GILC Actions 



 Free Speech 





 GILC Alert 

 Mailing List
 GILC Events 




 Mail GILC 

Home Page

US Site
European Mirror


GILC Alert
Volume 5, Issue 7

October 26, 2001


Welcome to the Global Internet Liberty Campaign Newsletter.


Welcome to GILC Alert, the newsletter of the Global Internet Liberty Campaign. We are an international organization of groups working for cyber-liberties, who are determined to preserve civil liberties and human rights on the Internet.

We hope you find this newsletter interesting, and we very much hope that you will avail yourselves of the action items in future issues.

If you are a part of an organization that would be interested in joining GILC, please contact us at

If you are aware of threats to cyber liberties that we may not know about, please contact the GILC members in your country, or contact GILC as a whole.

Please feel free to redistribute this newsletter to appropriate forums.

Free expression

[1] US bill to mandate crippleware
[2] Japanese Net news summary service sued
[3] China Net restrictions grow stronger
[4] Afghan gov't extends Internet ban
[5] ICANN pushes Net voting curbs
[6] Australian ruling poses Net speech problems
[7] New NZ copyright plan: DMCA-lite?
[8] Asian Net defamation bills raise speech issues
[9] More children in South Africa, India go online


[10] New US law weakens Net privacy standards
[11] Plan to give Hollywood hacking powers
[12] Euro surveillance proposals gain momentum
[13] New pro-privacy coalitions formed
[14] Cell phone tracking plans delayed
[15] Carnivore use may be growing
[16] British gov't forces user data logging
[17] Tougher US Net privacy standards now a longshot
[18] Indonesian cyberlaws delayed

[1] US bill to mandate crippleware

Here's a way to protect intellectual property: force hardware manufacturers to build in user-restrictive devices, or face criminal penalties.

That's the idea behind a new bill that may soon be considered by the United States Senate. Among other things, the Security Systems Standards and Certification Act (SSSCA) would require hardware manufacturers to build copyright protection devices into their products. Similarly, interactive computer services would have to use "certified security technologies" before allowing "copyrighted material or other protected content" from being stored or transmitted on their networks. The bill would give industrial groups a year or so to iron out specific standards; otherwise, the Federal government would step in. In addition, the SSSCA would make it a crime to sell "any interactive digital device" without copyright control measures, remove or alter "certified security technology" or to "make available to the public" any copyrighted material that has had these technologies removed. Violators could face 10 years in jail and stiff fines.

Many cyber-liberties groups have voiced opposition to the bill, fearing it will stifle free speech online by preventing individuals from making fair use of various forms of digital expression. The Electronic Frontier Foundation (EFF-a GILC member) has started an anti-SSSCA letter writing campaign, arguing that in the past, "Congress and the courts have always struck a careful balance between preserving incentives for authors while ensuring public access to our cultural heritage. The SSSCA represents an unvarnished attack on this balanced view of copyright. ... The public would be left with crippled technologies that permit only the uses that Hollywood unilaterally permits."

The push to mandate so-called "crippleware" has even sparked a backlash from various industrial heavyweights, such as the Computer Systems Policy Project (CSPP), a trade group that includes hardware manufacturers such as IBM, Motorola and Dell. CSPP executive director Ken Kay warned that the SSSCA "would be an unwarranted intrusion by the government into the commercial marketplace. This would freeze technology ... (and) force government to pick winners and losers." Similar views were expressed by Intel's Jeff Lawrence, who said that it would be difficult, if not impossible, to create a single successful technological measure to prevent piracy, and that it would be "a mistake to say that there is a magic bullet out there that someone's trying to invent."

However, several major music companies have already begun to introduce compact discs that cannot be played on many machines (especially personal computers) due to special copyright protection schemes. The list of affected CDs will soon include the latest Nsync album "Celebrity" and Michael Jackson's new single "Rock Your World." Indeed, Universal Music Group has recently announced that by early 2002, every one of its CDs will be encoded with user-restriction routines. Reports indicate there may be over 1 million compact discs on the market today that are copy-protected or otherwise crippled, although the biggest record labels have disclosed few details.

This latest development is drawing fierce criticism from users; Jim Peters from the Campaign for Digital Rights called the move "underhanded" and noted how "these new modified CD formats are being introduced secretly, without public knowledge." Peters' organization has started a leaflet drive in Britain to support the abolition of overly restrictive copyright measures. Meanwhile, the United States government has launched an investigation of various entertainment giants regarding possible "anticompetitive licensing of intellectual property rights associated with provision of music over the Internet." Similar concerns are being raised by European Union regulators.

