GLOBAL

INTERNET

LIBERTY

CAMPAIGN



NEWS

 GILC Actions 

 Presswire 


ISSUES

 Free Speech 

 Privacy 

 Cryptography

 Access


RESOURCES

 GILC Alert 

 Mailing List
 GILC Events 


ABOUT GILC

 Principles

 Members 

 Mail GILC 


Home Page

US Site
European Mirror

 

GILC Alert
Volume 6, Issue 2

February 21, 2002

 

Welcome to the Global Internet Liberty Campaign Newsletter.

             

Welcome to GILC Alert, the newsletter of the Global Internet Liberty Campaign. We are an international organization of groups working for cyber-liberties, who are determined to preserve civil liberties and human rights on the Internet.

We hope you find this newsletter interesting, and we very much hope that you will avail yourselves of the action items in future issues.

If you are a part of an organization that would be interested in joining GILC, please contact us at gilc@gilc.org.

If you are aware of threats to cyber liberties that we may not know about, please contact the GILC members in your country, or contact GILC as a whole.

Please feel free to redistribute this newsletter to appropriate forums.


Free expression

[1] Euro Net hate speech censor plans revealed
[2] BT linking suit moves forward
[3] Somalia regains limited Net service
[4] Professor ends lawsuit over Net copyright speech curbs
[5] Korean web content controls draw fire
[6] Chinese web activists in sentencing limbo
[7] Malaysian Net speech restrictions loom
[8] ICANN to debate online voting rules in March
[9] New Hong Kong anonymous Net speech battle

Privacy

[10] Kids to receive Digital Angel tracking implants
[11] Experts: Microsoft Internet Explorer patches flawed
[12] Prozac email privacy settlement criticized
[13] US broadband provider user tracking controversy
[14] IRIS files complaint over French data retention law
[15] Choicepoint mega-database suffers Net security breach
[16] Smart homes raise privacy questions
[17] Privaterra initiative launched
[18] Rathenau privacy conference held
[19] French, Danish and Dutch Big Brother Awards ceremonies held

[20] Upcoming CFP 2002 conference


[1] Euro Net hate speech censor plans revealed

After protests from various members of the Internet community, a draft Council of Europe (CoE) protocol has been released that may have serious ramifications for free speech online.

The protocol is being considered in connection with the CoE's Cybercrime Convention. While many details still have yet to be worked out, as currently drafted, the proposal generally would require signatory nations to bar people from "making available" or "distributing ... racist and xenophobic material ... through a computer system." Among other things, the plan also would force signatories to criminalize the use of computer networks to conduct various "racist and xenophobic" activities.

The document appeared after a coalition of non-governmental groups sent a letter to the Council demanding the release of this information because it was "likely to raise critical questions regarding freedom of expression and human rights." The February 6 letter, which was signed by many GILC memberorganizations, argued that the development of the protocol "should conform with principles of transparency and democratic decision-making."

The latest draft of the CoE hate speech protocol is available in PDF format under http://www.legal.coe.int/economiccrime/cybercrime/AvProjetProt2002E.pdf

The February 6 letter is posted at http://www.gilc.org/speech/coe_hatespeech_letter.html

A French language version of this letter is available at http://www.iris.sgdg.org/actions/cybercrime/ngo-coe-fr-0202.html

A dossier of CoE materials on the draft protocol and the relevant negotiations is available from Imaginons un Réseau Internet Solidaire (IRIS-a GILC member) under http://www.iris.sgdg.org/actions/cybercrime/pc-rx/

See "Global Net Crime Treaty Hurts Free Speech," Newsbytes, Feb. 6, 2002 at http://www.newsbytes.com/news/02/174285.html


[2] BT linking suit moves forward

A major telecom conglomerate claims it invented weblinks and that the Internet community should pay for the use of this technology. But a recent court hearing indicates that the law may not be on the firm's side.

In a lawsuit, British Telecom alleges that it possesses intellectual property rights over all links, based on a patent it filed in the 1970s. The communications giant is now demanding licensing fees from American Internet service provider Prodigy. If BT prevails in this case, the company says it will launch more lawsuits in the hopes of collecting additional royalties.

However, BT's claim was met with skepticism and doubt during the initial hearing. Presiding judge Colleen McMahon complained that the language contained in the cited patent was "archaic. It's like reading Old English." Furthermore, Judge McMahon suggested that the technology described in BT's patent had little connection with current Internet realities and "was already outmoded by the time it was patented."

