[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(Fwd) GILC Alert




------- Forwarded message follows -------
From:           	Chris Chiu <CCHIU@aclu.org>
To:             	"GILC announce (E-mail)" <gilc-announce@gilc.org>
Subject:        	GILC Alert
Date sent:      	Fri, 4 May 2001 11:17:56 -0400 

GILC Alert
Volume 5, Issue 3
May 4, 2001

Welcome to the Global Internet Liberty Campaign Newsletter.

Welcome to GILC Alert, the newsletter of the Global Internet Liberty
Campaign. We are an international organization of groups working for
cyber-liberties, who are determined to preserve civil liberties and
human rights on the Internet. We hope you find this newsletter
interesting, and we very much hope that you will avail yourselves of
the action items in future issues. If you are a part of an
organization that would be interested in joining GILC, please contact
us at <gilc@gilc.org>. If you are aware of threats to cyber-liberties
that we may not know about, please contact the GILC members in your
country, or contact GILC as a whole. Please feel free to redistribute
this newsletter to appropriate forums.

===============================================
Free expression
[1] Korean censorware plans draw fire
[2] US libraries, schools face blocking deadline
[3] Mainland China jails more Net dissidents
[4] Malaysian news sites face uphill battle
[5] DVD battles rage Down Under and in US
[6] 2TheMart and MeltroniX Net speech cases
[7] Domain name deals spark anger
[8] Anti-fair use standards fail again
[9] Holocaust site flap Down Under
[10] Ford sues over anti-General Motors Net name
[11] Hollywood spies then sues Net speakers
[12] Internet usage worldwide varies heavily
[13] Whistleblower website launched
[14] Australian censor system largely dormant

Privacy
[15] Cybercrime pact lurches forward
[16] iRobots webcams spy on children
[17] Communist China plans Carnivore-type spyware
[18] New British cyberspy agency created
[19] Euro hearing on ECHELON surveillance
[20] US-EU flap over Safe Harbor contracts
[21] Microsoft SmartTags & Hailstorm privacy woes
[22] EBay pulls an Amazon, waters down privacy policy
[23] Biometric software faces privacy & technical woes
[24] EU panel questions Australian privacy laws
[25] DoubleClick suffers security breach
[26] German gov't searches Net music lovers' homes
[27] Privacy surveys reflect public unease
[28] Sales problems for invasive CueCat, TiVo devices
[29] Digital hospital sparks privacy concerns
[30] Upcoming Japan privacy meetings

===============================================
[1] Korean censorware plans draw fire
===============================================
Controversy continues to surround Korean government plans to block
both domestic and overseas websites.

The Korean Ministry of Information and Communication is pushing a
special Internet ordinance that essentially would require blocking
software to be installed in cybercafes and other public computing
facilities. A special Information Communication Ethics Committee
already has drawn up a list of some 119 000 "anti social" sites that
they deem objectionable. This list, which apparently includes numerous
overseas webpages, will soon be provided to software developers for
incorporation within blocking packages. Authorities will also work
with Internet service providers to make sure access to any
questionable webpages will be denied; criminal penalties will be
levied on those who aid and abet access to such sites. However, many
questions about this plan have yet to be answered, including what
criteria will be used to determine which sites should be blocked, or
even the precise pages that have banned.

The measure, which is expected to take effect this July, has drawn
heavy criticism over its potentially damaging impact on freedom of
expression. Some of these concerns were aired in a recent meeting at
the Sejong Cultural Art Center in Seoul; at the event, Chang Yeo Kyung
from Jinbonet argued that the proposal will not protect children, but
will only ensure "that the rights of parents and the public will be
seriously violated." Opponents of the ordinance specifically focused
on how virtually all blocking programs were prone to errors and tended
to block many sites that had no controversial content whatsoever.
These groups are now suing in court in the hopes of striking down the
new restrictions.

See Kim Deok-hyun, "120,000 Internet sites blacklisted," Korea Times,
May 2, 2001 at
http://www.hankooki.com/kt_tech/200105/t2001050217201245110.htm

See also Kim Deok-hyun, "Internet Filtering Ordinance Spurs New
Debate," Korea Times, Apr. 23, 2001 at
http://www.hk.co.kr/kt_tech/200104/t20010-42316411745110.htm

Read "Seoul taking action against foreign pornographic sites," Korea
Herald, Apr. 11, 2001 at
http://www.koreaherald.com/SITE/data/html_dir/2001/04/11/200104110036.
asp

=================================================
[2] US libraries, schools face blocking deadline
=================================================
Protests are mounting over a new Internet blocking law that affects
educational institutions throughout the United States.

The so-called "Children's Internet Protection Act" essentially
requires high schools and libraries to include blocking software on
their computers. Institutions that refuse to do so (or refuse to
implement policies to that effect) would lose federal funding. CIPA is
now being challenged in court by several groups, including the
American Civil Liberties Union (ACLU-a GILC member) and the American
Library Association.

The law was to take effect on April 20, 2001, but deadline for
compliance has been pushed back until July 1, 2001 at the earliest.
These delays came partly at the behest of cyberlibertarians, who
expressed concerns about the law's effectiveness and potential harm to
freedom of expression. Indeed, the Electronic Frontier Foundation
(EFF-a GILC member) mobilized street protests in New York and
California to vent frustration over CIPA, as well as a special BayFF
forum.

For an ACLU press release on the subject, click
http://www.aclu.org/news/2001/n041901b.html

Read Brian Krebs, "Web Filters At Schools, Libraries By July 2002,"
Newsbytes, Apr. 6, 2001 at
http://www.newsbytes.com/news/01/164204.html

For more on EFF-sponsored street protests, visit
http://www.eff.org/Censorship/Censorware/20010420_chipa_protest_pics.h
tml

For more on the EFF BayFF forum on censorware, see
http://www.eff.org/br/br1.html

===============================================
[3] Mainland China jails more Net dissidents
===============================================
With a flurry of arrests, mainland China has apparently started a new
offensive against its online critics. 

Reports indicate mainland Chinese authorities have arrested several
activists, including Guo Qinghai, who had written numerous online
opinion pieces that urged reforms, and Lu Xinhua, who sent messages to
various Web sites overseas and documented human rights abuses. Another
online dissident, Chi Shouzhu, was held after he printed out material
from a pro-democracy website. He had been released just a few months
ago after serving a decade in jail for his participation in the 1989
Tienanmen demonstrations. Meanwhile, fellow Internet activist Leng
Wenbao was subjected to two hours of police interrogation while his
house was ransacked and his computer was seized. Government agents are
also holding Yang Zili, the proprietor of www.lib.126.com, which
included articles on the suppression of the Falun Gong spiritual
movement, economic disparities in Chinese society and critiques of
communism.

Additionally, Chinese commisars have banned the opening of any new
cybercafes for at least three months, in an apparent attempt to stifle
various forms of Internet content. Similar initiatives are being
launched at the local level, including Shanghai. In some areas, the
computers in these establishments are being fitted with "information
purifiers" that block access to various controversial websites. The
crackdown may have a far-reaching impact because the vast majority of
the population does not have home Internet access, and must depend on
cybercafes to get on the Information Superhighway.

Not surprisingly, these moves have met with dismay from free speech
advocates. Robert Menard from Reporters Sans Frontieres (RSF) said
that while "China escaped condemnation at the Human Rights Commission
of the United Nations, this ... new wave of repression reminds us that
China is still an enemy of the Internet and of freedom of expression."

For the latest details, see the following bulletin from the Digital
Freedom Network (DFN-a GILC member) under
http://dfn.org/focus/china/guo-sentence.htm

For more of Menard's remarks, click
http://www.rsf.fr/uk/html/asie/cplp01/lp01/190401.html

Read "Online activists arrested in China," Guardian Unlimited, Apr.
19, 2001 at
http://www.guardianunlimited.co.uk/internetnews/story/0,7369,475164,00
.html

See also "China internet café debate heats up," BBC News Online, Apr.
29, 2001 at
http://news.bbc.co.uk/hi/english/world/monitoring/media_reports/newsid
_13020 00/1302309.stm

Read Sue Bruell, "Beijing to Forbid Opening of New Cyber Cafes," China
News Digest, Apr. 14, 2001 at
http://www.cnd.org/Global/01/04/15/010415-2.html

See also "State Council tightens control over Internet cafes," China
Online, Apr. 17, 2001 at
http://www.chinaonline.com/issues/internet_policy/newsarchive/secure/2
001/ap ril/C01041201.asp

Read "Shanghai sets strict content restrictions for TV, radio on Web,"
China Online, Mar. 26, 2001 at
http://www.chinaonline.com/issues/internet_policy/NewsArchive/Secure/2
001/Ma rch/C01032304.asp

See also "China cracks down on file-swapping sites," Bloomberg News,
Mar. 27, 2001 at http://news.cnet.com/news/0-1005-200-5262396.html

===============================================
[4] Malaysian news sites face uphill battle
===============================================
Malaysian online journalists are facing a barrage of harassment from
government agents.

