cypherpunks-legacy
Threads by month
- ----- 2025 -----
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1998 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1997 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1996 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1995 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1994 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1993 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1992 -----
- December
- November
- October
- September
July 2018
- 1371 participants
- 9656 discussions
============================================================
EDRI-gram
biweekly newsletter about digital civil rights in Europe
Number 4.7, 12 April 2006
============================================================
Contents
============================================================
1. Article 29 asks for safeguards on data retention
2. US wants access to retained traffic data
3. Free parental control software in France
4. Changes in the Slovenian Intelligence Agency Act
5. Lie detectors in Russian airports
6. UK teachers are spied in classrooms
7. Legal actions against file-sharers in Europe
8. Recommended reading
9. Agenda
10. About
============================================================
1. Article 29 asks for safeguards on data retention
============================================================
Article 29 Data Protection Working Party has adopted its opinion on data
retention directive as adopted by the Council on 21 February 2006, pointing
out major criticism to the adoption and to the present text agreed by the
Parliament.
The Working Party recalls its previous concerns and reservations expressed
in its last Opinion 113 of 21 October 2005 on the then draft Directive. The
decision to retain communication data for the purpose of combating serious
crime was considered as an unprecedented one that may endanger the
fundamental values and freedoms all European citizens.
The privacy experts consider of utmost importance that the Directive is
implemented and accompanied in each Member State by measures protecting
privacy. The Directive leaves room for interpretation and therefore adequate
and specific safeguards are necessary to protect the vital interests of the
individual, mainly the right to confidentiality when using publicly
available electronic communications services.
The Working Party also thinks the provisions of the Directive should be
interpreted and implemented in a harmonised way and proposes a uniform,
European-wide implementation of the Directive that would respect the highest
level possible of personal data protection. This should also be done in
order to reduce the considerable costs borne by the service providers when
complying with the Directive.
Article 29 is suggesting that the member states should implement adequate
safeguards at least on Purpose specification, Access limitation, Data
minimization, Data mining, Judicial/ independent scrutiny of authorized
access, Retention purposes of providers, System separation and Security
measures.
The data retention directive is heavily criticized also by other privacy
authorities. Peter Hustinx, the European data protection supervisor
considered the lawmakers had not protected the privacy of Europeans.
His opinion is that "The data retention directive - turned the rules
upside down. We were not very pleased with that - we still think there is
too little in terms of safeguards."
Hustinx also stated: "I believe that politicians, people - you, I, everyone
else - have to be aware of the real threats. At the same time, that is not
going to justify disproportionate solutions - it is going to hurt the
texture of trust and confidence... I think we have reached a point that more
and more people start wondering whether legislation is getting excessive and
that is a good thing. We have to build in safeguards and keep asking the
question of 'is this necessary?'"
Opinion 3/2006 on the Directive 2006/XX/EC on the retention of data
processed in connection with the provision of public electronic
communication services (25.03.2006)
http://europa.eu.int/comm/justice_home/fsj/privacy/docs/wpdocs/2006/wp119_en.
pdf
Tech must not invade privacy, says EU data protection head (7.04.2006)
http://www.silicon.com/0,39024729,39157943,00.htm
EDRI-gram : Opinion EU privacy authorities on data retention (17.11.2004)
http://www.edri.org/edrigram/number2.22/dataretention
EDRI-gram : Renewed rejection of data retention by European institutions
(5.10.2005)
http://www.edri.org/edrigram/number3.20/retention
============================================================
2. US wants access to retained traffic data
============================================================
Unites States has indicated in a recent meeting with the EU Council that it
will be interested in accessing the traffic data collected by the European
countries according with the recent Directive on Data Retention. Also the US
officials expressed concerns over the draft Framework Decision on Data
Protection.
During the EU-US informal High Level meeting on Freedom, Security and
Justice on 2-3 March 2006, in Vienna, the US officials mentioned in the
context of fighting terrorist use of Internet that they were "considering
approaching each Member State to ensure that the data collected on the basis
of the recently adopted Directive on data retention be accessible to them."
The Presidency and the Commission replied that these data were accessible
like any other data on the basis of the existing MLA agreements (bilateral
as well as EU/US agreement). The Commission would convene an expert meeting
on this subject.
During the same meeting the US officials lobbied against the provisions in
article 15 of the proposal for a framework decision on the protection of
personal data processed in the third pillar. " US side expressed serious
concerns about the negative impact that the draft Framework Decision on data
protection would have on its bilateral relations with Member States if it
was to be adopted in its present form (see in particular Article 15 of the
draft). The Presidency indicated that agreements already concluded would not
be affected by the new legislation. In addition, Member States were divided
on the need for such a provision." Article 15 refers to Transfer to
competent authorities in third countries or to international bodies.
The Proposal for a Council Framework Decision on the protection of personal
data processed in the framework of police and judicial co-operation in
criminal matters was initiated in October 2005 when a draft version was sent
to the Council. Opinions on the draft have been received from the European
Data Protection Supervisor, Conference of European Data Protection
Authorities and European member countries. A new version of the Decision,
still under discussion within the Multidisciplinary group on organised crime
(MDG) - Mixed Committee, was published by Statewatch at the end of March
2006.
The conclusions of the G6 of interior ministers of the EU call for a rapid
adoption of the framework decision on the sharing of information under the
availability principle in police and judicial cooperation in criminal
matters, i.e. without waiting for the third pillar data protection framework
decision. This would constitute a serious unbalance with regard to the
processing of personal information under the third pillar. Tony Bunyan,
Statewatch editor, commented " in other words state agencies should be
allowed to exchange information and "intelligence" without any data
protection rights for the individual being in place."
EU Council: Report of the EU-US informal High Level meeting on
Freedom, Security and Justice on 2-3 March 2006 in Vienna (27.03.2006)
http://www.statewatch.org/news/2006/apr/eu-us-jha-7618-06.pdf
Data Protection, EU doc no 6450/1/06, REV 1 (23.03.2006)
http://www.statewatch.org/news/2006/mar/eu-dp-coun-draft-pos-6450-rev1-06.p…
EDRI-gram : Draft directive data protection in EU police co-operation
(21.09.2005)
http://www.edri.org/edrigram/number3.19/dataprotection
Conclusions of the Meeting of the Interior Ministers of France, Germany,
Italy, Poland, Spain and the United Kingdom, Heiligendamm (23.03.2006)
http://www.statewatch.org/news/2006/mar/06eu-interior-minister-conclusions.…
m
============================================================
3. Free parental control software in France
============================================================
As a result of the agreement signed between the French ISPs and the Ministry
of the Family on 16 November 2005, starting with 1 April 2006, most of the
ISPs started providing a free of charge parental control software to their
subscribers.
The agreement signed between ISPs and the French authorities has followed
strong protests relayed in the media, after EDRi-member IRIS unveiled in
September 2005 the intention of the government to impose by law "by default"
filtering by ISPs for the purpose of parental control. After this, the
intentions of the government have been downsized excluding " by default"
parental control installed by the ISP. The current agreement still raises
many concerns, especially since no real information is provided on the
software and its criteria.
Starting with 1 April 2006 new subscribers will have the software included
in the connection kit with a window opening automatically on the software.
Previous complaints addressed the lack of simple access to such kind of
software as well as to their insufficient efficiency.
For the old subscribers, the ISPs will develop an information campaign
through e-mails, newsletters and on their home pages and those interested
will be able to get the software from their access provider's site.
Several providers are already in the position to provide the software while
others are on the point of perfecting their parental control system.
Providers like AOL, already advanced in this direction, can ensure various
profiles according the child's age, with semantic filtering, more efficient
than the URL filtering systems. Other providers like Wanadoo are clearly
asking any new subscriber, when installing the connection kit, whether the
filtering software should be installed or not.
As regards to the software it seems that many ISPs are using the one
developed (and updated with lists) by a Spanish company, Optenet.
This company has signed a contract with the French Ministry of Education
last April.
Meryem Marzouki from EDRi-member IRIS notes that "very little information is
provided to the user about who chooses the predefined white and black lists,
according to which criteria etc. Also, no information is provided on the
"plain language" analysis of websites, which are neither on white lists nor
on black lists. "
The ISPs filter more the Internet (in French only, 4.04.2006)
http://www.01net.com/editorial/311150/securite/les-fai-filtrent-plus-net/
Mandatory and free of charge parental control on the Internet (in French
only, 16.11.2005)
http://www.01net.com/article/295101.html
Automatic filtering of contents : the moral order toughens (in French only,
16.09.2005)
http://www.iris.sgdg.org/info-debat/comm-filtrage0905.html
============================================================
4. Changes in the Slovenian Intelligence Agency Act
============================================================
The proposed changes of Slovenian Intelligence Agency Act (ZSOVA) raised
questions about its unconstitutionality. The government would like to
exclude the current 6-month limitation for use of special operative methods,
e.g. mail monitoring, recording of telephone conversations etc. The
Government invoked cooperation with EU and NATO in the fight against
terrorism as the reason for the proposed changes.
There are two main changes being proposed. According to the first one, the
competence to ordain measures that invade individual's information privacy
would be transferred from the president of Ljubljana Circuit Court to the
president of the Slovenian Supreme Court. Legal experts find this solution
better, but still not optimal, as the decision-making is still in the hands
of one single person. A panel of 3 Supreme Court judges would be a better
option.
The second and most important change is the exclusion of the current 6-month
limitation for the concentrated and continuous monitoring of
telecommunications. If the proposed changes pass through the Parliament, the
Slovenian Intelligence agency (SOVA) will theoretically be able to perform
surveillance over individual's communications for months, years or even
decades.
Under the current legislation, SOVA may monitor written correspondence and
record telephone conversations (of individuals that may pose a threat for
national security) for the maximum period of 3 months. Exceptionally, the
duration of surveillance may be extended for a month each time, but the
total duration must not exceed 6 months. According to the proposed changes
to the Slovenian Intelligence Agency Act, the President of Slovenian Supreme
Court would be authorised to extend the duration of measures for another 3
months each time, without any limitation of total duration.
According to Goran Klemencic from the Faculty of Criminal Justice and
Security, the proposed change violates article 37 of the Slovenian
Constitution, which says that encroachment upon individual's right to
privacy of correspondence and other means of communication may "be suspended
for a period of time where it is so necessary for criminal proceedings or
national security." Besides, Klemencic says that such a solution would also
be disproportionate (regardless of court warrant), as "it cannot be
admissible that law enables unlimited concentrated surveillance of an
individual".
This act broadens the power of the Slovenian Military Intelligence Agency,
as well.
The government wants the Parliament to discuss and pass the proposed changes
using the quick procedure option, where the possibilities for extending
discussions and filing amendments are vastly reduced.
Longer time of secret surveillance? (only in Slovenian, 14.03.2006)
http://www.privacyblog.net/index.php?p=151
Changes to Slovenian Intelligence Agency Act - Will SOVA be able to perform
continuous eavesdropping (only in Slovenian, 16.03.2006)
http://www.slo-tech.com/script/forum/izpisitemo.php?threadID=211601#neprebr…
o
Contestable Slovenian Intelligence Agency Act (only in Slovenian,
14.03.2006)
http://24ur.com/bin/article.php?article_id=3070870
(Contribution by Aljaz Marn, EDRI observer, privacyblog.net, Slovenia)
============================================================
5. Lie detectors in Russian airports
============================================================
Lie detectors will be used in Russian airports as part of the security
measures starting with July 2006.
Meant to identify terrorists or other types of criminals, a lie-detecting
device developed in Israel, known as "truth verifier," will be first
introduced in Moscow's Domodedovo airport as early as July. The technology,
already used by UK insurance companies, is said to be able to detect answers
coming from imagination or memory.
The passengers will use a handset to answer four questions right after the
X-ray check of luggage and shoes and in the beginning, only the suspicious
passengers will take the test. Those failing the test will be further on
interrogated in a separate cubicle as Vladimir Kornilov, the IT director for
East Line, said.
Eventually the procedure will be used for all passengers. Officials state
that the process should not exceed a minute per passenger.
Airline passengers face lie detector tests (6.04.2006)
http://www.telegraph.co.uk/news/main.jhtml?xml=/news/2006/04/06/wlie06.xml
============================================================
6. UK teachers are spied in classrooms
============================================================
Teachers protest against the installation of 50 CCTV systems with
microphones in UK schools, used as surveillance measures by the school
management.
While observation in class was supposed to help teachers in improving their
performances, the headmasters, who have also used two-way mirrors to survey
the teachers, grade them according to the way they perform in class under
observation.
TES (The Times Educational Supplement) reported on 7 April that teachers
were being "observed to death" and that surveillance was being used more
like a punishment. Observed lessons are often graded on a scale of
outstanding to poor.
The National Association of Schoolmasters Union of Women Teachers (NASUWT),
the largest teachers' union in UK, has proposed a conference motion to use
"all means necessary" to stop the "yet another example of management
bullying". NASUWT survey has found out that one in five teachers was
observed more than six times last year. The union also expressed
disagreement on the short notice given to some teachers on the installation
of surveillance devices.
Mary Bousted, general secretary of the Association of Teachers and Lecturers
(ATL), said she had met an Oxford graduate having quitted teaching after
only a year for having been officially observed at least once every
three weeks,".
Heads spy on teachers (10.04.2006)
http://www.theregister.co.uk/2006/04/10/cctv_teachers/
Teachers revolt against spy in the classroom (7.04.2006)
http://www.tes.co.uk/2216214
============================================================
7. Legal actions against file-sharers in Europe
============================================================
About 2000 new legal actions are taken in 10 countries by the International
Federation of Phonographic Industry (IFPI) against file-sharers amounting
now to a total number of 5500 cases outside US.
IFPI persists in its actions against uploaders, stating it targets
persistent file-sharers, who typically upload thousands of music files.
