From: Chris Chiu [mailto:[log in to unmask]] Sent: 02 March 2004 16:05 To: Gilc-Announce (E-mail) Subject: [Gilc-announce] GILC Alert GILC Alert Volume 8, Issue 2 2 March 2004 Welcome to the Global Internet Liberty Campaign Newsletter. Welcome to GILC Alert, the newsletter of the Global Internet Liberty Campaign. We are an international organization of groups working for cyber-liberties, who are determined to preserve civil liberties and human rights on the Internet. We hope you find this newsletter interesting, and we very much hope that you will avail yourselves of the action items in future issues. If you are a part of an organization that would be interested in joining GILC, please contact us at <[log in to unmask]>. If you are aware of threats to cyber-liberties that we may not know about, please contact the GILC members in your country, or contact GILC as a whole. Please feel free to redistribute this newsletter to appropriate forums. =============================================== Free expression [1] Chinese gov't formally charges Net dissident [2] Vietnamese Net dissident faces trial [3] Vote coming on EuroDMCA proposal [4] New trade pact may bring DMCA-type laws to Australia [5] Belarus court fines journalist over Net writings [6] Iranian Net users continue struggle against gov't censors [7] File-sharing legal battles spread to Canada, Australia [8] Canadian ruling poses Net jurisdictional speech issues [9] DVD copying equipment maker loses initial court battle Privacy [10] South Korean wiretapping surges upward [11] U.S. Net telephony spy rules controversy still unresolved [12] U.S. President threatens veto of privacy restoration bills [13] WebFountain Internet trawling device: TIA-lite? [14] Major privacy problems found in South Korean websites [15] U.S. universities suffer online security breaches [16] Microsoft criticized over slow security patch rollout [17] MyDoom computer bug hits hard ================================================================ [1] Chinese gov't formally charges Net dissident ================================================================ After months in detention, a prominent Chinese dissident has been formally charged with subversion over his online activities, despite a massive grass-roots petition drive for his release. Du Daobin, a former civil servant, had been arrested last November after posting several dozen articles on the Information Superhighway about various political and social subjects, including efforts by the mainland Chinese government to alter Hong Kong security laws. His precise whereabouts and legal status remained a mystery until two weeks ago, when Chinese authorities confirmed that Du had been charged with "inciting subversion of state power and the overthrow of China's socialist system." These revelations came as numerous individuals, including many Chinese intellectuals, have petitioned for Du's release. The document specifically notes that "applying the second clause of Article 105 of the Chinese criminal code - that provides for prison sentences for 'subversion' - to a case like that of Du Daobin is abusive. Its application is contrary to freedom of expression guaranteed by Article 19 of the Universal Declaration of Human Rights and Article 35 of the Chinese Constitution." The letter calls on "the judges of the Supreme People's Court of China ... to intervene to secure [Du's] immediate release and to do everything possible to see that Article 105 of the criminal code is no longer used against dissidents expressing their opinions on the Internet." To date, more than a thousand people have signed the petition. The prosecution of Du Daobin is just one of many efforts by the Chinese government to silence its critics online. Recently, 5 followers of the Falun Gong spiritual movement were sentenced to multiyear prison sentences after they allegedly posted materials on the Internet regarding the persecution of other Falun Gong adherents. Reporters Sans Frontieres (RSF-a GILC member) called the crackdown "completely unjustified. The five Internet-users were convicted for posting online what is already very well known to human rights organisations, that members of Falun Gong are systematically tortured in prison." In addition, reports indicate that Chinese authorities have issued new rules that essentially ban independent reporting of various issues via the Internet. For more on new Chinese restrictions on Internet independent reporting, click http://rsf.fr/article.php3?id_article=9403 See "Beijing cracks down on Internet news groups," Straits Times, 27 February 2004 at http://www.asiamedia.ucla.edu/article.asp?parentid=8282 For further details on the recent sentencing of Falun Gong cyber-activists, visit the RSF website under http://rsf.fr/article.php3?id_article=9309 Read "China criticised for jailing Falun Gong over Net use," South China Morning post, 23 February 2004 at http://www.asiamedia.ucla.edu/article.asp?parentid=8079 See also "Falun Gong members jailed for 'fabrication,'" South China Morning Post, 20 February 2004 at http://www.asiamedia.ucla.edu/article.asp?parentid=7897 To read the petition to free Du Daobin, visit the RSF website under http://www.rsf.fr/article.php3?id_article=9181 Read "Internet dissident Du facing charges," South China Morning Post, 18 February 2004 at http://www.asiamedia.ucla.edu/article.asp?parentid=7731 See "China internet dissident arrested," BBC News Online, 17 February 2004 at http://news.bbc.co.uk/2/hi/asia-pacific/3494969.stm ================================================================ [2] Vietnamese Net dissident faces trial ================================================================ Public concern is growing over the plight of a man who was detained after he passed along information that criticized the Vietnamese ruling regime. Pham Que Duong, a former army officer, is accused of having received and sent various documents online that disparaged the Vietnamese government as well as writing for a Canadian magazine. Vietnamese authorities arrested him in December 2002, but did not give him a copy of the charges until a few weeks ago. His jailers have reportedly subjected him to harsh interrogation sessions; according to Reporters Sans Frontieres (RSF-a GILC member), this treatment may leave him "exhausted and unable to defend himself properly when the trial takes place." If convicted, he could spend the next 12 years in prison. Meanwhile, the Vietnamese government has finally released three people who had been imprisoned over their Internet activities, among other things. Nguyen Vu Viet, Thadeus Nguyen Van Ly and Nguyen Truc Cuong had been held since June 2001 after they supposedly transmitted information regarding freedom of religion in the Southeast Asian nation through email messages, faxes and telephone calls. For further information on the Pham Que Duong case, visit the RSF website under http://www.rsf.org/article.php3?id_article=9276 For more details on the cases of Nguyen Vu Viet, Thadeus Nguyen Van Ly and Nguyen Truc Cuong, click http://rsf.fr/article.php3?id_article=8623 ====================================== [3] Vote coming on EuroDMCA proposal ====================================== The European Parliament is expected to vote soon on a proposal that would expand the powers of intellectual property holders. The draft European Intellectual Property Enforcement Directive supposedly will simplify the enforcement of copyrights, patents, and trademarks throughout the continent. Among other things, the proposal includes provisions that essentially would give intellectual property holders broad subpoena powers to collect personal information. The proposal also may increase civil liability for infringements even if done accidentally, unknowingly or for non-commercial purposes. The proposal's general outlines have drawn comparisons to the much-maligned United States Digital Millennium Copyright Act (DMCA), which contains analogous language. After heavy criticism from a number of groups, many amendments to the Directive were proposed, and voting on the entire proposal was again delayed. However, these changes have to yet fully persuade cyberliberties experts, many of whom are worried that the proposal will undermine free speech and privacy rights online. Robin Gross of IP Justice (a GILC member) compared the personal information gathering powers under the Directive to subpoena powers under the DMCA that "have allowed the recording industry to frighten and financially extort thousands of US consumers for P2P file-sharing of music. The directive's bloated scope will allow the recording industry to violate the rights of millions of European consumers for minor infringements." The European Digital Rights Intiative (EDRI) has expressed similar concerns. To read the latest version of the Directive, click http://www.ipjustice.org/CODE/020604EUIPED.html An IP Justice press release on this subject is available under http://www.ipjustice.org/CODE/update20040223_en.html Read "Fast track procedure for IPR Enforcement," EDRI-gram, 27 February 2004 at http://www.edri.org/cgi-bin/index?funktion=view&id=000100000128 See Matthew Broersma, "Antipiracy law heads for EU vote," CNET News, 19 February 2004 at http://news.com.com/2102-1028_3-5161981.html See also "Intellectual property directive taken off Parliament's agenda," EURActiv.com, 10 February 2004 at http://www.euractiv.com/cgi-bin/cgint.exe/1?204&OIDN=1507135&-tt= ================================================================ [4] New trade pact may bring DMCA-type laws to Australia ================================================================ Critics warn that a new treaty between Australia and the United States could seriously undermine online free speech Down Under. The controversy centers on a proposed Australia-U.S. Free Trade Agreement that includes a chapter on intellectual property law. While precise details about this chapter have been hard to come by, among other things, it apparently would place tight controls on devices that could be used to circumvent copy protections, even if such products can be used for noninfringing purposes. The treaty also purportedly calls for a legal regime under which intellectual property holders could more easily get personal information about Internet users from their respective telecommunications service providers, ostensibly for enforcement purposes. The pact reportedly would apply copyright protections to cached or otherwise temporarily stored versions of copyright materials, and would require Australia to start using a new system for the resolution of Internet domain name disputes. Cyberliberties groups have rallied against the proposed measure. Dale Clapperton, a board member of Electronic Frontiers Australia (EFA-a GILC member), argued: "The United States has one of the worst systems of intellectual property laws in the world. Their Digital Millennium Copyright Act (DMCA) has been widely condemned by civil liberties and users groups throughout the world, and now the [Australian Prime Minister John] Howard['s] government has committed itself to implementing its worst, most insidious provisions." An EFA press release on this subject is posted at http://www.efa.org.au/Publish/PR040212.html A U.S. government fact sheet on the treaty is available (in PDF format) under http://www.ustr.gov/releases/2004/02/2004-02-08-factsheet-australia.pdf Read "EFA slams IP clauses in US-Aust trade deal," The Age (AU), 12 February 2004 at http://www.asiamedia.ucla.edu/article.asp?parentid=7656 ================================================================ [5] Belarus court fines journalist over Net writings ================================================================ A judge in Belarus has fined a prominent human rights activist for writing several online articles. Natalya Kaliada published the articles on a website operated by Charter 97. While the precise contents of the articles were not revealed, they supposedly decried various human rights violations in the country. In addition to hosting the website, Charter 97 itself has criticized several of the Eastern European nation's leaders, including deputy attorney general Paval Radzivonaw. Prior to the ruling, Radzivonaw had launched an investigation of the organization and concluded that its activities were illegal, a move that many experts believe was politically motivated. Free speech groups have condemned the court decision, which is being seen as yet another attempt by the Belarus government to stifle the activities of independent media and human rights organizations. Robert Menard, the secretary-general of Reporters Sans Frontieres (RSF-a GILC member), complained: "All Kaliada has done is speak out against repeated human rights violations in Belarus. ... In a country where the independent press is subjected to constant harassment by the authorities, the Internet provides Belarussians with access to uncensored news and information. We therefore strongly condemn this attempt to gag press freedom on the Internet." For more details, visit the RSF website under http://www.rsf.org/article.php3?id_article=9176 ================================================================ [6] Iranian Net users continue struggle against gov't censors ================================================================ While some Internet users in Iran have been able to express themselves online, recent developments have generated concern as to whether they will be able to continue. For years, Iranian authorities have heavily restricted discussion of various social, political and religious topics. Nevertheless, many citizens in the Middle Eastern nation have turned to the Information Superhighway as a forum to vent their frustrations freely. Much of the growth of this online community can be traced to the development of weblogging or "blogging" software in the Farsi language as well as cybercafes that have appeared in ever-increasing numbers across the country. The relatively anonymous nature of the Internet has encouraged many Iranian netizens to hold open discussions on a variety of subjects that are not normally spoken about offline, including critiques of Iran's supreme leader, the Ayatollah Ali Khamenei. One famous Iranian blogger, known by her pseudonym Lady Sun, explained: "We always wear masks in our society. This is a place to take them off." However, there are signs that this state of affairs may not last for long. The Iranian government already blocked various websites, including those of Reporters Sans Frontieres (RSF-a GILC member), Radio Liberty and the Voice of America, and shutdown hundreds of cybercafes at the end of 2003. Moreover, victories in last month's national elections by Khamenei's supporters (who have spearheaded attempts to stifle dissent) have led to increased anxiety among free speech experts. Indeed, last week, an Iranian judge announced that he will order prominent pro-reform website, Emrooz.ws, to be shutdown. The decision drew protests from various free expression groups, including RSF, which called "on conservative judges to halt their ideological censorship of the net, which has clearly intensified during this electoral period." For more on the Emrooz case, visit the RSF website at http://rsf.fr/article.php3?id_article=9373 See "Iran's blogs slip through strict controls," Associated Press, 22 February 2004 at http://www.baltimoresun.com/technology/bal-te.iranblog22feb22,0,7080313.stor y?coll=bal-technology-headlines Read Abbas Azimi, "Postcards from Iran: Surfing the net," BBC News Online, 13 February 2004 at http://news.bbc.co.uk/1/hi/world/middle_east/3486923.stm For background on Iran's recent elections, see Jim Muir, "Analysis: What now for Iran?" BBC News Online, 23 February 2004 at http://news.bbc.co.uk/1/hi/world/middle_east/3514551.stm ================================================================ [7] File-sharing legal battles spread to Canada, Australia ================================================================ The entertainment industry's legal war against individual Internet file-sharers has now gone beyond the United States. The Canadian Recording Industry Association (CIRA) has gone to court seeking the identities of some 29 Internet users. CIRA claims that those individuals had illegally traded music files through the Information Superhighway, and is demanding that five telecommunications providers divulge personal information about those users. Cyberliberties groups have criticized the move for a variety of reasons and, among