cypherpunks-legacy
Threads by month
- ----- 2025 -----
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1998 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1997 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1996 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1995 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1994 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1993 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1992 -----
- December
- November
- October
- September
July 2018
- 1371 participants
- 9656 discussions
On May 7, 2007, at 2:15 PM, Jim Whitehead wrote:
>* So, I walk out of my house, turn on my cell phone, and I'm
>immediately hit with event-driven porn spam?
That could happen.
Thankfully, a significant percentage of everyone involved is
demanding a strong digital signature framework to be de facto
mandatory, something which I personally strongly support. It is
optional, but there are enough people lucid enough to not want to re-
invent SMTP poorly who are willing to argue that case that it will
probably minimize spam opportunities in implementation. What that
looks like in practice is hard to say, but I think digital signatures
will be standard fare for mandatory feeds. However, that does not
prevent upstream digital signature folks like the telcos from whoring
their certs and channel to anyone with cash. It is very desirable
advertising real estate.
This is being implemented in most countries by regulatory fiat. To
the extent that I have influence on the process, I have been a strong
advocate of a useful digital signature framework for ascertaining
source authority (and filterinig on that basis) at a minimum, and
potentially much stricter profiles. We'll see what it really looks
like in five or ten years. The people that want no cryptographic
controls at all ("because it is simple") are in the minority.
Cheers,
J. Andrew Rogers
_______________________________________________
FoRK mailing list
http://xent.com/mailman/listinfo/fork
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
On May 7, 2007, at 2:15 PM, Jim Whitehead wrote:
>* So, I walk out of my house, turn on my cell phone, and I'm
>immediately hit with event-driven porn spam?
That could happen.
Thankfully, a significant percentage of everyone involved is
demanding a strong digital signature framework to be de facto
mandatory, something which I personally strongly support. It is
optional, but there are enough people lucid enough to not want to re-
invent SMTP poorly who are willing to argue that case that it will
probably minimize spam opportunities in implementation. What that
looks like in practice is hard to say, but I think digital signatures
will be standard fare for mandatory feeds. However, that does not
prevent upstream digital signature folks like the telcos from whoring
their certs and channel to anyone with cash. It is very desirable
advertising real estate.
This is being implemented in most countries by regulatory fiat. To
the extent that I have influence on the process, I have been a strong
advocate of a useful digital signature framework for ascertaining
source authority (and filterinig on that basis) at a minimum, and
potentially much stricter profiles. We'll see what it really looks
like in five or ten years. The people that want no cryptographic
controls at all ("because it is simple") are in the minority.
Cheers,
J. Andrew Rogers
_______________________________________________
FoRK mailing list
http://xent.com/mailman/listinfo/fork
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
Dear Mr. Seaver:
The mayor invites you to come forward with proof to support your
allegations of kickbacks at city hall, as posted on your website.
http://www.oshkoshbygosh.org
You surely can attend the next Common Council meeting, which begins at
6PM on Tuesday, June 12, 2001, in Room 406 of City Hall, 215 Church Avenue.
There is a portion near the meeting's end, entitled Citizen Statements,
during which time you have ample opportunity to substantiate your claims.
Otherwise, if you do not have such proof, you ought to consult with legal
counsel to determine what appropriate retractions should be published. You
might be aware that defamation of character, also known as libel, can result
in civil lawsuits against the defamer. In addition, you may wish to ask
about unauthorized use of portions of the City of Oshkosh website.
Please do not misinterpret this as an effort to stifle appropriate public
discussion about municipal issues. Valid, public opinions ought not lead
one into legal trouble unless intended to do so.
Thank you very much,
Warren P. Kraft
City Attorney's Office
215 Church Ave
P. O. Box 1130
Oshkosh WI 54903-1130
(920) 236-5115
fax: 920-236-5090
PS Just so there is no misunderstanding, I do not consent to your
publication of these comments in any fashion other than during a
consultation with your legal counsel, should you so choose. Feel free to
contact me directly about any questions you may have in these areas.
-----Original Message-----
From: Dell'Antonia, Jon
Sent: Thursday, June 07, 2001 4:35 PM
To: Kraft, Warren P.
Subject: FW: City Tree Rapers
You need to take a look at this guys web site. I think he has gone to far
and I would like for you to "nail him to the cross" if you can. My issue is
with his comments of kickbacks at city hall. This is a serious charge and
he should either come forward with proof,and we should take appropriate
action, or have to put out a retraction on his site. That is what I would
like you to go after him about.
It is one thing for him to blow off steam with his opinions, but this is a
specific charge of illegal doings and I do not think we should let him get
away with it. I think it is "put up or shut up" time.
If you would like to discuss what we can do or we need a session on it, then
lets have it.
-----Original Message-----
From: cityboy(a)cybershamanix.com
To: mharris(a)ci.oshkosh.wi.us
Cc: mbloechl(a)ci.oshkosh.wi.us; jdellantonia(a)ci.oshkosh.wi.us;
shintz(a)ci.oshkosh.wi.us
Sent: 6/6/01 2:45 PM
Subject: City Tree Rapers
http://www.oshkoshbygosh.org
--------------A03F01E7232A6AC2F02E8425--
1
0
On Tue, Nov 29, 2005 at 12:22:45PM +0000, Jimmy Wales wrote:
> Geoffrey Goodell wrote:
> > I do not have other cards, and my card works everywhere else. A little
> > online investigation suggests that Paypal outsources its card
> > verification process to an overzealous company called CyberSource, and
> > there are many false positives.
>
> Why do you call them overzealous? If they are actually overzealous then
> they will lose money for their customers (on average) and ultimately
> lose business. But I rather suspect that they are making money for
> their customers (on average).
>
> My point, which ought not to be surprising given what I usually say, is
> that we should not be too complacent that people who are blocking Tor
> are just being overzealous or stupid or anti-privacy. It can make
> sense, and part of our job is to figure out how to help it not make sense.
First, Tor is an experimental overlay network, and it has been (rightly)
designed to be easy to flag and block. While it is certainly possible
that CyberSource is rejecting my card because I am connecting from an IP
address that is known to host a Tor node, I do not believe this to be
the case. Having read the various articles and documents from my
previous post, I am inclined to believe that CyberSource simply noticed
that my card had a billing address in Cambridge, Massachusetts, USA,
while my source IP address corresponded to an ISP that was located
nowhere near Cambridge, Massachusetts, USA, and based upon these
observations, CyberSource concluded that I am most likely a fraud.
Use of location information may indeed serve as a moderately effective
technique in stopping the more irresolute cyberfrauds who do not bother
using the very same geolocation techniques to choose a source IP address
whose corresponding geographic location is close to the billing address
of the card. On the surface such an approach appears to be a rather
obvious and harmless step for those of us interested in cracking down on
fradulent activity. Sure, this is an arms race, but sometimes
participating in an arms race is the best option we have, right? In
this case I am not so sure.
I call the use of location information "overzealous" because it tramples
the end-to-end principles upon which the Internet was built. There is a
very real sense in which use of location information permanently tethers
us to an infrastructure in which access to Internet resources is a
function of how we are connected rather than how we have identified
using end-to-end methods, and this poses a challenge to maintaining the
global consistency of the Internet that we have come to expect.
Suddenly "Internet access" means something radically different when
offered in Russia rather than Germany or when offered in Brazil rather
than the US. Inevitably, this technical reality opens the door for
hackish VPN-style solutions to make people appear to be somewhere else
in order to get the Internet access they really want, and such solutions
are expensive both in terms of setup cost and performance. Do we really
want to promote this future, especially when it hurts legitimate users
more than it hurts true frauds in the long run? I think that we do not,
and I see the use of location information in infrastructure services as
one of the greatest challenges to maintaining Internet consistency over
the next decade.
Geoff
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
1
0
>From the New York Times --
Op-Ed Contributor
Caught Up in DNA's Growing Web
by Harlan Levy
<http://www.nytimes.com/2006/03/17/opinion/17levy.html?ex=1300251600&en=f87e0
2b26e708399&ei=5090&partner=rssuserland&emc=rss>
THE announcement this week that DNA from a paroled violent felon
working as a bouncer matches that found on plastic ties used to bind
a murdered graduate student highlights DNA's power to implicate
people already in state databases.
Fifteen years ago, as a Manhattan homicide prosecutor, I was an
aggressive proponent of taking DNA from convicted murderers, rapists
and other violent felons so we could catch them when they committed
crimes again. I even quit my day job to write a book likening the
identification of criminals through DNA to the voice of God speaking
on earth.
I still firmly believe in the power of DNA to catch the guilty and
exonerate the innocent. This week's developments seem likely to
vindicate that faith again. But for all this technology's promise,
proposals by some to extend DNA databanks far beyond convicted
felons, and even to the general population, go too far.
In the early 1990's, state legislatures did what many early
proponents of DNA urged: they passed laws to take DNA from those
convicted of murder, rape and other violent felonies. Then they
enacted laws to take DNA from most convicted felons. Misdemeanor sex
crimes were next, a logical, intelligent measure.
But the proposed next steps in DNA collection were more problematic.
In 1998, New York City's police commissioner, Howard Safir, proposed
that DNA be taken from all arrestees. And Gov. George Pataki has
sought to take DNA from people convicted of any misdemeanor, without
proof that such offenders are more likely than the general population
to commit violent felonies or sex crimes (the kinds of offenses where
DNA evidence is most useful).