Meanwhile, question marks have arisen over whether the firm actually did invent linking technology. Speculation on this point has been fueled by a video filmed in 1968 (several years before BT said it developed the technology) that shows Stanford researchers demonstrating weblinks. Finally, some experts suggest that there are compelling public policy reasons to reject BT's claim because of its potentially detrimental effect on Internet free speech.

The text of BT's patent is posted under
http://164.195.100.11/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF
&d=PALL&p=1&u=/netahtml/srchnum.htm&r=1&f=G&l=50
&s1='4873662'.WKU.&OS=PN/4873662&RS=PN/4873662

To view the Stanford video, click http://sloan.stanford.edu/mousesite/1968Demo.html

Read Jim Fitzgerald, "BT claims right to click," Associated Press, Feb. 12, 2002 at http://australianit.news.com.au/articles/0,7204,3760588%5E15318%5E%5Enbv%5E1 5306,00.html

For video and text coverage of these developments, see Jane Wakefield, "Why BT claims it owns the right to 'click here'," BBC News, Feb. 11, 2002 at http://news.bbc.co.uk/hi/english/in_depth/sci_tech/2000/dot_life/newsid_1814 000/1814080.stm

Read Simon Bowers, "BT opens hypertext case," The Guardian, Feb. 11, 2002 at http://www.guardian.co.uk/internetnews/story/0,7369,648221,00.html

See "Linking Patent Goes to Court," Reuters, Feb. 7, 2002 at http://www.wired.com/news/print/0,1294,50283,00.html


[3] Somalia regains limited Net service

While partial Internet access has been restored to Somalia, many of its citizens remain offline.

Several months ago, the U.S. government shut down several companies, including al-Barakaat and the Somalia Internet Company, claiming that they were aiding the al Queda terrorist network. The Somalia Internet Company, which partly owned al-Barakaat, was the East African nation's only Internet service provider, and the closures left most Somalians unable to access the Information Superhighway. The disruptions came despite denials from al-Barakaat that it had anything to do with al Queda activities.

Since that time, several organizations, including Telecom Somalia and NetXchange, have tried to bridge the gap in Internet coverage. However, progress has been slow, due to many factors, such as relatively high access fees and limited infrastructure.

For further information, visit the Digital Freedom Network (DFN-a GILC member) website under http://dfn.org/news/somalia/sparse-internet.htm

See "Internet Returns to Mogadishu," AllAfrica.com, Jan. 23, 2002 at http://allafrica.com/stories/200201230295.html

See also Hassan Barise, "Internet returns to Somalia," BBC News Online, Jan. 22, 2002 at http://news.bbc.co.uk/hi/english/world/africa/newsid_1775000/1775865.stm


[4] Professor ends lawsuit over Net copyright speech curbs

A computer researcher in the United States has dropped efforts to test the effects of a much-maligned copyright law on his free speech rights.

Last year, the Recording Industry Association of America (RIAA) wrote a letter to a Princeton University professor, Edward Felten. The letter suggested that he might be sued under the U.S. Digital Millennium Copyright Act if he presented a research paper on decrypting a particular digital watermark copy protection scheme. Felten, who was represented by the Electronic Frontier Foundation (EFF-a GILC member), sued the RIAA, asking a U.S. Federal court to declare that he and his team of scientists had the constitutional right to discuss and publish their research. In the midst of these legal battles, he gave his presentation on August 15 2001.

Eventually, the trial court threw out Felten's lawsuit. This action came after assurances from both the RIAA and from Federal authorities that, in fact, they would not sue him for his research-related activities. Afterwards, the professor decided not to appeal the trial court's dismissal and stated: "Although we would have preferred an enforceable court ruling, our research team decided to take the government and industry at their word that they will never again threaten publishers of scientific research that exposes vulnerabilities in security systems for copyrighted works."

An EFF press release on the end of the Felten case is posted under http://www.eff.org/IP/DMCA/Felten_v_RIAA/20020206_eff_felten_pr.html

Read David McGuire, "Scientist Ends Crusade Against Copyright Law," Newsbytes, Feb. 6, 2002 at http://www.newsbytes.com/news/02/174284.html


[5] Korean web content controls draw fire

Controversy has erupted over the extent to which the South Korean government regulates what people say on the Internet.