The full text of the SSSCA is available at

An EFF Alert on the SSSCA is posted under

For the latest details, read John Borland, "Techs broadside anti-piracy plan," ZDNet News, Oct. 22, 2001 at,4586,5098618,00.html

See Alex Webb, "New legal assault on US CD copying," BBC News Online, Oct. 9, 2001 at

For more on the U.S. government intellectual property anti-trust investigation, see Anna Wilde Matthews and John R. Wilke, "DOJ expands online music probe," Wall Street Journal, Oct. 15, 2001 at,4586,2817926,00.html

Read Jim Hu, John Borland and Rachel Konrad, "New threat to record labels: the DOJ," ZDNet News, Oct. 19, 2001 at,4586,5098534,00.html

See also "EU 'threat' over download sites," BBC News Online, Oct. 15, 2001 at

Read "N Sync fight the CD pirates," BBC News Online, Oct. 3, 2001 at

See "Universal plans protection for all CDs," Reuters, Sept. 25, 2001 at

Read Steve Gold, "U.K. Digital Activist Group Takes on Copyright Act," Newsbytes, Oct. 1, 2001 at

Read "Q&A: Fighting online music piracy," BBC News Online, Oct. 2, 2001 at

See also "Labels plan to copy-proof CDs," Associated Press, Aug. 24, 2001 at,3811,2677162%255E442,00.html

For German (Deutsch) language coverage, read Florian Rotzer, "Weltweiter Ruckgang von verkauften Musik-CDs," Heise Telepolis, Oct. 2, 2001 at

[2] Japanese Net news summary service sued

Is running an Internet news clippings service illegal?

That's the question being posed by a new case in Japan. The dispute revolves around Comet Hunter, which regularly sent summaries of business news items to paying subscribers by email. Afterwards, the company posted these summaries on its Sokudoku Honpo website that could be viewed free of charge. Now several copyright holders, including the Nihon Keizai Shimbun newspaper, are suing Comet Hunter for copyright infringement. They are asking a Tokyo District Court to terminate Comet Hunter's news summary program (including both the email subscription service and the website). They have also requested an award of nearly 12 million yen in damages.

The plaintiffs' attorneys claim that this is the first Internet copyright case to be filed in the Land of the Rising Sun. The dispute raises important free speech issues, particularly with regard to fair use of copyrighted works.

See "Authors sue Internet operator over copyright," Mainichi Shimbun, Oct. 18, 2001 at

[3] China Net restrictions grow stronger

Mainland China is continuing its war against online critics, both through criminal prosecutions and new Western-developed technology.

Over the past few weeks, the Chinese government has sent several people to jail due to their Internet activities. Zhu Ruixiang, for example, faces three years in prison for forwarding a banned pro-democracy email newsletter, VIP Reference, to several friends. A Chinese court had given Zhu a nine-month sentence, but this period was extended at the behest of local officials. Chinese government agents have also shut down a number of computer bulletin boards, including Baiyun Huanghe and Tianya Zongheng, which had previously included vigorous discussion of various political events.

At the same time, a technology war is brewing over Chinese Internet content controls. SafeWeb, a company based in California, has signed a deal with the Voice of America's parent agency to develop systems that would allow Chinese websurfers to avoid Beijing censor schemes. These schemes came to the attention of many visitors to the Asia Pacific Economic Forum summit in Shanghai, who found that they were unable to visit a number of Western news sites, despite reports that Chinese authorities had lifted restrictions on accessing such webpages. Meanwhile, another U.S. company, RSA, is now planning China-specific user authentication and access controls, which could be used by the Chinese government to bar access to the Information Superhighway.

For more on China's apparent continued blocking of news sites, read Clay Chandler, "China Again Censoring Web," Washington Post, Oct. 23, 2001, page E1 at

See also "BBC News Online blocked at Apec," BBC News Online, Oct. 18, 2001 at

For more information from Digital Freedom Network (DFN-a GILC member) on recent jailings of Chinese Net dissidents, click

Further details are also available from Reporters Sans Frontieres at

For more on the closing of Baiyun Huanghe bulletin board, visit the DFN website under

Additional details on the Tianya bulletin board shutdown are available in "Authorities Chinese Web Sites for Opposition Publications," China News Digest, Sept. 3, 2001 at

Read Adam Creed, "RSA To Build Chinese Internet Security System," Newsbytes, Sept. 19, 2001 at

Additional details on the SafeWeb China initiative are available from Liu Weijun, "US to Use Internet in Information War with China," China News Digest, Sept. 1, 2001 at

See also Verne Kopytoff, "Stephen Hsu: CEO says Safeweb plan will help open China," San Francisco Chronicle, Sept. 4, 2001, page D1 at

[4] Afghan gov't extends Internet ban

The rulers of Afghanistan are at it again.

The Taliban have enlarged their ban on Internet usage to include still more people, especially foreigners. Previously, the Afghan government made it illegal for citizens to use the Information Superhighway. Now Taliban officials have extended this edict to include foreigners, such as international relief workers. Afghan leader Mullah Mohammed Omar confirmed that these rules would be enforced by the state Ministry for the Promotion of Virtue and Prevention of Vice. Government agents are already scouring the World Wide Web in search of potential offenders, especially reporters. The Taliban regime has even raided United Nations offices and threatened to kill U.N. employees if they try to use computers or communications equipment anywhere in the country.

