GILC Actions 



 Free Speech 





 GILC Alert 

 Mailing List
 GILC Events 




 Mail GILC 

Home Page

US Site
European Mirror


GILC Alert
Volume 7, Issue 4

June 25, 2003


Welcome to the Global Internet Liberty Campaign Newsletter.


Welcome to GILC Alert, the newsletter of the Global Internet Liberty Campaign. We are an international organization of groups working for cyber-liberties, who are determined to preserve civil liberties and human rights on the Internet.

We hope you find this newsletter interesting, and we very much hope that you will avail yourselves of the action items in future issues.

If you are a part of an organization that would be interested in joining GILC, please contact us at

If you are aware of threats to cyber liberties that we may not know about, please contact the GILC members in your country, or contact GILC as a whole.

Please feel free to redistribute this newsletter to appropriate forums.

Free expression

[1] US high court upholds library Net censor law
[2] China tortures Net dissident, sends 5 to prison
[3] Prosecution of Vietnamese Net dissident provokes anger
[4] New WSIS human rights caucus proposal
[5] Tajikistani gov't censors news site
[6] Iran expands Net blocking
[7] Pakistani press website faces censorship
[8] Hollywood sues other DVD copying equipment makers
[9] Recording trade group Net copyright threat backfires
[10] California high court hearing in DVD program case
[11] Battle over Korean music sharing website continues
[12] Police pressure student over harmless webblog entry
[13] New study of German Internet censor plans


[14] US politician, Hollywood push computer sabotage systems
[15] Plan to make US spy laws permanent shelved
[16] Report on TIA datamining scheme provokes alarm
[17] Verizon hands over user data to RIAA
[18] For sale: TiVo interactive television user info
[19] UK gov't forces massive Net user data info disclosures
[20] New study of Gator spyware
[21] Microsoft error exposes 200 million Internet users
[22] Japanese government passes personal info bills
[23] EU data protection chief appointment criticized
[24] Survey suggests tougher online privacy laws are needed

[1] US high court upholds library Net censor law

The United States Supreme Court technically upheld a controversial Internet speech law, but the text of the ruling leaves many questions unanswered.

The Children's Internet Protection Act (CIPA) essentially requires high schools and libraries to include blocking software on their computers. Institutions that refuse to do so (or implement policies to that effect) will lose federal funding. Last year, a Federal judicial panel held that the law, which was challenged by the American Library Association (ALA) as well as GILC members the American Civil Liberties Union (ACLU), the Electronic Frontier Foundation (EFF), and the Electronic Privacy Information Center (EPIC), violated the right to free expression protected under the First Amendment to the U.S. Constitution: "Any public library that adheres to CIPA's conditions will necessarily restrict patrons' access to a substantial amount of protected speech in violation of the First Amendment." The U.S. Justice Department then appealed to the Supreme Court.

The high court was heavily split over the case. In a fractured ruling, the Justices voted 6-3 to uphold CIPA. However, the opinions of various justices, when taken together, seemed to suggest that librarians do have the power to shut down the blocking system entirely when requested by a patron, and that library customers need not identify themselves or provide a reason for wanting to turn off the software. Thus, Justice Anthony Kennedy's concurring opinion contained language saying that "on the request of an adult user, a librarian will unblock filtered material or disable the Internet software filter without significant delay."

Free speech advocates have given the Court's opinion mixed reviews. ACLU staff attorney Chris Hansen said he was "disappointed that the Court upheld a law that is unequivocally a form of censorship," but noted that the ruling had a "silver lining," since the Justices "essentially rewrote the law to minimize its effect on adult library patrons."

The text of the high court's opinion is posted under

An ACLU press release about the decision is posted under

See Charles Lane, "Ruling Backs Porn Filters In Libraries," Washington Post, 24 June 2003, page A1 at

Read "High Court Upholds Porn Filters," Associated Press, 23 June 2003 at,1283,59359,00.html

See also "US porn-filter law upheld," BBC News Online, 23 June 2003 at

[2] China tortures Net dissident, sends 5 to prison

The Mainland Chinese government has sentenced 5 web operators and writers to multi-year prison terms each for posting controversial content on the Internet.

Four of these people, Xu Wei, Jin Haike, Yang Zili, and Zhang Honghai, were reportedly part of an Internet-based organization, the New Youth Society, which was dedicated to exploring democracy and social reform in China. They have since received jail sentences of 8 to 10 years each after several articles critical of the Chinese government appeared on their website. All 4 men complained of abusive treatment while in detention. According to Human Rights in China, Xu Wei protested in court about being brutally beaten and tortured with electrical shocks while in custody. He had to be carried out of the courtroom after being knocked unconscious from striking his head against the judge's desk, and subsequently began a hunger strike after his sentencing. Ann Cooper, director of the New York-based Committee to Protect Journalists (CPJ-a GILC member), stated that "[i]t is ridiculous that the Chinese Government considers the peaceful expression of one's views a subversive act."

In addition, Huang Qi has now been sentenced to a 5-year prison term after visitors to Huang's site posted several allegedly "subversive" articles. He was the proprietor of a website designed to publicize information about missing people that attracted postings about alleged human rights abuses, corruption, and political issues.

These sentences are being seen as just one of a multitude of moves that mainland Chinese authorities have made to stifle free speech online. A recently published study commissioned by Reporters Sans Frontieres (RSF-a GILC member) indicates many online avenues for expression, notably Internet chatboards, are subject to heavy censorship. According to the report, messages with "banned words" such as "human rights" and "Taiwan independence" and "SARS" are "systematically blocked," while messages "that contain no banned words may lead to scrutiny from "volunteers" who "have the ability to suspend or ban forum visitors considered vulgar or politically incorrect." Offenders may later be arrested; thus the Chinese government has arrested 4 people for online discussion of SARS-related issues.

