[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] (Fwd) GILC Alert

------- Forwarded message follows -------
From:           	Chris Chiu <CCHIU@aclu.org>
To:             	"GILC announce (E-mail)" <gilc-announce@gilc.org>
Subject:        	GILC Alert
Date sent:      	Tue, 19 Dec 2000 10:44:19 -0500

GILC Alert
Volume 4, Issue 10
December 19, 2000

Welcome to the Global Internet Liberty Campaign Newsletter.

Welcome to GILC Alert, the newsletter of the Global Internet Liberty
Campaign. We are an international organization of groups working for
cyber-liberties, who are determined to preserve civil liberties and
human rights on the Internet. We hope you find this newsletter
interesting, and we very much hope that you will avail yourselves of
the action items in future issues. If you are a part of an
organization that would be interested in joining GILC, please contact
us at <gilc@gilc.org>. If you are aware of threats to cyber-liberties
that we may not know about, please contact the GILC members in your
country, or contact GILC as a whole. Please feel free to redistribute
this newsletter to appropriate forums.

Free Expression
[1] Mainland China restricts Net news
[2] Only 7 new domain names approved
[3] French court ruling boosts blocking
[4] New Australian net censorship rules
[5] US court rulings support anonymous Net speakers
[6] Indian portal case threatens online speech
[7] Yahoo's new "inspector" hurts free expression
[8] US candidate sites blocked by filters

Privacy and Encryption
[9] US gov't conducts blackbag net tapping break-ins
[10] Carnivore spyware report criticized 
[11] UK plan: keep everyone's emails for 7 yrs 
[12] Euro anti-privacy "cybercrime" treaty drafted
[13] New Zealand gov't pushes cybertapping plan
[14] IBM backs controversial data-profiling plan
[15] Yahoo unveils crypto email service
[16] UK workplace Net surveillance woes
[17] Airline wants IDs of protest site's visitors
[18] Study: US Internet users want privacy safeguards
[19] Nightclub biometric card privacy problems

[20] New GILC member: Privacy Ukraine

[1] Mainland China's new Net censorship rules
In its fight against online democracy activists, Mainland China trying
several new approaches that may include Western technology.

Chinese officials have launched a special Golden Shield Project, which
will include web surveillance cameras in public places and
registration files on every man, woman and child in the country. The
idea is to help government agents shut down demonstrations or other
such activity with greater speed. The Project will also include
filtering software to find and block out politically taboo messages
along the Information Superhighway. What is notable about this
endeavor is that several major Western companies, including Cisco, Sun
Microsystems and Nortel Networks are marketing their products and
expertise to Communist Chinese leaders for use within the Golden

Besides these measures, Beijing has also announced new heavy
restrictions on Internet news reporting. Under these rules, private
websites cannot publish "news" unless they first get approval from
Communist officials. After receiving the blessing of the government,
these websites still cannot report the news themselves, but generally
must use content provided by state-run news agencies under special
contracts. Even after jumping over these hurdles, the operators of
these webpages must hire a cadre of experts to oversee their
operations-experts who essentially would have to come from government
owned news bureaus.

Human rights groups and free speech advocates have voiced fears that
these developments will severely curtail online expression, and have
expressed considerable dismay over the apparent willingness of Western
firms to cooperate with Chinese censors. Judy M. Chen of Human Rights
in China said that "the full potential of the Internet to contribute
to China's political and social development needs to be fostered by
strong and principled adherence to agreed global standards of human
rights - freedom of expression and information. Companies which claim
to support such values should, at the very least, demonstrate their
unwillingness to be associated with the use of technology for
repression by avoiding selling such equipment to the security services
in China."

The Digital Freedom Network (DFN-a GILC member) posted Ms. Chen's
comments under http://dfn.org/focus/china/multinationals.htm

Read Martin Fackler, "The Great Fire Wall of China?" Associated Press,
Nov. 8, 2000 at

See also "China targets 'enemies' on net," BBC News, Nov. 7, 2000 at
708.st m

[2] Only 7 new domain names approved
Will we soon see many new Internet domain names, including .health,
.union and so forth? Not exactly.

That is according to the Internet Corporation for Assigned Names and
Numbers (ICANN). ICANN, which is charged with handling the Internet
domain name system, decided to approve only 7 new domain names: .biz,
.pro, .coop, .museum, .aero, .name, and .info. The decision came
despite increasing evidence that desirable space in current domain
names like .com and .org was quickly disappearing, and the opinions of
numerous technologists that perhaps millions of new domain names could
be introduced without a significant threat to Internet stability.
Moreover, the application process itself was apparently hamstrung by
ICANN's self-described "very stringent criteria," which included a
$50,000 nonrefundable application fee-a fee that seemed to discourage
many potential proposals to benefit private individuals and
noncommercial groups (such as .humanrights).

