GILC Actions 



 Free Speech 





 GILC Alert 

 Mailing List
 GILC Events 




 Mail GILC 

Home Page

US Site
European Mirror


GILC Alert
Volume 7, Issue 5

July 31, 2003


Welcome to the Global Internet Liberty Campaign Newsletter.


Welcome to GILC Alert, the newsletter of the Global Internet Liberty Campaign. We are an international organization of groups working for cyber-liberties, who are determined to preserve civil liberties and human rights on the Internet.

We hope you find this newsletter interesting, and we very much hope that you will avail yourselves of the action items in future issues.

If you are a part of an organization that would be interested in joining GILC, please contact us at

If you are aware of threats to cyber liberties that we may not know about, please contact the GILC members in your country, or contact GILC as a whole.

Please feel free to redistribute this newsletter to appropriate forums.

Free expression

[1] Thailand imposes online curfew
[2] Local Chinese authorities curb mobile text messaging
[3] Egyptian Internet dissident remains in detention
[4] Pakistan pushes Net content restrictions
[5] WSIS Draft Declaration prompts further concern
[6] ACCOPS bill would impose jail time on Net file-traders
[7] Court revises ruling in visual search engine case
[8] Hollywood goes after Spanish Net music-sharers
[9] Hamidi wins ex-employee email protest case
[10] New Saudi cybercafe restrictions
[11] Burmese Net plagued by access problems, other restrictions
[12] Net freedom agency plan moves forward
[13] Pacific island to have first nationwide wireless Internet system


[14] Hollywood begins Net user data subpoena blitz
[15] TIA surveillance project faces possible funds freeze
[16] New U.S. spyware user consent bill
[17] Crictical Windows security holes found
[18] Privacy concerns dog E-911 mobile phone trackers
[19] Web firms choosing profit over privacy
[20] Computer keyloggers expose personal information
[21] GIA site lets citizens monitor Big Brother
[22] Japanese Big Brother Awards ceremony held
[23] Swiss privacy chief critcizes U.S. countererrorism efforts

[1] Thailand imposes online curfew

The government of Thailand has implemented a new system to prevent its citizens from reaching certain parts of cyberspace at night.
Thai authorities are blocking several overseas and local websites between 10PM and 6AM until at least September 30. While the curfew supposedly is meant to prevent children from playing games through computer networks, the ban affects all Thai Internet users, regardless of their age or where they are located in the country. It is also unclear if the blocking is actually limited to gaming sites.
Many members of Thailand's online community are outraged by the government's online curfew and have flooded digital chat rooms with angry messages. Meanwhile, the blocking scheme has failed to accomplish the government's purported goal, as a number of teens have shifted over to games on Local Area Networks (rather than through the global Internet).

Read "Thai gamers work around curfew," CNETAsia, 18 July 2003 at,,t269-s2137812,00.html?rtag=zdnetukhompage

Read Jill McGivering, "Curfew for Thai net gamers," BBC News Online, 15 July 2003 at

See Charles Lane, "Ruling Backs Porn Filters In Libraries," Washington Post, 24 June 2003, page A1 at

Read "Virtually addicted," Guardian Unlimited, 12 July 2003 at,12449,996439,00.htm

[2] Local Chinese authorities curb mobile text messaging

Local Chinese government censors have turned their attention to another form of digital expression: mobile phone text messaging.
With more than 200 million cell phone subscribers in the country, mobile phone text messaging had become a powerful method of sharing information. However, authorities in the northeast province of Liaoning are now warning people not to send "insulting, sexual or fabricated" cell phone messages. According to state-run media, violators could face criminal prosecution. Many details have yet to come to light, including just how this ban will be enforced.
This move constitutes just another hurdle that mainland Chinese citizens face when they want to access digital information. For many years, Chinese authorities have screened and censored websites, email messages and chatrooms. Persistent Internet users have been forced to use ever-more elaborate methods to get around these online roadblocks, such as asking foreigners to look up and email requested information or using proxy servers. Unfortunately, in addition to technical measures, Beijing has jailed dozens of people for their Internet activities; these activities include criticizing the ruling regime or discussing certain taboo subjects such as AIDS or the Falun Gong spiritual movement.

See "China bans lewd text messages," BBC News Online, 21 July 2003 at

Read Hector Mackenzie, "Chinese Work Around Net Blocking," Wired News, 26 June 2003 at,1283,59172,00.html

For further background information, visit the Human Rights In China website at

[3] Egyptian Internet dissident remains in detention

The Egyptian government is keeping one of its citizens in jail because of his Internet activities.
Ashraf Ibrahim, an engineer and anti-war activist, had downloaded information regarding human rights as well as news articles from the website of noted broadcast network Al-Jazeera. This past April, officials from the Egyptian State Security Investigations agency (SSI) raided his home and took away many of his possessions, including his computer and his scanner. He was then held in jail for 3 months. His detention was renewed several weeks ago, despite the fact that he has yet to have his day in court; nor has he been told what laws he has violated, if any. He is currently being held in a prison cell with 40 criminal convicts.
The plight of Ibrahim has generated anger among free speech advocates. Joe Stork of Human Rights Watch (HRW-a GILC member) urged Egyptian authorities to release Ibrahim "immediately. ... Accessing news and human rights information from the Internet is a basic right, not a crime."

