From: Chris Chiu [mailto:[log in to unmask]]
Sent: 07 May 2004 17:08
To: Gilc-Announce (E-mail)
Subject: [Gilc-announce] GILC Alert


GILC Alert
Volume 8, Issue 4
7 May 2004

Welcome to the Global Internet Liberty Campaign Newsletter.

Welcome to GILC Alert, the newsletter of the Global Internet Liberty
Campaign. We are an international organization of groups working for
cyber-liberties, who are determined to preserve civil liberties and human
rights on the Internet.
We hope you find this newsletter interesting, and we very much hope that you
will avail yourselves of the action items in future issues.
If you are a part of an organization that would be interested in joining
GILC, please contact us at <[log in to unmask]>.
If you are aware of threats to cyber-liberties that we may not know about,
please contact the GILC members in your country, or contact GILC as a whole.

Please feel free to redistribute this newsletter to appropriate forums.

===============================================
Free expression
[1] Jailed Vietnamese Net dissident on hunger strike
[2] Controversial French digital economy bill in final phases
[3] Shanghai cybercafe users face further restrictions
[4] Net journalists detained in the Maldives
[5] RIAA launches a further round of file-sharer lawsuits
[6] Vietnam website blocking broader than previously thought
[7] New Canadian copyright proposal might stifle Net speech
[8] Google feature blocks many non-controversial websites
[9] Japanese gov't plans crippling of digital TV
[10] North Korean protestors start Internet radio service
[11] New joint initiative to defend cyberliberties

Privacy
[12] European Union considers new data retention plan
[13] Continued controversy over Google Gmail privacy flaws
[14] Spyware problems may lead more U.S. legislation
[15] Debate over U.S. spy-friendly Net tapping rules heats up
[16] Microsoft belatedly releases several new security patches
[17] Serious security flaw in vital Internet protocol system
[18] Studies indicate Internet privacy awareness lags
[19] U.S. Big Brother Awards for 2004 handed out
[20] EFF Pioneer Awards winners announced

===================================================================
[1] Jailed Vietnamese Net dissident on hunger strike
===================================================================
A Vietnamese journalist has started a hunger strike to protest his continued
detainment in connection with his online speech activities.

Nguyen Vu Binh had, among other things, written a number of articles
regarding political and economic reforms in the Southeast Asian nation,
including "Thoughts on the Sino-Vietnamese border agreements"-an essay that
savaged a 5 year old treaty between China and Vietnam. He was then arrested,
convicted of espionage and sentenced to seven years in jail, plus three
years of house arrest. Earlier this week, an appeals panel held a hearing
that lasted less than two hours and confirmed the earlier sentence. Upon
hearing the appeals verdict, Vu Binh roared: "To me, either freedom or
death. If the authorities won't release me, I will start my hunger strike
now." He began his hunger strike shortly after the judicial proceedings
ended. He remains behind bars in a prison located in the capital, Hanoi; few
details are available as to his current condition.

Not surprisingly, a number of free speech groups have criticized the
Vietnamese government in connection with these developments. In a statement,
Reporters Sans Frontieres (RSF-a GILC member) disparaged "this abusive use
of a charge of espionage. What connection can there be between posting
articles on the Internet, campaigning for human rights and espionage? This
conviction reminds us that freedom of expression is constantly trampled
underfoot in Vietnam, on the Internet as in other media." The Committee to
Protect Journalists (CPJ-a GILC member) has expressed similar sentiments.

For further information, visit the CPJ website at
http://www.cpj.org/news/2004/Vietnam06may04na.html

See also the RSF website under
http://www.rsf.org/article.php3?id_article=10293

===================================================================
[2] Controversial French digital economy bill in final phases
===================================================================
French legislators may soon give final approval to a proposal that critics
say could have a detrimental impact on cyberliberties.

The French digital economy bill (known as le projet de loi sur la confiance
dans l'iconomie numirique or LEN), which is supposed to help France comply
with a June 2000 European Union (EU) directive, includes language that would
make Internet service providers liable for content on websites that they
host. Among other things, they would have to "act promptly" to take down
material "after becoming aware of their unlawful nature" or face legal
retribution-a process that currently requires judicial approval. The bill
also essentially eliminates the doctrine that email should be treated as
"private correspondence," creating the possibility that such messages could
be intercepted more easily by third parties. Over the past several months,
the French National Assembly and Senate have each adopted versions of the
bill. Earlier this week, the Assembly approved a revised draft that resolves
the differences between the two versions; a Senate vote on this revised
version is expected to !
take place next week (13 May).

Many groups remain staunchly opposed to the bill. Reporters Sans Frontieres
(RSF-a GILC member), along with several other organizations, has requested
meetings with top French government ministers to voice their concerns about
LEN. In a letter to Nicolas Sarkozy, the French Minister of Economy, Finance
and Industry, the organizations noted that, despite various amendments, "the
main problem posed by this bill is unchanged. It makes Internet hosts
responsible for censoring web content in the absence of any judicial role."
Opposing this provision as well as three others in the draft law, Imaginons
un Reseau Internet Solidaire (IRIS-a GILC member), in a joint action with
the French Human Rights League (LDH), filed papers (including a detailed
brief) asking the French parliamentary opposition to submit the proposal to
the French Constitutional Council for further review. These demands were
buttressed by a strong anti-LEN petition drive launched by the two groups
that has garnere!
d over 13 000 individual and 260 organizational signatories. In response to
these efforts, Socialist members of parliament announced on 6 May that they
would indeed forward the proposal on to the Council.