In the latest move, Malaysian government agents arrested ten people,
including Raja Petra Kamaruddin, who is webmaster of Freeanwar.com,
and Malaysiakini.com reporter Hisammuddin Rais. The arrests were
presumably an attempt to undercut support of Anwar Ibrahim, the former
deputy prime minister who was imprisoned in September 1998 under
suspicious circumstances. Kamaruddin, Rais and at least 5 other
detainees were charged with violating the country's Internal Security
Act, which allows individuals to held indefinitely without a trial.

Malaysian authorities have also put additional pressure on various
corporations to either block online criticism or engage in
self-censorship. These efforts apparently led multinational webhost
Tripod.com to shutdown nearly a dozen opposition sites. Similarly,
AgendaMalaysia recently relaunched its webpage with less content than
before; in a thinly-viewed dig at Internet activists, the news
agency's editor, Rozaid Rahman, proclaimed that his group was "not
going to change the world. That is a daydream."

For further details, visit the freeanwar.com website under
http://www.freeanwar.com/facnews/suaramappeal270401.htm

For a special bulletin on this subject from the Digital Freedom
Network (DFN-a GILC member), click
http://dfn.org/focus/malaysia/jailed-activists.htm

See K. Kabilan, "Missing websites: no word from Tripod," Malaysiakini,
Mar. 19, 2001 at
http://www.malaysiakini.com/News/2001/03/2001031910.php3?print=1

See also "New Tack for Malaysian News Site," Reuters, Apr. 4, 2001 at
http://www.wired.com/news/politics/0,1283,42828,00.html

===============================================
[5] DVD battles rage Down Under and in US
===============================================
The fight over DVD-related speech restrictions has now reached
Australian shores.

The battle centers around the copy protection and regional coding
schemes used in digital video discs. Previously, computer researchers
had created DeCSS--a primitive computer program to help users of the
Linux operating system play DVDs on their computers. Over the past
year, the entertainment industry, through the DVD Content Control
Association (DVD CCA) and the Motion Picture Association of America
(MPAA), has waged legal battles in both New York and California to
prevent Internet users from linking to websites that have DeCSS. Many
experts fear that these actions may stifle free expression in
cyberspace.

In Australia, where interest in DVDs is growing, machines that are
sold Down Under generally cannot play discs from the other countries
due to the regional coding. Users who wish to view DVDs from, say,
Japan must modify their players, but the process brings legal problems
(including possible nullification of the product warranty). These
difficulties have led some experts, such as Allan Fels of the
Australian Competition and Consumer Commission, to suggest the coding
restrictions contained on DVDs actually violate the country's trade
practices laws. There are additional concerns that these code-based
restraints may have a significant detrimental impact on free speech,
from preventing fair use of materials contained on DVDs to abetting
controversial content rating systems.

Meanwhile, in the United States, the next round of legal battles over
DeCSS took place May 1. The Electronic Frontier Foundation (EFF-a GILC
member), which is defending 2600 magazine against the MPAA, recently
added a new member to its DeCSS legal team: Stanford Law School Dean
Kathleen Sullivan, who conducted oral arguments before a panel of 3
Federal appeals court judges. During this session, she suggested that
copyright laws such as the Digital Millennium Copyright Act were
acting as a "digital straightjacket" that hampered fair use and other
free speech rights: "It's as if the laws, as applied, say you can't
print a blueprint of a copying machine." However, at least one
panelist seemed less than receptive to these arguments. Judge Jon
Newman countered that the law does not necessarily allow individuals
"to make fair use in the most technologically modern way". Newman
further pooh-poohed the idea that fair use and other free speech
doctrines fully apply to the Internet, suggesting at one point that
newspapers such as the New York Times did not "need the digital format
to write their reviews." A ruling is expected in several weeks. 

For the latest on the New York court battle, see Declan McCullagh,
"DVD Piracy Judges Resolute," Wired News, May 2, 2001 at
http://www.wired.com/news/digiwood/0,1412,43470,00.html

See Caitlin Fitzsimmons, "Restricting DVDs 'illegal': ACCC,"
Australian IT, Mar. 27, 2001 at
http://australianit.news.com.au/common/storyPage/0,3811,1836144%255E12
86,00. html

For further background information on the growing popularity of DVDs
in Australia, see Adrian Kerr, "Philips predicts VCR demise," ZDNet
Australia, May 2, 2001 at
http://www.zdnet.com/zdnn/stories/news/0,4586,2714548,00.html

For an EFF press release on the hiring of Dean Sullivan, visit
http://www.eff.org/IP/Video/MPAA_DVD_cases/20010402_eff_sullivan_pr.ht
ml

For more on a possible ban on T-shirts containing DeCSS information,
read John Naughton, "Been there, outlawed it-banned the T-shirt," The
Observer, Apr. 1, 2001 at
http://www.guardianunlimited.co.uk/internetnews/story/0,7369,466363,00
.html

===============================================
[6] 2TheMart & MeltroniX Net speech cases
===============================================
Free speech activists are cheering over a recent court ruling that
protected the personal information of several online speakers.

The case centered around 2TheMart.com, which tried to uncover the
identities of some 23 people who had posted critical comments about
the company. The move was opposed by GILC members the American Civil
Liberties Union (ACLU) and the Electronic Frontier Foundation (EFF). A
United States Federal judge eventually quashed this request. Aaron
Caplan, an attorney with the local (Washington State) ACLU affiliate,
noted that the decision was important because "[t]here are a number of
situations where, if people don't feel it is safe for them to speak
anonymously, they may not speak at all. It is important for people to
have that outlet for speech, persuasion and organization." 

However, another court case is brewing in California, where computer
manufacturer MeltroniX is trying to discover the names of several
online detractors. The company is suing these Internet users for
making allegedly "vicious, defamatory and damaging comments," and is
asking a court to award punitive and financial damages. The
corporation has even gone so far as to call personal information
regarding these people as "a matter of public record" and that it
would monitor them to enforce what it called "responsible posting."

An EFF press release on the 2TheMart decision is available at
http://www.eff.org/Legal/Cases/2TheMart_case/20010420_eff_2themart_pr.
html

For more on the recent Seattle anonymous free speech victory, see
David McGuire, "Court Ruling A Boon For Online Anonymity-ACLU,"
Newsbytes, Apr. 20, 2001 at
http://www.newsbytes.com/news/01/164776.html

See also Stefanie Olsen, "Court backs right to free speech on Web,"
ZDNet News, Apr. 20, 2001 at
http://www.zdnet.com/zdnn/stories/news/0,4586,5081526,00.html

For more on the MeltroniX controversy, see Linda Hamilton, "Chatroom
posters to be sued and outed," The Register (UK), Apr. 9, 2001 at
http://www.theregister.co.uk/content/6/18192.html

=================================================
[7] Domain name deals spark anger
=================================================
Several new agreements on the future of .com, .edu and other Internet
suffixes are raising concern among many members of the Internet
community.

In one of the these deals, the Internet Corporation of Assigned Names
and Numbers (ICANN) awarded domain name giant Verisign the right to
control the .com registry for at least 6 more years. ICANN also
approved contracts that would grant Verisign powers over .org for at
least one more year and .net for 4 years. The decision came despite
intense opposition from a several quarters, including ICANN's own
Names Council. This opposition arose partly because of the apparently
undemocratic approach with which these contracts were conceived, as
well as fears that the agreements will hurt competition and free
expression. Indeed, ICANN's Board of Directors refused to make a final
decision on this matter during its public meetings Down Under, but
made their move during a private conference call that had been
scheduled specifically for this purpose. These contracts may yet be
countermanded, however, as several leading United States politicians
have petitioned for greater oversight of these and other ICANN
activities.

