July 2018 - cypherpunks-legacy

NYT: "Pentagon Plans New Arm to Wage Wars in Cyberspace"
by Perry E. Metzger 06 Jul '18

06 Jul '18

Full article: http://www.nytimes.com/2009/05/29/us/politics/29cyber.html -- Perry E. Metzger perry(a)piermont.com --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo(a)metzdowd.com ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

Re: [Freedombox-discuss] [Arm-netbook] Debian GNU/Linux on tablet hardware
by Luke Kenneth Casson Leighton 06 Jul '18

06 Jul '18

On Sat, Oct 29, 2011 at 1:47 AM, Mark Constable <markc(a)renta.net> wrote: > On 2011-10-28 07:50 PM, Luke Kenneth Casson Leighton wrote: >> ... >> it's an insane situation - i'm offering Free Software Developers >> a "way out" of this insanity. > > Excellent disclosure of the reality of dealing with Chinese > manufaturers. So you are suggesting the main problem is matching > up an OS with the hardware, not the hardware itself. nggggggh YES, finally, someone gets it. [i've done reverse-engineering of 7 different ARM-based devices. you do not want to go there]. > A few months ago I made a plea for a non-netbook tablet solution > to allow those keen to develop OS options a chance of getting > something ready NOW while we wait for the "ideal" form factor > parts to fall into place. Unfortunately the core point of that > email, "give us something to develop on now", got buried under > an assertion that any device won't end up in the hands of GPL > tolerant western developers much under $300 retail/delivered. well... let me think.... nope, it's not true. order 10 of these, you get them for $149 each: http://quickembed.com/Tools/Shop/DSP/201105/170.html get 10 of those into one country in 1 box, sent with individual shipping labels on each, split automatically once they're through Customs, you don't have to pay individual shipping costs just to get the damn things into the country. franson might squawk at the idea of having to put individual shipping labels on each item and _then_ put them inside a larger box (addressed to the Customs Office itself!) but it's a common enough technique, he may have encountered it before: you'll have to ask him. but it's _almost_ true - $149 for only 10of, plus tax, plus shipping, it starts to approach $200 and a bit more... but for these, it's definitely not true. in 1-off prices, these are $99: http://quickembed.com/Tools/Shop/ARM/201007/118.html and this one, split-level design, are $109: http://quickembed.com/Tools/Shop/ARM/201102/164.html you can, in larger quantities, ask for a quote (minimum 3 so as not to waste franson's time, please) and they're S3C6410 ARM11s so you'd get a very _very_ approximate idea of the speed of operating on a system-which-had-an-ARM11-CPU (see below, please). in each case, the developers would not need the LCD screen, so it's obviously not included in the prices, and if any developer asks you for one, you know they're trying it on, and not to send them a device. note that on EVERY SINGLE PAGE, quickembed supply the GPL source code with the device. but, regardless of cost or availability, i don't see what value placing such a device into the hands of those developers would actually bring to the table (see further below) > Fortunately for all concerned, the Raspberry PI will change this > situation forever in another 1/2 year (a few months after it hits > the market) so the plea to get "anything" into the hands of said > GPL-tolerant developers is about to be solved. what exactly are you after that cannot be solved by running arm-qemu? (which, btw, is quite tolerable on a dual-core 2ghz xeon). please please for god's sake don't tell me you expect the linux kernel on the raspberrypi to be of any use to man or beast for any other ARM-based device (including one which has the exact same ARM11 CPU). the only possible reason i can think of that _might_ be of benefit is if the "target" device(s) which were chosen for loading FreedomBox Software on were: * exactly the same CPU (ARM11 TCC8902 i think it is) * exactly the same amount and sized RAM * exactly the same RAM programmed in software to run at exactly the same speed * exactly the same NAND flash hooked up in exactly the same way. you would not believe the variation in speed which occurs by making a change as quotes simple quotes as putting in faster (or slower) RAM or NAND flash, or by changing the timings parameters on access to the RAM. just like in the x86 world, it's not just about "how fast the CPU is clocked". so if you want (wanted) to get an idea of how fast a particular system will be, then... you need to build that particular system! so again, with the greatest of respect i have to ask: what exactly is the benefit that is gained, which cannot be had by using qemu-arm? qemu-arm would, by virtue of being slow, at least teach people to write efficient code and scripts. and cut out that god-awful system that should never have been allowed to escape from the heads of the people who dreamed it up, known as "d-bus". > It seems the main block is between Chiness manufacturers and > various western open source repositories that in most case have > between 90% and 99.9% of ready-to-use source code. i'm... ok, what you're missing is that the last 0.1% (including the last 0.1% of the 10% that you mention), is absolute hell on earth to obtain. the important bits - the absolutely absolutely essential bits, without even just _one_ part of that last 0.1% and you are f****d and might as well not have bothered with the _whole_ exercise - is the platform-specific parts. ARM devices are *not* the same as x86 devices. with ARM devices, the *entire* knowledge of how to even do something as innocuous as "switch on the WIFI" or "read the battery voltage" is hard-coded into the platform-specific linux kernel. there is *no* BIOS in the ARM devices world. i repeat. there *is* no concept of "BIOS" in the ARM devices world. let's say you know how to program everything except switch on the backlight, which happens to require that you power up GPIO pin 31 followed by GPIO pin 32 - how the hell are you supposed to know that? and what happens if you don't do that? the backlight doesn't work, and you can't use the device. let's say you know how to program everything except the WIFI, which happens to use so much current starting up that you have to power it on, reset it, switch it off, wait for 10ms, then power it on, wait 1ms, power it off, wait another 1ms, power it on, wait one more ms and _then_ reset it, and it will then work ok. if you don't know that sequence, and you don't know that WIFI "power on" is connected to GPIO pin 27 and WIFI "reset" is connected to GPIO pin 12, you're screwed. btw, this sequence really _really_ was needed on one device i reverse-engineered - it was for the GSM Radio Module not the WIFI module though. it needed so much current to power up that this was the only way the original software developers could get it to start. it gets even worse if you don't know how to power up the I2C bus, or you don't know how to power up the USB devices which you're critically depending on in order to gain access to a root filesystem or something else... you see how the "oh yes it's just that last 0.1%" has turned into absolute hell on earth, just over 1 bit or 1 byte? > How can this blockage be removed you can't! ok, you can, but as you probably got a hint, from the last paragraph above, the time taken to get results is disproportionately long. to do "active" reverse-engineering, you either the device *or* the binary-only GPL-violating kernel (or usually both) require reverse-engineering. i.e. you need knowledge of the hardware (what the pins do), you need the datasheets (which you often can't get), you need to jailbreak the device, you need a license for the proprietary reverse-engineering software, or, you must be prepared to do empirical testing, which takes absolutely forever, risks blowing up the device, and you need.... ... you've not done reverse-engineering, have you? :) just to give you an example: whilst it only took me 8 weeks to do the first parts of the ipaq hw6915 reverse-engineering, where i got virtually every single peripheral up-and-running, i was then stumped for _three_ weeks trying to work out suspend/resume. why? because the parameters that were required to get the device out of "suspend" mode aren't documented anywhere. another example: the HTC Universal (aka O2 XDA-II amongst other things) took three _years_ to finally get the last piece working. oh, and i forgot to mention that in every case where there was a GPL violation regarding the kernel, there was a GPL violation regarding the u-boot source code and also witholding of critical information regarding how to upload u-boot (and where) as well. so you if you screw that up, you have to open up the device (if you haven't already), but worse than that, you have to get a soldering iron out, or potentially de-solder the main CPU, put in a replacement for the track or the blown e-fuse which was _deliberately_ placed under the CPU just to make life hell on earth for anyone prepared to do hardware-reverse-engineering, so that you can get access to the JTAG port. by now you should appreciate that it's just... not worth the hassle. i've _been_ here, mark - not "oh yeah i heard about this reverse-engineering stuff, surely it can't be that hard??" well i can tell you it fucking well is. i spent 12 weeks looking for one mistake on sending data over SSP to a touchscreen; i've spent 10 weeks looking for a single bit-change on NT Domains Network traffic. you do *not* want to go down this road. > and/or why are Chinese manufacturers seemingly > at the mercy of their ODM partners? it's not "seemingly". * anyone who refuses to sign the GPL-violating NDA simply... won't get access to the schematics or the GPL source code, and that's the end of it. that's from the SoC vendors to the "first line" ODM partners (!) who quotes misunderstand quotes that they cannot supply GPL code under NDA, but they can always claim "it was for the schematics, not the GPL source code. really". * the ODMs then go "aw shit - we must force the manufacturers to sign an NDA, and also sign the SoC vendor's NDA too, and even then we're under NDA so we can't give out the GPL source code!" * even if they work with a "good" SoC vendor, the ODMs themselves may "try it on", completely ignoring Copyright Law. it's _complicated_ in other words. there are a number of reasons, because of variations in each case (of which i've dealt with about 50, to varying levels. i've learned to give up and not waste my time, i have better things to do) > Perhaps it's as simple is the mandatory English-only communication > channels surrounding the western repositories. if that were the case, then those people should just release whatever they have done, and let other people sort it out (who speak english). as it turns out, they have to employ people who can at least read and write english: it's source code, it's in english, and they can also type "git commit" as it also turns out, because i've seen evidence of this from tarballs of git repositories that ended up on "megaupload" or other quotes legal quotes filesharing sites. so it's not - it's a cultural thing as well as a "sod you, we're in a different country" thing, backed up by the inordinate cost of prosecuting Copyright violations in China (from outside of China) if you want to enforce GPL compliance across International Boundaries (which is actually possible) you need to be prepared to pay at least three legal teams (maybe you can cut the costs down to two, by using the SFLC for one of them) because: * one legal team you will need in the country you're initiating the lawsuit from * one legal team whom you pay for the contacts and also the knowledge of how to go about suing companies across the specific international borders that you're crossing. * one legal team you will need in the country of the company you're targetting btw - all of this i mention not to "impress" you or anyone else (*) - but to underscore and emphasise why it is that i'm saying that the opportunity i've engineered is the way it is precisely because all other options - all other paths - are closed, prohibitively expensive, insane, or all three. l. (*) you think i'd be dumb enough to waste my time writing "oo look i have a big ego, i _really_ want to tell everyone: isn't it impressive that i did all this work, 3 years reverse-engineering and 2-years negotiating with factories, and was paid absolutely nothing for it by anyone to do that research, and got nothing for it - no payment at the end of all that work whatsoever" you must be, with the greatest of respect, completely off your trolley. please get back on it: the men in white coats will be back shortly. _______________________________________________ Freedombox-discuss mailing list Freedombox-discuss(a)lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

Dept. of Defense IPv6 Interoperabilty Test Begins
by brian-slashdotnews＠hyperreal.org 06 Jul '18

06 Jul '18

Link: http://slashdot.org/article.pl?sid=03/10/22/1755258 Posted by: CowboyNeal, on 2003-10-22 20:01:00 Topic: internet, 259 comments from the let's-get-it-on dept. [1]securitas writes "The [2]Department of Defense has launched Phase I of its delayed IPv6 interoperability test ([3]mirror) in a six-month project dubbed [4]Moonv6. It is the [5]largest North American IPv6 test ever and its goal is to evaluate IPv6 for 'network-centric military operations.' Phase II was originally scheduled to begin in January 2004 but may be delayed due to the late start of the current test. 'IPv4 addresses are 32 bits long, enough for around 4 billion unique addresses.' In contrast, the IPv6 address length is '128 bits, or 340 billion billion billion billion unique addresses.' Experts hope this will solve a predicted IP address shortage as more devices are created to use the Internet." [6]Click Here References 1. http://geartest.com/ 2. http://www.computerworld.com/governmenttopics/government/story/0,10801,86243, 00.html 3. http://www.linuxworld.com.au/index.php?id=1854687864&fp=2&fpid=1 4. http://www.moonv6.org/ 5. http://dc.internet.com/news/article.php/3095951 6. http://ads.osdn.com/?ad_id=78&alloc_id=1118&site_id=1&request_id=168131&op=… ick&page=%2farticle%2epl ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 0.97c removed an attachment of type application/pgp-signature]

1 0

Re: [Freedombox-discuss] [Arm-netbook] Debian GNU/Linux on tablet hardware
by Luke Kenneth Casson Leighton 06 Jul '18

06 Jul '18

On Sat, Oct 29, 2011 at 1:47 AM, Mark Constable <markc(a)renta.net> wrote: > On 2011-10-28 07:50 PM, Luke Kenneth Casson Leighton wrote: >> ... >> it's an insane situation - i'm offering Free Software Developers >> a "way out" of this insanity. > > Excellent disclosure of the reality of dealing with Chinese > manufaturers. So you are suggesting the main problem is matching > up an OS with the hardware, not the hardware itself. nggggggh YES, finally, someone gets it. [i've done reverse-engineering of 7 different ARM-based devices. you do not want to go there]. > A few months ago I made a plea for a non-netbook tablet solution > to allow those keen to develop OS options a chance of getting > something ready NOW while we wait for the "ideal" form factor > parts to fall into place. Unfortunately the core point of that > email, "give us something to develop on now", got buried under > an assertion that any device won't end up in the hands of GPL > tolerant western developers much under $300 retail/delivered. well... let me think.... nope, it's not true. order 10 of these, you get them for $149 each: http://quickembed.com/Tools/Shop/DSP/201105/170.html get 10 of those into one country in 1 box, sent with individual shipping labels on each, split automatically once they're through Customs, you don't have to pay individual shipping costs just to get the damn things into the country. franson might squawk at the idea of having to put individual shipping labels on each item and _then_ put them inside a larger box (addressed to the Customs Office itself!) but it's a common enough technique, he may have encountered it before: you'll have to ask him. but it's _almost_ true - $149 for only 10of, plus tax, plus shipping, it starts to approach $200 and a bit more... but for these, it's definitely not true. in 1-off prices, these are $99: http://quickembed.com/Tools/Shop/ARM/201007/118.html and this one, split-level design, are $109: http://quickembed.com/Tools/Shop/ARM/201102/164.html you can, in larger quantities, ask for a quote (minimum 3 so as not to waste franson's time, please) and they're S3C6410 ARM11s so you'd get a very _very_ approximate idea of the speed of operating on a system-which-had-an-ARM11-CPU (see below, please). in each case, the developers would not need the LCD screen, so it's obviously not included in the prices, and if any developer asks you for one, you know they're trying it on, and not to send them a device. note that on EVERY SINGLE PAGE, quickembed supply the GPL source code with the device. but, regardless of cost or availability, i don't see what value placing such a device into the hands of those developers would actually bring to the table (see further below) > Fortunately for all concerned, the Raspberry PI will change this > situation forever in another 1/2 year (a few months after it hits > the market) so the plea to get "anything" into the hands of said > GPL-tolerant developers is about to be solved. what exactly are you after that cannot be solved by running arm-qemu? (which, btw, is quite tolerable on a dual-core 2ghz xeon). please please for god's sake don't tell me you expect the linux kernel on the raspberrypi to be of any use to man or beast for any other ARM-based device (including one which has the exact same ARM11 CPU). the only possible reason i can think of that _might_ be of benefit is if the "target" device(s) which were chosen for loading FreedomBox Software on were: * exactly the same CPU (ARM11 TCC8902 i think it is) * exactly the same amount and sized RAM * exactly the same RAM programmed in software to run at exactly the same speed * exactly the same NAND flash hooked up in exactly the same way. you would not believe the variation in speed which occurs by making a change as quotes simple quotes as putting in faster (or slower) RAM or NAND flash, or by changing the timings parameters on access to the RAM. just like in the x86 world, it's not just about "how fast the CPU is clocked". so if you want (wanted) to get an idea of how fast a particular system will be, then... you need to build that particular system! so again, with the greatest of respect i have to ask: what exactly is the benefit that is gained, which cannot be had by using qemu-arm? qemu-arm would, by virtue of being slow, at least teach people to write efficient code and scripts. and cut out that god-awful system that should never have been allowed to escape from the heads of the people who dreamed it up, known as "d-bus". > It seems the main block is between Chiness manufacturers and > various western open source repositories that in most case have > between 90% and 99.9% of ready-to-use source code. i'm... ok, what you're missing is that the last 0.1% (including the last 0.1% of the 10% that you mention), is absolute hell on earth to obtain. the important bits - the absolutely absolutely essential bits, without even just _one_ part of that last 0.1% and you are f****d and might as well not have bothered with the _whole_ exercise - is the platform-specific parts. ARM devices are *not* the same as x86 devices. with ARM devices, the *entire* knowledge of how to even do something as innocuous as "switch on the WIFI" or "read the battery voltage" is hard-coded into the platform-specific linux kernel. there is *no* BIOS in the ARM devices world. i repeat. there *is* no concept of "BIOS" in the ARM devices world. let's say you know how to program everything except switch on the backlight, which happens to require that you power up GPIO pin 31 followed by GPIO pin 32 - how the hell are you supposed to know that? and what happens if you don't do that? the backlight doesn't work, and you can't use the device. let's say you know how to program everything except the WIFI, which happens to use so much current starting up that you have to power it on, reset it, switch it off, wait for 10ms, then power it on, wait 1ms, power it off, wait another 1ms, power it on, wait one more ms and _then_ reset it, and it will then work ok. if you don't know that sequence, and you don't know that WIFI "power on" is connected to GPIO pin 27 and WIFI "reset" is connected to GPIO pin 12, you're screwed. btw, this sequence really _really_ was needed on one device i reverse-engineered - it was for the GSM Radio Module not the WIFI module though. it needed so much current to power up that this was the only way the original software developers could get it to start. it gets even worse if you don't know how to power up the I2C bus, or you don't know how to power up the USB devices which you're critically depending on in order to gain access to a root filesystem or something else... you see how the "oh yes it's just that last 0.1%" has turned into absolute hell on earth, just over 1 bit or 1 byte? > How can this blockage be removed you can't! ok, you can, but as you probably got a hint, from the last paragraph above, the time taken to get results is disproportionately long. to do "active" reverse-engineering, you either the device *or* the binary-only GPL-violating kernel (or usually both) require reverse-engineering. i.e. you need knowledge of the hardware (what the pins do), you need the datasheets (which you often can't get), you need to jailbreak the device, you need a license for the proprietary reverse-engineering software, or, you must be prepared to do empirical testing, which takes absolutely forever, risks blowing up the device, and you need.... ... you've not done reverse-engineering, have you? :) just to give you an example: whilst it only took me 8 weeks to do the first parts of the ipaq hw6915 reverse-engineering, where i got virtually every single peripheral up-and-running, i was then stumped for _three_ weeks trying to work out suspend/resume. why? because the parameters that were required to get the device out of "suspend" mode aren't documented anywhere. another example: the HTC Universal (aka O2 XDA-II amongst other things) took three _years_ to finally get the last piece working. oh, and i forgot to mention that in every case where there was a GPL violation regarding the kernel, there was a GPL violation regarding the u-boot source code and also witholding of critical information regarding how to upload u-boot (and where) as well. so you if you screw that up, you have to open up the device (if you haven't already), but worse than that, you have to get a soldering iron out, or potentially de-solder the main CPU, put in a replacement for the track or the blown e-fuse which was _deliberately_ placed under the CPU just to make life hell on earth for anyone prepared to do hardware-reverse-engineering, so that you can get access to the JTAG port. by now you should appreciate that it's just... not worth the hassle. i've _been_ here, mark - not "oh yeah i heard about this reverse-engineering stuff, surely it can't be that hard??" well i can tell you it fucking well is. i spent 12 weeks looking for one mistake on sending data over SSP to a touchscreen; i've spent 10 weeks looking for a single bit-change on NT Domains Network traffic. you do *not* want to go down this road. > and/or why are Chinese manufacturers seemingly > at the mercy of their ODM partners? it's not "seemingly". * anyone who refuses to sign the GPL-violating NDA simply... won't get access to the schematics or the GPL source code, and that's the end of it. that's from the SoC vendors to the "first line" ODM partners (!) who quotes misunderstand quotes that they cannot supply GPL code under NDA, but they can always claim "it was for the schematics, not the GPL source code. really". * the ODMs then go "aw shit - we must force the manufacturers to sign an NDA, and also sign the SoC vendor's NDA too, and even then we're under NDA so we can't give out the GPL source code!" * even if they work with a "good" SoC vendor, the ODMs themselves may "try it on", completely ignoring Copyright Law. it's _complicated_ in other words. there are a number of reasons, because of variations in each case (of which i've dealt with about 50, to varying levels. i've learned to give up and not waste my time, i have better things to do) > Perhaps it's as simple is the mandatory English-only communication > channels surrounding the western repositories. if that were the case, then those people should just release whatever they have done, and let other people sort it out (who speak english). as it turns out, they have to employ people who can at least read and write english: it's source code, it's in english, and they can also type "git commit" as it also turns out, because i've seen evidence of this from tarballs of git repositories that ended up on "megaupload" or other quotes legal quotes filesharing sites. so it's not - it's a cultural thing as well as a "sod you, we're in a different country" thing, backed up by the inordinate cost of prosecuting Copyright violations in China (from outside of China) if you want to enforce GPL compliance across International Boundaries (which is actually possible) you need to be prepared to pay at least three legal teams (maybe you can cut the costs down to two, by using the SFLC for one of them) because: * one legal team you will need in the country you're initiating the lawsuit from * one legal team whom you pay for the contacts and also the knowledge of how to go about suing companies across the specific international borders that you're crossing. * one legal team you will need in the country of the company you're targetting btw - all of this i mention not to "impress" you or anyone else (*) - but to underscore and emphasise why it is that i'm saying that the opportunity i've engineered is the way it is precisely because all other options - all other paths - are closed, prohibitively expensive, insane, or all three. l. (*) you think i'd be dumb enough to waste my time writing "oo look i have a big ego, i _really_ want to tell everyone: isn't it impressive that i did all this work, 3 years reverse-engineering and 2-years negotiating with factories, and was paid absolutely nothing for it by anyone to do that research, and got nothing for it - no payment at the end of all that work whatsoever" you must be, with the greatest of respect, completely off your trolley. please get back on it: the men in white coats will be back shortly. _______________________________________________ Freedombox-discuss mailing list Freedombox-discuss(a)lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