To read an IRIS and LDH joint open letter to the Socialists regarding LEN,
click
http://www.ldh-france.org/actu_derniereheure.cfm?idactu=822

For further information, see
http://www.iris.sgdg.org/actions/len/

Visit the RSF website at
http://www.rsf.org/article.php3?id_article=9751

See also
http://www.droit-technologie.org/1_2.asp?actu_id=917

Read Estelle Dumout, "L'Assemblee nationale valide le texte de compromis sur
la LCEN," ZDNet France, 6 May 2004 at
http://zdnet.fr/actualites/internet/0,39020774,39151706,00.htm

===================================================================
[3] Shanghai cybercafe users face further restrictions
===================================================================
Internet users in Shanghai will soon have to overcome still more hurdles in
order to go online.

For years, people who wished to use cybercafes in China's largest city have
had to face numerous constraints, including software that blocked access to
various websites deemed taboo by Chinese authorities. Now Shanghai
government officials have started implementing further restrictions. Among
other things, special software is being installed on Shanghai cybercafe
computers that requires customers to provide their identity numbers (or
passport numbers, if they are foreigners) when they login. The software also
will notify the authorities if a given user visits certain places on the
Information Superhighway that are banned by the government, such as websites
that provide information about the banned Falun Gong spiritual movement.
Finally, state officials have placed surveillance cameras in Internet cafes,
presumably to help officials track down and arrest violators. The Shanghai
rollout of this scheme is meant as a test that, depending on the results,
could lead to implementat!
ion of similar controls in communities all across the Land of the Dragon.

These developments came as public concern continues to mount over the plight
of a noted Chinese Internet dissident. Yang Jianli, the editor of
ChinaEWeekly.com, was arrested two years ago while conducting an
investigation of worker strikes in the northeastern part of the country. He
remains in detention despite the fact that has yet to be convicted (much
less sentenced) for any crime. Reports indicate he has been placed in
solitary confinement, denied access to a lawyer, and been handcuffed for
weeks at a time.

These and other efforts by Chinese government agents to censor criticism
have led to an astonishingly sharp rebuke from a noted scholar. Jiao
Guobiao, a Beijing University journalism professor, lashed out at Chinese
government censors in an essay that has been widely circulated via the
Information Superhighway. Among other things, he called censorship orders by
Chinese officials "totally groundless, absolutely arbitrary, at odds with
the basic standards of civilisation, and as counter to scientific common
sense as witches and wizardry. They take money from the parties referred to
in reports. They distort the media's sense of right and wrong and justice.
They are killing the constitution." Not surprisingly, Chinese authorities
have now banned the essay.

Read "China's censorship machine endures," Taipei Times, 4 May 2004 at
http://www.asiamedia.ucla.edu/article.asp?parentid=10890

See Jonathan Watts, "Chinese professor attacks state censors," The Guardian
(UK), 4 May 2004 at
http://www.guardian.co.uk/china/story/0,7369,1208925,00.html

For more on the Yang Jianli case, visit the Reporters Sans Frontieres (RSF-a
GILC member) website at
http://www.rsf.org/article.php3?id_article=9937

Read Bill Savadove, "New system to monitor Net surfing," South China Morning
Post, 29 April 2004 at
http://www.asiamedia.ucla.edu/article.asp?parentid=10742

See "Shanghai cameras spy on web users," BBC News Online, 22 April 2004 at
http://news.bbc.co.uk/1/hi/world/asia-pacific/3648813.stm

See also "Shanghai cracks down on internet cafes," Associated Press, 22
April 2004 at
http://www.guardian.co.uk/online/news/0,12597,1200862,00.html

===================================================================
[4] Net journalists detained in the Maldives
===================================================================
Freedom of expression advocates have expressed concern over the continued
detention of three people who were involved with producing an online
newspaper.

Ahmed Didi, Ibrahim Luthfee and Mohamed Zaki founded and worked on
Sandhaanu, an independent online publication in the Maldives that included
criticism of the government regarding various political issues. They were
arrested along with their secretary, Fathimath Nisreen, nearly two years ago
and charged with treason, defamation, and incitement to violence. In a three
day trial, and after their requests for legal representation were denied,
they were convicted of defamation; Didi, Luthfee, and Zaki were sentenced to
life imprisonment and one year of banishment, while Nisreen received a
10-year prison sentence plus one year of banishment. Luthfee escaped in May
2003, but the others remain behind bars. Though President Maumoon Abdul
Gayoom reduced their sentences as part of a prison reform measure, reports
indicate their conditions remain dire. Didi and Zaki have placed in solitary
confinement, and the authorities have rejected pleas from doctors for Didi's
early release in ord!
er to undergo much-needed heart bypass surgery. While Nisreen was
technically released from prison last December, she has since been confined
to Feeali Island, which is just south of the South Asian nation's capital,
Male.

Free speech groups have deplored the situation. In a letter to the country's
president, Maumoon Abdul Gayoom, the Committee to Protect Journalists (CPJ-a
GILC member) condemned the continued detention of the three journalists and
called for their immediate release. Among other things, CPJ questioned the
legality of the government's actions, noting that "the Maldives'
constitution protects its citizens' right to 'express his conscience and
thoughts orally or in writing or by other means.'"

