Slashdot Mirror

Some of the most popular apps for Android smartphones, including Skyscanner, TripAdvisor and MyFitnessPal, are transmitting data to Facebook without the consent of users in a potential breach of EU regulations. From a report: In a study of 34 popular Android apps, the campaign group Privacy International found that at least 20 of them send certain data to Facebook the second that they are opened on a phone, before users can be asked for permission. Information sent instantly included the app's name, the user's unique ID with Google, and the number of times the app was opened and closed since being downloaded. Some, such as travel site Kayak, later sent detailed information about people's flight searches to Facebook, including travel dates, whether the user had children and which flights and destinations they had searched for. European law on data-sharing changed in May with the introduction of General Data Protection Regulation and mobile apps are required to have the explicit consent of users before collecting their personal information.

Joseph Cox, reporting for Motherboard: On Friday, activist group Privacy International and five internet and communications providers lodged an application before the European Court of Human Rights to challenge the UK's use of bulk hacking powers abroad. "The European Court of Human Rights has a strong track record of ensuring that intelligence agencies act in compliance with human rights law. We call on the Court to hold GCHQ accountable for its unlawful bulk hacking practices," Scarlet Kim, legal officer at Privacy International, said in a statement. The application has been made with UK-based non-profit GreenNet, the Chaos Computer Club from Germany, Jibonet from South Korea, US internet service provider May First, and communications provider Rise Up. In 2014, Privacy International filed a complaint over the country's bulk hacking powers with the UK's Investigatory Powers Tribunal, a court which determines if public authorities have unlawfully used covert techniques. In February of this year, the IPT concluded that GCHQ's hacking was legal under the UK's Intelligence Service Act 1994. Privacy International is now challenging whether the UK's interpretation of the Intelligence Service Act for using bulk hacking powers complies with the European Convention of Human Rights (ECHR).

Joseph Cox, reporting for Motherboard: On Friday, activist group Privacy International and five internet and communications providers lodged an application before the European Court of Human Rights to challenge the UK's use of bulk hacking powers abroad. "The European Court of Human Rights has a strong track record of ensuring that intelligence agencies act in compliance with human rights law. We call on the Court to hold GCHQ accountable for its unlawful bulk hacking practices," Scarlet Kim, legal officer at Privacy International, said in a statement. The application has been made with UK-based non-profit GreenNet, the Chaos Computer Club from Germany, Jibonet from South Korea, US internet service provider May First, and communications provider Rise Up. In 2014, Privacy International filed a complaint over the country's bulk hacking powers with the UK's Investigatory Powers Tribunal, a court which determines if public authorities have unlawfully used covert techniques. In February of this year, the IPT concluded that GCHQ's hacking was legal under the UK's Intelligence Service Act 1994. Privacy International is now challenging whether the UK's interpretation of the Intelligence Service Act for using bulk hacking powers complies with the European Convention of Human Rights (ECHR).

Joseph Cox, reporting for Motherboard: On Friday, activist group Privacy International and five internet and communications providers lodged an application before the European Court of Human Rights to challenge the UK's use of bulk hacking powers abroad. "The European Court of Human Rights has a strong track record of ensuring that intelligence agencies act in compliance with human rights law. We call on the Court to hold GCHQ accountable for its unlawful bulk hacking practices," Scarlet Kim, legal officer at Privacy International, said in a statement. The application has been made with UK-based non-profit GreenNet, the Chaos Computer Club from Germany, Jibonet from South Korea, US internet service provider May First, and communications provider Rise Up. In 2014, Privacy International filed a complaint over the country's bulk hacking powers with the UK's Investigatory Powers Tribunal, a court which determines if public authorities have unlawfully used covert techniques. In February of this year, the IPT concluded that GCHQ's hacking was legal under the UK's Intelligence Service Act 1994. Privacy International is now challenging whether the UK's interpretation of the Intelligence Service Act for using bulk hacking powers complies with the European Convention of Human Rights (ECHR).