These measures represent a further setback for efforts to bring Afghanistan into the Information Age. Severe problems with the nation's infrastructure (due in part to years of civil war and dire poverty) had already prevented most Afghanis from going online. These difficulties are only expected to worsen in the short term, as the current military conflict with the United States continues.

Read "Taliban Threatens U.N. Techies," Associated Press, Sept. 24, 2001 at,1294,47074,00.html

See "Taleban logs whole nation off net," BBC News, Aug. 25, 2001 at

Read Kathy Gannon, "Taliban leader bans internet," Australian IT, Aug. 27, 2001 at,3811,2697612%255E442,00.h tml

[5] ICANN pushes Net voting curbs

The organization charged with managing the Internet domain name system has shifted its attention to a subject it has rarely discussed-security.

The Internet Corporation for Assigned Names and Numbers (ICANN) has decided to go forward with its planned meetings in Los Angeles, but with several important changes. Among other things, the meetings will focus primarily on the security and stability of the domain name system. ICANN warned that the "focus of the meetings may well delay progress on some of the worthy and important initiatives that are currently underway."

The warning may be in reference to a controversial draft report recently issued by ICANN's At-Large Study Committee (ALSC). That report recommended that voting in ICANN elections should be limited to people who own domain names and pay membership fees. Currently, ICANN allows individuals to vote so long as they have a valid email and postal return address. The committee also recommended reducing the number of At-Large Board members from 9 (out of 19) to six. In October 2000, the organization had held public elections for 5 of these At-Large Board seats, and still has not held elections for the other 4 slots yet.

These suggestions had been met with sharp criticism from several quarters. This criticism had been bolstered by the findings of a special Non-governmental organization and Academic ICANN Study group (NAIS), which stated that the domain name ruling body needed to do more to facilitate informed public participation in its decision making. Among other things, the NAIS report argued that ICANN should have at least as many publicly elected At-Large Directors as those selected by Supporting Organizations, and that ICANN "membership should be open to all who express interest by completing a relatively simple registration process online combined with postal return confirmation."

Another major issue that had been drawing attention was ICANN's decision to ban registration of certain geography-related terms within the new .info top-level domain until its March 2002 meetings in Accra, Ghana. The ban came despite the recommendations of the World Intellectual Property Organization, which had previously issued a report saying that it would be premature to impose intellectual property type restrictions on such words within the domain name system.

For more on ICANN's upcoming November 2001 meetings, click

See "Net body targets web security," BBC News Online, Sept. 28, 2001 at

The ALSC draft report is posted under

For further analysis of the ALSC draft report, read the Cyber-Federalist No. 11, available at

The NAIS report is posted at

See also Serena Parker, "Panel Debates Internet Issues," Associated Press, Sept. 9, 2001 at

The text of ICANN's resolution banning geographic term registration is available at icalNamesininfo

The aforementioned WIPO report is posted under

Additional details on the ban are available in "ICANN cracks down on cybersquatters," Reuters, Sept. 10, 2001 at,7407,5096821,00.html

[6] Australian ruling poses Net speech problems

A court decision Down Under may have serious cross-border implications for online speech.
The case involves the U.S. business magazine Barron's, which published an article accusing an Australian citizen of "a series of offences, stock manipulations, classic stock scams and frauds and connection with money laundering." That citizen, Joseph Gutnick, sued Barron's parent company Dow Jones, claiming that the online publication of the article made the corporation liable under Australian defamation laws, which are less protective of free speech than United States standards.

An Australian court agreed with Gutnick and ruled in his favor. In his opinion, the presiding judge held that Internet speakers should be held liable under the laws of all nations where the information is "seen and heard, (i.e. made manifest to) and comprehended by the reader or hearer." He threw out Dow Jones' claims that it could not be held responsible for the actions of users in other countries, calling them "fallacious." He also summarily refused to apply free speech doctrines to the online world and rejected the idea that the Internet should be a "defamation-free zone."

Many observers fear that the decision will chill Internet expression by subjecting online speakers to liability under speech restrictions from a multitude of nations. Peter Coroneos of the Australian Internet Industry Association warned: "The presumption now is that when you post any article on the Internet, you will be required to comply with the local laws of all the jurisdictions anywhere in the world that it can be downloaded. That means basically that you can't protect yourself." Dow Jones has already filed an appeal; the company's vice president for corporate communications, Steve Goldstein, said that his firm does "not believe that Australia is an appropriate venue for a case involving a story that was published in New York."

The trial court ruling is available at

See Kate Mackenzie, "Net defamation ruling appealed," Australian IT, Sept. 20, 2001 at,3811,2902002%255E442,00.html

Read Adam Creed, "Dow Jones Appeals Internet Defamation Decision," Newsbytes, Sept. 21, 2001 at

See "Dow Jones Appeals Net Ruling," Associated Press, Sept. 19, 2001 at,1294,46986,00.html

[7] New NZ copyright plan: DMCA-lite?