To read the CPJ letter, click
http://www.cpj.org/protests/04ltrs/Maldives28apr04pl.html



===================================================================
[5] RIAA launches a further round of file-sharer lawsuits
===================================================================
A major recording industry trade group has sued still more Internet users
over their alleged file-sharing activities.

The Recording Industry Association of America (RIAA) has launched yet
another wave of lawsuits against Internet users who it claims have engaged
in copyright infringement by sharing music files online. As with previous
waves, the RIAA mentioned its targets by their supposed IP addresses, and is
trying to discover the true identities of the people it sued. In total, the
Association has sued 2454 alleged file-sharers in the U.S. over the past
year. The RIAA's efforts have encountered staunch opposition from various
groups, including GILC members the American Civil Liberties Union and EFF as
well as Public Citizen. Responding to this latest round of legal battles,
Fred von Lohmann from the Electronic Frontier Foundation (EFF-a GILC member)
chided the RIAA, saying: "The lawsuits against students and individuals are
not working and we hope the record industry will come to its senses and
arrive at a new strategy."

In addition, several entertainment companies have developed a new spy system
to hunt down people who share copyrighted files along the Information
Superhighway. The Automatic Copyright Notice System (ACNS) is installed by
Internet service providers and is supposed to automatically cut off online
access to alleged file-sharers. ACNS apparently also sends notices of
ostensibly illegal behavior to targeted individuals and can keep the access
restrictions in place until those individuals delete various downloaded
files. The University of California at Los Angeles is currently testing ACNS
on its computers. EFF's von Lohmann questioned whether the system will
actually be effective: "Whether it's an opening gambit for the recording
industry to try to tell universities how to design their computer systems,
we'll have to wait and see. The trouble I have with this, there will be
countermeasures, and who is going to absorb costs to constantly modify this
system to make it work? Do uni!
versities really want to be drawn into the arms race?"

See "US sues 477 more 'song-swappers,'" BBC News Online, 29 April 2004 at
http://news.bbc.co.uk/1/hi/entertainment/music/3668989.stm

Read "RIAA Sues 477 More People," Associated Press, 28 April 2004 at
http://wired.com/news/print/0,1294,63263,00.html

See also John Borland, "RIAA files new round of file-swapping suits," CNET
News, 28 April 2004 at
http://zdnet.com.com/2100-1104-5201637.html

Read "UCLA becomes Hollywood enforcer," P2Pnet.net News, 29 April 2004 at
http://p2pnet.net/story/1327

See Stefanie Olsen, "Hollywood's new lesson for campus file swappers," CNET
News, 19 April 2004 at
http://news.com.com/2102-1027_3-5194341.html

===================================================================
[6] Vietnam website blocking broader than previously thought
===================================================================
Free speech groups are expressing alarm over the extent to which the
Vietnamese government censors online materials, based on new research.

For years, Vietnamese authorities have blocked their citizens from accessing
various parts of cyberspace, especially online materials regarding political
speech or human rights. Last week, investigators from the OpenNet Institute
(see item [11] below) found that this blocking system was far more extensive
than previously thought. For example, the list of affected webpages includes
the website of the International Freedom of Expression Exchange, which is
managed by Canadian Journalists for Free Expression (CJFE-a GILC member) and
includes an extensive collection of materials regarding free speech issues,
including online censorship.

Ironically, these revelations came around the time of World Press Freedom
Day, which took place on 3 May. CJFE Chair Arnold Amber complained: "While
much of the world is celebrating the importance of free expression, Internet
users in Vietnam can't find out what's going on outside their borders
because of government filtering. ... CJFE urges the Vietnamese authorities
to remove their filters immediately."

Additional information is available via
http://ifex.org/en/content/view/full/58616/?PHPSESSID=f7296c07af4c0ca528b03c
4332d9eeda

===================================================================
[7] New Canadian copyright proposal might stifle Net speech
===================================================================
Free speech experts are worried about a legislative effort to abrogate a
Canadian court decision that upheld the legality of sharing music files via
the Internet.

The Canadian Heritage and Industry Ministries will soon meet to draft an
amendment to the country's copyright act that would make file sharing
illegal. The amendment is a response to a recent decision by Canadian judge
Konrad von Finckenstein, who rejected a Canadian Recording Industry
Association (CRIA) request to identify 29 Internet users who it claimed had
engaged in illegal sharing of copyrighted files. Von Finckenstein instead
held that "[d]ownloading a song for personal use does not amount to
infringement." The draft amendment may come very soon; Heritage Minister
Helene Scherrer has stated that her agency "will make it a priority so it is
done as quickly as possible."

Not surprisingly, freedom of expression advocates deplored the prospect of a
new anti-file sharing bill. Howard Knopf of the Canadian Internet Policy and
Public Internet Clinic severely criticized the Minister Scherrer's stance:
"It strikes me that the minister's first job is to defend the interests of
the public and not the music industry. It's a multibillion-dollar industry
and hardly needs assistance."