Meanwhile, the U.S. Commerce Department (through its subdivision, the
National Telecommunications and Information Administration) is
planning to turn control over .edu to Educause--a Washington
D.C.-based group that lobbies on behalf of colleges and their
corporate partners. The decision was taken with virtually no
opportunity for public comment. Some observers have expressed concern
over whether Educause will impose restrictions on the use of .edu,
particularly in regard to educational institutions based outside the
United States. These and other subjects are expected to be major
topics for discussion at ICANN's upcoming June meetings in Stockholm.

For an Educause press release on the .edu takeover, click
http://www.educause.edu/news/2001/04/edudomain.html 

Read Mark Ward, "Domain dispute drags on," BBC News Online, Apr. 20,
2001 at
http://news.bbc.co.uk/hi/english/sci/tech/newsid_1287000/1287432.stm

To read a letter from US Congressmen regarding new ICANN-Verisign
contracts, click
http://www.house.gov/commerce/letters/03302001_150.htm

For more on calls for greater oversight of ICANN, see Juliana
Gruenwald, "ICANN Issues Hitting Commerce Department," Interactive
Week, Apr. 9, 2001 at
http://www.zdnet.com/intweek/stories/news/0,4164,2705712,00.html

For more on ICANN's Stockholm meetings, click
http://www.icann.org/stockholm

=================================================
[8] Anti-fair use standards fail again
=================================================
Troubles continue to mount for various technical measures which many
experts feel may curb the free flow of information online.

Under the proposed SigningStation system, consumers would have to
disclose their identities and have entertainment companies assign them
a special individualized digital key. After customers purchase a given
digital video or music product, they would use key for authentication,
and only then would be able to view or hear what they had bought.
However, experts wonder whether SigningStation will unnecessarily
restrict the ability of individuals to make fair use of legally
obtained digital materials. In addition, the complex identification
requirements are raising serious privacy concerns. These
considerations have fueled speculation over whether the entire plan is
the financially viable.

Similar concerns have already led IBM to shelve Content Protection for
Removable Media (CPRM), which would have placed copy protection
software and special digital markings on each individual's hard drive
(as well as removable drives and other such systems). Nevertheless,
Microsoft is pushing a somewhat analogous scheme called "Secure PC"
that is designed to prevent computer users from duplicating audio
files, as well as anti-copying regimes in its latest version of
Windows Media Player. Ironically, Microsoft is itself being sued by
InterTrust, which claims the copy protection schemes used in the Media
Player have infringed on InterTrust's patents. It remains to be seen
whether any of these systems will achieve commercial acceptance or
what impact they would have on Internet free expression.

For more on InterTrust's patent lawsuit against Microsoft's
copy-protection schemes, read John Borland, "Anti-piracy company sues
Microsoft," Apr. 27, 2001 at
http://news.cnet.com/news/0-1005-200-5744735.html

For more on SigningStation, see David P. Hamilton, "Start-up locks to
media files," Wall Street Journal, Apr. 23, 2001 at
http://www.zdnet.com/zdnn/stories/news/0,4586,2710873,00.html

See John Borland, "Anti-privacy plans for hardware fail," CNet News,
Apr. 2, 2001 at http://news.cnet.com/news/0-1005-200-5422475.html

See also John Lettice, "MS plans 'Secure PC' that won't copy pirated
audio files," The Register (UK), Mar. 23, 2001 at
http://www.theregister.co.uk/content/4/17851.html

=================================================
[9] Holocaust site flap Down Under
=================================================
Attempts to shutdown a controversial Australian website have raised
troubling questions over Internet censorship.

The site in question was the brainchild of Dr. Fredrick Toben, a
former school instructor who questioned much of the forensic evidence
related to the Holocaust. The materials contained on Toben's webpages
drew the ire of Kathleen McEvoy, the Commissioner of Australia's Human
Rights & Equal Opportunity Commission (HREOC). She claimed that the
site violated the country's Racial Discrimination Act and ordered that
the offending webpages be taken down. The Executive Council of
Australian Jewry is now attempting to enforce the HREOC order through
the courts.

These moves have generated opposition from free speech advocates.
Irene Graham from Electronic Frontiers Australia (EFA-a GILC member)
noted that "the HREOC decision ... does not provide any indication at
all" of what specific speech is illegal and worried that these vague
standards may chill expression online. Moreover, she charged that
these "futile" and "counterproductive" bans "don't take into account
the technology of the Internet and the worldwide nature of the
Internet." A court hearing on this matter has been postponed until
June 12, 2001.

See Penelope Debelle, "Free speech row on Holocaust website," Fairfax
IT, Apr. 9, 2001 at
http://it.mycareer.com.au/e-commerce/20010409/A35206-2001Apr9.html

====================================================
[10] Ford sues over anti-General Motors Net name
====================================================
Several efforts to prevent domain name trademark violations may erode
free speech and privacy rights online.

The Ford Motor Company is suing 2600 magazine over a domain name that
criticizes General Motors. Ford's rationale was that the term might
confuse "the public into believing that somehow Ford has approved (of
the tactic) or is somehow involved." Curiously, General Motors had
already threatened legal action against 2600 several months ago; a GM
spokesperson has since said that his company "absolutely and totally"
supports Ford in its attempted domain name takedown. A court hearing
is scheduled for May 2, 2001.

These moves comes after the World Intellectual Property Organization
issued a report calling for further trademark-based restrictions on
domain names, including the use of geographic and personal terms.
Under these new regimes, Internet users would be completely excluded
from using certain terms (including the names of well-known drug
products and international organizations), even if those terms are
used for such purposes as public criticism or commentary. In an
editorial, 2600 retorted that there should be "many more top-level
domains that are dedicated to a specific purpose, rather than attempts
to control and manipulate every use of a particular name or word
throughout all Internet domains. Unfortunately, WIPO doesn't appear to
see it that way. ... [T]his 'additional protection' is likely to cause
great harm to the remaining freedoms of the net."

WIPO is also urging Whois databases (which contain personal
information about domain name holders) to be expanded and
standardized, thus making them searchable by virtually anyone on the
Internet. However, skeptics fear that this last idea will curb
anonymous free speech and undercut online privacy. These fears have
grown strong in Australia, where the lack of privacy protections for
this kind of data have led to numerous reported incidents of fraud.

WIPO's interim report is available via
http://wipo2.wipo.int/process2/rfc/rfc3/index.html

To read a 2600 editorial on WIPO's report, see "WIPO Recommends
Banning Certain Names and Words From Domains," 2600, Apr. 16, 2001 at
http://www.2600.com/news/display.shtml?id=255

For a schedule of WIPO regional consultations, click
http://www.wipo.int/pressroom/en/releases/2001/p260.htm

Read Steven Bonisteel, "WIPO Says: Keep Whois Open (And Keep It
Accurate)," Newsbytes, Apr. 20, 2001 at
http://www.newsbytes.com/news/01/164786.html

For more on fraudulent use of domain name registrant data, read Kate
Mackenzie, "'Hijackers' lead to domain changes," Australian IT, Apr.
12, 2001 at
http://australianit.news.com.au/common/storyPage/0,3811,1887934%5E442,
00.htm l

For further background information, visit
http://www.internetdemocracyproject.org



===========================================================
[11] Hollywood's legal threats against Net speakers
===========================================================
Legal threats from the entertainment industry have forced a university
professor to remain silent about his software research.

The case revolves around the Secure Digital Music Initiative (SDMI), a
software standard that several major entertainment conglomerates are
supporting as a way to discourage copying of sound files. SDMI's
creators tried to demonstrate the strength of this software by
challenging computer programmers to crack the code. Professor Eric
Felten of Princeton University agreed to participate, but was then
told by SDMI's sponsors not to reveal the results of his work. Prof.
Felten balked at these restrictions and withdrew his official
participation, deciding instead to conduct independent investigations
of SDMI along with several other scientists. After his team discovered
a way to break through SDMI's protections, he received a warning from
the SDMI consortium saying that "Any disclosure of information gained
from participating in the Public Challenge would be outside the scope
of activities permitted by the Agreement and could subject you and
your research team to actions under the Digital Millennium Copyright
Act." Felten and his fellow researchers eventually conceded to these
demands; he later expained: "Litigation is costly, time consuming and
uncertain, regardless of the merits of the other side's case.
Ultimately, we, the authors, reached a collective decision not to
expose ourselves, our employers and the conference organizers to
litigation."

