GILC Actions 



 Free Speech 





 GILC Alert 

 Mailing List
 GILC Events 




 Mail GILC 

Home Page

US Site
European Mirror


GILC Alert
Volume 5, Issue 3

May 4, 2001


Welcome to the Global Internet Liberty Campaign Newsletter


Welcome to GILC Alert, the newsletter of the Global Internet Liberty Campaign. We are an international organization of groups working for cyber-liberties, who are determined to preserve civil liberties and human rights on the Internet.

We hope you find this newsletter interesting, and we very much hope that you will avail yourselves of the action items in future issues.

If you are a part of an organization that would be interested in joining GILC, please contact us at

If you are aware of threats to cyber liberties that we may not know about, please contact the GILC members in your country, or contact GILC as a whole.

Please feel free to redistribute this newsletter to appropriate forums.

Free Expression

[1] Korean censorware plans draw fire
[2] US libraries, schools face blocking deadline
[3] Mainland China jails more Net dissidents
[4] Malaysian news sites face uphill battle
[5] DVD battles rage Down Under and in US
[6] 2TheMart and MeltroniX Net speech cases
[7] Domain name deals spark anger
[8] Anti-fair use standards fail again
[9] Holocaust site flap Down Under
[10] Ford sues over anti-General Motors Net name
[11] Hollywood spies then sues Net speakers
[12] Internet usage worldwide varies heavily
[13] Whistleblower website launched
[14] Australian censor system largely dormant

Privacy and Encryption

[15] Cybercrime pact lurches forward
[16] iRobots webcams spy on children
[17] Communist China plans Carnivore-type spyware
[18] New British cyberspy agency created
[19] Euro hearing on ECHELON surveillance
[20] US-EU flap over Safe Harbor contracts
[21] Microsoft SmartTags & Hailstorm privacy woes
[22] EBay pulls an Amazon, waters down privacy policy
[23] Biometric software faces privacy & technical woes
[24] EU panel questions Australian privacy laws
[25] DoubleClick suffers security breach
[26] German gov't searches Net music lovers' homes
[27] Privacy surveys reflect public unease
[28] Sales problems for invasive CueCat, TiVo devices
[29] Digital hospital sparks privacy concerns
[30] Upcoming Japan privacy meetings

[1] Korean censorware plans draw fire

Controversy continues to surround Korean government plans to block both domestic and overseas websites.

The Korean Ministry of Information and Communication is pushing a special Internet ordinance that essentially would require blocking software to be installed in cybercafes and other public computing facilities. A special Information Communication Ethics Committee already has drawn up a list of some 119 000 "anti social" sites that they deem objectionable. This list, which apparently includes numerous overseas webpages, will soon be provided to software developers for incorporation within blocking packages. Authorities will also work with Internet service providers to make sure access to any questionable webpages will be denied; criminal penalties will be levied on those who aid and abet access to such sites. However, many questions about this plan have yet to be answered, including what criteria will be used to determine which sites should be blocked, or even the precise pages that have banned.

The measure, which is expected to take effect this July, has drawn heavy criticism over its potentially damaging impact on freedom of expression. Some of these concerns were aired in a recent meeting at the Sejong Cultural Art Center in Seoul; at the event, Chang Yeo Kyung from Jinbonet argued that the proposal will not protect children, but will only ensure "that the rights of parents and the public will be seriously violated." Opponents of the ordinance specifically focused on how virtually all blocking programs were prone to errors and tended to block many sites that had no controversial content whatsoever. These groups are now suing in court in the hopes of striking down the new restrictions.

See Kim Deok-hyun, "120,000 Internet sites blacklisted," Korea Times, May 2, 2001 at

See also Kim Deok-hyun, "Internet Filtering Ordinance Spurs New Debate," Korea Times, Apr. 23, 2001 at

Read "Seoul taking action against foreign pornographic sites," Korea Herald, Apr. 11, 2001 at

[2] US libraries, schools face blocking deadline

Protests are mounting over a new Internet blocking law that affects educational institutions throughout the United States.

The so-called "Children's Internet Protection Act" essentially requires high schools and libraries to include blocking software on their computers. Institutions that refuse to do so (or refuse to implement policies to that effect) would lose federal funding. CIPA is now being challenged in court by several groups, including the American Civil Liberties Union (ACLU-a GILC member) and the American Library Association.

The law was to take effect on April 20, 2001, but deadline for compliance has been pushed back until July 1, 2001 at the earliest. These delays came partly at the behest of cyberlibertarians, who expressed concerns about the law's effectiveness and potential harm to freedom of expression. Indeed, the Electronic Frontier Foundation (EFF-a GILC member) mobilized street protests in New York and California to vent frustration over CIPA, as well as a special BayFF forum.

For an ACLU press release on the subject, click

Read Brian Krebs, "Web Filters At Schools, Libraries By July 2002," Newsbytes, Apr. 6, 2001 at

For more on EFF-sponsored street protests, visit

For more on the EFF BayFF forum on censorware, see

[3] Mainland China jails more Net dissidents

With a flurry of arrests, mainland China has apparently started a new offensive against its online critics.

Reports indicate mainland Chinese authorities have arrested several activists, including Guo Qinghai, who had written numerous online opinion pieces that urged reforms, and Lu Xinhua, who sent messages to various Web sites overseas and documented human rights abuses. Another online dissident, Chi Shouzhu, was held after he printed out material from a pro-democracy website. He had been released just a few months ago after serving a decade in jail for his participation in the 1989 Tienanmen demonstrations. Meanwhile, fellow Internet activist Leng Wenbao was subjected to two hours of police interrogation while his house was ransacked and his computer was seized. Government agents are also holding Yang Zili, the proprietor of, which included articles on the suppression of the Falun Gong spiritual movement, economic disparities in Chinese society and critiques of communism.

Additionally, Chinese commisars have banned the opening of any new cybercafes for at least three months, in an apparent attempt to stifle various forms of Internet content. Similar initiatives are being launched at the local level, including Shanghai. In some areas, the computers in these establishments are being fitted with "information purifiers" that block access to various controversial websites. The crackdown may have a far-reaching impact because the vast majority of the population does not have home Internet access, and must depend on cybercafes to get on the Information Superhighway.

Not surprisingly, these moves have met with dismay from free speech advocates. Robert Menard from Reporters Sans Frontieres (RSF) said that while "China escaped condemnation at the Human Rights Commission of the United Nations, this ... new wave of repression reminds us that China is still an enemy of the Internet and of freedom of expression."

