Radio Free Europe's websites in Belarus under attack

Several Radio Free Europe websites were under a distributed denial of service (DDoS) attack in the past week. The attacks started on 26 April 2008, the 22nd anniversary of the Chernobyl nuclear disaster, primary targeted at the Belarus Radio Free Europe/Radio Liberty (RFE/RL) service which was offering live coverage of a rally of protest organized in Minsk against the plight of uncompensated victims and a government decision to build a new nuclear plant.

Martins Zvaners, RFE spokesman, thinks that was the largest attack ever experienced by RFE. At its peak, the DDoS attack was sending more than 50000 requests to the RFE sites, flooding its servers' capacity and throwing them offline.

Although there is no proof of who was behind the attacks, Zvaners pointed his finger at the Belarus administration: "This started on the day of a demonstration that they wanted no one to cover. They've never been real happy with us. In an ongoing sense, they are always 'jamming' our signals. We can't say for certain who did it, but you look at the circumstances and you can start to draw some possible inferences."

US State Department spokeswoman Jessica Simon stated that it was the Belarusian Government's responsibility to stop such kind of attacks while Nina Ognianova, the program coordinator for Europe and Central Asia at the New York-based Committee to Protect Journalists, said it was also the responsibility of President Alyaksandr Lukashenka to find and punish those responsible with the attacks. "In Belarus especially, RFE/RL service is significant now more than ever because Lukashenka's regime has destroyed the other independent and opposition broadcasters. (...) So we certainly are very concerned about this short-lived but successful attacks" said Ognianova.

RFE issued a news release on 28 April following which the attacks stopped and the sites went back online. According to Zvaners, RFE has now taken protection measures against similar attacks.

During the three days of the attack, RFR/RL's Belarus Service was supported by 22 Belarusian sites that hosted its content. "Dear friends. We value your solidarity and we promise to support any site that falls victim to such an attack in the future. (...) Thanks to all of you for your support of freedom" said Alyaksandr Lukashuk, director of RFE/RL's Belarus Service, who considers that the response to the attack was an example that could create a precedent for future online "esprit de corps" among journalists and pro-democracy advocates.

http://www.edri.org/edrigram/number6.9/radio-free-europe-belarus

Radio Free Europe's websites in Belarus under attack

Several Radio Free Europe websites were under a distributed denial of service (DDoS) attack in the past week. The attacks started on 26 April 2008, the 22nd anniversary of the Chernobyl nuclear disaster, primary targeted at the Belarus Radio Free Europe/Radio Liberty (RFE/RL) service which was offering live coverage of a rally of protest organized in Minsk against the plight of uncompensated victims and a government decision to build a new nuclear plant.

Martins Zvaners, RFE spokesman, thinks that was the largest attack ever experienced by RFE. At its peak, the DDoS attack was sending more than 50000 requests to the RFE sites, flooding its servers' capacity and throwing them offline.

Although there is no proof of who was behind the attacks, Zvaners pointed his finger at the Belarus administration: "This started on the day of a demonstration that they wanted no one to cover. They've never been real happy with us. In an ongoing sense, they are always 'jamming' our signals. We can't say for certain who did it, but you look at the circumstances and you can start to draw some possible inferences."

US State Department spokeswoman Jessica Simon stated that it was the Belarusian Government's responsibility to stop such kind of attacks while Nina Ognianova, the program coordinator for Europe and Central Asia at the New York-based Committee to Protect Journalists, said it was also the responsibility of President Alyaksandr Lukashenka to find and punish those responsible with the attacks. "In Belarus especially, RFE/RL service is significant now more than ever because Lukashenka's regime has destroyed the other independent and opposition broadcasters. (...) So we certainly are very concerned about this short-lived but successful attacks" said Ognianova.

RFE issued a news release on 28 April following which the attacks stopped and the sites went back online. According to Zvaners, RFE has now taken protection measures against similar attacks.

During the three days of the attack, RFR/RL's Belarus Service was supported by 22 Belarusian sites that hosted its content. "Dear friends. We value your solidarity and we promise to support any site that falls victim to such an attack in the future. (...) Thanks to all of you for your support of freedom" said Alyaksandr Lukashuk, director of RFE/RL's Belarus Service, who considers that the response to the attack was an example that could create a precedent for future online "esprit de corps" among journalists and pro-democracy advocates.

http://www.edri.org/edrigram/number6.9/radio-free-europe-belarus

Eurobarometers on data protection in EU

According to a couple of Eurobarometer surveys on data protection, issued by the European Commission on 17 April 2008, EU citizens have little faith in the security of data transmission on the Internet.

Two surveys were conducted by Gallup in January 2008, investigating the perceptions on data protection among EU citizens and data controllers respectively. The surveys involved about 27000 EU citizens and 5000 companies from all 27 member states.

The findings of the surveys show that 82% of European Internet users have little trust in personal data management on the Internet and 64% of EU citizens are concerned about data protection issues feeling that the awareness and information on these topics are not satisfactory enough. The lack of information appeared to be a major problem. Especially the national data protection authorities were rather unknown to most of the EU citizens.