"The campaign started in major music markets where sales were falling
sharply; now these legal actions have spread to smaller markets." said John
Kennedy, the chairman and chief executive of IFPI.
In UK only, where the music industry states a loss of over #1.1bn over the
last three years, there are 153 ongoing cases. The first cases have occurred
in Portugal as well where the IFPI states sales of tradition al music
formats have fallen by 40% in the last four years.
Geoff Taylor, IFPI general counsel and executive vice president said the
action was aimed at uploaders, but downloaders had to be reminded that their
actions were also illegal and also predicted that the copyright owners would
go after ISPs as well as users.
The IFPI is also keen in warning parents that they are responsible for their
children's online activities. As an example, last year Sylvia Price was
fined #2,500 after her 14-year-old daughter was accused of sharing music on
the internet.
If the IFPI wins the cases, the defendants could end up paying several
thousand euros. On average, those settling with the IFPI pay around
2,633 euros. Although the industry says that these cases are helping to win
the war on illegal file-sharers and are encouraging people to use legal
services, a report suggests that illegal downloads keep growing in spite of
the legal risks.
IFPI bases its actions on a report made by Jupiter Research stating 35%
illegal file-sharers have reduced and even stopped while only 14% of them
increased their activity and the legal actions were the main reasons for
those who stopped their illegal music consumption.
However, XTN data, a research firm, suggested in its report that fear of
legal action was the least effective in encouraging people to use commercial
services and that more efficient measures would be cheaper prices, the
removal of digital rights management (DRM), and more user-friendly services.
"Clunky software, difficulty in finding tracks and over zealous protection
limiting where customers can play music they've bought are continuing to
fuel file-sharing," said Greig Harper, founder of XTN Data.
He also said: "We're the only big, anonymous UK survey - I'd be surprised if
people were so honest to an organisation interested in suing them. There are
probably seven million people in the UK file sharing to some extent, even if
it's just picking up a track once a month, so legal action against so many
people isn't really a realistic option."
File-sharers face legal onslaught (4.04.2006)
http://news.bbc.co.uk/2/hi/technology/4875142.stm
2000 cases against the P2P-ers (in French only, 5.04.2006)
http://www.ratiatum.com/news3002_2000_plaintes_contre_des_P2Pistes.html
U.K. music biz vexed by file sharing (4.04.2006)
http://news.com.com/2100-1025_3-6057571.html
Thousands more file sharers sued (4.04.2006)
http://www.theregister.co.uk/2006/04/04/ifpi_sues_more_people/
============================================================
8. Recommended reading
============================================================
Racism, Racial Discrimination, Xenophobia and all forms of Discrimination:
Comprehensive Implementation of and follow-up to the Durban Declaration and
Programme of Action - Report of the Intergovernmental Working Group on the
effective implementation of the Durban Declaration and Programme of Action
on its fourth session.
The report contains the all presentations, discussions, conclusions from the
Chair and final recommendations from the High Level Seminar on Racism and
the Internet that took place during 16-17 January 2006.
Full report (20.03.2006)
http://www.ohchr.org/english/bodies/chr/docs/62chr/E.CN.4.2006.18.pdf
EDRI-gram : Combating Racism on Internet
http://www.edri.org/edrigram/number4.2/internetracism
============================================================
9. Agenda
============================================================
12 April 2006, Dublin, Ireland
Royal Irish Academy
"Enabling Open Access to Scientific Data and Information within the Modern
Knowledge Economy; the Case for a Scientific Commons"
http://www.codataweb.org/codata-ria/
15 April 2006,
Deadline funding applications Civil rights organisations and
initiatives are invited to send funding applications to the German
foundation 'Bridge - B|rgerrechte in der digitalen Gesellschaft'. A total of
15 000 euro is available for applications that promote civil rights in the
digitised society.
http://www.stiftung-bridge.de
21-23 April 2006, Yale Law School, USA
Access to Knowledge Conference
Yale Information Society Project
http://islandia.law.yale.edu/isp/a2kconfmain.html
27-28 April 2006, Washington, USA
IP Disputes of the Future - TACD
This conference will ask what will be the IP disputes in new fields of
technology, and how advances in biotechnology and information technologies
will change the nature of IP disputes.
http://www.tacd.org/docs/?id=287
30 April - 2 May 2006, Hamburg, Germany
LSPI Conference 2006 The First International Conference on Legal, Security
and Privacy Issues in IT
http://www.kierkegaard.co.uk/
2-5 May 2006, Washington, USA
CFP2006
The Sixteenth Conference on Computers, Freedom & Privacy
http://www.cfp2006.org
3-6 May 2006, Wiesbaden, Germany
LinuxTag - Europe's biggest fair and congress around free software
http://www.linuxtag.org
10 May - 23 July 2006, Austria
Annual decentralized community event around free software lectures, panel
discussions, workshops, fairs and socialising
http://www.linuxwochen.at
19 - 23 May 2006, Geneva, Switzerland
A new round of consultations on the convening of the Internet Governance
Forum will be held at the United Nations in Geneva on 19 May. The
consultations will be followed by a meeting of the IGF Advisory Group on
22 - 23 May 2006.
http://www.intgovforum.org
19-20 May 2006, Florence, Italy
E-privacy 2006
Trusted Computing, Data retention: privacy between new technologies and new
laws.
The central theme of this year's edition is data retention, but several
interventions on other relevant aspects of privacy protection are planned,
including Trusted Computing and the new issues raised by the draft reform of
Italian Criminal Law, with specific reference to Cybercrime.
http://e-privacy.firenze.linux.it
20 May 2006, Florence, Italy
Big Brother Award Italia 2006
Nominations accepted until 21 April 2006
http://bba.winstonsmith.info
21 June 2006, Luxembourg
Safer Internet Forum 2006 Focus on two topics: "Children's use of new media"
and "Blocking access to illegal content: child sexual abuse images"
http://europa.eu.int/information_society/activities/sip/si_forum/forum...
26-27 June 2006, Berlin, Germany
The Rising Power of Search-Engines on the Internet: Impacts on Users, Media
Policy, and Media Business
http://www.uni-leipzig.de/journalistik/suma/home_e.html
16 - 28 July 2006, Oxford, UK
Annenberg/Oxford Summer Institute: Global Media Policy: Technology and New
Themes in Media Regulation Application
deadline 1 May 2006.
http://www.pgcs.asc.upenn.edu/events/ox06/index.php
2-4 August 2006, Bregenz, Austria
2nd International Workshop on Electronic Voting 2006 Students may apply for
funds to attend the workshop until 30 June 2006.
http://www.e-voting.cc/stories/1246056/
===========================================================
10. About
===========================================================
EDRI-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRI has 21 members from 14 European countries and 5 observers
from 5 more countries (Italy, Ireland, Poland, Portugal and Slovenia).
European Digital Rights takes an active interest in developments in the EU
accession countries and wants to share knowledge and awareness through the
EDRI-grams. All contributions, suggestions for content, corrections or
agenda-tips are most welcome. Errors are corrected as soon as possible and
visibly on the EDRI website.
Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 2.0 License. See the full text at
http://creativecommons.org/licenses/by/2.0/
Newsletter editor: Bogdan Manolea <edrigram(a)edri.org>
Information about EDRI and its members:
http://www.edri.org/
- EDRI-gram subscription information
subscribe by e-mail
To: edri-news-request(a)edri.org
Subject: subscribe
You will receive an automated e-mail asking to confirm your request.
unsubscribe by e-mail
To: edri-news-request(a)edri.org
Subject: unsubscribe
- EDRI-gram in Macedonian
EDRI-gram is also available partly in Macedonian, with delay. Translations
are provided by Metamorphosis
http://www.metamorphosis.org.mk/index.php?option=com_content&task=view&id=6…
&Itemid=4&lang=mk
- Newsletter archive
Back issues are available at:
http://www.edri.org/edrigram
- Help
Please ask <edrigram(a)edri.org> if you have any problems with subscribing or
unsubscribing.
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
1
0
============================================================
EDRI-gram
biweekly newsletter about digital civil rights in Europe
Number 6.16, 27 August 2008
============================================================
Contents
============================================================
1. Italian justice wants to "seize" a foreign website
2. Cloning e-passports
3. Problems with online FoI in the Georgia-Russia conflict
4. Copyright experts against the EU extension of the copyright term
5. Call for worldwide protests against surveillance
6. UK government goes on with its plan for data retention
7. Seminar on the Telecoms Package and Network Filtering
8. Dispute between UK government and EU over the use of PNR
9. Secret reports on new five year plan for "European Home Affairs"
10. ENDitorial: Wiretapping - the Swedish way
11. Recommended Action
12. Agenda
13. About
============================================================
1. Italian justice wants to "seize" a foreign website
============================================================
In an investigation started by the Bergamo Prosecutors, an Order of the
Justice for preliminary investigation of the Court of Bergamo was issued on
1 August 2008, asking for the "seizure" of the PirateBay website, hosted
outside Italy, for displaying a collection of links to allegedly illegal
duplicated material. The order was implemented by 10 August 2008 by forcing
Italian Internet providers to block the access to that site, both to its
domain, as well as to its associated IP number.
The PirateBay owners quickly reacted and changed their IP address and set up
a new website called labaia.org (La Baia means The Bay in Italian). They
have also promoted measures to bypass the "blacklisting": "We have already
changed IP for the website - that makes it work for half the ISPs again. And
we want you all to inform your Italian friends to switch their DNS to
OpenDNS so they can bypass their ISPs filters. This will also let them
bypass the other filters installed by Italian ISPs, as a bonus."
But the case is worse, as revealed by the EDRi-member ALCEI. The
interpretation of the concept of "seizure", in an extremely extended and
seriously questionable manner, triggers a serious threat for the rights
of citizens and companies that are not, in any way, involved in this
inquiry.
ALCEI explains in a letter sent to the Italian Data Protection Authority
(Garante per la protezione dei dati personali) that the "enforcement of
the Court order, exceeded what the Justice said. Users attempting to connect
to the "seized" site are redirected to the IP number 217.144.82.26,
belonging to servers located in the United Kingdom and apparently registered
by the pro-music.org domain, a music industry association protecting their
brands and intellectual property rights. If the above is true, then a
private association, outside the Italian jurisdiction, is collecting
internet traffic data that, when matched with those retained by the ISPs,
would allow the identification and possible criminal investigation of third
parties absolutely not involved in the Bergamo's criminal case."
But besides the case as such, ALCEI also underlines the fact that this
case - per se "one among many" - is of the utmost importance when
examined in a broad perspective because it falls into a wider and long
lasting lobby to legislators, politicians, magistrates and law
enforcement officers to share the (wrong) idea that "filtering is good
for citizen security" and the ISPs must be liable for everything that
happens on the net, whether under their direct control or not.
Italy has already passed legislation, for some years now, that goes
toward these directions (for a variety of alleged "reasons", such as the
all-purposes "minor protection excuse" or to fight "illegal" online
gambling etc. - and now, once again, for "copyright sake").
Italian politicians are pushing at the European Union level the idea of
forcing search engine providers to filter "questionable" queries.
The relevant question that the Italian EDRI members are asking is: "Is
it the case that Italy is on the edge of a civil rights aggression? Maybe
not. For a number of reasons (ignorance, disinterest, electoral
convenience) Italy seems to be more prone to copyright lobbyists
interests than other European countries."
GIP Bergamo - Decree 1 August 2008 (only in Italian, 1.08.2008)
http://www.ictlex.net/?p=934
10 August 2008, Italy blocks Pirate Bay (only in Italian,10.08.2008)
http://punto-informatico.it/2381433/PI/Brevi/10-agosto-2008-italia-blocca-p…
Italian authorities attempt to take on Pirate Bay (11.08.2008)
http://www.out-law.com/page-9336
Fascist state censors Pirate Bay (10.08.2008)
http://thepiratebay.org/blog/123
A complaint to the Garante per i dati personali in the "piratebay" case
(only in Italian, 16.08.2008)
http://www.alcei.it/index.php/archives/129
EDRi-gram: ENDitorial: "Frattinising" isn't the only threat (26.09.2007)
http://www.edri.org/edrigram/number5.18/frattinising
============================================================
2. Cloning e-passports
============================================================
Jeroen van Beek, a computer researcher at the University of Amsterdam, has
shown in some tests conducted for The Times that the new micro-chipped
passports, introduced in UK to protect against terrorism and organised
crime, can be easily cloned.
The researcher has succeeded in cloning the chips of two British passports
in which he introduced the pictures of Osama bin Laden and a suicide bomber
and in passing the cloned chips as genuine through Golden Reader, which is
the standard passport reader software used by the UN agency setting
standards for e-passports and which is also recommended for use at airports.
The cloning operation took less than an hour. Van Beek developed his cloning
method based on previous researches made in UK, Germany and New Zealand.
The micro-chipped passports contain a small radio frequency chip and an
antenna attached to the back page of the passport. The chip responds to an
encrypted signal sent by an electronic reader, by sending the holder's ID
and the biometric details back to the reader. Therefore, a copied chip could
be palmed at an unattended reader or a copy of a passport that hasn't even
been stolen could be used if the bearer resembled the original holder.
To any concerns expressed in relation to the safety of the data on the
e-passports, the Home Office has always argued that faked chips can be
discovered at border checkpoints because, when checked against an
international database, they would not match the key. The e-passports are
protected by a digital signature which, when altered, brings the rejection
of the passport by the reader. The validation of the signatures on
e-passports requires the exchange of PKI certificates between the
authorities of the issuing countries or the use of ICAO's PKD (Public Key
Directory) system. However, ICAO PKD system is not universally used and many
countries, UK included, use the bilateral exchange of certificates with
other countries.
