This is particularly true in Africa, according to statistics compiled by
the
International Telecommunications Union. Somalia, for example, only has
about
200 Internet users out of a population of over 7 million people. South
Africa, on the other hand, has 1.8 million cybercitizens-roughly 60% of
all
Internet users on the continent. Indeed, outside of South Africa, less
than
0.2% of the population is connected to the Information Superhighway.
In other parts of the globe, the Internet has grown at higher rates.
This is
particularly true in Europe; home Internet use (as measured by time
spent
online) has tripled in France and Spain and nearly doubled in the United
Kingdom. Another nation experiencing an Internet boom is Korea, which
has
been helped by a surge in wireless websurfers. South Korea also has the
world's highest rate of broadband connectivity-a rate that is more
double
that of the United States.
Read Jenny Sinclair, "Why the Internet is out of Africa," Fairfax IT,
Apr.
9, 2001 at
http://it.mycareer.com.au/e-commerce/20010409/A35302-2001Apr9.html
For more on burgeoning European Internet usage, read Steve Gold,
"Internet
Usage Increasing in Europe, Despite Downturn," Newsbytes, May 2, 2001 at
http://www.newsbytes.com/news/01/165210.html
See also "European Net traffic rockets," Reuters, Mar. 28, 2001 at
http://www.zdnet.com/zdnn/stories/newsbursts/0,7407,2702024,00.html
For more on the growth of the Internet in Britain, read Julia Snoddy,
"UK
Net user numbers grow despite dot.coms crash," The Guardian, Apr. 24,
2001
at
http://www.guardianunlimited.co.uk/internetnews/story/0,7369,477523,00.h
tml
Read "OECD broadband figures show Korea leads," Total Telecom, May 1,
2001
at
http://www.totaltele.com/vprint.asp?txtID=39503
See also "South Korea Leads World Broadband Net Race," Reuters, Apr. 23,
2001 at
http://www.thestandard.com/article/0,1902,23891,00.html
For more on general Korean Internet usage, read "Korea No. 1 in use of
multimedia sites," Korea Herald, May 4, 2001 at
http://www.koreaherald.com/SITE/data/html_dir/2001/05/04/200105040010.as
p
See also "Korean users of wireless Internet total 18.52 mil." Korea
Herald,
Apr. 18, 2001 at
http://www.koreaherald.com/SITE/data/html_dir/2001/04/18/200104180009.as
p
========================================
[13] Whistleblower website launched
========================================
Will a new webpage help workers expose corporate abuses?
The British firm Forensic Accounting has launched an initiative
specifically
targeted at employees who wish to vent their concerns to higher-ups
without
fear of reprisal. Informants who visit the website can post
surreptitious
warnings of possible criminal activity on the job, without having to pay
any
fees. Afterwards, the site's operators will forward entries to
management
teams of companies that subscribe to the service, as well as offer
advice.
Raj Bairoliya, managing director of Forensic Accounting, stressed the
importance of this venue for anonymous free speech: "The whistleblower's
lot
has not been a happy one. Most people are too scared because there is
nothing in it but a downside." The plan has received support from
several
groups, including Public Concern at Work, which is dedicated to helping
employees who have suffered reprisals for reporting corporate misdeeds.
However, the website raises questions as to whether the authorities or
major
companies are making sufficient efforts to protect anonymity online.
Indeed,
George Staple from the British Fraud Advisory Panel noted that past
efforts
at helping whistleblowers had not been particularly successful, partly
because the issue of protecting the identities of corporate informants
"is
not high enough on the agenda of most company managements."
See Michael Peel, "SURVEY-CLASSIFIED RECRUITMENT: Justice at a price,"
Financial Times, Apr. 26, 2001 at
http://globalarchive.ft.com/globalarchive/article.html?id=010426001244&q
uery
=Forensic+Accounting
See also Michael Peel, "Whistleblower website welcomed," Financial
Times,
Apr. 11, 2001 at
http://news.ft.com/ft/gx.cgi/ftc?pagename=View&c=Article&cid=FT3UM9WGFLC
&liv
e=true&tagid=IXLC078IH7C&Collid=Any
================================================
[14] Australian censor system largely dormant
================================================
Does Australia really have a serious problem with harmful online
material?
That's what many experts are wondering based on a new report. Nearly two
years ago, the Australian government created a complaint-based regime
that,
depending on the circumstances, would screen out websites based on film
guidelines.
Adult theme websites, which are defined to include "verbal references to
...suicide, crime, corruption, martial problems, emotional trauma, drug
and
alcohol dependency, death and serious illness, racism, [or] religious
issues" would be likely candidates for censure.
The plan took effect in January 2000. However, a subsequent
government-commissioned study revealed showed that out of nearly six
million
of Australian cybercitizens, only 124 complaints were received during
the
first three months of the new regime. A later report issued this past
April
indicates that the massive wave of filings expected by some of the law's
backers still had yet to take place. For example, between July and
December
2000, the Australian
Broadcasting Authority sent take-down notices to only 6 sites regarding
content Down Under; notices were sent to a mere 22 sites over the entire
year.
According to many observers, these findings illustrate how the entire
scheme
has been a waste of resources. Irene Graham, executive director of
Electronic Frontiers Australia (EFA-a GILC member) noted that the
Australian
government "seems to be spending its time either referring overseas
sites to
content filter makers, or issuing take-down notices for domestic sites
that
could largely have been caught through existing laws. The government
trumpets this as having made the Internet safe for children, but we
think
that's merely giving a sense of false security to parents. What they're
doing is making, at best, a miniscule difference to how safe the
Internet is
for children."
The report is available via
http://www.dcita.gov.au/nsapi-graphics/?MIval=dca_dispdoc&ID=5651
For press coverage, read Stewart Taggart, "Questioning the Oz Net
Censors,"
Wired News, Apr. 24, 2001 at
http://www.wired.com/news/print/0,1294,43182,00.html
=================================================
[15] Cybercrime pact lurches forward
=================================================
Despite intense criticism, European politicians are moving ahead with a
European cybercrime plan that may erode online privacy.