Re: [liberationtech] Facebook blikesb used as evidence of material support for terrorism
by Douglas Lucas 06 Jul '18

06 Jul '18

Here is an article about the 4 US residents in question: http://www.cnn.com/2012/11/20/us/afghanistan-taliban/index.html Here is the indictment PDF: http://www.investigativeproject.org/documents/case_docs/2070.pdf According to the PDF, defendants "conspired to provide material support and resources, including but not limited to property, services, and personnel, including themselves, knowing and intending that they be used in preparation for, and in carrying out, crimes of terrorism in violation of Title 18, United States Code, Section 2339A." The indictment uses (among other things) social media likes/shares as evidence that there is "probable cause to believe" defendants violated the law, but, from what I can discern, does not say the likes/shares themselves constituted material support per se. From my inexpert reading of the indictment, it suggests that (there is probable cause to believe that) the defendants themselves constituted the material support. Sort of a strange existential distinction there... Somebody who has more legal knowledge than I might be able to comment on this more usefully. On 11/28/2012 01:40 PM, Mohammad Shublaq wrote: > Facebook blikesb used as evidence of material support for terrorism > > http://www.fightbacknews.org/2012/11/27/facebook-likes-used-evidence-materi… -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

EDRi-gram newsletter - Number 8.19, 6 October 2010
by EDRI-gram newsletter 06 Jul '18

