[Sigifp-l] FW: online policy newsletter from Global Internet Liberty Campaign

Mon Apr 12 22:30:22 EDT 2004

Some of you may find this newsletter of interest. Subscription information
is provided at the bottom of the posting.

Shelly Warwick
Assistant Professor
Graduate School of Library and Information Studies
Queens College
BRL-254
65-30 Kissena Boulevard
Flushing, NY 11367
Voice: 718-997-3757
Fax: 718-997-3797
swarwick at sprynet.com

> > ======================
> GILC Alert
> Volume 8, Issue 3
> 6 April 2004
>
> Welcome to the Global Internet Liberty Campaign Newsletter.
>
> Welcome to GILC Alert, the newsletter of the Global Internet Liberty
> Campaign. We are an international organization of groups working for
> cyber-liberties, who are determined to preserve civil liberties and human
rights on the Internet.
> We hope you find this newsletter interesting, and we very much hope that
you will avail yourselves of the action items in future issues.
> If you are a part of an organization that would be interested in joining
GILC, please contact us at <gilc at gilc.org>.
> If you are aware of threats to cyber-liberties that we may not know
about, please contact the GILC members in your country, or contact GILC as
a whole. 
> Please feel free to redistribute this newsletter to appropriate forums.
>
> ===============================================
> Free expression
> [1] Canadian judge: Net file-sharing is legal
> [2] Showdown looms for controversial French digital economy bill 
> [3] Report: China blocks weblogs over Tienanmen article
> [4] South Korean gov't arrests Net political protestors
> [5] Syria blocks Kurdish news websites
> [6] UN holds Internet governance forum
> [7] European Parliament approves EuroDMCA 
> [8] Net speech curbs again argued before U.S. high court
> [9] Legal battle over Korean music-storing phones
> [10] U.S. local officials threaten file-sharing software makers
> [11] New Internet uploading anti-anonymity bills
> [12] Lawsuit filed over digital television crippleware rules
> [13] Saudi gov't lifts blocks on 2 gay websites
> [14] Japanese Web headlines copyright lawsuit thrown out
> [15] Study: expanded intellectual property laws bad for business
> [16] Online repression awards given out
>
> Privacy
> [17] U.S. gov't wants spy-friendly broadband & Net telephony rules
> [18] New Google Gmail service causes privacy worries
> [19] International cybercrime treaty enters into force
> [20] Japanese broadband provider suffers security breach
> [21] U.S. anti-spyware bills appear
> [22] Serious security flaw found in Hotmail and Yahoo email
> [23] New Nigerian draft cybercrime bill
> [24] Microsoft warns of new Outlook security bug 
> [25] EBay warns of PayPal security snafus
> [26] Study: workplace monitoring increases, with little benefit
>
> ==============================================================
> [1] Canadian judge: Net file-sharing is legal
> ==============================================================
> A Canadian court has upheld the legality of sharing music files along the
Information Superhighway.
>
> The Canadian Recording Industry Association (CRIA) had sought a court
order to identify 29 Internet users who it claimed had engaged in illegal
sharing of copyrighted files. However, presiding judge Konrad von
Finckenstein rejected CRIA's request and held that the targeted users did
not violate the country's copyright laws. Among other things, Judge von
Finckenstein wrote: "The mere fact of placing a copy on a shared directory
in a computer where that copy can be accessed via a P2P [peer-to-peer]
service does not amount to distribution. Before it constitutes
distribution, there must be a positive act by the owner of the shared
directory, such as sending out the copies or advertising that they are
available for copying." Free speech experts have welcomed the ruling;
Howard Knopf from the University of Ottawa' Canadian Internet Policy and
Public Interest Clinic (which argued on behalf of the defendants) called
the decision "a big victory for technology and the Internet and all the
people who use technology and the Internet in Canada."
>
> The decision came as other recording industry trade groups are engaged in
broadly similar court battles around the world. For example, the
International Federation for the Phonographic Industry (IFPI) had announced
that it would sue 247 Internet users in Canada, Italy, Germany, and Denmark
who it claims illegally traded music files through the Information
Superhighway. In addition, the British Phonographic Industry had started
sending warnings via instant messaging networks to purported file-sharers
suggesting that their activities may be a violation of copyright law.
Meanwhile, an Australian judge has upheld the legality of raids by Music
Industry Privacy Investigations (MIPI) on the offices of various
universities and private businesses in an effort to gather personal
information on Internet users, although MIPI will have to wait at least a
month before it can examine the seized materials. Finally, the Recording
Industry Association of America (RIAA) has launched a sixth wave of
lawsuits against Internet users who allegedly have engaged in copyright
infringement by sharing music files online-an effort that has encountered
determined opposition from various groups, including GILC members the
American Civil Liberties Union and EFF as well as Public Citizen.
>
> To read the text of the Canadian court decision (in PDF format), click
> http://www.fct-cf.gc.ca/bulletins/whatsnew/T-292-04.pdf
>
> See John Borland, "Judge: File-sharing legal in Canada," CNET News, 31
March 2004 at
> http://news.com.com/2102-1027_3-5182641.html
>
> Further information is available from the Politech listserv under
> http://politechbot.com/pipermail/politech/2004-March/000572.html
>
> For coverage in German (Deutsch), see "Online-Musiktausch ist in Kanada
legal," Heise Online, 1 April 2004 at
> http://www.heise.de/newsticker/meldung/46193
>
> Read "Europe's song-swappers face court," BBC News Online, 30 March 2004
at
> http://news.bbc.co.uk/1/hi/entertainment/music/3581935.stm
>
> See "Court threat to UK song-swappers," BBC News, 25 March 2004 at
> http://news.bbc.co.uk/1/hi/entertainment/music/3567417.stm
>
> To read the text of the Australian court decision upholding the legality
of the MIPI raids, click
> http://www.austlii.edu.au/au/cases/cth/federal_ct/2004/183.html
>
> Read Sam Varghese, "Kazaa case: access to seized materials delayed,"
Sydney Morning Herald, 24 March 2004 at
> http://www.smh.com.au/articles/2004/03/24/1079939686550.html 
>
> See also Sam Varghese, "Kazaa case ruling: Sharman considering appeal,"
Sydney Morning Herald, 5 March 2004 at
> http://www.smh.com.au/articles/2004/03/05/1078378950713.html
>
> Read Patrick Gray, "Kazaa Tripped Up in Aussie Court," Wired News, 4
March 2004 at
> http://wired.com/news/print/0,1294,62532,00.html
>
> Read John Borland, "New RIAA file-swapping suits filed," CNET News, 23
March 2004 at
> http://news.com.com/2102-1027_3-5177933.html
>
> See Benny Evangelista and Patrick Hoge, "Music industry files more
suits/RIAA going after people using university computer systems to download
music," San Francisco Chronicle, 24 March 2004 at 
> http://sfgate.com/cgi-bin/article.cgi?f=/c/a/2004/03/24/BUGNL5Q0PO15.DTL
>
> See also Katie Dean, "One File Swapper, One Lawsuit," Wired News, 8 March
2004 at
> http://wired.com/news/print/0,1294,62576,00.html
>
> =================================================================
> [2] Showdown looms for controversial French digital economy bill
=================================================================
> The French Senate is expected to start discussions soon on a proposal
that critics say will erode civil liberties online.
