[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

GILC Alert

GILC Alert
Volume 5, Issue 1
February 16, 2001

Welcome to the Global Internet Liberty Campaign Newsletter.

Welcome to GILC Alert, the newsletter of the Global Internet Liberty
Campaign. We are an international organization of groups working for
cyber-liberties, who are determined to preserve civil liberties and human
rights on the Internet.
We hope you find this newsletter interesting, and we very much hope that you
will avail yourselves of the action items in future issues.
If you are a part of an organization that would be interested in joining
GILC, please contact us at <gilc@gilc.org>.
If you are aware of threats to cyber-liberties that we may not know about,
please contact the GILC members in your country, or contact GILC as a whole.
Please feel free to redistribute this newsletter to appropriate forums.

Free Expression
[1] Big trouble for China's Internet
[2] New US filtering law helps Defense tracking? 
[3] Malaysia gov't battles Net newspaper 
[4] US Congress holds domain name hearings
[5] Yahoo bans controversial Net auctions
[6] New skirmishes in DVD weblinks cases
[7] BT lawsuit: We Own All Links
[8] War over virtual images ban
[9] Internet via TV to be censored?
[10] Middle East Net free speech battles
[11] Pakistani gov't bans Internet use
[12] UK proposal: ISPs as gov't censors
[13] 20 enemies of the Internet

Privacy and Encryption
[14] Nortel's new antiprivacy device
[15] World leaders database hacked
[16] Dutch hearings on global ECHELON spy system
[17] Toysmart to destroy customer database
[18] EBay discards user privacy settings
[19] New British anti-privacy legislation
[20] Travelocity & Egghead security breaches
[21] DoubleClick privacy investigation halted
[22] New security flaw in forwarded email

[23] Upcoming CFP 2001 conference

[1] Big trouble for China's Internet
Over the past few weeks, Chinese Internet users have been beset with a
myriad of new problems, from threats of execution to network outages.

For one thing, Communist China has now instituted harsher measures for
speech activities on the Internet, ranging from fines for online swearing to
the death penalty. These new standards came in a recent ruling from the
country's highest court. Under these guidelines, Communist officials can
executive people who send news or data that "gravely harms the country or
people, or has particularly odious circumstances." Individuals who transmit
information that "causes extremely grave harm to national security or
interests" may face 10 year prison sentences. The ruling failed to define
exactly what types of activities would fall within these categories, which
may allow Chinese government agents tremendous leeway in in silencing and
penalizing dissenters. Indeed, a company in Guangdong province has been
fined after an employee merely used curse words in an online chat room.
These efforts are being backed up with the forced installation of blocking
software in many cybercafes throughout the country, including cities in the
interior such as Chongqing.

In the latest development, Communist agents have tried Huang Qi, the
proprietor of the "Tianwing Missing Persons Website," on charges of
"instigation to subvert state power." Huang had merely posted articles
written by other people regarding the 1989 Tiananmen massacre, the Falun
Gong spiritual movement and other subjects, which are generally forbidden by
government censors. Court access during the trial was so tightly restricted
that neither Huang's family nor foreign diplomats were allowed to attend.
However, Huang's wife said that her husband had been beaten in jail; indeed,
the trial was postponed after Huang collapsed during the proceedings. 

Jan van der Made of Human Rights Watch (a GILC member) noted that Huang Qi's
case "is designed to send a warning to anyone who uses the Internet to
transmit 'sensitive' material." He argued that these and other incidents are
cause for alarm amongst the global community: "It's precisely when serious
violations arise that the human rights dialogues with China should be put to
the test. Are exchanges on human rights confined to polite rhetoric, or will
China's dialogue partners take issue with the treatment of people like Huang

These measures seem to support the findings of a recent report created under
the auspices of the Committee to Protect Journalists (CPJ). In "The Great
Firewall," A. Lin Neumann noted that the growth of the Internet in China has
been hampered by the efforts of Communist apparachiks, who continue to
repress online dissenters: "Ever since the Internet was allowed into China
in 1995, all service has been funneled through government servers whose
administrators capriciously block access to Western news sites, Chinese
dissident sites, Taiwanese newspapers, and other material deemed
objectionable. A powerful Ministry of Information Industry has been created
to regulate Chinese access to the Internet, while the Ministry of State
Security has been assigned to monitor local use of the Internet." As noted
earlier, mainland Chinese officials have also resorted to harsh criminal
penalties because, as one source mentions in the report, "You don't have to
arrest too many people before everyone gets the message. The government here
is very good at intimidation." 

Unfortunately, Chinese Internet users may have even more serious problems to
worry about. A major undersea cable to Shanghai was severed for reasons that
have yet to be determined, thus cutting much of the country off from the
online world. Although telecom workers have made partial repairs, many
Chinese netizens may be stuck offline for weeks. 

For the latest on the Huang Qi trial, visit the Digital Freedom Network
(DFN-a GILC member) website under

See "Chinese website creator goes on trial," BBC News, Feb. 13, 2001 at

See also "China Tries Man for Website," Associated Press, Feb. 13, 2001 at

To read more of Jan Van der Made's comments, visit the Human Rights Watch
webpage under

For the latest on China's Internet outage, read Anita Narayan, "China
Telecom recovers part of damaged U.S.-China cable connection," China Online,
Feb. 12, 2001 at

See also "Chinese cut off from internet," BBC News, Feb. 9, 2001 at

For more on China's new death penalty for web informants, read "Leaking
Chinese Secrets Now Deadly," Associated Press, Jan. 22, 2001 at

For further details on Chinese fines for using curse words on the Internet,
see "Curses! Guangdong firm fined for employee's online swearing," China
Online, Jan. 30, 2001 at

For additional information on new filtering software in Chinese cybercafes,
read "New software censors Web in Chongqing Net cafes," China Online, Feb.
1, 2001 at

To read "The Great Firewall" report on Internet censorship in China, click

[2] New US filtering law benefits Defense tracking?
Why is the United States Department of Defense interested in the web surfing
habits of children?

