IM spreading spyware and spam

In yesterday's New York Times, Sandeep Junnarkar described yet another malware trend: "Nick Groleau, a 40-year-old technical manager from Mountain View, Calif., received a message last month from a friend on his AOL Instant Messenger buddy list alerting him that Osama bin Laden had been captured. When he clicked on a link ostensibly directing him to a news article, it took him instead to a site offering a game to download. Although Mr. Groleau declined to download the game, his friend admitted that she had done so... Clicking on the link not only installed a game but also added a slick trick to propagate itself across the AOL Instant Messenger network, known as AIM. When gamers accepted the terms and conditions for installing the application, they inadvertently let the program send the same invitation to contacts on their buddy list. Downloading the game also installed adware - software that runs undetected, tracking users' Web habits and interests, presenting pop-up advertisements and resetting the home page. 'This was not e-mail from some random person,' Mr. Groleau said. 'It came through AIM from someone I personally know. I clicked on the link right away.' It is that reflex that the perpetrators are counting on to transform IM services into a handy route to deliver spam (known as "spim" on IM), unleash viruses, create back doors into the systems of unsuspecting users and cause general mayhem across the Internet..."

Germany raids racist songswappers

According to Agence France Presse, "German police swooped on more than 300 homes across the country to smash an Internet ring trading neo-Nazi and racist songs. The federal crime office (BKA) said it had opened probes against 342 suspects in 15 of Germany's 16 states believed to be involved in trading songs online with banned lyrics...."

WTO says US ban on online gambling is illegal

Matt Richtel reports in today's New York Times on a precedent-setting case we saw coming last August: "The World Trade Organization, in its first decision on an Internet-related dispute, has ignited a political, cultural and legal tinderbox by ruling that the United States policy prohibiting online gambling violates international trade law. The ruling, issued by a WTO panel on Wednesday, is being hailed by operators of online casinos based overseas as a major victory that could force America to liberalize laws outlawing their business. But the Bush administration vowed to appeal the decision, and several members of Congress said they would rather have an international trade war or withdraw from future rounds of the World Trade Organization than have American social policy dictated from abroad..."

FCC approves integrated system for Internet, entertainment and surveillance in airplanes

The US Federal Communications Commission has approved plans to blanket the United States and the Caribbean with antennas to communicate with airplanes and provide aerial telephony, inflight entertainment, video monitoring of the airplanes' interiors, and high-speed Internet access, all in one package of services from SkyWay Communications. SkyWay also proposes to use their network to relay real-time video from cameras on the outside the aircraft, for overhead monitoring of "airports, seaports, dams, nuclear power plants, gas and oil facilities, shipping containers, emergency medical services and a host of other emergency applications." See Skyway's press release for more about this ambitious project, which raises multiple privacy issues.

WWW.TERROR.NET

Following up our recent item on "How Al-Quaeda Uses the Internet," Gabriel Weimann, a researcher at the US Institute for Peace, has released a new report entitled "www.terror.net: How Modern Terrorism Uses the Internet." In it he describes "eight different uses that terrorists make of the Internet. These range from conducting psychological warfare to gathering information, from training to fundraising, from propagandizing to recruiting, and from networking to planning and coordinating terrorist acts. In each instance, we offer concrete examples drawn from our own research, from cases reported in the media, and from contacts with Western intelligence organizations. Although the bulk of the report amounts to a strong argument for the political, intelligence, and academic communities to pay much more attention to the dangers posed by terrorists' use of the Internet, the report concludes with a plea to those same communities not to overreact. The Internet may be attractive to political extremists, but it also symbolizes and supports the freedom of thought and expression that helps distinguish democracies from their enemies. Effective counterterrorist campaigns do not require, and may be undermined by, draconian measures to restrict Internet access."

Wise words, those. Weimann's report discusses websites linked to terrorism in the past, but for more up-to-date URLs see Michelle Delio's latest Wired Online article ("Al Qaeda Website Refuses to Die") and "Terrorists online: a 21st Century battlefront" by Frances Till, for New Zealand's National Business Review.

EU considering mandatory data retention

The latest issue of EDRI-gram: Digital Civil Rights in Europe is full of important news. To start with, editor Sjoera Nas says "EDRI has obtained secret documents in preparation of a Declaration against Terrorism that will be published during the Spring Summit of EU heads of state... The document from the Irish Presidency to the Council says: 'The European Council, with a view to the further development of the legislative framework set out above, instructs the Council to examine measures in the following areas: proposals for establishing rules on the retention of communications traffic data by service providers; (...)', and: 'Priority should be given to the proposals under the retention of communication traffic data (...) with a view to adoption by June 2005.'

..."[The] proposal from the Commission goes way beyond the immediate threat of terrorism and reads more like a general call for heavy electronic surveillance of all European citizens. The Commission paper mentions the need to enhance the exchange of data in general, 'including through enhanced access to data not produced for law enforcement purposes.'"

Click here for the full text of the Draft Declaration on Terrorism, as well as an EC background Paper justifying its requests to the Council.

