July 2018 - cypherpunks-legacy

For IP: Skype encryption stumps German police
by Ole Jacobsen 06 Jul '18

06 Jul '18

Interesting: http://news.yahoo.com/s/nm/20071122/wr_nm/security_internet_germany_dc_3;_y… Ole J. Jacobsen Editor and Publisher, The Internet Protocol Journal Cisco Systems Tel: +1 408-527-8972 Mobile: +1 415-370-4628 E-mail: ole(a)cisco.com URL: http://www.cisco.com/ipj ------------------------------------------- Archives: http://v2.listbox.com/member/archive/247/=now RSS Feed: http://v2.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

[IP] Skype encryption stumps German police
by David Farber 06 Jul '18

06 Jul '18

Begin forwarded message:

1 0

DCSB: Chuck Wade; New Authentication Services--A pending train wreck?
by R. A. Hettinga 06 Jul '18

06 Jul '18

-----BEGIN PGP SIGNED MESSAGE----- [The Harvard Club is now "business casual". No more jackets and ties, but see below for details. While it lasts, anyway. Since the dot-bomb, the suit-probability in the main dining room has been asymptotically approaching unity. :-). --RAH] The Digital Commerce Society of Boston Presents Chuck Wade New Authentication Services--A pending train wreck? Tuesday, December 4th, 2001 12 - 2 PM The Downtown Harvard Club of Boston One Federal Street, Boston, MA The IT industry's holy grail has always been "single sign-on," and now Microsoft is promising to deliver this long-sought treasure with its Passport offering. Meanwhile, AOL, Oracle and Sun (with its friends in the Liberty Alliance) are also claiming to have found solutions to the single sign-on problem. In the payments world, Visa is readying a new authentication service called 3-D Secure for over-the-Internet credit card transactions, while MasterCard prepares to introduce its SPA authentication technology and American Express is still promoting its Blue Card and associated wallet software. Interest in authentication services, including single sign-on, has reached a fever pitch since the tragic events of September 11th, although interest was building even before the twin towers collapsed. With all of these new authentication services coming to market, it might seem that the IT industry is about to finally get some much-needed relief from the suffering associated with weak, or non-existent, authentication. Unfortunately, what we may be about to witness instead is another industry train wreck as competing solutions collide in the midst of a skeptical market place. This talk will highlight some of the strengths and weaknesses of these emerging authentication services. It will also discuss their common failure to address the real requirements of users. Some thoughts will be offered on how the industry approach needs to change if viable authentication services are ever to be adopted in the real world. Chuck Wade consults on Internet payments and security. He was previously engaged as a Senior Researcher at CommerceNet, and as a Principal Consultant in the Information Security Group of BBN Technologies. At BBN, he led Electronic Commerce initiatives and client engagements, with most of his consulting work within the Financial Industry. As one of the original participants in the FSTC eCheck Project, Chuck has been involved with over-the-Internet electronic payments since the mid 1990's. He also contributed directly to the architecture, design, deployment and testing of various large, mission-critical networks, including the trading floor network for the New York and American Stock Exchanges. In a career spanning a quarter century, Chuck spent all of the '90s with BBN (now a part of Verizon) as a Consultant and Systems Architect. During most of the '80s, he worked at Motorola directing the Advanced Technology Group for their Codex division. He has also worked in the minicomputer industry and university research. He holds both Sc.B. and Sc.M. degrees from Brown University in Electrical Engineering. This meeting of the Digital Commerce Society of Boston will be held on Tuesday, December 4th, 2001, from 12pm - 2pm at the Downtown Branch of the Harvard Club of Boston, on One Federal Street. The price for lunch is $37.50. This price includes lunch, room rental, A/V hardware if necessary, and the speakers' lunch. The Harvard Club has relaxed its dress code, which is now "business casual", meaning no sneakers or jeans. Fair warning: since we purchase these luncheons in advance, we will be unable to refund the price of your meal if the Club finds you in violation of what's left of its dress code. We need to receive a company check, or money order, (or, if we *really* know you, a personal check) payable to "The Harvard Club of Boston", by Saturday, December 1st, or you won't be on the list for lunch. Checks payable to anyone else but The Harvard Club of Boston will be returned. Checks should be sent to Robert Hettinga, 44 Farquhar Street, Boston, Massachusetts, 02131. Again, they *must* be made payable to "The Harvard Club of Boston", in the amount of $37.50. Please include your e-mail address so that we can send you a confirmation If anyone has questions, or has a problem with these arrangements (we've had to work with glacial A/P departments more than once, for instance), please let us know via e-mail, and we'll see if we can work something out. Upcoming speakers for DCSB are: January James Turk Non-Bank Payment Systems February TBA As you can see, :-), we are actively searching for future speakers. If you are in Boston on the first Tuesday of the month, are a principal in digital commerce, and would like to make a presentation to the Society, please send e-mail to the DCSB Program Committee, care of Robert Hettinga, <mailto: rah(a)shipwright.com>. For more information about the Digital Commerce Society of Boston, send "info dcsb" in the body of a message to <mailto: majordomo(a)reservoir.com> . If you want to subscribe to the DCSB e-mail list, send "subscribe dcsb" in the body of a message to <mailto: majordomo(a)reservoir.com> . We look forward to seeing you there! -----BEGIN PGP SIGNATURE----- Version: PGP 7.0 iQEVAwUBO/Z+lcUCGwxmWcHhAQGU+ggAs4e7abFasaxckLi+Oo8nqPeb9noeuoFZ QAn6hDUJmqFgkkhcJ3i0z0+Aw6hIT3pQ3iL/AE3q2TGGOOu4q4Ca30Ghh9m5ScNx rRJTDa4UD2PZjWVcIWJ+RqCnSOKRsCR2epMzLjDJXCZ+NhmBsAJf2Wrec78nTQN7 lS3g5sUyE0PMUNTjMByeWvts3wClsQqnlXOaP8uGHdENKMoXioVZtdPbfcKWXPag K2BRJ8xkyMb1vr8XUYpa8mBZh+ItddAtGikB39vPbDFqouLFP6zU6Vk7dc8yhoCm j70jilWp7F4zT+n0EM0CTKXLrhekbZX0Vd7qzvzXoFEO90IIpZpFng== =hQe4 -----END PGP SIGNATURE----- -- ----------------- R. A. Hettinga <mailto: rah(a)ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To unsubscribe from this list, send a letter to: Majordomo(a)reservoir.com In the body of the message, write: unsubscribe dcsb-announce Or, to subscribe, write: subscribe dcsb-announce If you have questions, write to me at Owner-DCSB(a)reservoir.com --- end forwarded text -- ----------------- R. A. Hettinga <mailto: rah(a)ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

1 0

[i2p] weekly status notes [sep 14]
by jrandom 06 Jul '18

06 Jul '18

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi y'all, its that time of the week again * Index: 1) 0.4.0.1 2) Threat model updates 3) Website updates 4) Roadmap 5) Client apps 6) ??? * 1) 0.4.0.1 Since last Wednesday's 0.4.0.1 release, things have been going pretty well on the net - more than 2/3rd of the network has upgraded, and we'e been maintaining between 60 and 80 routers on the network. IRC connection times vary, but lately 4-12 hour connections have been normal. There have been some reports of funkiness starting up on OS/X though, but I believe some progress is being made on that front too. * 2) Threat model updates As mentioned in reply [1] to Toni's post [2], there has been a pretty substantial rewrite of the threat model [3]. The main difference is that rather than the old way of addressing the threats in an ad-hoc manner, I tried to follow some of the taxonomies offered within the literature [4]. The biggest problem for me was finding ways to fit the actual techniques people can use into the patterns offered - often a single attack fit within several different categories. As such, I'm not really too pleased with how the information in that page is conveyed, but its better than it was before. [1] http://dev.i2p.net/pipermail/i2p/2004-September/000442.html [2] http://dev.i2p.net/pipermail/i2p/2004-September/000441.html [3] http://www.i2p.net/how_threatmodel [4] http://freehaven.net/anonbib/topic.html * 3) Website updates Thanks to Curiosity's help, we've begun on some updates to the website - the most visible of which you can see on the homepage itself. This should help people out who stumble upon I2P and want to know right off the bat wtf this I2P thing is, rather than having to hunt and peck through the various pages. In any case, progress, ever onwards :) * 4) Roadmap Speaking of progress, I've finally thrown together a revamped roadmap [5] based upon what I feel we need to implement and upon what must be accomplished to provide for the user's needs. The major changes to the old roadmap are: * Drop AMOC altogether, replaced with UDP (however, we'll support TCP for those who can't use UDP *cough*mihi*cough*) * Kept all of the restricted route operation to the 2.0 release, rather than bring in partial restricted routes earlier. I believe we'll be able to meet the needs of many users without restricted routes, though of course with them many more users will be able to join us. Walk before run, as they say. * Pulled the streaming lib in to the 0.4.3 release, as we don't want to go 1.0 with the ~4KBps per stream limit. The bounty on this is still of course valid, but if no one claims it before 0.4.2 is done, I'll start working on it. * TCP revamp moved to 0.4.1 to address some of our uglier issues (high CPU usage when connecting to people, the whole mess with "target changed identities", adding autodetection of IP address) The other items scheduled for various 0.4.* releases have already been implemented. However, there is one other thing dropped from the roadmap... [5] http://www.i2p.net/roadmap * 5) Client apps We need client applications. Applications that are engaging, secure, scalable, and anonymous. I2P by itself doesn't do much, it merely lets two endpoints talk to each other anonymously. While I2PTunnel does offer one hell of a swiss army knife, tools like that are only really engaging to the geeks among us. We need more than that - we need something that lets people do what they actually want to do, and that helps them do it better. We need a reason for people to use I2P beyond simply because its safer. So far I've been touting MyI2P to meet that need - a distributed blogging system offering a LiveJournal-esque interface. I recently [6] discussed some of the functionality within MyI2P on the list. However, I've pulled it out of the roadmap as its just too much work for me to do and still give the base I2P network the attention it needs (we're already packed extremely tight [7]). There are a few other apps that have much promise. Stasher [8] would provide a significant infrastructure for distributed data storage, but I'm not sure how that's progressing. Even with Stasher, however, there would need to be an engaging user interface (though some FCP apps may be able to work with it). IRC is also a potent system, though has its limitations due to the server-based architecture. oOo has done some work to see about implementing transparent DCC though, so perhaps the IRC side could be used for public chat and DCC for private file transfers or serverless chat. General eepsite functionality is also important, and what we have now is completely unsatisfactory. As DrWoo points out [9], there are significant anonymity risks with the current setup, and even though oOo has made some patches filtering some headers, there is much more work to be done before eepsites can be considered secure. There are a few different approaches to addressing this, all of which can work, but all of which require work. I do know that duck mentioned he had someone working on something, though I don't know how thats coming or whether it could be bundled in with I2P for everyone to use or not. Duck? Another pair of client apps that could help would be either a swarming file transfer app (ala BitTorrent) or a more traditional file sharing app (ala DC/Napster/Gnutella/etc). This is what I suspect a large number of people want, but there are issues with each of these systems. However, they're well known and porting may not be much trouble (perhaps). Ok, so the above isn't anything new - why did I bring them all up? Well, we need to find a way to get an engaging, secure, scalable, and anonymous client application implemented, and it isn't going to happen all by itself out of the blue. I've come to accept that I'm not going to be able to do it myself, so we need to be proactive and find a way to get it done. To do so, I think our bounty system may be able to help, but I think one of the reasons we haven't seen much activity on that front (people working on implementing a bounty) is because they're spread too thin. To get the results we need, I feel we need to prioritize what we want and focus our efforts on that top item, 'sweetening the pot' so as to hopefully encourage someone to step up and work on the bounty. My personal opinion is still that a secure and distributed blogging system like MyI2P would be best. Rather than simply shoveling data back and forth anonymously, it offers a way to build communities, the lifeblood of any development effort. In addition, it offers a relatively high signal to noise ratio, low chance for abuse of the commons, and in general, a light network load. It doesn't, however, offer the full richness of normal websites, but the 1.8 million active LiveJournal users don't seem to mind. Beyond that, securing the eepsite architecture would be my next preference, allowing browsers the safety they need and letting people serve eepsites 'out of the box'. File transfer and distributed data storage are also incredibly powerful, but they don't seem to be as community oriented as we probably want for the first normal end user app. I want all of the apps listed to be implemented yesterday, as well as a thousand other apps I couldn't begin to dream of. I also want world peace, and end to hunger, the destruction of capitalism, freedom from statism, racism, sexism, homophibia, an end to the outright destruction of the environment and all that other evil stuff. However, we are only so many people and we can only accomplish so much. As such, we must prioritize and focus our efforts on achieving what we can rather than sit around overwhelmed with all we want to do. Perhaps we can discuss some ideas about what we should do in the meeting tonight. [6] http://dev.i2p.net/pipermail/i2p/2004-September/000435.html [7] http://www.i2p.net/images/plan.png [8] http://www.freenet.org.nz/python/stasher/ [9] http://brittanyworld.i2p/browsing/ * 6) ??? Well, thats all I've got for the moment, and hey, I got the status notes written up *before* the meeting! So no excuses, swing on by at 9pm GMT and barrage us all with your ideas. =jr -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQUc1OhpxS9rYd+OGEQLaYQCg0qql8muvuGEh46VICx4t69PuRl8An0Ki 3GEF2jrg/i9csiMO6VdQccxH =4Tip -----END PGP SIGNATURE----- _______________________________________________ i2p mailing list i2p(a)i2p.net http://i2p.dnsalias.net/mailman/listinfo/i2p ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature]

1 0

Re: [drone-list] Robot warriors: Lethal machines coming of age
by Al Mac Wow 06 Jul '18

06 Jul '18

This article demonstrates a problem in how information gets communicated. 1. Something happens, technology development, a disaster, a crisis. 2. Millions of people react. 3. News media writes about a slice of this. 4. Thousands of people react to the news media, with parallel thoughts 5. Hundreds of people may decide to try to DO something constructive 6. They are operating in isolation from each other, the overhead of having an organization, figuring out how to manage it, draining a lot of resources. IRAC = International Committee for Robot Arms Control http://icrac.net/2012/11/dod-directive-on-autonomy-in-weapon-systems/ http://icrac.net/2011/12/new-scientist-campaign-asks-for-international-treat y-to-limit-war-robots/ http://www.popsci.com/military-aviation-amp-space/article/2009-09/no-nuke-or -space-military-bots-pleads-arms-control-committee http://blog.tmcnet.com/robotics/2009/09/new-group-aims-to-curb-military-use- of-robots.html They have had international conferences in different nations, proposed conventions, worked on them, promoted them. Yet, years after they started to make progress, someone who works in the same area of expertise (international arms control) is proposing we do, what they have been trying for years. She is not alone. There is also: HRW = Human Rights Watch, an NGO They have an effort to have autonomous weapons, without a human in the loop, banned. They have published a lot about this, and got a lot of reaction: (a) There are people in denial this is a problem. (b) There's a lot of debate in some academic and legal circles, regarding their premises, approaches, practicality. (c) I don't like some things which are being said about humans-in-the-loop. (d) Laws, and treaties, against things don't stop the things. There has to be competent regulation enforcement with all relevant leaders on board. American Society for the Prevention of Cruelty to Robots http://blogs.smithsonianmag.com/smartnews/2013/02/mistreated-robot-now-have- a-advocacy-group/ I found out about it thanks to drone-list. I have memory of other groups, but can't find the citations in the rapid search I checked this morning. The current UN investigation, into war crimes by drones with humans-in-the-loop, may have some results which are relevant. In addition to the Patriot anti-missile system mentioned in the article, there are variants such as the Israeli Iron Dome, and the US Navy AEGIS system, which connects various types of ship weapons to radar, other detection systems, evaluates threats, shoots them down, without a human in the loop. I believe the Vincennes shot down an Iranian airliner, using the AEGIS system. I have much more in my DRONE ROBOT notes. Al Mac (WOW) = Alister William Macintyre _____ -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys(a)stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/drone-list ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

