GLOBAL INTERNET LIBERTY
CAMPAIGN
NEWS
ISSUES
RESOURCES
ABOUT
GILC
GILC Alert
July 26, 2001
Welcome to the Global Internet Liberty Campaign Newsletter
Welcome to GILC Alert, the newsletter of the Global Internet Liberty Campaign. We are an international organization of groups working for cyber-liberties, who are determined to preserve civil liberties and human rights on the Internet.
We hope you find this newsletter interesting, and we very much hope that you will avail yourselves of the action items in future issues.
If you are a part of an organization that would be interested in joining GILC, please contact us at gilc@gilc.org.
If you are aware of threats to cyber liberties that we may not know about, please contact the GILC members in your country, or contact GILC as a whole.
Please feel free to redistribute this newsletter to appropriate forums.
Free expression
[1] EBook hacking case sparks speech worries
[2] Afghanistan's new Net ban
[3] Chinese net users face more speech hurdles
[4] Malaysia to restrict more Net speech
[5] Concerns rise over Australian Net censorship
[6] Cubans face further Net restraints
[7] Korean Net censorship scheme in effect
[8] Court sets new anonymous Net speech rules
[9] Mexican Net libel battle looms
[10] Hague treaty negotiations stalled againPrivacy
[11] Privacy complaint filed over Windows XP
[12] New Japanese ECHELON spy allegations
[13] New cybercrime plans in Australia, elsewhere
[14] Update: rental car Net trackers defiant
[15] US and Aussie workers face Net monitoring
[16] Interactive TV privacy concerns grow
[17] New tool forces ads into email
[18] Prozac email privacy breach
[19] UK online privacy concerns rise
[20] Click-through ruling has privacy impact
[21] LifeMinders.com deal sparks privacy worries
[1] EBook hacking case sparks speech worries
The arrest of a Russian computer programmer after he gave a lecture about EBook encryption codes has outraged free speech advocates.
The programmer, Dmitriy Sklyarov, works for Elcomsoft, a Moscow-based company that is developing software to allow readers of electronic books to view such products on whatever computers they like. As part of this effort, Sklyarov developed a program that circumvents the copy protection scheme contained on Adobe Systems EBooks. He later wrote a paper on the subject and presented it to the public at a Las Vegas computer convention. After Adobe complained about Sklyarov's activities, officials from the United States government arrested him on charges of violating the controversial Digital Millennium Copyright Act (DMCA), which restricts the right of computer users to circumvent any program that "effectively controls access" to copyrighted works. Sklyarov faces up to 5 years in prison and a US $500 000 fine.
The case has caused considerable consternation from Internet user groups. Shari Steele, Executive Director of the Electronic Frontier Foundation (EFF-a GILC member), charged that the DMCA "is proving itself to be as harmful to civil liberties as we predicted it would be. Lest anyone be confused, this case is not about copyright infringement. Mr. Sklyarov is not accused of infringing anyone's copyrights. Mr. Sklyarov has entered the strange Twilight Zone of the DMCA, where using a tool is legal, but building it is a crime." EFF began preparations to defend Sklyarov as well as protests in several cities around the globe. Other online activists launched a massive boycott campaign against Adobe to protest the company's apparent anti-speech stances.
Subsequently, Adobe officials sought to defuse the situation by holding Colleen Pouliot called for Sklyarov's release, saying the company had now come to the conclusion that "the prosecution of this individual in this particular case is not conducive to the best interests of any of the parties involved or the industry." However, Pouliot still tried to claim the incident as a victory of sorts for Adobe, since Sklyarov's software is no longer available for sale in the U.S. Moreover, Adobe's about-face may have no direct impact on the case; as one United States government attorney pointed out, "[T]his is a criminal matter brought by the United States against the defendant and Adobe is not a party to that action." A court hearing is expected within two weeks.
To see Sklyarov's presentation (in PowerPoint format), click http://www.download.ru/defcon.ppt
For the latest details, see "Russian developer's allies aim at Mueller," Reuters, July 25, 2001 at http://news.cnet.com/news/0-1003-200-6669833.html
Read Robert Lemos, "Adobe seeks release of Russian programmer," ZDNet News, July 24, 2001 at http://www.zdnet.com/zdnn/stories/news/0,4586,5094588,00.html
See Declan McCullagh, "Release the Russian, Adobe Says," Wired News, July 23, 2001 at http://www.wired.com/news/print/0,1294,45489,00.html
For information in German (Deutsch), read Hubert Erb, "Adobe lasst sich erweichen," Heise Telepolis, July 25, 2001 at http://www.heise.de/tp/deutsch/inhalt/te/9162/1.html
More of Ms. Steele's comments are available at http://www.eff.org/IP/DMCA/US_v_Sklyarov/
20010718_eff_sklyarov_statement.htmlFor Russian language information, click http://ezhe.ru/elcomsoft/
For more on the boycott campaign against Adobe, visit http://www.boycottadobe.org
See also http://www.freesklyarov.org
[2] Afghanistan's new Net ban
Here's one way to silence online critics-ban the Internet entirely.
That's apparently what the rulers of Afghanistan have decided to do. The Taliban government has made it illegal for anyone in the country to use the Information Superhighway. This rule applies to government employees and private citizens alike. According to Taliban Foreign Minister Maulvi Wakil Ahmad Muttawakil, the measure is targeted at "all those things that are wrong, obscene, immoral and against Islam." Reports suggest that the agents from Ministry for the Promotion of Virtue and Prevention of Vice will enforce the ban, although it is not clear precisely what methods these officials will use.
