From: Chris Chiu [mailto:[log in to unmask]]
Sent: 02 March 2004 16:05
To: Gilc-Announce (E-mail)
Subject: [Gilc-announce] GILC Alert
GILC Alert
Volume 8, Issue 2
2 March 2004
Welcome to the Global Internet Liberty Campaign Newsletter.
Welcome to GILC Alert, the newsletter of the Global Internet Liberty
Campaign. We are an international organization of groups working for
cyber-liberties, who are determined to preserve civil liberties and human
rights on the Internet.
We hope you find this newsletter interesting, and we very much hope that you
will avail yourselves of the action items in future issues.
If you are a part of an organization that would be interested in joining
GILC, please contact us at <[log in to unmask]>.
If you are aware of threats to cyber-liberties that we may not know about,
please contact the GILC members in your country, or contact GILC as a whole.
Please feel free to redistribute this newsletter to appropriate forums.
===============================================
Free expression
[1] Chinese gov't formally charges Net dissident
[2] Vietnamese Net dissident faces trial
[3] Vote coming on EuroDMCA proposal
[4] New trade pact may bring DMCA-type laws to Australia
[5] Belarus court fines journalist over Net writings
[6] Iranian Net users continue struggle against gov't censors
[7] File-sharing legal battles spread to Canada, Australia
[8] Canadian ruling poses Net jurisdictional speech issues
[9] DVD copying equipment maker loses initial court battle
Privacy
[10] South Korean wiretapping surges upward
[11] U.S. Net telephony spy rules controversy still unresolved
[12] U.S. President threatens veto of privacy restoration bills
[13] WebFountain Internet trawling device: TIA-lite?
[14] Major privacy problems found in South Korean websites
[15] U.S. universities suffer online security breaches
[16] Microsoft criticized over slow security patch rollout
[17] MyDoom computer bug hits hard
================================================================
[1] Chinese gov't formally charges Net dissident
================================================================
After months in detention, a prominent Chinese dissident has been formally
charged with subversion over his online activities, despite a massive
grass-roots petition drive for his release.
Du Daobin, a former civil servant, had been arrested last November after
posting several dozen articles on the Information Superhighway about various
political and social subjects, including efforts by the mainland Chinese
government to alter Hong Kong security laws. His precise whereabouts and
legal status remained a mystery until two weeks ago, when Chinese
authorities confirmed that Du had been charged with "inciting subversion of
state power and the overthrow of China's socialist system."
These revelations came as numerous individuals, including many Chinese
intellectuals, have petitioned for Du's release. The document specifically
notes that "applying the second clause of Article 105 of the Chinese
criminal code - that provides for prison sentences for 'subversion' - to a
case like that of Du Daobin is abusive. Its application is contrary to
freedom of expression guaranteed by Article 19 of the Universal Declaration
of Human Rights and Article 35 of the Chinese Constitution." The letter
calls on "the judges of the Supreme People's Court of China ... to intervene
to secure [Du's] immediate release and to do everything possible to see that
Article 105 of the criminal code is no longer used against dissidents
expressing their opinions on the Internet." To date, more than a thousand
people have signed the petition.
The prosecution of Du Daobin is just one of many efforts by the Chinese
government to silence its critics online. Recently, 5 followers of the Falun
Gong spiritual movement were sentenced to multiyear prison sentences after
they allegedly posted materials on the Internet regarding the persecution of
other Falun Gong adherents. Reporters Sans Frontieres (RSF-a GILC member)
called the crackdown "completely unjustified. The five Internet-users were
convicted for posting online what is already very well known to human rights
organisations, that members of Falun Gong are systematically tortured in
prison." In addition, reports indicate that Chinese authorities have issued
new rules that essentially ban independent reporting of various issues via
the Internet.
For more on new Chinese restrictions on Internet independent reporting,
click
http://rsf.fr/article.php3?id_article=9403
See "Beijing cracks down on Internet news groups," Straits Times, 27
February 2004 at
http://www.asiamedia.ucla.edu/article.asp?parentid=8282
For further details on the recent sentencing of Falun Gong cyber-activists,
visit the RSF website under
http://rsf.fr/article.php3?id_article=9309
Read "China criticised for jailing Falun Gong over Net use," South China
Morning post, 23 February 2004 at
http://www.asiamedia.ucla.edu/article.asp?parentid=8079
See also "Falun Gong members jailed for 'fabrication,'" South China Morning
Post, 20 February 2004 at
http://www.asiamedia.ucla.edu/article.asp?parentid=7897
To read the petition to free Du Daobin, visit the RSF website under
http://www.rsf.fr/article.php3?id_article=9181
Read "Internet dissident Du facing charges," South China Morning Post, 18
February 2004 at
http://www.asiamedia.ucla.edu/article.asp?parentid=7731
See "China internet dissident arrested," BBC News Online, 17 February 2004
at
http://news.bbc.co.uk/2/hi/asia-pacific/3494969.stm
================================================================
[2] Vietnamese Net dissident faces trial
================================================================
Public concern is growing over the plight of a man who was detained after he
passed along information that criticized the Vietnamese ruling regime.