And the buzz today among prosecutors, judges and defense lawyers is
that proposals to take DNA from the entire population are next.
What, if anything, is wrong with this picture? DNA databanks do help
apprehend dangerous criminals (and thereby prevent crime). But most
people aren't violent criminals and never will be, so putting their
DNA on file exposes them to risks that they otherwise wouldn't face.
First, the people who collect and analyze DNA can make mistakes
(witness the Houston Police Department Laboratory, whose slapdash DNA
procedures led to at least one wrongful conviction). Second, people
can be framed by the police, a rival or an angry spouse. Third, DNA
is all about context; there may be innocent reasons for a person's
DNA to be at a crime scene, but the police are not always so
understanding.
Indeed, with a universal national DNA databank, innocent people may
be embroiled in criminal investigations when their DNA (a single hair
or spot of saliva on a drinking glass) appears in a public or private
place where they had every right to be.
Even if we get past those objections (do you trust the government
with your DNA on file?), the practical barriers to universal
collection loom larger still. In a nation with no institutionalized
national identification cards, photo files or fingerprinting, just
imagine requiring all citizens and residents to report to the local
registry for DNA collection.
So the advocates of universal testing will urge the collection of DNA
at birth. Aside from the atmospherics of registering newborns (don't
you know that children are our future ... criminals), rapid
technological advances suggest that we will not be using the same
methods to analyze and store DNA results 20 years from now, when
those grown babies begin committing crimes.
[snip]
Weblog at: <http://weblog.warpspeed.com>
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
1
0
============================================================
EDRi-gram
biweekly newsletter about digital civil rights in Europe
Number 9.20, 19 October 2011
============================================================
Contents
============================================================
1. European action week on airline passenger surveillance
2. The latest developments on ACTA in the European Parliament
3. German police accused of using a Trojan backdoor for interceptions
4. Berlusconi's wiretapping law threatens online publishers
5. Phorm gets back on the European stage
6. EDPS's Opinion on net neutrality & privacy
7. European Parliament legal service confirms: ACTA may or may not be legal
8. ENDitorial: Belgian music industry acts to undermine copyright law
9. Recommended Action
10. Recommended Reading
11. Agenda
12. About
============================================================
1. European action week on airline passenger surveillance
============================================================
Credit card details, hotel bookings, IP addresses, mobile phone numbers, and
travel details: all this information is currently being transferred to law
enforcement agencies in third countries. The storage and automatic
processing of our data is supposed to enable law enforcement agencies to
identify "unknown" suspects and to profile citizens as possible terrorists
or people-traffickers.
On 17 October 2011, EDRi and nopnr.org organised a public workshop with a
keynote speech by U.S. travel expert and human rights advocate Mr Edward
Hasbrouck. The aim of the workshop was to discuss the international
agreements on the transfer, storage and processing of passenger name records
(PNR) with the USA, Canada and Australia and the plans for a European travel
surveillance system. The event launched a European action week on PNR
including activists' workshops in Berlin and Vienna, discussions in the
European Parliament and a meeting with Germany's Justice Minister Sabine
Leutheusser-Schnarrenberger.
The agreements from 2007 on the processing and transfer of airline passenger
data, which have since then been provisionally applied, are currently being
renegotiated by the EU. The agreement between the EU and Australia has
already been signed by the Council last month and will be put to a plenary
vote in the European Parliament on 27 October 2011. If the EP decides to
give its consent to this agreement next week - despite the fact that it does
not meet the minimum guarantees demanded by the EP in its previous
resolutions - it would then be in force for seven years.
The US-EU agreement, which aims to store the personal data of millions of
transatlantic air passengers for 15 years, is still being negotiated. At the
present time, the U.S. Department of Homeland Security (DHS) is not willing
to countenance any concessions regarding the retention period or safeguards.
However, air carriers are already transmitting travel data to the DHS each
time we are taking the plane to the U.S. The information submitted by
passengers when buying a ticket is freely available to any agencies in the
U.S., where there are no data protection laws.
In his speech at EDRi's offices (see slides below), Hasbrouck explained his
work in the U.S. which includes a legal case against the DHS to obtain
access to his own PNR data. He mainly criticised that the EU-U.S. agreement
is not a treaty and can therefore not be enforced in U.S. Courts. Hasbrouck
underlined that it does not recognize the fundamental right to freedom of
movement (ICCPR, Article 12) and criticised the fact that it does not
prohibit data mining or profiling. He also highlighted that the main reason
for the agreement was to legitimise the already existing access by the U.S.
to travel data. According to a DHS testimony to Congress, 5 Oct. 2011, an
agreement is crucial "to protect U.S. industry partners from unreasonable
lawsuits, as well as to reassure our allies, DHS has entered into these
negotiations."
In this context it is also worth noting that in May 2011, the DHS had
already nearly 400 employees operating at airports and sea ports within the
EU. This practice came to light after Mark Koumans, Deputy Assistant
Secretary for International Affairs of the DHS, made a statement on the
extensive range of cooperative activities between police forces in the EU
and the U.S. police.
In addition to the international agreements, the Commission made a proposal
for a European Passenger Name Record (PNR) Directive, earlier this year, to
place all travel in and out of the EU under surveillance. The Commission is
not excluding the possibility of collecting and using of passenger name
record data for rail transport in the future. This proposal is supported by
the UK who is in favour of a PNR system for passengers travelling by sea.
However, a leaked note by the Commission's own legal service in June this
year questioned the necessity of a period of more than two years in the
EU-PNR proposal. More worrying is European Union's own PNR system which
intends to establish a new surveillance authority in each Member State
(Passenger Information Unit), whose main purpose would be profiling of
citizens based on their travel habits.
Last year, the European Data Protection Supervisor (EDPS) also harshly
criticized the proposal for a EU-PNR system: "The EDPS considers that the
bulk transfer of data about innocent people for risk assessment purposes
raises serious proportionality issues. (...) The EDPS questions in
particular the proactive use of PNR data. While 're-active' use of data does
not raise major concerns, as far as it is part of an investigation of a
crime already committed, real time and proactive use lead to a more critical
assessment."
EDRi has serious concerns that storage and processing of travel data without
given suspicion infringes the European fundamental right to data protection
(Art. 8 Charter of Fundamental Rights) and argues that fundamental rights
and freedoms in the context of 'transatlantic cooperation' are not taken
into consideration. In a recent position paper sent to all relevant MEPs for
their vote on the EU-Australia agreement, EDRi highlighted that the minimum
standards requested by the European Parliament in two resolutions have not
been met by the Commission.
EDRi position paper on the EU-Australian agreement (27.09.2011)
http://www.edri.org/files/2011PNR/27092011EDRi_AustraliaPNR.pdf
Hasbrouck's slides from EDRi-noPNR workshop (17.10.2011)
http://hasbrouck.org/IDP/PNR-Hasbrouck-OCT2011.pdf
NoPNR.org campaign website
http://www.nopnr.org/
Hasbrouck's action week in Europe (12.10.2011)
http://hasbrouck.org/blog/archives/001963.html
FAQ about PNR data
http://wiki.vorratsdatenspeicherung.de/images/USA-EU_PNR-FAQ.pdf
Opinion of the European Data Protection Supervisor (EDPS) on the EU-PNR
proposal (18.10.2010)
http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consu…
Commission on the possibility to use PNR for rail transport (4.03.2011)
http://www.europarl.europa.eu/sides/getAllAnswers.do?reference=P-2011-00122…
(Contribution by Kirsten Fiedler - EDRi)
============================================================
2. The latest developments on ACTA in the European Parliament
============================================================
After long, opaque and undemocratic negotiations, the Anti-Counterfeiting
Agreement (ACTA) is making its first steps into the European Parliament.
The long process of the ratification of ACTA, which will need to overcome
the hurdles created by votes in all 27 EU national parliaments as well as in
the European Parliament, has now started.
The first step in the process at a European level, after a rubber-stamping
of the text by the Council, is that each of the European Parliament
Committees that considers it has an important perspective to add to
the process will nominate itself to provide an "opinion" on the text.
Currently, two committees - Legal Affairs and Civil Liberties, Justice and
Home Affairs have decided to give opinions. In the Legal Affairs Committee
(JURI), Marielle Gallo (EPP) is in charge of the dossier. On 17 October, the
Civil liberties, Justice and Home Affairs Committee (LIBE) decided
to produce an opinion, but it has not yet been decided which MEP will be in
charge.
The committee that will produce the final report to be approved by the whole
parliament (theoretically taking due account of the "opinions" of the other
committees) is the International Trade Committee (INTA), with Kader Arif
(S&D Group, France) as Rapporteur.
Having fought hard throughout its entire history for the right to have equal
decision-making power on dossiers such as this one, the Parliament now
appears almost afraid to take an independent, democratic decision. MEPs
appear worried that rejecting the decision might look childish or, more
bizarrely, rude, after all of the work that has been put into the Agreement
up until now.
Every European policy maker needs to be encouraged to consider the
implications of ACTA. For this reason, EDRi, Access and the Trans-Atlantic
Consumer Dialogue (TACD) worked together to produce a booklet, which
provides an insight into the controversial and unacceptable parts of the
proposal.
The booklet outlines the lack of credibility, the threat to freedom of
expression and access to culture; the dangers threatening privacy, and the
chilling effect on innovation and the hindrance to trade that will be
created if ACTA is adopted. All members of the European Parliament received
the booklet last week.