06 Jul '18

============================================================ EDRi-gram biweekly newsletter about digital civil rights in Europe Number 8.19, 6 October 2010 ============================================================ Contents ============================================================ 1. EDRi's answer to net neutrality consultation 2. Hearing on Internet Blocking in the European Parliament 3. First warning letters sent by French ISPs under the three-strikes system 4. Italy: Online editors are not liable as the printed press 5. EU concerns for US plans to increase the amount of bank transfer data 6. New EC Expert Group on the Internet of Things 7. Private data exposed on UK Law firm website 8. YouTube won a case against copyright infringement accusations in Spain 9. Phorm case sends the UK to the European Court of Justice 10. ENDitorial: Council of Europe: Bad news as it happens 11. Recommended Action 12. Recommended Reading 13. Agenda 14. About ============================================================ 1. EDRi's answer to net neutrality consultation ============================================================ Who gets to decide what you do on the internet: you or your internet service provider? Until recently, the answer was simple: you decide which services and websites you want to visit. This is changing rapidly, however. Most internet providers want to restrict your internet traffic. Unless the European Commission prohibits them from doing so. EDRi, in a common submission with its member Bits of Freedom, urged the European Commission to prohibit this. The submission was sent as an answer to a public consultation on net neutrality opened until 30 September 2010. In our submission, EDRi concludes that: - An open internet is crucial for fundamental freedoms, innovation, and competition. - Internet providers, however, have incentives of their own to stifle the open internet. - Furthermore, governments and private parties attempt to force internet providers to stifle the open internet for the benefit of narrow sectorial interests. - And, in practice, internet providers do indeed stifle the open internet for the above reasons. - Meanwhile, transparency obligations, competition and minimum guarantees cannot safeguard an open internet. - Waiting is not an option, as the examples of local loop unbundling and mobile roaming demonstrate. - Narrowly-tailored regulatory EU measures should therefore safeguard the open internet. Response of Bits of Freedom and EDRi to the public consultation of the European Commission on the open internet and net neutrality in Europe (30.09.2010) http://www.edri.org/docs/netneutralityreaction300910.pdf (thanks to Ot Van Daalen - EDRi-member Bits of Freedom) ============================================================ 2. Hearing on Internet Blocking in the European Parliament ============================================================ The European Parliament's Civil Liberties Committee held a hearing on the Child Exploitation Directive on 28 and 29 September, chaired by the Parliament's Rapporteur, Roberta Angelilli (EPP, Italy). The event was opened by the MEP responsible for the dossier, Ms Angelilli herself and the Rapporteurs from the two Committees providing an "Opinion" on the dossier - Culture (Petra Kammerevert, S+D, Germany) and Gender Equality (Marina Yannakoudakis, ECR, UK). Ms Kammerevert reflected on the detail of the proposal, on the need to ensure that the measure is well targeted and that we use proper evidence to produce effective strategy. On this basis, Ms Kammerevert argued strongly against the concept of web blocking as an effective strategy. Ms Yannakoudakis argued that free speech should not be a barrier when trying to protect children and blocking might be useful and therefore should be deployed. In the second session of the event, EU institutions and bodies gave their views on the dossier. The interventions from the Fundamental Rights Agency and the Deputy European Data Protection Supervisor were interesting insofar as both highlighted the costs of blocking in terms of fundamental rights and privacy but neither devoted a moment to question the supposed benefits. This was even stranger when we consider that the Fundamental Rights Agency pointed out the need to make a proper impact assessment. Ms Asenius, head of Cabinet of Commissioner Malmstrvm repeated the frequently myth that there were huge profits to be made in commercial exploitation of child abuse images. However, in the discussion period afterwards, German Green MEP Jan Albrecht pointed out that the Commission-funded "Financial Coalition against Child Pornography" published an up to date report in September which shows that this is simply not the case. Ms Asenius chose not to respond. A further valuable but answerless question was put by Vilija Blinkeviciute (S+D, Lithuania), who asked how the Parliament was supposed to legislate without the data needed to make an informed decision. The session with police organisations took place at the same time as the Civil Liberties Committee organised a vote elsewhere in the Parliament. As a result, there were no parliamentarians at all present for most of the speeches. Bjorn-Erik Ludvigsen accused opponents of blocking of being in favour of child abuse while Bjorn Sellstrvm made an odd argument that blocking would only be effective if everyone did it. From a law enforcement perspective, it would appear to make more sense to aim motivating all countries to prosecute crimes in their own country rather than creating systems to hide infringements abroad. In the final session devoted to NGOs, the UK hotline (the Internet Watch Foundation) described the statistics produced by that organisation, including the huge and rapid growth in the hosting of abuse material on free hosting services (without mentioning that it is easier to have such sites deleted than to block them), the growth in the abuse of free image hosting sites (without mentioning that it is easier to have such images deleted than to block them) and the growth in the proportion of websites that move very quickly (without mentioning that these move too quickly to be blocked). EDRi's presentation highlighted the technical inadequacies of blocking, the risks associated with blocking and the poor preparatory work of the European Commission. John Carr from the Commission-funded group eNACSO explained that big companies had implemented blocking, so it couldn't be inadequate. He added that guns could be used for good and bad purposes, so the fact that blocking could be used for good and bad purposes did not mean that blocking was inherently bad. During the final discussion, Christian Bahls from MOgIS (the association of abuse victims against blocking) argued that blocking risked damaging the integrity of the Internet, that the issue with re-victimisation was not the possible existence of images on the Internet but the very existence of the images and also that it was necessary to do properly research the problem and then produce solutions rather than the other way around. EDRi's blocking booklet in English, German, Czech and Romanian http://www.edri.org/issues/freedom Text of EDRi presentation to the hearing (29.09.2010) http://www.edri.org/files/libe_hearing_100929.pdf Video of EDRi presentation at the hearing (29.09.2010) http://www.youtube.com/watch?v=fxq--FqccGE Commission official explains (again) the Commission's research http://www.youtube.com/watch?v=KNKHMazHCuw European Financial Coalition against commercial sexual exploitation of children online - Report (2010) http://www.ceop.police.uk/Documents/EFC%20Strat%20Asses2010_080910b%20FINAL… MOgIS YouTube channel https://www.youtube.com/user/MOGiSVerein EDRi-gram: ENDitorial: Internet blocking in ten weeks and counting (22.09.2010) http://www.edri.org/edrigram/number8.18/10-weeks-until-internet-blocking (Contribution by Joe McNamee - EDRi) ============================================================ 3. First warning letters sent by French ISPs under the three strikes system ============================================================ On 1 October 2010, Bouygues Telecom and Numiricable were the first French ISPs to send warning emails to suspected illegal file-sharers, on behalf of Hadopi authority. According the media reports several hunderds warning emails have been send in these first days. After this first message, the Internet user deemed to have allegedly continued to illegally download copyrighted content in the following six months, will receive a second warning by a registered letter. The third alleged infringement may be penalised by a fine and the suspension of the user's subscription up to a year without the possibility to make another subscription during that period. This is how the warning letter begins: "Attention, your Internet connection has been used to commit acts that could constitute a breach of the law," adding that piracy "is a serious threat to the economy of the cultural sector." Orange and SFR were supposed to send their first e-mails on 4 October but there has been no communication from them until now, while Free has already stated it would not send the e-mails, pending an answer from the Ministry of Culture and Hadopi on its alternative method for dealing with customers, taking the privacy concerns of the French Data Protection Authority - CNIL into account. The French authority on implementing the three strikes law also launched on 1 October 2010 its official website, Hadopi.fr, which includes news, a presentation of the authority, information on "responsible usage", a forum for questions and other types of information such as the action to take in case of receiving a warning message from the authority. During a press conference that took place on 5 October 2010, Hadopi representatives did not want to comment on the launch of the warning messages. The only comment that Hadopi president Marie-Frangoise Marais made was that the three-strikes process was going on. She also added that while the dialogue with the ISP Free was in progress, Free's lack of cooperation would reflect on its users because they would not receive an initial email warning in the event of copyright infringement but they would receive a registered letter (the second stage) in case of repeated infringement. While the Hadopi.fr site has brought about a lot of sarcastic comments, Numerama launched Hadopi-Data.fr site, a tool that will should allow the supervision of Hadopi's activity considering that transparency is not a strong point of the regulator. Internet users having received a warning message may anonymously place information on Hadopi-Data.fr regarding the date they received the warning, the date of the alleged infringement act, the type of works in question and their postal code. This last piece of information can be used to check out whether there is any geographic targeting by Hadopi. Based on the data input, Numerama intends to create graphs on the ISPs that send the e-mails to their subscribers, on categories of works that generate the most numerous warnings and on Hadopi's activity in time. The ammount of data will therefore be vital in order to have a clear overview of the situation. La Quadrature du Net has also launched a citizen initiative trying to find the first French Internet user to receive an e-mail initiated by Hadopi. Threatened by attacks, Hadopi.fr opens its doors (only in French, 1.10.2010) http://www.01net.com/editorial/521611/menace-dattaques-hadopi-fr-ouvre-ses-… Hadopi-Data.fr :let's check together Hadopi's activity (only in French, 4.10.2010) http://www.numerama.com/magazine/16921-hadopi-datafr-controlons-ensemble-l-… Hadopi : the first e-mails at Bouygues, SFR, Orange and Numericable? (only in French, 4.10.2010) http://www.numerama.com/magazine/16963-hadopi-1ers-e-mails-chez-bouygues-sf… Hadopi. The first warnings sent (only in French, 5.10.2010) http://www.letelegramme.com/ig/generales/france-monde/france/hadopi-premier… First Anti-Piracy Warnings Issued In France (5.10.2010) http://www.billboard.biz/bbbiz/content_display/industry/e3i7b035dcf5d2c2ea7… ============================================================ 4. Italy: Online editors are not liable as the printed press ============================================================ The Italian Court of Cassation ruled in a decision taken on16 July 2010 and published on 1 October 2010 that online editors are not directly liable for the content published on their websites. In this case, it was considered that art.57 of the Italian Criminal Code which requires control of newspaper editors over the published content covers exclusively the hard copy written works. The ruling overturned a previous decision of the Appeal Court of Milan having convicted the editor of Merate Online portal for not having checked the content of a letter that proved defamatory for Justice Minister Roberto Castelli. The Court of Cassation stated that Article 57 "refers specifically to information disseminated through the 'press'. The letter of the law is unequivocal and that conclusion also bears a historical interpretation of the rule." Law 47 from 1948 defines the 'press' as "any typographical or other reproductions obtained by mechanical or physical-chemical way of publication". In the court's opinion, a web publication does not fall into the definition of the 1948 law and hence is not covered by art.57 of the Criminal Law. The ruling also relied on decree 70/2003 which explicitly rules out the online service's responsibility for the content of their users in case they are unaware of the illegal character of the respective content. The director of a web newspaper is not liable for failing control (only in Italian, 1.10.2010) http://www.repubblica.it/cronaca/2010/10/01/news/cassazione_per_le_testate_… Cassation: The Online Editor is not "responsible" (only in Italian, 2.10.2010) http://www.mcreporter.info/stampa/cass35511.htm Cassation Court - Decision no. 35511 (only in Italian, 16.07. 2010) http://www.mcreporter.info/giurisprudenza/cass10_35511.htm ============================================================ 5. EU concerns for US plans to increase the amount of bank transfer data ============================================================ The EU Commission and MEPs have requested clarifications from US Administration regarding the plans to extend existing anti-terrorism programs targeting bank transfers which would make the EU-US so-called Swift agreement invalid. The Washington Post announced on 27 September 2010 that the Obama administration wanted to require U.S. banks to report all electronic money transfers into and out of the country thus helping the authorities in spotting transfers that might finance terrorist attacks. The expanded financial data would allow anti-terrorist agencies to better understand normal money-flow patterns in order to track down abnormal activities. According to the Financial Crimes Enforcement Network's (FinCEN) rulemaking proposal, the US Financial institutions will be required to report to the Treasury Department the smallest transfers. Presently, only transactions in excess of 10 000 USD and others transactions considered as suspicious are reported. US authorities plan to gather information about 750 million transfers per year into a database that will be used by law enforcement and regulatory agencies. The data attached to such transfers usually include the name, address and account number of the sender and recipient and for money-service businesses, a driver's license or passport number. The proposal also requires the banks to provide the Social Security numbers for all wire-transfer senders and recipients on an annual basis. "By establishing a centralized database, this regulatory plan will greatly assist law enforcement in detecting and ferreting out transnational organized crime, multinational drug cartels, terrorist financing and international tax evasion," was the explanation given by James H. Freis Jr., director of FinCEN. FinCEN's proposal comes as a result of the requirements of the Intelligence Reform and Terrorism Prevention Act of 2004 which asked the Secretary of the Treasury to study the feasibility of requiring such financial institutions as the Secretary determines to be appropriate to report to the Financial Crimes Enforcement Network on certain cross-border electronic transmissions of funds, if the Secretary determines that reporting of such transmissions is reasonably necessary to assist the efforts of the Secretary against money laundering and terrorist financing. This move has created great concern in the EU. "We urgently seek clarifications from the US if these plans are an infringement of the Swift agreement and the EU commission promised to demand further information on it," stated MEP Sophie in't Veld after a closed-door meeting with Commission officials on 27 September. Under the present Swift agreement that came into force on 1 August 2010, US officials can request European data relevant to a specific terrorist investigation from Swift but the request must be approved by the Europol, EU's police co-operation unit, and has to meet certain requirements. However, in view of the new US plans, the transactions between the European and USA banks would be captured even if there is no substantiated need. "We see so many data transfers - passenger name records, Swift data, credit card information connected to the travel fee - that we are wondering where all this ends," stated Sophie in't Veld who added "We are all getting a bit tired of being taken by surprise all the time. The US is our friend and ally, so we shouldn't be treated this way." The plans are criticised in the USA as well. "This regulation is outrageous. (....) I believe you need to show some evidence of criminality before you are granted unfettered access to the private financial affairs of every individual and company that dares to conduct financial transactions overseas," said lawyer Peter Djinis, former FinCEN executive assistant director for regulatory policy. Money transfers could face anti-terrorism scrutiny (27.09.2010) http://www.washingtonpost.com/wp-dyn/content/article/2010/09/26/AR201009260… FinCEN Proposes Regulatory Requirement for Financial Institutions to Report Cross-Border Electronic Transmittals of Funds (27.09.2010) http://www.fincen.gov/news_room/nr/html/20100927.html MEPs demand explanation on US plan to monitor all money transfers (28.09.2010) http://euobserver.com/9/30905/?rk=1 ============================================================ 6. New EC Expert Group on the Internet of Things ============================================================ On 22 and 23 September 2010 the kick-off meeting of a new European Commission (EC) High Level Expert Group on the Internet of Things was held in Brussels. The group is made up of about 50 members representing organisations from industry, standardisation, research, civil society and other sectors. Representatives from member states, the European Data Protection Supervisor and the Article 29 Working Party participate in the group as observers. The group will operate until December 2012. According to the action plan described in the Communication of the European Commission "Internet of Things - An action plan for Europe" the group will work on governance, privacy and data protection, standards and interoperability, health and environment and other topics related to the development of an Internet of Things. With regard to privacy and data protection the concept of the right to the "silence of the chips", which defines that everybody should have the right to disconnect oneself from information technology, will be among the topics to be discussed in the group. Besides the Commission Communication, the report of the European Parliament, the Opinion of the European Economic and Social Committee, the Opinion of the Committee of the Regions on the Internet of Things and the Opinion of the European Data Protection Supervisor on Promoting Trust in the Information Society by Fostering Data Protection and Privacy will be important documents guiding the work of the group. EDRi has been invited by the European Commission to participate in the Expert Group and is looking forward to working with the Commission, the members and observers of the group on the framework for an Internet of Things being an Internet for the people. Commission Communication "Internet of Things - An action plan for Europe" http://ec.europa.eu/information_society/policy/rfid/documents/commiot2009.p… European Parliament resolution of 15 June 2010 on the Internet of Things (2009/2224(INI)) (15.06.2010) http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//TEXT+TA+P7-TA-2… EDRi-gram: EP calls for a clear legal framework for the Internet of Things (30.06.2010) http://www.edri.org/edrigram/number8.13/european-parliament-on-internet-of-… Opinion of the European Economic and Social Committee on "The Internet of Things" http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:C:2009:077:0060:00… Opinion of the Committee of the Regions on the Internet of Things and re-use of Public Sector Information http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:C:2010:175:0035:00… Opinion of the European Data Protection Supervisor on Promoting Trust in the Information Society by Fostering Data Protection and Privacy (19.03.2010) http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consu… (Contribution by Andreas Krisch - EDRi) ============================================================ 7. Private data exposed on UK Law firm website ============================================================ On 24 September 2010, the website of the UK Law Firm ACS:Law suffered a massive breach of security apparently under a Denial of Service attack initiated by a group entitled Anonymous within the Operation Payback, which led to the exposure of what seemed to be part of the internal email database of the website. Although the ISP hosting ACS:Law's website suspended the account right after the attack, the site became active again, without any apparent reason, pointing to the root directory of the web and revealing a folder containing an archived backup of the company's mailboxes. The content of the folder was downloaded and posted on Pirate Bay. ACS:Law has been well known lately for the threatening letters sent