cypherpunks-legacy
Threads by month
- ----- 2025 -----
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1998 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1997 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1996 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1995 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1994 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1993 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1992 -----
- December
- November
- October
- September
July 2018
- 1371 participants
- 9656 discussions
ANNOUNCING Tahoe, the Least-Authority File System, v1.9.1
The Tahoe-LAFS team has announced the immediate availability of
version 1.9.1 of Tahoe-LAFS, an extremely reliable distributed
storage system. Get it here:
https://tahoe-lafs.org/source/tahoe-lafs/trunk/docs/quickstart.rst
Tahoe-LAFS is the first distributed storage system to offer
"provider-independent security" b meaning that not even the
operators of your storage servers can read or alter your data
without your consent. Here is the one-page explanation of its
unique security and fault-tolerance properties:
https://tahoe-lafs.org/source/tahoe-lafs/trunk/docs/about.rst
The previous stable release of Tahoe-LAFS was v1.9.0, released
on October 31, 2011.
v1.9.1 is a critical bugfix release which fixes a significant
security issue [#1654]. See the NEWS file [1] and known_issues.rst
[2] file for details.
WHAT IS IT GOOD FOR?
With Tahoe-LAFS, you distribute your filesystem across
multiple servers, and even if some of the servers fail or are
taken over by an attacker, the entire filesystem continues to
work correctly, and continues to preserve your privacy and
security. You can easily share specific files and directories
with other people.
In addition to the core storage system itself, volunteers
have built other projects on top of Tahoe-LAFS and have
integrated Tahoe-LAFS with existing systems, including
Windows, JavaScript, iPhone, Android, Hadoop, Flume, Django,
Puppet, bzr, mercurial, perforce, duplicity, TiddlyWiki, and
more. See the Related Projects page on the wiki [3].
We believe that strong cryptography, Free and Open Source
Software, erasure coding, and principled engineering practices
make Tahoe-LAFS safer than RAID, removable drive, tape,
on-line backup or cloud storage.
This software is developed under test-driven development, and
there are no known bugs or security flaws which would
compromise confidentiality or data integrity under recommended
use. (For all important issues that we are currently aware of
please see the known_issues.rst file [2].)
COMPATIBILITY
This release is compatible with the version 1 series of
Tahoe-LAFS. Clients from this release can write files and
directories in the format used by clients of all versions back
to v1.0 (which was released March 25, 2008). Clients from this
release can read files and directories produced by clients of
all versions since v1.0. Servers from this release can serve
clients of all versions back to v1.0 and clients from this
release can use servers of all versions back to v1.0.
This is the sixteenth release in the version 1 series. This
series of Tahoe-LAFS will be actively supported and maintained
for the foreseeable future, and future versions of Tahoe-LAFS
will retain the ability to read and write files compatible
with this series.
LICENCE
You may use this package under the GNU General Public License,
version 2 or, at your option, any later version. See the file
"COPYING.GPL" [4] for the terms of the GNU General Public
License, version 2.
You may use this package under the Transitive Grace Period
Public Licence, version 1 or, at your option, any later
version. (The Transitive Grace Period Public Licence has
requirements similar to the GPL except that it allows you to
delay for up to twelve months after you redistribute a derived
work before releasing the source code of your derived work.)
See the file "COPYING.TGPPL.rst" [5] for the terms of the
Transitive Grace Period Public Licence, version 1.
(You may choose to use this package under the terms of either
licence, at your option.)
INSTALLATION
Tahoe-LAFS works on Linux, Mac OS X, Windows, Solaris, *BSD,
and probably most other systems. Start with
"docs/quickstart.rst" [6].
HACKING AND COMMUNITY
Please join us on the mailing list [7]. Patches are gratefully
accepted -- the RoadMap page [8] shows the next improvements
that we plan to make and CREDITS [9] lists the names of people
who've contributed to the project. The Dev page [10] contains
resources for hackers.
SPONSORSHIP
Atlas Networks has contributed several hosted servers for
performance testing. Thank you to Atlas Networks [11] for
their generous and public-spirited support.
And a special thanks to Least Authority Enterprises [12],
which employs several Tahoe-LAFS developers, for their
continued support.
HACK TAHOE-LAFS!
If you can find a security flaw in Tahoe-LAFS which is serious
enough that we feel compelled to warn our users and issue a fix,
then we will award you with a customized t-shirts with your
exploit printed on it and add you to the "Hack Tahoe-LAFS Hall
Of Fame" [13].
ACKNOWLEDGEMENTS
This is the tenth release of Tahoe-LAFS to be created solely
as a labor of love by volunteers. Thank you very much to the
team of "hackers in the public interest" who make Tahoe-LAFS
possible.
Brian Warner
on behalf of the Tahoe-LAFS team
January 12, 2011
San Francisco, California, USA
[#1654] https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1654
[1] https://tahoe-lafs.org/trac/tahoe-lafs/browser/NEWS.rst
[2] https://tahoe-lafs.org/trac/tahoe-lafs/browser/docs/known_issues.rst
[3] https://tahoe-lafs.org/trac/tahoe-lafs/wiki/RelatedProjects
[4] https://tahoe-lafs.org/trac/tahoe-lafs/browser/COPYING.GPL
[5] https://tahoe-lafs.org/trac/tahoe-lafs/browser/COPYING.TGPPL.rst
[6] https://tahoe-lafs.org/trac/tahoe-lafs/browser/docs/quickstart.rst
[7] https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev
[8] https://tahoe-lafs.org/trac/tahoe-lafs/roadmap
[9] https://tahoe-lafs.org/trac/tahoe-lafs/browser/CREDITS
[10] https://tahoe-lafs.org/trac/tahoe-lafs/wiki/Dev
[11] http://atlasnetworks.us/
[12] http://leastauthority.com/
[13] https://tahoe-lafs.org/hacktahoelafs/
_______________________________________________
tahoe-announce mailing list
tahoe-announce(a)tahoe-lafs.org
http://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-announce
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
Re: [cryptography] (off-topic) Bitcoin is a repeated lesson in cryptography applications - was "endgame"
by lodewijk andri de la porte 05 Jul '18
by lodewijk andri de la porte 05 Jul '18
05 Jul '18
>
> That's it! Now, leave aside the libertarian hopes and the politics and
> the freedom bias and right to code and the "this time it's different" and
> all that crap -- and ask yourself.
>
> Where do you want to invest your future?
>
I will invest my time and skill to improve the people's knowledge
and sovereignty. For the sake of brevity I will omit my reasons to do so.
I find that in a capitalist society everything starts with money. Anything
will have finances in it's foundation. If we are to create anything pure,
elegant and satisfying we've can't have shaky foundations; we can't have
bad money. Improving money will improve everything.
Whether or not Bitcoins can do it, I can't be sure. I think it has the
potential to. What better way to spend our time than to try and make it so?
Thank you for the e-mail iang. I very much appreciate it.
_______________________________________________
cryptography mailing list
cryptography(a)randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
05 Jul '18
Although your provocative statement tries so hard to be provocative it
fails to be true, there's clearly a kernel of truth there -- and there's no
argument at all that Tahoe needs better monitoring and more transparency.
The arguments make are the basis for the approach I (successfully) pushed
when we started the VG2 grid: We demand high uptime from individual
servers because the math of erasure coding works against you when the
individual nodes are unreliable, and we ban co-located servers and prefer
to minimize the number of servers owned and administered by a single person
in order to ensure greater independence.
How has that worked out? Well, it's definitely constrained the growth rate
of the grid. We're two years in and still haven't reached 20 nodes. And
although our nodes have relatively high reliability, I'm not sure we've
actually reached the 95% uptime target -- my node, for example, was down
for over a month while I moved, and we recently had a couple of outages
caused by security breaches.
However, we do now have 15 solid, high-capacity, relatively available (90%,
at least) nodes that are widely dispersed geographically (one in Russia,
six in four countries in Europe, seven in six states in the US; not sure
about the other). So it's pretty good -- though we do need more nodes.
I can see two things that would make it an order of magnitude better:
monitoring and dynamic adjustment of erasure-coding parameters.
Monitoring is needed both to identify cases where file repairs need to be
done before they become problematic and to provide the node reliability
data required to dynamically determine erasure coding parameters.
Dynamic calculation of erasure coding parameters is necessary both to
improve transparency and to provide more reliability. The simple 3-of-7
(shares.total is meaningless; shares.happy is what matters) default
parameters do not automatically provide high reliability, even if server
failure is independent (and the direct relationship between individual
server reliability and K/N is meaningless; it's more complicated than that).
The only way erasure coding parameters can be appropriately selected is by
doing some calculations based on knowledge of the size of the available
storage nodes and their individual reliabilities. Since these factors
change over time, therefore, the only way to know what the parameters
should be at the moment of upload is calculate them dynamically.
Specifically, N/H should be set to the number of storage nodes currently
accepting shares and K should be computed to meet a user-specified per-file
reliability probability over a user-specified timeframe (the repair
interval).
Not only would this approach make it easier for users to specify their
reliability goals (at the expense of less-predictable expansion), it would
also make Tahoe inherently more robust, particularly if it actually
observed and measured individual node reliabilities over time, with
conservative initial assumptions. It would likely reduce failure-to-upload
errors, because rather than just giving up when there aren't "enough"
storage nodes available, it would just increase redundancy. At the same
time, it would be able to properly fail uploads when it is simply
impossible to meet the desired reliability goals.
It would also simplify repair and monitoring, at least from a conceptual
perspective. The goal of a "reliability monitor" would be to check to see
if, under current estimates of reliability of the nodes holding a file's
shares, if that file's estimated reliability meets the stated user
requirement (assuming independence of node failures -- interdependence
actually could also be easily factored into the calculations, but
configuration would be a bear and it would require lots of ad-hoc estimates
of hard-to-measure probabilities). It wouldn't even be difficult to
include path-based considerations in reliability estimates.
The biggest downside of this approach, I think, would be that it would
still be hard to understand how the specified reliability relates to the *
actual* file reliability, because it would be neither an upper bound nor a
lower bound but an estimate with unknown deviation.
--
Shawn
_______________________________________________
tahoe-dev mailing list
tahoe-dev(a)tahoe-lafs.org
http://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
One of the reasons e.g. BitTorrent works so great is that when you
receive a piece from someone, you can trade it for another piece with
anyone else in the swarm without that piece. This works since everyone
on a torrent (typically) are interested in the same file. With
multi-file torrents this assumption is extended to several files as well.
In the file-based filesharing world (ed2k, gnutella) the same assumption
hold, but but only for one file. And with batchtorrents, this assumption
might brake even with torrent; one might only want a few files, (and
e.g. using Azureus not even request the other files).
Still, two people downloading an episode from same tv-series are quite
likely to be interested in the same files, and thus they might benefit
from trading.
Has any research been done on how these peers with common interests can
find each other?
Mainly it's about finding the peer with the most coinciding interest.
Still, other factors play in, such as the resources available (does the
peer lack trading partners, i.e. has bandwidth to spare?) in finding a
good match. On the networklevel it might also be good to find a balance
between finding the "best" peer and creating a well-connected network
(avoiding cliques and bottlenecks). Moreover, as interest's change over
time, how should this be handled? (The more coinciding the interests,
the longer it should take for them to deviate from each other.)
This is question is quite similar to finding a peer with pieces of a
file you're interested in (that you don't already have). (The difference
being that in the former, you search for _potential_ bearers of the
piece.) Here the problem of matching a large number of preferences shows
(namely the pieces; there are usually quite a few of them). The same
things happens with many (especially small) files.
In the search-layer I believe this is usually handled either not at all
(random) or in a binary way (complete file vs. only pieces of it), and
leaving the details to the strict peer-to-peer chatting. Would there be
any point in using more detailed information of finished pieces in the
search layer? Would there be any use to use different resolutions (e.g.