That's the question being posed after a recent article in the Wall Street
Journal. The article described an apparent collaboration between the Defense
Department and N2H2-a leading manufacturer of Internet filtering software.
Under this arrangement, the company worked with new media marketing firm
Roper Starch Worldwide to sell data about its users, including the online
activities of more than 13 million children. This information was collected
through one of N2H2's products, an Internet blocking program called Bess,
which tracked kids as they journeyed along the Information Superhighway. The
Defense Department then purchased "Class Clicks" reports based on this data.
N2H2 has confirmed that Department subscribed to this service for at least a

After these revelations came out, the Electronic Privacy Information Center
(EPIC-a GILC member) formally requested the Defense Department to provide
more details regarding how it tracks children through the Web. EPIC's Chris
Hoofnagle questioned "what purpose children's Internet browsing habits have
to do with national defense. Whether or not it's permissible for the
government to collect this information about kids, from a policy standpoint
kids have no choice except to use those computers that have filtering
devices attached, and it's inappropriate for marketers to be gathering data
>from this captive market."

This report comes after Congress passed a massive new filtering bill. The
so-called "Children's Internet Protection Act" was included as part of a
Labor-Health and Human Resources funding bill, and combines several
different filtering schemes. Among other things, the law essentially
requires high schools and libraries to include blocking software on all of
their computers. Institutions that refused to do so (or implement policies
to that effect) would lose federal funding. CIPA was approved despite
vehement opposition to this plan from a broad coalition of groups such as
GILC members the American Civil Liberties Union (ACLU), the Electronic
Frontier Foundation (EFF) and the Center for Democracy and Technology (CDT).

Experts worry that this new law, in light of the government kid tracking
scheme, is a severe threat to both free expression and privacy. ACLU staff
attorney Chris Hansen noted that the new plan marked "the first time since
the development of the local, free public library in the 19th century that
the federal government has sought to require censorship in every single town
and hamlet in America." Indeed, several groups, including the American
Library Association (ALA) and the ACLU, are now vowing to sue over the new
measure, claiming that it violates free speech rights that are protected by
the United States Constitution.

These fears were further fueled by a recent report from a leading consumer
magazine that suggests Internet filters are not very effective in preventing
children from accessing controversial content. In this study, Consumer
Reports tested several popular filtering packages, and discovered that
nearly every one of these programs had a blocking failure rate of at least
20%. The one program that AOL's Young Teen, had a significant side effect,
in that it blocked a very large number (63%) of websites with
noncontroversial content. The report also noted the fact that sexually
explicit material appears on only 2 percent of all websites. Based on all of
these findings, Consumer Reports concluded that filtering software "is no
substitute for parental supervision." It seems that many adults agree with
this assessment; a Jupiter Research survey (cited in the Consumer Reports
article) found that most parents (about 70%) have made it a point to be
present when their children surf the Information Superhighway.

To read EPIC's request for information, click

See also Brian Krebs, "Group Want Feds To Disclose Plans For Kids' Net
Data," Newsbytes, Jan. 29, 2001 at

The text of CIPA is posted at

To read an ACLU press release on this subject, visit

To read EFF's comments on CIPA, click

For an ALA press release on this subject, visit

For press coverage of these developments, see "Filters and the First
Amendment," Associated Press, Feb. 8, 2001, at

See also D. Ian Hopper, "ACLU to Fight Internet Filtering," Associated
Press, Dec. 20, 2000 at

To see the Consumer Reports filtering study, read "Digital chaperones for
kids," Consumer Reports, March 2001, at

See also 
[3] Malaysia bans Malaysiakini.com journalists 
Malaysian authorities are apparently trying to shut down an award-winning
newspaper due to its critical reporting on government policies.

Officials have blocked writers from Malaysiakini (also known as Malaysia
Now) out of press conferences and numerous gatherings. The decision was
apparently prompted by the publication's extensive coverage and scrutiny of
Malaysian Prime Minister, Mahatir Mohammed. Curiously, Deputy Prime Minister
Chor Chee Heung said that Malaysiakini correspondents were rightfully kept
out of these events because they lacked official press licenses-a charge
that starkly contrasts with past promises by the government that it would
not censor Internet news agencies and their activities. Other observers have
suggested that the government's moves were partly due to reports that the
e-newspaper received funding from foreign sources who had previously been
the targets of Mahatir in his speeches.

Malaysiakini editors seemed unfazed by these restrictions. Co-founder Steven
Gan said that these moves were clear evidence that the "government is wary
of our journalists going to functions and daring to ask tough questions. We
are going to test the boundaries of this one and continue attending
government functions. They will have to kick us out."

See "Malaysia Bans News Site," Associated Press, Feb. 5, 2001 at

[4] US Congress holds domain name hearings
Lawmakers in the United States are voicing concern over a controversial
organization responsible for administering the domain name system.

Subcommittees of both the United States House of Representatives and Senate
recently held hearings about domain name policy. These sessions were held
partly to address concerns by many leading experts that the Internet
Corporation for Assigned Names and Numbers (ICANN) was unfair when it
tentatively approved only seven new Top-Level Domains. Some of these
difficulties were voiced in a letter issued by a coalition of scholars and
cyber-rights groups, including the Internet Democracy Project, a joint
initiative by GILC members the Electronic Privacy Information Center (EPIC),
Computer Professionals for Social Responsibility and the American Civil
Liberties Union (ACLU). The letter's creators argued that artificial
limitations placed on the number of generic top-level domain names, such as
".com," and ".org," present a serious threat to freedom of expression. The
groups also say that the closed process imposed by both ICANN and the U.S.
Commerce Department violates the Due Process clause of the U.S. Constitution
and the Federal Administrative Procedures Act (APA).