other things, have questioned whether the targeted people are actually engaged in illegal activities. Seth Schoen from the Electronic Frontier Foundation (EFF-a GILC member) that while many Internet service providers "claim to have generally accurate records of who was using an IP [Internet protocol] address at a particular time, ... some people have been misidentified" in similar cases that occurred in the United States, and it's "not quite clear yet who has been making the mistakes." Indeed, one individual who was the subject of CIRA's demands complained that she had "! never downloaded a single song. I honestly wouldn't know how to do it." In Australia, a recording industry group has raided the offices of various universities and private businesses in an effort to gather personal information on Internet users. Music Industry Privacy Investigations searched the premises of three colleges (the University of Queensland, the University of New South Wales and Monash University) as well as the headquarters of numerous companies, notably Sharman Networks (which produces the Kazaa Internet file-sharing software), Akamai Technologies AAP, NTT Australia, Telstra Corporation, and NTT Australia IP. Sharman Networks slammed the raids as "a knee-jerk reaction by the recording industry to discredit Sharman Networks and the Kazaa software, following a number of recent court decisions around the world that have ruled against the entertainment industry's agenda to stamp out peer-to-peer technology." Nor have the legal attacks abated in the United States. The Recording Industry Association (RIAA) has launched a fifth wave of lawsuits against Internet users who allegedly have engaged in copyright infringement by sharing music files online. In this latest effort, the RIAA mentioned its targets by their supposed IP addresses, and is trying to discover the true identities of the people it sued. The Association's efforts have encounter serious opposition from various groups, including GILC members the American Civil Liberties Union and EFF as well as Public Citizen, who believe the RIAA has yet to show sufficient justification for divulging the identities of the targeted Internet users. EFF Legal Director Cindy Cohn explained: "Once again, the RIAA is trying to cut corners in its crusade against file-sharers and deny Internet users the legal protections that are available in all other types of legal cases. All of those accused should receive notice and have a chance to refute! accusations of file-sharing before the record industry compels their Internet Service Providers to reveal their identities." The RIAA has sued a total of 1445 alleged file-sharers in the U.S. over the past year. Read Keith Damsell, "Net song swappers identities' seen as hard to track," Globe and Mail (CA), 19 February 2004 at http://www.globetechnology.com/servlet/story/RTGAM.20040219.gtpiracy19/BNSto ry/Technology/ For more on the Australian recording industry raids, see James Pearce, "Music industry's search orders on trial," CNET News, 20 February 2004 at http://news.com.com/2102-1027_3-5162498.html Read "Kazaa files motion to delay copyright proceedings," AAP, 10 February 2004 at http://www.smh.com.au/articles/2004/02/10/1076175148175.html See also Sam Varghese, "Record industry enforcer raids Kazaa offices," Sydney Morning Herald, 6 February 2004 at http://www.smh.com.au/articles/2004/02/06/1075854054236.html For further information in German (Deutsch), see "Australische Musikindustrie geht gegen Kazaa vor," Heise Online, 6 February 2004 at http://www.heise.de/newsticker/meldung/44392 For more details and commentary on the U.S. file-sharer lawsuits, visit the EFF website under http://eff.org/IP/P2P/RIAA_v_ThePeople/20040202_eff_pr.php Read Katie Dean, "New Flurry of Lawsuits," Wired News, 19 February 2004 at http://wired.com/news/print/0,1294,62318,00.html ================================================================ [8] Canadian ruling poses Net jurisdictional speech issues ================================================================ A Canadian court decision has renewed concern over how national laws can restrict international free speech online. The case centered around Cheickh Bangoura, a former United Nations official who immigrated to Canada from Kenya several years ago. He had sued the Washington Post, a United States newspaper, for defamation in a court located in the Canadian province of Ontario over an article that was written and posted both offline and online while he was still living in Kenya. The Post asked for the court to stay the lawsuit, saying that the dispute (including the underlying article) had little or nothing to do with Canada. The judge disagreed, holding that the newspaper "should have reasonably foreseen that the story would follow the plaintiff wherever he resided. ... Publishers are not obliged to publish on the Internet. If the potential reach is uncontrollable then the greater the need to exercise care in publication." Internet experts are worried that this decision may deter people from publishing their works online, for fear of breaking speech restrictions in some other country. Canadian law professor Michael Geist wrote that, through this ruling, the "Ontario court has ... created a moving target test that will create the prospect for uncertainty among publishers worldwide as they fear that they too may be someday be hauled into an Ontario courtroom." To read the text of the decision, click http://www.canlii.org/on/cas/onsc/2004/2004onsc10181.html See Michael Geist, "Web decision extends long arm of Ontario law," Toronto Star, 16 February 2004 at http://www.shorl.com/fidygrejosoja ================================================================ [9] DVD copying equipment maker loses initial court battle ================================================================ Should it be illegal to make a device that can copy videodiscs? That is essentially the question posed by a court case that involves 321 Studios. The company manufactures DVD X Copy, a computer program that allows users to duplicate DVDs, which usually are embedded with copy protection programs. 