Indeed, only a handful of Afghanis have been able to go online even before the new Taliban edict, due to severe problems with the nation's infrastructure. Bobson Wong, Executive Director of the Digital Freedom Network (DFN-a GILC member), pointed out that "[t]here aren't a lot of people in Afghanistan who have access to electricity or a telephone, much less the Internet." Moreover, the nation's telecommunications network has been found so wanting that the few Afghanis who have connected to the Internet have had to do so via cables in neighboring Pakistan.
For more information, visit the DFN website under http://dfn.org/focus/afghanistan/internetban.htm
Read David McGuire, "Taliban Net Crackdown Highlights Global Trend," Newsbytes, July 17, 2001 at http://newsbytes.com/news/01/168050.html
See also "Taleban 'outlaw internet,'" BBC News, July 13, 2001 at http://news.bbc.co.uk/hi/english/world/south_asia/newsid_1437000/1437852.stm
Read "Taliban bars Internet in Afghanistan," Reuters, July 13, 2001 at http://www.zdnet.com/zdnn/stories/news/0,4586,5094100,00.html
[3] Chinese net users face more speech hurdles
Many Chinese citizens continue to encounter serious difficulties when trying to express themselves along the Information Superhighway.
For example, Chinese authorities have decided to hold online activist Huang Qi indefinitely without a trial. Huang, who operated a "Tianwing Missing Persons Website," was arrested over a year ago on subversion charges for posting articles written by other people on several subjects that are considered taboo by government censors, including the 1989 Tiananmen massacre and the Falun Gong spiritual movements. So far, he has only appeared once in court, where he collapsed, allegedly due to beatings he has received in detention.
Mainland Chinese authorities have taken other steps to stifle possible dissent online. They have shutdown thousands of cybercafes and have instituted a ban on any such establishments within 200 meters of a school. In addition, government pressure has reportedly led many Chinese language websites to engage in self-censorship. One consultant explained that "the way you encourage self-censorship is to have isolated crackdowns on individuals or companies in the hope that this will then make people more aware of the line in China which they should not cross."
Meanwhile, Chinese government agents routinely block many overseas webpages, including the sites of prominent Western news sources (including the BBC, the Washington Post, and the New York Times). In one case, an Australian government webpage that mentioned Chinese human rights abuses was apparently blocked for years, which ended after complaints from officials Down Under (though Chinese authorities have denied charges that they deliberately prevented access).
For the latest on the Huang Qi case, visit the Digital Freedom Network (DFN-a GILC member) website via http://dfn.org/focus/china/huangqi010627.htm
For more on the Chinese cybercafe crackdown (including audio coverage), see Duncan Hewitt, "China acts on net 'addicts'," BBC News, July 20, 2001 at http://news.bbc.co.uk/hi/english/world/asia-pacific/newsid_1448000/1448423.stm
For additional details on the pressure to self-censor, read Duncan Hewitt, "China's net generation," BBC News Online, July 25, 2001 at http://news.bbc.co.uk/hi/english/world/asia-pacific/newsid_1455000/1455943.stm
Read "China cracks down on Internet cafes," Reuters, July 20, 2001 at http://www.zdnet.com/filters/printerfriendly/0,6061,2792693-2,00.html
See also John Gittings, "Great leap forward," The Guardian, July 12, 2001 at http://www.guardianunlimited.co.uk/internetnews/story/0,7369,520065,00.html
For more on Chinese attempts to blocking Australian government sites, see "Blacked-out site returns online to China," Reuters, July 5, 2001 at http://www.zdnet.com/zdnn/stories/news/0,4586,5093716,00.html
[4] Malaysia to restrict more Net speech
Watch what you say online. You could be hit a barrage of "missiles"...at least if you're in Malaysia.
The Malaysian government has announced plans to "unleash another set of missiles" against various forms of Internet speech. A government spokesperson, Dr. Rais Yatim, said that these strictures would target "hate messages, seditious writings and e-mail advocating religious dissent and others." He did not specifically explain what these "missiles" were, but did say that new Internet content laws would be introduced. While details on these proposals are still sketchy, some experts believe that they may include a Code of Conduct for website creators. Curiously, when asked how these measures could be compatible with Malaysian government's prior promises not to censor Internet speech, Yatim gave a series of bizarre comments such as: "Due to the government's no-censorship commitment, the initial missiles do not seem to follow the enemy but has ricocheted towards us. However, I assure you, the missile's inventor is not without imagination or recourse."
The announcement was met with concern from several quarters, as the Internet has become an important outlet for ordinary Malaysian citizens to voice their feelings in spite of harsh censorship regimes for most communications media (including newspapers and television). Mah Weng Kwai from the Malaysian Bar Council warned that the government "should not over-legislate. The prosecutor will want a whole array of laws behind him to make sure that he will get the offender, but would that impinge fundamental liberties such as the freedom of speech?"
Read Tong Yee Siong, "Gov't to launch upgrade 'missiles' on dangerous websites," Malaysiakini, July 5, 2001 at http://www.malaysiakini.com/News/2001/07/2001070502.php3
For background information, see "Malaysia Considers Cafe Rules," Reuters, June 21, 2001 at http://www.wired.com/news/print/0,1294,44716,00.html
[5] Concerns rise over Australian Net censorship
Want to know what websites your government has censored? If you're in Australia, you might have to go to court to find out.