Meanwhile, powerful forces from the entertainment industry are also
clamping down on the use of software through surveillance and
similarly-styled legal warnings. The Motion Picture Association of
America (MPAA) is using software developed by Ranger Online to spy on
Internet users and find people who use various types of duplication
products such as Gnutella. MPAA has used the collected information to
send hundreds of cease-and-desist letters, despite the fact that
Gnutella and other similar programs can be used for noninfringing
purposes. Yet despite the intimidating language contained in these
letters, MPAA attorney Ken Jacobsen claimed that his group was merely
trying "trying to do is educate the population about what is
appropriate, both from an ethical standpoint and from a legal
standpoint." 

Numerous companies (including Microsoft) have launched analogous
efforts around the world-efforts have also led to new legislation in
several European nations, including Hungary. These attempts have
renewed concerns about the future of online free speech in the face of
intellectual property-based strictures.

For more on the threats leveled at Prof. Felton, read "Researchers
cave in to SDMI legal threat," Associated Press, Apr. 26, 2001 at
http://news.cnet.com/news/0-1005-200-5737707.html

See also Elizabeth Wasserman, "Breaking the Code Crackers," The
Industry Standard, May 7, 2001 issue at
http://www.thestandard.com/article/0,1902,24076,00.html

Read Lisa M. Bowman, "Broadband fans busted over Gnutella," CNet News,
Apr. 17, 2001 at http://news.cnet.com/news/0-1005-200-5641576.html

For more about Ranger Online spyware, visit
http://www.rangerinc.com/1/index.htm

For more on new EU copyright restrictions, see Thomas C. Greene, "EU
Sanctifies copyrights a la DMCA," The Register (UK), Apr. 11, 2001 at
http://www.theregister.co.uk/content/6/18255.html

For more on Microsoft/police copyright efforts, read Glenn Simpson,
"Microsoft urges global antipiracy effort," Wall Street Journal, Apr.
2, 2001 at
http://www.zdnet.com/zdnn/stories/news/0,4586,2703424,00.html

For additional details on harsh Hungarian copyright laws, see John
Horvath, "Criminal Society," Heise Telepolis, Mar. 24, 2001 at
http://www.heise.de/tp/english/inhalt/te/7211/1.html

See also Matt Ford, "Big Brother on track to find the pirates,"
Fairfax IT, Apr. 9, 2001 at
http://it.mycareer.com.au/software/20010409/A35305-2001Apr9.html

================================================
[12] Internet usage worldwide varies heavily
================================================
New studies indicate that much of the world is coming online, but
progress has been uneven.

This is particularly true in Africa, according to statistics compiled
by the International Telecommunications Union. Somalia, for example,
only has about 200 Internet users out of a population of over 7
million people. South Africa, on the other hand, has 1.8 million
cybercitizens-roughly 60% of all Internet users on the continent.
Indeed, outside of South Africa, less than 0.2% of the population is
connected to the Information Superhighway.

In other parts of the globe, the Internet has grown at higher rates.
This is particularly true in Europe; home Internet use (as measured by
time spent online) has tripled in France and Spain and nearly doubled
in the United Kingdom. Another nation experiencing an Internet boom is
Korea, which has been helped by a surge in wireless websurfers. South
Korea also has the world's highest rate of broadband connectivity-a
rate that is more double that of the United States.

Read Jenny Sinclair, "Why the Internet is out of Africa," Fairfax IT,
Apr. 9, 2001 at
http://it.mycareer.com.au/e-commerce/20010409/A35302-2001Apr9.html

For more on burgeoning European Internet usage, read Steve Gold,
"Internet Usage Increasing in Europe, Despite Downturn," Newsbytes,
May 2, 2001 at http://www.newsbytes.com/news/01/165210.html

See also "European Net traffic rockets," Reuters, Mar. 28, 2001 at
http://www.zdnet.com/zdnn/stories/newsbursts/0,7407,2702024,00.html 

For more on the growth of the Internet in Britain, read Julia Snoddy,
"UK Net user numbers grow despite dot.coms crash," The Guardian, Apr.
24, 2001 at
http://www.guardianunlimited.co.uk/internetnews/story/0,7369,477523,00
.html

Read "OECD broadband figures show Korea leads," Total Telecom, May 1,
2001 at http://www.totaltele.com/vprint.asp?txtID=39503

See also "South Korea Leads World Broadband Net Race," Reuters, Apr.
23, 2001 at http://www.thestandard.com/article/0,1902,23891,00.html

For more on general Korean Internet usage, read "Korea No. 1 in use of
multimedia sites," Korea Herald, May 4, 2001 at
http://www.koreaherald.com/SITE/data/html_dir/2001/05/04/200105040010.
asp

See also "Korean users of wireless Internet total 18.52 mil." Korea
Herald, Apr. 18, 2001 at
http://www.koreaherald.com/SITE/data/html_dir/2001/04/18/200104180009.
asp

========================================
[13] Whistleblower website launched
========================================
Will a new webpage help workers expose corporate abuses?

The British firm Forensic Accounting has launched an initiative
specifically targeted at employees who wish to vent their concerns to
higher-ups without fear of reprisal. Informants who visit the website
can post surreptitious warnings of possible criminal activity on the
job, without having to pay any fees. Afterwards, the site's operators
will forward entries to management teams of companies that subscribe
to the service, as well as offer advice.

Raj Bairoliya, managing director of Forensic Accounting, stressed the
importance of this venue for anonymous free speech: "The
whistleblower's lot has not been a happy one. Most people are too
scared because there is nothing in it but a downside." The plan has
received support from several groups, including Public Concern at
Work, which is dedicated to helping employees who have suffered
reprisals for reporting corporate misdeeds. However, the website
raises questions as to whether the authorities or major companies are
making sufficient efforts to protect anonymity online. Indeed, George
Staple from the British Fraud Advisory Panel noted that past efforts
at helping whistleblowers had not been particularly successful, partly
because the issue of protecting the identities of corporate informants
"is not high enough on the agenda of most company managements."

See Michael Peel, "SURVEY-CLASSIFIED RECRUITMENT: Justice at a price,"
Financial Times, Apr. 26, 2001 at
http://globalarchive.ft.com/globalarchive/article.html?id=010426001244
&query =Forensic+Accounting

See also Michael Peel, "Whistleblower website welcomed," Financial
Times, Apr. 11, 2001 at
http://news.ft.com/ft/gx.cgi/ftc?pagename=View&c=Article&cid=FT3UM9WGF
LC&liv e=true&tagid=IXLC078IH7C&Collid=Any

================================================
[14] Australian censor system largely dormant
================================================
Does Australia really have a serious problem with harmful online
material?

That's what many experts are wondering based on a new report. Nearly
two years ago, the Australian government created a complaint-based
regime that, depending on the circumstances, would screen out websites
based on film guidelines. Adult theme websites, which are defined to
include "verbal references to ...suicide, crime, corruption, martial
problems, emotional trauma, drug and alcohol dependency, death and
serious illness, racism, [or] religious issues" would be likely
candidates for censure. 

The plan took effect in January 2000. However, a subsequent
government-commissioned study revealed showed that out of nearly six
million of Australian cybercitizens, only 124 complaints were received
during the first three months of the new regime. A later report issued
this past April indicates that the massive wave of filings expected by
some of the law's backers still had yet to take place. For example,
between July and December 2000, the Australian Broadcasting Authority
sent take-down notices to only 6 sites regarding content Down Under;
notices were sent to a mere 22 sites over the entire year.

According to many observers, these findings illustrate how the entire
scheme has been a waste of resources. Irene Graham, executive director
of Electronic Frontiers Australia (EFA-a GILC member) noted that the
Australian government "seems to be spending its time either referring
overseas sites to content filter makers, or issuing take-down notices
for domestic sites that could largely have been caught through
existing laws. The government trumpets this as having made the
Internet safe for children, but we think that's merely giving a sense
of false security to parents. What they're doing is making, at best, a
miniscule difference to how safe the Internet is for children." 

The report is available via
http://www.dcita.gov.au/nsapi-graphics/?MIval=dca_dispdoc&ID=5651

For press coverage, read Stewart Taggart, "Questioning the Oz Net
Censors," Wired News, Apr. 24, 2001 at
http://www.wired.com/news/print/0,1294,43182,00.html

=================================================
[15] Cybercrime pact lurches forward
=================================================
Despite intense criticism, European politicians are moving ahead with
a European cybercrime plan that may erode online privacy.