At the House hearing, several politicians expressed concern that the domain
name body was unresponsive to the needs of the Internet community.
Representative John Dingell worried aloud that ICANN was essentially
undemocratic and "not accountable to anyone except God Almighty."  Another
Congressman, Charles Pickering, feared that ICANN procedures might become a
Constitution of the Internet and said that there was a need for "immediate
reform." Meanwhile, the chairman of the subcommittee, Fred Upton, said that
in his mind, "legitimate questions have been raised by several of our
witnesses about the fairness of the application and selection process." 

Similar concerns were raised at a later Senate hearing. Senator Conrad
Burns, the subcommittee chairman, said that his "greatest fear" was that
"the administration of the Internet will be changed in foolish, even
disastrous ways while very few people are watching." In addition, Sen.
Barbara Boxer attacked current registrar policies, saying that they did not
provide sufficient protection for the privacy of individual domain name
holders against stalkers. Both Burns and Upton have hinted that additional
hearings regarding ICANN activities may soon be held.

An audio recording of the House hearing is available under

To read the Internet Democracy Project letter, visit 

For further background information, click

For press coverage of the House event, see Ariana Eunjung Cha, "Losers,
Lawmakers Worked Up Over Internet Suffixes," Washington Post, Feb. 9, 2001,
page E3 at

Read Anick Jesdanun, "Internet Board Defends Name Choices," Associated
Press, Feb. 8, 2001 at

For German language press coverage, read Monika Ermert, "Neue
Internet-Domains: Augen zu und durch..." Heise Online, Feb. 8, 2001 at

For press coverage of the Senate hearing, read "Senate to Scrutinize ICANN
More Closely," Reuters, Feb. 14, 2001 at

See also Juliana Gruenwald, "Senators Promise More Scrutiny of ICANN,"
Interactive Week, Feb. 14, 2001 at

For German language coverage of the Senate hearing, read Monika Ermert,
"ICANN-'single point of failure' des Internet," Heise Online, Feb. 15, 2001

[5] Yahoo bans controversial Net auctions
Free speech advocates are livid after a major web portal decided to block
Internet users from accessing a number of auction sites.

Yahoo is now blocking access to websites that offer items that, in its
judgment, somehow "promote or glorify hatred or violence." Yahoo said that
its ban is unrelated to a recent French court ruling that required the
company to block French Internet users from accessing the webpages in the
United States that allowed auctions of Nazi memorabilia. The ruling was made
pursuant to French laws that generally prohibit such goods from even being
advertised, much less sold. If Yahoo fails to comply, it will have to pay
fines amounting to US $13,000 per day. 

Despite the ruling, it was unclear whether the decision was enforceable in
the U.S. Yahoo had initially sued in an American court to forestall
enforcement of the French court judgment. However, the winners in the French
court case have now moved to block Yahoo by getting a similar ruling in the
United States. Curiously, Yahoo has decided to start blocking Internet users
anyhow, even though these legal battles have yet to be resolved. 

Many experts fear that these developments may undermine free speech in
cyberspace. For one thing, numerous studies have shown that filtering
software is error prone and often blocks out otherwise uncontroversial
speech. Even in instances when Nazi sites are targeted, observers worry that
such items as German history textbooks will be suppressed. Interestingly,
Yahoo had advanced these same arguments months ago as part of its legal
defense; a Yahoo spokesperson tacitly admitted that the company's new
program of self-censorship was "not foolproof." Yet despite these programs,
similar efforts are underway in other areas of the Internet; the German
Constitutional Protection Office is now seeking restrictions on Napster
file-swapping software because the program could theoretically be used to
transfer hate-oriented files.

For the latest details, see Steven Bonisteel, "French Group Moves To Quash
Yahoo Lawsuit In US," Newsbytes, Feb. 8, 2001 at

See also "French Sue Yahoo, Again," Reuters, Jan. 22, 2001 at 

Read Troy Wolverton and Erich Luening, "Will Yahoo's ban on auctioned Nazi
items work?" CNet News, Jan. 3, 2001 at

See also Jean Eaglesham, "Yahoo bans hate propaganda," Financial Times, Jan.
3, 2001 at 

For more on German efforts to restrict Napster, see Tony Smith, "Napster
partner urged to curb Nazi song swaps," The Register (UK), Dec. 20, 2000 at

For further details on Yahoo's countersuit, read Jim Hu, "Yahoo: Auctions
immune from French laws," CNet News, Dec. 21, 2000 at

For more information on these latest moves in French, see the following item
>from Imaginons un Reseau Internet Solidaire (IRIS-a GILC member) at

More French language information is available via

[6] New skirmishes in DVD weblinks cases
The court battles continue over entertainment industry attempts to ban
information regarding a controversial DVD-related computer program.

The case revolves around DeCSS--a primitive computer program to help users
of the Linux operating system play DVDs on their computers. The
entertainment industry, through the DVD Content Control Association (DVD
CCA) and the Motion Picture Association of America (MPAA), had sued in both
New York and California to prevent Internet users from linking to websites
that have DeCSS. Many experts fear that these actions may stifle free
expression in cyberspace.