The UK's intelligence agencies such as MI5, MI6, and GCHQ have been collecting personal information from citizens who are "unlikely to be of intelligence or security interest" since the 1990s, a thousand pages of documents published on Thursday revealed. The documents were published as a result of a lawsuit filed by Privacy International, a UK-based registered charity that defends and promotes the right to privacy across the world. According to the documents, GCHQ and others have been collecting bulk personal data sets since 1998 under the provisions of section 94 of the Telecommunications Act 1984. J.M. Porup, reports for Ars Technica: These records can be "anything from your private medical records, your correspondence with your doctor or lawyer, even what petitions you have signed, your financial data, and commercial activities," Privacy International legal officer Millie Graham Wood said in a statement. "The information revealed by this disclosure shows the staggering extent to which the intelligence agencies hoover up our data." Nor, it seems, are BPDs only being used to investigate terrorism and serious crime; they can and are used to protect Britain's "economic well-being" -- including preventing pirate copies of Harry Potter books from leaking before their release date. The so-called "Bulk Personal Datasets," or BPDs are so powerful, in fact, that the normally toothless UK parliament watchdog that oversees intelligence gathering, the Intelligence and Security Committee (ISC), recommended in February that "Class Bulk Personal Dataset warrants are removed from the new legislation." These data sets are so large and collect so much information so indiscriminately that they even include information on dead people.

Mark Wilson writes: Privacy International has created a platform through which individuals and organizations can file complaints with GCHQ about surveillance of phone calls and internet usage. The charity has long concerned itself with government surveillance, particularly the sharing of data between the NSA and GCHQ. The legality of mass surveillance has been questioned by many, and it has already been determined that human rights organization Amnesty International was illegally spied on. Edward Snowden's NSA revelations have led to a huge increase in awareness of privacy issues, and now Privacy International is making it easier to find out if you were spied on, and to lodge an official complaint.

mrspoonsi (2955715) writes with this excerpt from the BBC: ISPs from the U.S., UK, Netherlands, and South Korea have joined forces with campaigners Privacy International to take GCHQ to task over alleged attacks on network infrastructure. It is the first time that GCHQ has faced such action. The ISPs claim that alleged network attacks, outlined in a series of articles in Der Spiegel and the Intercept, were illegal and "undermine the goodwill the organizations rely on." The complaint (PDF).

mrspoonsi (2955715) writes with this excerpt from the BBC: ISPs from the U.S., UK, Netherlands, and South Korea have joined forces with campaigners Privacy International to take GCHQ to task over alleged attacks on network infrastructure. It is the first time that GCHQ has faced such action. The ISPs claim that alleged network attacks, outlined in a series of articles in Der Spiegel and the Intercept, were illegal and "undermine the goodwill the organizations rely on." The complaint (PDF).

mpicpp sends this news from the BBC: The U.K. government has revealed that intelligence service GCHQ can snoop on British citizens' use of Facebook, Twitter and Google without a warrant because the firms are based overseas. U.K. spy boss Charles Farr said that such platforms are classified as external communications. The policy was revealed as part of an ongoing legal battle with campaign group Privacy International (PI). PI said the interpretation of the law "patronizes the British people." According to Mr Farr, Facebook, Twitter, Facebook, YouTube and web searches on Google, as well as webmail services such as Hotmail and Yahoo are classified as "external communications," which means that they can be intercepted without the need for additional legal clearance."

Daniel_Stuckey (2647775) writes with news that we may soon learn which countries were sold the FinFisher malware package to spy on their own citizens. "The UK's High Court ruled yesterday that HM Revenue and Customs acted 'unlawfully' when it declined to detail how it was investigating the export of digital spy tools created by a British company. Human rights group Privacy International is celebrating the decision of Mr. Justice Green, which means HMRC now has to reconsider releasing information on its investigation into controls surrounding the export of malware known as FinFisher, created by British supplier Gamma International. The widespread FinFisher malware family, also known as FinSpy, can carry out a range of surveillance operations, from snooping on Skype and Facebook conversations to siphoning off emails or files sitting on a device. It is supposed to benefit law enforcement in their investigations, but has allegedly been found in various nations with poor human rights records, including Bahrain and Ethiopia."