Under this Council of Europe treaty, signatory countries would enact
laws that might make it easier for government agents to search
computers and conduct real-time surveillance on private citizens
through telecommunications networks. The convention includes
provisions that may allow law enforcement officials greater access to
many types of personal security information, such as encryption keys.
Additionally, the scheme could pressure Internet service providers
(ISPs) to monitor and retain records on customer activities, under
threat of legal liability. Furthermore, the draft would have
signatories create new penalties for copyright infringement. European
Union officials are now pushing for new sections that would ban
websites containing language deemed hateful or inflammatory, an
apparent extension of a controversial French ruling against Yahoo
regarding Nazi memorabilia on its auction pages.

The treaty has been the subject of intense criticism for months. Joe
McNamee of the European Internet Service Provider Association
(EuroISPA) worried that the treaty would require the collection of
vast amounts of personal data, and said that while "[n]obody's opposed
to fighting cybercrime," his group and others were "opposed to
fighting innocent people and privacy." There are also serious
complaints regarding the secretive nature with which the entire plan
was conceived. On that point, Gus Hosein of Privacy International (a
GILC member) called the procedure used to create the treaty "the worst
process I've seen so far when it comes to transparency in government."
Yet despite these concerns, the Council's parliamentary assembly
approved the current draft, and sent the matter into the hands of an
experts panel that compile a final version. Full assent could come as
early as June 2001.

European nations apparently are not the only countries coming up with
new cybercrime plans. Thailand is considering new laws that would
allow government agents greater surveillance powers in
cyberspace-standards that are broadly similar to those contained in
the CoE treaty (including penalties for copyright infringement). In
Australia, law enforcement officials are also proposing new amendments
that would carry stiff punishments for various Internet activities,
including decade-long jail sentences.  

For more of Mr. Hosein's remarks, read Rick Perera, "Cybercrime treaty
a step closer to becoming law," Infoworld.com, Apr. 25, 2001 at
http://www.infoworld.com/articles/hn/xml/01/04/25/010425hntreaty.xml

For German language information, see "Europarat verabschiedet
Cybercrime-Abkommen," Heise Online, Apr. 25, 2001 at
http://www.heise.de/newsticker/data/ame-25.04.01-000/

Read Karnjana Karnjanatawe, "Thai Computer Crime Law Nears Public
Hearing," Bangkok Post, Mar. 21, 2001 at
http://www.newsbytes.com/news/01/163424.html

Further details regarding Australian cybercrime plans, see Megan
McAuliffe, "Australian hackers face jail time," ZDNet Australia, Apr.
9, 2001 at
http://www.zdnet.com/zdnn/stories/news/0,4586,2705803,00.html

See also David Adams, "Momentum grows for e-crime centre," Fairfax IT,
Mar. 28, 2001 at
http://it.mycareer.com.au/industry/20010328/A32552-2001Mar28.html

========================================
[16] iRobots spy on children
========================================
Who wants an android to spy on their kids?

That's what some people are wondering with the introduction of iRobot.
This device, according to the manufacturer, is a "multi-purpose home
robot that can be controlled from anywhere in the world." iRobot
includes a live-action camera and microphone mounted on a six-wheel
chassis. Images and sounds collected by the robot are then broadcast
along the Internet by wireless. Computer users can control this device
through their web browser. The entire package is being marketed as a
way for parents to monitor their children, but is also being supplied
to the United States Defense Advanced Projects Research Agency (DARPA)
and various corporations for surveillance purposes. 

The company has conceded that personal web cameras "could lead to
situations where we are being monitored 24 hours a day, and privacy is
a thing of the past. For example, if you wanted to be able to see what
was going on at your house, you would have to install and wire cameras
in every room. That's a lot of cameras, and for your family, it means
never knowing if you are being watched or not." Curiously, the company
claims this privacy problem does not apply to its product because
"iRobot-LE(tm) is not a web cam," despite later assertions such as:
"iRobot-LE is a serious appliance that can bring the power of the
Internet out of the study and into the kitchen or living room when you
are at home." Indeed, the corporation also admits through its privacy
policy that it uses digital information files known as "cookies" to
track users and places the burden on consumers to opt-out of its data
collection system.

The iRobot privacy policy is posted at
http://www.irobot.com/privacy/privacy.asp

Further company information on iRobot is posted at
http://www.irobot.com/ir/ir_not.asp

See Peter H. Lewis, "Remotely interesting," Fortune, Apr. 2, 2001 at
http://www.fortune.com/indexw.jhtml;jsessionid=I1YMXDJQHAFBYQAMEHTSFFS
ABQQ4K
IV3?doc_id=200978&channel=artcol.jhtml&_DARGS=%2Ffragments%2Ffrg_mores
tories .jhtml.1_A&_DAV=artcol.jhtml

Read Eric Auchard, "I Spy," Reuters, Apr. 17, 2001 at
http://abcnews.go.com/sections/scitech/DailyNews/spycameras010417.html

==================================================
[17] Beijing plans Carnivore-type spyware
==================================================
Mainland China is looking for a new way to monitor Internet users, and
it appears to be taking a hint from the United States.

Reports indicate that the Chinese government is developing a new
"black box" system to wiretap the Internet. While details are only
beginning to emerge, the device is apparently derived from technology
previously used in airline cockpit data recorders. The goal of this
"black box," however, is to allow Chinese officials to watch over and
hunt down dissidents and possible opponents to the current ruling
regime. 

The entire system appears to be broadly similar to Carnivore-a device
developed by the United States government. Carnivore is attached to
the server of a given Internet service provider and intercepts all
Internet transmissions that come through the server, then parses out
pertinent material, based on keywords provided by the administrator.
Carnivore and its successor DCS 1000 have come under heavy criticism
over the past few months as being serious threats to online privacy.
Some of these concerns were reiterated by privacy advocates in a
recent discussions with US Attorney General John Ashcroft.

See "China Plans to Build Internet Monitoring System," China News
Daily, Mar. 20, 2001 at
http://www.cnd.org/Global/01/03/20/010320-3.html

For more on current discussions of Carnivore, see Brian Krebs, "Groups
Urge Ashcroft To Act On Carnivore, Privacy Issues," Newsbytes, May 3,
2001 at http://www.newsbytes.com/news/01/165261.html

==================================================
[18] New British cyberspy agency created
==================================================
The British government is launching a new cybercrime center that is
causing concern among privacy advocates.

British Home Secretary Jack Straw recently unveiled a National Hi-Tech
Crime Unit. This unit will have several dozen employees, consisting of
law enforcement agents and information technology experts, and will
focus on crimes that involve the Internet. While precise details on
operations are not readily available, operatives are expected to
collect information regarding online activities for possible future
action or prosecution. The entire enterprise will cost an estimated 25
million pounds sterling.

The move is being seen with a certain degree of apprehension, due in
part to the sweeping powers this agency may have under the
controversial Regulation of Investigatory Powers Act (RIP) that was
enacted last year. RIP requires the creation of a special center with
links to Britain's Internet service providers (ISPs), which will allow
law enforcement officials to spy on the online activities of most UK
citizens. Many people worry that the Act will enable government agents
to conduct wide scale searches into the activities of private Internet
users. Yaman Akdeniz of Cyber-Rights and Cyber-Liberties UK (a GILC
member) warned that "this partnership could turn ISPs into an arm of
the law enforcement agencies because there are a lot of requirements
on them for data collection and analysis." Similar sentiments have
been aired over an analogous arrangement in the Netherlands.

See Mark Ward, "Cybercops arrest online liberty," BBC News Online,
Apr. 18, 2001 at
http://news.bbc.co.uk/hi/english/sci/tech/newsid_1283000/1283127.stm

Read Sarah Left, "Government launches cyber-crime unit," Guardian
Unlimited, Apr. 18, 2001 at
http://www.guardianunlimited.co.uk/internetnews/story/0,7369,474518,00
.html

See also Jelle van Buuren, "Dutch Government and ISP's Reach
Compromise On Interception of The Internet," Heise Telepolis, Apr. 25,
2001 at http://www.heise.de/tp/english/inhalt/te/7458/1.html

==================================================
[19] Euro hearing on ECHELON surveillance
==================================================
More details may soon be revealed about a super-secret global
surveillance system.