Pham Que Duong, a former army officer, is accused of having received and
sent various documents online that disparaged the Vietnamese government as
well as writing for a Canadian magazine. Vietnamese authorities arrested him
in December 2002, but did not give him a copy of the charges until a few
weeks ago. His jailers have reportedly subjected him to harsh interrogation
sessions; according to Reporters Sans Frontieres (RSF-a GILC member), this
treatment may leave him "exhausted and unable to defend himself properly
when the trial takes place." If convicted, he could spend the next 12 years
in prison.
Meanwhile, the Vietnamese government has finally released three people who
had been imprisoned over their Internet activities, among other things.
Nguyen Vu Viet, Thadeus Nguyen Van Ly and Nguyen Truc Cuong had been held
since June 2001 after they supposedly transmitted information regarding
freedom of religion in the Southeast Asian nation through email messages,
faxes and telephone calls.
For further information on the Pham Que Duong case, visit the RSF website
under
http://www.rsf.org/article.php3?id_article=9276
For more details on the cases of Nguyen Vu Viet, Thadeus Nguyen Van Ly and
Nguyen Truc Cuong, click
http://rsf.fr/article.php3?id_article=8623
======================================
[3] Vote coming on EuroDMCA proposal
======================================
The European Parliament is expected to vote soon on a proposal that would
expand the powers of intellectual property holders.
The draft European Intellectual Property Enforcement Directive supposedly
will simplify the enforcement of copyrights, patents, and trademarks
throughout the continent. Among other things, the proposal includes
provisions that essentially would give intellectual property holders broad
subpoena powers to collect personal information. The proposal also may
increase civil liability for infringements even if done accidentally,
unknowingly or for non-commercial purposes. The proposal's general outlines
have drawn comparisons to the much-maligned United States Digital Millennium
Copyright Act (DMCA), which contains analogous language.
After heavy criticism from a number of groups, many amendments to the
Directive were proposed, and voting on the entire proposal was again
delayed. However, these changes have to yet fully persuade cyberliberties
experts, many of whom are worried that the proposal will undermine free
speech and privacy rights online. Robin Gross of IP Justice (a GILC member)
compared the personal information gathering powers under the Directive to
subpoena powers under the DMCA that "have allowed the recording industry to
frighten and financially extort thousands of US consumers for P2P
file-sharing of music. The directive's bloated scope will allow the
recording industry to violate the rights of millions of European consumers
for minor infringements." The European Digital Rights Intiative (EDRI) has
expressed similar concerns.
To read the latest version of the Directive, click
http://www.ipjustice.org/CODE/020604EUIPED.html
An IP Justice press release on this subject is available under
http://www.ipjustice.org/CODE/update20040223_en.html
Read "Fast track procedure for IPR Enforcement," EDRI-gram, 27 February 2004
at
http://www.edri.org/cgi-bin/index?funktion=view&id=000100000128
See Matthew Broersma, "Antipiracy law heads for EU vote," CNET News, 19
February 2004 at
http://news.com.com/2102-1028_3-5161981.html
See also "Intellectual property directive taken off Parliament's agenda,"
EURActiv.com, 10 February 2004 at
http://www.euractiv.com/cgi-bin/cgint.exe/1?204&OIDN=1507135&-tt=
================================================================
[4] New trade pact may bring DMCA-type laws to Australia
================================================================
Critics warn that a new treaty between Australia and the United States could
seriously undermine online free speech Down Under.
The controversy centers on a proposed Australia-U.S. Free Trade Agreement
that includes a chapter on intellectual property law. While precise details
about this chapter have been hard to come by, among other things, it
apparently would place tight controls on devices that could be used to
circumvent copy protections, even if such products can be used for
noninfringing purposes. The treaty also purportedly calls for a legal regime
under which intellectual property holders could more easily get personal
information about Internet users from their respective telecommunications
service providers, ostensibly for enforcement purposes. The pact reportedly
would apply copyright protections to cached or otherwise temporarily stored
versions of copyright materials, and would require Australia to start using
a new system for the resolution of Internet domain name disputes.
Cyberliberties groups have rallied against the proposed measure. Dale
Clapperton, a board member of Electronic Frontiers Australia (EFA-a GILC
member), argued: "The United States has one of the worst systems of
intellectual property laws in the world. Their Digital Millennium Copyright
Act (DMCA) has been widely condemned by civil liberties and users groups
throughout the world, and now the [Australian Prime Minister John]
Howard['s] government has committed itself to implementing its worst, most
insidious provisions."