>
> The French digital economy bill (known as le projet de loi sur la
confiance dans l'économie numérique or LEN), which is supposed to help
France comply with a June 2000 European Union (EU) directive, includes
language that would make Internet service providers liable for content on
websites that they host. More specifically, they would have to "act
promptly" to take down material "after becoming aware of their unlawful
nature" or face legal retribution-a process that currently requires
judicial approval. The bill also essentially eliminates the doctrine that
email should be treated as "private correspondence," creating the
possibility that such messages can be more easily intercepted by third
parties. The French Senate is expected to debate the proposal on 8 April
2004; the National Assembly has already adopted a version of the bill.
>
> The plan have drawn fire from several quarters for months. Reporters Sans
Frontieres (RSF-a GILC member) has warned: "If the LEN is approved,
excessive Internet censorship is likely to ensue." Similar concerns have
been expressed by Imaginons un Reseau Internet Solidaire (IRIS-a GILC
member), which has started an anti-LEN petition drive. 
>
> For an IRIS report on LEN (with in-depth analysis of key LEN provisions
and a proposal for modifications), click
> http://www.iris.sgdg.org/info-debat/comm-point-len0304.html
>
> For more about LEN as well as the IRIS petition drive, see
> http://www.iris.sgdg.org/actions/len
>
> To read RSF's comments on the plan, click
> http://www.rsf.fr/article.php3?id_article=9714
>
> =========================================================
> [3] Report: China blocks weblogs over Tienanmen article
> =========================================================
> The Chinese government is apparently denying access to various web
journals in response to a letter that criticizes the ruling regime.
>
> Chinese authorities reportedly have targeted Blogbus.com and Blogcn.com
as well as weblogs hosted by Typepad after a letter from Jiang Yanyong, a
distinguished military doctor, appeared online. In the document, Jiang
called on the Politburo to reverse its decisions with regard to the 1989
massacre of protestors in Tienanmen Square. He called the official verdict
(which condemned the protestors as "counter-revolutionary") a "mistake" by
the ruling Communist Party that "should be resolved by the party itself."
The letter was posted on Blogbus and Blogcn; several Typepad-hosted blogs
later included discussion of Jiang's missive. The Chinese government's
actions were condemned by various free speech groups, including Reporters
Sans Frontieres (RSF-a GILC member): "After closing websites and discussion
forums, the Chinese authorities are now targeting blogs, one of the last
outlets for expression still open to Internet-users." 
>
> The weblog shutdown is just one of many moves that Beijing has made over
the past month to stifle dissent. Chinese authorities continue to detain
numerous Internet dissidents, including Ma Yalian, who may spend the next
18 months in a Chinese labor camp for criticizing failings in China's
citizen grievances system, and Ouyang Yi, who was sentenced to 2 years in
prison for writing an open letter urging the gradual democratization of the
country. Chinese government officials have also issued rules that severely
restricted businesses from opening new cybercafes-a move designed to
prevent the spread of what authorities call "harmful cultural information."
Similarly, the websites of several prominent overseas news sources, such as
the Wall Street Journal, Deutsche Welle and Slashdot, have now been
blocked. 
>
> For more information on the weblog blocks and the Ma Yalian case, visit
the RSF website under
> http://www.rsf.fr/article.php3?id_article=9703
>
> See also
> http://www.sinosplice.com/adoptablog 
>
> Read Bill Salvadore, "Protestor alleging abuses is sent to a labor camp,"
South China Morning Post, 2 April 2004 at
> http://www.asiamedia.ucla.edu/article.asp?parentid=9694
>
> For more on the Ouyang Yi case, click
> http://www.rsf.org/article.php3?id_article=9632
>
> See "Dissident gets two years for internet democracy letter," South China
Morning Post, 25 March 2004 at
> http://www.asiamedia.ucla.edu/article.asp?parentid=9353
>
> Read Benjamin Kang Lim, "Beijing reacts over Tiananmen letter," The Age
(AU), 9 March 2004 at
> http://www.asiamedia.ucla.edu/article.asp?parentid=8683
>
> See "Mainland censors target blogs," South China Morning Post, 19 March
2004 at
> http://www.asiamedia.ucla.edu/article.asp?parentid=9168
>
> Read Sidney Luk, "Clampdown will not stop growth in cyber cafes," South
China Morning Post, 13 March 2004 at
> http://www.asiamedia.ucla.edu/article.asp?parentid=8869
>
> For background information on Chinese Internet censorship efforts, see
Clark Boyd, "Bypassing China's net firewall," BBC News, 10 March 2004 at
> http://news.bbc.co.uk/1/hi/technology/3548035.stm
>
> =========================================================
> [4] South Korean gov't arrests Net political protestors
> =========================================================
> Free speech advocates are crying foul after the South Korean government
arrested two students over their online political speech.
>
> Shin Sang-min and another student known simply as Kwon were detained at
the behest of the South Korean National Election Commission (NEC). Both men
had distributed online cartoons that lampooned various opposition
politicians and suggested that the opponents of the country's president,
Roh Moo-hyon, would be defeated in national elections, which are scheduled
for this April. Shin explained: "I was always interested in politics so I
wanted to do something active other than simply chatting with friends. Then
during last winter vacation I began to learn how to make online images. I
wanted to share my political views with the broader public." 
>
> Subsequently, Shin and Kwon were prosecuted under an NEC decree (issued
in mid-March of this year) that essentially restricts online political news
activities. Among other things, under the decree, it is illegal to
disseminate "false information," and the NEC can demand and receive the
names and addresses of alleged offenders through their respective Internet
Service Providers. The Commission has interpreted the term "false
information" broadly, saying that the cartoons sent by Kwon were "false
information aiming to prevent opposition parties in the upcoming election."
According to the NEC, he violated the law merely "by posting pictures on
websites other than his personal page, and by letting other Internet users
download them." Reports indicate that many other individuals (including a
number of Shin's friends) are now under police investigation for the same
reasons.
>
> Many observers feel that the arrests are politically motivated and are
meant to deter public expressions of support for Roh, who was recently
impeached. Reporters Sans Frontieres (RSF-a GILC member) condemned the
NEC's actions, saying that the prosecution of people like Kwon "clearly
constitutes a violation of free expression on the Internet." Similarly,
Choi Nae-hyun from Internet news site Mediamob complained: "Charging
Internet users ... is nothing less then an attack on the people's right to
participate freely in politics." Shin himself called the charges "absurd. I
made these images based entirely on news reports. I didn't invent any false
stories about the politicians. Why is it different from editorials or
commentaries critical of lawmakers' wrong behavior? ... I just expressed on
the Internet my political opinions." 
