cypherpunks-legacy
Threads by month
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1998 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1997 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1996 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1995 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1994 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1993 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1992 -----
- December
- November
- October
- September
July 2018
- 1371 participants
- 9656 discussions
On 2011-06-13 9:26 AM, Ian G wrote:
> However. Unless the laws of financial conservation have been repealed by
> the design, those who follow have to invest a lot and come out with less...
Financial conservation does not apply to money. If paper currency
collapses, and is replaced by gold, those who invest in bitcoin will come
out with nothing. If paper currency collapses, and is replaced by
bitcoin, they will come out with immense fortunes.
The market is at present rating the prospect of the world going to a
bitcoin standard rather than a gold standard at two chances in a million,
which seems reasonably conservative.
_______________________________________________
cryptography mailing list
cryptography(a)randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
06 Jul '18
Eugen Leitl kirjoitti:
> On Thu, Jan 15, 2009 at 02:10:13PM +0900, Mike Mazur wrote:
> As an aside from the peanut gallery, it would be nice to have asset
> storage in a distributed cryptographic filestore like Tahoe
> http://allmydata.org/~warner/pycon-tahoe.html
>
that has been my understanding as well. basically after worked a bit
with the guys who pushed it in the Fenfire project (in 2002).
i've understood that basically by using URIs as references to assets we
get that: URLs for current http stuff and location independent URNs with
distributed things like p2p networks. seems that Tahoe also uses "short
URI-like strings" - dunno why 'URI-like' and not just URIs but anyway :)
.. also as SL and OpenSim already uses UUIDs i guess some things are
basically kind of ready for this.
http://www.ht03.org/papers/pdfs/24.pdf is about the work in that area i
was interested back long ago, dunno about the current implementations
whether Tapestry, that Tahoe or something I haven't heard of is the
thing, but i guess the basic idea is the same. in that Fenfire Storm the
idea was to use content based hashes as IDs of files (like images),
similar to Freenode -- the goal not being anonymous publishing in a
secure p2p net, but instead having a nice storage system for both local
own files and publishing them on the net. goals included the secure
storage via redundancy, that seems to be emphasized in Tahoe and is
indeed a great motivation for these things.
looking forward to learning more, perhaps by testing Tahoe
~Toni
_______________________________________________
Opensim-dev mailing list
Opensim-dev(a)lists.berlios.de
https://lists.berlios.de/mailman/listinfo/opensim-dev
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
06 Jul '18
[dropped tahoe-dev from Cc:]
On Thursday,2009-08-06, at 17:08 , james hughes wrote:
>Until you reach the threshold, you do not have the information to
>attack. It becomes information theoretic secure.
This is true for information-theoretically secure secret sharing, but
not true for Cleversafe's technique of composing an All-Or-Nothing-
Transform with Reed-Solomon erasure coding.
>CleverSafe can not provide any security guarantees unless these
>questions can be answered. Without answers, CleverSafe is neither
>Clever nor Safe.
Hey, let's be nice. Cleversafe has implemented a storage system
which integrates encryption in the attempt to make it safer. They
GPL at least some of their work [*], and they publish their ideas and
engage in discussion about them. These are all good things. My
remaining disagreements with them are like this:
1. (The important one.) I don't think the access control policy of
"whoever can access at least K of the N volumes of data" is the
access control policy that I want. For one thing, it immediately
leads to the questions that James Hughes was asking, about who is
authorized to access what servers. For another thing, I would really
like my access control policy to be fine-grained, flexible, and
dynamic. So for example, I'd like to be able to give you access two
three of my files but not all my other files, and I'd like you to
then be able to give your friend access to two of those files but not
the third. See Brian Warner's and Jason Resch's discussion of these
issues: [1, 2].
2. Cleversafe seems to think that their scheme gives better-than-
computational security, i.e. that it guarantees security even if
AES-256 is crackable. This is wrong, but it is an easy mistake to
make! Both Ben Laurie and James Hughes have jumped to the conclusion
(in this thread) that the Cleversafe K-out-of-N encoding has the same
information-theoretic security that secret-sharing K-out-of-N
encoding has.
3. Cleversafe should really tone down the Fear Uncertainty and Doubt
about today's encryption being mincemeat for tomorrow's
cryptanalysts. It might turn out to be true, but if so it will be
due to cryptanalytic innovations more than due to Moore's Law. And
it might not turn out like that -- perhaps AES-256 will remain safe
for centuries. Also, Cleversafe's product is not more secure than
any other product against this threat.
It is hard to explain to non-cryptographers how much they can rely on
the security of cryptographic schemes. It's very complicated, and
most schemes deployed have failed due to flaws in the surrounding
system, engineering errors or key management (i.e. access control)
problems. Nobody knows what cryptanalytic techniques will be
invented in the future. My opinion is that relying on well-
engineered strong encryption to protect your data is at least as safe
alternatives such as keeping the data on your home computer or on
your corporate server. The Cleversafe FUD doesn't help people
understand the issues better.
Regards,
Zooko
[1] http://allmydata.org/pipermail/tahoe-dev/2009-July/002482.html
[2] http://allmydata.org/pipermail/tahoe-dev/2009-August/002514.html
[*] Somebody stated on a mailing list somewhere that Cleversafe has
applied for patents. Therefore, if you want to use their work under
the terms of the GPL, you should also be aware that if their patents
are granted then some of what you do may be subject to the patents.
Of course, this is always true of any software (the techniques might
be patented), but I thought it was worth mentioning since in this
case the company authoring the software is also the company applying
for patents.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo(a)metzdowd.com
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
06 Jul '18
The Washington Times
www.washingtontimes.com
How to find Osama
By Richard W. Rahn
Published August 15, 2004
Having just finished reading the report of the September 11 commission, I was
shocked; shocked to learn major U.S. government bureaucracies are
incompetent. Washington being Washington, most of the solutions proposed
revolved around
reorganizing and creating more bureaucracies.
It seems not to have occurred to anyone there are market solutions for many
information problems the intelligence community faces. Two examples follow. The
first is the general problem of economic intelligence, and the second is
using the market to find a particular someone -- Osama bin Laden.
A couple of decades ago, I became aware the CIA was systematically
overstating the size of the Soviet and Eastern European economies, An
article I wrote
about it was published in 1984. My critique, and those of others then, had no
impact. At the end of the Cold War, we indeed found real per capita incomes in
the Soviet Union and Eastern Europe were on average about one-third the CIA
estimates.
The CIA greatly overestimated the size of these countries' civilian economies
because the agency overrelied on the translations of official documents and
periodicals rather than have agents or embassy personnel walk about and see
what goods were available at what price. This is "market research."
Those of us who had spent time in the former communist countries before and
during the economic transition were well aware few goods in the old Soviet
Union actually were available in any quantity at official prices. For
example, the
Soviet press might state the official price of a refrigerator was 100 rubles,
but in fact there were no refrigerators available at that price. With luck, a
Soviet citizen might actually have been able to find a refrigerator on the
black market for 400 rubles.
That there were far fewer goods at much higher prices was well known to many
in the Western press and business community, but the CIA ignored much of this
evidence -- I suspect partly because it would have diminished the perceived
threat.
Intelligence agencies should do much more "contracting out." There are
economic and market research firms operating in virtually every country with
considerable local expertise. For the right price, they could provide the
CIA much
better information, at a far less cost, than it would likely obtain on its own.
Using principles of market economics should not be limited to gathering
economic intelligence, but greatly expanded to gathering information on weapons
systems and terrorists.
At some price, there is almost always someone who will reveal secrets any
government might like to know -- and usually this price is far lower than other
ways of seeking the information.
For instance, after three years and expenditure of many tens of billions of
dollars, we (i.e., the CIA and others) still have not found Osama bin Laden.
A couple of years ago, the U.S. government offered a bounty of $25 million
for his head. Many in Washington believe this shows bounties don't work. In
fact, it shows the price was too low. Suppose we increased the bounty $5
million a
month until he was brought in dead or alive. What do you think would happen?
The reason $25 million has not worked is that getting bin Laden is both
dangerous and expensive, and you would probably need a team to do it. So by the
time you add up your expenses and divide the net amount after taxes among your
team, the risk-reward ratio is not sufficiently attractive.
At some price, getting bin Laden becomes attractive to many reasonably
competent people, and some brave and enterprising soul would get him.
At the moment, $25 million plus $5 million a month since September 11, 2001,
adds up to a bounty of about $200 million. That may sound like a lot of money,
but it only works out less than a dollar for each American, and we have
already spent many times that sum trying to find him.
I expect $200 million is a large enough pot to even induce thousands of
American trial lawyers to start combing the hills of Afghanistan, like gold
prospectors in California in 1849 -- and nothing could be more beneficial
to the U.S.
economy.
Richard W. Rahn is a senior fellow of the Discovery Institute and an adjunct
scholar of the Cato Institute.
Copyright ) 2004 News World Communications, Inc. All rights reserved.
--- end forwarded text
--
-----------------
R. A. Hettinga <mailto: rah(a)ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
1
0
06 Jul '18
Eugen Leitl kirjoitti:
> On Thu, Jan 15, 2009 at 02:10:13PM +0900, Mike Mazur wrote:
> As an aside from the peanut gallery, it would be nice to have asset
> storage in a distributed cryptographic filestore like Tahoe
> http://allmydata.org/~warner/pycon-tahoe.html
>
that has been my understanding as well. basically after worked a bit
with the guys who pushed it in the Fenfire project (in 2002).
i've understood that basically by using URIs as references to assets we
get that: URLs for current http stuff and location independent URNs with
distributed things like p2p networks. seems that Tahoe also uses "short
URI-like strings" - dunno why 'URI-like' and not just URIs but anyway :)
.. also as SL and OpenSim already uses UUIDs i guess some things are
basically kind of ready for this.
http://www.ht03.org/papers/pdfs/24.pdf is about the work in that area i
was interested back long ago, dunno about the current implementations
whether Tapestry, that Tahoe or something I haven't heard of is the
thing, but i guess the basic idea is the same. in that Fenfire Storm the
idea was to use content based hashes as IDs of files (like images),
similar to Freenode -- the goal not being anonymous publishing in a
secure p2p net, but instead having a nice storage system for both local
own files and publishing them on the net. goals included the secure
storage via redundancy, that seems to be emphasized in Tahoe and is
indeed a great motivation for these things.
looking forward to learning more, perhaps by testing Tahoe
~Toni
_______________________________________________
Opensim-dev mailing list
Opensim-dev(a)lists.berlios.de
https://lists.berlios.de/mailman/listinfo/opensim-dev
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
06 Jul '18
[dropped tahoe-dev from Cc:]
On Thursday,2009-08-06, at 17:08 , james hughes wrote:
>Until you reach the threshold, you do not have the information to
>attack. It becomes information theoretic secure.
This is true for information-theoretically secure secret sharing, but
not true for Cleversafe's technique of composing an All-Or-Nothing-
Transform with Reed-Solomon erasure coding.
>CleverSafe can not provide any security guarantees unless these
>questions can be answered. Without answers, CleverSafe is neither
>Clever nor Safe.
Hey, let's be nice. Cleversafe has implemented a storage system
which integrates encryption in the attempt to make it safer. They
GPL at least some of their work [*], and they publish their ideas and
engage in discussion about them. These are all good things. My
remaining disagreements with them are like this:
1. (The important one.) I don't think the access control policy of
"whoever can access at least K of the N volumes of data" is the
access control policy that I want. For one thing, it immediately
leads to the questions that James Hughes was asking, about who is
authorized to access what servers. For another thing, I would really
like my access control policy to be fine-grained, flexible, and
dynamic. So for example, I'd like to be able to give you access two
three of my files but not all my other files, and I'd like you to
then be able to give your friend access to two of those files but not
the third. See Brian Warner's and Jason Resch's discussion of these
issues: [1, 2].
2. Cleversafe seems to think that their scheme gives better-than-
computational security, i.e. that it guarantees security even if
AES-256 is crackable. This is wrong, but it is an easy mistake to
make! Both Ben Laurie and James Hughes have jumped to the conclusion
(in this thread) that the Cleversafe K-out-of-N encoding has the same
information-theoretic security that secret-sharing K-out-of-N
encoding has.
