Officials from the online advertising firm admitted that intruders had
invaded its systems. The attack was sufficiently serious that
DoubleClick
shutdown a few of its servers in order to help investigators track down
perpetrators. A spokesperson termed the incident "mischievous in nature"
but
claimed that the incident did not have "any serious impact to our
networks."
The breach came just as a Federal judge in the United States dismissed a
privacy lawsuit against DoubleClick. The suit revolved around company's
admission that it had been tracking viewers through the Internet by
placing
digital identification numbers in files known as "cookies" on a user's
hard
drive, which it matches with name and address information that has been
collected by its partners. Despite initial claims to the contrary,
DoubleClick planned to match this data with more extensive information
contained in millions of files maintained by its merger partner Abacus
Direct. DoubleClick put aside its data-matching plan after a storm of
public
criticism. Several consumers then took legal action against the company,
claiming that DoubleClick's cookie tracking scheme violated various
state
and Federal laws. It is not clear whether the plaintiffs will now appeal
the
dismissal.
See "DoubleClick: We've been hit," Reuters, Mar. 30, 2001 at
http://www.zdnet.com/zdnn/stories/news/0,4586,5080420,00.html
See also Michael Bartlett, "Attorney Fires Back At Judge In DoubleClick
Privacy Case," Newsbytes, Mar. 30, 2001 at
http://www.newsbytes.com/news/01/163925.html
======================================================
[26] German gov't searches Net music lovers' homes
======================================================
Watch out if you're downloading music off the Internet. The German
government may use force (both in person and through the network) to
stop
you.
German government agents recently invaded the homes of 103 people,
claiming
that they were trading online music files of "skinhead bands." As part
of
this sweep, police officers seized computers and discs while pressing
charges that could lead to 3-year prison sentences. Law enforcement
officials argued that they had the right to enter these private
residences
and that it was illegal for individuals to transfer these MP3 files over
the
Internet. These claims came despite the fact that it is legal under
German
law to listen to such materials.
In addition, German politicians are tacitly admitting their support for
plans to allow government agents to hack into private websites. German
Interior Minister Otto Schilly mentioned in a recent interview that
government agents may send voluminous amounts of email messages to
offending
webpages, in the hopes of disrupting their servers. A Schilly spokesman
later tried to justify such attacks by saying that many of the sites to
be
targeted sites "are put onto the Internet in foreign countries, so it's
very
difficult to use German law. We have to think about all the lawful
possibilities." No one from the German government has explained
precisely
what criteria would be used to determine which websites would be
targeted.
These statements have alarmed many members of the privacy community.
Andy
Mueller-Maguhn of the Chaos Computer Club (CCC-a GILC member) said he
expected government operatives "to say they won't do anything that is
outside of German law or the law of any other country." He further
warned
that any ideas of arbitrarily hacking private websites "is not
compatible
with being Minister of the Interior for any democratic government on the
planet. Of course there might be governments with that style. But
normally
that's not the behavior of a democratic state or country."
Read Adam Tanner, "Germany Cracks Down on Internet Nazi Music Trade,"
Reuters, Apr. 10, 2001 at
http://www.infowar.com/law/01/law_041001d_j.shtml
See also Steve Kettmann, "German Pol Backtracks on Hack," Wired News,
Apr.
10, 2001 at
http://www.wired.com/news/politics/0,1283,42961,00.html
For original story, see Frank Patalong, "Mit Hackermoden gegen
Neonazis,"
Der Spiegel, Apr. 6, 2001 at
http://www.spiegel.de/netzwelt/politik/0,1518,126921,00.html
For background information, see Thomas C. Greene, "German may strike
Nazi
sites with DoS attacks," The Register (UK), Apr. 9, 2001 at
http://www.theregister.co.uk/content/8/18200.html
==========================================================
[27] Privacy surveys reflect public unease
==========================================================
Recent studies suggest that people may not know precisely what threatens
their privacy online, but they don't like what they see...and those
threats
are becoming more prevalent.
In a report from the Pew Internet & American Life Project, the vast
majority
of respondents (62%) wanted stronger laws to protect against online
surveillance. Furthermore, two thirds of those surveyed did not
necessarily
trust the government to do the right thing when wiretapping the
Internet,
and nearly 80% of participants were worried about online fraud. However,
the
study also showed some confusion about specific programs that may curb
privacy, and that there is a need for further public education about the
subject. For example, only about 20% of respondents were aware of the
United
States government's Carnivore spyware system. Evan Hendricks of the
Privacy
Times commented that the "public's simply not aware of the power of
Carnivore and the likelihood it will be abused if it's run as the FBI
[U.S.