Microsoft is pressuring New Zealand to expand its intellectual property laws in ways that may undermine free speech on the Information Superhighway.

While many details are still forthcoming, Microsoft suggested "outlawing devices, either mechanical or software-based" that could be used to circumvent copy protections, even if such products can be used for noninfringing purposes. In addition, Internet service providers would be obligated to "take down or block" purportedly infringing material for fear of liability. The plan would ban even "temporary copies" of copyrighted material, which might make it a crime merely to view certain webpages.

The proposed measure is very similar to the controversial United States Digital Millennium Copyright Act (DMCA). The DMCA has been derided by many Internet user groups as having a detrimental impact on freedom of expression. These concerns were heightened in a recent case, where a Russian programmer, Dmitry Sklyarov, faces several years in jail after presenting a research paper on electronic book encryption codes. Fred von Lohmann from the Electronic Frontiers Foundation (EFF-a GILC member) pointed out: "Copyright owners told us that they needed the DMCA to stop piracy. Instead, it has been used against the press, scientists, and computer programmers. We're hoping that other countries learn from our mistakes, and will think twice before giving in to the demands of corporate media giants."

An EFF press release regarding the New Zealand copyright proposal is posted at

Read David McGuire, "EFF Lobbies Against New Zealand Copyright Law," Newsbytes, Oct. 23, 2001 at

See "Microsoft seeks copyright changes," New Zealand InfoTech, Oct. 18, 2001 at,1008,977016a28,FF.html

See Adam Creed, "Microsoft Lobbies For Strict New Zealand Copyright Rules," Newsbytes, Oct. 17, 2001 at

More information concerning the Dmitry Skylarov case is available from the Electronic Frontiers Foundation (EFF-a GILC member) under

[8] Asian Net defamation bills raise speech issues

The governments of South Korea and Japan are each pushing plans that may chill Internet speech.

South Korean officials are in the process of creating a massive database containing personal information about private Internet users. The Korean Ministry of Information and Communication claims that this measure is necessary to protect politicians from insults. Under this proposal, online speakers could be found, then silenced with greater ease. This system will be coupled with new guidelines to ban information that is somehow deemed derogatory, abusive or obscene. However, many details, including precise criteria that would be used to determine whether certain speech is actually defamatory, have yet to be released.

These moves have raised questions as to whether the plan, if fully implemented, could be used as a weapon to silence political dissent. These fears were buttressed by indications from the South Korean National Police Agency that it would tighten enforcement of anti-defamation laws on the Internet prior to the country's presidential elections in 2002. Moreover, the South Korean government already has increased the penalties for slander and libel: up to 7 years in jail or fines of up to 50 million won.

Meanwhile, the Japanese government has drafted broadly similar legislation. The Japanese plan would require Internet service providers (ISPs), upon complaint, to issue warnings to online critics and takedown purportedly slanderous material if no response is received. In addition, ISPs would also have to submit to compliance monitors selected by the Japanese Ministry of Public Management, Home Affairs, Posts and Telecommunications. This plan may be considered by the Diet (Japanese parliament) within the next two weeks.

See "Steps Taken to Crack Down on Cyber Defamation," Korea Times, Oct. 4, 2001 at

The text of the Japanese bill (in Japanese) is posted under

See "Gov't to clamp down on Net providers to protect privacy," Mainichi Shimbun, Oct. 16, 2001 at

[9] More children in developing nations go online

Several efforts to bridge the digital divide are beginning to bear fruit.

In South Africa, dozens of special "digital villages" are being created to provide Internet access in rural areas. At the same time, a number of urban cybercafes have started programs specifically targeted at youngsters. The proprietor of one such establish explained: "Our target group are those kids who grow up hearing about the internet who can't get access to it." Indeed, studies have shown that the majority of the nation's children (particularly those who live in the countryside or unprivileged neighborhoods) still have no way of reaching the online world.

Meanwhile, in India, a number of initiatives have been launched to allow more people to enter the Information Superhighway. In a special "hole-in-the-wall" project, computers were placed in some of the poorest neighborhoods in several key cities, such as Delhi. Within a short time, numerous children flocked to these units and learned by themselves how to surf the Internet, even though many of them were illiterate and had not had any formal computer training. The experiment, which received funding from government and private sources, seems to suggest that the digital world could play a crucial role in improving India's educational standards.

Another idea to bridge the digital divide has been the widespread introduction of low-cost Internet appliances (called Simputers). Vinay Deshpade of Simputer Trust said that while his organization's "initial target is India...if it is applicable in India, it will also be applicable in the rest of the third world. We have had a tremendous response from all over the world - from South America to Australia and every other country in between, including some of the developed countries." Experts believe that the development of these and other technologies, such as wireless local loop networks and satellite Internet radios, will spur the growth of the Information Superhighway throughout the globe.