Since then, the California Supreme Court held that at least one of the
defendants, Matthew Pavlovich, could not be held liable due to
jurisdictional problems. Cyberliberties advocates applauded the court's
decision. "The [California] Supreme Court has re-affirmed the principle that
you don't lose your Constitutional due process rights when you enter
cyberspace," stated Allonn Levy, who is defending Pavlovich in cooperation
with the Electronic Frontier Foundation (EFF-a GILC member). Similarly, EFF
staff attorney Robin Gross described the court order as "proof that
perseverance is required to preserve liberty when litigating these issues." 

Meanwhile, in the New York case, EFF is appealing the trial court's ruling,
which banned journalists from providing information about DeCSS information
on their website. In its court papers, EFF attorneys argued that trial
court's decisions created "upside-down structure" that reached "far beyond
the bounds of copyright law, threatening liability for members of the media,
scientific speakers and fair users, all of whom have traditionally enjoyed
broad First Amendment protection for their speech." Similar sentiments were
expressed by several other groups, including fellow GILC members the
American Civil Liberties Union (ACLU) and the Electronic Privacy Information
Center (EPIC), who submitted a brief that, among other things, compared
weblinks to "digital footnotes" and warned that banning such links would
violate free speech rights.

EFF's brief in the New York case is available via

The ACLU's brief in the New York case is posted (in PDF format) under

For press coverage of the New York case, see Lisa M. Bowman, "Nothing says
free speech like posting DVD-hacking code," ZDNet News, Jan. 26, 2001 at

Read Brad King, "Copyright: Your Right or Theirs?" Wired News, Jan. 19, 2001

The California Supreme Court order is posted at

See Evan Hansen, "DeCSS case runs into Calif. Roadblock," ZDNet News, Dec.
15, 2000 at 

[7] BT lawsuit: We Own All Links
A major telecommunications giant is claiming that it invented weblinks and
that members of the Internet community should pay the company for the
privilege of using this technology. 

British Telecom has filed a lawsuit against Prodigy, an Internet Service
Provider that counts several million Americans as customers. That seems to
be the message being sent by British Telecom (BT). The company alleges that
it possesses intellectual property rights over all links based on a patent
it filed in the 1970s (which was granted in 1989). A BT spokesperson crowed
that the firm "patented the principle of the hyperlink in the mid-70s when
people were still wearing kipper ties and flares." The communications giant
is now demanding licensing fees from Prodigy; if BT wins this test case,
experts believe that the company will go after other targets along the
Information Superhighway in its quest for royalties.

These claims come despite several apparent flaws in BT's arguments. Among
other things, the language contained in the cited patent (no. 4,873,662) is
extremely vague, and might be used to describe virtually any type of network
file transfer, including processes that British Telecom had no hand in
inventing. Moreover, it is unclear just why BT waited for decades to assert
its purported intellectual property rights. This argument was buttressed by
a recently unearthed video of Stanford researchers' demonstration of
weblinks that was apparently filmed in 1968-several years before BT said it
invented the technology. Finally, many experts believe there are strong
public policy reasons to disregard BT's claim because of its potentially
destructive impact on Internet free expression. 

Read Tim Richardson, "Prodigy to fight BT's 'shameless' hyperlinks patent
lawsuit," The Register (UK), Dec. 15, 2000 at

See also Tim Richardson, "Film evidence challenges BT's claim to hypertext
patent," The Register (UK), Sept. 15, 2000 at

[8] War over virtual images ban
========================================================== Should
computerized images that are mere figments of the imagination be banned?

That's the question that the United States Supreme Court is set to answer.
The case involves the so-called Child Pornography Protection Act (CPPA),
includes a strict ban on any image that even "appears to be" or "conveys the
impression" of someone under 18 engaged in sexually explicit conduct. This
ban still applies in instances where no model was used and the given picture
was completely fictitious. 

Not surprisingly, the CPPA has drawn heavy fire from free speech advocates,
who have argued that law essentially punishes thought. Nadine Strossen,
president of the American Civil Liberties Union (ACLU-a GILC member), warned
that the statute "shifts the focus away from protecting actual children from
actual harm in the production process and looks at potential harm that might
result because of the mental impact of the images on the mind of the viewer.
The reasoning that the viewer might have a bad idea and might go out and
commit a bad act would be an end to free speech. Anything that we see or
read might drive somebody to commit an anti-social act. Indeed, everything
>from literary classics to the Bible have had that effect."

After the CPPA was passed, a lower Federal appeals court ruled that the Act
violated the right to freedom of expression. The court seemed particularly
troubled by the fact that under the CPPA, "[i]mages that are, or can be,
entirely the product of the mind are criminalized. ... While the government
is given greater leeway in regulating child pornography, materials or
depictions of sexual conduct 'which do not involve live performance or
photographic or other visual reproduction of live performances, retain[s]
First Amendment protection.'" However, the Supreme Court subsequently agreed
to hear an appeal of the case. Oral arguments in Reno v. Free Speech
Coalition are slated for fall 2001.

Meanwhile, this debate over the criminalization of virtual images has
started to take international dimensions. A provision within a new proposed
Council of Europe cybercrime convention contains language similar to the
challenged CPPA, which may lead signatory nations to ban material that
depicts people who merely appear to be having in sexually explicit conduct
with a minor, including "realistic images" which "may include morphed images
of natural persons." Oddly enough, the official explanatory memorandum that
accompanies this draft treaty boldly states: "It is not relevant whether the
conduct depicted is real or simulated." The convention had already received
heavy criticism from many privacy advocates.

To see video and a transcript of Ms. Strossen's comments, see "Technology
and Pornography," ABC News Nightline (US), Feb. 12, 2001 at

See "Real Porn, Fake Porn," CBS News, Jan. 22, 2001 at

The lower appeals court decision can seen at

To see the latest version (draft 25) of the Council of Europe cybercrime
treaty, click

To see the explanatory memorandum for the CoE treaty, visit

To read a recent GILC letter regarding the Council of Europe cybercrime
treaty, visit
[9] Internet via TV to be censored?
Grownups who access the web through new television broadcast technology may
only be able to see content suitable for children.

