leveled at Prof. Felton, read "Researchers cave
in
to SDMI legal threat," Associated Press, Apr. 26, 2001 at
http://news.cnet.com/news/0-1005-200-5737707.html
See also Elizabeth Wasserman, "Breaking the Code Crackers," The Industry
Standard, May 7, 2001 issue at
http://www.thestandard.com/article/0,1902,24076,00.html
Read Lisa M. Bowman, "Broadband fans busted over Gnutella," CNet News,
Apr.
17, 2001 at
http://news.cnet.com/news/0-1005-200-5641576.html
For more about Ranger Online spyware, visit
http://www.rangerinc.com/1/index.htm
For more on new EU copyright restrictions, see Thomas C. Greene, "EU
Sanctifies copyrights a la DMCA," The Register (UK), Apr. 11, 2001 at
http://www.theregister.co.uk/content/6/18255.html
For more on Microsoft/police copyright efforts, read Glenn Simpson,
"Microsoft urges global antipiracy effort," Wall Street Journal, Apr. 2,
2001 at
http://www.zdnet.com/zdnn/stories/news/0,4586,2703424,00.html
For additional details on harsh Hungarian copyright laws, see John
Horvath,
"Criminal Society," Heise Telepolis, Mar. 24, 2001 at
http://www.heise.de/tp/english/inhalt/te/7211/1.html
See also Matt Ford, "Big Brother on track to find the pirates," Fairfax
IT,
Apr. 9, 2001 at
http://it.mycareer.com.au/software/20010409/A35305-2001Apr9.html
================================================
[12] Internet usage worldwide varies heavily
================================================
New studies indicate that much of the world is coming online, but
progress
has been uneven.
This is particularly true in Africa, according to statistics compiled by
the
International Telecommunications Union. Somalia, for example, only has
about
200 Internet users out of a population of over 7 million people. South
Africa, on the other hand, has 1.8 million cybercitizens-roughly 60% of
all
Internet users on the continent. Indeed, outside of South Africa, less
than
0.2% of the population is connected to the Information Superhighway.
In other parts of the globe, the Internet has grown at higher rates.
This is
particularly true in Europe; home Internet use (as measured by time
spent
online) has tripled in France and Spain and nearly doubled in the United
Kingdom. Another nation experiencing an Internet boom is Korea, which
has
been helped by a surge in wireless websurfers. South Korea also has the
world's highest rate of broadband connectivity-a rate that is more
double
that of the United States.
Read Jenny Sinclair, "Why the Internet is out of Africa," Fairfax IT,
Apr.
9, 2001 at
http://it.mycareer.com.au/e-commerce/20010409/A35302-2001Apr9.html
For more on burgeoning European Internet usage, read Steve Gold,
"Internet
Usage Increasing in Europe, Despite Downturn," Newsbytes, May 2, 2001 at
http://www.newsbytes.com/news/01/165210.html
See also "European Net traffic rockets," Reuters, Mar. 28, 2001 at
http://www.zdnet.com/zdnn/stories/newsbursts/0,7407,2702024,00.html
For more on the growth of the Internet in Britain, read Julia Snoddy,
"UK
Net user numbers grow despite dot.coms crash," The Guardian, Apr. 24,
2001
at
http://www.guardianunlimited.co.uk/internetnews/story/0,7369,477523,00.h
tml
Read "OECD broadband figures show Korea leads," Total Telecom, May 1,
2001
at
http://www.totaltele.com/vprint.asp?txtID=39503
See also "South Korea Leads World Broadband Net Race," Reuters, Apr. 23,
2001 at
http://www.thestandard.com/article/0,1902,23891,00.html
For more on general Korean Internet usage, read "Korea No. 1 in use of
multimedia sites," Korea Herald, May 4, 2001 at
http://www.koreaherald.com/SITE/data/html_dir/2001/05/04/200105040010.as
p
See also "Korean users of wireless Internet total 18.52 mil." Korea
Herald,
Apr. 18, 2001 at
http://www.koreaherald.com/SITE/data/html_dir/2001/04/18/200104180009.as
p
========================================
[13] Whistleblower website launched
========================================
Will a new webpage help workers expose corporate abuses?
The British firm Forensic Accounting has launched an initiative
specifically
targeted at employees who wish to vent their concerns to higher-ups
without
fear of reprisal. Informants who visit the website can post
surreptitious
warnings of possible criminal activity on the job, without having to pay
any
fees. Afterwards, the site's operators will forward entries to
management
teams of companies that subscribe to the service, as well as offer
advice.
Raj Bairoliya, managing director of Forensic Accounting, stressed the
importance of this venue for anonymous free speech: "The whistleblower's
lot
has not been a happy one. Most people are too scared because there is
nothing in it but a downside." The plan has received support from
several
groups, including Public Concern at Work, which is dedicated to helping
employees who have suffered reprisals for reporting corporate misdeeds.
However, the website raises questions as to whether the authorities or
major
companies are making sufficient efforts to protect anonymity online.
Indeed,
George Staple from the British Fraud Advisory Panel noted that past
efforts
at helping whistleblowers had not been particularly successful, partly
because the issue of protecting the identities of corporate informants
"is
not high enough on the agenda of most company managements."