The debate has been fueled in part by the actions of the Korean National Election Commission, whose officials sealed off a room at the headquarters of OhmyNews.com, an Internet reporting and commentary service. The room was about to be used for a webcast interview with Noh Mu-hyun, a leading South Korean presidential candidate. An NEC spokesperson later tried to justify these actions, claiming that under current laws, "[i]t is illegal for telecommunications companies, including Internet firms, to broadcast debates among presidential contenders, as they are not categorized as news media outlets." The NEC also barred against another presidential candidate, Kim Geum-tae, from speaking to an analogous Internet news show. In response, Noh slammed the government's apparent attempts at censorship, arguing that such methods "should be employed only at times of national crisis." Several lawmakers have now introduced a bill before the Korean National Assembly that would explicitly allow online reporting of political affairs.

Meanwhile, activists have launched a legal challenge against the Korean Internet Content Rating Ordinance that came into effect in July 2001. The ordinance essentially mandates the blocking of web materials that are considered offensive. Recent reports indicate that the Korean government has used these rules to curb access to some 12 000 sites. After the Korean Information and Communication Ethics Committee issued a shutdown order against Lesbian & Gay Alliance Against Discrimination in Korea (LGAAD), 15 lesbian and gay advocacy groups banded together and fought back by suing the government. The coalition's leader, Im Tae-hoon, charged that the rating scheme's "true purpose is to curb people's freedom of expression that is guaranteed by the Constitution."

Read Kim Hyung-Jin, "Lawmakers submit bill to get Internet news sites recognized as mass media ahead of elections," Korea Herald, Feb. 14, 2002 at http://www.asiamedia.ucla.edu/Weekly2002/02.12.2002/Korea4.htm

See also Kim Hyung-Jin, "Online discussion creates controversy over election law," Korea Herald, Feb. 7, 2002 at http://www.asiamedia.ucla.edu/Weekly2002/02.05.2002/Korea6.htm

The LGAAD website is located at http://outpridekorea.com/lgaad/

Read Kim Deok-hyun, "Homosexual Website Closure Invite Storm," Korea Herald, Jan. 11, 2002 at http://www.hankooki.com/kt_tech/200201/t2002011118013145110.htm

See also Adam Creed, "Korean Gay Activists Challenge Web Site Ban," Newsbytes, Jan. 10, 2002 at http://www.newsbytes.com/news/02/173532.html


[6] Chinese web activists in sentencing limbo

The fate of six Chinese students imprisoned for their Internet activities remains in doubt.
Last September, mainland Chinese authorities arrested the students for posting articles online regarding the Falun Gong spiritual movement. A local trial court then convicted the activists for using an "evil cult to undermine the enforcement of law." Although the scheduled sentencing date was February 18 2002, the tribunal reportedly has postponed the hearing, possibly for one month. The students could spend the next 15 years in a Chinese jail.

The postponement comes a few weeks after Beijing issued rules that will significantly hamper online criticism of the government. Among other things, the measures will force many Internet service providers (ISPs) to install software to detect and copy email content deemed "sensitive"; "subversive" information must be completely blocked out. Websites will only be allowed to publish news items from approved domestic sources. Additionally, ISPs must log information about their users, including viewing times, addresses, and telephone numbers; this data will then be turned over to Chinese officials, presumably to help them hunt down and silence dissidents.

The scheme is just one of several moves by the mainland Chinese regime to stifle online protest. Some experts have suggested that these and other strictures have retarded the growth of the Internet in the Land of the Dragon. According to a recent Chinese government report, less than 3 percent of China's population use the Information Superhighway.

See "Chinese Web Sentencing Delayed," Reuters, Feb. 19, 2002 at http://www.wired.com/news/print/0,1294,50505,00.html

Read Liu Weijun, "Government Sets New Surveillance Rules to ISPs," China News Digest, Jan. 18, 2002 at http://www.cnd.org/Global/02/01/19/020119-1.html

See Lynne O'Donnell, "China tightens controls over web," Australian IT, Jan. 23, 2002 at http://australianit.news.com.au/articles/0,7204,3640521%5E15322%5E%5Enbv%5E1 5306,00.html

See also "China Tightens Web Controls," Associated Press, Jan. 18, 2002 at http://www.wired.com/news/print/0,1294,49855,00.html

For more on Chinese Internet usage statistics, see "China net use soars," BBC News Online, Feb. 11, 2002 at http://news.bbc.co.uk/hi/english/sci/tech/newsid_1814000/1814281.stm


[7] Malaysian Net speech restrictions loom

Over the past few years, the Internet has provided Malaysian citizens with an outlet for news that was relatively free of censorship. Unfortunately, this state of affairs may not last much longer.