Only 28% of respondents said they knew about such institutions existing in their country.

Less than half of the respondents think data is properly protected in their own countries and more than half of them considering the legislation cannot cope with the increasing amount of exchanged personal information.

The surveys also reveal an increase in the awareness of the risks related to potential abuses of private data, proportional to the increased use of privacy protecting tools and technologies. Privacy-enhancing technologies (PETs) that include automatic anonymisation after a certain lapse of time, encryption tools and cookie-cutters, are better known by companies, more than half of them using now such tools. The studies revealed that, although increasing, the level of awareness it still relatively low among EU citizens. More than two thirds of Internet users in some country (such as Ireland or France) say they have never heard of PETs.

One of the topics covered by the studies was data monitoring. Citizens, as well as data controllers, agree on the monitoring of passenger flight details (82%), telephone calls (72%), Internet (75%) and credit card usage (69%) to combat terrorism but only within well-defined limits. About a third of the respondents believe only suspects should be monitored while about 20% wanted even stricter safeguards.

Commenting on the results of the surveys, Commission Vice-President Jacques Barrot, temporarily in charge of justice and home affairs, said: "It is our intention to fully analyse and understand the feedback we have been given by Europe's citizens in this survey and we will ensure these comments inform the work we are doing in this area this year. I am convinced that this survey will also be a salutary lesson for all stakeholders involved in handling personal data and maintaining data protection".

http://europa.eu/rapid/pressReleasesAction.do?reference=MEMO/08/248

Payment Fraud Moves to Internet in Europe, Says Commission

Despite recent efforts to clamp down on electronic payments fraud, the crime is still rife and is undermining citizens' confidence in buying and selling over the internet, the European Commission said yesterday. A Commission report on fraud and countermeasures taken between 2004 and 2007 shows that even though the number of discovered cases is a small minority of the overall number of transactions using new payment services, they undermine the general level of confidence among citizens in the European Union.

http://www.pcworld.com/businesscenter/article/145190/payment_fraud_moves_to_internet_in_europe_says_commission.html

Russian prosecutors eye Internet censorship

The Russian prosecutor's office wants tough anti-extremism laws to be extended to the Internet, prompting fears of growing media censorship. The prosecutors office has proposed a legal amendment to bring the Internet under the same rules as printed media. Newspapers deemed in court to have published extremist material can be shut down under current laws.

http://afp.google.com/article/ALeqM5gzKl0LhCkTUDVEcpowGh9oBfxUQw

File-sharing should not be a crime, says European Parliament

The European Parliament has said that copyright-infringing music and film file-sharing should not be criminalised. The Parliament has said that file-sharers should not be prosecuted as criminal offenders unless they seek to profit from the sharing.

The Parliament has adopted a report on Europe's cultural industries which rejects the idea of criminalising non-profit making file-sharers.

"Criminalising consumers who are not seeking to make a profit is not the right solution to combat digital piracy," said a motion passed by the Parliament.

"In the context of rapid technological and market evolution, and with a view to ensuring that cultural industries and creators benefit from the development of digital platforms, [the parliament] urges the Commission to rethink the critical issue of intellectual property from the cultural and economic point of view," it said.

The motion said that the Commission should rethink its policies in the interest of "a balance between the opportunities for access to cultural events and content and intellectual property that guarantee fair, effective remuneration to all categories of right holders, real choice for consumers, and cultural diversity."

The Parliament's report and motion is not binding on the European Commission, but is designed to influence that body's thinking when it creates its next programme of government.

The Parliament said that piracy should be dealt with not by criminalising it, but through education. "[The Parliament] urges the Commission, in the fight against piracy, to make all parties, including consumers, aware of their responsibilities and to put in place awareness-raising and education campaigns [and] invites the Commission to take measures relating to prevention, education and awareness-raising among consumers, especially among young people in schools on the value of intellectual property and creativity in general and to encourage consumers to respect intellectual property," it said.

The motion also addressed some of the wider issues about culture and economics and said that the European Commission should pay more attention to the interplay of the two.

"The Commission [should] put in place a structure for strengthening coordination of activities and policies which have an impact on the cultural and creative sector and set up a task force for culture and the creative economy, so as to explore more closely the direct contribution of culture and of creativity on innovation, economic growth and social development in the European Union," it said.

In its motion, the Parliament was keen to stress the rights of users as well as the rights of content producers. "As a result of the internet, traditional ways of using cultural products and services have completely changed and … it is essential to ensure unimpeded access to online cultural content and to the diversity of cultural expressions, over and above that which is driven by industrial and commercial logic, ensuring moreover, fair remuneration for all categories of right holders," it said.

The Parliament last year approved a measure which criminalised intellectual property infringement, though supporters said that it was only relevant in cases of large scale, industrial copying.