The Dutch researcher not only changed the data on the e-passports but
succeeded in writing a new signature that will pass through the system,
under certain circumstances. According to the reader performances, to the
exchange of certificates between countries or to the use or not of PKD, the
signature might not even be checked.
"We're not claiming that terrorists are able to do this to all passports
today or that they will be able to do it tomorrow (...) But it does raise
concerns over security that need to be addressed in a more public and open
way" said Mr van Beek.
The flaws also contradict Home Office's claims that the 3 000 blank
passports that were stolen last week were worthless and raise questions
about the 4 billion pound ID scheme of the Government which uses the same
biometric technology. Dominic Grieve, the Shadow Home Secretary, has asked
the ministers to take urgent measures to solve the security flaws. "It is of
deep concern that the technology underpinning a key part of the UK's
security can be compromised so easily" said Grieve.
Researcher gives Elvis and bin Laden fake e-passports (6.08.2008)
http://www.theregister.co.uk/2008/08/06/epassport_alteration_demo/
'Fakeproof' e-passport is cloned in minutes (6.08.2008)
http://www.timesonline.co.uk/tol/news/uk/crime/article4467106.ece
How to clone the copy-friendly biometric passport (4.08.2006)
http://www.theregister.co.uk/2006/08/04/cloning_epassports/
How to clone a biometric passport while it's still in the bag (6.03.2007)
http://www.theregister.co.uk/2007/03/06/daily_mail_passport_clone/
============================================================
3. Problems with online FoI in the Georgia-Russia conflict
============================================================
The conflict between Russia and Georgia over South Ossetia region has
extended to Internet, both countries having launched cyber-attacks and
blocking each other's broadcasting sites.
Georgian authorities have blocked access to Russian news broadcasters and
websites, the action being justified by Georgia's Interior Ministry with the
argument that Russian broadcasts would "scare our population" which the
government could not allow.
Mamia Sanadiradze, founder and CEO of Caucasus Online, the biggest Georgian
ISP, told Reuters: "People from the (Georgian) security agencies asked me to
block Russian sites. There were threats from viruses, we faced
disinformation and so on. (...) I hope that when war is over, we will
unblock these sites."
On the other hand, Georgian online news media and the Georgian government
websites have been attacked by Russian hackers,
including the President's site. In order to remain accessible, the foreign
ministry website changed its URL address.
Security researchers claim to have evidence showing a link between Russian
state businesses and the cyber-attacks against Georgia. Denial of service
attacks against Georgian websites started a day before the break out of the
military conflict over South Ossetia.
Don Jackson, a SecureWorks researcher said that logs showed that part of the
attack was run from command and control servers located on the networks of
Rostelecom and Comstar, two Russian state-run companies. "We know that the
Russian government controls those servers theoretically, if they have not
been 'pwned' by somebody else," Jackson told eWeek. The two companies made
changes in routing tables that blocked internet traffic to Georgia. The same
networks were used to launch denial of service attacks and cache poisoning
attacks against Georgian networks, according to SecureWorks.
Reporters Without Borders condemn the violation of online freedom of
information. "The Internet has become a battleground in which information is
the first victim. On the one side, the main Georgian ISPs severed access to
Russian websites. On the other side, Georgian government websites were
attacked by Russian hackers. With newspapers and radio and TV stations
putting out very little independent news, the Internet is a vital tool for
the public, so these attacks must stop at once."
Russian and Georgian websites fall victim to a war being fought online as
well as in the field (13.08.2008)
http://www.rsf.org/article.php3?id_article=28167
Georgia cuts access to Russian websites, TV news (19.08.2008)
http://www.reuters.com/article/internetNews/idUSLJ36223120080819
Georgia accuses Russia of coordinated cyberattack (11.08.2008)
http://news.cnet.com/8301-1009_3-10014150-83.html?hhTest=1
Bear prints found on Georgian cyber-attacks (14.08.2008)
http://www.theregister.co.uk/2008/08/14/russia_georgia_cyberwar_latest/
Russian cybercrooks turn on Georgia (11.08.2008)
http://www.theregister.co.uk/2008/08/11/georgia_ddos_attack_reloaded/
============================================================
4. Copyright experts against the EU extension of the copyright term
============================================================
New voices from the major copyright experts in the European universities and
research centers question the current EU proposals of extension of the
copyright term for the performing artists and sound recordings.
As previously covered in the past EDRi-gram, the first letter was addressed
to EU Commission President Jose Manuel Barroso and sent on 18 July 2008 by
the leading European centres for intellectual property research that
explained that the new measures "will damage European creative endeavour and
innovation beyond repair."
Professor Bernt Hugenholtz, Director of the Institute for Information Law
(IViR) that was commissioned by the EC to draft two major studies on the EU
copyright and policy, questioned the Commission decision, calling its
policies: "less the product of a rational decision-making process than of
lobbying by stakeholders." Prof. Hugenholtz was very unhappy about the
Commission decision that totally contradicts and ignores IViR's scientific
findings:
"As you are certainly aware, one of the aims of the 'Better Regulation'
policy that is part of the Lisbon agenda is to increase the transparency of
the EU legislative process. By wilfully ignoring scientific analysis and
evidence that was made available to the Commission upon its own initiative,
the Commission's recent Intellectual Property package does not live up to
this ambition. Indeed, the Commission's obscuration of the IViR studies and
its failure to confront the critical arguments made therein seem to reveal
an intention to mislead the Council and the Parliament, as well as the
citizens of the European Union.
In doing so the Commission reinforces the suspicion, already widely held
by the public at large, that its policies are less the product of a rational
decision-making process than of lobbying by stakeholders. This is
troublesome not only in the light of the current crisis of faith as regards
the European lawmaking institutions, but also - and particularly so - in
view of European citizens' increasingly critical attitudes towards
intellectual property law."
Further arguments against the decision come from a statement from another
leading IP centre in European - Max Planck Institute for Intellectual
Property, Competition and Tax Law. In an article that concerns the
Commission's plans to prolong the protection period for performing artists
and sound recordings, the authors emphasize that there is no specific reason
for a term extension and argue that the proposal diverts the attention from
the social problem that performing artists, in particular at
the start of their career, often have a very bad negotiation position
vs. publishers and record companies - which should be remedied by special
copyright contract law.
The document concludes in pointing out that: "no persuasive economic or
social reason can be found in favour of a term extension since extending the
term would neither increase the incentives to invest nor would it provide
financial security and a sufficient livelihood for all ageing musicians,
especially not for those who need it the most. It would rather have a
negative impact upon future creators and musicians, since they would need to
wait longer to build upon older works in order to create new ones. Besides,
a term extension would also be to the detriment of consumers and the
information society since sound recordings would be locked up for another 45
years."
Open Letter concerning European Commission's `Intellectual Property Package'
(18.08.2008)
http://www.ivir.nl/news/Open_Letter_EC.pdf
"Statement of the Max Planck Institute for Intellectual Property,
Competition and Tax Law Concerning the Commission's Plans to Prolong the
Protection Period for Performing Artists and Sound Recordings"
by Nadine Klass, Josef Drexl, Reto M. Hilty, Annette Kur and Alexander
Peukert", IIC 2008, p. 586-596.
Commission adviser accuses Barroso of intentionally misleading European
policy-makers and citizens on copyright (21.08.2008)
http://www.openrightsgroup.org/2008/08/21/commission-adviser-accuses-barros…
EDRi-gram: Extension of the copyright term for performers and record
producers (30.07.2008)
http://www.edri.org/edrigram/number6.15/extension-copyright-performers
============================================================
5. Call for worldwide protests against surveillance
============================================================
Civil rights organizations call for protests against the constant increase
of surveillance conducted by governments and enterprises. A rally under the
motto "Freedom not Fear" will be held in Berlin on 11 October 2008. The
organizers agree that it is high time to take to the streets in order to
defend basic constitutional rights in the light of an ongoing
intensification of security and surveillance measures. The rally turns
against the promotion of the Federal Criminal Police Office
("Bundeskriminalamt") to a central, executive police agency with the
permission to secretively spy into citizens' home computers.
After last year's demonstration for democracy and civil rights, which was
the largest in Germany in 20 years with over 15 000 participants, protesters
in several countries will, for the first time simultaneously, take to the
streets to demonstrate for their freedom. Currently, 15 countries have
announced their participation in the international action day on 11 October.
Such unanimous protests are mainly due to the ongoing shift of
politicians to push through negotiations on surveillance and control
measures behind closed doors. Among others, the international protest
criticizes the planned registration of all air travellers in the EU,
the planned delivery of data to the USA, biometric data in EU identification
documents, as well as the retention of telecommunication data such as phone
connections or a caller's whereabouts for all 455 million Europeans.
Against this political spiral of interior armament motivated by
crime-related dangers, civil society places the call for "Freedom not Fear".
A moratorium for all surveillance activities and the reduction of all mass
scale surveillance, as well as an expansion of digital rights are demanded
to protect and strengthen civil liberties. In addition, activists call for
an independent review of every single planned or existing surveillance and
control measure in terms of its effectiveness and undesired side-effects.
In the run-up to this action day, the German Work Group on Data Retention
("Arbeitskreis Vorratsdatenspeicherung") calls for participation in the
Munich demonstration "Freiheit Wei_-Blau - Stoppt den \berwachungswahn" on
20 September 2008, which targets the restrictions of the right to free
assembly and other surveillance measures in the state of Bavaria. In
addition, the OneWebDay on 22 September 2008, will serve as a means for
further mobilisation for the "Freedom not Fear" action day.
Action day "Freedom not Fear" on 11 October 2008
http://www.freedom-not-fear.eu
Planned activities for 11 October 2008
http://wiki.vorratsdatenspeicherung.de/Freedom_Not_Fear_2008
(Contribution by Patrick Breyer - Working Group on Data Retention - Germany)
============================================================
6. UK government goes on with its plan for data retention
============================================================
UK government intends to oblige ISPs and telephone companies to keep
Internet personal data traffic for at least 12 months and local, health
authorities and lots of other public bodies are to be given access to
details of everyone's personal Internet information.
On 15 August 2008, the Home Office published a consultation paper which
makes clear that the personal data will now be available for crime and
public order investigations and may even be used to prevent people
self-harming. Furthermore, as the measure is the result of an EU directive,
the data will be made available to public investigators across Europe.
The measure will cover VOIP as well and access to personal Internet and text
data will be available to all public bodies licensed under the 2000
Regulation of Investigatory Powers Act (RIPA), meaning that hundreds of
public bodies including local councils, health authorities, the Health and
Safety Commission, the Food Standards Agency or Ofsted (the education
standards watchdog), may require telecom companies to hand them over the
personal data.
UK government intends to go further by introducing a draft communications
bill this autumn which would require all the telecommunications companies to
hand over this data to one central "super" database. The police and other
public authorities will be able to access this database directly without
having to make a request to the company which keeps the records.
The database had been planned to be bundled with the EU Data Retention
Directive that is to be legally implemented in UK by March 2009. The
consultation paper published by the Home Office is meant to transpose the
Directive as a standalone statutory instrument. Laws made by statutory
instruments do not need a Parliament vote.
Home Office civil servants are working on plans for the central database
within the Interception Modernisation Programme (IMP). The IMP budget was
part of the intelligence agencies' undisclosed funding bid to the
Comprehensive Spending Review last year. Sources disclosed that secret
briefings gave a cost for the database that could reach nine figures.
The proposition faces opposition as many fear that a single database under
Government's control would be vulnerable to attacks or errors that may lead
to information leaks.
Chris Huhne, the Liberal Democrats' home affairs spokesman, said the
government could not be trusted with sensitive data. "We will be told it is
for use in combating terrorism and organised crime but if Ripa powers are
anything to go by, it will soon be used to spy on ordinary people's kids,
pets and bins" he said.
In the consultation paper, the Home Office also gave an estimation of a cost
of over 60 million euro that the storage of such an amount of Internet data
may be imposed on the Internet industry. Besides, the Home Office admitted
that the companies might have to store "a billion incidents of data exchange
a day". The Government has already paid about 23 million euro over five
years to telecom companies for access to data about citizens' use of phones
and the Internet.
'Snooper's charter' to check texts and emails (13.08.2008)
http://www.guardian.co.uk/uk/2008/aug/13/privacy.civilliberties/print
Home Office - A consultation paper - Final phase of the transposition of
Directive 2006/24/EC (08.2008)
http://www.statewatch.org/news/2008/aug/uk-ho-consult-mand-ret-internet.pdf
Government pays telcos #18.5 million for records retention (7.08.2008)
http://www.out-law.com/page-9333
UK.gov to spend hundreds of millions on snooping silo (19.08.2008)
http://www.theregister.co.uk/2008/08/19/ukgov_uber_database/
EDRIgram: UK Government will store all phone, Internet traffic data
(21.05.2008)
http://www.edri.org/edrigram/number6.10/uk-isp-traffic-data
EDRIgram: ICO worried about a UK Government-owned traffic data database
(4.06.2008)
http://www.edri.org/edrigram/number6.11/ico-uk-govt-database
============================================================
7. Seminar on the Telecoms Package and Network Filtering
============================================================
The telecoms package seminar on the 27 August 2008 in the European
Parliament arranged by Swedish MEP Christofer Fjellner had a remarkably
large audience. Over 100 persons came to listen to the five speakers from
both industry and civil society.
Over all, the speakers called for better understanding of the so
called "copyright amendments" to the package that allegedly have been
introduced to the detriment of the 'completion of the internal market'
for the telecoms industry. Netzpolitik.org was also streaming the event.
After the introduction by MEP Fjellner, Monica Horten from Westminster
University made clear the new technology "Deep Packet Inspection"
potentially could be used to censor the Internet in Europe just as it
does in China. Similar hardware is in place in both Chinese and
European networks. The differences are law, automation and industrial
rather than political programming.