Previously, Malaysian laws allowed government agents to close down newspapers, withdraw publishing licenses indefinitely and arrest violators. Until recently, these standards had not been applied to Internet speech; indeed, a few officials have promised repeatedly that they would not censor expression along the Information Superhighway. However, the Malaysian Home Ministry has now drawn up plans to impose a 'code of content' and a licensing system for website operators. These proposals would enable authorities "to discourage the abuse of the internet by irresponsible users" and to address national security concerns. Some experts believe that the changes could become effective as early as this year.

Online journalists have expressed dismay at this turn of events. Steven Gan, editor-in-chief of Malaysiakini.com, fears that licensing of Internet news services will lead to complete censorship. Gan mentioned that websites such as Malaysiakini were already under heavy pressure from the government even though they haven't been explicitly closed out, and feared the Home Ministry's scheme will bring about a total shutdown: "We will be forced to apply for a licence and we know for sure we won't get one."

Read Victoria Laurie, "Mahathir net closing on websites," Australian IT, Feb. 14, 2002 at http://australianit.news.com.au/articles/0,7204,3757565%5E16681%5E%5Enbv%5E, 00.html

See also Susan Loone, "No plans to regulate Internet usage, says ministry," Malaysiakini.com, February 19, 2002 at http://www.malaysiakini.com/news/20020220001220.php


[8] ICANN to debate online voting rules in March

The organization tasked with managing the domain name system may soon make a decision that could have serious implications for the future of Internet governance.

During its March 2002 meetings, the Internet Corporation for Assigned Names and Numbers is expected to consider several possible changes in its power structure. These changes were outlined in a special ICANN committee report that, among other things, recommended a reduction in the number of publicly elected At-Large Board members and requiring domain name ownership as a voting prerequisite. The entire proposal was excoriated by many cyber-libertarians, who feared that it would take voting rights away from large segments of the Internet community. Although some observers had expected a final verdict on the plan in November 2001, ICANN's Board of Directors put off making such a decision until the March conference.

For more information on the Accra meeting, visit the ICANN website under http://www.icann.org/ghana

See David McGuire, "ICANN Polls Public, Industry On Governance," Newsbytes, Feb. 8, 2002 at http://www.newsbytes.com/news/02/174363.html

The ICANN committee report is posted under http://atlargestudy.org/final_report.shtml

For background information in German (Deutsch), read "Mit '.de.mail' zur nachsten ICANN-Wahl," Heise Online, Feb. 4, 2002 at http://www.heise.de/newsticker/data/jk-04.02.02-000/

See "Streit um 'Superregistry'," Heise Online, Feb. 3, 2002 at http://www.heise.de/newsticker/data/anw-03.02.02-004/

See also http://www.internetdemocracyproject.org


[9] New Hong Kong anonymous Net speech battles

A Hong Kong-hosted website has been besieged with legal threats over anonymous messages posted on its chatboards.

IceRed.com describes itself as an Asian "off-line event organizer and on-line community for professionals and university alumni." The company offers numerous interactive forums where users can post missives on a variety of topics without revealing their true names. Since its inception, the firm has received warnings from several groups and individuals, each of whom have demanded the identities of users who posted allegedly libelous statements on the corporation's website. For example, one such petitioner, Max Loh Khum Whai, asked IceRed to turn over the name, home address and Internet protocol number of a user who supposedly sent defamatory messages about him.

These legal wranglings have raised questions as to the extent to which Hong Kong law protects anonymous online speech. The issue is a new one for the former British colony, and the company has cited precedents in United States suggesting that it should not be liable for the activities of its individual users. In any case, IceRed's chief executive Tim Lam, remains defiant: "We provide a platform to give our users an open forum for discussion and intend to continue doing so."

IceRed.com is located under http://www.icered.com

See Doug Nairne, "IceRed to retain its hands-off policy on chat site," Jan. 25, 2002 at http://www.asiamedia.ucla.edu/Weekly2002/01.22.2002/HongKong5.htm


[10] Kids to receive Net tracking implants

A controversial biometric device may soon be used to track children via the Internet.