See Michael Peel, "SURVEY-CLASSIFIED RECRUITMENT: Justice at a price,"
Financial Times, Apr. 26, 2001 at
http://globalarchive.ft.com/globalarchive/article.html?id=010426001244&q
uery
=Forensic+Accounting
See also Michael Peel, "Whistleblower website welcomed," Financial
Times,
Apr. 11, 2001 at
http://news.ft.com/ft/gx.cgi/ftc?pagename=View&c=Article&cid=FT3UM9WGFLC
&liv
e=true&tagid=IXLC078IH7C&Collid=Any
================================================
[14] Australian censor system largely dormant
================================================
Does Australia really have a serious problem with harmful online
material?
That's what many experts are wondering based on a new report. Nearly two
years ago, the Australian government created a complaint-based regime
that,
depending on the circumstances, would screen out websites based on film
guidelines.
Adult theme websites, which are defined to include "verbal references to
...suicide, crime, corruption, martial problems, emotional trauma, drug
and
alcohol dependency, death and serious illness, racism, [or] religious
issues" would be likely candidates for censure.
The plan took effect in January 2000. However, a subsequent
government-commissioned study revealed showed that out of nearly six
million
of Australian cybercitizens, only 124 complaints were received during
the
first three months of the new regime. A later report issued this past
April
indicates that the massive wave of filings expected by some of the law's
backers still had yet to take place. For example, between July and
December
2000, the Australian
Broadcasting Authority sent take-down notices to only 6 sites regarding
content Down Under; notices were sent to a mere 22 sites over the entire
year.
According to many observers, these findings illustrate how the entire
scheme
has been a waste of resources. Irene Graham, executive director of
Electronic Frontiers Australia (EFA-a GILC member) noted that the
Australian
government "seems to be spending its time either referring overseas
sites to
content filter makers, or issuing take-down notices for domestic sites
that
could largely have been caught through existing laws. The government
trumpets this as having made the Internet safe for children, but we
think
that's merely giving a sense of false security to parents. What they're
doing is making, at best, a miniscule difference to how safe the
Internet is
for children."
The report is available via
http://www.dcita.gov.au/nsapi-graphics/?MIval=dca_dispdoc&ID=5651
For press coverage, read Stewart Taggart, "Questioning the Oz Net
Censors,"
Wired News, Apr. 24, 2001 at
http://www.wired.com/news/print/0,1294,43182,00.html
=================================================
[15] Cybercrime pact lurches forward
=================================================
Despite intense criticism, European politicians are moving ahead with a
European cybercrime plan that may erode online privacy.
Under this Council of Europe treaty, signatory countries would enact
laws
that might make it easier for government agents to search computers and
conduct real-time surveillance on private citizens through
telecommunications networks. The convention includes provisions that may
allow law enforcement officials greater access to many types of personal
security information, such as encryption keys. Additionally, the scheme
could pressure Internet service providers (ISPs) to monitor and retain
records on customer activities, under threat of legal liability.
Furthermore, the draft would have signatories create new penalties for
copyright infringement. European Union officials are now pushing for new
sections that would ban websites containing language deemed hateful or
inflammatory, an apparent extension of a controversial French ruling
against
Yahoo regarding Nazi memorabilia on its auction pages.
The treaty has been the subject of intense criticism for months. Joe
McNamee
of the European Internet Service Provider Association (EuroISPA) worried
that the treaty would require the collection of vast amounts of personal
data, and said that while "[n]obody's opposed to fighting cybercrime,"
his
group and others were "opposed to fighting innocent people and privacy."
There are also serious complaints regarding the secretive nature with
which
the entire plan was conceived. On that point, Gus Hosein of Privacy
International (a GILC member) called the procedure used to create the
treaty
"the worst process I've seen so far when it comes to transparency in
government." Yet despite these concerns, the Council's parliamentary
assembly approved the current draft, and sent the matter into the hands
of
an experts panel that compile a final version. Full assent could come as
early as June 2001.
European nations apparently are not the only countries coming up with
new
cybercrime plans. Thailand is considering new laws that would allow
government agents greater surveillance powers in cyberspace-standards
that
are broadly similar to those contained in the CoE treaty (including
penalties for copyright infringement). In Australia, law enforcement
officials are also proposing new amendments that would carry stiff
punishments for various Internet activities, including decade-long jail
sentences.
For more of Mr. Hosein's remarks, read Rick Perera, "Cybercrime treaty a
step closer to becoming law," Infoworld.com, Apr. 25, 2001 at
http://www.infoworld.com/articles/hn/xml/01/04/25/010425hntreaty.xml
For German language information, see "Europarat verabschiedet
Cybercrime-Abkommen," Heise Online, Apr. 25, 2001 at
http://www.heise.de/newsticker/data/ame-25.04.01-000/
Read Karnjana Karnjanatawe, "Thai Computer Crime Law Nears Public
Hearing,"
Bangkok Post, Mar. 21, 2001 at
http://www.newsbytes.com/news/01/163424.html
Further details regarding Australian cybercrime plans, see Megan
McAuliffe,
"Australian hackers face jail time," ZDNet Australia, Apr. 9, 2001 at
http://www.zdnet.com/zdnn/stories/news/0,4586,2705803,00.html
See also David Adams, "Momentum grows for e-crime centre," Fairfax IT,
Mar.