Eddan Katz from Electronic Frontier Foundation warned that public
interest values and the hopes for a transforming participative web
would be squashed if the language in the package is not being cleared
up.
Jeffery Lawrence from Intel's main point was that the conflict between
rightsholders and technology industry is not new, but that the
principle of policing consumers is new. Would Europe consider such
policy, there is indeed a need for discussion and analysis beyond the
traditional conflict mentioned.
Nuria Rodriguez Murillo from BEUC urged the European parliament to
ensure legal certainty for consumers, as well as standing up for the
principle already voted on in the so called Bono report which states
that people should not be cut of the Internet.
The last speaker Francisco Mingorance from Business Software Alliance
warned against the French model where technology mandates are
introduced by the state or by courts. Such mandating could overrule
copyright licences like the GPL.
It is unclear whether the Members of the European Parliament will even
agree on the existence of the "copyright amendments" in the upcoming
plenary debate next week. Netizens, as well as citizens, of Europe
should keep their fingers crossed that their legislators know what
they are voting on in three weeks time. Hopefully, to quote Monica
Horten, our MEPs will say "As policy-makers, we have a duty to promote
the vibrant and open character of the Internet."
Seminar on the Telecoms Package and Network Filtering
http://www.european-agenda.com/events/22414.php
Event stream by Netzpolitik
http://netzpolitik.org/2008/live-aus-dem-ep-seminar-on-internet-filtering/
Deep Packet Inspection
http://en.wikipedia.org/wiki/Deep_packet_inspection
(Contribution by Erik Josefsson - Sweden)
============================================================
8. Dispute between UK government and EU over the use of PNR
============================================================
UK Government fights EU proposals to restrict the way it uses passenger name
record (PNR) information to monitor immigration, claiming that the data it
collects is crucial to control cross-border movements.
With the EU planning to make all European states share PNR data, UK
government argues there is a "real risk" the action "would degrade e-Borders
by prohibiting the use of PNR data for combating immigration offences". A
spokeswoman for the Home Office stated: "The collection of passenger name
records is a vital tool in Britain's fight against organised crime,
terrorism and immigration offenders."
UK wants to go further than EU and share data from internal EU flights, sea
and rail travel. The House of Lords EU Select Committee warned in a report
published in July that if the government made pressures for radical changes
to the EU proposal, it might loose the co-operation of Europe. The report
recommended that the PNR data be used for the purpose of fighting against
terrorism and combating serious crime, stating at the same time that a clear
definition should be given to what "serious crime" means. It recommended a
comprehensive list that would cover the term.
The Home Office responded on 6 August accepting the need for greater clarity
about what crimes should be covered by "serious crime" but rejected the
recommendation for a comprehensive list as being "overly prescriptive". It
also said that its e-Borders programme gathering PNR data on 50
million passengers' movements, had been a "real success in strengthening the
UK border" leading to 25 000 alerts and 2 100 arrests for offences ranging
from murder and possession of firearms to drug-smuggling. It also stated
that loosing Europe's support was not a possibility. "Negotiations are
ongoing, there are outstanding issues but we will work closely with the EU
to agree a text."
Dominic Grieve, Shadow Home Secretary, said that if the government wanted to
extend the purposes of using passengers' details, it should be precise about
"what the objective is, why it is necessary and what safeguards it will put
in place to protect the privacy of the innocent" and he added: "Given the
government's proven and serial inability to protect personal data the public
will not agree to this lightly."
The Home Affairs Spokesman for the Liberal Democrats, Chris Huhne, also
considered this was another example that the government was more and more
invading people's personal lives. He also commented: "It is deeply worrying
that ministers are prepared to forgo the possible co-operation of our
European partners."
Actually, even the EU Proposal for a Council Framework Decision on the
use of Passenger Name Record (PNR) is far from perfect, facing large
opposition from privacy rights advocates and associations.
In a letter to the Council of the European Union, ECTAA, the European Travel
Agents' and Tour Operators' Associations, makes several proposals for the
Framework Decision. Among other things, the members of the association
believe the decision should only cover data for passengers on flight into
and out of the EU and that it should not be extended to intra-EU flights.
Gov't battles EU over use of air-passenger data (11.08.2008)
http://news.zdnet.co.uk/security/0,1000000189,39459924,00.htm
Ministers' fears on EU data plan (6.08.2008)
http://news.bbc.co.uk/2/hi/uk_news/politics/7544877.stm
Clash erupts on use of airline data to fight crime (7.08.2008)
http://www.ft.com/cms/s/0/14152182-6418-11dd-844f-0000779fd18c.html?nclick_…
European Travel Agents' and Tour Operators' Associations (ECTAA) letter to
the Council of EU on Proposal for a Council Framework Decision on the use of
Passenger Name Record (PNR) data for law enforcement purposes (1.08.2008)
http://www.statewatch.org/news/2008/aug/eu-pnr-ectaa-comments.pdf
EDRIgram - PNR Data infringes human rights (9.04.2008)
http://www.edri.org/edrigram/number6.7/pnr-human-rights-ecj
============================================================
9. Secret reports on new five year plan for "European Home Affairs"
============================================================
A new secret report, made available by Statewatch, drafted by the "Future
Group" of Interior and Justice Ministers from six EU member states (Germany,
France, Sweden, Portugal, Slovenia, and Czech Republic) suggests a series of
proposals to boost EU integration in policing and intelligence-gathering,
including the creation an EU-US Area of cooperation for "freedom, security
and justice."
The group's controversial proposals are certain to trigger major disputes,
proposing that the EU members states should pool information in a central
intelligence unit, creating a network of "anti-terrorist centres",
standardising police surveillance techniques and extending the sharing of
DNA and fingerprint databases to include CCTV video footage and material
gathered by "spy drones".
The report also includes a decision to expand the current European
Gendarmerie Force (EGF), which currently only involves France, Italy, Spain,
Portugal and the Netherlands, into an EU body, that could be used also for
paramilitary intervention overseas.
Claiming efficient fight against terrorism, the report suggests an
Euro-Atlantic pact of cooperation with the United States. The document needs
to be finalized by 2014 at the latest and would not just cover terrorism and
passenger data but would cover the whole area of justice and home affairs -
policing, immigration, sharing database data and biometrics. The difference
in privacy regulation could be a problem in achieving
this pact, but the US seems to push hard for this new pact:
"All the evidence from dozens of high-level EU-USA meetings on justice and
home affairs since 11 September 2001 shows that it is a one-way street with
the EU trying to fend off USA demands. When the EU does not cave in the USA
simply negotiates bilateral deals with individual member states. A permanent
EU-USA pact would be disastrous for privacy and civil liberties." explains
Tony Bunyan, Statewatch editor.
Bruno Waterfield, Brussels correspondent for The Daily Telegraph has
expressed the way in which security has been escalated to a level that he
calls "securocracy". He believes it started at the national and EU level
with "interoperability" that allowed a more wildly exchange of the
information held on databases. This gave the idea of "availability", that
meant "the exchange of any of this information, defined as important for
security purposes, was required". And the latest stage is "convergence".
"This concept heralds a new era by standardising European police
surveillance techniques and creating "tool-pools" of common data gathering
systems to be operated at the EU level" says Waterfield.
Future Report: Freedom, Security, Privacy - European Home Affairs in an open
world (06.2008)
http://www.statewatch.org/news/2008/jul/eu-futures-jha-report.pdf
Secret EU security draft risks uproar with call to pool policing and give US
personal data (7.08.2008)
http://www.guardian.co.uk/world/2008/aug/07/eu.uksecurity
Secret EU report moots sharing personal data with US (7.08.2008)
http://euobserver.com/22/26585
New European spying proposals 'threaten British security' (7.08.2008)
http://www.telegraph.co.uk/news/worldnews/europe/2512219/New-European-spyin…
EU plan: The rise and rise of the securocrats (7.08.2008)
http://blogs.telegraph.co.uk/bruno_waterfield/blog/2008/08/07/eu_plan_the_r…
============================================================
10. ENDitorial: Wiretapping - the Swedish way
============================================================
The Swedish Parliament, Riksdagen, adopted 18 June 2008 a law which
obliges all telecom and Internet providers to transfer all communication
that passes the Swedish border to Fvrsvarets radioanstalt (FRA), or the
National Defence Radio Establishment as it is officially called in
English. It is the Swedish national authority for signals intelligence.
Even though domestic Internet communication is between two persons residing
Sweden, the same information may cross national borders through Germany,
Denmark and USA. That is how the Internet works. This means that all Swedes
as well as people residing outside of Sweden may be subject to the
surveillance of FRA. FRA may transfer information to other countries and the
Guardian has recently reported (7 August 2008) of a Secret EU security draft
which would give USA "Wholesale exchange of (personal) data". It is within a
greater international perspective one should view the Swedish legislation.
It is possible that Sweden has the most valuable information. 80 % of the
Russian telecom and internet communication passes through Sweden. Thus, it
is not an accident that FRA has one of the most powerful computers in the
world, together with some computers in the USA and one computer in the UK
which operates computations on nuclear weapons. There is an ongoing debate
over the true motive for the adoption of the law. This is only one of the
theories. Many countries and companies, including Finland, Norway, Google
and TeliaSonera, use the Swedish cables and are very critical of the FRA
wiretapping law.
The FRA wiretapping law adopted in June 2008 consists of four statutes,
including a newly adopted statute on signals intelligence and changes in
three other statutes.
The law will enter into force by 1 January 2009 and the actual operations
will start later in the year. FRA has a mandate to search for "external
threats", which involves everything from military threats, terrorism,
IT-security, supply problems, ecological imbalances, ethnic and religious
conflicts, migration to economic challenges in the form of currency and
interest speculation. This very broad mandate has attracted a lot of
criticism. There is no requirement that the FRA should have a reason to
suspect crime or a court order before a Swedish citizen is to be under
surveillance. This must be seen against the background that the police may
ask FRA for support in its efforts of crime control.
In contrast to what the law actually says, the Government denies that the
police may use the FRA and say that FRA will only monitor "phenomena" and
not individuals. The critics ask how it is possible to monitor phenomena
without monitoring individuals.
As one of the critics, I have accused the Government of "doublethink" and
"newspeak" in their defence of the law. The Governments statements are full
of contradictions, which they ignore. The main Government Party in a
coalition of four parties even deny the core of the law, which obligates all
telecom and Internet providers to transfer all communication that passes the
Swedish border to FRA.
In the eve of the vote of 18 June 2008 there were strong indications that
more than the necessary four parliamentarians of the centre-right coalition
would shift side and thus deny the adoption of the statutes. There was
intense pressure on these parliamentarians and on the day before the vote,
Fredrick Federley, a critic in the centre party, struck a deal with the
Minister of Defence, Sten Tolgfors, which involved that additional
protection would be added in the interest of privacy at a later point in
time. This made the resistance in the coalition parties to crumble.
In the end, only one parliamentarian shifted sides, Camilla Lindberg, of
the liberal party who became a national hero while Fredrick Federley, in the
eyes of many, lost a lot of credibility as a civil rights promoter. Another
member of the liberal group, Birgitta Ohlsson, abstained. The two members of
the liberal group had concerns that the additional protection would not
change the fact that the law obliges all telecom and Internet providers to
transfer all communication that passes the Swedish border to FRA.
This did not quiet the critics. By 14 July 2008 the resistance in the
liberal party had regrouped and they published an op-editorial in the daily
Dagens Nyheter signed by the necessary four parliamentarians and three
previous party leaders representing 25 years of leadership in the liberal
party, all demanding the Government should recall the law. Later, two
liberal parliamentarians joined the other four and stated live on TV that
they were willing to support a motion to recall the law. The Government is
making serious efforts to divide the group and make one or several of them
return to the Government side.
As of this date, the Government has not been successful. The six liberal
parliamentarians must team up with the social democrats, the green party and
the left before the end of September 2008. After that, it is impossible to
table motions from the opposition which will enter into force during 2009
and recall the law.
To conclude, the showdown for Swedish wiretapping by FRA is in September
2008.
Government Proposal on Defence Intelligence (only in Swedish, 8.03.2007)
http://www.regeringen.se/content/1/c6/07/83/67/2ee1ba0a.pdf
Secret EU security draft risks uproar with call to pool policing
and give US personal data (7.08.2008)
http://www.guardian.co.uk/world/2008/aug/07/eu.uksecurity
EDRi-gram: ENDitorial: Sweden is listening to all internet and phone
conversations (2.07.2008)
http://www.edri.org/edrigram/number6.13/sweden-fra-adoption
EDRi-gram: ENDitorial: A new "NSA FRAnchise" set up in Sweden? (4.06.2008)
http://www.edri.org/edrigram/number6.11/nsa-fra-sweden
(contribution by Mark Klamberg - Doctoral candidate, Stockholm University -
Department of Law)
============================================================
11. Recommended Action
============================================================
EDRi member FoeBuD e.V. has set up a contest for finding a RFID warning sign
to be passed on to the EU's process in RFID legislation. Since the industry
came up with a similar contest but looking for a somewhat "friendly" design,
FoeBuD is looking for a precise warning sign that would shows the dangers
for citizens' rights when RFID technology is involved.
There are two categories in FoeBuD's contest: strict and freestyle. In the
strict category, a design for an official RFID warning sign is wanted. The
winning design in this category shall be sent to the EU as a proposal for
marking RFID tags and readers. It should follow the rules for warning and
danger signs as e.g. DIN 4844-2 shows. The freestyle category is what its
name says: be free to find a nice and striking sign that shows the problem.
Everyone is free to participate until 12 September 2008. The designs are
expected to be public domain. The contest papers are only in German, but,
apart from explaining what RFID is and its dangers, the main message is:
Send the design before the deadline to "FoeBuD e.V., Marktstrasse 18, 33602
Bielefeld, Germany". Questions and digital-only designs may be sent to
"mail at foebud.org". Submissions are confirmed to have arrived via email.