That's according to current plans from Wavexpress and iBlast. The two
companies are working to allow Internet access via television signals. This
is done by enlisting local television station affiliates to send and receive
Internet transmissions. However, there are concerns whether the content that
is provided through these new systems will have to conform with regulations
in the United States that apply to TV programs, which generally restrict
what can be said or seen on-air (such as explicit music lyrics). Rather than
challenge these regulations and determine whether they apply to the
Internet, the firms have decided to conform with the television-based
restrictions. According to one iBlast spokesperson, "There hasn't been
anything on the books to deal with the bits, and whether those individual
bits fall under regulations. The safest thing for us is to follow the
broadcast standards." 

This decision came despite past court decisions suggesting that the free
speech on the Internet deserves the same level of protection given to
traditional forms of expression such as books or pamphlets. The issue is
likely to become more important as other similar technologies (such as the
DirectTV satellite based system, which includes embedded Web-type content)
become popular.

See Brad King, "TV-Distributed Web to Be PG-13," Wired News, Feb. 7, 2001 at

[10] New Middle East Net free speech battles
========================================================== From around the
Middle East, people are struggling to use the Internet as a way to voice
their opinions freely.

In Egypt, the state Ministry of Culture banned three novels for their
allegedly obscene content. The move was apparently prompted by religious
fundamentalists, who were incensed by any mention of such subjects as
drinking and homosexuality. Aggrieved literati then responded by posting at
least one of these books, Tawfik Abdul Rahman's "Before and After," on the
World Wide Web. Similarly, other individuals who are threatened with
censorship, such as Cairo Times publisher Hisham Qassem, have
counterattacked with threats of their own to publish their works on the
Information Superhighway. However, there are now fears that the same
censorship schemes that the Egyptian government applied to books and other
traditional means of expression may now be applied to the Internet. As
scholar Ferial Ghazoul explained about free speech in general, "It is
worrisome, because there is a kind of campaign by the Minister of Culture to
undermine certain kinds of literature on the grounds that it is against
public morality. Once you allow something like this to happen, how do you
back down? They are playing with fire." 
Indeed, Saudi Arabian officials have now blocked their citizens from
visiting SafeWeb--a special portal that uses encryption technology to allow
private individuals users to surf the Internet The reason? As one Saudi
Internet user stated, "I have been able to use SafeWeb to access the many
sites that have been blocked by my government, such as chat rooms and
international news sites." Interestingly, SafeWeb CEO Stephen Hsu has taken
this decision almost as a badge of honor: "When we set out to build the
SafeWeb technology, we quickly realized the socially transformative effects
it could have on closed societies like China, Iran and Saudi Arabia. We have
been working to develop technology to fight censorship and promote freedom
of expression and a significant portion of our traffic is coming from highly
regulated countries. We are pleased to see that our efforts are beginning to
make a difference in the international community." The firm is now
developing technology to circumvent Saudi-type blocking schemes.

However, several Middle Eastern nations have gone beyond mere technology to
restrict Internet use. Turkish officials have even gone so far as to arrest
children merely for being inside Internet cafes. According to reports,
government agents have warned kids not to re-enter such establishments,
using such bizarre pronouncements as "We want you to become people who do
some good for the state; we want to see you in nice places, not bad ones."

For more on developments in Egypt, see Sarah Gauch, "Egypt halts printing of
books, but they're on the Web," Christian Science Monitor, Jan. 29, 2001 at

Read Jayson Matthews, "SafeWeb Doubles Usage, Blocked By Saudis,"
Internet.com, Dec. 19, 2000 at

See also "Turkish Children Arrested in Internet cafes," Reuters, Jan. 9,
2001 at

For German language information about the arrests of Turkish children, read
"Türkische Kinder im Internetcafe verhaftet," ZDNet Deutschland, Jan. 10,
2001 at

[11] Pakistani gov't bans Internet use
========================================================== Here's a way to
stop newsleaks-institute a complete ban on Internet use.

That's apparently the approach being taken by the leaders of Pakistan, which
has outlawed government use of the Internet. When asked for an explanation,
a government spokesperson was seemingly unable to come up with concrete
examples of where Internet use actually had caused significant harm, and
could only provide suppositions and mere theories: "The logic behind the ban
was to restrict flow of unauthorised information. There is a possibility
that some information which the government does not want to make public,
could reach some undesirable person or an organisation through e-mail, chat
or data-transfer facility." 

Meanwhile, this move already has had some serious side effects. The new
measure has had a particularly negative impact on scientists, many of whom
have found themselves cut off from the outside world. As one affected user
noted, "Many of us were left with no option but to acquire an Internet
connection out of our own pocket. We, the researchers and scientists, wonder
the government 'strategy' to restrict the flow of information. It was also
against the spirit of government's own policy to provide Internet and e-mail
facility in as many as 296 cities of the country. On one hand the government
was spending an amount of Rs 5 billion on the development of IT sector with
a view to promoting computer culture which certainly cannot be materialised
without involving all government departments in this regard."
Read Mubashir Zaidi, "Pakistan Govt bans use of Internet," Hindustan Times,
Dec. 21, 2000 at

[12] UK proposal: ISPs as gov't censors
The British government has withdrawn plans that might have forced Internet
service providers (ISPs) to engage in censorship on the state's behalf.

The proposals originally had surfaced in response to the Kilshaw case, where
two children had been given up for adoption via the Internet to two
different sets of parents. Afterwards, British health minister John Hutton
issued a threatening letter to the United Kingdom's Internet Service
Provider Association, suggesting that they could be held legally liable for
such questionable content. The letter further warned that if service
providers did not take appropriate measures "they are committing an offence
and may face prosecution."