For the latest details, see the following bulletin from the Digital Freedom Network (DFN-a GILC member) under

For more of Menard's remarks, click

Read "Online activists arrested in China," Guardian Unlimited, Apr. 19, 2001 at,7369,475164,00.html

See also "China internet café debate heats up," BBC News Online, Apr. 29, 2001 at 00/1302309.stm

Read Sue Bruell, "Beijing to Forbid Opening of New Cyber Cafes," China News Digest, Apr. 14, 2001 at

See also "State Council tightens control over Internet cafes," China Online, Apr. 17, 2001 at ril/C01041201.asp

Read "Shanghai sets strict content restrictions for TV, radio on Web," China Online, Mar. 26, 2001 at rch/C01032304.asp

See also "China cracks down on file-swapping sites," Bloomberg News, Mar. 27, 2001 at

[4] Malaysian news sites face uphill battle

Malaysian online journalists are facing a barrage of harassment from government agents.

In the latest move, Malaysian government agents arrested ten people, including Raja Petra Kamaruddin, who is webmaster of, and reporter Hisammuddin Rais. The arrests were presumably an attempt to undercut support of Anwar Ibrahim, the former deputy prime minister who was imprisoned in September 1998 under suspicious circumstances. Kamaruddin, Rais and at least 5 other detainees were charged with violating the country's Internal Security Act, which allows individuals to held indefinitely without a trial.

Malaysian authorities have also put additional pressure on various corporations to either block online criticism or engage in self-censorship. These efforts apparently led multinational webhost to shutdown nearly a dozen opposition sites. Similarly, AgendaMalaysia recently relaunched its webpage with less content than before; in a thinly-viewed dig at Internet activists, the news agency's editor, Rozaid Rahman, proclaimed that his group was "not going to change the world. That is a daydream."

For further details, visit the website under

For a special bulletin on this subject from the Digital Freedom Network (DFN-a GILC member), click

See K. Kabilan, "Missing websites: no word from Tripod," Malaysiakini, Mar. 19, 2001 at

See also "New Tack for Malaysian News Site," Reuters, Apr. 4, 2001 at,1283,42828,00.html

[5] DVD battles rage Down Under and in US

The fight over DVD-related speech restrictions has now reached Australian shores.

The battle centers around the copy protection and regional coding schemes used in digital video discs. Previously, computer researchers had created DeCSS--a primitive computer program to help users of the Linux operating system play DVDs on their computers. Over the past year, the entertainment industry, through the DVD Content Control Association (DVD CCA) and the Motion Picture Association of America (MPAA), has waged legal battles in both New York and California to prevent Internet users from linking to websites that have DeCSS. Many experts fear that these actions may stifle free expression in cyberspace.

In Australia, where interest in DVDs is growing, machines that are sold Down Under generally cannot play discs from the other countries due to the regional coding. Users who wish to view DVDs from, say, Japan must modify their players, but the process brings legal problems (including possible nullification of the product warranty). These difficulties have led some experts, such as Allan Fels of the Australian Competition and Consumer Commission, to suggest the coding restrictions contained on DVDs actually violate the country's trade practices laws. There are additional concerns that these code-based restraints may have a significant detrimental impact on free speech, from preventing fair use of materials contained on DVDs to abetting controversial content rating systems.

Meanwhile, in the United States, the next round of legal battles over DeCSS took place May 1. The Electronic Frontier Foundation (EFF-a GILC member), which is defending 2600 magazine against the MPAA, recently added a new member to its DeCSS legal team: Stanford Law School Dean Kathleen Sullivan, who conducted oral arguments before a panel of 3 Federal appeals court judges. During this session, she suggested that copyright laws such as the Digital Millennium Copyright Act were acting as a "digital straightjacket" that hampered fair use and other free speech rights: "It's as if the laws, as applied, say you can't print a blueprint of a copying machine." However, at least one panelist seemed less than receptive to these arguments. Judge Jon Newman countered that the law does not necessarily allow individuals "to make fair use in the most technologically modern way". Newman further pooh-poohed the idea that fair use and other free speech doctrines fully apply to the Internet, suggesting at one point that newspapers such as the New York Times did not "need the digital format to write their reviews." A ruling is expected in several weeks.

For the latest on the New York court battle, see Declan McCullagh, "DVD Piracy Judges Resolute," Wired News, May 2, 2001 at,1412,43470,00.html

See Caitlin Fitzsimmons, "Restricting DVDs 'illegal': ACCC," Australian IT, Mar. 27, 2001 at,3811,1836144%255E1286,00. html

For further background information on the growing popularity of DVDs in Australia, see Adrian Kerr, "Philips predicts VCR demise," ZDNet Australia, May 2, 2001 at,4586,2714548,00.html

For an EFF press release on the hiring of Dean Sullivan, visit

For more on a possible ban on T-shirts containing DeCSS information, read John Naughton, "Been there, outlawed it-banned the T-shirt," The Observer, Apr. 1, 2001 at,7369,466363,00.html

[6] 2TheMart & MeltroniX Net speech cases

Free speech activists are cheering over a recent court ruling that protected the personal information of several online speakers.

The case centered around, which tried to uncover the identities of some 23 people who had posted critical comments about the company. The move was opposed by GILC members the American Civil Liberties Union (ACLU) and the Electronic Frontier Foundation (EFF). A United States Federal judge eventually quashed this request. Aaron Caplan, an attorney with the local (Washington State) ACLU affiliate, noted that the decision was important because "[t]here are a number of situations where, if people don't feel it is safe for them to speak anonymously, they may not speak at all. It is important for people to have that outlet for speech, persuasion and organization."

However, another court case is brewing in California, where computer manufacturer MeltroniX is trying to discover the names of several online detractors. The company is suing these Internet users for making allegedly "vicious, defamatory and damaging comments," and is asking a court to award punitive and financial damages. The corporation has even gone so far as to call personal information regarding these people as "a matter of public record" and that it would monitor them to enforce what it called "responsible posting."

An EFF press release on the 2TheMart decision is available at

For more on the recent Seattle anonymous free speech victory, see David McGuire, "Court Ruling A Boon For Online Anonymity-ACLU," Newsbytes, Apr. 20, 2001 at

See also Stefanie Olsen, "Court backs right to free speech on Web," ZDNet News, Apr. 20, 2001 at,4586,5081526,00.html

For more on the MeltroniX controversy, see Linda Hamilton, "Chatroom posters to be sued and outed," The Register (UK), Apr. 9, 2001 at

[7] Domain name deals spark anger

Several new agreements on the future of .com, .edu and other Internet suffixes are raising concern among many members of the Internet community.

In one of the these deals, the Internet Corporation of Assigned Names and Numbers (ICANN) awarded domain name giant Verisign the right to control the .com registry for at least 6 more years. ICANN also approved contracts that would grant Verisign powers over .org for at least one more year and .net for 4 years. The decision came despite intense opposition from a several quarters, including ICANN's own Names Council. This opposition arose partly because of the apparently undemocratic approach with which these contracts were conceived, as well as fears that the agreements will hurt competition and free expression. Indeed, ICANN's Board of Directors refused to make a final decision on this matter during its public meetings Down Under, but made their move during a private conference call that had been scheduled specifically for this purpose. These contracts may yet be countermanded, however, as several leading United States politicians have petitioned for greater oversight of these and other ICANN activities.