3. Cleversafe should really tone down the Fear Uncertainty and Doubt
about today's encryption being mincemeat for tomorrow's
cryptanalysts. It might turn out to be true, but if so it will be
due to cryptanalytic innovations more than due to Moore's Law. And
it might not turn out like that -- perhaps AES-256 will remain safe
for centuries. Also, Cleversafe's product is not more secure than
any other product against this threat.
It is hard to explain to non-cryptographers how much they can rely on
the security of cryptographic schemes. It's very complicated, and
most schemes deployed have failed due to flaws in the surrounding
system, engineering errors or key management (i.e. access control)
problems. Nobody knows what cryptanalytic techniques will be
invented in the future. My opinion is that relying on well-
engineered strong encryption to protect your data is at least as safe
alternatives such as keeping the data on your home computer or on
your corporate server. The Cleversafe FUD doesn't help people
understand the issues better.
Regards,
Zooko
[1] http://allmydata.org/pipermail/tahoe-dev/2009-July/002482.html
[2] http://allmydata.org/pipermail/tahoe-dev/2009-August/002514.html
[*] Somebody stated on a mailing list somewhere that Cleversafe has
applied for patents. Therefore, if you want to use their work under
the terms of the GPL, you should also be aware that if their patents
are granted then some of what you do may be subject to the patents.
Of course, this is always true of any software (the techniques might
be patented), but I thought it was worth mentioning since in this
case the company authoring the software is also the company applying
for patents.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo(a)metzdowd.com
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
06 Jul '18
The Washington Times
www.washingtontimes.com
How to find Osama
By Richard W. Rahn
Published August 15, 2004
Having just finished reading the report of the September 11 commission, I was
shocked; shocked to learn major U.S. government bureaucracies are
incompetent. Washington being Washington, most of the solutions proposed
revolved around
reorganizing and creating more bureaucracies.
It seems not to have occurred to anyone there are market solutions for many
information problems the intelligence community faces. Two examples follow. The
first is the general problem of economic intelligence, and the second is
using the market to find a particular someone -- Osama bin Laden.
A couple of decades ago, I became aware the CIA was systematically
overstating the size of the Soviet and Eastern European economies, An
article I wrote
about it was published in 1984. My critique, and those of others then, had no
impact. At the end of the Cold War, we indeed found real per capita incomes in
the Soviet Union and Eastern Europe were on average about one-third the CIA
estimates.
The CIA greatly overestimated the size of these countries' civilian economies
because the agency overrelied on the translations of official documents and
periodicals rather than have agents or embassy personnel walk about and see
what goods were available at what price. This is "market research."
Those of us who had spent time in the former communist countries before and
during the economic transition were well aware few goods in the old Soviet
Union actually were available in any quantity at official prices. For
example, the
Soviet press might state the official price of a refrigerator was 100 rubles,
but in fact there were no refrigerators available at that price. With luck, a
Soviet citizen might actually have been able to find a refrigerator on the
black market for 400 rubles.
That there were far fewer goods at much higher prices was well known to many
in the Western press and business community, but the CIA ignored much of this
evidence -- I suspect partly because it would have diminished the perceived
threat.
Intelligence agencies should do much more "contracting out." There are
economic and market research firms operating in virtually every country with
considerable local expertise. For the right price, they could provide the
CIA much
better information, at a far less cost, than it would likely obtain on its own.
Using principles of market economics should not be limited to gathering
economic intelligence, but greatly expanded to gathering information on weapons
systems and terrorists.
At some price, there is almost always someone who will reveal secrets any
government might like to know -- and usually this price is far lower than other
ways of seeking the information.
For instance, after three years and expenditure of many tens of billions of
dollars, we (i.e., the CIA and others) still have not found Osama bin Laden.
A couple of years ago, the U.S. government offered a bounty of $25 million
for his head. Many in Washington believe this shows bounties don't work. In
fact, it shows the price was too low. Suppose we increased the bounty $5
million a
month until he was brought in dead or alive. What do you think would happen?
The reason $25 million has not worked is that getting bin Laden is both
dangerous and expensive, and you would probably need a team to do it. So by the
time you add up your expenses and divide the net amount after taxes among your
team, the risk-reward ratio is not sufficiently attractive.
At some price, getting bin Laden becomes attractive to many reasonably
competent people, and some brave and enterprising soul would get him.
At the moment, $25 million plus $5 million a month since September 11, 2001,
adds up to a bounty of about $200 million. That may sound like a lot of money,
but it only works out less than a dollar for each American, and we have
already spent many times that sum trying to find him.
I expect $200 million is a large enough pot to even induce thousands of
American trial lawyers to start combing the hills of Afghanistan, like gold
prospectors in California in 1849 -- and nothing could be more beneficial
to the U.S.
economy.
Richard W. Rahn is a senior fellow of the Discovery Institute and an adjunct
scholar of the Cato Institute.
Copyright ) 2004 News World Communications, Inc. All rights reserved.
--- end forwarded text
--
-----------------
R. A. Hettinga <mailto: rah(a)ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
1
0
=======================================================================
EDRi-gram
biweekly newsletter about digital civil rights in Europe
Number 10.14, 18 July 2012
=======================================================================
Contents
=======================================================================
1. Is CETA introducing ACTA through the back door?
2. Russian bill creates blacklist of websites
3. EP: Surprises in the online distribution of audiovisual works' report
4. French Supreme Court: important rulings for intermediary liability
5. German Federal Supreme Court rules in the RapidShare case
6. EC suggests changes of the music rights management system
7. Ireland: E-voting machines go to scrap after proving unreliable
8. Banking blockade on Wikileaks broken by the Icelandic court
9. EP and EDPS hit back against lawless b child protectionb measures
10. Recommended Action
11. Recommended Reading
12. Agenda
13. About
=======================================================================
1. Is CETA introducing ACTA through the back door?
=======================================================================
The European Parliament rejected ACTA with a large majority on 4 July
2012, but just one week later the EU is accused of pushing back the
rejected agreement through the back door, that is, through CETA, the
EUbCanada trade agreement that includes measures similar to ACTA.
The negotiations between EU and Canada on the bilateral trade agreement
CETA started in November 2009 and will probably be ended by the end of
this year. Just like ACTA, the trade deal has been drafted in secret but
leaked documents, dated February 2012, have shown parts of ACTA being
introduced in this new agreement. CETA will also require the approval of
the European Parliament to enter into force.
b CETA must be cancelled altogether (or its repressive ACTA parts must be
scrapped), or face the same fate as ACTA in the Parliamentb, stated La
Quadrature du Net.
MEP Nigel Farage drew the attention over the similarities between ACTA
and CETA: "If the commission has a glimmer of respect for the voice of
the people it would change CETA as soon as possible and stop trying to
bring ACTA into legislative life by stealth. ACTA is like a Frankenstein
which has been bolted together and keeps on moving. It is dangerous and
must be brought to an end immediately," said Farage.
Internet activists have already warned over the possibility that ACTA
may appear in several draft agreements in order to get through somehow.
b To put back the same provisions in a much larger trade agreement will
make it more difficult to reject. If CETA is successful, then one would
think that the European commission would come back and say 'well, you
just passed that, so you cannot object to ACTA'," said Michael Geist,
law professor at the University of Ottawa, who uncovered the leaked
documents showing that the proposals from ACTA had been included in CETA.
The chapter on intellectual property rights is almost identical to ACTA
in several instances, including rules on enforcement of intellectual
property rights, damages, injunctions, border enforcement, preserving
evidence and criminal sanctions, while Article 23 defines all commercial
scale copyright infringement as criminal.
The Trade Commissioner's spokesman, John Clancy tried to explain on
Twitter that the leaked documents were actually a previous version of
the agreement drafted before ACTA was rejected by MEPs, and that the
agreement draft has since been changed and "no single provision departs
from EU law."
Joe McNamee from EDRi warned the Commission against using CETA to get
parts of ACTA back into place, considering that such attempts would be
"hamfisted, politically incompetent and anti-democratic."
ACTA Lives: How the EU & Canada Are Using CETA as Backdoor Mechanism To
Revive ACTA (9.07.2012)
http://www.michaelgeist.ca/content/view/6580/135/
ACTA is back, completed with investment protections (10.07.2012)
http://acta.ffii.org/?p=1622
EC Says ACTA ISP Provisions Dropped from CETA, Yet Most of ACTA Likely
Remains Intact (11.07.2012)
http://www.michaelgeist.ca/content/view/6584/125/
EU accused of trying to introduce ACTA 'through the back door' (11.07.2012)
http://www.theparliament.com/latest-news/article/newsarticle/eu-accused-of-…
Commission set for fresh collision course over ACTA copy-cat clauses
(12.07.2012)
http://euobserver.com/19/116944
EDRi-member Digitale Gesellschaft - Flyer on CETA (only in German,
17.07.2012)
http://digitalegesellschaft.de/2012/07/nach-acta-kommt-ceta/
=======================================================================
2. Russian bill creates blacklist of websites
=======================================================================
At the beginning of July 2012, Duma, the lower house of the Russian
Parliament, approved in third reading a draft law titled b On the
Protection of Children From Information Harmful to Their Health and
Developmentb, allowing the Russian authorities to create a blacklist
with websites deemed to contain b pornography or extremist ideas, or
promoting suicide or use of drugs.b
The draft law that is meant to amend the present Law of Information
raises concerns of filtering and censorship. The owner of a website
included directly on the blacklist, without any referring to a court,
has to be notified by the hosting provider in 24h and has to delete the
data considered offending. Failing to comply, the site must be shut down
or deleted by the hosting provider who, in case of non-compliance, may,
himself, face cutting off entirely. Those included on the list may
appeal to the court in a three-month period.
b We suspect that the implementation of this blacklist will open the way
to abusive filtering and blocking of online content, with the aim of
censoring the Russian opposition and government critics,b stated
Reporters Without Borders.
The bill originates from the b League for a Safe Internetb, an
initiative meant to limit the registry to URLs (excluding DNS filtering
and IP blocking), and give a non-governmental organization the authority
to manage the list, in order to avoid b excessive state controlb as was
explained by the League's director, Denis Davydov. The Duma decided
however to expand the registry's reach and the newly created federal
body Roskomnadzor (the Federal Supervision Agency for Information
Technologies and Communications) will probably be in charge of the matter.
The new draft law, compared with Chinabs b Great Firewallb, raises
concerns also due to the vagueness of its text especially regarding the
Roskomnadzor that would select the targeted sites. The draft also fails
to give a precise definition of b harmfulb content and does not clearly
articulate precise reasons for a site to be added to the blacklist,
which may obviously lead to over-blocking and abuses.
The bill specifies what kind of content can lead to introducing a
website on the blacklist without court decision: b b&child pornography,
as well as information containing propaganda about the use of narcotics,
psychotropic drugs, and their precursors, and information compelling
children to commit acts that threaten their lives and/or health,
including self-harm and suicideb&b Journalist Andrei Babitskii argues
that b information compelling children to commit acts that threaten their
livesb is an intentionally vague expression that may lead to the
inclusion on the list of websites related to any dangerous recreational
activities, such as extreme sports.
The bill also specifies, in a very vague and imprecise manner, what
content needs a court oversight: b Other information not legally
disseminated in the Russian Federation on the basis of a court decision
recognizing the illegality of the disseminated information.b
The Presidential Council on Human Rights made a statement on 3 July
giving five precise reasons to reject the bill: the fact that the
inclusion of whole domains on the registry (and not only URLs to the
deemed illegal materials) may include law-abiding websites, that the
bill imposes what is effectively b collective punishmentb against
web-operators and providers, that the filtering will slow down the
entire RuNet and damage e-commerce and online innovation; that the
expanded monitoring will affect individual privacy and that very high
costs will be triggered for the acquisition of the blocking and
filtration equipment necessary to enforce the law's requirements.
