GILC Actions 



 Free Speech 





 GILC Alert 

 Mailing List
 GILC Events 




 Mail GILC 

Home Page

US Site
European Mirror


GILC Alert
Volume 7, Issue 6

August 27, 2003


Welcome to the Global Internet Liberty Campaign Newsletter.


Welcome to GILC Alert, the newsletter of the Global Internet Liberty Campaign. We are an international organization of groups working for cyber-liberties, who are determined to preserve civil liberties and human rights on the Internet.

We hope you find this newsletter interesting, and we very much hope that you will avail yourselves of the action items in future issues.

If you are a part of an organization that would be interested in joining GILC, please contact us at

If you are aware of threats to cyber liberties that we may not know about, please contact the GILC members in your country, or contact GILC as a whole.

Please feel free to redistribute this newsletter to appropriate forums.

Free expression

[1] California DVD code decision means more battles ahead
[2] Protests grow over Euro copyright directive
[3] U.S. gov't urges High Court to support Net censor law
[4] German court ruling curbs Internet anonymizing software
[5] Vietnamese Net dissident's jail term reduced
[6] U.S., Spanish court cases bar users from providing weblinks
[7] Hollywood appeals Grokster Net file sharing decision
[8] Thai gov't minister proposes more online curbs
[9] German court upholds legality of deep weblinks
[10] Indian gov't plans new online censor law
[11] Japanese gov't plans mobile phone content controls
[12] Chinese gov't to use only Chinese software


[13] Hollywood claims it won't go after small downloaders
[14] Mblast and Sobig computer bugs hit hard
[15] U.S. gov't plans mini-TIA spy databases
[16] U.S. gov't pushes Net phone tap law expansion
[17] Study: lack of online privacy leads to discrimination
[18] British firm rolls out mobile phone tracking system
[19] Australian Big Brother ISP plan, Net user ID scheme panned
[20] Korean plan may have serious mobile phone privacy impact
[21] U.S. schools install web spy cameras to watch kids
[22] Global Privacy Report Published
[23] New analysis of UK data retention proposals released
[24] New GILC member: IP Justice

[1] California DVD code decision means more battles ahead

A new court ruling signals that there will be yet another round of legal battles over a controversial DVD-related computer program.
The case centers on DeCSS, a primitive program that was created to help users of the Linux computer operating system watch DVDs on their machines. Four years ago, the DVD Copy Control Association (DVD CCA) sued Andrew Bunner and hundreds of other people claiming that they violated California trade secret law by publishing (or providing weblinks to) the code. A state trial court agreed with DVD CCA and granted an injunction banning Internet posting of DeCSS. An appeals panel overturned the trial court ruling, saying that Bunner's activities were protected under the First Amendment of the United States Constitution, which guarantees the right to free speech.
The California Supreme Court held that "restrictions on the dissemination of computer codes in the form of DeCSS are subject to scrutiny under the First Amendment." However, the court also held that the ban on publication of DeCSS was a content-neutral restriction that is "not subject to strict scrutiny" under the First Amendment. Rather, the court saw the protection of trade secrets as a significant government interest and stated that there must be "a balance between the government interest and the magnitude of the speech restriction." In the end, the high court admitted that its decision was "quite limited" and sent the case back to the lower appeals court for further examination of the trade secrets issue, focusing in particular on whether the information embodied in DeCSS actually was a trade secret.
Free expression advocates remain confident that the ban on DeCSS publication will eventually be lifted. David Greene, Executive Director of the First Amendment Project who argued the case on behalf of Bunner, said his group was "heartened that the court acknowledged that trade secret injunctions must be subject to a high level of First Amendment scrutiny. We are confident that, having looked at the facts, the Court of Appeal will remove the restriction on Bunner's right to republish publicly available information." Similarly, Cindy Cohn from the Electronic Frontier Foundation (EFF-a GILC member) explained: "The appeals court can now examine the movie industry's fiction that DeCSS is still a secret and that a publication ban is necessary to keep the information secret. DeCSS is obviously not a trade secret since it's available on thousands of websites, T-shirts, neckties, and other media worldwide."

The text of the California Supreme Court's ruling is available under

An EFF press release regarding the California Supreme Court's decision is posted under

Read Carrie Kirby, "Court rules against DVD copying/Trade secrets must be protected, judges say," San Francisco Chronicle, 26 August 2003, page B1 at

See "Free speech no issue in DVD case," BBC News Online, 26 August 2003 at

Read John Borland, "DVD-copying code loses free speech shield," CNet News, 25 August 2003 at