An HRW press release on this subject is posted at

[4] Pakistan pushes Net content restrictions

Recent developments suggest that the Pakistani government is working overtime to censor web sites that it perceives to be "objectionable."
The government-controlled Pakistan Telecommunication Corporation Ltd (PTCL), which has a monopoly on providing Internet service in the country, had already blocked access to some 1800 "corrupt and evil" sites earlier this year, including many anti-government webpages. Pakistani government officials have singled out the South Asia Tribune, an online publication, for special treatment, warning that any newspaper that republishes the Tribune's web articles would be punished under the country's draconian defamation laws. In the latest move, PTCL has since announced that it is developing software that individual users can install on their computers to block supposedly "objectionable" content.
These efforts have been met with dismay by a number of experts. Besides the negative impact the government's actions may have on free speech, there is concern the blocking scheme will significantly degrade network performance and slow Internet access nationwide. In addition, from a practical standpoint, there is speculation as to whether the computer censor routines can be easily circumvented (such as through proxy servers).

Read Q Isa Daudpota, "Stop PTCL's censoring," The Daily Times (Pakistan), 10 July 2003 at

See "Pakistan tackles web porn," BBC News, 3 July 2003 at

For background information on Pakistani government censorship of the Internet, visit the Reporters Sans Frontieres (RSF-a GILC member) website under

[5] WSIS Draft Declaration prompts further concern

Will an upcoming World Summit on the Information Society (WSIS) pay much attention to human rights issues?
That is the question being posed by many observers as preparations are being made for the first Summit meeting this December. The WSIS, which is being organized by the International Telecommunications Union under the auspices of the United Nations, is intended to foster discussion regarding the socio-economic impact of new technologies. Its official goal is "to develop and foster a clear statement of political will and a concrete plan of action for achieving the goals of the Information Society, while fully reflecting all the different interests at stake."
However, the WSIS Declaration of Principles and Plan of Action has drawn heavy criticism from various quarters, including a special Human Rights in the Information Society (HRIS) Caucus of non-governmental groups-a coalition that includes many GILC members, notably the Association for Progressive Communications, Imaginons Reseau un Internet Solidaire, Computer Professionals for Social Responsibility, Cyber-Rights & Cyber-Liberties UK, Digital Rights Denmark, the Electronic Privacy Information Center, VIBE! AT and the American Civil Liberties Union. Among other things, at the beginning of a recent WSIS intersessional meeting (July 16), the Caucus expressed the belief that "human rights should figure prominently throughout both the Declaration of Principles and the Plan of Action and means should be devised to effectively enforce them." The coalition called on the Summit to include stronger language in the WSIS Declaration emphasizing that privacy "is a fundamental human right," and to not only affirm, but enforce freedom of speech as provided in Article 19 of the Universal Declaration of Human Rights (UDHR). Similar views were expressed by several other groups, including Communication Rights in the Information Society, which proposed using the concept of communication rights as a reference point to discuss human rights affirmed in international declarations and conventions.
However, a subsequent version of the WSIS Declaration incorporated few, if any, of these suggestions. For example, the revised draft did include some language from Article 19 of the UDHR, but did not make any reference to its source and left out the section of Article 19 that guarantees that freedom of expression shall be exercised without interference of any kind, regardless of frontiers. In a statement issued at the end of the meeting (July 18), the Caucus representatives commented that these latest developments had left them with a "profound sense of disappointment and frustration," and encouraged "heads of state ... to proclaim in December 2003 a true project for the future, one that fully respects all human rights."

The HRIS Caucus comments from July 16, entitled "Back to the Basics, WSIS and Human Rights," are available at

To read a version of these comments in French (Francais), click

The July 18 HRIS Caucus statement is posted under

An English-language translation of this document is posted at

An archive of HRIS Caucus documents in English and French (Francais) is available at