See Keith Damsell, "Minister vows to fight music file swapping," The Globe
and Mail (CA), 13 April 2004, page B5 at
http://www.theglobeandmail.com/servlet/ArticleNews/TPStory/LAC/20040413/RMUS
I13/TPBusiness/Canadian

To read the text of the Canadian court decision (in PDF format), click
http://www.fct-cf.gc.ca/bulletins/whatsnew/T-292-04.pdf

===================================================================
[8] Google feature blocks many non-controversial websites
===================================================================
A special feature provided world's most popular Internet search engine is
apparently preventing users from reaching many non-controversial webpages.

A CNET News investigation has revealed that Google's SafeSearch program has
a tendency to block access to websites whose addresses contain certain
strings of characters (such as "sex") without regard to context. One example
is PartsExpress.com, which sells spare parts for electronic audiovisual
equipment. Another victim of SafeSearch's blocking is
ALittleGirlsBoutique.com, an e-tailer that markets children's clothing,
hats, shoes and accessories. These mistakes come despite Google's assertions
that SafeSearch only denies access to websites "containing pornography and
explicit sexual content." Indeed, when asked about this issue, Matt Cutts,
who developed SafeSearch, admitted that the program does not check the
context of the affected websites and that it tends censor out innocent
websites.

Cyberliberties experts were not surprised by this research, noting that the
problems posed by Internet blocking software have been known for years.
Karen Schneider, the proprietor of the Librarian's Index to the Internet,
called SafeSearch "certainly evocative of the very primitive
CyberSitter-type tools of the mid-1990s." Representatives from several of
the blocked sites have complained about Google's techniques; Gareth Roelofse
from RomansInSussex.co.uk noted that this censor system has been "a
challenge" to his organization "because its target audience is school
children."

Read Declan McCullagh, "Google's chastity belt too tight," CNET News, 23
April 2004 at
http://news.com.com/2102-1032_3-5198125.html

===================================================================
[9] Japanese gov't plans crippling of digital TV
===================================================================
Several prominent Japanese media groups have decided to adopt a new system
that may restrict the right of consumers to enjoy digital television
broadcasts and the Information Superhighway.

The Japanese National Association of Commercial Broadcasters as well as
Japanese state television (NHK) have begun implementing measures to prevent
people from making copies of digitally televised programs. Under this
scheme, special copy-protection signals will be mixed into digital
television transmissions. Consumers will have to pick up special B-CAS
decoder cards and insert them into their respective television sets in order
to watch digital TV programs. The system will be applied programs broadcast
via terrestrial channels as well as satellite signals.

These moves have already generated a flood of consumer complaints. At least
20 000 people have called their broadcasters about the scheme; about 25% of
these callers have reported that they have lost their B-CAS cards. A number
of consumer electronics companies are also grumbling about the copy
protection system, which they fear will lead to reduced sales. Moreover,
questions remain as to whether the system will have a detrimental impact on
digital free speech.

See "NHK, TV broadcasters to block digital copying," Japan Times, 2 April
2004 at
http://www.asiamedia.ucla.edu/article.asp?parentid=9738

Read "TV broadcasters to enhance digital program copy control," Japan Today,
1 April 2004 at
http://www.japantoday.com/e/?content=news&cat=4&id=293524

===================================================================
[10] North Korean protestors start Internet radio service
===================================================================
Several people who have defected from North Korea have begun an online radio
service to agitate for democracy in their former homeland.

Free North Korea Broadcasting was created by 20 North Korean exiles. Its
daily broadcasts are available via the Information Superhighway and include
a variety of programs, including open discussions of human rights issues in
the East Asian nation, political dialogues and stories about refugees'
experiences. The group's president and chief writer, Kim Sung-min,
explained: "Our program aims to help North Koreans know better about their
actual situation and to let the rest of world know about the reality of the
North Korean government. [Our aim is also] to finally lead the nation to
become a democratic nation like South Korea." However, there are concerns as
to whether the target audience will actually be able to listen to these
broadcasts, since only a handful of North Koreans have Internet access.

The Free North Korea Broadcasting website is located at
http://www.freenk.net

See Kim Tae-jong, "'Radio Free North Korea' Aims to Promote Democracy in
North," Korea Times, 25 April 2004 at
http://times.hankooki.com/lpage/nation/200404/kt2004042517271144430.htm

See also "NK defectors launch Internet radio," Korea Times, 20 April 2004 at
http://www.asiamedia.ucla.edu/article.asp?parentid=10469

===================================================================
[11] New joint initiative to defend cyberliberties
===================================================================
A recently launched initiative may help protect civil liberties online.

OpenNet Initiative (ONI) is a collaborate effort by three different academic
institutions: the Advanced Network Research Group at Cambridge University,
Harvard University's Berkman Center for Internet & Society and Citizen Lab,
which is based at the University of Toronto. As explained by one
participant, ONI is meant to "fuse cutting-edge intelligence-derived
techniques with a networked model of analysis that includes some of the
brightest minds in this field - we are striving to become the eyes and ears
on digital censorship worldwide." ONI is currently in the process of doing
several research projects, including case studies on Internet free speech
restrictions as well as techniques to circumvent such restrictions.

The official ONI website is located at
http://www.opennetinitiative.net/

See Clark Boyd, "'Net ninjas' take on web censorship," BBC News Online, 18
April 2004 at
http://news.bbc.co.uk/1/hi/technology/3632757.stm

===================================================================
[12] European Union considers new data retention plan
===================================================================
Privacy experts have voiced concern over a proposal submitted to the
European Union that would require the retention of customer communications
data.

