FITUG e.V. Förderverein Informationstechnik und Gesellschaft

GILC Alert

------- Forwarded message follows ------- From: Chris Chiu <CCHIU@aclu.org> To: gilc-announce@gilc.org Subject: GILC Alert Date sent: Thu, 12 Sep 2002 11:59:28 -0400

GILC Alert Volume 6, Issue 6 12 September 2002

Welcome to the Global Internet Liberty Campaign Newsletter.

Welcome to GILC Alert, the newsletter of the Global Internet Liberty Campaign. We are an international organization of groups working for cyber-liberties, who are determined to preserve civil liberties and human rights on the Internet. We hope you find this newsletter interesting, and we very much hope that you will avail yourselves of the action items in future issues. If you are a part of an organization that would be interested in joining GILC, please contact us at <gilc@gilc.org>. If you are aware of threats to cyber-liberties that we may not know about, please contact the GILC members in your country, or contact GILC as a whole. Please feel free to redistribute this newsletter to appropriate forums.

=============================================== Free expression [1] China blocks Google, Altavista search engines [2] Greek court throws out game ban case [3] BT weblinks patent suit fizzles [4] Vietnam pushes harsh Internet restrictions [5] Chinese & Korean Net music sites face legal woes [6] Britain ponders tough new Net copyright rules [7] Protest site decries weblink bans [8] Egyptian Net poster faces jail time [9] Corporate parody website hit with trademark threats [10] Anti-DMCA lawsuit centers on Net blocking software [11] Internet becomes key free speech outlet in Iran

Privacy [12] Canadian plan to make Internet spy-friendly [13] Recording giants seek Net provider's help to spy on customer [14] War of words over Euro data retention plans [15] Microsoft settles Passport privacy case with U.S. gov't [16] New Bulgarian telecom law may have privacy implications [17] Surprise US spy court ruling criticizes gov't officials [18] Ukrainian Net provider license plan worries privacy advocates [19] DoubleClick settles U.S. multistate privacy probe [20] US university official job-shifted over web break-in [21] New reports document erosion of online privacy [22] US gov't refuses to issue new mobile phone privacy rules

[23] New GILC member: Reporters Sans Frontieres

================================================== [1] China blocks Google, Altavista search engines ================================================== Beijing has apparently launched a new wave of repression online, by banning web portals and jailing dissidents.

Chinese officials have blocked two popular Internet search engines, Google and Altavista. While the Chinese government had already denied access to many sites (such as the BBC) that contain political discussions or other material it deemed taboo, this is believed to be the first time Beijing has barred portals, which merely provide weblinks to such information. Chinese users who tried to access Google or Altavista were diverted to other sites. Robert Menard of Reporters Sans Frontieres (RSF-a GILC member) noted that Chinese authorities "were already in the habit of using surveillance, censorship or the outright elimination of overly critical web sites, but the blocking of a search engine sets a surprising and very worrying precedent." Similar concerns have been expressed by other groups, including Human Rights Watch (HRW-a GILC member), which wrote a letter urging both companies "to continue to resist the Chinese government's censorship pressure as a violation of internationally recognized rights of free expression." Some experts worry that Google or Altavista will follow in the footsteps of Internet giant Yahoo, which signed a self-censorship agreement that has been derided by free speech advocates. Meanwhile, at least one mirror website of Google, elgooG, has been created to help circumvent the new ban. In the latest development, Chinese officials have apparently removed blocks on Google, but the ban on Altavista remains in place.

Meanwhile, fears are growing over the fate of 2 Internet dissidents. Chinese authorities have confirmed that they have detained Wan Yanhai, who ran the Chinese AIDS Action Project website and had written numerous online articles about China's HIV victims. One of his articles documented a scandal involving government-supported health clinics in the northern province of Henan, where many peasants became infected with the virus after selling their blood. These and other newsitems drew the ire of the Chinese government censors, who have discouraged reports on HIV-related subjects in the past. In addition, the Chinese government sentenced Li Dawei to 11-years in prison for downloading "counterrevolutionary" essays from the Web, storing them on his computer and printing them into books. He also used e-mail and other methods to communicate with associates abroad.

These events come as a new report suggests that mainland Chinese officials so far "have been relatively successful" in their efforts to suppress Internet speech. The study (entitled "You've Got Dissent!") analyzes "the political use of the Internet by Chinese dissidents ... and the counterstrategies that Beijing has employed to prevent or minimize its impact." The report goes on to state that "[n]o credible challenges to the regime exist at present, despite the introduction of a massive modern telecommunications infrastructure."

For the latest details on the Google and Altavista bans, visit the Digital Freedom Network (DFN-a GILC member) website under http://dfn.org/news/china/google2.htm

To read the HRW letter concerning the Google and Altavista bans, click http://www.hrw.org/press/2002/09/china0907.htm

For RSF comments on the Chinese Google ban, click http://www.rsf.fr/article.php3?id_article=3621

Read Peter S. Goodman and Mike Musgrove, "China Blocks Web Search Engines," Washington Post, 12 September 2002, page E1 at http://www.washingtonpost.com/wp-dyn/articles/A5510-2002Sep11.html

See "Altavista tries to beat Chinese ban," BBC News Online, 12 September 2002 at http://news.bbc.co.uk/1/hi/technology/2251533.stm

Read Stefanie Olsen, "China blocks search engine AltaVista," 9 September 2002 at http://news.com.com/2100-1023-957154.html

See also "China criticised for ban on Google," BBC News Online, 5 September 2002 at http://news.bbc.co.uk/1/hi/technology/2238236.stm

Read Will Knight, "Google mirror beats Great Firewall of China," NewScientist.com, 6 September 2002 at http://www.newscientist.com/news/news.jsp?id=ns99992768

For more on the Yahoo self-censorship controversy, read Jim Hu, "Yahoo yields to Chinese web laws," CNet News, 13 August 2002 at http://news.com.com/2102-1023-949643.html

