Archive for August, 2010

South Korea: Personal Information Requirement Halted For the Moment

By Tsering

Flickr Creative Commons | Sébastien Bertrand

By Lee Yoo Eun | Global Voices Online | August 3, 2010

In South Korea, a deal that could trigger mass personal information leakage was blocked at the last minute by public opposition. As one Korean portal giant’s attempt to gather private information was thwarted, a public notion has formed that we have let things go too far.

What is different between for instance Google and the Korean blogging and social networking web sites is that you need to fill in all the basic, crucial personal information when registering. In the case of Naver, Daum and numerous other major sites, it is mandatory to write down your real full name and your social security number as a first step. After you write down these two, the security software matches them and confirms your identification. Next, you need write down your information in several must-fill blanks which include your home address, home phone numbers, cell phone number and sometimes your occupation.

Nate.com, is a South Korean major web portal, developed by SK Telecom, and owner Cyworld, a Korean version of Facebook. Last week, it took one bold step further into collecting its members’ MAC addresses and computer names. This move faced a huge public backlash and within a day Nate backed off.

MAC number, or Mac address is a unique identifier assigned to network adapters or network interface cards (NICs) usually by the manufacturer. Unlike IP address that can sometimes be changed, with the MAC you can identify the computer’s information more accurately. For ordinary people, the once-given MAC address works as the PC’s social security number.

Nate explained its’ move to collect the information was purely for security purpose, as to wrote in the notice ‘to prevent inappropriate use of the web site by ill-intentioned members and to block unauthorized usage of the site‘. If the member disagrees with the new policy, the only option he can take is to delete his Nate account. When this emails were sent to members, internet users erupted with criticisms that it is a de facto leakage of private information, or at least it paves the way into the mass leakage. Many have even threatened the corporate that they will delete their Nate and Cyworld accounts.

A blogger Kotone commented this kind of move freaks people out and voiced out worries that the information might be used in government’s crackdown on its’ people. The blogger also pointed out a disastrous mistake done by another SK owned web-site in the first week of July. Egloos site accidentally opened the access to every blogs to everyone for 21 minutes, giving powers to anyone to write, edit and delete other’s blog contents without even logging into.

SK커뮤니케이션즈가 네이트의 개인정보취급방침을 변경하면서 MAC 주소와 컴퓨터 이름도 수집한다는군요. 어쩌면 정부를 …(비판하는) 베플을 올린 사람의 신원과 거주지를 특정할 수 있는 정보를 요구받을 때에 쓴다거나…참고로 같은 SK 소속의 이글루스는 최근에 이용자 권한을 30분간 무한개방(?)하는 사고를 낸 적도 있기 때문에 불안감이 급증하는군요. 후덜덜.

The SK communications announced that they will change the Nate’s privacy policy into collecting the MAC address and computer names. Perhaps this information on personal profiles and individual’s whereabouts can be used to track down the government’s vocal critics…FYI, the Egloos site which runs under the same SK Groups made a huge accident recently of giving the owner status to anyone for about 30 minutes. So this move makes me feel really uneasy and gives me chills.

There is a fine line between requesting more information for security and allowing less information for privacy. A blogger DLSH 1601 called this dilemma as a double-edged sword and listed the pros and cons of the move. Later the blogger mentioned that if Nate were doing this purely for prevention of crime, it is understandable, but it needs to be aware of the high risk it brings.

MAC 주소와 컴퓨터 이름을 갖고 있으면, 해당 PC 위치를 정확히 잡아낼 수 있다. 이는 양날의 칼이다. 좋게 보면, 이같은 정책은 사이버 범죄를 예방하고 사후 검거율도 높일 수 있다. 메신저 피싱 범죄를 모의하는 사람이 미리 겁먹고 사전 시도를 못하는 효과를 주게 된다. 은행이나 으슥한 골목에 CCTV를 달아두는 것과 비슷한 이치다.

With the MAC address and the computer name, you can track down the exact location of the PC. This information works like a double-edged sword. From optimistic perspective, it can help prevent the online crime and increase the successful arrest rate. And it may scare away the people who collude with other criminals to commit messenger phishing scam. It works very similar with installing the CCTVs in dark alleyways and in banks.

반대로, MAC 주소가 든 서버를 누군가 해킹할 경우 위험도 그만큼 커진다. MAC 주소를 알면 해당 PC 이용자 온라인 행적을 시간대별로 파악할 수 있기 때문이다. 이런 식으로 MAC 주소를 빼가는 프로그램이 인터넷으로 은밀히 떠도는 것도 공공연한 비밀이다. 실제로 2008년께 금융권이 MAC 주소를 수집한다는 사실이 알려지며 개인정보 유출 위험에 대한 논란이 벌어지기도 했다.

On the other hands, if one knew the MAC address to the PC, (depending on who that ‘one’ is) the risk can be magnified. With the MAC address, you can grasp the sequence of the PC user’s actions (for example) on an hourly basis. It is an open secret that the software that steals the MAC addresses is illicitly circulating online. In fact in 2008, when it was disclosed that some financial institutions collected the MAC address, a huge controversy on the risky situation under which private information is was erupted.