321 Studios is marketing the product as an easy way to make backups: "DVDs can easily get lost, stolen, scratched, damaged by heat, broken by children, or rendered useless in other ways. By making backup copies, consumers can protect their investment in their DVD libraries. The duplicate copy can be used at home or taken on vacation, while the availability of both the original and the backup provides a kind of insurance against loss or damage." However, the Motion Picture Association of America sued 321 Studios, saying it had violated the much-maligned Digital Millennium Copyright Act (DMCA), which, among other things, bans individuals from circumventing copy protection schemes. Presiding Judge Susan Illston has since ordered 321 Studios to stop selling DVD X Copy within 7 days. A number of experts fear that the ruling will severely curb traditional free speech rights, including the ability to make fair use of copyrighted works (for such purposes as parody, criticism or commentary). Cindy Cohn, the legal director of the Electronic Frontier Foundation (EFF-a GILC member), strongly disagreed with the court's reasoning: "We don't think Congress intended to de facto eliminate fair use. ... Under the DMCA, you have a theoretical right to fair use. But this ruling shows that if you provide a tool for fair use you can't use it." 321 Studios plans to appeal the trial court decision. An EFF press release on this subject is posted at http://eff.org/IP/DMCA/MGM_v_321Studios/20040220_eff_pr.php For more information about 321 Studios' stance on DVD copying, click http://www.321studios.com/aboutFAQ.htm See Adam Turner, "Copy, right?" Next (AU), 24 February 2004 at http://www.smh.com.au/articles/2004/02/23/1077497503357.html Read "DVD copying equipment ruled illegal," New Scientist.com, 24 February 2004 at http://www.newscientist.com/news/news.jsp?id=ns99994710 See "Court Setback For DVD Copying," Associated Press, 21 February 2004 at http://www.cbsnews.com/stories/2004/02/20/tech/main601371.shtml See also "Court stops DVD-copying program," BBC News Online, 23 February 2004 at http://news.bbc.co.uk/1/hi/technology/3512825.stm ================================================================ [10] South Korean wiretapping surges upward ================================================================ Recently released statistics on South Korean government wiretapping have led to increased public concern over the future of personal privacy. The statistics were disclosed in two separate reports from the South Korean Ministry of Communications and Information (MIC). One report indicated that the number of wiretapping cases had increased by 12% in 2003 (compared to 2002). Interception of Internet transmissions rose by more than 10%, while interception of mobile phone transmissions rocketed up by over 27%. Additionally, the MIC admitted that South Korean law enforcement agencies had gathered personal information records regarding a total of 987 388 mobile phone calls. The records were surprisingly detailed and included such tidbits as callers' birthplaces and their geographic locations. These revelations have further fueled public anxiety over government spy practices. Indeed, the reports came as a committee of the South Korean National Assembly is investigating charges that a senior National Security Council official, Lee Jong-seok, had ordered the National Intelligence Service to intercept mobile phone conversations made by several reporters. See Shim Jae-yun, "1 Mil. Mobile Phones Wiretapped," Korea Times, 17 February 2004 at http://times.hankooki.com/lpage/200402/kt2004021722324210440.htm Read Kim Tae-gyu, "Wiretapping Cases Up 12%," Korea Times, 11 February 2004 at http://times.hankooki.com/lpage/tech/200402/kt2004021117490211790.htm See also "NIS checks reporter's phone, sparks furor," Korea Herald, 31 January 2004 at http://www.asiamedia.ucla.edu/article.asp?parentid=7115 ================================================================ [11] U.S. Net telephony spy rules controversy still unresolved ================================================================ It is still unclear whether the United States government will implement new standards that would make it easier to spy on phone calls made over the Internet. The U.S. Federal Bureau of Investigations (FBI) and the U.S. Department of Justice (DOJ) have repeatedly called on the Federal Communications Commission to rule that the Communications Assistance for Law Enforcement Act (CALEA) applies to phone calls made via the Information Superhighway, including transmissions using the Voice over Internet Protocol (VoIP). Enacted in 1994, CALEA generally requires telecom firms to build surveillance capabilities into their networks, but exempts information services, most notably the Internet. If the FCC were to issue such a ruling, Internet service providers, including providers of