Under this Council of Europe treaty, signatory countries would enact
laws
that might make it easier for government agents to search computers and
conduct real-time surveillance on private citizens through
telecommunications networks. The convention includes provisions that may
allow law enforcement officials greater access to many types of personal
security information, such as encryption keys. Additionally, the scheme
could pressure Internet service providers (ISPs) to monitor and retain
records on customer activities, under threat of legal liability.
Furthermore, the draft would have signatories create new penalties for
copyright infringement. European Union officials are now pushing for new
sections that would ban websites containing language deemed hateful or
inflammatory, an apparent extension of a controversial French ruling
against
Yahoo regarding Nazi memorabilia on its auction pages.
The treaty has been the subject of intense criticism for months. Joe
McNamee
of the European Internet Service Provider Association (EuroISPA) worried
that the treaty would require the collection of vast amounts of personal
data, and said that while "[n]obody's opposed to fighting cybercrime,"
his
group and others were "opposed to fighting innocent people and privacy."
There are also serious complaints regarding the secretive nature with
which
the entire plan was conceived. On that point, Gus Hosein of Privacy
International (a GILC member) called the procedure used to create the
treaty
"the worst process I've seen so far when it comes to transparency in
government." Yet despite these concerns, the Council's parliamentary
assembly approved the current draft, and sent the matter into the hands
of
an experts panel that compile a final version. Full assent could come as
early as June 2001.
European nations apparently are not the only countries coming up with
new
cybercrime plans. Thailand is considering new laws that would allow
government agents greater surveillance powers in cyberspace-standards
that
are broadly similar to those contained in the CoE treaty (including
penalties for copyright infringement). In Australia, law enforcement
officials are also proposing new amendments that would carry stiff
punishments for various Internet activities, including decade-long jail
sentences.
For more of Mr. Hosein's remarks, read Rick Perera, "Cybercrime treaty a
step closer to becoming law," Infoworld.com, Apr. 25, 2001 at
http://www.infoworld.com/articles/hn/xml/01/04/25/010425hntreaty.xml
For German language information, see "Europarat verabschiedet
Cybercrime-Abkommen," Heise Online, Apr. 25, 2001 at
http://www.heise.de/newsticker/data/ame-25.04.01-000/
Read Karnjana Karnjanatawe, "Thai Computer Crime Law Nears Public
Hearing,"
Bangkok Post, Mar. 21, 2001 at
http://www.newsbytes.com/news/01/163424.html
Further details regarding Australian cybercrime plans, see Megan
McAuliffe,
"Australian hackers face jail time," ZDNet Australia, Apr. 9, 2001 at
http://www.zdnet.com/zdnn/stories/news/0,4586,2705803,00.html
See also David Adams, "Momentum grows for e-crime centre," Fairfax IT,
Mar.
28, 2001 at
http://it.mycareer.com.au/industry/20010328/A32552-2001Mar28.html
========================================
[16] iRobots spy on children
========================================
Who wants an android to spy on their kids?
That's what some people are wondering with the introduction of iRobot.
This
device, according to the manufacturer, is a "multi-purpose home robot
that
can be controlled from anywhere in the world." iRobot includes a live-
action
camera and microphone mounted on a six-wheel chassis. Images and sounds
collected by the robot are then broadcast along the Internet by
wireless.
Computer users can control this device through their web browser. The
entire
package is being marketed as a way for parents to monitor their
children,
but is also being supplied to the United States Defense Advanced
Projects
Research Agency (DARPA) and various corporations for surveillance
purposes.
The company has conceded that personal web cameras "could lead to
situations
where we are being monitored 24 hours a day, and privacy is a thing of
the
past. For example, if you wanted to be able to see what was going on at
your
house, you would have to install and wire cameras in every room. That's
a
lot of cameras, and for your family, it means never knowing if you are
being
watched or not." Curiously, the company claims this privacy problem does
not
apply to its product because "iRobot-LE(tm) is not a web cam," despite
later
assertions such as: "iRobot-LE is a serious appliance that can bring the
power of the Internet out of the study and into the kitchen or living
room
when you are at home." Indeed, the corporation also admits through its
privacy policy that it uses digital information files known as "cookies"
to
track users and places the burden on consumers to opt-out of its data
collection system.
The iRobot privacy policy is posted at
http://www.irobot.com/privacy/privacy.asp
Further company information on iRobot is posted at
http://www.irobot.com/ir/ir_not.asp
See Peter H. Lewis, "Remotely interesting," Fortune, Apr. 2, 2001 at
http://www.fortune.com/indexw.jhtml;jsessionid=I1YMXDJQHAFBYQAMEHTSFFSAB
QQ4K
IV3?doc_id=200978&channel=artcol.jhtml&_DARGS=%2Ffragments%2Ffrg_moresto
ries
.jhtml.1_A&_DAV=artcol.jhtml
Read Eric Auchard, "I Spy," Reuters, Apr. 17, 2001 at
http://abcnews.go.com/sections/scitech/DailyNews/spycameras010417.html
==================================================
[17] Beijing plans Carnivore-type spyware
==================================================
Mainland China is looking for a new way to monitor Internet users, and
it
appears to be taking a hint from the United States.
Reports indicate that the Chinese government is developing a new "black
box"
system to wiretap the Internet. While details are only beginning to
emerge,
the device is apparently derived from technology previously used in
airline
cockpit data recorders. The goal of this "black box," however, is to
allow
Chinese officials to watch over and hunt down dissidents and possible
opponents to the current ruling regime.
The entire system appears to be broadly similar to Carnivore-a device
developed by the United States government. Carnivore is attached to the
server of a given Internet service provider and intercepts all Internet
transmissions that come through the server, then parses out pertinent
material, based on keywords provided by the administrator. Carnivore and
its
successor DCS 1000 have come under heavy criticism over the past few
months
as being serious threats to online privacy. Some of these concerns were
reiterated by privacy advocates in a recent discussions with US Attorney
General John Ashcroft.
See "China Plans to Build Internet Monitoring System," China News Daily,
Mar. 20, 2001 at
http://www.cnd.org/Global/01/03/20/010320-3.html
For more on current discussions of Carnivore, see Brian Krebs, "Groups
Urge
Ashcroft To Act On Carnivore, Privacy Issues," Newsbytes, May 3, 2001 at
http://www.newsbytes.com/news/01/165261.html
==================================================
[18] New British cyberspy agency created
==================================================
The British government is launching a new cybercrime center that is
causing
concern among privacy advocates.