A revised statement of CRIS campaign concerning the WSIS is posted at

[6] ACCOPS bill would impose jail time on Net file-traders

Should people be sent to jail for trading files via the Internet?
That is the basic premise behind a controversial new proposal. A committee of the United States House of Representatives is considering the Author, Consumer and Computer Owner Protection and Security (ACCOPS) Act of 2003, a bill that targets 60 million file-sharing Americans for criminal prosecution. Among other things, the proposal includes a provision that essentially would impose jail time on people who place copyrighted material on a publicly accessible computer network without the permission of the copyright holder. In addition, the proposal would apparently require U.S. law enforcement authorities to assist foreign governments in investigations of potential copyright violations (notably by providing evidence), including violations of "foreign copyright laws."
The plan has already attracted a fair number of detractors, including pop icon Michael Jackson, who said he was "speechless about the idea of putting music fans in jail for downloading music. It is wrong to illegally download, but the answer cannot be jail." Similarly, the Electronic Frontier Foundation (EFF-a GILC member) released a report condemning the bill as an "overbroad" and "misguided" attack on peer-to-peer file sharing technology. EFF Senior Staff Attorney Fred von Lohmann declared: "Jailing people is not the answer. Proponents of this bill are casting aside privacy, innovation, and even our personal liberty as collateral damage in their war against file sharing."
The move comes as there is growing public anxiety over whether Hollywood attempts to expand and enforce copyright laws have gone too far. Just before the bill was released, EFF launched a "Let the Music Play" campaign to encourage people to demand that the U.S. government change its copyright laws to facilitate payment to artists and make file-sharing legal. EFF Executive Director Shari Steele explained: "Copyright law is out of step with the views of the American public and the reality of music distribution online. ... Rather than trying to sue people into submission, we need to find a better alternative that gets artists paid while making file sharing legal." In addition to addressing the free speech concerns, the campaign highlights the potential privacy problems posed by efforts to stamp out Internet file sharing (see item [14] below).

To read the text of the ACCOPS proposal, click

A PDF format version of this bill is available under

An EFF press release regarding ACCOPS is posted at

See "Jackson attacks music piracy bill," BBC News Online, 22 July 2003 at

Read Alex Veiga, "Tech War Over File Swapping," Associated Press, 24 July 2003 at

For more information about the "Let the Music Play" campaign, click

[7] Court revises ruling in visual search engine case

A recent court case has raised questions regarding the legality of Internet weblinks as well as the display of smaller, lower-resolution images of copyrighted works.
The dispute involves (formerly Arriba Soft), a search engine that, among other things, allowed users to find images. More specifically, through its in-line linking feature, the search engine could display thumbnail versions of those sought-after images and provide weblinks, so that users could click the thumbnails and see framed full-size versions. Leslie Kelly, a photographer, sued, claiming that the display of his pictures in the search engine's results pages was copyright infringement. This past February, United States Federal appeals court held that's use of thumbnail images was legally permissible "fair use," but held liable for copyright infringement for opening a new window to display the image. However, several weeks ago, the appeals court revised its opinion so as to retain its earlier "fair use" reasoning, but deleted the discussion of in-line linking, thus leaving open the possibility that's practice of providing weblinks to online images may be legal.
Free speech advocates were encouraged by the court's revised opinion. Fred von Lohmann, a Senior Staff Attorney at the Electronic Frontier Foundation (EFF-a GILC member) explained that website owners "can rest a bit easier about linking to copyrighted materials online ... the court removed a copyright iceberg from the main shipping lanes of the World Wide Web."

See Stefanie Olsen, "Court backs thumbnail image linking," CNet News, 7 July 2003 at

To read the 9th Circuit Court's revised opinion, click on

[8] Hollywood goes after Spanish Net music-sharers

It may be getting more difficult for Internet users in Spain to find various forms of expression online.
Thirty-three Spanish companies have filed a joint complaint with a division of the country's national police agency, claiming that some 95 000 people who had traded files through the Internet had violated various intellectual property laws. The firms, which apparently include a number of software manufacturers, focused their concerns on 4000 of those users who were supposedly the greatest offenders. An attorney for the plaintiffs believes the case will be heard in a criminal court this September, and said he would seek 4-year prison sentences for each user. Ironically, although the companies took pains to identify those individuals and managed to record their Internet Protocol addresses, the firms refused to identify themselves, apparently for fear of possible boycotts or other customer backlash.
Not surprisingly, the Spanish Internet Users Association derided the complaint as an "act of pure and simple cowardice" by companies "that don't dare show their faces." Some observers have expressed doubts over whether the upcoming lawsuit will succeed; Internet law expert Carlos Sanchez Almeida belittled the announcement, calling it "propaganda designed to strike fears into users so they stop using P2P programs." There is also concern as to whether the companies' efforts have violated Spanish privacy laws; one politician explained: "Article 18.3 of the Spanish Constitution stipulates that private communication can only be intercepted when there is a court order. Even if it's only basic data, [the firms would] be breaking the law if they don't have previous judicial authorization (to locate the files)."
Meanwhile, the Recording Industry Association of America (RIAA) is pushing ahead with its lawsuit against the proprietor of Spanish-based During its brief tenure online, offered users unlimited music downloads over a specified period for a fee. The RIAA claims that Puretunes' actions constituted copyright infringement.