>
> For the latest details, visit the RSF website at
> http://www.rsf.org/article.php3?id_article=9667
>
> Read Kim So-young, "Political parodies: free expression or law
violations?" Korea Herald, 6 April 2004 at
> http://www.asiamedia.ucla.edu/article.asp?parentid=9788
>
> See Kim Rahn, "Controversy erupts over online political parodies," Korea
Times, 24 March 2004 at
> http://www.asiamedia.ucla.edu/article.asp?parentid=9350
>
> Read Yoon Won-sup, "NEC Starts Crackdown on Illegal Cyber Campaigning
Activities," Korea Times, 18 March 2004 at
> http://times.hankooki.com/lpage/nation/200403/kt2004031816522111950.htm
>
> See also Byun Duk-kun, "'Netizens' go too far in denouncing impeachment,"
Korea Times, 16 March 2004 at
> http://www.asiamedia.ucla.edu/article.asp?parentid=8961
>
> For background information regarding Korean online political speech, see
O Youn-hee, "Internet revolutionizes campaign," Korea Herald, 2 April 2004
at
> http://www.asiamedia.ucla.edu/article.asp?parentid=9693
>
> For further details concerning Roh's impeachment, click 
> http://times.hankooki.com/lpage/200403/kt2004031414500710160.htm
>
> See also "Court reviews S Korea impeachment," BBC News Online, 18 March
2004 at
> http://news.bbc.co.uk/1/hi/world/asia-pacific/3522114.stm
>
> ================================================================
> [5] Syria blocks Kurdish news websites
> ================================================================
> The Syrian government has reportedly barred its citizens from visiting
two prominent news websites.
>
> Syrian authorities have targeted www.Amude.com and www.Qamislo.com, which
included coverage of demonstrations by the Middle Eastern nation's Kurdish
minority. Although the websites themselves (which are hosted in Germany)
have not been shutdown, officials at the state-operated Syrian
Telecommunications Establishment in conjunction with both national Internet
service providers (which are government-controlled) are denying access to
content on the website. The blocks have also been applied to variations on
the domain name, so that Internet users in Syria are unable to reach the
webpage even if they use an alternative address (such as Amude.net). Not
surprisingly, free speech groups have condemned the Syrian government's
actions. Reporters Sans Frontieres (RSF-a GILC member) issued a statement
saying it was "disgusted by the regime's authoritarian attitude and
flagrant contempt for freedom of expression."
>
> Meanwhile, human rights activists remain concerned about the condition of
two Syrian men who are still behind bars in connection with their online
activities. Syrian government agents arrested Abdel Rahman Shagouri in
February 2003 for sending an online newsletter by www.ThisIsSyria.Net, a
banned political website. In addition, Massud Hamid was arrested in July of
last year after photos of a Kurdish protest were posted on the Amude.com.
>
> For more information, visit the RSF website under
> http://www.rsf.org/article.php3?id_article=9678
>
> =========================================================
> [6] UN holds Internet governance forum
> =========================================================
> A United Nations (UN) event that focused on Internet governance issues
has ended with few concrete decisions and even disillusionment among some
participants.
>
> A UN Information and Communications Technology Task Force held an
invite-only conference to "address the outcomes of the Geneva phase" of the
World Summit on the Information Society (WSIS). The event, which took place
at UN headquarters in New York on 25-27 March 2004, was meant as "a Global
Forum on the subject of Internet governance." Participants discussed a
number of topics, including whether the functions of the Internet
Corporation for Assigned Names and Numbers (ICANN), which is currently
tasked with running the Internet domain name system, should be taken over
by another body, strategies for bridging the digital divide, and the need
for substantive national-level implementation of long-standing human rights
accords in the online context.
>
> The meetings, which were not meant to be negotiating sessions, did not
result in any detailed agreements on how best to resolve the many
wide-ranging issues that were discussed. Indeed, representatives from some
non-governmental organizations expressed resentment and disappointment,
feeling that their concerns on various subjects (such as the robust defense
of human rights online) were largely ignored or otherwise given short
shrift at the forum. Continued discussion of these matters is expected at
future Task Force meetings as well as an upcoming WSIS Preparatory
Committee meeting scheduled for 23-26 June 2004 in Tunis.
>
> The official forum website is located at
> http://www.unicttaskforce.org/sixthmeeting/
>
> For a critique of the meeting, visit the ICANN Watch website under
> http://www.icannwatch.org/articles/04/03/28/2259208.shtml
>
> Read "UN hosts debate on how to govern the 'digital divide,'" Taipei
Times, 27 March 2004 at
> http://www.asiamedia.ucla.edu/article.asp?parentid=9567
>
> See Declan McCullagh, "Who should govern the Net?" CNET News, 26 March
2004 at
> http://news.com.com/2102-1028_3-5180134.html
>
> See also Declan McCullagh, "United Nations ponders Net's future," CNET
News, 26 March 2004 at 
> http://news.com.com/2102-1028_3-5179694.html
>
> To visit the official WSIS site, click
> http://www.itu.int/wsis/
>
> For further background information, visit
> http://www.internetdemocracyproject.org
>
> =========================================================
> [7] European Parliament approves EuroDMCA 
> =========================================================
> The European Parliament has approved a proposal that would dramatically
expand the powers of intellectual property holders.
>
> The European Intellectual Property Enforcement Directive supposedly will
simplify the enforcement of copyrights, patents, and trademarks throughout
the continent. Among other things, the proposal includes provisions that
essentially will give intellectual property holders broad subpoena powers
to collect personal information. The plan also will increase civil
liability for infringements even if done accidentally, unknowingly or for
non-commercial purposes. The proposal's general outlines have drawn
comparisons to the much-maligned United States Digital Millennium Copyright
Act (DMCA), which contains analogous language. 
>
> The European Parliament approved the Directive last month by a vote of
307 to 185. Many groups blasted the decision; Robin Gross, the executive
director of IP Justice (a GILC member), charged: "Traditional civil
liberties, fairness, balance, and proportionality have all be thrown to the
wind in the over-zealous rush to pass this dangerous directive." Similar
concerns were aired by the European Digital Rights Initiative, which warned
that the plan's broad scope could be abused: "This directive should be
targeted at organised crime, not teenage file-sharers and their parents."
The proposal will now go the European Council of Ministers, who are
expected to adopt the measure soon, leaving European Union countries about
two years to implement legislation at the national level in order to
conform with the Directive. 
>
> The IP Justice press release is posted at
> http://www.ipjustice.org/CODE/release20040309_en.shtml
>
> An EDRI commentary on the Directive is posted under
> http://edri.org/cgi-bin/index?id=000100000139
>
> Read "EU backs tighter laws on piracy," BBC News Online, 9 March 2004 at
> http://news.bbc.co.uk/1/hi/technology/3545839.stm
>
> See Lucy Sherriff, "MEPs wave through IP rights enforcement," The
Register (UK), 9 March 2004 at
> http://theregister.co.uk/content/4/36128.html
>
> Read Pelle Meroth, "Council pushes bad law," EU Reporter, 8-12 March 2004
issue at
> http://www.eureporter.co.uk/images/EUR_ezine_08-12Mar04.pdf
>
> See also Mat Schwartz, "Europe Considers Harsh Piracy Law," 16 March 2004
at
> http://wired.com/news/print/0,1294,62677,00.html
>
> ===============================================================
> [8] Net speech curbs again argued before U.S. high court
> ===============================================================
> The United States Supreme Court once again has heard oral arguments as to
whether a controversial Internet censorship law is unconstitutional.