In response to the Presidential Council on Human Rights concerns,
Davydov offered a hypocritical explanation: b b&if every parent is
independently entitled to set limits on Internet access for their own
children to protect them from harmful content, then the government, out
of concern for its citizens, is entitled and indeed must restrict
(access to) illegal contentb&b
A coalition of independent Russian journalists has launched an online
petition for the withdrawal of this bill. Also, in protest against the
draft law, Wikipediabs Russian-language site (ru.wikipedia.org)
suspended its operations on 10 July. A bar appeared across Wikipedia
logo on the home page and the words: b Imagine a world without free
knowledge.b
The bill is now to pass through the upper house and ratified by
President Vladimir Putin before coming into effect.
If anything, current discussions being led by the European Commission
are even less transparent. In the absence of a legal basis - in the
absence of the European Commission even having an agreed policy on the
subject - a "self-regulation" dialogue to "make the Internet a safer
Internet for kids" is being run by the Commission including proposals
for upload filters, download filters and little or no attempt to explain
how these restrictions are considered to be in line with the European
Charter and European Convention on Human Rights. Given this approach
from the EU, it is unsurprising that Russia has chosen child protection
as a tool for the introduction of Internet repression.
Freedom of information threatened by website blacklisting and
recriminalization of defamation (13.07.2012)
http://en.rsf.org/russia-freedom-of-information-threatened-13-07-2012,43019…
Russia: A Great Firewall to Censor the RuNet? (10.07.2012)
http://globalvoicesonline.org/2012/07/10/russia-a-great-firewall-to-censor-…
EDRi-gram: The rise of the European upload filter (20.06.2012)
http://www.edri.org/edrigram/number10.12/the-rise-of-the-european-upload-fi…
=======================================================================
3. EP: Surprises in the online distribution of audiovisual works' report
=======================================================================
On 10 July 2012, the Culture and Education (CULT) Committee in the
European Parliament (EP) voted on the own initiative report of
Jean-Marie Cavada (EPP, France) on the online distribution of
audiovisual content. The own initiative report follows the Green Paper
from the European Commission dated 13 July 2011 and the public
consultation that closed in November 2011 (for which the result is not
yet available).
Mr Cavadabs draft report contained a paragraph calling for consideration
of b how to block access to pay platforms offering unauthorised
services.b This provision was removed by Mr Cavada as a result of
widespread opposition. This removal is welcome as the Committee has
consistently rejected blocking a way of combating the dissemination of
platforms offering unauthorised services.
As good news never comes without bad news (or at least not as often as
we would wish for...), the report contained a very surprising paragraph
on the liability of network operators. The additional paragraph
(amendment 147) that was voted, was proposed by the Mr. Cavada. It
b calls on the Commission to consider ways (...) reverse the current
trend of removing responsibility from these operators regarding consumer
protection, implementation of intellectual property and ensuring
Internet privacyb. The adoption of this text is surprising for at least
three reasons.
Firstly, it is factually not true that there is a trend that diminishes
the responsibility of network operators. The rules concerning the
responsibility and liability of Internet Service Providers (ISPs) are
provided by the e-Commerce Directive in Articles 12 to 15 and have been
in place since 2001. The only discernible trend has been in the opposite
direction, as courts in some EU Member States have been making rulings
that have narrowly interpreted ISP liability provisions
Secondly, the risk is really high that this provision could be
understood as promoting privatised censorship in exactly the way that
was suggested by ACTA., As liability increases, it is logical that ISPs
will be willing to avoid legal problems by b voluntarilyb enforcing
copyright legislation outside the rule of law. This will lead to
privatised enforcement at the detriment of fundamental rights such as
freedom of expression, the right to privacy but also the freedom to
conduct business.
Finally, the role of the whole initiative was to encourage the
development of new legal offers and to improve the access to content for
users b it is a symptom of a broader problem that, even when the policy
is so positive, the reflex is to fall back on repressive measures as the
only solution.
During the discussions of this dossier in Parliament, the online
distribution of audiovisual worksb report has raised lots of attention
and the number of amendments proposed for an own-initiative report shows
that the subject creates a huge amount of controversy. The attention
brought on the report need to be looked at in the larger debate on
copyright.
The final version of the Report is not available yet.
Amendment 147 in the Report
http://www.europarl.europa.eu/RegData/commissions/cult/amendments/2012/4876…
Directive on electronic commerce 2000/31/EC
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32000L0031:EN:H…
(Contribution by Marie Humeau - EDRi)
=======================================================================
4. French Supreme Court: Important rulings for intermediary liability
=======================================================================
On 12 July 2012 the French Supreme Court (Cour de Cassation) issued four
important and somewhat contradictory rulings regarding the role of
online service providers in policing online copyright infringements.
In the first case, SNEP vs. Google France, the Court's decision could
lead the search engine to censor its autocomplete feature which
automatically suggests commonly-used terms associated with the queries
submitted by users. The French phonographic industry lobby (SNEP) had
sued Google for providing the suggestions b Torrentb, b Megaupload" and
b Rapidshareb when users typed the names of artists or music bands in the
Google search bar.
Both the Court of First Instance and the Appellate Court had rejected
SNEP's demands that Google stop suggesting the names of these online
services. They insisted that the latter were not illegal in
themselves, even though they could be used to infringe copyright. As a
consequence, they claimed that SNEP's rights were not affected by
Google's service, and that the company could not be held liable for such
b potentially infringing usesb, nor be forced to censor its automatic
suggestions.
But the Supreme Court overturned these rulings, rejecting the lower
courts' legal reasoning. The judges held that Google's autocomplete
feature actually b provided the means to infringe copyright and related
rightsb, and that the measures required by SNEP, while not being totally
effective, could in fact b prevent or terminate such infringementsb. The
case is now referred back to a lower court to be judged once again.
Interestingly, this ruling comes six months after Google decided to
voluntarily remove "Rapidshare", "uTorrent" and "MegaUpload" from its
Google Suggest service. However, according to the SNEP's executive
director, David El Sayegh, Google must do more in the fight against
file-sharing. b This ruling demonstrates that search engines must
participate in the regulation of the Internetb, said El Sayegh. As a
result of this decision, Google will be under increased pressure to come
to a settlement with rights-holders organisations.
In three other separate but similar rulings, the Supreme Court upheld
the rights of Internet users and service providers against the
right-holders' claims. The Court's decisions in these cases mark the end
of b notice and staydownb injunctions in France, which were becoming
increasingly popular in Court rooms. In all three cases, the appeal
court had ruled that Google did not adopt adequate measures to prevent
the re-indexation of videos or images that rights-holders had previously
notified as infringing and which Google had then promptly removed. Such
rulings would have eventually forced Google to monitor its users'
activities and filter-out uploaded content, so as to prevent any of its
users from publishing content that has already been notified and
taken-down (hence the term b notice and staydownb, as opposed to the
traditional b notice and takedownb regime).
Through its decision, the Supreme Court rejected the notion that online
service providers are under the obligation to prevent any future
infringements. According to the Court, the three appellate rulings
violated EU and French law by imposing b a general obligation to monitorb
the content that Google stores, as well as to actively b seek illicit
uploadsb. These decisions would have led Google to implement a b blocking
mechanism with no limitation in timeb, which would be b disproportionate
to the pursued aimb, the Court said. Whereas the EU Court of Justice
recently rejected blocking measures based on five cumulative criteria in
the Netlog vs. SABAM case, the French Court deems that the b no
limitation is timeb criterion is enough to qualify blocking measures as
disproportionate.
These rulings against b notice-and-staydownb will bring clarity to the
ongoing debate on the future of the EU e-commerce directive and the
dangers of blocking measures. However, when considered together with the
decision on Google's autocomplete feature, this mounting case law will
unfortunately encourage rights-holders to keep on pushing for closer
b cooperationb of online service providers in copyright enforcement,
thereby leading to privatised censorship schemes.
French Supreme Court decision - SNEP vs. Google France
(only in French, 12.07.2012)
http://www.courdecassation.fr/jurisprudence_2/premiere_chambre_civile_568/8…
French Supreme Court decisions - Bac Films vs. Google France and Inc (1
& 2) (only in French, 12.07.2012)
http://www.dalloz-actualite.fr/document/civ-1re-12-juill-2012-fs-pbi-n-11-1…
http://www.courdecassation.fr/jurisprudence_2/premiere_chambre_civile_568/8…
French Supreme Court - AndrC) Rau vs. Google & AuFeminin.com (only in
French, 12.07.2012)
http://www.dalloz-actualite.fr/document/civ-1re-12-juill-2012-fs-pbi-n-11-1…
France: Google may have to censor for piracy after all (16.07.2012)
http://gigaom.com/europe/france-google-may-have-to-censor-for-piracy-after-…
Music: Google's suggestions (once again) in front of the judges (only
in French, 13.07.2012)
http://www.ecrans.fr/Google-et-l-industrie-musicale-de,15038.html
The Supreme Court opposes content blocking by hosting companies
(in French only, 18.07.2012)
http://www.dalloz-actualite.fr/essentiel/cour-de-cassation-fait-obstruction…
(contribution by FC)lix TrC)guer - EDRi-observer La Quadrature du Net)
=======================================================================
5. German Federal Supreme Court rules in the RapidShare case
=======================================================================
A file-hosting site could be partially liable for the content uploaded
by others in Germany. In a case brought to court by video games company
Atari which accused file-sharing site RapidShare of unlawfully providing
access to one of its games, the German Federal Supreme Court decided on
12 July 2012 in favour of the plaintiff.
Despite the fact that, when notified, RapidShare deleted the files in
question, Atari was not satisfied and required the inclusion of a filter
and other measures to prevent illegal uploading of copyrighted material.
The first ruling of the District Court was also in favour of the
plaintiff but the Higher Regional Court of DC<sseldorf dismissed the
action at the appeal, considering that RapidShare had already taken
enough measures against copyright infringement and accepting the
argument that it was impossible to check all files loaded on the site.
But Atari went further on and appealed to the German Federal Supreme
Court (Bundesgerichtshof - BGH), which has now ruled that file-hosting
services can be held liable for secondary copyright infringements under
certain conditions. BGH said that file-hosters did not generally have to
monitor uploads from their users, but that they might have to take
measures once they have been notified of a specific infringement issue.
In this case, RapidShare had to take all b technically and economically
reasonable precautionsb to prevent the uploading of Ataribs game.
RapidShare will also have to browse its entire file collection to detect
and delete pirated content, and to monitor a b manageable numberb of
third-party sites that offer link collections of content available on
RapidShare to check out whether they are not indexing a copy of Atari
game and if so, to delete it from its servers. Failing to carry out
these provisions, the service provider would be liable for damages.
The BGH however included a clause that anti-piracy measures had to be
within reasonable limits. The case is now back to the Higher Regional
Court in DC<sseldorf which has to decide what constitutes "reasonable
limits".
RapidShare stated it had already b developed a crawling technology that
is constantly watching Internet forums, message boards and warez blogs
for information about copyright infringement taking place on our system.b
RapidShare attorney Daniel Raimer said for TorrentFreak: b Webre doing
more than any provider in the industry to police our site and
third-party sites to ensure that legitimate intellectual property rights
are protected and that wrongdoers are denied access to our services.
Yesterdaybs decision was a temporary setback. We remain confident that
the Higher Regional Court DC<sseldorf will ultimately rule in our favour
as it has in the past.b
Press release of the court (only in German, 12.07.2012)
http://juris.bundesgerichtshof.de/cgi-bin/rechtsprechung/document.py?Gerich…
Supreme Court: RapidShare Liable For Copyright Infringement b Sometimes
(14.07.2012)
http://torrentfreak.com/supreme-court-rapidshare-liable-for-copyright-infri…
File-hosting firms 'responsible for pirated content', German court rules
(16.07.2012)
http://www.zdnet.com/file-hosting-firms-responsible-for-pirated-content-ger…
German Federal Supreme Court on file hoster responsibility for third
party content b b Rapidshareb (13.07.2012)
http://germanitlaw.com/?p=683
EDRi-gram: RapidShare wins another alleged copyright infringement case
(12.01.2011)
http://www.edri.org/edrigram/number9.1/rapidshare-infringement-germany-case
=======================================================================
6. EC suggests changes of the music rights management system
=======================================================================
The European Commission (EC) published a draft EU Directive on 11 July
2012 showing the intention to introduce a system of collective rights
management to be used for the distribution of music online in the
single market.
