GILC Actions 



 Free Speech 





 GILC Alert 

 Mailing List
 GILC Events 




 Mail GILC 

Home Page

US Site
European Mirror


GILC Alert
Volume 5, Issue 2

March 29, 2001


Welcome to the Global Internet Liberty Campaign Newsletter


Welcome to GILC Alert, the newsletter of the Global Internet Liberty Campaign. We are an international organization of groups working for cyber-liberties, who are determined to preserve civil liberties and human rights on the Internet.

We hope you find this newsletter interesting, and we very much hope that you will avail yourselves of the action items in future issues.

If you are a part of an organization that would be interested in joining GILC, please contact us at

If you are aware of threats to cyber liberties that we may not know about, please contact the GILC members in your country, or contact GILC as a whole.

Please feel free to redistribute this newsletter to appropriate forums.

Free Expression

[1] British children face censors, spyware
[2] New Communist Chinese censorware and shutdowns
[3] Aussies face email bans & Net censor bills
[4] New Saudi Internet restrictions
[5] New US blocking law challenged
[6] Who will control .com, .net and .org?
[7] German Nazi website case muddled
[8] New copy protection schemes may curb fair use
[9] US Gov't seeks Supreme Court Net speech ruling
[10] 2nd round for DVD weblinks case
[11] Japanese plan: ISPs to become censors
[12] New anonymous net posting battles
[13] Cuba's continuing Internet woes
[14] UK plans may criminalize online protests

Privacy and Encryption

[15] Music companies & gov't spies: perfect together?
[16] DoubleClick launches new tracking program
[17] ECHELON spyware plug-ins: Oasis & FLUENT
[18] Euro privacy panel attacks cybercrime plan
[19] UK email surveillance regulations stall
[20] Hotmail/Microsoft selling user info
[21] user political data auction
[22] New online breaches affect even celebrities
[23] New Privacy Coalition formed
[24] Privacy software in the works
[25] CFP 2001 Conference held

[26] New GILC members: APC and CCC

[1] British children face censors, spyware

It's a "good practice" to censor the Internet and spy on children.

That's what detractors are saying about new plans being pushed by the British Department of Education and Employment (DfEE) that are supposed to protect children from harmful content. Among other things, these guidelines stipulate: "All schools have a responsibility to filter both access at school and any access pupils are given as part of home-school links," despite the admitted fact that "no filtering software is foolproof." These proposals also support "keyboard monitoring products" to track exactly what children type into computers. This scheme does advise schools to keep individual student email addresses private; however, it also envisions "treating all incoming and outgoing email as public" and thus allowing the government conduct heavy surveillance of otherwise private email messages.

One example provided in these materials of "good practice" is Denbigh School, which proudly censors soccer sites and other Internet materials that have nothing to do with sex or violence. Students are completely banned from certain types of Internet transmissions, including all newsgroups, regardless of content. Interestingly, the official account also admits that "biology students suffered" when certain sites were blocked. The school has now implemented a point-based system to spy on students and measure their viewing of webpages that are deemed controversial. Students who try to visit the websites they want in spite of this system (such as the homepage of soccer powerhouse Manchester United) will lose points; once budding cybercitizens reach zero, they are automatically logged out, and teachers are notified of their activities.

These developments come after even harsher measures were taken by authorities in Glasgow, Scotland. A local council ordered 33 libraries to stop providing Internet access, after discovering that children were able to access to nude images online using library computers. Oddly enough, in spite of the council's purported concerns for young people, the decision apparently cut off Internet access for adults as well as children. Glasgow libraries were forced to stay away from the online world pending the installation of new blocking software on all library computers, which was scheduled to take several weeks. Ironically, the council had considering installing such programs in the past, but had shelved these plans because it prevented access to many types of non-controversial Internet content, such as newspaper websites.

To read more about Denbigh school's censoring of soccer sites, click

The full DfEE guidelines are available under

Read Wendy McAuliffe, "Glasgow libraries ban Internet access," ZDNet UK, Mar. 5, 2001 at

[2] New Communist Chinese censorware & shutdowns

After a recent network outage, Chinese citizens are facing additional hurdles to expressing themselves through the Internet.

Mainland Chinese agents have developed new powerful blocking software to stop online dissent. Internet Police 110 comes in three different versions (home, cafes and schools), but all versions are target "unhealthy information" regarding "cults, sex and violence"-an apparent reference to dissident groups such as the Falun Gong. The program blocks both domestic and foreign websites, as well as various forms of Internet messaging, in addition to monitoring user activity. One Communist official expressed the fervent belief that the software would "help purify China's Internet service."

At the same time, Chinese commissars have also stepped up attempts to close down unrestricted Internet establishments. Government agents have run several sweeps against Beijing cybercafes and closed down several of them, on the grounds that they did not possess proper licenses. Communist Chinese laws require all cybercafes to apply for certificates from the state public security bureau and install blocking software packages. Various dissidents have been jailed, including Jiang Shihua, who received a two-year prison sentence for pro-democracy statements that he posted in an Internet chatroom several months ago.

These efforts at censorship have intensified after a recent explosion at a school in the southern town of Fanglin. Many local residents (including parents of several of the victims) allege that the school was forcing children to assemble dangerous fireworks. In response, government officials have been trying to suppress the story both online and otherwise. As part of this endeavor, Communist agents have removed several hundred critical chatroom messages on the subject, according to various reports. However, these widescale protests apparently did help force Chinese Prime Minister Zhu Rongji to issue a public apology for the incident.

For further details and audio press coverage of attempts to suppress online criticism after the Fanglin school explosion, see "Beijing accused of school blast cover-up," BBC News, Mar. 9, 2001 at

See also Joanne Lee-Young & Sharon Walsh, "Beijing Backs Down on School Explosion Story," The Industry Standard, Mar. 16, 2001 at,1151,22915,00.html

To read about the case of Jiang Shihua, see "China jails teacher over Web remark," Associated Press, Mar. 12, 2001 at

For additional information on new Chinese censorware products, see "Chinese police develop software to 'purify' the Net," Reuters, Feb. 27, 2001 at,4586,2690371,00.html

For more on Chinese prosecution of cybercafes, read "Beijing police pull plug on illegal Internet cafes," China Online, Feb. 23, 2001 at

See also "Undersea cable repair restores China's Internet connection," China Online, Feb. 20, 2001 at y/C01021609.asp

[3] Aussies face email bans & Net censor bills

It may be getting more difficult for Internet users Down Under to speak out online.