The United Kingdom, France, Ireland and Sweden are urging the European Union
(EU) to adopt a Draft Framework Decision on this issue. If implemented,
telecommunications companies would have to keep customer traffic and
location data for 1-3 years (or even longer depending "upon national
criteria") and allow law enforcement agents to access this data. The draft
is written broadly to include data generated by a number of different
systems, such as communications carried through "Internet Protocols
including Email, Voice over Internet Protocols, world wide web, file
transfer protocols, network transfer protocols, hyper text transfer
protocols, voice over broadband and subsets of Internet Protocols numbers -
network address translation data." The plan also includes language that
covers other technologies such as "Short Message Services, Electronic Media
Services and Multi Media Messaging Services" as well as "[f]uture
technological developments that facilitate the transmission of!
 communications." Signatories would have to comply with the Framework
Decision "within two years following the date of adoption."

The draft has already drawn criticism from cyberliberties groups. Ben Hayes
from Statewatch (a GILC member) suggested that the proposal was deeply
misguided: "What is needed is good intelligence on specific threats, rather
than mass surveillance of everyone, generating more data than can usefully
be analyzed. ... This proposal is disproportionate, unnecessary and has no
place in a democracy."

The Draft Framework Decision is available (in PDF format) at
http://register.consilium.eu.int/pdf/en/04/st08/st08958.en04.pdf

A Statewatch analysis of the Draft Framework Decision is posted under
http://www.statewatch.org/news/2004/apr/21dataretention.htm

===================================================================
[13] Continued controversy over Google Gmail privacy flaws
===================================================================
Concern continues to grow over the privacy implications of a
recently-launched webmail service.

Gmail is provided by Internet search engine giant Google. Among other
things, as described in the official Gmail privacy policy, Google computers
automatically scan through emails sent or received by Gmail customers, then
uses the collected information to serve text ads or other "related
information in Google's extensive database. ... Advertisers receive a
record of the total number of impressions and clicks for each ad." Moreover,
under the terms of this policy, Google may send information regarding "other
Google services" to Gmail users, and those customers "will not be given the
opportunity to opt-out of receiving" such messages. The policy also mentions
that "residual copies of email may remain on our systems, even after you
have deleted them from your mailbox or after the termination of your
account."

The rollout of Gmail prompted a firestorm of criticism from privacy
advocates. In a Freedom of Information Act (FOIA) request, the Electronic
Privacy Information Center (EPIC-a GILC member) compared Gmail's scanning
abilities to the much-maligned United States government Total Information
Awareness program as well as the Internet spy tool developed by the U.S.
Federal Bureau of Investigations (FBI) previously known as Carnivore. EPIC,
along with the Privacy Rights Clearinghouse and World Privacy Forum, also
sent a letter to California state attorney general Bill Lockyer charging
that Gmail may violate local wiretapping laws. Privacy International (a GILC
member) has filed a slew of complaints on this subject with government
regulators in 16 countries as well as the European Commission and the
European Union (EU) Article 29 Data Protection Working Group.

In the meantime, a local legislator in the United States has introduced a
bill designed to protect the privacy of webmail users. Sponsored by
California state senator Liz Figueroa, the proposal generally bars providers
of "e-mail or instant messaging services to California customers" from
reviewing, examining, or otherwise evaluating "the content of a customer's
outgoing or incoming e-mail or instant messages." The bill contains several
exceptions, such as (1) instances where the relevant "subscriber has
consented" to such scanning, (2) court orders or (3) filtration of
"unsolicited e-mail for removing spam or for managing computer viruses or
other malicious programs."

The EPIC Gmail FOIA request is posted under
http://www.epic.org/privacy/gmail/foirequest.html

The letter to Bill Lockyer is available at
http://www.epic.org/privacy/gmail/agltr5.3.04.html

See also "Google denies FBI interest in Gmail," CNET News, 30 April 2004 at
http://news.zdnet.co.uk/business/0,39020645,39153367,00.htm

To read the text of the bill, click
http://www.leginfo.ca.gov/pub/bill/sen/sb_1801-1850/sb_1822_bill_20040420_am
ended_sen.html

Privacy International's Gmail complaint is available (in PDF format) under
http://www.privacyinternational.org/issues/internet/gmail-complaint.pdf

See "Google's Gmail could be blocked," BBC News, 13 April 2004 at
http://news.bbc.co.uk/1/hi/business/3621169.stm

===================================================================
[14] Spyware problems may lead more U.S. legislation
===================================================================
During a recent hearing, Federal lawmakers in the United States signaled
that they are willing pass anti-spyware legislation that might protect
Internet privacy.

This concern centers on advertising utilities that are often surreptitiously
bundled with other downloaded computer programs and can be installed with
little notice to the user, particularly if the given machine's web browser
uses low security settings. Once installed, these programs track users'
Internet surfing habits and display advertisements based on this
information. For example, one of these programs, Gator, watches the terms
people enter into the Google search engine and serves up ads pursuant to
those terms. Gator also targets specific host names and even federal
government websites for advertising opportunities. Recent studies as well as
a workshop hosted by the U.S. Federal Trade Commission (FTC) have revealed
that spyware has become increasingly common. For example, a spokesperson
from Internet security firm MacAfee mentioned at the workshop that his
company had detected more than 14 million spyware programs by March 2004, up
from nearly 2 million last August.