10 pieces resolution might be: piece 1-10: none finished, 11-20: all,
21-29: some)?
An interesting take on this is the perspective of piece-based networks,
where one searches for every piece separately. Here it's even more
obvious how much one would benefit from finding people interested in the
same file (the same pieces). Yet, introducing things such as patches, it
would be pleasing to have a solution that didn't depend on peers wanting
the exactly same pieces (defined by the file), but just roughly the same.
/Vaste
_______________________________________________
p2p-hackers mailing list
p2p-hackers(a)zgp.org
http://zgp.org/mailman/listinfo/p2p-hackers
_______________________________________________
Here is a web page listing P2P Conferences:
http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net
[demime 1.01d removed an attachment of type application/pgp-signature]
1
0
The system involves each courier hand delivering the tape or the written
message to another courier or location without knowing the courier's
identity, the origin of the tape or message or its destination. It makes
it
almost impossible for intelligence agencies to roll up the entire
network.
http://abcnews.go.com/International/Terrorism/story?id=1527351
----- End forwarded message -----
How Does al Qaeda Send Terror Tapes Without Getting Caught?
Terror Network Uses Complex Messenger System, Which May Span Several
Countries
Analysis
by ALEXIS DEBAT
Jan. 20, 2006 . - The broadcast of terror tapes on al Jazeera highlights a
question that has haunted U.S. intelligence for a number of years now: How do
these tapes find their way to the offices of the Qatari news channel, and why
can't something be done to follow their trail to Osama bin Laden's doorstep?
This question remained largely unanswered until the arrest last May in
Pakistan of Abu Faraj al Libbi, one of al Qaeda's operational commanders.
Under intense interrogation, al Libbi revealed that Osama bin Laden's tapes --
like his operational directives -- are hand carried from courier to courier in
a long and intricate route that involves several dozen "runners."
According to al Libbi, it takes six to 12 weeks of travel in the remote and
inhospitable areas along the border between Afghanistan and Pakistan, where
bin Laden and Ayman al Zawahri are still hiding. Based on this piece of
intelligence, the Pakistani government succeeded in infiltrating parts of
these courier networks in 2005.
But because of the extraordinary precautions taken by al Qaeda's messengers,
the Pakistanis were unable to trace them back to either Zawahri or bin Laden.
The system involves each courier hand delivering the tape or the written
message to another courier or location without knowing the courier's identity,
the origin of the tape or message or its destination. It makes it almost
impossible for intelligence agencies to roll up the entire network.
Some of these intermediaries are recruited among the thousands of travelling
Muslim preachers who roam Pakistan's tribal and northern areas, usually on
foot.
Analysts believe this system is still in place today, and may span several
countries. According to a senior Pakistani intelligence source, the latest
tape was hand delivered by an anonymous source to al Jazeera's Dubai bureau in
the United Arab Emirates. The tapes are usually dropped off in an envelope at
al Jazeera's offices in the Pakistani capital, Islamabad.
A 'Back Channel' Relationship?
Many commentators suspect a "back channel" relationship between the news
channel and the terrorist organization. In 2005, al Jazeera reporter Taysir
Alluni, who had interviewed bin Laden in Afghanistan several weeks after 9/11,
was sentenced by a Spanish court to seven years in prison for providing help
to two al Qaeda operatives wanted in connection with the Madrid train bombings
in 2004.
Despite this high-profile case, there is little evidence of any formal
relationship, agreement or even sustained communication between al Jazeera and
al Qaeda. And al Jazeera strongly denies it.
Osama bin Laden's use of the Qatari news channel likely has more to do with
strategy than ideology. With its audience of 50 million to 70 million viewers
around the world, al Jazeera has emerged not only as the Muslim world's
most-watched news outlet but as a powerful force driving political views of
Muslims around the world.
By using al Jazeera to broadcast its messages, al Qaeda is simply borrowing
the network's global reach to further its own, while making sure that the
message will reach the audience with little alteration or editing, and no
mistranslation.
This is especially key when bin Laden or Zawahri, as Western intelligence
agencies report, wish to send covert messages to their operatives across the
world.
ABC News consultant Alexis Debat is a terrorism analyst and contributing
editor of the National Interest in Washington, D.C.
Copyright ) 2006 ABC News Internet Ventures
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
1
0
============================================================
EDRI-gram
biweekly newsletter about digital civil rights in Europe
Number 5.12, 20 June 2007
============================================================
Contents
============================================================
1. Update on a Council Framework Decision on the protection of personal data
2. PCDA brings a major change in the WIPO mandate
3. Pr|m's Treaty is now included into the EU legal framework
4. French collective society sues P2P producers
5. Privacy Ranking of Internet Service Companies
6. European Visa Information System accepted by the EU bodies
7. Google answers Article 29 Working Party on data protection standards
8. ENDitorial: The 2001 CoE Cybercrime Convention more dangerous than ever
9. Recommended Reading
10. Agenda
11. About
============================================================
1. Update on a Council Framework Decision on the protection of personal data
============================================================
The Council of the European Union disscused again in its Justice and Home
Affairs Council meeting on 12-13 June 2007 the Council Framework Decision on
the protection of personal data processed in the framework of police and
judicial co-operation in criminal matters, without making any clear steps
for its adoption or taking into consideration the European Data Protection
Supervisor (EDPS) comments.
The conclusions of the Council meeting note that the new framework decision
will be based on the Council of Europe established minimum data protection
principles set by the Convention of 28 January 1981 for the protection of
individuals with regard to automatic processing of personal data and its
Additional Protocol of 8 November 2001, including Recommendation (87)15
regulating the use of personal data in the police sector.
It also announced that it would "examine all solutions suggested by the
European Parliament" that voted in favour of amendments that would provide
stronger data protection, and expects "to reach a political agreement on
the proposal as soon as possible and at the latest by the end of 2007."
The Council conclusions did not give any consideration to the opinions
expressed earlier this year by the EDPS that advised against adopting the
proposal considering it failed to provide appropriate data protection.
EDPS reacted also to the latest conclusions by making an appeal to the
Portuguese presidency of the European Union in a public letter sent to the
Ministers for Justice and Interior . Peter Hustinx showed his concern
that a number of agreements on new anti-terrorist measures have been
concluded without fully considering the impact on fundamental rights.
"I fear that messages such as 'no right to privacy until
life and security are guaranteed' are developing into a mantra suggesting
that fundamental rights and freedoms are a luxury that security can not
afford. I very much challenge that view and stress that there should be no
doubt that effective anti-terror measures can be framed within the
boundaries of data protection" said Hustinx.
EDPS expresses his concern that such a negative approach to individual
privacy rights reveals an apparent lack of understanding of the framework of
human rights law. This framework has always allowed for necessary and
proportionate measures to combat crime and terrorism. This negative approach
also ignores the lessons learned about the abuse of fundamental rights from
dealing with terrorism within Europe's borders over the last 50 years.
EDPS also considered that its relationship with the Council of the European
Union needs further improvement. Consequently, he makes himself available as
an advisor on all matters concerning personal data processing so that the
Council may adopt effective and legitimate new policies.
The delay in adopting the Council Framework Decision has been criticized
also by the European Commission, through Vice-president Franco Frattini,
responsible for Justice, Freedom and Security that "regrets that the
Framework Decision is not yet adopted, in particular because the
Commission's proposal for the Framework Decision was already tabled in 2005
and it only establishes a minimum level of harmonisation of data protection
principles."
The Commission also encouraged the Council to give priority to the
discussions on the Framework Decision in order to reach a political
agreement on the this act as soon as possible.
Council Conclusions concerning the Council Framework Decision on the
protection of personal data processed in the framework of police and
judicial co-operation in criminal matters (12.06.2007)
http://www.consilium.europa.eu/ueDocs/cms_Data/docs/pressData/en/jha/94634.…
Data protection - Proposal for a Framework Decision on the protection of
personal data processed in the framework of police and judicial cooperation
in criminal matters (12.06.2007)
http://www.europa.eu/rapid/pressReleasesAction.do?reference=IP/07/808
Presidency work programme and the protection of individuals with regard to
the processing of personal data and the free movement of such data
(11.06.2007)
http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consu…
EDPS letter to incoming Portuguese presidency: fundamental rights are not
captives of security (12.06.2007)
http://www.europa.eu/rapid/pressReleasesAction.do?reference=EDPS/07/6
EDRI-gram: The European Parliament voted for stronger data protection
(6.06.2007)
http://www.edri.org/edrigram/number5.11/ep-data-protection-police
EDRI-gram: EDPS advises against new data protection framework decision
(9.05.2007)
http://www.edri.org/edrigram/number5.9/edps-framework-decision
============================================================
2. PCDA brings a major change in the WIPO mandate
============================================================
During 11-15 June 2007, the Provisional Committee on Proposals for a WIPO
(World Intellectual Property Organization) Development Agenda (PCDA) had
meetings during which WIPO members negotiated agreements on several
proposals for new activities of the UN organization.
"This is a major achievement. It's a complete overhaul of the WIPO concept,
broadening it to reflect society's growing concern with ownership of
technologies and knowledge, and its effects for the future, both in
developed and developing countries" was the statement of a participant in
the meetings.
Six clusters of proposals, labelled A to F, were under discussion during the
meeting on issues such as open collaborative projects, intellectual property
protection, and development impact assessments. An agreement was reached on
21 proposals that came now besides the 24 agreed upon during the meeting on
23 February. All of the 45 proposals agreed this year will be adopted by the
General Assembly and implemented in September.
The initial idea of reforming WIPO came in 2004 from Argentina and Brazil
and the 45 proposals have resulted from the 111 proposals made by various
countries during a two-year period.
Proposals agreed during this last meeting covered domains such as technical
assistance, rule making, technology transfer, development impact
assessments, WIPO's mandate, touching topics such as protection to
competition, access to knowledge and open collaborative models to support
public domain.
A new WIPO Committee on Development and IP was recommended for setting up to
replace PCDA and the Permanent Committee on Cooperation for Development
Related to Intellectual Property (PCIPD). The proposed committee would hold
its first meeting in the first half of 2008.
The new committee's tasks will be to elaborate a work programme for the
implementation of the proposed recommendations, to "monitor, assess, discuss
and report on the implementation of all recommendations adopted, discuss IP
and development related issues as agreed by the Committee, as well as those
decided by the General Assembly."
The director general of the World Intellectual Property Organization (WIPO),
Dr.Kamil Idris has considered the discussions as "a milestone in the history
of the Organization". "This process and the spirit of compromise and mutual
understanding in which it took place, is an important contribution to
international efforts to promote the development of a balanced intellectual
property system that is responsive to the needs and interests of all
countries - developed and developing alike" he added.
James Love, director of the NGO- Knowledge Ecology International (KEI)
explained the importance of the result: "After three years, WIPO has
produced a meaningful and welcome new vision for WIPO. The governments who
participated in the negotiations agreed that WIPO is no longer only to
pursue mindless expansions of intellectual property rights, but now is a
place to discuss a broad range of topics, including measures to protect or
promote access to knowledge, the implications and benefits of a rich and
accessible public domain, and strategies for dealing with abuses of rights,
or other measures to protect the public interest."
He also emphasised the need to continue the common efforts for the
implementation of the Development Agenda: "Having concluded a difficult and
quite meaty negotiation over WIPO's purpose and direction, there will be an
effort to implement the new Development Agenda. The next two to three years
will be critical. One has to prudently wonder how sustainable is the
interest in this reform effort. The institutional juggernaut behind stronger
IPR is well financed and permanent, and the opposition is often poorly
resourced and episodic."