[2] Protests grow over Euro copyright directive

Resistance is growing against a European proposal that may curtail free speech and data privacy online.
The draft European Intellectual Property Enforcement Directive is intended to simplify the enforcement of copyrights, patents, and trademarks throughout the continent. The Directive includes language that bans the use, manufacture, importation and distribution of "illegal technical devices" that could circumvent technologies designed to protect any industrial property right. The proposal also contains provisions that essentially would give intellectual property holders broad subpoena powers to collect personal information. The proposal's general outlines have drawn comparisons to the United States Digital Millennium Copyright Act (DMCA), which contains broadly similar language and has been savaged by many cyberliberties experts.
Indeed, an analysis commissioned by the Foundation for Information Policy Research (FIPR-a GILC member) dubbed the Directive a "EuroDMCA" that, if implemented, would prove harmful to individual users: "The law on `intellectual property' - copyrights, patents and trademarks - has always been a difficult balance between protecting incumbent companies and fostering competition. The Directive seeks to shift the balance strongly in favour of the incumbents and against competitors. This will create winners and losers. The winners will mostly be large companies, such as Microsoft and Disney; the losers will include some large companies (such as phone companies) but also a lot of small firms and civil society interests."
Subsequently, a coalition of 48 groups issued an open letter expressing concern "about the impact on civil liberties, innovation, and competition posed by the European Union's proposed IP Enforcement Directive." Among other things, the letter pointed out how the anticircumvention provisions of the Directive would erode "the public's fair use (fair dealing) and freedom of expression rights by outlawing all technologies, including software, that are capable of bypassing technical restrictions." The initiative, which was spearheaded by IP Justice (a GILC member), attracted support from a number of other GILC member organizations, including Association Electronique Libre, Associazione per la Liberta nella Comunicazione Elettronica Interattiva, Austrian Association for Internet Users (Verein fuer Internet Benutzer Oesterreichs-VIBE!AT), Bits of Freedom, Computer Professionals for Social Responsibility, the CryptoRights Foundation, Cyber-Rights & Cyber-Liberties UK, Digital Rights Denmark, Electronic Frontier Finland, the Electronic Frontier Foundation, the Electronic Privacy Information Center, Foederverein Informationstechnik und Gesellschaft, FIPR, Privacy International, Quintessenz, Swiss Internet Users Group, Stop1984, and XS4ALL.

The letter is posted at

A press release regarding the letter is available under

To read the FIPR-commissioned analysis of the Directive, click

[3] U.S. gov't urges High Court to support Net censor law

Will the United States Supreme Court revive a controversial Internet censorship law?
That is essentially the question being asked by U.S. government officials. The case involves the so-called Child Online Protection Act (COPA), which made it a crime to use the Internet to pass along "for commercial purposes" information considered "harmful to minors." The statute was enacted in response to the 1997 Reno v. American Civil Liberties Union decision, in which the U.S. Supreme Court struck down the Communications Decency Act and applied traditional free speech protections to the Information Superhighway. COPA was soon challenged by the American Civil Liberties Union (ACLU-a GILC member) on behalf of 17 groups and individuals, including fellow GILC members the Electronic Privacy Information Center and the Electronic Frontier Foundation.
The U.S. Supreme Court's subsequent ruling reflected deep divisions among the Justices regarding various aspects of the case. Justice Clarence Thomas, who wrote the majority opinion, held that "COPA's reliance on community standards to identify 'material that is harmful to minors' does not by itself render the statute substantially overbroad" and therefore violate U.S. constitutional free speech protections. However, Thomas added that the scope of this decision was "quite limited" and that the Court was not sure whether COPA might be an unconstitutional restriction on free expression for other reasons. Citing these reasons, the Court maintained a ban on COPA enforcement and sent the case back to a lower appeals court for further examination of these issues.
Earlier this year, the appeals court once again struck down COPA as unconstitutional. Among other things, the 3-judge panel was especially concerned with the "harmful to minors" standard, noting that "while COPA penalizes publishers for making available improper material for minors, at the same time it impermissibly burdens a wide range of speech and exhibits otherwise protected for adults." The panel also noted that the statute was vague with regard to what was suitable for minors, and the law did not take into account the concept that "materials that have 'serious literary, artistic, political or scientific value' for a sixteen-year-old" may not "have the same value for a minor who is three years old. ... Web publishers who seek to determine whether their Web sites will run afoul of COPA cannot tell which of these 'minors' should be considered in deciding the particular content of their Internet postings."
The U.S. Justice Department has since appealed the panel's latest ruling to the Supreme Court. The decision was met with dismay from a free speech advocates; ACLU associate legal director Ann Beeson said she "thought the Justice Department would have better things to do with its time than to defend what is clearly an unconstitutional law." Indeed, a number of experts have questioned whether this latest attempt to revive COPA will succeed.

To read the latest appeals court ruling (in PDF format), click

The text of the Supreme Court's prior COPA decision is available under

An ACLU archive of documents regarding this case is posted at

Read "DOJ Pushes Stiffer Porn Law," Associated Press, 13 August 2003 at,1283,60018,00.html

[4] German court ruling curbs Internet anonymizing software

A decision by a local court in Germany may make it more difficult to engage in anonymous free speech online.
A trial court (Amtsgericht) in Frankfurt am Main has ruled that anonymisers without backdoors for law enforcement purposes are illegal. The case involved the AN.ON anonymizing service, which utilizes a Java Anonymizing Proxy (JAP) from TU Dresden. The German Federal Office of Criminal Investigation Office (BKA) required workers at the research project AN.ON to store information collected regarding a user (as identified through that person's Internet Protocol address) for a certain period and to turn over that data for law enforcement purposes.
The independent national data security center in Schleswig-Holstein objected to this procedure. Helmut Baeumler, the national data-security commissioner in Schleswig Holstein, said that the Office's actions were "obviously illegal." Although the court threw out the center's complaint, the decision has been challenged and might be overturned by a higher court.
Not surprisingly, cyberliberties experts have expressed anxiety over these developments. A spokesperson from Stop1984 (a GILC member) explained that her group simply did "not agree" with "the idea of an anonymizer being used for surveillance. Privacy, especially in times when it is so easy to grab data and personal information, should be essential and a service providing this privacy should not be forced into tricking their customers into thinking they are private when they are not." Stop1984 has since created a list of 73 public proxies which are known to be compatible to JAP in order "to help people to regain their privacy."