For more on local loop technology, click

See Francis Ayieko, "Internet radios aid Africa," Interlink Rural Information Service, Oct. 19, 2001 at

Read "South Africa's internet generation," BBC News Online, Aug. 28, 2001 at 251.stm

For more on the Indian Free Net access project, see "Delhi children make play of the net," BBC News, Aug. 27, 2001 at

Additional information on Simputers is available in "India's simple computer for the poor," BBC News Online, Sept. 24, 2001 at

[10] New US law weakens Net privacy standards

The United States government has enacted a new law that greatly expands government surveillance powers in cyberspace.

Recent terrorist attacks in the United States had led to several proposals that would enhance the ability of law enforcement officials to wiretap the Internet. One of these proposals, the Mobilization Against Terrorism Act (MATA), would have allowed the U.S. government to make greater use of controversial spy tools such as Carnivore. Among other things, MATA included provisions that would have applied loose pen register protections currently in place for such things as phone numbers and apply them to the Information Superhighway, rather than requiring law enforcement agents to show probable cause that a crime is being committed and get a court order. It would also expand the powers of a secret United States court, created under the Foreign Intelligence Surveillance Act (FISA), whose procedural protections are not as strong as those of other tribunals. In addition, MATA would have provided the government with the ability to break into houses and conduct secret searches.

However, the proposal lost some momentum partly due to the objections of privacy advocates. The Electronic Privacy Information Center (EPIC-a GILC member) issued a detailed analysis of the measure, calling many of the proposed statutory definitions "vague" and suggesting that the bill would seriously erode privacy online. For example, EPIC pointed out that the proposal's application of pen register standards to the Internet "does not take into account the unique nature of such information, which contains data far more revealing than phone numbers." MATA lost further steam, when one of the primary backers of the bill, United States Attorney General John Ashcroft, admitted that the bill would not necessarily have prevented the disasters of Sept. 11, 2001: "It's impossible to say that, had we had every one of these provisions, we would have prevented this attack."

A committee in the House of Representatives eventually approved a revised package and included a sunset provision that would end the government's expanded surveillance powers after two years. However, these changes failed to assuage the concerns of many cyberlibertarians, as the measure retained many of MATA's perceived flaws. The American Civil Liberties Union (ACLU-a GILC member) warned that the redrafted proposal would still impose a "low threshold of proof to Internet communications ... For example, it would apparently apply to law enforcement efforts to determine what websites a person had visited. This is like giving law enforcement the power - based only on its own certification -- to require the librarian to report on the books you had perused while visiting the public library."

Meanwhile, a similar measure appeared in the United States Senate that included a number of provisions from MATA that were absent from the revised House bill, albeit in slightly modified form. For example, the Senate proposal provided the government with the ability to conduct secret searches, but did not contain any sunset provision. Despite the apparent detrimental impact the proposal would have on civil liberties, the Senate quickly approved the bill with little debate, at the behest of several key politicians. The House then dropped its own revised proposal and passed a measure that more closely resembled the Senate version. Eventually, House and Senate negotiators added a four-year surveillance power sunset provision while retaining most of the enhanced government search powers contained within the Senate bill. This final edition of the bill was approved and took effect after President George W. Bush signed it. Ashcroft had already promised that at "[t]he hour it becomes law, I will issue guidance to each of our 94 U.S. Attorney's Offices and 56 FBI field offices directing them to begin immediately implementing this sweeping legislation."

To read the final version of the bill, click

An ACLU Press Release regarding this final version is available under

For more on Ashcroft's promises of immediate implementation, click

Read "New anti-terror laws for US," BBC News, Oct. 26, 2001 at

For more on the FISA court, see Kelley Beaucar Vlahos, "Secret Court Goes on Extra Duty," Fox News, Oct. 11, 2001 at,2933,36308,00.html

For more of Ashcroft's admission that these measures may not prevent future terrorist attacks, see Charles Babington, "Don't Expect Quick Passage of Anti-Terrorism Package," Washington, Sept. 25, 2001 at

The text of the bill initially approved by the House is available under

The text of Senate bill is posted at

To see a chart that explains the changes that these bills would have on existing surveillance laws, visit the ACLU website under

The text of the original Mobilization Against Terrorism Act is posted at

EPIC's analysis of MATA is posted under

[11] Plan to give Hollywood hacking powers

A major music trade group has pushed for new laws that critics have labeled a "License to Virus."

The Recording Industry Association of America (RIAA) had proposed amendments to anti-terrorist legislation being considered by the United States Congress. Among other things, these amendments would prevent Internet users from suing companies for invading or damaging their computers, so long as the intrusion was "intended to impede or prevent the infringement of copyright in such work by wire or electronic communication." The RIAA's Mitch Glazier explained: "We might try and block somebody. If we know someone is operating a server, a pirated music facility, we could try to take measures to try and prevent them from uploading or transmitting pirated documents."