In A 'Major Achievement', WIPO Negotiators Create New Development Mandate
(18.06.2007)
http://www.ip-watch.org/weblog/index.php?p=656
WIPO Committee Reaches Breakthrough Agreements On Development Agenda
(15.06.2007)
http://www.ip-watch.org/weblog/index.php?p=655
Final PCDA Recommendations to 2007 General Assembly (15.06.2007)
http://www.keionline.org/index.php?option=com_jd-wp&Itemid=39&p=51
KEI Statement on conclusion of WIPO Development Agenda negotiations
(15.06.2007)
http://www.keionline.org/index.php?option=com_content&task=view&id=88
WIPO Director General Welcomes Major Breakthrough following Agreement on
Proposals for a WIPO Development Agenda (18.06.2007)
http://www.wipo.int/pressroom/en/articles/2007/article_0037.html
Blogging WIPO: The New Development Agenda (18.06.2007)
http://www.eff.org/deeplinks/archives/005320.php
============================================================
3. Pr|m's Treaty is now included into the EU legal framework
============================================================
The EU has adopted as its own law, with very little alterations, the
so-called Pr|m Treaty, signed on 27 May 2005 by Belgium, Germany, Spain,
France, Luxembourg, The Netherlands and Austria, which allowed the police
forces of their countries to compare and exchange data more easily.
The new law, adopted by the European Parliament's report of Fausto Correia
(PES, PT) and approved by the Council of Ministers during a meeting of the
justice and home office ministers last week, gives the EU member-states
three years to rewrite domestic laws in order to comply with it.
"Member states have to adopt legislation on the basis of the decision. They
can copy and paste it, it is self-explaining, not like a Directive, which
contains only objectives. This agreement contains a huge amount of
legislation concerning DNA data and data protection rules." said a spokesman
of the European Council.
Peter Hustinx, the EDPS, still expresses his concern and his disappointment
for not having been listened to. "It seems that Council has not sufficiently
taken my remarks into account."
The new rules will open up police databases but not fully, said the Home
Office spokeswoman: "The primary aspects of this are data sharing on
fingerprints, DNA samples and vehicle registrations."
"What will happen now is that countries will have the ability automatically
to determine immediately whether a member state holds matching DNA or
fingerprint information, but they won't have automatic access to the
databases or the information itself," she added.
UK had previously resisted joining the Pr|m Treaty. "The implications of
this treaty are far reaching and will affect all EU citizens," said Philip
Bradbourn, Conservative justice and home affairs spokesman. However, UK has
signed this new EU deal.
"We are sleepwalking into a Big Brother Europe while our government stands
idly by" said Syed Kamall, a British Conservative MEP.
Police will share data across Europe against privacy chief's advice
(14.06.2007)
http://www.out-law.com//default.aspx?page=8148
DNA data deal 'will create Big Brother Europe' (11.06.2007)
http://www.eupolitix.com/EN/News/200706/462d5e3f-1a57-4805-a12e-1cb072b124d…
Pr|m Treaty will allow EU27 to exchange DNA data to fight crime (7.06.2007)
http://www.europarl.europa.eu/news/expert/infopress_page/019-7568-157-06-23…
Controversial data-sharing deal to get the go-ahead (12.06.2007)
http://euobserver.com/9/24244
EDRI-gram: From Schengen to Pr|m: Data Protection under 3rd pillar a
prerequisite (28.02.2007)
http://www.edri.org/edrigram/number5.4/prum
============================================================
4. French collective society sues P2P producers
============================================================
Under the cover of the DADVSI law with the so-called Vivendi amendment
(initiated by Vivendi Universal) the French association SPPF (Sociiti
civile
des producteurs de phonogramme en France - The French collective society for
phonogram producers representing the independent labels) started a legal
action against P2P software producers.
The Vivendi amendment, strongly debated in the Parliament, but supported by
Nicolas Sarkozy and barely passed by the Joint Committee of the National
Assembly and the Senate, considers as criminal the creation and distribution
of all software obviously intended to provide to public some unauthorised
copyrighted works. The non-compliance is punished by three years of prison
and a 300 000 Euro fine. From a civil law point of view, the amendment
obliges the creators of the P2P software to implement prevention measures in
order to prohibit downloading alleged illegal content.
The amendment gave SPPF the opportunity to file ridiculous actions against
two P2P software producers Morpheus and Azureus with a third, Shareaza,
being next in line to be sued.
SPPF initiated the suit as a civil action, considering the criminal actions
would have been too complicated to organize. Also the civil actions give the
possibility to ask for consistent damages as stated Jirtme Roger, SPPF
director. SPPF asks 16.6 millions Euros from Azureus and 3.7 millions Euros
from Morpheus. The figures are based on a poll carried out by AdVestigo
company, of downloads in the P2P networks over a period of 10 months on a
sample of 4750 titles. Then the results were enlarged for their entire
catalogue of 475 000 titles and the total was multiplied with 2 Euros (1
Euro as the price for a sale and 1 Euro as damages).
France : SPFF attacks Morpheus, Azureus and Shareaza (only in French,
12.06.2007)
http://www.ratiatum.com/news5163_France_la_SPFF_attaque_Morpheus_Azureus_et…
P2P : Details on the legal actions of SPPF (only in French, 12.06.2007)
http://www.ratiatum.com/breve5164_P2P_precisions_sur_les_actions_judiciaire…
EDRI-gram : Update on French EUCD Transposition (29.03.2006)
http://www.edri.org/edrigram/number4.6/frencheucd
============================================================
5. Privacy Ranking of Internet Service Companies
============================================================
Privacy International (PI) has undertaken a study that reveals the
privacy threats and rank the positions in this matter of key players on the
Internet services market. The objective of the research is not only to point
fingers but also to find out trends and emergent issues related to privacy
on the Internet.
The report was issued by PI after a six-month investigation on the privacy
practices covering search, email, e-commerce and social networking sites.
The methodology used included 20 main parameters among which data
collection and processing, data retention, openness and transparency or
responsiveness to customers' complaints.
Data was gathered from newspaper articles, privacy policies, blogs,
submissions to government inquiries, information obtained from present and
former company staff, technical analyses and interviews with company
representatives.
Because the 2007 rankings are a precedent, PI will regard the current report
as a consultation report and will establish a broad outreach for two months
to ensure that any new and relevant information is taken into account before
publishing a full report in September.
The research has coded the companies by colour, from green "privacy-friendly
and privacy enhancing", to black, "comprehensive consumer surveillance and
entrenched hostility to privacy". While there was no company ranked in the
green area, and only few were ranked blue, "generally privacy aware", (such
as eBay, LiveJournal, Wikipedia), the only company coded black by the
preliminary stage of the research was Google.
Google was mostly criticized for its lack of transparency, PI considering
that its data retention policy was not very clear. "Google maintains records
of all search strings and the associated IP-addresses and time stamps for at
least 18 to 24 months and does not provide users with an expungement
option. Google has access to additional personal information, including
hobbies, employment, address, and phone number, contained within user
profiles in Orkut. Google often maintains these records even after a user
has deleted his profile or removed information from Orkut."
Google's privacy policy was considered "vague, incomplete and possibly
deceptive", and its response to customers' complaints, a poor one.
A Google employee's blog, Matt Cutts, complained by the fact that the
company was not given credit for not handing over data to the US Government
and for not having leaked search queries of its users.
In an open letter addressed to Google's CEO Eric Schmidt, Privacy
International accused Google for having smeared its good name. "Two European
journalists have independently told us that Google representatives have
contacted them with the claim that 'Privacy International has a conflict of
interest regarding Microsoft'." PI also stated no company had made such
accusation in its 17 years of life.
PI asked for an apology from Google, "but if you cannot deliver this then I
think you should reflect carefully on the actions of your representatives
before embarking on what I believe amounts to a smear campaign. As with
Microsoft, eBay and any other organisation we are more than happy to work
with you to help resolve the many privacy challenges for Google that our
report has highlighted."
A Race to the Bottom: Privacy Ranking of Internet Service Companies, A
Consultation report (9.06.2007)
http://www.privacyinternational.org/article.shtml?cmd[347]=x-347-553961
Privacy International accuses Google of smear campaign (11.06.2007)
http://www.theregister.co.uk/2007/06/11/google_privacy_international/
Why I disagree with Privacy International (11.06.2007)
http://www.mattcutts.com/blog/privacy-international-loses-all-credibility/
An Open Letter to Google (10.06.2007)
http://www.privacyinternational.org/article.shtml?cmd[347]=x-347-553964
============================================================
6. European Visa Information System accepted by the EU bodies
============================================================
The legislative package on the Visa Information System (VIS) was
adopted by the European Parliament and a political agreement was
reached within the Justice and Home Affairs Council in the last couple of
weeks. This means that the final steps have been adopted to create the
biggest biometric database in the world.
The VIS Legislative package is formed by the VIS Regulation and the VIS
Decision. The VIS Regulation will allow consulates and other competent
authorities to start using the system when processing visa applications and
to check visas. The VIS Decision will allow police and law enforcement
authorities to consult the data under certain conditions that should ensure
a high level of data protection.
The European Parliament adopted on 7 June 2007 two reports from Baroness
Sarah Ludford (ALDE, UK). The first report that adopted the VIS regulation
aimed at preventing an applicant who is refused a visa by one Schengen
country from applying to others ("visa shopping"), but also facilitating the
fight against fraud and checks at external borders.
The second report that adopted the VIS decision stated that the access to
the VIS database should be "limited to those who 'have a need to know' and
possess appropriate knowledge about data security and data protection
rules". The report stresses that "adequate provisions have to be provided
for to ensure the necessary data protection", and that such data "shall only
be processed for the purposes of the prevention, detection, investigation
and prosecution of terrorist offences or other serious criminal offences."
The report also states that "personal data obtained...from the VIS shall not
be transferred or made available to a third country or to an international
organisation."
Less than a week later the VIS package obtained the political agreement in
the Justice and Home Affairs Council, thus making the new system almost a
reality, because the new rules need just to be formally approved by the EU
member-states governments.
The Visa Information System will store data on up to 70 million people
concerning visas for visits to or transit through the Schengen Area. This
data will include biometrics (photographs and fingerprints) and written
information such as the name, address and occupation of the applicant, date
and place of the application, and any decision taken by the Member State
responsible to issue, refuse, annul, revoke or extend the visa. Citizens of
more than 100 countries need a visa to enter the EU.
The Baroness Sarah Ludford MEP insisted that "the VIS is a
border-management system and its principle is not to combat terrorism and
crime. Let us remember that 99.9% of visitors to the EU are legitimate
travellers who do not have any connection with criminality whatsoever, nor
indeed do illegal immigrants or unauthorised entrants."
The Conservatives have condemned the reports as an invasion of privacy
rights, and have called on UK government to opt out. European Data
Protection Supervisor Peter Hustinx expressed his concern: "The circle of
data subjects that can be included in this system is not limited to data of
persons suspected or convicted of specific crimes."
EU visa information system to help prevent visa shopping (7.06.2007)
http://www.europarl.europa.eu/news/expert/infopress_page/019-7569-157-06-23…
Visa Information System (VIS): The JHA-Council reaches a political agreement
on the VIS Regulation and VIS Decision (12.06.2007)
http://www.europa.eu/rapid/pressReleasesAction.do?reference=IP/07/802&forma…
EU to create world's biggest bio-data pool (13.06.2007)
http://euobserver.com/22/24261
EU backs biometrics visa database (8.06.2007)
http://www.euractiv.com/en/justice/eu-backs-biometrics-visa-database/articl…
EDRI-gram: EU Visa Database under scrutiny of the European Data Protection
Supervisor (2.02.2006)
http://www.edri.org/edrigram/number4.2/visadatabase
============================================================
7. Google answers Article 29 Working Party on data protection standards
============================================================
Google has answered several questions related to its data protection
standards addressed by the Article 29 Working Party, especially on the
period after which the anonymisation of the search server logs can be
obtained.