Federal Bureau of Investigations] proposes."
Meanwhile, a report from the American Management Association indicates
workplace surveillance is growing. According to the AMA's research,
about 4
out of 5 major companies intercept their worker's phone calls, email or
other Internet transmissions. This percentage rose dramatically in some
industries, particularly financial firms (such as banks), where over 92%
of
surveyed companies snoop on their employees. These latest figures
contrast
with numbers compiled just four years ago, when about 35% of the firms
participating in the study carried out these kinds of surveillance
activities.
For more on the AMA study, see Romy Ribitzky, "Corporate Snooping on
Rise,"
ABCNews.com (US), Apr. 18, 2001 at
http://abcnews.go.com/sections/business/DailyNews/snooping_010418.html
For further details regarding the Pew report, see Robert O'Harrow,
"Opinion
Split on Web Privacy," Washington Post, Apr. 3, 2001, page E12, at
http://washingtonpost.com/wp-dyn/articles/A28560-2001Apr2.html
==========================================================
[28] Sales problems for invasive CueCat, TiVo devices
==========================================================
Can privacy concerns hurt sales?
That's some people are wondering in light of the struggles faced by two
controversial Web products. One of them, CueCat, allows users to scan
special barcodes contained on print articles and advertisements, thus
triggering their computers into accessing websites for more information.
However, scientists discovered that CueCats include special
individualized
serial numbers that allow the tracking of computer users as they surf
the
Internet and the creation of highly detailed profiles regarding their
behavior. Indeed, the maker of CueCats, Digital Convergence, has
admitted
that it "is responsible for the creation and analysis of the largest
consumer database that provides the unique combination of Web tracking
with
all forms of media." Worse still, Digital Convergence suffered a
security
breach several months ago that revealed personal information files on
nearly
140 000 users, including such data as customer names, email addresses
and
postal codes.
Since these revelations, Digital Convergence has suffered serious
marketing
problems. While 3 million CueCats have been given to consumers, only
about
100 000 people have actually used them, and even those people tend not
to
swipe CueCats very often (averaging 6 hits per device). During the past
month, the company withdrew its plans to publicly offer stock, claiming
that
the market environment would be too hostile to such a move.
The other product, TiVo, is personal video recorder with Internet
connections that includes such features as allowing replays of
television
broadcasts within seconds and advanced programming options. However,
researchers have determined that the device collects detailed
information
about users' viewing habits and sends this data back to the manufacturer
through the Information Superhighway. While the manufacturer claims
that
these profiles were anonymized, a report from the Privacy Foundation
indicated that the data collected did in fact contain identifying
information (including the serial number of the individual user's
machine).
These revelations led several prominent United States Congressmen to
call
for a government investigation into possible trade violations.
Meanwhile,
while the number of subscribers continues the climb, the increases were
not
enough to dissuade the company from laying off nearly 25% of its workers
in
an effort to cut costs.
See Gwendolyn Mariano, "CueCats sent to the litter box," ZDNet News,
Mar.
29, 2001 at
http://www.zdnet.com/zdnn/stories/news/0,4586,5080362,00.html
The Privacy Foundation report on TiVo is posted under
http://www.privacyfoundation.org/privacywatch/report.asp?id=62&action=0
To read the Congressmen's letter on TiVo privacy concerns, click
http://www.house.gov/commerce_democrats/press/107ltr30.htm
For more on TiVo financial difficulties, read Richard Shim, "TiVo
revamps
business plan, sheds workers," CNet News, Apr. 5, 2001 at
http://news.cnet.com/news/0-1006-200-5520991.html
==================================================
[29] Digital hospital sparks privacy concerns
==================================================
Concerned about the privacy of your medical records? Would you feel any
better if they were all posted online?
HealthSouth is building a digital hospital that will have devices to
make it
easier to store such details in computerized form, including digitized
X-ray
machines, an internal wireless data transfer system and portable
computers
for every employee. All of this information will be added to fully
automated
electronic patient databases. HealthSouth CEO Richard Scrushy boasted:
"What
we're doing now is making a reality out of something that many people
have
talked about, but no one has attempted."