A translation of the booklet is available in German, Polish and Czech. Other
languages (such as Romanian and French) will be added in due course and will
be included on the web version of this article and announced via Twitter.
EDRi Booklet on ACTA
http://www.edri.org/files/acta-bklt-p2s.pdf
Czech version
http://www.slidilove.cz/sites/default/files/acta-argumenty_cz.pdf
German version
http://www.edri.org/files/acta-edri-broschuere.pdf
Polish version
http://www.edri.org/files/ACTA_booklet_PL.pdf
EDRi-gram: ENDitorial: Countries start signing ACTA, preparatory docs still
secret (5.10.2011)
http://www.edri.org/edrigram/number9.19/acta-documents-secret
(Contribution by Marie Humeau - EDRi)
============================================================
3. German police accused of using a Trojan backdoor for interceptions
============================================================
According to EDRi-member Chaos Computer Club (CCC), the German
government has been using a backdoor Trojan, a spyware that can retrieve
private data, and also offers a remote control for uploading and executing
other arbitrary programs.
CCC has reverse engineered and analysed the respective programme and has
concluded that the Trojan can receive uploads of arbitrary programs from the
Internet and execute them remotely and that the activation of the computer's
hardware, like the microphone or the camera, can be used for surveillance.
Moreover, with the help of an additional module, it can be used to remotely
control infected PCs over the Internet, watching screenshots of the web
browser on the infected PC, including private notices, emails or texts in
web based cloud services. On its website, CCC group includes a screen shot
to show the Trojan in action.
The use of spying software violates the country's constitutional law as
it contains functions beyond the interception of Internet-based
communication. In 2008, Germany's Federal Constitutional Court ruled that
the secret infiltration of information technology systems was a grave
infringement of civil rights and could only be justified in some criminal
investigations, and so established strict legal limitations for such cases.
The CCC analysis reveals this is a case of "Bundestrojaner" (federal
Trojan), the colloquial German term for a government malware concept
concealed as "Quellen-TK\" (meaning "source wiretapping" or lawful
interception of the source). But, according to the constitutional court,
Quellen-TK\ can only be used for wiretapping Internet telephony and has to
be enforced through technical and legal means.
The analysis concludes that not only were no technical safeguards introduced
by the Trojan's developers to provide the use of the malware exclusively
for wiretapping Internet telephony, but its design includes
functionality to clandestinely add more components over the network from the
start, creating a bridge-head to further infiltrate the computer.
"This refutes the claim that an effective separation of just wiretapping
internet telephony and a full-blown trojan is possible in practice - or even
desired. Our analysis revealed once again that law enforcement agencies will
overstep their authority if not watched carefully. In this case functions
clearly intended for breaking the law were implemented in this malware: they
were meant for uploading and executing arbitrary code on the targeted
system," stated a CCC speaker.
Markus Beyer, spokesperson for the Federal Interior Ministry said at a press
conference on 8 October 2011 that the software was "freely available" and
three years old, without however stating whether the software had been
designed by or for the government.
Chief government spokesperson Steffen Seibert stated at the same press
conference that the German government was taking allegations about illegal
surveillance software used by investigative authorities "very seriously" and
would examine the claims made by CCC.
"It would be a very grave incident and clearly against the law should the
allegation be accurate," said Wolfgang Bosbach, chairman of the German
Parliament's Internal Affairs Committee to Deutschlandfunk radio and, on 7
October 2011, the Free Democratic Party asked for an investigation and a ban
on the use of the software until the allegations were cleared.
German government accused of spying on citizens with state-sponsored Trojan
(8.10.2011)
http://www.zdnet.com/blog/bott/german-government-accused-of-spying-on-citiz…
Analysis of Government malware (only in German, 8.10.2011)
http://www.ccc.de/system/uploads/76/original/staatstrojaner-report23.pdf
Chaos Computer Club analyzes government malware (8.10.2011)
http://ccc.de/en/updates/2011/staatstrojaner
Possible Governmental Backdoor Found ("Case R2D2") (8.10.2011)
http://www.f-secure.com/weblog/archives/00002249.html
German Malware May Put PC's Camera at Risk (10.10.2011)
http://www.bloomberg.com/news/2011-10-10/german-trojan-spyware-may-violate-…
============================================================
4. Berlusconi's wiretapping law threatens online publishers
============================================================
The Italian Parliament has resumed discussions on the very criticised
governmental bill that would limit the publication of wiretaps in the news
media, forcing at the same time websites to automatically publish
corrections at request. But on 12 October 2011 the decision on the final
text was postponed, after the paragraph 29 was amended so it will not apply
to any blog.
The draft bill was approved by the Senate in June 2011 but has been put
aside due to strong criticism from civil society. However, Prime Minister
Silvio Berlusconi, who would directly benefit from the law, has succeeded in
inserting the draft bill on the agenda of the Chamber of Deputies a few
days after it was approved by a legislative committee on 5 October, with
very minor changes.
"The latest amendments make no difference," Reporters Without Borders said
adding: "Restricting the publication of tapped phone conversations in the
media to this degree would gravely impede investigative journalism. It has
all the hallmarks of a crude and dishonest device for gagging the media. It
also has a distinctly political dimension. The government is trying to cover
up the prime minister's sex scandals, many of which have been exposed by the
publication of phone transcripts."
The bill says that the media can publish a transcript from a telephone
tap only if judges or lawyers consider it is not "essential for proving the
guilt or innocence" of the person under investigation. The publication of
any "inappropriate" phone tap material would be punishable by 6 months to 3
years in prison or a fine of 10 000 euro for a reporter and of up to 300 000
euro for an editor.
Many journalists and bloggers demonstrated against the bill on 5 October in
Rome. During three days, between 5 and 7 October, Wikipedia blocked access
to all entries in its Italian-language version in protest against the bill
"The obligation to publish on our site corrections required by the law,
without even the right to discuss and verify the claim, is an unacceptable
restriction of the freedom and independence of Wikipedia."
"Wikipedia Italy is on strike against an idiotic proposed law," said Jimmy
Wales, co-founder of Wikipedia, who considers that as Italy already has very
good laws against defamation, the proposed bill "overreaches
dramatically. I have never heard of any law like it anywhere else in the
world."
Now, the entire draft law has been apparently postponed until November.
Draft Italian bill on wiretapping (only in Italian, 6.10.2011)
http://www.senato.it/leg/16/BGT/Schede/Ddliter/35538.htm
Investigative reporters and websites again threatened by proposed "gag law"
(7.10.2011)
http://en.rsf.org/investigative-reporters-and-07-10-2011,41145.html
Blackout in Italy: "The first time Wikipedia worldwide has done anything of
this kind" (6.10.2011)
http://www.niemanlab.org/2011/10/blackout-in-italy-the-first-time-wikipedia…
A Summit on wiretapping, Berlusconi wants to reopen the game (only in
Italian, 13.10.2011)
http://www.repubblica.it/politica/2011/10/13/news/ddl_intercettazioni-23137…
Wiretapping bill in November: a standard against websites and blogs today?
(only in Italian, 14.10.2011)
http://www.webmasterpoint.org/news/ddl-intercettazioni-a-novembre-norma-con…
Wiretapping bill in November, a brief limitation (only in Italian,
14.10.2011)
http://www.ilsole24ore.com/art/notizie/2011-10-14/intercettazioni-novembre-…
============================================================
5. Phorm gets back on the European stage
============================================================
After its implementation in UK failed, Phorm wants a fresh start by
placing its foot in the European market through a partnership deal with
Romtelecom in Romania.
With no public debate before the launch at the end of September, Romtelecom
has presented a new service called MyClicknet, which basically
implements the Phorm behavioural advertising solution with an opt-in
approach.
In practice, that means that almost all traffic (browsing and searches) on
port 80 from Internet users that opt-in for such a system will be scanned in
order to create a profile that can be sold to interested advertising
companies. Romtelecom insists that no personal data is recorded or kept and
the user is identified in the ad network based on an anonymous string of
characters.
Romtelecom also claims that the system will not scan any type of "delicate
subjects", such as content related to smoking, pornography, alcohol, drugs,
health issues or related to children under 14 years old. This would mean in
practice that they will be actively using Deep Packet Inspection (DPI) in
order to see if the content fits in one accepted category or not.
Complaints against the system arose when Internet users saw their
traffic redirecting to the Romtelecom opt-in page for its new service
or, after joining the service, saw that traffic was being redirected to
oix.net (the Phorm service).
Romtelecom's reply was that the service is 100% anonymous and free and you
need to opt-in (by clicking "Continue" on their redirect page) to get
access to the service. Also, they say the system was checked with the
Romanian DPA (Data Protection Authority) and they have implemented all the
suggestions of the DPA.
However, if the data protection law is fuzzy enough to be interpreted in
such a way a similar service might be accepted by the DPA, the Romanian
eprivacy law (no. 506/2004) is very clear regarding the obligation of
confidentiality of the electronic communication providers. Article 4 states
that the confidentiality of communications is guaranteed and any form of
tapping or surveillance of the communication can be made only with the
"prior written consent" of the users that are taking part in such
communication. And if we think of the users of an Internet communication,
there should be both the subscriber and the website.
After receiving several complaints, the Romanian DPA announced that it will
launch an investigation to see how personal data are protected in the
MyClicknet service, but only after 28 October 2011. In the meantime, all its
public relations are being temporarily suspended, because they need to move
to a new location.