to alleged file sharers suspected of breaching copyright asking them to pay money in order to avoid going to court. The company was already referred by privacy groups to the Solicitors Disciplinary Group for "bullying and excessive conduct" at the beginning of September 2010. The data exposed by the attack appear to include among other things, an excel file attached to an e-mail sent by Andrew Crossly, head of ACS:Law, to his colleagues, including the names and addresses of apparently more than 10 000 broadband subscribers with the names of the movies allegedly downloaded by them in breach of copyright. As a result of the event, Privacy International (PI) has announced that it was blaming ACS:Law for the indicent and that it was planning to bring a legal action against the company for breaching the privacy of internet users. PI has also notified the UK Data protection authority - Information Commissioner's Office (ICO) on the matter. "... there is no evidence to suggest that the web server was compromised; it would seem that this data breach was purely down to poor server administration and a lack of suitable data protection and security technologies. there is no evidence to suggest that the web server was compromised; it would seem that this data breach was purely down to poor server administration and a lack of suitable data protection and security technologies," says PI in a press release issued on 27 September. Information Commissioner Christopher Graham took the matter seriously and told the BBC that he would investigate the matter which might be a chance for him to use the extra powers he has been recently granted. ACS:Law might face a very significant fine. "The Information Commissioner has significant power to take action and I can levy fine of up to half a million pounds on companies that flout the Data Protection Act," said the Commissioner. The ICO will investigate on the security of the information stored by ACS:Law and on how easy it was to access it. "We'll be asking about the adequacy of encryption, the firewall, the training of staff and why that information was so public facing," said the Commissioner. ACS:Law Email Database Leaked onto The Pirate Bay (24.09.2010) http://www.slyck.com/story2058_ACSLaw_Email_Database_Leaked_onto_The_Pirate… Law firm could face first #500,000 data leak fine (29.09.2010) http://www.out-law.com//default.aspx?page=11404 Privacy International Plans Legal Action Against ACS:Law (27.09.2010) http://www.slyck.com/news.php?story=2061 PI aims to pursue UK law firm for data breach (27.09.2010) http://www.privacyinternational.org/article.shtml?cmd%5B347%5D=x-347-566663 EDRi-gram: UK: Harassing innocent users for copyright infringement (8.09.2010) http://www.edri.org/edrigram/number8.17/acs-law-harassing-copyright-infring… ============================================================ 8. YouTube won a case against copyright infringement accusations in Spain ============================================================ Google has won a battle against Spanish broadcaster Telecinco which brought the company to court in June 2008 claiming that the company's service YouTube was liable for the copyrighted material posted by its users. Spanish Commercial Court no.7 of Madrid ruled against Telecino, following the EU E-commerce directive which says that a website is responsible for the content uploaded by its users only if a notification of allegedly copyright infringing content is made. Once the notification is received, the website has to remove the respective content. Telecino claimed that Youtube already had procedures in place for copyright owners to identify and notify the website of any videos that allegedly breach copyright but Google argued that screening material before it was made available would be an impossible action. "This decision demonstrates the wisdom of European laws. More than 24 hours of video are loaded on to YouTube every minute. If internet sites had to screen all videos, photos and text before allowing them on a website, many popular sites - not just YouTube, but Facebook, Twitter, MySpace and others - would grind to a halt," was Aaron Ferstman's comment on Google;s European public policy blog. Google has also been careful to reaffirm that it respects copyright laws: "We are very pleased with today's ruling. The win today confirms what we have said throughout this process: YouTube complies with the law. The ruling recognises that YouTube is merely an intermediary content-hosting service and therefore cannot be obliged to pre-screen videos before they are uploaded." Telecino, which was bound to pay for the trial expenses, stated that the judge's decision was only trying to avoid "taking a decision that would have placed in checkmate the national and international trade of YouTube and its owner Google" and that it intended to defend itself from the attacks against its rights and to appeal to superior legal courts. Spanish court throws out copyright infringement claims against Youtube (23.09.2010) http://www.theinquirer.net/inquirer/news/1735045/spanish-court-throws-copyr… YouTube wins against Telecinco in the tribunal(only in Spanish, 23.09.2010) http://www.elmundo.es/elmundo/2010/09/23/comunicacion/1285234927.html Google wins YouTube case in Spain (23.09.2010) http://www.guardian.co.uk/technology/2010/sep/23/google-wins-youtube-case-s… A big win for the Internet (23.09.2010) http://googlepolicyeurope.blogspot.com/2010/09/big-win-for-internet.html ============================================================ 9. Phorm case sends the UK to the European Court of Justice ============================================================ The European Commission announced that it has referred the UK to the European Court of Justice for an improper implementation of EU data protection rules, following several complaints in the Phorm case. The Commission received complaints from the UK citizens about Phorm that worked by checking out the web traffic between an ISP client and the sites it visits. This form of behavioural advertising by ISPs (targeted advertising based on prior analysis of users' internet traffic) was reported by EDRi-member Open Rights Group and others NGOs to the UK Data Protection Authority - Information Commissioner's Office. British Telecom ran in 2006 and 2007 two secret trials of deep-packet inspection technology on its broadband customers, without informing them. The European Commission started the legal action against the UK in April 2009 and sent another warning in October 2009 asking the British authorities to properly implement the Data Protection Directive and the ePrivacy Directive. Now, the Commission has referred UK to the European Court of Justice for failing to "ensure the confidentiality of the communications and related traffic data by prohibiting unlawful interception and surveillance" and to implement in the UK law the definition of consent as the "freely given, specific and informed indication of a person's wishes". Digital Agenda: Commission refers UK to Court over privacy and personal data protection (30.09.2010) http://europa.eu/rapid/pressReleasesAction.do?reference=IP/10/1215&format=H… EU takes Britain to court over online data protection (30.09.2010) http://euobserver.com/22/30935 EU taking UK to court for privacy deficiencies highlighted by Phorm (30.09.2010) http://www.openrightsgroup.org/blog/2010/eu-taking-uk-to-court-for-privacy-… EDRi-gram: UK: Phorm threat (28.01.2009) http://www.edri.org/edri-gram/number7.2/phorm-uk ============================================================ 10. ENDitorial: Council of Europe: Bad news as it happens ============================================================ The third Council of Europe (CoE) Committee of experts on new media (MC-NM), held on 27-28 September 2010 in Strasbourg, is likely to dampen enthusiasm. To start with, the current vice-chair Michael Truppe is leaving the group to hold another position on the Austrian scene. With his knowledge of the group issues and his vision of an Internet upholding Human Rights, Michael Truppe has been instrumental to many achievements of the MC-S-IS group (MC-NM predecessor), especially with regards to the 'Recommendation on measures to promote the respect for freedom of expression and information with regard to Internet filters', adopted by the CoE Committee of Ministers in 2008. During MC-NM works, he also brought a major contribution to the draft Declaration on Network Neutrality. However, and this is the second bad news, such draft texts may see important modifications before they became adopted, since they first go through the parent body, the Steering Committee on Media and New Communication Services (CDMC) and only then are submitted to the CoE Committee of Ministers for adoption. This is what regrettably happened to the CoE Declaration on Network Neutrality (NN), adopted on 29 September 2010. While the draft, though being simply a Declaration, was an encouraging political stand from the CoE on NN, the adopted text looks like a spineless document that, actually, doesn't bring much to the issue. Where the draft called for "unobstructed" access for users to internet-based content, applications and services of their choice, the adopted text contents itself with "greatest possible access". One might wonder what this could ever mean, when such access possibilities are confronted to both the greediness of network operators, ISPs and online service providers and the breaches of human rights and fundamental freedoms by governments! Furthermore, the CDMC added a provision in reference to the EU Telecom Package adopted in 2009, following a request from one of the EU Member States. The document was finalised some days before the end of the Spanish presidency. In summary, this dilution makes the Declaration on Net Neutrality a squandered opportunity for the CoE, as well as for all those who see the democratic issues at stake with NN, rather than simply a need to ensure transparency for consumers and fair competition in a market being, in any event, dominated by few companies. The third bad news derives from management decisions by the CDMC leading to fewer human resources for its subordinated groups, at least the MC-NM. Concretely, this means that the MC-NM work on draft Recommendations regarding both search engines and social networks, in view of ensuring the respect for privacy and freedom of expression in these sectors, is now in stand-by mode, while the priority is given to the least advanced work, that is the draft Recommendation on a new notion of media. This decision to postpone the completion of the almost finished work on search engines and social networks is very unfortunate, given that both issues are very timely and involve major stakes in terms of fundamental rights and freedoms, although it is granted that discussing the extension of the notion of media - and, as a corollary, of the application of the media laws - to new media and the web2.0 services is of utmost importance. This is indeed a democratic issue, as the discussion during last MC-NM meeting has highlighted: if YouTube was considered a media, could it be blocked for more than 2 years now by a CoE Member State, namely Turkey, which has to comply with freedom of the media? If so-called 'citizen journalism' platforms were considered as media, shouldn't they operate under principles such as that of the protection of sources and the right to reply and a the same time be subject to some professional standards? Should bloggers be granted the status of journalists and under which conditions? When Google is found liable by French courts for the third time, because of its 'Google Suggest' service, on the basis that Google does indeed add a human intervention in some cases, does it exert an editorial interference or does it simply take action to protect its own interests? Should the online service market domination by a handful of vertically integrated multinational companies be considered as dangerous media concentration or as a dominant market position? In one word, should these services be regulated by media laws or by e-commerce laws? One can easily understand that the issue is complex, should be approached with particular caution, and needs very rigorous definition of criteria to identify under which conditions web2.0 services should be considered as media. The third MC-NM meeting dedicated almost its two days to this discussion, as the necessary prerequisite to come up with any Recommendation on the status of new media. Obviously, by no mean this could be reasonably completed by the end of the year or even earlier as requested by CDMC: such haste could only be harmful when human rights, democracy and freedom of the media are at stake. Last but unfortunately not least of the bad news series is related to the developments of the Cross-border Internet group (MC-S-CI). This group is also subordinated to the CDMC, but, contrarily to the case of MC-NM, is formed by, literally, a handful of individual experts (5 persons!) picked up by CDMC members, in view of nothing less than drafting a Convention, i.e. a Treaty... EDRi was granted the observer status to this group. However, an observer can only observe formal (i.e. announced and open) meetings, while the individual experts seem to have opted for "informal meetings", whatever this could mean. As a matter of fact, after a single formal meeting on 1-2 March 2010, which EDRi unfortunately missed, the MC-S-CI apparently led to prolific achievements: two draft CoE Declarations on, respectively, the Digital Agenda for Europe (indicating some extensive interpretation of MC-S-CI terms of reference) and the management of the Internet protocol address resources in the public interest (both adopted by the Committee of Ministers on 29 September) and even a draft standard-setting instrument. Regarding the latter, a conceptual framework document was ready for presentation and discussion at a workshop during the 2010 EuroDIG meeting in Madrid on 28-29 April and the draft instrument itself was circulated at a 2010 IGF workshop in Vilnius on 14-17 September (where the approach and provisions faced a lot of criticism). One would certainly bow before such intense productivity, if the situation were not raising important democratic concerns in terms of transparency and accountability. When considering, on top of this, the fact that most of the experts are ICANN insiders, the concerns can only grow, especially since the only human rights expert from the group has now resigned. As a matter of fact, the MC-S-CI group also has, in the mean time, prepared another draft Declaration on "enhanced participation in Internet governance matters - Governmental Advisory Committee (GAC) of the Internet Corporation for Assigned Names and Numbers (ICANN)" (adopted by the Committee of Ministers on 26 May 2010), and has been instrumental in having the CoE secretariat participating to the GAC's activities, first as observer and later if possible by contributing to GAC Secretariat. The diffusion of CoE values of human rights, democracy and the rule of law to IGF and ICANN would certainly improve the latter two in terms of process and substance. However, if MC-S-CI developments continue behind the scene as they currently show, there is a high risk that the contrary might happen, with the CoE being contaminated by the numerous flaws IGF and ICANN have demonstrated so far, as widely analysed in the academic and grey literature, as well as by various NGOs inside and outside these circles. In conclusion of this list of deep concerns, the only good news is probably the fact that the MC-S-NR group (Group Protection of Neighbouring Rights of Broadcasting Organisations) has not yet started its work, waiting for the European Commission to be mandated to negotiate, within the CoE framework, a Convention on the protection of neighbouring rights of broadcasting organisations (a.k.a. the resurrection of the broadcasting Treaty, formerly killed at WIPO). CDMC and subordinated subgroups public websites http://www.coe.int/t/dghl/standardsetting/media Recommendation CM/Rec(2008)6 of the Committee of Ministers to member states on measures to promote the respect for freedom of expression and information with regard to Internet filters, (26.03.2008) https://wcd.coe.int/ViewDoc.jsp?Ref=CM/Rec(2008)6 EDRi-gram: ENDitorial: CoE - The Good, The Bad And The Ugly (09.04.2008) http://www.EDRi.org/EDRigram/number6.7/coe-good-bad-ugly CoE Declaration of the Committee of Ministers on network neutrality (29.09.2010) https://wcd.coe.int/ViewDoc.jsp?Ref=Decl(29.09.2010_2) EDRi-gram: New Media, Search Engines And Network Neutrality On 2010 CoE Agenda (07.04.2010) http://www.EDRi.org/EDRigram/number8.7/coe-new-media-working-group CoE Declaration of the Committee of Ministers on the Digital Agenda for Europe (29.09.2010) https://wcd.coe.int/ViewDoc.jsp?Ref=Decl(29.09.2010_1) CoE Declaration of the Committee of Ministers on the management of the Internet protocol address resources in the public interest (29.09.2010) https://wcd.coe.int/ViewDoc.jsp?Ref=Decl(29.09.2010_3) EURODIG workshop on "Sovereignty of states and the role and obligations of governments in the global multi-stakeholder Internet environment" (30.04.2010) http://www.eurodig.org/eurodig-2010/programme/workshops/workshop-6 IGF workshop on "a proposal for setting a standard of care in international law for cross-border Internet" (14.09.2010) http://www.intgovforum.org/cms/component/chronocontact/?chronoformname=WSPr… (description) http://www.intgovforum.org/cms/component/content/article/102-transcripts201… (transcript) CoE Declaration of the Committee of Ministers on enhanced participation in Internet governance matters - Governmental Advisory Committee (GAC) of the Internet Corporation for Assigned Names and Numbers (ICANN) (26.05.2010) https://wcd.coe.int/ViewDoc.jsp?Ref=Decl(26.05.2010_1) EDRi-gram: ENDitorial: Undead Wipo Treaty Resurrected In Council Of Europe (10.02.2010) http://www.EDRi.org/EDRigram/number8.3/broadcasting-treaty-council-of-europe (Contribution by Meryem Marzouki, French EDRi-member IRIS) ============================================================ 11. Recommended Action ============================================================ I call on Commissioner Malmstrvm to withdraw on her initiative of website blocking. Instead of employing the same techniques as China and other totalitarian regimes, I call on the European Commission to improve law enforcement cooperation both inside the European Union and with outside partners, to ensure swift deletion of child porn websites as well as an effective and determined prosecution of the perpetrators. http://www.deletion-not-blocking.eu/sign.html ============================================================ 12. Recommended Reading ============================================================ Ian Brown: Communications Data Retention in an Evolving Internet (27.09.2010) http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1683284 French Telecom regulator (ARCEP) has published ten proposals and recommendations for promoting a neutral and high quality Internet. (30.09.2010) http://bit.ly/dp5klS ============================================================ 13. Agenda ============================================================ 8-9 October 2010, Berlin, Germany The 3rd Free Culture Research Conference http://wikis.fu-berlin.de/display/fcrc/Home 25-26 October 2010, Jerusalem, Israel OECD Conference on "Privacy, Technology and Global Data Flows", celebrating the 30th anniversary of the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data http://www.oecd.org/sti/privacyanniversary 27-29 October 2010, Jerusalem, Israel The 32nd Annual International Conference of Data Protection and Privacy Commissioners http://www.privacyconference2010.org/ 28-31 October 2010, Barcelona, Spain oXcars and Free Culture Forum 2010, the biggest free culture event of all time http://exgae.net/oxcars10 http://fcforum.net/10 3-5 November 2010, Barcelona, Spain The Fifth International Conference on Legal, Security and Privacy Issues in IT Law. http://www.lspi.net/ 5-7 November 2010, Cologne, Germany Transparency, Work, Surveillance Joint Annual Meeting of FIfF and DVD http://fiff.de/veranstaltungen/fiff-jahrestagungen/JT2010/jt2010_uebersicht 5-7 November 2010, Gothenburg, Sweden Free Society Conference and Nordic Summit http://www.fscons.org/ 17 November 2010, Gent, Belgium Big Brother Awards 2010 Belgium http://www.winuwprivacy.be/kandidaten 25-28 January 2011, Brussels, Belgium The annual Conference Computers, Privacy & Data Protection CPDP 2011 European Data Protection: In Good Health? Submission deadline for Full Papers and Position Papers: 16 November 2010 http://www.cpdpconferences.org/ ============================================================ 14. About ============================================================ EDRI-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRI has 27 members based or with offices in 17 different countries in Europe. European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRI-grams. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and visibly on the EDRI website. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 3.0 License. See the full text at http://creativecommons.org/licenses/by/3.0/ Newsletter editor: Bogdan Manolea <edrigram(a)edri.org> Information about EDRI and its members: http://www.edri.org/ European Digital Rights needs your help in upholding digital rights in the EU. If you wish to help us promote digital rights, please consider making a private donation. http://www.edri.org/about/sponsoring - EDRI-gram subscription information subscribe by e-mail To: edri-news-request(a)edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. unsubscribe by e-mail To: edri-news-request(a)edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/edri/2.html - EDRI-gram in German EDRI-gram is also available in German, with delay. Translations are provided Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users http://www.unwatched.org/ - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask <edrigram(a)edri.org> if you have any problems with subscribing or unsubscribing. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

EDRi-gram newsletter - Number 8.19, 6 October 2010
by EDRI-gram newsletter 06 Jul '18