In the ECbs opinion, the collecting societies can issue a licence for
the Internet use of a songwriter or composer's work, but some only do so
for one country. Further more the collective societies have not adapted
to the present shift to the digital age while b music pirates seize the
opportunities that the online world offersb.
b I propose establishing an effective online single market for music by
establishing new, common rules for two interlinked areas b management
and online licensing across borders (.....) Firstly, I want to establish
rules of efficiency and transparency in collecting societies, so that
artists and producers will have more say, and an improved stream of
revenue,b said Single market commissioner Michael Barnier.
Another proposal in the draft Directive is to make online licensing
across borders easier for collecting societies that manage the rights of
songwriters and composers. Collecting societies have also to ensure they
are "diligent in the collection and the management of rights revenue"
and that they carry out "distribution and payments accurately, ensuring
equal treatment of all categories of rights holders."
The draft Directive says that societies have to publish yearly accounts,
pass on royalties to the copyright owners in 12 month time at the most.
They also have to give artists a role in management decisions and the
right to choose which agency represents them in a certain country.
The directive is now to be discussed by government ministers and the
European Parliament's Legal Affairs committee.
Moving the single market for online music (11.07.2012)
http://euobserver.com/7/116931
EU targets b,6-bn-a-year artists' royalties business
(11.07.2012)
http://euobserver.com/19/116940
Radiohead join attack on new EU copyright rules (12.07.2012)
http://euobserver.com/871/116961
EU aims to bring music collecting societies into line (12.07.2012)
http://www.iptegrity.com/index.php/copyright-business/782-eu-aims-to-bring-…
EU proposes greater transparency and stricter governance for collecting
societies (11.07.2012)
http://www.out-law.com/en/articles/2012/july/eu-proposes-greater-transparen…
=======================================================================
7. Ireland: E-voting machines go to scrap after proving unreliable
=======================================================================
The e-voting machines that were bought by the Irish Government in 2002
and which were supposed to be used for all elections are now being sold
for almost nothing as scrap.
The e-voting system was given up two years after the machines have
failed to prove safe from tampering and had no possibility to have a
paper print for a double check of the results. In 2006, the Commission
on Electronic Voting, on a second report on the e-voting system,
recommended the use of the system provided additional work was done to
improve the system.
The recommendations included the addition of a voter verified audit
trail, the replacement of the election management software with a
version that is developed to mission critical standards, the
modification of the embedded software & the machine and the
rectification of the identified security vulnerabilities. As these
conditions have never been met, the Irish Government is now in the
position of ending up an embarrassing story that has brought a large
cost to the Irish citizens.
The machines that had cost 51 million Euro in 2002 are now sold for
70000 Euro the entire lot. The storage for several years also costed
some additional 3.2 million Euro for their storage. "I am glad to bring
this sorry episode to a conclusion on behalf of the taxpayer. From the
outset, this project was ill-conceived and poorly planned by my
predecessors and as a result it has cost the taxpayer some b,55m,b said
Environment Minister Phil Hogan.
b,54m voting machines scrapped for b,9 each (29.06.2012)
http://www.independent.ie/national-news/54m-voting-machines-scrapped-for-9-…
Electronic voting in Ireland
http://evoting.cs.may.ie/
EDRi-gram: Critical report on Irish e-voting system released (12.07.2006)
http://edri.org/edrigram/number4.14/evotingireland
=======================================================================
8. Banking blockade on Wikileaks broken by the Icelandic court
=======================================================================
An Icelandic court has made a step towards unblocking funds towards
WikiLeaks by recently ruling that Valitor, the local agent for Visa,
broke the contract when it stopped accepting donations for the website a
year ago.
The ban was the result of a blocking campaign started in December 2010
against WikiLeaks through Visa, Mastercard, Western Union, Bank of
America and PayPal following the US State Department cable leaks in
2010, revealing U.S. war crimes and statecraft. According to the
company, the blocking has led to a 95% decrease in its revenue.
b If this financial attack stands unchallenged, a dangerous, oppressive
and undemocratic precedent will have been set, the implications of which
go far beyond WikiLeaks and its work. Any organization that falls foul
of powerful finance companies or their political allies can expect
similar extrajudicial action. Greenpeace, Amnesty International, and
other international NGOs that work to expose the wrongdoing of powerful
players risk the same fate as WikiLeaks,b is WikiLeaksb statement.
The blockade against WikiLeaks has also been criticized by the UN High
Commissioner for Human Rights as well as by the UN Special Rapporteur on
the Promotion and Protection of the Right to Freedom of Opinion and
Expression and the Inter-American Commission on Human Rights Special
Rapporteur for Freedom of Expression.
WikiLeaks has initiated legal actions against the financial entities,
using all its remaining financial resources to fight them in court.
Also, in July 2011, a preliminary investigation of the blockade was
started by the European Commission.
"Economic censorship is censorship. It is wrong. When it's done outside
of the rule of law it's doubly wrong. One by one those involved in the
attempted censorship of WikiLeaks will find themselves on the wrong side
of history," stated WikiLeaks founder Julian Assange.
According to the decision, Valitor has 14 days to restart processing the
payments to WikiLeaks. Failing to do so will bring forth about 5 000
Euro/day in fines. Valitor will probably appeal the decision.
WikiLeaks has placed an anti-trust complaint at the European Commission
and a Commission decision on whether to pursue the financial services
companies involved in the blockade is expected before this Autumn.
WikiWin: Icelandic court orders Visa to process WikiLeaks $$$ -
Financial ban lifted in Assange victory (13.07.2012)
http://www.theregister.co.uk/2012/07/13/wikileaks_visa_victory/
Wikeleaks Press Release: Victory in the first court case in the fight
against the imfamous Wikileaks banking blockade. (12.07.2012)
http://www.twitlonger.com/show/I9T68S
Wikileaks page on Banking Blockade
http://wikileaks.org/Banking-Blockade
EDRi-gram: Rule of law in the hands of private companies.Wikileaks is
just the start (15.12.2010)
http://www.edri.org/edrigram/number8.24/wikileaks-rule-of-law-private-compa…
=======================================================================
9. ENDitorial: EP and EDPS hit back against lawless b child protectionb
measures
=======================================================================
In the EDRi-gram 10.12, we reported on projects of the European
Commission to coerce industry into the introduction of b voluntaryb
upload filters. Following the Scarlet/Sabam case in the European Court
of Justice, such filtering would constitute a restriction on fundamental
rights and, if proportionate, would need a legal basis in order to be in
compliance with the European Charter of Fundamental Rights and the
European Convention on Human Rights.
Now, thankfully, the European Commission's apparent willingness to
simply ignore legal safeguards appears to be running up against
increasing opposition. The Civil Liberties Committee of the European
Parliament last week adopted its Opinion on b Protecting Children in the
Digital World.b Within the context of that Opinion, a compromise text
was adopted with the support of all political groups. Referring to
actions by industry, parliamentarians stressed that b any such measures
should fully respect the rule of law and legal certainty, take into
account the rights of end users and comply with existing legal and
judicial procedures and the European Convention for the Protection of
Human Rights and Fundamental Freedoms and the Charter of Fundamental
Rights of the European Union.b
The European Data Protection Supervisor has also this week issued an
opinion on the same initiative. Taking a similar line to the Civil
Liberties Committee, the EDPS stresses the need to adequately implement
the general and the telecommunications-specific data protection
Directives as well as the Charter of Fundamental Rights of the European
Union. Interestingly, the EDPS pointedly does not only refer to measures
implemented by the European Commission but also that stresses that b all
measures to be deployed further to the Communication should be
consistent with this framework.b This statement is clearly meant to
cover b voluntaryb measures which the Commission manages to persuade
industry to implement.
The position of the European Commission on measures adopted as a result
of projects that it either runs or finances is far from clear.
Frequently, it facilitates and directs discussions that lead to
quasi-regulatory or policing measures being introduced by industry,
without taking any political or legal ownership of them. It seems
legally, morally and practically questionable for the European
Commission to push industry to b voluntarilyb implement legally dubious
policies, particularly when these do not reflect official Commission policy.
On 3 May 2010, the current College of Commissioners was the first one to
adopt individual and personal oaths to uphold the European Charter of
Fundamental Rights.
Commission Communication on a b Better Internet for Childrenb (2.05.2012)
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2012:0196:FIN:EN:…
EP Civil Liberties Committee Opinion
Not yet online
EDPS Opinion on the Communication from the Commission - "European
Strategy for a Better Internet for Children" (17.07.2012)
http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consu…
Digital Agenda: Coalition of top tech & media companies to make internet
better place for our kids (1.12.2011)
http://europa.eu/rapid/pressReleasesAction.do?reference=IP/11/1485&format=H…
EDRi-gram: The rise of the European upload filter (20.06.2012)
http://edri.org/edrigram/number10.12/the-rise-of-the-european-upload-filter
(Contribution by Joe McNamee - EDRi)
=======================================================================
10. Recommended Action
=======================================================================
Pledge for supporting EDRi (only in German)
Deadline: 30 September 2012
http://www.pledgebank.com/support-edri
=======================================================================
11. Recommended Reading
=======================================================================
Article 29 Working Party opinion on cloud computing (1.07.2012)
http://ec.europa.eu/justice/data-protection/article-29/documentation/opinio…
Bee stings killed as many in UK as terrorists, says watchdog (28.06.2012)
http://www.telegraph.co.uk/news/uknews/terrorism-in-the-uk/9359763/Bee-stin…
=======================================================================
12. Agenda
=======================================================================
25-26 August 2012, Bonn, Germany
Free and Open Source software conference (FrOSCon)
http://www.froscon.de/en/program/call-for-papers/
6-7 September 2012, Cluj-Napoca, Romania
CONSENT policy conference:
Perceptions, Privacy and Permissions: the role of consent in on-line
services
http://conference.ubbcluj.ro/consent/
8-9 September 2012, Vienna, Austria
Daten, Netz & Politik 2012
Call for Contributions Deadline: 22 July 2012
https://dnp12.unwatched.org/
12-14 September 2012, Louvain-la-Neuve, Belgium
Building Institutions for Sustainable Scientific, Cultural and Genetic
Resources Commons.
http://biogov.uclouvain.be/iasc/index.php
14-17 September 2012, Brussels, Belgium
Freedom not Fear 2012
http://www.freedomnotfear.org/
http://www.freedom-not-fear.eu
7-10 October 2012, Amsterdam, Netherlands
2012 Amsterdam Privacy Conference
http://www.apc2012.org/
25-28 October 2012, Barcelona, Spain
Free Culture Forum 2012
http://fcforum.net/
6-9 November 2012, Baku, Azerbaijan
Seventh Annual IGF Meeting: "Internet Governance for Sustainable Human,
Economic and Social Development"
http://www.intgovforum.org/cms/
9-11 November 2012, Fulda, Germany
Digitalisierte Gesellschaft - Wege und Irrwege
FIfF Annual Conference in cooperation with Fuldaer Informatik Kollquium
http://www.fiff.de/2012
============================================================
13. About
============================================================
EDRi-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRi has 32 members based or with offices in 20 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge
and awareness through the EDRi-grams.
All contributions, suggestions for content, corrections or agenda-tips
are most welcome. Errors are corrected as soon as possible and are
visible on the EDRi website.
Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 3.0 License. See the full text at
http://creativecommons.org/licenses/by/3.0/
Newsletter editor: Bogdan Manolea <edrigram(a)edri.org>
Information about EDRI and its members:
http://www.edri.org/
European Digital Rights needs your help in upholding digital rights in
the EU. If you wish to help us promote digital rights, please consider
making a private donation.
http://www.edri.org/about/sponsoring
http://flattr.com/thing/417077/edri-on-Flattr
- EDRI-gram subscription information
subscribe by e-mail
To: edri-news-request(a)edri.org
Subject: subscribe
You will receive an automated e-mail asking to confirm your request.