Read Henry Hoenig, "Beijing goes high-tech to block Sars messages," New Zealand Herald, 16 June 2003 at

To learn more about Xu's hunger strike, see "China Internet dissident 'on hunger strike'," BBC News Online, 3 June 2003 at

To read more about Huang's conviction, see "China Internet operator jailed," BBC News Online, 19 May 2003 at

For information about the sentencing of Xu and his compatriots, see "China jails web dissidents," BBC News Online, 29 May 2003 at

See also John Gittings, "China jails Internet dissidents," The Guardian (UK), 30 May 2003 at,7369,966696,00.html

The RSF report on Chinese censorship of Net chat boards is posted at

See also "Information Control and Self-Censorship in the PRC and the Spread of SARS," U.S. Congressional-Executive Commission on China, 7 May 2003 at 3734ec38ad0026e14

See also "China nabs 4 for spreading SARS rumours on the Internet," The Financial Gazette, 7 May 2003 at

[3] Prosecution of Vietnamese Net dissident provokes anger

A Vietnamese doctor may soon spend more than a decade in prison over his Internet activities.

Pham Hong Son allegedly wrote and translated several pro-democracy papers that were then posted on the Information Superhighway. Vietnamese authorities had initially questioned him on this subject and confiscated various personal items, including computer equipment and numerous documents. When the government denied his requests to reclaim his belongings, he posted an open letter on the Internet to protest their decision. Subsequently, Vietnamese officials convicted him of spying and using the Information Superhighway to distribute critiques of the government. He has since been sentenced to 13 years in jail, plus 3 years of house arrest after he leaves prison.

His prosecution has drawn heavy protests from free speech advocates. Minky Worden from Human Rights Watch (HRW-a GILC member) warned: "Vietnam's crackdown on critics who use the Internet to peacefully disseminate their ideas or communicate with democracy advocates abroad appears to be escalating. ... These harsh prison sentences and vaguely worded charges of spying appear designed to intimidate not only government critics, but everyone in Vietnam who uses the Internet."

For more information, visit the Digital Freedom Network (DFN-a GILC member) website under

An HRW press release on this subject is posted under

Read "Vietnam net dissident jailed," BBC News Online, 18 June 2003 at

[4] New WSIS human rights caucus proposal

Controversy continues to surround preparations for an upcoming World Summit on the Information Society (WSIS).

The WSIS, which is being organized by the International Telecommunications Union under the auspices of the United Nations, is supposedly meant to foster discussion regarding the socio-economic impact of new technologies. Its official goal is "to develop and foster a clear statement of political will and a concrete plan of action for achieving the goals of the Information Society, while fully reflecting all the different interests at stake." The first meeting will be held in Geneva, Switzerland from 10-12 December 2003 and the second in Tunis, Tunisia in November 2005, with various Preparatory Committee (PrepCom) sessions to take place beforehand.

However, even as plans are being formed for the Summit, questions have arisen as to whether the WSIS will sufficiently address concerns of civil society, including issues of human rights. For example, the Association for Progressive Communications (APC-a GILC member) issued a detailed analysis of key WSIS documents (including the Draft Declaration of Principles and Draft Action Plan), and concluded that the papers failed to address "sufficiently" a number of important subjects. Among other things, APC took the WSIS committee to task for "lacking awareness on proposals around the 'information security agenda' that threaten to further harm already weakened human rights in areas such as privacy and data protection" and insufficiently acknowledging "the negative impact of Intellectual Property Rights on access to information and knowledge, and on technological innovation." Furthermore, the Board of the World Association of Newspapers and the Board of the World Editors Forum have expressed concern "that concepts that would regulate information and restrict the free flow of news are emerging in preparatory meetings for the WSIS, which is designed by UN agencies to produce policies for extending the benefits of information technologies and bridging the 'digital divide' between rich and poor societies."

In order to remedy the situation, a number of organizations have banded together to form a WSIS Human Rights Caucus. The idea, which was proposed Imaginons un Reseau Internet Solidaire (IRIS-a GILC member), is to put "Human Rights on the agenda of the WSIS," develop "detailed inputs and contributions on how Human rights, as broadly defined, can be precisely translated within the specific framework of information and communication, in order to build a common vision of this society," and to raise the "awareness of NGOs [non-governmental organizations] and the public on the importance of addressing Human rights in the information society." Several GILC members have joined IRIS in this effort, including APC, Computer Professionals for Social Responsibility, Cyber-Rights & Cyber-Liberties UK, Digital Rights Denmark, the Electronic Privacy Information Center, VIBE! AT and the American Civil Liberties Union.

For more regarding the WSIS Human Rights Caucus, click

APC and APC WNSP's critique of the WSIS Draft Declaration and Action Plan are available via

A World Association of Newspapers press release regarding press freedom on the Internet and the WSIS is available under

For further information from APC in Spanish (Espanol), at

An archive of official WSIS documents is located at|1&c_ty pe=all

[5] Tajikistani gov't censors news site

Authorities in Tajikistan are apparently blocking access to a news website that includes reports that criticize the government. was launched this past March by opposition journalist Dododjoin Atovulloev from outside of the country. According to its creator, the site is the only one "that dares to criticise the president, government and parliament and say the things the local press does not report." The site includes quotes from various opposition party leaders as well as political affairs experts regarding a Tajik constitutional reform referendum that is scheduled for later this month. Reports now indicate that the country's security ministry is denying access to the site. Atovulloev, who has now received numerous death threats, explained that the government was blocking his site because "they view any form of dissidence as a crime."