British Home Secretary Jack Straw recently unveiled a National Hi-Tech
Crime
Unit. This unit will have several dozen employees, consisting of law
enforcement agents and information technology experts, and will focus on
crimes that involve the Internet. While precise details on operations
are
not readily available, operatives are expected to collect information
regarding online activities for possible future action or prosecution.
The
entire enterprise will cost an estimated 25 million pounds sterling.
The move is being seen with a certain degree of apprehension, due in
part to
the sweeping powers this agency may have under the controversial
Regulation
of Investigatory Powers Act (RIP) that was enacted last year. RIP
requires
the creation of a special center with links to Britain's Internet
service
providers (ISPs), which will allow law enforcement officials to spy on
the
online activities of most UK citizens. Many people worry that the Act
will
enable government agents to conduct wide scale searches into the
activities
of private Internet users. Yaman Akdeniz of Cyber-Rights and Cyber-
Liberties
UK (a GILC member) warned that "this partnership could turn ISPs into an
arm
of the law enforcement agencies because there are a lot of requirements
on
them for data collection and analysis." Similar sentiments have been
aired
over an analogous arrangement in the Netherlands.
See Mark Ward, "Cybercops arrest online liberty," BBC News Online, Apr.
18,
2001 at
http://news.bbc.co.uk/hi/english/sci/tech/newsid_1283000/1283127.stm
Read Sarah Left, "Government launches cyber-crime unit," Guardian
Unlimited,
Apr. 18, 2001 at
http://www.guardianunlimited.co.uk/internetnews/story/0,7369,474518,00.h
tml
See also Jelle van Buuren, "Dutch Government and ISP's Reach Compromise
On
Interception of The Internet," Heise Telepolis, Apr. 25, 2001 at
http://www.heise.de/tp/english/inhalt/te/7458/1.html
==================================================
[19] Euro hearing on ECHELON surveillance
==================================================
More details may soon be revealed about a super-secret global
surveillance
system.
A committee of European Parliament members will soon visit the United
States
in an attempt to discover more details about ECHELON. ECHELON is
popularly
used to describe a system that is designed to intercept communications
from
around the world. It is supposedly operated by the United States
National
Security Agency in conjunction with several other intelligence agencies.
Reports suggest that ECHELON is capable of intercepting e-mail messages,
faxes, and telephone conversations.
Fears about possible ECHELON privacy abuses led the European Parliament
to
form a temporary investigatory committee. At a committee hearing held a
few
weeks ago, several witnesses expressed concern about ECHELON's potential
threat to individual rights. One of them, Yaman Akdeniz from Cyber-
Rights &
Cyber-Liberties UK (a GILC member), noted that "[i]f the current
allegations
are true, all law abiding European citizens and companies are at risk of
being monitored every day without any legal basis. ... [W]e are
particularly
concerned about the lack of democratic oversight on data being
intercepted,
stored and processed with systems like Echelon."
Afterwards, members of the EP panel decided to visit the United States
on a
fact-finding mission that will include discussions with various U.S.
politicians and intelligence officials. Marc Rotenberg, executive
director
of the Electronic Privacy Information Center (EPIC-a GILC member),
welcomed
the move as "a very important step. It's a proactive effort by
government
officials to address the problem of international surveillance." The
visit
is scheduled to take place the week of May 8, 2001.
For more on the EP members' visit to the United States, read Declan
McCullagh, "Euros Continue Echelon Probe," Wired News, Apr. 24, 2001 at
http://www.wired.com/news/privacy/0,1848,43270,00.html
A statement from Mr. Akdeniz (presented at the EP hearing) is available
under
http://www.cyber-rights.org/reports/echelon_ya.htm
The agenda for the hearing is posted under
http://wwwdb.europarl.eu.int/ep/owa/p_calag.oj?ipid=0&imn=9062&ilg=EN&io
rig=
tempcom
Other related documents are available at
http://www.europarl.eu.int/meetdocs/committees/temp/20010322/TEMP2001032
2.ht
m
Press coverage is available from Kieren McCarthy, "European Parliament
continues Echelon investigation," The Register (UK), Mar. 22, 2001 at
http://www.theregister.co.uk/content/8/17800.html
For further background information, visit
http://www.echelonwatch.org
==================================================
[20] US-EU flap over Safe Harbor contracts
==================================================
Contracts meant to implement a trans-Atlantic privacy plan have met with
some resistance from the United States government.
The European Union and the United States had previously agreed to new
standards for handling the personal information of EU citizens. Under
the
plan, known as Safe Harbor, U.S. companies would have to notify European
users how their private data is being handled and how it is being
collected.
Concerned individuals would be allowed reasonable access to their files,
and
could refuse to allow other companies to receive such information. This
self-regulatory system is only voluntary, but American firms that join
Safe
Harbor could avoid lawsuits from the governments of EU countries.
Moreover,
these rules are not as strong as the stringent regulations required by
many
European nations.
This compromise was formulated several months ago to avoid a possible
trade
war between the EU and the US. Since then, however, the administration
of US
President Bush sent a letter criticizing proposed model contracts that
are
designed to allow companies to comply with this agreement. The letter
called
the draft clauses "unduly burdensome requirements that are incompatible
with
real world operations." In response, a spokesperson for the European
Commission said that "The US administration's letter appears to be based
on
a total, complete and utter absence of understanding of what the
Commission
is doing. We are aiming to make life easier for companies transferring
data
from the EU to countries outside the EU by clarifying the provisions in
contracts which would best ensure adequate protection of personal data."
See Glenn R. Simpson, "Bush opposes Euro privacy rules," Wall Street
Journal, Mar. 27, 2001 at
http://www.zdnet.com/zdnn/stories/news/0,4586,2701370,00.html
See Peronet Despeignes & Deborah Hargreaves, "INTERNATIONAL ECONOMY: EU-
US
clash over personal data: private right or commercial opportunity?"
Financial Times, Mar. 29, 2001 at
http://globalarchive.ft.com/globalarchive/articles.html?id=010329000406
==================================================
[21] Microsoft SmartTags & Hailstorm privacy woes
==================================================
How would you like to have your most personal details stored by a
central
computer system in Seattle?