For information in German (Deutsch), see "Yahoo! Wird Aussenstelle der China- Stasi," Spiegel Online, 11 August 2002 at http://www.spiegel.de/netzwelt/politik/0,1518,209065,00.html

For RSF's criticism of the Yahoo self-censorship agreement, click http://www.rsf.fr/article.php3?id_article=2959

The Chinese AIDS Action Project website is located at http://www.aizhi.org/

For further information about the Wan Yanhai case, visit the Committee to Project Journalists (CPJ-a GILC member) website under http://www.cpj.org/news/2002/China05sept02na.html

For more on the Li Dawei case, visit the DFN website under http://dfn.org/news/china/lidawei.htm

The report "You've Got Dissent!" is available (in PDF format) via http://www.rand.org/publications/MR/MR1543/

Read "China Dissidents Thwarted on Net," Associated Press, 27 August 2002 at http://www.wired.com/news/politics/0,1283,54789,00.html

================================================= [2] Greek court throws out game ban case ================================================= A Greek court has dismissed a case against two men charged with violating a new law that bans the public playing of electronic games.

They were charged under a measure that was passed nearly two months ago. While it was supposedly adopted as an anti-gambling move, the law does not make any distinction between gambling and computer games. Indeed, the Greek Government has applied the ban to gaming on computers and consoles (including Playstation and Xbox) in cybercafes and other public places. The two individuals in question had been arrested for allegedly permitting people play the computer game Counter-Strike. If convicted, they could have spent several months in prison and been forced to pay nearly 5000 EUR in fines.

The ban has enraged many cyberlibertarians, who fear that the law will be used as a pretext for government oppression. The Greek Internet Cafe Union noted in a statement that, in theory, "the police can arrest you if you are using your PC for playing games or if your employer catches you playing chess or backgammon on Yahoo." Comparisons have also been drawn to 1970s police actions against people who played cards at home. An online petition against the legislation has garnered over 25 000 signatures to date. In addition, several hundred protestors appeared outside the courtroom in Thessaloniki on the day of the ruling and chanted "No to censorship on the Internet."

For more information about the petition against the Greek computer gaming ban, click http://www.petitiononline.com/mod_perl/signed.cgi?comp5932

Read Matt Loney, "Greek gaming law defeated in court," CNet News, 11 September 2002 at http://news.com.com/2100-1040-957519.html

See "Court allows Greek gamers to play on," BBC News, 10 September 2002 at http://news.bbc.co.uk/1/hi/technology/2249656.stm

For press coverage in German (Deutsch), read "Gericht: Spieleverbot verstosst gegen die Verfassung Griechenlands," Heise Online, 11 September 2002 at http://www.heise.de/newsticker/data/daa-11.09.02-000/

See also "Greeks fight computer game ban," BBC News Online, 5 September 2002 at http://news.bbc.co.uk/1/hi/technology/2238242.stm

=============================================== [3] BT weblinks patent suit fizzles =============================================== A United States court has thrown out British Telecom's claims that it owns all weblinks.

The company had alleged in a lawsuit that it possessed intellectual property rights over all links, based on a patent it filed in the 1970s. The communications giant had demanded licensing fees from American Internet service provider Prodigy, and had hoped to launch more lawsuits in the hopes of collecting additional royalties. However, presiding judge Colleen McMahon rejected BT's arguments and cited several portions of the patent that did not gel with the realities of the Information Superhighway. For example, the patent described a central computer, in stark contrast to the decentralized nature of the Internet. Similarly, "Web pages stored on Prodigy's Web servers do not contain 'blocks of information' or 'complete addresses' as claimed in the Sargent patent."

BT's attempts to collect weblink-based royalties had run into numerous problems from the outset. Skepticism about the company's chances for success were further fueled by a video filmed in 1968 (several years before BT said it developed the technology) showing Stanford researchers demonstrating weblinks. There is no word yet on whether firm will appeal the ruling.

See Matt Loney, "Hyperlink patent case fails to click," CNet News, 23 August 2002 at http://news.com.com/2100-1033-955001.html

Read "BT loses weblinks battle," BBC News Online, 23 August 2002 at http://news.bbc.co.uk/1/hi/technology/2212203.stm

For further information in German (Deutsch), read "US-Gericht sieht in Nutzung von Hyperlinks keine Patentrechtsverletzung," Heise Online, 23 August 2002 at http://www.heise.de/newsticker/data/hod-23.08.02-000/

=============================================== [4] Vietnam pushes harsh Internet restrictions =============================================== Vietnamese officials have unveiled a multi-faceted plan that may significantly restrict online free speech.

The Vietnamese ministry of culture and information is considering a proposal that could force cybercafes to meet more stringent licensing requirements. Heavy penalties apparently would be imposed on the proprietors of such establishments if their customers visited various taboo Internet sites, including webpages with anti-government material. The scheme also calls for the ministry of public security to draw up a list of websites to be blocked by state-owned Vietnam Data Communications, the country's sole Internet gateway.

The plan is just the latest in a series of moves by Vietnamese authorities to stifle criticism along the Information Superhighway. During the past year, the Vietnamese government has thrown several online dissidents behind bars, including Le Chi Quang, Son Hong Pham and Tran Khue. Officials in the Southeast Asian country recently confirmed that Le, who wrote an essay that described the political environment in which several Chinese-Vietnamese treaties were signed, will soon be tried on charges that he violated national security.

See "Vietnam to crack down on net access," Guardian Unlimited, 16 August 2002 at http://www.guardian.co.uk/internetnews/story/0,7369,775745,00.html

For further background information, visit the Reporters Sans Frontieres (RSF-a GILC member) website under http://www.rsf.fr/article.php3?id_article=1288

===================================================== [5] Chinese & Korean Net music sites face legal woes ===================================================== Lawsuits concerning two Asian music-sharing websites have raised public concern over how copyright laws restrict Internet free speech.

