From: Chris Chiu To: Gilc-Announce (E-mail) Sent: 26/01/04 20:39 Subject: [Gilc-announce] GILC Alert GILC Alert Volume 8, Issue 1 26 January 2004 Welcome to the Global Internet Liberty Campaign Newsletter. Welcome to GILC Alert, the newsletter of the Global Internet Liberty Campaign. We are an international organization of groups working for cyber-liberties, who are determined to preserve civil liberties and human rights on the Internet. We hope you find this newsletter interesting, and we very much hope that you will avail yourselves of the action items in future issues. If you are a part of an organization that would be interested in joining GILC, please contact us at <[log in to unmask]>. If you are aware of threats to cyber-liberties that we may not know about, please contact the GILC members in your country, or contact GILC as a whole. Please feel free to redistribute this newsletter to appropriate forums. =============================================== Free expression [1] Two DVD speech cases end badly for Hollywood [2] French plan may lead to more Net censorship [3] Police in India push cybercafe restrictions [4] US plan to restrict flow of mere facts moves forward [5] Syrian Net critic remains in prison [6] Cuba implements further Net restrictions [7] Hollywood sues still more Net filesharers [8] New UK emergency powers laws provoke criticism [9] Chinese cyberdissident still in legal limbo [10] Vietnamese Net critic receives multi-year jail sentence [11] Adobe, HP products contain hidden anti-copying features [12] Iranian court orders blocking of reformist website [13] Court battle over US state Net blocking law [14] European group sues over crippled CDs Privacy [15] US president: renew expanded spy powers [16] Italian data retention plan draws fire [17] US gov't again pushes Net phone tapping rules [18] Verisign to help create Net-based RFID tracking system [19] Limited South Korean mobile phone privacy rules pushed [20] Disney policy change may weaken Net users' privacy [21] PCP system may enhance mobile computing privacy [22] British spy laws spur surveillance industry =========================================================== [1] Two DVD speech cases end badly for Hollywood =========================================================== Efforts by various entertainment industry groups to stifle the development and spread of a controversial DVD-related computer program have met with defeat on two fronts. In 1999, Norwegian teenager Jon Johansen wrote DeCSS to help Linux operating system users watch DVDs on their machines. Norwegian authorities briefly detained Johansen in early 2000 for his activities but released him soon afterwards. Nearly 2 years later, he was arrested once more on the theory that by developing DeCSS, he violated a Norwegian law against break-ins. Presiding judge Irene Sogn subsequently cleared Johansen of the charges, but the Norwegian government (on behalf of the Motion Picture Association of America) appealed the decision. The appeals court then cleared Johansen of all charges. Among other things, the panel held that the use of DeCSS did not "represent any great danger for illegal reproduction of DVDs in competition with the movie producers." The court also held that DVD packaging language that prohibited copying was invalid because it "would limit the right of the consumer" to reproduce "copies of published works for private use when this is not commercial." Moreover, the panel noted that there was no evidence of "anybody else having used DeCSS for illegally acquired DVD movies" or that, "by making DeCSS available on the Internet," Johansen had "contributed to the private copying of feature movies by others." Norwegian prosecutors decided not to appeal this latest ruling, thereby bringing the case to an end. In related news, the Digital Video Disc Content Control Association (DVD CCA) has asked a court in California to dismiss its lawsuit against hundreds of people for posting DeCSS online or providing weblinks to the program. The consortium, an ad hoc group that purportedly represents members of the DVD industry, had previously claimed that these actions amounted to a breach of trade secrets law. Free speech advocates have greeted these latest developments with jubilation. Robin Gross, the executive director of IP Justice (a GILC member), said it was "is delightful to see the Norwegian courts stand up to Hollywood and defend the rights of its citizens to engage in lawful, but unauthorized, uses of DVD movies. Both the Norwegian city and appeals courts have wisely recognized that when you buy a DVD, you own it; and Hollywood does not have the right to tell you how you may use your property." Similarly, Cindy Cohn from the Electronic Frontier Foundation (EFF-a GILC member) hoped that "Johansen's acquittal ... will ... convince Hollywood to stop filing unfounded charges in cases where there is no copyright infringement." Cohn also said that her organization was "pleased that the DVD CCA has finally stopped attempting to deny the obvious: DeCSS is not a secret." The text of the appeals court decision is available (in PDF format) at http://www.ipjustice.org/johansen/DVD-Jon-Borgarting-1-eng.pdf The text of the Judge Sogn's decision is posted under http://www.eff.org/IP/Video/DeCSS_prosecutions/Johansen_DeCSS_case/20030 109_johansen_decision.html An EFF press release on the appeals court ruling is posted at http://www.eff.org/IP/Video/DeCSS_prosecutions/Johansen_DeCSS_case/20031 222_eff_pr.php To read an EFF media advisory about the DVD CCA dismissal request, click http://www.eff.org/IP/Video/DVDCCA_case/20040122_eff_pr.php See "DVD Encryption Lawsuit Dropped," Associated Press, 25 January 2004 at http://wired.com/news/print/0,1294,62040,00.html Read John Borland, "Hollywood group drops DVD-copying case," CNET News, 22 January 2004 at http://news.com.com/2102-1025_3-5145809.html See "No more sequels in DVD hacking case," Reuters, 5 January 2004 at http://news.com.com/2102-1025_3-5134835.html Read "Film firms lose DVD piracy battle," BBC News Online, 6 January 2004 at http://news.bbc.co.uk/2/hi/technology/3371975.stm For coverage in German (Deutsch), read "DVD-Industrie macht Rueckzieher im DeCSS-Rechtsstreit," Heise Online, 23 January 2004 at http://www.heise.de/newsticker/data/wst-23.01.04-001/ ======================================================= [2] French plan may lead to more Net censorship ======================================================= A number of groups