ICANN's refusal to approve these new domain names has sparked
considerable protests, particularly from failed applicants. Duncan
Pruett of the International Confederation of Free Trade Unions (ICFTU)
lamented ICANN's refusal to back his organizations' proposal from
.union, and said that "the ICANN Board's suggestion that the ICFTU,
whose affiliates include 216 national trade union centres from all
over the world, is not representative of the global trade union
community is astonishing. While some board members had certainly done
their homework, others seemed to do little justice to proposals which
represent large investments of time and money." Similarly, the World
Health Organization, whose application for .health was also rejected,
said that it was "extremely disappointed with this outcome" and that
it would "begin immediately to explore ways of recourse."

Meanwhile, ICANN is also facing criticism over its decision to conduct
a "clean-sheet" study regarding its internal structures and
procedures. Many experts fear that this study may lead to the end of
ICANN public elections and cause the organization to become even less
democratic than before.

An official ICANN press release on the introduction of new Top-Level
domains is located at

An ICFTU press release on ICANN's rejection of .union is available at

For more on the WHO's response to ICANN's domain name decision, see

For comments from the American Civil Liberties Union (ACLU-a GILC
member) regarding this process, click

For further analysis, read Ben Charny, "Did ICANN help the rich get
richer?" ZDNet News, Nov. 17, 2000 at

See also Mark Ward, "New net domains remain in short supply," BBC News
Online, Nov. 21, 2000 at

For further background information, visit

[3] French court ruling boosts blocking
A French court ruling against a major web portal company could have a
serious detrimental impact on Internet free speech.

Yahoo was recently sued for allowing auctions of Nazi memorabilia on
its site in the United States. The suit was made pursuant to French
laws that generally prohibit such goods from even being advertised,
much less sold. The court ruled against Yahoo and required the company
to block French Internet users from accessing the webpages in question
within three months. If Yahoo fails to comply, it will have to pay
fines amounting to US $13,000 per day. 

The ruling has generated criticism from a number of experts. In a
press release, Imaginons un réseau Internet solidaire (IRIS-a French
GILC member) argued that the court's decision was distressing because
it imposed filtering on the basis of French citizenship (supposedly
deduced from the ISP's IP number) or on the basis of a mere
declaration of citizenship. Moreover, IRIS contended that the ruling
even went beyond the bounds of French law, which does permit people to
view such materials.

Similarly, Alan Davidson of the Center for Democracy and Technology
(CDT-a GILC member) said that the ruling "would lead to a
lowest-common-denominator world where the most restrictive rules of
any country would govern all speech on the Internet. What happens when
the government of China decides to prosecute a human rights group in
the U.S. for publishing dissident materials that are legal here but
illegal there?"

Since the decision, Yahoo has stated that it will defy the court
ruling on jurisdictional grounds. The firm also insisted compliance
with the court's edict would be impossible because current computer
programs to block questionable Internet content are not effective.
However, there is now a similar push to block Yahoo sites in Germany,
where prosecutors are planning to sue the corporation for allowing the
sale of Hitler's "Mein Kampf" to German citizens, which is forbidden
under German law.

An English-language translation of the decisions is posted at

IRIS's press release (in French) is posted at

More information on developments in Germany is available from Steve
Kettmann, "German Hate Law: No Denying It," Wired News, Dec. 15, 2000
at http://www.wired.com/news/print/0,1294,40669,00.html

Read Simon Johanson, "Toben says he won't return for German trial,"
The Age (Australia), Dec. 13, 2000 at

See also Steve Gold, "Germany Landmark Nazi Ruling," Newsbytes, Dec.
12, 2000 at http://www.newsbytes.com/news/00/159301.html

For more on Yahoo's refusal to abide by the French court ruling, see
"Yahoo! Will Ignore Ban," CBS News, Nov. 20, 2000 at
http://cbsnews.com/now/story/0,1597,250927-412,00.shtml See also
Pierre-Antoine Souchard, "France Calls for Net 'Zoning'," Associated
Press, Nov. 21, 2000 at

[4] New Australian net censorship rules
Cyberliberties groups are warning that new South Australian rules may
have a chilling effect on Internet expression.

While details are sketchy, the South Australian Attorney-General,
Trevor Griffin said that the bill would "make it illegal to make
available online matter which would be illegal if left in a public
place offline." However, the legislation would apparently include
criteria that had previously been used for films and video tapes,
which are more restrictive than those applicable to books, pamphlets
and other printed materials. Furthermore, the proposal may make it
illegal simply to make sexually explicit material available via the
Internet, even if it is legal to distribute such materials to adults
by regular mail throughout Australia. Hence, experts are suggesting
that these rules would in fact ban material online that is legal
offline, contrary to Mr. Griffin's assertions. The SA State
legislation is apparently intended to complement and enforce
Commonwealth legislation, which became effective on 1 January 2000 and
similarly censors material online that can legally be published and
distributed offline. 