>
> The case revolves around the Child Online Protection Act (COPA), which
made it a crime to use the Internet to pass along "for commercial purposes"
information considered "harmful to minors." COPA was challenged by the
American Civil Liberties Union (ACLU-a GILC member) on behalf of 17 groups
and individuals, including fellow GILC members the Electronic Frontier
Foundation and the Electronic Privacy Information Center. When the case
reached the Supreme Court, the majority held (in an opinion written by
Justice Clarence Thomas) that "COPA's reliance on community standards to
identify 'material that is harmful to minors' does not by itself render the
statute substantially overbroad" and therefore did not violate U.S.
constitutional free speech protections. However, the Court maintained a ban
on COPA enforcement and sent the case back to a lower appeals court for
further examination of whether COPA might be an unconstitutional
restriction on free expression for other reasons. The appeals court again
struck down COPA as unconstitutional, holding that, among other things,
"while COPA penalizes publishers for making available improper material for
minors, at the same time it impermissibly burdens a wide range of speech
and exhibits otherwise protected for adults." The U.S. Justice Department
then appealed the panel's latest ruling back to the high court.
>
> During oral arguments last month, several Supreme Court Justices seemed
unconvinced by the Justice Department's arguments in favor of COPA. Justice
Anthony Kennedy, for example, said that the law seemed "very sweeping" to
him, while Justice Sandra O'Connor questioned the need for COPA, especially
since the U.S. government hadn't prosecuted many people under pre-COPA laws
regarding online content: "With such a vast array of sites, there are so
few prosecutions. It's just amazing." A final decision is expected by this
June.
>
> An ACLU press release about the case is posted at
> http://www.aclu.org/Privacy/Privacy.cfm?ID=15143&c=252
>
> Read Anne Gearan, "Supreme Court Hears Online Porn Case," Associated
Press, 2 March 2004 at
> http://www.guardian.co.uk/uslatest/story/0,1282,-3812933,00.html
>
> See "High Court Ponders Online Porn," CBSNews.com, 2 March 2004 at
> http://www.cbsnews.com/stories/2004/03/02/supremecourt/main603528.shtml
>
> To read the latest appeals court ruling (in PDF format), click
> http://caselaw.lp.findlaw.com/data2/circs/3rd/991324p.pdf
>
> The text of the Supreme Court's prior COPA decision is available under
>
http://caselaw.lp.findlaw.com/scripts/getcase.pl?court=US&vol=000&invol=00-1
293
>
> ==============================================================
> [9] Legal battle over Korean music-storing phones
> ==============================================================
> A new South Korean mobile phone that can store music files has led to a
serious debate over the effects of copyright laws on technological
innovation and free speech.
>
> The controversy centers on the LP3000, manufactured by LG Electronics.
The LP3000 has a special function that allows it to store up to 16 music
files (in MP3 format) at a time. Although the phone includes Digital Rights
Management technology that supposedly restricts the playing of certain
music files, the existence of this function nevertheless has drawn the ire
of the Korea Association of Phonogram Producers, which claimed the phone
violated copyright laws and warned it would try to block the sale of the
LP3000. After several attempts at mediation by various South Korean
government agencies, both sides agreed to a proposal by the national
Ministry of Information and Communication whereby LP3000 users would be
able to download and listen to free crippled MP3 music files, which
reportedly will stop functioning after 3 days. In addition, within 2
months, mobile phone carriers must provide music download services to their
users, albeit with less than CD-quality sound. 
>
> The debate has fueled questions as to whether copyright laws are
unnecessarily stifle the development of new digital technologies, as well
as their potentially damaging impact on free expression. This controversy
is expected grow in the near future as other companies begin offering
devices with capabilities similar to the LP3000.
>
> Read Kim Tae-gyu, "MP3 Phone Wrangling Finally Settled," Korea Times, 2
April 2004 at
> http://times.hankooki.com/lpage/tech/200404/kt2004040218541912350.htm
>
> See also Kim Tae-gyu, "MP3 Phone Patent Dispute Deepens," Korea Times, 17
March 2004 at
> http://times.hankooki.com/lpage/tech/200403/kt2004031719131911810.htm
>
> ===============================================================
> [10] U.S. local officials threaten file-sharing software makers
> ===============================================================
> A draft letter purportedly from a local government official in the United
States that may have been ghostwritten by a movie industry trade group is
causing concern among Internet free speech activists.
>
> The letter warns makers of peer-to-peer file-sharing software that they
may face legal action. In particular, the document suggests that the
manufacturers of such programs must warn customers of "known risks." The
letter also advises P2P software firms not to build-in anonymizing
functions or other privacy-protective features that might prevent law
enforcement agents from tracking down users. Although the letter apparently
came from the office of California Attorney General Bill Lockyer, the
metadata contained in the document suggests that it was actually drafted by
Vans Stevenson, the vice president for state legislative affairs at the
Motion Picture Association of America (MPAA). When asked about this
subject, an MPAA spokesperson admitted that the staffers from Lockyer's
office "did approach us, and we provided some background."
>
> Cyberliberties groups have expressed anxiety about these efforts, which
they feel might chill free expression online. Fred von Lohmann from the
Electronic Frontier Foundation (EFF-a GILC member) cautioned state
governments from compelling software manufacturers to engage in
paternalistic behavior: "It's one thing for the MPAA to come up with a
theory like that, but it would be quite another for a state attorney
general to adopt it. The principle has no limit -- you can use Internet
Explorer to violate the law or unintentionally access pornography, so does
he want to suggest that Microsoft is also breaking the law? Why stop at the
Internet -- should Ford be held liable for failing to warn drivers that
exceeding the speed limit will expose them to citations?" 
>
> Read Declan McCullagh, John Borland and Stefanie Olsen, "P2P faces new
legal scrutiny from states," CNET News, 15 March 2004 at
> http://news.com.com/2102-1038_3-5173262.html
>
> See Xeni Jardin, "P2P in the Legal Crosshairs," Wired News, 15 March 2004
at
> http://wired.com/news/digiwood/0,1412,62665,00.html
>
> ===============================================================
> [11] New Internet uploading anti-anonymity bills
> ===============================================================
> Two proposals that would affect the way people upload files to the
Internet is drawing concern from cyber-rights activists.
>
> The California state legislature is considering two bills (Assembly Bill
2735 and Senate Bill 1506) that, among other things, would place
identification requirements on people who make "commercial recording or
audiovisual" material available through the Information Superhighway.
Specifically, under the plans, any person who "knowingly electronically
disseminates" such material (and "is not the copyright owner") will have to
divulge "his or her true name and address." Violators could face a year in
jail and be fined. 
>
> A number of experts fear that the proposals will undercut Internet
privacy and erode the right to speak anonymously online. Cindy Cohn, the
legal director of the Electronic Frontier Foundation (EFF-a GILC member),
warned: "These California anti-anonymity bills would force everyone -
including children - to put their real names and addresses on all the files
they trade, regardless of whether the files actually infringe copyrights.