have severely criticized a French proposal that they say will erode civil liberties online. The proposal comes in the form of a French digital economy bill. The legislation includes language that would make Internet service providers liable for content on websites that they host. More specifically, they would have to "act promptly" to take down material "after becoming aware of their unlawful nature" or face legal retribution-a process that currently requires judicial approval. The bill also essentially eliminates the doctrine that email should be treated as "private correspondence," creating the possibility that such messages can be more easily intercepted by third parties. A version of the bill has been adopted by the French National Assembly and will now go to the Senate for possible further action. These and other features of the plan have drawn fire from several quarters. Robert Menard, the secretary-general of Reporters Sans Frontieres (RSF-a GILC member) warned: "The digital economy bill is an incoherent hodgepodge which even Internet professionals are hard put to understand. The jumble of articles approved by the national assembly representatives include measures that are very worrying for online free expression." Similar concerns have been expressed by Imaginons un Reseau Internet Solidaire (IRIS-a GILC member). To read RSF's comments on the plan, click http://www.rsf.fr/article.php3?id_article=9014 An IRIS press release on the proposal is posted at http://www.iris.sgdg.org/info-debat/comm-len-an0104.html Read Estelle Dumout, "French green-light radical overhaul of internet and telecoms," Silicon.com, 13 January 2004 at http://www.silicon.com/networks/broadband/0,39024661,39117748,00.htm ================================================== [3] Police in India push cybercafe restrictions ================================================== Various observers have savaged a new plan that may significantly restrict the activities of cybercafe users in India. The proposal is currently being considered by authorities in the western state of Maharashtra, which includes the city of Mumbai (Bombay). Under the plan, cybercafes would have to install software to block various websites that are supposedly inappropriate for minors. Customers must also show photo identification and give their postal addresses, which will be retained by cafi owners for up to a year and would be released to police on request. Moreover, Internet cafes will have to get approval from 5 different government agencies and pay licensing fees. Many experts fear that the measure could have a deleterious effect on cyberliberties. Marc Rotenberg from the Electronic Privacy Information Center (EPIC-a GILC member) warned: "Governments can use the records of what people say in the e-mail messages that they send as a basis for prosecuting journalists, dissidents and political opponents." There are also concerns that government agents could abuse the licensing fee scheme to extort money from cybercafe owners. Read "Mumbai Police to monitor cybercafes," Associated Press, 20 January 2004 at http://www.hindustantimes.com/news/181_540043,00030010.htm ========================================================== [4] US plan to restrict flow of mere facts moves forward ========================================================== Lawmakers in the United States are considering a proposal that could extend copyright-style restrictions to mere facts. The "Database and Collections of Information Misappropriation Act" would essentially bar people from knowingly making available "a quantitatively substantial part of the information in a database" created or maintained by another person without that other person's permission. The proposal is broadly worded and would apply databases stored in digital form, including such information as Internet search engine results. Violators could be sued in civil court. A committee of the U.S. House of Representatives has now approved the legislation; a vote by the full House may come within the next several months. The proposal has generated serious anxiety among free speech and fair use advocates, who believe it will deter information transfers, including discussions online, for fear of legal liability. Public Knowledge has issued a statement saying it was still "convinced the central concept of broadening database protection is a bad one. We believe a central democratic interest principle is at stake. Our leaders and policymakers should strive to make it easier and less costly-not more difficult and more costly-for citizens to have access to public information. This should be the goal even when that information has been assembled or reassembled by a small number of commercial enterprises." A number of prominent corporations and industry groups are also arguing against passage of the bill, including the U.S. Chamber of Commerce, Amazon, AT&T, Comcast, Google and Yahoo. To read the text of the bill, click http://thomas.loc.gov/cgi-bin/query/z?c108:h.r.3261: The Public Knowledge statement is posted under http://www.publicknowledge.org/content/legislation/legislation-hr3261 Read Declan McCullagh, "Tech firms fail to squelch database bill," CNET News, 21 January 2004 at http://news.com.com/2100-1028-5145040.html For background information and analysis on database protection proposals in general, click http://www.praxagora.com/andyo/professional/collection_law.html For coverage in German (Deutsch), see "US-Justizausschuss stimmt Gesetz zum Datenbankschutz zu," Heise Online, 22 January 2004 at http://www.heise.de/newsticker/data/anw-22.01.04-004/ ================================================ [5] Syrian Net critic remains in prison ================================================ Public concern is growing over the plight of a Syrian dissident who was jailed for his online activities. Syrian government agents arrested Abdel Rahman Shagouri nearly a year ago. Shagouri allegedly had sent an online newsletter by www.ThisIsSyria.Net, a political website that is banned in the Middle Eastern nation. He is currently in solitary confinement at a prison near the capital, Damascus, and has yet to appear in court, much less undergo a full trial. Reports indicate he has been tortured during his prison stay (resulting in a serious injury to his head), and the Syrian secret police have seized a number of items from his home, including his computer. Free speech groups have expressed outrage over the case, which is reputedly the first time a