An EFA press release on this subject is posted at
http://www.efa.org.au/Publish/PR040212.html
A U.S. government fact sheet on the treaty is available (in PDF format)
under
http://www.ustr.gov/releases/2004/02/2004-02-08-factsheet-australia.pdf
Read "EFA slams IP clauses in US-Aust trade deal," The Age (AU), 12 February
2004 at
http://www.asiamedia.ucla.edu/article.asp?parentid=7656
================================================================
[5] Belarus court fines journalist over Net writings
================================================================
A judge in Belarus has fined a prominent human rights activist for writing
several online articles.
Natalya Kaliada published the articles on a website operated by Charter 97.
While the precise contents of the articles were not revealed, they
supposedly decried various human rights violations in the country. In
addition to hosting the website, Charter 97 itself has criticized several of
the Eastern European nation's leaders, including deputy attorney general
Paval Radzivonaw. Prior to the ruling, Radzivonaw had launched an
investigation of the organization and concluded that its activities were
illegal, a move that many experts believe was politically motivated.
Free speech groups have condemned the court decision, which is being seen as
yet another attempt by the Belarus government to stifle the activities of
independent media and human rights organizations. Robert Menard, the
secretary-general of Reporters Sans Frontieres (RSF-a GILC member),
complained: "All Kaliada has done is speak out against repeated human rights
violations in Belarus. ... In a country where the independent press is
subjected to constant harassment by the authorities, the Internet provides
Belarussians with access to uncensored news and information. We therefore
strongly condemn this attempt to gag press freedom on the Internet."
For more details, visit the RSF website under
http://www.rsf.org/article.php3?id_article=9176
================================================================
[6] Iranian Net users continue struggle against gov't censors
================================================================
While some Internet users in Iran have been able to express themselves
online, recent developments have generated concern as to whether they will
be able to continue.
For years, Iranian authorities have heavily restricted discussion of various
social, political and religious topics. Nevertheless, many citizens in the
Middle Eastern nation have turned to the Information Superhighway as a forum
to vent their frustrations freely. Much of the growth of this online
community can be traced to the development of weblogging or "blogging"
software in the Farsi language as well as cybercafes that have appeared in
ever-increasing numbers across the country. The relatively anonymous nature
of the Internet has encouraged many Iranian netizens to hold open
discussions on a variety of subjects that are not normally spoken about
offline, including critiques of Iran's supreme leader, the Ayatollah Ali
Khamenei. One famous Iranian blogger, known by her pseudonym Lady Sun,
explained: "We always wear masks in our society. This is a place to take
them off."
However, there are signs that this state of affairs may not last for long.
The Iranian government already blocked various websites, including those of
Reporters Sans Frontieres (RSF-a GILC member), Radio Liberty and the Voice
of America, and shutdown hundreds of cybercafes at the end of 2003.
Moreover, victories in last month's national elections by Khamenei's
supporters (who have spearheaded attempts to stifle dissent) have led to
increased anxiety among free speech experts. Indeed, last week, an Iranian
judge announced that he will order prominent pro-reform website, Emrooz.ws,
to be shutdown. The decision drew protests from various free expression
groups, including RSF, which called "on conservative judges to halt their
ideological censorship of the net, which has clearly intensified during this
electoral period."
For more on the Emrooz case, visit the RSF website at
http://rsf.fr/article.php3?id_article=9373
See "Iran's blogs slip through strict controls," Associated Press, 22
February 2004 at
http://www.baltimoresun.com/technology/bal-te.iranblog22feb22,0,7080313.stor
y?coll=bal-technology-headlines
Read Abbas Azimi, "Postcards from Iran: Surfing the net," BBC News Online,
13 February 2004 at
http://news.bbc.co.uk/1/hi/world/middle_east/3486923.stm
For background on Iran's recent elections, see Jim Muir, "Analysis: What now
for Iran?" BBC News Online, 23 February 2004 at
http://news.bbc.co.uk/1/hi/world/middle_east/3514551.stm
================================================================
[7] File-sharing legal battles spread to Canada, Australia
================================================================
The entertainment industry's legal war against individual Internet
file-sharers has now gone beyond the United States.