[i2p] 0.4.2 is available
by jrandom 06 Jul '18

06 Jul '18

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi gang, Its been a long 2 months since the 0.4.1 release, but we've finally got the new 0.4.2 release out and ready for your consumption. As discussed in the meeting logs and weekly status notes, the main change is a new streaming library which will improve reliability, reduce latency, and get more appropriate throughput. The new release is NOT BACKWARDS COMPATIBLE, so you MUST UPGRADE. The update process is largely as before - though there is one important change, so please, read the instructions for updating on http://www.i2p.net/download The installer has also been changed a bit, streamlining some things, and on windows systems, we build shortcuts on in the start menu and on the desktop (if desired). There have also been numerous bugfixes and improvements along the way - please see the full list online for details: http://dev.i2p.net/cgi-bin/cvsweb.cgii2p/history.txt?rev=HEAD Anyway, thats that - please update as soon as possible, because if you don't, you wont be able to do anything on I2P at all - it is NOT BACKWARDS COMPATIBLE (should I repeat that a third time? maybe with blink tags?) If anyone has any problems, please post up on the list [1], the forum [2], or get on #i2p [3]! =jr [1] http://dev.i2p.net/pipermail/i2p/ [2] http://forum.i2p.net/ [3] irc://irc.freenode.net/i2p || irc://irc.duck.i2p/i2p jrandom@iggy:~/dev/042_dist$ openssl sha1 * SHA1(i2p.tar.bz2)= 67576badb93cdf081cf7bf6aa738aa6b977a881e SHA1(i2p_0_4_2.tar.bz2)= edb67ea2edd19cd0f974670d3b7e7a965a92d2b6 SHA1(i2pupdate.zip)= b36014d775b406e8854257703db3ff3da50af516 SHA1(install.jar)= dcd7db8cb1ce02e943f0b70748c89a5402bb909f -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQacPORpxS9rYd+OGEQLkGwCeM9NoB0+Y+ZlR47M6Bw6CLnpU3CEAoPL9 8LEroK97mv2Yvkh2sTHMODLc =W6Tg -----END PGP SIGNATURE----- _______________________________________________ i2p mailing list i2p(a)i2p.net http://i2p.dnsalias.net/mailman/listinfo/i2p ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature]

1 0

EDRi-gram newsletter - Number 9.10, 18 May 2011
by EDRI-gram newsletter 06 Jul '18