See "Es legal la obtencion de datos de usuarios de P2P?", 28 July 2003 at

For English-language coverage, read Julia Scheeres, "Spanish Firms Target File Traders," Wired News, 23 July 2003 at,1412,59720,00.html

Read "Record firms sue Puretunes," BBC News Online, 11 July 2003 at

See John Borland, "RIAA sues vanishing Spanish music site," CNet News, 9 July 2003 at

[9] Hamidi wins ex-employee email protest case

In a new ruling, California's highest court has refused to equate protest emails with trespassing.
After being fired by Intel in 1996, Ken Hamidi sent six mass emails to about 30 000 current Intel employees (at their company email accounts) criticizing the chip-maker's labor practices, asking them to join an anti-Intel organization, and urging them to seek employment elsewhere. Intel then sued the former employee for "trespass to chattels," claiming that Hamidi had made unauthorized electronic contact with the chip-maker's property - its computer system. However, the California Supreme Court held in favor of Hamidi, finding he did not trespass on Intel's computer system, as "Hamidi did nothing but use the e-mail system for its intended purpose -- to communicate with employees."
Free speech groups applauded the decision. Many of these groups, including GILC members the American Civil Liberties Union (ACLU) and the Electronic Frontier Foundation (EFF) had previously filed legal papers in support of Hamidi. EFF's Lee Tien expressed satisfaction in that "[t]he court understood that this case is about communication .... [i]f the decision had gone the other way, the Internet's fundamental structure -- where everyone is connected to everyone -- would have to bring a claim of trespass to chattel, there must be some proof of damage to the communications equipment."

To read the California Supreme Court's opinion in Intel v. Hamidi, click on

An archive of Hamidi case materials is available at

Read Ryan Singel, "Ex-Intel Coder Wins E-mail Case," Wired News, 30 June 2003 at,,1282,59450,00.html

See also Stephanie Olsen, "Intel can't block ex-worker's e-mail," CNet News, 30 June 2003 at

[10] New Saudi cybercafe restrictions

In an apparent effort to tighten its grip on Internet expression, the government of Saudi Arabia is clamping down on cybercafes throughout the Kingdom.
Specifically, authorities in the Middle Eastern nation have issued revised regulations concerning the operation of such establishments. Under these rules, Internet cafes will now have to collect and retain various types of data regarding their customers for law enforcement purposes. The list of items to be collected includes customer names and ID numbers as well as login and logoff times. The Saudi government has also decided to impose a general ban on anyone who is younger than 18 from accessing the Internet through a cybercafe.
Public reactions to these regulations range from anger and disbelief to bewilderment. Over the past few years, Internet expression had already been subjected to heavy constraints; for example, nearly all Internet traffic in the Kingdom had been routed through a single facility located in the capital, Riyadh, which blocked various online materials if they were deemed immoral or politically controversial. One cybercafe user worries that the new rules, combined with pre-existing restrictions, would have a negative societal impact by depriving a whole generation of an important informational resource: "If you effectively remove a largely innocent aspect of the social life of under-18s, then what are you going to replace it with?"

Read "Rules, What Rules? Ask Internet Café Owners," Arab News, 7 July 2003§ion=0&article=28514&d=7&m=7&y=2003

See also Raid Qusti, "Internet Regulations Tightened," Arab News, 6 July 2003 at§ion=0&article=28447&d=6&m=7&y=2003

[11] Burmese Net plagued by access problems, other restrictions

Various reports indicate that few people in Burma are able to get onto the Information Superhighway-and even those lucky few are not able to explore the Internet's full potential.
There are apparently two major reasons for this state of affairs. For one thing, Internet connectivity at affordable prices is difficult to find in the Southeast Asian nation, where only 1 in every 5000 people has online access. What few online avenues are available tend to be relatively expensive; two recently opened cybercafes charge approximately USD 2 per hour of Internet access, which is more money than the average Burmese earns in a day.
Besides the connectivity issues, however, another factor in the sluggish growth of the Internet in Burma is the government. Burmese authorities have installed software on the servers that connect the country with the rest of the global Internet; these programs bar citizens from accessing many different websites, including webpages by political dissidents. People who manage to overcome these technical obstacles may face jail time under a panoply of laws, including one that bans the unauthorized possession of modems (and carries a possible 15 year jail sentence).

Read "The great firewall of Burma," Associated Press, 22 July 2003 at,12597,1003752,00.html

For further background information, visit the Reporters Sans Frontieres (RSF-a GILC member) website under