Because the bills require Internet users to post personally identifying
information, they fly directly in the face of policy goals and laws that
prevent identity theft and spam and protect children and domestic violence
victims."
>
> An EFF press release regarding the aforementioned California bills is
posted at
> http://www.eff.org/Privacy/Anonymity/20040317_eff_pr.php
>
> ==============================================================
> [12] Lawsuit filed over digital television crippleware rules
> ==============================================================
> Several groups have sued over a United States government order that may
restrict the ability of consumers to enjoy digital television broadcasts as
well as the Internet.
>
> The U.S. Federal Communications Commission (FCC) order would require
makers of digital television equipment to accept broadcasts with a special
copy-protection signal, known as a broadcast flag. Under this scheme, such
equipment would detect flagged digital TV shows and prevent consumers from
disseminating such material, including through the Information
Superhighway. The rule applies to such items as digital videocassette
recorders, DVD players and personal computers. The FCC order did not
mandate a specific broadcast flag technology and instead laid out a
certification process for such systems; the deadline for compliance is 1
July 2005.
>
> In response, the Electronic Frontier Foundation (EFF-a GILC member) and
eight other groups (including the American Library Association, Public
Knowledge, Consumers Union and the Consumer Federation of America) sued the
FCC. EFF attorney Fred von Lohmann explained: "The FCC's digital broadcast
television mandate is a step in the wrong direction because it would make
digital television cost more and do less, undermining innovation, fair use,
and competition. The FCC overstepped its bounds, unduly restricting
consumers and manufacturers when it issued its broadcast flag ruling." The
FCC has since requested that the court delay proceedings while the
Commission handles various petitions to reconsider its order.
>
> An EFF press release about the lawsuit is posted at
> http://www.eff.org/IP/Video/HDTV/20040309_eff_pr.php
>
> Read John Borland, "Consumers challenge FCC antipiracy rules," CNET News,
10 March 2004 at
> http://news.com.com/2102-1025_3-5172171.html
>
> See Ryan Singel, "Calls to Burn the Broadcast Flag," Wired News, 11 March
2004 at
> http://wired.com/news/print/0,1294,62619,00.html
>
> ==============================================================
> [13] Saudi gov't lifts blocks on 2 gay websites
> ==============================================================
> In the face of protests from free expression groups, the Saudi Arabian
government has stopped blocking access to several websites that contain
information regarding homosexuality.
>
> Over the past several years, Saudi authorities have censored some 400 000
webpages that it claimed were "offensive" or violated "the principles of
the Islamic religion and social norms." Several weeks ago, Saudi government
agents extended this ban to sites such as GayMiddleEast.com and 365gay.com.
GayMiddleEast.com (which was blocked for a month back in June 2003) is
dedicated to highlighting the persecution of homosexuals in 15 countries:
Bahrain, Egypt, Iran, Iraq, Israel, Jordan, Kuwait, Lebanon, Oman,
Palestine, Qatar, Saudi Arabia, Syria, United Arab Emirates and Yemen.
365gay.com is affiliated with GayMiddleEast and is an online daily
newspaper that covers a wide variety of gay and lesbian issues. 
>
> Free speech advocates decried this move by the country's Internet Service
Unit, including Reporters Sans Frontieres (RSF-a GILC member), which noted
that Saudi authorities have already blocked a vast range of online content:
"In fact, the Saudi Internet blacklist extends to other areas, from
political sites to non-recognised Islamist sites via, of course, any
publication relating in any way to sexuality. We condemn this extension of
censorship, which is in the process of reducing the country's network to an
Intranet, as in Burma or Cuba." Soon after these protests, the Saudi
government backed down. Eyas Al-Hajery, the head of the Saudi Internet
Services Unit, told RSF: "After receiving your letter, we carried out a new
examination of these sites. Since no pornographic content was found, the
ban has been lifted." 
>
> For further information, visit the RSF website under
> http://www.rsf.fr/article.php3?id_article=9586
>
> =================================================================
> [14] Japanese Web headlines copyright lawsuit thrown out
> =================================================================
> In what is believed to be the first ruling of its kind, a court in Japan
has held that an Internet service need not get prior permission to repost
headlines from other news sources.
>
> Digital Alliance, a company based in the western Japanese city of Kobe,
had reproduced or paraphrased online a number of headlines from various
newspapers. One of those newspapers, Yomiuri Shimbun, demanded that the
company stop make use of its headlines, claiming that its activities were a
violation of copyright law. When Digital Alliance refused to comply,
Yomiuri sued in Tokyo District Court for 68 million yen (nearly USD 644
000) in damages.
>
> However, last week, the Tokyo District Court disagreed with Yomiuri
Shimbun and ruled in favor of the online service. Presiding Judge Toshiaki
Iimura held that "[u]sing headlines that are open to the public on the
Internet without authorization does not constitute a copyright violation."
The court based its decision largely on the notion that headlines in
themselves were not creative works and did not deserve copyright
protection: "These headlines were created within 25 characters, and either
stated objective facts, or used only very short qualifying words, and
cannot be described as creative expression." A Yomiuri spokesperson said
the newspaper would appeal the ruling.
>
> Read "Court denies copyright for Web news headlines," Mainichi Shimbun,
25 March 2004 at
>
http://mdn.mainichi.co.jp/news/archive/200403/25/20040325p2a00m0dm002001c.ht
ml
>
> ================================================================
> [15] Study: expanded intellectual property laws bad for business
> ================================================================
> According to a new report, the expansion of intellectual property laws
may actually hurt the very businesses that support such legislation. 
>
> Entitled "Promoting Innovation and Economic Growth: The Special Problem
of Digital Intellectual Property," the study warns that "many anti-piracy
proposals go much further" than merely "prosecuting those who break"
intellectual property laws." For example, "Many of the proposals would
require consumers to add hardware or software to their computing devices
that would add to cost and reduce interoperability regardless of the
machine's use. This would slow the use of digital technology and its
contribution to long-term innovation." Similarly, "many proposed outright
prohibitions on access to digital material" would explicitly deny "users
the prerogatives they have traditionally enjoyed under the doctrines of
first sale and fair use." The study, which was commissioned by the
Committee for Economic Development, goes on to suggest that "the ultimate
solutions to the problem of digital piracy are new business models," and
that while the "moral issues raised by widespread theft and the economic
burden theft imposes on some businesses are of great concern ... they are
not sufficient cause to take actions that could slow the rate of societal
innovation so crucial to long-term economic growth."
>
> The report is available (in PDF format) under
> http://www.ced.org/docs/report/report_dcc.pdf
>
> Read John Schwartz, "Report raises questions about fighting online
privacy," New York Times, 29 February 2004 at
> http://news.com.com/2102-1027_3-5167121.html
>
> ================================================================
> [16] Online repression awards given out
> ================================================================
> Reporters Sans Frontieres (RSF-a GILC member) recently handed out several
awards to highlight some of the biggest threats to free speech online. 