Romanian re-Phorm-ation? (30.09.2011)
http://symbioticweb.blogspot.com/2011/09/romanian-re-phorm-ation.html
Romtelecom and their illeagal practices - Myclicknet traffic being
intercepeted and analsed (only in Romanian, 6.10.2011)
http://forum.softpedia.com/index.php?showtopic=810348&st=0
Clicknet from Romtelecom - adverstising, redirecting, spam (only in
Romanian, 4.10.2011)
http://m1ha1.blogspot.com/2011/10/clicknet-de-la-romtelecom-reclame.html
MyClicknet - the wiretapping service of Romtelecom (only in Romanian,
17.10.2011)
http://legi-internet.ro/blogs/index.php/2011/10/17/myclicknet-serviciul-de-…
EDRi-gram: Phorm given up by UK ISPs (15.07.2009)
http://www.edri.org/edri-gram/number7.14/phorm-out-uk
============================================================
6. EDPS's Opinion on net neutrality & privacy
============================================================
Peter Hustinx, the European Data Protection Supervisor (EDPS) adopted an
opinion on 7 October 2011 on the European Commission Communication on the
open internet and net neutrality in Europe, stressing the necessity of
respecting the fundamental right to privacy and data protection of users, in
particular in terms of confidentiality of communications.
The Opinion addresses a very controversial subject and comes in the light of
the Communication adopted by the Commission on 19 April 2011 and the
Commission's public consultation preceding the Communication. It also takes
into consideration the draft Council conclusions on net neutrality.
Net neutrality refers to whether Internet service providers (ISPs) should be
allowed to monitor network traffic, filter or restrict Internet access of
their users. The idea is that "information on the Internet should be
transmitted impartially, without regard to content, destination or source,
and that users should be able to decide what applications, services and
hardware they want to use. This means that ISPs cannot, at their own choice,
prioritise or slow down access to certain applications or services such as
Peer to Peer ('P2P'), etc."
The EDPS draws attention to such practices on certain
inspection techniques used by ISPs that may be highly intrusive, involving
the monitoring of content of communications, websites visited, emails sent
and received, the time when this takes place, enabling filtering of
communications. In Hustinx's opinion, monitoring of the ISPs' compliance
with data protection rules should be closely monitored.
The confidentiality of communications is a fundamental right protected by
the European Convention for the Protection of Human Rights and Fundamental
Freedoms, the Charter of Fundamental Rights of the European Union as well as
the EU ePrivacy Directive.
Hustinx believes there is a tendency of increased monitoring and inspection
techniques from ISPs which raises serious issues regarding the
protection of users' privacy and personal data and therefore, more has to be
done to devise and implementsatisfactory policies on the matter.
He therefore calls on the Commission to initiate a debate involving all
relevant stakeholders, for the clarification of the data protection legal
framework applying in this case.
In his Opinion, the EDPS has made some recommendations which include: the
determination of legitimate inspection practices needed to ensure the smooth
flow of traffic or carried out for security purposes; the determination of
the cases when monitoring requires the users' consent (such as filtering
aimed to limit access to certain applications and services, such as peer to
peer); and, in such cases, the necessity of guidance regarding the
application of the necessary data protection safeguards (purpose limitation,
security etc).
Hustinx also believes national authorities and BEREC should monitor the
market situation. "This monitoring should result in a clear picture
describing whether the market is evolving towards massive, real-time
inspection of communications and issues related to complying with the legal
framework." "Further analysis of the effects of new practices in relation to
data protection and privacy on the Internet", is also necessary.
Based on such analyses, additional legislative measures might be necessary
in which case "the Commission should put forward policy measures aimed at
strengthening data protection rules and ensuring legal certainty. New
measures should clarify the practical consequences of the net neutrality
principle and guarantee users the possibility."
Opinion of the European Data Protection Supervisor on net neutrality,
traffic management and the protection of privacy and personal data
(7.10.2011)
http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consu…
Press Release "A serious policy debate on net neutrality must effectively
address users' confidentiality of communication" (7.10.2011)
http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/EDPS/…
Busting net neutrality may amount to spying, says EU (13.10.2011)
http://www.theregister.co.uk/2011/10/13/isps_traffic_managemnet_may_breach_…
EDRi-gram: EDRi's answer to net neutrality consultation (6.10.2010)
http://www.edri.org/edrigram/number8.19/edri-net-neutrality-position
EDRi-gram: Draft Council conclusions on Net Neutrality (27.07.2011)
http://www.edri.org/edrigram/number9.15/net-neutrality-council-conclusions
============================================================
7. European Parliament legal service confirms: ACTA may or may not be legal
============================================================
Several weeks ago, the International Trade Committee of the European
Parliament asked for an opinion from the Parliament's internal legal service
regarding ACTA's legality and whether or not documents must be made public.
At the end of last week, the confidential response from the Legal Service
was delivered. The result is that the lawyers believe that ACTA may indeed
be, or possibly may not be, legal and in line with the existing legal
framework of the European Union.
In response to the question about whether ACTA is in line with existing EU
legal provisions, the Legal Service explains that the text is open to
interpretation but, on the face of it, the agreement appears to be in
line with current EU law. Of course, if the interpretations of the other
negotiating parties are different from those which the Legal Service has
guessed at, then ACTA may, indeed, not be legal after all.
Asked whether the preparatory documents of the Agreement must legally be
published, the Legal Service is very precise: there is no obligation under
international law to publish preparatory documents. They accept that
preparatory documents may be used to interpret unclear agreements and that
parts of ACTA are unclear. However, they helpfully point out that, as long
as the documents are not made public by any of the negotiating partners,
they cannot be used to assign meaning to the unclear sections of the text.
The Legal Service chooses not to address the wisdom of adopting an
international agreement, the meaning of which is likely to change if any of
the negotiating partners subsequently chooses to publish documents in order
to "prove" that its interpretation of the text is the correct one.
The only minor point of concern in this context is that the European
Parliament has already published the leaked text of the digital chapter
(which refers to private companies unilaterally cutting citizens' Internet
access) on its own website. This minor point means that the European
Parliament has already shown that ACTA (by promoting lawless sanctions by
private companies against citizens and their right to freedom of expression
and due process) is in clear and unequivocal breach of the Treaty on
European Union, which requires the Union to support democracy and the rule
of law in its international relations.
In the meantime, the Commission has provided a rather unexpected answer to a
priority written question on the meaning of the previously unheard-of
"fundamental principle" of "fair process" that is referred to in ACTA. The
Commission does not seek to argue that the "fundamental principle" is a
fundamental principle at all. Instead, it simply explains that the meaning
of the term "fair process" can be found in the Agreement on Trade-Related
Aspects of Intellectual Property Rights (TRIPS) of the World Intellectual
Property Association which... contains no reference whatsoever to "fair
process".
The Commission expresses the hope and assumption that this is what the other
ACTA negotiating partners also understood. In short, the "fundamental
principle" is not a "fundamental principle" and its meaning is, at best, an
educated guess on the part of the Commission.
Parliamentary question
http://www.europarl.europa.eu/sides/getDoc.do?type=WQ&reference=P-2011-0084…
Parliament's leak of ACTA digital chapter
http://www.europarl.europa.eu/meetdocs/2009_2014/documents/d-us/dv/suppleme…
Backup of Parliament's leak
http://www.edri.org/files/acta_disconnection.pdf (see footnote 6)
FFII requests European Parliament's Legal Services' opinion on ACTA
(15.10.2011)
http://acta.ffii.org/?p=833
(contribution by Joe McNamee - EDRi)
============================================================
8. ENDitorial: Belgian music industry acts to undermine copyright law
============================================================
We have all heard the music industry make claims about the vast amount of
"piracy" going on, such as the estimation that from 2008 to 2015, the music
industry was going to lose an amount equivalent to the combined national
debt of Greece and Italy. The ever-impartial European Commission has been
similarly apocalyptic in its analysis of the situation - describing illegal
filesharing as "ubiquitous" in its report on application of the IPR
Enforcement Directive. The question is, under such circumstances where any
law has lost its legitimacy to such an extent that breaches are
"ubiquitous," when losses are allegedly more than what entire countries
produce in a whole year, what is the one thing that must be avoided at all
costs? One must avoid robbing the law of any residual credibility that it
still has.
After being caught by a TV station trying to obtain royalties for the music
apparently produced by noodles, sauces, foodmixers and hygiene products,
Sabam, the Belgian collecting society, decided to put the blame where it
clearly belongs - the Internet. Despite the fact that it is well known that
DNS blocking does not work, despite the fact that The Pirate Bay reported an
increase in traffic from Denmark when DNS blocking was proposed there, Sabam
decided to waste the Belgian courts' time and Belgian taxpayers' money with
a demand that thepiratebay.org and a number of related domains be blocked by
the two largest Internet access providers in Belgium. The request was
granted by the Court in Antwerp.
A few hours after the court, in full awareness of the futility of the order,
made this decision, Belgian "pirates" created depiraatbaai.be in order to
circumvent the blocking order. The new domain name allows users to reach The
Pirate Bay via an indirect and unblocked route. Unsurprisingly, the
ridiculous ease with which the ruling was exposed as nonsense attracted a
huge amount of publicity - serving both to make the law and law-makers look
absurd and maximise awareness of opportunities for unauthorised access to
copyrighted material online.