Hutton's apparent ultimatum led to a storm of protest from many members of
the UK Internet community, who feared that ISPs would have to act as
government agents and screen the activities of private Internet users, for
fear of lawsuits. Subsequently, Hutton retreated from the strong language in
his prior statement. In a radio interview, he conceded: "We are not saying
to all the UK ISPs that they must go away now and check all the material on
their servers, that would be completely unreasonable and we are not

Read Patrick Butles, "U-Turn on adoption website crackdown," The Guardian
(UK), Jan. 22, 2001 at

The text of Hutton's letter is posted at

New US online music bills?

[13] 20 enemies of the Internet
========================================================== Reporters Sans
Frontieres has issued a new report that lists twenty countries as "real
enemies" of the Internet. The group cited these nations for restricting
their citizens' access to the Internet, and for stifling free expression.

The study revealed that in many nations, such as Turkmenistan, the most
common restriction was requiring Internet users "to subscribe to a state-run
Internet Service Provider (ISP)." Other countries allow access only in
certain cities, or charge prohibitively expensive usage fees. The penalties
can be very harsh, and often include imprisonment as well as heavy fines, as
evidenced by several high profile cases in China, Cuba and Sierra Leone and
Cuba. Along with these nations, this year's list included Iraq, North Korea,
Vietnam, Azerbaijan, Kazakhstan, Kirghizia, Tajikistan, Belarus, Burma,
Iran, Libya, Saudi Arabia, Sudan, Syria, Tunisia and Uzbekistan.

RSF called on the governments of these countries to "abolish the state
monopoly on internet access and, where appropriate, stop controlling private
ISPs, cancel the obligation for citizens to register with the government
before obtaining internet access, abolish censorship through the use of
filters, and stop blocking access to certain sites maintained by foreign
servers, protect the confidentiality of internet exchanges, particularly by
lifting controls on electronic mail," and "call off the legal proceedings
undertaken against internet users who have done no more than exercise their
right to freedom of expression."

To read the full report, click

[14] Nortel's new antiprivacy device
Is it truly necessary to build spyware into computer networks to help
advertisers and service providers track people through the Internet?

That's what consumer advocates are asking after Nortel Networks, the
telecommunications manufacturer, announced a new "Personal Internet"
initiative. This plan, which includes both hardware and software, would
allow numerous companies (including advertisers, Internet service providers
and others) not only to track computer users through the Information
Superhighway, but to figure out their real names and addresses. This
information, in turn, could be cross-linked to credit card records and other
such databases. The manufacturer is hoping its inventions will allow
advertisers to target their blitzes at consumers with the help of ISPs.
Indeed, Nortel marketing vice-president Selina Lo crowed that this
technology "allows ISPs to capture a user. Your ISP knows about you: they
know who you are, they know your address, they know your preferences. Any
kind of personalization that is targeted at you would be best done at that

Privacy advocates are alarmed by the invasive nature of this project. Jason
Catlett of Junkbusters.com compared this service to having "the Post Office
looking into your mail in order to decide what kind of junk to send you.
This is a disturbing development, to find a supplier of Internet
infrastructure touting its surveillance capabilities. For most people, the
idea that their ISP is watching where they go is unacceptable." Moreover,
experts have pointed out that unlike other tracking technologies such as
cookies (which can be blocked by the user), private individuals have
virtually no way to avoid Nortel's tracking schemes, short of switching
ISPs. Yet despite these thorny problems, several major companies, including
Yahoo and Lycos, are already testing Nortel's new tracking technology
through their websites. 

Read Sascha Segan, "They Know Where You Live," ABCNews.com (US), Jan. 30,
2001 at 

See also "Nortel unveils Web tracking technology," Associated Press, Jan.
31, 2001 at

See also Scott Morrison, "Nortel to enable web tracking," Financial Times,
Jan. 30, 2001 at

[15] World leaders database hacked
A database that contained sensitive personal information about many of the
world's leaders has suffered a serious security breach.

The list of victims read like a who's who of global politicians, including
former United States President Bill Clinton, South African President, Thabo
Mbeki, and former U.S. Secretary of State Madeleine Albright. The database
contained data on participants of the recent World Economic Forum in Davos,
Switzerland. The equivalent of some 80,000 pages of information were taken,
which included such tidbits as credit-card information, cell-phone numbers
and passport data. A Forum spokesperson said the intruders managed collect
details on nearly 1400 attendees. 

The incident has heightened concerns over whether governments around the
world have done enough to protect Internet privacy. Ironically, many of the
affected leaders had opposed various measures to protect the rights of
citizens online (such as widespread dissemination of encryption software).
Indeed, while the Davos Forum featured roadblocks, barbed-wire barricades
and other measures against terrorists, considerable doubts have been raised
about whether the same level of protection was provided against hackers.

Read William Drozdiak, "Database Hacked at Davos Forum," Washington Post,
Feb. 6, 2001, page E1, at

[16] Dutch hearings on global ECHELON spy system
The Dutch government has apparently confirmed the existence of a
super-secret spying network, and lawmakers are hoping to find more details.

These moves are centered around ECHELON, a highly classified system designed
to intercept communications from around the world. ECHELON is reportedly
operated by the US National Security Agency (NSA), in conjunction with
several other intelligence agencies, including Great Britain's Government
Communications Headquarters (GCHQ), and Australia's Defence Signals
Directorate (DSD). According to experts, ECHELON is capable of intercepting
e-mail messages, faxes, telephone conversations.