A committee of European Parliament members will soon visit the United
States in an attempt to discover more details about ECHELON. ECHELON
is popularly used to describe a system that is designed to intercept
communications from around the world. It is supposedly operated by the
United States National Security Agency in conjunction with several
other intelligence agencies. Reports suggest that ECHELON is capable
of intercepting e-mail messages, faxes, and telephone conversations. 

Fears about possible ECHELON privacy abuses led the European
Parliament to form a temporary investigatory committee. At a committee
hearing held a few weeks ago, several witnesses expressed concern
about ECHELON's potential threat to individual rights. One of them,
Yaman Akdeniz from Cyber-Rights & Cyber-Liberties UK (a GILC member),
noted that "[i]f the current allegations are true, all law abiding
European citizens and companies are at risk of being monitored every
day without any legal basis. ... [W]e are particularly concerned about
the lack of democratic oversight on data being intercepted, stored and
processed with systems like Echelon." 

Afterwards, members of the EP panel decided to visit the United States
on a fact-finding mission that will include discussions with various
U.S. politicians and intelligence officials. Marc Rotenberg, executive
director of the Electronic Privacy Information Center (EPIC-a GILC
member), welcomed the move as "a very important step. It's a proactive
effort by government officials to address the problem of international
surveillance." The visit is scheduled to take place the week of May 8,
2001.

For more on the EP members' visit to the United States, read Declan
McCullagh, "Euros Continue Echelon Probe," Wired News, Apr. 24, 2001
at http://www.wired.com/news/privacy/0,1848,43270,00.html

A statement from Mr. Akdeniz (presented at the EP hearing) is
available under http://www.cyber-rights.org/reports/echelon_ya.htm

The agenda for the hearing is posted under
http://wwwdb.europarl.eu.int/ep/owa/p_calag.oj?ipid=0&imn=9062&ilg=EN&
iorig= tempcom

Other related documents are available at
http://www.europarl.eu.int/meetdocs/committees/temp/20010322/TEMP20010
322.ht m

Press coverage is available from Kieren McCarthy, "European Parliament
continues Echelon investigation," The Register (UK), Mar. 22, 2001 at
http://www.theregister.co.uk/content/8/17800.html

For further background information, visit
http://www.echelonwatch.org

==================================================
[20] US-EU flap over Safe Harbor contracts
==================================================
Contracts meant to implement a trans-Atlantic privacy plan have met
with some resistance from the United States government.

The European Union and the United States had previously agreed to new
standards for handling the personal information of EU citizens. Under
the plan, known as Safe Harbor, U.S. companies would have to notify
European users how their private data is being handled and how it is
being collected. Concerned individuals would be allowed reasonable
access to their files, and could refuse to allow other companies to
receive such information. This self-regulatory system is only
voluntary, but American firms that join Safe Harbor could avoid
lawsuits from the governments of EU countries. Moreover, these rules
are not as strong as the stringent regulations required by many
European nations.

This compromise was formulated several months ago to avoid a possible
trade war between the EU and the US. Since then, however, the
administration of US President Bush sent a letter criticizing proposed
model contracts that are designed to allow companies to comply with
this agreement. The letter called the draft clauses "unduly burdensome
requirements that are incompatible with real world operations." In
response, a spokesperson for the European Commission said that "The US
administration's letter appears to be based on a total, complete and
utter absence of understanding of what the Commission is doing. We are
aiming to make life easier for companies transferring data from the EU
to countries outside the EU by clarifying the provisions in contracts
which would best ensure adequate protection of personal data." 

See Glenn R. Simpson, "Bush opposes Euro privacy rules," Wall Street
Journal, Mar. 27, 2001 at
http://www.zdnet.com/zdnn/stories/news/0,4586,2701370,00.html

See Peronet Despeignes & Deborah Hargreaves, "INTERNATIONAL ECONOMY:
EU-US clash over personal data: private right or commercial
opportunity?" Financial Times, Mar. 29, 2001 at
http://globalarchive.ft.com/globalarchive/articles.html?id=01032900040
6

==================================================
[21] Microsoft SmartTags & Hailstorm privacy woes
==================================================
How would you like to have your most personal details stored by a
central computer system in Seattle?

That's apparently what Microsoft is asking people to do under its new
Hailstorm plan. The scheme would use a "Passport" identity system for
individuals to use personalized calendars, address books and
e-wallets. This information would then be accessible to a whole host
of recipients, including programmers and advertisers, who could sift
through this data and send files to Hailstorm users. Should these
users change email addresses, the updated contact information would be
sent along to financial institutions and other corporations.

Many observers have raised alarms over the intrusive nature of these
plans, as well as the apparent lack of privacy protection for the
personal data stored within Hailstorm. Jason Catlett of Junkbusters
said he was against letting Microsoft becoming "the de facto
government of the United States, issuing passports and controlling
identity and wallets for all consumers." Skeptics also pointed to
Passport's privacy policies, which previously allowed "Microsoft and
its affiliated companies permission to: Use, modify, copy, distribute,
transmit, publicly display, publicly perform, reproduce, publish,
sublicense, create derivative works from, transfer, or sell" virtually
any user-provided information. The company has since revised its
policy to say these rights only apply to "feedback or suggestions to
Microsoft concerning the Passport Web Site or the Passport Service."

Hailstorm is not the only new Microsoft project that is sparking
privacy concerns. The software giant is also receiving criticism over
its latest version of Office (XP), which apparently includes expanded
use of Smart Tags. These bits of code, which can be attached to
numerous types of files (such as spreadsheets, Word documents and so
on) could also reportedly be used as a backdoor for fraudsters.
Experts have also criticized Microsoft's embrace of Platform for
Privacy Preferences (P3P) technology in its latest version of within
Internet Explorer; the Electronic Privacy Information Center (EPIC-a
GILC member) described P3P as "a complex and confusing protocol that
will make it more difficult for Internet users to protect their
privacy." Meanwhile, scientists have discovered serious security flaws
in both Internet Explorer and Outlook and as well as its Windows 2000
server software, which Microsoft is looking to remedy with software
patches.

For further details on the latest Microsoft security flaws, read Mark
Ward, "Microsoft warns of 'serious' software hole," BBC News Online,
May 2, 2001 at
http://news.bbc.co.uk/hi/english/sci/tech/newsid_1308000/1308267.stm

For more on Smart Tags, see John Lettice, "Smart tagging in Office
XP-what Melissa did next?" The Register (UK), Apr. 6, 2001 at
http://www.theregister.co.uk/content/4/18160.html

For more on HailStorm, read Leslie Walker, "Gates's Bold New Persona:
Your ID Manager," Washington Post, Mar. 29, 2001, Page E1 at
http://washingtonpost.com/ac2/wp-dyn/A9711-2001Mar29?language=printer

Further details on P3P's lukewarm reception, see Lisa M. Bowman,
"Privacy experts rip IE cookie cutter," ZDNet News, Mar. 22, 2001 at
http://www.zdnet.com/zdnn/stories/news/0,4586,5080018,00.html

See also Leslie Walker, "Browser Aimed at Protecting Users' Privacy,"
Washington Post, Mar. 29, 2001, Page E4 at
http://washingtonpost.com/ac2/wp-dyn/A9146-2001Mar28?language=printer

For more on Microsoft Explorer & Outlook security flaws, read Michelle
Delio, "IE Hole Surrenders Your Computer," Wired News, Mar. 30, 2001
at http://www.wired.com/news/technology/0,1282,42750,00.html

For more on Microsoft Passport user data leaks, see Stefanie Olsen,
"Privacy terms revised for Microsoft Passport," CNet News, Apr. 4,
2001 at http://news.cnet.com/news/0-1005-200-5508903.html

Further details on potential other Office XP flaws, are available from
John Lettice, "'Universal' key claimed to disable MS Office XP
security," The Register (UK), Mar. 26, 2001 at
http://www.theregister.co.uk/content/4/17869.html

======================================================
[22] EBay pulls an Amazon, waters down privacy policy
======================================================
Should consumers put much faith in the privacy policies of e-tailers?

Many experts are suggesting the answer is no, after a recent decision
by EBay. The popular online auction site altered its privacy statement
to allow the company to give out personal information about its users
in a number of circumstances, including if the corporation was taken
over by another firm. The move comes after online bookseller Amazon
made a similar alteration in its privacy policy several months ago,
allowing sensitive "customer information" to be treated as merely
"business assets" that could be bought or sold as the company
continued to develop its business. 