Mounting public concern about these programs led a committee of the U.S.
House of Representatives to hold a hearing on the subject. During the
session, many members of Congress rejected arguments industry leaders and
the FTC to go slow on anti-spyware proposals. Representative Jay Inslee, who
has introduced a bill to ban spyware, said the FTC's stance was "absolutely
astounding ... when we have hundreds of thousands of violations every day."
Indeed, committee chairman Joe Barton chided one FTC official by calling him
"the only person in this country that wants spyware on their computer." In
addition to Inslee's proposal, there are at least two other anti-spyware
bills that have submitted to Congress and a brand new state anti-spyware law
in Utah.

Read Matthew Daly, "House probes spyware/computer software to collect
personal data," Associated Press, 29 April 2004 at
http://www.sfgate.com/cgi-bin/article.cgi?f=/news/archive/2004/04/29/financi
al1736EDT0363.DTL

See also Declan McCullagh, "FTC officials blast spyware measures," CNET
News, 29 April 2004 at
http://news.com.com/2100-1023_3-5202016.html

Read "Spying software watches you work," BBC News Online, 29 April 2004 at
http://news.bbc.co.uk/1/hi/technology/3669213.stm

See "PCs 'infested' with spy programs," BBC News Online, 16 April 2004 at
http://news.bbc.co.uk/1/hi/technology/3633167.stm

See also Declan McCullagh, "Few solutions pop up at FTC adware workshop,"
CNET News, 19 April 2004 at
http://news.com.com/2100-1028_3-5195222.html

For further information in German (Deutsch), see "Studie: Spyware ist stark
verbreitet," Heise Online, 16 April 2004 at
http://www.heise.de/newsticker/meldung/46576

Chinese-language coverage is available via
http://www.cyberbees.org/blog/archives/003414.html

===================================================================
[15] Debate over U.S. spy-friendly Net tapping rules heats up
===================================================================
A wide range of groups have called on the United States government not to
implement new standards to make it easier to spy on broadband networks as
well as phone calls made over the Internet.

These groups have responded to a recent petition by the U.S. Federal Bureau
of Investigations (FBI), the U.S. Department of Justice (DOJ) and the U.S.
Drug Enforcement Administration (DEA) to the Federal Communications
Commission (FCC). In that joint petition, the FBI, DOJ and DEA urged the FCC
to rule that the Communications Assistance for Law Enforcement Act (CALEA)
applies to broadband networks as well as phone calls made via the
Information Superhighway (including those made using the Voice over IP
protocol). CALEA generally requires telecom firms to build surveillance
capabilities into their networks, but exempts information services, most
notably the Internet. Nevertheless, the FBI, DOJ and DEA called on the
Commission "to promulgate general rules that provide for the establishment
of benchmarks and deadlines for CALEA compliance with future CALEA-covered
technologies and services that are comparable to those requested [in the
current petition] for CALEA packet-mode co!
mpliance." If the FCC were to agree to the petitioners' wishes,
telecommunications companies would essentially have to build spyware into
broadband Internet systems as well as broadband telephony networks.

Many groups, especially cyberliberties organizations, have expressed serious
concern over these developments. In comments filed with the FCC, the
Electronic Privacy Information Center (EPIC-a GILC member) said it opposed
the DOJ petition "on the ground that it impermissibly seeks to extend the
narrow, legislatively authorized reach of CALEA from telecommunications
providers to Voice over IP ... services and broadband Internet Service
Providers ... . Any such expansion of CALEA's reach, should it be deemed
necessary, must be effectuated by Congress-not the Commission-particularly
in light of the unique privacy issues that arise when surveillance
capabilities are mandated for packet-mode communications. Further, DOJ has
not demonstrated that the existing CALEA regime is in any way inadequate to
address its needs." Similar concerns were expressed by a number of other
GILC member organizations, including the Electronic Frontier Foundation, the
American Civil Liberties Union and !
the Center for Democracy and Technology.

For a complete archive of comments filed with the FCC, click
http://gullfoss2.fcc.gov/cgi-bin/websql/prod/ecfs/comsrch_v2.hts?ws_mode=ret
rieve_list&id_proceeding=RM-10865

Read Ben Charny, "Feds asked to hang up on FBI's wiretap proposal," CNET
News, 13 April 2004 at
http://news.com.com/2102-1034_3-5190685.html

See also Ben Charny, "Pushing to wiretap 'push to talk,'" CNET News, 15
April 2004 at
http://news.com.com/2102-1039_3-5192653.html

 ========================================================================
[16] Microsoft belatedly releases several new security patches
 ========================================================================
Microsoft has finally released fixes for 20 security flaws in several of its
products, just before a new computer bug that took advantage of these holes
made its appearance.

The software giant made available 4 patches to cover the flaws. Taken
together, the problems could have allowed attackers to not only take over
victims' machines, but also spread worms (such as MSBlast) to other
computers via the Internet. The list of programs affected by these flaws
read like a laundry list of Microsoft products, including Windows 2003,
Windows XP, Windows NT, Internet Explorer, Outlook and Outlook Express. Some
of these problems had apparently been reported to Microsoft months ago, but
the company held off releasing the fixes until recently, claiming that its
guarded approach would be more convenient for consumers.