According to its manufacturer, Applied Data Systems (ADS), Verichip can carry individualized data (such as a person's name, current condition, medical records and unique identification number) and is designed to be imbedded under a person's skin. When a special external scanner is pointed at a Verichip, "a number is displayed by the scanner" and the stored information is transmitted "via telephone or Internet." The company is marketing its product for such purposes as "identification, various law enforcement and defense uses and search and rescue." ADS now plans to test the device on a family from the United States, including their 14-year-old son.

As it turns out, serious questions have arisen as to whether this scheme will actually work. Security expert Richard M. Smith labeled the company's plans a mere "publicity stunt and nothing more," adding that the implants currently would be of "no value because hospitals and the police don't have the reader units." In addition, the United States Food and Drug Administration has yet to approve ADS' product for internal human use. Nevertheless, these latest developments have intensified concern over the possible effect that devices like VeriChip may have on individual privacy.

Read Julia Scheeres, "They Want Their ID Chips Now," Wired News, Feb. 6, 2002 at http://www.wired.com/news/print/0,1294,50187,00.html

An ADS statement about VeriChip is posted under http://www.adsx.com/VeriChip/verichip.html

For further analysis by Richard M. Smith, click http://computerbytesman.com/privacy/verichip.htm

See also Julia Scheeres, "Kidnapped? GPS to the Rescue," Wired News, Jan. 25, 2002 at http://www.wired.com/news/print/0,1294,50004,00.html


[11] Experts: Microsoft patches flawed

Specialists are warning that Microsoft's attempt to remedy various security problems in its Internet Explorer program is far from foolproof.

The software giant had released a patch to eliminate "all known security vulnerabilities affecting Internet Explorer." Unfortunately, several computer experts the discovered that, even after installing the program, users will still be left exposed to a number of known attack methods. One of these schemes, known as the "IE Pop-up OBJECT Tag Bug," allows miscreants to take over victim computers using special websites or email messages.

This latest gaffe is fueling criticism from many observers that the corporation giant is not doing enough to protect sensitive data about their customers. Last year, several groups filed a series of joint complaints with the United States Federal Trade Commission over perceived privacy problems with several Microsoft products, notably Windows XP and Passport. More recently, the Electronic Privacy Information Center (EPIC-a GILC member) issued a letter calling on local authorities in the U.S. to investigate Microsoft for its "failure to make public known security risks in Windows XP and Passport and provide a reasonable degree of control of personal information."

See Matthew Broersma, "Worm exploits MSN Messenger," CNet News, Feb. 14, 2002 at http://news.com.com/2100-1001-837556.html

Read Brian McWilliams, "Microsoft Patch Leaves IE Users Exposed to Attacks," Newsbytes, Feb. 12, 2002 at http://www.newsbytes.com/news/02/174427.html

The most recent EPIC letter on Microsoft privacy problems is available at http://www.epic.org/privacy/consumer/microsoft/stateagletter.html

For background information, visit the EPIC website under http://www.epic.org/privacy/consumer/microsoft/

See also "Gates seeks to plug security holes," Guardian Unlimited, Feb. 13, 2002 at http://www.guardian.co.uk/microsoft/Story/0,2763,649544,00.html


[12] Prozac email privacy settlement criticized

A major drug company has settled a case over its mishandling of personal information online. However, the agreement has drawn fire from privacy advocates.

Eli Lilly and Company had provided a daily Medi-Messenger email service that reminded Prozac users to take their anti-depressant medication. These messages had been sent without identifying the recipients. When Eli Lilly discontinued the service in June 2001, it sent an email to its customers that included a long, publicly visible list of over 700 recipients under the previously blank "To:" header.

In the wake of this development, the American Civil Liberties Union (ACLU-a GILC member) sent a letter to the United States Federal Trade Commission, charging that Eli Lilly's public disclosure of Medi-Messenger recipient email addresses violated the company's posted privacy policy and constituted an unfair trade practice in violation of Federal laws. The United States Federal Trade Commission then investigated the incident, and found that although the firm "claimed that it employs measures ... to maintain ... the ... confidentiality of personal information obtained from or about consumers through its ... Web sites," Eli Lilly "in fact ... had not employed such measures." Among other things, "Lilly failed to provide appropriate training for its employees regarding consumer privacy and information security. ... Lilly's failure to implement appropriate measures also violated certain of its own written policies."

In the aftermath of this investigation, Eli Lilly decided to settle the charges. The tentative agreement with the FTC did not include any fines or monetary damages. Instead, the proposed consent order required Eli Lilly, among other things, to "establish and maintain an information security program for the protection of personally identifiable information." The company would also have to submit reports to the Commission documenting its attempts at compliance.