Electronic Frontiers Australia (EFA-a GILC member) has appealed a decision of the Australian Broadcasting Authority to deny access under Freedom of Information law to more details about controversial web content rules that were created nearly two years ago. Under this complaint-based regime, certain websites are supposed to be screened out based on film guidelines. The list of affected webpages includes sites that contain "verbal references to ... suicide, crime, corruption, marital problems, emotional trauma, drug and alcohol dependency, death and serious illness, racism, [or] religious issues."
After the standards took effect, EFA requested documents from the ABA regarding what sites had been the subject of complaints. While the ABA did provide various papers on this subject, many of them were heavily redacted. EFA then appealed via the Broadcasting Authority's internal review processes but were unable to retrieve the details they desired, including basic information such as "page titles and URLs," according to EFA Executive Director Irene Graham. The Administrative Appeals Tribunal's decision will probably not be known for at least three months.
Meanwhile, experts are also voicing concern over a recent Australian defamation lawsuit. The dispute revolves around the U.S. business magazine Barron's, which published an article that accused an Australian citizen of "a series of offences, stock manipulations, classic stock scams and frauds and connection with money laundering." That citizen, Joseph Gutnick, sued Barron's parent company Dow Jones, claiming that the online publication of the article made the corporation liable under Australian laws, which are less protective of free speech than United States standards. Some observers fear that a decision in this case could chill Internet expression by subjecting online speakers to liability under speech restrictions from a multitude of nations.
More on EFA's Freedom of Information Application to the ABA is available at http://www.efa.org.au/FOI/foi_aba_2000.htm
Read Caitlin Fitzsimmons, "Battle looms over net censorship," Australian IT, July 18, 2001 at http://australianit.news.com.au/common/storyPage/0,3811,2367582%5E442,00.html
For further details and editorial comments on the Gutnick case, see Mark Day, "Internet case has global impact," Australian IT, June 21, 2001 at http://australianit.news.com.au/common/storyPage/0,3811,2140242%255E442,00.html
Background information on the Gutnick case is available from Alison Crosweller, "Case test internet freedom," Australian IT, June 6, 2001 at http://australianit.news.com.au/common/storyPage/0,3811,2082612%5E442,00.html
[6] Cubans face further Net restraints
Through extensive access controls and intimidation, the Fidel Castro regime has prevented many Cubans from freely voicing their views online.
Many of these measures are documented in a new report commissioned by the Carnegie Endowment for International Peace. The study, which was released this past month, describes how the Cuban government has severely limited Internet access to communities and agencies that are deemed loyal. Home Internet connections are extremely rare. There is only one publicly accessible cybercafe in the country (in the capital, Havana); it charges fees that are too expensive for most Cuban citizens. Institutions that do have Internet access often block users from visiting many websites, while the government forges ahead with plans for an national intranet that will be devoid of content that criticizes the ruling elite.
These restrictions are not the only way the Castro regime has stifled dissent. Cuban authorities also harass and imprison independent Cuban journalists who publish articles on the Information Superhighway. A two-year old law allows the government to put such writers in jail for up to 20 years, while their associates can be fired from their jobs or otherwise shunned from Cuban society.
The full Carnegie Endowment report is available (in PDF format) via http://www.ceip.org/files/pdf/21KalathilBoas.pdf
For information in German (Deutsch), see Florian Rotzer, "Lasst sich das Internet wirksam von autoritaren Staaten kontrollieren?" Heise Telepolis, July 22, 2001 at http://www.heise.de/tp/deutsch/inhalt/te/9137/1.html
For further background information, see Julia Scheeres, "Faint Voices Rise From Cuba," Wired News, May 29, 2001 at http://www.wired.com/news/print/0,1294,44045,00.html
[7] Korean Net censorship scheme in effect
Protests continue to mount over a Korean government scheme that may inhibit online speech.
A newly effective Internet ordinance created by the South Korean Ministry of Information and Communication essentially requires blocking software to be installed in cybercafes and other public computing facilities. A special Information Communication Ethics Committee already had made a list of some 119 000 "anti social" sites to be targeted and screened out. This list, which apparently includes many non-Korean webpages, is to be given to software developers for incorporation within blocking packages. Authorities will soon work with Internet service providers to prevent access to any such webpages; criminal penalties will be levied on those who aid and abet access to these sites. Moreover, the plan reportedly criminalizes online protests and demonstrations, including mass email campaigns. The ordinance went into effect despite the fact that many questions about this scheme have yet to be answered, including what criteria will be used to determine which sites should be blocked, or even the precise pages that have banned.
The measure, which went into effect a few weeks ago, has met with derision from many Internet groups. JinboNet, a node of the Association for Progressive Communications (APC-a GILC member), accused the government of ignoring public demonstrations against the ordinance and pleaded for worldwide support against the Korean government's restrictions. JinboNet also urged citizens to call Korean government agencies by phone and make their concerns about these Internet restrictions heard.
For further details, visit a special protest website created by JinboNet under http://www.freeonline.or.kr/english/
[8] Court sets new anonymous Net speech rules
A new ruling from the United States has provided the framework for stronger protections for anonymous Internet speakers.
The ruling revolved around online comments that criticized pharmaceutical giant Dendrite International, Inc. A pseudonymous user posted the remarks in a digital bulletin board operated by Internet portal firm Yahoo. Subsequently, Dendrite sued Yahoo to discover the identity of the user who posted these comments, claiming that the user had given out company secrets.