For one thing, newly enacted Australian copyright laws may prohibit the forwarding of certain email messages. In a press release, Australia's Attorney General, Daryl Williams, said that forwarding "a personal e-mail is unlikely to breach copyright laws," but then cryptically suggested that liability could result if a court determined that "the contents of the e-mail were an 'original literary work.'" Other legal experts have suggested that this ban may apply to many other types of Internet content, including mere caches. Maurice Gonsalves from the law firm of Mallesons Stephen Jaques noted that "the legislation is ambiguous" and "isn't specific enough to know what type of caching is and what type isn't permitted."

These legal clouds have left many educators and free speech advocates feeling uneasy. Nick Smith, who advises Australian libraries on copyright issues, warned that the new law would hurt educational institutions as they "try to provide the services they want to provide in the digital environment." In particular, Smith was concerned that copyright restrictions would create "a real impediment in the way of digitizing national collections."

Meanwhile, controversy continues to swell over a new South Australian bill that would further criminalize online speech. The proposal would make it a crime to post "matter unsuitable for minors" on the Internet, even if the material is screened or protected by passwords. The legislation would use criteria previously applied to films and videos, which are more restrictive than those applicable to books, pamphlets and other printed materials. Furthermore, under the proposal, it would be illegal to make sexually explicit material available via the Internet, regardless of the fact that it is legal to distribute such materials to adults by regular mail throughout Australia.

Numerous groups have savaged the bill. Electronic Frontiers Australia (EFA-a GILC member) highlighted how the legislation might make "it a criminal offence to make information available to adults about 'adult themes' including 'suicide, crime, corruption, marital problems, emotional trauma, drug and alcohol dependency, death and serious illness, racism, religious issues', except in a 'discreet' manner, that is, 'with little or no detail and generally brief.'" EFA Executive Director Irene Graham fears that "this Bill has the potential to be used to victimise people. It sets up the situation where only one person needs to complain about a site and it could be determined to be illegal. The law could be used to target people who upset the government, for example." In addition, industry executives are worried that the proposal, if enacted, would reduce job opportunities in the region and lead many information technology workers to move offshore.

Mr. Williams' press release is posted under

See Thomas C. Greene, "Aussie AG denies e-mail penalty, sort of," The Register (UK), Mar. 5, 2001 at

Read "Email forwarding law exempts personal messages, attorney general says," Sydney Morning Herald, Mar. 5, 2001 at

See also Rachel Lebihan, "Digital Copyright Act 'ambiguous,'" ZDNet Australia, Mar. 7, 2001 at,2000013063,20207522,00.htm

To read EFA's alert on South Australia's new Internet content bill, click

See Karen Dearne, "Censor Bill gets R rating," Australian IT, Feb. 27, 2001 at,3811,1751598%255E501,00.html

To learn more about industry fears regarding the South Australian bill, see Karen Dearne, "Censor Bill 'threatens' IT jobs growth," Australian IT, Mar. 6, 2001 at,3811,1773311%255E442,00.html

[4] New Saudi Internet restrictions

The government of Saudi Arabia has unveiled new measures to clamp down on certain types of Internet speech.

These standards were set forth in a recent Council of Ministers resolution. Under this regime, "All Internet users in the Kingdom of Saudi Arabia shall refrain from publishing or accessing data" that contains a variety of taboo subjects. The list includes statements that somehow infringe "the sanctity of Islam," "reports" that are deemed "damaging to the Saudi Arabian armed forces or to the dignity of heads of states," and transmissions that propagate "subversive ideas." These regulations also include stringent licensing and personal identification regimes. They restrict all Internet traffic to a single choke point--an "internet service unit at King Abdulaziz city for sciences and technology" in the capital, Riyadh, where "subversive ideas" and other such data can be blocked with ease.

To read the full text of the new rules, visit

See Brian Whitaker, "Losing the Saudi cyberwar," The Guardian, Feb. 26, 2001 at,7792,443261, 00.html

[5] New US blocking law challenged

Numerous groups are suing against a new United States law that mandates blocking software.

The so-called "Children's Internet Protection Act" was included as part of a Labor-Health and Human Resources appropriations bill, and combines several different filtering schemes. Among other things, the law essentially requires high schools and libraries to include blocking software on all of their computers. Institutions that refuse to do so (or implement policies to that effect) would lose federal funding. CIPA was approved despite vociferous objections from a broad coalition of groups, including GILC members the American Civil Liberties Union (ACLU), the Electronic Frontier Foundation (EFF) and the Center for Democracy and Technology (CDT).

After Congress enacted CIPA, the ACLU and the American Library Association (ALA) each filed lawsuits to strike down the law. ACLU staff attorney Ann Beeson noted that with the new Act, "The government is choking off the free flow of information on the Internet to the library patrons who need it the most," particularly minority and underprivileged children who cannot afford to have home Internet access and must depend on libraries to go online. Similar sentiments were voiced by ALA President Nancy Kranich: "Forcing libraries to choose between funding and censorship means millions of library users will lose - particularly those in the most poverty-stricken and geographically isolated areas of the country."

The ACLU's complaint is posted under

An ACLU press release on the CIPA lawsuit is available under

The ALA complaint is available via

An ALA press release on its CIPA lawsuit is posted at

Read Robert O'Harrow, "Curbs on Web Access Face Attack," Washington Post, Mar. 20, 2001, page A4 at

See also "Internet Filter Law Facing Court Challenge," (US), Mar. 20, 2001 at

[6] Who will control .com, .net and .org?

Serious questions have arisen over the future of several well-known Internet suffixes.

During a public forum in Melbourne, Australia, the Internet Corporation for Assigned Names and Numbers (ICANN) drew fierce criticism over proposed contracts that would allow domain name giant Verisign to retain its powers over .com through at least 2007. Under these plans, Verisign would also retain a substantial level of control over two other key Top-Level Domains for several years, including .org (through December 2002) and .net (through December 2006).

Many attendees expressed concern over the apparently undemocratic approach with which these contracts were created, as well as the potential effects the agreements may have on competition and free expression. Indeed, ICANN's Board of Directors refused to make a final decision on this matter during its public meetings Down Under, but scheduled a private conference call on April 2, 2001 for this purpose.