Meanwhile, the U.S. Commerce Department (through its subdivision, the National Telecommunications and Information Administration) is planning to turn control over .edu to Educause--a Washington D.C.-based group that lobbies on behalf of colleges and their corporate partners. The decision was taken with virtually no opportunity for public comment. Some observers have expressed concern over whether Educause will impose restrictions on the use of .edu, particularly in regard to educational institutions based outside the United States. These and other subjects are expected to be major topics for discussion at ICANN's upcoming June meetings in Stockholm.

For an Educause press release on the .edu takeover, click

Read Mark Ward, "Domain dispute drags on," BBC News Online, Apr. 20, 2001 at

To read a letter from US Congressmen regarding new ICANN-Verisign contracts, click

For more on calls for greater oversight of ICANN, see Juliana Gruenwald, "ICANN Issues Hitting Commerce Department," Interactive Week, Apr. 9, 2001 at,4164,2705712,00.html

For more on ICANN's Stockholm meetings, click

[8] Anti-fair use standards fail again

Troubles continue to mount for various technical measures which many experts feel may curb the free flow of information online.

Under the proposed SigningStation system, consumers would have to disclose their identities and have entertainment companies assign them a special individualized digital key. After customers purchase a given digital video or music product, they would use key for authentication, and only then would be able to view or hear what they had bought. However, experts wonder whether SigningStation will unnecessarily restrict the ability of individuals to make fair use of legally obtained digital materials. In addition, the complex identification requirements are raising serious privacy concerns. These considerations have fueled speculation over whether the entire plan is the financially viable.

Similar concerns have already led IBM to shelve Content Protection for Removable Media (CPRM), which would have placed copy protection software and special digital markings on each individual's hard drive (as well as removable drives and other such systems). Nevertheless, Microsoft is pushing a somewhat analogous scheme called "Secure PC" that is designed to prevent computer users from duplicating audio files, as well as anti-copying regimes in its latest version of Windows Media Player. Ironically, Microsoft is itself being sued by InterTrust, which claims the copy protection schemes used in the Media Player have infringed on InterTrust's patents. It remains to be seen whether any of these systems will achieve commercial acceptance or what impact they would have on Internet free expression.

For more on InterTrust's patent lawsuit against Microsoft's copy-protection schemes, read John Borland, "Anti-piracy company sues Microsoft," Apr. 27, 2001 at

For more on SigningStation, see David P. Hamilton, "Start-up locks to media files," Wall Street Journal, Apr. 23, 2001 at,4586,2710873,00.html

See John Borland, "Anti-privacy plans for hardware fail," CNet News, Apr. 2, 2001 at

See also John Lettice, "MS plans 'Secure PC' that won't copy pirated audio files," The Register (UK), Mar. 23, 2001 at

[9] Holocaust site flap Down Under

Attempts to shutdown a controversial Australian website have raised troubling questions over Internet censorship.

The site in question was the brainchild of Dr. Fredrick Toben, a former school instructor who questioned much of the forensic evidence related to the Holocaust. The materials contained on Toben's webpages drew the ire of Kathleen McEvoy, the Commissioner of Australia's Human Rights & Equal Opportunity Commission (HREOC). She claimed that the site violated the country's Racial Discrimination Act and ordered that the offending webpages be taken down. The Executive Council of Australian Jewry is now attempting to enforce the HREOC order through the courts.

These moves have generated opposition from free speech advocates. Irene Graham from Electronic Frontiers Australia (EFA-a GILC member) noted that "the HREOC decision ... does not provide any indication at all" of what specific speech is illegal and worried that these vague standards may chill expression online. Moreover, she charged that these "futile" and "counterproductive" bans "don't take into account the technology of the Internet and the worldwide nature of the Internet." A court hearing on this matter has been postponed until June 12, 2001.

See Penelope Debelle, "Free speech row on Holocaust website," Fairfax IT, Apr. 9, 2001 at

[10] Ford sues over anti-General Motors Net name

Several efforts to prevent domain name trademark violations may erode free speech and privacy rights online.

The Ford Motor Company is suing 2600 magazine over a domain name that criticizes General Motors. Ford's rationale was that the term might confuse "the public into believing that somehow Ford has approved (of the tactic) or is somehow involved." Curiously, General Motors had already threatened legal action against 2600 several months ago; a GM spokesperson has since said that his company "absolutely and totally" supports Ford in its attempted domain name takedown. A court hearing is scheduled for May 2, 2001.

These moves comes after the World Intellectual Property Organization issued a report calling for further trademark-based restrictions on domain names, including the use of geographic and personal terms. Under these new regimes, Internet users would be completely excluded from using certain terms (including the names of well-known drug products and international organizations), even if those terms are used for such purposes as public criticism or commentary. In an editorial, 2600 retorted that there should be "many more top-level domains that are dedicated to a specific purpose, rather than attempts to control and manipulate every use of a particular name or word throughout all Internet domains. Unfortunately, WIPO doesn't appear to see it that way. ... [T]his 'additional protection' is likely to cause great harm to the remaining freedoms of the net."

WIPO is also urging Whois databases (which contain personal information about domain name holders) to be expanded and standardized, thus making them searchable by virtually anyone on the Internet. However, skeptics fear that this last idea will curb anonymous free speech and undercut online privacy. These fears have grown strong in Australia, where the lack of privacy protections for this kind of data have led to numerous reported incidents of fraud.

WIPO's interim report is available via

To read a 2600 editorial on WIPO's report, see "WIPO Recommends Banning Certain Names and Words From Domains," 2600, Apr. 16, 2001 at

For a schedule of WIPO regional consultations, click

Read Steven Bonisteel, "WIPO Says: Keep Whois Open (And Keep It Accurate)," Newsbytes, Apr. 20, 2001 at

For more on fraudulent use of domain name registrant data, read Kate Mackenzie, "'Hijackers' lead to domain changes," Australian IT, Apr. 12, 2001 at,3811,1887934%5E442,00.html

For further background information, visit

[11] Hollywood's legal threats against Net speakers

Legal threats from the entertainment industry have forced a university professor to remain silent about his software research.

The case revolves around the Secure Digital Music Initiative (SDMI), a software standard that several major entertainment conglomerates are supporting as a way to discourage copying of sound files. SDMI's creators tried to demonstrate the strength of this software by challenging computer programmers to crack the code. Professor Eric Felten of Princeton University agreed to participate, but was then told by SDMI's sponsors not to reveal the results of his work. Prof. Felten balked at these restrictions and withdrew his official participation, deciding instead to conduct independent investigations of SDMI along with several other scientists. After his team discovered a way to break through SDMI's protections, he received a warning from the SDMI consortium saying that "Any disclosure of information gained from participating in the Public Challenge would be outside the scope of activities permitted by the Agreement and could subject you and your research team to actions under the Digital Millennium Copyright Act." Felten and his fellow researchers eventually conceded to these demands; he later expained: "Litigation is costly, time consuming and uncertain, regardless of the merits of the other side's case. Ultimately, we, the authors, reached a collective decision not to expose ourselves, our employers and the conference organizers to litigation."