That's apparently what Microsoft is asking people to do under its new
Hailstorm plan. The scheme would use a "Passport" identity system for
individuals to use personalized calendars, address books and e-wallets.
This
information would then be accessible to a whole host of recipients,
including programmers and advertisers, who could sift through this data
and
send files to Hailstorm users. Should these users change email
addresses,
the updated contact information would be sent along to financial
institutions and other corporations.
Many observers have raised alarms over the intrusive nature of these
plans,
as well as the apparent lack of privacy protection for the personal data
stored within Hailstorm. Jason Catlett of Junkbusters said he was
against
letting Microsoft becoming "the de facto government of the United
States,
issuing passports and controlling identity and wallets for all
consumers."
Skeptics also pointed to Passport's privacy policies, which previously
allowed "Microsoft and its affiliated companies permission to: Use,
modify,
copy, distribute, transmit, publicly display, publicly perform,
reproduce,
publish, sublicense, create derivative works from, transfer, or sell"
virtually any user-provided information. The company has since revised
its
policy to say these rights only apply to "feedback or suggestions to
Microsoft concerning the Passport Web Site or the Passport Service."
Hailstorm is not the only new Microsoft project that is sparking privacy
concerns. The software giant is also receiving criticism over its latest
version of Office (XP), which apparently includes expanded use of Smart
Tags. These bits of code, which can be attached to numerous types of
files
(such as spreadsheets, Word documents and so on) could also reportedly
be
used as a backdoor for fraudsters. Experts have also criticized
Microsoft's
embrace of Platform for Privacy Preferences (P3P) technology in its
latest
version of within Internet Explorer; the Electronic Privacy Information
Center (EPIC-a GILC member) described P3P as "a complex and confusing
protocol that will make it more difficult for Internet users to protect
their privacy." Meanwhile, scientists have discovered serious security
flaws
in both Internet Explorer and Outlook and as well as its Windows 2000
server
software, which Microsoft is looking to remedy with software patches.
For further details on the latest Microsoft security flaws, read Mark
Ward,
"Microsoft warns of 'serious' software hole," BBC News Online, May 2,
2001
at
http://news.bbc.co.uk/hi/english/sci/tech/newsid_1308000/1308267.stm
For more on Smart Tags, see John Lettice, "Smart tagging in Office XP-
what
Melissa did next?" The Register (UK), Apr. 6, 2001 at
http://www.theregister.co.uk/content/4/18160.html
For more on HailStorm, read Leslie Walker, "Gates's Bold New Persona:
Your
ID Manager," Washington Post, Mar. 29, 2001, Page E1 at
http://washingtonpost.com/ac2/wp-dyn/A9711-2001Mar29?language=printer
Further details on P3P's lukewarm reception, see Lisa M. Bowman,
"Privacy
experts rip IE cookie cutter," ZDNet News, Mar. 22, 2001 at
http://www.zdnet.com/zdnn/stories/news/0,4586,5080018,00.html
See also Leslie Walker, "Browser Aimed at Protecting Users' Privacy,"
Washington Post, Mar. 29, 2001, Page E4 at
http://washingtonpost.com/ac2/wp-dyn/A9146-2001Mar28?language=printer
For more on Microsoft Explorer & Outlook security flaws, read Michelle
Delio, "IE Hole Surrenders Your Computer," Wired News, Mar. 30, 2001 at
http://www.wired.com/news/technology/0,1282,42750,00.html
For more on Microsoft Passport user data leaks, see Stefanie Olsen,
"Privacy
terms revised for Microsoft Passport," CNet News, Apr. 4, 2001 at
http://news.cnet.com/news/0-1005-200-5508903.html
Further details on potential other Office XP flaws, are available from
John
Lettice, "'Universal' key claimed to disable MS Office XP security," The
Register (UK), Mar. 26, 2001 at
http://www.theregister.co.uk/content/4/17869.html
======================================================
[22] EBay pulls an Amazon, waters down privacy policy
======================================================
Should consumers put much faith in the privacy policies of e-tailers?
Many experts are suggesting the answer is no, after a recent decision by
EBay. The popular online auction site altered its privacy statement to
allow
the company to give out personal information about its users in a number
of
circumstances, including if the corporation was taken over by another
firm.
The move comes after online bookseller Amazon made a similar alteration
in
its privacy policy several months ago, allowing sensitive "customer
information" to be treated as merely "business assets" that could be
bought
or sold as the company continued to develop its business.
Not surprisingly, the change has yielded strong protests from privacy
advocates. Andrew Shen from the Electronic Privacy Information Center
(EPIC-a GILC member) noted that companies like EBay are able to carry
out
these practices because in part because regulators such as the United
States
Federal Trade Commission (FTC) not going far enough in protect personal
information. "This is the problem with the FTC only using its
prohibitions
against unfair and deceptive practices, instead of establishing a
privacy
standard."
The revised EBay policy becomes effective May 15, 2001.
Read Jeffrey Benner, "EBay Alters Privacy Policy," Wired News, Apr. 2,
2001
at
http://www.wired.com/news/business/0,1367,42778,00.html
See also David Berlind, "eBay, Yahoo's security snafus," Enterprise,
Apr. 5,
2001 at
http://www.zdnet.com/zdnn/stories/comment/0,5859,2705095,00.html
======================================================
[23] Biometric software faces privacy & technical woes
======================================================
Your computer may soon know who you are-just by the way you type.
That's the promise of a new product called BioPassword. When computer
users
login with this system, the program checks the inputted typing pattern
against archived "rhythm" samples, and will only grant access if there
is a
match. The software package allows "[c]onstant, automatic Password logon
monitoring, every time the computer is booted up or unlocked." In
addition,
system administrators can lock BioPassword users can be locked out of
their
systems and have individual computers shutdown, powered down or
rebooted.
While the software is being billed as a way to enhance security, it is
unclear whether its success rates are actually higher than current login
protection schemes-particularly in light of company literature telling
BioPassword users that they no longer need to change their passwords on
a
regular basis. Some of these concerns have been fueled by the problems
that
have plagued a similar product, BioID SOHO, which tends to get confused
between different people, particularly on systems that have less than 5
users. The manufacturer of BioPassword admits that "environmental
issues"
may have a significant effect on accuracy. Moreover, because these
devices
seem to allow precise tagging and monitoring of ordinary computer users,
there are fears that they will in fact have a detrimental impact on
Internet
privacy.