06 Jul '18

============================================================ EDRi-gram biweekly newsletter about digital civil rights in Europe Number 9.10, 18 May 2011 ============================================================ Contents ============================================================ 1. EU and China adopt harmonised approach to censorship 2. Data retention in EU Council Meeting 3. Belgium Senate deletes the repressive part of the three strikes draft law 4. Dutch ISPs admit to using deep packet inspection 5. CoE refuses to start investigation on biometrics 6. Ireland adopts innovation agenda on intellectual property 7. UK police has bought surveillance software to track online movements 8. Google found guilty in Belgium for newspapers' copyright infringement 9. Privatised enforcement series E: Online trading platforms sell out 10. CFP 2011 Conference to address the Future of Technology and Human Rights 11. ENDitorial: RFID PIA: Check against delivery 12. Recommended Action 13. Recommended Reading 14. Agenda 15. About ============================================================ 1. EU and China adopt harmonised approach to censorship ============================================================ The European Union and China appear to have agreed to share their preferred approaches to censorship, producing a model that is a perfect mix between current EU and Chinese policies. On 20 April 2011, at an event in the European Parliament entitled "Creative Industries: Innovation for Growth", the French European Commissioner for the Internal Market, Michel Barnier, announced plans to make focus on Internet providers to enforce intellectual property. He explained that he did not want to "criminalise" consumers and therefore would put the pressure on online intermediaries (who will then police and punish the consumers instead). Eight days later, on 28 April, the Beijing Copyright Bureau decided to follow exactly the same model. In its "Guiding Framework for the Protection of Copyright for Network Dissemination," it proposes a range of obligations on Internet intermediaries such as: -180-day data retention for the name and IP address of users, if the intermediary provides file-sharing or hosting services. This is fractionally more liberal than the most liberal approach permitted by the European Commission, which requires data retention for a minimum of six months; - deterring and restraining (sic) those who upload unlicensed material, including terminating the offending users' service (as appears in the preparatory works of the ACTA agreement, supported by the EU) and also reporting these infringing acts to copyright law enforcement authorities; - employing "effective technical measures to prevent users uploading or linking to copyrighted works" (as supported by the EU in its input to the European Court of Justice in the Scarlet/Sabam case (C-70/10). While the developments in relation to copyright show China's willingness to learn from the EU's planned repressive measures, the traffic is not entirely one-way, as shown by the recent revelations on the Hungarian Presidency's "virtual Schengen" proposal. In 2008, the French EU Presidency developed plans for a "Cybercrime Platform" to be run by Europol, as a means of collecting reports of illicit/unwanted content from across Europe, acting as an "information hub" with the reasonably obvious intention of a harmonised approach to blocking web content. This approach was further developed in the Internal Security Strategy from 2010, which said ominously that "while the very structure of the internet knows no boundaries, jurisdiction for prosecuting cybercrime still stops at national borders. Member States need to pool their efforts at EU level. The High Tech Crime Centre at Europol already plays an important coordinating role for law enforcement, but further action is needed." The European Commission immediately took the initiative and offered funding for projects that supported "the blocking of access to child pornography or blocking the access to illegal Internet content through public-private cooperation" - expanding blocking both to content of any kind and to extra-judicial blocking, in contravention of the European Convention on Human Rights and the EU Charter of Fundamental Rights. As a result, European police forces were given a grant of 324 059 Euro to lobby for blocking in the EU. All of these developments have now led to the proposal for a "Great Firewall of Europe", as demonstrated by an EU Council presentation published this week by EDRi. This would harmonise the EU's approach to content that it wished to stop at the EU's borders, following the same logic as the "Great Firewall of China" which censors unwanted content from outside China's jurisdiction. Ironically, both the European Commission and Council of Ministers are now claiming that such a blocking plan was never the intention and are distancing themselves from the proposal - even to the point of rewriting the minutes of the meeting where the proposal was discussed. In summary, therefore, the EU/China internal policy on censorship will be based on the European model of censorship by proxy, whereby Internet intermediaries undertake the work. For unwanted traffic from outside the EU, the Chinese model of a "virtual border" is being pushed forward, despite recent protestations of innocence from the EU institutions. Hungarian presidency rewriting of history of meeting http://register.consilium.europa.eu/pdf/en/11/st07/st07181-co01.en11.pdf Virtual Schengen documents released by EU Council (12.05.2011) http://www.edri.org/virtual_schengen Commission input to ECJ on Scarlet/Sabam (only in French, 13.01.2011) http://www.mlex.com/itm/Attachments/2011-01-13_1B8G0W13A97M04RY/C70_10%20FR… ACTA Draft: No Internet for Copyright Scofflaws (24.03.2010) http://www.wired.com/threatlevel/2010/03/terminate-copyright-scofflaws/ EU Internal Security Strategy http://www.consilium.europa.eu/uedocs/cms_data/docs/pressdata/en/jha/113055… French Presidency work programme http://www.eu2008.fr/webdav/site/PFUE/shared/ProgrammePFUE/Programme_EN.pdf EU Communication: Internal Security Strategy (22.11.2010) http://www.statewatch.org/news/2010/nov/eu-com-internal-security-strategy-n… Chinese copyright office: Guiding Framework on the Protection of Copyright for Network Dissemination (28.04.2011) http://www.r2g.net/english/english_news_article_1004.htm EU information management instruments (20.07.2010) http://europa.eu/rapid/pressReleasesAction.do?reference=MEMO/10/349&type=HT… Council and Commission distance themselves from blocking plans (only in German, 16.05.2011) http://www.spiegel.de/netzwelt/netzpolitik/0,1518,762783,00.html Commission funding - ISEC 2010 action grants http://bit.ly/mE9noz (Contribution by Joe McNamee - EDRi) ============================================================ 2. Data retention in EU Council Meeting ============================================================ The EU Council Working Group of Justice and Home Affairs had a first discussion on 12 May 2011 on the European Commission implementation report on the data retention directive. The Commission agreed that the implementation has been uneven, both in terms of retention periods, as well as in respecting data protection principles. The working group discussed issues related to a common definition of "organised crime", that was opposed by some, on the basis of infringing the rights of Member States to govern their own affairs on entirely internal processes ("subsidiarity"). This was just a preliminary discussion, where some member states claimed that data retention was necessary, favouring a two year retention period. Only a few countries brought forward the idea of the "quick freeze" as an alternative solution. The next schedule presented by the Commission includes several public meetings, the first with civil society on 8 June 2011. After that, the impact assessment should be finalized after the Summer and, by the end of 2011, the European Commission wishes to present its proposal to amend the data retention directive. Press release: 3085th Council meeting - Justice and Home Affairs (12.05.2011) http://www.consilium.europa.eu/uedocs/NewsWord/en/jha/121967.doc EDRi-gram: Top 10 misleading statements of the European Commission on data retention (20.04.2011) http://www.edri.org/edrigram/number9.8/data-retention-evaluation ============================================================ 3. Belgium Senate deletes the repressive part of the three strikes draft law ============================================================ The Belgium version of the French Hadopi three strikes law was significantly changed by the Commission of Finance and Economical Affairs (COMFINECO) of the Belgium Senate during a hearing organised on 11 May 2011 on copyright and Internet. The proposal, initially submitted in 2010 and re-tabled at the beginning of 2011, was amended by the removal of a series of articles which actually referred to the three strikes system. NURPA (the Net Users' Rights Protection Association) warns that the proposed law, although amputated, still raises certain concerns and draws the attention especially to article 12 which "requires the settling of agreement between private actors and allows the limitation of the Internet user's freedom of usage". The article stipulates that the agreement signed with the ISPs "determines the limits and conditions under which a user that has access to a public online communication service can use it to exchange works protected by copyright or related right(s)." Inspired also by the French Hadopi law, the proposed Belgium law introduces the creation of a Council for the protection of copyright on the Internet that would have as its main task to establish a list of legal offers. It is not clear which criteria will be used to determine what offers will be legal and which will be the means to keep such a list updated and complete. "Instead of seeing the Internet as an opportunity to reduce the number of intermediaries between the public and the artists, the text only continues to place the copyright collective societies in the centre of the revenue perception. There are innovating initiatives and a freedom of artistic distribution that should be encouraged rather than playing in the hands of the private societies" stated Daniel Faucon, spokesperson for NURPA. Two contradictory opinions also marked the COMFINECO hearing, one according to which the service providers would incite to illegal downloading and therefore should be made responsible and a second one that is closer to net neutrality, meaning that the service providers should not be held accountable for the content exchanged on the Internet. The Belgium HADOPI amputated in its repressive part (only in French, 12.05.2011) http://nurpa.be/actualites/2011/05/HADOPI-belge-amputee-partie-repressive.h… The Belgium Hadopi is buried, but filtering is not (only in French, 12.05.2011) http://www.numerama.com/magazine/18776-la-hadopi-belge-est-enterree-mais-pa… EDRi-gram: Four strikes law returns to Belgium (9.05.2011) http://www.edri.org/edrigram/number9.5/belgium-four-strikes-law-returns ============================================================ 4. Dutch ISPs admit to using deep packet inspection ============================================================ During an investors day on 10 May 2011 in London, Dutch Internet service provider KPN admitted to using deep packet inspection (DPI) technology, to determine the use of certain applications by its mobile internet customers. Vodafone soon followed with an announcement that it used this technology for traffic shaping. The Dutch minister of Economic Affairs within days announced an investigation into KPN's practices and promised to publish the results within two weeks. The recent revelations come after Dutch telecom giant KPN announced that it will start charging mobile internet users extra for the use of certain applications, such as internet telephony. This is a hot topic in The Netherlands, as net neutrality rules will soon be discussed in the Dutch parliament. Dutch digital rights organisation Bits of Freedom is concerned that the application of DPI by KPN is a violation of the Dutch law and called for customers to lodge a complaint with the public prosecutor. Article on use of DPI by KPN (12.05.2011) http://webwereld.nl/nieuws/106656/kpn-luistert-abonnees-af-met-deep-packet-… Press release Bits of Freedom (12.05.2011) https://www.bof.nl/2011/05/12/persbericht-bits-of-freedom-roept-kpn-abonnee… (contribution by Ot van Daalen - EDRi-member Bits of Freedom, Netherlands) ============================================================ 5. CoE refuses to start investigation on biometrics ============================================================ In an answer to the 31 March 2011 petition calling the Council of Europe (CoE) to start an in-depth survey under Article 52 of the European Convention on Human Rights, Thorbjxrn Jagland, the Secretary General of the CoE refused to start an investigation on the collection and storage of citizens' biometric data by member states. In his answer, Secretary General Jagland mainly points to the CoE Resolution 1797, adopted in March 2011. He does stress the need to take steps to ensure that relevant existing legal frameworks, including European data protection Convention 108, be enhanced and modernised. However, the Secretary General doesn't explain his refusal to investigate the legality of the current national biometric schemes. Instead, Mr. Jagland refers to various other Council of Europe bodies, such as the Parliamentary Assembly, the commissioner for Human Rights and the Consultative Committee of Convention 108. In a first reaction to the response from Strasbourg, an alliance spokesperson said: "The lack of protection of citizens rights against government use of biometrics is stunning. Moreover, the digital fingerscan technique itself is immature. For example a government test in the Netherlands, published after our petition, showed biometric verification failure rates of 21%. A test by the mayor of the city of Roermond revealed that for no less than one in every five persons collecting travel documents, the initial fingerprint scan had been so bad that it wasn't verifiable. So how can you ever reach the goals of the Passport Laws by storing these on the document chip? This confirms once again that an in-depth survey has to be conducted soon on whether the human rights guarantees and conditions of necessity (effectiveness, proportionality, subsidiarity and safety guarantees) set by the European Convention on Human Rights and the data protection Convention are indeed upheld in the countries involved." The more than 80 petition signatories from 27 countries, including EDRi, include - among others - digital, civil and human rights defenders, media, legal and medical organisations, academia, politicians and personal victims without a passport because of objections involving the biometric storage. Petition to Council of Europe on government use of citizens biometrics (updated on 12.05.2011) https://www.privacyinternational.org/article/petition-council-europe-govern… Answer of Council of Europe (29.04.2011) http://yfrog.com/z/h4yfwslj EDRi-gram: NGOs ask CoE to investigate government collection of biometrics (6.04.2011) http://www.edri.org/edrigram/number9.7/petition-coe-biometrics ============================================================ 6. Ireland adopts innovation agenda on intellectual property ============================================================ Richard Bruton, the Irish Minister for Enterprise, Jobs and Innovation, said that he was determined that the Irish government should make whatever changes were necessary to allow innovative digital companies to reach their full potential in Ireland. He said that some companies have complained that the current copyright legislation did not cater well for the digital environment and created barriers to innovation and to the establishment of new business models. For this reason, he has proposed research into how the current copyright law could be amended in such a way so that it would foster innovation. In order to achieve the aforementioned goal, Mr Bruton set up the Copyright Review Committee which, in the words of the Department of Enterprise, Trade and Innovation, has the following tasks: (1) Examine the present national copyright legislation and identify any areas that are perceived to create barriers to innovation; (2) Identify solutions for removing these barriers and make recommendations as to how these solutions might be implemented through changes to national legislation; (3) Examine the US style "fair use" doctrine to see if it would be appropriate in an Irish/EU context; (4) If it transpires that national copyright legislation requires to be amended but cannot be amended, (bearing in mind that Irish copyright legislation is bound by the European Communities Directives on Copyright and Related Rights and other international obligations) make recommendations for changes to the EU Directives that will eliminate the barriers to innovation and optimise the balance between protecting creativity and promoting and facilitating innovation. After completing these four tasks, the Copyright Review Committee will present a Report to the Government with a set of recommendations for legislative change. The Review will start with a consultation. All interested parties are invited to submit their views for inclusion in the review. The Chair of the Review Committee will be Dr. Eoin O'Dell of Trinity College, Dublin. The other members of the Review Committee will be Professor Stephen Hedley (University College Cork) and Ms. Patricia McGovern (DFMG Solicitors). The deadline for sending submissions is the end of June 2011. Consultation on the Review of the Copyright and Related Rights Act 2000, Department of Enterprise, Trade and Innovation of Ireland (09.05.2011) http://www.deti.ie/science/ipr/copyright_review_2011.htm Radical copyright law reform to boost Ireland's digital economy?(09.05.2011) http://siliconrepublic.com/new-media/item/21695-radical-copyright-law-refor (Contribution by Daniel Dimov - intern at EDRI) ============================================================ 7. UK police has bought surveillance software to track online movements ============================================================ Civil liberties groups have shown great concern about the UK Metropolitan police force's possible use of Geotime surveillance software that can map nearly every move in the digital world of "suspect" individuals. The Geotime security programme, that has recently been purchased by Britain Metropolitan Police, is used by the US military and is able to show an individual's movements and communications with other people on a three-dimensional graphic. It can be used to put up information gathered from social networking sites, satellite navigation equipment, mobile phones, financial transactions and IP network logs, creating a 3D graphic of correlations between actions, people and places. The use of such a tool is seen as a threat to personal privacy. Alex Hanff, the campaigns manager at Privacy International, showed concern that by the aggregation of "millions and millions of pieces of microdata, a very high-resolution picture of somebody" might be obtained. This could also be used by the government and police "for the benefit of commercial gain," and therefore, asked the UK police to explain who would decide how this software will be used in the future. "This latest tool could also be used in a wholly invasive way and could fly in the face of the role of the police to facilitate rather than impede the activities of democratic protesters," said Sarah McSherry, a partner at Christian Khan Solicitors, representing several protesters in cases against the Metropolitan police. Daniel Hamilton, director of the Big Brother Watch privacy blog, stated for ZDNet UK that "the ability to build up such a comprehensive record of any person's movements represents a significant threat to personal privacy." According to Geotime's website, the programme displays data from various sources, allowing the user to navigate the data with a timeline and animated display and the links between entities "can represent communications, relationships, transactions, message logs etc and are visualised over time to reveal temporal patterns and behaviours." The representatives of The Metropolitan police stated it was "in the process of evaluating the Geotime software to explore how it could possibly be used to assist us in understanding patterns in data relating to both space and time" and that it had not yet taken a final decision on whether the software would be adopted permanently. A spokesperson from the Ministry of Defence said the software was also under investigation by the ministry. This comes at a time when data retention has become a main issue of discussion being increasingly challenged and criticised and as the UK already exercises a high level of surveillance of individuals' online activities. According to the Guardian, Catt, an 86-year-old man without any criminal record, has recently been granted permission to sue a secretive police unit for having kept, on a clandestine database, a detailed record of his presence at more than 55 peace and human rights peaceful protests over a four-year period. The respective unit has been compiling a huge, nationwide database of thousands of protesters for more than ten years already. The police claims the unit only monitors so-called "domestic extremists" (which in Catt's case is a very exaggerated statement) and that the "minor" surveillance of Catt was a "part of a far wider picture of information which it is necessary for the police to continue to monitor in order to plan to maintain the peace, minimise the risks of criminal offending and adequately to detect and prosecute offenders". Police buy software to map suspects' digital movements (11.05.2011) http://www.guardian.co.uk/uk/2011/may/11/police-software-maps-digital-movem… Metropolitan Police trials GeoTime tracking software (12.05.2011) http://www.zdnet.co.uk/news/security-management/2011/05/12/metropolitan-pol… Privacy storm after police buy software that maps suspects' digital movements (12.05.2011) http://www.dailymail.co.uk/sciencetech/article-1386191/Privacy-storm-police… Protester to sue police over secret surveillance (3.05.2011) http://www.guardian.co.uk/uk/2011/may/03/protester-sue-police-secret-survei… ============================================================ 8. Google found guilty in Belgium for newspapers' copyright infringement ============================================================ Google lost its appeal in front of the Belgian appeals court which upheld an earlier ruling, having found the company guilty of infringing the copyright of newspapers, in the case introduced in 2006 by Copiepresse. In 2006, Copiepress, an agency acting for newspapers, sued Google for allegedly infringing the copyright of newspapers when linking, on its Google News service, to content from newspaper websites or copies of sections of stories. A Belgian judge ruled that Google had to remove all the content referring to Belgian newspaper stories from its services and the Court of First Instance in Belgium upheld that ruling in February 2007. Google appealed the decision and argued that Google News was fully consistent with applicable copyright laws and considered that US law should have applied in the case because the company posts the articles of the Belgian sites from the US. However, the court, based on the Berne Convention, estimated that only the Belgian law could be applicable and that the distribution through the Google.be website of works that are protected by copyright in Belgium was illegal and that it did not matter that the posts were made automatically by robots from abroad. The court also estimated that one didn't need to read the entire article to understand the information posted by Google, that Google News could not be assimilated with press review and it infringed the paternity right by not mentioning the name of the author. The court's decision asked Google to remove all links to material from Belgian newspapers in French (the rulings do not apply to Flemish newspapers). Failing to comply with the court's decision may bring Google a fine of about 25 000 Euro per day. "References with short titles and direct links to the sources is not only legal, but also encourages the users to read the online newspapers" stated Al Verney, spokesperson for Google. While Copiepress welcomes the decision, Google reminded the agency that it is not the only search engine making reference to online contents but that actually, this is common practice with most search engines. It also seems Google wants to bring the case to a higher court. Google infringes copyright when its services link to newspaper sites, Belgian court rules (10.05.2011) http://www.out-law.com/default.aspx?page=11911 Court's decision (only in French, 5.05.2011) http://copiepresse.be/Copiepresse5mai2011.pdf Google Busted for Copyright Violation in Belgium (7.05.2011) http://www.pcworld.com/article/227379/google_busted_for_copyright_violation… Copiepresse press release (only in French, 5.05.2011) http://www.copiepresse.be/Communique%20de%20presse%20condamnation%20Google.