Daniel_Stuckey (2647775) writes with news that we may soon learn which countries were sold the FinFisher malware package to spy on their own citizens. "The UK's High Court ruled yesterday that HM Revenue and Customs acted 'unlawfully' when it declined to detail how it was investigating the export of digital spy tools created by a British company. Human rights group Privacy International is celebrating the decision of Mr. Justice Green, which means HMRC now has to reconsider releasing information on its investigation into controls surrounding the export of malware known as FinFisher, created by British supplier Gamma International. The widespread FinFisher malware family, also known as FinSpy, can carry out a range of surveillance operations, from snooping on Skype and Facebook conversations to siphoning off emails or files sitting on a device. It is supposed to benefit law enforcement in their investigations, but has allegedly been found in various nations with poor human rights records, including Bahrain and Ethiopia."

colinneagle (2544914) writes "Canonical is producing a version of the Ubuntu Linux distribution specifically for smartphones, but Richard Tynan, writing for PrivacyInternational.org, recently pointed out that the baseband in Ubuntu-powered phones will remain proprietary. ... Some have criticized Canonical for missing an opportunity to push for a fully Open Source smartphone, but in order to fix this problem (and open up the code for this super-critical bit of software), we need companies that have a large amount of clout, in the smartphone market, to make it a priority. Canonical (with Ubuntu) just doesn't have that clout yet. They're just now dipping their toes into the smartphone waters. But you know who does have that clout? Google.

Google has made a point of touting Open Source (at least sometimes), and they are the undisputed king of the smartphone operating system world. And yet I hear no big moves by Google to encourage phone manufacturers to utilize Open Source baseband firmware, such as OsmocomBB. So has Canonical missed an opportunity? No. Not yet. If (some may say 'when') Ubuntu gains a critical amount of market share in the phone world, that will be their chance to pressure manufacturers to produce a truly Open Source phone. Until then, Canonical needs to continue to work within the world we have today."

judgecorp writes "Privacy International is mounting a legal challenge against snooping by the UK government's intelligence agency GCHQ. But the case will be held in secret The group is challenging UK government access to Privacy, and the UK's own Tempora system, arguing that both allow 'indiscriminate' snooping because they operate in secrecy with a lack of legal oversight. All well and good — but the authorities have ruled that Privacy's challenge must be heard by the Investigatory Powers Tribunal, which hears cases in secret and is under no obligation to explain or justify its verdicts."

adeelarshad82 writes "In the wake of the controversy surrounding its Street View data collection processes, Google has published an independent audit of its practices, prompting a London-based privacy group to accuse Google of a 'criminal act.' The report provided some more in-depth, technical details (PDF) about what Google has already admitted to doing: storing wireless data packet information that was collected over unencrypted networks. According to the report, Street View cars collect data sent over wireless networks, and associate this information with data from a GPS unit in the vehicles. The technology used, known as gslite, then parses and stores certain identifying information about these wireless networks to a hard drive. That information includes the MAC address and the SSID amongst other things like e-mails addresses and browser history." Google also sent a letter to House Energy and Commerce Committee leaders acknowledging their mistake and claiming they have not "conducted an analysis of the payload data in a way that allows us to know exactly what was collected."

I Don't Believe in Imaginary Property writes "Privacy International has released their report on privacy for 2007, which includes a color-coded world map that highlights the countries with the best privacy laws, the privacy-hostile countries being in black. While many of the overall rankings may come as no surprise, it does highlight some of the more obscure abuses. For example, Venezuela requires your fingerprints just to get a phone and South Korea requires a government registration number linked to your identity before you can post on message boards. Makes you wonder who is Number One?"