The Canadian Recording Industry Association (CIRA) has gone to court seeking
the identities of some 29 Internet users. CIRA claims that those individuals
had illegally traded music files through the Information Superhighway, and
is demanding that five telecommunications providers divulge personal
information about those users. Cyberliberties groups have criticized the
move for a variety of reasons and, among other things, have questioned
whether the targeted people are actually engaged in illegal activities. Seth
Schoen from the Electronic Frontier Foundation (EFF-a GILC member) that
while many Internet service providers "claim to have generally accurate
records of who was using an IP [Internet protocol] address at a particular
time, ... some people have been misidentified" in similar cases that
occurred in the United States, and it's "not quite clear yet who has been
making the mistakes." Indeed, one individual who was the subject of CIRA's
demands complained that she had "!
never downloaded a single song. I honestly wouldn't know how to do it."
In Australia, a recording industry group has raided the offices of various
universities and private businesses in an effort to gather personal
information on Internet users. Music Industry Privacy Investigations
searched the premises of three colleges (the University of Queensland, the
University of New South Wales and Monash University) as well as the
headquarters of numerous companies, notably Sharman Networks (which produces
the Kazaa Internet file-sharing software), Akamai Technologies AAP, NTT
Australia, Telstra Corporation, and NTT Australia IP. Sharman Networks
slammed the raids as "a knee-jerk reaction by the recording industry to
discredit Sharman Networks and the Kazaa software, following a number of
recent court decisions around the world that have ruled against the
entertainment industry's agenda to stamp out peer-to-peer technology."
Nor have the legal attacks abated in the United States. The Recording
Industry Association (RIAA) has launched a fifth wave of lawsuits against
Internet users who allegedly have engaged in copyright infringement by
sharing music files online. In this latest effort, the RIAA mentioned its
targets by their supposed IP addresses, and is trying to discover the true
identities of the people it sued. The Association's efforts have encounter
serious opposition from various groups, including GILC members the American
Civil Liberties Union and EFF as well as Public Citizen, who believe the
RIAA has yet to show sufficient justification for divulging the identities
of the targeted Internet users. EFF Legal Director Cindy Cohn explained:
"Once again, the RIAA is trying to cut corners in its crusade against
file-sharers and deny Internet users the legal protections that are
available in all other types of legal cases. All of those accused should
receive notice and have a chance to refute!
accusations of file-sharing before the record industry compels their
Internet Service Providers to reveal their identities." The RIAA has sued a
total of 1445 alleged file-sharers in the U.S. over the past year.
Read Keith Damsell, "Net song swappers identities' seen as hard to track,"
Globe and Mail (CA), 19 February 2004 at
http://www.globetechnology.com/servlet/story/RTGAM.20040219.gtpiracy19/BNSto
ry/Technology/
For more on the Australian recording industry raids, see James Pearce,
"Music industry's search orders on trial," CNET News, 20 February 2004 at
http://news.com.com/2102-1027_3-5162498.html
Read "Kazaa files motion to delay copyright proceedings," AAP, 10 February
2004 at
http://www.smh.com.au/articles/2004/02/10/1076175148175.html
See also Sam Varghese, "Record industry enforcer raids Kazaa offices,"
Sydney Morning Herald, 6 February 2004 at
http://www.smh.com.au/articles/2004/02/06/1075854054236.html
For further information in German (Deutsch), see "Australische
Musikindustrie geht gegen Kazaa vor," Heise Online, 6 February 2004 at
http://www.heise.de/newsticker/meldung/44392
For more details and commentary on the U.S. file-sharer lawsuits, visit the
EFF website under
http://eff.org/IP/P2P/RIAA_v_ThePeople/20040202_eff_pr.php
Read Katie Dean, "New Flurry of Lawsuits," Wired News, 19 February 2004 at
http://wired.com/news/print/0,1294,62318,00.html
================================================================
[8] Canadian ruling poses Net jurisdictional speech issues
================================================================
A Canadian court decision has renewed concern over how national laws can
restrict international free speech online.
The case centered around Cheickh Bangoura, a former United Nations official
who immigrated to Canada from Kenya several years ago. He had sued the
Washington Post, a United States newspaper, for defamation in a court
located in the Canadian province of Ontario over an article that was written
and posted both offline and online while he was still living in Kenya. The
Post asked for the court to stay the lawsuit, saying that the dispute
(including the underlying article) had little or nothing to do with Canada.
The judge disagreed, holding that the newspaper "should have reasonably
foreseen that the story would follow the plaintiff wherever he resided. ...
Publishers are not obliged to publish on the Internet. If the potential
reach is uncontrollable then the greater the need to exercise care in
publication."
Internet experts are worried that this decision may deter people from
publishing their works online, for fear of breaking speech restrictions in
some other country. Canadian law professor Michael Geist wrote that, through
this ruling, the "Ontario court has ... created a moving target test that
will create the prospect for uncertainty among publishers worldwide as they
fear that they too may be someday be hauled into an Ontario courtroom."