… Google loses the Copiepresse case in appeal (only in French, 9.05.2011) http://datanews.rnews.be/fr/ict/actualite/apercu/2011/05/09/google-perd-le-… New condemnation of Google News in Belgium (only in French, 9.05.2011) http://lexpansion.lexpress.fr/high-tech/nouvelle-condamnation-de-google-new… EDRi-gram: Belgium court backs decision against Google (14.02.2007) http://www.edri.org/edrigram/number5.3/google-belgium ============================================================ 9. Privatised enforcement series E: Online trading platforms sell out ============================================================ In a bizarrely designed document, looking like a mix between a wedding invitation and an accident in a blue ink factory, leading online retailers Amazon, eBay and Priceminister have sold out the interests of their consumers in a "memorandum of understanding" with a range of luxury goods and copyright groups. In return, they have received a non-binding commitment not to be sued by the rightsholders for twelve months. Under the agreement, the Internet platforms agree to take responsibility "to assess the completeness and validity of " reports from rightsholders of counterfeit goods being sold through their services and, based on this extra-judicial notice, not only to remove the listings of the alleged counterfeit material but also to take "deterrent measures against such sellers". Furthermore, for reasons that are not explicitly explained, Internet platforms will receive lists of words "commonly used for the purpose of offering for sale of 'obvious' counterfeit goods" which they will "take into consideration". Up to the limits imposed by data protection law, "Internet Platforms commit to disclose, upon request, relevant information including the identity and contact details of alleged infringers and their user names". On the other side, the rightsholders undertake to make requests for personal information "in good faith" and in accordance with the law. With regard to sellers who are adjudged by the online retailer to have repeatedly broken the law, the Internet platforms undertake to "implement and enforce deterrent repeat infringer policies, according to their internal guidelines" including temporary or permanent suspension of the seller. These deterrent measures are to be implemented taking into account a number of factors, including the "apparent intent of the alleged infringer". The policing by the Internet platforms will, in turn, be policed by the rightsholders who, subject to data protection law "commit to provide information to Internet Platforms concerning those sellers they believe to be repeat infringers and commit to provide feedback to Internet Platforms on the effectiveness of Internet Platforms' policies regarding repeat infringers (e.g. if rights owners feel that there has been a failure to take measures against a repeat infringer). In the entire document, which consists of 47 paragraphs, just one is devoted to the enforcement of the law by law enforcement authorities. Memorandum of Understanding (4.05.2011) http://ec.europa.eu/internal_market/iprenforcement/docs/memorandum_04052011… (Contribution by Joe McNamee - EDRi) ============================================================ 10. CFP 2011 Conference to address the Future of Technology and Human Rights ============================================================ The 21st Annual Computers Freedom and Privacy Conference (CFP 2011) will be held on 14 - 16 June 2011 in Washington DC, USA, at the Georgetown University Law Center. CFP conferences traditionally look at the technology and policy space with an eye toward predicting what innovation might bring in relation to human rights. It is a yearly gathering of activists, thinkers, government, legislative, NGOs, business to discuss differing views on controversial issues related to technology and policy. The conference is open to the general public. "The Future is Now" is the theme of this year conference. Participants will address emerging issues such as the role of social media in the democracy movement in the Middle East and North Africa; technology and social media to support human rights; the impact of mobile personal computing technology on freedom and privacy; smart grid, e-health records, consumer location-based advertising. cybersecurity, cloud computing, net neutrality, federated ID, ubiquitous surveillance. The program is structured around three days, with the 1st day dedicated to privacy issues, the second to human rights and Freedoms, and the third to computing and technology. A particular effort has been undertaken this year to increase the international scope of the conference. Keynote addresses will be given daily by prominent speakers, including Alessandro Acquisti (CMU), Mona Altahawy (Columnist), Dannah Boyd (Microsoft), Agnhs Callamard (Article 19), Cameron Kerry (US DoC), Edith Ramirez (FTC Commissioner), Bruce Schneir (BT). EDRi is involved both in the organization and in the participation to this event through representatives of its members and observers. Meryem Marzouki (France) chairs the 'Human Rights and Freedom' day program subcommitte, and will be moderating a session on "MENA Beyond Stereotypes: Technology of Good and Evil Before, During and After Revolutions". Katarzyna Szymielewicz (Poland), Ralf Bendrath (Germany), Cedric Laurent (Belgium), and others will address "The Global Challenge of Mandatory Data Retention Schemes". European issues and persectives will also be highlighted during the session on "A Clash of Civilizations: The EU and US Negotiate the Future of Privacy", with the participation of Jan Philipp Albrecht, German MEP. Together with the many other panels on currently hot issues in Europe, such as the debate on technical intermediaries immunity or liability or the impact on minorities and migrants of airport security measures and PNR data collection, these sessions promise a very exciting conference this year. All about CFP 2011 - Program, Speakers, Committee, Registration (14-16.06.2011) http://www.cfp.org/2011 (contribution by Meryem Marzouki - EDRi) ============================================================ 11. ENDitorial: RFID PIA: Check against delivery ============================================================ In the context of the Hungarian Presidency of the European Council, the European Commission and the Hungarian Innovation Office jointly organised the IoT 2011 conference on the Internet of Things, earlier this week. One of the main sessions was devoted to privacy and data protection in the IoT age. The main points of the presentations in this session included the high importance of technology design for any form of Internet regulation (with reference to Lessig's "Code is law"), the need for a reduction of bureaucracy in data protection and the importance of accurate information on the consequences of IoT applications for individuals' privacy. The experts stressed that it was important to maintain the existing data protection principles also in an IoT age and that commercial competition must not take place at the cost of reduced data protection standards. Risk assessments like the RFID Privacy Impact Assessment (PIA) were mentioned as an important tool that also enables end users (the data subjects) to take informed decisions regarding the processing of their personal data. RFID and PIAs also became a topic during the Questions and Answers of the following session, where Christian Plenge, Head of Architecture, Frameworks & Innovation at METRO Systems GmbH (a company of one of the worlds largest retailers, Metro Group), informed the audience that Metro had decided to leave RFID tags on their products active after the point of sale and to offer their customers the possibility to deactivate the tags on request. An option which, according to Mr. Plenge, was only chosen once so far, when a data protection group was given a tour in an RFID-equipped store. This statement is of particular interest as the European Commission's recommendation on RFID data protection suggests at points 11 and 12, that retailers deactivate or remove RFID tags at the point of sale unless consumers give their informed consent or a PIA concludes that the tags do not represent a likely threat to privacy or the protection of personal data. When being asked by EDRi if his statements could be understood that way that Metro Group has decided not to follow the European Commissions recommendation, Mr. Plenge said that the PIA they had conducted had concluded that there was no likely threat to privacy or the protection of personal data and that their activities were therefore in line with the EC recommendation. This view is also promoted on the website of Metro's Future Store Initiative, which claims that Metros RFID use is "in full compliance with existing provisions" and that their "transponders, ..., do not store any personal consumer information". The Electronic Product Code (EPC; which is a worldwide unique identifier) would only refer to product and process information and "(p)ersonal data is neither disseminated nor stored". For an audience not familiar with the data protection problems of RFID applications and the discussions in the European Commission's RFID Expert Group and elsewhere, this statement might be convincing at first sight. The fact is however, that the question whether unique identifiers stored on RFID tags constitute personal data or not, has been discussed at length at various occasions and that Metro was well involved in these debates. As a result of these debates - and of the process leading to the RFID PIA framework - the answer to this question formally given in not one but actually two working papers of the Article 29 Working Party (WP175 and WP180): "... when a unique identifier is associated to a person, it falls in the definition of personal data set forth in Directive 95/46/EC, regardless of the fact that the 'social identity' (name, address, etc.) of the person remains unknown (i.e. he is 'identifiable' but not necessarily 'identified')." (WP175, p. 8) In the case of Metro's RFID use, this means that Metro - contrary to their public statements - is in fact processing personal data of their customers (the EPCs) and that Metro puts the personal data of their customers at risk (which e.g. could be tracked by third parties without their knowledge) by not deactivating the RFID tags at the point of sale and not taking any other measures to mitigate the risks (at least as far as we know from Mr. Plenge and the above mentioned corporate website). Mr. Plenge's statement at the European Commission's IoT 2011 conference is of particular importance as it was made several weeks after European Commission Vice President Neelie Kroes, representatives of the European RFID industry, the chairman of the Article 29 Data Protection Working Party and the executive director of ENISA formally signed the RFID Privacy Impact Assessment Framework as a tool of industry self regulation for data protection compliant RFID applications. Before the signing ceremony took place, this framework was formally endorsed by the Art. 29 Working Party with working paper 180, in which the Working Party reconfirmed their above mentioned statement on unique identifiers being personal data. Mr. Plenge's statement that, besides the visit of a data protection group, none of their customers ever requested that RFID tags on products should be deactivated, highlights the drawback of opt-out regimes. Most of the customers of retail stores are not data protection or RFID experts but ordinary citizens. They need to trust the retailers to be given accurate information and cannot base their shopping habits on general suspicion. Therefore consumers are not aware of any threats to their privacy and expect to have their personal data protected by default. It is therefore not a lack of interest but a lack of knowledge that leads to this total of zero deactivated RFID tags. That it is not possible to sufficiently inform consumers about the data protection risks of RFID applications at the point of sale was - by the way - often claimed by industry representatives in the past couple of years of RFID data protection discussions. This is one of the reasons why EDRi always advocated for an opt-in regime instead of an opt-out one. This current example of Metro Group's strategy is not only important because this company is one of the worlds largest retailers, the actions of which affect the data protection rights of a large number of individuals, but also because it gives an example of the practical value of self regulation tools like the RFID PIA framework. In our EDRi-gram article on the signing ceremony we wrote amongst others: "The RFID PIA Framework is an important milestone on the way to the implementation of privacy friendly RFID applications. Now it is important that industry quickly but thoroughly implements the PIA in practice." As the Metro example suggests it is the word "thoroughly" that needs to be emphasised in this statement. At Point 20 of the RFID recommendation, the European Commission announced that it would "provide a report on the implementation of this Recommendation, its effectiveness and its impact on operators and consumers," in particular as regards the measures recommended for RFID applications used in the retail trade, before the end of May 2012. In our view, it is important to make sure that global players like Metro Group are as well covered by this report as small and medium sized RFID operators, as their level of adoption not only affects a large number of individuals but also predetermines the level of compliance of the whole industry. Point 5 of the RFID recommendation suggests that RFID operators make the results of their privacy impact assessments available to the competent authorities (the national data protection authorities; DPAs) at least six weeks before the deployment of the application. EDRi calls on the national DPAs, the European Data Protection Supervisor and the Article 29 Working Party to make a meaningful use of this opportunity by at least checking if the PIA was conducted on the basis of a correct definition of personal data and by providing statistics about how many PIA reports were made available to them, in which member states, and by which industries. EDRi is well aware that this request comes at a time when most DPAs suffer from a lack of funding, staff and time. But we think that it is very important - also for the future use of such tools in other areas - to ensure that privacy risk assessments are carried out properly. The RFID PIA Framework is an important milestone but we need to check against delivery. IoT 2011 http://www.iot-budapest.eu/ EDRi-gram 9.7: RFID Privacy Impact Assessment Framework formally adopted (6.04.2011) http://www.edri.org/edrigram/number9.7/rfid-pia-adopted-eu EC recommendation (12.05.2009) http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2009:122:0047:00… Metro Group Future Store Initiative: Privacy at METRO GROUP (last accessed on 18.05.2011) http://www.future-store.org/fsi-internet/html/en/1674/index.html Opinion 5/2010 on the Industry Proposal for a Privacy and Data Protection Impact Assessment Framework for RFID Applications (13.07.2010) http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2010/wp175_en.pdf Opinion 9/2011 on the revised Industry Proposal for a Privacy and Data Protection Impact Assessment Framework for RFID Applications (11.02.2011) http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2011/wp180_en.pdf http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2011/wp180_annex_e… (Contribution by Andreas Krisch - EDRi) ============================================================ 12. Recommended Action ============================================================ European Commission: Public Consultation on Cloud Computing Deadline: 31 August 2011 http://ec.europa.eu/yourvoice/ipm/forms/dispatch?form=cloudcomputing&lang=en ============================================================ 13. Recommended Reading ============================================================ UK: A review of Intellectual Property and Growth - An independent report by Ian Hargreaves (05.2011) http://www.ipo.gov.uk/ipreview.htm http://www.thepublicdomain.org/2011/05/18/the-hargreaves-review-is-publishe… Demonstrators take to streets across Turkey to protest Internet bans (15.05.2011) http://www.todayszaman.com/newsDetail_getNewsById.action?newsId=244062 ============================================================ 14. Agenda ============================================================ 30-31 May 2011, Belgrade, Serbia Pan-European dialogue on Internet governance (EuroDIG) http://www.eurodig.org/ 2-3 June 2011, Krakow, Poland 4th International Conference on Multimedia, Communication, Services and Security organized by AGH in the scope of and under the auspices of INDECT project http://mcss2011.indect-project.eu/ 3 June 2011, Florence, Italy E-privacy 2011 and Big Brother Awards 2011 http://e-privacy.winstonsmith.org/ 4-5 June 2011, Bonn, Germany PolitCamp 2011 http://11.politcamp.org 12-15 June 2011, Bled, Slovenia 24th Bled eConference, eFuture: Creating Solutions for the Individual, Organisations and Society http://www.bledconference.org/index.php/eConference/2011 14-16 June 2011, Washington DC, USA CFP 2011 - Computers, Freedom & Privacy "The Future is Now" http://www.cfp.org/2011/wiki/index.php/Main_Page 11-12 July 2011, Barcelona, Spain 7th International Conference on Internet, Law & Politics (IDP 2011): Net Neutrality and other challenges for the future of the Internet http://edcp.uoc.edu/symposia/lang/en/idp2011/?lang=en 24-30 July 2011, Meissen, Germany European Summer School on Internet Governance 2011 http://www.euro-ssig.eu/ 27 - 30 October 2011, Barcelona, Spain Free Culture Forum 2011 http://fcforum.net/ ============================================================ 15. About ============================================================ EDRi-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRi has 28 members based or with offices in 18 different countries in Europe. European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRi-grams. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and are visible on the EDRi website. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 3.0 License. See the full text at http://creativecommons.org/licenses/by/3.0/ Newsletter editor: Bogdan Manolea <edrigram(a)edri.org> Information about EDRI and its members: http://www.edri.org/ European Digital Rights needs your help in upholding digital rights in the EU. If you wish to help us promote digital rights, please consider making a private donation. http://www.edri.org/about/sponsoring - EDRI-gram subscription information subscribe by e-mail To: edri-news-request(a)edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. Unsubscribe by e-mail To: edri-news-request(a)edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/edri/2.html - EDRI-gram in German EDRI-gram is also available in German, with delay. Translations are provided Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users http://www.unwatched.org/ - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask <edrigram(a)edri.org> if you have any problems with subscribing or unsubscribing. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