In the case, a New Jersey state appellate court laid down several key procedural rules to help ensure that personal information about Internet users is not given out unnecessarily. "[T]he trial court should first require the plaintiff ... to notify the anonymous posters that they are the subject of a subpoena or application for an order of disclosure, and withhold action to afford the fictitiously-named defendants a reasonable opportunity to file and serve opposition to the application. These notification efforts should include posting a message of notification of the identity discovery request to the anonymous user on the ISP's pertinent message board. The court shall also require the plaintiff to identify and set forth the exact statements purportedly made by each anonymous poster that plaintiff alleges constitutes actionable speech." Furthermore, the appellate judges mandated that the trial court should determine whether the plaintiff truly has a substantial case, and to balance the defendant's "right of anonymous free speech against the strength of the prima facie case presented and the necessity for the disclosure of the anonymous defendant's identity to allow the plaintiff to properly proceed."
Cyberlibertarians have cited the decision as perhaps the first comprehensive set of ground rules to protect the personal information of Internet speakers from needless exposure. Public Citizen attorney Paul Levy pointed out that "[b]ecause it sets forth strict procedural and evidentiary standards for compelled identification, and then shows that these standards can produce real protection for anonymity, this decision is a tremendous victory for free speech."
The text of the opinion is posted at http://www.judiciary.state.nj.us/opinions/A2774-00.htm
Read Jane Black, "A Victory, of Sorts, for Spouting Off," Business Week Online, July 20, 2001 at http://www.businessweek.com/bwdaily/dnflash/jul2001/nf20010720_543.htm
See also Ralph Siegel, "Court Sets Rules on Disclosing Internet Identities," Associated Press, July 11, 2001 at http://www.washtech.com/news/regulation/11094-1.html
[9] Mexican Net libel battle looms
A defamation case has raised questions concerning Internet freedom of expression across borders.
The battle centers on Mexican newspaper articles that were republished on the World Wide Web by New York-based Narco News. The articles raised drug trafficking allegations against Roberto Hernandez Ramirez, the executive director of Mexican banking conglomerate Banamex. Banamex has now launched a defamation action against Narco News in a US court. The move came despite the fact that Mexican courts had thrown out 3 previous Banamex lawsuits based on the same writings.
The case has alarmed a number of online free speech groups. Cindy Cohn, legal director of the Electronic Frontier Foundation (EFF-a GILC member), voiced concern that Banamex "resorted to New York courts to try to shut down this website because it could not do so in Mexican courts. This kind of forum shopping threatens to shut down one of the greatest benefits of the Internet -- giving a voice to independent, Internet-based journalists. Faced with having to defend themselves in far-flung jurisdictions, many independent journalists will simply choose not to publish on the Internet." A final decision may come in several months.
Cohn's comments and other information are available from the EFF website under http://www.eff.org/Censorship/SLAPP/Forum_shopping/BNM_v_Narco_News/20010712_eff_narconews_pr.html
Read Mark K. Anderson, "Net Reporting at Stake," Wired News, July 23, 2001 at http://www.wired.com/news/print/0,1294,45231,00.html
See Mark Ward, "Drugs case tests net boundaries," BBC News Online, July 20, 2001 at http://news.bbc.co.uk/hi/english/sci/tech/newsid_1448000/1448428.stm
[10] Hague treaty negotiations stalled again
A controversial treaty that could have serious implications for online free speech has become bogged down in diplomatic quicksand.
The latest round of negotiations regarding the Hague Convention on Jurisdiction and Foreign Judgments has recently ended. This convention, which is meant to ease enforcement of court rulings across borders. The document's terms are currently being worked out by representatives of many countries, including the United States, mainland China, the United Kingdom, Japan, Germany, Japan, Korea and Australia.
However, the different nations remain deeply divided on many key issues, particularly speech-related subjects such as intellectual property and defamation. These issues were highlighted by a recent court case where a French court ordered Internet portal giant Yahoo (which is based in the US) to block access to Nazi-related items, despite the fact that selling such items is legal in the United States. While the next set of talks will occur within a few months, many observers believe it could take two years or so before a finalized agreement can be hammered out.
Read Peter Griffin, "Global web law a thorny issue," New Zealand HeraldJuly 16, 2001 at http://www.nzherald.co.nz/storydisplay.cfm?storyID=200279
See also Jean Eaglesham and Patti Waldmeir, "Laws unto themselves," Financial Times, July 8, 2001 at http://news.ft.com/ft/gx.cgi/ftc?pagename=View&c=Article&cid=FT35YWU4XOC
[11] Privacy complaint filed over Windows XP
Several privacy groups have filed a formal complaint over perceived deficiencies in the latest version of Microsoft Windows.
The complaint, dated July 26, 2001, alleges that Microsoft "has engaged ... in unfair and deceptive trade practices intended to profile, track and monitor millions of Internet users." The document charges that Microsoft's release of Windows XP and related products such as Passport and Hailstorm will shift control of sensitive information away from respective users to the company. Thus, the Passport user authentication standard will make the corporation "the central repository for routine information for commercial transactions, as well as personal facts such as birthdates and anniversaries." Hailstorm, in turn, "will enable the widespread exchange of personal information among Microsoft business partners." In addition, the filed papers suggest that Microsoft's statements regarding the privacy implications of this scheme are misleading. Among other things, other websites are allowed to join into this data collection and dissemination system provided that those sites have their own "posted privacy policy," without defining "what level of protection that policy must provide." Similarly, despite "broad representations, the control that users will ultimately have over the extensive collection of their personal information within the Hailstorm system will be subject to the vagaries of Microsoft's business model." The document also notes how individuals trying to use Windows XP and Office XP may be continuously prompted to register with Passport (and thus divulge personal details about themselves) in order to receive certain services. In short, computer users may be coerced into providing sensitive details about themselves to the software giant and be left without "meaningful or effective control over the use of that information within Microsoft."