06 Jul '18

============================================================ EDRi-gram biweekly newsletter about digital civil rights in Europe Number 8.19, 6 October 2010 ============================================================ Contents ============================================================ 1. EDRi's answer to net neutrality consultation 2. Hearing on Internet Blocking in the European Parliament 3. First warning letters sent by French ISPs under the three-strikes system 4. Italy: Online editors are not liable as the printed press 5. EU concerns for US plans to increase the amount of bank transfer data 6. New EC Expert Group on the Internet of Things 7. Private data exposed on UK Law firm website 8. YouTube won a case against copyright infringement accusations in Spain 9. Phorm case sends the UK to the European Court of Justice 10. ENDitorial: Council of Europe: Bad news as it happens 11. Recommended Action 12. Recommended Reading 13. Agenda 14. About ============================================================ 1. EDRi's answer to net neutrality consultation ============================================================ Who gets to decide what you do on the internet: you or your internet service provider? Until recently, the answer was simple: you decide which services and websites you want to visit. This is changing rapidly, however. Most internet providers want to restrict your internet traffic. Unless the European Commission prohibits them from doing so. EDRi, in a common submission with its member Bits of Freedom, urged the European Commission to prohibit this. The submission was sent as an answer to a public consultation on net neutrality opened until 30 September 2010. In our submission, EDRi concludes that: - An open internet is crucial for fundamental freedoms, innovation, and competition. - Internet providers, however, have incentives of their own to stifle the open internet. - Furthermore, governments and private parties attempt to force internet providers to stifle the open internet for the benefit of narrow sectorial interests. - And, in practice, internet providers do indeed stifle the open internet for the above reasons. - Meanwhile, transparency obligations, competition and minimum guarantees cannot safeguard an open internet. - Waiting is not an option, as the examples of local loop unbundling and mobile roaming demonstrate. - Narrowly-tailored regulatory EU measures should therefore safeguard the open internet. Response of Bits of Freedom and EDRi to the public consultation of the European Commission on the open internet and net neutrality in Europe (30.09.2010) http://www.edri.org/docs/netneutralityreaction300910.pdf (thanks to Ot Van Daalen - EDRi-member Bits of Freedom) ============================================================ 2. Hearing on Internet Blocking in the European Parliament ============================================================ The European Parliament's Civil Liberties Committee held a hearing on the Child Exploitation Directive on 28 and 29 September, chaired by the Parliament's Rapporteur, Roberta Angelilli (EPP, Italy). The event was opened by the MEP responsible for the dossier, Ms Angelilli herself and the Rapporteurs from the two Committees providing an "Opinion" on the dossier - Culture (Petra Kammerevert, S+D, Germany) and Gender Equality (Marina Yannakoudakis, ECR, UK). Ms Kammerevert reflected on the detail of the proposal, on the need to ensure that the measure is well targeted and that we use proper evidence to produce effective strategy. On this basis, Ms Kammerevert argued strongly against the concept of web blocking as an effective strategy. Ms Yannakoudakis argued that free speech should not be a barrier when trying to protect children and blocking might be useful and therefore should be deployed. In the second session of the event, EU institutions and bodies gave their views on the dossier. The interventions from the Fundamental Rights Agency and the Deputy European Data Protection Supervisor were interesting insofar as both highlighted the costs of blocking in terms of fundamental rights and privacy but neither devoted a moment to question the supposed benefits. This was even stranger when we consider that the Fundamental Rights Agency pointed out the need to make a proper impact assessment. Ms Asenius, head of Cabinet of Commissioner Malmstrvm repeated the frequently myth that there were huge profits to be made in commercial exploitation of child abuse images. However, in the discussion period afterwards, German Green MEP Jan Albrecht pointed out that the Commission-funded "Financial Coalition against Child Pornography" published an up to date report in September which shows that this is simply not the case. Ms Asenius chose not to respond. A further valuable but answerless question was put by Vilija Blinkeviciute (S+D, Lithuania), who asked how the Parliament was supposed to legislate without the data needed to make an informed decision. The session with police organisations took place at the same time as the Civil Liberties Committee organised a vote elsewhere in the Parliament. As a result, there were no parliamentarians at all present for most of the speeches. Bjorn-Erik Ludvigsen accused opponents of blocking of being in favour of child abuse while Bjorn Sellstrvm made an odd argument that blocking would only be effective if everyone did it. From a law enforcement perspective, it would appear to make more sense to aim motivating all countries to prosecute crimes in their own country rather than creating systems to hide infringements abroad. In the final session devoted to NGOs, the UK hotline (the Internet Watch Foundation) described the statistics produced by that organisation, including the huge and rapid growth in the hosting of abuse material on free hosting services (without mentioning that it is easier to have such sites deleted than to block them), the growth in the abuse of free image hosting sites (without mentioning that it is easier to have such images deleted than to block them) and the growth in the proportion of websites that move very quickly (without mentioning that these move too quickly to be blocked). EDRi's presentation highlighted the technical inadequacies of blocking, the risks associated with blocking and the poor preparatory work of the European Commission. John Carr from the Commission-funded group eNACSO explained that big companies had implemented blocking, so it couldn't be inadequate. He added that guns could be used for good and bad purposes, so the fact that blocking could be used for good and bad purposes did not mean that blocking was inherently bad. During the final discussion, Christian Bahls from MOgIS (the association of abuse victims against blocking) argued that blocking risked damaging the integrity of the Internet, that the issue with re-victimisation was not the possible existence of images on the Internet but the very existence of the images and also that it was necessary to do properly research the problem and then produce solutions rather than the other way around. EDRi's blocking booklet in English, German, Czech and Romanian http://www.edri.org/issues/freedom Text of EDRi presentation to the hearing (29.09.2010) http://www.edri.org/files/libe_hearing_100929.pdf Video of EDRi presentation at the hearing (29.09.2010) http://www.youtube.com/watch?v=fxq--FqccGE Commission official explains (again) the Commission's research http://www.youtube.com/watch?v=KNKHMazHCuw European Financial Coalition against commercial sexual exploitation of children online - Report (2010) http://www.ceop.police.uk/Documents/EFC%20Strat%20Asses2010_080910b%20FINAL… MOgIS YouTube channel https://www.youtube.com/user/MOGiSVerein EDRi-gram: ENDitorial: Internet blocking in ten weeks and counting (22.09.2010) http://www.edri.org/edrigram/number8.18/10-weeks-until-internet-blocking (Contribution by Joe McNamee - EDRi) ============================================================ 3. First warning letters sent by French ISPs under the three strikes system ============================================================ On 1 October 2010, Bouygues Telecom and Numiricable were the first French ISPs to send warning emails to suspected illegal file-sharers, on behalf of Hadopi authority. According the media reports several hunderds warning emails have been send in these first days. After this first message, the Internet user deemed to have allegedly continued to illegally download copyrighted content in the following six months, will receive a second warning by a registered letter. The third alleged infringement may be penalised by a fine and the suspension of the user's subscription up to a year without the possibility to make another subscription during that period. This is how the warning letter begins: "Attention, your Internet connection has been used to commit acts that could constitute a breach of the law," adding that piracy "is a serious threat to the economy of the cultural sector." Orange and SFR were supposed to send their first e-mails on 4 October but there has been no communication from them until now, while Free has already stated it would not send the e-mails, pending an answer from the Ministry of Culture and Hadopi on its alternative method for dealing with customers, taking the privacy concerns of the French Data Protection Authority - CNIL into account. The French authority on implementing the three strikes law also launched on 1 October 2010 its official website, Hadopi.fr, which includes news, a presentation of the authority, information on "responsible usage", a forum for questions and other types of information such as the action to take in case of receiving a warning message from the authority. During a press conference that took place on 5 October 2010, Hadopi representatives did not want to comment on the launch of the warning messages. The only comment that Hadopi president Marie-Frangoise Marais made was that the three-strikes process was going on. She also added that while the dialogue with the ISP Free was in progress, Free's lack of cooperation would reflect on its users because they would not receive an initial email warning in the event of copyright infringement but they would receive a registered letter (the second stage) in case of repeated infringement. While the Hadopi.fr site has brought about a lot of sarcastic comments, Numerama launched Hadopi-Data.fr site, a tool that will should allow the supervision of Hadopi's activity considering that transparency is not a strong point of the regulator. Internet users having received a warning message may anonymously place information on Hadopi-Data.fr regarding the date they received the warning, the date of the alleged infringement act, the type of works in question and their postal code. This last piece of information can be used to check out whether there is any geographic targeting by Hadopi. Based on the data input, Numerama intends to create graphs on the ISPs that send the e-mails to their subscribers, on categories of works that generate the most numerous warnings and on Hadopi's activity in time. The ammount of data will therefore be vital in order to have a clear overview of the situation. La Quadrature du Net has also launched a citizen initiative trying to find the first French Internet user to receive an e-mail initiated by Hadopi. Threatened by attacks, Hadopi.fr opens its doors (only in French, 1.10.2010) http://www.01net.com/editorial/521611/menace-dattaques-hadopi-fr-ouvre-ses-… Hadopi-Data.fr :let's check together Hadopi's activity (only in French, 4.10.2010) http://www.numerama.com/magazine/16921-hadopi-datafr-controlons-ensemble-l-… Hadopi : the first e-mails at Bouygues, SFR, Orange and Numericable? (only in French, 4.10.2010) http://www.numerama.com/magazine/16963-hadopi-1ers-e-mails-chez-bouygues-sf… Hadopi. The first warnings sent (only in French, 5.10.2010) http://www.letelegramme.com/ig/generales/france-monde/france/hadopi-premier… First Anti-Piracy Warnings Issued In France (5.10.2010) http://www.billboard.biz/bbbiz/content_display/industry/e3i7b035dcf5d2c2ea7… ============================================================ 4. Italy: Online editors are not liable as the printed press ============================================================ The Italian Court of Cassation ruled in a decision taken on16 July 2010 and published on 1 October 2010 that online editors are not directly liable for the content published on their websites. In this case, it was considered that art.57 of the Italian Criminal Code which requires control of newspaper editors over the published content covers exclusively the hard copy written works. The ruling overturned a previous decision of the Appeal Court of Milan having convicted the editor of Merate Online portal for not having checked the content of a letter that proved defamatory for Justice Minister Roberto Castelli. The Court of Cassation stated that Article 57 "refers specifically to information disseminated through the 'press'. The letter of the law is unequivocal and that conclusion also bears a historical interpretation of the rule." Law 47 from 1948 defines the 'press' as "any typographical or other reproductions obtained by mechanical or physical-chemical way of publication". In the court's opinion, a web publication does not fall into the definition of the 1948 law and hence is not covered by art.57 of the Criminal Law. The ruling also relied on decree 70/2003 which explicitly rules out the online service's responsibility for the content of their users in case they are unaware of the illegal character of the respective content. The director of a web newspaper is not liable for failing control (only in Italian, 1.10.2010) http://www.repubblica.it/cronaca/2010/10/01/news/cassazione_per_le_testate_… Cassation: The Online Editor is not "responsible" (only in Italian, 2.10.2010) http://www.mcreporter.info/stampa/cass35511.htm Cassation Court - Decision no. 35511 (only in Italian, 16.07. 2010) http://www.mcreporter.info/giurisprudenza/cass10_35511.htm ============================================================ 5. EU concerns for US plans to increase the amount of bank transfer data ============================================================ The EU Commission and MEPs have requested clarifications from US Administration regarding the plans to extend existing anti-terrorism programs targeting bank transfers which would make the EU-US so-called Swift agreement invalid. The Washington Post announced on 27 September 2010 that the Obama administration wanted to require U.S. banks to report all electronic money transfers into and out of the country thus helping the authorities in spotting transfers that might finance terrorist attacks. The expanded financial data would allow anti-terrorist agencies to better understand normal money-flow patterns in order to track down abnormal activities. According to the Financial Crimes Enforcement Network's (FinCEN) rulemaking proposal, the US Financial institutions will be required to report to the Treasury Department the smallest transfers. Presently, only transactions in excess of 10 000 USD and others transactions considered as suspicious are reported. US authorities plan to gather information about 750 million transfers per year into a database that will be used by law enforcement and regulatory agencies. The data attached to such transfers usually include the name, address and account number of the sender and recipient and for money-service businesses, a driver's license or passport number. The proposal also requires the banks to provide the Social Security numbers for all wire-transfer senders and recipients on an annual basis. "By establishing a centralized database, this regulatory plan will greatly assist law enforcement in detecting and ferreting out transnational organized crime, multinational drug cartels, terrorist financing and international tax evasion," was the explanation given by James H. Freis Jr., director of FinCEN. FinCEN's proposal comes as a result of the requirements of the Intelligence Reform and Terrorism Prevention Act of 2004 which asked the Secretary of the Treasury to study the feasibility of requiring such financial institutions as the Secretary determines to be appropriate to report to the Financial Crimes Enforcement Network on certain cross-border electronic transmissions of funds, if the Secretary determines that reporting of such transmissions is reasonably necessary to assist the efforts of the Secretary against money laundering and terrorist financing. This move has created great concern in the EU. "We urgently seek clarifications from the US if these plans are an infringement of the Swift agreement and the EU commission promised to demand further information on it," stated MEP Sophie in't Veld after a closed-door meeting with Commission officials on 27 September. Under the present Swift agreement that came into force on 1 August 2010, US officials can request European data relevant to a specific terrorist investigation from Swift but the request must be approved by the Europol, EU's police co-operation unit, and has to meet certain requirements. However, in view of the new US plans, the transactions between the European and USA banks would be captured even if there is no substantiated need. "We see so many data transfers - passenger name records, Swift data, credit card information connected to the travel fee - that we are wondering where all this ends," stated Sophie in't Veld who added "We are all getting a bit tired of being taken by surprise all the time. The US is our friend and ally, so we shouldn't be treated this way." The plans are criticised in the USA as well. "This regulation is outrageous. (....) I believe you need to show some evidence of criminality before you are granted unfettered access to the private financial affairs of every individual and company that dares to conduct financial transactions overseas," said lawyer Peter Djinis, former FinCEN executive assistant director for regulatory policy. Money transfers could face anti-terrorism scrutiny (27.09.2010) http://www.washingtonpost.com/wp-dyn/content/article/2010/09/26/AR201009260… FinCEN Proposes Regulatory Requirement for Financial Institutions to Report Cross-Border Electronic Transmittals of Funds (27.09.2010) http://www.fincen.gov/news_room/nr/html/20100927.html MEPs demand explanation on US plan to monitor all money transfers (28.09.2010) http://euobserver.com/9/30905/?rk=1 ============================================================ 6. New EC Expert Group on the Internet of Things ============================================================ On 22 and 23 September 2010 the kick-off meeting of a new European Commission (EC) High Level Expert Group on the Internet of Things was held in Brussels. The group is made up of about 50 members representing organisations from industry, standardisation, research, civil society and other sectors. Representatives from member states, the European Data Protection Supervisor and the Article 29 Working Party participate in the group as observers. The group will operate until December 2012. According to the action plan described in the Communication of the European Commission "Internet of Things - An action plan for Europe" the group will work on governance, privacy and data protection, standards and interoperability, health and environment and other topics related to the development of an Internet of Things. With regard to privacy and data protection the concept of the right to the "silence of the chips", which defines that everybody should have the right to disconnect oneself from information technology, will be among the topics to be discussed in the group. Besides the Commission Communication, the report of the European Parliament, the Opinion of the European Economic and Social Committee, the Opinion of the Committee of the Regions on the Internet of Things and the Opinion of the European Data Protection Supervisor on Promoting Trust in the Information Society by Fostering Data Protection and Privacy will be important documents guiding the work of the group. EDRi has been invited by the European Commission to participate in the Expert Group and is looking forward to working with the Commission, the members and observers of the group on the framework for an Internet of Things being an Internet for the people. Commission Communication "Internet of Things - An action plan for Europe" http://ec.europa.eu/information_society/policy/rfid/documents/commiot2009.p… European Parliament resolution of 15 June 2010 on the Internet of Things (2009/2224(INI)) (15.06.2010) http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//TEXT+TA+P7-TA-2… EDRi-gram: EP calls for a clear legal framework for the Internet of Things (30.06.2010) http://www.edri.org/edrigram/number8.13/european-parliament-on-internet-of-… Opinion of the European Economic and Social Committee on "The Internet of Things" http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:C:2009:077:0060:00… Opinion of the Committee of the Regions on the Internet of Things and re-use of Public Sector Information http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:C:2010:175:0035:00… Opinion of the European Data Protection Supervisor on Promoting Trust in the Information Society by Fostering Data Protection and Privacy (19.03.2010) http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consu… (Contribution by Andreas Krisch - EDRi) ============================================================ 7. Private data exposed on UK Law firm website ============================================================ On 24 September 2010, the website of the UK Law Firm ACS:Law suffered a massive breach of security apparently under a Denial of Service attack initiated by a group entitled Anonymous within the Operation Payback, which led to the exposure of what seemed to be part of the internal email database of the website. Although the ISP hosting ACS:Law's website suspended the account right after the attack, the site became active again, without any apparent reason, pointing to the root directory of the web and revealing a folder containing an archived backup of the company's mailboxes. The content of the folder was downloaded and posted on Pirate Bay. ACS:Law has been well known lately for the threatening letters sent to alleged file sharers suspected of breaching copyright asking them to pay money in order to avoid going to court. The company was already referred by privacy groups to the Solicitors Disciplinary Group for "bullying and excessive conduct" at the beginning of September 2010. The data exposed by the attack appear to include among other things, an excel file attached to an e-mail sent by Andrew Crossly, head of ACS:Law, to his colleagues, including the names and addresses of apparently more than 10 000 broadband subscribers with the names of the movies allegedly downloaded by them in breach of copyright. As a result of the event, Privacy International (PI) has announced that it was blaming ACS:Law for the indicent and that it was planning to bring a legal action against the company for breaching the privacy of internet users. PI has also notified the UK Data protection authority - Information Commissioner's Office (ICO) on the matter. "... there is no evidence to suggest that the web server was compromised; it would seem that this data breach was purely down to poor server administration and a lack of suitable data protection and security technologies. there is no evidence to suggest that the web server was compromised; it would seem that this data breach was purely down to poor server administration and a lack of suitable data protection and security technologies," says PI in a press release issued on 27 September. Information Commissioner Christopher Graham took the matter seriously and told the BBC that he would investigate the matter which might be a chance for him to use the extra powers he has been recently granted. ACS:Law might face a very significant fine. "The Information Commissioner has significant power to take action and I can levy fine of up to half a million pounds on companies that flout the Data Protection Act," said the Commissioner. The ICO will investigate on the security of the information stored by ACS:Law and on how easy it was to access it. "We'll be asking about the adequacy of encryption, the firewall, the training of staff and why that information was so public facing," said the Commissioner. ACS:Law Email Database Leaked onto The Pirate Bay (24.09.2010) http://www.slyck.com/story2058_ACSLaw_Email_Database_Leaked_onto_The_Pirate… Law firm could face first #500,000 data leak fine (29.09.2010) http://www.out-law.com//default.aspx?page=11404 Privacy International Plans Legal Action Against ACS:Law (27.09.2010) http://www.slyck.com/news.php?story=2061 PI aims to pursue UK law firm for data breach (27.09.2010) http://www.privacyinternational.org/article.shtml?cmd%5B347%5D=x-347-566663 EDRi-gram: UK: Harassing innocent users for copyright infringement (8.09.2010) http://www.edri.org/edrigram/number8.17/acs-law-harassing-copyright-infring… ============================================================ 8. YouTube won a case against copyright infringement accusations in Spain ============================================================ Google has won a battle against Spanish broadcaster Telecinco which brought the company to court in June 2008 claiming that the company's service YouTube was liable for the copyrighted material posted by its users. Spanish Commercial Court no.7 of Madrid ruled against Telecino, following the EU E-commerce directive which says that a website is responsible for the content uploaded by its users only if a notification of allegedly copyright infringing content is made. Once the notification is received, the website has to remove the respective content. Telecino claimed that Youtube already had procedures in place for copyright owners to identify and notify the website of any videos that allegedly breach copyright but Google argued that screening material before it was made available would be an impossible action. "This decision demonstrates the wisdom of European laws. More than 24 hours of video are loaded on to YouTube every minute. If internet sites had to screen all videos, photos and text before allowing them on a website, many popular sites - not just YouTube, but Facebook, Twitter, MySpace and others - would grind to a halt," was Aaron Ferstman's comment on Google;s European public policy blog. Google has also been careful to reaffirm that it respects copyright laws: "We are very pleased with today's ruling. The win today confirms what we have said throughout this process: YouTube complies with the law. The ruling recognises that YouTube is merely an intermediary content-hosting service and therefore cannot be obliged to pre-screen videos before they are uploaded." Telecino, which was bound to pay for the trial expenses, stated that the judge's decision was only trying to avoid "taking a decision that would have placed in checkmate the national and international trade of YouTube and its owner Google" and that it intended to defend itself from the attacks against its rights and to appeal to superior legal courts. Spanish court throws out copyright infringement claims against Youtube (23.09.2010) http://www.theinquirer.net/inquirer/news/1735045/spanish-court-throws-copyr… YouTube wins against Telecinco in the tribunal(only in Spanish, 23.09.2010) http://www.elmundo.es/elmundo/2010/09/23/comunicacion/1285234927.html Google wins YouTube case in Spain (23.09.2010) http://www.guardian.co.uk/technology/2010/sep/23/google-wins-youtube-case-s… A big win for the Internet (23.09.2010) http://googlepolicyeurope.blogspot.com/2010/09/big-win-for-internet.html ============================================================ 9. Phorm case sends the UK to the European Court of Justice ============================================================ The European Commission announced that it has referred the UK to the European Court of Justice for an improper implementation of EU data protection rules, following several complaints in the Phorm case. The Commission received complaints from the UK citizens about Phorm that worked by checking out the web traffic between an ISP client and the sites it visits. This form of behavioural advertising by ISPs (targeted advertising based on prior analysis of users' internet traffic) was reported by EDRi-member Open Rights Group and others NGOs to the UK Data Protection Authority - Information Commissioner's Office. British Telecom ran in 2006 and 2007 two secret trials of deep-packet inspection technology on its broadband customers, without informing them. The European Commission started the legal action against the UK in April 2009 and sent another warning in October 2009 asking the British authorities to properly implement the Data Protection Directive and the ePrivacy Directive. Now, the Commission has referred UK to the European Court of Justice for failing to "ensure the confidentiality of the communications and related traffic data by prohibiting unlawful interception and surveillance" and to implement in the UK law the definition of consent as the "freely given, specific and informed indication of a person's wishes". Digital Agenda: Commission refers UK to Court over privacy and personal data protection (30.09.2010) http://europa.eu/rapid/pressReleasesAction.do?reference=IP/10/1215&format=H… EU takes Britain to court over online data protection (30.09.2010) http://euobserver.com/22/30935 EU taking UK to court for privacy deficiencies highlighted by Phorm (30.09.2010) http://www.openrightsgroup.org/blog/2010/eu-taking-uk-to-court-for-privacy-… EDRi-gram: UK: Phorm threat (28.01.2009) http://www.edri.org/edri-gram/number7.2/phorm-uk ============================================================ 10. ENDitorial: Council of Europe: Bad news as it happens ============================================================ The third Council of Europe (CoE) Committee of experts on new media (MC-NM), held on 27-28 September 2010 in Strasbourg, is likely to dampen enthusiasm. To start with, the current vice-chair Michael Truppe is leaving the group to hold another position on the Austrian scene. With his knowledge of the group issues and his vision of an Internet upholding Human Rights, Michael Truppe has been instrumental to many achievements of the MC-S-IS group (MC-NM predecessor), especially with regards to the 'Recommendation on measures to promote the respect for freedom of expression and information with regard to Internet filters', adopted by the CoE Committee of Ministers in 2008. During MC-NM works, he also brought a major contribution to the draft Declaration on Network Neutrality. However, and this is the second bad news, such draft texts may see important modifications before they became adopted, since they first go through the parent body, the Steering Committee on Media and New Communication Services (CDMC) and only then are submitted to the CoE Committee of Ministers for adoption. This is what regrettably happened to the CoE Declaration on Network Neutrality (NN), adopted on 29 September 2010. While the draft, though being simply a Declaration, was an encouraging political stand from the CoE on NN, the adopted text looks like a spineless document that, actually, doesn't bring much to the issue. Where the draft called for "unobstructed" access for users to internet-based content, applications and services of their choice, the adopted text contents itself with "greatest possible access". One might wonder what this could ever mean, when such access possibilities are confronted to both the greediness of network operators, ISPs and online service providers and the breaches of human rights and fundamental freedoms by governments! Furthermore, the CDMC added a provision in reference to the EU Telecom Package adopted in 2009, following a request from one of the EU Member States. The document was finalised some days before the end of the Spanish presidency. In summary, this dilution makes the Declaration on Net Neutrality a squandered opportunity for the CoE, as well as for all those who see the democratic issues at stake with NN, rather than simply a need to ensure transparency for consumers and fair competition in a market being, in any event, dominated by few companies. The third bad news derives from management decisions by the CDMC leading to fewer human resources for its subordinated groups, at least the MC-NM. Concretely, this means that the MC-NM work on draft Recommendations regarding both search engines and social networks, in view of ensuring the respect for privacy and freedom of expression in these sectors, is now in stand-by mode, while the priority is given to the least advanced work, that is the draft Recommendation on a new notion of media. This decision to postpone the completion of the almost finished work on search engines and social networks is very unfortunate, given that both issues are very timely and involve major stakes in terms of fundamental rights and freedoms, although it is granted that discussing the extension of the notion of media - and, as a corollary, of the application of the media laws - to new media and the web2.0 services is of utmost importance. This is indeed a democratic issue, as the discussion during last MC-NM meeting has highlighted: if YouTube was considered a media, could it be blocked for more than 2 years now by a CoE Member State, namely Turkey, which has to comply with freedom of the media? If so-called 'citizen journalism' platforms were considered as media, shouldn't they operate under principles such as that of the protection of sources and the right to reply and a the same time be subject to some professional standards? Should bloggers be granted the status of journalists and under which conditions? When Google is found liable by French courts for the third time, because of its 'Google Suggest' service, on the basis that Google does indeed add a human intervention in some cases, does it exert an editorial interference or does it simply take action to protect its own interests? Should the online service market domination by a handful of vertically integrated multinational companies be considered as dangerous media concentration or as a dominant market position? In one word, should these services be regulated by media laws or by e-commerce laws? One can easily understand that the issue is complex, should be approached with particular caution, and needs very rigorous definition of criteria to identify under which conditions web2.0 services should be considered as media. The third MC-NM meeting dedicated almost its two days to this discussion, as the necessary prerequisite to come up with any Recommendation on the status of new media. Obviously, by no mean this could be reasonably completed by the end of the year or even earlier as requested by CDMC: such haste could only be harmful when human rights, democracy and freedom of the media are at stake. Last but unfortunately not least of the bad news series is related to the developments of the Cross-border Internet group (MC-S-CI). This group is also subordinated to the CDMC, but, contrarily to the case of MC-NM, is formed by, literally, a handful of individual experts (5 persons!) picked up by CDMC members, in view of nothing less than drafting a Convention, i.e. a Treaty... EDRi was granted the observer status to this group. However, an observer can only observe formal (i.e. announced and open) meetings, while the individual experts seem to have opted for "informal meetings", whatever this could mean. As a matter of fact, after a single formal meeting on 1-2 March 2010, which EDRi unfortunately missed, the MC-S-CI apparently led to prolific achievements: two draft CoE Declarations on, respectively, the Digital Agenda for Europe (indicating some extensive interpretation of MC-S-CI terms of reference) and the management of the Internet protocol address resources in the public interest (both adopted by the Committee of Ministers on 29 September) and even a draft standard-setting instrument. Regarding the latter, a conceptual framework document was ready for presentation and discussion at a workshop during the 2010 EuroDIG meeting in Madrid on 28-29 April and the draft instrument itself was circulated at a 2010 IGF workshop in Vilnius on 14-17 September (where the approach and provisions faced a lot of criticism). One would certainly bow before such intense productivity, if the situation were not raising important democratic concerns in terms of transparency and accountability. When considering, on top of this, the fact that most of the experts are ICANN insiders, the concerns can only grow, especially since the only human rights expert from the group has now resigned. As a matter of fact, the MC-S-CI group also has, in the mean time, prepared another draft Declaration on "enhanced participation in Internet governance matters - Governmental Advisory Committee (GAC) of the Internet Corporation for Assigned Names and Numbers (ICANN)" (adopted by the Committee of Ministers on 26 May 2010), and has been instrumental in having the CoE secretariat participating to the GAC's activities, first as observer and later if possible by contributing to GAC Secretariat. The diffusion of CoE values of human rights, democracy and the rule of law to IGF and ICANN would certainly improve the latter two in terms of process and substance. However, if MC-S-CI developments continue behind the scene as they currently show, there is a high risk that the contrary might happen, with the CoE being contaminated by the numerous flaws IGF and ICANN have demonstrated so far, as widely analysed in the academic and grey literature, as well as by various NGOs inside and outside these circles. In conclusion of this list of deep concerns, the only good news is probably the fact that the MC-S-NR group (Group Protection of Neighbouring Rights of Broadcasting Organisations) has not yet started its work, waiting for the European Commission to be mandated to negotiate, within the CoE framework, a Convention on the protection of neighbouring rights of broadcasting organisations (a.k.a. the resurrection of the broadcasting Treaty, formerly killed at WIPO). CDMC and subordinated subgroups public websites http://www.coe.int/t/dghl/standardsetting/media Recommendation CM/Rec(2008)6 of the Committee of Ministers to member states on measures to promote the respect for freedom of expression and information with regard to Internet filters, (26.03.2008) https://wcd.coe.int/ViewDoc.jsp?Ref=CM/Rec(2008)6 EDRi-gram: ENDitorial: CoE - The Good, The Bad And The Ugly (09.04.2008) http://www.EDRi.org/EDRigram/number6.7/coe-good-bad-ugly CoE Declaration of the Committee of Ministers on network neutrality (29.09.2010) https://wcd.coe.int/ViewDoc.jsp?Ref=Decl(29.09.2010_2) EDRi-gram: New Media, Search Engines And Network Neutrality On 2010 CoE Agenda (07.04.2010) http://www.EDRi.org/EDRigram/number8.7/coe-new-media-working-group CoE Declaration of the Committee of Ministers on the Digital Agenda for Europe (29.09.2010) https://wcd.coe.int/ViewDoc.jsp?Ref=Decl(29.09.2010_1) CoE Declaration of the Committee of Ministers on the management of the Internet protocol address resources in the public interest (29.09.2010) https://wcd.coe.int/ViewDoc.jsp?Ref=Decl(29.09.2010_3) EURODIG workshop on "Sovereignty of states and the role and obligations of governments in the global multi-stakeholder Internet environment" (30.04.2010) http://www.eurodig.org/eurodig-2010/programme/workshops/workshop-6 IGF workshop on "a proposal for setting a standard of care in international law for cross-border Internet" (14.09.2010) http://www.intgovforum.org/cms/component/chronocontact/?chronoformname=WSPr… (description) http://www.intgovforum.org/cms/component/content/article/102-transcripts201… (transcript) CoE Declaration of the Committee of Ministers on enhanced participation in Internet governance matters - Governmental Advisory Committee (GAC) of the Internet Corporation for Assigned Names and Numbers (ICANN) (26.05.2010) https://wcd.coe.int/ViewDoc.jsp?Ref=Decl(26.05.2010_1) EDRi-gram: ENDitorial: Undead Wipo Treaty Resurrected In Council Of Europe (10.02.2010) http://www.EDRi.org/EDRigram/number8.3/broadcasting-treaty-council-of-europe (Contribution by Meryem Marzouki, French EDRi-member IRIS) ============================================================ 11. Recommended Action ============================================================ I call on Commissioner Malmstrvm to withdraw on her initiative of website blocking. Instead of employing the same techniques as China and other totalitarian regimes, I call on the European Commission to improve law enforcement cooperation both inside the European Union and with outside partners, to ensure swift deletion of child porn websites as well as an effective and determined prosecution of the perpetrators. http://www.deletion-not-blocking.eu/sign.html ============================================================ 12. Recommended Reading ============================================================ Ian Brown: Communications Data Retention in an Evolving Internet (27.09.2010) http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1683284 French Telecom regulator (ARCEP) has published ten proposals and recommendations for promoting a neutral and high quality Internet. (30.09.2010) http://bit.ly/dp5klS ============================================================ 13. Agenda ============================================================ 8-9 October 2010, Berlin, Germany The 3rd Free Culture Research Conference http://wikis.fu-berlin.de/display/fcrc/Home 25-26 October 2010, Jerusalem, Israel OECD Conference on "Privacy, Technology and Global Data Flows", celebrating the 30th anniversary of the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data http://www.oecd.org/sti/privacyanniversary 27-29 October 2010, Jerusalem, Israel The 32nd Annual International Conference of Data Protection and Privacy Commissioners http://www.privacyconference2010.org/ 28-31 October 2010, Barcelona, Spain oXcars and Free Culture Forum 2010, the biggest free culture event of all time http://exgae.net/oxcars10 http://fcforum.net/10 3-5 November 2010, Barcelona, Spain The Fifth International Conference on Legal, Security and Privacy Issues in IT Law. http://www.lspi.net/ 5-7 November 2010, Cologne, Germany Transparency, Work, Surveillance Joint Annual Meeting of FIfF and DVD http://fiff.de/veranstaltungen/fiff-jahrestagungen/JT2010/jt2010_uebersicht 5-7 November 2010, Gothenburg, Sweden Free Society Conference and Nordic Summit http://www.fscons.org/ 17 November 2010, Gent, Belgium Big Brother Awards 2010 Belgium http://www.winuwprivacy.be/kandidaten 25-28 January 2011, Brussels, Belgium The annual Conference Computers, Privacy & Data Protection CPDP 2011 European Data Protection: In Good Health? Submission deadline for Full Papers and Position Papers: 16 November 2010 http://www.cpdpconferences.org/ ============================================================ 14. About ============================================================ EDRI-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRI has 27 members based or with offices in 17 different countries in Europe. European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRI-grams. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and visibly on the EDRI website. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 3.0 License. See the full text at http://creativecommons.org/licenses/by/3.0/ Newsletter editor: Bogdan Manolea <edrigram(a)edri.org> Information about EDRI and its members: http://www.edri.org/ European Digital Rights needs your help in upholding digital rights in the EU. If you wish to help us promote digital rights, please consider making a private donation. http://www.edri.org/about/sponsoring - EDRI-gram subscription information subscribe by e-mail To: edri-news-request(a)edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. unsubscribe by e-mail To: edri-news-request(a)edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/edri/2.html - EDRI-gram in German EDRI-gram is also available in German, with delay. Translations are provided Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users http://www.unwatched.org/ - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask <edrigram(a)edri.org> if you have any problems with subscribing or unsubscribing. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