Meanwhile, powerful forces from the entertainment industry are also clamping down on the use of software through surveillance and similarly-styled legal warnings. The Motion Picture Association of America (MPAA) is using software developed by Ranger Online to spy on Internet users and find people who use various types of duplication products such as Gnutella. MPAA has used the collected information to send hundreds of cease-and-desist letters, despite the fact that Gnutella and other similar programs can be used for noninfringing purposes. Yet despite the intimidating language contained in these letters, MPAA attorney Ken Jacobsen claimed that his group was merely trying "trying to do is educate the population about what is appropriate, both from an ethical standpoint and from a legal standpoint."

Numerous companies (including Microsoft) have launched analogous efforts around the world-efforts have also led to new legislation in several European nations, including Hungary. These attempts have renewed concerns about the future of online free speech in the face of intellectual property-based strictures.

For more on the threats leveled at Prof. Felton, read "Researchers cave in to SDMI legal threat," Associated Press, Apr. 26, 2001 at

See also Elizabeth Wasserman, "Breaking the Code Crackers," The Industry Standard, May 7, 2001 issue at,1902,24076,00.html

Read Lisa M. Bowman, "Broadband fans busted over Gnutella," CNet News, Apr. 17, 2001 at

For more about Ranger Online spyware, visit

For more on new EU copyright restrictions, see Thomas C. Greene, "EU Sanctifies copyrights a la DMCA," The Register (UK), Apr. 11, 2001 at

For more on Microsoft/police copyright efforts, read Glenn Simpson, "Microsoft urges global antipiracy effort," Wall Street Journal, Apr. 2, 2001 at,4586,2703424,00.html

For additional details on harsh Hungarian copyright laws, see John Horvath, "Criminal Society," Heise Telepolis, Mar. 24, 2001 at

See also Matt Ford, "Big Brother on track to find the pirates," Fairfax IT, Apr. 9, 2001 at

[12] Internet usage worldwide varies heavily

New studies indicate that much of the world is coming online, but progress has been uneven.

This is particularly true in Africa, according to statistics compiled by the International Telecommunications Union. Somalia, for example, only has about 200 Internet users out of a population of over 7 million people. South Africa, on the other hand, has 1.8 million cybercitizens-roughly 60% of all Internet users on the continent. Indeed, outside of South Africa, less than 0.2% of the population is connected to the Information Superhighway.

In other parts of the globe, the Internet has grown at higher rates. This is particularly true in Europe; home Internet use (as measured by time spent online) has tripled in France and Spain and nearly doubled in the United Kingdom. Another nation experiencing an Internet boom is Korea, which has been helped by a surge in wireless websurfers. South Korea also has the world's highest rate of broadband connectivity-a rate that is more double that of the United States.

Read Jenny Sinclair, "Why the Internet is out of Africa," Fairfax IT, Apr. 9, 2001 at

For more on burgeoning European Internet usage, read Steve Gold, "Internet Usage Increasing in Europe, Despite Downturn," Newsbytes, May 2, 2001 at

See also "European Net traffic rockets," Reuters, Mar. 28, 2001 at,7407,2702024,00.html

For more on the growth of the Internet in Britain, read Julia Snoddy, "UK Net user numbers grow despite dot.coms crash," The Guardian, Apr. 24, 2001 at,7369,477523,00.html

Read "OECD broadband figures show Korea leads," Total Telecom, May 1, 2001 at

See also "South Korea Leads World Broadband Net Race," Reuters, Apr. 23, 2001 at,1902,23891,00.html

For more on general Korean Internet usage, read "Korea No. 1 in use of multimedia sites," Korea Herald, May 4, 2001 at

See also "Korean users of wireless Internet total 18.52 mil." Korea Herald, Apr. 18, 2001 at

[13] Whistleblower website launched

Will a new webpage help workers expose corporate abuses?

The British firm Forensic Accounting has launched an initiative specifically targeted at employees who wish to vent their concerns to higher-ups without fear of reprisal. Informants who visit the website can post surreptitious warnings of possible criminal activity on the job, without having to pay any fees. Afterwards, the site's operators will forward entries to management teams of companies that subscribe to the service, as well as offer advice.

Raj Bairoliya, managing director of Forensic Accounting, stressed the importance of this venue for anonymous free speech: "The whistleblower's lot has not been a happy one. Most people are too scared because there is nothing in it but a downside." The plan has received support from several groups, including Public Concern at Work, which is dedicated to helping employees who have suffered reprisals for reporting corporate misdeeds. However, the website raises questions as to whether the authorities or major companies are making sufficient efforts to protect anonymity online. Indeed, George Staple from the British Fraud Advisory Panel noted that past efforts at helping whistleblowers had not been particularly successful, partly because the issue of protecting the identities of corporate informants "is not high enough on the agenda of most company managements."

See Michael Peel, "SURVEY-CLASSIFIED RECRUITMENT: Justice at a price," Financial Times, Apr. 26, 2001 at

See also Michael Peel, "Whistleblower website welcomed," Financial Times, Apr. 11, 2001.

[14] Australian censor system largely dormant

Does Australia really have a serious problem with harmful online material?

That's what many experts are wondering based on a new report. Nearly two years ago, the Australian government created a complaint-based regime that, depending on the circumstances, would screen out websites based on film guidelines. Adult theme websites, which are defined to include "verbal references to ...suicide, crime, corruption, martial problems, emotional trauma, drug and alcohol dependency, death and serious illness, racism, [or] religious issues" would be likely candidates for censure.

The plan took effect in January 2000. However, a subsequent government-commissioned study revealed showed that out of nearly six million of Australian cybercitizens, only 124 complaints were received during the first three months of the new regime. A later report issued this past April indicates that the massive wave of filings expected by some of the law's backers still had yet to take place. For example, between July and December 2000, the Australian Broadcasting Authority sent take-down notices to only 6 sites regarding content Down Under; notices were sent to a mere 22 sites over the entire year.

According to many observers, these findings illustrate how the entire scheme has been a waste of resources. Irene Graham, executive director of Electronic Frontiers Australia (EFA-a GILC member) noted that the Australian government "seems to be spending its time either referring overseas sites to content filter makers, or issuing take-down notices for domestic sites that could largely have been caught through existing laws. The government trumpets this as having made the Internet safe for children, but we think that's merely giving a sense of false security to parents. What they're doing is making, at best, a miniscule difference to how safe the Internet is for children."

The report is available via

For press coverage, read Stewart Taggart, "Questioning the Oz Net Censors," Wired News, Apr. 24, 2001 at,1294,43182,00.html

[15] Cybercrime pact lurches forward

Despite intense criticism, European politicians are moving ahead with a European cybercrime plan that may erode online privacy.