The complaint urges the United States Federal Trade Commission to launch a formal investigation of these Microsoft activities and to order the company to take several key steps to protect user privacy. These steps include "blocking the sharing of personal information among Microsoft areas ... absent explicit consent," incorporation of techniques to "allow users of Windows XP to gain access to Microsoft web sites without disclosing their actual identity," and providing better notice to users. The list of signatories included several GILC member organizations, including the Electronic Privacy Information Center (EPIC), Computer Professionals for Social Responsibility (CPSR) and the Electronic Frontier Foundation (EFF).
A copy of the complaint (in PDF format) is available at http://www.epic.org/privacy/consumer/MS_complaint.pdf
See Sandeep Junnarkar and Stefanie Olsen, "Win XP under fire from privacy groups," ZDNet News, July 25, 2001 at http://www.zdnet.com/zdnn/stories/news/0,4586,5094734,00.html
[12] New Japanese ECHELON spy allegations
What is a super-secret surveillance network doing in the Land of the Rising Sun?
The network in question is popularly known as ECHELON, and is supposedly operated by the United States National Security Agency in conjunction with government intelligence organizations in several other countries, including Britain, Canada, Australia and New Zealand. Designed to intercept communications from around the world, ECHELON is reportedly capable of capturing e-mail messages, faxes, and telephone conversations.
Recently, Nicky Hager, a New Zealand intelligence expert, claimed that ECHELON was used to conduct widescale surveillance on Japanese citizens. He based these allegations on interviews with some 50 individuals, including former intelligence operatives from New Zealand's Government Communications Security Bureau (GCSB). ECHELON apparently targeted a variety of activities and locations, ranging from Japanese fishing boats to diplomatic documents.
These charges have heightened concerns that ECHELON has severely undercut the privacy rights of individuals worldwide-concerns that are currently being investigated by a special European Parliament committee. Several weeks ago, the panel drafted a resolution calling for stronger privacy measures to be taken, including greater use of computer encryption, as a way to counter possible ECHELON abuses. The resolution is expected to be tabled in a plenary session during the fall of 2001.
The text of the resolution is available under http://cryptome.org/echelon-epmr.htm
To read 2 minority reports that accompany the resolution, click http://cryptome.org/echelon-turco.htm
http://cryptome.org/eu-priv-iset.htmRead "Japanese diplomatic dispatches infiltrated by English-speaking spies," Mainichi Daily News, June 27, 2001 at http://mdn.mainichi.co.jp/news/archive/200106/27/20010627p2a00m0fp002003c.html
For information in German (Deutsch), read Harald Neuber, "Alle Geheimdienste sind undemokratisch," Heise Telepolis, July 9, 2001 at http://www.heise.de/tp/deutsch/special/ech/9033/1.html
See also Steve Kettmann, "Louder Call for Echelon Probe," Wired News, June 27, 2001 at http://www.wired.com/news/print/0,1294,44841,00.html
[13] New cybercrime plans in Australia, elsewhere
A firestorm has erupted over recently introduced cybercrime legislation Down Under.
Among other things, the Australian Cybercrime Bill 2001 would greatly expand the power of government agents to conduct surveillance along computer networks. It also would impose absolute criminal liability for many Internet activities, including "unauthorized impairment of electronic communication," with no exceptions for individuals who access computers by mistake of fact. Violators could be sentenced to 10 years in prison. Proponents claim that the Bill is necessary to conform with a proposed international cybercrime Convention that is currently being considered by the Council of Europe--a treaty that has already received intense criticism from privacy advocates as well as telecommunications providers.
The proposal was savaged by cyberliberties experts. Electronic Frontiers Australia (EFA-a GILC member) issued a statement charging that the plan was "an overbroad knee-jerk reaction to recent well-publicised virus attacks, and has the potential to criminalise innocent behaviour such as possession of security software. It also introduces an alarming law enforcement provision requiring release of encryption keys or decryption of data, contrary to the common law privilege against self-incrimination." EFA also noted the "resemblance of provisions in the Bill to the CoE Convention" and called provisions that criminalized the "possession of data with intent" as "ridiculous."
Similar views were aired by the Australian Computer Society. Philip Argy, ACS vice president, warned that the Bill's "breadth of definitions leaves everyday activity vulnerable to prosecution by misguided, if not overzealous, enforcement authorities. We also have serious reservations about the broad powers conferred upon statutory agencies." An Australian Senate committee has already launched an inquiry into the Bill, and is scheduled to issue a report by August 21, 2001. Meanwhile, despite mounting criticism of both the Bill and the Council of Europe Convention, similarly-styled cybercrime proposals are cropping up in other parts of the globe, including New Zealand and Hong Kong.
