GILC Actions 



 Free Speech 





 GILC Alert 

 Mailing List
 GILC Events 




 Mail GILC 

Home Page

US Site
European Mirror


GILC Alert
Volume 4, Issue 9

November 6, 2000


Welcome to the Global Internet Liberty Campaign Newsletter


Welcome to GILC Alert, the newsletter of the Global Internet Liberty Campaign. We are an international organization of groups working for cyber-liberties, who are determined to preserve civil liberties and human rights on the Internet.

We hope you find this newsletter interesting, and we very much hope that you will avail yourselves of the action items in future issues.

If you are a part of an organization that would be interested in joining GILC, please contact us at

If you are aware of threats to cyber liberties that we may not know about, please contact the GILC members in your country, or contact GILC as a whole.

Please feel free to redistribute this newsletter to appropriate forums.

Free Expression

[1] Mainland China's new Net censorship rules
[2] Problems persist during & after ICANN elections
[3] Korean online protesters face persecution
[4] New domain name proposals raise concern
[5] US mega-blocking bill moves forward
[6] Olympic Net regulations stifle expression
[7] Malaysia cybercafes fear gov't ban
[8] ImageFilter software empowers gov't censors
[9] Moodwatch program threatens free speech
[10] US students battle schools over online expression
[11] Foil the Filters contest winners announced

Privacy and Encryption

[12] EU anti-privacy "cybercrime" treaty drafted
[13] Digital Angel body chip may allow Net tracking
[14] US spyware review panel flawed
[15] ECHELON faces criminal charges
[16] Japanese groups push for stronger privacy laws
[17] Clothing store web body scans spark concern
[18] Australian gov't health website bad on privacy
[19] US companies push weak privacy bills
[20] Free & secure web email service launched
[21] Study: privacy worries hurt e-commerce
[22] privacy fiasco
[23] US gov't gets low privacy marks
[24] New P2P crypto mail program
[25] Web "cat" tracks users
[26] Privacy flaws in Bluetooth palmtop devices
[27] Austrian Big Brother Awards ceremony held

[1] Mainland China's new Net censorship rules

Mainland China is launching yet another campaign against online dissenters.

Communist Chinese officials have unveiled new "Measures for Managing Internet Information Services." These new rules criminalize many types of behavior on the Information Superhighway, even including such acts as merely "insulting other people" through the Internet. The proposal especially concerned with the transfer of online information that "undermines national unification, is detrimental to the honor and interests of the state, disseminates rumors, disturbs social order," or otherwise "undermines social stability." These standards target a variety of groups, particularly supporters of religious freedom; it bars the dissemination of data "that undermines the state's policy for religions, or that preaches evil cults or feudalistic and superstitious beliefs." Under this regime, Internet service providers must inform the government of any possible transgressions and keep stringent records. Violators may face fines of up to CNY 1 000 000.

In addition, Communist authorities have jailed several people for their online speech activities. The list of prisoners includes Qi Yanchen-a freelance journalist who urged political reform in several of his articles. After these items were posted on the Internet and in a Chinese policy magazine, mainland Chinese officials arrested, tried and convicted Qi of subversion. He was unable to appeal his sentence because his lawyer refused to continue defending him and he could not find another lawyer within the appeals period. Meanwhile, a freelance writer friend of Qi who wrote about the case was also arrested and charged with undermining state power.

Not surprisingly, these moves have drawn fire from a number of free speech advocates. The Digital Freedom Network (DFN-a GILC member) said that Beijing's latest moves would "probably do little to improve the growth of the Internet in China" while "placing an additional burden on the country's struggling Internet industry." Ann Cooper, who is executive director of the Committee to Project Journalists (CPJ), decried the Chinese government's attempts to appoint "the companies involved in e-commerce as their proxy policemen." Similarly, Reporters Sans Frontieres criticized the sentencing of Qi Yanchen, saying that his imprisonment constituted "a serious violation of press freedom."

To read an English language translation of China's "Measures for Managing Internet Information Services," visit the DFN website under

For press coverage of China's new Internet standards, read "China drafts law on Internet-based crimes," China Online, Oct. 24, 2000 at

For a CPJ press release on this proposal, click

RSF's comments on the Qi Yanchen case are located under

For a DFN news bulletin about the jailing of Chinese dissenters, located at

[2] Problems persist during & after ICANN elections

Despite a bevy of technical problems, Internet users have elected five representatives to the global body that runs the Internet domain name system.

The list of newly elected ICANN (the Internet Corporation for Assigned Names and Numbers) Directors includes several vehement critics of the organization, including Karl Auerbach (from North America) and Andy Mueller-Maguhn (Europe). Auerbach ran on a platform that, among other things, would require all ICANN decisions to be subject to an automatic "sunset" provision. Under this plan, which is intended to promote greater public accountability, any measures approved by ICANN would automatically expire within a certain time period unless they were re-examined and reauthorized. Both Auerbach and Mueller-Maguhn have attacked ICANN's Uniform Domain Name Dispute Resolution (UDRP) as a burden on free speech; indeed, Mueller-Maguhn went so far as to call the process by which the UDRP was adopted as "evil."

The other winners were Ivan Moura Campos (to represent Latin America and the Caribbean), Masanobu Katoh (Asia/Australia) and Nii Quaynor (Africa).

Overall, voter turnout was low in several sectors. This partly due to a programming error that blocked many computer users from registering their votes. While ICANN's contractor ( claimed it had solved the problem within a day or so, a number of would-be voters complained of continued difficulties after the fixes were supposedly made.

More recently, ICANN announced that it will not allow these new Board members to assume their positions as Directors until the end of its annual general meeting, which takes place Nov. 13-17, 2000. Critics have attacked this move because they believe it will reduce these publicly elected representatives to mere non-voting observers, at a time when ICANN will consider several pressing issues related to Internet governance, notably the introduction of new Top-Level Domain names (see item 4 below).