UpnAtom writes "People who refuse to give up their bank records, tax records & details of any benefits they've claimed, and the records of their car movements for the last year, or refuse to submit to an interrogation on whether they are the same person that this mountain of data belongs to — will be denied passports from March 26th. The Blair government has already admitted that this and other data will be cross-linked so that the Home Office and other officials can spy on the everyday lives of innocent Britons. Britons were already the most spied upon nation in Western Europe — more so even than Sweden. Data-mining through this unprecedented level of mass-surveillance allows any future British government to leapfrog even countries like China and North Korea."

djmurdoch writes to alert us to the release of Privacy International's privacy ranking of 37 nations. This came out of PI and EPIC's annual Privacy and Human Rights global study, which this year runs to 1,200 pages. From a Globe and Mail article on the rankings: "Germany and Canada are the best defenders of privacy, and Malaysia and China the worst, an international rights group said in a report released Wednesday. Britain was rated as an endemic surveillance society, at No. 33, just above Russia and Singapore... The United States did only slightly better, at No. 30, ranked between Israel and Thailand, with few safeguards and widespread surveillance." PI's study coincided with a report from Britain's information commissioner warning that the UK could "sleep-walk into a surveillance society". The nation now has one CCTV camera for every 14 people.

GarconDuMonde writes "For the second time within the past year, an Indymedia server has been siezed in the United Kingdom. This time it is the Bristol Indymedia server (currently redirected to the United Kollectives IMC site); this follows on from the Ahimsa siezure last October. The current siezure was carried out using a search warrant by the UK police at approximately 16:30GMT on June 27th, 2005. This was despite being warned by lawyers "that this server was considered an item of journalistic equipment and so subject to special provision under the law" (press release). Bristol Indymedia is currently being supported by the National Union of Journalists (NUJ), Liberty and Privacy International. Other media organisations have declared their support."

Daedala writes "The debate over contactless chips with biometric information in passports continues. Vendors have been chosen for testing in the U.S. and Australia. Privacy advocates are still arguing about the measure, as are security reporters and bloggers. The specs themselves are interesting, to say the least. The EETimes says that in interoperability tests, the potential chips could be read from 30 feet away. However, both they and the New York Times have published articles reporting vendors' low-cost solution: '[I]incorporate a layer of metal foil into the cover of the passport so it could be read only when opened.' Don't they know that the whole tinfoil hat thing is supposed to be a joke?"

Ville Oksanen writes "Privacy International (PI) and European Digital Rights (EDRI) have published their joint answer to the consultation on mandatory data retention. The European Commission asked for public comments on a proposed retention regime across Europe between 12 and 36 months for all traffic data generated by using fixed and mobile telephony and Internet. As Statewatch puts it: 'This is a proposal so intrusive that Ashcroft, Ridge and company can only dream about it, exceeding even the U.S. Patriot Act.' EDRI and PI are currently collecting endorsements from organizations and companies for their stamement here. This is unfortunately not enough to stop the process - expecially more should be done in the member states, which ultimately decide the fate of the proposal. So contact your local politicians today!"

eric434 writes "The Register reports that Internet restrictions, government secrecy and communications surveillance have reached an unprecedented level across the world, from 9/11-inspired Patriot-esque laws to national internet filtering and corporate abuse of the legal system. Summarizing the Privacy International report, it's quite evident that we've not only approached but started down a slippery slope. In the words of Simon Davies (director of Privacy Intl.), 'The report sounds a warning that we must move quickly to preserve the remaining freedoms on the Internet before they are systematically extinguished.'"

Privacy Digest writes "Out-Law.com, UK - Global privacy report is the most comprehensive ever . The Electronic Privacy Information Center and Privacy International on Friday released their sixth annual Privacy and Human Rights survey which claims to be the most comprehensive survey on privacy and data protection ever published. The report reviews the state of privacy in over fifty-five countries around the world. Key topics include Total Information Awareness, the public response to the U.S.A.-Patriot Act, traveller profiling, biometric identification, and other new technologies of surveillance. Privacy and Human Rights 2003: An International Survey of Privacy Laws and Developments is available free online or it can be purchased from the EPIC Bookstore."