For more on the Australian proposal, visit the EFA website under http://www.efa.org.au/Campaigns/cybercrime.html
Read Karen Dearne, "Cybercrime Bill 'excessive'," Australian IT, July 24, 2001 at http://australianit.news.com.au/common/storyPage/0,3811,2414351%5E442,00.html
Read Adam Creed, "New Zealand Crimes Bill Raises Cybersnooping Concerns," Newsbytes, July 23, 2001 at http://www.newsbytes.com/news/01/168208.html
See also Kim Griggs, "Kiwi Spy Bill Inches Forward," Wired News, July 25, 2001 at http://www.wired.com/news/print/0,1294,45501,00.html
Read Adam Creed, "Hong Kong Mulls Measures To Fight Computer Crime," Newsbytes, July 18, 2001 at http://www.newsbytes.com/news/01/168057.html
To read a press release on a CoE committee's approval of the Convention, click http://press.coe.int/cp/2001/456a(2001).htm
For further details on the European government support for more surveillance measures, see Graeme Wearden, "EU Council backs Net snooping," ZDNet News, June 28, 2001 at http://www.zdnet.com/zdnn/stories/news/0,4586,2780944,00.html
To read a GILC letter regarding a past version of the CoE treaty, click http://www.gilc.org/privacy/coe-letter-1200.html
[14] Update: rental car Net trackers defiant
A rental car company plans to continue tracking its customers in spite of mounting criticism.
Previously, US-based Acme Rent-a-Car installed special Global Positioning System devices (made by AirIQ) on its automobiles, then tracked its customers with these devices via the Internet. Acme charged at least one of these customers, James Turner, an extra US $450 for driving at what it deemed an excessively high speed, and even pointed out the exact location where he had done so. The charges came despite the fact that Turner never received a police citation for the alleged transgressions. Turner responded by suing in small claims court, as well as filing a complaint with his state Department of Consumer Protection. Subsequently, both the Department of Consumer Protection and the state's attorney general lashed out at Acme, calling its practice of doling out private speeding tickets as deceptive and illegal.
Since the revelations, Acme Rent-a-Car said (through its attorney) that it may refund some of the money it took from its customers, and it has altered its contracts by raising the speed threshold at which it will levy its private-speeding tickets. However, it remains adamant about its right to follow consumers via the Information Superhighway. Further legal action is expected.
For more about AirIQ tracking technology, visit AirIQ's homepage at http://www.airiq.com
Read Michelle Delio, "Rent-a-Car Motto: Speed Bills," July 12, 2001 at http://www.wired.com/news/print/0,1294,45163,00.html
See also Bob Jamieson, "Watching You: Rental Car Company Sued for Tracking Customer's Speed," ABC World News Tonight (US), July 5, 2001 at http://more.abcnews.go.com/sections/wnt/dailynews/rentalcar_010705.html
[15] Workers worldwide face Net monitoring
Is someone watching you via the Internet while you work?
Increasingly, the answer is yes, according to a new report conducted by the Privacy Foundation. The survey shows that some 27 million employees around the world (including 14 million in the United States) "have their Internet or e-mail use under continuous surveillance at work." The paper also indicates that the "low cost" of spyware, "more than any other factor, is driving the growth of e-mail and Internet surveillance in the workplace. Employee monitoring, as measured by the sales of surveillance software, has increased at least twice as fast as the number of U.S. employees with Internet access in the past few years." Ironically, the paper also suggests corporations that engage in such monitoring "may be putting themselves at risk. By creating and storing a detailed audit trail of employee activities, organizations may be inadvertently stockpiling large amounts of potential evidence that could be used against them in future litigation."
The report also suggests that tougher privacy rules to protect workers may be necessary. Andrew Schulman, the Privacy Foundation researcher who wrote the study, worries that mere notice to workers that they are being watched "might not go far enough. Companies and government agencies are basing firing and suspension decisions on the employee-monitoring reports. Yet, employees are generally not told beforehand what information will be gathered and how it will be judged. Companies can use employee-monitoring logs as a kind of 'wishing well' to justify actions against employees, including dismissals and layoffs."
Indeed, experts Down Under are questioning whether a set of new privacy standards (which are scheduled to take effect in a few months) are strong enough to deter workplace surveillance abuses. The language contained within extensions of the Australian Privacy Act is unclear on whether employers have the right to spy on their workers' Internet activities. Malcolm Crompton, the Australian Federal Privacy Commissioner, suggested that the exemptions within the Privacy Act for employee records only covered materials "that were part of the employer relationship." Thus, for private emails, companies may have notify their workers of the surveillance and get consent first.
The Privacy Foundation report is available under http://www.privacyfoundation.org/resources/14million.asp
Read Carrie Kirby, "The boss may be spying: Net use easy to monitor," San Francisco Chronicle, July 9, 2001, page D1, at http://www.sfgate.com/cgi-bin/article.cgi?file=/c/a/2001/07/09/BU144746.DTL&type=printable
See Stephen Shankland, "Study: Someone is watching you," ZDNet News, July 9, 2001 at http://www.zdnet.com/zdnn/stories/news/0,4586,5093810,00.html
See also "Under Surveillance," Associated Press, July 9, 2001 at http://cbsnews.com/now/story/0,1597,300508-412,00.shtml
For more on Australian workplace Net privacy woes, see Sue Lowe, "Emails at work a grey area under extended Privacy Act," Sydney Morning Herald, June 26, 2001 at http://www.smh.com.au/news/0106/26/biztech/biztech5.html
For further details on Australian privacy plans, see Matthew Spencer, "Follow NZ on privacy: expert," Australian IT, June 26, 2001 at http://australianit.news.com.au/common/storyPage/0,3811,2189962%5E442,00.html
[16] Interactive TV privacy concerns grow
New technologies may be allowing companies to watch you while you watch television.