These concerns have been reinforced by persistent signs that recognizable domain names are becoming scarce, and the possibility that this artificial scarcity problem may undercut free speech. Nevertheless, despite these problems, ICANN officials admitted during the Melbourne meeting that they have failed to complete negotiations to bring just 7 new Top-Level domains online. Moreover, the World Intellectual Property Organization is now seeking new "Best Practices" guidelines to be implemented within various country code domain names-a move that detractors say will further skew online expression to the benefit of large conglomerates and other powerful trademark holders.

Further doubts as to ICANN's legitimacy have been brought out in the wake of an initiative by to allow computer users to use alternative web domains such as .family and many others. This initiative works through a special downloadable program that plugs into web browsers (such as Internet Explorer and Netscape) and reroutes queries to the new domains. ICANN Chairman Vint Cerf attacked the program, calling it a mere "trick" and "sleight of hand" that would have little real impact on the Internet as a whole. However, several observers note that these and other efforts are evidence of growing disenchantment with ICANN. Professor A. Michael Froomkin from the University of Miami (Florida) said that's venture "is not a real attractive idea on its own technical merit. But given where we are, what else can you do?"

ICANN's launching of a so-called "Clean Sheet" study further heightened concerns over its perceived undemocratic nature. The study is supposed to determine the proper role of the public voice in ICANN decisions. During its meetings in Melbourne, Australia, the domain name body presented tentative plans that were notable in that their apparent failure to recognize the legitimacy of ICANN's own At-Large Members, or whether these members should be allowed to exist in the future. Numerous experts are worried that this study will lead to the end of ICANN public elections. Some of these fears were voiced during special Civil Society meetings that coincided with the ICANN convention.

To read the proposed .com, .net and .org Registry Agreements, visit

Transcripts and video archives of ICANN's Melbourne meetings are available via

For more on the ICANN-Verisign proposed contracts, see Stewart Taggart, "Furor over ICANN-Verisign Deal," Wired News, Mar. 13, 2001 at,1294,42392,00.html

For German language coverage, read Monika Ermert, "Deal mit Verisign/NSI uber .com-Domain verschoben," Heise Online, Mar. 13, 2001 at

Further details regarding delays in ICANN's rollout of new Top-Level Domains are available from Stewart Taggart, "ICANN Readies for 'Land Rush,'" Wired News, Mar. 12, 2001 at,1294,42363,00.html

For more information on, as well as Prof. Froomkin's remarks, see Don Clark, "New twist in top-level domain name game," Wall Street Journal, Mar. 5, 2001 at,4586,2692518,00.html

To read more of Vint Cerf's comments, see David McGuire, "Vint Cerf Calls New.Net Domain Scheme a 'Cute Trick,'" Newsbytes, Mar. 5, 2001 at

The text of WIPO's "Best Practices" proposal is posted under

See also Imogen Foulkes, " conflicts scrutinized," BBC News Online, Feb. 21, 2001 at

To read minutes from the Melbourne Civil Society meetings (as compiled by Kimberley Heitman, chairman of Electronic Frontiers Australia), click

For further background information, visit

[7] German Nazi website case muddled

First it was France; will Germany come next?

The German Central Council for Jews is planning to sue Internet service providers for allowing access to Nazi websites. According to the group's vice president, Michel Friedman, such webpages should banned even if they are not located in Germany. The possibility that one country's free speech restrictions could be applied on a global basis worries many legal scholars. Mike Pullen, a lawyer from the British firm DLA, said that while "no one wants to support Nazi sites," the Council's stance represented "is a worrying principle. Who's next? What if the French government decides it doesn't like Greenpeace campaigning about nuclear weapons?" Pullen suggested that this suit might contravene article 10 of the European Convention on Human Rights.

This move comes after a recent French court ruling that mandated web portal Yahoo to block French Internet users from accessing the webpages in the United States that allowed auctions of Nazi memorabilia. The ruling was made pursuant to French laws that generally prohibit such goods from even being advertised, much less sold. Yahoo has since filed suit in a U.S. Federal court to prevent the French order from being enforced. However, in the meantime, Yahoo decided to start blocking Internet users from items that, in its judgment, somehow "promote or glorify hatred or violence."

Meanwhile, the German government has halted its investigation of Yahoo regarding online auctions of Hitler's "Mein Kampf." A government spokesperson explained that Yahoo was merely a service provider and did not itself offer the book for sale. From a prosecutorial standpoint, since Yahoo was not fully aware of the Nazi content and could not take steps to prevent its sale, it could not be held criminally liable for incitement to racial hatred.

In a related story, several Swiss Internet service providers (ISPs) are blocking foreign webpages at the behest of a local anti-Nazi group. Swisscom, Sunrise/Diax and Tiscalinet are denying access to some 754 sites after a complaint was lodged by the Basel-based Children of the Holocaust. The ISPs partly based their decision on fears of liability under Swiss laws against racist speech that are broadly similar to those in Germany and France.

See "Germany drops Yahoo 'Mein Kampf' auction probe," Associated Press, Mar. 22, 2001 at

Read "German Jews sue over Nazi net content," The Guardian Unlimited, Feb. 20, 2001 at,7369,440542,00.html

The European Convention on Human Rights is posted under

Read Kristi Essick, "Yahoo Defies Court Ruling Over Nazi Memorabilia," The Industry Standard (Europe), Feb. 21, 2001 at,1151,22360,00.html

See also "Nazi web platform blocked by Swiss Internet service providers," Swiss Radio International, Feb. 19, 2001 at

[8] New copy protection schemes may curb fair use

Various plans to strengthen the rights of intellectual property holders may be coming to a hard drive near you.

One of these schemes, termed Content Protection for Removable Media (CPRM), would have placed copy protection software and special digital markings on each individual's hard drive (as well as removable drives and other such systems). Afterwards, computer programs would have to be ported onto CPRM-compliant hard drives, and, to make backup copies, computer users may have to log in to a centralized server, which would ensure conformity with intellectual property restrictions.

Many cybercitizens balked at the intrusive nature of these plans, which led IBM to shelve CPRM for the time being. However, in its place, the company is working with other industry giants such as Intel, Toshiba and Matsushita toward adopting a new system (developed by Phoenix Technologies). While details are still sketchy, this plan apparently envisions a scenario where files would be encrypted, password-protected or otherwise restricted. Afterwards, the codes used to access these files would be logged-an approach that might still have the same effects as CPRM. It is unclear at this point whether this system would be applied to all types of storage devices (such as individual hard drives) rather than merely removable media.