However, the incident, along with several similarly slow security patch
rollouts over the past year or so, has provoked continued criticism over
Microsoft's apparently lax efforts to protect its users' personal
information. Marc Maiffret from eEye Digital Security (which discovered a
number of the problems that were the subject of the patches) warned: "These
releases confirm a trend that has been happening with Microsoft security
lately--that they are willing to leave customers vulnerable for long periods
of time, all in order to try to bundle security fixes, which leads to the
(impression) of having less vulnerabilities. This is completely
unacceptable."

Indeed, shortly after Microsoft's release of the patches, a new Sasser
computer bug that exploits one of the aforementioned security problems hit
numerous machines around the world. Sasser is spread via the Internet but
does not require users to click an email attachment, as commonly happens
with many other computer bugs. Among the organizations severely affected by
Sasser were the Taiwanese postal service, Australian Railcorp trains, the
British Coastguard, Goldman Sachs, British Airways and Deutsche Post, as
well as several Hong Kong government agencies.

Read "Sasser Net worm set for long life," BBC News Online, 6 May 2004 at
http://news.bbc.co.uk/1/hi/technology/3689561.stm

See Robert Lemos, "Sasser keeps squirming into homes, businesses," CNET
News, 4 May 2004 at
http://news.com.com/2102-7349_3-5205815.html

See also "Hunt is on for Sasser worm writer," BBC News, 5 May 2004 at
http://news.bbc.co.uk/1/hi/technology/3687583.stm

For press coverage in Spanish (Espanol), see "Intentan frenar al virus
Sasser, que afecta a millones de usuarios," Clarin.com, 3 May 2004 at
http://www.clarin.com/diario/2004/05/03/um/m-752943.htm

Read Robert Lemos, "Microsoft warns of a score of security holes," CNET
News, 13 April 2004 at
http://news.com.com/2102-7349_3-5190818.html

See "4 New Microsoft Security Patches," Associated Press, 13 April 2004 at
http://www.cbsnews.com/stories/2004/04/02/tech/main609982.shtml

See also Ina Fried, "Microsoft shuffles execs to combat security flaws,"
CNET News, 12 April 2004 at
http://news.com.com/2102-1009_3-5190183.html

===================================================================
[17] Serious security flaw in vital Internet protocol system
===================================================================
Agencies on both sides of the Atlantic have issued warnings regarding a
security flaw in an important Internet protocol.

The British National Infrastructure Security Coordination Centre and the
United States Computer Emergency Readiness Team (CERT) have issued warnings
over a security hole in the Transmission Control Protocol (TCP), a
fundamental communications protocol that underpins the Internet. The hole
would allow an attacker to guess the identifiers that are placed on Internet
data packets with greater ease than previously thought possible. Using this
knowledge, an attacker could thereby tamper with the packets and cause
targeted machines to go offline or otherwise cause system outages. It is
unclear when the problem first appeared; for example, one expert has pointed
to evidence suggesting that the flaw may have been around since 1996.
Although there are no reports that anyone has tried to exploit this problem,
numerous Internet service providers have taken precautionary measures.

The CERT warning is posted under
http://www.us-cert.gov/cas/techalerts/TA04-111A.html

Read Michael Kanellos, "Exploit found for Net flaw, but risks remote," CNET
News, 22 April 2004 at
http://news.com.com/2102-7355_3-5198103.html

See "Hackable bug found in net's heart," BBC News Online, 21 April 2004 at
http://news.bbc.co.uk/1/hi/technology/3646223.stm

Read "Flaw Could Cripple Entire Net," Associated Press, 20 April 2004 at
http://www.wired.com/news/technology/0,1282,63143,00.html

See Sam Varghese, "TCP flaw reporting over the top: researcher," Sydney
Morning Herald, 22 April 2004 at
http://www.smh.com.au/articles/2004/04/22/1082530277560.html

 ========================================================================
[18] Studies indicate Internet privacy awareness lags
 ========================================================================
New research suggests that efforts to educate Internet users on how to
protect their personal information still have very far to go.

The research came in the form of two reports, one of which was commissioned
by the Infosecurity Europe trade show, while the other was conducted by the
firm RSA Security. Both of them indicated that many people are very lax as
to how they handle their personal details online, including passwords. For
example, the Infosecurity study found that more than 70% of respondents
would divulge their computer password for a chocolate bar, while another 34%
gave out such information (without a chocolate bar or any other
compensation) when asked whether their passwords were related to the name of
a child or pet. Similarly, the RSA Security survey discovered that, among
other things, a third of the people questioned shared their computer
passcodes or otherwise wrote them down-a practice frowned upon by many
privacy advocates.

Many experts hope that these results will at least help galvanize privacy
education efforts. Tony Neate from the British National Hi-Tech Crime Unit
warned that cases of identity fraud and other abuses of personal information
"can only increase if people do not become more aware of their
responsibilities to protect their virtual identities."

