lambda 8.06
31 July 2002
contents
+ Greenpeace's logo wars + US bill to allow Hollywood computer hacks
+ French law gives police power to tap ISPs and telcos to access private logs
+ UK to consider national IDs and moves for data retention rules
+ US new Homeland Security plan
+ Other Big Brother International news (China, Tunisia, Spain)
Thanks to Chris Chiu last
GILC newsletter (Volume 6, Issue 5)
23 July 2002 - http://www.gilc.org
SHORT-CIRCUITS
Greenpeace's logo warsLast year the food giant Danone won a lawsuit against online campaign which critisized its social policy; the Court denied the groups demand to forbid criticism, but OKed the trademark infringment claims because the logo was highjacked.
This year Greenpeace, along with several coalition partners, has been waging a campaign against petroleum giant Esso (Exxon Mobil), claiming that the firm has done "more than any oil company to block international action on global warming." As part of this campaign, it created a special logo based on Esso's insignia, but replaced the double "s" in Esso with a double dollar sign ("$$"). These logos were posted on several Greenpeace-related websites, including a special "Stop Esso" webpage in France. The oil conglomerate's French subsidiary then sued. ... The presiding judge issued a preliminary injunction against Greenpeace France's use of the doctored Esso logo pending a full trial; if Greenpeace fails to comply, it could be fined 5000 Euros per day.
... Subsequently, another company sued Greenpeace on similar grounds. Nuclear processing firm Areva has launched a legal action against Greenpeace France, Greenpeace New Zealand and Internet FR, over another protest logo (see above). (Interim verdict decicion awaited for Aug. 2, 2002)
+ Greenpeace's anti-Areva logo
+ http://greenpeace.fr/stopesso/
New privacy groups show up in the EU
June 13, Dozen of EU privacy organisations formed the EDRi (European Digital Rights) coalition to "raise awareness of policy makers and the public about the upcoming threats to our privacy and freedoms". Among the founding members: Bits of Freedom (Netherlands), Chaos Computer Club (Germany), Imaginons un réseau Internet solidaire (IRIS, France), Privacy International (United Kingdom) and other NGOs in Finland, Denmark, Austria, Germany...
http://www.edri.orgIn France the FIL coalition was created July 20 (Fédération informatique et libertiés), with founding members like Reporters sans frontières (RSF), Act-up Paris, Privacy Intl France and other grassroots civil liberties NGOs. http://www.lafil.org
USA
Bill to allow Hollywood computer hacks
(EPIC Alert.) - Should copyright holders be allowed to attack users of Internet file-trading software such as Morpheus and Kazaa? That is the question being posed by United States Representative Howard Berman, who intends to introduce a new bill to legalize such efforts. Berman ... said that his legislation would create a "safe harbor from liability for copyright owners that use technological means to prevent the unauthorized distribution of their copyrighted works via P2P networks." The list of permissible tactics would apparently include swamping users with phony requests to prevent downloads ("interdiction"), misleading users to sites that they did not intend to visit ("redirection") and tricking users into downloading files that they did not want ("spoofing"). Current laws (including the Federal Computer Fraud and Abuse Act) may bar copyright holders from engaging in this kind of behavior.
+ Statement from Congressman Berman
+ "Hollywood heads up anti-piracy charge," CNet News, 22 July
UPDATE (Eu Law)
+ The last European Union directive which contains data retention obligations was published in the EU official register (July 12 law; July 31 Official Journal):
+ In French: click here
France
PRIVATE TELECOM DATA at your FINGER TIPS
After a vote in the French Senate on July 31 the last French homeland security law was approved. It gives more power for law enforcement agencies to cross criminal computer files and ease justice access to private data that have to be retained for 1 year (according tho the last LSQ law, passed November 15). SEE THE COMPLETE LIST OF LOGS CONCERNED
The 'Programming for Internal Security (Loi d'Orientation et de Programmation pour la Securite Interieure-LOPSI) will:
Comments from the last GILC newsletter:
"The proposal has already generated a fair amount of criticism. In a detailed analysis, Imaginons un Reseau Internet Solidaire (IRIS-a GILC member) noted that LOPSI would abrogate one of the few procedural checks left against government surveillance-the required filing of a requisition. By removing this requirement, IRIS warned that the legal regime would increase the likelihood of abuse. Moreover, the group raised the possibility that the LOPSI and its progeny could be used to coalesce personal information into a single centralized database, making it even easier for government agents to spy on unsuspecting innocent civilians."