These events came after charges from many observers that ICANN is undemocratic. A law review article from Professor A. Michael Froomkin suggests that ICANN's actions in conjunction with the United States Department of Commerce (DoC) may have violated numerous standards designed to ensure public input. According to Froomkin, "Depending on the precise nature of the DoC-ICANN relationship, not all of which is public, DoC's use of ICANN to run the DNS violates the Administrative Procedures Act (APA) and/or the US Constitution."

These concerns have been heightened by ICANN's recent decision to extend the terms of four nonelected directors. In spite of previous promises to allow the public to elect a larger portion of its Board, ICANN has announced that four of its appointed directors (Frank Fitzsimmons, Hans Kraaijenbrink, Jun Murai, and Linda Wilson) will stay on for two more years (through November 2002). Some observers, including Froomkin, are now calling on these unelected Board members to resign.

For the official elections results, click

To learn more about Karl Auerbach's positions, see

To learn more about Andy Mueller-Maguhn's positions, visit

For the latest on ICANN's treatment of new At-Large Board members, see Andrew Orlowski, "ICANN locks elected reps out of AGM," The Register (UK), November 5, 2000 at

Read Declan McCullagh, "ICANN Elects Iconoclasts," Wired News, Oct. 12, 2000 at,1294,39385,00.html

For more on the technical difficulties surrounding ICANN elections, read Anick Jesdanun, "Internet Voting Snag," Associated Press, Oct. 3, 2000 at

For more on comments from Professor Froomkin, see Andrew Orlowski, "J'accuse: ICANN's 'Government sponsored extortion' unconstitutional," The Register (UK), Oct. 3, 2000 at

For ICANN's Oct. 27 announcement that it will extend the terms of 4 unelected directors, click

For Froomkin's comments on this term extension, see

[3] Korean online protesters may face persecution

Observers fear that a recent Korean government raid of a noncommercial Internet service provider will have chilling effect on speech in cyberspace.

Previously, the South Korean Information and Communications Ministry has proposed a ratings system that would force web site creators to label themselves if their materials could somehow be considered harmful to teenagers. A Ministry spokesperson explained that once the ratings system was implemented, websites with controversial content could then be blocked off. The agency intends to submit this bill to the National Assembly within the next few months, and the entire system could be up and running by mid-2001.

Subsequently, hundreds of enraged Internet users simultaneously visited the Ministry's home page and disrupted service for hours, apparently as part of massive "virtual sit-in" protest-a form of demonstration that is generally considered legal in Korea. However, Korean police officers soon showed up at the offices of Jinbonet, an Internet service provider for noncommercial users. The officers demanded that organization hand over numerous personal information files regarding Jinbonet subscribers, apparently without a warrant. Though the ISP initially refused to comply with these demands, after continued pressure from investigators, government agents eventually did gain access to Jinbonet log files.

Since then, Jinbonet issued a statement condemning the government's actions and noted that state officials have had a history of using criminal investigations as a pretext to stifle dissent: "Jinbonet has received threats from many investigative agencies in an attempt to obtain information about Jinbonet users. To inspect hard disks which have information of not only the Korean Confederation of Trade Unions, Korean Women's Group United, Green Korea United, but also many users can be regarded as censuring their online activities and if many hard disks were to be confiscated, the Jinbo Network Center could not exist."

To read a JinboNet statement on these events, visit

See also 9d5dd6dc73

For further information on Korean government Internet rating plans, visit

[4] New domain name proposals raise concern

Experts are worried that a variety of new domain name proposals may help corporations but will leave noncommercial entities, private individuals and other members of the dot-org world behind.

The Internet Corporation for Assigned Names and Numbers (ICANN) has received dozens of applications to create new top-level domains names. However, while there were numerous suggestions to create new names for e-commerce purposes (such as .shop and .biz), there were very few proposals specifically targeted for noncommercial groups or ordinary Internet users. This dearth of noncommercial-type domain name proposals has been attributed in part to ICANN's decision to levy $50,000 nonrefundable application fees. For example, while there had been considerable interest in creating .humanrights before the $50,000 fee structure was announced, attempts to submit a formal application were dropped due to a lack of funds. Another source of concern comes from proposals to label websites with controversial content with domain names like .sex and .xxx, which could then be blocked-a proposal that has been savaged by numerous free speech advocates. In addition, many of these proposals contain famous names lists and "sunrise provisions" that might allow large intellectual property interests first dibs on new domain name space at the expense of the general public. Finally, at least one proposal "will also incorporate software that eliminates anonymous e-mail and chat," a suggestion that experts fear would serious undermine freedom of expression online.

To see ICANN's official list of submitted proposals, click

To submit comments on these proposals, visit

For more details, see David Lawsky, "ICANN Will Decide Last Word on the Web Addresses," Reuters, Oct. 22, 2000 at

See also Sascha Segan, "Making a Name for Oneself," (US), Oct. 6, 2000 at

Read Chris Oakes, "Inching Toward Dot-Whatever," Wired News, Oct. 4, 2000 at,1367,39246,00.html

See also Ian Lynch, "Battle starts for control of new domains,", Oct. 4, 2000 at

[5] US mega-blocking bill moves forward

The United States Congress may soon approve a massive proposal to force Internet blocking software on librarians, teachers and many other groups.

The so-called "Children's Internet Protection Act" is contained within a Labor-Health and Human Resources funding bill, and combines several different filtering plans. Among other things, the legislation would essentially require high schools and libraries to include blocking software on all of their computers. Institutions that refused to do so (or implement policies to that effect) would receive federal funding.