Not surprisingly, free speech advocates have fiercely resisted this
plan. Electronic Frontiers Australia (EFA-a GILC member) issued a
statement arguing that "parents are better placed than Governments to
determine whether a problem exists with their child's use of the
Internet." Indeed, the group noted that potentially far-reaching
impact the proposal would have, and said that "The physical location
of Internet content is a matter of little relevance. A content
provider in any Australian State or Territory can have content hosted
elsewhere in Australia or any other country." In the end, EFA held
that such "legislative attempts to regulate content on the Internet
should be abandoned." 

See EFA's coverage of this issue by visiting

Read Megan McAuliffe, "South Australian government censors Net," ZDNet
Australia, Nov. 9, 2000

[5] US court rulings support anonymous Net speakers
Several recent court rulings may help protect the anonymity of
speakers online.

In one of these cases, Melvin v. Doe, a Pennsylvania jurist, Joan Orie
Melvin, tried to discover the identity of her online critics as part
of a defamation lawsuit.  State court Judge R. Stanton Wettick Jr.
ruled that "anonymous Internet speakers, unlike the national media,
are vulnerable because they lack power or money. Without anonymity,
speakers will be less willing to express controversial positions
because of fears of reprisal." He held that the identity of defendant
may not be disclosed until that person has had an opportunity to prove
that the defamation lawsuit is groundless. Ann Beeson of the American
Civil Liberties Union (ACLU-a GILC member), who was a part of the
litigation team, noted the importance of this ruling, explaining that
"[u]ntil today, a public official or employer claiming defamation
could get a court to disclose the name of an anonymous Web author
simply by filing a lawsuit." 

Similarly, in New Jersey, Dendrite International sued four anonymous
Internet users (including two purported employees) for their
statements about the company. New Jersey Superior Court Judge Kenneth
C. MacKenzie denied Dendrite's request to unmask these speakers.
Subsequently, Paul Levy of Public Citizen (which intervened in the
case) praised the decision: "By setting forth strict evidentiary
standards for compelled identification, and then showing that these
standards can produce real protection for anonymity, this decision is
a tremendous victory for free speech." 

For an ACLU press release regarding the Melvin decision, click

For more on the New Jersey decision, read Martin Stone, "Judge
Protects Web-Posters' Anonymity," Newsbytes, Nov. 30, 2000 at

[6] Indian portal case threatens online speech
Should a person be held responsible for questionable Internet content
that is located on another person's website?

That is the question being posed by an upcoming criminal trial against
the proprietors of an Indian search engine. The case arose when a law
student complained that Rediff.com allowed access to pornographic
material. Subsequent police inquiry revealed that the website did not
create or contain any such files, and acted as a normal general
purpose portal for all types of Internet content. Nevertheless, Judge
S. Bhosie claimed that search engines ought to incorporate filters to
block out objectionable sites, and ordered that Rediff directors be
put on trial. The defendants could be sentenced to two years in

Bhosie apparently disregarded arguments made by numerous experts that
filtering software programs are flawed and block out many types of
valuable Internet speech, including sites that have no adult content
whatsoever. A Rediff spokesperson held that "[e]ven God cannot alter
the way a search engine works. Either you ban Indian sites from using
search engines, which is a ridiculous idea, or you live with the fact
that any Indian user will be able to access porn sites."

Read Manu Joseph, "Porn a Thorn for Indian Portal," Wired News, Dec.
4, 2000 at http://www.wired.com/news/print/0,1294,40432,00.html

[7] Yahoo's new "inspector" hurts free expression
One of the world's most popular websites is launching a new program
that may severely curtail Internet expression.

A Yahoo executive admitted that the firm will hire a special
"inspector" to monitor its Messenger system for questionable content.
Martina King, the managing director of Yahoo in the United Kingdom,
said that her company is working with law enforcement officials as
part of this project. Under this plan, if the inspector discovers
certain types of "unacceptable use," the police will be notified and
joint operations will be carried out to silence or prosecute the
offender. Oddly enough, she even said that if these officials suggest
Yahoo should shutdown its chat rooms as a proper way to deal with the
purported problems of adult material, she would carry it out, as part
of "a zero-tolerance strategy."

King has further suggested that Yahoo may require computer users to
register using credit card information, then transfer this data along
to the police. It is unclear what effect these measures will have on
Internet privacy as well as freedom of expression.