[RISKS] Risks Digest 26.66
by RISKS List Owner 06 Jul '18

06 Jul '18

RISKS-LIST: Risks-Forum Digest Tuesday 6 December 2011 Volume 26 : Issue 66 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/26.66.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Civilian Use of Drone Aircraft May Soon Fly In the US (W. J. Hennigan) Underpublicized risks of mobile devices (Valdis Kletnieks) Comedy of Errors Led to False "Water Pump Hack" Report (Kim Zetter via Lauren Weinstein) GCHQ code-cracking challenge "cracked" -- by a Google search! (Robert Meineke) Ongoing large-scale distributed SSH brute-force attack (Jonathan Kamens) Skype flaw reveals users' location, file-downloading habits (Joan Goodchild via Monty Solomon) "Security researchers say HP printers vulnerable to hackers" (Gene Wirchenko) HP printers can be remotely controlled and set on fire, researchers claim (Jon Brodkin via Monty Solomon) The risks of information sharing? (Steven Bellovin) Exam Cheating on Long Island Hardly a Secret (Anderson/Applebome) Apple iTunes ... Trojan horse that gives governments access to your computer and files (Gordon Peterson) Sneaky Mobile Ads Invade Android Phones (Tom Spring via Monty Solomon) "Carrier IQ: The Sony rootkit all over again" (Robert X. Cringely) "CarrierIQ" on various mobile handsets (Android Security Test) Re: Carrier IQ May Have Violated Wiretap Law In Millions Of Cases (Declan McCullagh) "Carrier IQ and Facebook pose the least of your privacy threats" (Galen Gruman) AT&T, Sprint, T-Mobile admit to using Carrier IQ; Apple says it doesn't anymore (Lauren Weinstein) Re: Cybersecurity Requires Patches, Not a Vast Bill (Martyn Thomas) Re: Complexity (Bob Frankston) Abridged info on RISKS (comp.risks) ----------------------------------------------------------------------

1 0

EDRi-gram newsletter - Number 10.6, 28 March 2012
by EDRI-gram newsletter 06 Jul '18