Not surprisingly, a broad coalition of groups are fighting against this package because it may severely restrict the flow of information online. The list of opponents to this bill is broad based and includes cyberliberties organizations such as GILC members the American Civil Liberties Union (ACLU) and the Center for Democracy and Technology (CDT), conservative thinktanks such as the Free Congress Foundation and Americans for Tax Reform, educational institutions, industrial trade associations and many other groups.

In addition, a new government report has rejected the mandatory use of computer blocking programs. In its report, the Federal Child Online Protection Act (COPA) Commission argued that, rather than using filtering regimes, the "most effective current means of protecting children from content on the Internet harmful to minors" should be "aggressive efforts toward public education, consumer empowerment, increased resources for enforcement of existing laws, and greater use of existing technologies." The Commission specifically noted that there are "significant concerns" regarding filtering software when they are "used in libraries and schools," and mentioned that these and other free speech-based "[c]oncerns are increased because the extent of blocking is often unclear and not disclosed, and may not be based on parental choices."

Yet despite this backlash, Congress seems more likely than ever to approve this legislation within the next week or so, before it adjourns in anticipation of the upcoming national elections. Moreover, White House officials have indicated that President Clinton is likely to sign the proposal.

See "Internet Filter Bill Hits Snag," Associated Press, Oct. 24, 2000 at

To see an ACLU Action Alert on this subject, click

For an open letter to Congress from the Free Congress Foundation and other groups, visit

To read the COPA Commission report, visit

For more on President Clinton's view on Internet filtering, read Keith Perine, "White House Won't Fight Anti-Porn Measures," The Industry Standard, Oct. 30, 2000 at,1151,19802,00.html

See also "Keeping Web Smut From Kids," Associated Press, Oct. 20, 2000 at,1597,243016-412,00.shtml

[6] Olympic Net regulations stifle expression

Fans and athletes alike are charging that stringent Olympic regulations violated their online free speech rights.

Prior to the games in Sydney, the International Olympic Committee (IOC) issued a series of commandments that essentially barred live webcasting of Olympic events. Similarly, the Committee also prevented journalists from online news services from reporting on the games, and banned unofficial websites from using audio or video coverage of Olympics. The IOC also prohibited Olympic athletes (in its Code of Conduct) from disseminating their comments and thoughts (including diary entries) on the Internet. The Committee even went so far as to sue approximately 2,000 domains for using "Olympic" language in their URLs; the defendants included a watchdog organization dedicated to reporting on corruption in the Olympic process.

These moves have led to scorn and dismay from various quarters, including members of the press, Olympic games participants and private Internet users. Author Helen Lensky, author of "Inside the Olympic Industry: Power, Politics, and Activism," charged that the IOC was engaging in this behavior as part of a "wider commercial imperative" to protect its corporate sponsors. She further noted that the "IOC has shown itself determined to stamp out any voices contrary to the official Olympic message. It is not interested in any kind of coverage that might be critical to the games."

Many of these critics also feel that IOC missed a golden opportunity to reach out to millions of Internet users worldwide. Indeed, a number of observers have suggested that these tough rules have contributed to public apathy toward the Games-a view that was bolstered by low television and Internet ratings.

Read Sean Dodson and Patrick Barkham, "Why the net is not invited to Sydney," The Guardian, Sept. 14, 2000 at,3858,4063190,00.html

See also Laura Carr, "Olympics Sites Come Up Short," The Industry Standard, Oct. 5, 2000 at,1151,19145,00.html

[7] Malaysian cybercafes fear gov't ban

New rules from the Malaysian government may prevent many Internet users from going online.

Several weeks ago, Malaysian officials banned all video game arcades within the country. Since then, officials have turned their attention to cybercafes. Energy Communications and Multimedia Deputy Minister Tan Chai Ho has sternly admonished cybercafe owners and suggested that the ban on video games also applied to them. Curiously, Deputy Prime Minister Abdullah Ahmad Badawi justified these moves by comparing these activities to the use of illegal drugs such as opium.

These developments have led to considerable concern among policymakers and the Malaysian Internet community. One cybercafe owner, Lim Kah Hai, worried that the government crackdown would keep many people off the Information Superhighway. He pointed out that cybercafes "offer a cheap means for people who can't afford computers to access the Internet. I have parents who bring their children in here on weekends and nearby college students who need them to complete assignments." Similarly, opposition politician Kerk Kim Hock argued, "If you start banning video arcades, where do you stop? Should you now ban cybercafes, snooker centers and nightclubs?"

Read Julian Matthews, "Malaysian Cybercafes Could Be Banned," ZDNet Asia, Oct. 10, 2000 at,4586,2638965,00.html

[8] ImageFilter software empowers gov't censors

Experts worry that a new "image recognition engine" will help government agents to scan and censor Internet speech.

ImageFilter supposedly categorizes graphics files using criteria such as shapes, colors, and textures. It then compares these files with other images and decides whether the sorted pictures should be blocked, based on a sliding "acceptance" rating scale. Eventually the program sends an email warning to the computer where the image is stored. French police are already using this program to hunt through the hard drives of Internet users, hoping to find objectionable material. Interestingly, no statistics are apparently available regarding product's misidentification rates.

A variety of observers have voiced concerns that this software will seriously hamper freedom of expression. The list of concerned parties even includes child abuse experts such as Professor Murray Straus, who worried that "[i]f we have [the United States] Congress saying, 'Search engines must block this, businesses must block that,' that raises free speech issues."

To see an official demonstration of ImageFilter, visit

Read Rachel Konrad, "New filter scours servers for illicit content," CNet News, Oct. 24, 2000 at

[9] Moodwatch program threatens free speech

A new e-mail program that supposedly detects the sender's emotions may hamper freedom of expression online.