"To many observers, LOPSI represents just the latest in a series of French government moves that have badly eroded privacy rights online. Previously, the French government had approved a package of security measures popularly known as LSQ (short for "la Loi n2001-1062 du 15 novembre 2001 sur la SÈcuritÈ Quotidienne"), which contained language allowing "technical data involved in a communication" to be kept for up to one year. IRIS filed a complaint against LSQ with the European Commission, but the Commission has yet to make a formal decision on the matter."
+ The journalism defense organisation Reporters without borders (RSF) denounced "the serious attacks on freedom of expression and the confidentiality of work-related and private correspondence. Our organisation specifically questions the possibility of guaranteeing the confidentiality of journalists' sources, to the extent that data from Internet connections and e-mail exchanges (Internet connection logs) could be requisitioned and examined with disconcerting ease by police officers"
+ FURTHER analysis in French with abstracts: http://lambda.eu.org/800/805.html
UK
NATIONAL IDS, DATA RETENTION
(GILC Alert). - The British government has held off plans to expand the list of officials who could conduct online surveillance. But questions remain as to whether officials in the United Kingdom have already overstepped their Internet snooping powers.
The Regulation of Investigatory Powers (RIP) act has been in the center of a heated debate that has lasted several years. The act mandated telecommunications providers to facilitate government surveillance of email, mobile phone, fax and Internet activities. Since its introduction, the act has been opposed by Internet users and civil rights groups who feared a huge encroachment on individual privacy of ordinary citizens, as well as by industry leaders who were alarmed at the prohibitive costs of buying and implementing the technology.
Last month, the British government sought to vastly increase the number of organizations that could conduct surveillance under the RIP act. The list of agencies that would be given RIP wiretapping powers were not limited to law enforcement bodies and included such groups as the British Food Standards Agency and National Health Services-over 500 agencies in all. (...) In the meantime, the RIP act itself goes into effect on August, raising alarm among Internet service providers (ISPs), who are scrambling to acquire and implement the necessary technology, as well as many individual Internet users.
+ Data retention coverage: "Switch on for State Snooping", BBC News Online, 17 July 2002
(PI releases).
Warning about UK governement plans for a national ID program.
"The technology gap between governments and organised crime has now narrowed to such an extent that even the most highly secure cards are available as blanks weeks after their introduction. Criminals and terrorists can in reality move more freely and more safely with several fake "official" identities than they ever could in a country using multiple forms of "low-value" ID such as a birth certificate."
Criminal use of fake identity documents does not necessarily involve the use of counterfeiting techniques. In 1999, a former accountant was charged with obtaining up to 500 UK passports under false identities. The scam was merely a manipulation of the primary documentation procedure. This situation, warns Privacy International, will extend to ID cards."
(...) Privacy International believes that the proposal for a national identity card has little to do with the government's stated objectives of reducing the threat of crime, terrorism and illegal immigration. Rather, the plan is part of a broader objective outlined in the Cabinet Office report "Privacy & Data Sharing" to create a new administrative basis for the linkage of government databases and information systems. (July 3, 2002)
http://www.privacyinternational.org/issues/idcard/uk/
Biometrics in schools, no thanks
PI is questioning the use of fingerprinting technologies by UK schools for library purposes and the role of the Office of the Information Commisioner in reviewing the technology. The practice came to light after a parent discovered that a school had obtained her child's print without consent.
http://www.privacyinternational.org/countries/uk/kidsprint/
USA
(EPIC Alert). - President Bush released the long-awaited "National Strategy for Homeland Security" on July 16. ... One of its key proposals is the establishment of a new Department of Homeland Security. The legislation contains several amendments that would beneficial for privacy, including establishing a Chief Privacy Officer in the new department and explicitly preventing the development of a national ID card. The new Department, if created, will fold several federal agencies into one organizational structure in an effort to better coordinate functions.