28, 2001 at
http://it.mycareer.com.au/industry/20010328/A32552-2001Mar28.html
========================================
[16] iRobots spy on children
========================================
Who wants an android to spy on their kids?
That's what some people are wondering with the introduction of iRobot.
This
device, according to the manufacturer, is a "multi-purpose home robot
that
can be controlled from anywhere in the world." iRobot includes a
live-action
camera and microphone mounted on a six-wheel chassis. Images and sounds
collected by the robot are then broadcast along the Internet by
wireless.
Computer users can control this device through their web browser. The
entire
package is being marketed as a way for parents to monitor their
children,
but is also being supplied to the United States Defense Advanced
Projects
Research Agency (DARPA) and various corporations for surveillance
purposes.
The company has conceded that personal web cameras "could lead to
situations
where we are being monitored 24 hours a day, and privacy is a thing of
the
past. For example, if you wanted to be able to see what was going on at
your
house, you would have to install and wire cameras in every room. That's
a
lot of cameras, and for your family, it means never knowing if you are
being
watched or not." Curiously, the company claims this privacy problem does
not
apply to its product because "iRobot-LE(tm) is not a web cam," despite
later
assertions such as: "iRobot-LE is a serious appliance that can bring the
power of the Internet out of the study and into the kitchen or living
room
when you are at home." Indeed, the corporation also admits through its
privacy policy that it uses digital information files known as "cookies"
to
track users and places the burden on consumers to opt-out of its data
collection system.
The iRobot privacy policy is posted at
http://www.irobot.com/privacy/privacy.asp
Further company information on iRobot is posted at
http://www.irobot.com/ir/ir_not.asp
See Peter H. Lewis, "Remotely interesting," Fortune, Apr. 2, 2001 at
http://www.fortune.com/indexw.jhtml;jsessionid=I1YMXDJQHAFBYQAMEHTSFFSAB
QQ4K
IV3?doc_id=200978&channel=artcol.jhtml&_DARGS=%2Ffragments%2Ffrg_moresto
ries
.jhtml.1_A&_DAV=artcol.jhtml
Read Eric Auchard, "I Spy," Reuters, Apr. 17, 2001 at
http://abcnews.go.com/sections/scitech/DailyNews/spycameras010417.html
==================================================
[17] Beijing plans Carnivore-type spyware
==================================================
Mainland China is looking for a new way to monitor Internet users, and
it
appears to be taking a hint from the United States.
Reports indicate that the Chinese government is developing a new "black
box"
system to wiretap the Internet. While details are only beginning to
emerge,
the device is apparently derived from technology previously used in
airline
cockpit data recorders. The goal of this "black box," however, is to
allow
Chinese officials to watch over and hunt down dissidents and possible
opponents to the current ruling regime.
The entire system appears to be broadly similar to Carnivore-a device
developed by the United States government. Carnivore is attached to the
server of a given Internet service provider and intercepts all Internet
transmissions that come through the server, then parses out pertinent
material, based on keywords provided by the administrator. Carnivore and
its
successor DCS 1000 have come under heavy criticism over the past few
months
as being serious threats to online privacy. Some of these concerns were
reiterated by privacy advocates in a recent discussions with US Attorney
General John Ashcroft.
See "China Plans to Build Internet Monitoring System," China News Daily,
Mar. 20, 2001 at
http://www.cnd.org/Global/01/03/20/010320-3.html
For more on current discussions of Carnivore, see Brian Krebs, "Groups
Urge
Ashcroft To Act On Carnivore, Privacy Issues," Newsbytes, May 3, 2001 at
http://www.newsbytes.com/news/01/165261.html
==================================================
[18] New British cyberspy agency created
==================================================
The British government is launching a new cybercrime center that is
causing
concern among privacy advocates.
British Home Secretary Jack Straw recently unveiled a National Hi-Tech
Crime
Unit. This unit will have several dozen employees, consisting of law
enforcement agents and information technology experts, and will focus on
crimes that involve the Internet. While precise details on operations
are
not readily available, operatives are expected to collect information
regarding online activities for possible future action or prosecution.
The
entire enterprise will cost an estimated 25 million pounds sterling.
The move is being seen with a certain degree of apprehension, due in
part to
the sweeping powers this agency may have under the controversial
Regulation
of Investigatory Powers Act (RIP) that was enacted last year. RIP
requires
the creation of a special center with links to Britain's Internet
service
providers (ISPs), which will allow law enforcement officials to spy on
the
online activities of most UK citizens. Many people worry that the Act
will
enable government agents to conduct wide scale searches into the
activities
of private Internet users. Yaman Akdeniz of Cyber-Rights and
Cyber-Liberties
UK (a GILC member) warned that "this partnership could turn ISPs into an
arm
of the law enforcement agencies because there are a lot of requirements
on
them for data collection and analysis." Similar sentiments have been
aired
over an analogous arrangement in the Netherlands.
See Mark Ward, "Cybercops arrest online liberty," BBC News Online, Apr.