The program, called Moodwatch, is actually a feature built into the latest version of Eudora, a popular e-mail handler made by Qualcomm. Moodwatch scans through both incoming and outgoing e-mail messages looking for keywords as contained within a "flame dictionary." Afterwards, the program rates messages based on their content, then issues paternalistic warnings depending on the purported severity of the language. One such warning reads: "Your message is the sort of thing that might get your keyboard washed out with soap, if you get my drift. You might consider toning it down."

Moodwatch has created considerable concern that it will curb free speech and invade user privacy. Experts are particularly concerned that the program may flag words and phrases as offensive even when they are used in jest or otherwise not meant as insults. Indeed, Moodwatch's "dictionary" includes plain phrases such as "I'm not about to let you," which might cause a given message to be branded as abusive language regardless of context.

See Adam Pasick, "Subject: You're an Idiot," Fox News, Oct. 4, 2000 at

[10] US students battle schools over online expression

Many American students are going online to air their views, but are being frustrated by school officials who refuse to let them say what they think.

In one such instance, two Kansas students, Lee Dunfield and Brad Quellhorst, wrote a satirical student newspaper and posted it on the Internet. Initially, "Low Budget" included stories such as "NYC Police Arrest Man For Being Black," and "Pope Apologizes for All 2000 Years of Christian Persecution." School officials responded by suspending the authors, and later required mandatory school screening of future issues prior to publication. Dunfield commented, "We didn't think it would be a problem. People are labeling us as rebels, but I don't look at it that way. We were just trying to express the opinions a lot of people have in a sarcastic way." Similar battles have occurred in several other states.

A number of experts worry that these efforts by school administrators may have a detrimental impact on free speech. Paul McMasters of the Freedom Forum believes this problem arises in part from a stunted view of how the Internet can used: "Many school officials think the role of the student paper should be no more than a bulletin board or public relations vehicle. For many students the only way to have freedom of expression and spread their intellectual wings is to go the online route."

Read David Koeppel, "Students Flee School Newspapers For Censor-Free Web," Fox News, Sept. 28, 2000 at

[11] Foil the Filters contest winners announced

Internet filtering software is still very clumsy.

That's apparently the conclusion being drawn from a recent contest sponsored by the Digital Freedom Network (DFN-a GILC member). In "Foil the Filters," participants competed to find the most outrageous mistakes made by Internet content blockers. The Grand Prize winner, Joe J., was cut off from his high school's website while using a computer in the school's own library. The runner up, Hillary Anne, was prevented from registering because blocking software detected the word "aryan" in the username.

The contest included several categories including the Poetic Justice award, where websites of blocking software proponents were censored by filtering programs. In the latter category, one winner was American politician Richard Armey, whose official webpages (which contained his popular name, "Dick") were shunned by numerous software packages. Similarly, the Focus on the Family website was blocked by Cybersitter because of pages that described, among other things, hardcore pornography and bondage. The Twilight Zone award (for unexplained blocking) went to an Australian high school student, Scott, who was barred by filtering software from finishing a mathematics essay.

The full list of contest winners is posted on the DFN website under

[12] EU anti-privacy "cybercrime" treaty drafted

A new draft cybercrime convention is receiving heavy fire from privacy advocates.

Among other things, the Council of Europe proposal would have signatory countries enact laws to make Internet service providers (ISPs) liable for their customers' content, as well as force ISPs to monitor and retain records on customer activities. Additionally, the scheme would make it easier for government agents to search the accounts of private Internet users as well as gain access to encryption keys. The plan also includes a broadly worded section on "Illegal Devices" that would prohibit many types of computing technologies that could possibly be used by hackers. Furthermore, the draft treaty mandates signatories to create new harsh penalties for copyright infringement.

The revised plan has drawn fire from numerous privacy advocates. David Banisar of Privacy International (a GILC member) lamented that although the proposal had gone through "months of criticism from industry, security and privacy experts, ... most of the controversial provisions on issues such as security tools and access to encrypted data are unchanged or are even worse than before." Banisar pointed out that the newest sections of the treaty would "require countries to adopt laws to 'compel a service provider' to either capture content themselves by building in surveillance capabilities, or to 'cooperate and assist' authorities Carnivore-style." He also challenged the bill's ever increasing scope: "Not content with limiting this monstrosity to Europe, this draft is no longer limited to countries in the Council of Europe and countries that participated in the drafting such as the US and Canada. Now, it specifically opens the treaty to all countries in the world once it goes into effect."

The Global Internet Liberty Campaign has since issued a statement saying that "the draft treaty is contrary to well established norms for the protection of the individual, that it improperly extends the police authority of national governments, that it will undermine the development of network security techniques, and that it will reduce government accountability in future law enforcement conduct." This statement has garnered the approval of several dozen cyberliberties groups from around the world.

To read the draft treaty, click

To see the GILC statement (along with a list of signatories), click

To read more of David Banisar's comments, visit

For press coverage of this event, read Declan McCullagh, "Police Treaty a Global Invasion?" Wired News, Oct. 17, 2000 at,1283,39519,00.html

For French coverage of this development, see Florent Latrive, "Pas touche à mon disque dur! Des associations dénoncentce texte qui donne trop de pouvoirs à la police," Libération, Oct. 19, 2000 at

For a special dossier of cybercrime materials created by Imaginons un Reseau Internet Solidaire (IRIS-a GILC member), visit

[13] Digital Angel body chip may allow Net tracking

A new biometric device might allow Internet users to track your every move.

According to the device's would-be manufacturer, Applied Digital Solutions, Digital Angel (DA) is a special chip that would collect information such as body temperature, pulse rate, blood pressure and geographical location, then send this data to special ground stations. Afterwards, these tidbits would ostensibly be made available through the Information Superhighway. While spokesperson for the firm said that the device will merely be worn close to the body, the original Digital Angel patent claims the system is "designed to be implanted under the skin of an individual."