Initially Google announced in March 2007 a reduction of the retention period
for data related to users and their searches to 18-24 months, but, after the
Article 29 Working Party's letter, Peter Fleischer, global privacy counsel
at Google, accepted a period of 18 months. However, he
also stated that the period could be extended to 24 months, depending on the
implementation of the Data retention directive in some of the EU member
states.
Google explained that the period is necessary to use for logs in their
activities, such as spell-checking help, preventing abuse and fraud or
helping users refining their search queries based on previous experiences.
The privacy counsel has also used as one of the main reasons for keeping the
logs, the requirements of the Data retention directive that will require the
state members to keep the traffic data between 6 and 24 months. But he also
raised several questions marks regarding the clarity of the text of the
directive.
However, Philippos Mitletton, that works for the European Commission's Data
Protection Unit, explained to Out-Law that the data retention directive
should not apply to Google
"The Data Retention Directive applies only to providers of publicly
available electronic communications services or of public communication
networks and not to search engine systems. Accordingly, Google is not
subject to this Directive as far as it concerns the search engine part of
its applications and has no obligations thereof."
But Google's letter goes beyond the text of the directive and expresses
concerns about the possibile extentions of the directive's purpose at the
implementation of the Data Retention Directive in each EU member-state. It
also reffers to the German Ministry of Justice proposal that webmail
providers should be required to verify the identity of their
account holders and asks " Could we challenge its legality in court, either
as an unconstitutional infringement of privacy, or as an example of
jurisdictional over-reach?" In practice, the German working group against
data retention has already gathered a lot of supporters for a constitutional
court challenge against the data retention law, that would be the largest
constitutional court case in Germany ever.
The letter Google has sent to the Article 29 Working Party points also to
other privacy-sensitive issues raised. The major search engine explained
that its anonymisation process deletes the final digits of the logged IP
addresses and that the process is irreversible, even for Google staff.
Fleischer explained also the Google position regarding cookies: "We believe
that cookies data management in a user's browser is fundamentally a
browser/client issue, not a service/server issue. Therefore, the lifetime of
a cookie does not indicate or imply any enforcement of data retention. We
also believe that cookie lifetimes should not be so short as to expire and
force users to re-enter basic preferences (such as language preference).
Nonetheless, we acknowledge that cookie lifetimes should be "proportionate"
to the data processing being performed."
Article29 Working party letter to Google (16.05.2007)
http://ec.europa.eu/justice_home/fsj/privacy/news/docs/pr_google_16_05_07_e…
Google response to Article 29 Working Party (10.06.2007)
http://64.233.179.110/blog_resources/Google_response_Working_Party_06_2007.…
How long should Google remember searches? (11.06.2007)
http://googleblog.blogspot.com/2007/06/how-long-should-google-remember.html
Google makes data retention concession(12.06.2007)
http://www.out-law.com/page-8140
Data retention laws do not cover Google searches, says Europe (13.06.2006)
http://www.out-law.com/page-8147
EDRI-gram: Privacy bodies investigate Google's data protection standards
(25.04.2007)
http://www.edri.org/edrigram/number5.8/google-data-protection
EDRI-gram: Google limits the search data retention period (28.03.2007)
http://www.edri.org/edrigram/number5.6/google-data-retention
============================================================
8. ENDitorial: The 2001 CoE Cybercrime Convention more dangerous than ever
============================================================
The Council of Europe (CoE) has definitely highly prioritised the broad
ratification, all over the world, of its Convention on Cybercrime, opened to
signatures since November 2001 and entered into force on 1 July 2004. As
part of its efforts to achieve this goal, a conference on "Cooperation
against cybercrime" was held in Strasbourg on 11-12 June 2007, to which EDRI
was invited to participate with a presentation (some of the participants
presentations are available on the conference website).
This conference was organized in the framework of the CoE Octopus programme
against corruption and organised crime in Europe, three years after the 2004
venue on "The challenge of cybercrime" and two years after the joint CoE-OAS
(Organisation of American States) conference on "Cybercrime: a global
challenge, a global response". The CoE has also been promoting this
Convention in many international fora, including the World Summit on the
Information Society and its following-up Internet Governance Forum. Finally,
it has held numerous regional meetings and training events for member States
and third States to help them implement Convention -ready or -compatible
provisions in their legislations.
Almost 140 participants attended the conference (list available on the
conference website). They were mainly law enforcement authorities (LEAs)
from all over the world (representing 49 countries from the 5 continents),
plus 12 intergovernmental organisations (among them EUROPOL, INTERPOL, and
ENISA - the European network and information security agency), 3 non
governmental organisations (EDRI, ICMEC - the International Centre for
Missing and exploited children, and the French Human Rights League), 3
international multi-stakeholders forums (the Inhope association of Internet
hotlines, the Anti-Phishing forum and the London Action Plan against spam)
and 3 private sector (Microsoft, NASSCOM - India's national association for
software and service companies, and RSA).
Surprisingly, no representative from ISPs attended, and none of them was
invited to make a presentation, although the Convention on Cybercrime puts a
severe burden on them since most of its procedural provisions (articles 16
to 21) are directly requiring the cooperation of ISPs in order to achieve
preservation, production, search and seizure of stored computer data,
real-time collection of traffic data and interception of content data.
However, Microsoft was well represented and obviously given an important
role in the conference with no less than 3 presentations in plenary
sessions. A presentation by Alexander Seger, Head of Technical Cooperation
in the Department of Crime Problems (CoE DG of Legal Affairs) gave a clue to
understand this special treatment: the CoE has launched a new project
against cybercrime, "a global project to support European and non-European
countries to accede and implement the Convention on cybercrime or its
Protocol on xenophobia and racism", (details on the project available on the
conference website), which started on September 2006 for a duration of 30
months. The overall budget is 1.7 million euros, of which only 550,000 euros
are currently available: 290,000 euros from the CoE own funding and 260,000
euros from Microsoft contribution.
It has to be noted that this private funding is new practice to the CoE, to
the extent that Microsoft funding had to be approved by the CoE Council of
Ministers. As Alexander Seger suggested in his presentation, "other donors
(public and private) [are] invited to join this project" and "beyond this
project, CoE may now seek stronger cooperation with the private sector". If
such extension is indeed realised in the future, one may wonder whether the
CoE will be able to remain the reference it currently represents in terms of
respect for human rights, democracy and the rule of law. Interestingly
enough, this trend in having CoE projects funded by the private sector
starts with this very Convention on cybercrime, probably the only one among
the current 200 CoE Treaties which have been so criticized by human rights
NGOs, as EDRI reminded in its presentation. While Alexander Seger and
Microsoft representatives insisted on the fact that "no specific condition
[has been] attached to the financial contribution from Microsoft", it would
be quite naive to find this "guarantee" satisfactory: agenda -setting
and -pushing is certainly already worth the money spent.
The interest of companies like Microsoft in such a project is directly
linked to the substantive provisions of the Convention (articles 2 to 13),
which aim at harmonizing the criminalisation of the commission of "offences
against the confidentiality, integrity and availability of computer data and
systems" (art. 2-6), "computer related offences" (forgery and fraud, art.
7-8), "content-related offences" (Internet child pornography, art. 9),
"offences related to infringements of copyright and related rights" (art.
10) or attempting, aiding or abetting the commission of such offences (art.
11).
Copyright infringement was almost not evoked during the 2007 conference. The
fight against Internet child pornography served as the consensual vehicle to
promote such tools as both the Convention and private hotlines: concerns
regarding the respect for the rule of law, as raised by EDRI, were received,
as usual, with suspicion of laxity. EDRI was the only participant pointing
to the fact that the additional Protocol against racism and xenophobia could
only be ratified by countries that already criminalise in their national
laws the dissemination of such content, as well as insults and threats based
on racism and xenophobia. Thus, it would never solve cases such as the
famous Yahoo! case between France and the USA, simply because, as EDRI
noted, the Convention and its Protocol fail to address the major issue of
the competence of jurisdictions.
The real big issues for LEAs during this conference were the most prevalent
threats as well as the new trends they perceive in current cybercrime
activities: spamming, phishing and its many variants using SMS (SMSishing),
VoIP (Vishing), DNS redirections (pharming), the use of botnets, the use of
P2P networks and instant messaging systems, were among the many identified
aspects of a proteiform cybercrime. Although all the presentations on these
trends (specially from Europol and from French LEAs) acknowledged the lack
of statistics and the difficulty to gather data on this kind of crime, they
were able to agree on its current volume and its broadening, and to conclude
on the increased need to limit - if not forbid - anonymity and encryption of
exchanges, to better control the Internet use from cybercafes and other
public places, and, last but not least, to further extend cooperation with
private sector (telecom operators and ISPs) and communication and exchange
of data among LEAs for mutual assistance purposes.
International cooperation between LEAs is exactly the subject of the
numerous remaining provisions of the Convention (articles 23 to 35). In
summary, these provisions allow any State party to the Convention to request
from any other party the communication of data collected under the
provisions of articles 16 to 21, without any dual criminality requirement
(except if relevant reservation has been made upon ratification) and with
very limited possibility of refusal: actually, as Henrik Kaspersen,
professor at the Free university of Amsterdam and chair of the committee of
the CoE Convention on cybercrime, analysed, the current 43 signatories
(among them 21 having ratified the text) made a quite moderate use of
reservations. Moreover, the Convention conditions and safeguards (article
15) are far from being adequate and harmonised among the State parties to
the Treaty: although the EU Article 29 working group warned against this and
other failures of the Convention when the text was still being drafted, its
opinion was not taken into account. With the extension of the Convention to
States with far less privacy safeguards than the CoE member States - which
are bound by the European Convention on Human Rights -, starting with the
USA, this threat is becoming to realise the worst fears of the Global
Internet Liberty Campaign (GILC) international coalition of NGOs - among
them future EDRI founders - when it published in 2001 its "Eight Reasons the
International Cybercrime Treaty Should be Rejected", after a long campaign
against the eventually signed Convention.
Furthermore, although one can argue that, since 2001, the situation has
become even worse with laws adopted all over the world, including at the
European Union level, it has to be acknowledged that "the CoE Convention on
cybercrime opened the way to more and more invasive laws", as EDRI concluded
at the end of its presentation at this conference, leading to have "on-line
activities and behaviours more criminalised than their off-line equivalent
and citizens benefit from less protections and safeguards on-line than
off-line". In order to limit the risk that, six years after its signature,
the CoE Convention on cybercrime becomes more dangerous than ever, EDRI
advocated, "before any further extension in scope and/or
ratification/accession, (the) need for an assessment of the Convention and
its national implementations with regards to human rights, democracy and the
rule of law". Finally, in the same way as EDRI considers that, at the EU
level, data protection under third pillar is a prerequisite to any
broadening of information systems in criminal matters, EDRI recommended that
the Council of Europe "devote[s] an equivalent energy to extend
ratifications/accessions to Convention no.108 for the protection of
individuals with regard to automatic processing of personal data". But such
a goal does not seem to be on CoE agenda.