06 Jul '18

============================================================ EDRi-gram biweekly newsletter about digital civil rights in Europe Number 10.6, 28 March 2012 ============================================================ Contents ============================================================ 1. EU-US PNR Agreement: A bad day for civil liberties in Europe 2. EU-US joint commitments on privacy and protection of personal data 3. France: Biometric ID database found unconstitutional 4. ICANN will cooperate in taking down websites for copyright infringements 5. CoE's Internet Governance strategy places emphasis on users' rights 6. New German court decision on traffic filtering 7. Italy: Problematic Internet blocking decision against fraudulent website 8. ENDitorial: European Parliament defends itself and democracy from ACTA 9. Recommended Action 10. Recommended Reading 11. Agenda 12. About ============================================================ 1. EU-US PNR Agreement: A bad day for civil liberties in Europe ============================================================ On 27 March 2012, the Civil Liberties (LIBE) Committee of the European Parliament decided to back the new air passenger data deal with the United States. In her recommendation, the Dutch Liberal MEP Sophie in 't Veld called on her colleagues to reject it. However, to her regret, the LIBE Committee has endorsed the Agreement despite inadequate legal safeguards. EDRi had repeatedly pointed out the serious flaws of the Agreement to the Parliamentarians in the LIBE Committee. The new text does not only severely undermine fundamental rights but also largely ignores the criteria set by the European Parliament itself. In its resolutions of May and November 2010, Parliamentarians asked for a reduction of the retention period, for "push" only as a method of transfer and for a clear prohibition of profiling - none of these conditions have been met in the new Agreement. The Commission has neither provided evidence that the collection, storage and processing of personal data is proportionate at all, let alone why it appears to believe that 15 years of data retention are necessary and proportionate. Furthermore, the proposed Agreement does not provide for sufficient protections and rights for citizens. According to the revised Agreement, any individual is entitled to "request" their PNR data from the US Department of Homeland Security (DHS). However, since the Agreement does not address what citizens are entitled to receive an answer, the DHS can decline this request. Moreover, the DHS has decided that its use of PNR data is exempt from the Privacy Act even for U.S. citizens. In the upcoming plenary vote MEPs now have to either defend fundamental rights and European citizens' right to privacy and reject the Agreement - or undermine the Parliament's own credibility and vote in favour of the deal. EDRi comments on the US air passenger data deal (2012) http://edri.org/files/2012EDRi_US_PNRcomments.pdf Opinion of the European Data Protection Supervisor (9.12.2011) http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consu… Article 29 Data Protection Working Party letter to LIBE on PNR (6.01.2012) http://ec.europa.eu/justice/data-protection/article-29/documentation/other-… (contribution by Kirsten Fiedler - EDRi) ============================================================ 2. EU-US joint commitments on privacy and protection of personal data ============================================================ At the 28 November 2011 EU-US Summit, President Obama and Presidents Van Rompuy and Barroso announced that the US and the EU are determined to finalise negotiations on a comprehensive EU-US data privacy and protection agreement. On 19 March 2012, a High Level Conference on Privacy and Protection of Personal Data took place to discuss commercial data privacy questions, held simultaneously in Washington and Brussels. The conference was extremely well attended by high-level EU regulators and provided valuable insights into the respective priorities. Before the Conference, European Commission (EC) Vice-President Viviane Reding and U.S. Secretary of Commerce John Bryson released an EU-US joint statement on data protection in which they stated that this was a defining moment for global personal data protection and privacy policy and for achieving further interoperability of our systems on a high level of protection. The conference wad organised in the context of the EC's legislative proposals to reform and strengthen the fundamental right to data protection and unify the EU's data protection laws and enforcement rules and President Obama's privacy blueprint, including the Consumer Privacy Bill of Rights. Stakeholders in the US are very interested in the ongoing data protection reform in the European Union - notably in the proposal for a "one-stop-shop" and a consistent regulatory level playing field across all EU Member States. Viviane Reding, started by saying that today, in a digital economy, the scare of sharing personal information has increased being a crucial factor of economic growth, therefore the protection of citizens' right is inevitable: trust in digital economy is possible only when a solid protection is settled. That's why data protection is a strong policy priority for the European Commission and the European Parliament, as well as for all the 27 Member States. Notably she underlined three prominent elements: 1. The principles of data protection are as valid today as in 1995 and EU has to reaffirm the importance of this fundamental right 2. Technology innovations have made our DP rules a key factor for our digital single market because, in order to flourish, our economy needs trust: lack of trust indeed discourages citizens from buying online and giving their personal information on line. 3. European and American companies expect that the new European data law will provide a legal playing field, regardless of where the company operates in the 27 members: the goal is to create only one rule for Europe - making sure that the one stop shop for data protection regulation is for all EU Member States; this is the only way EU will be a more attractive place to do business. US authorities have developed efforts to comply with safe harbours - but more efforts are needed: a dialogue is needed to improve the safe harbour agreement and to go even further; stronger interoperability standards are needed as well to complete the puzzle to provide legal certainty to businesses and citizens. John Bryson, US Secretary of Commerce, who came in with a video message, reported that President Obama had asked the Congress to enact legislation but also to move ahead on a voluntary basis through codes of conduct, underlying the importance of a collaborative approach. The other speakers in the first panel also all broadly welcomed both the EU proposals and the Obama White Paper. However, Douwe Korff, representing EDRi, said that these exchanges of mutual compliments were excessive: there were still major issues to be resolved. In particular, in Europe, data protection is a fundamental right, accorded to "everyone" (Charter of Fundamental Rights). The European civil society in principle welcomed the proposed EU Regulation insofar as it sought to achieve data protection at a high level, although quite a few issues still needed improving or clarifying. By contrast, in the US privacy much less protection is given under the Constitution: although the recent Jones decision by the Supreme Court has shown progress, there were still important limitation on the US Fourth Amendment guarantees; the "third party" doctrine undermined principles that are seen as crucial in Europe, notably purpose-limitation; and in important areas privacy protection was denied to non-US citizens altogether. Although the conference as such was limited to privacy in the commercial context, the debate should also note the major issue of private-sector data being used for law enforcement and national security purposes without appropriate safeguards: that was the elephant in the room that no-one mentioned. From a European perspective, it was essential that privacy in the USA should be placed on a comprehensive statutory basis that met the international standards, as enshrined in the only binding global data protection instrument, Council of Europe Convention No. 108 (currently being updated). The President's proposals for a Consumer Privacy Bill of Rights would only result in an acceptable situation if that Bill would become a binding law, meeting the new Convention standards. In the second panel, Representative Ed Markey (D-MA)'s speech was revealing: he presented a good update on the status of the COPPA (Children's Online Privacy Protection Act) revisions and, as the long-standing co-chair of the Congressional Privacy Caucus, provided a fascinating historical summary of the various federal privacy initiatives of recent decades. He highlighted that in the US people shared the same concerns and values as within EU, in particular the fundamental principles of knowledge, notice and right to say "No" to the use of their private info, but something gets lost in translation from principle to practice. In his opinion, the DP Regulation can assure a high level of protection and, therefore, is a good example to follow: US Congress needs to act to protect privacy as a right. Notably, he insisted on the need to protect 15 years old and younger from behavioural targeting ads and to create, for this purpose, a safe harbour for children. He commended Viviane Reding for the strong response to Google new privacy policy and asked for investigation in the US of Google new privacy policy. In the third panel, Peter Hustinx, the European Data Protection Supervisor, had a slightly optimistic message for the US. In outlining his understanding of the interoperability requirements highlighted in the Joint Statement, he suggested that an adequacy finding could result from the implementation of the White Paper, even if it did not result in a comprehensive law, as adamantly requested by Francoise Le Bail, Director-General for Justice at the European Commission. Mr. Hustinx emphasized the need for sufficiently common principles and their binding implementation as far more important than the specifics of the regulatory regime. The fourth panel focussed on the enforcement of privacy (and other matters) by the US Federal Trade Commission, and was thus linked to the fifth panel which specifically discussed the Safe Harbor. FTC representatives strongly emphasised their commitment to strong enforcement, and pointed to two recent agreements with Google and Yahoo. However, David Smith, the UK Deputy Information Commissioner with primary responsibility for data protection, said that when he looked at the websites of a small random sample of companies that said they complied with the Safe Harbor, he found that about 1/3 of them did not even appear to have a privacy statement, another 1/3 had one but it did not meet the Safe Harbor standards, and the final 1/3 seemed to have a privacy statement that more or less reflected the Safe Harbor requirements. Douwe Korff intervened to say that was what he found too, and said that in spite of the two recent cases (the effects of which still needed to be seen), the Safe Harbor appeared to be largely a fig leaf behind which US companies in practice continued to operate contrary to basic privacy principles. Another intervener, Edward Hasbrouck, pointed out that the FTC's remit was limited in some important respects, and for instance did not cover transportation and, thus, airline passenger data. EU Conference: Privacy and Protection of Personal Data (19.03.2012) http://ec.europa.eu/justice/events/eu-us-data/index.html Recorded webcast of the Conference (19.03.2012) http://scic.ec.europa.eu/str/indexh264.php?sessionno=0cdf61037d7053ca59347a… Viviane Reading's speech: Towards a New "Gold Standard" in Data Protection?(19.03.2012) http://ec.europa.eu/commission_2010-2014/reding/pdf/speeches/20120319speech… EU-U.S. joint statement on data protection by European Commission Vice-President Viviane Reding and U.S. Secretary of Commerce John Bryson (19.03.2012) http://europa.eu/rapid/pressReleasesAction.do?reference=MEMO/12/192 (Thanks to Douwe Korff - EDRi-member FIPR- UK) ============================================================ 3. France: Biometric ID database found unconstitutional ============================================================ The French Constitutional Council found the law proposing the introduction of a new biometric ID for French citizens as unconstitutional. The law was referred to the Constitutional Council on 7 March 2012, by more than 200 members of the French Parliament, a day after the French National Assembly passed the 10-article law under the pretext of combating "identity fraud". According to the bill, more than 45 million individuals in France would have their fingerprints and digitized faces stored in what would be the largest biometric database in the country. The biometric ID card was to include a compulsory chip containing personal information, such as fingerprints, a photograph, home address, height, and eye colour. A second, optional chip was to be implemented for online authentication and electronic signatures, to be used for e-government services and e-commerce. The opposing parliamentarians challenged the compatibility of the bill with the citizens' fundamental rights including the right to privacy and the presumption of innocence. In passing the bill, the National Assembly ignored CNIL's (French Data Protection Authority) report of October 2011 that was criticizing the creation of the centralized biometric database. It also entirely ignored the general opposition at the European level. In 2011, EDRi and 80 other civil liberties organizations asked the Council of Europe to study whether biometrics policies respect the fundamental rights of every European. Moreover, previous experiences in France with biometric passports (highly criticised as well) have proven entirely unreliable with about 10% of the issued passports having been fraudulently obtained. The bill does not take into consideration either the position of the European Court of Human Rights which in 2008 condemned UK for breaching the right to privacy after the creation of a file including data on all people involved in a crime, irrespective of their position (victim, witness, suspect or guilty). On 22 March, the Constitutional Council found unconstitutional four articles of this law, as well as part of other two articles. The council reminded that "the collection, registration, preservation, consultation and communication of personal data have to be justified by a general interest reason and carried put properly and proportionally". While the Council found no problem related to the general interest, it clearly raised the issue of proportionality. "Regarding the nature of the recorded data, the range of the treatment, the technical characteristics and conditions of the consultation, the provisions of article 5 touch the right to privacy in a way that cannot be considered as proportional to the meant purpose". The Council also had objections against the creation of the huge biometric database considering the fact that the National Assembly had authorized the use of the database by the police for extended purposes from the identification of an accident victim to finding the authors of law infringements or crimes. The confusion in the bill text between an identity document and an electronic payment means was also sanctioned by the Council. The idea was that the ID could contain data allowing the owner to apply an electronic signature in view of electronic transactions. The Council drew the attention on the fact that the law did not specify the nature of the data and did not provide any guarantee for the integrity and confidentiality of these data and considered that the legislator has exceeded its competence in this matter. In other words, that the government did not really know what they were talking about. The new electronic identity card judged as unconstitutional (only in French, 23.03.2012) http://www.lemonde.fr/societe/article/2012/03/23/la-nouvelle-carte-d-identi… France: Constitutional Council censors the database created to fight the identity theft (only in French, 23.03.2012) http://www.rfi.fr/france/20120323-france-conseil-constitutionnel-censure-fi… Decision n0 2012-652 DC on the Law regarding the identity protection (only in French, 22.03.2012) http://www.conseil-constitutionnel.fr/conseil-constitutionnel/francais/les-… "A Time Bomb For Civil Liberties": France Adopts a New Biometric ID Card (8.03.2012) https://www.eff.org/deeplinks/2012/03/french-national-assembly-proposes-new… ============================================================ 4. ICANN will cooperate in taking down websites for copyright infringements ============================================================ During its 43rd international meeting that took place in San Josi, Costa Rica between 11 and 16 March 2012, ICANN (the Internet Corporation for Assigned Names and Numbers) expressed its intention to increase its cooperation with global law enforcement agencies and governments, to combat copyright infringements. There are 22 registries containing domain names registered in a top-level domain and over 700 registrars accredited by ICANN. During an open session with the Government Advisory Committee (GAC), the ICANN board confirmed its intention to meet the expectations included by GAC in a document with 12 recommendations. "There has been some agreement on 11 of the 12 recommendations made by law enforcement authorities to the registrar accreditation agreement; we will work to ensure agreement meets expectations and give registrars the incentive to accept recommendations right away," said Kurt Pritz, ICANN senior vice president in charge of stakeholder relations. Thus ICANN, not only isn't taking position against abuses of the domain system in order to preserve the basic structure and principles of the Internet, but actually takes part in an increasing tendency of controlling and censoring the Internet. One of the12 recommendations was the inclusion of a clause in the registrars' agreements that would hold them responsible (by negligence) for registering domains engaging in criminal activities. Another one was for registrars to keep detailed information of domain buyers, (including their source IP addresses and transaction information), and to validate the contact information given by them. ICANN was also urged to review the compliance of the registrars with enforcement agreements before renewing their contracts. And ICANN has shown its willingness to meet the requirement: "Complaints on compliance started coming in the last six to nine months, a team of 12 is now in place and will improve the quality of service," said Rod Beckstrom, ICANN CEO and president. Furthermore, prior to its meeting, ICANN has even produced a "Thought Paper on Domain Seizures and Takedowns" which is actually a guide for government officials on how to seize, takedown and censor websites including sections such as "guide for preparing domain name orders, seizures & takedowns" and "checklist of information to submit with a legal or regulatory action." The paper "offers guidance for anyone who prepares an order that seeks to seize or take down domain names. Its purpose is to help preparers of legal or regulatory actions understand what information top level domain name (TLD) registration providers such as registries and registrars will need to respond promptly and effectively to a legal or regulatory order or action. The paper explains how information about a domain name is managed and by whom," says ICANN about its own paper. Domain seizures for copyright infringement likely to go global (14.03.2012) http://news.idg.no/cw/art.cfm?id=B2318066-9100-36AE-6DA668DCC8BE64C8 Thought Paper on Domain Seizures and Takedowns (8.03.2012) http://blog.icann.org/2012/03/thought-paper-on-domain-seizures-and-takedown… Rather Than Speaking Out Against Domain Seizures, ICANN Provides A 'How To' Manual (12.03.2012) http://www.techdirt.com/articles/20120312/01013718069/rather-than-speaking-… ============================================================ 5. CoE's Internet Governance strategy places emphasis on users' rights ============================================================ On 15 March 2012, the 47 Council of Europe (CoE) member states adopted an Internet governance strategy to protect and promote human rights, the rule of law and pluralistic democracy online. The strategy, which covers 40 lines of action for the period 2012-2015, refers to 6 major areas: Internet's openness, the rights of users, data protection, cybercrime, democracy and culture, and children and young people. It is meant to identify "challenges and corresponding responses to enable state and non-state actors together to make the Internet a space which is inclusive and people-centred" and has in view the international legal framework, including the human rights law, which is "as a matter of principle, equally applicable on-line as it is off-line." The main action lines of the strategy include the maximisation of rights and freedoms for internet users, developments in data protection and privacy, the enhancing of the rule of law and an effective co-operation against cybercrime, the maximisation of the Internet's potential to promote democracy and cultural diversity and the protection and empowering of children and youth. The strategy has in view the development of soft law instruments such as high-level "framework of understanding and/or commitments" to protect the "Internet's universality, integrity and openness as a means of safeguarding freedom of expression regardless of frontiers and Internet freedom," protection standards to ensure a free cross-border flow of legal online content and human rights standards on network neutrality. Preserving core values such as human rights, democracy and rule of law in the online environment is vital in the CoE's opinion as well as the necessity for citizens to be properly informed in order to use Internet services responsibly. The strategy has in view that the protection of personal data and the respect for privacy on the Internet are indispensable. Another direction considered in the strategy is an increased data collection through the European Audiovisual Observatory and improved public services through the Internet so as to better take advantage of the potential of the Internet for democracy and cultural diversity. The CoE Convention on data protection ("Convention 108") is also considered the best available instrument to protect and promote data protection and therefore, the strategy has in view its modernisation and the strengthening of its implementation. "The strategy's adoption is the validation by member states that the CoE's core values - human rights, rule of law, democracy - for the Internet are a priority. There is a realisation that the Internet is enabling and affecting people in many ways, and that there is a need to embrace its influence. The strategy provides orientation and promotes a holistic and sustainable approach to the Internet, with people and their rights and freedoms at its heart. In doing so, it champions multi-stakeholder dialogue as the way forward for Internet policy making", said Lee Hibbard, Head of the Information Society Unit in CoE. Internet Governance - Council of Europe Strategy 2012-2015 (15.03.2012) https://wcd.coe.int/ViewDoc.jsp?Ref=CM(2011)175&Language=lanEnglish&Ver=fin… Council Of Europe Passes Internet Governance Strategy (15.03.2012) http://www.ip-watch.org/2012/03/15/council-of-europe-passes-internet-govern… ============================================================ 6. New German court decision on traffic filtering ============================================================ A Higher Regional Court in Hamburg ruled on 14 March 2012 that the file-hosting site RapidShare had to proactively filter the files uploaded by its users. A court's press release stated RapidShare was required to block its users from uploading a list of 4 000 files allegedly infringing copyrights. The present ruling comes to confirm three separate previous rulings by a lower court in cases brought by German booksellers, book publishers and a music rights group. "The judgement confirms that Rapidshare must take effective measures against the use of illegal content on its service," said a German bookseller's association. RapidShare's spokesman Daniel Raimer explained that the copyright holders were leaving out essential details of the court ruling that were actually quite positive for the site. "There is a possible reason for the rushed approach, particularly that of the Booksellers Association. In the hearing, the Higher Regional Court indicated that it would deviate from its former position under which RapidShare's business model was not tolerated by the legal system." The German verdict appears to be in contradiction with a ruling by the European Court of Justice (ECJ) which ruled in February 2012 in the case Sabam vs. Netlog that hosting sites could not proactively filter copyrighted content because that would violate the users' privacy and hinder freedom of information. ECJ decided that a national court is precluded from issuing an injunction against a hosting service provider which requires it to install a filtering system "capable of identifying electronic files containing musical, cinematographic or audio-visual work in respect of which the applicant for the injunction claims to hold intellectual property rights, with a view to preventing those works from being made available to the public in breach of copyright" with the purpose to filter information "which is stored on its servers by its service users; which applies indiscriminately to all of the users as a preventative measure; exclusively at its expense and for an unlimited period" RapidShare has not yet decided whether it would appeal the verdict and is probably waiting for the written decision to be made public. Court Orders RapidShare to Filter User Uploads (15.03.2012) http://torrentfreak.com/court-orders-rapidshare-to-filter-user-uploads-1203… Copyright Illegal Downloads: Higher Regional Court of Hamburg decides duties for the online storage service "Rapidshare" (only in German, 15.03.2012) http://justiz.hamburg.de/presseerklaerungen/3334434/pressemeldung-2012-03-1… German court orders Rapidshare to filter user uploads (19.03.2012) http://arstechnica.com/tech-policy/news/2012/03/german-court-orders-rapidsh… ECJ - Judegement Sabam vs Netlog (16.02.2012) http://curia.europa.eu/juris/document/document.jsf?text=&docid=119512&pageI… ============================================================ 7. Italy: Problematic Internet blocking decision against fraudulent website ============================================================ The Italian Antitrust Authority (AGCM) has started ordering the blocking some websites involved in the online sale of fashion products, following several complaints made by consumers. It is the first blocking measure ordered by this Authority (enforced through the collaboration with the antitrust department of the Guardia di Finanza), which relied on the Consumer Code and e-commerce rules. In its blocking order, the Authority does not charge the provider with selling counterfeited products, but for the infringement of rules related to warranties, delays and delivery conditions.. This decision has been adopted against the company called "Private Outlet," which is part of the e-commerce "private club," where members can join for free and take advantage of special promotions of famous brands fashion products with high discounts. AGCM has intervened after several reports of fraudulent behaviour, because Private Outlet allegedly "spread, through its website, content liable to mislead consumers about the availability of the products offered for sale": it has considered the elements collected enough to proceed a preliminary investigation and to demand the company to suspend any activity. In order to ensure the efficiency of the measure and ostensibly to offer better protection for consumers, the Authority ordered the ISPs to completely block all domains that refer to the Private Outlet network on the whole Italian territory. Granted that consumers protection is necessary and that the complaints are may well be valid, it seems that this kind of measure actually goes far further beyond what the Italian rules actually mandate. Firstly, because these rules allow the Authority only to "demand the provider to prevent or put an end to the committed infringements", secondly, because the jurisdiction to issue provisional orders against third parties has always been exercised by the ordinary courts and, finally, because AGCM has provided these orders without the participation in proceedings of the subjects required to bear the measures and offer a defence. We are talking about the exercise of an interlocutory power (which has all the characteristics of a criminal seizure) that, apparently, the Competition Authority believes itself to be mandated to exercise: this is contrary to what has been stated in some decisions of the Court, that have always attributed this power to the ordinary judicial body. Moreover, blocking of IP address may not be sufficient to avoid the perpetuation of fraud (the provider could, for instance, change the address or even change its name): is it possible that the Authority cannot imagine more effective and less controversial measures? Measures which restrict fundamental rights that are not necessary and proportionate and that do not genuinely meet objectives of general interest are in beach of the European Convention on Human Rights. Text of the provision - page. 89 (only in Italian, 12.03.2012) http://www.agcm.it/bollettino-settimanale/5906-bollettino-82012.html Vajont.com case (libel slander) - Court's decision declares unlawful the blocking (only in Italian, 14.03.2012) http://www.fulviosarzana.it/blog/liberta-di-stampa-e-di-espressione-il-trib… and http://www.fulviosarzana.it/blog/esclusiva-lordine-di-revoca-integrale-del-…; Moncler Case (counterfeiting) - Court's decision rescinds the blocking (only in Italian, 4.11.2011) http://brunosaetta.it/diritto/moncler-non-basta-la-parola.html (Contribution by Elena Cantello - EDRi intern) ============================================================ 8. ENDitorial: European Parliament defends itself and democracy from ACTA ============================================================ The decision of this week of the European Parliament not to refer ACTA to the European Court of Justice was a decision which has ramifications far beyond the ACTA dossier itself. It is one which will have long-term effects on the institutional standing of the European Parliament. The functioning of the EU decision-making process relies on a broadly equal balance between the three main institutions - the Commission, the Parliament and the Council (Member States). The European Parliament is the only directly elected institution. It is therefore particularly important that it is robust and independent. The less powerful the Parliament is in this institutional triangle, the less direct influence that citizens can bring to bear in the preparation of legislation that affects every one of them. In controversial dossiers, the European Commission and/or the Member States have often sought to overrule the position (or expected position) of the European Parliament, exploiting personal or institutional weak points, pushing the Parliament's democratic scrutiny of the dossier in question to one side. Instead of judging a proposal on its merits, career ambitions of individual MEPs or domestic political concerns are the primary factors that decide the position of the Parliament. This is what happened with the Data Retention Directive, where the UK Presidency of the Council essentially bullied the Parliament into submission. On the basis of the Parliament's scrutiny of the Directive, it would have been rejected. However, by a mixture of pressure from the UK Presidency on the Parliament as a whole and the German government on German MEPs, the Directive was approved. The fact that the Parliament could be persuaded to abandon its position on a policy on the basis of bullying and domestic political pressures inflicted damage on the institution that is still visible today. In the past few months, the ACTA dossier has become very similar. As the likelihood of a rejection of the proposed Agreement by the Parliament grew, the European Commission, with support from Parliamentarians motivated by other priorities than the defence of the prerogatives of the only democratically elected EU institution, has sought to use every possible machination to prevent the Parliament from taking its vote. The first such tactic was the referral of the dossier to the European Court of Justice. If this measure was really based on genuine concerns about ACTA's legality, it would have been done far earlier - and certainly before the dossier had been handed over to the European Parliament. From that point on, the question was (and still remains) whether the European Parliament is strong enough as an institution to defend itself from having its decision-making process visibly and publicly undermined in this way. The pro-ACTA lobby in the Parliament has used the Commission's plan for a Court referral as a basis to undermine the Parliament's decision-making. Every possible argument and strategy that could be used to prevent a vote is therefore being brought to bear inside the Parliament to support the Commission's attempt to circumvent the Parliament's role in the decision-making process. The same lobby is even seeking to persuade the Parliament that it does not have the political right, even if it has the legal right, to reject the Agreement after years of (untransparent) negotiation. This is why they argue that rejection would "irrevocably affect Europe's credibility as a trusted global trade partner". The argument to the Parliament is therefore "do not use your legal rights. Do not seek to bring democracy into this process, it will make the EU look bad." More surprisingly, elements within the Parliament are seeking to undermine the Parliament. For example, elements of the Parliament's legal service are arguing that the Parliament's rules of procedure can be understood to say things they don't say. The ostensibly neutral and non-political lawyers argue that the Rule of Procedure, which say that the Parliament should suspend its work if the Parliament itself refers a decision to the Court, argue that - presumably on the basis that the drafters of the Parliament's rule were incompetent - the rules meant to say that deliberations should be suspended if any institution refers a proposal to the Court. With help from the industry and Commission lobbies, the anti-Parliament elements in the Parliament generated a whole queue of implausible delaying tactics on the production line. Do the rules of procedure of the Parliament say what they do not say? Maybe the Parliament should delay a vote for over a year to be on the safe side. Or perhaps this question should be referred to the Constitutional Affairs Committee to spend a few months reflecting on - with the Parliament suspending its work in the meantime. Perhaps the Parliament should produce an interim report, asking for non-binding undertakings from the Commission and Member States about implementation of ACTA, thereby wasting another few months. It is a very positive sign that the European Parliament has decided to resist the siren calls of the pro-ACTA lobby. It is a positive sign that the Parliament is showing a new courage to stand up for its democratic role in the decision-making process. However, there are still numerous possibilities for delay and even a vote in favour of ACTA's disastrous provisions. The courage shown this week gives grounds for cautious (and, above all, non-complacent) optimism. Full overview of the delay plans http://edri.org/acta_revival Industry lobbying on ACTA http://www.edri.org/files/acta_misinformation.pdf Mr Wieland sacrifices the Parliament's broader interests (27.03.2012) http://acta.ffii.org/?p=1216 European Parliament Rejects Referral Of ACTA To EU High Court (27.03.2012) http://www.ip-watch.org/2012/03/27/european-parliament-rejects-referral-of-… Cooperative efforts in ACTA Digital Chapter (2012) http://www.edri.org/files/2012EDRiPapers/Article27.pdf (Contribution by Joe McNamee - EDRi) ============================================================ 9. Recommended Action ============================================================ 28 March 2012: Events on the Document Freedom Day http://documentfreedom.org/ ============================================================ 10. Recommended Reading ============================================================ EDRi Cooperative efforts in ACTA Digital Chapter (03.2012) http://www.edri.org/files/2012EDRiPapers/Article27.pdf ENISA: Study on data collection and storage in the EU http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverabl… Commission gives up blocking VPN services, but still blocks ToR (26.03.2012) http://www.daten-speicherung.de/index.php/eu-commission-gives-up-blocking-t… ============================================================ 11. Agenda ============================================================ 29 March 2012, Reykjavmk, Iceland Reykjavmk Digital Freedoms Conference http://rdfc.is/ 30 March - 1 April 2012, Berlin, Germany Wikimedia Chapters Meeting 2012 http://meta.wikimedia.org/wiki/Wikimedia_Conference_2012 13 April 2012, Biefeld, Germany Big Brother Awards Germany http://www.bigbrotherawards.de/ 16-18 April 2012, Cambridge, UK Cambridge 2012: Innovation and Impact - Openly Collaborating to Enhance Education OER12 and the OCW Consortium's Global Conference http://conference.ocwconsortium.org/index.php/2012/uk 25 April 2012, Helsinki, Finland Finnish Internet Forum http://www.internetforum.fi/ 26-28 April 2012, Belgrade, Serbia SHARE 2 Conference http://www.shareconference.net/en 2-4 May 2012, Berlin, Germany Re:Publica 2012: ACTION! http://re-publica.de/12/en 14-15 June 2012, Stockholm, Sweden EuroDIG 2012 http://www.eurodig.org/ 18-22 June 2012, Samos, Greece Samos 2012 Summit on Open Data for Governance, Industry and Society Academic Papers Submission Deadline: 29 April 2012 http://samos-summit.blogspot.com/ 20-22 June 2012, Paris, France 2012 World Open Educational Resources Congress http://www.unesco.org/webworld/en/oer 2-6 July 2012, Budapest, Hungary Policies and Practices in Access to Digital Archives: Towards a New Research and Policy Agenda http://www.summer.ceu.hu/sites/default/files/course_files/Policies-and-Prac… 9-10 July 2012, Barcelona, Spain 8th International Conference on Internet Law & Politics: Challenges and Opportunities of Online Entertainment http://edcp.uoc.edu/symposia/idp2012/cfp/?lang=en 11-13 July 2012, Vigo, Spain The 12th Privacy Enhancing Technologies Symposium (PETS 2012) http://petsymposium.org/2012/ 12-14 September 2012, Louvain-la-Neuve, Belgium Building Institutions for Sustainable Scientific, Cultural and genetic Resources Commons. http://biogov.uclouvain.be/iasc/index.php 7-10 October 2012, Amsterdam, Netherlands 2012 Amsterdam Privacy Confernece http://www.ivir.nl/news/CallforPapersAPC2012.pdf ============================================================ 12. About ============================================================ EDRi-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRi has 28 members based or with offices in 18 different countries in Europe. European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRi-grams. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and are visible on the EDRi website. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 3.0 License. See the full text at http://creativecommons.org/licenses/by/3.0/ Newsletter editor: Bogdan Manolea <edrigram(a)edri.org> Information about EDRI and its members: http://www.edri.org/ European Digital Rights needs your help in upholding digital rights in the EU. If you wish to help us promote digital rights, please consider making a private donation. http://www.edri.org/about/sponsoring http://flattr.com/thing/417077/edri-on-Flattr - EDRI-gram subscription information subscribe by e-mail To: edri-news-request(a)edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. Unsubscribe by e-mail To: edri-news-request(a)edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/edri/2.html - EDRI-gram in German EDRI-gram is also available in German, with delay. Translations are provided Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users http://www.unwatched.org/ - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask <edrigram(a)edri.org> if you have any problems with subscribing or unsubscribing. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