Privacy Digest writes "Out-Law.com, UK - Global privacy report is the most comprehensive ever . The Electronic Privacy Information Center and Privacy International on Friday released their sixth annual Privacy and Human Rights survey which claims to be the most comprehensive survey on privacy and data protection ever published. The report reviews the state of privacy in over fifty-five countries around the world. Key topics include Total Information Awareness, the public response to the U.S.A.-Patriot Act, traveller profiling, biometric identification, and other new technologies of surveillance. Privacy and Human Rights 2003: An International Survey of Privacy Laws and Developments is available free online or it can be purchased from the EPIC Bookstore."

'No nickname' Ian writes "If you live in Europe you should definitely read this story about a government supercomputer. It's written by Andy McCue from silicon.com and entitled: IT Myths: Does the 'Beast of Brussels' know everything about us? Basically, in Europe there are rumours of an EU-owned super-computer which stores and process information on every European citizen. The piece debunks the rumour and finds out its roots are actually in a work of fiction - but there is some interesting comment from privacy activists who suggest it may not be too wide of the mark. Simon Davis of Privacy International goes so far as to suggest such computer may have existed - if perhaps not on the same 'three storey-high' magnitude."

The 2003 Jefferson Muzzle "winners" are out. This year's crop starts with John Ashcroft and the U.S. Congress, and works its way down through the school board that voted to put Harry Potter on the restricted shelf. Innovation in censorship deserves recognition, read and enjoy. And in other stupid news, the winners of the Stupid Security Competition have been announced. I like that I'm being protected from tea. It makes me feel safe.

MacRonin writes "Privacy International today announced the winners of the 2003 Big Brother Awards. One of the judges, estimable Dr Ian Brown of the Foundation for Information Policy Research (FIPR), writes: "It was alternatively amusing and depressing to be one of the judges for these awards. RIP and data retention played a large part in our deliberations..." ... Read more at The Register (UK) - 2003 Big Brother Awards: The Winners. and Political News from Wired News - Blair Tagged as Privacy Threat."

Buck Mulligan writes "The folks at Privacy International are holding a stupid security contest to discover the "world's most pointless, intrusive, annoying and self-serving security measures." Nominations can be submitted by email: stupidsecurity@privacy.org. My vote goes to the Ronald Reagan 'Free Trade' Center in Washington, where you have to show your driver's license to visit the food court. (Having a driver's license proves that you aren't dangerous!)"

jbrownc1 writes "Privacy International has a great article on how the giant international outsourcing companies (EDS, CSC, etc) are outsourcing our most private data, as well as some of the implications that this has. Start thinking about which company will be hosting all that TIA data on your personal lives, and you can see why Microsoft is not your biggest enemy by a long shot!"

jbrownc1 writes "Privacy International has a great article on how the giant international outsourcing companies (EDS, CSC, etc) are outsourcing our most private data, as well as some of the implications that this has. Start thinking about which company will be hosting all that TIA data on your personal lives, and you can see why Microsoft is not your biggest enemy by a long shot!"

GuyMannDude writes "Reuters is reporting that Privacy International's 4th Annual US "Big Brother" Awards have been announced at the 12th Conference on Computers, Freedom and Privacy. Ashcroft won "Worst Government Official" and Ellison won "Worst Corporate Invader". Couldn't have happened to a pair of nicer guys."

Default.cfg writes: "In response to news reports that the Metropolitan Police Department (MPD) had constructed an extensive surveillance camera network in Washington, D.C., EPIC has filed a series of Freedom of Information Act (FOIA) requests to learn more about the system. The system allows police to monitor surveillance cameras from around the city in a central office called the 'Synchronized Operations Command Center' (SOCC)." Read on below for more information, including some interesting links. " The system was assembled and activated with no public dialogue or debate. Since its activation, the camera network has been used to monitor individuals engaged in legitimate First Amendment activities, including the participants in the World Bank and International Monetary Fund protests in April 2000. Basic questions regarding the system -- such as the cost of the system and issues of access to data, data retention, and data sharing -- remain unknown.