18,
2001 at
http://news.bbc.co.uk/hi/english/sci/tech/newsid_1283000/1283127.stm
Read Sarah Left, "Government launches cyber-crime unit," Guardian
Unlimited,
Apr. 18, 2001 at
http://www.guardianunlimited.co.uk/internetnews/story/0,7369,474518,00.h
tml
See also Jelle van Buuren, "Dutch Government and ISP's Reach Compromise
On
Interception of The Internet," Heise Telepolis, Apr. 25, 2001 at
http://www.heise.de/tp/english/inhalt/te/7458/1.html
==================================================
[19] Euro hearing on ECHELON surveillance
==================================================
More details may soon be revealed about a super-secret global
surveillance
system.
A committee of European Parliament members will soon visit the United
States
in an attempt to discover more details about ECHELON. ECHELON is
popularly
used to describe a system that is designed to intercept communications
from
around the world. It is supposedly operated by the United States
National
Security Agency in conjunction with several other intelligence agencies.
Reports suggest that ECHELON is capable of intercepting e-mail messages,
faxes, and telephone conversations.
Fears about possible ECHELON privacy abuses led the European Parliament
to
form a temporary investigatory committee. At a committee hearing held a
few
weeks ago, several witnesses expressed concern about ECHELON's potential
threat to individual rights. One of them, Yaman Akdeniz from
Cyber-Rights &
Cyber-Liberties UK (a GILC member), noted that "[i]f the current
allegations
are true, all law abiding European citizens and companies are at risk of
being monitored every day without any legal basis. ... [W]e are
particularly
concerned about the lack of democratic oversight on data being
intercepted,
stored and processed with systems like Echelon."
Afterwards, members of the EP panel decided to visit the United States
on a
fact-finding mission that will include discussions with various U.S.
politicians and intelligence officials. Marc Rotenberg, executive
director
of the Electronic Privacy Information Center (EPIC-a GILC member),
welcomed
the move as "a very important step. It's a proactive effort by
government
officials to address the problem of international surveillance." The
visit
is scheduled to take place the week of May 8, 2001.
For more on the EP members' visit to the United States, read Declan
McCullagh, "Euros Continue Echelon Probe," Wired News, Apr. 24, 2001 at
http://www.wired.com/news/privacy/0,1848,43270,00.html
A statement from Mr. Akdeniz (presented at the EP hearing) is available
under
http://www.cyber-rights.org/reports/echelon_ya.htm
The agenda for the hearing is posted under
http://wwwdb.europarl.eu.int/ep/owa/p_calag.oj?ipid=0&imn=9062&ilg=EN&io
rig=
tempcom
Other related documents are available at
http://www.europarl.eu.int/meetdocs/committees/temp/20010322/TEMP2001032
2.ht
m
Press coverage is available from Kieren McCarthy, "European Parliament
continues Echelon investigation," The Register (UK), Mar. 22, 2001 at
http://www.theregister.co.uk/content/8/17800.html
For further background information, visit
http://www.echelonwatch.org
==================================================
[20] US-EU flap over Safe Harbor contracts
==================================================
Contracts meant to implement a trans-Atlantic privacy plan have met with
some resistance from the United States government.
The European Union and the United States had previously agreed to new
standards for handling the personal information of EU citizens. Under
the
plan, known as Safe Harbor, U.S. companies would have to notify European
users how their private data is being handled and how it is being
collected.
Concerned individuals would be allowed reasonable access to their files,
and
could refuse to allow other companies to receive such information. This
self-regulatory system is only voluntary, but American firms that join
Safe
Harbor could avoid lawsuits from the governments of EU countries.
Moreover,
these rules are not as strong as the stringent regulations required by
many
European nations.
This compromise was formulated several months ago to avoid a possible
trade
war between the EU and the US. Since then, however, the administration
of US
President Bush sent a letter criticizing proposed model contracts that
are
designed to allow companies to comply with this agreement. The letter
called
the draft clauses "unduly burdensome requirements that are incompatible
with
real world operations." In response, a spokesperson for the European
Commission said that "The US administration's letter appears to be based
on
a total, complete and utter absence of understanding of what the
Commission
is doing. We are aiming to make life easier for companies transferring
data
from the EU to countries outside the EU by clarifying the provisions in
contracts which would best ensure adequate protection of personal data."
See Glenn R. Simpson, "Bush opposes Euro privacy rules," Wall Street
Journal, Mar. 27, 2001 at
http://www.zdnet.com/zdnn/stories/news/0,4586,2701370,00.html
See Peronet Despeignes & Deborah Hargreaves, "INTERNATIONAL ECONOMY:
EU-US
clash over personal data: private right or commercial opportunity?"
Financial Times, Mar. 29, 2001 at
http://globalarchive.ft.com/globalarchive/articles.html?id=010329000406
==================================================
[21] Microsoft SmartTags & Hailstorm privacy woes
==================================================
How would you like to have your most personal details stored by a
central
computer system in Seattle?
That's apparently what Microsoft is asking people to do under its new
Hailstorm plan. The scheme would use a "Passport" identity system for
individuals to use personalized calendars, address books and e-wallets.
This
information would then be accessible to a whole host of recipients,
including programmers and advertisers, who could sift through this data
and
send files to Hailstorm users. Should these users change email
addresses,
the updated contact information would be sent along to financial
institutions and other corporations.
Many observers have raised alarms over the intrusive nature of these
plans,
as well as the apparent lack of privacy protection for the personal data
stored within Hailstorm. Jason Catlett of Junkbusters said he was
against
letting Microsoft becoming "the de facto government of the United
States,
issuing passports and controlling identity and wallets for all
consumers."