See Carlos A. Soto, "BioPassword Security Checks User's Typing Pattern,"
Washington Post, Apr. 5, 2001, page E4 at
http://washingtonpost.com/wp-dyn/articles/A41021-2001Apr4.html
The BioPassword homepage is located at
http://www.biopassword.com
======================================================
[24] EU panel questions Australian privacy laws
======================================================
Concerns over Australian privacy standards have started to take on
international dimensions.
The European Commission Data Protection Working Party (which is composed
of
Data Protection officials from Council of Europe member states) has
issued
an opinion criticizing a proposed Australian Privacy Amendment. Among
other
things, the panel noted "with concern that some sectors and activities
are
excluded from the protections of the Act," including employee personal
information and small businesses. The Party also pointed out vagaries in
the
language of the Amendment, which might allow data collected for one
purpose
to be used for new functions.
In response, Australia's Attorney General Daryl Williams accused the
European experts of "ignorance about Australia's law and practice and do
not
go to the substance of whether our law is fundamentally 'adequate' from
a
trading point of view. It seems that the prescriptive approach taken in
many
EU Member States is assumed to be the only acceptable way to go in many
areas of privacy protection." said that he did not accept the working
group's findings and feared placing "unnecessary burdens on business."
He
also announced that "officials from Australia and the EC will continue
to
talk in order to address these concerns to everyone's satisfaction.
However,
Australia will only look at options that do not impose unnecessary
burdens
on business."
To read the comments of the EU panel, click
http://europa.eu.int/comm/internal_market/en/media/dataprot/wpdocs/wp40e
n.ht
m
To read the response from Australian Attorney General Daryl Williams,
visit
http://law.gov.au/aghome/agnews/2001newsag/941_01.htm
======================================================
[25] DoubleClick suffers security breach
======================================================
Recent events have left many people wondering whether DoubleClick will
ever
do enough to protect online privacy.
Officials from the online advertising firm admitted that intruders had
invaded its systems. The attack was sufficiently serious that
DoubleClick
shutdown a few of its servers in order to help investigators track down
perpetrators. A spokesperson termed the incident "mischievous in nature"
but
claimed that the incident did not have "any serious impact to our
networks."
The breach came just as a Federal judge in the United States dismissed a
privacy lawsuit against DoubleClick. The suit revolved around company's
admission that it had been tracking viewers through the Internet by
placing
digital identification numbers in files known as "cookies" on a user's
hard
drive, which it matches with name and address information that has been
collected by its partners. Despite initial claims to the contrary,
DoubleClick planned to match this data with more extensive information
contained in millions of files maintained by its merger partner Abacus
Direct. DoubleClick put aside its data-matching plan after a storm of
public
criticism. Several consumers then took legal action against the company,
claiming that DoubleClick's cookie tracking scheme violated various
state
and Federal laws. It is not clear whether the plaintiffs will now appeal
the
dismissal.
See "DoubleClick: We've been hit," Reuters, Mar. 30, 2001 at
http://www.zdnet.com/zdnn/stories/news/0,4586,5080420,00.html
See also Michael Bartlett, "Attorney Fires Back At Judge In DoubleClick
Privacy Case," Newsbytes, Mar. 30, 2001 at
http://www.newsbytes.com/news/01/163925.html
======================================================
[26] German gov't searches Net music lovers' homes
======================================================
Watch out if you're downloading music off the Internet. The German
government may use force (both in person and through the network)
stop
nment may use force (both in person and through the network)
you.
nment may use force (both in person and through the network)
u.
nment may use force (both in person and through the network)
German government agents recently invaded the homes of 103 people
claiming
vernment agents recently invaded the homes of 103 people
that they were trading online music files of "skinhead bands." As
of
t they were trading online music files of "skinhead bands." As
this sweep, police officers seized computers and discs while pres
charges that could lead to 3-year prison sentences. Law enforceme
officials argued that they had the right to enter these private
e
residences
rgued that they had the right to enter these private
e
and that it was illegal for individuals to transfer these MP3 fil
the
that it was illegal for individuals to transfer these MP3 fil
Internet. These claims came despite the fact that it is legal und
German
t. These claims came despite the fact that it is legal und
law to listen to such materials.
e the fact that it is legal und
w to listen to such materials.
e the fact that it is legal und
In addition, German politicians are tacitly admitting their suppo
plans to allow government agents to hack into private websites. G
Interior Minister Otto Schilly mentioned in a recent interview th
government agents may send voluminous amounts of email messages t
offending
agents may send voluminous amounts of email messages t
webpages, in the hopes of disrupting their servers. A Schilly spo
later tried to justify such attacks by saying that many of the si
be
er tried to justify such attacks by saying that many of the si
targeted sites "are put onto the Internet in foreign countries, s
very
ted sites "are put onto the Internet in foreign countries, s
difficult to use German law. We have to think about all the lawfu
possibilities." No one from the German government has explained
u
precisely
ies." No one from the German government has explained
u
what criteria would be used to determine which websites would be
targeted.
ria would be used to determine which websites would be
rgeted.
ria would be used to determine which websites would be
These statements have alarmed many members of the privacy communi
Andy
statements have alarmed many members of the privacy communi
Mueller-Maguhn of the Chaos Computer Club (CCC-a GILC member) sai
expected government operatives "to say they won't do anything tha
outside of German law or the law of any other country." He furthe
warned
of German law or the law of any other country." He furthe
that any ideas of arbitrarily hacking private websites "is not
he
compatible
eas of arbitrarily hacking private websites "is not
he
with being Minister of the Interior for any democratic government
planet. Of course there might be governments with that style. But
normally
f course there might be governments with that style. But
that's not the behavior of a democratic state or country."
e. But
at's not the behavior of a democratic state or country."
e. But
Read Adam Tanner, "Germany Cracks Down on Internet Nazi Music Tra
Reuters, Apr. 10, 2001 at
Cracks Down on Internet Nazi Music Tra
http://www.infowar.com/law/01/law_041001d_j.shtml
Nazi Music Tra
tp://www.infowar.com/law/01/law_041001d_j.shtml
Nazi Music Tra
See also Steve Kettmann, "German Pol Backtracks on Hack," Wired N
Apr.