In one case, the Recording Industry Association of America, which lists AOL Time Warner, RCA, Vivendi Universal and Sony Music among its members, charged that Listen4ever.com, which was hosted in mainland China, was violating copyright laws. However, rather than go after the webpage's operator, it launched legal actions against a number of United States Internet service providers (ISPs), including AT&T Broadband, Cable & Wireless and Sprint, hoping to force the ISPs to block Listen4ever. The lawsuit was later withdrawn after the website closed down. Many cyberlibertarians feared that the dispute might have a strongly negative impact on freedom of expression along the Information Superhighway. In a statement, the Electronic Frontier Foundation (EFF-a GILC member) warned that the RIAA's legal action "sought to establish a precedent that anyone alleging piracy could shut down access to parts of the Internet, resulting in inappropriate shutdowns, undue administrative burden for ISPs, and imperiling the basic principle of unfettered exchange of information on the Internet."

Meanwhile, a controversial Korean service used for trading music files is operational once more, albeit in an altered form. Soribada (which means "sea of sound") was created by two Korean brothers and allowed users to trade MP3 music files with each other via a central website. Soribada has since altered its approach, releasing new peer-to-peer software that allows users to swap music online without having to go through a central server. The move came after a copyright lawsuit by the Recording Industry Association of Korea; a court subsequently fined the brothers and essentially ordered them not to use their servers for file-trading purposes. The ruling was greeted with dismay by cyberliberties groups, including Jinbonet, which argued that such trading should be legal in light of its non-profit and private nature. It is unclear whether Soribada's new direct peer-to-peer trading system is a violation of Korean copyright laws.

An EFF statement on the Listen4ever legal dispute is posted under http://www.eff.org/Infra/20020821_eff_riaa_pr.html

Read Lisa M. Bowman, "ISPs off the hook in swapping suit," CNet News, 21 August 2002 at http://news.com.com/2100-1023-954782.html

Read Kim Deok-hyun, "Soribada Reopens Music Sharing Service," Korea Times, 25 August 2002 at http://www.hankooki.com/kt_tech/200208/t2002082517182345110.htm

For background information, see Kim Deok-hyun, "Online Music Fans Challenge Ruling," Korea Times, 15 July 2002 at http://www.hankooki.com/kt_tech/200207/t2002071519543645110.htm

================================================== [6] Britain ponders tough new Net copyright rules ================================================== Concerns are growing over whether British plans to implement a controversial European Community copyright directive will hurt freedom of expression online.

The British government has issued a public consultation paper that proposes amending national laws to conform with an EC directive on the "Harmonization of Certain Aspects of Copyright and Related Rights in the Information Society." The changes would limit copying and redistribution of many types of digital information, although there is an exclusion for computer software and databases (which are already specifically covered by current legal standards). Another amendment, which has drawn comparisons with the United States Digital Millennium Copyright Act, would bar possession or use of devices that could circumvent copyright protection. Other amendments would permit marking of digital works, allowing copyright holders to track such material along telecommunications networks. The scheme would also turn some copyright violations into criminal (rather than civil) offences.

In an analysis commissioned by GreenNet, a node of the Association for Progressive Communications (APC-a GILC member), cyberlaw expert Paul Mobbs suggests that the proposal may seriously interfere "with the traditional 'fair dealing' provisions that restrict copyright over certain types or quantities of information. It also potentially affects academic and journalistic freedoms to quote and critically review information, and would apply to any artistic or literary works that are produced in a digital format." In addition, the proposal's "wide definition of 'circumventing copyright protection'" could apply to more than just "anti-copying measures" and could lead to the prosecution of researchers or people who merely possess "tools that have a 'dual use' potential to circumvent copyright." Mobbs also points out that the amendments may have strong anti-privacy implications because they allow copyright owners "further rights ... to track the use of their intellectual property via electronic networks. ... [U]nder the terms of the Data Protection Act 1998, this data could be traded with other organisations if there was some sort of assent to the transfer as part of the acceptance of the license. It would therefore be available for use as part of data profiling."

The British government consultation paper is available under http://www.patent.gov.uk/about/consultations/eccopyright/index.htm

Comments on the consultation paper should be sent before 31 October 2002 to copyright@patent.gov.uk

Paul Mobbs' analysis is posted at http://www.fraw.org.uk/docs/consultation_review.html

=============================================== [7] Protest site decries deep weblink bans =============================================== A new Internet site has been created to protest restrictions on the creation on a certain type of weblinks.

Dontlink.com is the brainchild of David Sorkin, an associate professor at Chicago's John Marshall Law School. It documents numerous organizations that have attempted to ban Internet links to underlying webpages (instead forcing users to go through the front page of a given site). Dontlink.com includes many so-called deep links to the websites of these organizations, notably the International Trademark Association, Disney, United States National Public Radio, Matsushita and Motorola. Sorkin says he created the site "in part as a reaction to Newsbooster and similar cases. But I've really focused more on sites that don't seem to have any plausible reason for wanting to restrict links in other words, that are doing so out of mere ignorance."

Sorkin was referring to a Danish court ruling that barred Newsbooster from providing deep links to individual Danish newspaper articles. In a separate legal battle, German court likewise has ruled that Newsclub, a German news search service, had violated the EU Database Directive by including deep weblinks to a German newspaper site.

Read "Web site flouts linking bans," CNet News, 21 August 2002 at http://news.com.com/2100-1023-954612.html

See Michelle Delio, "Deep Linking Takes Another Blow," Wired News, 25 July 2002 at http://www.wired.com/news/print/0,1294,54083,00.html

=============================================== [8] Egyptian Net poster faces jail time =============================================== The fate of an Internet activist who republished a politically charged poem on the World Wide Web remains in doubt.

Shohdy Naguib Surur was webmaster and writer for an Egyptian English-language newspaper, Al-Ahram Weekly. His father had written a sexually-tinged poem (entitled "Ummiyyat") that heavily criticized the Egyptian government in the wake of the 1967 Six-Day War with Israel. Shohdy later posted Ummiyyat on a website (www.wadada.net) hosted in the United States. He was then arrested and convicted of having "immoral booklets and prints;" barring a successful appeal, he could spend a year in jail.