cyber-dissident has been jailed in Syria. The secretary-general of Reporters Sans Frontieres (RSF), Robert Menard, urged Syrian President Bashar al-Assad "to immediately release Shagouri. The Syrian head of state is an enthusiast of new technologies. Moreover, he was previously head of the Syrian Computer Association. We therefore wish to remind President Assad that there cannot be any sustainable development of the Internet without respect for freedom of expression." For further information, visit the RSF website at http://www.rsf.fr/article.php3?id_article=8941 ======================================================= [6] Cuba implements further Net access restrictions ======================================================= It may soon get harder for people in Cuba to reach the Information Superhighway. The Cuban government had already imposed numerous restrictions on Internet activity. Besides censoring Internet content (including email messages), Cuban authorities had also barred most citizens from going online, allowing only a handful of doctors and government officials to access to the Internet. Now, under a new decree, the few Cubans who can venture onto the Information Superhighway will no longer be able to use the country's phone system, which can be paid for in Cuban pesos, albeit at a relatively high price. Instead, they will have to use an even more expensive phone system for which only United States dollars will be accepted for payment. Moreover, the law requires the state-run phone company to use technical means to "detect and impede access to Internet navigation service." Free speech advocates have deplored this decision. Robert Menard, the secretary-general of Reporters Sans Frontieres (RSF-a GILC member), said that his group was "extremely worried by this new decree which is aimed at tracking down 'informaticos', Cubans who managed to get Internet access despite an official ban. The Internet is one of the few means of getting around the ever present censorship of news and information in this country. Since they are unable to monitor the Internet as easily as the newspapers, the government has simply chosen to ban access to the Internet for almost the entire population. Very few countries go as far as this to control the Net." An RSF press release on this subject is posted under http://rsf.fr/article.php3?id_article=9039 See Stephen Gibbs, "Cuba law tightens internet access," 24 January 2004 at http://news.bbc.co.uk/1/hi/world/americas/3425425.stm Read "Cuba Cracks Down On Web Access," Associated Press, 9 January 2004 at http://www.cbsnews.com/stories/2004/01/09/tech/main592416.shtml ============================================================ [7] Hollywood sues still more Net filesharers ============================================================ Hollywood has launched a fourth wave of lawsuits against people over their online file-sharing activities. This time, the Recording Industry Association of America (RIAA) sued 532 Internet users who supposedly have engaged in copyright infringement by sharing music files online. All told, the RIAA has filed lawsuits against nearly a thousand alleged file-sharers over the 12 months, although it is unclear whether all of these people have actually broken any laws. In this latest wave, the RIAA did not mention its targets by their real names, but by their supposed Internet Protocol addresses. This tactic is largely due to a December 2003 United States appeals court ruling against the RIAA in its efforts to collect personal information about various customers of the Internet service provider Verizon. The Association's continued legal attacks on Internet users have met with resistance from many quarters, including consumers, cyberlibertarians and industry leaders. Cindy Cohn, the legal director of the Electronic Frontier Foundation (EFF-a GILC member) said that the RIAA was "still heading in the wrong direction. The recording industry should be giving America's millions of filesharers the same deal that radio stations have had for decades: pay a fair fee, play whatever you want on whatever software works best for you." Nevertheless, there are growing signs that these copyright battles will spread to other nations. For example, the British Phonographic Industry (BPI) has issued warnings that it may soon file similar lawsuits against Internet users in the United Kingdom. A BPI spokesman explained: "The music industry will defend its rights under the law whether it is against traders selling illegally copied CDs on market stalls, or people uploading illegally over the internet. The BPI has made no final decision on taking legal action, but nobody should be in any doubt that such uses of filesharing networks are illegal and are harming the health of British music. We will take legal action if we are forced to." Broadly similar threats are being made by the German recording industry. An EFF press release on the latest wave of RIAA lawsuits is posted at http://www.eff.org/IP/P2P/20040121_eff_pr.php See Carrie Kirby, "RIAA goes after 532 unnamed file sharers," San Francisco Chronicle, 22 January 2004 at http://sfgate.com/cgi-bin/article.cgi?f=/c/a/2004/01/22/BUGJD4EP2O1.DTL Read John Borland, "RIAA embarks on new round of piracy suits," CNET News, 21 January 2004 at http://news.com.com/2102-1027_3-5144558.html See also Katie Dean, "RIAA Strikes Again at Traders," Wired News, 21 January 2004 at http://wired.com/news/print/0,1294,61989,00.html For coverage in Spanish (Espanol), read "La Asociacion de Industrias Grabadores de EE.UU. demanda a 532 personas por distribucion de canciones en la Red," DelitosInformaticos.com, 22 January 2004 at http://www.delitosinformaticos.com/noticias/107476692493689.shtml See "UK song-swappers 'could be sued,'" BBC News Online, 15 January 2004 at http://news.bbc.co.uk/1/hi/entertainment/music/3395161.stm See also "U.K. music industry eyes song swappers," Reuters, 14 January 2004 at http://news.com.com/2102-1027_3-5140769.html For more about legal threats from the German music industry, see "Deutsche Musikindustrie warnt Tauschboersen-Nutzer," Heise Online, 22 January 2004 at http://www.heise.de/newsticker/data/anw-22.01.04-002/ ==================================================== [8] New UK emergency powers laws provoke criticism ==================================================== The British government is considering an emergency powers proposal that some experts believe will undermine human rights online. The British civil