Not surprisingly, the change has yielded strong protests from privacy
advocates. Andrew Shen from the Electronic Privacy Information Center
(EPIC-a GILC member) noted that companies like EBay are able to carry
out these practices because in part because regulators such as the
United States Federal Trade Commission (FTC) not going far enough in
protect personal information. "This is the problem with the FTC only
using its prohibitions against unfair and deceptive practices, instead
of establishing a privacy standard." 

The revised EBay policy becomes effective May 15, 2001.

Read Jeffrey Benner, "EBay Alters Privacy Policy," Wired News, Apr. 2,
2001 at http://www.wired.com/news/business/0,1367,42778,00.html

See also David Berlind, "eBay, Yahoo's security snafus," Enterprise,
Apr. 5, 2001 at
http://www.zdnet.com/zdnn/stories/comment/0,5859,2705095,00.html

======================================================
[23] Biometric software faces privacy & technical woes
======================================================
Your computer may soon know who you are-just by the way you type.

That's the promise of a new product called BioPassword. When computer
users login with this system, the program checks the inputted typing
pattern against archived "rhythm" samples, and will only grant access
if there is a match. The software package allows "[c]onstant,
automatic Password logon monitoring, every time the computer is booted
up or unlocked." In addition, system administrators can lock
BioPassword users can be locked out of their systems and have
individual computers shutdown, powered down or rebooted. 

While the software is being billed as a way to enhance security, it is
unclear whether its success rates are actually higher than current
login protection schemes-particularly in light of company literature
telling BioPassword users that they no longer need to change their
passwords on a regular basis. Some of these concerns have been fueled
by the problems that have plagued a similar product, BioID SOHO, which
tends to get confused between different people, particularly on
systems that have less than 5 users. The manufacturer of BioPassword
admits that "environmental issues" may have a significant effect on
accuracy. Moreover, because these devices seem to allow precise
tagging and monitoring of ordinary computer users, there are fears
that they will in fact have a detrimental impact on Internet privacy.

See Carlos A. Soto, "BioPassword Security Checks User's Typing
Pattern," Washington Post, Apr. 5, 2001, page E4 at	
http://washingtonpost.com/wp-dyn/articles/A41021-2001Apr4.html

The BioPassword homepage is located at
http://www.biopassword.com

======================================================
[24] EU panel questions Australian privacy laws
======================================================
Concerns over Australian privacy standards have started to take on
international dimensions.

The European Commission Data Protection Working Party (which is
composed of Data Protection officials from Council of Europe member
states) has issued an opinion criticizing a proposed Australian
Privacy Amendment. Among other things, the panel noted "with concern
that some sectors and activities are excluded from the protections of
the Act," including employee personal information and small
businesses. The Party also pointed out vagaries in the language of the
Amendment, which might allow data collected for one purpose to be used
for new functions.

In response, Australia's Attorney General Daryl Williams accused the
European experts of "ignorance about Australia's law and practice and
do not go to the substance of whether our law is fundamentally
'adequate' from a trading point of view. It seems that the
prescriptive approach taken in many EU Member States is assumed to be
the only acceptable way to go in many areas of privacy protection."
said that he did not accept the working group's findings and feared
placing "unnecessary burdens on business." He also announced that
"officials from Australia and the EC will continue to talk in order to
address these concerns to everyone's satisfaction. However, Australia
will only look at options that do not impose unnecessary burdens on
business."

To read the comments of the EU panel, click
http://europa.eu.int/comm/internal_market/en/media/dataprot/wpdocs/wp4
0en.ht m

To read the response from Australian Attorney General Daryl Williams,
visit http://law.gov.au/aghome/agnews/2001newsag/941_01.htm

======================================================
[25] DoubleClick suffers security breach
======================================================
Recent events have left many people wondering whether DoubleClick will
ever do enough to protect online privacy.

Officials from the online advertising firm admitted that intruders had
invaded its systems. The attack was sufficiently serious that
DoubleClick shutdown a few of its servers in order to help
investigators track down perpetrators. A spokesperson termed the
incident "mischievous in nature" but claimed that the incident did not
have "any serious impact to our networks."

The breach came just as a Federal judge in the United States dismissed
a privacy lawsuit against DoubleClick. The suit revolved around
company's admission that it had been tracking viewers through the
Internet by placing digital identification numbers in files known as
"cookies" on a user's hard drive, which it matches with name and
address information that has been collected by its partners. Despite
initial claims to the contrary, DoubleClick planned to match this data
with more extensive information contained in millions of files
maintained by its merger partner Abacus Direct. DoubleClick put aside
its data-matching plan after a storm of public criticism. Several
consumers then took legal action against the company, claiming that
DoubleClick's cookie tracking scheme violated various state and
Federal laws. It is not clear whether the plaintiffs will now appeal
the dismissal.

See "DoubleClick: We've been hit," Reuters, Mar. 30, 2001 at
http://www.zdnet.com/zdnn/stories/news/0,4586,5080420,00.html

See also Michael Bartlett, "Attorney Fires Back At Judge In
DoubleClick Privacy Case," Newsbytes, Mar. 30, 2001 at
http://www.newsbytes.com/news/01/163925.html

======================================================
[26] German gov't searches Net music lovers' homes
======================================================
Watch out if you're downloading music off the Internet. The German
government may use force (both in person and through the network) to
stop you.

German government agents recently invaded the homes of 103 people,
claiming that they were trading online music files of "skinhead
bands." As part of this sweep, police officers seized computers and
discs while pressing charges that could lead to 3-year prison
sentences. Law enforcement officials argued that they had the right to
enter these private residences and that it was illegal for individuals
to transfer these MP3 files over the Internet. These claims came
despite the fact that it is legal under German law to listen to such
materials. 

In addition, German politicians are tacitly admitting their support
for plans to allow government agents to hack into private websites.
German Interior Minister Otto Schilly mentioned in a recent interview
that government agents may send voluminous amounts of email messages
to offending webpages, in the hopes of disrupting their servers. A
Schilly spokesman later tried to justify such attacks by saying that
many of the sites to be targeted sites "are put onto the Internet in
foreign countries, so it's very difficult to use German law. We have
to think about all the lawful possibilities." No one from the German
government has explained precisely what criteria would be used to
determine which websites would be targeted.

These statements have alarmed many members of the privacy community.
Andy Mueller-Maguhn of the Chaos Computer Club (CCC-a GILC member)
said he expected government operatives "to say they won't do anything
that is outside of German law or the law of any other country." He
further warned that any ideas of arbitrarily hacking private websites
"is not compatible with being Minister of the Interior for any
democratic government on the planet. Of course there might be
governments with that style. But normally that's not the behavior of a
democratic state or country."

Read Adam Tanner, "Germany Cracks Down on Internet Nazi Music Trade,"
Reuters, Apr. 10, 2001 at
http://www.infowar.com/law/01/law_041001d_j.shtml

See also Steve Kettmann, "German Pol Backtracks on Hack," Wired News,
Apr. 10, 2001 at
http://www.wired.com/news/politics/0,1283,42961,00.html

For original story, see Frank Patalong, "Mit Hackermoden gegen
Neonazis," Der Spiegel, Apr. 6, 2001 at
http://www.spiegel.de/netzwelt/politik/0,1518,126921,00.html

For background information, see Thomas C. Greene, "German may strike
Nazi sites with DoS attacks," The Register (UK), Apr. 9, 2001 at
http://www.theregister.co.uk/content/8/18200.html

==========================================================
[27] Privacy surveys reflect public unease
==========================================================
Recent studies suggest that people may not know precisely what
threatens their privacy online, but they don't like what they
see...and those threats are becoming more prevalent.

In a report from the Pew Internet & American Life Project, the vast
majority of respondents (62%) wanted stronger laws to protect against
online surveillance. Furthermore, two thirds of those surveyed did not
necessarily trust the government to do the right thing when
wiretapping the Internet, and nearly 80% of participants were worried
about online fraud. However, the study also showed some confusion
about specific programs that may curb privacy, and that there is a
need for further public education about the subject. For example, only
about 20% of respondents were aware of the United States government's
Carnivore spyware system. Evan Hendricks of the Privacy Times
commented that the "public's simply not aware of the power of
Carnivore and the likelihood it will be abused if it's run as the FBI
[U.S. Federal Bureau of Investigations] proposes."