Read Richard Barry & Wendy McAuliffe, "Yahoo! vows to stop
pedophiles," ZDNet News, Nov. 24, 2000 at

[8] US candidate sites blocked by filters
A number of American politicians are thinking twice about the supposed
virtues of Internet filtering software.

This comes after the websites of several government office seekers
were blocked by such programs as CyberPatrol. Jeffery Pollock, a
conservative Christian candidate for the United States House of
Representatives, said that he "was quite baffled" when his election
homepage was shutout. Pollock had previously stated that "We should
demand that all public schools and libraries install and configure
Internet Filters." He later commented, "Now to find out that a lot of
schools may have filtered out my Web site is very disturbing to me." 

Indeed, these concerns were bolstered by a recent study by Peacefire
(a GILC member) and NetElection.org. Entitled "Blind Ballots: Web
Sites of U.S. Political Candidates Censored by Censorware," this
report showed that together, filtering software packages such as
CyberPatrol and N2H2 Bess censored dozens of websites, including the
homepages of several prominent incumbent elected officials. The report
concluded that "[w]hile blocking software companies often justify
their errors by pointing out that they are quickly corrected, this
does not help any of the candidates listed above. Their campaigns have
been sabotaged in our public schools and libraries, and corrections
made after Election Day do not help them at all."

The joint Peacefire/NetElection.org "Blind Ballots" study is available
under http://peacefire.org/blind-ballots/

See Lisa M. Bowman, "Filtering programs block candidate sites," ZDNet
News, Nov. 8, 2000 at

[9] US gov't conducts blackbag net tapping break-ins 
Privacy advocates are alarmed over revelations that United States law
enforcement officials have conducted secret break-ins to steal
passwords, encryption keys and other types of sensitive
computer-related information. 

Previously, US government officials had sought new laws that would
allow them to conduct these so-called "blackbag" jobs. These proposals
came in the form of both stand alone bills (such as the Cyberspace
Electronic Security Act) and provisions within other pieces of
legislation (including a recent anti-Methamphetamine plan). Despite
the fact that these proposals never did become law, recent court
documents reveal that government officials have now gone ahead and
conducted at least one break-in. Operatives from the Federal Bureau of
Investigation (FBI) got a court's permission to surreptitiously enter
a private building and use "recovery methods which will capture the
necessary key-related information and encrypted [computer] files."
While neither the FBI nor Federal prosecutors have been forthcoming
with information about the break-in, reports indicated that government
agents installed a keystroke-capture device so that they could
intercept virtually anything that was typed into a particular
computer, including password information.

It is unclear at this point how many other buildings have been invaded
by Federal agents or whether all of the targets of such break-ins were
actually criminals at all. David Sobel of the Electronic Privacy
Information Center (EPIC-a GILC member) worries: "If we're now talking
about expanding (black bag jobs) to every case in which the government
has an interest where the subject is using a computer and encryption,
the number of break-ins is going to skyrocket. Break-ins are going to
become commonplace." 

The court order is available at

The FBI's prior application is located under

Read Declan McCullagh, "FBI Hacks Alleged Mobster," Wired News, Dec.
6, 2000 at http://www.wired.com/news/print/0,1294,40541,00.html

See also George Anastasia, "Scarfo case could test cyber-spying
tactic," Philadelphia Inquirer, Dec. 5, 2000, at

For more on the Cyberspace Electronic Security Act, visit

For background information on the anti-Methamphetamine bill, read the
following press release on this subject from the American Civil
Liberties Union (ACLU-a GILC member):

[10] Carnivore spyware report criticized
Controversy continues to grow over a US government spyware program.

The device, known as Carnivore, is attached to the server of a given
Internet service provider. It intercepts all Internet transmissions
that come through the server, then parses out pertinent material,
based on chosen keywords. The US Department of Justice (DoJ) has
confirmed that Carnivore can monitor private e-mail messages as well
as activity on the World Wide Web and in chat rooms. The US Federal
Bureau of Investigations (FBI) then decides which particular
communications it believes it is entitled to review.

After considerable public outcry, the US government commissioned an
"independent" review panel to see whether Carnivore complies with
Federal wiretapping laws, which, however, contained a large number of
White House insiders, including a former Clinton information policy
advisor, and a former Justice Department official. In a draft report,
the panel ignored questions about the constitutionality of Carnivore
and did not conduct a number of key tests due to an apparent lack of
resources. Despite the apparent failure of the team to address these
root issues, and despite confirming reports that "Carnivore can
collect everything that passes by on the Ethernet segment to which it
is collected," the panel somehow concluded that the system "protects
privacy and enables lawful surveillance better than alternatives." The
report also contained curiously condescending language saying that
"the public, service providers and privacy advocates ... do not
understand how electronic surveillance works."