... In other proposals, however, the Bush administration's apparent opposition to ID schemes is notably absent. The Strategy calls for developing biometric technology, which purportedly "shows great promise." In an example cited in the document for a potential application of biometrics -- preventing a terrorist from using false documents and a disguise to elude airport security -- the White House appears to be contemplating placing a biometric identifier on all airline passengers' identification documents, including American citizens. All travel documents issued to aliens will incorporate biometric identifiers by October 26, 2004, as per the Enhanced Border Security and Visa Entry Reform Act of 2002.
... In another section that implicates privacy, the Strategy flags the development of systems to detect "hostile intent" as a high priority. The document states that "the Department of Homeland Security would work with private and public entities to develop a variety of systems that highlight such behavior and can trigger further investigation and analysis of suspected individuals." EPIC is currently pursuing a lawsuit against the Transportation Security Administration seeking information about the development of CAPPS-II system for aviation security, which would use such a system (see EPIC Alert 9.05). The administration has been reluctant to share details about how such systems would be conceived and operated.
+ "National Strategy For Homeland Security"
+ EPIC's Statement on Biometrics and Identity Theft
(DFN News, July 22). - In the aftermath of a devastating fire in a Beijing Internet cafe last month, Chinese authorities took several steps last week to control Internet use.
... On July 18, the China Youth Daily newspaper reported that the 30 Internet cafes that are reopening are the first to receive government approval since officials closed all Beijing cybercafes after the fire. While some of the new regulations on Internet cafes deal with fire safety issues - understandable since the cafe where the fire took place had bars over the windows and only one exit - the new law also seeks to restrict young people's use of Internet cafes. They ban minors from using cafes, require the cafes to be closed between midnight and 8 AM, and prohibit illegal online material such as pornography, gambling, or violent or "superstitious" content. According to the Hong Kong-based Information Center for Human Rights and Democracy, filtering software is being installed in major Internet cafes throughout mainland China. ... On June 29, the Ministry of Culture announced that a new crackdown on unlicensed Internet cafes would take place in July and August. Last week, Hong Kong legislators introduced proposals that would require cybercafes to register with the government and install devices that would screen violent, pornographic, or gambling Web sites, according to the South China Morning Post.
... In addition to cracking down on cybercafes, Chinese officials are encouraging self-censorship among China's major Internet users. Last week, a spokesperson for the Internet Society of China (China's non-governmental regulator for the Internet industry, which operates with the support of such top government authorities as the Ministry of Information Industry) reported that its "Public Pledge on Self-Discipline for China Internet Industry," first released in March, had attracted over 300 signatories.
The voluntary pledge reinforces the ideas spelled out in the "Provisional Regulation on Management and Control of Internet Publications," a new set of laws that is supposed to take effect on August 1. The pledge seems fairly benign. Signatories promise to promote "patriotism, observance of law, equitableness, and trustworthiness" and discourage harmful activities such as hacking and copyright infringement.
However, signatories also pledge to refrain from production or dissemination "that may jeopardize state security and disrupt social stability, contravene laws and regulations and spread superstition and obscenity." In practice, such information is generally understood to mean material related to such taboo topics as the June 4, 1989 Tiananmen Square massacre, Tibet, and the Falun Gong spiritual group.
YAHOO's ONE WAY POLICY
Among the organizations that signed the pledge were the Chinese version of the Yahoo! portal. Foreign companies that want to enter China's lucrative markets are eager not to offend the government, so signing the portal may have been done to protect business interests. Ironically, while Yahoo! supports censorship in China, it has promoted itself in the United States as a promoter of freedom of expression. Currently, Yahoo! is fighting a two-year-old French court ruling that ordered the portal to prevent French users from accessing its auctions of Nazi memorabilia on its site. Yahoo! has argued that its English-language services are governed by law in the U.S., where the company is based and where such auctions are protected by free speech laws. In a legal brief filed in May supporting Yahoo!'s opposition to the French court ruling, a number of free speech organizations, including Human Rights in China, Human Rights Watch, the American Civil Liberties Union, and the Digital Freedom Network, argued that if Yahoo! were forced to comply with the French hate speech law, it could likewise be required to comply with Chinese laws that block access to "subversive" information, leading to a global Internet that conforms to the laws of the world's most oppressive countries.