lso Steve Kettmann, "German Pol Backtracks on Hack," Wired N
10, 2001 at
ve Kettmann, "German Pol Backtracks on Hack," Wired N
http://www.wired.com/news/politics/0,1283,42961,00.html
" Wired N
tp://www.wired.com/news/politics/0,1283,42961,00.html
" Wired N
For original story, see Frank Patalong, "Mit Hackermoden gegen
N
Neonazis,"
l story, see Frank Patalong, "Mit Hackermoden gegen
N
Der Spiegel, Apr. 6, 2001 at
Patalong, "Mit Hackermoden gegen
N
http://www.spiegel.de/netzwelt/politik/0,1518,126921,00.html
n
N
tp://www.spiegel.de/netzwelt/politik/0,1518,126921,00.html
n
N
For background information, see Thomas C. Greene, "German may str
Nazi
ackground information, see Thomas C. Greene, "German may str
sites with DoS attacks," The Register (UK), Apr. 9, 2001 at
y str
http://www.theregister.co.uk/content/8/18200.html
, 2001 at
y str
tp://www.theregister.co.uk/content/8/18200.html
, 2001 at
y str
==========================================================
y str
[27] Privacy surveys reflect public unease
===============
y str
==========================================================
y str
Recent studies suggest that people may not know precisely what th
their privacy online, but they don't like what they see...and tho
threats
ivacy online, but they don't like what they see...and tho
are becoming more prevalent.
y don't like what they see...and tho
e becoming more prevalent.
y don't like what they see...and tho
In a report from the Pew Internet & American Life Project, the va
majority
rt from the Pew Internet & American Life Project, the va
of respondents (62%) wanted stronger laws to protect against onli
surveillance. Furthermore, two thirds of those surveyed did not
i
necessarily
Furthermore, two thirds of those surveyed did not
i
trust the government to do the right thing when wiretapping the
i
Internet,
government to do the right thing when wiretapping the
i
and nearly 80% of participants were worried about online fraud. H
the
nearly 80% of participants were worried about online fraud. H
study also showed some confusion about specific programs that may
privacy, and that there is a need for further public education ab
subject. For example, only about 20% of respondents were aware of
United
For example, only about 20% of respondents were aware of
States government's Carnivore spyware system. Evan Hendricks of t
Privacy
overnment's Carnivore spyware system. Evan Hendricks of t
Times commented that the "public's simply not aware of the power
Carnivore and the likelihood it will be abused if it's run as the
[U.S.
ore and the likelihood it will be abused if it's run as the
Federal Bureau of Investigations] proposes."
d if it's run as the
deral Bureau of Investigations] proposes."
d if it's run as the
Meanwhile, a report from the American Management Association indi
workplace surveillance is growing. According to the AMA's researc
about 4
e surveillance is growing. According to the AMA's researc
out of 5 major companies intercept their worker's phone calls, em
other Internet transmissions. This percentage rose dramatically i
industries, particularly financial firms (such as banks), where o
of
ustries, particularly financial firms (such as banks), where o
surveyed companies snoop on their employees. These latest figures
contrast
companies snoop on their employees. These latest figures
with numbers compiled just four years ago, when about 35% of the
participating in the study carried out these kinds of surveillanc
activities.
g in the study carried out these kinds of surveillanc
tivities.
g in the study carried out these kinds of surveillanc
For more on the AMA study, see Romy Ribitzky, "Corporate Snooping
Rise,"
e on the AMA study, see Romy Ribitzky, "Corporate Snooping
ABCNews.com (US), Apr. 18, 2001 at
Ribitzky, "Corporate Snooping
http://abcnews.go.com/sections/business/DailyNews/snooping_010418
tp://abcnews.go.com/sections/business/DailyNews/snooping_010418
For further details regarding the Pew report, see Robert O'Harrow
"Opinion
er details regarding the Pew report, see Robert O'Harrow
Split on Web Privacy," Washington Post, Apr. 3, 2001, page E12, a
http://washingtonpost.com/wp-dyn/articles/A28560-2001Apr2.html
a
tp://washingtonpost.com/wp-dyn/articles/A28560-2001Apr2.html
a
==========================================================
tml
a
[28] Sales problems for invasive CueCat, TiVo devices
====
tml
a
==========================================================
tml
a
Can privacy concerns hurt sales?
=========================
tml
a
n privacy concerns hurt sales?
=========================
tml
a
That's some people are wondering in light of the struggles faced
controversial Web products. One of them, CueCat, allows users to
special barcodes contained on print articles and advertisements,
triggering their computers into accessing websites for more infor
However, scientists discovered that CueCats include special
infor
individualized
ists discovered that CueCats include special
infor
serial numbers that allow the tracking of computer users as they
the
al numbers that allow the tracking of computer users as they
Internet and the creation of highly detailed profiles regarding t
behavior. Indeed, the maker of CueCats, Digital Convergence, has
admitted
Indeed, the maker of CueCats, Digital Convergence, has
that it "is responsible for the creation and analysis of the larg
consumer database that provides the unique combination of Web tra
with
mer database that provides the unique combination of Web tra
all forms of media." Worse still, Digital Convergence suffered a
security
of media." Worse still, Digital Convergence suffered a
breach several months ago that revealed personal information file
nearly
several months ago that revealed personal information file
140 000 users, including such data as customer names, email addre
and
000 users, including such data as customer names, email addre
postal codes.
including such data as customer names, email addre
stal codes.
including such data as customer names, email addre
Since these revelations, Digital Convergence has suffered serious
marketing
e revelations, Digital Convergence has suffered serious
problems. While 3 million CueCats have been given to consumers, o
about
ms. While 3 million CueCats have been given to consumers, o
100 000 people have actually used them, and even those people ten
to
000 people have actually used them, and even those people ten
swipe CueCats very often (averaging 6 hits per device). During th
month, the company withdrew its plans to publicly offer stock, cl
that
, the company withdrew its plans to publicly offer stock, cl
the market environment would be too hostile to such a move.
, cl
e market environment would be too hostile to such a move.