[12] Net freedom agency plan moves forward

A plan to boost technical measures to route around various national Internet censorship schemes has taken a big step forward.
The United States House of Representatives has approved a bill that will create a Federal Office of Global Internet Freedom responsible for developing technical methods to prevent other nations from censoring the Internet. This entity would, among other things, "develop and implement a comprehensive global strategy to combat state-sponsored and state-directed Internet jamming, and persecution of those who use the Internet." The new body would also compile reports on this subject, including a list of "countries that pursue policies of Internet censorship, blocking and other abuses; provide information concerning the government agencies or quasi-governmental organizations that implement Internet censorship, and describe with the greatest particularity practicable the technological means by which such blocking and other abuses are accomplished." The yearly budget for this Office is pegged at USD 16 million for 2 years. Although the bill has been passed in the House by a 382-42 vote, it must be passed by the Senate and signed by the President before it becomes the law.
One of the co-sponsors of the bill, Representative Chris Cox, hopes this bill "will give millions of people around the globe the power to outwit repressive regimes that would silence them, and to protect themselves from reprisals in the process." Similarly, Lance Cottrell, president of, commented, "It's really important that we stand up and try to make free access to information possible. ... There are a lot of places in the world that are doing a lot of censorship. The Internet has an opportunity to live up to its billing as the single greatest democratizing technology ever invented."

A press release from Rep. Cox on this bill is posted at

Read Declan McCullagh, "Bill aims to curb Net censorship," CNet News, 17 July 2003 at

[13] Pacific island to have first nationwide wireless Internet system

The Polynesian island nation of Niue will soon be the first country to have a nationwide wireless Internet system.
The country's telecommunications network had previously suffered from outmoded technology and a chronic shortage of phone lines. Moreover, Niue's tropical climate and geographic features have made it difficult to expand and maintain conventional telecom facilities. However, a new initiative is underway to install solar-powered aerials on palm trees throughout the island and to link them to the rest of the Information Superhighway by satellite. The goal is to create a wireless network that will be available to the public free of charge and with access speeds approaching those of broadband connections. However, there is some concern as to how robust the system will be; as one of the network's backers admitted, "If someone tried to download a big document from somewhere else, it would probably block up the whole network."

Read David Fickling, "Coral island to become world's first wire-free internet country," Guardian Unlimited, 27 June 2003 at,12597,985885,00.html


[14] Hollywood begins Net user data subpoena blitz

A major music industry trade group has begun a massive legal campaign against people who trade files over the Internet-a campaign that apparently snared grandparents, roommates and college students.
The Recording Industry Association of America (RIAA) has won at least 900 federal subpoenas against computer users who allegedly shared copyrighted music files on the Internet. The association is promising to file several hundred lawsuits against the people identified through the subpoenas within the next eight weeks. The RIAA's dragnet has already affected a wide cross section of society. For example, one recipient of these subpoenas was Bob Barnes, a grandfather in California who complained that, among other things, many of the rare music tracks he downloaded were nearly impossible to find on the market. Another person targeted by the RIAA was the roommate of university student Amy Boggs, who had used her roommate's Internet account to download songs. Nor is this effort limited to the United States, as Internet users in Italy and Germany have reportedly been arrested for their file-sharing activities. Indeed, RIAA president Cary Sherman admitted: "The idea really is not to be selective, to let people know that if they're offering a substantial number of files for others to copy, they are at risk. It doesn't matter who they are."
The RIAA, which represents all the major record labels, is cashing in on a United States Federal appeals court ruling that forced telecom giant Verizon to divulge the names of eight individuals that the Association suspected of making and sharing unauthorized copies of music files. The RIAA's actions were bitterly contested by a number of groups, including GILC members the American Civil Liberties Union (ACLU), the Electronic Frontier Foundation (EFF), Computer Professionals for Social Responsibility (CPSR) and the Electronic Privacy Information Center (EPIC). The RIAA's subsequent copyright law broadsides have drawn concern even from within the industry; one entertainment lawyer admitted that if the RIAA ends up "picking on individuals who are perceived to be grandmothers or junior high students who have only downloaded in isolated incidents, they run the risk of a backlash." Several universities whose students have been targeted in these sweeps, including the Massachusetts Institute of Technology (MIT), have objected to the Association's methods, claiming that the filed subpoenas fail to conform with various United States Federal student privacy standards. In the latest development, Pacific Bell Internet Services, a subdivision of telecom conglomerate SBC Communications, has challenged Association's subpoenas in court and accused the RIAA of trampling on Internet users' privacy rights.
Meanwhile, there is evidence that the RIAA threats have had a chilling effect on Internet activity. Both Kazaa and Morpheus, two of the most popular file-swapping sites, reported a 15% dip in users one week after the RIAA lawsuit threats began. According to the Nielsen Netratings, the decrease means that as many as one million fewer people are using the music-swapping networks.