After years of denying the existence of ECHELON, the Dutch government issued
a letter stating that although it "does not have official confirmation of
the existence of Echelon by the governments related to this system, it
thinks it is plausible this network exists. The government believes not only
the governments associated with Echelon are able to intercept communication
systems, but that it is an activity of the investigative authorities and
intelligence services of many countries with governments of different
political signature."

These revelations worried Dutch legislators, who had convened a special
hearing on the subject. During the hearing, several experts, including
representatives from GILC members Bits of Freedom and Jansen & Janssen,
argued that there must be tougher oversight of government surveillance
activities. There was also considerable criticism of Dutch government
efforts to protect individual privacy, particularly the fact that no
information had been made available relating to Dutch intelligence service's
investigation of possible ECHELON abuses.

Read Jelle van Buuren, "Hearing On Echelon In Dutch Parliament," Heise
Telepolis, Jan. 23, 2001 at

See also Jelle van Buuren, "Dutch Government Says Echelon Exists," Heise
Telepolis, Jan. 20, 2001 at

[17] Toysmart to destroy customer database
Here's a way to protect the privacy of netizens: destroy the files that have
been compiled on them.

That's the apparent solution in the case of Toysmart.com. The failed
retailer had planned to sell 250,000 files that included customers' credit
card numbers, as well as their names and addresses. This move seems to
contradict Toysmart's own privacy policy, which said that the company would
never sell such data. Afterwards, the United States Federal Trade Commission
(FTC) sued the dot-com for deceptive trade practices. However, the FTC
abruptly settled with Toysmart, allowing the bankrupt e-tailer to sell most
of its customer files, under certain conditions. These conditions include
destroying data collected from Internet users who were 13 years old or

Unsatisfied with this result, nearly 38 states stepped in to block the deal.
Eventually, a further compromise was reached. Under the latest agreement
(which was approved by the presiding Federal judge), Buena Vista Internet
Company (a Walt Disney subsidiary) would pay US $50000 to Toysmart, and the
bankrupt dot-com would destroy the list, after all claims against Toysmart
were settled. Toysmart executives would have to submit a sworn affidavit
detailing how the personal information database was destroyed. The money
paid by Buena Vista would then be portioned out to the dot-com's creditors.

Read Brian Krebs, "Mass. Judge Says Toysmart Can Destroy Customer List,"
Newsbytes, Jan. 30, 2001 at

See also D. Ian Hopper, "Toysmart Database to Be Destroyed," Associated
Press, Jan. 10, 2001 at

[18] EBay discards user privacy settings
Does EBay really care about consumer privacy?

That's what people are asking the online auctioneer changed the customer
profiles of some 6 million customers. According to reports, a bug in EBay's
sign-up system altered several default settings for user registration
purposes. Among the many changes were answers to questions like "Do you want
to receive calls from telemarketers?" Though the default answer was supposed
to be "yes," the bug modified this setting to "no." Though many new users
apparently were happy to be free of extra advertisements, EBay decided to
change their settings back to "yes." An EBay spokesperson claimed that the
company provided notice and a 14 day period for customers to object.  

However, EBay's decision to change user preferences to let telemarketers
call customers has generated considerable outrage. One customer seemed to
suggest that EBay's supposed attempts to contact users were less than
effective: "Someone has decided to arbitrarily unselect my preference to not
get called by eBay telemarketers! I can't find the words to describe how
amazed I am at the boldness of the people responsible for this." Richard M.
Smith of the Privacy Foundation chided EBay, saying that the company's
latest action "stretches credibility" and that it was "not a nice thing. I
don't see how it's an error that they simply chose 'no' as a default. If
there was an error, it was the company's." 
See Ben Charny, "eBay switches some customer privacy settings," CNet News,
Jan. 9, 2001 at http://news.cnet.com/news/0-1007-201-4423010-0.html

[19] New British anti-privacy legislation
The British government has introduced more legislation that may greatly
erode privacy online.

The Criminal Justice and Police Bill comes just after Parliament had
approved the controversial Regulation of Investigatory Powers (RIP) Act. The
RIP bill requires all Internet traffic in the UK to be sent through a
division of the M.I.5-the chief investigatory agency of the British
government. The new law also authorizes more government agencies to conduct
electronic surveillance. The bill expands the types of data that can be
intercepted, including "traffic data" such as passwords and lists of visited
websites. Finally, the proposal forces cybernauts to either provide
encryption keys to the police when requested, or prove in court that they
don't have such keys. RIP continues to be derided a broad coalition of
groups, including cyberliberties advocates and computing firms. More
recently, British Internet service providers have attacked government
investigators for requiring them to waste vast amounts of money and
resources just to catering to law enforcement wiretapping requests.

For more on the Criminal Justice and Police bill, read Michelle Delio,
"Privacy Battle Brews in England," Wired News, Jan. 23, 2001 at

To find out more on British corporate complaints regarding law enforcement
RIP requests, see Michelle Delio, "ISPs 'RIP' Into British Police," Wired
News, Jan. 19, 2001 at

See also Jean Eagleshame, "Internet companies hit at police ignorance of
e-mail," Financial Times, Jan. 16, 2001 at

[20] Travelocity & Egghead security breaches
Several prominent e-tailers inadvertently exposed personal information on
thousands of computer users.

Travelocity, which handles online air travel and hotel bookings, has
admitted that data regarding nearly 45 000 of its customers was exposed on
its website. The collected information included such items as names, home
and e-mail addresses as well as telephone numbers. According to company
executive Jim Marsicano, the files should have been deleted as part of
routine security measures, but for some reason they were left out in the
open. The firm is now in the process of notifying possible victims by

Meanwhile, an intruder managed to break into the customer database of
software seller Egghead. Initially, the company feared that some 3.7 million
credit card numbers had been stolen, prompting it to call in the United
States Federal Bureau of Investigations. Subsequent internal investigations
have suggested that the intruder might not have extracted credit card
numbers from the database; nevertheless, the incident has renewed public
concerns that dot-coms are not doing enough to protect consumer privacy.  