Revelations about the RIAA's efforts generated an uproar among many members of the Internet community. Marc Rotenberg of the Electronic Privacy Information Center (EPIC-a GILC member) warned that the draft language, if enacted, "could lead to some really bad outcomes, like a program purposefully intended to delete MP3s that misfunctions and erases everything on a disk." A number of academics were also enraged; Orin Kerr from George Washington University charged that the plan "would deny victims their right to sue copyright owners and their agents if they engaged in vigilante justice by hacking or other means in an effort to block online music distribution."

This backlash led the Association to shelve its initial plans. However, Glazier said that his group would submit a revised proposal within the near future, even while claiming that copyright holders had the right to attack private computers under current law. Indeed, reports indicate that Hollywood is developing new software towards that end, including programs to launch denial of service-type attacks against private Internet users and peer-to-peer networks.

See Declan McCullagh, "RIAA Wants to Hack Your PC," Wired News, Oct. 15, 2001 at,1294,47552,00.html

To read the text of the original RIAA-sponsored amendments, click

Additional details regarding new Hollywood oriented attack software, read John Borland, "RIAA: We'll smother song swappers," ZDNet News, Oct. 15, 2001 at,6061,2818064-2,00.html

For German (Deutsch) coverage of this story, see Janko Rottgers, "Kevin Mitnick heimliche Freunde," Heise Telepolis, Oct. 16, 2001 at

[12] Euro surveillance proposals gain momentum

Governments throughout Europe are considering plans that critics say will severely erode Internet privacy.

In one development, a panel of Ministers' Deputies from the Council of Europe has approved a new Convention on Cybercrime. It would require countries to authorize government agents to install spytools on the servers of Internet service providers (ISPs) and thereby intercept all Internet transmissions that come through the servers. The treaty requires signatory nations to comply with foreign investigators, even when they are investigating activities that are not crimes on domestic soil. The Convention, however, does not require countries to enact any specific procedural protections.

Many observers have objected to the Convention because it may allow unnecessary governmental intrusions into cyberspace. The Global Internet Liberty Campaign had condemned a past draft of the convention as "a document that threatens the rights of the individual while extending the powers of police authorities, creates a low-barrier protection of rights uniformly across borders, and ignores highly-regarded data protection principles. Although some changes have been made ... we remain dissatisfied with the substance of the convention." The treaty will be sent to the CoE's Council of Ministers, where it is expected to be approved, then sent to certain individual states for ratification.

Meanwhile, European lawmakers have also shown renewed interest in a proposal that would allow police to demand user data, including emails and internet usage, for up to seven years. A gathering of European Union Justice and Home Affairs ministers are supporting measures that force network providers to retain such information about their customers for criminal investigation purposes. These officials also urged the European Commission to explore the possibility of enacting new laws to benefit "law enforcement efforts." Indeed, the EC is now considering broadly worded legislation that would criminalize many legitimate online activities, such as public protest. For example, one proposal would treat "interference with an information system" designed to "seriously altering or destroying the political, economic or social structures" as a terrorist offense.

In addition, several European nations (including France and the Netherlands) are considering new laws that would restrict private individuals from using computer encryption programs. At the same time, the German Cabinet has adopted a proposal that apparently will force telecommunications providers to build surveillance devices into certain networks, particularly broadband systems.

The text of the new German surveillance proposal (in German/Deutsch) is posted

More information is available from the Chaos Computer Club (CCC-a GILC member) in German/Deutsch under

See Steve Gold, "German Carriers Told To Install Cyber-Snooping Tech," Newsbytes, Oct. 25, 2001 at

Read "Berlin to increase internet surveillance," Agence France-Presse, Oct. 22, 2001 at,7204,3097138%5E15322%5E%5Enbv%5E1 15306,00.html

See Jelle van Buuren, "Dutch government wants to regulate strong cryptography," Heise Telepolis, Oct. 9, 2001 at

See also Jelle van Burren, "Hacker or Terrorist? Both," Heise Telepolis, Sept. 21, 2001 at

For more on French Internet surveillance plans, visit the website of Imaginons un Reseau Internet Solidaire (IRIS-a GILC member) under

For more on new European surveillance proposals, see

A CoE press release on this subject is posted under

Read Wendy McAuliffe, "International cybercrime treaty gets go-ahead," ZDNet UK, Sept. 21, 2001 at,7407,2813992,00.html

To read two GILC letters concerning past drafts of the Convention, click

See Brian Krebs, "European Cyber-Crime Treaty Clears Penultimate Hurdle," Newsbytes, Sept. 20, 2001 at

[13] New pro-privacy coalitions formed

Rising concerns over the possible expansion of government surveillance powers has fueled the growth of coalitions to protect individual privacy.
In the United States, a vast network of non-profit organizations, academics and computer scientists have banded together to form the In Defense of Freedom coalition. The goal of this initiative is get lawmakers to "consider proposals calmly and deliberately with a determination not to erode the liberties and freedoms that are at the core of the American way of life." The list of IDOF affiliates includes several GILC members, such as the Electronic Privacy Information Center, the Electronic Frontier Foundation, Human Rights Watch, NetAction, Privacy International, the American Civil Liberties Union and the Center for Democracy and Technology.