CoE Octopus Conference 2007 (11-12.06.2007)
http://www.coe.int/t/e/legal_affairs/legal_co-operation/combating_economic_…
CoE Octopus Conference 2004 (15-17.09.2004)
http://www.coe.int/t/e/legal_affairs/legal_co-operation/combating_economic_…
Joint COE-OAS Conference 2005 (12-13.10.2005)
http://www.coe.int/T/E/Legal_Affairs/About_us/Cooperation/5Madrid(cyber)_OA…
EU Article 29 WP Opinion on the CoE Draft Convention on Cybercrime
(22.03.2001)
http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2001/wp41en.pdf
GILC coalition "Treaty Watch" website
http://www.treatywatch.org
IRIS dossier of the campaign against the Convention and its Protocol (only
in French)
http://www.iris.sgdg.org/actions/cybercrime
EDRI-gram: From Schengen To Pr|m: Data Protection Under 3Rd Pillar A
Prerequisite (28.02.2007)
http://www.edri.org/edrigram/number5.4/prum
CoE Convention no.108 on data ptrotection (28.01.1981)
http://conventions.coe.int/Treaty/Commun/QueVoulezVous.asp?NT=108&DF=6/20/2…
(Contribution by Meryem Marzouki, EDRI-member IRIS - France)
============================================================
9. Recommended Reading
============================================================
Belgian Biometric Passport does not get a pass...
Your personal data are in danger!
http://www.dice.ucl.ac.be/crypto/passport/index.html
Centre for Educational Research and Innovation - Giving Knowledge for Free
The Emergence of Open Educational Resources
http://www.oecdbookshop.org/oecd/display.asp?CID=&LANG=EN&SF1=DI&ST1=5L4S6T…
============================================================
10. Agenda
============================================================
8 May - 22 July 2007, Austria
Annual decentralized community event around free software lectures,
panel discussions, workshops, fairs and socialising
http://www.linuxwochen.at
17-22 June 2007 Seville, Spain
19th Annual FIRST Conference, "Private Lives and Corporate Risk"
http://www.first.org/conference/2007/
18-22 June 2007, Geneva, Switzerland
Second Special Session of the Standing Committee on Copyright and Related
Rights (SCCR)
http://www.wipo.int/meetings/en/details.jsp?meeting_id=12744
28 June 2007, London, UK
First London CC-Salon organized by Free Culture London and the Open Rights
Group
http://wiki.creativecommons.org/London_Salon
8-12 August 2007, near Berlin, Germany
Chaos Communication Camp 2007
"In Fairy Dust We Trust!"
http://events.ccc.de/camp/2007/
5-11 September 2007, Linz, Austria
Ars Electronica Festival - Festival for Art, Technology and Society
http://www.aec.at/en/festival2007/index.asp
25 September 2007, Montreal, Canada
Civil Society Workshop: Privacy Rights In A World Under Surveillance
A one-day workshop organized by the International Civil Liberties Monitoring
Group (ICLMG) in cooperation with Canadian and international civil rights
and privacy organizations ahead of the 29th International Conference of Data
Protection and Privacy Commissioners in Montreal.
http://www.thepublicvoice.org/events/montreal07/default.html
12-15 November 2007, Rio de Janeiro, Brazil
The Government of Brazil will host the second Internet Governance Forum
meeting.
http://www.intgovforum.org/
http://cgi.br/igf/
============================================================
11. About
============================================================
EDRI-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRI has 25 members from 16 European countries.
European Digital Rights takes an active interest in developments in the EU
accession countries and wants to share knowledge and awareness through the
EDRI-grams. All contributions, suggestions for content, corrections or
agenda-tips are most welcome. Errors are corrected as soon as possible and
visibly on the EDRI website.
Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 2.0 License. See the full text at
http://creativecommons.org/licenses/by/2.0/
Newsletter editor: Bogdan Manolea <edrigram(a)edri.org>
Information about EDRI and its members:
http://www.edri.org/
- EDRI-gram subscription information
subscribe by e-mail
To: edri-news-request(a)edri.org
Subject: subscribe
You will receive an automated e-mail asking to confirm your request.
unsubscribe by e-mail
To: edri-news-request(a)edri.org
Subject: unsubscribe
- EDRI-gram in Macedonian
EDRI-gram is also available partly in Macedonian, with delay. Translations
are provided by Metamorphosis
http://www.metamorphosis.org.mk/edrigram-mk.php
- EDRI-gram in German
EDRI-gram is also available in German, with delay. Translations are provided
Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for
Internet Users
http://www.unwatched.org/
- Newsletter archive
Back issues are available at:
http://www.edri.org/edrigram
- Help
Please ask <edrigram(a)edri.org> if you have any problems with subscribing or
unsubscribing.
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
One of the reasons e.g. BitTorrent works so great is that when you
receive a piece from someone, you can trade it for another piece with
anyone else in the swarm without that piece. This works since everyone
on a torrent (typically) are interested in the same file. With
multi-file torrents this assumption is extended to several files as well.
In the file-based filesharing world (ed2k, gnutella) the same assumption
hold, but but only for one file. And with batchtorrents, this assumption
might brake even with torrent; one might only want a few files, (and
e.g. using Azureus not even request the other files).
Still, two people downloading an episode from same tv-series are quite
likely to be interested in the same files, and thus they might benefit
from trading.
Has any research been done on how these peers with common interests can
find each other?
Mainly it's about finding the peer with the most coinciding interest.
Still, other factors play in, such as the resources available (does the
peer lack trading partners, i.e. has bandwidth to spare?) in finding a
good match. On the networklevel it might also be good to find a balance
between finding the "best" peer and creating a well-connected network
(avoiding cliques and bottlenecks). Moreover, as interest's change over
time, how should this be handled? (The more coinciding the interests,
the longer it should take for them to deviate from each other.)
This is question is quite similar to finding a peer with pieces of a
file you're interested in (that you don't already have). (The difference
being that in the former, you search for _potential_ bearers of the
piece.) Here the problem of matching a large number of preferences shows
(namely the pieces; there are usually quite a few of them). The same
things happens with many (especially small) files.
In the search-layer I believe this is usually handled either not at all
(random) or in a binary way (complete file vs. only pieces of it), and
leaving the details to the strict peer-to-peer chatting. Would there be
any point in using more detailed information of finished pieces in the
search layer? Would there be any use to use different resolutions (e.g.
10 pieces resolution might be: piece 1-10: none finished, 11-20: all,
21-29: some)?
An interesting take on this is the perspective of piece-based networks,
where one searches for every piece separately. Here it's even more
obvious how much one would benefit from finding people interested in the
same file (the same pieces). Yet, introducing things such as patches, it
would be pleasing to have a solution that didn't depend on peers wanting
the exactly same pieces (defined by the file), but just roughly the same.
/Vaste
_______________________________________________
p2p-hackers mailing list
p2p-hackers(a)zgp.org
http://zgp.org/mailman/listinfo/p2p-hackers
_______________________________________________
Here is a web page listing P2P Conferences:
http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net
[demime 1.01d removed an attachment of type application/pgp-signature]
1
0
The system involves each courier hand delivering the tape or the written
message to another courier or location without knowing the courier's
identity, the origin of the tape or message or its destination. It makes
it
almost impossible for intelligence agencies to roll up the entire
network.
http://abcnews.go.com/International/Terrorism/story?id=1527351
----- End forwarded message -----
How Does al Qaeda Send Terror Tapes Without Getting Caught?
Terror Network Uses Complex Messenger System, Which May Span Several
Countries
Analysis
by ALEXIS DEBAT
Jan. 20, 2006 . - The broadcast of terror tapes on al Jazeera highlights a
question that has haunted U.S. intelligence for a number of years now: How do
these tapes find their way to the offices of the Qatari news channel, and why
can't something be done to follow their trail to Osama bin Laden's doorstep?
This question remained largely unanswered until the arrest last May in
Pakistan of Abu Faraj al Libbi, one of al Qaeda's operational commanders.
Under intense interrogation, al Libbi revealed that Osama bin Laden's tapes --
like his operational directives -- are hand carried from courier to courier in
a long and intricate route that involves several dozen "runners."
According to al Libbi, it takes six to 12 weeks of travel in the remote and
inhospitable areas along the border between Afghanistan and Pakistan, where
bin Laden and Ayman al Zawahri are still hiding. Based on this piece of
intelligence, the Pakistani government succeeded in infiltrating parts of
these courier networks in 2005.
But because of the extraordinary precautions taken by al Qaeda's messengers,
the Pakistanis were unable to trace them back to either Zawahri or bin Laden.
The system involves each courier hand delivering the tape or the written
message to another courier or location without knowing the courier's identity,
the origin of the tape or message or its destination. It makes it almost
impossible for intelligence agencies to roll up the entire network.
Some of these intermediaries are recruited among the thousands of travelling
Muslim preachers who roam Pakistan's tribal and northern areas, usually on
foot.
Analysts believe this system is still in place today, and may span several
countries. According to a senior Pakistani intelligence source, the latest
tape was hand delivered by an anonymous source to al Jazeera's Dubai bureau in
the United Arab Emirates. The tapes are usually dropped off in an envelope at
al Jazeera's offices in the Pakistani capital, Islamabad.
A 'Back Channel' Relationship?
Many commentators suspect a "back channel" relationship between the news
channel and the terrorist organization. In 2005, al Jazeera reporter Taysir
Alluni, who had interviewed bin Laden in Afghanistan several weeks after 9/11,
was sentenced by a Spanish court to seven years in prison for providing help
to two al Qaeda operatives wanted in connection with the Madrid train bombings
in 2004.
Despite this high-profile case, there is little evidence of any formal
relationship, agreement or even sustained communication between al Jazeera and
al Qaeda. And al Jazeera strongly denies it.
Osama bin Laden's use of the Qatari news channel likely has more to do with
strategy than ideology. With its audience of 50 million to 70 million viewers
around the world, al Jazeera has emerged not only as the Muslim world's
most-watched news outlet but as a powerful force driving political views of
Muslims around the world.
By using al Jazeera to broadcast its messages, al Qaeda is simply borrowing
the network's global reach to further its own, while making sure that the
message will reach the audience with little alteration or editing, and no
mistranslation.
This is especially key when bin Laden or Zawahri, as Western intelligence
agencies report, wish to send covert messages to their operatives across the
world.
ABC News consultant Alexis Debat is a terrorism analyst and contributing
editor of the National Interest in Washington, D.C.
Copyright ) 2006 ABC News Internet Ventures
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
1
0
============================================================
EDRI-gram
biweekly newsletter about digital civil rights in Europe
Number 5.12, 20 June 2007
============================================================
Contents
============================================================
1. Update on a Council Framework Decision on the protection of personal data
2. PCDA brings a major change in the WIPO mandate
3. Pr|m's Treaty is now included into the EU legal framework
4. French collective society sues P2P producers
5. Privacy Ranking of Internet Service Companies
6. European Visa Information System accepted by the EU bodies
7. Google answers Article 29 Working Party on data protection standards
8. ENDitorial: The 2001 CoE Cybercrime Convention more dangerous than ever
9. Recommended Reading
10. Agenda
11. About
============================================================
1. Update on a Council Framework Decision on the protection of personal data
============================================================
The Council of the European Union disscused again in its Justice and Home
Affairs Council meeting on 12-13 June 2007 the Council Framework Decision on
the protection of personal data processed in the framework of police and
judicial co-operation in criminal matters, without making any clear steps
for its adoption or taking into consideration the European Data Protection
Supervisor (EDPS) comments.
The conclusions of the Council meeting note that the new framework decision
will be based on the Council of Europe established minimum data protection
principles set by the Convention of 28 January 1981 for the protection of
individuals with regard to automatic processing of personal data and its
Additional Protocol of 8 November 2001, including Recommendation (87)15
regulating the use of personal data in the police sector.
It also announced that it would "examine all solutions suggested by the
European Parliament" that voted in favour of amendments that would provide
stronger data protection, and expects "to reach a political agreement on
the proposal as soon as possible and at the latest by the end of 2007."
The Council conclusions did not give any consideration to the opinions
expressed earlier this year by the EDPS that advised against adopting the
proposal considering it failed to provide appropriate data protection.