>
> The vast majority of winners were nations with autocratic regimes. For
example, the Golden Palm award went to China, an "easy choice this year for
its 60 cyber-dissidents in prison, hundreds of thousands of websites
censored and strict censorship of e-mail." Saudi Arabia garnered a "First
Prize for Censorship" after having "more than 400 000 online items
censored, ranging from political websites to unauthorised Islamist
organisations and of course anything remotely concerning sex." In addition
to giving out awards to several other countries (notably Vietnam, Cuba, the
Maldives and Syria), RSF singled out 2 people for their anti-free speech
achievements: Zimbabwean President Robert Mugabe (for being "a predator of
press freedom" throughout his career and for "growing determination to
stifle use of the Internet") and French industry minister Nicole Fontaine
("[f]or her proposed law on the digital economy which threatens freedom of
expression online"). The group also gave out a Grand Prize for Hypocrisy
award to the United Nations and its World Summit on the Information Society
for reserving a special place at the summit "for countries that have most
harshly repressed the Internet, such as China and Cuba." 
>
> For the official list of winners, click
> http://www.rsf.org/article.php3?id_article=9661
>
> ===================================================================
> [17] U.S. gov't wants spy-friendly broadband & Net telephony rules
> ===================================================================
> The United States government is calling for new standards that would make
it easier to spy on broadband networks as well as phone calls made over the
Internet.
>
> The U.S. Federal Bureau of Investigations (FBI) and the U.S. Department
of Justice (DOJ) have repeatedly urged the Federal Communications
Commission to rule that the Communications Assistance for Law Enforcement
Act (CALEA) applies to phone calls made via the Information Superhighway,
including transmissions using the Voice over Internet Protocol (VoIP).
Enacted in 1994, CALEA generally requires telecom firms to build
surveillance capabilities into their networks, but exempts information
services, most notably the Internet. Last month, the FBI, DOJ and U.S. Drug
Enforcement Administration (DEA) submitted a joint petition to the FCC,
calling on the Commission to swiftly implement rules that would, among
other things, essentially require telecommunications companies to build
spyware into broadband Internet systems as well as broadband telephony
networks. The petitioners also called on the FCC "to promulgate general
rules that provide for the establishment of benchmarks and deadlines for
CALEA compliance with future CALEA-covered technologies and services that
are comparable to those requested [in the current petition] for CALEA
packet-mode compliance." Meanwhile, U.S. Senator John Sununu has submitted
a bill that, among other things, essentially would require VoIP companies
to "provide access to necessary information to law enforcement agencies." 
>
> Many experts have expressed serious concern over these developments. Marc
Rotenberg, the executive director of the Electronic Privacy Information
Center (EPIC-a GILC member) believes the Commission would set a dangerous
precedent if it fulfills the FBI's wishes: "The FCC should seriously
consider where the FBI believes its authority...to regulate new
technologies would end." In addition, as telecom attorney Stewart Baker
explained, the proposal, if implemented, "will be very costly for the
Internet and the deployment of new technologies. ... [Y]ou would have to
vet your designs with law enforcement before providing your service. There
will be a queue. There will be politics involved. It would completely
change the way services are introduced on the Internet." Meanwhile,
although some companies (notably Cox Communications) have already begun
incorporating spy-friendly features into their networks, others have
refused to comply with the FBI's wishes; one company, VoicePulse, has even
announced that it will incorporate encryption into its systems.
>
> The FBI and DOJ petition is available (in PDF format) from the Center for
Democracy and Technology (CDT-a GILC member) website under
> http://www.cdt.org/digi_tele/20040310fbipetition.pdf
>
> The text of the Sununu bill is available via
> http://thomas.loc.gov/cgi-bin/query/z?c108:s.2281:
>
> See Ben Charny, "Cox closes wiretap hole for VoIP," CNET News, 5 April
2004 at
> http://news.com.com/2102-7352_3-5184774.html
>
> Read Ben Charny, "VoIP provider to block eavesdroppers," CNET News, 30
March 2004 at
> http://news.com.com/2102-7352_3-5181428.html
>
> See Declan McCullagh and Ben Charny, "FBI adds to wiretap wish list,"
CNET News, 12 March 2004 at
> http://news.com.com/2102-1028_3-5172948.html
>
> Read Jane Black, "More Spy Powers for the FBI? Bad Move," Business Week
Online, 18 March 2004 at
>
http://www.businessweek.com/technology/content/mar2004/tc20040318_2440_tc073
.htm
>
> ==============================================================
> [18] New Google Gmail service causes privacy worries
> ==============================================================
> A new webmail service from a popular search engine provider is drawing
concern from privacy advocates.
>
> Google has rolled out Gmail-a new free web-based email service that
contains a number of special features. Among other things, as described in
the official Gmail privacy policy, Google computers automatically read
through emails sent or received by Gmail users. The company then uses the
collected information to serve text ads or other "related information in
Google's extensive database. ...  Advertisers receive a record of the total
number of impressions and clicks for each ad." In addition, Google has
stated that it may send information regarding "other Google services" to
Gmail users, and those customers "will not be given the opportunity to
opt-out of receiving" such messages. The policy also mentions that
"residual copies of email may remain on our systems, even after you have
deleted them from your mailbox or after the termination of your account." 
>
> A number of experts have expressed concern over these features. Chris
Hoofnagle from the Electronic Privacy Information Center (EPIC-a GILC
member) charged that it was "absurd that using a communications medium
should subject one to privacy-invasive advertising. Why not put an operator
on the phone to listen to your conversation and pitch things to you while
you're talking? You'd say that's ridiculous. Well, this is ridiculous. We
have a norm to not allow commercial interests to interfere with our
communications." He also cautioned that the scanning scheme might violate
United States anti-wiretapping rules. On the other side of the Atlantic,
Privacy International (a GILC member) has filed a complaint with the
British Information Commissioner regarding the Gmail; the group's director,
Simon Davies, called the system "a vast violation of European law."
Finally, Maurice Westerling from Bits of Freedom (BoF-a GILC member) called
for Google to do a better job of fulfilling users' privacy expectations:
"If a person deletes an email, he should be confident that email is
actually deleted."
>
> To read the official Gmail privacy policy, click
> http://gmail.google.com/gmail/help/privacy.html
>
> Read "Google's Gmail sparks privacy row," BBC News Online, 5 April 2004 at
> http://news.bbc.co.uk/1/hi/business/3602745.stm
>
> See Lawrence Donegan, "Google is watching you," The Observer (UK), 4
April 2004 at
> http://www.guardian.co.uk/online/news/0,12597,1185534,00.html
>
> Read Kim Zetter, "Free E-Mail With a Steep Price?" Wired News, 1 April
2004 at
> http://www.wired.com/news/print/0,1294,62917,00.html
>
> See Charles Cooper, "Why Gmail gives me the creeps," CNET News, 2 April
2004 at
> http://news.com.com/2102-1032_3-5183646.html
>
> For coverage in French (Francais), see Philippe Astor, "Un groupe de
defense de la vie privee porte plainte contre le service Gmail de Google,"
ZDNet France, 6 April 2004 at
> http://www.zdnet.fr/actualites/internet/0,39020774,39148165,00.htm
>
> Press coverage in German (Deutsch) is available from "Googles
E-Mail-Dienst macht Datenschuetzern Sorgen," Heise Online, 6 April 2004 at
> http://www.heise.de/newsticker/meldung/46339
>
> ================================================================
> [19] International cybercrime treaty enters into force
> ================================================================
> A controversial new cybercrime treaty has come into force, albeit in just
a few countries. 