Several free press groups have lobbied in support of the embattled news website. Robert Ménard, the Secretary-General of Reporters Sans Frontieres (RSF-a GILC member) wrote a letter to Tajik President Imamali Rahmanov, urging him "to do everything possible to ensure that [] is accessible again and that the independent media can develop without obstruction."

An RSF press release on this subject is available at

[6] Iran expands Net blocking

The Iranian government has ordered the blocking of 15 000 sites for displaying allegedly offensive content.

In addition to banning about 80 newspapers and magazines, Iran's government has extended its reach to censoring publications online. Toward that end, Iranian authorities have created a list of "immoral" and "political" sites that "rudely make fun of religious and political figures in the country." This list has been sent to Internet service providers (ISPs) for blocking purposes; reports indicate that ISPs could face court action if they do not comply.

In addition to the website blacklist, Iranian authorities have arrested Sina Motallebi, an online journalist and the proprietor of, in connection with various interviews he had posted on his website, as well as for defending another journalist who ran a cartoon in a newspaper that offended the government. The arrest of Motallebi has led to condemnation from various free speech groups, including Reporters Sans Frontieres (RSF-a GILC member). In addition, an online petition drive for his release has drawn thousands of signatures.

Read "Iran steps up net censorship," BBC News Online, 12 May 2003 at

For further information in Italian, see "Iran, censura su 15mila siti Internet," RAINet News, 13 May 2003 at,7605,52749%5Eh omePageStrilli%5E41%5E,00.html

See also "Bloggers unite to fight," BBC News Online, 2 May 2003 at

[7] Pakistani press website faces censorship

Pakistani authorities have blocked the country's Internet users from visiting a prominent news website.

According to the publication's editor, Shaheen Sehbai, the South Asia Tribune was censored because it had "done a number of stories that exposed government policies." Among other things, the Tribune had criticized Pakistan's president, Pervez Musharraf, and had taken the ruling regime to task for multiple human rights violations. Efforts by Pakistani government agents to block the website were apparently made easier because one entity, the Pakistan Internet Exchange, is the predominant Internet provider in the country, and can thereby act as gatekeeper to prevent regular Pakistani citizens from reaching various parts of cyberspace. Sehbai also mentioned that, in addition to harassing his family members, the government has published an advertisement in Pakistani newspapers asking people not to visit the website and has warned Pakistani media not to reprint stories published by the Tribune.

Not surprisingly, many members of the international community have denounced the Pakistani government's actions. Reporters Sans Frontieres (RSF-a GILC member) issued a statement labeling the blocking of the Tribune "a serious violation of press freedom and of the right of Pakistanis to diverse information and news." In the meantime, the website has been moved to a proxy server in the hopes of circumventing Pakistani government censors.

The relocated Tribune website can be viewed at

An RSF press release on this subject is posted at

See Editor's Note, "SA Tribune Blockade Continues," South Asia Tribune, 8-14 June 2003 at

For further background information, click

[8] Hollywood sues other DVD copying equipment makers

Several Hollywood movie studios are suing to bar the sale of DVD copying software-efforts that may have significant effects on free speech in the digital domain.

These battles are being waged in two separate cases. Paramount Pictures and Twentieth Century Fox Film have filed suit in Federal court in New York to stop 5 companies (Internet Enterprises, Rdestiny,,, and from selling DVD copying software. Meanwhile, the Motion Picture Association of America (on behalf of Sony, AOL, Time Warner, Vivendi Universal, Walt Disney, MGM, Pixar Animation Studios, and Saul Zaentz Co.) has launched a similar action before a federal judge in San Francisco against DVD copying software (DVD X Copy and DVD Copy Plus) manufactured by 321 Studios. The question in both cases is whether selling DVD-copying software is illegal under the much-debated Digital Millennium Copyright Act (DMCA), as claimed by the movie studios, or legitimate "fair use," as claimed by the software companies. Specifically, the movie studios argue that the DVD-copying software circumvents the anti-copying digital "locks" that studios place on each DVD, and thus contravenes the DMCA.

Consumer-rights organizations and some technology groups, however, maintain that the software is legal because, under the doctrine of "fair use" in copyright law, consumers should be permitted to make personal backup copies of DVDs they have already purchased. The Electronic Frontier Foundation (EFF-a GILC Member) maintained the courts should protect technologies that enable copying that has been traditionally viewed as legal--such as when people make back-up copies, when videographers duplicate their work, or when teachers excerpt films for educational use. EFF staff attorney Wendy Seltzer explained that the "public should benefit from new media technologies, not find its rights further restricted when new formats are used." These concerns have bolstered the efforts of various politicians, including U.S. Congressmembers Zoe Lofgren and Rick Boucher, to amend the DMCA and thereby protect traditional fair use rights. Representative Boucher pointed out that the "DMCA is having an adverse effect on technological innovation. There are numerous cases in court or on appeal that would utilize this act to stifle competition and technological innovation. This situation has stimulated vigorous debate about what changes should be wrought on the existing DMCA."

Read "Studios broaden DVD-copying fight," Reuters, 16 May 2003 at

See also "Hollywood Makes War On DVD Copying,", 16 May 2003 at

For more background information, see Lisa M. Bowman, "DVD-copying case heads to court," CNet News, 14 May 2003 at

For more on legislative efforts to reform the DMCA, click

[9] Recording trade group Net copyright threats backfire

A major recording industry group has expressed regret for harassing innocent people over their Internet activities.