The case has drawn the attention of free speech advocates worldwide, including Russia, where Shohdy was born and lived for many years. One Russian cyberlibertarian, Nastik Gryzunova, noted that the case "brings up the issue of the international laws and the Internet, because the server where the poem is published is the hosted in the U.S. These problems are topical not just for Russia or Egypt, and we hope the international Internet community will support Shohdy Naguib."

The text of the poem is available via http://www.wadada.net/surur/ummiyyat/index.html

See Hani Shukrallah, "Phantoms of liberty," Al-Ahram Weekly, 4 September 2002 issue at http://web1.ahram.org.eg/weekly/2002/601/op9.htm

Read Sergei Kuznetzov, "Father's Poem, Son's Conviction," Wired News, 5 August 2002 at http://www.wired.com/news/print/0,1294,54027,00.html

Further information is available from the Independent Media Center under http://www.indymedia.org/front.php3?article_id=201371&group=webcast

======================================================== [9] Corporate parody website hit with trademark threats ======================================================== A popular webpage that lampooned the failures of several major corporations was temporarily closed down after being hit with legal threats.

Fuckedcompany.com contains numerous articles about mass layoffs, dot-com disasters and other news about firms that are in serious trouble. The site included a special section about firings at Ford Motor Company that was entitled "Ford, where finding a job is job 1," an apparent parody of the company's advertising slogan, "Ford, where quality is job 1." The firm sent a cease-and-desist letter to Phil Kaplan, the site's creator, claiming that he had engaged in trademark infringement. Kaplan, the site's creator, removed the phrase from its website, but posted the letter with weblinks and added commentary. The automobile giant then threatened to sue Kaplan's Internet service provider, Hostcentric, which shuttered the webpage. The site has since gone back online, but only after various changes were made to appease Ford.

The case has further fueled concern over the apparent misuse of intellectual property laws to silence criticism along the Information Superhighway. Kaplan himself has noted that in many such instances, even if the claims are frivolous, corporations can often win because they possess greater resources than their critics: "The whole (problem) is that if you do a search on Ford and copyright lawsuit, you'll find a million examples of Ford doing this. If you're a company that size you can do anything you want in the world."

See Paul Festa, "Dot-com dead pool brakes for Ford," CNet News, 26 August 2002 at http://news.com.com/2100-1023-955447.html

============================================================ [10] New anti-DMCA lawsuit centers on Net blocking software ============================================================ A much-debated United States copyright statute and a widely-used computer program that blocks controversial Internet material are the targets of a new lawsuit.

The case focuses on a blocking package manufactured by N2H2 that is used by thousands of public schools and governmental agencies in the U.S. More recently, N2H2 launched a bid to provide Saudi Arabia with its services to help censor out information on such topics as religion and public health. Harvard University student Ben Edelman, who was investigating the extent to which N2H2's program prevents access to sites on the Information Superhighway, feared that his activities might run afoul of the U.S. Digital Millennium Copyright Act (DMCA), as well as N2H2's license, which warns users not to "copy or make any changes or modifications to the software" or to "decrypt, decode, translate, decompile, disassemble or otherwise reverse engineer the software." These fears came in light of several incidents where various industry-related groups, such as technology giant Hewlett-Packard, had threatened computer researchers with DMCA-related legal action.

He has since filed papers asking a U.S. Federal court to declare that he has a right to examine N2H2's blocking program and "to share his research tools and results with others." Edelman, who is being represented by the American Civil Liberties Union (ACLU-a GILC member), believed that "the public has a right to know what is being blocked, and I believe I have a right to uncover this information without being subject to a corporate lawsuit." When asked for comment, a spokesperson for N2H2 said that a lawsuit against Edelman was "not something we would rule out."

An ACLU press release on the Edelman N2H2 lawsuit is available at http://www.aclu.org/news/2002/n072502a.html

For more about Harvard University research on blocking programs worldwide, click http://cyber.law.harvard.edu/filtering/

Read Declan McCullagh, "On trial: Digital copyright law," CNet News, 25 July 2002 at http://news.com.com/2102-1023-946266.html

For more on Hewlett Packard's recent DMCA threats, read Declan McCullagh, "HP backs down on copyright warning," CNet News, 1 August 2002 at http://news.com.com/2102-1023-947745.html

===================================================== [11] Internet becomes key free speech outlet in Iran ===================================================== Opposition leaders in Iranian have turned to the Internet in the hopes of getting their message across without government interference.

For years, the country's rulers have practiced censorship for years to help maintain their grip on power, banning many newspapers and jailing dozens of reporters. These efforts have intensified since 1997, especially after Iranian Supreme Leader Ayatollah Ali Khamenei called pro-reform journals "bases of the enemy." However, a number of publications that have been banned in paper form, such as Bonyan and Norouz, have now been made available through the World Wide Web. Iranian lawyer, Ahmad Akhlaghi, explained: "Having a news-based Web site is much easier than opening a newspaper, the Internet is vaguely mentioned in the press law, but opening a site does not require official permission." A journalist further added: "Hard-liners normally closed the reformist sites on their 100th publication to put more economic pressure on the publisher. But the sites don't have such problems and most of the jobless journalists now work for them."

Unfortunately, there are signs from state-run media that censorship of the Information Superhighway may not be long in coming. One of these publications called for harsh restrictions on Internet reporting, complaining that independent news sites "spread lies and it seems there is no control over them."

See "Iran reformers use Net to fight press ban," Reuters, 5 August 2002 at http://news.com.com/2102-1023-948403.html

================================================= [12] Canadian plan to make Internet spy-friendly ================================================= The Canadian government is considering a proposal that critics say will seriously erode privacy online.

The proposal was contained in a Consultation paper that was publicly released in late August 2002. The paper outlines the form of future laws, such as a general requirement for telecommunications companies, including Internet service providers, to make their systems "intercept-capable," as well as procedures making it easier for customer data to be kept and then accessed by law enforcement officials. The paper also calls for "the establishment of a national database" with information about every Internet and telecommunications user in Canada. In addition, the document would expand the government's ability to intercept Internet traffic information (which would ostensibly include such details as webpage addresses, email headers and even the geographic locations of mobile phone users) under relatively weak evidentiary standards previously used for phone numbers. These ideas are expected to form the core for new legislation to be considered by the Canadian Parliament within the coming months.