contingencies bill would expand the powers of the armed forces, the police and various other government agencies in the event of an "emergency." The list of new powers would apparently include denying public access to various locations (including places online) and seizing private property without compensation. After a strong backlash from civil liberties groups, the government modified the proposal, such as altering the definition of what constitutes an "emergency" to exclude activities that merely threaten the nation's "political, administrative or economic stability." However, the revised definition includes more than just terrorist acts, and encompasses natural disasters such as "floods" and "catastrophic storms" as well as "oil spills." The changes have failed to assuage a number of observers, who remain fearful that the proposal will have a number of negative consequences, including a chilling effect on Internet free speech. Tony Bunyan of Statewatch (a GILC member) warned: "The limited concessions made by the government in no way change the fundamental objections to this bill. The powers available to the government and state agencies would be truly draconian." He further noted that under the bill's sweeping powers, "Cities could be sealed off, travel bans introduced, all phones cut off, and websites shut down. Demonstrations could be banned and the news media be made subject to censorship. New offences against the state could be 'created' by government decree." The text of the bill is available (in PDF format) under http://image.guardian.co.uk/sys-files/Politics/documents/2004/01/07/civi lcontingenciesbill.pdf To read a Statewatch analysis of the bill, click http://www.statewatch.org/news/2004/jan/12uk-civil-contingencies-bill-re vised.htm Read "Government backs down on terror bill," Guardian Unlimited UK, 7 January 2004 at http://politics.guardian.co.uk/attacks/story/0,1320,1117712,00.html ================================================ [9] Chinese cyberdissident still in legal limbo ================================================ The fate of a Chinese online critic who was arrested over a year ago remains in doubt. Ouyang Yi is a member of the banned Chinese Democratic Party and allegedly wrote online about the 1989 Tiananmen protests, disparaged Beijing's economic strategies and advocated structural reforms. In December 2002, Chinese government agents arrested the former schoolteacher in connection with one of those essays. He was tried on subversion charges last October, but remains in detention while the court has failed to either reach a verdict or pass sentence. Instead, an Intermediate court has sent the case back to prosecutors requesting more evidence. Meanwhile, there is increasing concern over the plight of two other online dissidents. Kong Youping, who had posted various political materials on an overseas website, was arrested last month for his Internet activities. In addition, a court in Beijing rejected He Depu's last appeal; he had been sentenced to eight years in jail for allegedly working with the banned Chinese Democratic party and posting online messages that supposedly incited subversion. Robert Menard, the secretary-general of Reporters Sans Frontieres (RSF-a GILC member), complained: "Kong Youping and He Depu have done nothing more than express their opinions through the medium of the Internet. We are once again confronted by completely arbitrary decisions, which deprive cyber-dissidents of their right to justice." For more on the Ouyang Yi case, read "Chinese cyber-dissident case faces further delays," South China Morning Post, 7 January 2004 at http://www.asiamedia.ucla.edu/article.asp?parentid=6097 For information in Spanish (Espanol), read "La falta de pruebas puede dejar en libertad a un disidente chino que vertia sus opiniones a traves de la Red," DelitosInformaticos.com, 12 January 2004 at http://www.delitosinformaticos.com/noticias/107390611854358.shtml For background information on the Kong Youping and He Depu cases, visit the RSF website under http://www.rsf.fr/article.php3?id_article=8851 ============================================================ [10] Vietnamese Net critic receives multi-year jail sentence ============================================================ A Vietnamese court has sentenced a dissident to several years in jail for speaking out online. Nguyen Vu Binh, a journalist and advocate of political reforms, had criticized the Vietnamese government in several articles that were posted on the Information Superhighway, including an essay regarding a controversial China-Vietnam border treaty. In September 2002, he was arrested and has been in detention ever since, accused of having "written and exchanged, with various opportunist elements in the country, information and materials that distorted the party and state policies," as well as communicating with overseas "reactionary" organizations. In a closed trial that lasted half a day, a tribunal in Hanoi has now convicted Binh of these charges and sentenced him to seven years in prison, plus three years of house arrest. The government's treatment of Binh has angered many human rights activists. In an open letter to Vietnamese President Tran Duc Luong, Ann Cooper, the executive director of the Committee to Protect Journalists (CPJ-a GILC member), condemned Vietnam's "prosecution of journalists who have done nothing more than peacefully express their views on political issues." CPJ also expressed concern over the government's "blatant disregard for due process in the prosecution of journalists. Binh was detained for 15 months before being tried. During this time, Binh's family was not allowed to visit him and authorities did not offer any explanation for his arrest." In the end, CPJ called for "the immediate and unconditional release of Nguyen Vu Binh" and several other imprisoned Vietnamese journalists. The CPJ letter is posted at http://www.cpj.org/protests/04ltrs/Vietnam05jan04pl.html For more information, visit the Human Rights Watch (HRW-a GILC member) website under http://www.hrw.org/english/docs/2003/12/29/vietna6886.htm Read "Vietnam jails online journalist," BBC News Online, 31 December 2003 at http://news.bbc.co.uk/1/hi/world/asia-pacific/3358533.stm ============================================================== [11] Adobe, HP products contain hidden anti-copying features ============================================================== Controversy has erupted after various popular computer-related