For more on the Travelocity situation, read "Travelocity Admits Security
Lapse on Web Site," Associated Press, Jan. 24, 2001 at

See also Troy Wolverton, "Travelocity exposes customer information," CNet
News, Jan. 22, 2001 at

Further information regarding the Egghead security breach is available from
Robert Lemos, "Egghead says hacker didn't get access to cards," CNet News,
Jan. 8, 2001 at

[21] DoubleClick privacy investigation halted
Federal regulators in the United States have abruptly stopped investigating
an Internet advertising firm that may have violated the privacy of some 90
million American households.

DoubleClick, which provides banner ads to many websites, had already
admitted to
tracking viewers through the Internet. It apparently placed digital
identification numbers in files known as "cookies" on a user's hard drive,
which it matches with name and address information that has been collected
by its partners. About a year ago, DoubleClick expressed its intention to
match this data with more extensive information contained in millions of
files maintained by its merger partner Abacus Direct. When DoubleClick
Abacus Direct, it said it would not engage in this form of computer

These moves had led to lawsuits and fierce criticism. In a belated attempt
to quiet these fears, DoubleClick revised its policies so that customers can
"opt-out" of the tracking system. However, many observers, including Marc
Rotenberg of the Electronic Privacy Information Center (EPIC-a GILC member),
believed that these latest moves would do very little to protect personal
information concerning individuals in cyberspace.

Soon afterwards, officials from the US Federal Trade Commission began to
investigate whether DoubleClick had improperly handled customer data.
However, after months of effort, FTC official Joel Winston issued a letter
announcing that the inquiry was over. To the astonishment of privacy
advocates, Winston held that "DoubleClick never used or disclosed"
personally identifiable data "for purposes other than those disclosed in its
privacy policy." Meanwhile, DoubleClick has continued to post its
cookie-based advertisements on the Internet; to date, the number of websites
with DoubleClick ads stands at over 1500.

See "Doubleclick Probe Over," Associated Press, Jan. 23, 2001 at

[22] New security flaw in forwarded email
========================================================== Watch out if you
forward email messages. Thanks to a newly discovered security flaw, you may
be sending your comments to unintended recipients.

This flaw allows people to spy on readers who receive specially tagged
messages. By using special programs written in Javascript language, a
would-be wiretapper can lace a given e-mail transmission with special codes.
If this e-mail is forwarded, the wiretapper can find out any comments from
the person who forwards the message. This technique works with which appears
in many commonly used e-mail programs, including Microsoft Outlook and
Netscape 6, but does not seem to affect users of Eudora or AOL mail systems.

Privacy advocates have raised red flags over this development. Richard M.
Smith of the Privacy Foundation mentioned that this technology "could prove
particularly enticing in a negotiation to learn what the other side is
really thinking. It could conceivably be used to harvest thousands of email
addresses as a message is forwarded around the world. I even tested an email
wiretap with a friend who is a congressional staffer. You can imagine the
possibilities." Observers have pointed to a past British court ruling that
held insurance giant Norwich Union liable for defamation against its rival
Western Providence for messages that were sent through Norwich's internal
e-mail system. As a partial solution, concerned users can disable Javascript
implementation on their e-mail programs.

To read a Privacy Foundation tipsheet on this subject, see

See also Mark Ward, "When sending is spying," BBC News Online, Feb. 6, 2001

For further information in German, read Ernst Corinth, "Email is watching
you!" Heise Telepolis, Feb. 7, 2001 at

[23] Upcoming CFP 2001 conference
========================================================== The Computers
Freedom and Privacy 2001 conference will take place March 6-9 in Cambridge,
Massachusetts. Topics for discussion include a number of issues regarding
free speech in cyberspace, including the extent to which trademark and other
intellectual property laws should be applied to the Internet. There will
also be sessions regarding international aspects, such as the Council of
Europe cybercrime treaty and new initiatives from the G8 nations.

Two events are scheduled to coincide with these sessions. On March 7,
Privacy International (a GILC member) will present the US Big Brother Awards
to the government and private sector organizations that have done the most
to invade personal privacy in United States. Specifically, four "Orwells"
will be presented in the categories of worst Government Official/Most
Heinous Government Organization, Most invasive company, Most Appalling
Project, Lifetime Menace. "Winston" awards will also be given to groups and
individuals who have made exemplary efforts to protect against intrusive
behavior. Later, on March 8, the Electronic Frontier Foundation (EFF-a GILC
member) will present the Tenth Annual Pioneer Awards. These prizes are
dedicated to innovators who are expanding knowledge, freedom, efficiency,
and utility in the information technology world. 
The official CFP 2001 website is located at

To find out more on the Big Brother Awards, or to submit a nomination, visit

Additional details on EFF's Pioneer Awards are available via

The GILC News Alert is the newsletter of the Global Internet Liberty
Campaign, an international coalition of organizations working to protect and
enhance online civil liberties and human rights.  Organizations are invited
to join GILC by contacting us at

To alert members about threats to cyber liberties, please contact members
>from your country or send a message to the general GILC address.

To submit information about upcoming events, new activist tools and news
stories, contact:

Christopher Chiu
GILC Coordinator
American Civil Liberties Union
125 Broad Street, 17th Floor
New York, New York 10004

Or email:

More information about GILC members and news is available at

You may re-print or redistribute the GILC NEWS ALERT freely.

To subscribe to the alert, please send e-mail to

with the following message in the body:
subscribe gilc-announce