The Recording Industry Association of America (RIAA) had sent a letter to Penn State University's Department of Astronomy and Astrophysics claiming that it had engaged in the illegal distribution of songs by the musician Usher. The RIAA went on to demand that the Department delete the allegedly infringing files. However, no such sound files existed on the Department's server, which is used by faculty and graduate students to publish research and grant proposals. In fact, the only references to "Usher" and music files at the Department were a professor emeritus named Peter Usher who worked on radio-selected quasars, and an mp3 of an acapella song performed by astronomers about a gamma ray satellite that Penn State helped design. RIAA apologized for the mistake, claiming that a temporary employee caused the faulty notice to be sent.

The erroneous letter came shortly after the RIAA increased its enforcement efforts against file-swapping services at universities. In May, 4 students agreed to pay between USD 12 000 to 17 000 each to settle a lawsuit brought by the RIAA for running file-sharing services that, according to the RIAA, facilitated the illegally swapping of copyrighted music.

See Declan McCullagh, "RIAA apologizes for threatening letter," CNet, 12 May 2003 at

For information about the student settlement, read Frank Ahrens, "4 Students To Pay for Music File Swapping" Washington Post, 2 May 2003 at

[10] California high court hearing in DVD program case

California's high court is asked to decide whether the banning of Internet postings of DeCSS computer code violates free speech.

At the center of the dispute is DeCSS, a primitive program that was created to help users of the Linux computer operating system watch DVDs on their machines. Four years ago, the DVD Copy Control Association (DVD CCA) sued Andrew Bunner and hundreds of other people claiming that they violated California trade secret law by publishing (or providing weblinks to) the code. A state trial court agreed with DVD CCA and granted an injunction banning Internet posting of DeCSS. An appeals panel overturned the trial court ruling, saying that Bunner's activities were protected under the First Amendment of the United States Constitution, which guarantees the right to free speech. In the current leg of the case, DVD CCA is asking the California Supreme Court to decide whether the DeCSS ban should be permitted.

Free expression advocates, including the Electronic Frontier Foundation (EFF-a GILC member) are hoping that the lower appeals court ruling will be upheld. An EFF spokesperson explained: "Well established trade secret law clearly holds that only those individuals who have undertaken an affirmative duty to treat information as a trade secret are required by law to keep it secret. People who obtain information from the public domain have a First Amendment right to republish that information."

An EFF press release on this subject is posted at

See Lisa M. Bowman, "Arguments made in DVD-cracking case," CNet News, 29 May 2003 at

See also Bob Egleko, "Lockyer weighs in on piracy: State official testifies against DVD copying," San Francisco Chronicle, 30 May 2003 at

[11] Battle over Korean music sharing website continues

A Korean music file-sharing service has won the latest round in a long-running series of court battles.

Soribada, meaning "sea of sound," is Korea's leading peer-to-peer Internet site, which allows users to swap MP3 music files. Last year, the service had lost in civil court to the Recording Industry Association of Korea (RIAK), which convinced a court to order Soribada to prohibit users from uploading and downloading MP3 files produced by RIAK members. In addition, Soribada's proprietors, Yang Jung-hwan and Yang Il-hwan, were arrested in 2001 and charged with aiding and condoning copyright violations. If convicted, they each could have faced 5 years in prison.

Several weeks ago, a District Court in the nation's capital, Seoul, dismissed these criminal charges against the Yang brothers, holding that the government had failed to meet the burden of proof. "When indicting a person on a charge of abetting, there must be a detailed description of the crimes of the principal offenders, which is a precondition for any indictment. But prosecutors failed to give clear examples and specified facts on how and when Yang brothers helped millions of users to infringe upon copyrights of music producers in this case, simply listing the Internet identifications of users of the website as principal offenders." The decision could have serious free speech implications; Cho Won-hee, who represented the Yangs in this case, noted that it "is a global trend that the court cannot call the service operator to account for violation of intellectual property rights by service users when a website service operator becomes unable to control copyright infringements by service users." However, Prosecutors have since said that they will appeal the ruling.

See Kim Sung-jin, "Legal Battle on Online Music File Swapping Enters New Phase," The Korea Times, 20 May 2003 at

[12] Police pressure student over harmless webblog entry

A teenager in the United States recently found herself under heavy police scrutiny over an innocent note she put in her online journal.

Erin Carter had written in her webblog about rumors that her high school's computer network had been hacked. Before the network problems were determined to be the result of a glitch and not hacking, two local Chapel Hill police officers, wearing shirts with the insignia of the U.S. Federal Bureau of Investigation (FBI) questioned her about her webblog entry. One of the police officers presented her with an unauthorized FBI business card identifying him as a "task force agent" of an FBI "Cyber Crime Task Force," leading her to erroneously believe that they were affiliated with the FBI.

After an internal investigation by the Chapel Hill Police Department, one of the officers resigned - right before being presented with a termination notice - and the other was suspended. The Department also instituted a new dress code policy to ensure that no one else is misled into believing that officers represent another law enforcement entity.

See Jon Elliston, "Chapel Hill cop resigns, another is suspended, after Indy expose," Durham Independent Online, 11 June 2003 at

[13] New study of German Internet censor plans

A new report indicates that a local German government's web content blocking orders are technically "next to impossible" to implement.