Meanwhile, seven cyberliberties groups have issued a joint letter urging the European Council "to refrain from new and extended communications interception and lawful access powers for police forces and intelligences services." In particular, the document's authors noted how government attempts to restrict "the use of cryptography will negatively affect the security of our communications infrastructure, further damage trust in our economy, and will restrict the rights of individuals, without affecting the capabilities of terrorists." The organizations also urged "European leaders not to implement legislation that mandates internet and telecommunication service providers to retain traffic data for law enforcement purposes. Retention of traffic data will in effect transform our communications infrastructure into a surveillance system that records intimate details of the personal life of all citizens." A number of GILC members participated in this effort, including Bits of Freedom, Digital Rights (Denmark), Quintessenz, FITUG, the Chaos Computer Club, and Privacy International. Civil society groups in several other countries (including France) have issued similar letters.

The letter to the European Council is posted under

See Steve Gold, "European Privacy Groups Lobby EU On Privacy Issues," Newsbytes, Sept. 21, 2001 at

The Open Letter to the French Parliament is posted under

The official In Defense of Freedom website is located at

An ACLU press release regarding the IDOF coalition is posted under

Read David McGuire, "Civil Liberties Groups Rally Against Anti-Terrorism Law," Newsbytes, Sept. 20, 2001 at

Read Declan McCullagh, "Coalition to Congress: Slow Down," Wired News, Sept. 19, 2001 at,1294,46959,00.html

[14] Cell phone tracking plans delayed

Track people using their cellular telephones? Not so fast.

That's the message being given by several major telecommunications providers. Previously, the United States government had pushed a plan known as "Enhanced 911." Under this scheme, mobile phone companies must install technology allowing government agents to locate cellular users within 100 meters. The tracking is done by triangulating the emissions given off by a particular phone between different signal towers. Service providers who fail to comply with these rules may face heavy fines.

Consumer advocates are worried that this new tracking scheme will seriously erode individual privacy. Cheryl Leanza from the Media Access Project argued that rules must be in place to allow customers notice and control over the collected data: "It's important for consumers to have information to know what their options are." Telecom providers are also questioning the wisdom of this scheme, both because of the technical difficulties and potential high cost. Although the government had set an October 1, 2001 deadline for compliance, the timetable was extended after some 53 cellular phone companies filed formal requests for extensions.

A press release from the United States Federal Communications Commission regarding the deadline extension is posted under

Read "Government Oks New Wireless 911 Plan," Associated Press, Oct. 5, 2001 at

Read Yuki Noguchi, "Cellular Firms Seek 911 Delay," Washington Post, Sept. 27, 2001, page E5 at

See also Christopher Stern and Yuki Noguchi, "Attacks Renew Calls for 911 System to Locate Cell Phones," Washington Post, Sept. 19, 2001, page E1, at

[15] E-firms cave to gov't spy demands

In their haste to comply with government demands for personal data, many Internet companies may have violated their own privacy policies.

After the recent terrorist attacks in New York and elsewhere, the FBI reportedly pressured several ISPs, asking them to install Carnivore spyware voluntarily even without a court order. Developed by the United States Federal Bureau of Investigations (FBI), Carnivore can be hooked up to the server of a given Internet service provider (ISP) and intercepts all Internet transmissions that come through the server. Afterwards, it parses out pertinent material, based on keywords provided by the administrator. The latest version of the program, known as Enhanced Carnivore or DCS 1000, uses the Windows 2000 operating system and supposedly includes better filtering and triggering capabilities as well as greater throughput (presumably to cope with high-speed broadband networks).

At least one major provider, Earthlink, refused to comply with these demands, although it did agree to disclose certain details about its customers. The company's president, Mike McQuary, argued that "[p]eople have an expectation of privacy when they're using the Internet on their own computers. We don't tolerate illegal activities on our networks, and we cooperate with law enforcement, but there's a balance that needs to be drawn in all of this." It is unclear how many other companies complied with the FBI's requests, although industry experts suggest that many small ISPs may already consented.

Carnivore had already attracted heavy fire from many experts, who pointed out that the device's lack of an auditing system may allow government agents to unnecessarily invade the privacy of Internet users, without fear of reprisal. David Sobel from the Electronic Privacy Information Center (EPIC-a GILC member) warned: "If not used properly, Carnivore can be abused and capture the information of people not named in court orders."