products were found to contain hidden anti-copying functions that were apparently included at the behest of United States and European government agents. Adobe Systems recently admitted that its Photoshop program has technology that is designed to prevent users from making copies of U.S. or European banknotes. Among other things, the program (which was actually created by another company, Digimarc) gives a warning message to those users and will slow down when performing such functions, but further details have been very hard to come by; an Adobe spokesperson said his organization "sort of knew this would come out eventually. We can't really talk about the technology itself." The U.S. Federal Reserve, which reportedly pressured Adobe to include the feature, refused to say how it works or whether the agency had forced other companies to build-in such programs. However, it is known that broadly similar technology has been incorporated into a rival software package as well as various computer printers manufactured by Hewlett-Packard (HP). Research by noted technologist Richard M. Smith revealed "that HP has ... been shipping currency anti-copying software in their printer drivers since at least the summer of 2002. These revelations have caused consternation among many consumers. Stephen M. Burns, the president of a Photoshop users' group in San Diego, California, said he explained: "Artists don't like to be limited in what they can do with their tools. Let the U.S. government or whoever is involved deal with this, but don't take the powers of the government and place them into a commercial software package." Nevertheless, the European Central Bank is calling for "the Commission of the European Communities to initiate legislation making it mandatory to incorporate counterfeit deterrence technology" into "products capable of handling digital images." For more information concerning Richard M. Smith's research on this topic, click http://www.computerbytesman.com/privacy/anticopy.htm Read Ted Bridis, "Adobe admits to currency blocker," Associated Press, 10 January 2004 at http://www.sanmateocountytimes.com/Stories/0,1413,87~11271~1882929,00.ht ml For more about the European Central Bank proposal (in PDF format), click http://www.ecb.int/pub/legal/c_25520031024en00080008.pdf ======================================================= [12] Iranian court orders blocking of reformist website ======================================================= A leading political website will soon be blocked at the behest of Iranian authorities. The Emrooz site was created by supporters of the Iran's President, Mohammad Khatami. It includes news and analysis as well as criticism of the Ayatollah Ali Khamenei, the country's spiritual leader, who controls the army and the courts. Last week, an Iranian tribunal ordered access to Emrooz be denied to Internet users throughout the country. The decision is being seen as a political move in advance of national elections, which are scheduled to take place this February. The website is still available via an overseas host to users outside of Iran. The order against Emrooz is just the latest in a series of moves by the Iranian government to censor online content. For years, Iranian authorities have blocked numerous websites, including webpages that called for reforms or otherwise criticized the country's political elite. More recently, the Iranian government reportedly extended this ban to various segments of the Google Internet search engine site and jailed Sina Motallebi, a journalist and online activist. These actions led hundreds of Internet users to post complaints on a webpage that was dedicated to covering the World Summit on the Information Society, the first phase of which was held last month. The overseas mirror of Emrooz is located at http://www.iran-emrooz.de/ Read Clare Doyle, "Iran restricts reformist website," BBC News Online, 7 January 2004 at http://news.bbc.co.uk/1/hi/world/middle_east/3376907.stm For background information, see Aaron Scullion, "Iran's president defends web control," BBC News Online, 12 December 2003 at http://news.bbc.co.uk/1/hi/technology/3312841.stm For more on the Motallebi case, visit the website of Reporters Sans Frontieres (RSF-a GILC member) under http://www.rsf.org/rubrique.php3?id_rubrique=20 ================================================= [13] Court battle over US state Net blocking law ================================================= A legal battle has erupted in the United States over a local law that critics say infringes on the right to free speech online. The Pennsylvania statute allows that state's attorney general to request a court order requiring Internet service providers (ISPs) to block sites that are suspected of containing child pornography. Since the law took effect in 2002, Pennsylvania state officials have sent hundreds of letters to ISPs telling them to deny access to various websites that allegedly violated the law. These have apparently led to censorship of unrelated webpages. For example, America Online said it had blocked 400 000 innocent websites in response to one such order. Similarly, Verizon Communications said it had censored 500 000 sites pursuant to another Attorney General request. The law has now been challenged by two GILC member organizations, the Center for Democracy & Technology (CDT) and the American Civil Liberties Union (ACLU). CDT Associate Director Ari Schwartz explained that the statute could be the start of a trend: "The reason we're looking at this law is that it was at one point seen as a model law by several different states. We were concerned that this would spread and become a model for blocking content." CDT attorney John Morris added: "We believe the attorney general could contact the Web host directly and get the content taken down from the entire Internet as opposed to one ISP's customers. We believe there's a proven successful method that is far more effective without risking any innocent, blocked sites." See Michelle Delio, "Child Porn Law Debated in Court," Wired News, 8 January 2004 at http://www.wired.com/news/politics/0,1283,61840,00.html Read Declan McCullagh, "Court ponders Web site-blocking law," CNET News, 6 January 2004 at http://news.com.com/2102-1028_3-5135850.html =============================================== [14] European group sues over crippled CDs =============================================== A consumer watchdog group has launched a legal campaign against several music