That's according to a report recently released by the Center for Digital Democracy, in cooperation with Privacy International (a GILC member) and White Dot. Entitled "TV That Watches You: The Prying Eyes of Interactive Television," the study suggests that new interactive television systems are being "deliberately being designed to record the viewing and spending habits of the viewer." This data collection is done through the set-top boxes that had previously been used for switching between different television channels. Newer set-top boxes, which "are essentially computers, with microprocessors, memory and storage capacity," have unique built-in identifiers that allow companies to track users. Indeed, many of these devices are connected to the Internet and can log information about users, then send this information back to their manufacturers via the Information Superhighway. These profiles can "include one's age, discretionary income, parental status, along with psychographic and demographic data," and "be collected, analysed and made available to marketers, advertisers, programmes and others."
These findings have fueled efforts to enact tougher privacy laws. In the U.S., California state senator Debra Bowen is fighting for new rules that would require interactive TV companies to get their customers' permission before collecting personal information. Moreover, these concerns are not confined to the United States. In Britain, public anxiety over the privacy of interactive television systems has also risen, as several major companies plan to introduce a series of new generation of such devices within several months.
The "TV That Watches You" report is available (in PDF format) at http://www.democraticmedia.org/privacyreport.pdf
See Sean Dodson, "The spy in your living room," The Guardian, July 9, 2001 at http://www.guardian.co.uk/internetnews/story/0,7369,518674,00.html
Read Robert O'Harrow Jr., "Interactive TV Puts Users' Privacy at Risk, Report Says," Washington Post, June 27, 2001, page E3, at http://washingtonpost.com/wp-dyn/articles/A47809-2001Jun26.html
See also Jeffrey Benner, "Report: Beware the Eye in ITV," Wired News, June 26, 2001 at http://www.wired.com/news/print/0,1294,44801,00.html
[17] New tool forces ads into email
Overwhelmed with email messages? Would you feel any better if every one of those emails included advertisements?
An Australian-based company, Reva Networks, has created a new program that apparently intercepts emails and inserts advertisements in messages before they are sent. The advertisements themselves are tailored to users based on personal information profiles. Reva CEO Robert Pickup explains that this Admail system will make it harder for users to avoid online commercials:
"Because the advertising is embedded within a regular e-mail and not a separate e-mail message from an advertiser, users are more likely to open the message and hence be exposed to the advertising offer." Indeed, because Admail works at the Internet service provider level, individual users may have little choice on whether they want to receive ads in their own messages, although Pickup claims that "an opt-out function is likely to be provided in that case."
Consumers advocates have been less than receptive toward this apparently invasive product. Charles Britton from the Australian Consumer Association voiced support for standards that would force corporations to get customer consent before using such systems. He also questioned Reva's suggestions that private Internet users would welcome this device: "Without some incentive why would you want advertising in your e-mail?"
See Andrew Colley, "Tool feeds ads to your e-mails," ZDNet Australia, June 22, 2001 at http://www.zdnet.com/zdnn/stories/news/0,4586,2779267,00.html
[18] Prozac email privacy breach
Privacy advocates are in arms after a major drug manufacturer released sensitive medical information via the Internet.
Previously, Eli Lilly and Company provided a daily email service, called Medi-Messenger, that reminded Prozac users to take their anti-depressant medication. These messages were sent without identifying the recipients. However, when Eli Lilly discontinued the service, it sent an email to its customers that included a long, publicly visible list of over 700 recipients under the previously blank "To:" header.
In the wake of this development, the American Civil Liberties Union (a GILC member) sent a letter to the United States Federal Trade Commission, charging that Eli Lilly's distribution of the email violated the company's posted privacy policy and constituted an unfair trade practice in violation of Federal laws. The ACLU called on the FTC to launch a full investigation into this case. ACLU Associate Director Barry Steinhardt said that "[t]his disclosure of personal data may subject hundreds of people to discrimination. We hope that Federal regulators will do what is necessary to protect these individuals from further harm, and prevent similar mishaps from occurring in the future."
An ACLU press release on this subject is posted at http://www.aclu.org/news/2001/n070501a.html
[19] UK online privacy concerns rise
Various reports suggest that more people in Britain want more protection for their privacy online.
According to a study performed by the British Information Commissioner, Elizabeth France, almost three out of every four people (73%) in the United Kingdom are "very" or "quite concerned" about how much information about them has been stored in databases. The same paper showed a whopping 96% of respondents have termed their personal privacy rights as important or very important. In addition, the number of inquiries on privacy matters made to the Commissioner has reached a record high. Moreover, total yearly complaints of data privacy violations had jumped by 700% between 1991/92 and 2000/2001.
Commissioner France held that these results indicate support for strong online privacy rules, and argued that such standards should be an integral part of any future e-government plans: "People are worried about the ways their information might be being used without them being aware of it. The most important thing is that people have some confidence about what is happening to their information and understand that there are boundaries." She also attacked European proposals that would require Internet service providers to retain traffic data about their customers for 7 years. The Commissioner said that such measures were unjustified and called instead for measures that were more "proportionate ... to the problem law enforcement agencies face."