The blogger later went on commenting that this is not the issue only applies to one Korean company.

이번 논란으로 네이트온은 숙제를 떠안았다. 정보보호 강화와 이용자 사생활 침해 위협 사이에서 어떡하면 지혜로운 해법을 내놓을 수 있을까. 이는 비단 네이트온에 국한된 문제만은 아니다. 인스턴트 메신저를 제공하는 마이크로소프트, 야후 등도 현명한 줄다리기를 해야 할 시점이다. 해묵고도 어려운 문제지만, 한 가지는 확실하다. 칼은 결국 쓰는 자 의지에 따라 용도가 달라진다는.

By this case, the Nate On(Nate’s instant message software) was given an assignment of how it will balance and come up with wise strategies between the security and the threat to the privacy. It is not the question only Nate has to deal with. Microsoft and Yahoo who provide the instant message service have to perform a cleaver tug-of-war between two values. It is an old and complicated issue, but one thing stands firm; the sword can be used very differently according to its’ master’s intention.

A blogger Darkel commented that this single incident speaks to a broader tendency of the Korean companies who treat private information so lightly.

적잖은 커뮤니티들이 가입시 이름, 주민등록번호, 집 주소와 휴대폰 번호에 직업 등을 아무렇지도 않게 요구한다는 것을 생각하면 정말 그야 말로 넷상에서 가져갈 수 있는 모든 개인정보를 공짜로 아무렇지도 않게 쪽쪽 빨아드시겠다는 심보다…대체 인터넷으로 메일을 이용하고, 메신저를 이용하며, 카페-혹은 클럽-에 가입하는데 집주소와 직업이 필요한 이유는 무엇일까?…이전부터 자주 이야기했지만 최근 넷상에서는 개인정보를 너무도 아무렇지 않게 취급하는 경향이 높아지고 있다. ID와 비밀번호만이 지켜야 할 정보는 아니다… 사실 대부분의 사이트에서 개인정보를 수집하는 목적은 ‘본인확인’보다는 광고메일과 스팸문자를 보내기 위한 것일 가능성이 높다. 광고를 의뢰한 개인이나 단체에는 제공되지 않는다 하더라도 소위 말하는 ‘스팸’들은 이것 때문에 발생하는 경향이 높다. 모 사이트에 가입한 이후 스팸이 늘었어요. 라는 경험을 해본 사람이 많다.

Not a few (online) community site ask people’s name, social security number, home phone number, mobile number and occupation so carelessly. It is as if they can suck in every information available on the web without ever paying for it…Why anyone needs to know our home address and our jobs when we are just using the email, messenger service and register to a internet café or club? We have been voicing out worries on this issue so many times before that the tendency of loose handling of personal information gets so wide-spread. It is not only people’s IDs and the passwords that worth the protection…I believe one of main purposes of collecting personal information in most sites is to send spam while the identification verification is a minor reason. Even though the personal information may not be handed to other individuals and entities as the site’s privacy policies claim, we still get the spam via that route. There are lots of people experienced a sudden increase of spam after they registered to certain sites.

The blogger later added that the Korean society is becoming more like a Truman show’s reality with constant information leaks and the omnipresent CCTVs.

개인정보는 자의 반 타의반으로 공중에 떠돈다. 아동, 청소년 대상 성범죄자의 신상정보’ 사이트는 개장 하루만에 다운 됐다. 조금만 시간이 지나면 넷상에는 인증받지 않아도 볼 수 있도록 떠돌 것이다. 범죄자의 인권에 대해 논할 생각은 없지만 한번 오픈된 정보는 숨길 수 없다. 범죄의 증거로서 각광받고 있는 CCTV는 점차 설치 장소가 늘어나고 있다. 심지어 충북도는 도내 초,중고,특수학교 등 483곳 모든 학교에 CCTV 감시체제를 구축한 뒤 실시간 모니터링이 가능하도록 책임자를 지정,운영할 계획이다. 이미 우리가 하루에 만나는 CCTV는 트루먼 쇼를 연상시킬 만큼 많다.

Personal information is drifting in the air, half intended and half-unwillingly. A government site releasing the criminal’s profiles who especially assaulted heavy crimes on children went down due to heavy traffic as soon as it opened. I bet, after few days later the criminal’s profile will be circulating all over the internet so anyone can read it without authorization. I don’t want to talk further on the criminals’ human rights, but one thing to remember is that once the information is disclosed, there is no way of undisclosing it. People enthusiastically greeted CCTV as it can be used as evidence in crime cases and many CCTVs are installed in more places. Especially the Choonchung Province is planning to install CCTV every 483 elementary/junior high/high/special schools and place personnel on charge of real-time monitoring. There are so many CCTV in our lives, numerous enough to remind us of the Truman show.

Whether or not it is Truman reality, many Koreans are still wondering where all the spam they are getting everyday via email and cell phone are coming from. You can’t blame them for suspecting big corporate in leaking personal information.

Tibet Steps Up Web Controls

By Tsering

Flickr Creative Commons | SFTHQ

By He Ping & Yang Jiadai | Radio Free Asia | August 2, 2010

HONG KONG—Chinese authorities in Tibet have ordered Internet cafes across the region to finish installing state-of-the-art surveillance systems by the end of the month, industry sources and local media said.