To read the text of the decision, click
http://www.canlii.org/on/cas/onsc/2004/2004onsc10181.html
See Michael Geist, "Web decision extends long arm of Ontario law," Toronto
Star, 16 February 2004 at
http://www.shorl.com/fidygrejosoja
================================================================
[9] DVD copying equipment maker loses initial court battle
================================================================
Should it be illegal to make a device that can copy videodiscs?
That is essentially the question posed by a court case that involves 321
Studios. The company manufactures DVD X Copy, a computer program that allows
users to duplicate DVDs, which usually are embedded with copy protection
programs. 321 Studios is marketing the product as an easy way to make
backups: "DVDs can easily get lost, stolen, scratched, damaged by heat,
broken by children, or rendered useless in other ways. By making backup
copies, consumers can protect their investment in their DVD libraries. The
duplicate copy can be used at home or taken on vacation, while the
availability of both the original and the backup provides a kind of
insurance against loss or damage." However, the Motion Picture Association
of America sued 321 Studios, saying it had violated the much-maligned
Digital Millennium Copyright Act (DMCA), which, among other things, bans
individuals from circumventing copy protection schemes.
Presiding Judge Susan Illston has since ordered 321 Studios to stop selling
DVD X Copy within 7 days.
A number of experts fear that the ruling will severely curb traditional free
speech rights, including the ability to make fair use of copyrighted works
(for such purposes as parody, criticism or commentary). Cindy Cohn, the
legal director of the Electronic Frontier Foundation (EFF-a GILC member),
strongly disagreed with the court's reasoning: "We don't think Congress
intended to de facto eliminate fair use. ... Under the DMCA, you have a
theoretical right to fair use. But this ruling shows that if you provide a
tool for fair use you can't use it." 321 Studios plans to appeal the trial
court decision.
An EFF press release on this subject is posted at
http://eff.org/IP/DMCA/MGM_v_321Studios/20040220_eff_pr.php
For more information about 321 Studios' stance on DVD copying, click
http://www.321studios.com/aboutFAQ.htm
See Adam Turner, "Copy, right?" Next (AU), 24 February 2004 at
http://www.smh.com.au/articles/2004/02/23/1077497503357.html
Read "DVD copying equipment ruled illegal," New Scientist.com, 24 February
2004 at
http://www.newscientist.com/news/news.jsp?id=ns99994710
See "Court Setback For DVD Copying," Associated Press, 21 February 2004 at
http://www.cbsnews.com/stories/2004/02/20/tech/main601371.shtml
See also "Court stops DVD-copying program," BBC News Online, 23 February
2004 at
http://news.bbc.co.uk/1/hi/technology/3512825.stm
================================================================
[10] South Korean wiretapping surges upward
================================================================
Recently released statistics on South Korean government wiretapping have led
to increased public concern over the future of personal privacy.
The statistics were disclosed in two separate reports from the South Korean
Ministry of Communications and Information (MIC). One report indicated that
the number of wiretapping cases had increased by 12% in 2003 (compared to
2002). Interception of Internet transmissions rose by more than 10%, while
interception of mobile phone transmissions rocketed up by over 27%.
Additionally, the MIC admitted that South Korean law enforcement agencies
had gathered personal information records regarding a total of 987 388
mobile phone calls. The records were surprisingly detailed and included such
tidbits as callers' birthplaces and their geographic locations.
These revelations have further fueled public anxiety over government spy
practices. Indeed, the reports came as a committee of the South Korean
National Assembly is investigating charges that a senior National Security
Council official, Lee Jong-seok, had ordered the National Intelligence
Service to intercept mobile phone conversations made by several reporters.
See Shim Jae-yun, "1 Mil. Mobile Phones Wiretapped," Korea Times, 17
February 2004 at
http://times.hankooki.com/lpage/200402/kt2004021722324210440.htm
Read Kim Tae-gyu, "Wiretapping Cases Up 12%," Korea Times, 11 February 2004
at
http://times.hankooki.com/lpage/tech/200402/kt2004021117490211790.htm
See also "NIS checks reporter's phone, sparks furor," Korea Herald, 31
January 2004 at
http://www.asiamedia.ucla.edu/article.asp?parentid=7115
================================================================
[11] U.S. Net telephony spy rules controversy still unresolved
================================================================
It is still unclear whether the United States government will implement new
standards that would make it easier to spy on phone calls made over the
Internet.
The U.S. Federal Bureau of Investigations (FBI) and the U.S. Department of
Justice (DOJ) have repeatedly called on the Federal Communications
Commission to rule that the Communications Assistance for Law Enforcement
Act (CALEA) applies to phone calls made via the Information Superhighway,
including transmissions using the Voice over Internet Protocol (VoIP).