EDRi-gram newsletter - Number 9.11, 1 June 2011
by EDRI-gram newsletter 06 Jul '18

06 Jul '18

============================================================ EDRi-gram biweekly newsletter about digital civil rights in Europe Number 9.11, 1 June 2011 ============================================================ Contents ============================================================ 1. Battle over Passenger Data is heating up 2. UN report examines online censorship 3. European IP policy is crippling the European digital economy 4. G8 and e-G8 Summit on Internet freedom 5. EDPS: Data Retention Directive fails to meet data protection requirements 6. Finland: Blocking of domestic websites ruled illegal 7. Internet FoE: How should Europe battle online censorship? 8. MEPs approve body scanners on airports on a voluntarily basis 9. OSCE findings on Estonian e-voting 10. Internet governance dialogue in Belgrade 2011 11. Recommended Action 12. Recommended Reading 13. Agenda 14. About ============================================================ 1. Battle over Passenger Data is heating up ============================================================ In late May 2011, the new draft agreements on the transfer and retention of air passenger data between the EU and the United States and Australia respectively have leaked to the public. The re-negotiation of the agreements from 2007, which have since then been provisionally applied, had become necessary after the European Parliament refused to vote on them in May 2010. The new agreements do not substantially improve the situation with regards to the old ones. They both require that data of air passengers is transferred to public authorities (DHS in the US, Customs and Border Protection in Australia) ahead of a flight; they allow for profiling, i.e. the use of data for sorting assengers into risk categories based on pre-defined and secret criteria without an initial suspicion or criminal lead; and they allow for retention of the data up to 5.5 (Australia) and 15 (US) years. There are also provisions for onward transfer of the data to third agencies and countries. The agreement with the US met heavy criticism both among EU member states as well as among Members of the European Parliament, and provoked an emergency reaction from the UK Justice secretary as well as the US ambassador to the EU. At the moment, there are talks with the negotiator (DG Home Affairs of the European Commission) to re-open the text, though improvements have been made very unlikely by a recent resolution of the US Senate that rejects European privacy demands. The agreement with Australia is less prominent, but still highly relevant. There is a small blocking minority in the Council, consisting of Germany, France, Belgium, Czech Republic, Ireland, Austria and Portugal, that is mainly concerned about the provisions on transfer to third countries, and sometimes about the retention periods (Germany, France). The Commission is not willing to re-negotiate, though. The Council of Justice and Home Affairs Ministers on 9th/10th June might overcome the blocking minority and the parliamentary reservations from some countries, and adopt the agreement. At the moment, a veto in the European Parliament is unlikely. In the worst case, the Australia agreement may be concluded before the summer break and open the floodgates for other such agreements, and for the first time accepting profiling and preventive policing. Privacy activists from EDRi members Mensenrechten.be, Digitale Gesellschaft and FoeBuD, as well as from EDRi observer AK Vorrat and other groups, met in Brussels from 27th to 30th May to do a legal, technical and political analysis, coordinate their short-term work and plan for long-term collaboration with others. A mailing list will be set up shortly. Comprehensive PNR Wiki by AK Vorrat http://wiki.vorratsdatenspeicherung.de/Passenger_Name_Record EDRi: Commission plans to present flawed, illegal PNR proposal as "fait accompli" (23.05.2011) http://www.edri.org/_illegal_PNR EC COM(2011) 280 final - Proposal for a Council Decision on the signature of the Agreement between the European Union and Australia on the processing and transfer of Passenger Name Record (PNR) data by air carriers to the Australian Customs and Border Protection Service (19.05.2011) http://www.statewatch.org/news/2011/may/eu-com-pnr-australia.pdf EU Council Document 10453/11 - Draft Agreement between the United States of America and the European Union on the use and transfer of Passenger Name Record data to the United States Department of Homeland Security (20.05.2011) http://www.statewatch.org/news/2011/may/eu-usa-pnr-agreement-20-5-11-fin.pdf The Guardian: US to store passenger data for 15 years (25.05.2011) http://www.guardian.co.uk/world/2011/may/25/us-to-store-passenger-data ============================================================ 2. UN report examines online censorship ============================================================ The right to seek, receive and impart information, and the right to express oneself freely - rights which enable the exercise of a range of other human rights - are increasingly being limited by impediments in online communications, according to a report by the United Nations Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, Frank La Rue. EDRi took part in an expert group that supported the Special Rapportur's preparation of the report, which looks at prevailing tendencies in global online freedoms. It will be submitted to the UN Human Rights Council this week. The report draws attention to mounting evidence that international Internet-related policy and domestic regulations are failing to recognise and respond appropriately to the changing makeup of public space in which free speech is exercised. It reminds governments of their positive obligation to protect these rights in a digital environment, denouncing the surge in measures criminalising legitimate online expression. Some of the findings include inadequate data protection and a "worrying trend of States obliging or pressuring private actors to hand over information of their users". It also reminds members of the international community that the States' responsibility to protect the rights of users also entails a duty to investigate and prosecute the perpetrators of cyber-attacks directed at the websites of organizations and individuals documenting government abuses. Expressing "deep concern" about the growing number of laws that are enabling monitoring, filtering and control of online content, the Special Rapporteur concludes that these are often largely out of synch with their purported aims. Increasingly sophisticated means of blocking content deemed to be illegal are being introduced and implemented without the involvement of an impartial regulatory body or a court order. Appropriate safeguards against abuse and the means to challenge unwarranted interference were also often found to be absent. This situation may result in the censorship of a considerable amount of legal online material. The report also raises a number of important issues concerning intermediary liability, identifying some of the serious implications of offering the private sector "unprecedented influence over individuals' right to freedom of expression and access to information." "Holding intermediaries liable for the content disseminated or created by their users severely undermines the enjoyment of the right to freedom of opinion and expression, because it leads to self-protective and over-broad private censorship, often without transparency and the due process of law." While praising legislative measures such as those introduced in Chile and soon to be adopted in Brazil which clarify the legal position of intermediaries, and welcoming provisions which limit their liability (as in the case of "safe harbour" provisions in the US and E-Commerce Directive guarantees in the EU), the Rapporteur admonishes attempts to pressure third parties into complying with special interests, expressing "alarm" at proposals to disconnect users based on accusations of violations of intellectual property or other rights. These include efforts to penalize alleged offenders by suspending their Internet services through laws based on the idea of "three strikes" or "gradual response" - laws which are currently in force in France. The report concludes with recommendations, the majority of which are directed at governments, calling for intensified efforts to ensure that international human rights obligations are being met. It also addresses commercial actors with a warning to be consistent with their responsibilities, urging them to "continuously review the impact of their services and technologies on the right to freedom of expression of their users". It is not at all clear how the struggle to maintain Net neutrality will unfold, but the potential for creeping restrictions which protect business and State interests rather than those of citizens, and the weighty implications of this trend are becoming increasingly obvious. The preservation of open and free "virtual public spaces" will ultimately depend on the extent to which its beneficiaries are prepared to involve themselves in a much more vigorous debate about the way that Internet governance will be shaped. UN Report http://www2.ohchr.org/english/bodies/hrcouncil/docs/14session/A.HRC.14.23.p… ============================================================ 3. European IP policy is crippling the European digital economy ============================================================ European policy makers are strangling the digital economy, hurting consumers and putting Europeans' fundamental rights at risk, according to a report into the failures of IP policy making in Europe, published by EDRi on 24.05.2011. The report sets out how the EU has been making policy "blind", building its strategies on faith not fact and ignoring objective, robust evidence. The report sets out a series of proposals that would add up to a radical change of direction for EU IP policy. Following them would see Europe maximise the value that society can get from works covered by intellectual property at the same time as sustaining flourishing creative industries. The result would be a boost to the EU economy, an improved environment for creators, innovators and consumers, and a safeguarding of fundamental rights of European citizens. The report recommends that the EU: - Harmonise exceptions to copyright to create legal certainty across the EU about the permitted uses of works covered by IP; - Establishes pan-European licensing arrangements as a matter of priority, and tie future enforcement policy to the successful development of such proposals; - Abandons repressive enforcement measures that would materially damage people's fundamental rights; - Establishes a moratorium on the exporting of repressive IP enforcement to third countries; - Makes a firm commitment to robust, objective evidence and re-evaluation of policy on the basis of it. IPRs play an important role incentivising and rewarding creativity and innovation. But the report argues that these benefits are now being outweighed by IPRs' damaging effects on the creation and dissemination of culture and technological innovation, and on fundamental rights such as privacy and freedom of expression. EDRi advocacy coordinator Joe McNamee said: "Policy makers face a choice. They can enable a radical expansion of society's ability to access the world's trove of information, culture and knowledge. Or they can unnecessarily prevent a wide range of valuable activities from taking place and, for no sound reason, pursue repressive enforcement measures that cripple the democratising potential of new technology. Currently the EU is choosing the latter. This report argues forcefully for a change of track to embrace new technology and the best of what it offers." EDRi Report http://www.edri.org/files/IPR_shadowreport_110523.pdf ============================================================ 4. G8 and e-G8 Summit on Internet freedom ============================================================ The results of the 37th edition of the G8 Forum that took place in Deauville, France on 26-27 May 2011 and of the e-G8 meeting on Internet issues organised by the French Presidency immediately before, are sending a mixed message, on the one hand recognizing the "openness, transparency and freedom of the Internet" and on the other hand announcing the "commitment to ensuring effective action against violations of intellectual property rights in the digital arena, including action that addresses present and future infringements." The civil society, represented by a large number of groups and associations, including EDRi, sent a statement, before the e-G8 and G8 meetings, urging the G8 Member States to "publicly commit to expanding internet access for all, combating digital censorship and surveillance, limiting online intermediary liability, and upholding principles of net neutrality. Additionally, a petition was launched by digital rights group Access - G8: Protect the Net! - calling on the leaders of the Group of 8 to commit to citizen-centred internet policies, which was signed by internet users from over 100 countries. The concerns were mostly related to the continuous tendencies of the governments to limit the freedom of the Internet for political or economical reasons. "Many G8 countries are actively pursuing policies that would similarly seek to restrict and control access; (...) the increase of restrictive policies in both the developed and developing world is a regressive and deeply worrying trend," reads the statement which also showed concern related to the lack of representation of the civil society at the e-G8 and G8 meetings as the invite list was mostly limited to representatives of governments and corporate leaders. During the e-G8 forum, which was meant to prepare the issues related to the Internet for the G8 summit, the civil society representatives such as Jirimie Zimmermann, co-founder of La Quadrature du Net, and John Perry Barlow, co-fonder of the Electronic Frontier Foundation and author of the Declaration of the Independence of Cyberspace, also tried to voice these concerns. Access, together with Zimmerman, staged an ad-hoc counter-forum civil society press conference at the e-G8. Zimmerman led a panel of experts including Harvard scholars Lawrence Lessig and Jochai Benkler, US journalist Jeff Jarvis, former board member of ICANN Susan Crawford and Secretary-general of Reporters without Borders Jean-Francois Julliard, who collectively expressed their disappointment over the lack of adequate civil society representation as well as the direction of the discussions. "The free Internet must be defended before thought is given to regulating content," said Julliard, "The priority for G8 governments should be defending the Internet." The Declaration on "Renewed Commitment for Freedom and Democracy" released at the end of the G8 summit, includes 19 paragraphs on the Internet and related issues and confirms to some extent the concerns expressed by the civil society. The Declaration commits to defending intellectual property rights rather than human rights such as the freedom of expression: "Regarding the protection of the intellectual property, especially copyrights, trade marks, commercial secrets and patents, we recognise we must establish legislation and national frameworks to improve this aspect. That is why we reaffirm our commitment to take firm measures against the violations of the intellectual property rights within the digital space, especially by procedures enabling the prevention of present and future infringements." The human rights organisation, Article 19, believes the Declaration has failed to recognise the protection of human rights "as a core principle above all others", having included it within a framework "to be balanced with rule of law and protection of intellectual property." In the groups' opinion, the Declaration ignores several international human rights treaties, while endorsing restrictions on Internet speech "by increasing enforcement of intellectual property such as through the controversial Anti Counterfeiting Trade Agreement (ACTA) and domestic "three-strikes laws" which fail to fully recognise - and often violate - the right to freedom of expression." Civil Society Statement to the e-G8 and G8 http://letter.accesslabs.org/Civil%20Society%20Statement%20to%20the%20eG8-f… G8 Declaration - Summit of Deauville - May 26-27, 2011 http://www.g20-g8.com/g8-g20/g8/english/live/news/renewed-commitment-for-fr… G8-The Deauville Declaration on Internet Fails to Recognise Importance of Human Rights Including Freedom of Expression (28.05.2011) http://www.i-policy.org/2011/05/g8-the-deauville-declaration-on-internet-fa… eG8 Forum: Speeches by Jirimie Zimmermann & John Perry Barlow (partially only in French, 24-25.05.2011) http://www.waebo.com/eg8-discours-de-jeremie-zimmermann-john-perry-barlow.h… The Counter-forum Civil Society Press Conference, May 25 @ e-G8 http://vimeo.com/24218524 Civil Society Petition - G8: Protect the net! https://www.accessnow.org/page/s/g8-protect-the-net Access Blog: World Rallies to Save the Internet from G8 https://www.accessnow.org/policy-activism/press-blog/world-rallies-to-save-… ============================================================ 5. EDPS: Data Retention Directive fails to meet data protection requirements ============================================================ Peter Hustinx, the European Data Protection Supervisor (EDPS) adopted, on 31 May 2011, an opinion on the European Commission's Evaluation Report on the Data Retention Directive submitted on 18 April 2011 to the Council and the European Parliament. The EDPS has several times expressed his concerns related to the necessity for retaining data on such a large scale in view of the rights to privacy and data protection and has called for a clear demonstration that such a measure is necessary and proportionate. On the basis of the Commissions' Evaluation Report, the EDPS has drawn the conclusion that the Data Retention Directive does not meet the requirements set out by the rights to privacy and data protection, primarily because the necessity for data retention has not been sufficiently demonstrated. Hustinx also believes that data retention could be regulated in a less privacy-intrusive way and that the Directive lacks foreseeability. "Although the Commission has clearly put much effort into collecting information from the Member States, the quantitative and qualitative information provided by the Member States is not sufficient to draw a positive conclusion on the need for data retention as it has been developed in the Directive. Further investigation of necessity and proportionality is therefore required, and in particular the examination of alternative, less privacy-intrusive means" says the EDPS. Also, in Hustinx's opinion, the present Directive leaves too much room for Member States to decide on the purposes for which the data may be used, on who can access the data and under which conditions. Therefore, the EDPS calls on the Commission to seriously consider "all options in the impact assessment including the possibility of repealing the Directive". An eventual future data retention directive should be considered only if the necessity of data retention, "supported and regulated by the EU, could be sufficiently demonstrated, which includes a careful consideration of alternative measures." The respective directive should be exhaustive (with a clear and precise purpose), proportionate (without going beyond what is necessary), comprehensive and should "genuinely harmonise rules on the obligation to retain data, as well as on the access and further use of the data by competent authorities." EDPS - Press Release (31.05.2011) http://europa.eu/rapid/pressReleasesAction.do?reference=EDPS/11/6&format=HT… Opinion of the European Data Protection Supervisor on the Evaluation report from the Commission to the Council and the European Parliament on the Data Retention Directive (31.05.2011) http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consu…, EDRi-gram: Top 10 misleading statements of the European Commission on data retention (20.04.2011) http://www.edri.org/edrigram/number9.8/data-retention-evaluation EDRi-gram: Data retention in EU Council Meeting (18.05.2011) http://www.edri.org/edrigram/number9.10/data-retention-eu-council ============================================================ 6. Finland: Blocking of domestic websites ruled illegal ============================================================ The Helsinki Administrative Court has ruled that domestic websites may not be placed on the secret blocking blacklist maintained by the police. This is the latest turn in a long legal fight by Finnish activist Matti Nikki, whose website lapsiporno.info (translates as "childporn.info") was put on the secret blacklist in February 2008 and has remained on the list ever since. The Finnish blocking blacklist is based on a law passed in 2006 that allows the police to create and maintain a secret list of websites in order to prevent access to child pornography on foreign websites. The blacklist is distributed to Internet service providers (ISPs), who may direct attempts to access blacklisted sites to a page which says access is blocked due to the child pornography blocking list. Using the secret blacklist is optional for ISPs, but the Communications Minister at the time, Suvi Linden, made public statements in 2008 that if the ISPs did not start using the list voluntarily, it would be made mandatory. After an initial wave of adoption, the list has been silently falling into disuse. Nikki criticized the secret blacklist vocally, and discovered a large part of the secret list by trying to load websites that he found links to. When he published the list of websites he had discovered to be blocked, police accused him of distributing child pornography and eventually put his website on the secret blacklist. One of Nikki's findings was that the top five Google search results for "gay porn" were all blacklisted, even though there was nothing related to children on the sites. Other brilliant highlights from the secret blacklist include www.w3.org (yes, the World Wide Web Consortium!) and the memorial page of a deceased Thai princess. An officer of the Central Criminal Police famously quipped "Google is a browser" when asked why Google is not blacklisted even though its search results contained the same links for which Nikki's pages were placed on the blacklist. Nikki appealed to the Administrative Court about his website being on the secret blacklist. The Administrative Court ruled in May 2009 that it was not possible to complain about being on the blacklist. Nikki appealed to the Supreme Administrative Court, which ruled in September 2010 that indeed it was possible to complain about being on the list and thus cleared the way for complaints by Nikki and others who thought their sites had been put on the list without a valid basis. The case was returned to the Administrative Court, which has now ruled that domestic sites may not be placed on the list. However, the court did not rule on whether Nikki's site could be blocked if it were abroad. Thus, legal uncertainty continues as to precisely what kinds of websites may be blocked. One of the three judges filed a dissenting opinion to the ruling. In his view, lapsiporno.info is circumventing the law by "distributing foreign child porn via a website in Finland". Nikki's site does not in fact distribute child pornography in any way. It only contains domain names from the secret blocking list, all of which appear to host legal content. Out of nearly a thousand domain names that Nikki found to be on the blocking list, only a dozen seemed to contain illegal content and Nikki withheld them from the list on his website. Nikki has instead reported actual child porn websites to the police himself - only to find them still online a year later as they turned up on the police's blacklist. Nikki has also analysed child porn distribution mechanisms and suggested methods for attacking the phenomenon, but these have fallen on deaf ears. Chasing criminals in "inaccessible" countries such as USA, UK and continental Europe might entail real work - it seems easier to just sweep the criminal activity under a carpet. The Administrative Court held that Nikki had to pay his own legal fees, because "since the law is unclear, inclusion of his website on the blacklist cannot be seen to have resulted from an error by the authorities". This sends a message that complaining about actions of authorities, even if they acted against the law, will be expensive for a citizen. Nikki is again considering an appeal to the Supreme Administrative Court. At the same time, IFPI Finland has started a court process to block The Pirate Bay at ISP level, which would - if successful - create a new category of blocked sites. The court ruling (only in Finnish) http://effi.org/e/lapsiporno.info-hao-2011.pdf HS.fi: IFPI Finland orders Elisa internet service provider to prevent its clients from accessing Pirate Bay website: http://www.hs.fi/english/article/IFPI+Finland+orders+Elisa+internet+service… IFPI Press Release (only in Finnish) http://antipiracy.fi/ajankohtaista/217/suomalaiset-musiikkituottajat-haasta… EDRi-gram: Finland: Complaints not allowed for the Police child-porn censorship list http://www.edri.org/edri-gram/number7.12/lapsiporno-trial-finland EDRi-gram: ENDitorial: Finnish web censorship http://www.edri.org/edrigram/number6.4/finland-web-censorship (Contribution by Timo Karjalainen- EDRi-member Electronic Frontier Finland (Effi)) ============================================================ 7. Internet FoE: How should Europe battle online censorship? ============================================================ On 23 May 2011, there was an event in the International Press Centre in Brussels, hosted by ECIPE. Participants in the event were Erika Mann (Executive Vice President, CCIA; Board Member, ICANN), William Echikson (Head of Free Expression, EMEA, Google), Marietje Schaake (Member of the European Parliament, the Netherlands), Hosuk Lee-Makiyama (Director, ECIPE), Uri Rosenthal (Dutch Minister for Foreign Affairs) and Carl Bildt (Swedish Minister for Foreign Affairs). Erika Mann said that the politics and governments were dividing the Internet. With regard to the EU, she said that preaching of freedom across the world would not have the desired effect if the EU did not implement this freedom in its own legal system. William Echikson noted that Google's business depended on the free flow of information. As regards current challenges, he referred to the Italian YouTube case, in which three Google employees were convicted of privacy violations because students at a school in Turin uploaded a video to YouTube that showed the bullying of an autistic child. He said that, in this particular case, convicting Google employees was the same as making a postman for carrying the contents of the post. Marietje Schaake MEP (ALDE Group, the Netherlands) said that we needed a global internet strategy. She also said that there were some remarks from China that the EU could not ask other countries to respect the freedom of the Internet if the EU did not guarantee such freedom to its own citizens. Ms Schaake described some of the challenges related to the Internet. They were: (1) Net neutrality, (2) Enforcement of Intellectual Property Rights, (3) ACTA, (4) Cybersecurity. The Dutch MEP also said that the potential solutions to the last three of these challenges should be investigated as to whether they are a "medicine" to the problem or a "disease" in their own right. Finally, Ms Schaake concluded that EU e-policy should mainstream the Internet freedom and ensure that there was a democratic oversight and transparency. Uri Rosenthal pointed out that the freedom of expression is the core of every free nation. Moreover, freedom of expression opened the door to many other human rights. On the Internet, freedom of expression had to be defended. In order to do that, the public and private sector should act together. This is because the Internet freedom was a multi-stakeholder issue. Mr Rosenthal said that the Netherlands proposed EU-level restrictions on exporting equipment used for limiting the freedom of the Internet and supports for circumvention technologies. The Dutch Minister for Foreign Affairs also expressed his support to cyber dissidents around the world. Carl Bildt said that the present progress in information technology was only the beginning of the Internet. He added that, since the Internet is so valuable for development that the EU should support its fast development. He stated that freedom and security were also important. In order to ensure these goals, there was a need of a global strategy. This is because a global impact could be achieved only by a global action. The Swedish Minister for Foreign Affairs also noted that Sweden provided financial support to NGOs located all around the world to fight against filtering and blocking. He argued that setting people free allowed development. With regard to the recent US Strategy for cyberspace, he said that he supported it. However, the EU should also support it. In an amusing swipe at President Sarcozy, in response to a reference to the "civilised Internet", he replied "Civilised Internet? Perhaps we should first launch a civilised telephone system where people only say nice things." Carl Bildt remarks on Digital Authoritarianism at The European Centre for International Political Economy (ECIPE) Brussels (23.05.2011) http://www.regeringen.se/sb/d/7417/a/169243 ECIPE Study http://www.ecipe.org/digital-authoritarianism-human-rights-geopolitics-and-… (Contribution by Daniel Dimov - EDRi intern) ============================================================ 8. MEPs approve body scanners on airports on a voluntarily basis ============================================================ As the European Commission plans new rules to add body scanners to the list of EU-authorised methods for passenger screening, the European Parliament, which has the right to veto, made its position known on 24 May 2011, by approving a report that backs the use of body scanners provided they don't interfere with passenger privacy or pose health risks. MEPs on the Transport Committee agreed that the use of body scanners in EU airports would enhance security but considered the method should be used voluntarily. The report, that is to be voted in the plenary on 23 June, asks for several conditions to be met on body scanners, including a ban on scanners using ionising radiations, like x-rays, and the necessity of using the least harmful technology, so as to ensure the passengers' health. "We need to be sure that the new equipment will not impact people's health. Therefore, x-ray scans should be rejected," said Luis de Grandes Pascual, the MEP who drafted the report. The US Transportation Security Administration has insisted, in its turn, that the radiation from airport body scanners poses no threat to health and that every x-ray backscatter unit was operating "well within applicable national safety standards". MEPs believe the use of body scanners should be made by also ensuring the protection of the personal data, dignity and privacy, the report asking for the use of only "stick figures" without body images being produced, and without storage of the obtained figures. To be sure of that, "the technology used must not have the capabilities to store or save data". Moreover, the passengers must be able to opt for a manual search instead of a body scan and the scans should be random and non-discriminatory. According to the report, the Member States should provide extra control points and security staff to ensure that passengers are not slowed down by the need to pass through body scanners. MEPs also call for international aviation security coordination with mutual recognition of measures and one-stop security systems in order to ensure that passengers, luggage and cargo at EU airports are screened only once. Presently, body scanners are in use in UK and Dutch airports and have been tested in Germany, Italy, France and Finland. MEPs back body scanners but want strict safeguards (26.05.2011) http://www.europarl.europa.eu/en/headlines/content/20110520STO19907/html/ME… Information on body scanners and safety from TSA http://www.tsa.gov/approach/tech/ait/safety.shtm Information on body scanners from the European Commission http://ec.europa.eu/transport/air/index_en.htm Controversial body scanners continue to cause transatlatic divide (26.05.2011) http://www.independent.co.uk/life-style/health-and-families/controversial-b… Strict safeguards needed for airport body scanners, say MEPs (24.05.2011) http://www.europarl.europa.eu/fi/pressroom/content/20110523IPR19946/html/St… Draft Report on aviation security, with a special focus on security scanners - Committee on Transport and Tourism (23.02.2011) http://www.europarl.europa.eu/meetdocs/2009_2014/documents/tran/pr/834/8343… EDRi-gram: EESC condemns body scanners as a breach of fundamental rights (23.02.2011) http://www.edri.org/edrigram/number9.4/body-scanners-breach-privacy ============================================================ 9. OSCE findings on Estonian e-voting ============================================================ In its report of 16 May 2011, the Office for Democratic Institutions and Human Rights (ODIHR) of the Office of Security and Cooperation in Europe (OSCE) found Estonia's March 6 parliamentary elections, including the Internet voting, as trustworthy, although several elections monitors have pointed out a series of procedural and technical issues. "The Riigikogu elections were conducted in an environment characterized by respect for fundamental rights and freedoms and a high degree of trust in the impartiality of the election administration. Election stakeholders expressed confidence in the overall process, including the Internet voting. Voters had an opportunity to make an informed choice among a field of candidates representing a variety of political alternatives," is ODIHR's conclusion. However, the report expresses the belief that there is room for "improvement of the legal framework, oversight and accountability, and some technical aspects of the internet voting system." The weakest point, according to the report, is that the Estonian legislation doesn't deal with significant issues such as the situations that would allow the National Electoral Committee (NEC) to declare Internet voting invalid or the way in which the voters should become aware of the fact that they had to recast their ballots on election day. Another point of emphasis was that none of NEC staff or members had the necessary know-how to carry out oversight procedures without strongly relying on the IT department of the Parliament and therefore, the report recommended the development of technical expertise within the committee. Also, the results of the test made by NEC on the e-election system were not made public and therefore more transparency would be necessary. A disaster recovery plan was also recommended in the report, as the system maintenance, as performed during the elections, might create security issues. After the elections, student Paavo Pihelgas asked in court for the invalidation of the electronic voting results claiming the software used in the electronic voting was flawed and a virus could theoretically change a vote without the voter's knowledge. The student conducted a series of experiments with volunteers in order to prove his point. According to the law, the Supreme Court can nullify election results in case of violation of voter rights that had or may have had a significant effect on the election outcome. As Pihelgas participated in the test wilfully, the Supreme Court's Constitutional Review Chamber decided on 21 March that his voter's rights had not been infringed as long as he had knowingly put himself into the situation where his vote hadn't reached the electoral committee web server. Therefore, since only an established violation can lay at the basis of the nullification of the election result, a hypothetical possibility that someone's computer may have been infected with a similar type of virus without that voter's knowledge, could not constitute enough cause for nullification. In this matter, the OSCE recommended the creation of a mechanism that would allow a voter to check whether his or her vote had been changed. OSCE Calls for Enhancements to Internet Voting (17.05.2011) http://news.err.ee/Sci-Tech/2cf34a80-6dfd-4764-aa67-1d2cf4ca879e Supreme Court Rejects Last Voter Complaint (23.05.2011) http://news.err.ee/Politics/bbb598aa-586b-4981-9f7e-88273b5a25c0 Parliamentary Elections - 6 March 2011 - OSCE/ODIHR Election Assessment Mission Report (16.05.2011) http://www.osce.org/odihr/77557 ============================================================ 10. Internet governance dialogue in Belgrade 2011 ============================================================ The 4th European Dialogue on Internet Governance (EuroDIG) took place in Belgrade on 30-31 May 2011 covering a lot of debates on a large area of issues on concepts of Internet Governance, from freedom of expression to privacy and cybersecurity. The opening session was marked by Internet freedom concepts with the opening video speech by Carl Bildt, the foreign minister of Sweden who noted that "the blocking and filtering of content, popular in certain quarters, should be avoided. I think it is a disturbing fact that more governments have become more sophisticated in trying to monitor the behaviour and also, to a certain extent to censor, the content of the net. We must send a strong message that according to the values that we represent, this is simply not acceptable." He also claimed that Europe should have a unitary voice asking for freedom on the Internet: "I would say that from the European point of view, our emphasis should be on the freedom issues of the net, the other voices in the world that are pressing in another direction and we should be on our guard against those particular tendencies. And I think we need to develop as unified and as strong European voice on these issues as we can." His speech follows a similar stand for Internet freedom taken a few days before, in an event held on 23 May 2011 in Brussels (reported in a previous EDRi-gram article). In a data protection workshop on the first day, the panel, including Katarzyna Szymielewicz from EDRi-member Panoptykon Foundation Poland, participants debated the review of the privacy standards, with an emphasis on the right to oblivion, as a new principle to be included in the review of the data protection legislative tools. The workshop also underlined the tension between the right to privacy and some new business models, a tension which should not lead to diminishing the protection of privacy. A plenary on "new media" of the second day involved a lot of participants trying to debate the notion of new media, editorial control, trust in mass medium sources and freedom of expression. The discussion drew on the current work undertaken by the Council of Europe to develop a "new notion of media", already covered in the EDRi-gram. An interesting debate on the paid vs. free media focused on the fact that for the free media there is a price to be paid as well, but it is just not visible. You can pay by giving your personal information or you can pay via advertisement. Another part of the debate was if the media law needed to be changed and in what direction. In this respect, Meryem Marzouki from EDRi underlined that such a regulation on a new media should be possible only if the purpose was "to ensure plurality of views and to ensure the public interest." The conclusions of the meeting underlined the openness of conversations, the challenge of incorporating different perspectives and the importance of maintaining a bottom up approach to internet policy issues. An active participation of the youth is also worth noting, some of them also participants in the New Media Summer School, with strong public positions in favour of preventing censorship and promoting freedom of expression and net neutrality during the debates. The next EuroDIG conference will take place in Sweden in 2012. Eurodig 2011 (30-31.05.2011) http://www.eurodig.org Carl Bildt at EuroDIG 2011 (30.05.2011) http://www.youtube.com/watch?v=GLLpW4s7WTo New Media Summer School (27.05.- 1.06.2011) http://newmediasummerschool.eu/ EDRi-gram: ENDitorial:CoE: A New Notion of Media. For Better or For Worse? (20.04.2011) http://www.edri.org/edrigram/number9.8/coe-new-notion-of-media ============================================================ 11. Recommended Action ============================================================ Open letter against ACTA - expression of concern initiated by some European medialabs collaborate in LABtoLAB, a two year programme of collective reflection on informal learning. (05.2011) http://www.labtolab.org/~labtolab/wiki/index.php/Acta_expression_of_concern… ============================================================ 12. Recommended Reading ============================================================ Internet matters: The Net's sweeping impact on growth, jobs, and prosperity. (05.2011) http://www.mckinsey.com/mgi/publications/internet_matters/pdfs/MGI_internet… State of the Internet in Europe (25.05.2011) http://owni.fr/2011/05/25/carte-internet-europe-regulation-filtrage-copyrig… Google boss: anti-piracy laws would be disaster for free speech (18.05.2011) http://www.guardian.co.uk/technology/2011/may/18/google-eric-schmidt-piracy Author Attitudes Towards Open Access Publishing (27.04.2011) http://www.intechweb.org/public_files/Intech_OA_Apr11.pdf Freedom of Connection, Freedom of Expression: UNESCO launches new publication (25.05.2011) http://portal.unesco.org/ci/en/ev.php-URL_ID=31398&URL_DO=DO_TOPIC&URL_SECT… ============================================================ 13. Agenda ============================================================ 2-3 June 2011, Krakow, Poland 4th International Conference on Multimedia, Communication, Services and Security organized by AGH in the scope of and under the auspices of INDECT project http://mcss2011.indect-project.eu/ 3 June 2011, Florence, Italy E-privacy 2011 and Big Brother Awards 2011 http://e-privacy.winstonsmith.org/ 4-5 June 2011, Bonn, Germany PolitCamp 2011 http://11.politcamp.org 12-15 June 2011, Bled, Slovenia 24th Bled eConference, eFuture: Creating Solutions for the Individual, Organisations and Society http://www.bledconference.org/index.php/eConference/2011 14-16 June 2011, Washington DC, USA CFP 2011 - Computers, Freedom & Privacy "The Future is Now" http://www.cfp.org/2011/wiki/index.php/Main_Page 11-12 July 2011, Barcelona, Spain 7th International Conference on Internet, Law & Politics (IDP 2011): Net Neutrality and other challenges for the future of the Internet http://edcp.uoc.edu/symposia/lang/en/idp2011/?lang=en 24-30 July 2011, Meissen, Germany European Summer School on Internet Governance 2011 http://www.euro-ssig.eu/ 27 - 30 October 2011, Barcelona, Spain Free Culture Forum 2011 http://fcforum.net/ ============================================================ 14. About ============================================================ EDRi-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRi has 28 members based or with offices in 18 different countries in Europe. European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRi-grams. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and are visible on the EDRi website. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 3.0 License. See the full text at http://creativecommons.org/licenses/by/3.0/ Newsletter editor: Bogdan Manolea <edrigram(a)edri.org> Information about EDRI and its members: http://www.edri.org/ European Digital Rights needs your help in upholding digital rights in the EU. If you wish to help us promote digital rights, please consider making a private donation. http://www.edri.org/about/sponsoring - EDRI-gram subscription information subscribe by e-mail To: edri-news-request(a)edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. Unsubscribe by e-mail To: edri-news-request(a)edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/edri/2.html - EDRI-gram in German EDRI-gram is also available in German, with delay. Translations are provided Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users http://www.unwatched.org/ - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask <edrigram(a)edri.org> if you have any problems with subscribing or unsubscribing. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