The report was savaged by many organizations. In formal comments
submitted to the DoJ, the American Civil Liberties Union (ACLU-a GILC
member) mentioned that "[w]hen the 'independent review' ... was
announced, we expressed substantial reservations about both the
independence of the reviewers and the proposed scope of their review.
... Having now read the report, which we note was itself redacted and
subject to the sanitizing authority of the Justice Department, our
concerns have been reinforced." Among other things, the ACLU pointed
out that "despite repeated assertions to the contrary from the FBI,
the report concludes that Carnivore has no effective auditing function
that would expose and prevent abuses." Moreover, while "the review
team recommends against the immediate public release of Carnivore
source code, out of the fear that Internet users will use the
information to exploit its weaknesses," the ACLU argued that "[t]his
fear is belied by the detailed descriptions (contained within the
report) of numerous Carnivore flaws." 

In short, as David Sobel from the Electronic Privacy Information
Center (EPIC-a GILC member) pointed out in his comments to the DoJ,
"Despite FBI claims that the review has vindicated Carnivore, it has
actually validated many of the privacy concerns that have been voiced
by the public and members of Congress. Internet users won't find much
comfort in the review team's report. Private communications are very
much at risk."

The Final version of the Carnivore review team report is available (in
PDF Format) under

To see EPIC's collection of Carnivore FOIA documents, click

The ACLU's comments on the review team draft report are available
under http://www.aclu.org/news/2000/carnivore_comments.html

EPIC's comments on the review team draft report are posted at

A critique of the IITRI report by a special panel of experts
(including Matt Blaze, Steven Bellovin and others) can be seen at

See D. Ian Hopper, "'Carnivore' Report Questioned," Associated Press,
Nov. 22, 2000 at

See also Brian Krebs, "Senate Judiciary Committee Keeps Pressure On
FBI's Carnivore," Newsbytes, Nov. 28, 2000 at

[11] UK plan: keep everyone's emails for 7 yrs
Here's an idea to stop cybercrime: let the government collect and read
all email messages sent along the network, then keep those messages
for several years at a time.

That's apparently the plan being considered by the British Home
Office. Several law enforcement agencies in the United Kingdom
(including M.I.5, M.I.6 and others) are seeking laws to record every
email and phone call made (as well as every webpage accessed) in the
nation and retain the records for 7 years. Implementation of this
"data warehouse" scheme is expected to cost several million pounds.
The proposal was revealed in a restricted document written by Roger
Gaspar of the British National Intelligence Service on behalf of
several groups, including Great Britain's Government Communications
Headquarters (GCHQ). GCHQ in the past has been linked with ECHELON, a
super-secret system designed to intercept communications from around
the world that principally operated by the US National Security Agency

These revelations have ignited a firestorm of criticism. Opposition
party leader Lord Cope stated that he and many other people "are
sympathetic to the need for greater powers to fight modern types of
crime. But vast banks of information on every member of the public can
quickly slip into the world of Big Brother." Indeed, a number of
observers believe that the plan would violate numerous international
accords, including the Human Rights Act and the European Union data
privacy directive. Not surprisingly, the office of the European Data
Protection Commissioner has said it has "grave concerns" about the
entire project. Additionally, John Wadham from the National Council
for Civil Liberties (Liberty-a GILC member) warned that if the
proposal is approved, "we will challenge this in the courts in this
country and the European court of human rights." 

Read Kamal Ahmed, "Secret plan to spy on all British phone calls," The
Observer, Dec. 3, 2000 at

The original proposal paper is available online under

For more of John Wadham's remarks, see Richard Norton-Taylor, "Spies
seek access to phone, email and net links," The Guardian, Dec. 4, 2000
at http://www.guardian.co.uk/uk_news/story/0,3604,406439,00.html

[12] Euro anti-privacy treaty receives backlash
Controversy continues to swirl around a new version of a proposed
cybercrime convention, which privacy advocates say will allow massive
government surveillance online.

Among other things, this new draft of a Council of Europe proposal
would have signatory countries enact laws that might make it easier
for government agents to search computers and conduct real-time
surveillance on private citizens through telecommunications networks.
The convention includes provisions which may allow law enforcement
officials greater access to many types of personal security
information, such as encryption keys. Additionally, the scheme could
make Internet service providers (ISPs) liable for their customers'
content, and may lead ISPs to monitor and retain records on customer
activities. Furthermore, the draft treaty mandates signatories to
create new harsh penalties for copyright infringement. 