Unsubscribe by e-mail
To: edri-news-request(a)edri.org
Subject: unsubscribe
- EDRI-gram in Macedonian
EDRI-gram is also available partly in Macedonian, with delay.
Translations are provided by Metamorphosis
http://www.metamorphosis.org.mk/mk/vesti/edri
- EDRI-gram in German
EDRI-gram is also available in German, with delay. Translations are
provided by Andreas Krisch from the EDRI-member VIBE!AT - Austrian
Association for Internet Users
http://www.unwatched.org/
- Newsletter archive
Back issues are available at:
http://www.edri.org/edrigram
- Help
Please ask <edrigram(a)edri.org> if you have any problems with subscribing
or unsubscribing.
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
============================================================
EDRi-gram
biweekly newsletter about digital civil rights in Europe
Number 10.1, 18 January 2012
============================================================
Contents
============================================================
EDRi supports protests against US blacklist legislation
1. What's Wrong with ACTA Week
2. The US pressure on Spain to censor the Internet has paid off
3. Belarus strongly censors the Internet
4. Commission confirms illegality of Data Retention Directive
5. Romanian Senate rejects the new data retention law
6. Finnish ISP started blocking The Pirate Bay
7. Dutch Internet providers forced to block The Pirate Bay
8. US continue pushing on EU Commission against Data Protection proposals
9. Researchers say smart meter technology is privacy intrusive
10.ENDitorial: Copyright vs Public Domain-copyright as a barrier to culture?
11. Recommended Action
12. Recommended Reading
13. Agenda
14. About
============================================================
EDRi supports protests against US blacklist legislation
============================================================
EDRi supports today's black-out campaign against SOPA and PIPA and endorses
the positions of the human rights international community in criticizing the
two draft normative acts from US.
Human rights community speaks out on PROTECT IP Act (16.01.2012)
https://www.accessnow.org/policy-activism/press-blog/human-rights-community…
Human rights community against SOPA (15.11.2011)
http://www.edri.org/files/sopa_civilsociety_15Nov_2011.pdf
More details on the blackout campaign
https://www.eff.org/deeplinks/2012/01/january-18-internet-wide-protests-aga…
https://blacklist.eff.org/
http://sopastrike.com/
============================================================
1. What's Wrong with ACTA Week
============================================================
Since many politicians and citizens are not yet aware of ACTA's serious
implications, EDRi has launched a "What's Wrong with ACTA Week". We have put
together five one-page briefing documents which briefly summarise the most
important issues:
ACTA and its Impact on Fundamental Rights (16.01.2012)
http://www.edri.org/files/EDRI_acta_series_1_20120116.pdf
ACTA - Criminal Sanctions (17.01.2012)
http://www.edri.org/files/EDRI_acta_series_2_20120117.pdf
ACTA - Innovation and Competition (18.01.2012)
http://www.edri.org/files/EDRI_acta_series_3_20120118.pdf
ACTA and its Impact on the EU's International Relations (will be released on
19.01.2012)
http://www.edri.org/ACTA_Week
ACTA and its Safeguards (will be released on 20.01.2012)
http://www.edri.org/ACTA_Week
============================================================
2. The US pressure on Spain to censor the Internet has paid off
============================================================
The US has continued to pressure Spain since 2008 to adopt measures against
users allegedly illegally downloading copyrighted music and movies from
file-sharing networks. And now this pressure has paid off; the Spanish
Congress approved at the end of 2011 the so-called Sinde law (Ley Sinde)
which allows the closing down of websites deemed to illegally download
copyrighted material.
Wikileaks cables revealed in 2010 that the US pressured Spain to pass
stronger copyright enforcement laws threatening to put Spain on their
Special 301 Report (a watch list of countries with "bad" intellectual
property policies), threat which they actually delivered.
"We propose to tell the new government that Spain will appear on the Watch
List if it does not do three things by October 2008. First, issue a
(Government of Spain) announcement stating that Internet piracy is illegal,
and that the copyright levy system does not compensate creators for
copyrighted material acquired through peer-to-peer file sharing. Second,
amend the 2006 "circular" that is widely interpreted in Spain as saying that
peer-to-peer file sharing is legal. Third, announce that the GoS (Government
of Spain) will adopt measures along the lines of the French and/or UK
proposals aimed at curbing Internet piracy by the summer of 2009," says the
text of the diplomatic cable announcing the pressure tactics revealed by
WikiLeaks.
The Sinde Law was promoted by Angeles Gonzalez-Sinde Reig, former head of
the Spanish Academy of Cinematographic Arts & Sciences, when becoming
Minister of Culture in 2009. Sinde Law was giving a government committee the
power to blacklist Internet sites allegedly trafficking copyrighted files.
The new legislation creates a government body, the Commission of the
Intellectual Property which will have the power to evaluate sites and force
Internet service providers to block, within ten days, the sites deemed to be
trading in pirated material.
The owners of the websites have three days to present arguments before the
commission to justify their activities and after the commission has decided
the removal of certain content, the ISPs have 24 hours to block the service
or to remove the content, and the website owners have no access to appeal.
If website owners don4t comply voluntarily, a court will intervene to close
down the website or to block the service, requiring to the ISPs to reveal
the identity of the website owners.
The US supported Sinde law, lobbying hard for her measure, even asking
support from Spanish opposition parties, with the purpose to have Spain's
position influence later on the European Union during Spain's EU presidency,
as appeared in Wikileaks revealed cables.
But, despite the government's expectations, the opposition to Sinde law was
fierce, being strongly criticized by Internet groups and lawyers, which has
led to the bill being stopped in the Parliament at the end of 2010.
The government left the law for the incoming administration to handle after
November 2011 and the new government approved very rapidly a modified
version of the law where, for instance, judges will have to issue the actual
blacklist order. It appears that this sudden decision was also pressured by
the US.
El Pais revealed on 12 December 2011 a letter of the US ambassador
addressed to the Spanish officials complaining the law had not yet entered
into force.
"The government has unfortunately failed to finish the job for political
reasons, to the detriment of the reputation and economy of Spain. I
encourage the Government of Spain to implement the Sinde Law immediately to
safeguard the reputation of Spain as an innovative country that does what it
says it will, and as a country that breeds confidence," said the letter. The
ambassador also reminded Spain of having already been once on the special
301 Report and warned of the risk of the country being further downgraded
and returned to the "Priority Watch List" of "the worst global violators of
intellectual property rights", which can lead to serious commercial
sanctions.
Spanish Internet users are already organizing a boycott, calling Internet
users not to purchase or consume any artistic or intellectual works of
authors, producers, agents, or managers who have explicitly expressed or
participated lobbying for Sinde law. Victor Domingo Prieto, President of La
Asociacisn de Internautas has stated that "when the Intellectual Property
Commission take its first steps (of blocking sites), reports of the
unconstitutionality of their decisions will occur immediately."
How the US pressured Spain to adopt unpopular Web blocking law (5.01.2012)
http://arstechnica.com/tech-policy/news/2012/01/how-the-us-convinced-spain-…
US slammed Zapatero for not passing "Sinde" anti-piracy law (4.01.2012)
http://www.elpais.com/articulo/english/US/slammed/Zapatero/for/not/passing/…
Spain's SOPA Law: How It Works And Why It Won't (9.01.2012)
http://spectrum.ieee.org/tech-talk/telecom/internet/spains-sopa-law-how-it-…
Anti-internet piracy law adopted by Spanish government (3.01.2012)
http://www.bbc.co.uk/news/technology-16391727
The Government of PP approves the regulation of Sinde Law and eliminates the
licence (only in Spanish, 30.12.2011)
http://www.elmundo.es/elmundo/2011/12/30/navegante/1325253506.html
Spain's Ley Sinde: New Revelations of U.S. Coercion (9.01.2012)
https://www.eff.org/deeplinks/2012/01/spains-ley-sinde-new-revelations
EDRi-gram: Spanish anti-piracy law approved by the Government (24.03.2011)
http://www.edri.org/edrigram/number8.6/spain-govt-adopts-antipiracy-law
============================================================
3. Belarus strongly censors the Internet
============================================================
6 January 2012 saw the coming into force of the Belarusian law imposing even
more restrictions on online free expression in a country that is already
viewed as a dictatorship.
Belarus is already listed as a country "under surveillance" in the Reporters
Without Borders annual report on "Enemies of the Internet" and is ranked
154th out of 178 countries in the 2010 press freedom index.
The law recently entered into force turns browsing foreign websites into an
offence to be punished by fines up to about 100 Euro and makes ISPs liable
for the actions of their users. Which means that, in carrying out its online
activities, any business in the country will be able to use only the fully
local Internet domains, excluding such sites, search engines or social
networks as Wikipedia, Facebook, Twitter. Even Google may be in the same
position as it hosts its website Google.by in US.
The initial decree, issued in February 2010 by President Alyaksandr
Lukashenko, already requires the compulsory registration of all Belarusian
websites that must then be hosted in the country. Also, anyone going online
in an Internet cafi or using a shared connection will have to identify
themselves, and a record will be kept of everyone's surfing history for a
year.
Not only ISPs are liable for their users' activities online but home
Internet subscribers are also considered liable for others who might share
their connections with them.
ISPs are expected to monitor foreign website use and report the findings to
authorities just as the simple citizens sharing an Internet connection with
others are expected to report any law infringement.
A list of banned sites is issued by the State Inspection on Electronic
Communications on the basis of decisions by several institutions such as the
Operational and Analytical Centre and the criteria for the inclusion of
sites on the list include content that is pornographic or advocates violence
or "extremism", which, as proven several times, is vague enough to lead to
abuse and overblocking.
Thus, the authorities may draw up a list of banned sites the access to which
must be blocked by ISPs at 24 hours' notice in official institutions and
cultural and educational institutions. Websites such as news Charter97,
Belaruspartisan, and the blog of the humorist Yauhen Lipkovich, which are
critical to the government or the President, are already on the blacklist.
After Lukashenko has taken all the measures to eliminate any opposition, the
Internet has practically remained the only environment to apply pressure on
the regime. A Facebook group "Wanted criminals in civilian clothes", blogs
and Posobniki.com all helped in exposing the regime's crimes and abuses.
This made the Internet a target for the government, hence the present
restrictive legislation.
Belarus Bans Browsing of All Foreign Websites (3.01.2012)
http://torrentfreak.com/belarus-bans-browsing-of-all-foreign-websites-12010…
Belarus authorities turn up the heat on the Internet (6.01.2012)
http://en.rsf.org/belarus-belarus-authorities-turn-up-the-06-01-2012,41634.…
Internet in Belarus, November 2011 (4.01.2012)
http://e-belarus.org/news/201201041.html
In Belarus, the freedom of the internet is at stake (6.01.2012)
http://www.indexoncensorship.org/2012/01/belarus-internet-freedom-mike-harr…
============================================================
4. Commission confirms illegality of Data Retention Directive
============================================================
The EDRi-member Quintessenz - Austria has published a leak of an
internal paper from the Commission intended to inform DAPIX, the
Council's working party on information exchange and data protection, of
the results of the Commission's consultation in April 2011 on the reform
of the Data Retention Directive (DRD). It raises a number of issues with
the Directive that the Commission wishes to tackle in order to cast it
in a better light. The Commission admits that "there is a continued
perception that there is little evidence at an EU and national level on
the value of data retention in terms of public security and criminal
justice, nor of what alternatives have been considered". It then asks
at the end of the document: "What are the most effective ways of
demonstrating value of data retention in general and of the DRD itself?"
The origin of the "perception" that there is little evidence existing as
to the value of the Directive is shown by the Commission's statement
that only 11 of 27 Member States have provided data that could be used
in order to highlight the added value of the Directive. Legal
uncertainties that have been overlooked during the drafting process of
the Directive are now posing a certain number of problems for the
Commission.
In the document, the Commission acknowledges for example the lack of a
"logical separation between data stored and then accessed for a)
business purposes, b) for purposes of combating 'serious crime' and c)
for purposes other than combating serious crime" and the lack of a
monitoring system showing "data (that) would not have been available to
law enforcement without mandatory retention". The question of
distinguishing between data retained for business purposes from data
retained under the Directive is asked but left unanswered.