The company is hoping to sell this device on a global scale for identification purposes; as one spokesperson said, "You want to access and go online with your MSN [Microsoft Network] or AOL [America Online] account, you'll have DA transmitting your profile at request." Indeed, at least one major company, DoubleClick, is already looking at ways to use Digital Angel to send better targeted commercials; for example, DA information would allow DoubleClick to send coffee ads to a given user every that person passes by a Starbucks coffee shop. It should be noted that DoubleClick, which provides banner ads to many websites, has faced heavy criticism over its system for tracking Internet users through the placing of digital identification numbers in files known as "cookies" on users' hard drives.

Experts have raised serious questions as to whether these plans are technically feasible. However, the unveiling of Digital Angel has heightened public concern over potential threats to individual privacy. James Dempsey of the Center for Democracy and Technology (CDT-a GILC member) worried that current laws will not be sufficient to prevent such intrusions: "Clearly our legislation now is outdated. The ... technology is going to become, I believe, more and more widely integrated into electronic devices. We have to catch up with this. ... [W]e need to have some clear-cut privacy rules."

Read Michael Della Bitta, "Digital Angel: The New Eye in the Sky," Fox News, Oct. 16, 2000 at

For more on Digital Angel's privacy implications, see Michael Della Bitta, "Digital Angel: Privacy Problems?" Fox News, Oct. 16, 2000 at

To read the patent for Digital Angel (U.S. Patent No. 5,629,678), visit

See Linda Harrison, "Human chip implants not going skin deep," The Register UK, Oct. 27, 2000 at

See also Anick Jesdanun, "Digital Tracking Devices Coming Soon," Associated Press, Oct. 30, 2000 at

The official Digital Angel website is located at

[14] US spyware review panel flawed

Controversy continues to grow over a US government spyware program.

The device, known as Carnivore, is attached to the server of a given Internet service provider. It intercepts all Internet transmissions that come through the server, then parses out pertinent material, based on chosen keywords. The US Department of Justice (DoJ) has confirmed that Carnivore can monitor private e-mail messages as well as activity on the World Wide Web and in chat rooms. The US Federal Bureau of Investigations (FBI) then decides which particular communications it believes it is entitled to review.

After considerable public outcry, the US government commissioned an "independent" review panel to see whether Carnivore complies with Federal wiretapping laws. However, a close examination of a poorly masked Department of Justice (DOJ) report (which had been posted on the official DOJ website) has revealed that the review team includes a large number of White House insiders, including a former Clinton information policy advisor, and a former Justice Department official. Other team members have backgrounds in the National Security Agency (NSA), the Department of Defense, and the Department of the Treasury. Barry Steinhardt, Associate Director of the American Civil Liberties Union (ACLU), said that "[b]y selecting people with extensive government ties for what is supposedly an independent review, the Executive Branch has shown once again that it cannot be trusted with carte blanche authority to conduct searches."

Oddly enough, in spite of these developments, Carnivore has actually received some support from within the computing industry. Grant Sieffert of the Telecommunications Industry Association suggested that "[i]f Carnivore could be tested through the normal testing process that the industry uses, I think there are a lot of people who do think that it's a solution that could work." Moreover, despite a recent court ruling that suggested otherwise, and despite strong objections from privacy groups, Sieffert seemed to accept the FBI's assertions that Carnivore protects privacy: "If it does what the FBI claims it does, then it seems to solve the problem of separating call-identifying information from the content."

These industry claims were further brought into question by the recent disclosure of several government papers regarding Carnivore and similar programs. These papers were made available in response to requests from both the Electronic Privacy Information Center (EPIC) and the ACLU. Contrary to past suggestions that Carnivore only intercepts e-mail messages, the documents revealed that the latest versions of the system included many new and powerful features, which allow it to sift through virtually all types of Internet transmissions. One of these add-ons, DragonNet, can intercept telephone calls made through the Information Superhighway. The documents also showed that millions of US dollars had been spent in developing Carnivore and its predecessors.

These events have added momentum to legislation that would increase the privacy of Internet users. One of these bills, the Electronic Communications Privacy Act of 2000, has now been approved by a committee of the US House of Representatives. However, it is unclear whether this proposal will be passed by both houses of the federal legislature before Congress adjourns (within the next few weeks).

The original (masked) DOJ report, is available (in PDF Format) under

The list of "unmasked" and coded review team names is at

To see EPIC's collection of the Carnivore documents, click

The ACLU press release is available under

Further press coverage is available from Brock Meeks, "FBI's Carnivore hunts in a pack," MSNBC, Oct. 18, 2000 at,4586,2641902,00.html

See also "Ties taint Carnivore Review," USA Today, Oct. 4, 2000, page 27A, at

For more on the industry's apparent assent to the use of Carnivore spyware, see Oscar S. Cisneros, "FCC Could Adopt Carnivore," Wired News, Sept. 29, 2000 at,1283,39129,00.html

For additional details on the Electronic Communications Privacy Act of 2000, see Declan McCullagh, "Keeping Cops' Hands Off Email," Wired News, Sept. 27, 2000 at,1294,39120,00.html

[15] ECHELON faces criminal charges

A super-secret global surveillance network may soon face criminal charges.

ECHELON is a highly classified system designed to intercept communications from around the world. ECHELON is reportedly operated by the US National Security Agency (NSA), in conjunction with several other intelligence agencies, including Great Britain's Government Communications Headquarters (GCHQ), and Australia's Defence Signals Directorate (DSD). According to experts, ECHELON is capable of intercepting e-mail messages, faxes, telephone conversations.