EDRi-gram newsletter - Number 9.10, 18 May 2011
by EDRI-gram newsletter 06 Jul '18

06 Jul '18

============================================================ EDRi-gram biweekly newsletter about digital civil rights in Europe Number 9.10, 18 May 2011 ============================================================ Contents ============================================================ 1. EU and China adopt harmonised approach to censorship 2. Data retention in EU Council Meeting 3. Belgium Senate deletes the repressive part of the three strikes draft law 4. Dutch ISPs admit to using deep packet inspection 5. CoE refuses to start investigation on biometrics 6. Ireland adopts innovation agenda on intellectual property 7. UK police has bought surveillance software to track online movements 8. Google found guilty in Belgium for newspapers' copyright infringement 9. Privatised enforcement series E: Online trading platforms sell out 10. CFP 2011 Conference to address the Future of Technology and Human Rights 11. ENDitorial: RFID PIA: Check against delivery 12. Recommended Action 13. Recommended Reading 14. Agenda 15. About ============================================================ 1. EU and China adopt harmonised approach to censorship ============================================================ The European Union and China appear to have agreed to share their preferred approaches to censorship, producing a model that is a perfect mix between current EU and Chinese policies. On 20 April 2011, at an event in the European Parliament entitled "Creative Industries: Innovation for Growth", the French European Commissioner for the Internal Market, Michel Barnier, announced plans to make focus on Internet providers to enforce intellectual property. He explained that he did not want to "criminalise" consumers and therefore would put the pressure on online intermediaries (who will then police and punish the consumers instead). Eight days later, on 28 April, the Beijing Copyright Bureau decided to follow exactly the same model. In its "Guiding Framework for the Protection of Copyright for Network Dissemination," it proposes a range of obligations on Internet intermediaries such as: -180-day data retention for the name and IP address of users, if the intermediary provides file-sharing or hosting services. This is fractionally more liberal than the most liberal approach permitted by the European Commission, which requires data retention for a minimum of six months; - deterring and restraining (sic) those who upload unlicensed material, including terminating the offending users' service (as appears in the preparatory works of the ACTA agreement, supported by the EU) and also reporting these infringing acts to copyright law enforcement authorities; - employing "effective technical measures to prevent users uploading or linking to copyrighted works" (as supported by the EU in its input to the European Court of Justice in the Scarlet/Sabam case (C-70/10). While the developments in relation to copyright show China's willingness to learn from the EU's planned repressive measures, the traffic is not entirely one-way, as shown by the recent revelations on the Hungarian Presidency's "virtual Schengen" proposal. In 2008, the French EU Presidency developed plans for a "Cybercrime Platform" to be run by Europol, as a means of collecting reports of illicit/unwanted content from across Europe, acting as an "information hub" with the reasonably obvious intention of a harmonised approach to blocking web content. This approach was further developed in the Internal Security Strategy from 2010, which said ominously that "while the very structure of the internet knows no boundaries, jurisdiction for prosecuting cybercrime still stops at national borders. Member States need to pool their efforts at EU level. The High Tech Crime Centre at Europol already plays an important coordinating role for law enforcement, but further action is needed." The European Commission immediately took the initiative and offered funding for projects that supported "the blocking of access to child pornography or blocking the access to illegal Internet content through public-private cooperation" - expanding blocking both to content of any kind and to extra-judicial blocking, in contravention of the European Convention on Human Rights and the EU Charter of Fundamental Rights. As a result, European police forces were given a grant of 324 059 Euro to lobby for blocking in the EU. All of these developments have now led to the proposal for a "Great Firewall of Europe", as demonstrated by an EU Council presentation published this week by EDRi. This would harmonise the EU's approach to content that it wished to stop at the EU's borders, following the same logic as the "Great Firewall of China" which censors unwanted content from outside China's jurisdiction. Ironically, both the European Commission and Council of Ministers are now claiming that such a blocking plan was never the intention and are distancing themselves from the proposal - even to the point of rewriting the minutes of the meeting where the proposal was discussed. In summary, therefore, the EU/China internal policy on censorship will be based on the European model of censorship by proxy, whereby Internet intermediaries undertake the work. For unwanted traffic from outside the EU, the Chinese model of a "virtual border" is being pushed forward, despite recent protestations of innocence from the EU institutions. Hungarian presidency rewriting of history of meeting http://register.consilium.europa.eu/pdf/en/11/st07/st07181-co01.en11.pdf Virtual Schengen documents released by EU Council (12.05.2011) http://www.edri.org/virtual_schengen Commission input to ECJ on Scarlet/Sabam (only in French, 13.01.2011) http://www.mlex.com/itm/Attachments/2011-01-13_1B8G0W13A97M04RY/C70_10%20FR… ACTA Draft: No Internet for Copyright Scofflaws (24.03.2010) http://www.wired.com/threatlevel/2010/03/terminate-copyright-scofflaws/ EU Internal Security Strategy http://www.consilium.europa.eu/uedocs/cms_data/docs/pressdata/en/jha/113055… French Presidency work programme http://www.eu2008.fr/webdav/site/PFUE/shared/ProgrammePFUE/Programme_EN.pdf EU Communication: Internal Security Strategy (22.11.2010) http://www.statewatch.org/news/2010/nov/eu-com-internal-security-strategy-n… Chinese copyright office: Guiding Framework on the Protection of Copyright for Network Dissemination (28.04.2011) http://www.r2g.net/english/english_news_article_1004.htm EU information management instruments (20.07.2010) http://europa.eu/rapid/pressReleasesAction.do?reference=MEMO/10/349&type=HT… Council and Commission distance themselves from blocking plans (only in German, 16.05.2011) http://www.spiegel.de/netzwelt/netzpolitik/0,1518,762783,00.html Commission funding - ISEC 2010 action grants http://bit.ly/mE9noz (Contribution by Joe McNamee - EDRi) ============================================================ 2. Data retention in EU Council Meeting ============================================================ The EU Council Working Group of Justice and Home Affairs had a first discussion on 12 May 2011 on the European Commission implementation report on the data retention directive. The Commission agreed that the implementation has been uneven, both in terms of retention periods, as well as in respecting data protection principles. The working group discussed issues related to a common definition of "organised crime", that was opposed by some, on the basis of infringing the rights of Member States to govern their own affairs on entirely internal processes ("subsidiarity"). This was just a preliminary discussion, where some member states claimed that data retention was necessary, favouring a two year retention period. Only a few countries brought forward the idea of the "quick freeze" as an alternative solution. The next schedule presented by the Commission includes several public meetings, the first with civil society on 8 June 2011. After that, the impact assessment should be finalized after the Summer and, by the end of 2011, the European Commission wishes to present its proposal to amend the data retention directive. Press release: 3085th Council meeting - Justice and Home Affairs (12.05.2011) http://www.consilium.europa.eu/uedocs/NewsWord/en/jha/121967.doc EDRi-gram: Top 10 misleading statements of the European Commission on data retention (20.04.2011) http://www.edri.org/edrigram/number9.8/data-retention-evaluation ============================================================ 3. Belgium Senate deletes the repressive part of the three strikes draft law ============================================================ The Belgium version of the French Hadopi three strikes law was significantly changed by the Commission of Finance and Economical Affairs (COMFINECO) of the Belgium Senate during a hearing organised on 11 May 2011 on copyright and Internet. The proposal, initially submitted in 2010 and re-tabled at the beginning of 2011, was amended by the removal of a series of articles which actually referred to the three strikes system. NURPA (the Net Users' Rights Protection Association) warns that the proposed law, although amputated, still raises certain concerns and draws the attention especially to article 12 which "requires the settling of agreement between private actors and allows the limitation of the Internet user's freedom of usage". The article stipulates that the agreement signed with the ISPs "determines the limits and conditions under which a user that has access to a public online communication service can use it to exchange works protected by copyright or related right(s)." Inspired also by the French Hadopi law, the proposed Belgium law introduces the creation of a Council for the protection of copyright on the Internet that would have as its main task to establish a list of legal offers. It is not clear which criteria will be used to determine what offers will be legal and which will be the means to keep such a list updated and complete. "Instead of seeing the Internet as an opportunity to reduce the number of intermediaries between the public and the artists, the text only continues to place the copyright collective societies in the centre of the revenue perception. There are innovating initiatives and a freedom of artistic distribution that should be encouraged rather than playing in the hands of the private societies" stated Daniel Faucon, spokesperson for NURPA. Two contradictory opinions also marked the COMFINECO hearing, one according to which the service providers would incite to illegal downloading and therefore should be made responsible and a second one that is closer to net neutrality, meaning that the service providers should not be held accountable for the content exchanged on the Internet. The Belgium HADOPI amputated in its repressive part (only in French, 12.05.2011) http://nurpa.be/actualites/2011/05/HADOPI-belge-amputee-partie-repressive.h… The Belgium Hadopi is buried, but filtering is not (only in French, 12.05.2011) http://www.numerama.com/magazine/18776-la-hadopi-belge-est-enterree-mais-pa… EDRi-gram: Four strikes law returns to Belgium (9.05.2011) http://www.edri.org/edrigram/number9.5/belgium-four-strikes-law-returns ============================================================ 4. Dutch ISPs admit to using deep packet inspection ============================================================ During an investors day on 10 May 2011 in London, Dutch Internet service provider KPN admitted to using deep packet inspection (DPI) technology, to determine the use of certain applications by its mobile internet customers. Vodafone soon followed with an announcement that it used this technology for traffic shaping. The Dutch minister of Economic Affairs within days announced an investigation into KPN's practices and promised to publish the results within two weeks. The recent revelations come after Dutch telecom giant KPN announced that it will start charging mobile internet users extra for the use of certain applications, such as internet telephony. This is a hot topic in The Netherlands, as net neutrality rules will soon be discussed in the Dutch parliament. Dutch digital rights organisation Bits of Freedom is concerned that the application of DPI by KPN is a violation of the Dutch law and called for customers to lodge a complaint with the public prosecutor. Article on use of DPI by KPN (12.05.2011) http://webwereld.nl/nieuws/106656/kpn-luistert-abonnees-af-met-deep-packet-… Press release Bits of Freedom (12.05.2011) https://www.bof.nl/2011/05/12/persbericht-bits-of-freedom-roept-kpn-abonnee… (contribution by Ot van Daalen - EDRi-member Bits of Freedom, Netherlands) ============================================================ 5. CoE refuses to start investigation on biometrics ============================================================ In an answer to the 31 March 2011 petition calling the Council of Europe (CoE) to start an in-depth survey under Article 52 of the European Convention on Human Rights, Thorbjxrn Jagland, the Secretary General of the CoE refused to start an investigation on the collection and storage of citizens' biometric data by member states. In his answer, Secretary General Jagland mainly points to the CoE Resolution 1797, adopted in March 2011. He does stress the need to take steps to ensure that relevant existing legal frameworks, including European data protection Convention 108, be enhanced and modernised. However, the Secretary General doesn't explain his refusal to investigate the legality of the current national biometric schemes. Instead, Mr. Jagland refers to various other Council of Europe bodies, such as the Parliamentary Assembly, the commissioner for Human Rights and the Consultative Committee of Convention 108. In a first reaction to the response from Strasbourg, an alliance spokesperson said: "The lack of protection of citizens rights against government use of biometrics is stunning. Moreover, the digital fingerscan technique itself is immature. For example a government test in the Netherlands, published after our petition, showed biometric verification failure rates of 21%. A test by the mayor of the city of Roermond revealed that for no less than one in every five persons collecting travel documents, the initial fingerprint scan had been so bad that it wasn't verifiable. So how can you ever reach the goals of the Passport Laws by storing these on the document chip? This confirms once again that an in-depth survey has to be conducted soon on whether the human rights guarantees and conditions of necessity (effectiveness, proportionality, subsidiarity and safety guarantees) set by the European Convention on Human Rights and the data protection Convention are indeed upheld in the countries involved." The more than 80 petition signatories from 27 countries, including EDRi, include - among others - digital, civil and human rights defenders, media, legal and medical organisations, academia, politicians and personal victims without a passport because of objections involving the biometric storage. Petition to Council of Europe on government use of citizens biometrics (updated on 12.05.2011) https://www.privacyinternational.org/article/petition-council-europe-govern… Answer of Council of Europe (29.04.2011) http://yfrog.com/z/h4yfwslj EDRi-gram: NGOs ask CoE to investigate government collection of biometrics (6.04.2011) http://www.edri.org/edrigram/number9.7/petition-coe-biometrics ============================================================ 6. Ireland adopts innovation agenda on intellectual property ============================================================ Richard Bruton, the Irish Minister for Enterprise, Jobs and Innovation, said that he was determined that the Irish government should make whatever changes were necessary to allow innovative digital companies to reach their full potential in Ireland. He said that some companies have complained that the current copyright legislation did not cater well for the digital environment and created barriers to innovation and to the establishment of new business models. For this reason, he has proposed research into how the current copyright law could be amended in such a way so that it would foster innovation. In order to achieve the aforementioned goal, Mr Bruton set up the Copyright Review Committee which, in the words of the Department of Enterprise, Trade and Innovation, has the following tasks: (1) Examine the present national copyright legislation and identify any areas that are perceived to create barriers to innovation; (2) Identify solutions for removing these barriers and make recommendations as to how these solutions might be implemented through changes to national legislation; (3) Examine the US style "fair use" doctrine to see if it would be appropriate in an Irish/EU context; (4) If it transpires that national copyright legislation requires to be amended but cannot be amended, (bearing in mind that Irish copyright legislation is bound by the European Communities Directives on Copyright and Related Rights and other international obligations) make recommendations for changes to the EU Directives that will eliminate the barriers to innovation and optimise the balance between protecting creativity and promoting and facilitating innovation. After completing these four tasks, the Copyright Review Committee will present a Report to the Government with a set of recommendations for legislative change. The Review will start with a consultation. All interested parties are invited to submit their views for inclusion in the review. The Chair of the Review Committee will be Dr. Eoin O'Dell of Trinity College, Dublin. The other members of the Review Committee will be Professor Stephen Hedley (University College Cork) and Ms. Patricia McGovern (DFMG Solicitors). The deadline for sending submissions is the end of June 2011. Consultation on the Review of the Copyright and Related Rights Act 2000, Department of Enterprise, Trade and Innovation of Ireland (09.05.2011) http://www.deti.ie/science/ipr/copyright_review_2011.htm Radical copyright law reform to boost Ireland's digital economy?(09.05.2011) http://siliconrepublic.com/new-media/item/21695-radical-copyright-law-refor (Contribution by Daniel Dimov - intern at EDRI) ============================================================ 7. UK police has bought surveillance software to track online movements ============================================================ Civil liberties groups have shown great concern about the UK Metropolitan police force's possible use of Geotime surveillance software that can map nearly every move in the digital world of "suspect" individuals. The Geotime security programme, that has recently been purchased by Britain Metropolitan Police, is used by the US military and is able to show an individual's movements and communications with other people on a three-dimensional graphic. It can be used to put up information gathered from social networking sites, satellite navigation equipment, mobile phones, financial transactions and IP network logs, creating a 3D graphic of correlations between actions, people and places. The use of such a tool is seen as a threat to personal privacy. Alex Hanff, the campaigns manager at Privacy International, showed concern that by the aggregation of "millions and millions of pieces of microdata, a very high-resolution picture of somebody" might be obtained. This could also be used by the government and police "for the benefit of commercial gain," and therefore, asked the UK police to explain who would decide how this software will be used in the future. "This latest tool could also be used in a wholly invasive way and could fly in the face of the role of the police to facilitate rather than impede the activities of democratic protesters," said Sarah McSherry, a partner at Christian Khan Solicitors, representing several protesters in cases against the Metropolitan police. Daniel Hamilton, director of the Big Brother Watch privacy blog, stated for ZDNet UK that "the ability to build up such a comprehensive record of any person's movements represents a significant threat to personal privacy." According to Geotime's website, the programme displays data from various sources, allowing the user to navigate the data with a timeline and animated display and the links between entities "can represent communications, relationships, transactions, message logs etc and are visualised over time to reveal temporal patterns and behaviours." The representatives of The Metropolitan police stated it was "in the process of evaluating the Geotime software to explore how it could possibly be used to assist us in understanding patterns in data relating to both space and time" and that it had not yet taken a final decision on whether the software would be adopted permanently. A spokesperson from the Ministry of Defence said the software was also under investigation by the ministry. This comes at a time when data retention has become a main issue of discussion being increasingly challenged and criticised and as the UK already exercises a high level of surveillance of individuals' online activities. According to the Guardian, Catt, an 86-year-old man without any criminal record, has recently been granted permission to sue a secretive police unit for having kept, on a clandestine database, a detailed record of his presence at more than 55 peace and human rights peaceful protests over a four-year period. The respective unit has been compiling a huge, nationwide database of thousands of protesters for more than ten years already. The police claims the unit only monitors so-called "domestic extremists" (which in Catt's case is a very exaggerated statement) and that the "minor" surveillance of Catt was a "part of a far wider picture of information which it is necessary for the police to continue to monitor in order to plan to maintain the peace, minimise the risks of criminal offending and adequately to detect and prosecute offenders". Police buy software to map suspects' digital movements (11.05.2011) http://www.guardian.co.uk/uk/2011/may/11/police-software-maps-digital-movem… Metropolitan Police trials GeoTime tracking software (12.05.2011) http://www.zdnet.co.uk/news/security-management/2011/05/12/metropolitan-pol… Privacy storm after police buy software that maps suspects' digital movements (12.05.2011) http://www.dailymail.co.uk/sciencetech/article-1386191/Privacy-storm-police… Protester to sue police over secret surveillance (3.05.2011) http://www.guardian.co.uk/uk/2011/may/03/protester-sue-police-secret-survei… ============================================================ 8. Google found guilty in Belgium for newspapers' copyright infringement ============================================================ Google lost its appeal in front of the Belgian appeals court which upheld an earlier ruling, having found the company guilty of infringing the copyright of newspapers, in the case introduced in 2006 by Copiepresse. In 2006, Copiepress, an agency acting for newspapers, sued Google for allegedly infringing the copyright of newspapers when linking, on its Google News service, to content from newspaper websites or copies of sections of stories. A Belgian judge ruled that Google had to remove all the content referring to Belgian newspaper stories from its services and the Court of First Instance in Belgium upheld that ruling in February 2007. Google appealed the decision and argued that Google News was fully consistent with applicable copyright laws and considered that US law should have applied in the case because the company posts the articles of the Belgian sites from the US. However, the court, based on the Berne Convention, estimated that only the Belgian law could be applicable and that the distribution through the Google.be website of works that are protected by copyright in Belgium was illegal and that it did not matter that the posts were made automatically by robots from abroad. The court also estimated that one didn't need to read the entire article to understand the information posted by Google, that Google News could not be assimilated with press review and it infringed the paternity right by not mentioning the name of the author. The court's decision asked Google to remove all links to material from Belgian newspapers in French (the rulings do not apply to Flemish newspapers). Failing to comply with the court's decision may bring Google a fine of about 25 000 Euro per day. "References with short titles and direct links to the sources is not only legal, but also encourages the users to read the online newspapers" stated Al Verney, spokesperson for Google. While Copiepress welcomes the decision, Google reminded the agency that it is not the only search engine making reference to online contents but that actually, this is common practice with most search engines. It also seems Google wants to bring the case to a higher court. Google infringes copyright when its services link to newspaper sites, Belgian court rules (10.05.2011) http://www.out-law.com/default.aspx?page=11911 Court's decision (only in French, 5.05.2011) http://copiepresse.be/Copiepresse5mai2011.pdf Google Busted for Copyright Violation in Belgium (7.05.2011) http://www.pcworld.com/article/227379/google_busted_for_copyright_violation… Copiepresse press release (only in French, 5.05.2011) http://www.copiepresse.be/Communique%20de%20presse%20condamnation%20Google.