An AN.ON press release regarding these developments is available at

An English-language version of this release is posted under

For further background information about AN.ON, click

For more details about Stop1984's list of alternative anonymizing proxies, click

See Christiane Schulzki-Haddouti, "Nicht mehr ganz anonym: Anonymisier-Dienst JAP protokolliert Zugriffe," Heise Online, 18 August 2003 at

[5] Vietnamese Net dissident's jail term reduced

An appeals court in Vietnam has decided that an Internet activist should remain in jail, albeit for a shorter time than previously anticipated.
Pham Hong Son allegedly wrote and translated several pro-democracy papers that were then posted online. Vietnamese authorities had initially questioned him on this subject and seized various personal items, including computer equipment and numerous documents. When the government denied his requests to reclaim his belongings, he posted an open letter on the Internet to protest their decision. Vietnamese officials subsequently convicted him of spying and using the Internet to distribute critiques of the government. A trial court sentenced him to 13 years in jail, plus 3 years of house arrest after he leaves prison. Earlier this week, the Vietnamese Supreme Court of Appeal reduced his expected prison term to 5 years but retained the earlier 3 years house arrest sentence. Outside observers (such as diplomats and foreign reporters) were excluded from both the trial court and Supreme Court proceedings.
Human rights advocates remain deeply troubled by the Pham's plight. In a statement, Amnesty International said that while the organization welcomed "the unprecedented move to reduce his prison term," it was "dismayed that Dr Pham Hong Son remains in prison for the peaceful expression of his political beliefs." The organization reiterated its call "for his immediate and unconditional release." Similarly, Brad Adams of Human Rights Watch (HRW-a GILC member) complained: "Pham Hong Son's first trial was a sham. The Supreme Court should do better, by admitting international observers and resisting political directives predetermining the verdict. Jailing writers and cyber-dissidents shows Hanoi's complete intolerance for any sort of peaceful dissent and has a chilling effect on all debate in Vietnam."

Further information regarding the case is available from the HRW website under

The Amnesty International statement is posted at

Read "Vietnamese dissident sentence cut," BBC News Online, 26 August 2003 at

[6] U.S., Spanish court cases bar users from providing weblinks

Two recent legal disputes have cast doubt on the legality of Internet weblinks.
In one case, a Spanish court has ordered the closure of The website in question allowed people to post various comments and had numerous weblinks to areas of the Internet where people could download files using peer-to-peer programs. Among other things, the court claimed that Donkeymedia's actions constituted an intellectual property crime; the ban is expected to last at least 6 months. The decision is believed to be the first time in Spain that a website has been shutdown over the weblinks it contained. Curiously, the presiding judge ordered the closure without deciding whether the webpages to which Donkeymedia had weblinked contained illegal material.
The other case involves Sherman Austin, an activist who hosted a website that contained information on how to manufacture bombs and provided a weblink from his site ( to the other website. The United States Justice Department prosecuted Austin under an obscure law that barred the "distribution of information relating to explosives, destructive devices, and weapons of mass destruction with the intent that such information be used in furtherance of a federal crime of violence." His prosecution came despite the fact that bomb manufacturing information is widely available in the United States from a variety of sources (including libraries and bookstores). Although Austin agreed to a plea deal, presiding Judge Stephen Wilson sentenced him to a year in jail-a term that was three times longer than what the prosecutor had recommended under the agreement. Austin will also have to comply with a number of other harsh measures, including a criminal fine, monitoring of his computer usage, and a ban on associating with "any person or group that "espouses violence or physical force as means of intimidation, or achieving economic, social, or political change." Lee Tien from the Electronic Frontier Foundation (EFF-a GILC member) expressed concern over the impact that this ruling would have on free speech that is otherwise guaranteed under the First Amendment of the U.S. Constitution: "Sherman Austin's jail sentence for distributing bomb-making information raises serious First Amendment questions. Leaving aside the question of the constitutionality of the bomb-making information distribution law, a year in jail and the onerous probation conditions Austin now faces are out of sync with the character of the alleged crime."