>
> The Council of Europe's Convention on Cybercrime, would, among other
things, require countries to authorize government agents to install
spytools on the servers of Internet service providers (ISPs) and thereby
intercept all Internet transmissions that come through their servers. The
treaty requires signatory nations to comply with foreign investigators,
even when they are investigating activities that are not crimes on domestic
soil. The Convention, however, does not require countries to enact any
specific procedural protections. Many groups have severely criticized the
treaty for years as a serious threat to online privacy. 
>
> While representatives from several dozen nations have signed the
Convention in 2001, few of those countries have actually ratified the pact
since then. Several weeks ago, Lithuania became only the fifth country to
ratify the Convention (joining Hungary, Croatia, Estonia and Albania),
thereby at least fulfilling the treaty's requirement that five nations must
ratify the treaty before it can become effective. However, the Convention
still does not have the force of law beyond those 5 countries. Despite a
letter from United States President George W. Bush late last year urging
the U.S. Senate to "give its advice and consent to ratification," the
Senate has yet to take action. Moreover, there is no word as to whether
other signatories (notably Great Britain, France and Germany) will ratify
the Convention any time soon.
>
> A Council of Europe press release on this subject is posted at
> http://press.coe.int/cp/2004/135a(2004).htm
>
> Read Estelle Dumout, "Council of Europe ratifies cybercrime treaty,"
ZDNet France, 22 March 2004 at
> http://news.zdnet.co.uk/0,39020330,39149470,00.htm
>
> The text of the treaty is available via
> http://conventions.coe.int/Treaty/EN/WhatYouWant.asp?NT=185
>
> To read the text of President Bush's message, click
> http://www.whitehouse.gov/news/releases/2003/11/20031117-11.html
>
> ================================================================
> [20] Japanese broadband provider suffers security breach
> ================================================================
> A major Internet service provider in Japan is apologizing over a snafu
that may have exposed information about a million Internet users.
>
> Acca Networks, one of Japan's biggest ADSL broadband providers, recently
admitted that information from its customer lists had been leaked. The data
contained in those lists included such details as users' telephone numbers,
email addresses, postal addresses, names and genders. Many details
concerning the incident were still not clear even after Acca's admission
and apology. For example, there are conflicting estimates as to just how
many users were affected; the company has information regarding over nearly
a million-and-a-half current and former customers. A spokesperson for the
firm admitted: "[T]here is a possibility that all the data was leaked." Nor
is it clear whether the lists have been sold off to other parties who were
not involved in the initial breach.
>
> Read "ADSL distributor admits major leak of customer info," Mainichi
Shimbun, 25 March 2004 at
>
http://mdn.mainichi.co.jp/news/archive/200403/25/20040325p2a00m0dm003000c.ht
ml
>
> ================================================================
> [21] U.S. anti-spyware bills appear
> ================================================================
> New legislation in the United States may restrict the use of software
that secretly spies on its users.
>
> At the Federal level, the SPY BLOCK Act would, among other things,
essentially make it illegal for anyone who is not the user of a given
computer to install software on that computer without first (1) providing
"clear notification, displayed on the screen until the user either grants
or denies consent to installation, of the name and general nature of the
computer software that will be installed if the user grants consent" and
(2) including "a separate disclosure, with respect to each information
collection, advertising, distributed computing, and settings modification
feature contained in the computer software." The Act, which sponsored by
U.S. Senators Conrad Burns, Ron Wyden and Barbara Boxer, would also require
such programs to "be capable of being removed completely using the normal
procedures provided by each operating system with which the computer
software functions for removing computer software." The U.S. Federal Trade
Commission would be responsible for enforcing the Act, while state
Attorneys General would be able to intervene in certain cases depending on
the circumstances.
>
> Meanwhile, a new law in Utah generally bars people from (a) installing
"spyware on another person's computer," (b) causing "spyware to be
installed on another person's computer; or" (c) using "a context based
triggering mechanism to display an advertisement that partially or wholly
covers or obscures paid advertising or other content on an Internet website
in a way that interferes with a user's ability to view the Internet
website." The Utah Spyware Control Act allows individuals to sue violators
in civil court. Broadly similar bills have also been introduced in other
states, notably Iowa and California.
>
> These measures are meant to target such programs as the controversial
Gator advertising utility, which is often surreptitiously bundled with
other downloaded computer programs and can be installed with little notice
to the user, particularly if the given machine's web browser uses low
security settings. After it is installed, Gator tracks a user's Internet
usage and displays advertisements based on this information. For example,
the program watches the terms people enter into the Google search engine
and serves up ads pursuant to those terms. Gator also targets specific host
names and even federal government websites for advertising opportunities.  
>
> The text of the Federal bill is available via
> http://thomas.loc.gov/cgi-bin/query/z?c108:s.2145:
>
> A press release from Senator Burns on this bill is posted at
>
http://burns.senate.gov/index.cfm?FuseAction=PressReleases.Detail&PressRelea
se_id=1077&Month=2&Year=2004
>
> See "Senators seek to define, then ban, spyware," Reuters, 24 March 2004
at
> http://news.com.com/2102-1028_3-5178434.html
>
> Read John Borland, "Lawmakers take aim at spyware," CNET News, 3 March
2004 at
> http://news.com.com/2102-1032_3-5169440.html
>
> To read the Utah Spyware Control Act, click
> http://www.le.state.ut.us/~2004/htmdoc/hbillhtm/HB0323S04.htm
>
> See John Borland, "States join spyware battle," CNET News, 4 March 2004 at
> http://news.com.com/2102-1024_3-5170263.html
>
> ================================================================
> [22] Serious security flaw found in Hotmail and Yahoo email
> ================================================================
> Researchers have discovered a serious security glitch in two popular web
e-mail services.
>
> According to GreyMagic Software, an Israeli digital security firm, the
problem affects customers of Hotmail or Yahoo Mail who use Microsoft's
Internet Explorer (IE). While details regarding the glitch have been slow
to emerge, reports indicate GreyMagic researchers were able to taken
advantage of an flaw in an IE synchronization feature and thereby run
malicious code on the victim's machine by sending a doctored email.
GreyMagic contacted both Hotmail and Yahoo to notify them of this
difficulty. Although Hotmail has since remedied the problem, Yahoo has so
far failed to issue any public response. 
>
> GreyMagic's security warning about this problem is posted under
> http://www.greymagic.com/security/advisories/gm005-mc/
>
> For information in Spanish (Espanol), read "Fallo de seguridad en Hotmail
y Yahoo permite la ejecucion de codigo en el cliente,"
DelitosInformaticos.com, 29 March 2004 at
>
http://www.delitosinformaticos.com/seguridad/noticias/108055138138664.shtml
>
> ================================================================
> [23] New Nigerian draft cybercrime bill
> ================================================================
> The Nigerian government is considering a new proposal to fight
cybercrime, but it is not clear what impact the plan will have on civil
liberties along the Information Superhighway.