A special French government panel that is looking into possible ECHELON wrongdoing has now recommended greater use of computer cryptography to deter a super-secret global spy network. Interestingly, the chairman of the enquiry, Arthur Paecht, deplored the fact that neither the United States government nor British officials cooperated with the investigation. The report went on to suggest that ECHELON had already been used to conduct industrial espionage against European corporations, and noted that ECHELON's activities underlined the lack of privacy online. As a response, the enquiry advocated liberalized European Union policies towards encryption technology, and even urged the EU to help develop more sophisticated computer security systems.

Since then, Ilka Schrvder, a member of the European Parliament (EP) who sits on a special EP ECHELON investigation committee, has filed criminal complaints against the spy systems' operators. She specifically targeted "unknown suspects especially from the U.S. And Great Britain, as well as possibly the German Federal Government, for operating and tolerating the Echelon network." These papers were served on several key German government offices, including the offce public prosecutor of Traunstein, which is located near a purported NSA/ECHELON base in Bad Aibling.

For more on the Schrvder complaint, read Steve Gold, "Criminal charges filed against 'Echelon'," Newsbytes, Oct. 17, 2000 at

See John Lettice, "French Echelon report says Europe should lock out US snoops," The Register (UK), Oct. 13, 2000 at

[16] Japanese groups push for stronger privacy laws

In Japan, there is growing support for tougher privacy standards in both public and private sector.

A newly issued Japanese government report proposes legislation to protect personal data held by private companies. The plan includes many key principles regarding fair information practices, including use of information for only specific purposes, obtaining such data through proper methods, making sure the data is accurate, properly securing the information before it is used, and allowing individuals control over their own files. The report also recommends new opt-in laws that would require companies to ask individuals for permission before transferring their respective personal information to third parties.

There are also efforts underway to protect Japanese citizens from unnecessary government intrusions online. Opposition party leaders will soon submit a bill to abolish a controversial Japanese wiretapping law that went into effect this past August. The law in question considerably expands the powers of the Japanese law enforcement officials, and allows Ministry of Justice officials tremendous leeway in conducting taps of phone conversations, fax transmission and Internet communications. Concerns over potential privacy violations were further heightened by the National Police Agency's new budget, which includes plans to use a government server to conduct e-mail surveillance throughout the Land of the Rising Sun. Against this backdrop, numerous civic groups, including Japanese Net Workers Against Surveillance Taskforce (NaST-a GILC member), are throwing their support behind the bill to repeal this new statute. However, the current ruling parties has so far refused to even allow formal debates over the proposal.

See "Report on data privacy gets nod, exempts press," Japan Times, October 12, 2000 at

See also "Petition against wiretapping law submitted to Diet," Japan Times, Sept. 26, 2000, at

For further information in Japanese, visit the NaST homepage at

[17] Clothing store web body scans spark privacy concerns

Think body scans are an invasion of personal privacy? Would you feel any better if these scans were posted on the World Wide Web?

American clothing store giant Land's End has launched a "Virtual Model Tour" to promote its new Body Scanning service. Under the program, customers "step into a scanning room," where "200 000 points of measuring data" are recorded, "enough to determine your size and dimensions more accurately than ever," according company documents. Afterwards, the information is used to create a personal "Virtual Model" profile that is made available on the Land's End website. Users can then "try on hundreds of clothes online" using a given "Virtual Model." Similar services are available through

Experts are now questioning whether these companies have made sufficient efforts to keep this information private. Indeed, the Land's End tacitly admits through its Security Policy that it transfers customer information (such as names and addresses) to various third parties, including other companies, but the Policy is silent as to what the company does with personal body scans.

To see a Land's End statement regarding their body scan program, click

Read Dianne Lynch, "Sizing Up," (US), Sept. 6, 2000 at

[18] Australian gov't health website bad on privacy

Many groups are voicing concerns that an Australian government website may needlessly expose sensitive medical information about several million citizens.

The Australian government has been forging ahead with attempts to make many government services available via the Internet, including tax services and registrations. As part of this effort, the Australian Department of Health is trying to establish an electronic network by sometime next year. However, there are apparently no clear guidelines as to who will have access to these files, or for what purposes they can be used. Similarly, there are major questions over whether personal health data will be properly secured when posted to the World Wide Web.

Experts have suggested that these thorny problems could be solved through stronger privacy laws. Privacy Commissioner Chris Puplick said that "there has to be appropriate legislation to ensure that this isn't linked with social security payments or with taxation arrangements or as a means of controlling health costs or linked to the law enforcement people who might be involved in investigating complaints about over charging by doctors, things of that nature."

Read Adam Creed, "Privacy Concerns Over Australian E-Health Network Rise,", Sept. 23, 2000 at

[19] US companies push weak privacy bills

Consumer advocates warn that a new industry-backed bill will not go very far to protect privacy online.

The proposal, which is being considered by the United States Congress, would merely require websites to provide notice of their policies regarding privacy, as well as provide customers with the ability to "opt out" of company information collection systems. The bill has been endorsed by several major companies, including America Online, and Walt Disney Internet Group.

However, many groups feel that this legislation does not do enough to safeguard user privacy. At a recent hearing, Executive Director Marc Rotenberg of the Electronic Privacy Information Center (EPIC-a GILC member) testified that the notices required under the plan "without other substantive rights operate more like warning labels or disclaimers than actual privacy safeguards." Similar concerns were voiced in a later hearing by EPIC Policy Analyst Andrew Shen, who argued that "Technologies available to consumers ... will only have significant impact once legal standards become effective" and that "Congress ... should build on the legal framework for privacy protection, consistent through many federal laws protecting personal information."

EPIC and other organizations are supporting a rival bill from Senator Ernest Hollings as a more comprehensive way to strengthen privacy on the Internet. Among other things, the Hollings bill would require companies to get their customers' permission before collecting personal information about them.