Under this Council of Europe treaty, signatory countries would enact laws that might make it easier for government agents to search computers and conduct real-time surveillance on private citizens through telecommunications networks. The convention includes provisions that may allow law enforcement officials greater access to many types of personal security information, such as encryption keys. Additionally, the scheme could pressure Internet service providers (ISPs) to monitor and retain records on customer activities, under threat of legal liability. Furthermore, the draft would have signatories create new penalties for copyright infringement. European Union officials are now pushing for new sections that would ban websites containing language deemed hateful or inflammatory, an apparent extension of a controversial French ruling against Yahoo regarding Nazi memorabilia on its auction pages.

The treaty has been the subject of intense criticism for months. Joe McNamee of the European Internet Service Provider Association (EuroISPA) worried that the treaty would require the collection of vast amounts of personal data, and said that while "[n]obody's opposed to fighting cybercrime," his group and others were "opposed to fighting innocent people and privacy." There are also serious complaints regarding the secretive nature with which the entire plan was conceived. On that point, Gus Hosein of Privacy International (a GILC member) called the procedure used to create the treaty "the worst process I've seen so far when it comes to transparency in government." Yet despite these concerns, the Council's parliamentary assembly approved the current draft, and sent the matter into the hands of an experts panel that compile a final version. Full assent could come as early as June 2001.

European nations apparently are not the only countries coming up with new cybercrime plans. Thailand is considering new laws that would allow government agents greater surveillance powers in cyberspace-standards that are broadly similar to those contained in the CoE treaty (including penalties for copyright infringement). In Australia, law enforcement officials are also proposing new amendments that would carry stiff punishments for various Internet activities, including decade-long jail sentences.

For more of Mr. Hosein's remarks, read Rick Perera, "Cybercrime treaty a step closer to becoming law,", Apr. 25, 2001 at

For German language information, see "Europarat verabschiedet Cybercrime-Abkommen," Heise Online, Apr. 25, 2001 at

Read Karnjana Karnjanatawe, "Thai Computer Crime Law Nears Public Hearing," Bangkok Post, Mar. 21, 2001 at

Further details regarding Australian cybercrime plans, see Megan McAuliffe, "Australian hackers face jail time," ZDNet Australia, Apr. 9, 2001 at,4586,2705803,00.html

See also David Adams, "Momentum grows for e-crime centre," Fairfax IT, Mar. 28, 2001 at

[16] iRobots spy on children

Who wants an android to spy on their kids?

That's what some people are wondering with the introduction of iRobot. This device, according to the manufacturer, is a "multi-purpose home robot that can be controlled from anywhere in the world." iRobot includes a live-action camera and microphone mounted on a six-wheel chassis. Images and sounds collected by the robot are then broadcast along the Internet by wireless. Computer users can control this device through their web browser. The entire package is being marketed as a way for parents to monitor their children, but is also being supplied to the United States Defense Advanced Projects Research Agency (DARPA) and various corporations for surveillance purposes.

The company has conceded that personal web cameras "could lead to situations where we are being monitored 24 hours a day, and privacy is a thing of the past. For example, if you wanted to be able to see what was going on at your house, you would have to install and wire cameras in every room. That's a lot of cameras, and for your family, it means never knowing if you are being watched or not." Curiously, the company claims this privacy problem does not apply to its product because "iRobot-LE(tm) is not a web cam," despite later assertions such as: "iRobot-LE is a serious appliance that can bring the power of the Internet out of the study and into the kitchen or living room when you are at home." Indeed, the corporation also admits through its privacy policy that it uses digital information files known as "cookies" to track users and places the burden on consumers to opt-out of its data collection system.

The iRobot privacy policy is posted at

Further company information on iRobot is posted at

See Peter H. Lewis, "Remotely interesting," Fortune, Apr. 2, 2001.

Read Eric Auchard, "I Spy," Reuters, Apr. 17, 2001 at

[17] Beijing plans Carnivore-type spyware

Mainland China is looking for a new way to monitor Internet users, and it appears to be taking a hint from the United States.

Reports indicate that the Chinese government is developing a new "black box" system to wiretap the Internet. While details are only beginning to emerge, the device is apparently derived from technology previously used in airline cockpit data recorders. The goal of this "black box," however, is to allow Chinese officials to watch over and hunt down dissidents and possible opponents to the current ruling regime.

The entire system appears to be broadly similar to Carnivore-a device developed by the United States government. Carnivore is attached to the server of a given Internet service provider and intercepts all Internet transmissions that come through the server, then parses out pertinent material, based on keywords provided by the administrator. Carnivore and its successor DCS 1000 have come under heavy criticism over the past few months as being serious threats to online privacy. Some of these concerns were reiterated by privacy advocates in a recent discussions with US Attorney General John Ashcroft.

See "China Plans to Build Internet Monitoring System," China News Daily, Mar. 20, 2001 at

For more on current discussions of Carnivore, see Brian Krebs, "Groups Urge Ashcroft To Act On Carnivore, Privacy Issues," Newsbytes, May 3, 2001 at

[18] New British cyberspy agency created

The British government is launching a new cybercrime center that is causing concern among privacy advocates.

British Home Secretary Jack Straw recently unveiled a National Hi-Tech Crime Unit. This unit will have several dozen employees, consisting of law enforcement agents and information technology experts, and will focus on crimes that involve the Internet. While precise details on operations are not readily available, operatives are expected to collect information regarding online activities for possible future action or prosecution. The entire enterprise will cost an estimated 25 million pounds sterling.

The move is being seen with a certain degree of apprehension, due in part to the sweeping powers this agency may have under the controversial Regulation of Investigatory Powers Act (RIP) that was enacted last year. RIP requires the creation of a special center with links to Britain's Internet service providers (ISPs), which will allow law enforcement officials to spy on the online activities of most UK citizens. Many people worry that the Act will enable government agents to conduct wide scale searches into the activities of private Internet users. Yaman Akdeniz of Cyber-Rights and Cyber-Liberties UK (a GILC member) warned that "this partnership could turn ISPs into an arm of the law enforcement agencies because there are a lot of requirements on them for data collection and analysis." Similar sentiments have been aired over an analogous arrangement in the Netherlands.

See Mark Ward, "Cybercops arrest online liberty," BBC News Online, Apr. 18, 2001 at

Read Sarah Left, "Government launches cyber-crime unit," Guardian Unlimited, Apr. 18, 2001 at,7369,474518,00.html

See also Jelle van Buuren, "Dutch Government and ISP's Reach Compromise On Interception of The Internet," Heise Telepolis, Apr. 25, 2001 at

[19] Euro hearing on ECHELON surveillance

More details may soon be revealed about a super-secret global surveillance system.

A committee of European Parliament members will soon visit the United States in an attempt to discover more details about ECHELON. ECHELON is popularly used to describe a system that is designed to intercept communications from around the world. It is supposedly operated by the United States National Security Agency in conjunction with several other intelligence agencies. Reports suggest that ECHELON is capable of intercepting e-mail messages, faxes, and telephone conversations.