Experts have savaged these proposals as a threat to the rights of ordinary computer users. Stanton McCandlish of Electronic Frontiers Foundation (EFF-a GILC member) called CPRM and its successors "crippleware." He also reminded computer companies that their goal should be "to satisfy their customers," rather than restricting online free speech.

See John Borland, "Antipiracy efforts spark battle over copyright hardware," CNet News, Mar. 23, 2001 at

Read Robert Lemos, "IBM pulls digital tagging plan," CNet News, Feb. 22, 2001 at

See also Andrew Orlowski, "Will Phoenix keep your disks and OS CPRM-free?" The Register (UK), Feb. 23, 2001 at

For more of McCandlish's remarks, read Andrew Orlowski, "IBM withdraws CPRM for hard drives proposal," The Register (UK), Feb. 22, 2001 at

[9] US Gov't seeks Supreme Court Net speech ruling

The United States government is asking the nation's highest court to uphold a law that criminalizes online speech.

The so-called Child Online Protection Act made it a crime to use the Internet to pass along "for commercial purposes" information considered "harmful to minors." The statute was enacted in response to a 1997 decision by the U.S. Supreme Court, Reno v. American Civil Liberties Union, which struck down the Communications Decency Act and applied traditional free speech protections to the Information Superhighway. COPA was soon challenged by the American Civil Liberties Union (ACLU) on behalf of 17 groups and individuals. Several months ago, a U.S. Federal appeals court had ruled unanimously that COPA unconstitutionally barred Internet expression. However, the United States Attorney General, John Ashcroft, has now petitioned the Supreme Court, asking the tribunal to uphold COPA.

The US Government petition is posted under

An ACLU press release about the lower court ruling is available via

Read Brian Krebs, "Govt Asks Supreme Court To Reverse COPA's Death Warrant," Newsbytes, Feb. 28, 2001 at

[10] 2nd round for DVD weblinks case

Can you be sued for writing seven lines of computer code?

That's the question many people are asking after 2 students unveiled a new program entitled "grpff." The program unscrambles the copy protection scheme used in DVDs, and is a simplified version of DeCSS--a primitive computer program to help users of the Linux operating system play DVDs on their computers. Over the past year, the entertainment industry, through the DVD Content Control Association (DVD CCA) and the Motion Picture Association of America (MPAA), has waged legal battles in both New York and California to prevent Internet users from linking to websites that have DeCSS. Many experts fear that these actions may stifle free expression in cyberspace.

The developers of grpff, Keith Winstein and Marc Horowitz, are from the Massachusetts Institute of Technology's Student Information Processing Board, and wrote program for a class that Winstein was teaching. The two men were acutely aware of the potential legal threats they may soon face. Winstein called attempts to stifle the creation and dissemination of decryption programs "preposterous" and said that "there's some value in demonstrating how simple these things really are."

Meanwhile, the Electronic Frontier Foundation (EFF-a GILC member) is appealing a trial court ruling in the New York that banned 2600 magazine from providing information about DeCSS information on its website. The opposing sides already have filed briefs, and oral arguments will take place within the next few months.

For more on the new qrpff DVD decryption program, read Declan McCullagh, "Descramble That DVD in 7 Lines," Wired News, Mar. 7, 2001 at,1294,42259,00.html

See also Robert Lemos, "DeCSS 2? DVD code broken again," ZDNet News, Mar. 8, 2001 at,4586,2693768,00.html

For German language coverage of this development, see "Sieben Zeilen Code entschusseln kopiergeschutzte DVDs (Update)," Heise Online, Mar. 8, 2001 at

For more on the court case, see "Studios Bolster DeCSS Suit," Reuters, Feb. 21, 2001 at,1283,41943,00.html

[11] Japanese plan: ISPs to become censors

A new proposal may force Internet service providers (ISPs) to act as government speech examiners.

The Japanese Public Management Ministry is planning to submit a bill requiring ISPs to check for webpages that harm someone's reputation. Providers would then have to remove offending sites. The bill apparently contains similar takedown guidelines for copyrighted material, as well as provisions requiring ISPs to disclose the identity of website creators can be if deemed necessary.

Observers have suggested that these plans may violate Article 21 of the Japanese Constitution, which guarantees freedom of speech. In response, the Ministry has decided to write in provisions allowing both ISPs and courts to hear arguments on both sides (aggrieved parties and web content creators) for each case before a given webpage is deleted. However, it is unclear whether Internet authors will be forced to bear the burden of proving their innocence. The system may also make it difficult for people to retain their anonymity in cyberspace, which may intimidate online protestors and whistleblowers. Moreover, it is not known whether the new bill gives sufficient protection for various free speech uses of copyrighted material (such as for public commentary or criticism).

See "Law planned to let ISPs remove malicious sites," Yomiuri Shimbun, Mar. 6, 2001 at

To read Article 21 of the Japanese Constitution, click

An English-language translation of the Japanese Constitution is posted under

[12] New anonymous net posting battles

Skirmishes continue to break out regarding the future of anonymity along the Information Superhighway.

In one of these cases, a judge in the United States is suing to discover the identities of online critics, who posted their comments on the "Grant Street 1999" website. A trial court decided that these identities should not be disclosed unless the plaintiff shows that her case has merit. However, the court refused to dismiss the judge's lawsuit at the outset. The American Civil Liberties Union (ACLU-a GILC member), which is representing the authors of the website, is now asking an appeals court to throw out the lawsuit and prevent unnecessary disclosures.

Meanwhile, in Seattle, the Electronic Frontier Foundation (EFF-a GILC member) joined forces with a local ACLU affiliate to fight a subpoena that would force an Internet service provider to divulge the name of a chat board entry. The plaintiff,, sought the identities of some 23 individuals, including at least one person who never posted messages about the company. EFF's Public Policy director Lauren Gelman warned that "courts should not allow subpoenas to be used for 'fishing expeditions' when individuals' First Amendment rights are at stake. The chilling of free speech would be catastrophic."

In a third case, a self-titled "Anonymous Publicly Traded Company" is suing America Online, hoping to discover the identities of 5 chatboard critics. The company claims that these 5 people made "defamatory and disparaging material misrepresentations," but said that it wanted to remain incognito to avoid losing business. A state supreme court ruled that the firm must first disclose its own name before it can go forward with its case, and held that "the likelihood of the plaintiff suffering some embarrassment or economic harm is not enough by itself to permit anonymity."