Enacted in 1994, CALEA generally requires telecom firms to build
surveillance capabilities into their networks, but exempts information
services, most notably the Internet. If the FCC were to issue such a ruling,
Internet service providers, including providers of high-speed broadband
connections, would have to install spyware in their systems.
This debate was highlighted recently when the FCC approved a request by
Pulver.com, a VoIP provider, to avoid having to comply with various
regulations that apply to traditional phone companies. However, the
Commission did not specifically address the issue of whether CALEA applies
to VoIP. Indeed, one of the Commissioners, Michael Copps, signaled that he
would support the FBI and DOJ's stance, and expressed concern that the
Pulver ruling creates "challenges for law enforcement."
Privacy advocates and industry leaders remain worried about efforts to apply
CALEA to VoIP and similar technologies. Among other things, they question
whether such rules would actually be effective in capturing criminal
conversations. Some of these critics have also suggested that CALEA
specifically excludes the Internet from its coverage and that surveillance
tools to spy on Internet phone calls could be used for unnecessary
government spying on other types of Internet transmissions, such as private
email messages and surfed webpages.
Read Declan McCullagh and Ben Charny, "FCC: 'Pure' VoIP not a phone
service," CNET News, 12 February 2004 at
http://news.com.com/2102-7352_3-5158105.html
See Ben Charny, "VoIP: It's not so easy to listen in," CNET News, 13
February 2004 at
http://news.com.com/2102-7352_3-5159159.html
================================================================
[12] U.S. President threatens veto of privacy restoration bills
================================================================
United States President George W. Bush may veto legislation designed to
restore privacy rights, according to a senior U.S. government official.
This threat came in a letter from U.S. Attorney General John Ashcroft
regarding the SAFE Act, a proposal that would place some checks and balances
on government surveillance powers that were expanded under the
heavily-criticized USA Patriot Act. For example, the proposal would
implement safeguards against potential government abuse of "sneak and peek"
secret search powers, as well as increase privacy protections for computer
users at libraries. It would also lead to the expiration or "sunsetting" of
a Patriot Act section that applied loose pen register privacy standards
(previously used for collecting such data as phone numbers) to the Internet,
rather than requiring law enforcement agents to show probable cause that a
crime is being committed and get a court order. This pen register provision
had allowed the U.S. government to make greater use of controversial
Internet spy tools such as Carnivore. In the letter, Ashcroft savaged the
Act, urged the U.S. Senate to reject the !
bill and said that, if the bill "is presented in its current form to the
President, the President's senior advisers will recommend that it be
vetoed."
The Bush Administration's stance received a hostile reaction from privacy
advocates. Anthony Romero, the executive director of the American Civil
Liberties Union (ACLU-a GILC member), said that the "Attorney General's
attack on the SAFE Act shows how out of step the Bush Administration is with
growing national concern over the Patriot Act. Ironically, the veto threat
also demonstrates that the SAFE Act is becoming an increasingly viable
legislative measure, one that has obviously put the Ashcroft Justice
Department on the defensive."
An ACLU press release on this subject is posted at
http://www.aclu.org/SafeandFree/SafeandFree.cfm?ID=14833&c=206
The text of the Ashcroft letter is available (in PDF format) under
http://www.politechbot.com/docs/safe.ashcroft.letter.013004.pdf
To read the text of the SAFE Act, click
http://thomas.loc.gov/cgi-bin/query/z?c108:s.1709:
The text of the Patriot Act is available via the Electronic Privacy
Information Center (EPIC-a GILC member) website at
http://www.epic.org/privacy/terrorism/hr3162.html
For an overview of the Patriot Act's sunset provision (in PDF format), visit
the Center for Democracy & Technology (CDT-a GILC member) website under
http://www.cdt.org/security/20040127sunsets.pdf
Read Declan McCullagh, "Ashcroft says surveillance powers should stand,"
CNET News, 29 January 2004 at
http://news.com.com/2102-1028_3-5150477.html
For press coverage in German (Deutsch), see "US-Regierung droht bei
Beschneidung des Patriot Act mit Veto," Heise Online, 30 January 2004 at
http://www.heise.de/newsticker/meldung/44208
================================================================
[13] WebFountain Internet trawling device: TIA-lite?
================================================================
A new system to compile and scrutinize large amounts of information is
drawing unfavorable comparisons to a much-maligned United States government
spy system.
Developed by two IBM scientists, Dan Gruhl and Andrew Tomkins, WebFountain
scans a variety of materials, including "internet data, weblogs, bulletin
boards, enterprise data, legacy data, licensed content, newspapers,
magazines and trade journals." The program then uses that information to
create "buzz reports" and draw conclusions as to people's opinions on
various subjects. For example, according to Gruhl, a gas station could use
WebFountain to see what the public felt about fuel price increases as well
as various services it offered, such as car washes. Gruhl mentioned that one
client wants to use the program to predict whether bank customers who
deposited large amounts of money were engaged in criminal activity.