Not surprisingly, the draft has caused a wave of protests from the Internet community, especially from privacy advocates. For example, Gus Hosein from Privacy International (a GILC member) attacked the database provisions as "a dumb idea. Immediately you have to wonder if you're allowed to use anonymous mobile phones or whether you're allowed to connect to the Internet anonymously." Michael Geist, a law professor at the University of Ottawa, noted that "there's nothing in the document that indicates (new powers) are needed. I don't know that there have been a significant number of cases where police have run into problems."

The Access Consultation document is available (in PDF format) under http://www.canada.justice.gc.ca/en/cons/la_al/law_access.pdf

Comments on the Consultation paper can be emailed (no later than 15 November 2002) to la-al@justice.gc.ca

To read a University of Toronto dossier on this subject, click http://www.law.utoronto.ca/c-36/program.htm

Read Declan McCullagh, "Will Canada's ISPs become spies?" CNet News, 27 August 2002 at http://news.com.com/2100-1023-955595.html

================================================================== [13] Recording giants seek Net provider's help to spy on customer ================================================================== Several major record labels are pressuring a major United States Internet service provider (ISP) to divulge personal information about one of its subscribers.

The Recording Industry Association of America (RIAA) has requested data concerning a customer of telecom giant Verizon. The RIAA alleges that the individual in question had engaged on copyright infringement through peer-to-peer music file trading over the Internet. The Association claims it has the power to gather such information under the U.S. Digital Millennium Copyright Act (DMCA) even though it has not actually filed a lawsuit yet. The cited DMCA provision essentially says that copyright owners can request a U.S. Federal court to subpoena "information sufficient to identify the alleged infringer" from a "service provider."

The RIAA's efforts have met with opposition from privacy advocates. A dozen organizations, including GILC members Computer Professionals for Social Responsibility, the Electronic Frontier Foundation and the Electronic Privacy Information Center, filed a friend-of-the-court brief charging that "the statute never intended to reach a situation in which the allegedly infringing material resides on the user's own computer rather than a computer owned or controlled by the ISP." The groups also warned the cited DMCA section fails to include Constitutionally "established safeguards for protecting the anonymity of Internet speakers who have not been shown to have engaged in any prohibited conduct." Additionally, the coalition suggested that, given the entertainment industry's growing use of spyware and automated sending of subpoena notices, a ruling in favor the RIAA might change the Internet "a forum for the free exchange of ideas and information into a virtual surveillance state."

The amicus brief is available via http://www.eff.org/Cases/RIAA_v_Verizon/20020830_eff_amicus.html

See John Borland, "ISPs gird for copyright fights," CNet News, 9 September 2002 at http://news.com.com/2100-1023-957023.html

Read Jonathan Krim, "A Story Of Piracy And Privacy," Washington Post, 5 September 2002, page E1 at http://www.washingtonpost.com/wp-dyn/articles/A38034-2002Sep4.html

Read Declan McCullagh, "Watchdogs rap RIAA's file-trade assault," CNet News, 30 August 2002 at http://news.com.com/2102-1023-956176.html

Press coverage in German (Deutsch) is available in "US-Musikindustrie will Provider zur Herausgabe von Kundendaten zwingen," Heise Online, 22 August 2002 at http://www.heise.de/newsticker/data/anw-22.08.02-002/

=============================================================== [14] War of words over Euro data retention plans =============================================================== Controversy has arisen over a European proposal for the retention of telecommunications traffic and location data.

Statewatch, a civil liberties news and research group, recently uncovered a proposal that would have required telecom companies to retain traffic data for at least 1 year (the maximum would be 2 years). Under this "draft framework decision," which was created by the Belgian presidency of the European Union in November 2001, law enforcement agents throughout the EU would then be allowed to access this information for investigations of a variety of crimes. The data that could be collected under this plan would include web surfing habits, email header information, callers' and recipients' names, and the geographic locations of individual mobile phones. While the proposal does mention that the "confidentiality and integrity" of such information must be protected, it does not provide specific standards or rules for doing so. Statewatch editor Tony Bunyan branded the proposal "a move from targeted to potentially universal surveillance. EU governments claimed that changes to the 1997 privacy directive would not be binding on member states-each national parliament would have to decide."

In a press release, the Danish presidency of the EU has denied Statewatch's accusations, claiming that they were based on "fundamental misunderstandings." The release went on to say that there "are no further proposals on the table regarding retention of traffic data, and the Danish Presidency is not engaged in drafting any such proposals." The statement did refer to a June 2002 proposal, which urges the establishment of "binding rules on the approximation of Member States' rules on the obligation of telecommunications service providers" to keep traffic and location information, but says that such rules must conform with various European privacy laws. In addition, the Danish presidency has issued a data retention-related questionnaire to all EU governments; the results of this survey are expected to be discussed at an EU expert group meeting on next week.

These developments come just a few months after the European Parliament approved a Directive (2002/58/EC) allowing national governments to introduce legislation that will (1) require telecom companies to retain customer traffic and location data and (2) give law enforcement agents access to this data. EU member states are supposed to comply with this Directive (which does not require uniform standards across national borders) by October 2003. Indeed, at a national level, data retention legislation has become the subject of heated debate in several EU countries, including Great Britain and Switzerland.