The district government of Dusseldorf had previously ordered Internet service providers (ISPs) to prevent users from reaching selected foreign websites. While Dusseldorf officials tried to justify these efforts as a way to fight right-wing extremists, many members of the Internet community objected, saying that the order would, among other things not only prevent access to neo-Nazi sites, but would also censor political criticism, entertainment files, and sexual content.

These fears were largely borne out in the report, which analyzing the engineering issues involved in the content blocking mandates of the Dusseldorf government, including different techniques used to deploy blocking at the provider level. The document determines that German ISPs are confused about which sites to block, create misconfiguations to either over- or under-block sites mandated by the orders, and that, at best, only 55% of ISPs are complying with the orders.

See Maximillian Dornseif, "Government mandated blocking of foreign Web content," reprint of the "Lecture Notes in Informatics" article available at

[14] US politician, Hollywood push computer sabotage systems

We must destroy private users' computers in order to prevent downloading of copyrighted files.

That's the message being sent by a leading United States politician as well as several of the world's largest record labels. U.S. Senator Orrin Hatch said that he was "interested" in technology that would sabotage the computers and Internet connections of people who access copyrighted music via the Information Superhighway, claiming that such methods "may be the only way you can teach somebody about copyrights." He even suggested that several hundred thousands of machines should be targeted, so that "people would realize" the seriousness of their actions.

Hatch's provocative comments came just as five of the biggest recording labels (Vivendi's Universal Music Group, AOL Time Warner Music Group, Sony Music Entertainment, Bertelsmann BMG and EMI Group) have backed efforts to develop software to disrupt Internet users' activities in the name of copyright enforcement. Such programs range in degree of severity, from halting or attacking a computer's Internet connections to stopping downloads to freezing a computer for a certain amount of time. Other strategies include the "Trojan horse" which forwards users to websites where they can legitimately buy the songs they tried to download, and "silence" programs which scan a computer's hard drive for pirated music files and attempt to delete them. The pilot test of the silence program proved faulty as it deleted legitimate files and is being reworked. Additionally, the Business Software Alliance (whose members include Microsoft and Adobe) has aimed its "software-sniffing web crawler" specifically at Asia-Pacific sites; many of the websites that the crawler discovered were then shut down by the Internet service providers hosting them.

Fellow politicians and legal scholars were appalled by this sort of digital vigilanteism. U.S. Senator Patrick Leahy said that while the "rights of copyright holders need to be protected, ... some Draconian remedies that have been suggested would create more problems than they would solve. We need to work together to find the right answers, and this is not one of them." Stanford Law School professor Lawrence Lessig warned: "Some of this stuff is going to be illegal. It depends if they are doing a sufficient amount of damage. The law has ways to deal with copyright infringement. Freezing people's computers is not within the scope of the copyright laws."

George Washington University law professor Orin Kerr pointed out that, should Hatch's suggestions be implemented, "innocent users might be targeted." Hatch has since backtracked somewhat from his prior statements, suggesting in a press release that he does "not favor extreme" copyright remedies "unless no moderate remedies can be found" and asking "interested industries to help us find those moderate remedies."

See "Destroy 'pirate' PCs, says politician," BBC News Online, 18 June 2003 at

Read "Radical Illegal Download Remedy,", 18 June 2003 at

See John Lui, "Antipiracy team scans Asian P2P sites," 5 June 2003 at

The aforementioned press release from Senator Hatch regarding his prior comments is posted under Release_id=205147

For background information, read "Labels aim to shiver pirates' timbers," Reuters, 3 May 2003 at

For further information in Spanish (Espanol), see "Software que sabotea ordenadores con musica 'pirata'," 5 May 2003 at 6168.shtml

[15] Plan to make US spy laws permanent shelved

The plans to make permanent various controversial changes to United States surveillance laws have been dropped as part of a political compromise.

The legislative battle centered around a package of measures that were adopted in late 2001. Among other things, the USA Patriot Act applied loose pen register protections previously used for such information as phone numbers and applied them to the Information Superhighway, rather than requiring law enforcement agents to show probable cause that a crime is being committed and get a court order. It also expanded the powers of a secret United States court, created under the Foreign Intelligence Surveillance Act (FISA), whose procedural protections are not as strong as those of other tribunals. In addition, the measures provided the government with the ability to break into houses and conduct secret "sneak-and-peek" searches. A number of these powers were scheduled to expire or "sunset" by 2005.

Earlier this year, U.S. Senator Orrin Hatch pushed a proposal to remove the "sunset" language from the legislation, so that those powers would last indefinitely. Subsequently, Hatch shelved his proposal (at least for the time being) as part of a deal that was worked out with opposition party leaders. Under this deal, the Senate approved a FISA expansion bill that weakened prior requirements for the government to prove that the targeted individual does indeed have ties to a foreign power before getting a FISA warrant.

Meanwhile, U.S. Attorney General John Ashcroft has foreshadowed that a successor to the highly controversial USA Patriot Act is in the works. It is widely believed that Ashcroft was referring to the recently-leaked Domestic Security Enhancement Act (DSEA), which was purportedly drafted by the U.S. Department of Justice and would follow the approach of legislation that was passed in 2001 by further eroding or removing various restrictions on government surveillance. For example, the plan would make it easier for government agents to spy on and wiretap U.S. citizens under FISA; in certain cases, these agents could bypass the FISA trial court completely and conduct wiretaps and searches without a warrant. The bill also provides for general surveillance orders to cover multiple functions of such devices as cellphones that can send email and TiVo video recorders. Additionally, the proposal would allow searches, wiretaps and surveillance of U.S. citizens on behalf of foreign governments - including dictatorships and human rights abusers - in the absence of U.S. Senate-approved treaties.