Questions remain as to what effect WebFountain will have on Internet
privacy. Indeed, the program's features betray certain similarities with the
now-infamous Total Informational Awareness (TIA) initiative (later renamed
Terrorist Information Awareness). Designed by a branch of the U.S.
Department of Defense, TIA's goal was to gather and analyze personal data on
a grand scale to predict and prevent terrorist acts. The U.S. Congress
eventually shutdown the department that was developing TIA, largely due to
privacy fears and doubts as to the system's effectiveness, although reports
indicate that some TIA components are quietly being developed by other U.S.
government agencies.
The official WebFountain webpage is located at
http://www.almaden.ibm.com/WebFountain/
Read "WebFountain to track Net buzz," South China Morning Post, 10 February
2004 at
http://www.asiamedia.ucla.edu/article.asp?parentid=7516
For more on TIA, read "Fed Data-Mining Research Lives On," CBSNews.com, 23
February 2004 at
http://www.cbsnews.com/stories/2004/02/23/tech/main601728.shtml
================================================================
[14] Major privacy problems found in South Korean websites
================================================================
A new study indicates many South Korean websites don't do a very good job in
protecting their users' personal data.
The Yonhap News Agency study discovered privacy problems in a number of
government and non-government websites. For example, researchers found that
many sites, such as the South Korean Supreme Public Prosecutors' Office
webpage, used unencrypted identification text files or cookies, which could
easily be doctored so that an attacker could enter the site with false
authentication information. Similarly, a large online community website
(that had some 10 million members) had such weak authentication security
that it was possible to dupe its cyberpayment system and steal other
members' money.
Computer security professionals decried these findings and warned that
failure to fix these problems could lead to legal trouble. One expert
suggested that the proprietors of the offending websites simply have
forgotten that the privacy of their users is fundamentally important: "They
seem to have established Web sites without considering the basis of their
Web connection."
Read Kim Rahn, "Major WebSites Not Safe From Leakage of Personal
Information," Korea Times, 24 February 2004 at
http://times.hankooki.com/lpage/nation/200402/kt2004022417390511980.htm
================================================================
[15] U.S. universities suffer online security breaches
================================================================
Several separate incidents have raised questions as to whether universities
in the United States are doing enough to protect the personal information of
their students and faculty.
In one of these incidents, attackers managed to infiltrate University of
Georgia (UGA) security via computer and gain remote access to a UGA server
containing sensitive data. The types of personal information that were
stored on the server included credit card account numbers, credit card
expiration dates, social security numbers, names and birth dates. Although
it is unclear just how many people were affected by the breach, email
notices regarding the incident were sent to about 31000 recipients.
Meanwhile, New York University (NYU) has been racked by several major online
security foul-ups. In one incident, a publicly accessible NYU athletics
website posted the social security numbers of some 1800 students, while
another NYU webpage revealed personal data regarding more than 2100 alumni,
professors and students. Both websites have since been taken offline;
however, NYU only took concrete action regarding the athletics website a
month after the problem was discovered, which led to heavy criticism from
various students for the apparent delay.
For further information regarding the University of Georgia incident, click
http://www.uga.edu/inside/fraudconcerns.html
For more details on the NYU breach, read Bret Nolan Collazzi, "NYU.edu to
get a checkup," Washington Square News, 3 February 2004 at
http://www.washingtonsquarenews.com/news/campus/6627.html
See also Kate Meyer, "SSN flap may lead to new ID system," Washington Square
News, 24 January 2004 at
http://www.washingtonsquarenews.com/news/campus/6534.html
================================================================
[16] Microsoft criticized over slow security patch rollout
================================================================
Computer experts are criticizing the world's leading software manufacturer
over its sluggish reaction in fixing a security flaw.
The controversy revolves around a security hole in the latest versions of
Microsoft's Windows operating system. The flaw, which involves an underlying
protocol known as Abstract Syntax Notation One, would allow an attacker to
takeover a victim's computer remotely, such as through a local area network.
eEye Digital Security, a United States company, discovered the problem and
notified Microsoft in July 2003. However, Microsoft did not make any
announcement about the flaw until about two weeks ago, when it described the
problem as "critical" and released a patch for the hole.
Not surprisingly, a number of observers wonder whether the protection of
Microsoft users' personal information ranks sufficiently high on the
company's list of priorities. eEye's Marc Maiffret warned: "If it really
took them that long technically to make (and test) the fix, then they have
other problems. That's not a way to run a software company." Internet law
expert Steven Philippsohn explained: "I have no doubt that if manufacturers
in cases like this know about a flaw in their system and don't inform at
earliest opportunity possible, they could be liable for losses. It has been
made more serious by the fact Microsoft have accepted that they were told
about the flaw months ago."