An EFF press release regarding the case is posted at

See "Man jailed for linking to bomb sites," Associated Press, 5 August 2003 at

For more on the Donkeymedia case, read "Una juez ordena el cierre de un sitio sobre P2P en Espana,", 5 August 2003 at

[7] Hollywood appeals Grokster Net file sharing decision

Entertainment industry leaders are appealing a court ruling regarding the legality of Internet file trading software.
The case involved a lawsuit by several major entertainment companies against a number of organizations that distributed free Internet file-trading programs, including Grokster and Streamcast Networks (which provides Morpheus software). The plaintiffs claimed that the defendants should be held liable for copyright infringement. However, a Federal trial court in the United States disagreed and ruled in favor of Grokster and Streamcast. Presiding judge Stephen Wilson pointed out that the software provided by Grokster and Streamcast was capable of many non-infringing uses (such as "distributing movie trailers, free songs or other non-copyrighted works; using the software in countries where it is legal; or sharing the works of Shakespeare"), and compared them to videocassette recorders and other types of "copying equipment," the sale of which, according to past U.S. Supreme Court precedents, does not constitute contributory infringement. The court also relied on the fact that Grokster and Streamcast did not have the ability to control users and did little to "actively facilitate ... infringing activity" by their users. Similarly, the court refused to impose vicarious copyright liability on Grokster and Streamcast because did not have "a right and ability to supervise the infringing activity."
The plaintiffs have now appealed the Judge Wilson's ruling-a ruling that had been warmly embraced by free speech advocates. Nevertheless, Wayne Russo, the president of Grokster, remains confident: "We expect to prevail, and if we do not, we will take this to the Supreme Court if we must. We clearly have the law on our side, something the plaintiffs obviously have a difficult time accepting."

An archive of documents in this case is available from the Electronic Frontier Foundation (EFF-a GILC member) at

See "Song-swappers face new court fight," BBC News Online, 20 August 2003 at

[8] Thai gov't minister proposes more online curbs

After undergoing an online curfew, Internet users in Thailand may soon face more restrictions, if a leading government minister has his way.
Previously, Thai government had implemented a new system that blocked several overseas and local websites between 10PM and 6AM. While the curfew supposedly is meant to prevent children from playing games through computer networks, the ban affects all Thai Internet users, no matter what their age or where they are located in the country. It is also unclear if the blocking is actually limited to gaming sites. The curfew is supposed to last until at least September 30. Many members of Thailand's online community are outraged by the government's online curfew and have flooded digital chat rooms with angry messages.
Since then, Surapong Suebwonglee, the country's Information and Communciations Technology Minister, has called for a new system to force Internet users to supply information from their national ID cards. More specifically, online game servers would be required to collect such data from users, ostensibly in order to determine their age. The Minister reportedly did not address the apparent privacy implications of his proposal. He went on to suggest that cybercafes avoid charging bulk rates for Internet access, so as to deter young people from going online-a move that could also deter economically disadvantaged individuals from accessing the Information Superhighway.

Read "Thailand proposes ID cards for game servers," CNETAsia, 28 July 2003 at,39020369,39115285,00.htm

[9] German court upholds legality of deep weblinks

According to a court in Germany, it is alright to provide direct access to documents on a given website without having to go through the front page of the site.
The German Federal Supreme Court (Bundesgerichtshof) has upheld the legality of deep weblinks. The decision in a case where media company Verlagsruppe Holtzbrinck, which publishes the German newspaper Handelsblatt, sued news search engine Paperboy had provided weblinks to individual newspaper and magazine articles rather than pointing those links at the homepages of the respective publications. The company claimed that Paperboy's actions constituted unfair competition (by bypassing advertisements on those homepages) as well as copyright infringement. Verlagsruppe Holtzbrinck had won at the trial court level but lost in an intermediate appeals tribunal.
The Supreme Court then ruled in favor of Paperboy. It held that the search engine had not violated copyright law because, as reported in the German American Law Journal, "the copyright owner has already made the articles publicly accessible." In addition, the court rejected the unfair competition claim because, in its view, website owners do not have the right to force users to access their websites via a specific route.

For more on the German deep weblinks ruling, click

[10] Indian gov't plans new online censor law

A new initiative by the government of India may make it more difficult to access online information.
The Indian department of information technology has issued an order laying out procedures for blocking websites. Under the order, many types of Internet content can be censored, including "websites promoting hate content, slander or defamation of others, promoting gambling, promoting racism, violence and terrorism and other such material." The measure empowers numerous government agencies to submit complaints to the director of Cert-In, a new governmental body. A committee of officials, including representatives from Cert-In, the department of information technology and the law or home ministry would vet the complaints and make a spot decision without a hearing as to "whether the website is to be blocked or not."
The plan has already drawn a fair amount of criticism. Technology law expert Somasekhar Sundaresan called the proposal "the first formal step towards Internet censorship in Indian law. The order provides the State with sweeping powers to police Internet content."

Read Shabnam Minwalla, "Watch what you surf, Net police are here," Times of India, 1 August 2003 at

[11] Japanese gov't plans mobile phone content controls

The Japanese government is planning a new system that may restrict information that can be accessed via mobile phones.
The Japanese Public Management, Home Affairs, Posts and Communications Ministry wants to implement a system for rating and filtering Internet content that is accessible through cellular phones. Under the plan, the Internet Association of Japan, an industry trade group, will create a database with ratings of sites containing such content. The government would then require mobile phone manufacturers to install special software on their devices to block content based on the database and to develop a password system that would ostensibly prevent children from bypassing the blocking. The list of sites that could be affected by this measure has yet to be released, although dating sites reportedly are to be included in this scheme.
Although the Ministry hopes to have the entire system in place by the 2006 fiscal year, there are questions as to whether the scheme will work. For one thing, blocking software of the type envisioned under the scheme might not run properly on mobile phones due to their relatively small memory capacities. In addition, it is unclear what impact this proposal will have on Internet free expression.