, cl
The other product, TiVo, is personal video recorder with Internet
connections that includes such features as allowing replays of
et
television
that includes such features as allowing replays of
et
broadcasts within seconds and advanced programming options. Howev
researchers have determined that the device collects detailed
wev
information
have determined that the device collects detailed
wev
about users' viewing habits and sends this data back to the manuf
through the Information Superhighway. While the manufacturer cla
that
gh the Information Superhighway. While the manufacturer cla
these profiles were anonymized, a report from the Privacy Foundat
indicated that the data collected did in fact contain identifying
information (including the serial number of the individual user's
machine).
n (including the serial number of the individual user's
These revelations led several prominent United States Congressmen
call
revelations led several prominent United States Congressmen
for a government investigation into possible trade violations.
en
Meanwhile,
nment investigation into possible trade violations.
en
while the number of subscribers continues the climb, the increase
not
e the number of subscribers continues the climb, the increase
enough to dissuade the company from laying off nearly 25% of its
in
ugh to dissuade the company from laying off nearly 25% of its
an effort to cut costs.
ompany from laying off nearly 25% of its
effort to cut costs.
ompany from laying off nearly 25% of its
See Gwendolyn Mariano, "CueCats sent to the litter box," ZDNet Ne
Mar.
wendolyn Mariano, "CueCats sent to the litter box," ZDNet Ne
29, 2001 at
n Mariano, "CueCats sent to the litter box," ZDNet Ne
http://www.zdnet.com/zdnn/stories/news/0,4586,5080362,00.html
Ne
tp://www.zdnet.com/zdnn/stories/news/0,4586,5080362,00.html
Ne
The Privacy Foundation report on TiVo is posted under
00.html
Ne
http://www.privacyfoundation.org/privacywatch/report.asp?id=62&ac
tp://www.privacyfoundation.org/privacywatch/report.asp?id=62&ac
To read the Congressmen's letter on TiVo privacy concerns, click
http://www.house.gov/commerce_democrats/press/107ltr30.htm
click
tp://www.house.gov/commerce_democrats/press/107ltr30.htm
click
For more on TiVo financial difficulties, read Richard Shim, "TiVo
revamps
on TiVo financial difficulties, read Richard Shim, "TiVo
business plan, sheds workers," CNet News, Apr. 5, 2001 at
, "TiVo
http://news.cnet.com/news/0-1006-200-5520991.html
2001 at
, "TiVo
tp://news.cnet.com/news/0-1006-200-5520991.html
2001 at
, "TiVo
==================================================
001 at
, "TiVo
[29] Digital hospital sparks privacy concerns
====
001 at
, "TiVo
==================================================
001 at
, "TiVo
Concerned about the privacy of your medical records? Would you fe
better if they were all posted online?
ical records? Would you fe
tter if they were all posted online?
ical records? Would you fe
HealthSouth is building a digital hospital that will have devices
make it
uth is building a digital hospital that will have devices
easier to store such details in computerized form, including digi
X-ray
to store such details in computerized form, including digi
machines, an internal wireless data transfer system and portable
computers
an internal wireless data transfer system and portable
for every employee. All of this information will be added to full
automated
employee. All of this information will be added to full
electronic patient databases. HealthSouth CEO Richard Scrushy boa
"What
onic patient databases. HealthSouth CEO Richard Scrushy boa
we're doing now is making a reality out of something that many pe
have
doing now is making a reality out of something that many pe
talked about, but no one has attempted."
f something that many pe
lked about, but no one has attempted."
f something that many pe
However, experts from both the medical and computer programming
e
community
xperts from both the medical and computer programming
e
have expressed reservations about whether sufficient steps have b
taken
xpressed reservations about whether sufficient steps have b
to protect the privacy of these records. Dr. Henry Vitelle, a New
obstetrician, worries that "With all of the stories we hear about
this
trician, worries that "With all of the stories we hear about
website and that government computer system was hacked into, how
feel
te and that government computer system was hacked into, how
good about putting my patients' medical records online? I don't f
comfortable about having records somewhere that they could be tam
with
rtable about having records somewhere that they could be tam
by some joyriding hacker with no sense of the havoc he could caus
These
e joyriding hacker with no sense of the havoc he could caus
fears are in part based on the protocol that will be used by Heal
for
s are in part based on the protocol that will be used by Heal
its internal wireless system-a protocol that has been described b
least
ternal wireless system-a protocol that has been described b
one group as having "major security flaws."
has been described b
e group as having "major security flaws."
has been described b
Similar concerns are being aired over a recent proposal Down Unde
Australian Practice Incentives Program has been altered so that t
Federal
an Practice Incentives Program has been altered so that t
government will pay medical practitioners to send patient data th
email. The plan is designed to entice medical professionals to ma
greater
he plan is designed to entice medical professionals to ma
use of computing technology. However, the new standards apparentl
not
of computing technology. However, the new standards apparentl
require doctors to protect this data (such as by using encryption
against
doctors to protect this data (such as by using encryption
possible interception. Prue Power from the Australian Medical
ion
Association
erception. Prue Power from the Australian Medical
ion
argued that rather than pushing this privacy issue aside, "the Fe
Government ought to be very concerned that one of its programs wo
providing financial incentives for GPs to send clinical informati
an
viding financial incentives for GPs to send clinical informati
insecure manner."
incentives for GPs to send clinical informati
secure manner."