conglomerates over the introduction of copy-protected compact discs. Test-Achats (also known as Test Aankoop) has sued EMI, Universal Music, BMG and Sony Music over the crippled CDs, saying it has received over 200 complaints from aggrieved consumers. The technology, which can be found on albums from Shakira and Radiohead among others, bars users from making backup copies or playing the discs on various devices. Before filing the lawsuit, the Belgium-based organization had conveyed its concerns to the International Federation of the Phonographic Industry (IFPI), but those concerns apparently were not addressed satisfactorily. The organization is hoping that record companies will stop using such copy-protection technologies, which many experts believe is having a detrimental impact on digital free speech and fair use. Test-Achats spokesman Mechels Ivo said his group was "trying to establish legal precedent in this matter. Then, we expect other consumer organizations will follow." Read "Consumers sue over anti-copy CDs," BBC News Online, 6 January 2004 at http://news.bbc.co.uk/1/hi/entertainment/music/3372859.stm See "Consumer group sues over copy-protected CDs," Reuters, 5 January 2004 at http://news.com.com/2102-1027_3-5134830.html See also Jay Lyman, "European Consumer Group Sues Over CD Copy Protection," TechNewsWorld, 6 January 2004 at http://www.technewsworld.com/perl/story/32535.html ================================================== [15] US president: renew expanded spy powers ================================================== United States President George W. Bush has called on Congress to renew laws that, among other things, greatly expanded government surveillance powers. Known as the USA PATRIOT Act, the 2001 legislation enhanced the ability of law enforcement officials to collect personal information, including through the Internet. Among other things, the Act allowed the U.S. government to make greater use of controversial spy tools such as Carnivore by applying loose pen register privacy standards (previously used for collecting such data as phone numbers) to the Information Superhighway, rather than requiring law enforcement agents to show probable cause that a crime is being committed and get a court order. It also expanded the powers of a secret United States court, created under the Foreign Intelligence Surveillance Act (FISA), whose procedural protections are not as strong as those of other tribunals. In addition, the law provided the government with the ability to conduct "sneak and peek" secret searches. A number of key Patriot Act provisions are set to expire or "sunset" in 2005. However, in his annual State of the Union address, Bush called on Federal lawmakers to renew those sections, calling the legislation "vital" for protecting U.S. citizens. The President's words drew a swift negative response from a number of groups. Anthony Romero, the executive director of the American Civil Liberties Union (ACLU-a GILC member), charged: "In his State of the Union address, President Bush once again preyed on Americans' fears and insecurities to justify extending the controversial USA Patriot Act. ... [M]illions of Americans are demanding that freedom be restored to keep America both safe and free." Ironically, many members of the audience had applauded when Bush mentioned the scheduled lapse of the provisions in question during his speech. For more of Romero's remarks, click http://www.aclu.org/SafeandFree/SafeandFree.cfm?ID=14750&c=206 A transcript of President Bush's speech is posted at http://www.whitehouse.gov/news/releases/2004/01/20040120-7.html See "Bush Aims to Expand Patriot Act," Associated Press, 22 January 2004 at http://www.guardian.co.uk/uslatest/story/0,1282,-3656676,00.html ================================================== [16] Italian data retention plan draws fire ================================================== A new Italian government decree concerning the retention of communications data has led to protests from privacy advocates. Under the plan, telecommunications companies in Italy would have to keep customer traffic data (which ostensibly could include information such as addresses of email message recipients/senders and dialed phone numbers) would be kept for at least 30 months "for the verification and repression of criminal offenses". Such data could be held for another 30 months, albeit with slightly stronger access requirements, for serious crimes such as kidnapping, organized crime, terrorism and information technology offenses. The list of potential recipients of this data includes prosecutors and defense attorneys. Not surprisingly, privacy experts have given the proposal a hostile reception. Associazione per la liberta nella communicazione elettronica interattiva (ALCEI-a GILC member) strongly criticized the proposal on several grounds, noting that, among other things, the plan "vaguely mentions the need to have 'fair' procedures in data retention, but ... gives no indication of how such guarantees should be put in place." The Italy's Data Protection Ombudsman also has warned that the plans may "contravene constitutional norms on the freedom and secrecy of communications, and on the freedom of expression of one's thoughts." At a minimum, the Ombudsman called on the Italian Parliament to conduct a careful examination of the entire proposal. An ALCEI critique of the decree is posted at http://www.alcei.it/english/actions/crimprev.htm Further background information is available from Statewatch (a GILC member) under http://www.statewatch.org/news/2004/jan/03italy-dataretention.htm ================================================== [17] US gov't again pushes Net phone tapping rules ================================================== The United States government is renewing its push for new standards that would make it easier to spy on phone calls made over the Internet. For some time now, the U.S. law enforcement officials have wanted the Federal Communications Commission to rule that the Communications Assistance for Law Enforcement Act (CALEA) applies to phone calls made over the Internet, including transmissions using the Voice over Internet Protocol (VoIP). CALEA, which was passed in 1994, generally requires telecom firms to build surveillance capabilities into their networks, but exempts information services, most notably the Internet. If the FCC were to issue such a ruling, Internet service providers, including providers of high-speed broadband