>
> While the precise contours of the draft bill remain somewhat sketchy,
according to high-ranking Nigerian government officials, it would
apparently criminalize three main types of conduct and impose successively
tougher sanctions for each category. Under the plan, the first category of
offenses (deemed "mere infractions") would include activities like
unauthorized access to computer systems, access exceeding authorization,
computer system interference, data interception and computer trespass. A
second broad category would cover such things as computer contamination,
illegal communication, computer vandalism, cyber-squatting,
cyber-terrorism, intellectual property theft, and sending obscene materials
via the Internet. The heaviest penalties would be implemented for a third
category of new crimes that have target the country's Information and
Communications Technologies (ICT) infrastructures "with macro economic and
national security implications." However, many details regarding the
proposal have yet to come to light, including the exact definitions for the
aforementioned types of conduct as well as what safeguards are included in
the bill to protect individual privacy.
>
> Read Josephine Lahor, "Cybercrime: Obasanjo Receives Draft Bill," The Day
(NG), 11 March 2004 at
> http://allafrica.com/stories/200403110222.html
>
> See Abiodun Obimuyiwa, "Obasanjo endorses Nigerian Cyber-crime Act,"
Daily Times (NG), 11 March 2004 at
> http://www.dailytimesofnigeria.com/DailyTimes/2004/March/11/Obasan.asp
>
> ================================================================
> [24] Microsoft warns of new Outlook security bug 
> ================================================================
> The world's leading software manufacturer has admitted that it
underestimated the dangers posed by a security flaw in one of its popular
email programs.
>
> The controversy revolves around a security hole in the 2002 version of
Microsoft Outlook. The flaw, which was found Finnish computer scientist
Jouko Pynnonen, would allow an attacker to spread viruses easily through
email messages sent to Outlook 2002 users. It took the company 7 months to
release a patch, at which time the software maker said that the problem was
"important" but not "critical." However, Microsoft later upgraded the
security warning to "critical" and urged its customers download the latest
patch quickly. 
>
> These and other incidents have provoked continued concern over Microsoft
is doing enough to protect its users' personal information. Indeed, the
delay in releasing the latest Outlook security patch comes just after
controversy had arisen over another security hole that affected the latest
versions of Microsoft's Windows operating system. eEye Digital Security, a
United States company, discovered the problem and notified Microsoft in
July 2003, but, Microsoft did not make any announcement about the flaw for
nearly six months, when it described the problem as "critical" and released
a patch for the hole.
>
> Read Robert Lemos, "Outlook flaw riskier than thought," CNET News, 10
March 2004 at
> http://news.com.com/2102-1002_3-5172179.html
>
> See "Microsoft warns of Outlook flaw," BBC News Online, 11 March 2004 at
> http://news.bbc.co.uk/1/hi/technology/3501122.stm
>
> ================================================================
> [25] Ebay warns of PayPal security snafus
> ================================================================
> A popular online payment service is warning of a security breach that may
have serious repercussions for users.
>
> EBay has admitted that scammers have managed to dupe various e-tailers
who utilize its PayPal system and thereby gained access to personal
information concerning many of its individual users. The list of details
that were captured through these attacks included customer transactions,
home addresses, email addresses and names. While EBay would not say how
many files were stolen, it claimed that only a small percentage of its 40
million registered users were affected. The company says it has instituted
new procedures requiring extra authentication when commercial websites try
to access PayPal customer information.
>
> The incident has drawn concern from some privacy advocates, such as
Jordana Beebe of the Privacy Rights Clearinghouse, who have noted that,
among other things, the leakage of sensitive information creates the
possibility that future scams will be more effective: "The more the scam
artists are able to customize phishing e-mails so it looks like it's coming
from a legitimate source, the more consumers they're going to dupe." 
>
> Read Carrie Kirby, "New scam threat at EBay/Hackers obtained information
on some customers," San Francisco Chronicle, 16 March 2004, page C1 at
> http://sfgate.com/cgi-bin/article.cgi?f=/c/a/2004/03/16/BUG5T5LCM31.DTL
>
> ================================================================
> [26] Study: workplace monitoring increases, with little benefit
> ================================================================
> A new study suggests that British workers are being spied on more than
ever before, even though such surveillance may actually harm workplace
productivity.
>
> Entitled "Stop Snooping," the report notes how employers have used modern
technology to spy on their workers in new and ever-more intrusive ways:
"Keystroke rates, web usage and emails are monitored, telephone
conversations eavesdropped. Smart cards have introduced the workplace
equivalent of electronic tagging. ... Bad companies, bad managers, have
always abused their power and their employees' rights. But electronic
surveillance is a strikingly powerful new tool in the bad employer's
armoury." The document then points to research suggesting that "monitored
workers suffered more depression, extreme anxiety, severe fatigue or
exhaustion, strain injuries and neck problems than unmonitored workers." In
addition, the study cites a "fair body of evidence" indicating that
workplace surveillance does not actually promote a more efficient office,
but often creates "stress and demotivation," as well as "foster distrust
between workers and management."
>
> To read the report, click
> http://www.hazards.org/privacy/
>
> A TUC press release on the report is posted at
> http://www.tuc.org.uk/law/tuc-7753-f0.cfm
>
> See "Firms turn to hi-tech 'snooping,'" BBC News Online, 11 March 2004 at
> http://news.bbc.co.uk/1/hi/business/3500320.stm
>
> See also "How your boss can monitor you," BBC News Online, 12 March 2004
at
> http://news.bbc.co.uk/1/hi/magazine/3503468.stm
>
> =========================================================
>      ABOUT THE GILC NEWS ALERT:
> =========================================================
> The GILC News Alert is the newsletter of the Global Internet Liberty
> Campaign, an international coalition of organizations working to protect
and enhance online civil liberties and human rights.  Organizations are
invited to join GILC by contacting us at
> gilc at gilc.org.
>
> To alert members about threats to cyber liberties, please contact members
from your country or send a message to the general GILC address.
>
> To submit information about upcoming events, new activist tools and news
stories, contact:
>
> Christopher Chiu
> GILC Coordinator
> American Civil Liberties Union
> 125 Broad Street, 17th Floor
> New York, New York 10004
> USA
>
> Or email:
> cchiu at aclu.org
>
> More information about GILC members and news is available at
> http://www.gilc.org
>
> You may re-print or redistribute the GILC NEWS ALERT freely.
>
> This edition of the GILC Alert will be found on the World Wide Web under
> http://www.gilc.org/alert/alert83.html 
>
> To subscribe to the Alert, or to change your subscription options 
> (including unsubscribing), please visit
> http://mail.2rad.net/mailman/listinfo/gilc-announce
>
> ========================================================
> PUBLICATION OF THIS NEWSLETTER IS MADE POSSIBLE BY A
> GRANT FROM THE OPEN SOCIETY INSTITUTE (OSI)
> ========================================================