Read "Ministry to filter sites to mobiles," Asahi Shimbun, 30 July 2003 at

[12] Chinese gov't to use only Chinese software

The mainland China is trying to phase out the use of foreign software in government offices throughout the Land of the Dragon.
China's State Council has issued an edict telling government agencies to purchase only locally produced software the next time they upgrade their computers. More specifically, these agencies will only buy hardware with locally manufactured software and operating systems preinstalled. Exceptions will only be made for special circumstances and upon request. A Council spokesperson said that the measure would be take effect at the end of 2003.
The move is due to concerns over possible security flaws in Western-made computer programs, as well as providing support to Chinese software makers. Indeed, Chinese authorities already have thrown their support behind several products in lieu of various Microsoft products. For example, Chinese government officials are encouraging users to adopt a "Red Flag-Linux" operating system instead of Microsoft Windows, and the Chinese-made WPS Office 2003 rather than Microsoft Office.

Read "China blocks foreign software," CNETAsia, 18 August 2003 at

See also "Shanghai: School's out for Microsoft Office," CNETAsia, 26 August 2003 at

[13] Hollywood claims it won't go after small downloaders

After a wave of bad publicity, a major entertainment trade organization is claiming its massive legal campaign against people who trade files over the Internet does have limits. But many observers remain skeptical.
Over the past several months, the Recording Industry Association of America (RIAA) has garnered hundreds of federal subpoenas for personal data regarding computer users who allegedly shared copyrighted music files on the Internet. The association is promising to file several hundred lawsuits against the people identified through the subpoenas within the next eight weeks. The RIAA's dragnet has already affected a wide cross section of society, including grandparents to roommates to college students.
The wave of subpoenas has drawn concern from policymakers in the United States, notably U.S. Senator Norm Coleman, who sent the RIAA a series of questions regarding what he termed its "excessive" campaign. In a prepared response statement, the RIAA's Cary Sherman claimed his organization was merely "gathering evidence and preparing lawsuits only against individual computer users who are illegally distributing a substantial amount of copyrighted music." However, Sherman did not explain just what his organization considered to be a "substantial amount," and an RIAA spokesperson later refused to clarify the group's stance on this point. More ominously, Sherman's statement mentioned that the RIAA "does not want anyone to think that even a little illegal activity is acceptable." Coleman is planning to hold Congressional hearings on this matter. The Senator's efforts have been lauded by a number of groups, ranging from cyberliberties organizations to industry leaders; NetCoalition, which includes numerous Internet service providers as its members, issued a letter that cited Coleman's inquiries and warned that the RIAA's efforts "should not be allowed to devolve into an attack on the legitimate uses of P2P [peer-to-peer file sharing] technology."
The RIAA's data trawling exercise has also run into trouble in the courts, as a local U.S. judge rejected several of the RIAA's subpoenas on jurisdictional grounds. Wendy Seltzer from the Electronic Frontier Foundation (EFF-a GILC member) applauded the decision, saying that the ruling "requires the recording industry to file subpoenas where it alleges that copyright infringement occurs, rather than blanketing the country from one court in [Washington] D.C. The court ruling confirms that due process applies to Internet user privacy nationwide." In the latest development, an anonymous computer user in California has filed a legal motion contesting the RIAA's subpoena efforts, essentially charging that the Association is unconstitutionally violating her privacy rights.

Read "File swapper fights RIAA subpoena," CNet News, 21 August 2003 at

See "Small Downloaders Can Rest Easy," Associated Press, 19 August 2003 at

Read "Industry targeting big pirates," BBC News Online, 19 August 2003 at

An EFF press release regarding the judicial rejection of several RIAA subpoenas is posted under

The Net Coalition letter is posted (in PDF format) under

For German language information, see "US-Internet-Provider wollen ueber Kampf gegen P2P-Netze diskutieren," Heise Online, 11 August 2003 at

 [14] Mblast and Sobig computer bugs hit hard

A series of computer bug outbreaks has led to heightened concern over security and privacy online.
The two biggest outbreaks largely affect users of Microsoft products. The Mblast worm takes advantage of a known flaw in an auto-update function in the latest versions of the Microsoft Windows operating system (notably Windows NT 4.0, Windows 2000, Windows XP and Windows Server 2003). In many instances, Mblast causes afflicted machines to reboot repeatedly, and includes a message criticizing Microsoft co-founder Bill Gates: "Billy Gates why do you make this possible? Stop making money and fix your software." The bug was also supposed to harness the power of infected computers to launch denial-of-service attacks against Microsoft's Windows Update site. While the attacks apparently failed to shutdown the targeted webpage, Mblast did disrupt millions of computers worldwide.
Not long after the Mblast worm appeared, a new version of the Sobig worm hit. Sobig F comes in the form of an email attachment (often disguised as a configuration file or a screensaver). When the attachment is opened, Sobig F hijacks the victim's machine and sends messages using the Microsoft Outlook email program address book. The bug also opens a backdoor allowing the creator of the virus to relay additional messages through the victim's computer.
The proliferation of both computer bugs have reinforced long-standing doubts among many observers over Microsoft's commitment to protecting personal information about its users. Ironically after these Mblast and Sobig outbreaks, Microsoft admitted to three newly discovered security flaws in its popular Internet Explorer browser software.