Fears about possible ECHELON privacy abuses led the European Parliament to form a temporary investigatory committee. At a committee hearing held a few weeks ago, several witnesses expressed concern about ECHELON's potential threat to individual rights. One of them, Yaman Akdeniz from Cyber-Rights & Cyber-Liberties UK (a GILC member), noted that "[i]f the current allegations are true, all law abiding European citizens and companies are at risk of being monitored every day without any legal basis. ... [W]e are particularly concerned about the lack of democratic oversight on data being intercepted, stored and processed with systems like Echelon."

Afterwards, members of the EP panel decided to visit the United States on a fact-finding mission that will include discussions with various U.S. politicians and intelligence officials. Marc Rotenberg, executive director of the Electronic Privacy Information Center (EPIC-a GILC member), welcomed the move as "a very important step. It's a proactive effort by government officials to address the problem of international surveillance." The visit is scheduled to take place the week of May 8, 2001.

For more on the EP members' visit to the United States, read Declan McCullagh, "Euros Continue Echelon Probe," Wired News, Apr. 24, 2001 at,1848,43270,00.html

A statement from Mr. Akdeniz (presented at the EP hearing) is available under

The agenda for the hearing is posted under

Other related documents are available at

Press coverage is available from Kieren McCarthy, "European Parliament continues Echelon investigation," The Register (UK), Mar. 22, 2001 at

For further background information, visit

[20] US-EU flap over Safe Harbor contracts

Contracts meant to implement a trans-Atlantic privacy plan have met with some resistance from the United States government.

The European Union and the United States had previously agreed to new standards for handling the personal information of EU citizens. Under the plan, known as Safe Harbor, U.S. companies would have to notify European users how their private data is being handled and how it is being collected. Concerned individuals would be allowed reasonable access to their files, and could refuse to allow other companies to receive such information. This self-regulatory system is only voluntary, but American firms that join Safe Harbor could avoid lawsuits from the governments of EU countries. Moreover, these rules are not as strong as the stringent regulations required by many European nations.

This compromise was formulated several months ago to avoid a possible trade war between the EU and the US. Since then, however, the administration of US President Bush sent a letter criticizing proposed model contracts that are designed to allow companies to comply with this agreement. The letter called the draft clauses "unduly burdensome requirements that are incompatible with real world operations." In response, a spokesperson for the European Commission said that "The US administration's letter appears to be based on a total, complete and utter absence of understanding of what the Commission is doing. We are aiming to make life easier for companies transferring data from the EU to countries outside the EU by clarifying the provisions in contracts which would best ensure adequate protection of personal data."

See Glenn R. Simpson, "Bush opposes Euro privacy rules," Wall Street Journal, Mar. 27, 2001 at,4586,2701370,00.html

See Peronet Despeignes & Deborah Hargreaves, "INTERNATIONAL ECONOMY: EU-US clash over personal data: private right or commercial opportunity?" Financial Times, Mar. 29, 2001 at

[21] Microsoft SmartTags & Hailstorm privacy woes

How would you like to have your most personal details stored by a central computer system in Seattle?

That's apparently what Microsoft is asking people to do under its new Hailstorm plan. The scheme would use a "Passport" identity system for individuals to use personalized calendars, address books and e-wallets. This information would then be accessible to a whole host of recipients, including programmers and advertisers, who could sift through this data and send files to Hailstorm users. Should these users change email addresses, the updated contact information would be sent along to financial institutions and other corporations.

Many observers have raised alarms over the intrusive nature of these plans, as well as the apparent lack of privacy protection for the personal data stored within Hailstorm. Jason Catlett of Junkbusters said he was against letting Microsoft becoming "the de facto government of the United States, issuing passports and controlling identity and wallets for all consumers." Skeptics also pointed to Passport's privacy policies, which previously allowed "Microsoft and its affiliated companies permission to: Use, modify, copy, distribute, transmit, publicly display, publicly perform, reproduce, publish, sublicense, create derivative works from, transfer, or sell" virtually any user-provided information. The company has since revised its policy to say these rights only apply to "feedback or suggestions to Microsoft concerning the Passport Web Site or the Passport Service."

Hailstorm is not the only new Microsoft project that is sparking privacy concerns. The software giant is also receiving criticism over its latest version of Office (XP), which apparently includes expanded use of Smart Tags. These bits of code, which can be attached to numerous types of files (such as spreadsheets, Word documents and so on) could also reportedly be used as a backdoor for fraudsters. Experts have also criticized Microsoft's embrace of Platform for Privacy Preferences (P3P) technology in its latest version of within Internet Explorer; the Electronic Privacy Information Center (EPIC-a GILC member) described P3P as "a complex and confusing protocol that will make it more difficult for Internet users to protect their privacy." Meanwhile, scientists have discovered serious security flaws in both Internet Explorer and Outlook and as well as its Windows 2000 server software, which Microsoft is looking to remedy with software patches.

For further details on the latest Microsoft security flaws, read Mark Ward, "Microsoft warns of 'serious' software hole," BBC News Online, May 2, 2001 at

For more on Smart Tags, see John Lettice, "Smart tagging in Office XP-what Melissa did next?" The Register (UK), Apr. 6, 2001 at

For more on HailStorm, read Leslie Walker, "Gates's Bold New Persona: Your ID Manager," Washington Post, Mar. 29, 2001, Page E1 at

Further details on P3P's lukewarm reception, see Lisa M. Bowman, "Privacy experts rip IE cookie cutter," ZDNet News, Mar. 22, 2001 at,4586,5080018,00.html

See also Leslie Walker, "Browser Aimed at Protecting Users' Privacy," Washington Post, Mar. 29, 2001, Page E4 at

For more on Microsoft Explorer & Outlook security flaws, read Michelle Delio, "IE Hole Surrenders Your Computer," Wired News, Mar. 30, 2001 at,1282,42750,00.html

For more on Microsoft Passport user data leaks, see Stefanie Olsen, "Privacy terms revised for Microsoft Passport," CNet News, Apr. 4, 2001 at

Further details on potential other Office XP flaws, are available from John Lettice, "'Universal' key claimed to disable MS Office XP security," The Register (UK), Mar. 26, 2001 at

[22] EBay pulls an Amazon, waters down privacy policy

Should consumers put much faith in the privacy policies of e-tailers?

Many experts are suggesting the answer is no, after a recent decision by EBay. The popular online auction site altered its privacy statement to allow the company to give out personal information about its users in a number of circumstances, including if the corporation was taken over by another firm. The move comes after online bookseller Amazon made a similar alteration in its privacy policy several months ago, allowing sensitive "customer information" to be treated as merely "business assets" that could be bought or sold as the company continued to develop its business.