Minor changes were made to the convention partly in response to a
previous Global Internet Liberty Campaign statement, which had
condemned an earlier draft of the treaty. Subsequently, the Campaign
said in a second letter that "To our dismay and alarm, the convention
continues to be a document that threatens the rights of the individual
while extending the powers of police authorities, creates a
low-barrier protection of rights uniformly across borders, and ignores
highly-regarded data protection principles. Although some changes have
been made ... we remain dissatisfied with the substance of the
convention. We question the validity of the process that still endures
a closed environment and secrecy." In addition, many companies have
expressed anxiety because they fear they will burdened with high
installation costs. This has apparently already happened in the
Netherlands, where Dutch Internet service providers (ISPs) have passed
along the costs to ordinary computer users by raising access fees by
up to 25%. Yet despite these apparent problems, similar
anti-cybercrime proposals are sprouting up around the world, from Hong
Kong to Germany. 

To read the latest draft (no. 24 rev. 2) of the treaty, click

The GILC letter in response to version 24-2 of the cybercrime
convention is posted at

For a German translation, of this statement, click

A French translation is available at

To see the first GILC statement, click

For the latest press coverage on this subject, see Mark Ward,
"Cybercrime treaty condemned," BBC News Online, Dec. 18, 2000 at

"Cybercrime pact steps on privacy, groups say," Reuters, Dec. 14, 2000

Read Robert Lemos, "Cybercrime treaty still doesn't cut it," ZDNet
News, Dec. 13, 2000 at

For a special dossier of cybercrime materials created by Imaginons un
Reseau Internet Solidaire (IRIS-a GILC member), visit

For additional background information, visit the Center for Democracy
and Technology website under

For more on the plight of Dutch ISPs, see Joris Evers, "Dutch ISPs to
Pass Along Cybercrime Costs," IDG News, Dec. 4, 2000 at

For more on the Hong Kong government's new cybercrime plans, see Adam
Creed, "Hong Kong Govt Proposes New Laws To Tackle Cyber Crime,"
Newsbytes, Dec. 4, 2000 at

For more on recent German plans for Internet surveillance, read Rick
Perera, "German Officials Warn of Net 'Big Brother'," IDG News, Dec.
6, 2000 at

[13] New Zealand gov't unveils cybertapping plan
A recent New Zealand government proposal may significantly erode
online privacy.

The Crimes Amendment Bill would apparently allow law enforcement
agents to secretly break into the computers of unsuspecting users.
Under the proposal, individuals could be forced to divulge their
passwords or hand over their encryption keys to the government. In
addition, Internet service providers and other communications
companies may have to build spyware into their networks to fulfill the
requirements of New Zealand security forces. Observers have noted
similarities between this scheme and similar measures adopted in other
countries, such as the British Regulation of Investigatory Powers Act
(RIP) and the United States Communications Assistance for Law
Enforcement Act (CALEA).

While the plan is supposedly meant to deter cybercrime, critics claim
that the Bill is really designed to expand police surveillance powers
on a massive scale. To wit, New Zealand's Information Minister Paul
Swain, claimed that he had been given "an absolute assurance that
law-abiding citizens who are not involved in criminal activity have
nothing to fear from this legislation." However, it is not clear just
what specific language would safeguard citizens from unnecessarily
intrusive government behavior.

Not surprisingly, the Bill has run into considerable opposition. Keith
Locke, a member of New Zealand's Parliament, called the legislation
"draconian" and is supporting a petition drive to keep law enforcement
officials from intercepting email transmissions. He also called on
fellow politicians to extend the comment period for the proposal
(which currently ends on February 9), saying that the "Internet is
abuzz with protest" and that the short timeframe for submissions may
prevent these dissenting voices from being heard.

For more on the Crime Amendment Bill, see Nicky Hager, "International
co-operation in internet surveillance," Heise Telepolis, Nov. 22, 2000
at http://www.heise.de/tp/english/special/enfo/4306/1.html

For more of Keith Locke's comments, read Adam Creed, "New Zealand MP
Unhappy With Anti-Hacking Bill Process," Newsbytes, Nov. 30, 2000 at

[14] IBM backs controversial data-profiling plan
Several major corporations are formulating a new computerized database
system that critics say will have an adverse impact on individual

IBM, MicroStrategy Inc., First Union Corp. and several other companies
are pushing a Customer Profile Exchange standard that will allow large
companies to more easily transfer data files on ordinary citizens.
These files will not be restricted merely to names, email addresses
and telephone numbers; they will include such details as passport
numbers, national identifiers, taxpayer identifications numbers,
marital status, hobbies, occupations, and even smoking habits. The
system will be completely automated, so that all of these tidbits can
be reduced to an XML formatted file and sent on to countless companies
at the click of a button.  