The winners will be announced in October 2008.
The contest papers (only in German)
http://www.foebud.org/rfid/rfid-warn-logo-wettbewerb-foebud-ausschreibung.p…
============================================================
12. Agenda
============================================================
3-5 September 2008, Prague, Czech Republic
The Third International Conference on Legal, Security and Privacy Issues in
IT
http://www.lspi.net/
8-10 September 2008, Geneva, Switzerland
The third annual Access to Knowledge Conference (A2K3)
http://isp.law.yale.edu/
19 September 2008, Brussels, Belgium
High Level Expert Conference: Towards a European Policy on RFID
http://www.rfid-in-action.eu/conference
20 September 2008, Munchen, Germany
Demonstration Freiheit Weiss Blau
http://wiki.vorratsdatenspeicherung.de/Freiheit_Weiss_Blau
22 September 2008, Istanbul, Turkey
Workshop on Applications of Private and Anonymous Communications
http://www.alpaca-workshop.org/
22 September 2008, Worldwide
OneWebDay - an Earth Day for the internet.
http://onewebday.org/
24-28 September 2008, Athens, Greece
World Summit on the Knowledge Society
http://www.open-knowledge-society.org/summit.htm
11 October 2008, Worldwide
Action day "Freedom not fear"
Protests, demonstrations and activities against the surveillance mania
http://wiki.vorratsdatenspeicherung.de/Freedom_Not_Fear_2008
15-17 October 2008, Strasbourg, France
30th International Data Protection and Privacy Conference
http://www.privacyconference2008.org/
20-21 October 2008, Strasbourg, France
European Dialogue on Internet Governance (EuroDIG)
http://www.eurodig.org/
3-6 December 2008, Hyderabad, India
Third Internet Governance Forum
http://www.intgovforum.org
10-11 December 2008: Tilburg, Netherlands
Tilting perspectives on regulating technologies, Tilburg Institute for Law
and Technology, and Society, Tilburg University
http://www.tilburguniversity.nl/tilt/conference
============================================================
13. About
============================================================
EDRI-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRI has 28 members based or with offices in 17 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge and
awareness through the EDRI-grams.
All contributions, suggestions for content, corrections or agenda-tips are
most welcome. Errors are corrected as soon as possible and visibly on the
EDRI website.
Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 2.0 License. See the full text at
http://creativecommons.org/licenses/by/2.0/
Newsletter editor: Bogdan Manolea <edrigram(a)edri.org>
Information about EDRI and its members:
http://www.edri.org/
European Digital Rights needs your help in upholding digital rights in the
EU. If you wish to help us promote digital rights, please consider making a
private donation.
http://www.edri.org/about/sponsoring
- EDRI-gram subscription information
subscribe by e-mail
To: edri-news-request(a)edri.org
Subject: subscribe
You will receive an automated e-mail asking to confirm your request.
unsubscribe by e-mail
To: edri-news-request(a)edri.org
Subject: unsubscribe
- EDRI-gram in Macedonian
EDRI-gram is also available partly in Macedonian, with delay. Translations
are provided by Metamorphosis
http://www.metamorphosis.org.mk/edrigram-mk.php
- EDRI-gram in German
EDRI-gram is also available in German, with delay. Translations are provided
Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for
Internet Users
http://www.unwatched.org/
- Newsletter archive
Back issues are available at:
http://www.edri.org/edrigram
- Help
Please ask <edrigram(a)edri.org> if you have any problems with subscribing or
unsubscribing
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
============================================================
EDRI-gram
biweekly newsletter about digital civil rights in Europe
Number 6.16, 27 August 2008
============================================================
Contents
============================================================
1. Italian justice wants to "seize" a foreign website
2. Cloning e-passports
3. Problems with online FoI in the Georgia-Russia conflict
4. Copyright experts against the EU extension of the copyright term
5. Call for worldwide protests against surveillance
6. UK government goes on with its plan for data retention
7. Seminar on the Telecoms Package and Network Filtering
8. Dispute between UK government and EU over the use of PNR
9. Secret reports on new five year plan for "European Home Affairs"
10. ENDitorial: Wiretapping - the Swedish way
11. Recommended Action
12. Agenda
13. About
============================================================
1. Italian justice wants to "seize" a foreign website
============================================================
In an investigation started by the Bergamo Prosecutors, an Order of the
Justice for preliminary investigation of the Court of Bergamo was issued on
1 August 2008, asking for the "seizure" of the PirateBay website, hosted
outside Italy, for displaying a collection of links to allegedly illegal
duplicated material. The order was implemented by 10 August 2008 by forcing
Italian Internet providers to block the access to that site, both to its
domain, as well as to its associated IP number.
The PirateBay owners quickly reacted and changed their IP address and set up
a new website called labaia.org (La Baia means The Bay in Italian). They
have also promoted measures to bypass the "blacklisting": "We have already
changed IP for the website - that makes it work for half the ISPs again. And
we want you all to inform your Italian friends to switch their DNS to
OpenDNS so they can bypass their ISPs filters. This will also let them
bypass the other filters installed by Italian ISPs, as a bonus."
But the case is worse, as revealed by the EDRi-member ALCEI. The
interpretation of the concept of "seizure", in an extremely extended and
seriously questionable manner, triggers a serious threat for the rights
of citizens and companies that are not, in any way, involved in this
inquiry.
ALCEI explains in a letter sent to the Italian Data Protection Authority
(Garante per la protezione dei dati personali) that the "enforcement of
the Court order, exceeded what the Justice said. Users attempting to connect
to the "seized" site are redirected to the IP number 217.144.82.26,
belonging to servers located in the United Kingdom and apparently registered
by the pro-music.org domain, a music industry association protecting their
brands and intellectual property rights. If the above is true, then a
private association, outside the Italian jurisdiction, is collecting
internet traffic data that, when matched with those retained by the ISPs,
would allow the identification and possible criminal investigation of third
parties absolutely not involved in the Bergamo's criminal case."
But besides the case as such, ALCEI also underlines the fact that this
case - per se "one among many" - is of the utmost importance when
examined in a broad perspective because it falls into a wider and long
lasting lobby to legislators, politicians, magistrates and law
enforcement officers to share the (wrong) idea that "filtering is good
for citizen security" and the ISPs must be liable for everything that
happens on the net, whether under their direct control or not.
Italy has already passed legislation, for some years now, that goes
toward these directions (for a variety of alleged "reasons", such as the
all-purposes "minor protection excuse" or to fight "illegal" online
gambling etc. - and now, once again, for "copyright sake").
Italian politicians are pushing at the European Union level the idea of
forcing search engine providers to filter "questionable" queries.
The relevant question that the Italian EDRI members are asking is: "Is
it the case that Italy is on the edge of a civil rights aggression? Maybe
not. For a number of reasons (ignorance, disinterest, electoral
convenience) Italy seems to be more prone to copyright lobbyists
interests than other European countries."
GIP Bergamo - Decree 1 August 2008 (only in Italian, 1.08.2008)
http://www.ictlex.net/?p=934
10 August 2008, Italy blocks Pirate Bay (only in Italian,10.08.2008)
http://punto-informatico.it/2381433/PI/Brevi/10-agosto-2008-italia-blocca-p…
Italian authorities attempt to take on Pirate Bay (11.08.2008)
http://www.out-law.com/page-9336
Fascist state censors Pirate Bay (10.08.2008)
http://thepiratebay.org/blog/123
A complaint to the Garante per i dati personali in the "piratebay" case
(only in Italian, 16.08.2008)
http://www.alcei.it/index.php/archives/129
EDRi-gram: ENDitorial: "Frattinising" isn't the only threat (26.09.2007)
http://www.edri.org/edrigram/number5.18/frattinising
============================================================
2. Cloning e-passports
============================================================
Jeroen van Beek, a computer researcher at the University of Amsterdam, has
shown in some tests conducted for The Times that the new micro-chipped
passports, introduced in UK to protect against terrorism and organised
crime, can be easily cloned.
The researcher has succeeded in cloning the chips of two British passports
in which he introduced the pictures of Osama bin Laden and a suicide bomber
and in passing the cloned chips as genuine through Golden Reader, which is
the standard passport reader software used by the UN agency setting
standards for e-passports and which is also recommended for use at airports.
The cloning operation took less than an hour. Van Beek developed his cloning
method based on previous researches made in UK, Germany and New Zealand.
The micro-chipped passports contain a small radio frequency chip and an
antenna attached to the back page of the passport. The chip responds to an
encrypted signal sent by an electronic reader, by sending the holder's ID
and the biometric details back to the reader. Therefore, a copied chip could
be palmed at an unattended reader or a copy of a passport that hasn't even
been stolen could be used if the bearer resembled the original holder.
To any concerns expressed in relation to the safety of the data on the
e-passports, the Home Office has always argued that faked chips can be
discovered at border checkpoints because, when checked against an
international database, they would not match the key. The e-passports are
protected by a digital signature which, when altered, brings the rejection
of the passport by the reader. The validation of the signatures on
e-passports requires the exchange of PKI certificates between the
authorities of the issuing countries or the use of ICAO's PKD (Public Key
Directory) system. However, ICAO PKD system is not universally used and many
countries, UK included, use the bilateral exchange of certificates with
other countries.
The Dutch researcher not only changed the data on the e-passports but
succeeded in writing a new signature that will pass through the system,
under certain circumstances. According to the reader performances, to the
exchange of certificates between countries or to the use or not of PKD, the
signature might not even be checked.
"We're not claiming that terrorists are able to do this to all passports
today or that they will be able to do it tomorrow (...) But it does raise
concerns over security that need to be addressed in a more public and open
way" said Mr van Beek.
The flaws also contradict Home Office's claims that the 3 000 blank
passports that were stolen last week were worthless and raise questions
about the 4 billion pound ID scheme of the Government which uses the same
biometric technology. Dominic Grieve, the Shadow Home Secretary, has asked
the ministers to take urgent measures to solve the security flaws. "It is of
deep concern that the technology underpinning a key part of the UK's
security can be compromised so easily" said Grieve.
Researcher gives Elvis and bin Laden fake e-passports (6.08.2008)
http://www.theregister.co.uk/2008/08/06/epassport_alteration_demo/
'Fakeproof' e-passport is cloned in minutes (6.08.2008)
http://www.timesonline.co.uk/tol/news/uk/crime/article4467106.ece
How to clone the copy-friendly biometric passport (4.08.2006)
http://www.theregister.co.uk/2006/08/04/cloning_epassports/
How to clone a biometric passport while it's still in the bag (6.03.2007)
http://www.theregister.co.uk/2007/03/06/daily_mail_passport_clone/
============================================================
3. Problems with online FoI in the Georgia-Russia conflict
============================================================
The conflict between Russia and Georgia over South Ossetia region has
extended to Internet, both countries having launched cyber-attacks and
blocking each other's broadcasting sites.
Georgian authorities have blocked access to Russian news broadcasters and
websites, the action being justified by Georgia's Interior Ministry with the
argument that Russian broadcasts would "scare our population" which the
government could not allow.
Mamia Sanadiradze, founder and CEO of Caucasus Online, the biggest Georgian
ISP, told Reuters: "People from the (Georgian) security agencies asked me to
block Russian sites. There were threats from viruses, we faced
disinformation and so on. (...) I hope that when war is over, we will
unblock these sites."
On the other hand, Georgian online news media and the Georgian government
websites have been attacked by Russian hackers,
including the President's site. In order to remain accessible, the foreign
ministry website changed its URL address.
Security researchers claim to have evidence showing a link between Russian
state businesses and the cyber-attacks against Georgia. Denial of service
attacks against Georgian websites started a day before the break out of the
military conflict over South Ossetia.
Don Jackson, a SecureWorks researcher said that logs showed that part of the
attack was run from command and control servers located on the networks of
Rostelecom and Comstar, two Russian state-run companies. "We know that the
Russian government controls those servers theoretically, if they have not
been 'pwned' by somebody else," Jackson told eWeek. The two companies made
changes in routing tables that blocked internet traffic to Georgia. The same
networks were used to launch denial of service attacks and cache poisoning
attacks against Georgian networks, according to SecureWorks.
Reporters Without Borders condemn the violation of online freedom of
information. "The Internet has become a battleground in which information is
the first victim. On the one side, the main Georgian ISPs severed access to
Russian websites. On the other side, Georgian government websites were
attacked by Russian hackers. With newspapers and radio and TV stations
putting out very little independent news, the Internet is a vital tool for
the public, so these attacks must stop at once."
Russian and Georgian websites fall victim to a war being fought online as
well as in the field (13.08.2008)
http://www.rsf.org/article.php3?id_article=28167
Georgia cuts access to Russian websites, TV news (19.08.2008)
http://www.reuters.com/article/internetNews/idUSLJ36223120080819
Georgia accuses Russia of coordinated cyberattack (11.08.2008)
http://news.cnet.com/8301-1009_3-10014150-83.html?hhTest=1
Bear prints found on Georgian cyber-attacks (14.08.2008)
http://www.theregister.co.uk/2008/08/14/russia_georgia_cyberwar_latest/
Russian cybercrooks turn on Georgia (11.08.2008)
http://www.theregister.co.uk/2008/08/11/georgia_ddos_attack_reloaded/
============================================================
4. Copyright experts against the EU extension of the copyright term
============================================================
New voices from the major copyright experts in the European universities and
research centers question the current EU proposals of extension of the
copyright term for the performing artists and sound recordings.
As previously covered in the past EDRi-gram, the first letter was addressed
to EU Commission President Jose Manuel Barroso and sent on 18 July 2008 by
the leading European centres for intellectual property research that
explained that the new measures "will damage European creative endeavour and
innovation beyond repair."