Skeptics also pointed to Passport's privacy policies, which previously
allowed "Microsoft and its affiliated companies permission to: Use,
modify,
copy, distribute, transmit, publicly display, publicly perform,
reproduce,
publish, sublicense, create derivative works from, transfer, or sell"
virtually any user-provided information. The company has since revised
its
policy to say these rights only apply to "feedback or suggestions to
Microsoft concerning the Passport Web Site or the Passport Service."
Hailstorm is not the only new Microsoft project that is sparking privacy
concerns. The software giant is also receiving criticism over its latest
version of Office (XP), which apparently includes expanded use of Smart
Tags. These bits of code, which can be attached to numerous types of
files
(such as spreadsheets, Word documents and so on) could also reportedly
be
used as a backdoor for fraudsters. Experts have also criticized
Microsoft's
embrace of Platform for Privacy Preferences (P3P) technology in its
latest
version of within Internet Explorer; the Electronic Privacy Information
Center (EPIC-a GILC member) described P3P as "a complex and confusing
protocol that will make it more difficult for Internet users to protect
their privacy." Meanwhile, scientists have discovered serious security
flaws
in both Internet Explorer and Outlook and as well as its Windows 2000
server
software, which Microsoft is looking to remedy with software patches.
For further details on the latest Microsoft security flaws, read Mark
Ward,
"Microsoft warns of 'serious' software hole," BBC News Online, May 2,
2001
at
http://news.bbc.co.uk/hi/english/sci/tech/newsid_1308000/1308267.stm
For more on Smart Tags, see John Lettice, "Smart tagging in Office
XP-what
Melissa did next?" The Register (UK), Apr. 6, 2001 at
http://www.theregister.co.uk/content/4/18160.html
For more on HailStorm, read Leslie Walker, "Gates's Bold New Persona:
Your
ID Manager," Washington Post, Mar. 29, 2001, Page E1 at
http://washingtonpost.com/ac2/wp-dyn/A9711-2001Mar29?language=printer
Further details on P3P's lukewarm reception, see Lisa M. Bowman,
"Privacy
experts rip IE cookie cutter," ZDNet News, Mar. 22, 2001 at
http://www.zdnet.com/zdnn/stories/news/0,4586,5080018,00.html
See also Leslie Walker, "Browser Aimed at Protecting Users' Privacy,"
Washington Post, Mar. 29, 2001, Page E4 at
http://washingtonpost.com/ac2/wp-dyn/A9146-2001Mar28?language=printer
For more on Microsoft Explorer & Outlook security flaws, read Michelle
Delio, "IE Hole Surrenders Your Computer," Wired News, Mar. 30, 2001 at
http://www.wired.com/news/technology/0,1282,42750,00.html
For more on Microsoft Passport user data leaks, see Stefanie Olsen,
"Privacy
terms revised for Microsoft Passport," CNet News, Apr. 4, 2001 at
http://news.cnet.com/news/0-1005-200-5508903.html
Further details on potential other Office XP flaws, are available from
John
Lettice, "'Universal' key claimed to disable MS Office XP security," The
Register (UK), Mar. 26, 2001 at
http://www.theregister.co.uk/content/4/17869.html
======================================================
[22] EBay pulls an Amazon, waters down privacy policy
======================================================
Should consumers put much faith in the privacy policies of e-tailers?
Many experts are suggesting the answer is no, after a recent decision by
EBay. The popular online auction site altered its privacy statement to
allow
the company to give out personal information about its users in a number
of
circumstances, including if the corporation was taken over by another
firm.
The move comes after online bookseller Amazon made a similar alteration
in
its privacy policy several months ago, allowing sensitive "customer
information" to be treated as merely "business assets" that could be
bought
or sold as the company continued to develop its business.
Not surprisingly, the change has yielded strong protests from privacy
advocates. Andrew Shen from the Electronic Privacy Information Center
(EPIC-a GILC member) noted that companies like EBay are able to carry
out
these practices because in part because regulators such as the United
States
Federal Trade Commission (FTC) not going far enough in protect personal
information. "This is the problem with the FTC only using its
prohibitions
against unfair and deceptive practices, instead of establishing a
privacy
standard."
The revised EBay policy becomes effective May 15, 2001.
Read Jeffrey Benner, "EBay Alters Privacy Policy," Wired News, Apr. 2,
2001
at
http://www.wired.com/news/business/0,1367,42778,00.html
See also David Berlind, "eBay, Yahoo's security snafus," Enterprise,
Apr. 5,
2001 at
http://www.zdnet.com/zdnn/stories/comment/0,5859,2705095,00.html
======================================================
[23] Biometric software faces privacy & technical woes
======================================================
Your computer may soon know who you are-just by the way you type.
That's the promise of a new product called BioPassword. When computer
users
login with this system, the program checks the inputted typing pattern
against archived "rhythm" samples, and will only grant access if there
is a
match. The software package allows "[c]onstant, automatic Password logon
monitoring, every time the computer is booted up or unlocked." In
addition,
system administrators can lock BioPassword users can be locked out of
their
systems and have individual computers shutdown, powered down or
rebooted.