Privacy groups have expressed dismay at these developments, which they
say could allow large scale corporate tracking of individuals, as well
as invite fraud by creating a massive database that may then become a
huge target for criminals. Lauren Gelman from the Electronic Frontier
Foundation (EFF-a GILC member) noted that the dearth of strong privacy
regulations that could prevent such intrusive behavior. "There are no
standards for what they can and cannot do. The privacy protection is
not something you can build into a system designed to ease the
exchange of information."

Indeed, a number of prominent lawmakers have raised red flags over the
new plan. Senator Richard Shelby wrote a letter to the head of the
United States Federal Trade Commission (FTC), saying that though the
IBM proposal "is intended to enhance commercial activity, I am
troubled that insufficient attention has been given to the negative
ramifications that the use of this exchange will have on the privacy
of American consumers. When this standard is put in practice, the
personal information of hundreds of millions of Americans will be
readily and widely available." He called for the FTC to investigate
the potential privacy problems that the new database system might

Senator Shelby's remarks are posted at

See also Robert O'Harrow Jr., "Internet Firms Act to Ease Sharing of
Personal Data," Washington Post, Dec. 5, 2000, page E1 at

[15] Yahoo unveils crypto email service
One of the world's largest search engine companies will soon offer
encrypted email service.

To do this, Yahoo has teamed up with Zixit Corporation to add an
encryption function into its free email software. Under this system,
users who receive encoded transmissions will receive special
notifications. The recipients would then click links contained within
the notification messages to read the underlying encrypted emails, via
securedelivery.com, which is run by Zixit. However, Yahoo has already
informed potential applicants that "this is not an end-to-end secure
service." Specifically, email messages sent under this plan are only
encrypted after they travel from users' computers to Yahoo's servers.
The entire system should be operational sometime within the next few

Yahoo's new encrypted web-based email program is just one of several
emerging technologies that are just now becoming available to
consumers. Several weeks ago, Hush Communications and Cyber-Rights &
Cyber-Liberties UK (a GILC member) joined forces to create a free
service, Cyber-Rights.Net, which allows users to send and receive
email that is encrypted and secured from end-to-end, assuming both the
recipient and the sender use Hushmail on their computers. Because the
system is web-based, registrants can utilize Cyber-Rights.Net from any
location in the world that has Internet access. Cyber-Rights.Net is
part of a campaign against the controversial British Regulation of
Investigatory Powers Act (RIP) 2000, which passed into law this past
October and has been heavily criticized by privacy advocates.

Read Dick Kelsey, "Yahoo Intros Encrypted E-mail Delivery," Newsbytes,
Nov. 29, 2000 at http://www.newsbytes.com/news/00/158750.html

See Paul Festa, "Yahoo! delivers encrypted email," CNet News, Nov. 29,
2000 at http://news.cnet.com/news/0-1005-200-3901784.html

The Cyber-Rights.net homepage is located at

[16] UK workplace Net surveillance woes
New questions have arisen over the extent to which British bosses can
monitor their workers online.

These questions come after the British Parliament enacted the
much-maligned Regulation of Investigatory Powers Act (RIP), which many
people feel will enable government agents to conduct wide scale
searches into the activities of private Internet users. The Act
includes language stating that employers have a legal right to monitor
their workers. Since then, the British Data Protection Commission has
issued a draft code that would place restrictions on this supposed
right, including fines against firms that violate the code. Yet
despite these restraints, a Commission spokesperson claimed that they
did not contradict the language of RIP.

This series of events has led to considerable confusion. The British
Chamber of Commerce is now arguing that companies should ban all
non-business use of their email systems to avoid liability under the
code.  By contrast, a Data Protection Commission spokesman suggested
that corporations "should look at the real risks and introduce
solutions that are least intrusive." It is not known whether the draft
will be revised to further protect the privacy of employees before it
is scheduled to become law in the spring. 

Read Will Knight, "Could employers ban personal email?" ZDNet UK, Nov.
28, 2000 at http://www.zdnet.co.uk/news/2000/47/ns-19354.html

See also Jane Wakefield, "Cable company sacks six for email 'misuse',"
ZDNet UK, Nov. 29, 2000 at

[17] Airline wants IDs of protest site's visitors
A major US air carrier is trying to discover personal information
about its online critics.

United Airlines is seeking to identify visitors to
www.the-mechanic.com, which purportedly was popular with union member
employees. United had previously gone to court and won a restraining
order that banned its mechanics from taking part in certain
labor-related job actions (such as strikes). However, the company went
further by getting a subpoena for data regarding 30 or so people who
had posted messages on the message board of the aforementioned site.
It tried to justify its action by claiming that merely expressing
views through the Internet was tantamount to engaging in the sort of
job actions that were banned in the restraining order. In the words of
United spokesperson Andy Plews, "It is clear the temporary restraining
order is not being complied with."