connections, would be forced to install spyware in their systems. Last month, the U.S. Federal Bureau of Investigations and the U.S. Department of Justice issued a letter reiterating this stance and calling on the FCC to adopt mandatory rules to force telecommunications companies to install Internet telephony surveillance routines. Privacy advocates and industry leaders are worried about the FBI's efforts, and questions remain as to whether such mandatory rules would actually be effective in capturing criminal conversations. Jim Harper of Privacilla.org called on the FCC to "ignore pleas about national security and sophisticated criminals because sophisticated parties will use noncompliant VoIP, available open source and offshore. CALEA for VoIP will only be good for busting small-time bookies, small-time potheads and other nincompoops." Critics have also suggested that CALEA specifically excludes the Internet from its coverage and that surveillance tools to spy on Internet phone calls could be used for unnecessary government spying on other types of Internet transmissions, such as surfed webpages and private email messages. See Declan McCullagh, "Feds seek wiretap access via VoIP," CNET News, 8 January 2004 at http://news.com.com/2102-7352_3-5137344.html ============================================================== [18] Verisign to help create Net-based RFID tracking system ============================================================== A new deal between a domain name giant and product code consortium may lead to the creation of a global Internet-based surveillance system. Verisign, which operates the .com and .net Internet top-level domains, has now been chosen by EPCglobal to operate an Object Naming Service (ONS) as the root directory for a new global tracking network. EPCglobal is a joint venture between companies that is pushing for the widespread adoption of Radio Frequency Identification (RFID) tags. While many details regarding ONS have yet to be worked out, under this system, whenever an RFID-tagged item is scanned, the network would send a query via the Internet to a Verisign directory, to be forwarded along to the manufacturer's computers. The possible widescale introduction of RFID technology has drawn public concern over its potential privacy implications. Some experts fear that this linking of RFID tags to the Internet will worsen these problems and create a situation where consumers' preferences and geographic location could be tracked with ease via the Information Superhighway. Moreover, the announcement of the Verisign-EPCglobal deal provided no indication as to what measures will be taken to prevent the abuse of personal data collected through the new system. For further information, click http://www.unwatched.org/article34.html Read Jack Schofield, "Tagging goes global," The Guardian (UK), 22 January 2004 at http://www.guardian.co.uk/online/story/0,3605,1127806,00.html See also Alorie Gilbert, "Verisign chosen to run RFID network," CNET News, 13 January 2004 at http://news.com.com/2102-1011_3-5140552.html For criticism of RFID tags in general, click http://www.spychips.com/ ============================================================ [19] Limited South Korean mobile phone privacy rules pushed ============================================================ The South Korean government is pushing new mobile phone privacy standards that could stand some improvement. The South Korean Ministry of Information and Communications (MIC) has unveiled new guidelines on how mobile phone companies should handle customer information. While details concerning this plan are still slow to emerge, they apparently would require such companies to delete personal information about subscribers when they switch carriers, including bank account data, email addresses, landline phone numbers, job information and birthdays. However, the rules are limited and would still allow mobile phone service providers to keep some sensitive data such as resident registration numbers and calling details. The retention of personal information concerning mobile phone users has been an issue for sometime now in the East Asian nation. Pressure from various groups, notably the People's Solidarity for Participatory Democracy (PSPD), had previously led at least one major cellular phone provider, KTF, to delete files that contained personal details about 1644 former customers. PSPD spokesperson Han Jae-Jak commented that the MIC plan is a promising development but still contains a number of troubling loopholes, especially for subdivisions and affiliates of mobile phone conglomerates: "I am unsure of how and whether sister companies of the mobile companies will abuse the information they have obtained." Read Kim Tae-gyu, "Mobile Operators Warned Against Abusing Info," Korea Times, 6 January 2004 at http://times.hankooki.com/lpage/biz/200401/kt2004010619361011860.htm ============================================================ [20] Disney policy change may weaken Net users' privacy ============================================================ A major entertainment conglomerate has altered its personal information handling procedures in a way that may have a serious negative impact on the privacy of its Internet customers. The Walt Disney Group has revised its online privacy policy, making it easier for the firm to give out customer data. Under these changes, among other things, Disney can readily share such data between the company's many affiliates, including ESPN, Movies.com and non-Internet subdivisions (such as its amusement parks). In addition, Disney now automatically assumes that new users want all marketing options turned on; customers who disagree must make the affirmative effort to turn those options off. The corporation will also allow third-parties (including non-affiliated companies) to send promotions to Disney users via postal mail. Disney has also signaled through its modified policy that it will collect data about its online customers via outside firms. Although the revised rules took effect last November, many Disney online users had yet to receive notice of the changes nearly two months afterwards. These moves came not long after Yahoo made a number of broadly similar changes to its privacy policy. Yahoo's decision led to an investigation and eventual settlement with the New York State Attorney General, under which the Internet portal giant paid a fine and agreed to give customers 30 days notice before making any further