Unfortunately, Yahoo! has so far refused to comment on the decision to sign the voluntary pledge.
+ "Public Pledge on Self-Discipline for China Internet Industry"
SoftWar: Filter King vs Six-Four and Camera/Shy
(GILC Alert). - Chinese authorities have forced many cybercafes across the country to shutdown. Government agents have closed nearly 2400 Internet cafes in Beijing alone; similar efforts have been launched in other cities, including Shanghai, Guangzhou (Canton), Tianjin and Shenzhen. Although a few cybercafes have since reopened, they are being required to get or renew government licences, and to install powerful Internet blocking packages such as Filter King. Filter King not only censors such items as foreign news and religious information, but can also record users' attempts to access banned information and send reports to the police.
... Meanwhile, new programs are being developed to counter the effects of Beijing-sponsored censorware. One of these programs, dubbed Six-Four (in reference to the 4 June 1989 government massacre of Chinese students in Tienanmen Square), is a special peer-to-peer protocol that will allow users to create virtual private networks and tunnel past Internet blocking schemes. Six-Four, which was unveiled at a recent H2K2 hackers conference in New York, will be formally released sometime next year.
+ "Cyber-cafes 'ordered to install spy programs' after fire" (South China Morning Post, 29 June)
Bombs, Democracy, and Double Standards On the 4th of July [Geez, talk
about a loaded date! - Editor] Hacktivismo announced it would release Camera/Shy,
a steganography application. Ever since we've been bombarded by journalists
wanting to know, "Could this application be used by terrorists?"
Last year the boogiemen were child pornographers. Next year they might be
extraterrestrials. Who knows?
TUNISIA
(GILC Alert). - Tunisian authorities have arrested the proprietor of a prominent local news website. Zouhair Yahyaoui founded and edited TUNeZINE, which included coverage of political affairs in the North African nation and materials from opposition party leaders. Recently, he republished a letter written by his uncle that deplored the country's legal system. He was then charged with "knowingly putting out false news" and "stealing" Internet connection time from the cybercafe where he worked. A Tunisian court sentenced him to 2 years and 4 months in jail, which was only reduced by 4 months on appeal. Not surprisingly, these events have alarmed free speech advocates. Robert Menard from Reporters Without Borders called the arrest and prosecution of Yahyaoui "outrageous" and added that Tunisian "President Ben Ali has committed all kinds of abuses against his opponents. When is this going to stop?"
+ "Tunisian Net Dissident Jailed," Wired News, 13 June
SPAIN
(GILC Alert). - The Spanish government has approved a proposal that critics warn will seriously erode human rights on the Internet. The LSSI bill (Ley de Servicios de la Sociedad de la Informacion y de Comercio electronico) will essentially allow "administrative authorities" within the government to shut down websites. Previously, this exercise of this power required court approval. Spanish government officials have hinted that they plan to use these powers to control online content. In addition, the bill includes provisions allowing customer data to be kept for up to a year, which government agents may access with the consent of a judge.
The bill has drawn heavy fire as a serious threat to civil liberties (particularly freedom of speech). For example, although several conditions were introduced to clarify in which way "administrative authorities" are able to shut down sites, a number of observers believe these supposed safeguards are not enough, and that the power to shutdown sites should stay in the hands of judges. These and other concerns have led some experts to claim that the LSSI is unconstitutional; at least one cyberliberties group, Kriptopolis (a GILC member), is campaigning to have the LSSI examined by the Spanish Constitutional Council.
+ Kriptopolis'
anti-LSSI campaign
+ Text of the LSSI
bill
+ "El
Congreso aprueba la 'Ley de Internet' con el voto en contra de PSOE,
IU y PNV," El Pais, 27 June
©left bulletin lambda
July-Aug. 2002
Contact
I home I abonnement