Professor Bernt Hugenholtz, Director of the Institute for Information Law
(IViR) that was commissioned by the EC to draft two major studies on the EU
copyright and policy, questioned the Commission decision, calling its
policies: "less the product of a rational decision-making process than of
lobbying by stakeholders." Prof. Hugenholtz was very unhappy about the
Commission decision that totally contradicts and ignores IViR's scientific
findings:
"As you are certainly aware, one of the aims of the 'Better Regulation'
policy that is part of the Lisbon agenda is to increase the transparency of
the EU legislative process. By wilfully ignoring scientific analysis and
evidence that was made available to the Commission upon its own initiative,
the Commission's recent Intellectual Property package does not live up to
this ambition. Indeed, the Commission's obscuration of the IViR studies and
its failure to confront the critical arguments made therein seem to reveal
an intention to mislead the Council and the Parliament, as well as the
citizens of the European Union.
In doing so the Commission reinforces the suspicion, already widely held
by the public at large, that its policies are less the product of a rational
decision-making process than of lobbying by stakeholders. This is
troublesome not only in the light of the current crisis of faith as regards
the European lawmaking institutions, but also - and particularly so - in
view of European citizens' increasingly critical attitudes towards
intellectual property law."
Further arguments against the decision come from a statement from another
leading IP centre in European - Max Planck Institute for Intellectual
Property, Competition and Tax Law. In an article that concerns the
Commission's plans to prolong the protection period for performing artists
and sound recordings, the authors emphasize that there is no specific reason
for a term extension and argue that the proposal diverts the attention from
the social problem that performing artists, in particular at
the start of their career, often have a very bad negotiation position
vs. publishers and record companies - which should be remedied by special
copyright contract law.
The document concludes in pointing out that: "no persuasive economic or
social reason can be found in favour of a term extension since extending the
term would neither increase the incentives to invest nor would it provide
financial security and a sufficient livelihood for all ageing musicians,
especially not for those who need it the most. It would rather have a
negative impact upon future creators and musicians, since they would need to
wait longer to build upon older works in order to create new ones. Besides,
a term extension would also be to the detriment of consumers and the
information society since sound recordings would be locked up for another 45
years."
Open Letter concerning European Commission's `Intellectual Property Package'
(18.08.2008)
http://www.ivir.nl/news/Open_Letter_EC.pdf
"Statement of the Max Planck Institute for Intellectual Property,
Competition and Tax Law Concerning the Commission's Plans to Prolong the
Protection Period for Performing Artists and Sound Recordings"
by Nadine Klass, Josef Drexl, Reto M. Hilty, Annette Kur and Alexander
Peukert", IIC 2008, p. 586-596.
Commission adviser accuses Barroso of intentionally misleading European
policy-makers and citizens on copyright (21.08.2008)
http://www.openrightsgroup.org/2008/08/21/commission-adviser-accuses-barros…
EDRi-gram: Extension of the copyright term for performers and record
producers (30.07.2008)
http://www.edri.org/edrigram/number6.15/extension-copyright-performers
============================================================
5. Call for worldwide protests against surveillance
============================================================
Civil rights organizations call for protests against the constant increase
of surveillance conducted by governments and enterprises. A rally under the
motto "Freedom not Fear" will be held in Berlin on 11 October 2008. The
organizers agree that it is high time to take to the streets in order to
defend basic constitutional rights in the light of an ongoing
intensification of security and surveillance measures. The rally turns
against the promotion of the Federal Criminal Police Office
("Bundeskriminalamt") to a central, executive police agency with the
permission to secretively spy into citizens' home computers.
After last year's demonstration for democracy and civil rights, which was
the largest in Germany in 20 years with over 15 000 participants, protesters
in several countries will, for the first time simultaneously, take to the
streets to demonstrate for their freedom. Currently, 15 countries have
announced their participation in the international action day on 11 October.
Such unanimous protests are mainly due to the ongoing shift of
politicians to push through negotiations on surveillance and control
measures behind closed doors. Among others, the international protest
criticizes the planned registration of all air travellers in the EU,
the planned delivery of data to the USA, biometric data in EU identification
documents, as well as the retention of telecommunication data such as phone
connections or a caller's whereabouts for all 455 million Europeans.
Against this political spiral of interior armament motivated by
crime-related dangers, civil society places the call for "Freedom not Fear".
A moratorium for all surveillance activities and the reduction of all mass
scale surveillance, as well as an expansion of digital rights are demanded
to protect and strengthen civil liberties. In addition, activists call for
an independent review of every single planned or existing surveillance and
control measure in terms of its effectiveness and undesired side-effects.
In the run-up to this action day, the German Work Group on Data Retention
("Arbeitskreis Vorratsdatenspeicherung") calls for participation in the
Munich demonstration "Freiheit Wei_-Blau - Stoppt den \berwachungswahn" on
20 September 2008, which targets the restrictions of the right to free
assembly and other surveillance measures in the state of Bavaria. In
addition, the OneWebDay on 22 September 2008, will serve as a means for
further mobilisation for the "Freedom not Fear" action day.
Action day "Freedom not Fear" on 11 October 2008
http://www.freedom-not-fear.eu
Planned activities for 11 October 2008
http://wiki.vorratsdatenspeicherung.de/Freedom_Not_Fear_2008
(Contribution by Patrick Breyer - Working Group on Data Retention - Germany)
============================================================
6. UK government goes on with its plan for data retention
============================================================
UK government intends to oblige ISPs and telephone companies to keep
Internet personal data traffic for at least 12 months and local, health
authorities and lots of other public bodies are to be given access to
details of everyone's personal Internet information.
On 15 August 2008, the Home Office published a consultation paper which
makes clear that the personal data will now be available for crime and
public order investigations and may even be used to prevent people
self-harming. Furthermore, as the measure is the result of an EU directive,
the data will be made available to public investigators across Europe.
The measure will cover VOIP as well and access to personal Internet and text
data will be available to all public bodies licensed under the 2000
Regulation of Investigatory Powers Act (RIPA), meaning that hundreds of
public bodies including local councils, health authorities, the Health and
Safety Commission, the Food Standards Agency or Ofsted (the education
standards watchdog), may require telecom companies to hand them over the
personal data.
UK government intends to go further by introducing a draft communications
bill this autumn which would require all the telecommunications companies to
hand over this data to one central "super" database. The police and other
public authorities will be able to access this database directly without
having to make a request to the company which keeps the records.
The database had been planned to be bundled with the EU Data Retention
Directive that is to be legally implemented in UK by March 2009. The
consultation paper published by the Home Office is meant to transpose the
Directive as a standalone statutory instrument. Laws made by statutory
instruments do not need a Parliament vote.
Home Office civil servants are working on plans for the central database
within the Interception Modernisation Programme (IMP). The IMP budget was
part of the intelligence agencies' undisclosed funding bid to the
Comprehensive Spending Review last year. Sources disclosed that secret
briefings gave a cost for the database that could reach nine figures.
The proposition faces opposition as many fear that a single database under
Government's control would be vulnerable to attacks or errors that may lead
to information leaks.
Chris Huhne, the Liberal Democrats' home affairs spokesman, said the
government could not be trusted with sensitive data. "We will be told it is
for use in combating terrorism and organised crime but if Ripa powers are
anything to go by, it will soon be used to spy on ordinary people's kids,
pets and bins" he said.
In the consultation paper, the Home Office also gave an estimation of a cost
of over 60 million euro that the storage of such an amount of Internet data
may be imposed on the Internet industry. Besides, the Home Office admitted
that the companies might have to store "a billion incidents of data exchange
a day". The Government has already paid about 23 million euro over five
years to telecom companies for access to data about citizens' use of phones
and the Internet.
'Snooper's charter' to check texts and emails (13.08.2008)
http://www.guardian.co.uk/uk/2008/aug/13/privacy.civilliberties/print
Home Office - A consultation paper - Final phase of the transposition of
Directive 2006/24/EC (08.2008)
http://www.statewatch.org/news/2008/aug/uk-ho-consult-mand-ret-internet.pdf
Government pays telcos #18.5 million for records retention (7.08.2008)
http://www.out-law.com/page-9333
UK.gov to spend hundreds of millions on snooping silo (19.08.2008)
http://www.theregister.co.uk/2008/08/19/ukgov_uber_database/
EDRIgram: UK Government will store all phone, Internet traffic data
(21.05.2008)
http://www.edri.org/edrigram/number6.10/uk-isp-traffic-data
EDRIgram: ICO worried about a UK Government-owned traffic data database
(4.06.2008)
http://www.edri.org/edrigram/number6.11/ico-uk-govt-database
============================================================
7. Seminar on the Telecoms Package and Network Filtering
============================================================
The telecoms package seminar on the 27 August 2008 in the European
Parliament arranged by Swedish MEP Christofer Fjellner had a remarkably
large audience. Over 100 persons came to listen to the five speakers from
both industry and civil society.
Over all, the speakers called for better understanding of the so
called "copyright amendments" to the package that allegedly have been
introduced to the detriment of the 'completion of the internal market'
for the telecoms industry. Netzpolitik.org was also streaming the event.
After the introduction by MEP Fjellner, Monica Horten from Westminster
University made clear the new technology "Deep Packet Inspection"
potentially could be used to censor the Internet in Europe just as it
does in China. Similar hardware is in place in both Chinese and
European networks. The differences are law, automation and industrial
rather than political programming.
Eddan Katz from Electronic Frontier Foundation warned that public
interest values and the hopes for a transforming participative web
would be squashed if the language in the package is not being cleared
up.
Jeffery Lawrence from Intel's main point was that the conflict between
rightsholders and technology industry is not new, but that the
principle of policing consumers is new. Would Europe consider such
policy, there is indeed a need for discussion and analysis beyond the
traditional conflict mentioned.
Nuria Rodriguez Murillo from BEUC urged the European parliament to
ensure legal certainty for consumers, as well as standing up for the
principle already voted on in the so called Bono report which states
that people should not be cut of the Internet.
The last speaker Francisco Mingorance from Business Software Alliance
warned against the French model where technology mandates are
introduced by the state or by courts. Such mandating could overrule
copyright licences like the GPL.
It is unclear whether the Members of the European Parliament will even
agree on the existence of the "copyright amendments" in the upcoming
plenary debate next week. Netizens, as well as citizens, of Europe
should keep their fingers crossed that their legislators know what
they are voting on in three weeks time. Hopefully, to quote Monica
Horten, our MEPs will say "As policy-makers, we have a duty to promote
the vibrant and open character of the Internet."
Seminar on the Telecoms Package and Network Filtering
http://www.european-agenda.com/events/22414.php
Event stream by Netzpolitik
http://netzpolitik.org/2008/live-aus-dem-ep-seminar-on-internet-filtering/
Deep Packet Inspection
http://en.wikipedia.org/wiki/Deep_packet_inspection
(Contribution by Erik Josefsson - Sweden)
============================================================
8. Dispute between UK government and EU over the use of PNR
============================================================
UK Government fights EU proposals to restrict the way it uses passenger name
record (PNR) information to monitor immigration, claiming that the data it
collects is crucial to control cross-border movements.
With the EU planning to make all European states share PNR data, UK
government argues there is a "real risk" the action "would degrade e-Borders
by prohibiting the use of PNR data for combating immigration offences". A
spokeswoman for the Home Office stated: "The collection of passenger name
records is a vital tool in Britain's fight against organised crime,
terrorism and immigration offenders."
UK wants to go further than EU and share data from internal EU flights, sea
and rail travel. The House of Lords EU Select Committee warned in a report
published in July that if the government made pressures for radical changes
to the EU proposal, it might loose the co-operation of Europe. The report
recommended that the PNR data be used for the purpose of fighting against
terrorism and combating serious crime, stating at the same time that a clear
definition should be given to what "serious crime" means. It recommended a
comprehensive list that would cover the term.
The Home Office responded on 6 August accepting the need for greater clarity
about what crimes should be covered by "serious crime" but rejected the
recommendation for a comprehensive list as being "overly prescriptive". It
also said that its e-Borders programme gathering PNR data on 50
million passengers' movements, had been a "real success in strengthening the
UK border" leading to 25 000 alerts and 2 100 arrests for offences ranging
from murder and possession of firearms to drug-smuggling. It also stated
that loosing Europe's support was not a possibility. "Negotiations are
ongoing, there are outstanding issues but we will work closely with the EU
to agree a text."
Dominic Grieve, Shadow Home Secretary, said that if the government wanted to
extend the purposes of using passengers' details, it should be precise about
"what the objective is, why it is necessary and what safeguards it will put
in place to protect the privacy of the innocent" and he added: "Given the
government's proven and serial inability to protect personal data the public
will not agree to this lightly."
The Home Affairs Spokesman for the Liberal Democrats, Chris Huhne, also
considered this was another example that the government was more and more
invading people's personal lives. He also commented: "It is deeply worrying
that ministers are prepared to forgo the possible co-operation of our
European partners."
Actually, even the EU Proposal for a Council Framework Decision on the
use of Passenger Name Record (PNR) is far from perfect, facing large
opposition from privacy rights advocates and associations.
In a letter to the Council of the European Union, ECTAA, the European Travel
Agents' and Tour Operators' Associations, makes several proposals for the
Framework Decision. Among other things, the members of the association
believe the decision should only cover data for passengers on flight into
and out of the EU and that it should not be extended to intra-EU flights.