EDPS reacted also to the latest conclusions by making an appeal to the
Portuguese presidency of the European Union in a public letter sent to the
Ministers for Justice and Interior . Peter Hustinx showed his concern
that a number of agreements on new anti-terrorist measures have been
concluded without fully considering the impact on fundamental rights.
"I fear that messages such as 'no right to privacy until
life and security are guaranteed' are developing into a mantra suggesting
that fundamental rights and freedoms are a luxury that security can not
afford. I very much challenge that view and stress that there should be no
doubt that effective anti-terror measures can be framed within the
boundaries of data protection" said Hustinx.
EDPS expresses his concern that such a negative approach to individual
privacy rights reveals an apparent lack of understanding of the framework of
human rights law. This framework has always allowed for necessary and
proportionate measures to combat crime and terrorism. This negative approach
also ignores the lessons learned about the abuse of fundamental rights from
dealing with terrorism within Europe's borders over the last 50 years.
EDPS also considered that its relationship with the Council of the European
Union needs further improvement. Consequently, he makes himself available as
an advisor on all matters concerning personal data processing so that the
Council may adopt effective and legitimate new policies.
The delay in adopting the Council Framework Decision has been criticized
also by the European Commission, through Vice-president Franco Frattini,
responsible for Justice, Freedom and Security that "regrets that the
Framework Decision is not yet adopted, in particular because the
Commission's proposal for the Framework Decision was already tabled in 2005
and it only establishes a minimum level of harmonisation of data protection
principles."
The Commission also encouraged the Council to give priority to the
discussions on the Framework Decision in order to reach a political
agreement on the this act as soon as possible.
Council Conclusions concerning the Council Framework Decision on the
protection of personal data processed in the framework of police and
judicial co-operation in criminal matters (12.06.2007)
http://www.consilium.europa.eu/ueDocs/cms_Data/docs/pressData/en/jha/94634.…
Data protection - Proposal for a Framework Decision on the protection of
personal data processed in the framework of police and judicial cooperation
in criminal matters (12.06.2007)
http://www.europa.eu/rapid/pressReleasesAction.do?reference=IP/07/808
Presidency work programme and the protection of individuals with regard to
the processing of personal data and the free movement of such data
(11.06.2007)
http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consu…
EDPS letter to incoming Portuguese presidency: fundamental rights are not
captives of security (12.06.2007)
http://www.europa.eu/rapid/pressReleasesAction.do?reference=EDPS/07/6
EDRI-gram: The European Parliament voted for stronger data protection
(6.06.2007)
http://www.edri.org/edrigram/number5.11/ep-data-protection-police
EDRI-gram: EDPS advises against new data protection framework decision
(9.05.2007)
http://www.edri.org/edrigram/number5.9/edps-framework-decision
============================================================
2. PCDA brings a major change in the WIPO mandate
============================================================
During 11-15 June 2007, the Provisional Committee on Proposals for a WIPO
(World Intellectual Property Organization) Development Agenda (PCDA) had
meetings during which WIPO members negotiated agreements on several
proposals for new activities of the UN organization.
"This is a major achievement. It's a complete overhaul of the WIPO concept,
broadening it to reflect society's growing concern with ownership of
technologies and knowledge, and its effects for the future, both in
developed and developing countries" was the statement of a participant in
the meetings.
Six clusters of proposals, labelled A to F, were under discussion during the
meeting on issues such as open collaborative projects, intellectual property
protection, and development impact assessments. An agreement was reached on
21 proposals that came now besides the 24 agreed upon during the meeting on
23 February. All of the 45 proposals agreed this year will be adopted by the
General Assembly and implemented in September.
The initial idea of reforming WIPO came in 2004 from Argentina and Brazil
and the 45 proposals have resulted from the 111 proposals made by various
countries during a two-year period.
Proposals agreed during this last meeting covered domains such as technical
assistance, rule making, technology transfer, development impact
assessments, WIPO's mandate, touching topics such as protection to
competition, access to knowledge and open collaborative models to support
public domain.
A new WIPO Committee on Development and IP was recommended for setting up to
replace PCDA and the Permanent Committee on Cooperation for Development
Related to Intellectual Property (PCIPD). The proposed committee would hold
its first meeting in the first half of 2008.
The new committee's tasks will be to elaborate a work programme for the
implementation of the proposed recommendations, to "monitor, assess, discuss
and report on the implementation of all recommendations adopted, discuss IP
and development related issues as agreed by the Committee, as well as those
decided by the General Assembly."
The director general of the World Intellectual Property Organization (WIPO),
Dr.Kamil Idris has considered the discussions as "a milestone in the history
of the Organization". "This process and the spirit of compromise and mutual
understanding in which it took place, is an important contribution to
international efforts to promote the development of a balanced intellectual
property system that is responsive to the needs and interests of all
countries - developed and developing alike" he added.
James Love, director of the NGO- Knowledge Ecology International (KEI)
explained the importance of the result: "After three years, WIPO has
produced a meaningful and welcome new vision for WIPO. The governments who
participated in the negotiations agreed that WIPO is no longer only to
pursue mindless expansions of intellectual property rights, but now is a
place to discuss a broad range of topics, including measures to protect or
promote access to knowledge, the implications and benefits of a rich and
accessible public domain, and strategies for dealing with abuses of rights,
or other measures to protect the public interest."
He also emphasised the need to continue the common efforts for the
implementation of the Development Agenda: "Having concluded a difficult and
quite meaty negotiation over WIPO's purpose and direction, there will be an
effort to implement the new Development Agenda. The next two to three years
will be critical. One has to prudently wonder how sustainable is the
interest in this reform effort. The institutional juggernaut behind stronger
IPR is well financed and permanent, and the opposition is often poorly
resourced and episodic."
In A 'Major Achievement', WIPO Negotiators Create New Development Mandate
(18.06.2007)
http://www.ip-watch.org/weblog/index.php?p=656
WIPO Committee Reaches Breakthrough Agreements On Development Agenda
(15.06.2007)
http://www.ip-watch.org/weblog/index.php?p=655
Final PCDA Recommendations to 2007 General Assembly (15.06.2007)
http://www.keionline.org/index.php?option=com_jd-wp&Itemid=39&p=51
KEI Statement on conclusion of WIPO Development Agenda negotiations
(15.06.2007)
http://www.keionline.org/index.php?option=com_content&task=view&id=88
WIPO Director General Welcomes Major Breakthrough following Agreement on
Proposals for a WIPO Development Agenda (18.06.2007)
http://www.wipo.int/pressroom/en/articles/2007/article_0037.html
Blogging WIPO: The New Development Agenda (18.06.2007)
http://www.eff.org/deeplinks/archives/005320.php
============================================================
3. Pr|m's Treaty is now included into the EU legal framework
============================================================
The EU has adopted as its own law, with very little alterations, the
so-called Pr|m Treaty, signed on 27 May 2005 by Belgium, Germany, Spain,
France, Luxembourg, The Netherlands and Austria, which allowed the police
forces of their countries to compare and exchange data more easily.
The new law, adopted by the European Parliament's report of Fausto Correia
(PES, PT) and approved by the Council of Ministers during a meeting of the
justice and home office ministers last week, gives the EU member-states
three years to rewrite domestic laws in order to comply with it.
"Member states have to adopt legislation on the basis of the decision. They
can copy and paste it, it is self-explaining, not like a Directive, which
contains only objectives. This agreement contains a huge amount of
legislation concerning DNA data and data protection rules." said a spokesman
of the European Council.
Peter Hustinx, the EDPS, still expresses his concern and his disappointment
for not having been listened to. "It seems that Council has not sufficiently
taken my remarks into account."
The new rules will open up police databases but not fully, said the Home
Office spokeswoman: "The primary aspects of this are data sharing on
fingerprints, DNA samples and vehicle registrations."
"What will happen now is that countries will have the ability automatically
to determine immediately whether a member state holds matching DNA or
fingerprint information, but they won't have automatic access to the
databases or the information itself," she added.
UK had previously resisted joining the Pr|m Treaty. "The implications of
this treaty are far reaching and will affect all EU citizens," said Philip
Bradbourn, Conservative justice and home affairs spokesman. However, UK has
signed this new EU deal.
"We are sleepwalking into a Big Brother Europe while our government stands
idly by" said Syed Kamall, a British Conservative MEP.
Police will share data across Europe against privacy chief's advice
(14.06.2007)
http://www.out-law.com//default.aspx?page=8148
DNA data deal 'will create Big Brother Europe' (11.06.2007)
http://www.eupolitix.com/EN/News/200706/462d5e3f-1a57-4805-a12e-1cb072b124d…
Pr|m Treaty will allow EU27 to exchange DNA data to fight crime (7.06.2007)
http://www.europarl.europa.eu/news/expert/infopress_page/019-7568-157-06-23…
Controversial data-sharing deal to get the go-ahead (12.06.2007)
http://euobserver.com/9/24244
EDRI-gram: From Schengen to Pr|m: Data Protection under 3rd pillar a
prerequisite (28.02.2007)
http://www.edri.org/edrigram/number5.4/prum
============================================================
4. French collective society sues P2P producers
============================================================
Under the cover of the DADVSI law with the so-called Vivendi amendment
(initiated by Vivendi Universal) the French association SPPF (Sociiti
civile
des producteurs de phonogramme en France - The French collective society for
phonogram producers representing the independent labels) started a legal
action against P2P software producers.
The Vivendi amendment, strongly debated in the Parliament, but supported by
Nicolas Sarkozy and barely passed by the Joint Committee of the National
Assembly and the Senate, considers as criminal the creation and distribution
of all software obviously intended to provide to public some unauthorised
copyrighted works. The non-compliance is punished by three years of prison
and a 300 000 Euro fine. From a civil law point of view, the amendment
obliges the creators of the P2P software to implement prevention measures in
order to prohibit downloading alleged illegal content.
The amendment gave SPPF the opportunity to file ridiculous actions against
two P2P software producers Morpheus and Azureus with a third, Shareaza,
being next in line to be sued.
SPPF initiated the suit as a civil action, considering the criminal actions
would have been too complicated to organize. Also the civil actions give the
possibility to ask for consistent damages as stated Jirtme Roger, SPPF
director. SPPF asks 16.6 millions Euros from Azureus and 3.7 millions Euros
from Morpheus. The figures are based on a poll carried out by AdVestigo
company, of downloads in the P2P networks over a period of 10 months on a
sample of 4750 titles. Then the results were enlarged for their entire
catalogue of 475 000 titles and the total was multiplied with 2 Euros (1
Euro as the price for a sale and 1 Euro as damages).
France : SPFF attacks Morpheus, Azureus and Shareaza (only in French,
12.06.2007)
http://www.ratiatum.com/news5163_France_la_SPFF_attaque_Morpheus_Azureus_et…
P2P : Details on the legal actions of SPPF (only in French, 12.06.2007)
http://www.ratiatum.com/breve5164_P2P_precisions_sur_les_actions_judiciaire…
EDRI-gram : Update on French EUCD Transposition (29.03.2006)
http://www.edri.org/edrigram/number4.6/frencheucd
============================================================
5. Privacy Ranking of Internet Service Companies
============================================================
Privacy International (PI) has undertaken a study that reveals the
privacy threats and rank the positions in this matter of key players on the
Internet services market. The objective of the research is not only to point
fingers but also to find out trends and emergent issues related to privacy
on the Internet.
The report was issued by PI after a six-month investigation on the privacy
practices covering search, email, e-commerce and social networking sites.
The methodology used included 20 main parameters among which data
collection and processing, data retention, openness and transparency or
responsiveness to customers' complaints.
Data was gathered from newspaper articles, privacy policies, blogs,
submissions to government inquiries, information obtained from present and
former company staff, technical analyses and interviews with company
representatives.