… Google loses the Copiepresse case in appeal (only in French, 9.05.2011) http://datanews.rnews.be/fr/ict/actualite/apercu/2011/05/09/google-perd-le-… New condemnation of Google News in Belgium (only in French, 9.05.2011) http://lexpansion.lexpress.fr/high-tech/nouvelle-condamnation-de-google-new… EDRi-gram: Belgium court backs decision against Google (14.02.2007) http://www.edri.org/edrigram/number5.3/google-belgium ============================================================ 9. Privatised enforcement series E: Online trading platforms sell out ============================================================ In a bizarrely designed document, looking like a mix between a wedding invitation and an accident in a blue ink factory, leading online retailers Amazon, eBay and Priceminister have sold out the interests of their consumers in a "memorandum of understanding" with a range of luxury goods and copyright groups. In return, they have received a non-binding commitment not to be sued by the rightsholders for twelve months. Under the agreement, the Internet platforms agree to take responsibility "to assess the completeness and validity of " reports from rightsholders of counterfeit goods being sold through their services and, based on this extra-judicial notice, not only to remove the listings of the alleged counterfeit material but also to take "deterrent measures against such sellers". Furthermore, for reasons that are not explicitly explained, Internet platforms will receive lists of words "commonly used for the purpose of offering for sale of 'obvious' counterfeit goods" which they will "take into consideration". Up to the limits imposed by data protection law, "Internet Platforms commit to disclose, upon request, relevant information including the identity and contact details of alleged infringers and their user names". On the other side, the rightsholders undertake to make requests for personal information "in good faith" and in accordance with the law. With regard to sellers who are adjudged by the online retailer to have repeatedly broken the law, the Internet platforms undertake to "implement and enforce deterrent repeat infringer policies, according to their internal guidelines" including temporary or permanent suspension of the seller. These deterrent measures are to be implemented taking into account a number of factors, including the "apparent intent of the alleged infringer". The policing by the Internet platforms will, in turn, be policed by the rightsholders who, subject to data protection law "commit to provide information to Internet Platforms concerning those sellers they believe to be repeat infringers and commit to provide feedback to Internet Platforms on the effectiveness of Internet Platforms' policies regarding repeat infringers (e.g. if rights owners feel that there has been a failure to take measures against a repeat infringer). In the entire document, which consists of 47 paragraphs, just one is devoted to the enforcement of the law by law enforcement authorities. Memorandum of Understanding (4.05.2011) http://ec.europa.eu/internal_market/iprenforcement/docs/memorandum_04052011… (Contribution by Joe McNamee - EDRi) ============================================================ 10. CFP 2011 Conference to address the Future of Technology and Human Rights ============================================================ The 21st Annual Computers Freedom and Privacy Conference (CFP 2011) will be held on 14 - 16 June 2011 in Washington DC, USA, at the Georgetown University Law Center. CFP conferences traditionally look at the technology and policy space with an eye toward predicting what innovation might bring in relation to human rights. It is a yearly gathering of activists, thinkers, government, legislative, NGOs, business to discuss differing views on controversial issues related to technology and policy. The conference is open to the general public. "The Future is Now" is the theme of this year conference. Participants will address emerging issues such as the role of social media in the democracy movement in the Middle East and North Africa; technology and social media to support human rights; the impact of mobile personal computing technology on freedom and privacy; smart grid, e-health records, consumer location-based advertising. cybersecurity, cloud computing, net neutrality, federated ID, ubiquitous surveillance. The program is structured around three days, with the 1st day dedicated to privacy issues, the second to human rights and Freedoms, and the third to computing and technology. A particular effort has been undertaken this year to increase the international scope of the conference. Keynote addresses will be given daily by prominent speakers, including Alessandro Acquisti (CMU), Mona Altahawy (Columnist), Dannah Boyd (Microsoft), Agnhs Callamard (Article 19), Cameron Kerry (US DoC), Edith Ramirez (FTC Commissioner), Bruce Schneir (BT). EDRi is involved both in the organization and in the participation to this event through representatives of its members and observers. Meryem Marzouki (France) chairs the 'Human Rights and Freedom' day program subcommitte, and will be moderating a session on "MENA Beyond Stereotypes: Technology of Good and Evil Before, During and After Revolutions". Katarzyna Szymielewicz (Poland), Ralf Bendrath (Germany), Cedric Laurent (Belgium), and others will address "The Global Challenge of Mandatory Data Retention Schemes". European issues and persectives will also be highlighted during the session on "A Clash of Civilizations: The EU and US Negotiate the Future of Privacy", with the participation of Jan Philipp Albrecht, German MEP. Together with the many other panels on currently hot issues in Europe, such as the debate on technical intermediaries immunity or liability or the impact on minorities and migrants of airport security measures and PNR data collection, these sessions promise a very exciting conference this year. All about CFP 2011 - Program, Speakers, Committee, Registration (14-16.06.2011) http://www.cfp.org/2011 (contribution by Meryem Marzouki - EDRi) ============================================================ 11. ENDitorial: RFID PIA: Check against delivery ============================================================ In the context of the Hungarian Presidency of the European Council, the European Commission and the Hungarian Innovation Office jointly organised the IoT 2011 conference on the Internet of Things, earlier this week. One of the main sessions was devoted to privacy and data protection in the IoT age. The main points of the presentations in this session included the high importance of technology design for any form of Internet regulation (with reference to Lessig's "Code is law"), the need for a reduction of bureaucracy in data protection and the importance of accurate information on the consequences of IoT applications for individuals' privacy. The experts stressed that it was important to maintain the existing data protection principles also in an IoT age and that commercial competition must not take place at the cost of reduced data protection standards. Risk assessments like the RFID Privacy Impact Assessment (PIA) were mentioned as an important tool that also enables end users (the data subjects) to take informed decisions regarding the processing of their personal data. RFID and PIAs also became a topic during the Questions and Answers of the following session, where Christian Plenge, Head of Architecture, Frameworks & Innovation at METRO Systems GmbH (a company of one of the worlds largest retailers, Metro Group), informed the audience that Metro had decided to leave RFID tags on their products active after the point of sale and to offer their customers the possibility to deactivate the tags on request. An option which, according to Mr. Plenge, was only chosen once so far, when a data protection group was given a tour in an RFID-equipped store. This statement is of particular interest as the European Commission's recommendation on RFID data protection suggests at points 11 and 12, that retailers deactivate or remove RFID tags at the point of sale unless consumers give their informed consent or a PIA concludes that the tags do not represent a likely threat to privacy or the protection of personal data. When being asked by EDRi if his statements could be understood that way that Metro Group has decided not to follow the European Commissions recommendation, Mr. Plenge said that the PIA they had conducted had concluded that there was no likely threat to privacy or the protection of personal data and that their activities were therefore in line with the EC recommendation. This view is also promoted on the website of Metro's Future Store Initiative, which claims that Metros RFID use is "in full compliance with existing provisions" and that their "transponders, ..., do not store any personal consumer information". The Electronic Product Code (EPC; which is a worldwide unique identifier) would only refer to product and process information and "(p)ersonal data is neither disseminated nor stored". For an audience not familiar with the data protection problems of RFID applications and the discussions in the European Commission's RFID Expert Group and elsewhere, this statement might be convincing at first sight. The fact is however, that the question whether unique identifiers stored on RFID tags constitute personal data or not, has been discussed at length at various occasions and that Metro was well involved in these debates. As a result of these debates - and of the process leading to the RFID PIA framework - the answer to this question formally given in not one but actually two working papers of the Article 29 Working Party (WP175 and WP180): "... when a unique identifier is associated to a person, it falls in the definition of personal data set forth in Directive 95/46/EC, regardless of the fact that the 'social identity' (name, address, etc.) of the person remains unknown (i.e. he is 'identifiable' but not necessarily 'identified')." (WP175, p. 8) In the case of Metro's RFID use, this means that Metro - contrary to their public statements - is in fact processing personal data of their customers (the EPCs) and that Metro puts the personal data of their customers at risk (which e.g. could be tracked by third parties without their knowledge) by not deactivating the RFID tags at the point of sale and not taking any other measures to mitigate the risks (at least as far as we know from Mr. Plenge and the above mentioned corporate website). Mr. Plenge's statement at the European Commission's IoT 2011 conference is of particular importance as it was made several weeks after European Commission Vice President Neelie Kroes, representatives of the European RFID industry, the chairman of the Article 29 Data Protection Working Party and the executive director of ENISA formally signed the RFID Privacy Impact Assessment Framework as a tool of industry self regulation for data protection compliant RFID applications. Before the signing ceremony took place, this framework was formally endorsed by the Art. 29 Working Party with working paper 180, in which the Working Party reconfirmed their above mentioned statement on unique identifiers being personal data. Mr. Plenge's statement that, besides the visit of a data protection group, none of their customers ever requested that RFID tags on products should be deactivated, highlights the drawback of opt-out regimes. Most of the customers of retail stores are not data protection or RFID experts but ordinary citizens. They need to trust the retailers to be given accurate information and cannot base their shopping habits on general suspicion. Therefore consumers are not aware of any threats to their privacy and expect to have their personal data protected by default. It is therefore not a lack of interest but a lack of knowledge that leads to this total of zero deactivated RFID tags. That it is not possible to sufficiently inform consumers about the data protection risks of RFID applications at the point of sale was - by the way - often claimed by industry representatives in the past couple of years of RFID data protection discussions. This is one of the reasons why EDRi always advocated for an opt-in regime instead of an opt-out one. This current example of Metro Group's strategy is not only important because this company is one of the worlds largest retailers, the actions of which affect the data protection rights of a large number of individuals, but also because it gives an example of the practical value of self regulation tools like the RFID PIA framework. In our EDRi-gram article on the signing ceremony we wrote amongst others: "The RFID PIA Framework is an important milestone on the way to the implementation of privacy friendly RFID applications. Now it is important that industry quickly but thoroughly implements the PIA in practice." As the Metro example suggests it is the word "thoroughly" that needs to be emphasised in this statement. At Point 20 of the RFID recommendation, the European Commission announced that it would "provide a report on the implementation of this Recommendation, its effectiveness and its impact on operators and consumers," in particular as regards the measures recommended for RFID applications used in the retail trade, before the end of May 2012. In our view, it is important to make sure that global players like Metro Group are as well covered by this report as small and medium sized RFID operators, as their level of adoption not only affects a large number of individuals but also predetermines the level of compliance of the whole industry. Point 5 of the RFID recommendation suggests that RFID operators make the results of their privacy impact assessments available to the competent authorities (the national data protection authorities; DPAs) at least six weeks before the deployment of the application. EDRi calls on the national DPAs, the European Data Protection Supervisor and the Article 29 Working Party to make a meaningful use of this opportunity by at least checking if the PIA was conducted on the basis of a correct definition of personal data and by providing statistics about how many PIA reports were made available to them, in which member states, and by which industries. EDRi is well aware that this request comes at a time when most DPAs suffer from a lack of funding, staff and time. But we think that it is very important - also for the future use of such tools in other areas - to ensure that privacy risk assessments are carried out properly. The RFID PIA Framework is an important milestone but we need to check against delivery. IoT 2011 http://www.iot-budapest.eu/ EDRi-gram 9.7: RFID Privacy Impact Assessment Framework formally adopted (6.04.2011) http://www.edri.org/edrigram/number9.7/rfid-pia-adopted-eu EC recommendation (12.05.2009) http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2009:122:0047:00… Metro Group Future Store Initiative: Privacy at METRO GROUP (last accessed on 18.05.2011) http://www.future-store.org/fsi-internet/html/en/1674/index.html Opinion 5/2010 on the Industry Proposal for a Privacy and Data Protection Impact Assessment Framework for RFID Applications (13.07.2010) http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2010/wp175_en.pdf Opinion 9/2011 on the revised Industry Proposal for a Privacy and Data Protection Impact Assessment Framework for RFID Applications (11.02.2011) http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2011/wp180_en.pdf http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2011/wp180_annex_e… (Contribution by Andreas Krisch - EDRi) ============================================================ 12. Recommended Action ============================================================ European Commission: Public Consultation on Cloud Computing Deadline: 31 August 2011 http://ec.europa.eu/yourvoice/ipm/forms/dispatch?form=cloudcomputing&lang=en ============================================================ 13. Recommended Reading ============================================================ UK: A review of Intellectual Property and Growth - An independent report by Ian Hargreaves (05.2011) http://www.ipo.gov.uk/ipreview.htm http://www.thepublicdomain.org/2011/05/18/the-hargreaves-review-is-publishe… Demonstrators take to streets across Turkey to protest Internet bans (15.05.2011) http://www.todayszaman.com/newsDetail_getNewsById.action?newsId=244062 ============================================================ 14. Agenda ============================================================ 30-31 May 2011, Belgrade, Serbia Pan-European dialogue on Internet governance (EuroDIG) http://www.eurodig.org/ 2-3 June 2011, Krakow, Poland 4th International Conference on Multimedia, Communication, Services and Security organized by AGH in the scope of and under the auspices of INDECT project http://mcss2011.indect-project.eu/ 3 June 2011, Florence, Italy E-privacy 2011 and Big Brother Awards 2011 http://e-privacy.winstonsmith.org/ 4-5 June 2011, Bonn, Germany PolitCamp 2011 http://11.politcamp.org 12-15 June 2011, Bled, Slovenia 24th Bled eConference, eFuture: Creating Solutions for the Individual, Organisations and Society http://www.bledconference.org/index.php/eConference/2011 14-16 June 2011, Washington DC, USA CFP 2011 - Computers, Freedom & Privacy "The Future is Now" http://www.cfp.org/2011/wiki/index.php/Main_Page 11-12 July 2011, Barcelona, Spain 7th International Conference on Internet, Law & Politics (IDP 2011): Net Neutrality and other challenges for the future of the Internet http://edcp.uoc.edu/symposia/lang/en/idp2011/?lang=en 24-30 July 2011, Meissen, Germany European Summer School on Internet Governance 2011 http://www.euro-ssig.eu/ 27 - 30 October 2011, Barcelona, Spain Free Culture Forum 2011 http://fcforum.net/ ============================================================ 15. About ============================================================ EDRi-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRi has 28 members based or with offices in 18 different countries in Europe. European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRi-grams. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and are visible on the EDRi website. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 3.0 License. See the full text at http://creativecommons.org/licenses/by/3.0/ Newsletter editor: Bogdan Manolea <edrigram(a)edri.org> Information about EDRI and its members: http://www.edri.org/ European Digital Rights needs your help in upholding digital rights in the EU. If you wish to help us promote digital rights, please consider making a private donation. http://www.edri.org/about/sponsoring - EDRI-gram subscription information subscribe by e-mail To: edri-news-request(a)edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. Unsubscribe by e-mail To: edri-news-request(a)edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/edri/2.html - EDRI-gram in German EDRI-gram is also available in German, with delay. Translations are provided Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users http://www.unwatched.org/ - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask <edrigram(a)edri.org> if you have any problems with subscribing or unsubscribing. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0