Read Verne Kopytoff, "Eyes on E-Mail," San Francisco Chronicle, Oct. 15, 2001, page G1 at

Read Patrick Anidjar, "FBI scours internet for clues," Agence France-Presse, Oct. 8, 2001 at,7204,3007366%5E15318%5E%5Enbv%5E1 5306,00.html

See Stefanie Olsen, "Attacks put privacy into focus," ZDNet News, Oct. 2, 2001 at,4586,2815784,00.html

See Kathy Brister, "Earthlink was willing to help but wouldn't let FBI search its data," Atlanta Journal-Constitution, Sept. 19, 2001 at

[16] British gov't forces user data logging

The British government wants to know more about what you've been doing online, even if you're not a terrorist.

Several weeks ago, British government agents forced Internet service providers to keep data about all of their customers for an indefinite period. The vaguely worded request apparently made no distinction between actual suspects and innocent people; indeed, a spokesperson from Britain's National High-Tech Crime Unit conceded that "We are not looking for anything in particular." The cited pretext for this move was to gather possible evidence against collaborators in the September 11 terror attacks. However, there questions as to whether this move violates the British Data Protection Act, which limits the time period during which firms can keep such information. Indeed, the request comes in stark contrast to past assertions from British officials opposing such data retention plans.

The UK Home Office is now seeking new laws that would mandate the retention of customer data in a central location for 12 months. The information to be collected under this proposal would allegedly include such things as lists of websites that a given individual has visited. Some experts fear that this altering of current privacy laws will only be the start of a trend toward massive government intrusion into cyberspace. Telecom companies are also up in arms over the proposal; E-Center UK director Will Roebuck said his group is "concerned about the costs and about what liabilities it will set up for businesses (that) may have contractual obligations with other businesses outside the UK that data is to be kept safe and not divulged."

See Thorold Barker and Jean Eaglesham, "Surveillance: Businesses to hold e-mail records for 12 months, Financial Times, Oct. 17, 2001 at 001949

Read "Casting A Cybernet In Hunt For Clues," Associated Press, Sept. 13, 2001 at,1597,311207-412,00.shtml

[17] Tougher US Net privacy standards now a longshot

Efforts to enact tougher online privacy rules in the United States are facing new hurdles.
Several U.S. Congressmen, notably Representatives Cliff Stearns and W.J. Tauzin, have banded together in an effort to codify existing levels of privacy protection, instead of raising the bar. The bill, which is still being drafted, would require websites to post privacy notices on their websites, but users would have to take the initiative and notify companies that they do not want to be tracked or have personal information collected about them. Firms would be allowed to deny services to people who refuse to divulge sensitive details about themselves, and would be immune from lawsuits based on privacy policy violations. The measure would also prevent states from providing levels of privacy protection that are higher than Federal standards.

These developments come after Timothy Muris, who was recently appointed as head of the U.S. Federal Trade Commission (FTC), announced that his agency would seek greater enforcement current privacy standards rather than push for new laws. The announcement was notable because before Muris was appointed, the FTC had called on Congress to pass legislation that would strengthen Internet privacy. This stance was denounced by some observers; a Forrester Research study concluded that Muris' refusal to push for new privacy legislation poured "gasoline on the fires of the privacy debate. ...[A] company that thinks that the FTC's backing off of legislation means that the issue will go away is sadly mistaken. Instead, addressing privacy one technology or business practice at a time only adds to the confusion."

The text of Muris' speech is posted under

Read Brian Krebs, "Federal Privacy Plans Revealed By House Committee," Newsbytes, Oct. 12, 2001 at

For more on the Forrester Research study, read Erika Morphy, "Report: U.S. Privacy Plan Bad for Business,", Oct. 16, 2001 at

See also Carrie Kirby, "FTC chief to drop call for new privacy laws," San Francisco Chronicle, Oct. 3, 2001, page D2 at

[18] Indonesian cyberlaws delayed

Attempts to draft new Information technology laws in Indonesia may be stalled for several years.

Previously, the Indonesian government was putting together a plan that would have serious implications for online privacy. Although details were sketchy, the proposal would have set standards for the way companies handled online personal information about their customers. The package would also include provisions to target such things as credit card and digital signature fraud.

However, Indonesia's Minister of Communications and Information, Syamsul Mu'arif, announced that these plans have since been shelved. He stated that although "we urgently need the law, we cannot finalize it immediately as we're lacking 'law drafters' as well as information technology experts to help ensure the law will be workable."

See Mike Newlands, "Lack of expertise delays Indonesian cyberlaws," Total Telecom, Sept. 13, 2001 at


The GILC News Alert is the newsletter of the Global Internet Liberty Campaign, an international coalition of organizations working to protect and enhance online civil liberties and human rights. Organizations are invited to join GILC by contacting us at To alert members about threats to cyber liberties, please contact members from your country or send a message to the general GILC address.

To submit information about upcoming events, new activist tools and news stories, contact: GILC Coordinator, American Civil Liberties Union 125 Broad Street 17thFloor, New York, New York 10004 USA. email:

More information about GILC members and news is available at You may re-print or redistribute the GILC NEWS ALERT freely. To subscribe to the alert, please send an mail to with the following message in the body: subscribe gilc-announce