high-speed broadband connections, would have to install spyware in their systems. This debate was highlighted recently when the FCC approved a request by Pulver.com, a VoIP provider, to avoid having to comply with various regulations that apply to traditional phone companies. However, the Commission did not specifically address the issue of whether CALEA applies to VoIP. Indeed, one of the Commissioners, Michael Copps, signaled that he would support the FBI and DOJ's stance, and expressed concern that the Pulver ruling creates "challenges for law enforcement." Privacy advocates and industry leaders remain worried about efforts to apply CALEA to VoIP and similar technologies. Among other things, they question whether such rules would actually be effective in capturing criminal conversations. Some of these critics have also suggested that CALEA specifically excludes the Internet from its coverage and that surveillance tools to spy on Internet phone calls could be used for unnecessary government spying on other types of Internet transmissions, such as private email messages and surfed webpages. Read Declan McCullagh and Ben Charny, "FCC: 'Pure' VoIP not a phone service," CNET News, 12 February 2004 at http://news.com.com/2102-7352_3-5158105.html See Ben Charny, "VoIP: It's not so easy to listen in," CNET News, 13 February 2004 at http://news.com.com/2102-7352_3-5159159.html ================================================================ [12] U.S. President threatens veto of privacy restoration bills ================================================================ United States President George W. Bush may veto legislation designed to restore privacy rights, according to a senior U.S. government official. This threat came in a letter from U.S. Attorney General John Ashcroft regarding the SAFE Act, a proposal that would place some checks and balances on government surveillance powers that were expanded under the heavily-criticized USA Patriot Act. For example, the proposal would implement safeguards against potential government abuse of "sneak and peek" secret search powers, as well as increase privacy protections for computer users at libraries. It would also lead to the expiration or "sunsetting" of a Patriot Act section that applied loose pen register privacy standards (previously used for collecting such data as phone numbers) to the Internet, rather than requiring law enforcement agents to show probable cause that a crime is being committed and get a court order. This pen register provision had allowed the U.S. government to make greater use of controversial Internet spy tools such as Carnivore. In the letter, Ashcroft savaged the Act, urged the U.S. Senate to reject the ! bill and said that, if the bill "is presented in its current form to the President, the President's senior advisers will recommend that it be vetoed." The Bush Administration's stance received a hostile reaction from privacy advocates. Anthony Romero, the executive director of the American Civil Liberties Union (ACLU-a GILC member), said that the "Attorney General's attack on the SAFE Act shows how out of step the Bush Administration is with growing national concern over the Patriot Act. Ironically, the veto threat also demonstrates that the SAFE Act is becoming an increasingly viable legislative measure, one that has obviously put the Ashcroft Justice Department on the defensive." An ACLU press release on this subject is posted at http://www.aclu.org/SafeandFree/SafeandFree.cfm?ID=14833&c=206 The text of the Ashcroft letter is available (in PDF format) under http://www.politechbot.com/docs/safe.ashcroft.letter.013004.pdf To read the text of the SAFE Act, click http://thomas.loc.gov/cgi-bin/query/z?c108:s.1709: The text of the Patriot Act is available via the Electronic Privacy Information Center (EPIC-a GILC member) website at http://www.epic.org/privacy/terrorism/hr3162.html For an overview of the Patriot Act's sunset provision (in PDF format), visit the Center for Democracy & Technology (CDT-a GILC member) website under http://www.cdt.org/security/20040127sunsets.pdf Read Declan McCullagh, "Ashcroft says surveillance powers should stand," CNET News, 29 January 2004 at http://news.com.com/2102-1028_3-5150477.html For press coverage in German (Deutsch), see "US-Regierung droht bei Beschneidung des Patriot Act mit Veto," Heise Online, 30 January 2004 at http://www.heise.de/newsticker/meldung/44208 ================================================================ [13] WebFountain Internet trawling device: TIA-lite? ================================================================ A new system to compile and scrutinize large amounts of information is drawing unfavorable comparisons to a much-maligned United States government spy system. Developed by two IBM scientists, Dan Gruhl and Andrew Tomkins, WebFountain scans a variety of materials, including "internet data, weblogs, bulletin boards, enterprise data, legacy data, licensed content, newspapers, magazines and trade journals." The program then uses that information to create "buzz reports" and draw conclusions as to people's opinions on various subjects. For example, according to Gruhl, a gas station could use WebFountain to see what the public felt about fuel price increases as well as various services it offered, such as car washes. Gruhl mentioned that one client wants to use the program to predict whether bank customers who deposited large amounts of money were engaged in criminal activity. Questions remain as to