EDRi-gram newsletter - Number 9.11, 1 June 2011
by EDRI-gram newsletter 06 Jul '18

06 Jul '18

============================================================ EDRi-gram biweekly newsletter about digital civil rights in Europe Number 9.11, 1 June 2011 ============================================================ Contents ============================================================ 1. Battle over Passenger Data is heating up 2. UN report examines online censorship 3. European IP policy is crippling the European digital economy 4. G8 and e-G8 Summit on Internet freedom 5. EDPS: Data Retention Directive fails to meet data protection requirements 6. Finland: Blocking of domestic websites ruled illegal 7. Internet FoE: How should Europe battle online censorship? 8. MEPs approve body scanners on airports on a voluntarily basis 9. OSCE findings on Estonian e-voting 10. Internet governance dialogue in Belgrade 2011 11. Recommended Action 12. Recommended Reading 13. Agenda 14. About ============================================================ 1. Battle over Passenger Data is heating up ============================================================ In late May 2011, the new draft agreements on the transfer and retention of air passenger data between the EU and the United States and Australia respectively have leaked to the public. The re-negotiation of the agreements from 2007, which have since then been provisionally applied, had become necessary after the European Parliament refused to vote on them in May 2010. The new agreements do not substantially improve the situation with regards to the old ones. They both require that data of air passengers is transferred to public authorities (DHS in the US, Customs and Border Protection in Australia) ahead of a flight; they allow for profiling, i.e. the use of data for sorting assengers into risk categories based on pre-defined and secret criteria without an initial suspicion or criminal lead; and they allow for retention of the data up to 5.5 (Australia) and 15 (US) years. There are also provisions for onward transfer of the data to third agencies and countries. The agreement with the US met heavy criticism both among EU member states as well as among Members of the European Parliament, and provoked an emergency reaction from the UK Justice secretary as well as the US ambassador to the EU. At the moment, there are talks with the negotiator (DG Home Affairs of the European Commission) to re-open the text, though improvements have been made very unlikely by a recent resolution of the US Senate that rejects European privacy demands. The agreement with Australia is less prominent, but still highly relevant. There is a small blocking minority in the Council, consisting of Germany, France, Belgium, Czech Republic, Ireland, Austria and Portugal, that is mainly concerned about the provisions on transfer to third countries, and sometimes about the retention periods (Germany, France). The Commission is not willing to re-negotiate, though. The Council of Justice and Home Affairs Ministers on 9th/10th June might overcome the blocking minority and the parliamentary reservations from some countries, and adopt the agreement. At the moment, a veto in the European Parliament is unlikely. In the worst case, the Australia agreement may be concluded before the summer break and open the floodgates for other such agreements, and for the first time accepting profiling and preventive policing. Privacy activists from EDRi members Mensenrechten.be, Digitale Gesellschaft and FoeBuD, as well as from EDRi observer AK Vorrat and other groups, met in Brussels from 27th to 30th May to do a legal, technical and political analysis, coordinate their short-term work and plan for long-term collaboration with others. A mailing list will be set up shortly. Comprehensive PNR Wiki by AK Vorrat http://wiki.vorratsdatenspeicherung.de/Passenger_Name_Record EDRi: Commission plans to present flawed, illegal PNR proposal as "fait accompli" (23.05.2011) http://www.edri.org/_illegal_PNR EC COM(2011) 280 final - Proposal for a Council Decision on the signature of the Agreement between the European Union and Australia on the processing and transfer of Passenger Name Record (PNR) data by air carriers to the Australian Customs and Border Protection Service (19.05.2011) http://www.statewatch.org/news/2011/may/eu-com-pnr-australia.pdf EU Council Document 10453/11 - Draft Agreement between the United States of America and the European Union on the use and transfer of Passenger Name Record data to the United States Department of Homeland Security (20.05.2011) http://www.statewatch.org/news/2011/may/eu-usa-pnr-agreement-20-5-11-fin.pdf The Guardian: US to store passenger data for 15 years (25.05.2011) http://www.guardian.co.uk/world/2011/may/25/us-to-store-passenger-data ============================================================ 2. UN report examines online censorship ============================================================ The right to seek, receive and impart information, and the right to express oneself freely - rights which enable the exercise of a range of other human rights - are increasingly being limited by impediments in online communications, according to a report by the United Nations Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, Frank La Rue. EDRi took part in an expert group that supported the Special Rapportur's preparation of the report, which looks at prevailing tendencies in global online freedoms. It will be submitted to the UN Human Rights Council this week. The report draws attention to mounting evidence that international Internet-related policy and domestic regulations are failing to recognise and respond appropriately to the changing makeup of public space in which free speech is exercised. It reminds governments of their positive obligation to protect these rights in a digital environment, denouncing the surge in measures criminalising legitimate online expression. Some of the findings include inadequate data protection and a "worrying trend of States obliging or pressuring private actors to hand over information of their users". It also reminds members of the international community that the States' responsibility to protect the rights of users also entails a duty to investigate and prosecute the perpetrators of cyber-attacks directed at the websites of organizations and individuals documenting government abuses. Expressing "deep concern" about the growing number of laws that are enabling monitoring, filtering and control of online content, the Special Rapporteur concludes that these are often largely out of synch with their purported aims. Increasingly sophisticated means of blocking content deemed to be illegal are being introduced and implemented without the involvement of an impartial regulatory body or a court order. Appropriate safeguards against abuse and the means to challenge unwarranted interference were also often found to be absent. This situation may result in the censorship of a considerable amount of legal online material. The report also raises a number of important issues concerning intermediary liability, identifying some of the serious implications of offering the private sector "unprecedented influence over individuals' right to freedom of expression and access to information." "Holding intermediaries liable for the content disseminated or created by their users severely undermines the enjoyment of the right to freedom of opinion and expression, because it leads to self-protective and over-broad private censorship, often without transparency and the due process of law." While praising legislative measures such as those introduced in Chile and soon to be adopted in Brazil which clarify the legal position of intermediaries, and welcoming provisions which limit their liability (as in the case of "safe harbour" provisions in the US and E-Commerce Directive guarantees in the EU), the Rapporteur admonishes attempts to pressure third parties into complying with special interests, expressing "alarm" at proposals to disconnect users based on accusations of violations of intellectual property or other rights. These include efforts to penalize alleged offenders by suspending their Internet services through laws based on the idea of "three strikes" or "gradual response" - laws which are currently in force in France. The report concludes with recommendations, the majority of which are directed at governments, calling for intensified efforts to ensure that international human rights obligations are being met. It also addresses commercial actors with a warning to be consistent with their responsibilities, urging them to "continuously review the impact of their services and technologies on the right to freedom of expression of their users". It is not at all clear how the struggle to maintain Net neutrality will unfold, but the potential for creeping restrictions which protect business and State interests rather than those of citizens, and the weighty implications of this trend are becoming increasingly obvious. The preservation of open and free "virtual public spaces" will ultimately depend on the extent to which its beneficiaries are prepared to involve themselves in a much more vigorous debate about the way that Internet governance will be shaped. UN Report http://www2.ohchr.org/english/bodies/hrcouncil/docs/14session/A.HRC.14.23.p… ============================================================ 3. European IP policy is crippling the European digital economy ============================================================ European policy makers are strangling the digital economy, hurting consumers and putting Europeans' fundamental rights at risk, according to a report into the failures of IP policy making in Europe, published by EDRi on 24.05.2011. The report sets out how the EU has been making policy "blind", building its strategies on faith not fact and ignoring objective, robust evidence. The report sets out a series of proposals that would add up to a radical change of direction for EU IP policy. Following them would see Europe maximise the value that society can get from works covered by intellectual property at the same time as sustaining flourishing creative industries. The result would be a boost to the EU economy, an improved environment for creators, innovators and consumers, and a safeguarding of fundamental rights of European citizens. The report recommends that the EU: - Harmonise exceptions to copyright to create legal certainty across the EU about the permitted uses of works covered by IP; - Establishes pan-European licensing arrangements as a matter of priority, and tie future enforcement policy to the successful development of such proposals; - Abandons repressive enforcement measures that would materially damage people's fundamental rights; - Establishes a moratorium on the exporting of repressive IP enforcement to third countries; - Makes a firm commitment to robust, objective evidence and re-evaluation of policy on the basis of it. IPRs play an important role incentivising and rewarding creativity and innovation. But the report argues that these benefits are now being outweighed by IPRs' damaging effects on the creation and dissemination of culture and technological innovation, and on fundamental rights such as privacy and freedom of expression. EDRi advocacy coordinator Joe McNamee said: "Policy makers face a choice. They can enable a radical expansion of society's ability to access the world's trove of information, culture and knowledge. Or they can unnecessarily prevent a wide range of valuable activities from taking place and, for no sound reason, pursue repressive enforcement measures that cripple the democratising potential of new technology. Currently the EU is choosing the latter. This report argues forcefully for a change of track to embrace new technology and the best of what it offers." EDRi Report http://www.edri.org/files/IPR_shadowreport_110523.pdf ============================================================ 4. G8 and e-G8 Summit on Internet freedom ============================================================ The results of the 37th edition of the G8 Forum that took place in Deauville, France on 26-27 May 2011 and of the e-G8 meeting on Internet issues organised by the French Presidency immediately before, are sending a mixed message, on the one hand recognizing the "openness, transparency and freedom of the Internet" and on the other hand announcing the "commitment to ensuring effective action against violations of intellectual property rights in the digital arena, including action that addresses present and future infringements." The civil society, represented by a large number of groups and associations, including EDRi, sent a statement, before the e-G8 and G8 meetings, urging the G8 Member States to "publicly commit to expanding internet access for all, combating digital censorship and surveillance, limiting online intermediary liability, and upholding principles of net neutrality. Additionally, a petition was launched by digital rights group Access - G8: Protect the Net! - calling on the leaders of the Group of 8 to commit to citizen-centred internet policies, which was signed by internet users from over 100 countries. The concerns were mostly related to the continuous tendencies of the governments to limit the freedom of the Internet for political or economical reasons. "Many G8 countries are actively pursuing policies that would similarly seek to restrict and control access; (...) the increase of restrictive policies in both the developed and developing world is a regressive and deeply worrying trend," reads the statement which also showed concern related to the lack of representation of the civil society at the e-G8 and G8 meetings as the invite list was mostly limited to representatives of governments and corporate leaders. During the e-G8 forum, which was meant to prepare the issues related to the Internet for the G8 summit, the civil society representatives such as Jirimie Zimmermann, co-founder of La Quadrature du Net, and John Perry Barlow, co-fonder of the Electronic Frontier Foundation and author of the Declaration of the Independence of Cyberspace, also tried to voice these concerns. Access, together with Zimmerman, staged an ad-hoc counter-forum civil society press conference at the e-G8. Zimmerman led a panel of experts including Harvard scholars Lawrence Lessig and Jochai Benkler, US journalist Jeff Jarvis, former board member of ICANN Susan Crawford and Secretary-general of Reporters without Borders Jean-Francois Julliard, who collectively expressed their disappointment over the lack of adequate civil society representation as well as the direction of the discussions. "The free Internet must be defended before thought is given to regulating content," said Julliard, "The priority for G8 governments should be defending the Internet." The Declaration on "Renewed Commitment for Freedom and Democracy" released at the end of the G8 summit, includes 19 paragraphs on the Internet and related issues and confirms to some extent the concerns expressed by the civil society. The Declaration commits to defending intellectual property rights rather than human rights such as the freedom of expression: "Regarding the protection of the intellectual property, especially copyrights, trade marks, commercial secrets and patents, we recognise we must establish legislation and national frameworks to improve this aspect. That is why we reaffirm our commitment to take firm measures against the violations of the intellectual property rights within the digital space, especially by procedures enabling the prevention of present and future infringements." The human rights organisation, Article 19, believes the Declaration has failed to recognise the protection of human rights "as a core principle above all others", having included it within a framework "to be balanced with rule of law and protection of intellectual property." In the groups' opinion, the Declaration ignores several international human rights treaties, while endorsing restrictions on Internet speech "by increasing enforcement of intellectual property such as through the controversial Anti Counterfeiting Trade Agreement (ACTA) and domestic "three-strikes laws" which fail to fully recognise - and often violate - the right to freedom of expression." Civil Society Statement to the e-G8 and G8 http://letter.accesslabs.org/Civil%20Society%20Statement%20to%20the%20eG8-f… G8 Declaration - Summit of Deauville - May 26-27, 2011 http://www.g20-g8.com/g8-g20/g8/english/live/news/renewed-commitment-for-fr… G8-The Deauville Declaration on Internet Fails to Recognise Importance of Human Rights Including Freedom of Expression (28.05.2011) http://www.i-policy.org/2011/05/g8-the-deauville-declaration-on-internet-fa… eG8 Forum: Speeches by Jirimie Zimmermann & John Perry Barlow (partially only in French, 24-25.05.2011) http://www.waebo.com/eg8-discours-de-jeremie-zimmermann-john-perry-barlow.h… The Counter-forum Civil Society Press Conference, May 25 @ e-G8 http://vimeo.com/24218524 Civil Society Petition - G8: Protect the net! https://www.accessnow.org/page/s/g8-protect-the-net Access Blog: World Rallies to Save the Internet from G8 https://www.accessnow.org/policy-activism/press-blog/world-rallies-to-save-… ============================================================ 5. EDPS: Data Retention Directive fails to meet data protection requirements ============================================================ Peter Hustinx, the European Data Protection Supervisor (EDPS) adopted, on 31 May 2011, an opinion on the European Commission's Evaluation Report on the Data Retention Directive submitted on 18 April 2011 to the Council and the European Parliament. The EDPS has several times expressed his concerns related to the necessity for retaining data on such a large scale in view of the rights to privacy and data protection and has called for a clear demonstration that such a measure is necessary and proportionate. On the basis of the Commissions' Evaluation Report, the EDPS has drawn the conclusion that the Data Retention Directive does not meet the requirements set out by the rights to privacy and data protection, primarily because the necessity for data retention has not been sufficiently demonstrated. Hustinx also believes that data retention could be regulated in a less privacy-intrusive way and that the Directive lacks foreseeability. "Although the Commission has clearly put much effort into collecting information from the Member States, the quantitative and qualitative information provided by the Member States is not sufficient to draw a positive conclusion on the need for data retention as it has been developed in the Directive. Further investigation of necessity and proportionality is therefore required, and in particular the examination of alternative, less privacy-intrusive means" says the EDPS. Also, in Hustinx's opinion, the present Directive leaves too much room for Member States to decide on the purposes for which the data may be used, on who can access the data and under which conditions. Therefore, the EDPS calls on the Commission to seriously consider "all options in the impact assessment including the possibility of repealing the Directive". An eventual future data retention directive should be considered only if the necessity of data retention, "supported and regulated by the EU, could be sufficiently demonstrated, which includes a careful consideration of alternative measures." The respective directive should be exhaustive (with a clear and precise purpose), proportionate (without going beyond what is necessary), comprehensive and should "genuinely harmonise rules on the obligation to retain data, as well as on the access and further use of the data by competent authorities." EDPS - Press Release (31.05.2011) http://europa.eu/rapid/pressReleasesAction.do?reference=EDPS/11/6&format=HT… Opinion of the European Data Protection Supervisor on the Evaluation report from the Commission to the Council and the European Parliament on the Data Retention Directive (31.05.2011) http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consu…, EDRi-gram: Top 10 misleading statements of the European Commission on data retention (20.04.2011) http://www.edri.org/edrigram/number9.8/data-retention-evaluation EDRi-gram: Data retention in EU Council Meeting (18.05.2011) http://www.edri.org/edrigram/number9.10/data-retention-eu-council ============================================================ 6. Finland: Blocking of domestic websites ruled illegal ============================================================ The Helsinki Administrative Court has ruled that domestic websites may not be placed on the secret blocking blacklist maintained by the police. This is the latest turn in a long legal fight by Finnish activist Matti Nikki, whose website lapsiporno.info (translates as "childporn.info") was put on the secret blacklist in February 2008 and has remained on the list ever since. The Finnish blocking blacklist is based on a law passed in 2006 that allows the police to create and maintain a secret list of websites in order to prevent access to child pornography on foreign websites. The blacklist is distributed to Internet service providers (ISPs), who may direct attempts to access blacklisted sites to a page which says access is blocked due to the child pornography blocking list. Using the secret blacklist is optional for ISPs, but the Communications Minister at the time, Suvi Linden, made public statements in 2008 that if the ISPs did not start using the list voluntarily, it would be made mandatory. After an initial wave of adoption, the list has been silently falling into disuse. Nikki criticized the secret blacklist vocally, and discovered a large part of the secret list by trying to load websites that he found links to. When he published the list of websites he had discovered to be blocked, police accused him of distributing child pornography and eventually put his website on the secret blacklist. One of Nikki's findings was that the top five Google search results for "gay porn" were all blacklisted, even though there was nothing related to children on the sites. Other brilliant highlights from the secret blacklist include www.w3.org (yes, the World Wide Web Consortium!) and the memorial page of a deceased Thai princess. An officer of the Central Criminal Police famously quipped "Google is a browser" when asked why Google is not blacklisted even though its search results contained the same links for which Nikki's pages were placed on the blacklist. Nikki appealed to the Administrative Court about his website being on the secret blacklist. The Administrative Court ruled in May 2009 that it was not possible to complain about being on the blacklist. Nikki appealed to the Supreme Administrative Court, which