incentives for GPs to send clinical informati
For more about Australian online health privacy concerns, read Ka
Dearne,
about Australian online health privacy concerns, read Ka
"Prescribing a privacy cure," Australian IT, May 1, 2001 at
ad Ka
http://australianit.news.com.au/common/storyPage/0,3811,1948560%5
.htm
//australianit.news.com.au/common/storyPage/0,3811,1948560%5
l
tm
//australianit.news.com.au/common/storyPage/0,3811,1948560%5
tm
//australianit.news.com.au/common/storyPage/0,3811,1948560%5
See also Karen Dearne, "Doctors paid for 'insecure' emails," Aust
IT,
also Karen Dearne, "Doctors paid for 'insecure' emails," Aust
Apr. 17, 2001 at
arne, "Doctors paid for 'insecure' emails," Aust
http://australianit.news.com.au/common/storyPage/0,3811,1900441%5
.htm
//australianit.news.com.au/common/storyPage/0,3811,1900441%5
l
tm
//australianit.news.com.au/common/storyPage/0,3811,1900441%5
tm
//australianit.news.com.au/common/storyPage/0,3811,1900441%5
For more on HealthSouth, read Michelle Delio, "How Secure Is Digi
Hospital?" Wired News, Mar. 28, 2001 at
elio, "How Secure Is Digi
http://www.wired.com/news/technology/0,1282,42656,00.html
Is Digi
tp://www.wired.com/news/technology/0,1282,42656,00.html
Is Digi
==================================================
0.html
Is Digi
[30] Upcoming Japan privacy conferences
==========
0.html
Is Digi
==================================================
0.html
Is Digi
Two meetings will be held in Tokyo this month to discuss emerging
in
meetings will be held in Tokyo this month to discuss emerging
the field of data privacy.
n Tokyo this month to discuss emerging
e field of data privacy.
n Tokyo this month to discuss emerging
The first meeting, entitled "The Dark Side of IT Society," will t
place
rst meeting, entitled "The Dark Side of IT Society," will t
on May 6 and will consist of two sessions. In the afternoon, seve
experts
and will consist of two sessions. In the afternoon, seve
will give presentations on the recently enacted Japanese Wiretapp
Law,
give presentations on the recently enacted Japanese Wiretapp
Biometrics, IC cards and other High-tech privacy issues. Takao Sa
the
etrics, IC cards and other High-tech privacy issues. Takao Sa
author of "Privacy Crisis" will give the keynote speech on "Surve
Society and Privacy in Japan." The evening session will consist o
discussions between the presenters. The event is being organized
coalition of civil society groups, including Japanese Networkers
Surveillance Taskforce (NaST-a GILC member), Privacy Action, the
Japanese
nce Taskforce (NaST-a GILC member), Privacy Action, the
Consumer Union, and JCA-Net, among others.
, Privacy Action, the
nsumer Union, and JCA-Net, among others.
, Privacy Action, the
The second meeting, scheduled for the evening of May 21, will exp
numerous emerging privacy issues, particularly the ramifications
various
emerging privacy issues, particularly the ramifications
cybercrime proposals from around the world. This session will fea
several speakers, including Barry Steinhardt, Associate Director
American Civil Liberties Union (ACLU-a GILC member), and Toshimar
from NaST.
il Liberties Union (ACLU-a GILC member), and Toshimar
om NaST.
il Liberties Union (ACLU-a GILC member), and Toshimar
For further information on the May 6 meeting, click
and Toshimar
http://www.han-kanshi.net/010506flyer.html
g, click
and Toshimar
tp://www.han-kanshi.net/010506flyer.html
g, click
and Toshimar
For an English-language translation, see
l
g, click
and Toshimar
http://www.han-kanshi.net/010506flyer_eng.html
lick
and Toshimar
tp://www.han-kanshi.net/010506flyer_eng.html
lick
and Toshimar
or send email to
nshi.net/010506flyer_eng.html
lick
and Toshimar
Pri...@jca.apc.org
i.net/010506flyer_eng.html
lick
and Toshimar
iv...@jca.apc.org
i.net/010506flyer_eng.html
lick
and Toshimar
Inquiries regarding the May 21 seminar should be sent to
oshimar
To...@jca.apc.org
ng the May 21 seminar should be sent to
oshimar
m...@jca.apc.org
ng the May 21 seminar should be sent to
oshimar
=========================================================
oshimar
ABOUT THE GILC NEWS ALERT:
======================
oshimar
==========================================================
shimar
The GILC News Alert is the newsletter of the Global Internet Libe
Campaign, an international coalition of organizations working to
and
aign, an international coalition of organizations working to
enhance online civil liberties and human rights. Organizations a
invited
online civil liberties and human rights. Organizations a
to join GILC by contacting us at
d human rights. Organizations a
gi...@gilc.org.
contacting us at
d human rights. Organizations a
l...@gilc.org.
contacting us at
d human rights. Organizations a
To alert members about threats to cyber liberties, please contact
members
members about threats to cyber liberties, please contact
from your country or send a message to the general GILC address.
om your country or send a message to the general GILC address.
To submit information about upcoming events, new activist tools a
stories, contact:
ion about upcoming events, new activist tools a
ories, contact:
ion about upcoming events, new activist tools a
Christopher Chiu
ion about upcoming events, new activist tools a
GILC Coordinator
ion about upcoming events, new activist tools a
American Civil Liberties Union
oming events, new activist tools a
125 Broad Street, 17th Floor
n
oming events, new activist tools a
New York, New York 10004
oor
n
oming events, new activist tools a
USA
York, New York 10004
oor
n
oming events, new activist tools a
A
York, New York 10004
oor
n
oming events, new activist tools a
Or email:
New York 10004
oor
n
oming events, new activist tools a
cc...@aclu.org
ork 10004
oor
n
oming events, new activist tools a
h...@aclu.org
ork 10004
oor
n
oming events, new activist tools a
More information about GILC members and news is available at
ls a
http://www.gilc.org
ut GILC members and news is available at
ls a
tp://www.gilc.org
ut GILC members and news is available at
ls a
You may re-print or redistribute the GILC NEWS ALERT freely.
ls a
u may re-print or redistribute the GILC NEWS ALERT freely.
ls a
To subscribe to the alert, please send e-mail to
ERT freely.
ls a
gilc-a...@gilc.org
rt, please send e-mail to
ERT freely.
ls a
lc-an...@gilc.org
rt, please send e-mail to
ERT freely.
ls a
with the following message in the body:
-mail to
ERT freely.
ls a
subscribe gilc-announce
ge in the body:
-mail to
ERT freely.
ls a
bscribe gilc-announce
ge in the body:
-mail to
ERT freely.
ls a
========================================================
ly.
ls a
PUBLICATION OF THIS NEWSLETTER IS MADE POSSIBLE BY A
===
ly.
ls a
GRANT FROM THE OPEN SOCIETY INSTITUTE (OSI)
BLE BY A
===
ly.
ls a
========================================================
ly.
ls a
======================================================
ly.
ls a
======================================================
ly.
ls a