While the software is being billed as a way to enhance security, it is
unclear whether its success rates are actually higher than current login
protection schemes-particularly in light of company literature telling
BioPassword users that they no longer need to change their passwords on
a
regular basis. Some of these concerns have been fueled by the problems
that
have plagued a similar product, BioID SOHO, which tends to get confused
between different people, particularly on systems that have less than 5
users. The manufacturer of BioPassword admits that "environmental
issues"
may have a significant effect on accuracy. Moreover, because these
devices
seem to allow precise tagging and monitoring of ordinary computer users,
there are fears that they will in fact have a detrimental impact on
Internet
privacy.
See Carlos A. Soto, "BioPassword Security Checks User's Typing Pattern,"
Washington Post, Apr. 5, 2001, page E4 at
http://washingtonpost.com/wp-dyn/articles/A41021-2001Apr4.html
The BioPassword homepage is located at
http://www.biopassword.com
======================================================
[24] EU panel questions Australian privacy laws
======================================================
Concerns over Australian privacy standards have started to take on
international dimensions.
The European Commission Data Protection Working Party (which is composed
of
Data Protection officials from Council of Europe member states) has
issued
an opinion criticizing a proposed Australian Privacy Amendment. Among
other
things, the panel noted "with concern that some sectors and activities
are
excluded from the protections of the Act," including employee personal
information and small businesses. The Party also pointed out vagaries in
the
language of the Amendment, which might allow data collected for one
purpose
to be used for new functions.
In response, Australia's Attorney General Daryl Williams accused the
European experts of "ignorance about Australia's law and practice and do
not
go to the substance of whether our law is fundamentally 'adequate' from
a
trading point of view. It seems that the prescriptive approach taken in
many
EU Member States is assumed to be the only acceptable way to go in many
areas of privacy protection." said that he did not accept the working
group's findings and feared placing "unnecessary burdens on business."
He
also announced that "officials from Australia and the EC will continue
to
talk in order to address these concerns to everyone's satisfaction.
However,
Australia will only look at options that do not impose unnecessary
burdens
on business."
To read the comments of the EU panel, click
http://europa.eu.int/comm/internal_market/en/media/dataprot/wpdocs/wp40e
n.ht
m
To read the response from Australian Attorney General Daryl Williams,
visit
http://law.gov.au/aghome/agnews/2001newsag/941_01.htm
======================================================
[25] DoubleClick suffers security breach
======================================================
Recent events have left many people wondering whether DoubleClick will
ever
do enough to protect online privacy.
Officials from the online advertising firm admitted that intruders had
invaded its systems. The attack was sufficiently serious that
DoubleClick
shutdown a few of its servers in order to help investigators track down
perpetrators. A spokesperson termed the incident "mischievous in nature"
but
claimed that the incident did not have "any serious impact to our
networks."
The breach came just as a Federal judge in the United States dismissed a
privacy lawsuit against DoubleClick. The suit revolved around company's
admission that it had been tracking viewers through the Internet by
placing
digital identification numbers in files known as "cookies" on a user's
hard
drive, which it matches with name and address information that has been
collected by its partners. Despite initial claims to the contrary,
DoubleClick planned to match this data with more extensive information
contained in millions of files maintained by its merger partner Abacus
Direct. DoubleClick put aside its data-matching plan after a storm of
public
criticism. Several consumers then took legal action against the company,
claiming that DoubleClick's cookie tracking scheme violated various
state
and Federal laws. It is not clear whether the plaintiffs will now appeal
the
dismissal.
See "DoubleClick: We've been hit," Reuters, Mar. 30, 2001 at
http://www.zdnet.com/zdnn/stories/news/0,4586,5080420,00.html
See also Michael Bartlett, "Attorney Fires Back At Judge In DoubleClick
Privacy Case," Newsbytes, Mar. 30, 2001 at
http://www.newsbytes.com/news/01/163925.html
======================================================
[26] German gov't searches Net music lovers' homes
======================================================
Watch out if you're downloading music off the Internet. The German
government may use force (both in person and through the network) to
stop
you.
German government agents recently invaded the homes of 103 people,
claiming
that they were trading online music files of "skinhead bands." As part
of
this sweep, police officers seized computers and discs while pressing
charges that could lead to 3-year prison sentences. Law enforcement
officials argued that they had the right to enter these private
residences
and that it was illegal for individuals to transfer these MP3 files over
the
Internet. These claims came despite the fact that it is legal under
German
law to listen to such materials.
In addition, German politicians are tacitly admitting their support for
plans to allow government agents to hack into private websites. German
Interior Minister Otto Schilly mentioned in a recent interview that
government agents may send voluminous amounts of email messages to
offending
webpages, in the hopes of disrupting their servers. A Schilly spokesman
later tried to justify such attacks by saying that many of the sites to
be
targeted sites "are put onto the Internet in foreign countries, so it's
very
difficult to use German law. We have to think about all the lawful
possibilities." No one from the German government has explained
precisely
what criteria would be used to determine which websites would be
targeted.
These statements have alarmed many members of the privacy community.
Andy
Mueller-Maguhn of the Chaos Computer Club (CCC-a GILC member) said he
expected government operatives "to say they won't do anything that is
outside of German law or the law of any other country." He further
warned
that any ideas of arbitrarily hacking private websites "is not
compatible
with being Minister of the Interior for any democratic government on the
planet. Of course there might be governments with that style. But
normally
that's not the behavior of a democratic state or country."