A recent ruling in the United Kingdom has counterbalanced these decisions in the United States. In a lawsuit, a British court has ordered Web trading company Motley Fool to divulge the identity of a netizen who posted allegedly defamatory remarks against Internet company Totalise. The court also held that Motley Fool was not protected by UK laws that allow newspapers and other publications in most cases to avoid disclosing their sources. Malcolm Hutty of the Campaign Against Censorship of the Internet in Britain (CACIB-a GILC member) warned: "A decision like this can be taken to mean that anonymity is not right and that is too broad. A court needs to consider carefully the implications of its decisions and consider peoples rights under the Human Rights Act." Hutty was apparently referring to the Council of Europe's Universal Declaration of Human Rights Act, which treats privacy as a fundamental right.

For more on the Totalise/Motley Fool case, see Steve Gold, "End of the anonymous net," The Guardian, Mar. 22, 2001 at,7369,460668,00.html

"Website operators must identify maker of defamatory comments," The Times of London, Mar. 15, 2001 at,,12-99112,00.html

See also Will Knight, "Forums face crackdown after Motley Fool ruling," ZDNet UK, Mar. 19, 2001 at

For more on the "Anonymous Publicly Traded Company," read Lisa M. Bowman, "Anonymous company goes after John Does," CNet News, March 14, 2001 at

For an ACLU press release on the Melvin and 2TheMart cases, click

See Jeffrey Benner, "Chat Room Rants Protected," Wired News, Feb. 27, 2001 at,1283,42039,00.html

See also Aaron Elstein, "AOL sides with anonymous posters," Wall Street Journal, Mar. 5, 2001 at,4586,2692564,00.html

Read Jeffrey Terraciano, "Can John Doe Stay Anonymous?" Wired News, Feb. 21, 2001 at,1283,41714,00.html

[13] Cuba's continuing Internet woes

Cuba's strict rules on Internet use may be hampering its efforts to enter the Information Age.

People who live in the Caribbean nation must jump over many hurdles to go online. There is only one Internet service provider, which is run by the state, charges high fees (more than the annual salary of an average Cuban) and has slow connection speeds. After entering cyberspace, Cuban Internet users are then blocked from many sites that are deemed "subversive," including webpages with anti-Castro or anti-Communist messages, according to a government spokesperson. Reports have indicated that similar filtering regimes are applied to private e-mail messages. Netizens whom the government suspects of counter-revolutionary activities are subjected to surveillance, equipment seizures and possible jail time.

Academics have pointed out that these regimens have had a detrimental impact not only on freedom of information, but on Cuban society. Professor Juan Carlos Espinosa of St. Thomas University (in Miami, Florida) noted in particular that "Cuban young people are really hungry for information and have a sense of being left behind." Disturbingly, many scholars in Cuba have been forced to remain silent or have otherwise refused to comment on the government's actions, for fear of potential persecution.

See Julia Scheeres, "Cuba Not So Libre With the Net," Wired News, Feb. 23, 2001 at,1283,41940,00.html

[14] UK plans may criminalize online protests

Experts fear that new British legislation will erode free speech rights on the Information Superhighway.

One of these proposals is actually contained within amendments to a Criminal Justice and Police Bill. The plan would, in theory, criminalize the sending of hate mail by electronic means. Violators may be thrown in jail or forced to pay fines of 6000 pounds. Free expression advocates are worried that the law's vague standards will deter online protests, particularly against prominent figures such as corporate executives. These fears were heightened after comments from British Home Secretary Jack Straw: "These new measures are designed to help prevent two tactics used by ... individuals-protesting outside employees' and directors' homes and sending intimidating mail. We want to ensure that all types of threatening messages are covered-including those by text messaging and email."

Meanwhile, a recently enacted British law, the Terrorist Act 2000, is also receiving negative reviews. Section 12 of the law contains language that bans people from merely expressing "support" for any "proscribed organization"; indeed, these provisions specifically state that "support ... is not restricted to the provision of money or other property." Similarly, the Act also bars people from attending and speaking at any "meeting ... to encourage support for a proscribed organization or to further its activities." A number of observers worry that this statute could be applied to stifle online gatherings such as newsgroups and chat rooms.

To read the text of the "Malicious Communications" amendment to the Criminal Justice and Police Bill, see 6s01.htm

See Graeme Warden, "Government to ban 'hate emails,'" ZDNet UK, Feb. 22, 2001 at

The text of the Terrorism Act 2000 (section 12) is available at

Read Kieren McCarthy, "Newsgroups can be terrorists too," The Register (UK), Feb. 20, 2001 at

[15] Music companies & gov't spies: perfect together?

The entertainment industry has apparently found a new way to protect their interests: have spies watch private citizens as they travel along the Information Superhighway.

This alliance between intelligence agencies and music companies has become particularly strong after a recent court ruling required Napster to block access to copyrighted songs. However, various record companies have pushed for further measures, as evidenced by a recent raid by government agents. The raid came at the behest of the International Federation of the Phonographic Industry (IFPI), which monitored individuals online, then passed their information on to the Belgian police. Marcel Hymans, who leads the IFPI in Belgium, boasted government authorities would soon break into homes of hundreds of cybercitizens. One Belgian publication quoted him proclaiming: "The time for warnings is over, now we're going into action."

These efforts have disturbed many within the Internet community, who worry about how entertainment conglomerates have apparently become de facto government agents. These fears have been heightened by IFPI initiatives in other countries. In the United Kingdom, a local IFPI spokesperson has already warned British computer users that they may want to watch what they do online: "We have a very aggressive commitment to the fight against piracy, especially those who upload large amounts of digital music onto the Net." Interestingly enough, the spokesperson claimed that IFPI was "not so bothered about the one-time downloader," but did not explain precisely what standards the group would follow in determining whether to bring in government law enforcement agents.

See Graeme Warden, "Music industry to snoop on Napster fans worldwide," ZDNet UK, Feb. 19, 2001 at

See also Michael Learmonth, "The Online Enforcer," The Industry Standard Europe, Feb. 16, 2001 at,1151,22315,00.html

Read Jeffrey Benner, "Napster Fallout: Privacy Loses?" Wired News, Mar. 6, 2001 at,1283,42203,00.html

Further coverage is available from Janelle Brown, "Who is spying on your downloads?", Mar. 27, 2001 at

See also John Borland, "Who will serve as Napster police?" ZDNet News, Mar. 27, 2001 at,4586,5080218,00.html

[16] DoubleClick launches new tracking program

Is DoubleClick at it again?