Legitimacy of laws cannot ever be imposed by repressive measures. Legitimacy
most certainly cannot be imposed by repressive measures which are comically
ineffective. As long as the Internet retains the characteristics which are
the basis of its success - openness and resilience - content cannot be
definitively blocked. It is time to abandon measures that place creators and
users in opposition to each other, time to abandon policies that serve only
to illustrate the lack of understanding of the Internet by certain parts of
industry and politicians and time to build a legal framework that earns
respect and facilitates creation.
IFPI losses 2008-2015 (20.01.2011)
http://www.guardian.co.uk/technology/pda/2011/jan/20/ifpi-report-music-pira…
National debts (7.04.2011)
http://www.economicshelp.org/blog/774/economics/list-of-national-debt-by-co…
European Commission IPRED implementation report (22.12.2010)
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2010:0779:FIN:EN:…
SABAM's questionable royalty claims (09.02.2011)
http://www.techdirt.com/articles/20110209/04101413022/belgian-collection-so…
Sabam Video
http://www.youtube.com/watch?v=HZAsa9QmQO8
(contribution by Joe McNamee - EDRi)
============================================================
9. Recommended Action
============================================================
EDRi is Flattrable starting with this week!
http://flattr.com/thing/417077/edri-on-Flattr
CPDP 2011 Conference Multidisciplinary Privacy Award
The award, to be presented at the annual Computers, Data Protection and
Privacy (CPDP) Conference held in Brussels at the end of January 2012, will
be given to the authors of the best multidisciplinary paper that describes
new ideas in privacy and data protection. Eligible papers need to have been
published or accepted for publication between 1 November 2010 and 31 October
2011.
Deadline: 10 November 2011
http://www.cpdpconferences.org/privacyaward.html
============================================================
10. Recommended Reading
============================================================
EPO, European Commission Renew Commitment To Unitary Patent (6.10.2011)
http://www.ip-watch.org/weblog/2011/10/06/epo-european-commission-renew-com…
============================================================
11. Agenda
============================================================
20-21 October 2011, Warsaw, Poland
Open Government Data Camp
http://opengovernmentdata.org/camp2011/
25-28 October 2011, Berlin, Germany
1st Berlin Symposium on Internet and Society: Exploring the Digital Future
http://berlinsymposium.org/
27-29 October 2011, Barcelona, Spain
Oxcars and FreeCultureForum 2011
Networks for a R-evolution
http://www.2011.fcforum.net/en
31 October 2011, Mexico City, Mexico
2011 The Public Voice Civil Society Meeting
http://thepublicvoice.org/events/mexicocity11/
2-3 November 2011, Mexico City, Mexico
33rd International Conference of Data Protection and Privacy Commissioners
Privacy: The Global Age
http://www.privacyconference2011.org/index.php?lang=Eng
8-9 November 2011, Brussels, Belgium
Hack4Transparency
http://www.euhackathon.eu/
9 November 2011, Bucharest, Romania
Inet Conference: Access, Trust and Freedom: Coordinates for future Internet
http://www.isoc.org/isoc/conferences/inet/11/bucharest-agenda.shtml
11-13 November 2011, Munich, Germany
FIfF annual congress: Dialectics in Information Security:
Colliding Interests of Anonymity, Integrity and Confidentiality
http://fiff.de/2011
11-13 November 2011, Gothenburg, Sweden
FSCONS is the Nordic countries' largest gathering for free culture, free
software and a free society.
http://fscons.org/
24-25 November 2011, Vienna, Austria
"Our Internet - Our Rights, Our Freedoms"
Towards the Council of Europe Strategy on Internet Governance 2012 - 2015
http://www.coe.int/t/informationsociety/conf2011/
25-27 January 2012, Brussels, Belgium
Computers, Privacy and Data Protection 2012
http://www.cpdpconferences.org/
============================================================
12. About
============================================================
EDRi-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRi has 28 members based or with offices in 18 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge and
awareness through the EDRi-grams.
All contributions, suggestions for content, corrections or agenda-tips are
most welcome. Errors are corrected as soon as possible and are visible on
the EDRi website.
This EDRi-gram has been published with financial support from the EU's
Fundamental Rights and Citizenship Programme.
Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 3.0 License. See the full text at
http://creativecommons.org/licenses/by/3.0/
Newsletter editor: Bogdan Manolea <edrigram(a)edri.org>
Information about EDRI and its members:
http://www.edri.org/
European Digital Rights needs your help in upholding digital rights in the
EU. If you wish to help us promote digital rights, please consider making a
private donation.
http://www.edri.org/about/sponsoring
http://flattr.com/thing/417077/edri-on-Flattr
- EDRI-gram subscription information
subscribe by e-mail
To: edri-news-request(a)edri.org
Subject: subscribe
You will receive an automated e-mail asking to confirm your request.
Unsubscribe by e-mail
To: edri-news-request(a)edri.org
Subject: unsubscribe
- EDRI-gram in Macedonian
EDRI-gram is also available partly in Macedonian, with delay. Translations
are provided by Metamorphosis
http://www.metamorphosis.org.mk/edri/2.html
- EDRI-gram in German
EDRI-gram is also available in German, with delay. Translations are provided
Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for
Internet Users
http://www.unwatched.org/
- Newsletter archive
Back issues are available at:
http://www.edri.org/edrigram
- Help
Please ask <edrigram(a)edri.org> if you have any problems with subscribing or
unsubscribing
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
On Tue, Nov 29, 2005 at 12:22:45PM +0000, Jimmy Wales wrote:
> Geoffrey Goodell wrote:
> > I do not have other cards, and my card works everywhere else. A little
> > online investigation suggests that Paypal outsources its card
> > verification process to an overzealous company called CyberSource, and
> > there are many false positives.
>
> Why do you call them overzealous? If they are actually overzealous then
> they will lose money for their customers (on average) and ultimately
> lose business. But I rather suspect that they are making money for
> their customers (on average).
>
> My point, which ought not to be surprising given what I usually say, is
> that we should not be too complacent that people who are blocking Tor
> are just being overzealous or stupid or anti-privacy. It can make
> sense, and part of our job is to figure out how to help it not make sense.
First, Tor is an experimental overlay network, and it has been (rightly)
designed to be easy to flag and block. While it is certainly possible
that CyberSource is rejecting my card because I am connecting from an IP
address that is known to host a Tor node, I do not believe this to be
the case. Having read the various articles and documents from my
previous post, I am inclined to believe that CyberSource simply noticed
that my card had a billing address in Cambridge, Massachusetts, USA,
while my source IP address corresponded to an ISP that was located
nowhere near Cambridge, Massachusetts, USA, and based upon these
observations, CyberSource concluded that I am most likely a fraud.
Use of location information may indeed serve as a moderately effective
technique in stopping the more irresolute cyberfrauds who do not bother
using the very same geolocation techniques to choose a source IP address
whose corresponding geographic location is close to the billing address
of the card. On the surface such an approach appears to be a rather
obvious and harmless step for those of us interested in cracking down on
fradulent activity. Sure, this is an arms race, but sometimes
participating in an arms race is the best option we have, right? In
this case I am not so sure.
I call the use of location information "overzealous" because it tramples
the end-to-end principles upon which the Internet was built. There is a
very real sense in which use of location information permanently tethers
us to an infrastructure in which access to Internet resources is a
function of how we are connected rather than how we have identified
using end-to-end methods, and this poses a challenge to maintaining the
global consistency of the Internet that we have come to expect.
Suddenly "Internet access" means something radically different when
offered in Russia rather than Germany or when offered in Brazil rather
than the US. Inevitably, this technical reality opens the door for
hackish VPN-style solutions to make people appear to be somewhere else
in order to get the Internet access they really want, and such solutions
are expensive both in terms of setup cost and performance. Do we really
want to promote this future, especially when it hurts legitimate users
more than it hurts true frauds in the long run? I think that we do not,
and I see the use of location information in infrastructure services as
one of the greatest challenges to maintaining Internet consistency over
the next decade.
Geoff
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
1
0
>From the New York Times --
Op-Ed Contributor
Caught Up in DNA's Growing Web
by Harlan Levy
<http://www.nytimes.com/2006/03/17/opinion/17levy.html?ex=1300251600&en=f87e0
2b26e708399&ei=5090&partner=rssuserland&emc=rss>
THE announcement this week that DNA from a paroled violent felon
working as a bouncer matches that found on plastic ties used to bind
a murdered graduate student highlights DNA's power to implicate
people already in state databases.
Fifteen years ago, as a Manhattan homicide prosecutor, I was an
aggressive proponent of taking DNA from convicted murderers, rapists
and other violent felons so we could catch them when they committed
crimes again. I even quit my day job to write a book likening the
identification of criminals through DNA to the voice of God speaking
on earth.
I still firmly believe in the power of DNA to catch the guilty and
exonerate the innocent. This week's developments seem likely to
vindicate that faith again. But for all this technology's promise,
proposals by some to extend DNA databanks far beyond convicted
felons, and even to the general population, go too far.
In the early 1990's, state legislatures did what many early
proponents of DNA urged: they passed laws to take DNA from those
convicted of murder, rape and other violent felonies. Then they
enacted laws to take DNA from most convicted felons. Misdemeanor sex
crimes were next, a logical, intelligent measure.
But the proposed next steps in DNA collection were more problematic.
In 1998, New York City's police commissioner, Howard Safir, proposed
that DNA be taken from all arrestees. And Gov. George Pataki has
sought to take DNA from people convicted of any misdemeanor, without
proof that such offenders are more likely than the general population
to commit violent felonies or sex crimes (the kinds of offenses where
DNA evidence is most useful).