Read Adam Tanner, "Germany Cracks Down on Internet Nazi Music Trade,"
Reuters, Apr. 10, 2001 at
http://www.infowar.com/law/01/law_041001d_j.shtml
See also Steve Kettmann, "German Pol Backtracks on Hack," Wired News,
Apr.
10, 2001 at
http://www.wired.com/news/politics/0,1283,42961,00.html
For original story, see Frank Patalong, "Mit Hackermoden gegen
Neonazis,"
Der Spiegel, Apr. 6, 2001 at
http://www.spiegel.de/netzwelt/politik/0,1518,126921,00.html
For background information, see Thomas C. Greene, "German may strike
Nazi
sites with DoS attacks," The Register (UK), Apr. 9, 2001 at
http://www.theregister.co.uk/content/8/18200.html
==========================================================
[27] Privacy surveys reflect public unease
==========================================================
Recent studies suggest that people may not know precisely what threatens
their privacy online, but they don't like what they see...and those
threats
are becoming more prevalent.
In a report from the Pew Internet & American Life Project, the vast
majority
of respondents (62%) wanted stronger laws to protect against online
surveillance. Furthermore, two thirds of those surveyed did not
necessarily
trust the government to do the right thing when wiretapping the
Internet,
and nearly 80% of participants were worried about online fraud. However,
the
study also showed some confusion about specific programs that may curb
privacy, and that there is a need for further public education about the
subject. For example, only about 20% of respondents were aware of the
United
States government's Carnivore spyware system. Evan Hendricks of the
Privacy
Times commented that the "public's simply not aware of the power of
Carnivore and the likelihood it will be abused if it's run as the FBI
[U.S.
Federal Bureau of Investigations] proposes."
Meanwhile, a report from the American Management Association indicates
workplace surveillance is growing. According to the AMA's research,
about 4
out of 5 major companies intercept their worker's phone calls, email or
other Internet transmissions. This percentage rose dramatically in some
industries, particularly financial firms (such as banks), where over 92%
of
surveyed companies snoop on their employees. These latest figures
contrast
with numbers compiled just four years ago, when about 35% of the firms
participating in the study carried out these kinds of surveillance
activities.
For more on the AMA study, see Romy Ribitzky, "Corporate Snooping on
Rise,"
ABCNews.com (US), Apr. 18, 2001 at
http://abcnews.go.com/sections/business/DailyNews/snooping_010418.html
For further details regarding the Pew report, see Robert O'Harrow,
"Opinion
Split on Web Privacy," Washington Post, Apr. 3, 2001, page E12, at
http://washingtonpost.com/wp-dyn/articles/A28560-2001Apr2.html
==========================================================
[28] Sales problems for invasive CueCat, TiVo devices
==========================================================
Can privacy concerns hurt sales?
That's some people are wondering in light of the struggles faced by two
controversial Web products. One of them, CueCat, allows users to scan
special barcodes contained on print articles and advertisements, thus
triggering their computers into accessing websites for more information.
However, scientists discovered that CueCats include special
individualized
serial numbers that allow the tracking of computer users as they surf
the
Internet and the creation of highly detailed profiles regarding their
behavior. Indeed, the maker of CueCats, Digital Convergence, has
admitted
that it "is responsible for the creation and analysis of the largest
consumer database that provides the unique combination of Web tracking
with
all forms of media." Worse still, Digital Convergence suffered a
security
breach several months ago that revealed personal information files on
nearly
140 000 users, including such data as customer names, email addresses
and
postal codes.
Since these revelations, Digital Convergence has suffered serious
marketing
problems. While 3 million CueCats have been given to consumers, only
about
100 000 people have actually used them, and even those people tend not
to
swipe CueCats very often (averaging 6 hits per device). During the past
month, the company withdrew its plans to publicly offer stock, claiming
that
the market environment would be too hostile to such a move.
The other product, TiVo, is personal video recorder with Internet
connections that includes such features as allowing replays of
television
broadcasts within seconds and advanced programming options. However,
researchers have determined that the device collects detailed
information
about users' viewing habits and sends this data back to the manufacturer
through the Information Superhighway. While the manufacturer claims
that
these profiles were anonymized, a report from the Privacy Foundation
indicated that the data collected did in fact contain identifying
information (including the serial number of the individual user's
machine).
These revelations led several prominent United States Congressmen to
call
for a government investigation into possible trade violations.
Meanwhile,
while the number of subscribers continues the climb, the increases were
not
enough to dissuade the company from laying off nearly 25% of its workers
in
an effort to cut costs.
See Gwendolyn Mariano, "CueCats sent to the litter box," ZDNet News,
Mar.
29, 2001 at
http://www.zdnet.com/zdnn/stories/news/0,4586,5080362,00.html
The Privacy Foundation report on TiVo is posted under
http://www.privacyfoundation.org/privacywatch/report.asp?id=62&action=0
To read the Congressmen's letter on TiVo privacy concerns, click
http://www.house.gov/commerce_democrats/press/107ltr30.htm
For more on TiVo financial difficulties, read Richard Shim, "TiVo
revamps
business plan, sheds workers," CNet News, Apr. 5, 2001 at
http://news.cnet.com/news/0-1006-200-5520991.html
==================================================
[29] Digital hospital sparks privacy concerns
==================================================
Concerned about the privacy of your medical records? Would you feel any
better if they were all posted online?