That's what some computer users are wondering after the online advertising juggernaut (along with comScore Networks) launched a new plan to collect personal information from Internet users. While details are sketchy, this new software package (called netScore) apparently can track people wherever they are logged in-whether they are at home, at work or even overseas. In a press release, the DoubleClick boasted that the program was based on a comScore database that contained personal information dossiers on some one and a half million computer users.

The launching of this program comes nearly a year after DoubleClick recently admitted to tracking viewers through the Internet by placing digital identification numbers in files known as "cookies" on a user's hard drive, which it matches with name and address information that has been collected by its partners. Despite initial claims to the contrary, DoubleClick expressed its intention to match this data with more extensive information contained in millions of files maintained by its merger partner Abacus Direct. Subsequently, DoubleClick shelved its data-matching plan after a storm of public criticism.

To read a DoubleClick press release on the subject, visit

Read "DoubleClick rolls out ad-tracking tools," Reuters, Mar. 5, 2001 at,7407,2692765,00.html

[17] ECHELON spyware plug-ins: Oasis & FLUENT

A global surveillance network may be getting even more powerful than before.

United States intelligence officials have released some information regarding two new programs. One of these programs, Oasis, automatically creates machine-readable transcripts from television and audio broadcasts. Reports indicate that Oasis can also distinguish individual speakers and detect personal characteristics (such as gender) then denote these characteristics in the transcripts it creates. At least one division of the U.S. Central Intelligence Agency (CIA) already operates Oasis, and there are plans to expand the program's use over the course of this year, as well as develop Chinese and Arabic versions.

The other program, FLUENT, allows English-language keyword searches of non-English materials. This data mining tool not only finds pertinent documents, but also translates them, although the number of languages that can currently be translated is apparently limited (Russian, Chinese, Portuguese, Serbo-Croatian, Korean and Ukrainian). In addition, FLUENT displays the frequency with which a given word is used in a document and can handle alternate search term spellings.

Many experts note that this new software may be used to upgrade the massive surveillance system, popularly known as ECHELON. ECHELON is designed to intercept communications from around the world, and is reportedly operated by the United States National Security Agency in conjunction with several other intelligence agencies. It is supposed to be capable of intercepting e-mail messages, faxes, and telephone conversations. Concerns about ECHELON's potential threat to individual privacy were heightened by a Congressional hearing several months ago, where the directors of both the Central Intelligence Agency (CIA) and NSA refused to provide details on the legal standards by which ECHELON operates.

See Vernon Loeb, "Making Sense of the Deluge of Data," Washington Post, Mar. 26, 2001, page A23 at

Read Tabassum Zakaria, "CIA using data mining to keep smart," Reuters, Mar. 3, 2001 at,4586,2692457,00.html

See also Thomas C. Greene, "CIA patching ECHELON shortcomings," The Register (UK), Mar. 6, 2001 at

[18] Euro privacy panel attacks cybercrime plan

Continued efforts to create a new European cybercrime treaty are raising serious concerns from both Internet companies and privacy groups.

While the Council of Europe treaty is still being revised, a previous version would have signatory countries enact laws that might make it easier for government agents to search computers and conduct real-time surveillance on private citizens through telecommunications networks. The convention included provisions that may allow law enforcement officials greater access to many types of personal security information, such as encryption keys. Additionally, the scheme could make Internet service providers (ISPs) liable for their customers' content, and may lead ISPs to monitor and retain records on customer activities. Furthermore, the prior draft mandated signatories to create new harsh penalties for copyright infringement. European Union officials are now pushing for new sections that would ban websites containing language deemed hateful or inflammatory, an apparent extension of a controversial French ruling against Yahoo regarding Nazi memorabilia on its auction pages.

These plans have drawn a great deal of criticism. The European Commission Data Protection Working Party issued an opinion that strongly criticized the draft treaty. Among other things, the panel (which is composed of Data Protection officials from Council of Europe member states) noted that while the proposal may be entered into by non-European nations, the treaty did not require those countries to create conditions and safeguards to protect individual privacy. Indeed, the group felt that portions "of the draft Convention could create the impression that the protection of human rights shall only be considered when it is 'due' and shall only be 'adequate'." In addition, these experts had "serious concerns" about the proposal's language "which obliges service providers to collect or record within their technical capability traffic data in real-time," as well as requirements for such providers to keep traffic and other computer data for 60 days." Thus, the Working Party felt that many parts of the Convention "are not sufficient to fully safeguard the fundamental rights to privacy and personal data protection."

The panel's concerns echoed views expressed in a series of recent letters from the Global Internet Liberty Campaign. These views were reiterated by the French cyberliberties group Imaginons on Reseau Internet Solidaire (IRIS-a GILC member) which gave a special presentation on these and other cybercrime efforts at a special EU briefing held March 7. Meanwhile, the computing industry has also expressed alarm at these developments. Fred Eisner from the Dutch Association of Internet Providers complained: "This draft convention lacks balance. While it gives far more powers to law enforcement agencies, there are no built-in checks and balances...on behalf of all other actors." Nevertheless, in spite of these difficulties, the Council may approve a final draft by June.

The Working Party's "Opinion 4/2001 on the Council of Europe's Draft Convention on Cybercrime" is posted at

For German language press coverage, see Stefan Krempl, "Fette Bugs in Cybercrime-Abkommen," Heise Telepolis, Mar. 28, 2001 at

The IRIS presentation (in French) is located under

For more information on the briefing, visit the official EU website via

For further details on industry opposition to these cybercrime proposals, read the following Austrian Chamber of Commerce statement (in German/Deutsch):

See "Net execs, governments collide on cybercrime treaty," Reuters, Mar. 6, 2001 at

See also "Europe Slaving Over Cybercrime," Associated Press, Mar. 6, 2001 at,1283,42228,00.html

The latest version (no. 25) of the CoE cybercrime treaty is available at

To read a Dec. 2000 GILC letter on the Council of Europe cybercrime proposal, see

[19] UK email surveillance regulations stall

Will Great Britain ever try to protect the privacy of its workers?