“All the Internet cafes must now install it,” said Chen Jianying, head of the customer service department of the industry group Internet Cafes Online.

“This is a nationwide policy which is part of the implementation of the real-name registration system,” Chen said.

According to a report carried on the official China Tibet News website last week titled “Long-range Surveillance of the Internet,” all computers installed in enterprises that offer services to the public must install the system.

The proprietor of an Internet cafe in the Tibetan capital, Lhasa, which is still under tight security following widespread Tibetan unrest beginning in March 2008, confirmed the scheme is already in full swing.

He said he had already been to the police station for training in how to run the system.

“The system should be up and running now,” the business owner said. “I heard the technical people saying that the last time I attended a meeting.”

“It’s pretty convenient because they can configure it directly from higher up if the guidelines change.”

He said the new system will mean tighter online controls.

“If there is something that is being controlled, there’s no way anyone will get to see it. It’s definitely a tighter form of control,” he said.

The China Tibet News website also reported that the Tibet Autonomous Region (TAR) government has already inaugurated its long-range surveillance system.

Calls to the cultural department of the TAR government went unanswered during office hours Friday.

Youth ‘guidance’

Local media also reported that the department has dispatched engineers throughout Tibet to install the new system in individual Internet cafes, and to train business owners and technical staff in its operation.

Funding is already in place for the project, and all Internet cafes in the region are now effectively implementing a real-name registration system.

Under the nationwide scheme, which took effect Aug. 1, second-generation identity cards belonging to the person using the Internet must be swiped to allow online access. Viewed content can then be traced back to that identity, using the the surveillance system.

One of the touted benefits of the scheme is that it aims to prevent minors from accessing inappropriate content online.

But Zhang Tianliang, an electronic engineer and professor at George Mason University, said he believes there is another motive behind the move.

“There has to be a question mark over why the government is installing such a surveillance system in Tibet right now,” Zhang said.

“The Chinese Communist Party has always used cleaning up pornography as an excuse.”

Retired Nanjing University professor and civil rights activist Sun Wenguang agreed.

“You can’t control young people on the Internet,” Sun said. “Of course their parents can exercise appropriate guidance.”

“The starting point of the whole real-name registration policy is that they are afraid that [viewers] will see content from outside China, content that they are trying to block,” he added.

“Real-name registration will limit the amount of external information that young people are able to see, and I think that is undesirable.”

Original reporting in Mandarin by He Ping and Yang Jiadai and in Cantonese by Hai Nan. Translated from the Chinese and written in English by Luisetta Mudie.

Democracy, Human Rights and Labor on the Colbert Report

By Ebele Okobi | Global Head, Yahoo! BHRP

Well, it’s the Col-BEAR Re-PORH, and not “Meet the Press”, but the self-proclaimed defender of truthiness did sneak in incisive questions about the US commitment to human rights (including Internet freedom) in the US and abroad and about some of the inherent conflicts when different human rights appear to collide.

Assistant Secretary of State Michael Posner on the Colbert Report

RSS Open Net Initiative

  • Internet Censorship and Control Papers June 19, 2013
    The Berkman Center is pleased to share that Berkman Fellow Hal Roberts and Steven J. Murdoch of the University of Cambridge Computer Laboratory have edited a collection of papers on Internet Censorship and Control that are now available online as an open access collection at https://cyber.law.harvard.edu/pubrelease/internet-control/. They write, "The In […]
    rtabasky
  • Berkman Buzz: July 20, 2012 July 20, 2012
    The Berkman Buzz is selected weekly from the posts of Berkman Center people and projects.To subscribe, click here. We are delighted to announce a Call for Papers for The Kinder & Braver World Project: Research Series (danah boyd and John Palfrey, editors) presented by the Berkman Center and the Born This Way Foundation, and supported by the John D. & […]
    rtabasky
  • Berkman Buzz: July 6, 2012 July 6, 2012
    The Berkman Buzz is selected weekly from the posts of Berkman Center people and projects.To subscribe, click here. The Berkman Center is hiring! We are now accepting applications for a number of technically-inclined leadership positions. Technology can't improve schools all on its own When it comes to using educational technology in the classroom, it se […]
    rtabasky
  • OpenNet Initiative (ONI) Year in Review 2011 April 24, 2012
    The Berkman Center for Internet & Society is pleased to share the OpenNet Initiative (ONI)'s annual roundup of top instances of filtering, surveillance, and information warfare around the globe: 2011 Year in Review 2011 was an eventful year with respect to filtering and surveillance. Among the year's most well-known events are the introduction […]
    ashar
  • Berkman Buzz: April 6, 2012 April 6, 2012
    The Berkman Buzz is selected weekly from the posts of Berkman Center people and projects.To subscribe, click here. Yochai Benkler defends Anonymous in Foreign Affairs Seeing Anonymous primarily as a cybersecurity threat is like analyzing the breadth of the antiwar movement and 1960s counterculture by focusing only on the Weathermen. Anonymous is not an organ […]
    rheacock