These legislative battles come even as fears that the government is abusing its foreign intelligence surveillance powers continue to grow. These fears were exacerbated by a recent report to the administrative office of the U.S. courts, where the government disclosed that it has asked for and received a record 1228 warrants in 2002 for secret wiretaps and searches of suspected terrorists, up from 934 in 2001 and 1003 in 2000.

To read the text of the FISA expansion bill (in PDF format), click

A transcript of the Senate proceedings regarding the FISA expansion bill is available at

An ACLU letter regarding an earlier version of this bill is posted under

An ACLU press release regarding Ashcroft's statements is posted under

Read "Clash Over Patriot Act,", 5 June 2003 at

Read Eric Lichtblau, "GOP senators end push to make Patriot Act permanent," New York Times, 9 May 2003 at 06790.DTL

To read the U.S. government report on FISA warrants in 2002, click

[16] Report on TIA data-mining scheme provokes alarm

The United States Department of Defense (DoD) has released a report to Congress detailing the development of a massive computer surveillance system that would have unprecedented ability to track individuals.

Conceived by retired Admiral John Poindexter, the Terrorism Information Awareness project (previously named Total Information Awareness) is being designed by the DoD to gather personal data on a grand scale. Its proponents believe that by scanning and analyzing this massive pile of data, government agents will be able to predict and prevent crime. Some of the goals of TIA include the ability to identify people at great distances by the irises of their eyes, the grooves in their face and their gait. The technology would also analyze such things as airline ticket purchases, visa applications, emails, and phone calls as well as educational, medical and financial records.

After a flurry of controversy, Congress voted several months ago to suspend the program until the Pentagon issued a report detailing the impact of the program on civil liberties. In the ensuing report, among other things, the Pentagon assured Congress that the program would have built-in mechanisms to guarantee the protection of privacy and said that TIA's research and testing activities are conducted either by legally obtained intelligence information or "artificial synthetic information" that does not threaten the privacy of U.S. persons. However, privacy advocates remained unimpressed by the DoD report, saying it contains little concrete discussion of civil liberties in the actual use of TIA and instead uses vague language to address privacy concerns. There also is little or no mention of data accuracy and TIA accountability to individuals.

Even more ominously, an analysis published by the Electronic Frontier Foundation (EFF-a GILC member) suggested that the TIA project is actually far larger than the Pentagon has otherwise suggested. Thus, while the Pentagon issued a USD 54 million budget submission for Fiscal Years 2003 through 2005, the EFF noted that this figure includes only the line item of TIA and not the line items for all the supplementary programs. According to the EFF's count, the budget for all the reports detailed in the DoD report is about USD 300 million for FY 2003 and FY 2004.

The DARPA report is available via

An EFF critique of this report is posted under

For more on the TIA Lifelog project, read Michael J. Sniffen, "A Diary That Never Sleeps," Associated Press, 3 June 2003 at

Read Ariana Eunjung Cha, "Pentagon Details New Surveillance System," Washington Post, 21 May 2003, page A6 at

See "U.S. promises limits on computer dragnet," Reuters, 20 May 2003 at

More information in German (Deutsch) is available in "DARPA gibt Details zu 'Terrorist Information Awareness'-Programm bekannt," Heise Online, 21 May 2003 at

See also "Pentagon surveillance system hopes to identify people by walk," Associated Press, 21 May 2003 at

[17] Verizon hands over user data to RIAA

A major telecommunications company has surrendered the names of four customers to a recording industry trade group in a heavily watched online privacy case.

Several months ago, the Recording Industry Association of America (RIAA) requested data concerning a subscriber of telecom giant Verizon. The RIAA claimed that the individuals in question had engaged in copyright infringement through peer-to-peer music file trading over the Internet. The Association argued that it had the power to gather such information under the United States Digital Millennium Copyright Act (DMCA) even though it had not actually filed a lawsuit yet. The cited DMCA provision essentially says that copyright owners can request a U.S. Federal court to subpoena "information sufficient to identify the alleged infringer" from a "service provider." Verizon initially refused, claiming that this power can only be used when infringing material is stored or controlled on the service provider's network. A number of privacy groups, including GILC members the Electronic Frontier Foundation (EFF), Computer Professionals for Social Responsibility (CPSR) and the Electronic Privacy Information Center (EPIC), filed legal papers expressing opposition to the RIAA's demands.

Eventually, however, a U.S. Federal appeals court sided with the RIAA and ordered Verizon to turn over the names. After Verizon complied with this order, the RIAA sent letters to the relevant individuals threatening legal action against them. The case could pave the way for copyright holders to more easily identify people who trade files on peer-to-peer networks. Indeed, the RIAA has now announced plans to sue hundreds of people who have engaged in such online peer-to-peer file trading.

The issue has now caught the attention of state and Federal policymakers, who are considering possible legislative solutions. For example, U.S. Senator Sam Brownback proposed one such bill that would scale back the ability of record labels, movie studios and software companies to use anti-copying technology, as well as amend the DMCA so that a judge's approval would be necessary before a targeted individual's name could be disclosed. Brownback reportedly has since withdrawn his proposal as part of deal under which Senate Commerce Committee Chairman John McCain will hold a hearing on this subject. In addition, a proposal has been submitted to the California state legislature that would essentially require prompt notice to customers from their ISPs that personal information about them is being sought.