However, experts from both the medical and computer programming
community
have expressed reservations about whether sufficient steps have been
taken
to protect the privacy of these records. Dr. Henry Vitelle, a New York
obstetrician, worries that "With all of the stories we hear about how
this
website and that government computer system was hacked into, how can I
feel
good about putting my patients' medical records online? I don't feel
comfortable about having records somewhere that they could be tampered
with
by some joyriding hacker with no sense of the havoc he could cause."
These
fears are in part based on the protocol that will be used by HealthSouth
for
its internal wireless system-a protocol that has been described by at
least
one group as having "major security flaws."
Similar concerns are being aired over a recent proposal Down Under. The
Australian Practice Incentives Program has been altered so that the
Federal
government will pay medical practitioners to send patient data through
email. The plan is designed to entice medical professionals to make
greater
use of computing technology. However, the new standards apparently do
not
require doctors to protect this data (such as by using encryption)
against
possible interception. Prue Power from the Australian Medical
Association
argued that rather than pushing this privacy issue aside, "the Federal
Government ought to be very concerned that one of its programs would be
providing financial incentives for GPs to send clinical information in
an
insecure manner."
For more about Australian online health privacy concerns, read Karen
Dearne,
"Prescribing a privacy cure," Australian IT, May 1, 2001 at
http://australianit.news.com.au/common/storyPage/0,3811,1948560%5E501,00
.htm
l
See also Karen Dearne, "Doctors paid for 'insecure' emails," Australian
IT,
Apr. 17, 2001 at
http://australianit.news.com.au/common/storyPage/0,3811,1900441%5E442,00
.htm
l
For more on HealthSouth, read Michelle Delio, "How Secure Is Digital
Hospital?" Wired News, Mar. 28, 2001 at
http://www.wired.com/news/technology/0,1282,42656,00.html
==================================================
[30] Upcoming Japan privacy conferences
==================================================
Two meetings will be held in Tokyo this month to discuss emerging trends
in
the field of data privacy.
The first meeting, entitled "The Dark Side of IT Society," will take
place
on May 6 and will consist of two sessions. In the afternoon, several
experts
will give presentations on the recently enacted Japanese Wiretapping
Law,
Biometrics, IC cards and other High-tech privacy issues. Takao Saito,
the
author of "Privacy Crisis" will give the keynote speech on "Surveillance
Society and Privacy in Japan." The evening session will consist of panel
discussions between the presenters. The event is being organized by a
coalition of civil society groups, including Japanese Networkers against
Surveillance Taskforce (NaST-a GILC member), Privacy Action, the
Japanese
Consumer Union, and JCA-Net, among others.
The second meeting, scheduled for the evening of May 21, will explore
numerous emerging privacy issues, particularly the ramifications of
various
cybercrime proposals from around the world. This session will feature
several speakers, including Barry Steinhardt, Associate Director of the
American Civil Liberties Union (ACLU-a GILC member), and Toshimaru Ogura
from NaST.
For further information on the May 6 meeting, click
http://www.han-kanshi.net/010506flyer.html
For an English-language translation, see
http://www.han-kanshi.net/010506flyer_eng.html
or send email to
Pri...@jca.apc.org
Inquiries regarding the May 21 seminar should be sent to
To...@jca.apc.org
=========================================================
ABOUT THE GILC NEWS ALERT:
==========================================================
The GILC News Alert is the newsletter of the Global Internet Liberty
Campaign, an international coalition of organizations working to protect
and
enhance online civil liberties and human rights. Organizations are
invited
to join GILC by contacting us at
gi...@gilc.org.
To alert members about threats to cyber liberties, please contact
members
from your country or send a message to the general GILC address.
To submit information about upcoming events, new activist tools and news
stories, contact:
Christopher Chiu
GILC Coordinator
American Civil Liberties Union
125 Broad Street, 17th Floor
New York, New York 10004
USA
Or email:
cc...@aclu.org
More information about GILC members and news is available at
http://www.gilc.org
You may re-print or redistribute the GILC NEWS ALERT freely.
To subscribe to the alert, please send e-mail to
gilc-a...@gilc.org
with the following message in the body:
subscribe gilc-announce
========================================================
PUBLICATION OF THIS NEWSLETTER IS MADE POSSIBLE BY A
GRANT FROM THE OPEN SOCIETY INSTITUTE (OSI)
========================================================