To read the Danish presidency's response to Statewatch's statements, as well as Statewatch's rebuttal of the Danish presidency release, see http://www.statewatch.org/news/2002/aug/05datafd2.htm

The draft framework decision is available at http://www.statewatch.org/news/2002/aug/05datafd.htm

The June 2002 proposal is posted (in PDF format) under http://www.statewatch.org/news/2002/aug/10358en2.pdf

The questionnaire is available (in PDF format) under http://www.statewatch.org/news/2002/aug/11490-r1.pdf

To read the text of the aforementioned Directive (in PDF format), click http://register.consilium.eu.int/pdf/en/02/st03/03636en2.pdf

For an extensive dossier on data retention issues, visit the Electronic Privacy Information Center (EPIC-a GILC member) website under http://www.epic.org/privacy/intl/data_retention.html

See "Privacy fears over EU snooping plans," BBC News Online, 20 August 2002 at http://news.bbc.co.uk/1/hi/technology/2204909.stm

Read Richard Norton-Taylor and Stuart Millar, "Privacy fear over plan to store email," The Guardian, 20 August 2002 at http://www.guardian.co.uk/netprivacy/article/0,2763,777574,00.html

For more on Swiss data retention proposals, see Jakob Greber, "Swiss surveillance catches up with email," Swissinfo, 21 July 2002 at http://www2.swissinfo.org/sen/Swissinfo.html?siteSect=111&sid=1192676

============================================================= [15] Microsoft settles Passport privacy case with U.S. gov't ============================================================= The world's leading provider of computer operating systems has settled a privacy complaint with United States government regulators.

In an agreement with the U.S. Federal Trade Commission (FTC), Microsoft has agreed to make several changes in the way it handles personal data. Among other things, the agreement prohibits Microsoft from misrepresenting its information practices (through its privacy statements, for example). The company is also required to "establish and maintain a comprehensive program ... that is reasonably designed to protect the security, confidentiality and integrity of personal information collected for and about consumers." Additionally, Microsoft will have to undergo independent third-party security audits within one year, and on a biannual basis thereafter.

The settlement came after several organizations, including GILC members the Electronic Privacy Information Center (EPIC), Computer Professionals for Social Responsibility, the Electronic Frontier Foundation and Net Action, had filed formal papers with the FTC regarding the potential detrimental impact that Microsoft Windows XP might have on user privacy, especially its .Net Passport user authentication service, which the company intended to be a central repository for such personal information as birth dates and credit card numbers. The FTC subsequently found that Microsoft had failed in many respects "to maintain a high level of online security by employing sufficient measures reasonable and appropriate under the circumstances to maintain and protect the privacy and confidentiality of personal information ... in connection with the Passport and Passport Wallet services." EPIC Executive Director Marc Rotenberg commented that the settlement was "a very big development," and noted that the "FTC has essentially agreed with us, the privacy organizations, as to our original petition." He also suggested that there should be ongoing evaluation of the company's privacy practices: "We're just, in fact, at the beginning of the FTC's oversight of Microsoft's online services."

The settlement agreement is posted (in PDF format) at http://www.ftc.gov/os/2002/08/microsoftagree.pdf

An FTC press release and the Commission's complaint are available via http://www.ftc.gov/opa/2002/08/microsoft.htm

For the latest details, see Joe Wilcox, "Microsoft beefs up Passport security," CNet News, 2 September 2002 at http://news.com.com/2100-1001-956246.html

Read Henry Norr, "Microsoft gets slapped on security," San Francisco Chronicle, 9 August 2002, page B1 at http://sfgate.com/cgi-bin/article.cgi?f=/c/a/2002/08/09/BU134000.DTL

See Ted Bridis, "Microsoft Reaches 'Passport' Settlement," Associated Press, 8 August 2002 at http://www.cbsnews.com/stories/2002/08/08/tech/printable518014.shtml

For more of Mr. Rotenberg's remarks, see Joe Wilcox, "Microsoft, FTC reach privacy settlement," CNet News, 8 August 2002 at http://news.com.com/2100-1001-948922.html

============================================================= [16] New Bulgarian telecom law may have privacy implications ============================================================= A recently released draft Bulgarian law may have a serious impact on cyberliberties, especially the right to privacy.

Bulgarian Ministry of Transport and Communications (MTC) has published a new draft Telecommunications Act. Among other things, the new scheme would implement licensing procedures for Internet service providers (ISPs). Several sections of the plan would permit the government easier access to users' personal information. For example, one section empowers the Ministry of the Interior to dictate data caching requirements, ostensibly for surveillance purposes. Another broadly worded section allows a state Committee for Regulation of Communications (CRC) to demand any information from ISPs that is "necessary for the performance of its regulatory functions," with little or no restrictions on how the CRC may use such information. In addition, CRC officers would be allowed to "search rooms in which are kept evidences of performed administrative violations."

Many observers fear this plan will open the floodgates to massive surveillance of the Internet-concerns that were confirmed by a highly critical analysis prepared by sources from the Bulgarian Internet Society and Veni Markovski, the local coordinator of the Global Internet Policy Initiative. These critics have noted the plan would constitute a reversal of a 1999 decision by the Bulgarian Supreme Court, which had previously barred a somewhat similar licensing scheme due to fears that it would violate the European Convention on Human Rights. Additional concerns have been raised over the secretive nature with which the proposal was drafted. Moreover, some experts have expressed doubts as to whether the proposed law is in accord with the Bulgarian Constitution.

The MTC website is located at http://www.mtc.government.bg

For further information in Bulgarian, click http://portal.bg/news.php?cat=main&read=20022108002 http://portal.bg/news.php?cat=main&read=20022108001 http://portal.bg/news.php?cat=main&read=20022108003

============================================================= [17] Surprise US spy court ruling criticizes gov't officials ============================================================= United States government officials have received a stunning rebuke over their surveillance efforts.

For the first time in its nearly 20 years of existence, the U.S. Foreign Intelligence Surveillance Court has released an opinion to the public. In its decision, the Court lashed out at the U.S. government for various "misstatements and omissions" contained in more than 75 search warrant and wiretap applications. The Court also held that Federal officials had engaged in improper intelligence "information sharing and unauthorized disseminations to criminal investigators and prosecutors," and the procedures for such information sharing were "not reasonably designed" to protect privacy rights.