Read Roy Mark, "McCain Promises Review of DMCA Subpoena Power,", 20 June 2003 at

See "Record giants 'will sue downloaders,'" BBC News Online, 25 June 2003 at

Read "Music 'pirates' sent ultimatum," BBC News Online, 19 June 2003 at

See Lisa M. Bowman and Evan Hansen, "Verizon to hand names over to RIAA," CNet News, 4 June 2003 at

See also Christopher Stern, "Verizon Identifies Download Suspects," Washington Post, 6 June 2003, page E5 at

Further information on this story is available from the Electronic Frontier Foundation (EFF-a GILC member) website under

For more about the Brownback bill, see Declan McCullagh, "Senator wants limits on copy protection," CNet News, 4 June 2003 at

An EFF press release regarding the California bill is posted under

See Julia Scheeres, "Making It Harder for Prying Eyes," Wired News, 5 May 2003 at,1283,58720,00.html

For coverage in German (Deutsch), see "US-Burgerrechtler fordern mehr Identitatsschutz im Internet," 8 May 2003 at

[18] For sale: TiVo interactive television user info

Privacy concerns over a highly touted interactive television device have heightened after its manufacturers have announced they will soon sell users' personal information.

TiVo is a personal video recorder with Internet connections. It allows consumers to replay television broadcasts within seconds and includes advanced programming options. However, researchers have determined that the device collects detailed information about users' viewing habits and sends this data back to the manufacturer through the Information Superhighway. While the manufacturer claims that these profiles were anonymized, a report from the Privacy Foundation indicates that the data collected did in fact contain identifying information (including the serial number of the individual user's machine).

The company that produces TiVo has since announced that it will begin to sell information about subscribers' viewing habits to broadcasters and advertisers. The firm has launched a new service that will let broadcasters and advertisers subscribe to a quarterly audience-measurement report that will track viewing habits during programs. Curiously, the announcement made no mention of privacy implications of selling the data.

Read Benny Evangelista, "TiVo to sell information on what people watch," San Francisco Chronicle, 3 June 2003, page B1 at

See also "TiVo to Sell User Viewing Data," Associated Press, 2 June 2003 at,1282,59072,00.html

The aforementioned Privacy Foundation report is posted under

[19] UK government forces massive Net user data info disclosures

Reports indicate that British government officials are routinely demanding huge quantities of personal online and telephone data, even as they seek wider powers for Internet snooping.

Under the controversial Regulatory of Investigatory Powers Act, the British Home Office has been making approximately a million yearly requests for access to data held by net and telephone companies. According to the Foundation for Information Policy Research (FIPR-a GILC member), the list of government agencies making these demands is not limited to the Metropolitan Police (127 000 requests), but also includes such bureaus as the Radio Communications Agency (400 requests), the Financial Services Authority (100 requests). These figures were released at a recent public debate where the government proposed to increase its ability to obtain personal communication data. The British government has already running into controversy with net and telephone companies over the extent of time companies should be forced to retain such data, with suggestions ranging from six months to seven years.

Privacy advocates have expressed strong concern over the extent of government data mining, who have pointed out that large amounts of communications information, including phone numbers dialed, email addresses contacted, websites visited and so on are all available with scant judicial oversight. "The government can't just say we have the intent to prevent crime so therefore we can do more or less what we like," says Simon Davies, the head of lobby group, Privacy International (a GILC member).

Read "Extent of UK snooping revealed," BBC News Online, 16 May 2003 at

See also Graeme Wearden, "Whistle blown over extent of UK data seizures," ZDNet UK, 14 May 2003 at,,t269-s2134686,00.html

[20] New study of Gator spyware

A recent study has heightened concerns over the extent to which advertisers can secretly spy on ordinary Internet users.

The study focused on the controversial Gator advertising utility, which is often surreptitiously bundled with other downloaded computer programs and can be installed with little notice to the user, particularly if the given machine's web browser uses low security settings. Once in place, Gator tracks a user's internet usage and displays advertisements based on this information. For example, as explained in the report, the program carefully watches the terms people enter into the Google search engine and posts ads pursuant to those terms. Gator also targets specific host names and even federal government websites for advertising opportunities.

The author of the report, Ben Edelman explained that the workings of Gator are of considerable public interest, especially for "website operators, and to be sure, their legal staff ... [I]t's important to know whether Gator is targeting them or not, and if so, how much." In the past, the company that produces Gator had failed to provide information regarding its practices, despite their potentially serious privacy implications posed by the software.

To read the report, click

Read Declan McCullagh, "Harvard study wrestles with Gator," CNet News, 22 May 2003 at

For information in German (Deutsch), see "Gator auf die Finger geschaut," Heise Online, 23 May 2003 at

[21] Microsoft error exposes 200 million Internet users

A flaw in a heavily used computer identity service has jeopardized information regarding over 200 million users.

Microsoft intended its Passport user authentication service as a central repository for such personal information as birth dates and credit card numbers, that, in turn, could be used for a variety of purposes, such as commercial transactions online. A researcher in Pakistan, Muhammad Faisal Rauf Danka, discovered a breach in Microsoft's security procedures that allowed a criminal to gain access to a Passport account using a specific web address and a trigger phrase. Over 200 million people (including all users of Microsoft's Hotmail email service) have accounts with Passport. Criminals who exploited this flaw could have obtained a range of user personal information, including credit card details and online mail accounts. Muhammad reportedly sent 10 emails to Microsoft detailing the vulnerability without response; the company finally reacted only after he posted the information online.