Not surprisingly, the change has yielded strong protests from privacy advocates. Andrew Shen from the Electronic Privacy Information Center (EPIC-a GILC member) noted that companies like EBay are able to carry out these practices because in part because regulators such as the United States Federal Trade Commission (FTC) not going far enough in protect personal information. "This is the problem with the FTC only using its prohibitions against unfair and deceptive practices, instead of establishing a privacy standard."

The revised EBay policy becomes effective May 15, 2001.

Read Jeffrey Benner, "EBay Alters Privacy Policy," Wired News, Apr. 2, 2001 at,1367,42778,00.html

See also David Berlind, "eBay, Yahoo's security snafus," Enterprise, Apr. 5, 2001 at,5859,2705095,00.html

[23] Biometric software faces privacy & technical woes

Your computer may soon know who you are-just by the way you type.

That's the promise of a new product called BioPassword. When computer users login with this system, the program checks the inputted typing pattern against archived "rhythm" samples, and will only grant access if there is a match. The software package allows "[c]onstant, automatic Password logon monitoring, every time the computer is booted up or unlocked." In addition, system administrators can lock BioPassword users can be locked out of their systems and have individual computers shutdown, powered down or rebooted.

While the software is being billed as a way to enhance security, it is unclear whether its success rates are actually higher than current login protection schemes-particularly in light of company literature telling BioPassword users that they no longer need to change their passwords on a regular basis. Some of these concerns have been fueled by the problems that have plagued a similar product, BioID SOHO, which tends to get confused between different people, particularly on systems that have less than 5 users. The manufacturer of BioPassword admits that "environmental issues" may have a significant effect on accuracy. Moreover, because these devices seem to allow precise tagging and monitoring of ordinary computer users, there are fears that they will in fact have a detrimental impact on Internet privacy.

See Carlos A. Soto, "BioPassword Security Checks User's Typing Pattern," Washington Post, Apr. 5, 2001, page E4 at

The BioPassword homepage is located at

[24] EU panel questions Australian privacy laws

Concerns over Australian privacy standards have started to take on international dimensions.

The European Commission Data Protection Working Party (which is composed of Data Protection officials from Council of Europe member states) has issued an opinion criticizing a proposed Australian Privacy Amendment. Among other things, the panel noted "with concern that some sectors and activities are excluded from the protections of the Act," including employee personal information and small businesses. The Party also pointed out vagaries in the language of the Amendment, which might allow data collected for one purpose to be used for new functions.

In response, Australia's Attorney General Daryl Williams accused the European experts of "ignorance about Australia's law and practice and do not go to the substance of whether our law is fundamentally 'adequate' from a trading point of view. It seems that the prescriptive approach taken in many EU Member States is assumed to be the only acceptable way to go in many areas of privacy protection." said that he did not accept the working group's findings and feared placing "unnecessary burdens on business." He also announced that "officials from Australia and the EC will continue to talk in order to address these concerns to everyone's satisfaction. However, Australia will only look at options that do not impose unnecessary burdens on business."

To read the comments of the EU panel, click

To read the response from Australian Attorney General Daryl Williams, visit

[25] DoubleClick suffers security breach

Recent events have left many people wondering whether DoubleClick will ever do enough to protect online privacy.

Officials from the online advertising firm admitted that intruders had invaded its systems. The attack was sufficiently serious that DoubleClick shutdown a few of its servers in order to help investigators track down perpetrators. A spokesperson termed the incident "mischievous in nature" but claimed that the incident did not have "any serious impact to our networks."

The breach came just as a Federal judge in the United States dismissed a privacy lawsuit against DoubleClick. The suit revolved around company's admission that it had been tracking viewers through the Internet by placing digital identification numbers in files known as "cookies" on a user's hard drive, which it matches with name and address information that has been collected by its partners. Despite initial claims to the contrary, DoubleClick planned to match this data with more extensive information contained in millions of files maintained by its merger partner Abacus Direct. DoubleClick put aside its data-matching plan after a storm of public criticism. Several consumers then took legal action against the company, claiming that DoubleClick's cookie tracking scheme violated various state and Federal laws. It is not clear whether the plaintiffs will now appeal the dismissal.

See "DoubleClick: We've been hit," Reuters, Mar. 30, 2001 at,4586,5080420,00.html

See also Michael Bartlett, "Attorney Fires Back At Judge In DoubleClick Privacy Case," Newsbytes, Mar. 30, 2001 at

[26] German gov't searches Net music lovers' homes

Watch out if you're downloading music off the Internet. The German government may use force (both in person and through the network) to stop you.

German government agents recently invaded the homes of 103 people, claiming that they were trading online music files of "skinhead bands." As part of this sweep, police officers seized computers and discs while pressing charges that could lead to 3-year prison sentences. Law enforcement officials argued that they had the right to enter these private residences and that it was illegal for individuals to transfer these MP3 files over the Internet. These claims came despite the fact that it is legal under German law to listen to such materials.

In addition, German politicians are tacitly admitting their support for plans to allow government agents to hack into private websites. German Interior Minister Otto Schilly mentioned in a recent interview that government agents may send voluminous amounts of email messages to offending webpages, in the hopes of disrupting their servers. A Schilly spokesman later tried to justify such attacks by saying that many of the sites to be targeted sites "are put onto the Internet in foreign countries, so it's very difficult to use German law. We have to think about all the lawful possibilities." No one from the German government has explained precisely what criteria would be used to determine which websites would be targeted.

These statements have alarmed many members of the privacy community. Andy Mueller-Maguhn of the Chaos Computer Club (CCC-a GILC member) said he expected government operatives "to say they won't do anything that is outside of German law or the law of any other country." He further warned that any ideas of arbitrarily hacking private websites "is not compatible with being Minister of the Interior for any democratic government on the planet. Of course there might be governments with that style. But normally that's not the behavior of a democratic state or country."

Read Adam Tanner, "Germany Cracks Down on Internet Nazi Music Trade," Reuters, Apr. 10, 2001 at

See also Steve Kettmann, "German Pol Backtracks on Hack," Wired News, Apr. 10, 2001 at,1283,42961,00.html

For original story, see Frank Patalong, "Mit Hackermoden gegen Neonazis," Der Spiegel, Apr. 6, 2001 at,1518,126921,00.html

For background information, see Thomas C. Greene, "German may strike Nazi sites with DoS attacks," The Register (UK), Apr. 9, 2001 at

[27] Privacy surveys reflect public unease

Recent studies suggest that people may not know precisely what threatens their privacy online, but they don't like what they see...and those threats are becoming more prevalent.

In a report from the Pew Internet & American Life Project, the vast majority of respondents (62%) wanted stronger laws to protect against online surveillance. Furthermore, two thirds of those surveyed did not necessarily trust the government to do the right thing when wiretapping the Internet, and nearly 80% of participants were worried about online fraud. However, the study also showed some confusion about specific programs that may curb privacy, and that there is a need for further public education about the subject. For example, only about 20% of respondents were aware of the United States government's Carnivore spyware system. Evan Hendricks of the Privacy Times commented that the "public's simply not aware of the power of Carnivore and the likelihood it will be abused if it's run as the FBI [U.S. Federal Bureau of Investigations] proposes."