Other important stories in the EDRI-gram:

• "The Italian government has issued a decree on Friday 12 March that puts a fine of 1.500 euro on the internet file-sharing of feature movies. On top of the fine, computers and digital storage media can be seized. To complete the humiliation for the file-sharer, the sentence has to be published in 1 national daily newspaper and 1 specialised entertainment magazine... [Internet] Service providers that have knowledge of a copyright violation but do not file an official complaint with the judicial authorities, risk a fine of between 25.000 and 250.000 euro... The decree is formulated in such broad terms, that the Italian chapter of the Internet Society worries that the distribution of file-sharing software, and even the presentation of a hyperlink might be considered as promotions of crime, and therefore punished severely. In fact, the decree makes it possible to punish intentions, rather than actual committed violations...

  "The decree has been approved only by the Ministers. It was published in the official State Journal on 23 March. It must be converted [into] a law by the Parliament within 60 days after publication, or will lose its effectiveness. The text now only refers to cinematographic works, but Minister Urbani has already announced that he will extend the scope of the decree to include music and software..."

• Germans consider prison sentence for spammers...
• "The Dutch Supreme Court has ruled that the Dutch internet provider XS4ALL is permitted to refuse spam on its network. It is the first time that a supreme court in Europe has ruled on the rights of spammers...."
• "The Belgian government has announced plans to give every inhabitant of Belgium a free e-mail address. That is, every Belgian can ask for a free e-mail alias that can only be used to communicate with the different governmental authorities. This address will be included in the national population database, alongside [each citizen's] street address, city and date of birth..."

NTIA commits to reforming ICANN

ICANNfocus notes that the US "Department of Commerce's Strategic Plan for FY 2004-2009 discusses the need for NTIA [the National Telecommunications and Information Administration] to take action to reform ICANN... [The] Plan states that, 'A number of internet-related policy issues require NTIA action, including...ICANN reform and continuing Internet privatization, domain name management both domestically and internationally, proposals to regulate internet services and content...' The Plan goes on to state that 'All of these activities will require substantial coordination among NTIA's program offices, as well [as] interagency coordination to develop the Administration's positions'..."

Global Forum on Internet Governance

A cocktail party this evening marks the start of the UN ICT Task Force's Global Forum on Internet Governance. The schedule for Thursday's and Friday's presentations and discussions can be found online here. A collection of background papers is here. An Online Forum on Internet Governance was created with four "threads" of discussion open to the public. Still we haven't found a link for live streaming-video coverage of the Forum, or a blog in which attendees will be posting real-time notes. If anyone can point us to such resources, we will be forever grateful.

10 new TLDs proposed

Last Friday, ICANN announced that it had received 10 applications for new sponsored global top-level domains: "An unsponsored TLD operates under policies established by the global Internet community directly through the ICANN process, while a sponsored TLD is a specialized TLD that has a sponsor representing the narrower community that is most affected by the TLD. The sponsor thus carries out delegated policy-formulation responsibilities over many matters concerning the TLD...." The proposed sTLDs are:

Proposed TLD	Sponsor	Web Address
.asia	DotAsia Organisation Limited	www.dotAsia.org
.cat	Fundacio puntCAT (formed only if the TLD is delegated)	www.puntcat.org
.jobs	Society for Human Resource Management	www.shrm.org
.mail	The Anti-Spam Community Registry	www.spamhaus.org
.mobi	Mobi JV (working name)	www.mtldinfo.com
.post	Universal Postal Union (UPU)	www.upu.int
.tel	pulver.com	www.pulver.com
.tel	Telname Limited	www.telname.com
.travel	The Travel Partnership Corporation	www.ttpc.org
.xxx	The International Foundation for Online Responsibility	www.iffor.org

The public can submit comments on the proposed sTLDs throughout the month of April. In May, "an independent evaluation panel" will review the applications. The Legal Media Group says that for domains satisfying the criteria announced last December, "ICANN will enter into detailed negotiations with the applicants. The first new sTLDs could be available as early as next year."

Progress on e-commerce treaty

From the UN News Centre: "The chief United Nations body overseeing international trade law policies has taken a step closer to a treaty that would create a unified legal regime for worldwide electronic commerce, removing barriers and lowering costs for companies using the Internet to conduct business. The recommendation on a draft text adopted Friday [19 March] at the conclusion of a week-long meeting by the UN Commission on International Trade Law's (UNCITRAL) Working Group on Electronic Commerce will be submitted to the Commission's next full session in June... 'The problem is that, in international business, different countries have different legal rules for contracts,' [said Jeffrey Chan, chairman of the Working Group] ...Companies often must hire lawyers in different countries to advise them, adding to the cost of doing business. The chairman said that with a treaty to create a uniform legal regime for such transactions, confidence in e-commerce would get a boost and costs could be cut... Jonas Astrup, who attended the meeting for the International Chamber of Commerce, said his organization favoured the alternative of self-regulation by industry. The ICC is addressing the contractual questions of e-commerce by developing 'e-Terms 2004,' voluntary rules to help companies negotiate contracts electronically..."