The ruling came in regards to foreign intelligence gathering guidelines for Federal officials. The U.S. Justice Department had argued in favor of rules changes that would allow investigators to conduct surveillance operations and get search warrants under looser foreign intelligence standards, even if the primary purpose of the wiretapping or search is not to collect foreign intelligence. Under this theory, law enforcement agents could make use of such standards so long as foreign intelligence gathering was merely a "significant" purpose. The court disagreed and required Federal officials, among other things, to "ensure that law enforcement officials do not direct or control the use of the FISA procedures to enhance criminal prosecution."

U.S. officials have since appealed the ruling to a secret appeals court, which only heard arguments from the government's perspective. The move drew serious criticism from a number of experts. Ann Beeson of the American Civil Liberties Union (ACLU-a GILC member) warned: "Hearing a one-sided argument and doing so in secret goes against the traditions of fairness and open government that have been the hallmark of democracy." Previously, a coalition of groups, including GILC members the Electronic Privacy Information Center, the Center for Democracy and Technology and the ACLU, had sent a letter requesting the opportunity to file amicus curiae briefs with the court in this case.

To read the text of the opinion (in PDF format), click http://www.washingtonpost.com/wp-srv/onpolitics/transcripts/fisa_opini on.pdf

To read the aforementioned coalition letter (in PDF format), click http://www.aclu.org/court/FISA_appeal_ltr.pdf

An ACLU press release regarding the secret appeals court is posted at http://www.aclu.org/news/2002/n090902b.html

See "Federal Spy Court Blasts FBI, Justice," CBS News Online, 23 August 2002 at http://www.cbsnews.com/stories/2002/08/23/attack/printable519606.shtml

Read Dan Eggen and Susan Schmidt, "Secret Court Rebuffs Ashcroft," Washington Post, 23 August 2002, page A1 at http://www.washingtonpost.com/wp-dyn/articles/A51220-2002Aug22.html

For further information in German (Deutsch), read "Gericht verweigert Staatsanwalten Zugriff auf Geheimdienstaden," Spiegel Online, 23 August 2002 at http://www.spiegel.de/politik/ausland/0,1518,210689,00.html

=================================================================== [18] Ukrainian Net provider license plan worries privacy advocates =================================================================== An upcoming plan to require Ukrainian Internet providers to help provide information about their users has left many observers concerned about the future of online privacy.

Under a December 2001 Presidential Decree "On the Implementation of the Decision of the National Security and Defense Council," the Ukrainian Cabinet of Ministers must draft a proposal that will place new burdens on Internet service providers (ISPs). Among other things, ISPs will be required to collect and store traffic data about their customers for 6 months. Providers would also have to monitor domestic Internet content. These conditions would have to be met in order to obtain government licenses.

A number of civil society groups, such as Privacy Ukraine (a GILC member), fear that the draft statute will not include sufficient means to protect citizens from unnecessary government intrusions online. They point out that the proposal is just one in a series of political developments that may have a detrimental impact on individual privacy. For example, a Ukrainian Draft Statute on Telecommunications obliges ISPs to implement, at their own expense, technical means for the interception of electronic communications. At the same time, Ukrainian Parliament did not adopt a proposed Data Protection Statute or otherwise perform much oversight regarding law enforcement wiretapping practices.

For further information, email privacy@ukrnet.net

======================================================= [19] DoubleClick settles U.S. multistate privacy probe ======================================================= An Internet advertising giant is promising to let consumers know more about the information it compiles about them.

Several years ago, DoubleClick admitted to tracking viewers through the Internet by placing digital identification numbers in files known as "cookies" on a user's hard drive, which it matches with name and address information that has been collected by its partners. Despite initial claims to the contrary, DoubleClick expressed its intention to match this data with more extensive information contained in millions of files maintained by its merger partner Abacus Direct. DoubleClick later shelved its data-matching plan after a storm of public criticism.

These revelations led to a whole host of investigations by several governmental entities in the United States, including 10 U.S. state attorney generals. In a settlement of the state attorney general probes, DoubleClick has agreed, among other things, to create a "cookie viewer" to allow Internet users to see what categories DoubleClick has put them in ("classification of a User's browsing activities, for purposes of ... Ad serving, into types of inferred interests or behaviors). However, there is no specific deadline for such a viewer to implemented, and it is unclear whether the viewer will permit users to see their complete DoubleClick personal information files. The company will also pay a fine of US $450 000.

A New York State Attorney General press release on the settlement is posted (in PDF format) at http://www.oag.state.ny.us/press/2002/aug/aug26a_02_attach.pdf

See Joanna Glasner, "DoubleClick to Open Cookie Jar," Wired News, 27 August 2002 at http://www.wired.com/news/business/0,1367,54769,00.html

For further information in German (Deutsch), read "DoubleClick einigt sich mit US-Justiz (Update)," Heise Online, 27 August 2002 at http://www.heise.de/newsticker/data/tol-27.08.02-001/

See also Robert O'Harrow Jr., "Web Ad Firm to Limit Use of Profiles," Washington Post, 27 August 2002, page E1 at http://www.washingtonpost.com/wp-dyn/articles/A64716-2002Aug26.html

========================================================== [20] US university official job-shifted over web break-in ========================================================== The website of a prominent United States university has suffered a breach of security, apparently caused by employees at a rival institution.

Princeton University has admitted that staff from its admissions department used information collected from applicants, such as Social Security numbers, birth dates and last names, to break into the website of Yale University. Yale had created a special encrypted webpage for freshman hopefuls that included financial aid letters, student interests and other personal data. The Yale webpage specifically contained a warning that "no one but the applicant should make use of this online facility. ... Yale considers this information to be confidential and will investigate and act on any violation of its intended use." Nevertheless, Stephen LeManger, Princeton's director of admissions, and several other people in his division used collected from applicants, many of whom had also applied to Yale, to log into Yale's admission site. Princeton employees reportedly managed to access the admissions accounts of about a dozen students, including Lauren Bush, a niece of United States President George W. Bush.