ruled in September 2010 that indeed it was possible to complain about being on the list and thus cleared the way for complaints by Nikki and others who thought their sites had been put on the list without a valid basis. The case was returned to the Administrative Court, which has now ruled that domestic sites may not be placed on the list. However, the court did not rule on whether Nikki's site could be blocked if it were abroad. Thus, legal uncertainty continues as to precisely what kinds of websites may be blocked. One of the three judges filed a dissenting opinion to the ruling. In his view, lapsiporno.info is circumventing the law by "distributing foreign child porn via a website in Finland". Nikki's site does not in fact distribute child pornography in any way. It only contains domain names from the secret blocking list, all of which appear to host legal content. Out of nearly a thousand domain names that Nikki found to be on the blocking list, only a dozen seemed to contain illegal content and Nikki withheld them from the list on his website. Nikki has instead reported actual child porn websites to the police himself - only to find them still online a year later as they turned up on the police's blacklist. Nikki has also analysed child porn distribution mechanisms and suggested methods for attacking the phenomenon, but these have fallen on deaf ears. Chasing criminals in "inaccessible" countries such as USA, UK and continental Europe might entail real work - it seems easier to just sweep the criminal activity under a carpet. The Administrative Court held that Nikki had to pay his own legal fees, because "since the law is unclear, inclusion of his website on the blacklist cannot be seen to have resulted from an error by the authorities". This sends a message that complaining about actions of authorities, even if they acted against the law, will be expensive for a citizen. Nikki is again considering an appeal to the Supreme Administrative Court. At the same time, IFPI Finland has started a court process to block The Pirate Bay at ISP level, which would - if successful - create a new category of blocked sites. The court ruling (only in Finnish) http://effi.org/e/lapsiporno.info-hao-2011.pdf HS.fi: IFPI Finland orders Elisa internet service provider to prevent its clients from accessing Pirate Bay website: http://www.hs.fi/english/article/IFPI+Finland+orders+Elisa+internet+service… IFPI Press Release (only in Finnish) http://antipiracy.fi/ajankohtaista/217/suomalaiset-musiikkituottajat-haasta… EDRi-gram: Finland: Complaints not allowed for the Police child-porn censorship list http://www.edri.org/edri-gram/number7.12/lapsiporno-trial-finland EDRi-gram: ENDitorial: Finnish web censorship http://www.edri.org/edrigram/number6.4/finland-web-censorship (Contribution by Timo Karjalainen- EDRi-member Electronic Frontier Finland (Effi)) ============================================================ 7. Internet FoE: How should Europe battle online censorship? ============================================================ On 23 May 2011, there was an event in the International Press Centre in Brussels, hosted by ECIPE. Participants in the event were Erika Mann (Executive Vice President, CCIA; Board Member, ICANN), William Echikson (Head of Free Expression, EMEA, Google), Marietje Schaake (Member of the European Parliament, the Netherlands), Hosuk Lee-Makiyama (Director, ECIPE), Uri Rosenthal (Dutch Minister for Foreign Affairs) and Carl Bildt (Swedish Minister for Foreign Affairs). Erika Mann said that the politics and governments were dividing the Internet. With regard to the EU, she said that preaching of freedom across the world would not have the desired effect if the EU did not implement this freedom in its own legal system. William Echikson noted that Google's business depended on the free flow of information. As regards current challenges, he referred to the Italian YouTube case, in which three Google employees were convicted of privacy violations because students at a school in Turin uploaded a video to YouTube that showed the bullying of an autistic child. He said that, in this particular case, convicting Google employees was the same as making a postman for carrying the contents of the post. Marietje Schaake MEP (ALDE Group, the Netherlands) said that we needed a global internet strategy. She also said that there were some remarks from China that the EU could not ask other countries to respect the freedom of the Internet if the EU did not guarantee such freedom to its own citizens. Ms Schaake described some of the challenges related to the Internet. They were: (1) Net neutrality, (2) Enforcement of Intellectual Property Rights, (3) ACTA, (4) Cybersecurity. The Dutch MEP also said that the potential solutions to the last three of these challenges should be investigated as to whether they are a "medicine" to the problem or a "disease" in their own right. Finally, Ms Schaake concluded that EU e-policy should mainstream the Internet freedom and ensure that there was a democratic oversight and transparency. Uri Rosenthal pointed out that the freedom of expression is the core of every free nation. Moreover, freedom of expression opened the door to many other human rights. On the Internet, freedom of expression had to be defended. In order to do that, the public and private sector should act together. This is because the Internet freedom was a multi-stakeholder issue. Mr Rosenthal said that the Netherlands proposed EU-level restrictions on exporting equipment used for limiting the freedom of the Internet and supports for circumvention technologies. The Dutch Minister for Foreign Affairs also expressed his support to cyber dissidents around the world. Carl Bildt said that the present progress in information technology was only the beginning of the Internet. He added that, since the Internet is so valuable for development that the EU should support its fast development. He stated that freedom and security were also important. In order to ensure these goals, there was a need of a global strategy. This is because a global impact could be achieved only by a global action. The Swedish Minister for Foreign Affairs also noted that Sweden provided financial support to NGOs located all around the world to fight against filtering and blocking. He argued that setting people free allowed development. With regard to the recent US Strategy for cyberspace, he said that he supported it. However, the EU should also support it. In an amusing swipe at President Sarcozy, in response to a reference to the "civilised Internet", he replied "Civilised Internet? Perhaps we should first launch a civilised telephone system where people only say nice things." Carl Bildt remarks on Digital Authoritarianism at The European Centre for International Political Economy (ECIPE) Brussels (23.05.2011) http://www.regeringen.se/sb/d/7417/a/169243 ECIPE Study http://www.ecipe.org/digital-authoritarianism-human-rights-geopolitics-and-… (Contribution by Daniel Dimov - EDRi intern) ============================================================ 8. MEPs approve body scanners on airports on a voluntarily basis ============================================================ As the European Commission plans new rules to add body scanners to the list of EU-authorised methods for passenger screening, the European Parliament, which has the right to veto, made its position known on 24 May 2011, by approving a report that backs the use of body scanners provided they don't interfere with passenger privacy or pose health risks. MEPs on the Transport Committee agreed that the use of body scanners in EU airports would enhance security but considered the method should be used voluntarily. The report, that is to be voted in the plenary on 23 June, asks for several conditions to be met on body scanners, including a ban on scanners using ionising radiations, like x-rays, and the necessity of using the least harmful technology, so as to ensure the passengers' health. "We need to be sure that the new equipment will not impact people's health. Therefore, x-ray scans should be rejected," said Luis de Grandes Pascual, the MEP who drafted the report. The US Transportation Security Administration has insisted, in its turn, that the radiation from airport body scanners poses no threat to health and that every x-ray backscatter unit was operating "well within applicable national safety standards". MEPs believe the use of body scanners should be made by also ensuring the protection of the personal data, dignity and privacy, the report asking for the use of only "stick figures" without body images being produced, and without storage of the obtained figures. To be sure of that, "the technology used must not have the capabilities to store or save data". Moreover, the passengers must be able to opt for a manual search instead of a body scan and the scans should be random and non-discriminatory. According to the report, the Member States should provide extra control points and security staff to ensure that passengers are not slowed down by the need to pass through body scanners. MEPs also call for international aviation security coordination with mutual recognition of measures and one-stop security systems in order to ensure that passengers, luggage and cargo at EU airports are screened only once. Presently, body scanners are in use in UK and Dutch airports and have been tested in Germany, Italy, France and Finland. MEPs back body scanners but want strict safeguards (26.05.2011) http://www.europarl.europa.eu/en/headlines/content/20110520STO19907/html/ME… Information on body scanners and safety from TSA http://www.tsa.gov/approach/tech/ait/safety.shtm Information on body scanners from the European Commission http://ec.europa.eu/transport/air/index_en.htm Controversial body scanners continue to cause transatlatic divide (26.05.2011) http://www.independent.co.uk/life-style/health-and-families/controversial-b… Strict safeguards needed for airport body scanners, say MEPs (24.05.2011) http://www.europarl.europa.eu/fi/pressroom/content/20110523IPR19946/html/St… Draft Report on aviation security, with a special focus on security scanners - Committee on Transport and Tourism (23.02.2011) http://www.europarl.europa.eu/meetdocs/2009_2014/documents/tran/pr/834/8343… EDRi-gram: EESC condemns body scanners as a breach of fundamental rights (23.02.2011) http://www.edri.org/edrigram/number9.4/body-scanners-breach-privacy ============================================================ 9. OSCE findings on Estonian e-voting ============================================================ In its report of 16 May 2011, the Office for Democratic Institutions and Human Rights (ODIHR) of the Office of Security and Cooperation in Europe (OSCE) found Estonia's March 6 parliamentary elections, including the Internet voting, as trustworthy, although several elections monitors have pointed out a series of procedural and technical issues. "The Riigikogu elections were conducted in an environment characterized by respect for fundamental rights and freedoms and a high degree of trust in the impartiality of the election administration. Election stakeholders expressed confidence in the overall process, including the Internet voting. Voters had an opportunity to make an informed choice among a field of candidates representing a variety of political alternatives," is ODIHR's conclusion. However, the report expresses the belief that there is room for "improvement of the legal framework, oversight and accountability, and some technical aspects of the internet voting system." The weakest point, according to the report, is that the Estonian legislation doesn't deal with significant issues such as the situations that would allow the National Electoral Committee (NEC) to declare Internet voting invalid or the way in which the voters should become aware of the fact that they had to recast their ballots on election day. Another point of emphasis was that none of NEC staff or members had the necessary know-how to carry out oversight procedures without strongly relying on the IT department of the Parliament and therefore, the report recommended the development of technical expertise within the committee. Also, the results of the test made by NEC on the e-election system were not made public and therefore more transparency would be necessary. A disaster recovery plan was also recommended in the report, as the system maintenance, as performed during the elections, might create security issues. After the elections, student Paavo Pihelgas asked in court for the invalidation of the electronic voting results claiming the software used in the electronic voting was flawed and a virus could theoretically change a vote without the voter's knowledge. The student conducted a series of experiments with volunteers in order to prove his point. According to the law, the Supreme Court can nullify election results in case of violation of voter rights that had or may have had a significant effect on the election outcome. As Pihelgas participated in the test wilfully, the Supreme Court's Constitutional Review Chamber decided on 21 March that his voter's rights had not been infringed as long as he had knowingly put himself into the situation where his vote hadn't reached the electoral committee web server. Therefore, since only an established violation can lay at the basis of the nullification of the election result, a hypothetical possibility that someone's computer may have been infected with a similar type of virus without that voter's knowledge, could not constitute enough cause for nullification. In this matter, the OSCE recommended the creation of a mechanism that would allow a voter to check whether his or her vote had been changed. OSCE Calls for Enhancements to Internet Voting (17.05.2011) http://news.err.ee/Sci-Tech/2cf34a80-6dfd-4764-aa67-1d2cf4ca879e Supreme Court Rejects Last Voter Complaint (23.05.2011) http://news.err.ee/Politics/bbb598aa-586b-4981-9f7e-88273b5a25c0 Parliamentary Elections - 6 March 2011 - OSCE/ODIHR Election Assessment Mission Report (16.05.2011) http://www.osce.org/odihr/77557 ============================================================ 10. Internet governance dialogue in Belgrade 2011 ============================================================ The 4th European Dialogue on Internet Governance (EuroDIG) took place in Belgrade on 30-31 May 2011 covering a lot of debates on a large area of issues on concepts of Internet Governance, from freedom of expression to privacy and cybersecurity. The opening session was marked by Internet freedom concepts with the opening video speech by Carl Bildt, the foreign minister of Sweden who noted that "the blocking and filtering of content, popular in certain quarters, should be avoided. I think it is a disturbing fact that more governments have become more sophisticated in trying to monitor the behaviour and also, to a certain extent to censor, the content of the net. We must send a strong message that according to the values that we represent, this is simply not acceptable." He also claimed that Europe should have a unitary voice asking for freedom on the Internet: "I would say that from the European point of view, our emphasis should be on the freedom issues of the net, the other voices in the world that are pressing in another direction and we should be on our guard against those particular tendencies. And I think we need to develop as unified and as strong European voice on these issues as we can." His speech follows a similar stand for Internet freedom taken a few days before, in an event held on 23 May 2011 in Brussels (reported in a previous EDRi-gram article). In a data protection workshop on the first day, the panel, including Katarzyna Szymielewicz from EDRi-member Panoptykon Foundation Poland, participants debated the review of the privacy standards, with an emphasis on the right to oblivion, as a new principle to be included in the review of the data protection legislative tools. The workshop also underlined the tension between the right to privacy and some new business models, a tension which should not lead to diminishing the protection of privacy. A plenary on "new media" of the second day involved a lot of participants trying to debate the notion of new media, editorial control, trust in mass medium sources and freedom of expression. The discussion drew on the current work undertaken by the Council of Europe to develop a "new notion of media", already covered in the EDRi-gram. An interesting debate on the paid vs. free media focused on the fact that for the free media there is a price to be paid as well, but it is just not visible. You can pay by giving your personal information or you can pay via advertisement. Another part of the debate was if the media law needed to be changed and in what direction. In this respect, Meryem Marzouki from EDRi underlined that such a regulation on a new media should be possible only if the purpose was "to ensure plurality of views and to ensure the public interest." The conclusions of the meeting underlined the openness of conversations, the challenge of incorporating different perspectives and the importance of maintaining a bottom up approach to internet policy issues. An active participation of the youth is also worth noting, some of them also participants in the New Media Summer School, with strong public positions in favour of preventing censorship and promoting freedom of expression and net neutrality during the debates. The next EuroDIG conference will take place in Sweden in 2012. Eurodig 2011 (30-31.05.2011) http://www.eurodig.org Carl Bildt at EuroDIG 2011 (30.05.2011) http://www.youtube.com/watch?v=GLLpW4s7WTo New Media Summer School (27.05.- 1.06.2011) http://newmediasummerschool.eu/ EDRi-gram: ENDitorial:CoE: A New Notion of Media. For Better or For Worse? (20.04.2011) http://www.edri.org/edrigram/number9.8/coe-new-notion-of-media ============================================================ 11. Recommended Action ============================================================ Open letter against ACTA - expression of concern initiated by some European medialabs collaborate in LABtoLAB, a two year programme of collective reflection on informal learning. (05.2011) http://www.labtolab.org/~labtolab/wiki/index.php/Acta_expression_of_concern… ============================================================ 12. Recommended Reading ============================================================ Internet matters: The Net's sweeping impact on growth, jobs, and prosperity. (05.2011) http://www.mckinsey.com/mgi/publications/internet_matters/pdfs/MGI_internet… State of the Internet in Europe (25.05.2011) http://owni.fr/2011/05/25/carte-internet-europe-regulation-filtrage-copyrig… Google boss: anti-piracy laws would be disaster for free speech (18.05.2011) http://www.guardian.co.uk/technology/2011/may/18/google-eric-schmidt-piracy Author Attitudes Towards Open Access Publishing (27.04.2011) http://www.intechweb.org/public_files/Intech_OA_Apr11.pdf Freedom of Connection, Freedom of Expression: UNESCO launches new publication (25.05.2011) http://portal.unesco.org/ci/en/ev.php-URL_ID=31398&URL_DO=DO_TOPIC&URL_SECT… ============================================================ 13. Agenda ============================================================ 2-3 June 2011, Krakow, Poland 4th International Conference on Multimedia, Communication, Services and Security organized by AGH in the scope of and under the auspices of INDECT project http://mcss2011.indect-project.eu/ 3 June 2011, Florence, Italy E-privacy 2011 and Big Brother Awards 2011 http://e-privacy.winstonsmith.org/ 4-5 June 2011, Bonn, Germany PolitCamp 2011 http://11.politcamp.org 12-15 June 2011, Bled, Slovenia 24th Bled eConference, eFuture: Creating Solutions for the Individual, Organisations and Society http://www.bledconference.org/index.php/eConference/2011 14-16 June 2011, Washington DC, USA CFP 2011 - Computers, Freedom & Privacy "The Future is Now" http://www.cfp.org/2011/wiki/index.php/Main_Page 11-12 July 2011, Barcelona, Spain 7th International Conference on Internet, Law & Politics (IDP 2011): Net Neutrality and other challenges for the future of the Internet http://edcp.uoc.edu/symposia/lang/en/idp2011/?lang=en 24-30 July 2011, Meissen, Germany European Summer School on Internet Governance 2011 http://www.euro-ssig.eu/ 27 - 30 October 2011, Barcelona, Spain Free Culture Forum 2011 http://fcforum.net/ ============================================================ 14. About ============================================================ EDRi-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRi has 28 members based or with offices in 18 different countries in Europe. European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRi-grams. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and are visible on the EDRi website. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 3.0 License. See the full text at http://creativecommons.org/licenses/by/3.0/ Newsletter editor: Bogdan Manolea <edrigram(a)edri.org> Information about EDRI and its members: http://www.edri.org/ European Digital Rights needs your help in upholding digital rights in the EU. If you wish to help us promote digital rights, please consider making a private donation. http://www.edri.org/about/sponsoring - EDRI-gram subscription information subscribe by e-mail To: edri-news-request(a)edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. Unsubscribe by e-mail To: edri-news-request(a)edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/edri/2.html - EDRI-gram in German EDRI-gram is also available in German, with delay. Translations are provided Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users http://www.unwatched.org/ - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask <edrigram(a)edri.org> if you have any problems with subscribing or unsubscribing. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

[serval-project-dev] Encrypted rhizome bundles!
by Jeremy Lakeman 06 Jul '18

06 Jul '18

I've just pushed the final changes to land encrypted payloads in rhizome, covered by some appropriate test cases. But don't try to use the latest serval-dna in the android batphone application just yet. There's a breaking API change related to extracting files that we need to deal with first. That's hopefully a small job I can tackle tomorrow. -- You received this message because you are subscribed to the Google Groups "Serval Project Developers" group. To post to this group, send email to serval-project-developers(a)googlegroups.com. To unsubscribe from this group, send email to serval-project-developers+unsubscribe(a)googlegroups.com. For more options, visit this group at http://groups.google.com/group/serval-project-developers?hl=en. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0