what effect WebFountain will have on Internet privacy. Indeed, the program's features betray certain similarities with the now-infamous Total Informational Awareness (TIA) initiative (later renamed Terrorist Information Awareness). Designed by a branch of the U.S. Department of Defense, TIA's goal was to gather and analyze personal data on a grand scale to predict and prevent terrorist acts. The U.S. Congress eventually shutdown the department that was developing TIA, largely due to privacy fears and doubts as to the system's effectiveness, although reports indicate that some TIA components are quietly being developed by other U.S. government agencies. The official WebFountain webpage is located at http://www.almaden.ibm.com/WebFountain/ Read "WebFountain to track Net buzz," South China Morning Post, 10 February 2004 at http://www.asiamedia.ucla.edu/article.asp?parentid=7516 For more on TIA, read "Fed Data-Mining Research Lives On," CBSNews.com, 23 February 2004 at http://www.cbsnews.com/stories/2004/02/23/tech/main601728.shtml ================================================================ [14] Major privacy problems found in South Korean websites ================================================================ A new study indicates many South Korean websites don't do a very good job in protecting their users' personal data. The Yonhap News Agency study discovered privacy problems in a number of government and non-government websites. For example, researchers found that many sites, such as the South Korean Supreme Public Prosecutors' Office webpage, used unencrypted identification text files or cookies, which could easily be doctored so that an attacker could enter the site with false authentication information. Similarly, a large online community website (that had some 10 million members) had such weak authentication security that it was possible to dupe its cyberpayment system and steal other members' money. Computer security professionals decried these findings and warned that failure to fix these problems could lead to legal trouble. One expert suggested that the proprietors of the offending websites simply have forgotten that the privacy of their users is fundamentally important: "They seem to have established Web sites without considering the basis of their Web connection." Read Kim Rahn, "Major WebSites Not Safe From Leakage of Personal Information," Korea Times, 24 February 2004 at http://times.hankooki.com/lpage/nation/200402/kt2004022417390511980.htm ================================================================ [15] U.S. universities suffer online security breaches ================================================================ Several separate incidents have raised questions as to whether universities in the United States are doing enough to protect the personal information of their students and faculty. In one of these incidents, attackers managed to infiltrate University of Georgia (UGA) security via computer and gain remote access to a UGA server containing sensitive data. The types of personal information that were stored on the server included credit card account numbers, credit card expiration dates, social security numbers, names and birth dates. Although it is unclear just how many people were affected by the breach, email notices regarding the incident were sent to about 31000 recipients. Meanwhile, New York University (NYU) has been racked by several major online security foul-ups. In one incident, a publicly accessible NYU athletics website posted the social security numbers of some 1800 students, while another NYU webpage revealed personal data regarding more than 2100 alumni, professors and students. Both websites have since been taken offline; however, NYU only took concrete action regarding the athletics website a month after the problem was discovered, which led to heavy criticism from various students for the apparent delay. For further information regarding the University of Georgia incident, click http://www.uga.edu/inside/fraudconcerns.html For more details on the NYU breach, read Bret Nolan Collazzi, "NYU.edu to get a checkup," Washington Square News, 3 February 2004 at http://www.washingtonsquarenews.com/news/campus/6627.html See also Kate Meyer, "SSN flap may lead to new ID system," Washington Square News, 24 January 2004 at http://www.washingtonsquarenews.com/news/campus/6534.html ================================================================ [16] Microsoft criticized over slow security patch rollout ================================================================ Computer experts are criticizing the world's leading software manufacturer over its sluggish reaction in fixing a security flaw. The controversy revolves around a security hole in the latest versions of Microsoft's Windows operating system. The flaw, which involves an underlying protocol known as Abstract Syntax Notation One, would allow an attacker to takeover a victim's computer remotely, such as through a local area network. eEye Digital Security, a United States company, discovered the problem and notified Microsoft in July 2003. However, Microsoft did not make any announcement about the flaw until about two weeks ago, when it described the problem as "critical" and released a patch for the hole. Not surprisingly, a number of observers wonder whether the protection of Microsoft users' personal information ranks sufficiently high on the company's list of priorities. eEye's Marc Maiffret warned: "If it really took them that long