See "E-privacy complaints soar," BBC News Online, July 11, 2001 at http://news.bbc.co.uk/hi/english/uk/newsid_1433000/1433208.stm
Read Andy McCue, "Gateway raises privacy fears," Computing, July 23, 2001 at http://www.vnunet.com/Print/1124148
See Sarah Left, "Complaints over data privacy soar," Guardian Unlimited, July 12, 2001 at http://www.guardianunlimited.co.uk/internetnews/story/0,7369,520513,00.html
See also Mark Ward, "The problems of protecting privacy," BBC News Online, July 11, 2001 at http://news.bbc.co.uk/hi/english/sci/tech/newsid_1434000/1434131.stm
[20] Click-through ruling has privacy impact
A decision from a US court regarding online agreements may have serious repercussions for Internet privacy.
New York Federal Judge Alvin Hellerstein refused to enforce click-through contracts from Internet browser company Netscape in connection with the customer acquisition of special SmartDownload software. Hellerstein based his decision in part on the fact that users could access Netscape software but were not required to assent via computer or otherwise "click-through" the licensing agreement first. "Before downloading the software, the user need not view any license agreement terms or even any reference to a license agreement. From the user's vantagepoint, SmartDownload could be analogized to a free neighborhood newspaper, readily obtained from a sidewalk box or supermarket counter without any exchange with a seller or vendor. It is there for the taking."
The ruling was significant from a privacy perspective because the very same contracts included language that required customers to submit to tracking via the Internet. While Hellerstein's decision was primarily targeted at other provisions requiring users to submit claims to arbitration (rather than a court of law), the same logic could be applied to the tracking arrangements. A spokesperson for AOL Time Warner (which owns Netscape) said the company was still reviewing the decision and had not decided yet whether to appeal.
Read Lisa M. Bowman, "Netscape ruling bolsters privacy efforts," CNet News, July 9, 2001 at http://news.cnet.com/news/0-1005-200-6527744.html
[21] LifeMinders.com deal sparks privacy worries
How would you like to buy sensitive information concerning 20 million people?
Cross Media Corp., a direct marketing company based in New York, has decided to purchase online advertiser LifeMinders for a reported US $68.1 million. LifeMinders had previously compiled a personal information database that contained details about 20 million Internet users. The database, had previously been used to send advertisement-laden messages about birthdays and various special occasions. It is unclear, however, precisely what uses Cross Media will make of this information, or whether the sale conflicts with LifeMinders' privacy policy. That policy tells customers that the company "will never share your information with third parties unless you grant us consent," but includes an exception for disclosures "pursuant to a sale, merger, assignment, joint venture or other transfer or disposition of a portion or all of the assets or stock of LifeMinders or its affiliated entities."
Not surprisingly, the deal has raised questions as to whether the privacy of the individuals profiled in the database have been sufficiently protected. Marc Rotenberg, executive director of the Electronic Privacy Information Center (EPIC-a GILC member) pointed out that "[e]ven if a transaction doesn't violate the original privacy policy, it's still appropriate to ask whether this respects the privacy interest of members and lets them decide whether to opt in to the new owner. There's always a risk of public backlash when people feel they've been given the privacy bait-and-switch."
The move comes as US politicians are considering whether to enact new Internet privacy rules. At a recent hearing before the US Senate Commerce Committee, several privacy advocates, including Rotenberg, argued in favor of legislation requiring companies to ask their customers consent before collecting personal data. These feelings were shared by the Committee's chairman, Ernest Hollings, who said: "Clearly we need legislation that requires notice, affirmative consent, reasonable access and reasonable security to protect individuals online. Poll after poll indicates that the public wants this level of protection." US policymakers also have held sessions to talk up privacy measures for the personal information contained within domain name registrant Whois databases.
See Neil Irwin, "N.Y. Marketing Firm To Buy LifeMinders," Washington Post, July 20, 2001, page E1 at http://www.washingtonpost.com/ac2/wp-dyn/A23914-2001Jul19?language=printer
LifeMinders' current privacy policy is posted under http://www.lifeminders.com/lifeminder30/lmsite/utilities/privacy.html
Read Jonathan Krim and Robert O'Harrow Jr., "Democrats Focus on Internet Privacy," Washington Post, July 12, 2001, page E2 at http://washingtonpost.com/wp-dyn/articles/A48700-2001Jul11.html
See also Lisa M. Bowman, "Congressional hearings focus on Whois," ZDNet News, July 11, 2001 at http://www.zdnet.com/zdnn/stories/news/0,4586,5094032,00.html
ABOUT THE GILC NEWS ALERT:
The GILC News Alert is the newsletter of the Global Internet Liberty Campaign, an international coalition of organizations working to protect and enhance online civil liberties and human rights. Organizations are invited to join GILC by contacting us at gilc@gilc.org. To alert members about threats to cyber liberties, please contact members from your country or send a message to the general GILC address.
To submit information about upcoming events, new activist tools and news stories, contact: GILC Coordinator, American Civil Liberties Union 125 Broad Street 17thFloor, New York, New York 10004 USA. email: gilcedit@aclu.org
More information about GILC members and news is available at http://www.gilc.org. You may re-print or redistribute the GILC NEWS ALERT freely. To subscribe to the alert, please send an mail to gilc-announce@gilc.org with the following message in the body: subscribe gilc-announce
PUBLICATION OF THIS NEWSLETTER IS MADE POSSIBLE BY A GRANT FROM THE OPEN SOCIETY INSTITUTE (OSI)