That's the question many UK Internet users are posing after continued delays in devising new regulations on the subject. These regulations are related to the controversial Regulation of Investigatory Powers Act (RIP) which, among other things, includes language stating that employers have a legal right to monitor their workers. The British Data Protection Commission had issued a draft code that would place a few restrictions on this supposed right, including fines against firms that violate the code.

The Commission then delayed finalizing this document, supposedly due to a large number of public responses (110). The Commission is now planning to release these new standards in pieces, with the workplace privacy section to come later rather than sooner. Some experts worry that this will leave British workers with little protection against undue monitoring by their bosses for an indefinite amount of time. Others wonder whether the code will pay sufficient attention to the latest threats to Internet privacy, including tracking programs built into corporate blocking software.

See Kieren McCarthy, "Email snooping code of practice delay," The Register (UK), Mar. 6, 2001 at

See also David Neal, "Email monitoring code delayed," IT Week, Feb. 23, 2001 at

[20] Hotmail/Microsoft selling user info

Special offer: sign on now to receive lots of junk e-mail messages.

That's what many cynics are saying about Hotmail. The Microsoft subsidiary has admitted to sharing customer information lists with a public Internet directory site. Under this arrangement, Hotmail provided e-mail addresses and other personal information to Infospace, including the towns and states were individual users lived. Infospace matched that data with telephone numbers, home addresses and other tidbits, then made the files available through the World Wide Web, which telemarketers apparently used for targeted advertising campaigns. Both Microsoft and Infospace claimed that these practices should already have been known to customers through their privacy policies, and that customers could simply opt-out of this system. However, Hotmail's privacy policy actually says: "Hotmail keeps all of your Personal Information private and does not share it with any third parties." Moreover, Hotmail (in its default settings) assumes consumer consent to this sharing procedure; users have the burden of discovering this data transfer program and making an effort to change these specifications.

The procedure was discovered by Bennett Haselton of Peacefire (a GILC member). Haselton noted that the entire scheme invaded user privacy, and that "[o]nce your e-mail addresses get into the spammers' databases, you can't get it out again." However, a Microsoft spokesperson nevertheless claimed that her company was "clearly stating" its procedures, and even suggested that passing along personal information to third parties was "a consumer benefit."

A copy of Hotmail's privacy policy is available at

Read "Hotmail addresses shared with Internet directory site," Associated Press, Mar. 6, 2001 at

[21] user political data auction

Many dot-coms may have poor policies on user privacy. A number of them sell information about their users. But few of them have sold data on their customers' political views...until now., which recently went bankrupt, is planning to auction off details regarding some 170 000 users. These files include what political parties individuals adhere to, what issues they find important, as well as e-mail addresses and other personal information. The proprietors of the former policy portal have also made the bizarre claim that this sale is consistent with its previously announced privacy standards, in that it will require buyers to use the data only to "provide personalized political news and information to subscribers."

Not surprisingly, privacy advocates have panned this move. Jason Catlett from Junkbusters called's auctioning of personal user files as just "another example of how privacy policies are usually a hopeless way to protect privacy because the customer doesn't have predictable rights." Indeed, these developments come several months after another failed Internet company, was prevented from auction data about its customers. Toysmart's majority owner eventually purchased the files and destroyed them as part of a court-approved settlement.

In addition, government officials are now starting to take an interest in the way bankrupt Internet corporations handle their user databases. The United States Senate has included an amendment on the subject within a recently approved bankruptcy bill. Under this standard, dot-coms essentially must adhere to their privacy policies even when they go under. Such companies might be allowed to sell customer data to independent third parties, but only if a court finds the privacy risk is relatively insignificant.

For more on the Senate dot-com privacy amendment, see Patrick Ross, "Senate protects consumer data," CNet News, Mar. 16, 2001 at

Read Keith Perine, "State Attorneys General Compromise on Privacy," The Industry Standard, Mar. 16, 2001 at,1151,22917,00.html

For more on, see Aaron Pressman, " to sell membership list," The Industry Standard, Mar. 15, 2001 at,1151,22894,00.html

[22] New online breaches affect even celebrities

A rash of recent online data intrusions has heightened concerns about online privacy.

Perhaps the biggest of these breaches occurred in New York. Government investigators say that Abraham Abdullah took advantage of lax security measures and used the Internet to break into the accounts of several prominent celebrities. The list of alleged victims includes Steven Spielberg, Ted Turner, Oprah Winfrey and many others. According to prosecutors, Abdullah was particularly effective in manipulating large financial institutions (including Merrill Lynch, Goldman Sachs, Equifax and others) into accessing sensitive account information. Some experts suggest that the total amount of stolen materials could be in the millions of US dollars.

This event was one of only several highly publicized incidents that have heightened concerns about online privacy. Bibliofind, a subsidiary of Amazon, has admitted that hackers have been able to access customer data such as credit card numbers, names, addresses and telephone numbers for nearly 4 months. The number of consumers affected by this breach may be as high as 98 000. Meanwhile, (which sells office supplies) exposed personal user information (such as credit card numbers and expiration dates) on its website. While it is unclear how many online customers were affected, the site had attracted nearly one and half million visitors in January.

For more on the celebrity credit card scam, see Murray Weiss, "How NYPD Cracked the Ultimate Cyberfraud," New York Post, Mar. 20, 2001 at

See also "Cybertheft Case Skewers Celebs," CBS News, Mar. 20, 2001 at,1597,280107-412,00.shtml

For more on the Amazon subsidiary security breach, see Stuart Millar, "Hackers humiliate Amazon," The Guardian, Mar. 8, 2001 at,7369,448408,00.html

Read "Hackers Hit Amazon Unit Site," Washington Post, Mar. 6, 2001, page E2, at

See also " unit Bibliofind subject of hacker attacks," Associated Press, Mar. 5, 2001 at

For more on the OfficeMax credit card disclosures, see Michele Kessler, "OfficeMax site exposes private customer info," USA Today, Feb. 22, 2001 at

[23] New Privacy Coalition formed

Dozens of organizations have banded together to launch a new initiative: the Privacy Coalition.

In this Coalition, individual groups have signed on to a special Privacy Pledge supporting a privacy framework to protect the rights of citizens in the information age. This system includes such principles as "Fair Information Practices, independent enforcement and oversight, promotion of genuine Privacy Enhancing Technologies, legal restrictions on surveillance technologies, and a solid foundation of federal privacy safeguards that permit the private sector and states to implement supplementary protections as needed."