The Commission also states that unclear definitions in the DRD have led
to service providers storing instant messaging, chats and filesharing
details even though these types of data are outside the scope of the
Directive. It is often unclear to businesses in the telecommunications
sector which data should be stored. Law enforcement agencies have
apparently lobbied the Commission for a "technological neutrality" of
the Directive to ensure a broad "ability to know who communicated with
whom, when, where and how" - despite, it appears, being able to justify
the retention of the data already being stored.
Moreover, the paper repeats EDRi's concern regarding the "serious crime"
limitation, which is not defined at EU level or in many Member States,
and regarding the lack of a clear limitation of the purposes for which
data is being retained. It states that there have been many demands for
the extension of the use of data to copyright infringements or for such
vaguely defined offenses as "hacking" and "urgent cases". According to
the document, the Directive has also led to an unclear situation for
citizens due the absence of a procedure for reporting and redressing
data breaches and the absence of a monitoring system to know who
actually accessed the data.
Furthermore, the Commission states that, depending on the country, there
is no or only a very low reimbursement of storage costs, which leads to
a distortion of the free market. Especially the costs for small
businesses are being rated as "disproportionately high". This also means
that countries having implemented the Directive will have an economic
interest and will pressure other countries into implementing data retention.
In order to justify limitations of fundamental rights, such as the right
to privacy and to data protection, measures must be necessary and
proportionate. The leaked document however shows that the Commission
can neither prove necessity nor proportionality of the Data
Retention Directive - but still wants to keep the Directive. Despite
unending implementation problems and proven failure of the current
Directive, the Commission is maintaining its pressure on Member States
that have not already implemented the Directive, to do so.
The Commission is currently examining the possibility amending the
Directive and is conducting a study on data preservation ("quick
freeze") which is due for May 2012.
Leaked Commission document (15.12.2011)
http://quintessenz.org/d/000100011699
Commission's DRD implementation report (18.04.2011)
http://ec.europa.eu/commission_2010-2014/malmstrom/archive/20110418_data_re…
EDRi's Shadow implementation report (17.04.2011)
http://www.edri.org/files/shadow_drd_report_110417.pdf
(Contribution by Kirsten Fiedler - EDRi)
============================================================
5. Romanian Senate rejects the new data retention law
============================================================
Following the pressure of the European Commission to the Romanian
authorities to implement the data retention directive and despite the
decision of the Constitutional Court from 2009 against the data retention
law, a new draft law has emerged, but it was rejected by the Senate at the
end of 2011.
The Romanian Ministry of Communications and Information Society (MCSI) has
tried to have the new draft promoted as a Government proposal, but has
failed to do so for unclear reasons. The Romanian Data Protection Authority
has decided not to endorse the new draft law, as the article related to the
security institutions to the retain data is still vague.
The text is in fact similar to the old law that was declared
unconstitutional and even worse in some specific cases, such as for example
the judicial approval to have access to the retained data that is unclear in
the new proposal. However, the MCSI rejected claims of the civil society
that the new law was still unconstitutional and decided to go further with
the same draft.
In the end, the Minister promoted the law as his own initiative in the
Chamber of Deputies (because he is also a deputy) together with a Party
colleague. The law was sent for debates to the Senate, where it received a
unusual point of view from the Government that refused to endorse the law
and said that the Parliament should decide its fate, because of the conflict
between the Constitutional Court decision and the EU data retention
directive.
The law was quickly debated by the Senate, after the Legal and Human Rights
Committees decided to suggest the rejection the law, as the content is
similar to the one already declared unconstitutional. On 21 December 2011,
the Senate decided unanimously that the law should be rejected.
However, the vote in the Senate is only consultative for this law and the
decisive vote will be taken by the Chamber of Deputies, that will start
discussing the law in its Commissions starting with February 2012.
Data retention: Commission requests Germany and Romania fully transpose EU
rules (27.10.2011)
http://europa.eu/rapid/pressReleasesAction.do?reference=IP/11/1248&type=HTML
Romanian DPA does not endorse the data retention law (only in Romanian,
29.08.2011)
http://dataprotection.ro/?page=stire_07092011&lang=ro
The Romanian Government refuses to adopt a point of view on data retention
law (only in Romanian, 19.12.2011)
http://apti.ro/retinerea-datelor-Guvernul-refuza-sa-isi-asume-un-punct-de-v…
Report of the Senate Legal Committee to reject the data retention law (only
in Romanian, 20.12.2011)
http://www.apti.ro/sites/default/files/Raport%20respingere%20Senat%2020%20d….
The Senate rejects the data retention law (only in Romanian, 22.12.2011)
http://legi-internet.ro/blogs/index.php/2011/12/22/legea-pastrarii-datelor-…
EDRi-gram: New draft law for data retention in Romania (29.06.2011)
http://www.edri.org/edrigram/number9.13/new-draft-data-retention-romania
============================================================
6. Finnish ISP started blocking The Pirate Bay
============================================================
On 9 January 2012, the Helsinki Enforcement authority obligated Finnish ISP
Elisa to execute the court ruling that it had to block access to The Pirate
Bay from its network.
This is the latest phase in an ongoing legal fight between the Copyright
Information and Anti-Piracy Centre (CIAPC) and Elisa. Acting on behalf of
IFPI Finland, CIAPC brought the case to court in May 2011, and in October
the court ruled that Elisa must block access to The Pirate Bay. Elisa has
appealed the ruling to a higher court.
The court ruling from October did not specify the domain names and IP
addresses that Elisa should block. The Enforcement authority gave Elisa a
list of domain names compiled by the CIAPC, including not only domains of
The Pirate Bay itself but various translations of the name such as
depiraatbaai.be.
One of the listed domain names was piraattilahti.fi ("pirate bay" in
Finnish), a website owned by a private Finnish person. The site did not
contain any links to or material from The Pirate Bay, but instead hosted a
campaign page against SOPA (Stop Online Piracy Act), the controversial US
draft bill. The owner of the site changed piraattilahti.fi to point to
Effi's web server, with the result that people outside Elisa's network saw
Effi's web pages and those inside Elisa got nothing when they entered
piraattilahti.fi in their browser. The site was later removed from the
blocking list.
Another initially blocked site was piraatti.fi, which is in fact an
anti-piracy propaganda site. It was unblocked a few days later.
After the enforcement of the block, the website of CIAPC was flooded offline
and CIAPC claimed to have received a bomb threat.
The enforcement raises some questions. First of all, how can a private
organisation be empowered to manage a list of websites that people should
not be allowed to access - apparently without checking at all what the site
actually contains. Furthermore, why such a hurry to enforce a court decision
that has been appealed, especially as there is a fresh precedent from the
European Court of Justice that basically disallows the Finnish lower court
decision.
Elisa's press release (9.01.2012, updated 11.01.2012)
http://www.elisa.fi/ir/pressi/index.cfm?t=100&o=5130&did=17728
EDRi-gram 9.21: Finnish ISP ordered to block The Pirate Bay (2.11.2011)
http://www.edri.org/edrigram/number9.21/finnish-isp-block-piratebay
European Court of Justice press release (24.10.2011)
http://curia.europa.eu/jcms/upload/docs/application/pdf/2011-11/cp110126en.…
(Contribution by Timo Karjalainen, EDRi member Electronic Frontier
Finland - Effi)
============================================================
7. Dutch Internet providers forced to block The Pirate Bay
============================================================
In its judgement of 11 January 2012, the Court of The Hague granted
Dutch copyright enforcement organisation Brein's request to order Dutch
internet providers Ziggo and XS4ALL to block access to The Pirate Bay.
This is the opposite of an earlier ruling given in summary proceedings
where no such order was given. Ziggo and XS4all will appeal the ruling.
The Court of The Hague held that Ziggo and XS4ALL have to block access
to the domain names and IP-addresses of The Pirate Bay. In the future,
Brein may also give the providers additional lists to block. The
Court came to this conclusion based on additional evidence provided by
Brein that a large number of Ziggo and XS4ALL subscribers used The
Pirate Bay to download content without authorisation.
The Court based its order on article 26d of the Dutch Copyright Act and
article 15e of the Dutch Neighbouring Rights Act. These articles, which are
based on Directive 2001/29/EC on the harmonisation of certain aspects of
copyright and related rights in the information society, give the judiciary
the right to order intermediaries whose services are used by third parties
to infringe copyrights, to discontinue the services that are used for these
infringing activities.
The Court reasons that, based on the ECJ's explanation of Article 11 of the
IP Enforcement Directive 2004/48/EC in the L'Oreal/Ebay case, this order can
also be extended to prevent future infringements. Therefore, the order does
not have to be focussed on a specific infringement, but its scope can be
broader, according to the Court. Referring to the judgement of the European
Court of Justice (ECJ) in Sabam/Scarlet case, the Court states that a right
balance has to be struck between fundamental rights and the protection of
intellectual property. This balance has to be determined by the principles
of subsidiarity and proportionality. According to the Court, blocking The
Pirate Bay adheres to these two principles for a number of reasons.
First, according to the Court, only a marginal amount of legal content can
be found on The Pirate Bay. The legal content that is provided can also be
retrieved with other means and therefore there is not a violation of article
10 ECHR. Second, the Court notes that direct proceedings against The Pirate
Bay and release groups have proven to be futile. Therefore it is appropriate
to address intermediaries. Third, blocking The Pirate Bay would essentially
substantiate an earlier order of the Court of Amsterdam that already ordered
the administrators of The Pirate Bay to disable their website, including
legal content. Fourth, the Court does not consider a DNS and IP blockade to
constitute active surveillance, as it is directed at one website. It does
not involve deep packet inspection to prevent any possible infringements
from happening and it is therefore not forbidden by article 15 sub 1 of the
E-Commerce Directive 2000/31/EC and the Sabam/Scarlet ruling of the ECJ.
As can be seen by the many contradicting rulings given by various Courts
in Europe, court cases regarding the blocking of websites do not always
lead to the same result. For example, on 9 January 2012, the local Court
of Helsinki in Finland ordered Elisa, one of the largest Internet
Providers in Finland, to block access to The Pirate Bay for its
customers. On the other hand, on the 31 August 2011, the Court of
Cologne held that Internet Provider HanseNet could not be ordered to
block access to a Russian website that facilitated copyright
infringement.
Considering these completely different outcomes across the European
Union, it is remarkable that the Court of The Hague did not see reason
to ask preliminary questions to the ECJ.
Decision of the Court of The Hague (only in Dutch, 11.01.2012)
http://zoeken.rechtspraak.nl/detailpage.aspx?ljn=BV0549
Court of Cologne's decisions on Hansenet (only in German, 31.08.2011)
http://www.justiz.nrw.de/nrwe/lgs/koeln/lg_koeln/j2011/28_O_362_10_Urteil_2…
EDRi-gram: Dutch Internet Provider Not Obliged To Block The Pirate Bay
(28.07.2010)
http://www.edri.org/edrigram/number8.15/dutch-isps-not-blocking-piratebay/
Blocking The Pirate Bay: will the Dutch court ruling hold in appeal?
(18.01.2012)
http://kluwercopyrightblog.com/2012/01/18/blocking-the-pirate-bay-will-the-…
(Contribution by Arjan de Jong - volunteer Bits of Freedom)
============================================================
8. US continue pushing on EU Commission against Data Protection proposals
============================================================
The US Department of Commerce has circulated a second informal note with
comments on the proposals for a data protection regulation and a directive
on data protection in the field of law enforcement. This time, its criticism
focuses on the following concerns: the regulation could hinder commercial
interoperability and be even counter-productive for consumer privacy
protection, it could have negative impact on the freedom of speech and other
human rights, on law enforcement cooperation, on cooperation between
regulatory authorities and on civil litigation.
The high-level interference with the internal processes of the European
Commission by the United States is quite extraordinary. Undoubtedly, a
degree of concern can legitimately be expressed as the final decisions are
being made on a piece of legislation which has international significance.
However, this amount of interference, before either the European Parliament
or Council (the Member States) have been able to have their say, implies a
significant level of disrespect for the institutions of the Union and their
ability to resolve any issues with what is, after all, the first draft in a
legislative process which will last two to three years.