Privacy experts were less than impressed with the draft order. In formal comments submitted to the FTC, the ACLU said that the "the proposed settlement ... merely codifies the privacy protections the company should have been taking to begin with. ... The FTC should alter the order to impose a fine and order [Eli] Lilly to pay damages to the victims of the company's privacy breach. Imposing a financial penalty will impress upon online medical providers that there is a price to pay for being careless with highly sensitive information."

The settlement agreement is available (in PDF format) under http://www.ftc.gov/os/2002/01/lillyagree.pdf

The ACLU's formal comments on this agreement (in PDF format) are posted at http://www.aclu.org/news/2002/n011802a.html

An FTC press release on the settlement is available under http://www.ftc.gov/opa/2002/01/elililly.htm

Read Robert MacMillan, "Eli Lilly Settles Privacy Charges With FTC," Newsbytes, Jan. 18, 2002 at http://www.newsbytes.com/news/02/173779.html

See also Jim Hu, "FTC wraps Eli Lilly privacy probe," ZDNet News, Jan. 18, 2002 at http://zdnet.com.com/2110-1105-818463.html


[13] US broadband provider user tracking controversy

A war of words has erupted after reports indicated a leading provider of broadband access was secretly tracking its users' web surfing habits.

Comcast is one of the biggest broadband service providers in the United States, with nearly 1 million customers. According to recent reports, the company had instituted a system that logged every website their users visited and matched this information with consumers' Internet protocol addresses. This specific collection of data was apparently done without the knowledge or consent of Comcast's customers. This system allegedly had been implemented in several urban areas (including Washington D.C. and Detroit), and the corporation hoped to expand it nationwide within the near future.

These revelations led to a hailstorm of criticism. David Sobel from the Electronic Privacy Information Center (EPIC-a GILC member) warned that Comcast's apparent attempt to track its customers was unjustified: "Technically, it is not necessary to collect the personal information they were collecting." Comcast's activities also drew scrutiny from politicians such as U.S. Congressman Edward Markey, who issued a letter suggesting that the scheme may have violated the Section 631 of the Federal Communications Act. That law bars cable communications operators from utilizing personal information gathered from their subscribers without obtaining "prior written or electronic consent." Eventually, in a response letter to Markey, Comcast President Brian L. Roberts announced that his company had "stopped collecting and storing the user data that prompted the press reports."

The Markey letter is available (in PDF format) under http://www.house.gov/markey/iss_telecomm_ltr020213.pdf

Comcast's response to Congressman Markey is posted (in PDF format) at http://www.house.gov/markey/iss_telecomm_ltr020213b.pdf

See Christopher Stern, "Comcast Halts Tracking of Its Subscribers," Washington Post, Feb. 14, 2002, page E4 at http://www.washingtonpost.com/wp-dyn/articles/A7313-2002Feb13.html

Read Margaret Kane and Stefanie Olsen, "Comcast to stop storing Web users' data," CNet News, Feb. 13, 2002 at http://news.com.com/2100-1023-836727.html

See Robert MacMillan, "Rep. Markey Relaxes His Comcast Hackles," Newsbytes, Feb. 13, 2002 at http://www.newsbytes.com/news/02/174485.html

See also Ted Bridis, "Comcast Tracks Users' Web Trails," Associated Press, Feb. 13, 2002 at http://www.washingtonpost.com/wp-dyn/articles/A2083-2002Feb12.html


[14] IRIS files complaint over French data retention law

Privacy concerns have led a cyber-liberties group to launch a formal complaint regarding a controversial French law.

Last November, the French government approved a package of security measures popularly known as LSQ (short for "la Loi n°2001-1062 du 15 novembre 2001 sur la Sécurité Quotidienne"). Among other things, Article 29 of the bill will allow the retention of "technical data involved in a communication" for up to one year. However, the exact contours of this scheme are still not clear. Many of the definitions, including the specific types of data to be retained and the actual time period Internet service providers are required to preserve this information, were to be determined by an administrative decree, but such a decree has yet to be published.

After the bill was passed into law, the French group Imaginons un réseau Internet solidaire (IRIS-a GILC member) filed a complaint with the European Commission. In the complaint, IRIS claimed that the LSQ data retention provision violates not only European personal data protection and telecommunications directives, but also several European human rights accords. The group also argued that the measure is unnecessary, inappropriate and disproportionate to any perceived threats. In addition, the organization warned that vagaries in the law might open the floodgates to massive government surveillance along the country's electronic networks.