technically to make (and test) the fix, then they have other problems. That's not a way to run a software company." Internet law expert Steven Philippsohn explained: "I have no doubt that if manufacturers in cases like this know about a flaw in their system and don't inform at earliest opportunity possible, they could be liable for losses. It has been made more serious by the fact Microsoft have accepted that they were told about the flaw months ago." Read Robert Lemos, "200 days to fix a broken Windows," CNET News, 13 February 2004 at http://news.com.com/2102-1002_3-5158625.html See "'Protect PCs' Microsoft users told," BBC News, 11 February 2004 at http://news.bbc.co.uk/1/hi/technology/3477899.stm For coverage in Spanish (Espanol), see "El nuevo fallo de Microsoft podria ser de los mas graves conocidos," DelitosInformaticos.com, 12 February 2004 at http://www.delitosinformaticos.com/seguridad/noticias/107660261838741.shtml ================================================================ [17] MyDoom computer bug hits hard ================================================================ A new computer bug has raised troubling questions regarding the efficacy of current Internet security systems. The MyDoom worm (also known as Novarg) was disguised under such email subject lines as "Mail Delivery System," "Test" or "Mail Transaction Failed." Such messages came with attachments that, when opened, installed programs on victims' computers allowing attackers to gain remote control of the machines. The malady, which only affected users of the Microsoft Windows operating system, also launched denial of service attacks against the website of the SCO Group (www.sco.com); the software organization was forced to open an alternative website. MyDoom also used victims' email address books to forward itself along to another machines. Some estimates indicate the bug affected 2 million computers worldwide. Since then, other versions of MyDoom have appeared that target the websites of Microsoft and the Recording Industry Association of America. The MyDoom outbreak has led a close reexamination of current measures to protect Internet users. For example, some experts have pointed to the market dominance of the Microsoft Windows as a contributing factor in the spread of computer bugs, since a attacker can just focus on the weaknesses of one operating system and create a virus or worm that can afflict millions of users worldwide. Another cited problem is that many home computer users still have not installed antivirus software or have not downloaded the most up-to-date antivirus patterns. Read Robert Lemos, "RIAA to face MyDoom's music," CNET News, 20 February 2004 at http://news.com.com/2102-7355_3-5162833.html See David Becker, "SCO selling Linux licenses online," 23 February 2004 at http://news.com.com/2102-7344_3-5163508.html See "Warning: Microsoft 'Monoculture,'" Associated Press, 15 February 2004 at http://www.wired.com/news/print/0,1294,62307,00.html Read David McCandless, "Anatomy of a virus," The Guardian (UK), 5 February 2004 at http://www.guardian.co.uk/online/story/0,3605,1140962,00.html See also Carrie Kirby, "Why this one is scarier/Mydoom brings computer viruses to new level of sophistication," San Francisco Chronicle, 3 February 2004, page B1 at http://sfgate.com/cgi-bin/article.cgi?f=/c/a/2004/02/03/BUGOL4ND9D1.DTL See also Robert Lemos, "MyDoom sparks talks of security's future," CNET News, 2 February 2004 at http://news.com.com/2102-7349_3-5152165.html ========================================================= ABOUT THE GILC NEWS ALERT: ========================================================= The GILC News Alert is the newsletter of the Global Internet Liberty Campaign, an international coalition of organizations working to protect and enhance online civil liberties and human rights. Organizations are invited to join GILC by contacting us at [log in to unmask] To alert members about threats to cyber liberties, please contact members from your country or send a message to the general GILC address. To submit information about upcoming events, new activist tools and news stories, contact: Christopher Chiu GILC Coordinator American Civil Liberties Union 125 Broad Street, 17th Floor New York, New York 10004 USA Or email: [log in to unmask] More information about GILC members and news is available at http://www.gilc.org You may re-print or redistribute the GILC NEWS ALERT freely. This edition of the GILC Alert will be found on the World Wide Web under http://www.gilc.org/alert/alert82.html To subscribe to the Alert, or to change your subscription options (including unsubscribing), please visit http://mail.2rad.net/mailman/listinfo/gilc-announce ======================================================== PUBLICATION OF THIS NEWSLETTER IS MADE POSSIBLE BY A GRANT FROM THE OPEN SOCIETY INSTITUTE (OSI) ======================================================== _______________________________________________ Gilc-announce mailing list [log in to unmask] http://mail.2rad.net/mailman/listinfo/gilc-announce ************************************************************************************ Distributed through Cyber-Society-Live [CSL]: CSL is a moderated discussion list made up of people who are interested in the interdisciplinary academic study of Cyber Society in all its manifestations.To join the list please visit: http://www.jiscmail.ac.uk/lists/cyber-society-live.html *************************************************************************************