EPIC's request seeks information about the cameras, the policies on their use, and future plans for expansion of the network. The request was directed to the MPD and federal agencies that have access to the SOCC for monitoring. The MPD has plans to link even more cameras to the system, including cameras from private stores in Washington's Georgetown neighborhood.

Rep. Connie Morella (R-MD) has expressed objections to the monitoring network as well. Rep. Morella chairs a House Government Reform subcommittee that has oversight on DC policy, and has called for hearings on the issue.

On February 26, the MPD announced that it had turned off twelve cameras that monitored buildings in and around the National Mall. The cameras were deactivated with the close of the Olympic Games in Salt Lake City, Utah and the end of the terror alert announced last month by Attorney General John Ashcroft; however, the cameras could be reactivated at any time.

EPIC Press Release on DC Surveillance Cameras: http://www.epic.org/open_gov/FOIA/dccameraspr.html

EPIC Face Recognition Page: http://www.epic.org/privacy/facerecognition/

Privacy International Video Surveillance Page: http://www.privacyinternational.org/issues/cctv/in dex.html"

Kathleen Ellis, editor of the Privacy News Portal, has written an excellent feature about how The President's Export Council Subcommittee on Encryption (PECSENC) has recommended dropping almost all export controls on strong crypto, and why it is unlikely that this group's recommendations will be acted on in any meaningful way. (More below)

White House Subcommittee Endorses Crypto Reform.
Will Someone Please Listen?
By Kathleen Ellis

Another shot was fired in one of the longest-lasting and most contentious battles regarding Internet policy last Wednesday, when a White House advisory subcommittee announced it has recommended that the Clinton Administration all but reverse its restrictive stance on the export of encryption products.

The President's Export Council Subcommittee on Encryption (PECSENC) was formed earlier this year by the White House to provide guidance in the U.S. Government's development of encryption policy, which has been the subject of heated debate. As many Slashdot readers already know, the government has insisted for years that liberalizing encryption export could cause serious problems for national security by giving terrorists and criminals access to the technology. Of course, net activists and industry folk assert that the right to privacy supercedes the wishes of any bureaucrat, and that terrorists and criminals can just as easily get their crypto from any other country that does not restrict cryptographic exports.

Critics of the Administration's policy had expected to gain little support through the subcommittee's recommendations. William Crowell, the subcommittee's chairman, is currently President and CEO of Cylink Corporation, an internet security firm, but previously served as Deputy Director for the National Security Agency. Several committee members also had ties to law enforcement or other government agencies; Stewart Baker, an attorney with the Washington-based Steptoe & Johnson, is former general counsel to the NSA and is a vocal opponent of loosening restrictions on encryption. Steve Walker is former president of Trusted Information Systems (now owned by Network Associates), a leading producer of key escrowed encryption products, which the FBI has lobbied to make mandatory even for domestic use.

Despite these ties, however, the subcommittee cited a need for the U.S. government to "recognize market realities" and reverse its course on encryption policy. Among its recommendations:

- License-Free Zones: Recognizing that the European Union is planning to drop all cryptographic export rules between member countries, the US should likewise identify a list of countries which do not pose any major terrorist threat, and allow encryption export (hardware and software products) without a license.

- On-Line Merchants: On-line merchants based in other countries will be added to the list of business types permitted to have encryption products exported to them from the US. Banks and a limited number of other financial institutions currently enjoy this license exception.

- Mass-market hardware and software: Mass-market products which utilize up to 128-bit key length triple DES will enjoy license exception. "The US government should recognize the difficulty of controlling mass-market products once they are allowed to be exported to even limited sectors".

The subcommittee also suggests eliminating cumbersome reporting requirements for manufacturers of encryption products, as well as removal of source code, cryptographic Application Programming Interfaces and devices such as encrypting routers from the list of restricted technologies.

So cypherpunks across the nation will soon be free to export their code at will? Subcommittee chairman William Crowell is hesitant to say yes. "The Administration will have its own ideas about which of these recommendations are implementable. Vice President Gore has said that the administration would consider additional liberalization over what they announced last year, so it was important to get these recommendations to the table while they were thinking about it". He expects that the administration will make further changes to its export policy based on the recommendations sometime in September.