To read an IRIS press release on this subject in French (Francais), click http://www.iris.sgdg.org/info-debat/comm-lsq-plainte0102.html

An IRIS dossier on LSQ is available at http://www.iris.sgdg.org/actions/loi-sec


[15] Choicepoint mega-database suffers Net security holes

A major personal database company has faced a series of security snafus.

Choicepoint collects personal information and sells it to a variety of clients, including the United States Federal Bureau of Investigations (FBI), the U.S. Department of Justice and several insurance companies. Over the past few weeks, computer scientists have discovered numerous flaws in the security protocols of several Choicepoint affiliated websites. Some of these weaknesses were severe; one such vulnerability would have allowed attackers to view internal Choicepoint reports and files. After some of these problems fixed, another hole was discovered that permitted access to a supposedly "highly secure" area that contained legal documents. One computer expert lashed out at Choicepoint, saying that "[f]or any company to be vulnerable to these problems ... is irresponsible."

Some observers have cited these incidents as evidence of the dangers that massive databases pose to personal privacy. Chris Hoofnagle from the Electronic Privacy Information Center (EPIC-a GILC member) warned that the "risks to personal privacy include not only illegal or inappropriate employee access to the information, but also outsiders who wish to collect profiling information."

See Brian McWilliams, "More Online Security Woes For FBI's Data Firm," Newsbytes, Jan. 28, 2002 at http://www.newsbytes.com/news/02/174003.html

Read Jennifer DiSabatino, "Unregulated databases hold personal data," Computer World, Jan. 21, 2002 at http://www.computerworld.com/storyba/0,4125,NAV47_STO67585,00.html


[16] Smart homes raise privacy questions

New technologies to provide remote control of people's houses via the Internet are fueling concerns over the future of individual privacy.

Some of these technologies are being promoted by the Internet Home Alliance, a trade organization whose membership list includes General Motors, Sun Microsystems, Panasonic, Sears Roebuck and Hewlett-Packard. One such system, named Onstar at Home, allows a person to use the Internet and thereby alter home thermostats, turn on house lights and even open front doors. Onstar's setup also includes a web camera to photograph whatever is going on inside a given house. These cameras and other sensors can be programmed to monitor and provide notification of various events within the home via email, text messaging or ordinary phone calls.

Concern is growing as to what effect these devices will have on privacy. In its published answers to Frequently Asked Questions, the IHA has admitted that "[n]o pilot programs are currently planned that address" the potential privacy implications of the technologies it is attempting to foster. The group did not explain why it has not further investigated these issues, but merely stated that "[i]f the privacy issue is addressed in a pilot program, it would have to be within the larger context of the Internet Lifestyle and how consumers would react to such an issue within that context."

For more on IHA's stance on pilot privacy programs, click http://www.internethomealliance.com/about/faq.asp#9

For an IHA overview of the Onstar at Home system, visit http://www.internethomealliance.com/pilot_pgms/overview_onstar.asp

Audio and text coverage is available from Alfred Hermida, "Smart homes on trial," BBC News, Jan. 24, 2002 at http://news.bbc.co.uk/hi/english/sci/tech/newsid_1776000/1776047.stm


[17] Privaterra initiative launched

A collective of computer experts is working to enhance the privacy of non-governmental organizations around the world.

Privaterra is an ongoing program by Computer Professionals for Social Responsibility (CPSR-a GILC member). It was formed due to concerns that technological advances "have ... made it easier to spy on ... human rights workers, cracking into their communications networks and stealing access to their private information. While it is impossible to completely eradicate the possibility of such activities, encryption technology and other security measures can considerably diminish the likelihood that human rights workers' private communications and other materials will be accessed by unauthorized individuals."

Towards this end, the program will conduct privacy workshops to train members of civil society organizations and provide technical advice to such groups on how to improve their security routines. Privaterra also plans to host an online forum "where attendees and others from their organizations or other organizations can request information about privacy and security technology, or discuss related issues with us and with each other."

The Privaterra website is located at http://privaterra.cpsr.org


[18] Rathenau privacy conference held

The Rathenau Institute, a Dutch national technology assessment organization, held an international conference on privacy in Amsterdam on January 19 2002. The conference compared existing privacy-related practices and attitudes in different countries. Attendees discussed such subjects as wireless communications interception, commercial use of personal data, and camera surveillance in public places. The meeting included presentations and speeches from representatives of several GILC member organizations, including Caspar Bowden from the Foundation for Information Policy Research, David Banisar from Privacy International and Barry Steinhardt from the American Civil Liberties Union.