Because the 2007 rankings are a precedent, PI will regard the current report
as a consultation report and will establish a broad outreach for two months
to ensure that any new and relevant information is taken into account before
publishing a full report in September.
The research has coded the companies by colour, from green "privacy-friendly
and privacy enhancing", to black, "comprehensive consumer surveillance and
entrenched hostility to privacy". While there was no company ranked in the
green area, and only few were ranked blue, "generally privacy aware", (such
as eBay, LiveJournal, Wikipedia), the only company coded black by the
preliminary stage of the research was Google.
Google was mostly criticized for its lack of transparency, PI considering
that its data retention policy was not very clear. "Google maintains records
of all search strings and the associated IP-addresses and time stamps for at
least 18 to 24 months and does not provide users with an expungement
option. Google has access to additional personal information, including
hobbies, employment, address, and phone number, contained within user
profiles in Orkut. Google often maintains these records even after a user
has deleted his profile or removed information from Orkut."
Google's privacy policy was considered "vague, incomplete and possibly
deceptive", and its response to customers' complaints, a poor one.
A Google employee's blog, Matt Cutts, complained by the fact that the
company was not given credit for not handing over data to the US Government
and for not having leaked search queries of its users.
In an open letter addressed to Google's CEO Eric Schmidt, Privacy
International accused Google for having smeared its good name. "Two European
journalists have independently told us that Google representatives have
contacted them with the claim that 'Privacy International has a conflict of
interest regarding Microsoft'." PI also stated no company had made such
accusation in its 17 years of life.
PI asked for an apology from Google, "but if you cannot deliver this then I
think you should reflect carefully on the actions of your representatives
before embarking on what I believe amounts to a smear campaign. As with
Microsoft, eBay and any other organisation we are more than happy to work
with you to help resolve the many privacy challenges for Google that our
report has highlighted."
A Race to the Bottom: Privacy Ranking of Internet Service Companies, A
Consultation report (9.06.2007)
http://www.privacyinternational.org/article.shtml?cmd[347]=x-347-553961
Privacy International accuses Google of smear campaign (11.06.2007)
http://www.theregister.co.uk/2007/06/11/google_privacy_international/
Why I disagree with Privacy International (11.06.2007)
http://www.mattcutts.com/blog/privacy-international-loses-all-credibility/
An Open Letter to Google (10.06.2007)
http://www.privacyinternational.org/article.shtml?cmd[347]=x-347-553964
============================================================
6. European Visa Information System accepted by the EU bodies
============================================================
The legislative package on the Visa Information System (VIS) was
adopted by the European Parliament and a political agreement was
reached within the Justice and Home Affairs Council in the last couple of
weeks. This means that the final steps have been adopted to create the
biggest biometric database in the world.
The VIS Legislative package is formed by the VIS Regulation and the VIS
Decision. The VIS Regulation will allow consulates and other competent
authorities to start using the system when processing visa applications and
to check visas. The VIS Decision will allow police and law enforcement
authorities to consult the data under certain conditions that should ensure
a high level of data protection.
The European Parliament adopted on 7 June 2007 two reports from Baroness
Sarah Ludford (ALDE, UK). The first report that adopted the VIS regulation
aimed at preventing an applicant who is refused a visa by one Schengen
country from applying to others ("visa shopping"), but also facilitating the
fight against fraud and checks at external borders.
The second report that adopted the VIS decision stated that the access to
the VIS database should be "limited to those who 'have a need to know' and
possess appropriate knowledge about data security and data protection
rules". The report stresses that "adequate provisions have to be provided
for to ensure the necessary data protection", and that such data "shall only
be processed for the purposes of the prevention, detection, investigation
and prosecution of terrorist offences or other serious criminal offences."
The report also states that "personal data obtained...from the VIS shall not
be transferred or made available to a third country or to an international
organisation."
Less than a week later the VIS package obtained the political agreement in
the Justice and Home Affairs Council, thus making the new system almost a
reality, because the new rules need just to be formally approved by the EU
member-states governments.
The Visa Information System will store data on up to 70 million people
concerning visas for visits to or transit through the Schengen Area. This
data will include biometrics (photographs and fingerprints) and written
information such as the name, address and occupation of the applicant, date
and place of the application, and any decision taken by the Member State
responsible to issue, refuse, annul, revoke or extend the visa. Citizens of
more than 100 countries need a visa to enter the EU.
The Baroness Sarah Ludford MEP insisted that "the VIS is a
border-management system and its principle is not to combat terrorism and
crime. Let us remember that 99.9% of visitors to the EU are legitimate
travellers who do not have any connection with criminality whatsoever, nor
indeed do illegal immigrants or unauthorised entrants."
The Conservatives have condemned the reports as an invasion of privacy
rights, and have called on UK government to opt out. European Data
Protection Supervisor Peter Hustinx expressed his concern: "The circle of
data subjects that can be included in this system is not limited to data of
persons suspected or convicted of specific crimes."
EU visa information system to help prevent visa shopping (7.06.2007)
http://www.europarl.europa.eu/news/expert/infopress_page/019-7569-157-06-23…
Visa Information System (VIS): The JHA-Council reaches a political agreement
on the VIS Regulation and VIS Decision (12.06.2007)
http://www.europa.eu/rapid/pressReleasesAction.do?reference=IP/07/802&forma…
EU to create world's biggest bio-data pool (13.06.2007)
http://euobserver.com/22/24261
EU backs biometrics visa database (8.06.2007)
http://www.euractiv.com/en/justice/eu-backs-biometrics-visa-database/articl…
EDRI-gram: EU Visa Database under scrutiny of the European Data Protection
Supervisor (2.02.2006)
http://www.edri.org/edrigram/number4.2/visadatabase
============================================================
7. Google answers Article 29 Working Party on data protection standards
============================================================
Google has answered several questions related to its data protection
standards addressed by the Article 29 Working Party, especially on the
period after which the anonymisation of the search server logs can be
obtained.
Initially Google announced in March 2007 a reduction of the retention period
for data related to users and their searches to 18-24 months, but, after the
Article 29 Working Party's letter, Peter Fleischer, global privacy counsel
at Google, accepted a period of 18 months. However, he
also stated that the period could be extended to 24 months, depending on the
implementation of the Data retention directive in some of the EU member
states.
Google explained that the period is necessary to use for logs in their
activities, such as spell-checking help, preventing abuse and fraud or
helping users refining their search queries based on previous experiences.
The privacy counsel has also used as one of the main reasons for keeping the
logs, the requirements of the Data retention directive that will require the
state members to keep the traffic data between 6 and 24 months. But he also
raised several questions marks regarding the clarity of the text of the
directive.
However, Philippos Mitletton, that works for the European Commission's Data
Protection Unit, explained to Out-Law that the data retention directive
should not apply to Google
"The Data Retention Directive applies only to providers of publicly
available electronic communications services or of public communication
networks and not to search engine systems. Accordingly, Google is not
subject to this Directive as far as it concerns the search engine part of
its applications and has no obligations thereof."
But Google's letter goes beyond the text of the directive and expresses
concerns about the possibile extentions of the directive's purpose at the
implementation of the Data Retention Directive in each EU member-state. It
also reffers to the German Ministry of Justice proposal that webmail
providers should be required to verify the identity of their
account holders and asks " Could we challenge its legality in court, either
as an unconstitutional infringement of privacy, or as an example of
jurisdictional over-reach?" In practice, the German working group against
data retention has already gathered a lot of supporters for a constitutional
court challenge against the data retention law, that would be the largest
constitutional court case in Germany ever.
The letter Google has sent to the Article 29 Working Party points also to
other privacy-sensitive issues raised. The major search engine explained
that its anonymisation process deletes the final digits of the logged IP
addresses and that the process is irreversible, even for Google staff.
Fleischer explained also the Google position regarding cookies: "We believe
that cookies data management in a user's browser is fundamentally a
browser/client issue, not a service/server issue. Therefore, the lifetime of
a cookie does not indicate or imply any enforcement of data retention. We
also believe that cookie lifetimes should not be so short as to expire and
force users to re-enter basic preferences (such as language preference).
Nonetheless, we acknowledge that cookie lifetimes should be "proportionate"
to the data processing being performed."
Article29 Working party letter to Google (16.05.2007)
http://ec.europa.eu/justice_home/fsj/privacy/news/docs/pr_google_16_05_07_e…
Google response to Article 29 Working Party (10.06.2007)
http://64.233.179.110/blog_resources/Google_response_Working_Party_06_2007.…
How long should Google remember searches? (11.06.2007)
http://googleblog.blogspot.com/2007/06/how-long-should-google-remember.html
Google makes data retention concession(12.06.2007)
http://www.out-law.com/page-8140
Data retention laws do not cover Google searches, says Europe (13.06.2006)
http://www.out-law.com/page-8147
EDRI-gram: Privacy bodies investigate Google's data protection standards
(25.04.2007)
http://www.edri.org/edrigram/number5.8/google-data-protection
EDRI-gram: Google limits the search data retention period (28.03.2007)
http://www.edri.org/edrigram/number5.6/google-data-retention
============================================================
8. ENDitorial: The 2001 CoE Cybercrime Convention more dangerous than ever
============================================================
The Council of Europe (CoE) has definitely highly prioritised the broad
ratification, all over the world, of its Convention on Cybercrime, opened to
signatures since November 2001 and entered into force on 1 July 2004. As
part of its efforts to achieve this goal, a conference on "Cooperation
against cybercrime" was held in Strasbourg on 11-12 June 2007, to which EDRI
was invited to participate with a presentation (some of the participants
presentations are available on the conference website).
This conference was organized in the framework of the CoE Octopus programme
against corruption and organised crime in Europe, three years after the 2004
venue on "The challenge of cybercrime" and two years after the joint CoE-OAS
(Organisation of American States) conference on "Cybercrime: a global
challenge, a global response". The CoE has also been promoting this
Convention in many international fora, including the World Summit on the
Information Society and its following-up Internet Governance Forum. Finally,
it has held numerous regional meetings and training events for member States
and third States to help them implement Convention -ready or -compatible
provisions in their legislations.
Almost 140 participants attended the conference (list available on the
conference website). They were mainly law enforcement authorities (LEAs)
from all over the world (representing 49 countries from the 5 continents),
plus 12 intergovernmental organisations (among them EUROPOL, INTERPOL, and
ENISA - the European network and information security agency), 3 non
governmental organisations (EDRI, ICMEC - the International Centre for
Missing and exploited children, and the French Human Rights League), 3
international multi-stakeholders forums (the Inhope association of Internet
hotlines, the Anti-Phishing forum and the London Action Plan against spam)
and 3 private sector (Microsoft, NASSCOM - India's national association for
software and service companies, and RSA).
Surprisingly, no representative from ISPs attended, and none of them was
invited to make a presentation, although the Convention on Cybercrime puts a
severe burden on them since most of its procedural provisions (articles 16
to 21) are directly requiring the cooperation of ISPs in order to achieve
preservation, production, search and seizure of stored computer data,
real-time collection of traffic data and interception of content data.
However, Microsoft was well represented and obviously given an important
role in the conference with no less than 3 presentations in plenary
sessions. A presentation by Alexander Seger, Head of Technical Cooperation
in the Department of Crime Problems (CoE DG of Legal Affairs) gave a clue to
understand this special treatment: the CoE has launched a new project
against cybercrime, "a global project to support European and non-European
countries to accede and implement the Convention on cybercrime or its
Protocol on xenophobia and racism", (details on the project available on the
conference website), which started on September 2006 for a duration of 30
months. The overall budget is 1.7 million euros, of which only 550,000 euros
are currently available: 290,000 euros from the CoE own funding and 260,000
euros from Microsoft contribution.