The Second Intellectual Property Rights Directive (IPRED2) was passed last April by the Parliament and is aimed at organised crime's IP-infringing activities.

http://www.out-law.com/page-9059

EU - Search engines must delete data after six months, say watchdogs

Search engines must delete search logs after six months if they are to comply with data protection laws, according to a committee of EU countries' privacy watchdogs. The Article 29 Working Party has published a long-awaited report into search engines and privacy which is the result of months of consideration. That report says that search engine companies must delete personal data as soon as they have used it for the purpose for which it was gathered, and that it should not be routinely kept for longer than six months.

http://www.ft.com/cms/s/0/31663062-04fc-11dd-a2f0-000077b07658.html?nclick_check=1

Estonia to drill NATO's future cyber-war defenders

Almost a year after falling victim to a "cyber-war" blamed on Russian hackers, the Baltic state of Estonia is now piloting NATO's efforts to ward off future online attacks on alliance members.

http://news.smh.com.au/estonia-to-drill-natos-future-cyberwar-defenders/20080402-234p.html

Openness vs. Privacy: What are the Tensions?

By Thomas Riley

Modern information and communication technologies are pervasive and have opened the world to new levels of communication and interaction between people. In the process our way of thinking and living has changed due to the impact of the new technologies. There are billions of bytes of data available in many forms and formats on the Internet. Much of the data is aggregate or anonymous but there is also a plethora of personal data now available online. We all exchange personal information in one form or another. Most of us try hard to ensure our personal details do not get into the wrong hands. Yet, the fact is that with so much information now roaming through cyberspace and across the networks of the world, the possibilities of breaches are stronger than ever.

Privacy and Data Protections laws are in place in many jurisdictions around the world. The essential remit of these organizations are to educate individuals on the importance of privacy, apply the basic privacy principles, ensure access to personal information from individuals, deal with complaints if individuals are denied access to personal documents and to inform the public on how to protect their personal information.

The question when dealing with a specific issue of openness (freedom of information laws) versus privacy laws is: which is the most important value in that instance? In an ideal world both would be considered equally important. However, such is not the case. There are tensions between public officials who have developed a policy declaring that government information be open to the public, as part of the philosophy that says citizens have "the right to know." Privacy comes from the opposite angle, allowing access to individuals seeking their own personal information lodged in a government department, agency or database. Privacy advocates in many jurisdictions, in countries around the world that have these laws, will argue that the protection of the personal information of individuals is paramount. Part of the answer to this conundrum is to redact personal information of individuals when requests are made under freedom of information laws.

However, despite the ideals incorporated in these two laws there are a legion of issues. FOI and privacy laws have existed now for over four decades in the USA and around the world. At this stage of existence of these laws, it has become apparent that privacy laws are of major importance to citizens.

As citizens we accept certain limits of the use of our personal information. We freely give out our names, addresses and phone numbers when needed for transactions such as obtaining credit cards, signing up for services, purchasing items, and a host of other reasons. These transactions are kept within the confines of a government or private sector organization and the individual's details are not necessarily readily accessible to others. But there are even exceptions to this, where organizations in both the public and private sectors have been careless with people's personal details which can end up in the public domain where they should not be.

However, in countries where there are strong privacy laws, there are Privacy Commissioners Offices that oversee these issues. When there are serious privacy breaches these Offices conduct investigations as to how such large (or even small) amounts of personal information of individuals emerged into the public domain. Such investigations, when concluded, lay out the problems and the issues arising as to how such information needs to be protected and measures put in place to prevent leakages in future. These investigations always make recommendations on how to remedy any breaches. Recommendations are made by the privacy officials and released to the public. The offenders are required to uphold them. Another positive side effect of these actions is the idea that this assures the citizen at large that governments are concerned about breaches of their individual privacy.

Many governments around the world do put up the names of many of their officials on their web sites. For example, on the Canada site (http://canada.gc.ca) there is a directory of government officials on the main page. One can click on and scroll down the list of employee names. However, all that is revealed is the individual's name, title and office number and in some case the email address. This is transparency at its best as it allows an outsider to contact officials or employees but does not cross their public life to their personal life. This is an important distinction. Public employees are identified only in their public capacity but not their private lives. Even a public employee's salary is not given in the exact amount but only as a range for the particular position held.

Thus, it is evident that freedom of information laws are critical in a society, as such laws allow access to the practices of governments and give access to wide amounts of information that can be valuable to individuals and groups alike. Privacy laws allow the individual to know what personal information the government has on them and gives not only the right of access but the ability to expunge data in their individual file. Both freedom of information and privacy laws encompass important values. Information laws act as a catalyst to share information and knowledge.

http://www.rileyis.com

Cyber Attacks Target Pro-Tibet Groups

Human rights and pro-democracy groups sympathetic to anti-China demonstrators in Tibet are being targeted by sophisticated cyber attacks designed to disrupt their work and steal information on their members and activities. Experts say attributing such attacks to any one group or government is extremely difficult, as computer systems that appear to be the source of malicious activity online often are controlled by persons or groups using computers in completely different locations.

http://www.washingtonpost.com/wp-dyn/content/article/2008/03/21/AR2008032102605.html