And the buzz today among prosecutors, judges and defense lawyers is
that proposals to take DNA from the entire population are next.
What, if anything, is wrong with this picture? DNA databanks do help
apprehend dangerous criminals (and thereby prevent crime). But most
people aren't violent criminals and never will be, so putting their
DNA on file exposes them to risks that they otherwise wouldn't face.
First, the people who collect and analyze DNA can make mistakes
(witness the Houston Police Department Laboratory, whose slapdash DNA
procedures led to at least one wrongful conviction). Second, people
can be framed by the police, a rival or an angry spouse. Third, DNA
is all about context; there may be innocent reasons for a person's
DNA to be at a crime scene, but the police are not always so
understanding.
Indeed, with a universal national DNA databank, innocent people may
be embroiled in criminal investigations when their DNA (a single hair
or spot of saliva on a drinking glass) appears in a public or private
place where they had every right to be.
Even if we get past those objections (do you trust the government
with your DNA on file?), the practical barriers to universal
collection loom larger still. In a nation with no institutionalized
national identification cards, photo files or fingerprinting, just
imagine requiring all citizens and residents to report to the local
registry for DNA collection.
So the advocates of universal testing will urge the collection of DNA
at birth. Aside from the atmospherics of registering newborns (don't
you know that children are our future ... criminals), rapid
technological advances suggest that we will not be using the same
methods to analyze and store DNA results 20 years from now, when
those grown babies begin committing crimes.
[snip]
Weblog at: <http://weblog.warpspeed.com>
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
1
0
============================================================
EDRi-gram
biweekly newsletter about digital civil rights in Europe
Number 9.20, 19 October 2011
============================================================
Contents
============================================================
1. European action week on airline passenger surveillance
2. The latest developments on ACTA in the European Parliament
3. German police accused of using a Trojan backdoor for interceptions
4. Berlusconi's wiretapping law threatens online publishers
5. Phorm gets back on the European stage
6. EDPS's Opinion on net neutrality & privacy
7. European Parliament legal service confirms: ACTA may or may not be legal
8. ENDitorial: Belgian music industry acts to undermine copyright law
9. Recommended Action
10. Recommended Reading
11. Agenda
12. About
============================================================
1. European action week on airline passenger surveillance
============================================================
Credit card details, hotel bookings, IP addresses, mobile phone numbers, and
travel details: all this information is currently being transferred to law
enforcement agencies in third countries. The storage and automatic
processing of our data is supposed to enable law enforcement agencies to
identify "unknown" suspects and to profile citizens as possible terrorists
or people-traffickers.
On 17 October 2011, EDRi and nopnr.org organised a public workshop with a
keynote speech by U.S. travel expert and human rights advocate Mr Edward
Hasbrouck. The aim of the workshop was to discuss the international
agreements on the transfer, storage and processing of passenger name records
(PNR) with the USA, Canada and Australia and the plans for a European travel
surveillance system. The event launched a European action week on PNR
including activists' workshops in Berlin and Vienna, discussions in the
European Parliament and a meeting with Germany's Justice Minister Sabine
Leutheusser-Schnarrenberger.
The agreements from 2007 on the processing and transfer of airline passenger
data, which have since then been provisionally applied, are currently being
renegotiated by the EU. The agreement between the EU and Australia has
already been signed by the Council last month and will be put to a plenary
vote in the European Parliament on 27 October 2011. If the EP decides to
give its consent to this agreement next week - despite the fact that it does
not meet the minimum guarantees demanded by the EP in its previous
resolutions - it would then be in force for seven years.
The US-EU agreement, which aims to store the personal data of millions of
transatlantic air passengers for 15 years, is still being negotiated. At the
present time, the U.S. Department of Homeland Security (DHS) is not willing
to countenance any concessions regarding the retention period or safeguards.
However, air carriers are already transmitting travel data to the DHS each
time we are taking the plane to the U.S. The information submitted by
passengers when buying a ticket is freely available to any agencies in the
U.S., where there are no data protection laws.
In his speech at EDRi's offices (see slides below), Hasbrouck explained his
work in the U.S. which includes a legal case against the DHS to obtain
access to his own PNR data. He mainly criticised that the EU-U.S. agreement
is not a treaty and can therefore not be enforced in U.S. Courts. Hasbrouck
underlined that it does not recognize the fundamental right to freedom of
movement (ICCPR, Article 12) and criticised the fact that it does not
prohibit data mining or profiling. He also highlighted that the main reason
for the agreement was to legitimise the already existing access by the U.S.
to travel data. According to a DHS testimony to Congress, 5 Oct. 2011, an
agreement is crucial "to protect U.S. industry partners from unreasonable
lawsuits, as well as to reassure our allies, DHS has entered into these
negotiations."
In this context it is also worth noting that in May 2011, the DHS had
already nearly 400 employees operating at airports and sea ports within the
EU. This practice came to light after Mark Koumans, Deputy Assistant
Secretary for International Affairs of the DHS, made a statement on the
extensive range of cooperative activities between police forces in the EU
and the U.S. police.
In addition to the international agreements, the Commission made a proposal
for a European Passenger Name Record (PNR) Directive, earlier this year, to
place all travel in and out of the EU under surveillance. The Commission is
not excluding the possibility of collecting and using of passenger name
record data for rail transport in the future. This proposal is supported by
the UK who is in favour of a PNR system for passengers travelling by sea.
However, a leaked note by the Commission's own legal service in June this
year questioned the necessity of a period of more than two years in the
EU-PNR proposal. More worrying is European Union's own PNR system which
intends to establish a new surveillance authority in each Member State
(Passenger Information Unit), whose main purpose would be profiling of
citizens based on their travel habits.
Last year, the European Data Protection Supervisor (EDPS) also harshly
criticized the proposal for a EU-PNR system: "The EDPS considers that the
bulk transfer of data about innocent people for risk assessment purposes
raises serious proportionality issues. (...) The EDPS questions in
particular the proactive use of PNR data. While 're-active' use of data does
not raise major concerns, as far as it is part of an investigation of a
crime already committed, real time and proactive use lead to a more critical
assessment."
EDRi has serious concerns that storage and processing of travel data without
given suspicion infringes the European fundamental right to data protection
(Art. 8 Charter of Fundamental Rights) and argues that fundamental rights
and freedoms in the context of 'transatlantic cooperation' are not taken
into consideration. In a recent position paper sent to all relevant MEPs for
their vote on the EU-Australia agreement, EDRi highlighted that the minimum
standards requested by the European Parliament in two resolutions have not
been met by the Commission.
EDRi position paper on the EU-Australian agreement (27.09.2011)
http://www.edri.org/files/2011PNR/27092011EDRi_AustraliaPNR.pdf
Hasbrouck's slides from EDRi-noPNR workshop (17.10.2011)
http://hasbrouck.org/IDP/PNR-Hasbrouck-OCT2011.pdf
NoPNR.org campaign website
http://www.nopnr.org/
Hasbrouck's action week in Europe (12.10.2011)
http://hasbrouck.org/blog/archives/001963.html
FAQ about PNR data
http://wiki.vorratsdatenspeicherung.de/images/USA-EU_PNR-FAQ.pdf
Opinion of the European Data Protection Supervisor (EDPS) on the EU-PNR
proposal (18.10.2010)
http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consu…
Commission on the possibility to use PNR for rail transport (4.03.2011)
http://www.europarl.europa.eu/sides/getAllAnswers.do?reference=P-2011-00122…
(Contribution by Kirsten Fiedler - EDRi)
============================================================
2. The latest developments on ACTA in the European Parliament
============================================================
After long, opaque and undemocratic negotiations, the Anti-Counterfeiting
Agreement (ACTA) is making its first steps into the European Parliament.
The long process of the ratification of ACTA, which will need to overcome
the hurdles created by votes in all 27 EU national parliaments as well as in
the European Parliament, has now started.
The first step in the process at a European level, after a rubber-stamping
of the text by the Council, is that each of the European Parliament
Committees that considers it has an important perspective to add to
the process will nominate itself to provide an "opinion" on the text.
Currently, two committees - Legal Affairs and Civil Liberties, Justice and
Home Affairs have decided to give opinions. In the Legal Affairs Committee
(JURI), Marielle Gallo (EPP) is in charge of the dossier. On 17 October, the
Civil liberties, Justice and Home Affairs Committee (LIBE) decided
to produce an opinion, but it has not yet been decided which MEP will be in
charge.
The committee that will produce the final report to be approved by the whole
parliament (theoretically taking due account of the "opinions" of the other
committees) is the International Trade Committee (INTA), with Kader Arif
(S&D Group, France) as Rapporteur.
Having fought hard throughout its entire history for the right to have equal
decision-making power on dossiers such as this one, the Parliament now
appears almost afraid to take an independent, democratic decision. MEPs
appear worried that rejecting the decision might look childish or, more
bizarrely, rude, after all of the work that has been put into the Agreement
up until now.
Every European policy maker needs to be encouraged to consider the
implications of ACTA. For this reason, EDRi, Access and the Trans-Atlantic
Consumer Dialogue (TACD) worked together to produce a booklet, which
provides an insight into the controversial and unacceptable parts of the
proposal.