For the latest details, see Matthew Broersma, "ISP returns labels' subpoena serve with suit," CNet News, 31 July 2003 at

See also "Pac Bell sues over online music trading," Associated Press, 31 July 2003 at

Read "File-sharers fight legal moves," BBC News Online, 28 July 2003 at

See Benny Evangelista & Todd Wallack, "Net music swappers fear wrath of industry," San Francisco Chronicle, 25 July 2003, page A1 at

See "RIAA Leaning on Kids' Parents," Associated Press, 24 July 2003 at,1412,59756,00.html

Read David McCandless, "Cyber sleuths," The Guardian (UK), 24 July 2003 at,3605,1004307,00.html

An MIT press release on this subject is posted under

Read "US colleges fight 'pirate' subpoenas," BBC News Online, 23 July 2003 at

See Katie Dean, "Schools Rebuke Music Biz Demands," Wired News, 23 July 2003 at,1412,59726,00.html

Read John Borland, "RIAA threat may be slowing file swapping," CNet News, 14 July 2003 at

[15] TIA surveillance project faces possible funds freeze

A controversial project to build a massive computer surveillance system may soon face death by legislation.
Conceived by retired Admiral John Poindexter, the Terrorism Information Awareness project (previously named Total Information Awareness) is being designed by the United States Department of Defense to gather and compile personal data on a grand scale. Some of the goals of TIA include the ability to identify people at great distances by the irises of their eyes, the grooves in their face and their gait. The technology would also analyze such things as airline ticket purchases, visa applications, emails, and phone calls as well as educational, medical and financial records. Its proponents believe that by scanning and analyzing this massive pile of data, government agents will be able to predict and prevent terrorist acts.
In response to public outcry over the project's potential privacy implications, the United States Senate approved a plan to halt the funding of TIA. In addition, the bill would extend an existing restriction on TIA (currently scheduled to expire this September) that essentially bans any "department, agency, or element of the Federal Government" from deploying or implementing any portion of TIA against U.S. citizens without providing notice and getting specific authorization from Congress. The U.S. House of Representatives has passed a similar bill that includes the aforementioned deployment/implementation ban but does not bar the use of Federal money for TIA; a special conference committee will soon be created to resolve the differences between the two versions.

Read "Senate votes to ax computer dragnet funds," CNet News, 17 July 2003 at

See "Senate Targets DoD Spy Program,", 16 July 2003 at

See also "Senate OKs Defense Spending Bill," Associated Press, 18 July 2003 at

Read "US snooping plan blocked," BBC News Online, 18 July 2003 at

For more information, see "Funding for TIA all but dead," Wired News, 14 July 2003 at,1283,59606,00.html

For coverage in German (Deutsch), see "US-Senat kippt Internet-Ueberwachung," Heise Online, 18 July 2003 at

[16] New U.S. spyware user consent bill

A new proposal may restrict the use of a controversial technique that allows advertisers to secretly spy on Internet users.
The Safeguard Against Privacy Invasions (SPI) Act ostensibly targets so-called spyware products like Gator and Xupiter, which are often surreptitiously bundled with other downloaded computer programs. These piggyback routines can be installed with little notice to the user, especially if the given machine's web browser has low security settings. Once in place, these products generally track users' Internet activities and display advertisements based on this information. For example, Xupiter changes the user's browser home page, redirects searches to pre-selected sites, and automatically opens a "back door" into the computer both to let in ads and to send out information about the user via the Information Superhighway.
The SPI Act, which is co-sponsored by United States Representatives Mary Bono and Edolphus Towns, would essentially ban anyone from sending spyware to a computer via the Internet unless the user of that computer "expressly consents to such transmission in response to a clear and conspicuous request for such consent or through an affirmative request for such transmission." Among other things, under the Act, a spyware provider would have to post a license agreement on the World Wide Web clearly explaining "the purpose of including the spyware" and that agreeing to the terms of the notice "constitutes consent to transmission of the spyware." A spyware provider also would have to provide its name, street address and a valid return e-mail address in the agreement. Furthermore, if a spyware program collects "personally identifiable information," the provider of that program would have to post an additional notice stating specifically that it is collecting such information. The U.S. Federal Trade Commission would enforce the SPI Act, with the power to impose civil and/or criminal penalties, depending on the circumstances.

The text of the bill (in PDF format) is posted under

To read a press release from Rep. Bono, click

Read Lisa M. Bowman, "Lawmaker wants limits to spyware," CNet News, 29 July 2003 at

[17] Critical Windows holes found

Over the past several weeks, a slew of serious security flaws have been found in various Microsoft products-discoveries that have renewed concerns over whether the software giant is doing enough to protect the privacy of its customers.
One of these flaws, discovered by researchers in western Poland, involves a component of the Microsoft Windows operating system that handles Direct X commands. Using a corrupted MIDI music file, an attacker can take control of a victim's computer, steal data, eavesdrop on email and delete files. Ironically, the flaw applies to nearly all versions of Windows, including Windows Server 2003, billed by Microsoft as the safest edition of Windows ever and sold under the high-profile "Trustworthy Computing" initiative organized last year by Microsoft founder Bill Gates.
Microsoft also encountered a new security hole in its Passport online identity service. Passport is intended to be a central repository for such personal information as birth dates and credit card numbers that, in turn, could be used for a variety of purposes, such as commercial transactions online. The most recent vulnerability, the second flaw found in Passport over the past two months, affects various accounts that do not have a secret question set for password recovery. The hole allows attackers to reset customers' passwords and thereby take control of the relevant Passport accounts. The flaw came to light just as a new California law went into effect that requires companies to give notice to their customers when unencrypted personal information may have been violated.