HealthSouth is building a digital hospital that will have devices to
make it
easier to store such details in computerized form, including digitized
X-ray
machines, an internal wireless data transfer system and portable
computers
for every employee. All of this information will be added to fully
automated
electronic patient databases. HealthSouth CEO Richard Scrushy boasted:
"What
we're doing now is making a reality out of something that many people
have
talked about, but no one has attempted."
However, experts from both the medical and computer programming
community
have expressed reservations about whether sufficient steps have been
taken
to protect the privacy of these records. Dr. Henry Vitelle, a New York
obstetrician, worries that "With all of the stories we hear about how
this
website and that government computer system was hacked into, how can I
feel
good about putting my patients' medical records online? I don't feel
comfortable about having records somewhere that they could be tampered
with
by some joyriding hacker with no sense of the havoc he could cause."
These
fears are in part based on the protocol that will be used by HealthSouth
for
its internal wireless system-a protocol that has been described by at
least
one group as having "major security flaws."
Similar concerns are being aired over a recent proposal Down Under. The
Australian Practice Incentives Program has been altered so that the
Federal
government will pay medical practitioners to send patient data through
email. The plan is designed to entice medical professionals to make
greater
use of computing technology. However, the new standards apparently do
not
require doctors to protect this data (such as by using encryption)
against
possible interception. Prue Power from the Australian Medical
Association
argued that rather than pushing this privacy issue aside, "the Federal
Government ought to be very concerned that one of its programs would be
providing financial incentives for GPs to send clinical information in
an
insecure manner."
For more about Australian online health privacy concerns, read Karen
Dearne,
"Prescribing a privacy cure," Australian IT, May 1, 2001 at
http://australianit.news.com.au/common/storyPage/0,3811,1948560%5E501,00
.htm
l
See also Karen Dearne, "Doctors paid for 'insecure' emails," Australian
IT,
Apr. 17, 2001 at
http://australianit.news.com.au/common/storyPage/0,3811,1900441%5E442,00
.htm
l
For more on HealthSouth, read Michelle Delio, "How Secure Is Digital
Hospital?" Wired News, Mar. 28, 2001 at
http://www.wired.com/news/technology/0,1282,42656,00.html
==================================================
[30] Upcoming Japan privacy conferences
==================================================
Two meetings will be held in Tokyo this month to discuss emerging trends
in
the field of data privacy.
The first meeting, entitled "The Dark Side of IT Society," will take
place
on May 6 and will consist of two sessions. In the afternoon, several
experts
will give presentations on the recently enacted Japanese Wiretapping
Law,
Biometrics, IC cards and other High-tech privacy issues. Takao Saito,
the
author of "Privacy Crisis" will give the keynote speech on "Surveillance
Society and Privacy in Japan." The evening session will consist of panel
discussions between the presenters. The event is being organized by a
coalition of civil society groups, including Japanese Networkers against
Surveillance Taskforce (NaST-a GILC member), Privacy Action, the
Japanese
Consumer Union, and JCA-Net, among others.
The second meeting, scheduled for the evening of May 21, will explore
numerous emerging privacy issues, particularly the ramifications of
various
cybercrime proposals from around the world. This session will feature
several speakers, including Barry Steinhardt, Associate Director of the
American Civil Liberties Union (ACLU-a GILC member), and Toshimaru Ogura
from NaST.
For further information on the May 6 meeting, click
http://www.han-kanshi.net/010506flyer.html
For an English-language translation, see
http://www.han-kanshi.net/010506flyer_eng.html
or send email to
[log in to unmask]
Inquiries regarding the May 21 seminar should be sent to
[log in to unmask]
=========================================================
ABOUT THE GILC NEWS ALERT:
==========================================================
The GILC News Alert is the newsletter of the Global Internet Liberty
Campaign, an international coalition of organizations working to protect
and
enhance online civil liberties and human rights. Organizations are
invited
to join GILC by contacting us at
[log in to unmask]
To alert members about threats to cyber liberties, please contact
members
from your country or send a message to the general GILC address.
To submit information about upcoming events, new activist tools and news
stories, contact:
Christopher Chiu
GILC Coordinator
American Civil Liberties Union
125 Broad Street, 17th Floor
New York, New York 10004
USA
Or email:
[log in to unmask]
More information about GILC members and news is available at
http://www.gilc.org
You may re-print or redistribute the GILC NEWS ALERT freely.
To subscribe to the alert, please send e-mail to
[log in to unmask]
with the following message in the body:
subscribe gilc-announce
========================================================
PUBLICATION OF THIS NEWSLETTER IS MADE POSSIBLE BY A
GRANT FROM THE OPEN SOCIETY INSTITUTE (OSI)
========================================================
************************************************************************************
Distributed through Cyber-Society-Live [CSL]: CSL is a moderated discussion
list made up of people who are interested in the interdisciplinary academic
study of Cyber Society in all its manifestations.To join the list please visit:
http://www.jiscmail.ac.uk/lists/cyber-society-live.html
*************************************************************************************
|