Meanwhile, a report from the American Management Association indicates
workplace surveillance is growing. According to the AMA's research,
about 4 out of 5 major companies intercept their worker's phone calls,
email or other Internet transmissions. This percentage rose
dramatically in some industries, particularly financial firms (such as
banks), where over 92% of surveyed companies snoop on their employees.
These latest figures contrast with numbers compiled just four years
ago, when about 35% of the firms participating in the study carried
out these kinds of surveillance activities.

For more on the AMA study, see Romy Ribitzky, "Corporate Snooping on
Rise," ABCNews.com (US), Apr. 18, 2001 at
http://abcnews.go.com/sections/business/DailyNews/snooping_010418.html

For further details regarding the Pew report, see Robert O'Harrow,
"Opinion Split on Web Privacy," Washington Post, Apr. 3, 2001, page
E12, at http://washingtonpost.com/wp-dyn/articles/A28560-2001Apr2.html

==========================================================
[28] Sales problems for invasive CueCat, TiVo devices
==========================================================
Can privacy concerns hurt sales?

That's some people are wondering in light of the struggles faced by
two controversial Web products. One of them, CueCat, allows users to
scan special barcodes contained on print articles and advertisements,
thus triggering their computers into accessing websites for more
information. However, scientists discovered that CueCats include
special individualized serial numbers that allow the tracking of
computer users as they surf the Internet and the creation of highly
detailed profiles regarding their behavior. Indeed, the maker of
CueCats, Digital Convergence, has admitted that it "is responsible for
the creation and analysis of the largest consumer database that
provides the unique combination of Web tracking with all forms of
media." Worse still, Digital Convergence suffered a security breach
several months ago that revealed personal information files on nearly
140 000 users, including such data as customer names, email addresses
and postal codes.

Since these revelations, Digital Convergence has suffered serious
marketing problems. While 3 million CueCats have been given to
consumers, only about 100 000 people have actually used them, and even
those people tend not to swipe CueCats very often (averaging 6 hits
per device). During the past month, the company withdrew its plans to
publicly offer stock, claiming that the market environment would be
too hostile to such a move. 

The other product, TiVo, is personal video recorder with Internet
connections that includes such features as allowing replays of
television broadcasts within seconds and advanced programming options.
However, researchers have determined that the device collects detailed
information about users' viewing habits and sends this data back to
the manufacturer through the Information Superhighway.  While the
manufacturer claims that these profiles were anonymized, a report from
the Privacy Foundation indicated that the data collected did in fact
contain identifying information (including the serial number of the
individual user's machine). These revelations led several prominent
United States Congressmen to call for a government investigation into
possible trade violations. Meanwhile, while the number of subscribers
continues the climb, the increases were not enough to dissuade the
company from laying off nearly 25% of its workers in an effort to cut
costs.

See Gwendolyn Mariano, "CueCats sent to the litter box," ZDNet News,
Mar. 29, 2001 at
http://www.zdnet.com/zdnn/stories/news/0,4586,5080362,00.html

The Privacy Foundation report on TiVo is posted under
http://www.privacyfoundation.org/privacywatch/report.asp?id=62&action=
0

To read the Congressmen's letter on TiVo privacy concerns, click
http://www.house.gov/commerce_democrats/press/107ltr30.htm

For more on TiVo financial difficulties, read Richard Shim, "TiVo
revamps business plan, sheds workers," CNet News, Apr. 5, 2001 at
http://news.cnet.com/news/0-1006-200-5520991.html

==================================================
[29] Digital hospital sparks privacy concerns
==================================================
Concerned about the privacy of your medical records? Would you feel
any better if they were all posted online?

HealthSouth is building a digital hospital that will have devices to
make it easier to store such details in computerized form, including
digitized X-ray machines, an internal wireless data transfer system
and portable computers for every employee. All of this information
will be added to fully automated electronic patient databases.
HealthSouth CEO Richard Scrushy boasted: "What we're doing now is
making a reality out of something that many people have talked about,
but no one has attempted."

However, experts from both the medical and computer programming
community have expressed reservations about whether sufficient steps
have been taken to protect the privacy of these records. Dr. Henry
Vitelle, a New York obstetrician, worries that "With all of the
stories we hear about how this website and that government computer
system was hacked into, how can I feel good about putting my patients'
medical records online? I don't feel comfortable about having records
somewhere that they could be tampered with by some joyriding hacker
with no sense of the havoc he could cause." These fears are in part
based on the protocol that will be used by HealthSouth for its
internal wireless system-a protocol that has been described by at
least one group as having "major security flaws."

Similar concerns are being aired over a recent proposal Down Under.
The Australian Practice Incentives Program has been altered so that
the Federal government will pay medical practitioners to send patient
data through email. The plan is designed to entice medical
professionals to make greater use of computing technology. However,
the new standards apparently do not require doctors to protect this
data (such as by using encryption) against possible interception. Prue
Power from the Australian Medical Association argued that rather than
pushing this privacy issue aside, "the Federal Government ought to be
very concerned that one of its programs would be providing financial
incentives for GPs to send clinical information in an insecure
manner." 

For more about Australian online health privacy concerns, read Karen
Dearne, "Prescribing a privacy cure," Australian IT, May 1, 2001 at
http://australianit.news.com.au/common/storyPage/0,3811,1948560%5E501,
00.htm l

See also Karen Dearne, "Doctors paid for 'insecure' emails,"
Australian IT, Apr. 17, 2001 at
http://australianit.news.com.au/common/storyPage/0,3811,1900441%5E442,
00.htm l

For more on HealthSouth, read Michelle Delio, "How Secure Is Digital
Hospital?" Wired News, Mar. 28, 2001 at
http://www.wired.com/news/technology/0,1282,42656,00.html

==================================================
[30] Upcoming Japan privacy conferences
==================================================
Two meetings will be held in Tokyo this month to discuss emerging
trends in the field of data privacy.

The first meeting, entitled "The Dark Side of IT Society," will take
place on May 6 and will consist of two sessions. In the afternoon,
several experts will give presentations on the recently enacted
Japanese Wiretapping Law, Biometrics, IC cards and other High-tech
privacy issues. Takao Saito, the author of "Privacy Crisis" will give
the keynote speech on "Surveillance Society and Privacy in Japan." The
evening session will consist of panel discussions between the
presenters. The event is being organized by a coalition of civil
society groups, including Japanese Networkers against Surveillance
Taskforce (NaST-a GILC member), Privacy Action, the Japanese Consumer
Union, and JCA-Net, among others.

The second meeting, scheduled for the evening of May 21, will explore
numerous emerging privacy issues, particularly the ramifications of
various cybercrime proposals from around the world. This session will
feature several speakers, including Barry Steinhardt, Associate
Director of the American Civil Liberties Union (ACLU-a GILC member),
and Toshimaru Ogura from NaST. 

For further information on the May 6 meeting, click
http://www.han-kanshi.net/010506flyer.html

For an English-language translation, see
http://www.han-kanshi.net/010506flyer_eng.html

or send email to
Priv-ec@jca.apc.org

Inquiries regarding the May 21 seminar should be sent to 
Tomo@jca.apc.org

=========================================================
 ABOUT THE GILC NEWS ALERT:
==========================================================
The GILC News Alert is the newsletter of the Global Internet Liberty
Campaign, an international coalition of organizations working to
protect and enhance online civil liberties and human rights. 
Organizations are invited to join GILC by contacting us at
gilc@gilc.org.

To alert members about threats to cyber liberties, please contact
members from your country or send a message to the general GILC
address.

To submit information about upcoming events, new activist tools and
news stories, contact:

Christopher Chiu
GILC Coordinator
American Civil Liberties Union
125 Broad Street, 17th Floor
New York, New York 10004
USA

Or email:
cchiu@aclu.org

More information about GILC members and news is available at
http://www.gilc.org

You may re-print or redistribute the GILC NEWS ALERT freely.

To subscribe to the alert, please send e-mail to
gilc-announce@gilc.org

with the following message in the body:
subscribe gilc-announce

========================================================
PUBLICATION OF THIS NEWSLETTER IS MADE POSSIBLE BY A
GRANT FROM THE OPEN SOCIETY INSTITUTE (OSI)
========================================================

------- End of forwarded message -------