Read "'Critical' flaw found in Windows," BBC News Online, 24 July 2003 at

See "New Flaw Found in MS Windows,", 16 July 2003 at

See also "Windows of Opportunity for Hackers," Associated Press, 31 July 2003 at

Read "Microsoft plugs second Passport hole," CNet News, 2 July 2003 at

See also "Researcher: Windows security flaw remains," CNet News, 11 July 2003 at

[18] Privacy concerns dog E-911 mobile phone trackers

The installation of systems to track wireless phone customers is causing apprehension from privacy advocates.
The United States Senate is considering a bill to accelerate the implementation of E-911 systems. Using such systems, which were originally mandated by the U.S. Federal Communications Commission and are supposedly intended to quicken emergency response time, wireless service providers essentially would provide the geographic location of a caller to emergency centers when he or she dials 911. By installing the proper microchips, a given mobile phone can act as a homing device, allowing service providers with the right facilities to know an individual's exact location at all times.
However, privacy experts worry that the location data generated by E-911 systems may be used for less-than-salutary purposes. For example, law enforcement agencies might utilize the information to build profiles on a person's habits and whereabouts. Similarly, there are fears that commercial entities will take advantage of E-911 related data to bombard mobile phone customers with advertisements, especially as they walk by certain shops or stores. Privacy experts also have voiced concern about the vague and untested rules governing such services.

See "Policy Watch," Washington Post, 20 July 2003, page F3 at

For more about the E-911 bill, click

[19] Web firms choosing profit over privacy

Despite broad assurances to protect individual privacy, many online retailers and service providers continue to expand their collection and use of consumers' personal information.
A report published in the Washington Post indicates how an increasing number of firms are employing covert tactics to gather and sell consumer information, even as many of them promise not to sell consumer data. Some of these firms "rent" the personal information of their clients, meaning that while a list owner will not release the data to an outside marketer, it will send messages to the list on the outsider's behalf. The number of people who can be affected by such schemes can be large; for example, Gateway Learning Corporation offered to send ads to 105 936 of its customers who had bought its Hooked on Phonics reading education products (including the age of the customers' children)-despite promising on its website that it would never sell or rent consumers' personal information. This problem appears to be especially acute among vendors who work behind the scenes at certain websites, such as the providers of online "shopping cart" software. One such firm, CartManager, rented a list containing the postal and email addresses of some 781 000 people who it claims "regularly buy online."
These practices come on the heels of a recent Annenberg Public Policy Center study indicating that firms have left many consumers bewildered about how online entities collect and handle their personal information. Among other things, the study found that 57 percent of those surveyed believed incorrectly that a website which publishes a privacy policy will not share their personal information with other companies. At the same time, nearly two-thirds of the respondents said that they had never searched for information regarding online privacy, and 40 percent admitted that they knew "almost nothing" about stopping sites from collecting consumer information.

See Jonathan Krim, "Web firms choosing profit over privacy," Washington Post, 1 July 2003, page A1 at

To read the Annenberg study (in PDF format), click

[20] Computer keyloggers expose personal information

The growing use of a special computer interception technique is heightening public concern over the erosion of Internet privacy.
Keyloggers are devices that are installed on the keyboard of a personal computer that can record every letter and character that the user types. These systems have been used over the past several years for a number of purposes, including the theft of personal information. In one such incident, Juju Jiang stole more than 450 digital names and passwords by installing Invisible KeyLogger Stealth software on public computers at 14 Kinko's copy centers. Jiang used the collected data to break into bank accounts online as well as open new accounts. In another case, an attacker put keyloggers on over 100 computers at the campus of Boston College to collect passwords and other sensitive data; afterwards, he took that information to create a campus identification card so that he could enter buildings without authorization and purchase various items.
Besides fraud, it is known that law enforcement officials are using broadly similar technology to spy on Internet users. This law enforcement aspect had previously come to light in the case of Nicodemo Scarfo, who was targeted by the US Federal Bureau of Investigations (FBI) for wiretapping purposes. FBI agents decided to go beyond traditional surveillance methods and installed a keylogger on Scarfo's home computer, then used the information to prosecute him on criminal charges. The trial judge issued a ruling allowing many details on FBI keylogging equipment to remain secret; Scarfo later entered a plea agreement with the Federal officials, which precluded an appeal.