It has to be noted that this private funding is new practice to the CoE, to
the extent that Microsoft funding had to be approved by the CoE Council of
Ministers. As Alexander Seger suggested in his presentation, "other donors
(public and private) [are] invited to join this project" and "beyond this
project, CoE may now seek stronger cooperation with the private sector". If
such extension is indeed realised in the future, one may wonder whether the
CoE will be able to remain the reference it currently represents in terms of
respect for human rights, democracy and the rule of law. Interestingly
enough, this trend in having CoE projects funded by the private sector
starts with this very Convention on cybercrime, probably the only one among
the current 200 CoE Treaties which have been so criticized by human rights
NGOs, as EDRI reminded in its presentation. While Alexander Seger and
Microsoft representatives insisted on the fact that "no specific condition
[has been] attached to the financial contribution from Microsoft", it would
be quite naive to find this "guarantee" satisfactory: agenda -setting
and -pushing is certainly already worth the money spent.
The interest of companies like Microsoft in such a project is directly
linked to the substantive provisions of the Convention (articles 2 to 13),
which aim at harmonizing the criminalisation of the commission of "offences
against the confidentiality, integrity and availability of computer data and
systems" (art. 2-6), "computer related offences" (forgery and fraud, art.
7-8), "content-related offences" (Internet child pornography, art. 9),
"offences related to infringements of copyright and related rights" (art.
10) or attempting, aiding or abetting the commission of such offences (art.
11).
Copyright infringement was almost not evoked during the 2007 conference. The
fight against Internet child pornography served as the consensual vehicle to
promote such tools as both the Convention and private hotlines: concerns
regarding the respect for the rule of law, as raised by EDRI, were received,
as usual, with suspicion of laxity. EDRI was the only participant pointing
to the fact that the additional Protocol against racism and xenophobia could
only be ratified by countries that already criminalise in their national
laws the dissemination of such content, as well as insults and threats based
on racism and xenophobia. Thus, it would never solve cases such as the
famous Yahoo! case between France and the USA, simply because, as EDRI
noted, the Convention and its Protocol fail to address the major issue of
the competence of jurisdictions.
The real big issues for LEAs during this conference were the most prevalent
threats as well as the new trends they perceive in current cybercrime
activities: spamming, phishing and its many variants using SMS (SMSishing),
VoIP (Vishing), DNS redirections (pharming), the use of botnets, the use of
P2P networks and instant messaging systems, were among the many identified
aspects of a proteiform cybercrime. Although all the presentations on these
trends (specially from Europol and from French LEAs) acknowledged the lack
of statistics and the difficulty to gather data on this kind of crime, they
were able to agree on its current volume and its broadening, and to conclude
on the increased need to limit - if not forbid - anonymity and encryption of
exchanges, to better control the Internet use from cybercafes and other
public places, and, last but not least, to further extend cooperation with
private sector (telecom operators and ISPs) and communication and exchange
of data among LEAs for mutual assistance purposes.
International cooperation between LEAs is exactly the subject of the
numerous remaining provisions of the Convention (articles 23 to 35). In
summary, these provisions allow any State party to the Convention to request
from any other party the communication of data collected under the
provisions of articles 16 to 21, without any dual criminality requirement
(except if relevant reservation has been made upon ratification) and with
very limited possibility of refusal: actually, as Henrik Kaspersen,
professor at the Free university of Amsterdam and chair of the committee of
the CoE Convention on cybercrime, analysed, the current 43 signatories
(among them 21 having ratified the text) made a quite moderate use of
reservations. Moreover, the Convention conditions and safeguards (article
15) are far from being adequate and harmonised among the State parties to
the Treaty: although the EU Article 29 working group warned against this and
other failures of the Convention when the text was still being drafted, its
opinion was not taken into account. With the extension of the Convention to
States with far less privacy safeguards than the CoE member States - which
are bound by the European Convention on Human Rights -, starting with the
USA, this threat is becoming to realise the worst fears of the Global
Internet Liberty Campaign (GILC) international coalition of NGOs - among
them future EDRI founders - when it published in 2001 its "Eight Reasons the
International Cybercrime Treaty Should be Rejected", after a long campaign
against the eventually signed Convention.
Furthermore, although one can argue that, since 2001, the situation has
become even worse with laws adopted all over the world, including at the
European Union level, it has to be acknowledged that "the CoE Convention on
cybercrime opened the way to more and more invasive laws", as EDRI concluded
at the end of its presentation at this conference, leading to have "on-line
activities and behaviours more criminalised than their off-line equivalent
and citizens benefit from less protections and safeguards on-line than
off-line". In order to limit the risk that, six years after its signature,
the CoE Convention on cybercrime becomes more dangerous than ever, EDRI
advocated, "before any further extension in scope and/or
ratification/accession, (the) need for an assessment of the Convention and
its national implementations with regards to human rights, democracy and the
rule of law". Finally, in the same way as EDRI considers that, at the EU
level, data protection under third pillar is a prerequisite to any
broadening of information systems in criminal matters, EDRI recommended that
the Council of Europe "devote[s] an equivalent energy to extend
ratifications/accessions to Convention no.108 for the protection of
individuals with regard to automatic processing of personal data". But such
a goal does not seem to be on CoE agenda.
CoE Octopus Conference 2007 (11-12.06.2007)
http://www.coe.int/t/e/legal_affairs/legal_co-operation/combating_economic_…
CoE Octopus Conference 2004 (15-17.09.2004)
http://www.coe.int/t/e/legal_affairs/legal_co-operation/combating_economic_…
Joint COE-OAS Conference 2005 (12-13.10.2005)
http://www.coe.int/T/E/Legal_Affairs/About_us/Cooperation/5Madrid(cyber)_OA…
EU Article 29 WP Opinion on the CoE Draft Convention on Cybercrime
(22.03.2001)
http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2001/wp41en.pdf
GILC coalition "Treaty Watch" website
http://www.treatywatch.org
IRIS dossier of the campaign against the Convention and its Protocol (only
in French)
http://www.iris.sgdg.org/actions/cybercrime
EDRI-gram: From Schengen To Pr|m: Data Protection Under 3Rd Pillar A
Prerequisite (28.02.2007)
http://www.edri.org/edrigram/number5.4/prum
CoE Convention no.108 on data ptrotection (28.01.1981)
http://conventions.coe.int/Treaty/Commun/QueVoulezVous.asp?NT=108&DF=6/20/2…
(Contribution by Meryem Marzouki, EDRI-member IRIS - France)
============================================================
9. Recommended Reading
============================================================
Belgian Biometric Passport does not get a pass...
Your personal data are in danger!
http://www.dice.ucl.ac.be/crypto/passport/index.html
Centre for Educational Research and Innovation - Giving Knowledge for Free
The Emergence of Open Educational Resources
http://www.oecdbookshop.org/oecd/display.asp?CID=&LANG=EN&SF1=DI&ST1=5L4S6T…
============================================================
10. Agenda
============================================================
8 May - 22 July 2007, Austria
Annual decentralized community event around free software lectures,
panel discussions, workshops, fairs and socialising
http://www.linuxwochen.at
17-22 June 2007 Seville, Spain
19th Annual FIRST Conference, "Private Lives and Corporate Risk"
http://www.first.org/conference/2007/
18-22 June 2007, Geneva, Switzerland
Second Special Session of the Standing Committee on Copyright and Related
Rights (SCCR)
http://www.wipo.int/meetings/en/details.jsp?meeting_id=12744
28 June 2007, London, UK
First London CC-Salon organized by Free Culture London and the Open Rights
Group
http://wiki.creativecommons.org/London_Salon
8-12 August 2007, near Berlin, Germany
Chaos Communication Camp 2007
"In Fairy Dust We Trust!"
http://events.ccc.de/camp/2007/
5-11 September 2007, Linz, Austria
Ars Electronica Festival - Festival for Art, Technology and Society
http://www.aec.at/en/festival2007/index.asp
25 September 2007, Montreal, Canada
Civil Society Workshop: Privacy Rights In A World Under Surveillance
A one-day workshop organized by the International Civil Liberties Monitoring
Group (ICLMG) in cooperation with Canadian and international civil rights
and privacy organizations ahead of the 29th International Conference of Data
Protection and Privacy Commissioners in Montreal.
http://www.thepublicvoice.org/events/montreal07/default.html
12-15 November 2007, Rio de Janeiro, Brazil
The Government of Brazil will host the second Internet Governance Forum
meeting.
http://www.intgovforum.org/
http://cgi.br/igf/
============================================================
11. About
============================================================
EDRI-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRI has 25 members from 16 European countries.
European Digital Rights takes an active interest in developments in the EU
accession countries and wants to share knowledge and awareness through the
EDRI-grams. All contributions, suggestions for content, corrections or
agenda-tips are most welcome. Errors are corrected as soon as possible and
visibly on the EDRI website.
Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 2.0 License. See the full text at
http://creativecommons.org/licenses/by/2.0/
Newsletter editor: Bogdan Manolea <edrigram(a)edri.org>
Information about EDRI and its members:
http://www.edri.org/
- EDRI-gram subscription information
subscribe by e-mail
To: edri-news-request(a)edri.org
Subject: subscribe
You will receive an automated e-mail asking to confirm your request.
unsubscribe by e-mail
To: edri-news-request(a)edri.org
Subject: unsubscribe
- EDRI-gram in Macedonian
EDRI-gram is also available partly in Macedonian, with delay. Translations
are provided by Metamorphosis
http://www.metamorphosis.org.mk/edrigram-mk.php
- EDRI-gram in German
EDRI-gram is also available in German, with delay. Translations are provided
Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for
Internet Users
http://www.unwatched.org/
- Newsletter archive
Back issues are available at:
http://www.edri.org/edrigram
- Help
Please ask <edrigram(a)edri.org> if you have any problems with subscribing or
unsubscribing.
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
On 08/08/2012 06:37 AM, liberationtech(a)lewman.us wrote:
> On Tue, Aug 07, 2012 at 05:18:02PM -0700, erik(a)sundelof.com wrote 4.7K bytes in 111 lines about:
> :partial defenses using any technology tool. I may feel too strong about
> :tools being discussed as THE solution or THE bulletproof vest so to speak.
>
> I'm not picking on you Erik, but this comment finally struck me
> about what's bothered me with this debate. There is no such thing as 'the
> bulletproof vest'.
I don't think anyone is saying we want an "ultimate solution." We have
a set of technologies that we're trying to replace with a more secure
solution (GChat, Facebook, etc...). It's as simple as looking at the
attack vectors that we're concerned users will experience with these
existing web-based chat solutions and asking the question of whether
CryptoCat improves on any of them.
Again, as I see it, there are three possible vectors for attack with
existing web-based chat solutions:
1) SSL intercept.
2) Server infrastructure.
3) Operator.
These are not theoretical, pie-in-the-sky vectors. These are things
that are actually happening, are within the state of the art of an
average adversary, and are within the scope of what this type of
technology problem could potentially address.
My analysis is that the CryptoCat technology does not improve any of
these three vectors, and in fact might make the user more at risk to
compromise through #1 and #2 than with existing web-based chat solutions
(GChat, etc...).
So again, I don't believe that those of us who have concerns about
CryptoCat are asking for a "bulletproof vest." We're not demanding the
"ultimate tool." To use your analogy, I'm looking for a bulletproof
vest that's at minimum not rated *worse* than GChat, and ideally is
rated some degree higher.
- moxie
--
http://www.thoughtcrime.org
_______________________________________________
liberationtech mailing list
liberationtech(a)lists.stanford.edu
Should you need to change your subscription options, please go to:
https://mailman.stanford.edu/mailman/listinfo/liberationtech
If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Should you need immediate assistance, please contact the list moderator.
Please don't forget to follow us on http://twitter.com/#!/Liberationtech
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0