See Robert Lemos, "Microsoft warns of critical IE flaws," CNet News, 20 August 2003 at

For video and text coverage, see "Sobig virus 'thwarted,'" BBC News, 23 August 2003 at

See "New Worms On Cyber-Prowl,", 20 August 2003 at

Read Kim Deok-hyun, "Sobig Computer Worm Annoys Internet Users," Korea Times, 21 August 2003 at

The Microsoft bulletin regarding Mblast is posted under

Read "Microsoft avoids Blast attack," Reuters, 18 August 2003 at

Read Tom Abate, "As the worm turns, computer users squirm," San Francisco Chronicle, 13 August 2003, page A1 at

See "Wiping out the web worm," BBC News, 14 August 2003 at

Read Kim Deok-hyun, "Windows Worm Warning Issued," Korea Times, 12 August 2003 at

For further information about Mblast in German (Deutsch), read "W32.Blaster attackiert auch Nicht-Windows-Systeme," Heise Online, 13 August 2003 at

[15] U.S. gov't plans mini-TIA spy databases

The United States government is supporting development of data trawling projects at the local level just as a broadly similar Federal program is facing serious restrictions.
The Multistate Anti-Terrorism Information Exchange (called the MATRIX for short) is a computer network reportedly designed to allow government agents to scan and analyze massive amounts of personal data, in order to predict and prevent terrorist acts. The precise list of information sources for this system has yet to be released, but reportedly includes police databases and commercial data merchants, and can pick out tidbits such as a person's name, address, hair color and current geographic location. The system is currently being developed by the state of Florida with financial support from several U.S. Federal agencies; reports indicate that a number of other states (such as New York, Virginia, Pennsylvania and Maryland) have expressed interest in joining this project. Officials familiar with the project have admitted that the system is far from perfect. Phil Ramer, a special agent in charge of intelligence throughout the state of Florida, said the MATRIX is "scary" and could be abused.
Privacy advocates have reacted to the MATRIX with alarm and have compared it to the Federal Terrorism Information Awareness project (previously named Total Information Awareness)-a U.S. Defense Department project which was conceived by retired Admiral John Poindexter and is also designed to gather and compile personal data on a grand scale (such as emails and phone calls as well as educational, medical and financial records). In response to public outcry over TIA's potential privacy implications, the U.S. Senate approved a plan to halt the funding of TIA and extend an existing restriction on the deployment and implementation of TIA (currently scheduled to expire this September). A special conference committee will soon be formed to resolve differences between the Senate bill and a version passed by the U.S. House of Representatives, which includes the deployment/implementation ban but does not bar the use of Federal money for TIA. In the meantime, due to heavy controversy over a variety of Defense Department projects that he pioneered, Poindexter has resigned.

For video and text coverage, see "Florida Creates 'the Matrix', a Big Brother-Like Surveillance System with Help From Choicepoint-Related Firm," Democracy Now, 7 August 2003 at

Read Lucy Morgan, "Troubled business may lose contract with state," Saint Petersburg Times, 13 August 2003 at

To read the text of Poindexter's resignation letter (in PDF format), visit the Electronic Privacy Information Center (EPIC-a GILC member) website under

Read Dawn S. Onley, "In his resignation, Poindexter defends projects," Government Computer News, 13 August 2003 at

For background information on U.S. Senate efforts to defund TIA, read Dan Verton, "Senate Kills Data Mining Program," Computerworld, 18 July 2003 at,aid,111626,00.asp

[16] U.S. gov't pushes Net phone tap law expansion

The United States government is continuing to push for new standards that would make it easier to spy on phone calls made over the Internet.
The U.S. Federal Bureau of Investigations (FBI) wants the Federal Communications Commission to rule that the Communications Assistance for Law Enforcement Act (CALEA) applies to phone calls made over the Internet, including transmissions using the Voice over Internet Protocol (VoIP). CALEA, which was passed in 1994, generally requires telecom companies to build surveillance capabilities into their networks, but exempts information services, most notably the Internet. The FBI envisions a new regime under which Internet service providers, including providers of high-speed broadband connections, would be forced to install spyware in their systems. In recent months, the FBI has stepped up the pressure on the FCC, with additional secret meetings between agents from the FBI's Electronic Surveillance Technology Section and senior FCC staffers.
Privacy advocates and industry leaders are worried about the FBI's efforts. Among other things, these critics have suggested that the FBI's legal arguments are unfounded, as CALEA specifically excludes the Internet from its coverage-an exclusion that ought to apply to all Internet services, including VoIP. There are also fears that the use of surveillance tools to spy on Internet phone calls could be used for unnecessary government spying on other types of Internet transmissions, such as surfed webpages and private email messages. Additionally, Internet service providers are concerned about who will be forced to pay for installing such spy devices. Further complicating matters is the fact that there are no universal standards for such wiretapping operations, in part because no universal standards exist even for creating VoIP networks. Moreover, as pointed out by David Sobel from the Electronic Privacy Information Center (EPIC-a GILC member), "It seems that current practices are providing the government with full access" to VoIP communications and that new rules are not necessary. Indeed, a spokesperson for one major VoIP provider mentioned that they never received a request from the police to wiretap an Internet phone call.