According to the DoC's informal note, the Safe Harbor Agreement enabled
transfer of personal data and is a "vital component of transatlantic trade".
The DoC thereby completely ignores the findings of several external
evaluations on the EU-US Safe Harbor Privacy Principles which attacked the
agreement in terms of compliance and enforcement and is today widely
considered to be entirely without credibility.
The note praises Article 40 and its provisions regarding Binding Corporate
Rules (BCR) as a legal basis for transfers of personal data to third
countries but asks for more detail regarding the type of verification data
protection authorities will consider sufficient. The document also states
that codes of conduct (of the kind that have failed to develop in the
existing Directive, but are nonetheless envisaged in the USA) can lead to an
increase in interoperability and enhanced consumer protection and suggests
that the EU looks into mechanisms to convert codes of conduct into BCRs.
However, the provision for explicit consent with a single standard is
heavily criticized since, it is argued, if it is not simplified and
meaningful, it could easily overburden individuals. The DoC states that
asingle standard is ill-suited for institutions and types of commerce that
offer financial products and services.
The DoC then criticises the Regulation's specifications regarding "privacy
by design" and the broad authority given to the EU Commission to set out the
technical standards - without presenting any valid arguments against the
proposed principle of privacy by design itself.
The informal note also qualifies some provisions as being infeasible, since
they would impose burdens on businesses without enhancing consumer
protection, such as data breach notification and the right to be forgotten.
In contrast to its first note from December 2011 the DoC now admits that
the US itself has several federal laws regarding breach notification but
repeats its criticism of the first informal note regarding the obligation
to notify data subjects within 24 hours arguing that the period is "simply
too short", that it could lead to "massive fines" for companies and to
confusing "false alarms" for consumers.
The draft Regulation is also considered to be inconsistent with the global
nature of the Internet since it would assert jurisdiction over persons
operating websites without a legal nexus with Europe (i.e. exactly what the
US is proposing in its current draft proposals on intellectual property).
According to the DoC, the term "directed to" is neither sufficiently defined
in paragraph 15 nor does the limiting principle go far enough. Oddly enough,
the "directed to residents of the US" provision of the planned Protect IP
Act (PIPA) raises no similar concerns in the US.
As mention above, the note qualifies the "right to be forgotten" as
undermining freedom of expression, as technically impracticable and as
ignoring the open and decentralised nature of the Internet. The DoC
expresses concern that exceptions in article 80 are narrower than the
freedom of expression, that the "right" to be forgotten is not an
internationally recognised right and protected expression will be deleted.
However, the DoC seems to ignore that this article is based on an already
existing right as set out by the EU (1995/46/EC, article 12 b) and that
these concerns can easily be addressed by clarification of the wording of
the current draft of the Regulation.
Of course, the DoC is also very concerned about the draft Police and
Criminal Justice Data Protection Directive saying that it would limit
information and evidence sharing to "the minimum necessary" - which is a
useful, albeit unintentional, confirmation that the proposal is legal under
the Charter of Fundamental Rights. They are also unhappy about the fact that
other legal information-sharing instruments with EU Member States would
probably not suffice under the proposed Directive since existing instruments
must meet specific and "problematic" privacy protection requirements.
Moreover, the DoC fears that the "strong system of privacy protection"
existing in the United States (which, incidentally, does not cover EU
citizens) would disappear since it would be forced to adopt the European
style of data protection.
The DoC criticises the data transfer provisions of the draft Regulation
(art. 37-41) arguing that they would undermine cooperation and data sharing
processes among regulatory authorities in the US, the EU and the EU's Member
States based on cooperative arrangements.
The document then specifically targets article 42 stating that its
restrictions could block or delay access to information held by US firms and
have an impact on investigations of EU firms and citizens. Bizarrely, the US
DoC is worried about regulating a currently unregulated situation which
would permit data exchange in the absence of a legal framework and legal
safeguards. According to the note, article 42 might even affect the
US-registered companies located in the EU and their ability to conduct
business in the US. It is noteworthy that the US currently uses instruments
such as the Foreign Intelligence Surveillance Act to retrieve data on
foreign individuals' political activities, who may have no contact
whatsoever with the USA, via companies with US offices. This legal vacuum
would be addressed by article 42.
An unusually high number of Commission services issued negative internal
opinions to the draft legislation, thus delaying the inter-service process
(see 2 opinions below). This was partly as a result of this significant
lobbying campaign (including high-level phone calls to top level staff in
the European Commission) against the leaked draft proposal for a Regulation
by the United States Department of Commerce and the Federal Trade
Commission, the official draft proposal of which is now expected to be
published in February/March.
First informal note circulated by the US (21.12.2011)
http://edri.org/US-DPR
Second informal note by the US (16.01.2012)
http://www.edri.org/files/US_lobbying16012012_0000.pdf
Opinion DG Trade (21.12.2011)
http://www.edri.org/files/21122011_DGTradeOpinion.pdf
Opinion DG Infso (21.12.2011)
http://www.edri.org/files/120112_DGINFSO_negativereply.pdf
Chris Connolly (Galexia), US Safe Harbor - Fact or Fiction?, Privacy Laws
and Business International, issue 96, December 2008:
http://www.galexia.com/public/research/assets/safe_harbor_fact_or_fiction_2…
The implementation of Commission Decision 520/2000/EC on the adequate
protection of personal data provided by the Safe Harbour privacy Principles
and related Frequently Asked Questions issued by the US Department of
Commerce SEC(2004)1323
http://ec.europa.eu/justice/policies/privacy/docs/adequacy/sec-2004-1323_en…
(Contribution by Kirsten Fiedler - EDRi)
============================================================
9. Researchers say smart meter technology is privacy intrusive
============================================================
Two German researchers presented a talk entitled "Smart Hacking for Privacy"
at the 28th Chaos Computing Congress that took place between 27 and 30
December 2011, on the privacy implications of "smart" electricity meters.
These devices, installed in homes, collect information to determine the
power consumption. The researchers had signed up with Discovergy, one of the
independent companies providing such smart meters, to check out how secure
the devices were and what information could be obtained from the data
gathered by them.
According to Discovergy's website, the web interface accessing the
consumption data used HTTPS to protect the data and the data sent back to
Discovergy was encrypted and signed in order to prevent forged data. The
website also stated these facts had been confirmed by independent experts.
Following the presentation of the researchers on 30 December, these
statements disappeared from the company's website and as it came out, the
SSL certificate of the site was misconfigured and presented an invalid
certificate warning, then proceeded to redirect them to an HTTP URL where
the data and password were transmitted in clear text across the internet.
The researchers found out the traffic was not encrypted and signed and,
therefore, easy to intercept. Thus, they were able to demonstrate that data
from the entire life of the device was stored on Discovergy's servers.
One of the main concerns was that the smart meters were monitoring the power
usage in two-second intervals which implies the devices were able to discern
very fine modifications in power consumptions such as differences based on
the brightness levels displayed for different scenes in TV shows and movies.
The researchers believe that two seconds measurements are unnecessary for
the stated goals of the smart meter companies and too privacy intrusive as
the data obtained could be used to establish very fine details.
"Unfortunately, smart meters are able to become surveillance devices that
monitor the behaviour of the customers leading to unprecedented invasions of
consumer privacy. High-resolution energy consumption data is transmitted to
the utility company in principle allowing intrusive identification and
monitoring of equipment within consumers' homes (e.g., TV set, refrigerator,
toaster, and oven)", said the researchers in a statement prior to the
presentation.
Nikolaus Starzacher, CEO of Discovergy, explained that one of the reasons
for using the two second polling interval was to provide services such as
notifying a customer that he forgot an iron or another house appliance on,
when leaving the house.
Also, the researchers claimed that they had been able to send false details
about their energy consumption back over the unencrypted Discovergy network
meaning that consumers might be able to "potentially fake the amount of
consumed power being billed".
In the opinion of Ross Anderson, professor in security engineering at the
University of Cambridge Computer Laboratory, EU and UK plans to install
smart meter are "set to become another public sector IT disaster".
In a joint paper with his fellow academic Shailendra Fuloria, Anderson
warned over the threat of the vulnerability of the smart meters which might
allow hackers to break into a "head-end" hub where smart metering data are
collated and thus be able to even cut the supply of energy across "tens
of millions of households".
"The introduction of hundreds of millions of these meters in North America
and Europe over the next ten years, each containing a remotely commanded off
switch, remote software upgrade and complex functionality, creates a
shocking vulnerability," Anderson said adding: "An attacker who takes
over the control facility or who takes over the meters directly could create
widespread blackouts; a software bug could do the same."
In his opinion, regulators have started to be aware of the issue and
possible solutions under discussion might be "shared control, as used in
nuclear command and control; backup keys as used in Microsoft Windows;
rate-limiting mechanisms to bound the scale of an attack; and local-override
features to mitigate its effects."
Smart meter hacking can disclose which TV shows and movies you watch
(8.01.2012)
http://nakedsecurity.sophos.com/2012/01/08/28c3-smart-meter-hacking-can-dis…
Smart Hacking for Privacy (16.01.2012)
http://www.youtube.com/28c3#p/u/54/YYe4SwQn2GE
Smart meter technology is privacy intrusive, researchers claim (11.01.2012)
http://www.out-law.com/en/articles/2012/january-/smart-meter-technology-is-…
============================================================
10.ENDitorial: Copyright vs Public Domain-copyright as a barrier to culture?
============================================================
"The book, as a book, belongs to the author, but as thought it belongs --
the word is not too big -- to the human species. Any intelligent being has a
right to it. If one of the two rights, that of the writer and that of the
human spirit, must be sacrificed, then certainly it should be the right of
the writer, as the public interest is our sole preoccupation, and everyone,
I declare, should come before us" - Victor Hugo, Opening speech of the
International Literature Congress of 1878
For many of us, New Year means good resolutions for some even new beginnings
but it also means new works of art in the public domain. This year - and
just to name a few - James Joyce, Maurice Leblanc, Virginia Woolf, Robert
Delaunay, Sherwood Anderson, Henri Bergson have entered the public
domain.
To be in the public domain: what does it concretely mean? Public domain
works are part of a citizens' cultural heritage, therefore their use is not
restricted - as they would be when they are protected by copyright.
Practically, it means that people can freely copy, translate, adapt or use
the works of the artists, writers or musicians.
Entering the public domain leads to a wider, access to cultural content.
The public domain promotes education and knowledge. It is a factor of new
and further creation, knowledge and innovation. Some of these elements are
of great importance and further enhance access to culture. Once a work has
entered the public domain, new editions and republications flourish,
giving the opportunity to a larger audience to access society's cultural
heritage. 2010 turned into a year of Freud. When Sigmund Freud's works
finally entered the public domain, publishers rushed to publish,
commissioned new translations and subsequently sold new versions of his
books.
All in all, public domain enables a wider and higher circulation of
artistic, literary, dramatic, musical works, encouraging access for all. And
last but not least, public domain also has an economic value. Some
publishers indeed have specialised their business model on publishing works
for which copyright protection has expired. This is true not only for the
book publishers but also in the music industry.
A crucial question therefore arises: If public domain is so important and so
beneficial, why do we have to wait for so long after the artist's, painter's
or writer's death to have works of art finally in the public domain?
The original idea behind copyright monopolies was to favour creativity and
to enable artists, writers and authors to continue to create. This would be
a great and praiseworthy purpose if only it had not have been turned away
from its primary goals. Copyright is currently the rule and public domain is
the exception.
The content industry continually asks for, and receives ever-longer
copyright terms, and consequently the public domain continually
decreases. Just recently and after a strong lobby from the music industry,
the European Union decided to extend copyright for performers and producers
from 50 to 70 years. Turning back on Victor Hugo's idea of his work as a
shared good, some in the rightsholders lobby are pushing the limits of
protection, and moving cultural goods out of the reach of society. They
argue that it serves the economy, helps to keep jobs and improves the
investment in new talent. However what they miss here is that access to the
works of the artists they claim to represent is restricted to the public, to
other publishers or other record companies. In the end, this only serves the
majors and the most famous artists, who are least in need of this
"protection". Finally, while these dominant industries claim that term
extension is needed in order to invest in new talent, the policy of ever
longer copyright extension does not create any incentive to do so. In the
absence of such incentive, major record companies will continue to invest
only in performers that will bring in long-term of revenues, so alternative
and less popular musicians will be left out, undermining cultural diversity.