Marc Rotenberg's testimony is posted at

Andrew Shen's testimony is available under

Read Ariana Eunjung Cha, "Key Firms Back Bill On Web Privacy," Washington Post, Oct. 4, 2000, page E1, at

See also Jim Wolf, "Opting-Out for Online Privacy," Reuters, Oct. 4, 2000 at

[20] Free & secure web email service launched

A new British e-mail service may greatly enhance privacy along the Information Superhighway.

The service, Cyber-Rights.Net, is the result of a partnership between Hush Communications and Cyber-Rights & Cyber-Liberties UK (a GILC member). The system allows users to send and receive email that is encrypted and secured from end-to-end. Because the system is web-based, registrants can utilize Cyber-Rights.Net from any location in the world that has Internet access. Furthermore, the entire package is available free of charge.

The partnership is part of a campaign against the controversial British Regulation of Investigatory Powers Act (RIP) 2000, which passed into law on this past October. The RIP bill is highly controversial because its potentially damaging impact on Internet privacy. Among other things, it extends the reach of law enforcement agencies, making it easier for them to monitor and intercept communications in cyberspace, as well as giving the government greater access to users' encryption keys and passwords.

Yaman Akdeniz, Director of Cyber-Rights & Cyber-Liberties (UK), bemoaned "the absence of clearly defined conditions and safeguards protecting the privacy of communications in homes and in working environments." He hopes that "Cyber-Rights.Net will be an additional tool for concerned Internet users when securing their communications."

This new service is available through

For more details, visit the Cyber-Rights & Cyber-liberties (UK) homepage at:

[21] Study: privacy worries hurt e-commerce

A new study suggests that public concern over the lack of online privacy is continuing to have a detrimental impact on e-commerce.

The Forrester Research report found consumers still worry about how dot-coms handle privacy matters. In this project, researchers had 400 computer users rate numerous e-commerce sites on privacy grounds, including their posted privacy policies, on a scale of 1 to 100 (with 100 as the highest score). The list of sites tested included,, and many others. Most of the websites (along with their privacy statements) received ratings of around 60 to 76. Interestingly, evaluators often complained that they had a hard time figuring out how these dot-coms handled personal information.

The report warned that e-commerce companies must do a better job of explaining to the public their stances on sensitive user data. Forrester Research analyst Christopher Kelley noted that many of these retailers "may not be aware of how important the privacy issue is to consumers and how it can negatively affect their bottom line."

See "Study: Sites Need Private Xmas," Wired News Report, Oct. 12, 2000 at,1294,39398,00.html

[22] privacy fiasco

A change in business practices by a major online bookseller is drawing heavy fire from privacy groups. recently altered its privacy policy to allow transfers of customer information to third parties. Specifically, Amazon added language saying that it would treat sensitive "customer information" as merely "business assets" that could be bought or sold as the company continued to develop its business. This comes in stark contrast to its prior notice, which explained that the firm would never buy or sell customer data. In addition, the company removed a past feature of its website, which allowed consumers to completely opt out of these types of information transfers (by sending e-mail to Instead, the company allows users limited access to their files, apparently without allowing them to fully opt-out. Indeed, when Jason Catlett from the privacy group asked Amazon to terminate this account and destroy all information related to him, the company replied that it "cannot totally remove account information" from its system. Oddly enough, Amazon spokesperson Patty Smith said that these new procedures (particularly privacy notice) were actually an improvement because they clarified how the company handled user data.

This decision was slammed by several organizations, including the Electronic Privacy Information Center (EPIC-a GILC member), which had sold books through Amazon's affiliates program. EPIC eventually severed all ties with the bookseller; EPIC Executive Director Marc Rotenberg said the retailer's move was further evidence of a "slow erosion of online privacy under the industry's self-regulatory approach." Similar comments came from Catlett, who called the revised policy "unacceptably weak" and noted that "Amazon's leadership position means that it directly affects a very large number of individuals as well as prevailing industry standards."

To read EPIC's letter, click

To see more of Jason Catlett's comments, visit

Read "Privacy groups protest Amazon's policies," Associated Press, Sept. 14, 2000 at

See also Miguel Helft, "For Amazon, Honesty May Not Be the Best Policy," The Industry Standard, Sept. 14, 2000 at,1151,18538,00.html

[23] US gov't gets low privacy marks

There is growing concern that the United States government is not doing a good job protecting people's privacy.

A survey conducted by the Information Technology Association of America (ITAA) showed that nearly 80% of Americans were concerned that the US government would use data about them. Furthermore, about half of the respondents wanted to see a Federal "chief information officer" appointed to safeguard their privacy. This comes after a US General Accounting Office (GAO) report that showed a majority of US government Web Sites do not comply with privacy standards proposed by the U.S. Federal Trade Commission (FTC). Of 65 web sites tested, only two of them conformed with the FTC's "fair information principles" that previously had been proposed to protect consumers' personal information when collected by dot-coms and other e-commerce companies. According to the latest revelations, 13 government agencies are apparently tracking Internet users, and in one instance (involving the U.S. Forest Service), the collected data was handed over to a private firm.

A number of groups have cited these revelations as evidence that new and tougher privacy laws are needed. David Banisar of Privacy International (a GILC member) noted that the U.S. Privacy Act, which theoretically protects citizens when the government agencies collect information, "these days is largely a paper tiger." Banisar suggested that an independent agency should formed to help solve these problems-a view that may receive considerable public support, judging from the ITAA poll results.

This view was further buttressed by a recent report, "Privacy and Human Rights 2000: An International Survey of Privacy Laws and Developments," that was jointly issued by Privacy International and the Electronic Privacy Information Center (EPIC-a GILC member). This report indicates that the US is in the dubious position of leading in efforts to remove laws and technical measures that protect individual privacy. EPIC Executive Director Marc Rotenberg commented that the report indicated "an urgent need to establish privacy rights in law to protect the interests of citizens particularly in the digital world."