Dennis Sanderson, who runs www.the-mechanic.com, vehemently objected
to these suggestions from airline officials, and noted the
intimidating nature of United's court maneuvers: "The objective of the
whole thing is to shut the Web site down. I'm no constitutional
lawyer, but don't people have a right to disagree with corporate
management?" For his part, Sanderson not only denied taking part in
any job action, but said he had no official role in the union that
represents United's mechanics and had not received any sport from the

See Marilyn Adams & David Field, "United Seeks Identities of Web
Site's Users," USA Today, Nov. 28, 2000 at

[18] Study: US Internet users want privacy safeguards
Many American Internet users would like to see stronger protection of
their privacy online rights.

That is the apparent conclusion of a recent study entitled "Public
Records and the Responsible Use of Information." In this report, a
whopping 88% of respondents said that they are at least "somewhat
concerned" about the possibility that their personal data may be
abused. 84% of those polled were against the online display of public
records that contain personal information.  Over 60% of the users
would be willing to pass along such information, but only if the
entity seeking this data asked their permission first-a process known
as opt-in.

Alan Westin, a professor at Columbia University and the primary author
of this report, suggested that these results show Americans are
willing back new proposals that would create a baseline for privacy
rights. "It would be very reassuring to the American public to have
the right kind of framework legislation for (privacy on) the
Internet." While several privacy bills were introduced this past year
but were not approved, the apparent rise of public support for new
privacy rules may spur new privacy proposals in the coming months.

Read David McGuire, "Americans Cautiously Willing To Share Info
Online-Study," Newsbytes, Nov. 30, 2000 at 

See also Brian Krebs, "Privacy, Info Reliability Key Issues For
Internet Users," Newsbytes, Nov. 30, 2000 at

[19] Nightclub biometric card privacy problems
========================================================== Privacy
advocates are concerned about new biometric identification cards that
are being issued by European discotheques.

These cards contain sensitive personal information including the
holder's fingerprints, as well as the number of times the holder has
been to a particular club. The technology is in part used for
identification purposes; individuals can use these cards to log on to
the Internet, enter clubs, and even acquire everyday items such as
beverages. However, the system also apparently allows nightspot owners
and other interested parties to track users both in clubs and online.
Indeed, a spokesperson for Interstrat ICT Group, one of the system's
creators, boasted that "[d]ue to the stored biometrics, the card is a
'powerful' and extremely 'fair' entrance control tool." 

Many experts are worried that these cards will have a damaging effect
on individual privacy. Indeed, it is unclear whether this system
conforms with European Union data privacy directives. Yet despite
these difficulties, Interstrat is hoping to expand the system into
other countries, including the United States.

Read Jennifer Askin, "Cyber Bouncer," ABCNews.com (US), Nov. 30, 2000
rs0011 30.html

[20] New GILC member: Privacy Ukraine
The Global Internet Liberty Campaign recently welcomed a new member:
Privacy Ukraine. 

Founded in 1999, this non-profit organization is a strong advocate of
privacy rights and free expression throughout the former Soviet
republic. The group has successfully launched a special project
entitled "Assistance to the development of right to privacy in
Ukraine." This initiative has fostered greater government deference to
the privacy values, and has been involved with the revision and
presentation of an alternative draft Ukrainian Data Protection
directive. The project has also created a Ukrainian-language
international privacy law sourcebook. In the past, Privacy Ukraine has
actively cooperated with the Parliament Committee on Legal Policy, the
State Telecommunication Committee, the Ministry of Justice, Council of
Europe Data Protection Unit. It has also collaborated with several
other GILC member organizations, including Privacy International, the
Electronic Privacy Information Center (EPIC), Cyber-Rights &
Cyber-Liberties UK.

Privacy Ukraine can be contacted by e-mail via

The GILC News Alert is the newsletter of the Global Internet Liberty
Campaign, an international coalition of organizations working to
protect and enhance online civil liberties and human rights. 
Organizations are invited to join GILC by contacting us at

To alert members about threats to cyber liberties, please contact
members from your country or send a message to the general GILC

To submit information about upcoming events, new activist tools and
news stories, contact:

Christopher Chiu
GILC Coordinator
American Civil Liberties Union
125 Broad Street, 17th Floor
New York, New York 10004

Or email:

More information about GILC members and news is available at

You may re-print or redistribute the GILC NEWS ALERT freely.

To subscribe to the alert, please send e-mail to

with the following message in the body:
subscribe gilc-announce

------- End of forwarded message -------