For video and text coverage, see "Passwords revealed by sweet deal," BBC
News, 20 April 2004 at
http://news.bbc.co.uk/1/hi/technology/3639679.stm

Read Owen Bowcott, "Identity theft could be next big crimewave, warns
internet firm," The Guardian (UK), 20 April 2004 at
http://www.guardian.co.uk/online/news/0,12597,1195685,00.html

 ========================================================================
[19] U.S. Big Brother Awards for 2004 handed out
 ========================================================================
Privacy International (PI-a GILC member) recently held its annual United
States Big Brother Awards ceremony for 2004. These prizes are designed to
spotlight some of the most serious threats to individual privacy, and were
handed out at the Computers, Freedom and Privacy (CFP) 2004 Conference. The
winners included:

*The Multistate Anti-Terrorism Information Exchange (MATRIX) system, which
received a Perversion of Justice Award for combining "public records and
private record data from multiple databases with data analysis tools,"
thereby providing "a wealth of personal information in near-real time" to
law enforcement agents.

*The Transportation Security Administration, which won a Bureaucratic
Indifference Award "for its operation of the 'No-Fly' list, a database of
individuals that is distributed to airlines for purposes of stopping or
searching suspected individuals. The list has been run so poorly that many
innocent travelers have been stopped, hassled, and searched every time they
travel."

*Northwest Airlines, which garnered a Blurring the Borders Award for passing
along three months of passenger data to the U.S. government "for use in a
data mining and passenger profiling study."

On a positive note, California State Senator Liz Figueroa won a Brandeis
award for being "one of the most important state leaders on privacy. She
authored California's medical privacy protections and the state's
do-not-call telemarketing legislation. In 2003, she was successful in
passing SB27, a law that requires offline retailers to disclose whether they
sell customers' personal information to direct marketers and to allow
individuals to opt-out of the sale. Her current privacy legislation includes
protections against identity theft, and against the sale of children's
information for direct marketing purposes."

For further information on the U.S. Big Brother Awards, visit
http://www.privacyinternational.org/bigbrother/us2004/

The official CFP 2004 website is located at
http://www.cfp2004.org

==========================================
[20] EFF Pioneer Awards winners announced
==========================================
Several weeks ago, the Electronic Frontier Foundation (EFF-a GILC member)
honored its newest Pioneer Awards laureates. These awards are given out
every year to "individuals who have made significant and influential
contributions to the development of computer-mediated communications or to
the empowerment of individuals in using computers and the Internet."

The winners for 2004 are Kim Alexander, David Dill, and Aviel Rubin "for
spearheading and nurturing the popular movement for integrity and
transparency in modern elections." Alexander is the president of the
California Voter Foundation; among other things, she "has led pioneering
efforts to develop the Internet into an effective tool for voter education
and campaign finance disclosure in California and beyond." A Professor of
Computer Science at Stanford University, David Dill founded
"VerifiedVoting.org to champion transparent and publicly verifiable
elections," and worked alongside Alexander on a special task force to ensure
that electronic voting machines in California provided voter-verified paper
trails. Aviel Rubin is Professor of Computer Science and Technical Director
of the Information Security Institute at Johns Hopkins University; he "led
the effort to expose security flaws in Diebold computer-based voting
systems." In addition, he "co-authored an analysis of the !
government's planned SERVE system for Internet voting for military and
overseas civilians, which led to the cancellation of that dangerous
project."

For additional details about the 2004 Pioneer Awards winners, click
http://www.eff.org/awards/pioneer/2004.php

=========================================================
     ABOUT THE GILC NEWS ALERT:
=========================================================
The GILC News Alert is the newsletter of the Global Internet Liberty
Campaign, an international coalition of organizations working to protect and
enhance online civil liberties and human rights. Organizations are invited
to join GILC by contacting us at
[log in to unmask]

To alert members about threats to cyber liberties, please contact members
from your country or send a message to the general GILC address.

To submit information about upcoming events, new activist tools and news
stories, contact:

Christopher Chiu
GILC Coordinator
American Civil Liberties Union
125 Broad Street, 17th Floor
New York, New York 10004
USA

Or email:
[log in to unmask]

More information about GILC members and news is available at
http://www.gilc.org

You may re-print or redistribute the GILC NEWS ALERT freely.

This edition of the GILC Alert will be found on the World Wide Web under
http://www.gilc.org/alert/alert84.html

and on the Human Rights Education Associates (HREA-a GILC member) website
via
http://www.hrea.org/lists/huridocs-tech/markup/maillist.php

To subscribe to the Alert, or to change your subscription options
(including unsubscribing), please visit
http://mail.2rad.net/mailman/listinfo/gilc-announce

========================================================
PUBLICATION OF THIS NEWSLETTER IS MADE POSSIBLE BY A
GRANT FROM THE OPEN SOCIETY INSTITUTE (OSI)
========================================================

_______________________________________________
Gilc-announce mailing list
[log in to unmask]
http://mail.2rad.net/mailman/listinfo/gilc-announce

--
This message has been scanned for viruses and dangerous
content by the NorMAN MailScanner Service and is believed
to be clean.

The NorMAN MailScanner Service is operated by Information,
Systems and Services, University of Newcastle upon Tyne.

************************************************************************************
Distributed through Cyber-Society-Live [CSL]: CSL is a moderated discussion
list made up of people who are interested in the interdisciplinary academic
study of Cyber Society in all its manifestations.To join the list please visit:
http://www.jiscmail.ac.uk/lists/cyber-society-live.html
*************************************************************************************