See D. Ian Hopper, "Big Brother Is Still Watching," Associated Press, Oct. 22, 2000, at

For more on the ITAA survey, see "Poll: Most Americans Wary of Privacy," Reuters, Oct. 17, 2000, at

For more on the GAO report, read Patrick Riley, "Report: Government Web Sites Have Few Privacy Safeguards," Fox News, Sept. 12, 2000 at

For more on "Privacy and Human Rights 2000: An International Survey of Privacy Laws and Developments," click

See also David McGuire, "US Privacy Protections Are World's Weakest-Report," Newsbytes, Sept. 20, 2000 at

[24] New P2P crypto mail program

A new e-mail program that uses peer-to-peer (P2P) technology may greatly enhance online privacy.

Created by AbsoluteFuture, SafeMessage sends messages directly from the creator's machine to recipient's computer (via the software manufacturer's systems), without going through normal e-mail servers that act as middlemen. In order to avoid the possibility that past transmissions may be preserved on e-mail server logs, minute amounts of authorization data are kept on AbsoluteFuture's computers, but other information (such as the contents of each message and the identities of the parties involved) is not retained. The program also encrypts each message sent between the two parties; both sides must have SafeMessage software and each others' keys to be able to communicate. The entire setup has been compared to Napster, the popular music-file sharing website and software package.

AbsoluteFuture's Chief Executive Officer, Graham Andrews, said "SafeMessage is the electronic answer to the shredding machine. It is the first industrial-strength, secure messaging product of its kind for not only large corporations, but also individuals." While the system can be somewhat tedious, the company hopes that cybernauts will use SafeMessage to secure ultrasensitive information transfers. Read Chris Oakes, "This Email Will Self-Destruct," Wired News, Sept. 21, 2000 at,1294,38936,00.html

See also Cecily Barnes, "New email could confound law enforcement," CNet News, Sept. 22, 2000 at

[25] Web "cat" tracks users

Many computer users have heard about the threat "cookies" and "webbugs" pose to their privacy. Now there's apparently a new menace: web "cats".

CueCats allow users to scan special barcodes contained on print articles and advertisements, which triggers their computers into accessing websites for more information. This system is already being used by numerous publications (including Forbes and Wired magazine) and by hundreds of thousands of users. However, scientists have discovered that CueCats include special individualized serial numbers that allow the tracking of computer users as they surf the Internet and the creation of highly detailed profiles regarding their behavior. Indeed, the maker of CueCats, Digital Convergence, has admitted that it "is responsible for the creation and analysis of the largest consumer database that provides the unique combination of Web tracking with all forms of media." Worse still, Digital Convergence recently suffered a security breach that revealed personal information files on nearly 140,000 users, including such data as customer names, email addresses and postal codes.

Not surprisingly, these revelations have caused considerable concern among privacy advocates. The Privacy Foundation's Richard M. Smith said that his group "has serious privacy concerns with the CueCat. We are asking the company to fix the service now, before it is in widespread use." Smith noted that the CueCats' serial numbers put Digital Convergence "in a very powerful position to track people. And the question is, what happens with your information at the other end? Frankly, the company has not been very forthcoming about their practices."

Read Stefanie Olsen, "Privacy group slams Web tracking 'cat'," CNet News, Sept. 22, 2000 at

[26] Privacy flaws in Bluetooth palmtop devices

Scientists have discovered anomalies within various palmtop computer systems that may have a detrimental impact on user privacy.

The flaws occur in the Bluetooth wireless radio beams that palmtops use to communicate with one another. Researchers have apparently discovered that it is possible to rig a palmtop in such a way that it can intercept the encryption keys of other machines, then use them to decrypt and eavesdrop on transmissions between third parties. Investigators reported that they were even able to discover the identity of targeted machines and trace their users' locations.

The two Lucent Technologies employees who made these discoveries, Markus Jacobsen and Susanne Wetzel, have suggested that these problems can nevertheless be fixed. For example, they recommend changing Bluetooth standards so that the identity numbers of palmtops will be masked, in part through constantly changing pseudonyms.

See Elisa Batista, "PDA: 'Public' Display Assistant?" Wired News, Sept. 11, 2000, at,1294,38688,00.html

[27] Austrian Big Brother Awards ceremony held

On October 26, a number of digital human rights organizations (including GILC members ARGE Daten, VIBE!AT and quintessenz) presented the Austrian Big Brother Awards for the year 2000. These annual prizes are given to members of the public and private sector who have done the most to invade the privacy of Austrian citizens. This year's gala was held at a prominent Viennese night club, the Flex, and was cybercast through the official Awards website.

Among the winners was an Austrian police union that "deliberately misappropriated data from the [Austrian] Department of the Interior to intimidate political opponents." Another recipient was the Austrian division of communications giant Siemens, which worked with various law enforcement agencies to come up with plans that will allow the interception of "all future digital telephone nodes in Europe." Meanwhile, European multimedia store Saturn, which surreptitiously forwarded personal information about their unsuspecting customers, received a special Big Brother Award in the Business/Finances category.

For more information about this event, see

See also Valerie Thompson, "Apache wins Big Brother award," The Register (UK), Oct. 27, 2000 at


The GILC News Alert is the newsletter of the Global Internet Liberty Campaign, an international coalition of organizations working to protect and enhance online civil liberties and human rights. Organizations are invited to join GILC by contacting us at To alert members about threats to cyber liberties, please contact members from your country or send a message to the general GILC address.

To submit information about upcoming events, new activist tools and news stories, contact: GILC Coordinator, American Civil Liberties Union 125 Broad Street 17thFloor, New York, New York 10004 USA. email:

More information about GILC members and news is available at You may re-print or redistribute the GILC NEWS ALERT freely. To subscribe to the alert, please send an mail to with the following message in the body: subscribe gilc-announce