See Anick Jesdanun, "Cybercafes Pose Security Problems," Associated Press, 22 July 2003 at

For background information on the Scarfo case, visit the Electronic Privacy Information Center (EPIC-a GILC member) website under

[21] GIA site lets citizens monitor Big Brother

Inspired by a controversial United States government surveillance program, a new Internet repository has been created for citizens to find out more about public officials, corporations and their executives, rather than the other way around.
The "Government Information Awareness" project is the brainchild of Ryan McKinley, a graduate student at the Massachusetts Institute of Technology. The idea was to generate a giant database that shows the web of connections that fuel politics and moneymaking (such as school ties, club memberships, and so on). To accomplish this goal, McKinley wrote a series of computer programs that allows users to cull data from existing online databases and add the information to his site. Individuals may also add information that they have gathered or to which they have access. GIA data sources currently include lists of White House appointments of agency heads, biographies of members of Congress and campaign contribution data compiled by public interest groups. While the site currently is divided into categories of legislators, judiciary members and large companies, McKinley hopes the system will eventually track local officials and smaller firms as well.
McKinley explained that the project was in response to the controversial Terrorism Information Awareness program (see item [15] above) and is meant to ensure that government agencies remain accountable to the public: "In order to avoid a totalitarian world, we need to figure out ways to make sure it doesn't become unilateral." The effort has already attracted a fair number of admirers; Clyde Waynes Crews Jr., the head of technology policy at the Cato Institute, remarked: "If we're going to be watched, we have a right to watch the watchers." Curiously, a spokeswoman for the TIA project refused to comment on McKinley's efforts.

The official GIA website is located at

Read "Site lets citizens monitor Big Brother," Washington Post, 8 July 2003, page E2 at

[22] Japanese Big Brother Awards ceremony held

GILC members Privacy International and Net workers against Surveillance Taskforce (NaST) recently held the first-ever Japanese Big Brother Awards ceremonies. These prizes are designed to publicize some of the most serious threats to individual privacy in the Land of the Rising Sun.
The big winner (for Worst System) was the infamous Juki Net nationwide resident registration network, which stores personal information such as names, birthdays and addresses about every man, woman and child in the country in a centralized database, which can be accessed using individualized 11-digit identification numbers. The Japanese Defense Agency received a Worst of the Public Sector trophy for gathering and leaking personal data (including political ideologies) about individuals who sought information about government operations. The Takefuji credit card company garnered a Worst Private Corporation award for establishing a system to wiretap its customers. A special overseas prize was given to United States President George W. Bush for his efforts to erode privacy in Japan.
The awards ceremony was part of a larger Japanese Big Brother conference that included a symposium on global privacy rights. The symposium featured distinguished speakers from several countries, including Toshimaru Ogura from NaST as well as Simon Davies and Gus Hosein from Privacy International and many others.
Since 1998, 34 Big Brother Awards ceremonies have been held in fourteen countries around the world. The next Big Brother Awards ceremony for 2003 will take place this September in Australia.

For the full list of Japanese Big Brother Awards winners, visit

For more about the upcoming first-ever Australian Big Brother Awards, click

[23] Swiss privacy chief criticizes US counterterrorism efforts

Are United States government efforts to combat terrorism undermining individual privacy?
The answer is yes, according to Hanspeter Thuer, the head of Switzerland's data protection commission. In a recent report that marked the panel's tenth anniversary, Thuer charged that the administration of U.S. President George W. Bush is pursuing a repressive policy with little regard for data protection. As evidence of this tendency, Thuer cited new U.S. government rules requiring airlines flying to the U.S. to divulge personal details regarding all passengers, including such details as religious beliefs, dietary preferences and credit card numbers, to U.S. authorities-a move that has forced Swiss' national airline to break Swiss data protection laws. The report also documents several other factors that have had a negative impact on privacy rights, including new technologies and a lack of transparency in how entities handle personal data, and mentioned the wholesale sharing of email addresses as an example of this problem. As a solution, the Swiss data protection chief called for stronger controls on anti-terrorism activities and greater funding for initiatives to protect civil liberties.
Thuer's frank commentary has received considerable support from various human rights groups. A spokesperson for the Swiss division of Amnesty International echoed Thuer's concerns: "Since the attacks of September 11th, the U.S. has cared little for personal privacy."

Read "Data protection chief criticises US," Swissinfo, 1 July 2003 at

See also "Swiss data protection chief criticizes USA," EDRi-gram, 16 July 2003 at



The GILC News Alert is the newsletter of the Global Internet Liberty Campaign, an international coalition of organizations working to protect and enhance online civil liberties and human rights. Organizations are invited to join GILC by contacting us at

To alert members about threats to cyber liberties, please contact members from your country or send a message to the general GILC address.

To submit information about upcoming events, new activist tools and news stories, contact:

Christopher Chiu
GILC Coordinator
American Civil Liberties Union
125 Broad Street, 17th Floor
New York, New York 10004

Or email:

More information about GILC members and news is available at

You may re-print or redistribute the GILC NEWS ALERT freely.

This edition of the GILC Alert will be found on the World Wide Web under

To subscribe to the Alert, or to change your subscription options (including unsubscribing), please visit