Read Declan McCullagh, "FBI targets Net phoning," CNet News, 29 July 2003 at

[17] Study: lack of online privacy leads to discrimination

A new report indicates that the erosion of online privacy is causing a number of serious societal problems, most notably discrimination.
Entitled "Privacy, economics, and price discrimination on the Internet," the paper suggests "the powerful movement to reduce privacy that is coming from the private sector is motivated by the incentives to price discriminate, to charge different prices to various customers for the same goods or services." The document notes how corporate gathering of personal information has made it easier for those companies to charge prices from certain individuals or groups that are far higher than otherwise should be (such as higher prices for airline tickets bought through the Internet or unlimited usage site licenses for the online editions of scientific journals). The paper warns that failure to check such practices may lead to "an Orwellian economy" where certain people may be charged higher prices due to their social standing or because they "simply wanted to preserve [their] privacy." Because of these pressures, the report predicts that "privacy is likely to prove an intractable problem that will be prominent on the public agenda for the foreseeable future."

The report is available online via

Read "Best Deals Not Always A Click Away," Associated Press, 7 August 2003 at

[18] British firm rolls out mobile phone tracking system

A number of recent developments have further fueled anxiety about the privacy of mobile phone users.
Carphone Warehouse, a British company, has rolled out what is believed to be the first major commercial service for tracking people through their cellular phones, regardless of what telecom provider is used by the customer who is to be located. MapAmobile is designed to provide the geographic location of a given mobile phone user with an accuracy of approximately 50 meters. The system works by triangulating the user's phone signal; requests can be sent by calling a toll-free number or using text messaging as well as via the Internet. MapAmobile is currently in operation throughout the United Kingdom; a company spokesperson mentioned that MapAmobile could be made available in the United States later this year.
Although MapAmobile requires the consent of the relevant mobile phone user, privacy advocates remain concerned about the new service. Barry Hugill of Liberty (a GILC member) discounted Carphone Warehouse's boasts about MapAmobile's security systems: "Given that we know that schoolboys have hacked into the Pentagon computer, nothing is secure. Once the technology is there, it is there to be abused and I find it very hard to believe it would be airtight. Potentially we could see stalkers moving in on the act." The emergence of MapAmobile comes just as there is a growing debate over whether current laws provide sufficient privacy protection for mobile phone customers.

Read "Mobile Phones As Homing Devices," Associated Press, 6 August 2003 at

For background information regarding current mobile phone privacy laws, see Declan McCullagh, "E911-aid or intrusion," CNet News, 18 August 2003 at

[19] Australian Big Brother ISP plan, Net user ID scheme panned

Several new proposals Down Under are drawing fierce criticism from privacy advocates.
On one hand, the Internet Industry Association of Australia has released a draft Cybercrime Code of Practice. The plan would essentially allow ISPs to log information about their customers without a warrant. This data could then be disclosed to a variety of recipients, including law enforcement agents and private corporations, with few safeguards or restrictions. The proposal, which had taken two years to develop, is the product of brainstorming between the IIA and Australian law enforcement agents.
In a press release, Electronic Frontiers Australia (EFA-a GILC member) warned that the Code "would result in massive invasion of Internet users' privacy." EFA Executive Director Irene Graham complained that the "IIA is acting like Big Brother - they want ISPs to log and record everything Internet users do online. It's akin to asking a carrier to record every telephone conversation made over its system and asking Australia Post to photocopy every letter and record the content of every parcel it delivers." Graham also questioned whether the Code conforms with various national privacy laws: "The Code fails to take into sufficient account the existing provisions of the Telecommunications Act 1997 and the Privacy Act 1988. Compliance with various provisions of the Code is likely to place an ISP in breach of one or both of those Acts."
In addition, the Australian government is considering a plan that would require all Internet account holders to provide their identity card first before they log on. The idea came to light during an Australian Parliamentary Inquiry into Cybercrime, where a former government agent claimed that such checks are required in France. Graham retorted that ID checks are not, in fact, required in France, called the ID login scheme "ludicrous" and explained that "[p]roposals to ban free email accounts and require Internet users to be identified before obtaining Internet accounts is not going to assist law enforcement from tracking down criminals. There're just so many ways that you could get around it anyway... What's the ISP supposed to do? Check every two weeks that you're still at the same address?"

The EFA press release on the IIA Code is posted at

A formal EFA submission regarding the Code is available at

The IIA's draft Cybercrime Code is posted at

Read Patrick Grey, "Aussie Internet ID plan draws scorn," ZDNet Australia, 7 August 2003 at,39020375,39115552,00.htm

For more about the Australian Parliamentary Inquiry into Cybercrime, click

[20] Korean plan may have serious mobile phone privacy impact

The Korean government is planning to introduce new rules that might weaken privacy rights for many mobile phone users.
While the precise language has yet to be revealed, the Korean Ministry of Information and Communication (MIC) has drafted legislation that would alter the way location-based information about such users would be handled. Such data is already available to a number of recipients, including law enforcement agents and emergency response workers. Rather than restrict the flow of such information, the bill reportedly would encourage the development of new systems to harness such information for commercial purposes. Curiously, the legislation apparently would not affect all types of mobile phones, according to MIC officials, because many of the administrative and legal ramifications of the bill have yet to be determined.