The booklet outlines the lack of credibility, the threat to freedom of
expression and access to culture; the dangers threatening privacy, and the
chilling effect on innovation and the hindrance to trade that will be
created if ACTA is adopted. All members of the European Parliament received
the booklet last week.
A translation of the booklet is available in German, Polish and Czech. Other
languages (such as Romanian and French) will be added in due course and will
be included on the web version of this article and announced via Twitter.
EDRi Booklet on ACTA
http://www.edri.org/files/acta-bklt-p2s.pdf
Czech version
http://www.slidilove.cz/sites/default/files/acta-argumenty_cz.pdf
German version
http://www.edri.org/files/acta-edri-broschuere.pdf
Polish version
http://www.edri.org/files/ACTA_booklet_PL.pdf
EDRi-gram: ENDitorial: Countries start signing ACTA, preparatory docs still
secret (5.10.2011)
http://www.edri.org/edrigram/number9.19/acta-documents-secret
(Contribution by Marie Humeau - EDRi)
============================================================
3. German police accused of using a Trojan backdoor for interceptions
============================================================
According to EDRi-member Chaos Computer Club (CCC), the German
government has been using a backdoor Trojan, a spyware that can retrieve
private data, and also offers a remote control for uploading and executing
other arbitrary programs.
CCC has reverse engineered and analysed the respective programme and has
concluded that the Trojan can receive uploads of arbitrary programs from the
Internet and execute them remotely and that the activation of the computer's
hardware, like the microphone or the camera, can be used for surveillance.
Moreover, with the help of an additional module, it can be used to remotely
control infected PCs over the Internet, watching screenshots of the web
browser on the infected PC, including private notices, emails or texts in
web based cloud services. On its website, CCC group includes a screen shot
to show the Trojan in action.
The use of spying software violates the country's constitutional law as
it contains functions beyond the interception of Internet-based
communication. In 2008, Germany's Federal Constitutional Court ruled that
the secret infiltration of information technology systems was a grave
infringement of civil rights and could only be justified in some criminal
investigations, and so established strict legal limitations for such cases.
The CCC analysis reveals this is a case of "Bundestrojaner" (federal
Trojan), the colloquial German term for a government malware concept
concealed as "Quellen-TK\" (meaning "source wiretapping" or lawful
interception of the source). But, according to the constitutional court,
Quellen-TK\ can only be used for wiretapping Internet telephony and has to
be enforced through technical and legal means.
The analysis concludes that not only were no technical safeguards introduced
by the Trojan's developers to provide the use of the malware exclusively
for wiretapping Internet telephony, but its design includes
functionality to clandestinely add more components over the network from the
start, creating a bridge-head to further infiltrate the computer.
"This refutes the claim that an effective separation of just wiretapping
internet telephony and a full-blown trojan is possible in practice - or even
desired. Our analysis revealed once again that law enforcement agencies will
overstep their authority if not watched carefully. In this case functions
clearly intended for breaking the law were implemented in this malware: they
were meant for uploading and executing arbitrary code on the targeted
system," stated a CCC speaker.
Markus Beyer, spokesperson for the Federal Interior Ministry said at a press
conference on 8 October 2011 that the software was "freely available" and
three years old, without however stating whether the software had been
designed by or for the government.
Chief government spokesperson Steffen Seibert stated at the same press
conference that the German government was taking allegations about illegal
surveillance software used by investigative authorities "very seriously" and
would examine the claims made by CCC.
"It would be a very grave incident and clearly against the law should the
allegation be accurate," said Wolfgang Bosbach, chairman of the German
Parliament's Internal Affairs Committee to Deutschlandfunk radio and, on 7
October 2011, the Free Democratic Party asked for an investigation and a ban
on the use of the software until the allegations were cleared.
German government accused of spying on citizens with state-sponsored Trojan
(8.10.2011)
http://www.zdnet.com/blog/bott/german-government-accused-of-spying-on-citiz…
Analysis of Government malware (only in German, 8.10.2011)
http://www.ccc.de/system/uploads/76/original/staatstrojaner-report23.pdf
Chaos Computer Club analyzes government malware (8.10.2011)
http://ccc.de/en/updates/2011/staatstrojaner
Possible Governmental Backdoor Found ("Case R2D2") (8.10.2011)
http://www.f-secure.com/weblog/archives/00002249.html
German Malware May Put PC's Camera at Risk (10.10.2011)
http://www.bloomberg.com/news/2011-10-10/german-trojan-spyware-may-violate-…
============================================================
4. Berlusconi's wiretapping law threatens online publishers
============================================================
The Italian Parliament has resumed discussions on the very criticised
governmental bill that would limit the publication of wiretaps in the news
media, forcing at the same time websites to automatically publish
corrections at request. But on 12 October 2011 the decision on the final
text was postponed, after the paragraph 29 was amended so it will not apply
to any blog.
The draft bill was approved by the Senate in June 2011 but has been put
aside due to strong criticism from civil society. However, Prime Minister
Silvio Berlusconi, who would directly benefit from the law, has succeeded in
inserting the draft bill on the agenda of the Chamber of Deputies a few
days after it was approved by a legislative committee on 5 October, with
very minor changes.
"The latest amendments make no difference," Reporters Without Borders said
adding: "Restricting the publication of tapped phone conversations in the
media to this degree would gravely impede investigative journalism. It has
all the hallmarks of a crude and dishonest device for gagging the media. It
also has a distinctly political dimension. The government is trying to cover
up the prime minister's sex scandals, many of which have been exposed by the
publication of phone transcripts."
The bill says that the media can publish a transcript from a telephone
tap only if judges or lawyers consider it is not "essential for proving the
guilt or innocence" of the person under investigation. The publication of
any "inappropriate" phone tap material would be punishable by 6 months to 3
years in prison or a fine of 10 000 euro for a reporter and of up to 300 000
euro for an editor.
Many journalists and bloggers demonstrated against the bill on 5 October in
Rome. During three days, between 5 and 7 October, Wikipedia blocked access
to all entries in its Italian-language version in protest against the bill
"The obligation to publish on our site corrections required by the law,
without even the right to discuss and verify the claim, is an unacceptable
restriction of the freedom and independence of Wikipedia."
"Wikipedia Italy is on strike against an idiotic proposed law," said Jimmy
Wales, co-founder of Wikipedia, who considers that as Italy already has very
good laws against defamation, the proposed bill "overreaches
dramatically. I have never heard of any law like it anywhere else in the
world."
Now, the entire draft law has been apparently postponed until November.
Draft Italian bill on wiretapping (only in Italian, 6.10.2011)
http://www.senato.it/leg/16/BGT/Schede/Ddliter/35538.htm
Investigative reporters and websites again threatened by proposed "gag law"
(7.10.2011)
http://en.rsf.org/investigative-reporters-and-07-10-2011,41145.html
Blackout in Italy: "The first time Wikipedia worldwide has done anything of
this kind" (6.10.2011)
http://www.niemanlab.org/2011/10/blackout-in-italy-the-first-time-wikipedia…
A Summit on wiretapping, Berlusconi wants to reopen the game (only in
Italian, 13.10.2011)
http://www.repubblica.it/politica/2011/10/13/news/ddl_intercettazioni-23137…
Wiretapping bill in November: a standard against websites and blogs today?
(only in Italian, 14.10.2011)
http://www.webmasterpoint.org/news/ddl-intercettazioni-a-novembre-norma-con…
Wiretapping bill in November, a brief limitation (only in Italian,
14.10.2011)
http://www.ilsole24ore.com/art/notizie/2011-10-14/intercettazioni-novembre-…
============================================================
5. Phorm gets back on the European stage
============================================================
After its implementation in UK failed, Phorm wants a fresh start by
placing its foot in the European market through a partnership deal with
Romtelecom in Romania.
With no public debate before the launch at the end of September, Romtelecom
has presented a new service called MyClicknet, which basically
implements the Phorm behavioural advertising solution with an opt-in
approach.
In practice, that means that almost all traffic (browsing and searches) on
port 80 from Internet users that opt-in for such a system will be scanned in
order to create a profile that can be sold to interested advertising
companies. Romtelecom insists that no personal data is recorded or kept and
the user is identified in the ad network based on an anonymous string of
characters.
Romtelecom also claims that the system will not scan any type of "delicate
subjects", such as content related to smoking, pornography, alcohol, drugs,
health issues or related to children under 14 years old. This would mean in
practice that they will be actively using Deep Packet Inspection (DPI) in
order to see if the content fits in one accepted category or not.
Complaints against the system arose when Internet users saw their
traffic redirecting to the Romtelecom opt-in page for its new service
or, after joining the service, saw that traffic was being redirected to
oix.net (the Phorm service).
Romtelecom's reply was that the service is 100% anonymous and free and you
need to opt-in (by clicking "Continue" on their redirect page) to get
access to the service. Also, they say the system was checked with the
Romanian DPA (Data Protection Authority) and they have implemented all the
suggestions of the DPA.
However, if the data protection law is fuzzy enough to be interpreted in
such a way a similar service might be accepted by the DPA, the Romanian
eprivacy law (no. 506/2004) is very clear regarding the obligation of
confidentiality of the electronic communication providers. Article 4 states
that the confidentiality of communications is guaranteed and any form of
tapping or surveillance of the communication can be made only with the
"prior written consent" of the users that are taking part in such
communication. And if we think of the users of an Internet communication,
there should be both the subscriber and the website.