Gov't battles EU over use of air-passenger data (11.08.2008)
http://news.zdnet.co.uk/security/0,1000000189,39459924,00.htm
Ministers' fears on EU data plan (6.08.2008)
http://news.bbc.co.uk/2/hi/uk_news/politics/7544877.stm
Clash erupts on use of airline data to fight crime (7.08.2008)
http://www.ft.com/cms/s/0/14152182-6418-11dd-844f-0000779fd18c.html?nclick_…
European Travel Agents' and Tour Operators' Associations (ECTAA) letter to
the Council of EU on Proposal for a Council Framework Decision on the use of
Passenger Name Record (PNR) data for law enforcement purposes (1.08.2008)
http://www.statewatch.org/news/2008/aug/eu-pnr-ectaa-comments.pdf
EDRIgram - PNR Data infringes human rights (9.04.2008)
http://www.edri.org/edrigram/number6.7/pnr-human-rights-ecj
============================================================
9. Secret reports on new five year plan for "European Home Affairs"
============================================================
A new secret report, made available by Statewatch, drafted by the "Future
Group" of Interior and Justice Ministers from six EU member states (Germany,
France, Sweden, Portugal, Slovenia, and Czech Republic) suggests a series of
proposals to boost EU integration in policing and intelligence-gathering,
including the creation an EU-US Area of cooperation for "freedom, security
and justice."
The group's controversial proposals are certain to trigger major disputes,
proposing that the EU members states should pool information in a central
intelligence unit, creating a network of "anti-terrorist centres",
standardising police surveillance techniques and extending the sharing of
DNA and fingerprint databases to include CCTV video footage and material
gathered by "spy drones".
The report also includes a decision to expand the current European
Gendarmerie Force (EGF), which currently only involves France, Italy, Spain,
Portugal and the Netherlands, into an EU body, that could be used also for
paramilitary intervention overseas.
Claiming efficient fight against terrorism, the report suggests an
Euro-Atlantic pact of cooperation with the United States. The document needs
to be finalized by 2014 at the latest and would not just cover terrorism and
passenger data but would cover the whole area of justice and home affairs -
policing, immigration, sharing database data and biometrics. The difference
in privacy regulation could be a problem in achieving
this pact, but the US seems to push hard for this new pact:
"All the evidence from dozens of high-level EU-USA meetings on justice and
home affairs since 11 September 2001 shows that it is a one-way street with
the EU trying to fend off USA demands. When the EU does not cave in the USA
simply negotiates bilateral deals with individual member states. A permanent
EU-USA pact would be disastrous for privacy and civil liberties." explains
Tony Bunyan, Statewatch editor.
Bruno Waterfield, Brussels correspondent for The Daily Telegraph has
expressed the way in which security has been escalated to a level that he
calls "securocracy". He believes it started at the national and EU level
with "interoperability" that allowed a more wildly exchange of the
information held on databases. This gave the idea of "availability", that
meant "the exchange of any of this information, defined as important for
security purposes, was required". And the latest stage is "convergence".
"This concept heralds a new era by standardising European police
surveillance techniques and creating "tool-pools" of common data gathering
systems to be operated at the EU level" says Waterfield.
Future Report: Freedom, Security, Privacy - European Home Affairs in an open
world (06.2008)
http://www.statewatch.org/news/2008/jul/eu-futures-jha-report.pdf
Secret EU security draft risks uproar with call to pool policing and give US
personal data (7.08.2008)
http://www.guardian.co.uk/world/2008/aug/07/eu.uksecurity
Secret EU report moots sharing personal data with US (7.08.2008)
http://euobserver.com/22/26585
New European spying proposals 'threaten British security' (7.08.2008)
http://www.telegraph.co.uk/news/worldnews/europe/2512219/New-European-spyin…
EU plan: The rise and rise of the securocrats (7.08.2008)
http://blogs.telegraph.co.uk/bruno_waterfield/blog/2008/08/07/eu_plan_the_r…
============================================================
10. ENDitorial: Wiretapping - the Swedish way
============================================================
The Swedish Parliament, Riksdagen, adopted 18 June 2008 a law which
obliges all telecom and Internet providers to transfer all communication
that passes the Swedish border to Fvrsvarets radioanstalt (FRA), or the
National Defence Radio Establishment as it is officially called in
English. It is the Swedish national authority for signals intelligence.
Even though domestic Internet communication is between two persons residing
Sweden, the same information may cross national borders through Germany,
Denmark and USA. That is how the Internet works. This means that all Swedes
as well as people residing outside of Sweden may be subject to the
surveillance of FRA. FRA may transfer information to other countries and the
Guardian has recently reported (7 August 2008) of a Secret EU security draft
which would give USA "Wholesale exchange of (personal) data". It is within a
greater international perspective one should view the Swedish legislation.
It is possible that Sweden has the most valuable information. 80 % of the
Russian telecom and internet communication passes through Sweden. Thus, it
is not an accident that FRA has one of the most powerful computers in the
world, together with some computers in the USA and one computer in the UK
which operates computations on nuclear weapons. There is an ongoing debate
over the true motive for the adoption of the law. This is only one of the
theories. Many countries and companies, including Finland, Norway, Google
and TeliaSonera, use the Swedish cables and are very critical of the FRA
wiretapping law.
The FRA wiretapping law adopted in June 2008 consists of four statutes,
including a newly adopted statute on signals intelligence and changes in
three other statutes.
The law will enter into force by 1 January 2009 and the actual operations
will start later in the year. FRA has a mandate to search for "external
threats", which involves everything from military threats, terrorism,
IT-security, supply problems, ecological imbalances, ethnic and religious
conflicts, migration to economic challenges in the form of currency and
interest speculation. This very broad mandate has attracted a lot of
criticism. There is no requirement that the FRA should have a reason to
suspect crime or a court order before a Swedish citizen is to be under
surveillance. This must be seen against the background that the police may
ask FRA for support in its efforts of crime control.
In contrast to what the law actually says, the Government denies that the
police may use the FRA and say that FRA will only monitor "phenomena" and
not individuals. The critics ask how it is possible to monitor phenomena
without monitoring individuals.
As one of the critics, I have accused the Government of "doublethink" and
"newspeak" in their defence of the law. The Governments statements are full
of contradictions, which they ignore. The main Government Party in a
coalition of four parties even deny the core of the law, which obligates all
telecom and Internet providers to transfer all communication that passes the
Swedish border to FRA.
In the eve of the vote of 18 June 2008 there were strong indications that
more than the necessary four parliamentarians of the centre-right coalition
would shift side and thus deny the adoption of the statutes. There was
intense pressure on these parliamentarians and on the day before the vote,
Fredrick Federley, a critic in the centre party, struck a deal with the
Minister of Defence, Sten Tolgfors, which involved that additional
protection would be added in the interest of privacy at a later point in
time. This made the resistance in the coalition parties to crumble.
In the end, only one parliamentarian shifted sides, Camilla Lindberg, of
the liberal party who became a national hero while Fredrick Federley, in the
eyes of many, lost a lot of credibility as a civil rights promoter. Another
member of the liberal group, Birgitta Ohlsson, abstained. The two members of
the liberal group had concerns that the additional protection would not
change the fact that the law obliges all telecom and Internet providers to
transfer all communication that passes the Swedish border to FRA.
This did not quiet the critics. By 14 July 2008 the resistance in the
liberal party had regrouped and they published an op-editorial in the daily
Dagens Nyheter signed by the necessary four parliamentarians and three
previous party leaders representing 25 years of leadership in the liberal
party, all demanding the Government should recall the law. Later, two
liberal parliamentarians joined the other four and stated live on TV that
they were willing to support a motion to recall the law. The Government is
making serious efforts to divide the group and make one or several of them
return to the Government side.
As of this date, the Government has not been successful. The six liberal
parliamentarians must team up with the social democrats, the green party and
the left before the end of September 2008. After that, it is impossible to
table motions from the opposition which will enter into force during 2009
and recall the law.
To conclude, the showdown for Swedish wiretapping by FRA is in September
2008.
Government Proposal on Defence Intelligence (only in Swedish, 8.03.2007)
http://www.regeringen.se/content/1/c6/07/83/67/2ee1ba0a.pdf
Secret EU security draft risks uproar with call to pool policing
and give US personal data (7.08.2008)
http://www.guardian.co.uk/world/2008/aug/07/eu.uksecurity
EDRi-gram: ENDitorial: Sweden is listening to all internet and phone
conversations (2.07.2008)
http://www.edri.org/edrigram/number6.13/sweden-fra-adoption
EDRi-gram: ENDitorial: A new "NSA FRAnchise" set up in Sweden? (4.06.2008)
http://www.edri.org/edrigram/number6.11/nsa-fra-sweden
(contribution by Mark Klamberg - Doctoral candidate, Stockholm University -
Department of Law)
============================================================
11. Recommended Action
============================================================
EDRi member FoeBuD e.V. has set up a contest for finding a RFID warning sign
to be passed on to the EU's process in RFID legislation. Since the industry
came up with a similar contest but looking for a somewhat "friendly" design,
FoeBuD is looking for a precise warning sign that would shows the dangers
for citizens' rights when RFID technology is involved.
There are two categories in FoeBuD's contest: strict and freestyle. In the
strict category, a design for an official RFID warning sign is wanted. The
winning design in this category shall be sent to the EU as a proposal for
marking RFID tags and readers. It should follow the rules for warning and
danger signs as e.g. DIN 4844-2 shows. The freestyle category is what its
name says: be free to find a nice and striking sign that shows the problem.
Everyone is free to participate until 12 September 2008. The designs are
expected to be public domain. The contest papers are only in German, but,
apart from explaining what RFID is and its dangers, the main message is:
Send the design before the deadline to "FoeBuD e.V., Marktstrasse 18, 33602
Bielefeld, Germany". Questions and digital-only designs may be sent to
"mail at foebud.org". Submissions are confirmed to have arrived via email.
The winners will be announced in October 2008.
The contest papers (only in German)
http://www.foebud.org/rfid/rfid-warn-logo-wettbewerb-foebud-ausschreibung.p…
============================================================
12. Agenda
============================================================
3-5 September 2008, Prague, Czech Republic
The Third International Conference on Legal, Security and Privacy Issues in
IT
http://www.lspi.net/
8-10 September 2008, Geneva, Switzerland
The third annual Access to Knowledge Conference (A2K3)
http://isp.law.yale.edu/
19 September 2008, Brussels, Belgium
High Level Expert Conference: Towards a European Policy on RFID
http://www.rfid-in-action.eu/conference
20 September 2008, Munchen, Germany
Demonstration Freiheit Weiss Blau
http://wiki.vorratsdatenspeicherung.de/Freiheit_Weiss_Blau
22 September 2008, Istanbul, Turkey
Workshop on Applications of Private and Anonymous Communications
http://www.alpaca-workshop.org/
22 September 2008, Worldwide
OneWebDay - an Earth Day for the internet.
http://onewebday.org/
24-28 September 2008, Athens, Greece
World Summit on the Knowledge Society
http://www.open-knowledge-society.org/summit.htm
11 October 2008, Worldwide
Action day "Freedom not fear"
Protests, demonstrations and activities against the surveillance mania
http://wiki.vorratsdatenspeicherung.de/Freedom_Not_Fear_2008
15-17 October 2008, Strasbourg, France
30th International Data Protection and Privacy Conference
http://www.privacyconference2008.org/
20-21 October 2008, Strasbourg, France
European Dialogue on Internet Governance (EuroDIG)
http://www.eurodig.org/
3-6 December 2008, Hyderabad, India
Third Internet Governance Forum
http://www.intgovforum.org
10-11 December 2008: Tilburg, Netherlands
Tilting perspectives on regulating technologies, Tilburg Institute for Law
and Technology, and Society, Tilburg University
http://www.tilburguniversity.nl/tilt/conference
============================================================
13. About
============================================================
EDRI-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRI has 28 members based or with offices in 17 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge and
awareness through the EDRI-grams.
All contributions, suggestions for content, corrections or agenda-tips are
most welcome. Errors are corrected as soon as possible and visibly on the
EDRI website.
Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 2.0 License. See the full text at
http://creativecommons.org/licenses/by/2.0/
Newsletter editor: Bogdan Manolea <edrigram(a)edri.org>
Information about EDRI and its members:
http://www.edri.org/
European Digital Rights needs your help in upholding digital rights in the
EU. If you wish to help us promote digital rights, please consider making a
private donation.
http://www.edri.org/about/sponsoring
- EDRI-gram subscription information
subscribe by e-mail
To: edri-news-request(a)edri.org
Subject: subscribe
You will receive an automated e-mail asking to confirm your request.
unsubscribe by e-mail
To: edri-news-request(a)edri.org
Subject: unsubscribe
- EDRI-gram in Macedonian
EDRI-gram is also available partly in Macedonian, with delay. Translations
are provided by Metamorphosis
http://www.metamorphosis.org.mk/edrigram-mk.php
- EDRI-gram in German
EDRI-gram is also available in German, with delay. Translations are provided
Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for
Internet Users
http://www.unwatched.org/
- Newsletter archive
Back issues are available at:
http://www.edri.org/edrigram
- Help
Please ask <edrigram(a)edri.org> if you have any problems with subscribing or
unsubscribing
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
Format Note: If you cannot easily read the text below, or you prefer to
receive Secrecy News in another format, please reply to this email to let
us know.
SECRECY NEWS
from the FAS Project on Government Secrecy
Volume 2013, Issue No. 9
January 25, 2013
Secrecy News Blog: http://www.fas.org/blog/secrecy/
** FORMER CIA OFFICER KIRIAKOU SENTENCED FOR LEAK
** INTERNATIONAL TAX HAVENS, AND MORE FROM CRS
FORMER CIA OFFICER KIRIAKOU SENTENCED FOR LEAK
Former CIA officer John Kiriakou was sentenced today to 30 months in
prison for a violation of the Intelligence Identities Protection Act after
he pleaded guilty to one count of identifying a covert agent.
Although the sentence is less than that prescribed by federal sentencing
guidelines, the government said that it considers the reduced penalty
"reasonable."