Nowadays, the protection of works subject to copyright is based not on their
date of publication but on the death of the authors, and the life expectancy
has improved, so the public domain is proportionally diminishing. If
copyright is to incentivise creation, what is the logic behind remunerating
artists for ever-longer periods after their deaths? The entire logic behind
the copyright protection has been subverted.
Cultural works are being locked away from the public and a greater barrier
is being built between the public and their culture. If copyright is meant
to defend culture and creation, it should not be used to create barriers
between citizens and their heritage.
Freud in the public domain (only in French, 27.01.2010)
http://www.lexpress.fr/culture/livre/freud-dans-le-domaine-public_844789.ht…
EDRi-gram: New rules on term of protection of music recordings (21.09.2011)
http://edri.org/edrigram/number9.18/term-extension-music-copyright
The progressive weakening of the public domain (only in French, 2.01.2012)
http://www.numerama.com/magazine/21129-l-affaiblissement-progressif-du-doma…
Public domain calculator
http://outofcopyright.eu/
(Contribution by Marie Humeau - EDRi)
============================================================
11. Recommended Action
============================================================
5th International Computers, Privacy & Data Protection Conference: "European
Data Protection: Coming of Age"
CPDP 2012 takes place during a significant stage of the revision of the EU
legal framework on data protection, thus several panels will focus on the
review and the latest legislative proposals. More than 20 panels will be
organized on key issues such as geolocalization, e-identity and
e-management, enforcement of copyright protection, surveillance in the
workplace, accountability and communication of privacy. In addition, there
will be workshops and special sessions on topics such as eDiscovery,
privacy impact assessments and "privacy by design", smart metering and
transborder data flows. Since 2012 was declared the European Year of Active
Ageing, three sessions will be devoted to the theme of Ageing and New
Technologies.
25-27 January 2012, Brussels, Belgium
http://www.cpdpconferences.org/
Corporate Responsibility to Respect Human Rights
A new European Commissions' project will produce 3 sector-specific guides on
the Corporate Responsibility to Respect Human Rights.The choice regarding
which three sectors will be the included in this project, based on
suggestions by stakeholders, will be made by the Commission and announced in
February 2012. Therefore, it is very important that you give your input in
order to highlight the importance of defending human rights in the digital
environment.
All stakeholders are invited to submit their suggestions for the choice of
sectors by emailing sectorguidance(a)ihrb.org by:6pm CET on 27 January 2012.
http://www.ihrb.org/news/2012/new_project_to_develop_business_and_human_rig…
============================================================
12. Recommended Reading
============================================================
German police officer uses federal Trojan to spy on daughter. Her friend
then breaks into fathers PC and police server (9.01.2012)
http://www.thelocal.de/national/20120109-39999.html
http://www.spiegel.de/netzwelt/netzpolitik/0,1518,807820,00.html
CMCS: Hungarian Media Laws in Europe: An Assessment of the Consistency of
Hungary's Media Laws with European Practices and Norms (5.01.2012)
https://cmcs.ceu.hu/news/2012-01-05/new-study-hungarian-media-laws-in-europ…
France: Fingerprints and transmission of data: biometrics to protect
identity? (4.01.2012)
http://www.statewatch.org/news/2012/jan/04fr-id.htm
============================================================
13. Agenda
============================================================
23-24 January 2012, Brussels, Belgium
The European Thematic Network on Legal Aspects of Public Sector
Information - LAPSI 2nd Public Conference and 3rd Award
http://www.lapsi-project.eu/bruxellesprog
24 January 2012, Brussels, Belgium
PrivacyCamp.eu - UnConference on Privacy and Data Protection
http://www.edri.org/Privacy-Camp-EU
25-27 January 2012, Brussels, Belgium
Computers, Privacy and Data Protection 2012
http://www.cpdpconferences.org/
26 January 2012, Schaarbeek, Belgium
Big Brother Awards Belgium
http://www.bigbrotherawards.be/
27 January 2012, Brussels, Belgium
21.30 - 02.00 (come early!)
Privacy Party at Bozar
http://www.edri.org/files/01-2012PRIVACY-PARTY-POSTER-DEF.jpg
4-5 February 2012, Brussels, Belgium
FOSDEM 2012 - Free and Open source Software Developers' European Meeting
http://fosdem.org/2012/
25 February 2012, Szeged, Hungary
Copyright and Human Rights in the Information Age: Conflict or Harmonious
Coexistence
http://www.juris.u-szeged.hu/english/news/conference-on-copyright
16 March 2012, Rotterdam, Netherlands
EPSIplatform Conference: Taking government data re-use to the next level!
http://epsiplatform.eventbrite.com/
20 March - 1 April 2012, Berlin, Germany
Wikimedia Chapters Meeting 2012
http://meta.wikimedia.org/wiki/Wikimedia_Conference_2012
13 April 2012, Biefeld, Germany
Big Brother Awards Germany
http://www.bigbrotherawards.de/
16-18 April 2012, Cambridge, UK
Cambridge 2012: Innovation and Impact - Openly Collaborating to Enhance
Education
OER12 and the OCW Consortium's Global Conference
http://conference.ocwconsortium.org/index.php/2012/uk
2-4 May 2012, Berlin, Germany
Re:Publica 2012: ACTION!
http://re-publica.de/12/en
14-15 June 2012, Stockholm, Sweden
EuroDIG 2012
http://www.eurodig.org/
20-22 June 2012, Paris, France
2012 World Open Educational Resources Congress
http://www.unesco.org/webworld/en/oer
9-10 July 2012, Barcelona, Spain
8th International Conference on Internet Law & Politics: Challenges and
Opportunities of Online Entertainment
http://edcp.uoc.edu/symposia/idp2012/cfp/?lang=en
12-14 September 2012, Louvain-la-Neuve, Belgium
Building Institutions for Sustainable Scientific, Cultural and genetic
Resources Commons.
http://biogov.uclouvain.be/iasc/index.php
7-10 October 2012, Amsterdam, Netherlands
2012 Amsterdam Privacy Confernece
Call for Papers by 1 February 2012
http://www.ivir.nl/news/CallforPapersAPC2012.pdf
============================================================
14. About
============================================================
EDRi-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRi has 28 members based or with offices in 18 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge and
awareness through the EDRi-grams.
All contributions, suggestions for content, corrections or agenda-tips are
most welcome. Errors are corrected as soon as possible and are visible on
the EDRi website.
Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 3.0 License. See the full text at
http://creativecommons.org/licenses/by/3.0/
Newsletter editor: Bogdan Manolea <edrigram(a)edri.org>
Information about EDRI and its members:
http://www.edri.org/
European Digital Rights needs your help in upholding digital rights in the
EU. If you wish to help us promote digital rights, please consider making a
private donation.
http://www.edri.org/about/sponsoring
http://flattr.com/thing/417077/edri-on-Flattr
- EDRI-gram subscription information
subscribe by e-mail
To: edri-news-request(a)edri.org
Subject: subscribe
You will receive an automated e-mail asking to confirm your request.
Unsubscribe by e-mail
To: edri-news-request(a)edri.org
Subject: unsubscribe
- EDRI-gram in Macedonian
EDRI-gram is also available partly in Macedonian, with delay. Translations
are provided by Metamorphosis
http://www.metamorphosis.org.mk/edri/2.html
- EDRI-gram in German
EDRI-gram is also available in German, with delay. Translations are provided
Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for
Internet Users
http://www.unwatched.org/
- Newsletter archive
Back issues are available at:
http://www.edri.org/edrigram
- Help
Please ask <edrigram(a)edri.org> if you have any problems with subscribing or
unsubscribing.
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
4th Annual PKI R&D Workshop: Multiple Paths to Trust
April 19-21, 2005
NIST -- Gaithersburg, MD
Papers and Proposals Due: October 29, 2004
Website: http://middleware.internet2.edu/pki05/
Registration Fee: $125.00
This workshop considers the full range of public key technology used
for security decisions and supporting functionalities, including
authentication, authorization, identity (syndication, federation, and
aggregation), and trust. This year, the workshop has a particular
interest in how PKI and emerging trust mechanisms will interact with
each other at technical, policy and user levels to support trust
models that lack a central authority. This workshop has three goals:
1. Explore the current state of public key technology and
emerging trust mechanisms in different domains including
web services; grid technologies; authentication systems,
et al., in academia, research, government, and industry.
2. Share & discuss lessons learned and scenarios from vendors
and practitioners on current deployments.
3. Provide a forum for leading security researchers to explore
the issues relevant to PKI space in areas of security
management, identity, trust, policy, authentication, and
authorization.
CALL FOR PAPERS
We solicit papers, case studies, panel proposals, and participation
from researchers, systems architects, vendor engineers, and users.
Submitted works should address one or more critical areas of inquiry.
Topics include (but are not limited to):
* Federated versus Non-Federated trust models
* Standards related to PKI and security decision systems such as
x509, SDSI/SPKI, PGP, XKMS, XACML, XRML, XML signature, and SAML.
* Cryptographic and alternative methods for supporting security
decisions, including the characterization and encoding of data
* Intersection of policy based systems and PKI
* Privacy protection and implications
* Scalability of security systems
* Security of the components of PKI systems
* Security Infrastructures for constrained environments
* Improved human factor designs for security-related interfaces
including authorization and policy management, naming, use of
multiple private keys, and selective disclosure
* New paradigms in PKI architectures
* Reports of real-world experience with the use and deployment of
PKI, including future research directions
Deadlines for conference paper and panel submissions are:
* Papers and Proposals Due: October 29, 2004
* Authors Notified: December 10, 2004
* Final Materials Due: February 18, 2005
Submissions should be provided electronically, in PDF, for standard
US letter-size paper (8.5 x 11 inches). Paper submissions must not
exceed 15 pages (single space, two column format with 1" margins
using a 10 pt or larger font) and have no header or footer text
(e.g., no page numbers). Proposals for panels should be no longer
than five pages and include possible panelists and an indication of
which panelists have confirmed availability.
Please submit the following information to pkichairs(a)internet2.edu:
* Name, affiliation, email, phone, postal address for the primary
contact author
* First name, last name, and affiliation of each co-author
* The finished paper in PDF format as an attachment
All submissions will be acknowledged.
Submissions of papers must not substantially duplicate work that any
of the authors have published elsewhere or have submitted in parallel
to any other conferences or journals.
Accepted papers will be published in a proceedings of the workshop.
REGISTRATION
The registration fee of $125 per person includes workshop materials,
coffee breaks, lunches, and a dinner. There will be no on-site
registration. Please pre-register by April 12, 2005 at
https://rproxy.nist.gov/CRS/conf_ext.cfm?conf_id=1065
Teresa Vicente
NIST
Phone: (301) 975-3883
Fax: (301) 948-2067
email: teresa.vicente(a)nist.gov
An agenda will be available in late December at
http://middleware.internet2.edu/pki05/
ACCOMMODATIONS
A block of rooms has been reserved at the Gaithersburg Holiday Inn,
(301) 948-8900, at a special rate of $99, single or double, plus 12%
tax. Reservations must be received by April 4, 2005, in order to
receive the special rate. Please mention you are attending the
"NIST/PKI Workshop".
+------------------------------------------------------------------+
|Carl M. Ellison cme(a)acm.org http://theworld.com/~cme |
| PGP: 75C5 1814 C3E3 AAA7 3F31 47B9 73F1 7E3C 96E7 2B71 |
+---Officer, arrest that man. He's whistling a copyrighted song.---+
--------------------------------------------------------------------- The
SPKI Mailing List Unsubscribe by sending "unsubscribe spki" to
majordomo(a)metzdowd.com
--- end forwarded text
--
-----------------
R. A. Hettinga <mailto: rah(a)ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
1
0