There are other signs of change on the horizon regarding the government's attitude toward encryption. The successor to the current Data Encryption Standard algorithm, which will be used by the U.S. Government for a multitude of purposes, will be chosen by the National Institute of Standards and Technology with the next few months. Four out of the five Advanced Encryption Standard finalists were developed, at least in part, by cryptographers based overseas or holding foreign citizenships. The fact that such decisions could be made by NIST requires the acknowledgement, at least on some level, that good encryption can be produced in countries not affected by U.S. export law, and hence, can be made available around the world.

However, one prominent activist is still skeptical about the potential effect this announcement may actually have on U.S. policy. "This doesn't change policy, this is just yet another group that has come forward and said 'the U.S. policy is abysmal, it needs to be scrapped'" says David Banisar, Deputy Director of Privacy International, and co-author of "The Electronic Privacy Papers". "Many distinguished groups in the past have made similar recommendations...the Clinton Administration has thus far rejected any attempts to dramatically reform export control laws".

Banisar likened the potential influence of the PECSENC recommendations to those of a report published by the National Research Council in 1996. Much more conservative than the PECSENC subcommittee's suggestions, "Cryptography's Role In Securing the Information Society" was written by a committee comprised of government officials, representatives from the computing industry, and academics. The NRC committee's recommendation that 56-bit DES encryption took two years for the Bureau of Export Administration to implement, and many of the other valuable points in the report have never been implemented. The NRC report suggested that U.S. policy should take into account the "nonconfidentiality uses" encryption has to offer. U.S. policy still does not support the use of encryption for the purposes of authentication, which the committee identified as an "important crime-fighting measure". Indeed, one would think that the F.B.I. and the Department of Commerce would hasten to encourage the use of such technologies.

Banisar also expressed concerns about the provisions favoring online merchants. "The e-commerce exports have already been promised to online merchants...they will get what they want, which helps the Clinton Administration divide and conquer their opposition". Banisar stated that civil libertarians lost a powerful lobbying ally when banks were granted the same licensing exemptions now promised to entrepreneurs online. "When a wealthier group gets what they want, they stop fighting, and the everyday users get screwed."

It also seems that the recommendations do not go far enough to help the people who need encryption technology most. Barbara Simons is President of the Association for Computing Machinery and one of the members of the PECSENC committee. "It appears that the recommendations don't address the needs of people working for human rights in countries with repressive regimes," she says.

The human rights issue is a valid one within the debate on U.S. encryption policy. The American Association for the Advancement of Science's Cryptography, Scientific Freedom, and Human Rights program trains human rights workers to use encryption technology in countries like Guatemala and China, where oppressive governments have a way of making insurrectionists disappear. A letter from AAAS to the House or Representatives Committee on International relations states that "human rights activists are killed, tortured, disappeared and jailed for trying to expose horrendous abuses...[they] use encryption to protect themselves, the victims and eyewitnesses they are interviewing, and human rights colleagues around the world when they communicate sensitive information on grave abuses of human rights".

It would be wise and compassionate for the Clinton Administration to authorize a new class of license exceptions for human rights workers travelling into countries that don't fall under the "favored nations" exemptions for encryption exports. If national security were really a concern in these cases, they could add strict guidelines describing who the software could legally be distributed to within those countries. Unfortunately, PECSENC seems to have overlooked this important issue.

Despite these shortcomings, there are some definite gains to be made by following PECSENC's recommendations. Net activists will be keeping their fingers crossed when the White House reviews them next month. Progress has been far too slow in coming, and if there's ever been a time for our government to start making some positive decisions, this certainly is it.

Kodi writes "According to an article on ZDNN, Privacy International is accepting nominations for its Big Brother Awards, designed to recognize the US companies that have done the most to invade our privacy. " I can think of (intel) a few companies that (intel) could conceivably (intel) be nominated. Gimme a minute to think about it.