In a presentencing memorandum for the defense, Mr. Kiriakou's attorneys
said that his offense should be seen in the context of his lifelong
commitment "to public service and the defense of America's national
security."
http://www.fas.org/sgp/jud/kiriakou/012413-defmem.pdf
"In the course of his service to the United States and the Central
Intelligence Agency, Mr. Kiriakou placed himself in harm's way on countless
occasions, earning the CIA's Exceptional Service Award no fewer than ten
times," the defense memorandum said.
Although Mr. Kiriakou accepted full responsibility for his actions, the
defense said that he had been duped into making the unauthorized disclosure
that led to his prosecution.
"In 2006, Journalist A told Mr. Kiriakou that he was working on a book
about the Abu Omar rendition in Milan. That was false. Journalist A has
never published a book on that subject and the defense is aware of no
evidence that he was ever working on one."
"In reality, unknown to Mr. Kiriakou, Journalist A was acting as a private
investigator on behalf of lawyers representing terrorist detainees in
Guantanamo Bay, Cuba, and was forwarding the information he received from
Mr. Kiriakou, as well as information he received from many other
individuals, to another private investigator working with the detainees'
lawyers. Mr. Kiriakou now realizes that he made a very serious mistake in
passing any information to Journalist A, but he would not have done so had
he known how Journalist A would make use of that information," the defense
memorandum said.
The defense noted that "Mr. Kiriakou has fully and forthrightly accepted
responsibility for his actions and recognizes the seriousness of the crime
to which he has pled guilty. Yet while many will never know Mr. Kiriakou
apart from this prosecution, the incident that led to this moment cannot
undo the reality of Mr. Kiriakou's life in full-- a life dedicated to the
values of freedom, decency, public service, and love of country. As the
government concedes, although Mr. Kiriakou's crime was unquestionably
serious, he was never motivated by any desire to harm the United States,
national security, the CIA's critical mission abroad, or any individual
person."
A petition asking President Obama to pardon Mr. Kiriakou or commute his
sentence has already been signed by thousands of supporters.
After Vice Presidential aide Scooter Libby was convicted of perjury in
connection with the unauthorized disclosure of the identity of CIA officer
Valerie Plame in 2007 and sentenced to 30 months in jail, his sentence was
promptly commuted by President George W. Bush.
INTERNATIONAL TAX HAVENS, AND MORE FROM CRS
New and updated reports from the Congressional Research Service that
Congress has not made available to the public include the following.
Tax Havens: International Tax Avoidance and Evasion, January 23, 2013:
http://www.fas.org/sgp/crs/misc/R40623.pdf
An Overview of the Tax Provisions in the American Taxpayer Relief Act of
2012, January 20, 2013:
http://www.fas.org/sgp/crs/misc/R42894.pdf
Receipt of Unemployment Insurance by Higher-Income Unemployed Workers
("Millionaires"), January 23, 2013:
http://www.fas.org/sgp/crs/misc/R42643.pdf
Summary Report: Congressional Action on the FY2013 Disaster Supplemental,
January 22, 2013:
http://www.fas.org/sgp/crs/misc/R42892.pdf
FY2013 Supplemental Funding for Disaster Relief: Summary and
Considerations for Congress, January 23, 2013:
http://www.fas.org/sgp/crs/misc/R42869.pdf
Congressional Commissions: Overview, Structure, and Legislative
Considerations, January 22, 2013:
http://www.fas.org/sgp/crs/misc/R40076.pdf
Congressional Careers: Service Tenure and Patterns of Member Service,
1789-2013, January 3, 2013:
http://www.fas.org/sgp/crs/misc/R41545.pdf
Global Security Contingency Fund (GSCF): Summary and Issue Overview,
January 22, 2013:
http://www.fas.org/sgp/crs/row/R42641.pdf
Bosnia and Herzegovina: Current Issues and U.S. Policy, January 24, 2013:
http://www.fas.org/sgp/crs/row/R40479.pdf
Mexico's New Administration: Priorities and Key Issues in U.S.-Mexican
Relations, January 16, 2013:
http://www.fas.org/sgp/crs/row/R42917.pdf
Reauthorization of the FISA Amendments Act, January 2, 2013:
http://www.fas.org/sgp/crs/intel/R42725.pdf
_______________________________________________
Secrecy News is written by Steven Aftergood and published by the
Federation of American Scientists.
The Secrecy News Blog is at:
http://www.fas.org/blog/secrecy/
To SUBSCRIBE to Secrecy News, go to:
http://www.fas.org/sgp/news/secrecy/subscribe.html
To UNSUBSCRIBE, go to
http://www.fas.org/sgp/news/secrecy/unsubscribe.html
OR email your request to saftergood(a)fas.org
Secrecy News is archived at:
http://www.fas.org/sgp/news/secrecy/index.html
Support the FAS Project on Government Secrecy with a donation:
http://www.fas.org/member/donate_today.html
_______________________
Steven Aftergood
Project on Government Secrecy
Federation of American Scientists
web: www.fas.org/sgp/index.html
email: saftergood(a)fas.org
voice: (202) 454-4691
twitter: @saftergood
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
FC: Massachusetts high court rules against man who taped abusive cops
by Declan McCullagh 06 Jul '18
by Declan McCullagh 06 Jul '18
06 Jul '18
This is a fascinating case. The majority said that unless they ruled as
they did, "every police encounter would be available for secret recording."
(As if anything was wrong with that.) Welcome to the latest conflict
between technology and the law.
Technology will win this footrace, at least in the long run. As recording
devices fall in price and size, they'll become increasingly commonplace.
Perhaps a next-generation privacy company will build a device that streams
its recording to a remote site wirelessly, so even if it's smashed by
police or lawbreakers, its data will survive. Or perhaps a next-generation
justicefiles.org will allow victims of police brutality to anonymously post
their recordings of police misconduct next to other information about that
particular law enforcement officer.
At Defcon this weekend, I asked a group of four or five law enforcement
officials what they thought about the idea of having shouldercams that
they'd be required to wear when they interrogate suspects or conduct
interviews or perform other official duties. The recordings would be
released after five years or when the trial was over and appeals exhausted.
Needless to say, they weren't very receptive to the idea.
-Declan
*********
1
0
Re: [cryptography] -currently available- crypto cards with onboard key storage
by Martin Paljak 06 Jul '18
by Martin Paljak 06 Jul '18
06 Jul '18
Hello,
On Wed, Oct 26, 2011 at 21:12, Thor Lancelot Simon <tls(a)panix.com> wrote:
> I find myself needing a crypto card, preferably PCIe, with onboard
> key storage. The application is PGP,
I don't know about PGP(.com), but GnuPG is picky about hardware key
containers. Things like PKCS#11.
> As far as I know, the only current products that do this are the
> IBM 4765 and the BCM586x line of chips. There were more sources
> once-upon-a-time of course -- nCipher and NetOctave/NBMK/etc. but
> those products seem to be gone now (and have obsolete PCI host
> interfaces, as well).
I think there are plenty of PCI products from several vendors, incl
Thales(nCipher), SafeNet and others. But getting them "off the shelf"
might vary, depending on your budget and origin and whatnot.
> What, if anything, can I buy off-the-shelf in this space? I don't
> think a smartcard will work, since I need unattended operation
> within the chassis of a standard x86 rackmount server.
You have not described your requirements (ops/sec, FIPS/CC etc) but if
the volume is low, you could take USB CryptoStick(s)
(crypto-stick.org) which is supported by GnuPG and what can do up to
4096 bit onboard keys, unfortunately only one signature/decryption
pair usable through GnuPG. Probably you can also stack them up and
populate with the same key for load sharing.
Martin
_______________________________________________
cryptography mailing list
cryptography(a)randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
FC: Massachusetts high court rules against man who taped abusive cops
by Declan McCullagh 06 Jul '18
by Declan McCullagh 06 Jul '18
06 Jul '18
This is a fascinating case. The majority said that unless they ruled as
they did, "every police encounter would be available for secret recording."
(As if anything was wrong with that.) Welcome to the latest conflict
between technology and the law.
Technology will win this footrace, at least in the long run. As recording
devices fall in price and size, they'll become increasingly commonplace.
Perhaps a next-generation privacy company will build a device that streams
its recording to a remote site wirelessly, so even if it's smashed by
police or lawbreakers, its data will survive. Or perhaps a next-generation
justicefiles.org will allow victims of police brutality to anonymously post
their recordings of police misconduct next to other information about that
particular law enforcement officer.
At Defcon this weekend, I asked a group of four or five law enforcement
officials what they thought about the idea of having shouldercams that
they'd be required to wear when they interrogate suspects or conduct
interviews or perform other official duties. The recordings would be
released after five years or when the trial was over and appeals exhausted.
Needless to say, they weren't very receptive to the idea.
-Declan
*********
1
0
Re: [cryptography] -currently available- crypto cards with onboard key storage
by Martin Paljak 06 Jul '18
by Martin Paljak 06 Jul '18
06 Jul '18
Hello,
On Wed, Oct 26, 2011 at 21:12, Thor Lancelot Simon <tls(a)panix.com> wrote:
> I find myself needing a crypto card, preferably PCIe, with onboard
> key storage. The application is PGP,
I don't know about PGP(.com), but GnuPG is picky about hardware key
containers. Things like PKCS#11.
> As far as I know, the only current products that do this are the
> IBM 4765 and the BCM586x line of chips. There were more sources
> once-upon-a-time of course -- nCipher and NetOctave/NBMK/etc. but
> those products seem to be gone now (and have obsolete PCI host
> interfaces, as well).
I think there are plenty of PCI products from several vendors, incl
Thales(nCipher), SafeNet and others. But getting them "off the shelf"
might vary, depending on your budget and origin and whatnot.
> What, if anything, can I buy off-the-shelf in this space? I don't
> think a smartcard will work, since I need unattended operation
> within the chassis of a standard x86 rackmount server.
You have not described your requirements (ops/sec, FIPS/CC etc) but if
the volume is low, you could take USB CryptoStick(s)
(crypto-stick.org) which is supported by GnuPG and what can do up to
4096 bit onboard keys, unfortunately only one signature/decryption
pair usable through GnuPG. Probably you can also stack them up and
populate with the same key for load sharing.
Martin
_______________________________________________
cryptography mailing list
cryptography(a)randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
hi
> I'm interested whether there is any comparison (code-base wise or
> feature wise) with the (unfortunately discontinued) FireGPG
> (http://getfiregpg.org)
pigeonpg (which is part of mailvelope) contains code from firegpg - look
like some recycling took place :)
malte
--
Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
06 Jul '18
Oh, oh... it's the "Trust us..." talk.
----- Original Message -----
From: "ee380" <ee380(a)shasta.Stanford.EDU>
To: <colloq(a)CS.Stanford.EDU>
Sent: Tuesday, April 03, 2001 3:15 PM
Subject: Jeff Lotspiech, IBM * Content Protection * W4:15 Gates B03
>
>
> Computer Systems Laboratory Colloquium
> 4:15PM, Wednesday, April 4, 2001
> NEC Auditorium, Gates Computer Science Building B03
>
> Title: Content Protection for Recordable Media
>
> Speaker: Jeffrey B. Lotspiech
> IBM Almaden Research Center
>
> About the talk:
>
> Content Protection for Recordable Media, or CPRM, is a technology
> developed by IBM, Intel, Matsushita, and Toshiba to provide copy
> protection on portable media. The technology allows a recorder to
> record encrypted content, and a player to play it back, without
> having any keys in common. The media acts as a passive oracle to
> allow the different boxes to come to the same cryptographic key.
> In contrast, previous copy protection technologies like the one
> used for DVD video, depended on shared keys between the mastering
> studio and the players, with predictable results. As soon as a
> 16-year-old in Norway found one shared key, the system was
> effectively broken: there was no way to exclude the broken key
> from the system without hurting too many innocent consumers. In
> contrast, CPRM can survive thousands of independent attacks, and
> exclude millions of circumvention devices, without any chance of
> innocent consumers being affected.
>
> Recently, articles have appeared in the press that CPRM will be
> standardized on all PC hard drives. This has fueled Orwellian
> mages of a Big Brother chip on your PC that will decide whether
> your files are worthy of being copied. This is complete nonsense.
> CPRM would never be standardized, nor have we ever proposed such
> a thing. CPRM strength is portability and interchangeability and
> it is mismatch for fixed hard drive. It is completely passive,
> requires no hardware, and can only be exploited by newly-designed
> applications. It cannot possibly affect existing files or
> applications. How these myths came about, and persist, was an
> object lesson for a media-naive researcher.
>
> About the speaker:
>
> Jeff Lotspiech is the manager of the Content Protection
> Technology Group at the IBM Almaden Research Center. He has a BS
> and MS in Computer Science from MIT, 1972. He has been working on
> content protection technologies, both the Internet and media, for
> the last six years.
>
> Contact information:
>
> Jeffrey B. Lotspiech
> IBM Almaden Research Center DPEM/B3
> 650 Harry Road
> San Jose, CA 95120
> 408-927-1851
> 408-927-3497
> lotspiech(a)almaden.ibm.com
>
>
+---------------------------------------------------------------------------
-+
> | This message was sent via the Stanford Computer Science Department
|
> | colloquium mailing list. To be added to this list send an arbitrary
|
> | message to colloq-subscribe(a)cs.stanford.edu. To be removed from this
list,|
> | send a message to colloq-unsubscribe(a)cs.stanford.edu. For more
information,|
> | send an arbitrary message to colloq-request(a)cs.stanford.edu. For
directions|
> | to Stanford, check out http://www-forum.stanford.edu
|
>
+-------------------------------------------------------------------------xc
l+
>
--------------1B75234EF6D4C6F043E7587C--
1
0