These unauthorized accesses came to light after an off-hand comment by a Princeton official at a conference of various American universities. Yale responded by launching an investigation and notifying the U.S. Federal Bureau of Investigations (FBI). In light of these revelations and its own internal probe, Princeton has transferred LeMenager to another department, and its president has apologized over the incident. The results of the FBI investigation have yet to be released.

See "Princeton officials punished for breaching Yale's Web site," San Francisco Chronicle, 14 August 2002, page A2 at http://www.sfgate.com/cgi-bin/article.cgi?file=/c/a/2002/08/14/MN92526 .DTL

Read Pamela Ferdinand and Michael Barbaro, "Yale Tells FBI of Rival's Breach of Web Site," Washington Post, 26 July 2002, page A2 at http://www.washingtonpost.com/wp-dyn/articles/A2983-2002Jul25.html

See also "Top US colleges in hacking row," BBC News Online, 26 July 2002 at http://news.bbc.co.uk/1/hi/world/americas/2153287.stm

============================================================== [21] US gov't refuses to issue new mobile phone privacy rules ============================================================== For the time being, a United States government panel has refused to create new rules to protect the privacy of cellular phone customers.

Over the past few years, the United States government had pushed a plan known as "Enhanced 911." Under this scheme, mobile phone companies must install technology allowing government agents to locate cellular users within 100 meters. The tracking is done by triangulating the emissions given off by a particular phone between different signal towers. Service providers who fail to comply with these rules may face heavy fines.

Many groups fear that this new tracking scheme will seriously erode individual privacy, especially in light of various ambiguities in the relevant statutes. A number of these organizations, including GILC members the Electronic Privacy Information Center and the Center for Democracy & Technology, urged the U.S. Federal Communications Commission to issue rules to avoid confusion and to enhance cellphone user privacy. However, a majority of the FCC refused to do so. This decision drew a strong dissent from Commissioner Michael Copps. He charged that "fears of more invasive and dangerous misuses of location information" had the "potential to undermine consumer confidence in, and use of, location services, or to exposure consumers to both annoyances and dangers, if left unaddressed. ... Customers will shy away from services if they think that the privacy of something as sensitive as their location is up for grabs."

The FCC order is available (in PDF format) under http://www.epic.org/privacy/wireless/FCC_order.pdf

==================================================== [22] New reports document erosion of online privacy ==================================================== Several recent studies suggest that privacy rights along the Information Superhighway are being severely undermined worldwide.

One of these studies, commissioned by Reporters Sans Frontieres (RSF-a GILC member), charged that many nations have become "predators of digital freedoms." In particular, the report, entitled "The Internet on probation," notes how "Western democracies ... have adopted laws, measures and actions that are poised to put the Internet under the tutelage of security services," resulting in an erosion of "basic cyber-freedoms." Meanwhile, "countries usually criticised for not respecting human rights and freedom of expression-such as China, Vietnam, Saudi Arabia and Tunisia-have become schizophrenic about the Internet. They have encouraged its growth as a tool of state propaganda or economic interests, but at the same time moved to control it and clamp down on criticism, argument and hopes for democracy expressed online."

Another report, jointly written by GILC members the Electronic Privacy Information Center and Privacy International, similarly documents an apparent trend toward "increased communications surveillance and search and seizure powers; weakening of data protection regimes; increased data sharing; and increased profiling and identification. While none of the above trends are necessarily new; the novelty is the speed in which these policies gained acceptance, and in many cases, became law." The 392-page survey describes how "specific anti-terrorism measures have been introduced in Australia, Austria, Canada, Denmark, France, Germany, India, Singapore, Sweden, the United Kingdom and the United States."

The RSF report is posted (in PDF format) at http://www.rsf.org/IMG/pdf/doc-1259.pdf

The EPIC/PI privacy report is available under http://www.privacyinternational.org/survey/phr2002/

Read Ciar Byrne, "Anti-terrorism measures 'threaten web freedom,'" Guardian Unlimited, 6 September 2002 at http://media.guardian.co.uk/newmedia/story/0,7496,786913,00.html

See "Predators of Digital Freedoms," Associated Press, 5 September 2002 at http://www.cbsnews.com/stories/2002/09/05/tech/main520928.shtml

See also "Terror laws 'eat away at privacy,'" BBC News Online, 6 September 2002 at http://news.bbc.co.uk/2/hi/technology/2237050.stm

================================================= [23] New GILC member: Reporters Sans Frontieres ================================================= The Global Internet Liberty Campaign has welcomed a new member into the fold: Reporters Sans Frontieres. Founded in 1985, RSF has worked intensively over the past several years to defend press freedom throughout the world, including online journalism. They have launched several projects to document attacks on the press, including "Enemies of the Internet," which contains country-by-country descriptions of how governments in many parts of the world have tried to limit free speech along the Information Superhighway. In addition, RSF has fought against censorship of journalists through such methods as sending protest letters, systematically reproducing censored articles, and hosting banned newspapers.

Visit the RSF homepage at http://www.rsf.fr

========================================================= ABOUT THE GILC NEWS ALERT: ========================================================= The GILC News Alert is the newsletter of the Global Internet Liberty Campaign, an international coalition of organizations working to protect and enhance online civil liberties and human rights. Organizations are invited to join GILC by contacting us at gilc@gilc.org.

To alert members about threats to cyber liberties, please contact members from your country or send a message to the general GILC address.

To submit information about upcoming events, new activist tools and news stories, contact:

Christopher Chiu GILC Coordinator American Civil Liberties Union 125 Broad Street, 17th Floor New York, New York 10004 USA

Or email: cchiu@aclu.org

More information about GILC members and news is available at http://www.gilc.org

You may re-print or redistribute the GILC NEWS ALERT freely.

To subscribe to the alert, please send e-mail to gilc-announce@gilc.org

with the following message in the body: subscribe gilc-announce

======================================================== PUBLICATION OF THIS NEWSLETTER IS MADE POSSIBLE BY A GRANT FROM THE OPEN SOCIETY INSTITUTE (OSI) ======================================================== ------- End of forwarded message -------

Zurück