alterations to its privacy rules. See Jim Hu, "Disney shares customer Web data," CNET News, 24 December 2003 at http://news.zdnet.co.uk/internet/ecommerce/0,39020372,39118780,00.htm ==================================================== [21] PCP system may enhance mobile computing privacy ==================================================== Researchers have developed new software that might enhance the privacy of people who use mobile phones and computing devices. The Privacy-Conscious Personalization (PCP) system is designed to give such individuals greater ability to tailor how their personal data is disseminated. One of the chief concerns regarding mobile devices is that they allow users to be tracked geographically, such as by triangulating their signals. Under the PCP system, when someone requests a given user's geographic location, the request is put through a special subroutine that checks within several milliseconds the user's privacy settings and determines automatically whether the requested information will indeed be disclosed and to what extent. According to Bell Labs, which developed the system, PCP would allow field salespeople during working hours to "to have their presence visible to their boss, no matter where they are, but come 5:30 p.m., location sharing with their boss can be disabled. However, a salesperson may enable important customers to see his or her presence at anytime, but only with an accuracy of up to ten miles." Moreover, "this technology enables users to specify which kinds of businesses are allowed to see their location in a particular context." PCP has gained support of a few privacy advocates. Jason Catlett of Junkbusters expressed hopes that the system would "give mobile users the benefits they want from sharing location information without having to buy into a wholesale surveillance mechanism. The fine-grained options, allowing the user to consent to disclosure of location according to place, time and person are important to avoid being monitored 24/7." However, question marks remain as to a number of issues, including whether the technology will provide sufficient privacy protection for mobile phone users without new laws to back it up. To read a Lucent press release on this topic, click http://www.lucent.com/press/0104/040119.nsa.html See "Cell-Phone Tech Maintains Privacy," Associated Press, 19 January 2004 at http://wired.com/news/print/0,1294,61965,00.html ============================================================== [22] British spy laws spur surveillance industry ============================================================== Recent legislation in the United Kingdom that have expanded government surveillance powers may spawn a whole cottage industry of spy-friendly services-a move with murky implications for online privacy. Recently, the British Parliament approved a plan that, among other things, significantly increased the number of organizations that could conduct surveillance under the much-maligned Regulation of Investigatory Powers act (RIP), which mandated telecommunications providers to facilitate police spying. The list of such organizations is not limited to traditional law enforcement agencies, and includes the Charity Commission as well as the Centre for Environment, Fisheries and Aquaculture Science. Since then, a number of companies have sprung up ostensibly to help firms comply with the new legal standards. For example, Singlepoint was founded in the hopes of becoming a clearinghouse for government telecommunications data requests. A spokesperson for the firm admitted: "We saw an opportunity for a business or a facility that could provide secure processing for the data requests that will come out of this legislation." Several groups have expressed concern over these apparent attempts to cash-in on an erosion of personal privacy rights. For one thing, it is still not clear what role companies like Singlepoint will play in attesting to agencies' authorizations for data requests; nor is it clear as to how they would be penalized if they make mistakes. Some of these points are to be clarified (at least in part) via contracts between Singlepoint-type firms, public authorities and communications service providers. For further analysis of this topic, see http://www.chiark.greenend.org.uk/pipermail/ukcrypto/2004-January/030844 .html Read Mark Ward, "Snooping industry set to grow," BBC News Online, 21 January 2004 at http://news.bbc.co.uk/1/hi/technology/3414531.stm ========================================================= ABOUT THE GILC NEWS ALERT: ========================================================= The GILC News Alert is the newsletter of the Global Internet Liberty Campaign, an international coalition of organizations working to protect and enhance online civil liberties and human rights. Organizations are invited to join GILC by contacting us at [log in to unmask] To alert members about threats to cyber liberties, please contact members from your country or send a message to the general GILC address. To submit information about upcoming events, new activist tools and news stories, contact: Christopher Chiu GILC Coordinator American Civil Liberties Union 125 Broad Street, 17th Floor New York, New York 10004 USA Or email: [log in to unmask] More information about GILC members and news is available at http://www.gilc.org You may re-print or redistribute the GILC NEWS ALERT freely. This edition of the GILC Alert will be found on the World Wide Web under http://www.gilc.org/alert/alert81.html To subscribe to the Alert, or to change your subscription options (including unsubscribing), please visit http://mail.2rad.net/mailman/listinfo/gilc-announce ======================================================== PUBLICATION OF THIS NEWSLETTER IS MADE POSSIBLE BY A GRANT FROM THE OPEN SOCIETY INSTITUTE (OSI) ======================================================== _______________________________________________ Gilc-announce mailing list [log in to unmask] http://mail.2rad.net/mailman/listinfo/gilc-announce ************************************************************************************ Distributed through Cyber-Society-Live [CSL]: CSL is a moderated discussion list made up of people who are interested in the interdisciplinary academic study of Cyber Society in all its manifestations.To join the list please visit: http://www.jiscmail.ac.uk/lists/cyber-society-live.html *************************************************************************************