See Kim Deok-hyun, "Bill to Protect Privacy of Mobile Phone Users," Korea Times at

[21] U.S. schools install web spy cameras to watch kids

A school district in the United States has installed a new Internet-based camera system to spy on children.
Public schools in Biloxi, Mississippi are now equipped with more than 500 webcams installed in classroom ceilings. According to Biloxi deputy school superintendent Robert Voles, the program, which began 2 years ago, allows school administrators to view images of students and teachers through the Information Superhighway. The school has yet to come up with a formal written policy as to how the cameras will be used. However, students and their parents reportedly are not allowed to see the information that was collected about them through the webcam system without a court order.
A number of observers fear that the webcams will have a detrimental impact on children. Maryann Graczyk, president of the Mississippi American Federation of Teachers, complained that the mere existence of the system suggested that people "were willing to give up a lot of privacy ... in the interest of safety. I'm not sure it's the right thing to do." She also questioned why kids and their parents were not allowed access to the data that was collected about them: "If my child in school is accused of something ... I would certainly want to see that."

See "Back To School With Big Brother," Associated Press, 13 August 2003 at

[22] Global Privacy research Report Published

A recently-released compendium of privacy research suggests that more needs to be done to protect personal information as governments venture further into the Digital Age.
Entitled "A Report of Research on Privacy for Electronic Government," the collection includes numerous case studies of privacy issues throughout the globe, and covers such diverse topics as medical privacy in Canada, communications surveillance legislation in Britain, and electronic voting research in the United States as well as various privacy enhancing technologies. Based on these case studies, the report suggests that as more personal information in the physical world is "digitized, stored and transmitted" in the digital domain, "and tied to physical identity, people's privacy will be dramatically reduced." The creators of the report therefore suggest that "we, law makers to technologists to business, all will be asked to ensure privacy protection is embedded" in e-government systems.

The compendium was compiled by Neoteny, a Japanese firm, and was funded by the Japanese Ministry of Public Management, Home Affairs, Posts and Telecommunications; Privacy International (a GILC member) was one of the principal authors.
The report is posted under

[23] New analysis of UK data retention proposals released

A newly published study of British data retention proposals poses several troubling questions about online privacy in the United Kingdom.
The study focuses on the relationship between the Anti-Terrorism, Crime and Security Act 2001 and the Regulation of Investigatory Powers Act (RIPA) 2000, as well as their to data protection laws. For example, the study explains that "[o]ne way or the other, many more terabytes of data will have to be stored" by communications service providers about their users "as a result of the threat or operation of Part XI" of the Anti-Terrorism, Crime and Security Act even though there are serious doubts as to "whether Part XI will achieve its ultimate objective of providing evidence against nefarious activities. ... Part XI of the 2001 Act and section 102(3) in particular should have been narrowly tailored to address national security concerns only without providing access to such data under section 22(2) of RIPA 2000 for other law enforcement purposes." Moreover, "RIPA ... potentially empowers an alarmingly large range of public agencies to snoop and for a rambling array of reasons. ... [I]t allows intervention on the basis of standards and procedures which are intentionally lax on the specious grounds that interception of communications content is a much greater intrusion than the collection of traffic data to such an extent that the latter seems hardly to matter." The study concludes that a move away from such surveillance legislation (much of which were adopted in haste ostensibly to combat terrorism) "is to be welcomed," because "that approach is conducive to a lack of accountability and proportionality ... and ... threatens an endless departure from civil society."
" Anti-Terrorism Laws and Data Retention: War is over?", which appeared in the Northern Ireland Legal Quarterly, was written by Yaman Akdeniz of Cyber-rights & Cyberliberties UK (a GILC member) and Clive Walker.

See the study is available (in PDF format) at

[24] New GILC member: IP Justice

The Global Internet Liberty Campaign has welcomed a new member into the fold. IP Justice is an international civil liberties organization that promotes balanced intellectual property law around the world. Among other things, the organization has worked to build international coalitions and networks between independent organizations to protect freedom of expression, and has made efforts to raise global public awareness of the threat to freedom posed by both legal and technological restrictions to control intellectual property. IP Justice recently spearheaded a campaign against the draft European Intellectual Property Enforcement Directive (see item [2] above).

IP Justice's homepage is located at



The GILC News Alert is the newsletter of the Global Internet Liberty Campaign, an international coalition of organizations working to protect and enhance online civil liberties and human rights. Organizations are invited to join GILC by contacting us at

To alert members about threats to cyber liberties, please contact members from your country or send a message to the general GILC address.

To submit information about upcoming events, new activist tools and news stories, contact:

Christopher Chiu
GILC Coordinator
American Civil Liberties Union
125 Broad Street, 17th Floor
New York, New York 10004

Or email:

More information about GILC members and news is available at

You may re-print or redistribute the GILC NEWS ALERT freely.

This edition of the GILC Alert will be found on the World Wide Web under

To subscribe to the Alert, or to change your subscription options (including unsubscribing), please visit