Read Robert Lemos, "200 days to fix a broken Windows," CNET News, 13
February 2004 at
http://news.com.com/2102-1002_3-5158625.html
See "'Protect PCs' Microsoft users told," BBC News, 11 February 2004 at
http://news.bbc.co.uk/1/hi/technology/3477899.stm
For coverage in Spanish (Espanol), see "El nuevo fallo de Microsoft podria
ser de los mas graves conocidos," DelitosInformaticos.com, 12 February 2004
at
http://www.delitosinformaticos.com/seguridad/noticias/107660261838741.shtml
================================================================
[17] MyDoom computer bug hits hard
================================================================
A new computer bug has raised troubling questions regarding the efficacy of
current Internet security systems.
The MyDoom worm (also known as Novarg) was disguised under such email
subject lines as "Mail Delivery System," "Test" or "Mail Transaction
Failed." Such messages came with attachments that, when opened, installed
programs on victims' computers allowing attackers to gain remote control of
the machines. The malady, which only affected users of the Microsoft Windows
operating system, also launched denial of service attacks against the
website of the SCO Group (www.sco.com); the software organization was forced
to open an alternative website. MyDoom also used victims' email address
books to forward itself along to another machines. Some estimates indicate
the bug affected 2 million computers worldwide. Since then, other versions
of MyDoom have appeared that target the websites of Microsoft and the
Recording Industry Association of America.
The MyDoom outbreak has led a close reexamination of current measures to
protect Internet users. For example, some experts have pointed to the market
dominance of the Microsoft Windows as a contributing factor in the spread of
computer bugs, since a attacker can just focus on the weaknesses of one
operating system and create a virus or worm that can afflict millions of
users worldwide. Another cited problem is that many home computer users
still have not installed antivirus software or have not downloaded the most
up-to-date antivirus patterns.
Read Robert Lemos, "RIAA to face MyDoom's music," CNET News, 20 February
2004 at
http://news.com.com/2102-7355_3-5162833.html
See David Becker, "SCO selling Linux licenses online," 23 February 2004 at
http://news.com.com/2102-7344_3-5163508.html
See "Warning: Microsoft 'Monoculture,'" Associated Press, 15 February 2004
at
http://www.wired.com/news/print/0,1294,62307,00.html
Read David McCandless, "Anatomy of a virus," The Guardian (UK), 5 February
2004 at
http://www.guardian.co.uk/online/story/0,3605,1140962,00.html
See also Carrie Kirby, "Why this one is scarier/Mydoom brings computer
viruses to new level of sophistication," San Francisco Chronicle, 3 February
2004, page B1 at
http://sfgate.com/cgi-bin/article.cgi?f=/c/a/2004/02/03/BUGOL4ND9D1.DTL
See also Robert Lemos, "MyDoom sparks talks of security's future," CNET
News, 2 February 2004 at
http://news.com.com/2102-7349_3-5152165.html
=========================================================
ABOUT THE GILC NEWS ALERT:
=========================================================
The GILC News Alert is the newsletter of the Global Internet Liberty
Campaign, an international coalition of organizations working to protect and
enhance online civil liberties and human rights. Organizations are invited
to join GILC by contacting us at
[log in to unmask]
To alert members about threats to cyber liberties, please contact members
from your country or send a message to the general GILC address.
To submit information about upcoming events, new activist tools and news
stories, contact:
Christopher Chiu
GILC Coordinator
American Civil Liberties Union
125 Broad Street, 17th Floor
New York, New York 10004
USA
Or email:
[log in to unmask]
More information about GILC members and news is available at
http://www.gilc.org
You may re-print or redistribute the GILC NEWS ALERT freely.
This edition of the GILC Alert will be found on the World Wide Web under
http://www.gilc.org/alert/alert82.html
To subscribe to the Alert, or to change your subscription options
(including unsubscribing), please visit
http://mail.2rad.net/mailman/listinfo/gilc-announce
========================================================
PUBLICATION OF THIS NEWSLETTER IS MADE POSSIBLE BY A
GRANT FROM THE OPEN SOCIETY INSTITUTE (OSI)
========================================================
_______________________________________________
Gilc-announce mailing list
[log in to unmask]
http://mail.2rad.net/mailman/listinfo/gilc-announce
************************************************************************************
Distributed through Cyber-Society-Live [CSL]: CSL is a moderated discussion
list made up of people who are interested in the interdisciplinary academic
study of Cyber Society in all its manifestations.To join the list please visit:
http://www.jiscmail.ac.uk/lists/cyber-society-live.html
*************************************************************************************
|