Ed Mierzwinski of the United States Public Interest Research Group said that one of the Coalition's first priorities is to urge "legislators to sign our new privacy pledge to help us defend consumer and citizen privacy rights against a massive industry campaign to dumb them down." Other Coalition members hoped that these efforts would also lead lawmakers to enact proposals to create strong privacy standards. Marc Rotenberg of the Electronic Privacy Information Center (EPIC-a GILC member) pointed out that "[t]here needs to be an agency or statute to enforce privacy interests, because the current arrangement puts all of the burden on the individual." These moves come in light of recent Forrester Research study which suggests that consumers have lingering fears about their privacy on the Internet, and that industry efforts to quiet these fears have come up short. As one Forrester analyst put it, "Anyone who thinks the privacy issue has peaked is greatly mistaken."

To read the Privacy Pledge, visit

For press coverage of this event, see Brian Krebs, "Group Urges Lawmakers To Sign Privacy Pledge," Newsbytes, Feb. 12, 2001 at

See also Brock N. Meeks, "Privacy groups to Congress: Get your act together," MSNBC, Feb. 13, 2001 at,4586,2685081,00.html

For more on the Forrester study, see David McGuire, "Firms Must Tackle Consumers' Privacy Anxieties-Forrester," Newsbytes, Mar. 5, 2001 at

[24] Privacy software in the works

Scientists are busy creating several new computer programs that may enhance online privacy.

One of these programs is the brainchild of Richard M. Smith from the Privacy Foundation. This software is designed to counter tiny image files (known "webbugs") which are being used increasingly to identify and track computer users. The Privacy Foundation program, which is currently being tested, causes individual computers to say "uh-oh" when a webbug is encountered. Smith hopes that "if people see the Web bug, they'll contact the Web site and ask why. So it's sort of putting social pressure on Web sites."

Another new program, the Evidence Eliminator, allows users to leave little or no trace of their activities. To do this it destroys a vast array of files and logs which may betray a given user's actions, including caches, temporary swap files, media player histories, registry streams and so on. It also permanently erases these files to a greater extent than usual methods. The program's creators also claim that the Eliminator can accelerate computing performance, presumably by freeing up system resources.

Observers hope that these and other devices will usher in a new privacy age that will foster Internet growth. David Sobel of the Electronic Privacy Information Center (EPIC-a GILC member) notes that "[t]echnologies that facilitate anonymous use of the Internet are really critical to the survival of the Internet as an open and democratic form."

See "Software tools help Web users protect privacy," Associated Press, Mar. 19, 2001 at

For more on webbug detectors, read Stefanie Olsen, "New tools hatch for sniffing out Web bugs," CNet News, Mar. 5, 2001 at

For further details on the Evidence Eliminator, see

[25] CFP 2001 Conference held

Despite a massive snowstorm, intrepid attendees to the Computers, Freedom, and Privacy (CFP) conference discussed a variety of hot cyberliberties issues.

In one noteworthy session, Richard M. Smith of the Privacy Foundation demonstrated how several new devices may help various parties spy on individuals. An cited example was SportBrain, which is worn on the user's body and tracks the person's heart beat, body movements and other personal information. It turns out that the device sends this data back to the manufacturer's website, apparently so that the company can better target advertisements. Yet despite the apparent security issues involved, a corporate spokesperson claimed that SportBrain posed "no privacy concerns."

Coinciding with the CFP meetings was the third annual United States Big Brother Awards ceremony, sponsored by Privacy International (a GILC member). These awards were designed to publicize some of the most serious threats to individual privacy online. This year's Most Invasive Proposal prize went to the notorious the US government's Carnivore spyware program; data mining firm ChoicePoint won the corporate invader award for "massive selling of records, accurate and inaccurate to cops, direct marketers and elected officials." The City of Tampa, Florida won the worst public official award for its facial scans of everyone who went to see the Super Bowl in January. The Lifetime Menace prize went to The US National Security Agency for, among other things, "50 years of spying."

In addition, the Electronic Frontier Foundation (EFF-a GILC member) conferred its 2001 Pioneer Awards. The winners included Seth Finkelstein for "raising the level of public awareness about the dangers to free expression posed by Internet content blocking and labelling systems." Other recipients included Canadian privacy advocate Stephanie Perrin and the late Bruce Ennis, who he successfully argued the case of online free speech case of Reno v. the American Civil Liberties Union before the U.S. Supreme Court.

For more on SportBrain and other new possible tracking technologies, see Eric Auchard, "Those great gadgets may be spying on you," Reuters, Mar. 8, 2001 at,4586,2693860,00.html

For more details on the 2001 U.S. Big Brother Awards, click

See Michael S. James, "Is 'Big Brother' Watching?" (U.S.), Mar. 8, 2001 at

For German language coverage of the Big Brother Awards, see Stefan Krempl, "NSA offiziel zum Big Brother gekurt," Heise Telepolis, Mar. 8, 2001 at

EFF's announcement of the 2001 Pioneer Awards winners is posted at

[26] New GILC Members: APC and CCC

The Global Internet Liberty Campaign welcomes two new members: the Association for Progressive Communications (APC) and the Chaos Computer Club (CCC).

Founded in 1990, APC has fought to make information technology more readily accessible to members of civil society. Towards that end, it has mounted strong protests against government-sponsored surveillance plans around the world, ranging from the British Regulation of Investigatory Powers Bill (RIP) to the global ECHELON spy network. APC has also launched an Internet Rights Program to foster democracy in cyberspace, and has fought attempts to censor the Internet in several countries, including most recently Korea.

Over the past ten years, the Germany-based CCC has vigorously defended the rights of computers users to engage in a whole of activities, including freedom of expression and information. In the past, the group has made efforts to increase public awareness of such Internet privacy issues as encryption key escrow, the security of online banks and many others.

The APC homepage is located at

Visit the CCC website at


The GILC News Alert is the newsletter of the Global Internet Liberty Campaign, an international coalition of organizations working to protect and enhance online civil liberties and human rights. Organizations are invited to join GILC by contacting us at To alert members about threats to cyber liberties, please contact members from your country or send a message to the general GILC address.

To submit information about upcoming events, new activist tools and news stories, contact: GILC Coordinator, American Civil Liberties Union 125 Broad Street 17thFloor, New York, New York 10004 USA. email:

More information about GILC members and news is available at You may re-print or redistribute the GILC NEWS ALERT freely. To subscribe to the alert, please send an mail to with the following message in the body: subscribe gilc-announce