For more information on this meeting, click http://www.privacyconference.nl/conference_report.html


[19] French, Danish and Dutch Big Brother Awards ceremonies held

Several reputed menaces to individual privacy have become the newest recipients of Big Brother Awards.
These prizes are given out by Privacy International (a GILC member) and affiliated groups in several nations. "Orwells" are presented annually to "government agencies, companies and initiatives which have done most to invade personal privacy. ... Awards are also given to individuals and organizations which have made an outstanding contribution to the protection of privacy."

In France, the Orwell winners included the national prison authority and the French Ministry of Justice, for their apparent violations of European human rights standards designed to prevent overly intrusive government behavior. Other notable winners were Cegedim, a French personal data mining service, and Mante la Jolie, which installed a closed circuit television surveillance system to target an area with a high immigrant population. On the other hand, "Voltaires" were given out to European deputy Alima Boumediene Thierry and the French syndicate of the judiciary, each of whom protested against excessive security legislation.

Meanwhile, Danish Orwells went to several groups, such as Datametrix "for creating technologies for companies to wiretap employee phonecalls" and the Denmark's national police. Among the list of individual Orwell recipients was Danish government minister Frank Jensen, who pushed for the enactment of new anti-terror laws and for repeatedly denying the existence of the global surveillance system popularly known as ECHELON, and Dr. Olgas Bornehave, who used webcams to spy on children. Two "Simons" were handed out: one to Oluf Jorgensen for his persistence and visible presence in fighting against unnecessary surveillance proposals, and the FORTRIN research group who created a traffic control system that respects individual privacy.

The latest Big Brother Awards ceremony took place in Amsterdam on February 15 2002. Winners included the Dutch "State Secretary of Transport, Public Works and Water Management Monique de Vries for breaking open an EU compromise on data retention for telecommunication companies" and "[t]he Commission Mevis for proposing far-reaching demands on banks, insurance companies and telecommunication companies to track, store and disclose customer data to law enforcement."

Over the next few weeks, Big Brother Awards ceremonies will be held in a number of other countries, including the United Kingdom (March 4) and the United States (April 18-see item [20] below).

For more information on the Big Brother Awards, visit http://www.privacyinternational.org/bigbrother/

For more on the French Big Brother Awards, visit http://www.bigbrotherawards.eu.org/2001/bba-f-en.txt

For more on the Danish Big Brother Awards, click http://www.bigbrotherawards.dk/News/BBA2001Winners.html

Additional details on the Dutch Big Brother Awards are available under http://www.bigbrotherawards.nl/index.en.html

See Jelle van Buuren, "First Big Brother Award in the Netherlands," Heise Telepolis, February 19, 2002 at http://www.heise.de/tp/english/inhalt/te/11873/1.html


[20] Upcoming CFP 2002 conference

The Computers, Freedom and Privacy 2002 conference will be held April 16-19 in San Francisco. This year, the meetings will focus on such issues as biometric authentication methods, the future of intellectual property, public records policies, new Internet surveillance legislation and more. The event will also coincide with the presentation of the United States Big Brother Awards on April 18.

Visit the Official CFP 2002 website at http://www.cfp2002.org


ABOUT THE GILC NEWS ALERT:

The GILC News Alert is the newsletter of the Global Internet Liberty Campaign, an international coalition of organizations working to protect and enhance online civil liberties and human rights. Organizations are invited to join GILC by contacting us at gilc@gilc.org.

To alert members about threats to cyber liberties, please contact members from your country or send a message to the general GILC address.

To submit information about upcoming events, new activist tools and news stories, contact:

Christopher Chiu
GILC Coordinator
American Civil Liberties Union
125 Broad Street, 17th Floor
New York, New York 10004
USA

Or email:
cchiu@aclu.org

More information about GILC members and news is available at http://www.gilc.org.

You may re-print or redistribute the GILC NEWS ALERT freely.

To subscribe to the alert, please send an e-mail to
gilc-announce@gilc.org

with the following message in the body:
subscribe gilc-announce


PUBLICATION OF THIS NEWSLETTER IS MADE POSSIBLE BY A GRANT FROM THE OPEN SOCIETY INSTITUTE (OSI)