Meanwhile, a report from the American Management Association indicates workplace surveillance is growing. According to the AMA's research, about 4 out of 5 major companies intercept their worker's phone calls, email or other Internet transmissions. This percentage rose dramatically in some industries, particularly financial firms (such as banks), where over 92% of surveyed companies snoop on their employees. These latest figures contrast with numbers compiled just four years ago, when about 35% of the firms participating in the study carried out these kinds of surveillance activities.

For more on the AMA study, see Romy Ribitzky, "Corporate Snooping on Rise," (US), Apr. 18, 2001 at

For further details regarding the Pew report, see Robert O'Harrow, "Opinion Split on Web Privacy," Washington Post, Apr. 3, 2001, page E12, at

[28] Sales problems for invasive CueCat, TiVo devices

Can privacy concerns hurt sales?

That's some people are wondering in light of the struggles faced by two controversial Web products. One of them, CueCat, allows users to scan special barcodes contained on print articles and advertisements, thus triggering their computers into accessing websites for more information. However, scientists discovered that CueCats include special individualized serial numbers that allow the tracking of computer users as they surf the Internet and the creation of highly detailed profiles regarding their behavior. Indeed, the maker of CueCats, Digital Convergence, has admitted that it "is responsible for the creation and analysis of the largest consumer database that provides the unique combination of Web tracking with all forms of media." Worse still, Digital Convergence suffered a security breach several months ago that revealed personal information files on nearly 140 000 users, including such data as customer names, email addresses and postal codes.

Since these revelations, Digital Convergence has suffered serious marketing problems. While 3 million CueCats have been given to consumers, only about 100 000 people have actually used them, and even those people tend not to swipe CueCats very often (averaging 6 hits per device). During the past month, the company withdrew its plans to publicly offer stock, claiming that the market environment would be too hostile to such a move.

The other product, TiVo, is personal video recorder with Internet connections that includes such features as allowing replays of television broadcasts within seconds and advanced programming options. However, researchers have determined that the device collects detailed information about users' viewing habits and sends this data back to the manufacturer through the Information Superhighway. While the manufacturer claims that these profiles were anonymized, a report from the Privacy Foundation indicated that the data collected did in fact contain identifying information (including the serial number of the individual user's machine). These revelations led several prominent United States Congressmen to call for a government investigation into possible trade violations. Meanwhile, while the number of subscribers continues the climb, the increases were not enough to dissuade the company from laying off nearly 25% of its workers in an effort to cut costs.

See Gwendolyn Mariano, "CueCats sent to the litter box," ZDNet News, Mar. 29, 2001 at,4586,5080362,00.html

The Privacy Foundation report on TiVo is posted under

To read the Congressmen's letter on TiVo privacy concerns, click

For more on TiVo financial difficulties, read Richard Shim, "TiVo revamps business plan, sheds workers," CNet News, Apr. 5, 2001 at

[29] Digital hospital sparks privacy concerns

Concerned about the privacy of your medical records? Would you feel any better if they were all posted online?

HealthSouth is building a digital hospital that will have devices to make it easier to store such details in computerized form, including digitized X-ray machines, an internal wireless data transfer system and portable computers for every employee. All of this information will be added to fully automated electronic patient databases. HealthSouth CEO Richard Scrushy boasted: "What we're doing now is making a reality out of something that many people have talked about, but no one has attempted."

However, experts from both the medical and computer programming community have expressed reservations about whether sufficient steps have been taken to protect the privacy of these records. Dr. Henry Vitelle, a New York obstetrician, worries that "With all of the stories we hear about how this website and that government computer system was hacked into, how can I feel good about putting my patients' medical records online? I don't feel comfortable about having records somewhere that they could be tampered with by some joyriding hacker with no sense of the havoc he could cause." These fears are in part based on the protocol that will be used by HealthSouth for its internal wireless system-a protocol that has been described by at least one group as having "major security flaws."

Similar concerns are being aired over a recent proposal Down Under. The Australian Practice Incentives Program has been altered so that the Federal government will pay medical practitioners to send patient data through email. The plan is designed to entice medical professionals to make greater use of computing technology. However, the new standards apparently do not require doctors to protect this data (such as by using encryption) against possible interception. Prue Power from the Australian Medical Association argued that rather than pushing this privacy issue aside, "the Federal Government ought to be very concerned that one of its programs would be providing financial incentives for GPs to send clinical information in an insecure manner."

For more about Australian online health privacy concerns, read Karen Dearne, "Prescribing a privacy cure," Australian IT, May 1, 2001 at,3811,1948560%5E501,00.html

See also Karen Dearne, "Doctors paid for 'insecure' emails," Australian IT, Apr. 17, 2001 at,3811,1900441%5E442,00.html

For more on HealthSouth, read Michelle Delio, "How Secure Is Digital Hospital?" Wired News, Mar. 28, 2001 at,1282,42656,00.html

[30] Upcoming Japan privacy conferences

Two meetings will be held in Tokyo this month to discuss emerging trends in the field of data privacy.

The first meeting, entitled "The Dark Side of IT Society," will take place on May 6 and will consist of two sessions. In the afternoon, several experts will give presentations on the recently enacted Japanese Wiretapping Law, Biometrics, IC cards and other High-tech privacy issues. Takao Saito, the author of "Privacy Crisis" will give the keynote speech on "Surveillance Society and Privacy in Japan." The evening session will consist of panel discussions between the presenters. The event is being organized by a coalition of civil society groups, including Japanese Networkers against Surveillance Taskforce (NaST-a GILC member), Privacy Action, the Japanese Consumer Union, and JCA-Net, among others.

The second meeting, scheduled for the evening of May 21, will explore numerous emerging privacy issues, particularly the ramifications of various cybercrime proposals from around the world. This session will feature several speakers, including Barry Steinhardt, Associate Director of the American Civil Liberties Union (ACLU-a GILC member), and Toshimaru Ogura from NaST.

For further information on the May 6 meeting, click

For an English-language translation, see

or send email to

Inquiries regarding the May 21 seminar should be sent to


The GILC News Alert is the newsletter of the Global Internet Liberty Campaign, an international coalition of organizations working to protect and enhance online civil liberties and human rights. Organizations are invited to join GILC by contacting us at To alert members about threats to cyber liberties, please contact members from your country or send a message to the general GILC address.

To submit information about upcoming events, new activist tools and news stories, contact: GILC Coordinator, American Civil Liberties Union 125 Broad Street 17thFloor, New York, New York 10004 USA. email:

More information about GILC members and news is available at You may re-print or redistribute the GILC NEWS ALERT freely. To subscribe to the alert, please send an mail to with the following message in the body: subscribe gilc-announce