This is not the first time Microsoft has been in trouble over the Passport service. In an agreement reached with the FTC in mid-2002, Microsoft promised to take reasonable steps to protect the security of Passport accounts under the threat of a USD 11 000 fine per security lapse. With over 200 million customers whose privacy has been violated, Microsoft faces USD 2 trillion in possible fines to atone for this programming error. In addition, it is unclear what steps the European Union will take against the software giant; earlier this year, Microsoft had agreed to make changes to Passport in order to comply with EU privacy rules.

An archive of materials concerning Passport is available from the Electronic Privacy Information Center (EPIC-a GILC member) via

Read Robert Lemos, "Password problems could cost Microsoft," CNet News, 8 May 2003 at

See "Microsoft's Passport Flaw Fixed," Associated Press, 8 May 2003 at

For information in German (Deutsch), see "Sicherheitsluecke bei Passport macht Microsoft weiter Schwierigkeiten," Heise Online, 9 May 2003 at

For coverage in Spanish (Espanol), see "Microsoft deja al descubierto datos personales de millones de usuarios a causa de un fallo de seguridad,", 9 May 2003 at

[22] Japanese government passes personal info bills

The Japanese parliament has finally passed highly controversial legislation aimed at guarding personal information.

The proposed legislation was first introduced in 2001 but subsequently encountered several delays and revisions after the media and public protested that freedom of expression would be curtailed. Under these rules, Japanese citizens can ask firms to reveal what personal information is being kept about them, request companies to stop using personal information about them, or correct their files. Japanese government regulators are tasked with prosecuting offenders of the new laws. The legislation also calls for an information protection council to deal with privacy grievances. To assuage fears concerning freedom of speech, the legislation will not apply to the media or publishing bodies and research institutions. The bills define media institutions as those organizations which deliver objective facts to numerous, unspecified people.

Policymakers predict intense debate in the weeks following the Diet session. Many worry that the ambiguity and fuzzy guidelines outlined in the legislation will do little to protect privacy, especially with regard to government collection and dissemination of personal data.

See "Japan passes information protection bills," Mainichi Shimbun, 23 May 2003, available at

Read "Hit and miss: A close look at what the controversial privacy-protection bills would mean for consumers reveals numerous flaws," Asahi Shimbun, 22 May 2003 at

[23] EU data protection chief appointment criticized

Privacy advocates have criticized a European Parliament (EP) committee recommendation of an unknown Spanish magistrate for the influential post of European Data Protection chief.

In a secret ballot of the Committee on Citizen's Freedoms and Rights, Justice and Home Affairs of the EP, Joaquin Bayo Delgado was chosen as primary candidate for the post of "Data Protection Supervisor" for Europe, despite being completely unknown to any privacy or data protection advocate in Europe. The vote came more than three months of intensive lobbying by Bayo, the Spanish government and Spanish EP members (MEP), as well as heavy political arm-twisting between major EP parties, many of whom reportedly were opposed to having a candidate who might have strong pro-privacy stances.

Not surprisingly, privacy experts are very upset over the Committee's recommendation of Bayo. Simon Davies from Privacy International (PI-a GILC member) that his organization simply "cannot understand how a candidate with no experience or publicly stated interest in Data Protection can be nominated for this post over many eminently qualified candidates. To the best of our knowledge Mr Bayo Delgado is unknown to any privacy or data protection advocate in Europe, nor has he written or spoken about the subject it in any public presentation."

An open letter from Privacy International regarding Bayo's nomination is posted at

To read a PI press release on this subject, click

[24] Survey suggests tougher online privacy laws are needed

A new survey suggests that many consumers are being left bewildered about the ways online entities collect and handle personal information, and that there is strong public support for tougher privacy laws.

Conducted by the Annenberg Public Policy Center at the University of Pennsylvania, the study "raises questions about the usefulness of trying to educate American consumers in the growing range of tools needed to protect their online information at a time when technologies to extract and manipulate that information are themselves growing and becoming ever-more complex." For example, 57 percent of those surveyed believed incorrectly that a website which publishes a privacy policy will not share their personal information with other companies. Moreover, nearly two-thirds of adults reported that they had never searched for information regarding online privacy, and 40 percent admitted that they knew "almost nothing" about stopping sites collecting consumer information.

The survey results also "indicate that consumers want legislation that will help them easily gain access to and control over all information collected about them online." Thus, more than 95% of adults surveyed agreed or agreed strongly that they "should have a legal right to know everything a website knows about them." Eighty-four percent of respondents said that a law "that gives you the right to control how websites use and share information about you" would be at least somewhat effective in protecting consumer data.

Privacy advocates have embraced the survey as strong evidence for the need for new privacy laws. Mozelle Thompson, who sits on the United States Federal Trade Commission, noted that an "overwhelming percentage of consumers continue to believe that some legal framework would help them protect their information and that personal information is still an important concern. Congress is still looking at privacy issues and privacy legislation. This isn't going away."

The Annenberg survey is available via

See also "Internet Users Want More Privacy,", 25 June 2003 at


The GILC News Alert is the newsletter of the Global Internet Liberty Campaign, an international coalition of organizations working to protect and enhance online civil liberties and human rights. Organizations are invited to join GILC by contacting us at

To alert members about threats to cyber liberties, please contact members from your country or send a message to the general GILC address.

To submit information about upcoming events, new activist tools and news stories, contact:

Christopher Chiu
GILC Coordinator
American Civil Liberties Union
125 Broad Street, 17th Floor
New York, New York 10004

Or email:

More information about GILC members and news is available at

You may re-print or redistribute the GILC NEWS ALERT freely.

This edition of the GILC Alert will be found on the World Wide Web under

To subscribe to the Alert, or to change your subscription options (including unsubscribing), please visit