After receiving several complaints, the Romanian DPA announced that it will
launch an investigation to see how personal data are protected in the
MyClicknet service, but only after 28 October 2011. In the meantime, all its
public relations are being temporarily suspended, because they need to move
to a new location.
Romanian re-Phorm-ation? (30.09.2011)
http://symbioticweb.blogspot.com/2011/09/romanian-re-phorm-ation.html
Romtelecom and their illeagal practices - Myclicknet traffic being
intercepeted and analsed (only in Romanian, 6.10.2011)
http://forum.softpedia.com/index.php?showtopic=810348&st=0
Clicknet from Romtelecom - adverstising, redirecting, spam (only in
Romanian, 4.10.2011)
http://m1ha1.blogspot.com/2011/10/clicknet-de-la-romtelecom-reclame.html
MyClicknet - the wiretapping service of Romtelecom (only in Romanian,
17.10.2011)
http://legi-internet.ro/blogs/index.php/2011/10/17/myclicknet-serviciul-de-…
EDRi-gram: Phorm given up by UK ISPs (15.07.2009)
http://www.edri.org/edri-gram/number7.14/phorm-out-uk
============================================================
6. EDPS's Opinion on net neutrality & privacy
============================================================
Peter Hustinx, the European Data Protection Supervisor (EDPS) adopted an
opinion on 7 October 2011 on the European Commission Communication on the
open internet and net neutrality in Europe, stressing the necessity of
respecting the fundamental right to privacy and data protection of users, in
particular in terms of confidentiality of communications.
The Opinion addresses a very controversial subject and comes in the light of
the Communication adopted by the Commission on 19 April 2011 and the
Commission's public consultation preceding the Communication. It also takes
into consideration the draft Council conclusions on net neutrality.
Net neutrality refers to whether Internet service providers (ISPs) should be
allowed to monitor network traffic, filter or restrict Internet access of
their users. The idea is that "information on the Internet should be
transmitted impartially, without regard to content, destination or source,
and that users should be able to decide what applications, services and
hardware they want to use. This means that ISPs cannot, at their own choice,
prioritise or slow down access to certain applications or services such as
Peer to Peer ('P2P'), etc."
The EDPS draws attention to such practices on certain
inspection techniques used by ISPs that may be highly intrusive, involving
the monitoring of content of communications, websites visited, emails sent
and received, the time when this takes place, enabling filtering of
communications. In Hustinx's opinion, monitoring of the ISPs' compliance
with data protection rules should be closely monitored.
The confidentiality of communications is a fundamental right protected by
the European Convention for the Protection of Human Rights and Fundamental
Freedoms, the Charter of Fundamental Rights of the European Union as well as
the EU ePrivacy Directive.
Hustinx believes there is a tendency of increased monitoring and inspection
techniques from ISPs which raises serious issues regarding the
protection of users' privacy and personal data and therefore, more has to be
done to devise and implementsatisfactory policies on the matter.
He therefore calls on the Commission to initiate a debate involving all
relevant stakeholders, for the clarification of the data protection legal
framework applying in this case.
In his Opinion, the EDPS has made some recommendations which include: the
determination of legitimate inspection practices needed to ensure the smooth
flow of traffic or carried out for security purposes; the determination of
the cases when monitoring requires the users' consent (such as filtering
aimed to limit access to certain applications and services, such as peer to
peer); and, in such cases, the necessity of guidance regarding the
application of the necessary data protection safeguards (purpose limitation,
security etc).
Hustinx also believes national authorities and BEREC should monitor the
market situation. "This monitoring should result in a clear picture
describing whether the market is evolving towards massive, real-time
inspection of communications and issues related to complying with the legal
framework." "Further analysis of the effects of new practices in relation to
data protection and privacy on the Internet", is also necessary.
Based on such analyses, additional legislative measures might be necessary
in which case "the Commission should put forward policy measures aimed at
strengthening data protection rules and ensuring legal certainty. New
measures should clarify the practical consequences of the net neutrality
principle and guarantee users the possibility."
Opinion of the European Data Protection Supervisor on net neutrality,
traffic management and the protection of privacy and personal data
(7.10.2011)
http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consu…
Press Release "A serious policy debate on net neutrality must effectively
address users' confidentiality of communication" (7.10.2011)
http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/EDPS/…
Busting net neutrality may amount to spying, says EU (13.10.2011)
http://www.theregister.co.uk/2011/10/13/isps_traffic_managemnet_may_breach_…
EDRi-gram: EDRi's answer to net neutrality consultation (6.10.2010)
http://www.edri.org/edrigram/number8.19/edri-net-neutrality-position
EDRi-gram: Draft Council conclusions on Net Neutrality (27.07.2011)
http://www.edri.org/edrigram/number9.15/net-neutrality-council-conclusions
============================================================
7. European Parliament legal service confirms: ACTA may or may not be legal
============================================================
Several weeks ago, the International Trade Committee of the European
Parliament asked for an opinion from the Parliament's internal legal service
regarding ACTA's legality and whether or not documents must be made public.
At the end of last week, the confidential response from the Legal Service
was delivered. The result is that the lawyers believe that ACTA may indeed
be, or possibly may not be, legal and in line with the existing legal
framework of the European Union.
In response to the question about whether ACTA is in line with existing EU
legal provisions, the Legal Service explains that the text is open to
interpretation but, on the face of it, the agreement appears to be in
line with current EU law. Of course, if the interpretations of the other
negotiating parties are different from those which the Legal Service has
guessed at, then ACTA may, indeed, not be legal after all.
Asked whether the preparatory documents of the Agreement must legally be
published, the Legal Service is very precise: there is no obligation under
international law to publish preparatory documents. They accept that
preparatory documents may be used to interpret unclear agreements and that
parts of ACTA are unclear. However, they helpfully point out that, as long
as the documents are not made public by any of the negotiating partners,
they cannot be used to assign meaning to the unclear sections of the text.
The Legal Service chooses not to address the wisdom of adopting an
international agreement, the meaning of which is likely to change if any of
the negotiating partners subsequently chooses to publish documents in order
to "prove" that its interpretation of the text is the correct one.
The only minor point of concern in this context is that the European
Parliament has already published the leaked text of the digital chapter
(which refers to private companies unilaterally cutting citizens' Internet
access) on its own website. This minor point means that the European
Parliament has already shown that ACTA (by promoting lawless sanctions by
private companies against citizens and their right to freedom of expression
and due process) is in clear and unequivocal breach of the Treaty on
European Union, which requires the Union to support democracy and the rule
of law in its international relations.
In the meantime, the Commission has provided a rather unexpected answer to a
priority written question on the meaning of the previously unheard-of
"fundamental principle" of "fair process" that is referred to in ACTA. The
Commission does not seek to argue that the "fundamental principle" is a
fundamental principle at all. Instead, it simply explains that the meaning
of the term "fair process" can be found in the Agreement on Trade-Related
Aspects of Intellectual Property Rights (TRIPS) of the World Intellectual
Property Association which... contains no reference whatsoever to "fair
process".
The Commission expresses the hope and assumption that this is what the other
ACTA negotiating partners also understood. In short, the "fundamental
principle" is not a "fundamental principle" and its meaning is, at best, an
educated guess on the part of the Commission.
Parliamentary question
http://www.europarl.europa.eu/sides/getDoc.do?type=WQ&reference=P-2011-0084…
Parliament's leak of ACTA digital chapter
http://www.europarl.europa.eu/meetdocs/2009_2014/documents/d-us/dv/suppleme…
Backup of Parliament's leak
http://www.edri.org/files/acta_disconnection.pdf (see footnote 6)
FFII requests European Parliament's Legal Services' opinion on ACTA
(15.10.2011)
http://acta.ffii.org/?p=833
(contribution by Joe McNamee - EDRi)
============================================================
8. ENDitorial: Belgian music industry acts to undermine copyright law
============================================================
We have all heard the music industry make claims about the vast amount of
"piracy" going on, such as the estimation that from 2008 to 2015, the music
industry was going to lose an amount equivalent to the combined national
debt of Greece and Italy. The ever-impartial European Commission has been
similarly apocalyptic in its analysis of the situation - describing illegal
filesharing as "ubiquitous" in its report on application of the IPR
Enforcement Directive. The question is, under such circumstances where any
law has lost its legitimacy to such an extent that breaches are
"ubiquitous," when losses are allegedly more than what entire countries
produce in a whole year, what is the one thing that must be avoided at all
costs? One must avoid robbing the law of any residual credibility that it
still has.
After being caught by a TV station trying to obtain royalties for the music
apparently produced by noodles, sauces, foodmixers and hygiene products,
Sabam, the Belgian collecting society, decided to put the blame where it
clearly belongs - the Internet. Despite the fact that it is well known that
DNS blocking does not work, despite the fact that The Pirate Bay reported an
increase in traffic from Denmark when DNS blocking was proposed there, Sabam
decided to waste the Belgian courts' time and Belgian taxpayers' money with
a demand that thepiratebay.org and a number of related domains be blocked by
the two largest Internet access providers in Belgium. The request was
granted by the Court in Antwerp.
A few hours after the court, in full awareness of the futility of the order,
made this decision, Belgian "pirates" created depiraatbaai.be in order to
circumvent the blocking order. The new domain name allows users to reach The
Pirate Bay via an indirect and unblocked route. Unsurprisingly, the
ridiculous ease with which the ruling was exposed as nonsense attracted a
huge amount of publicity - serving both to make the law and law-makers look
absurd and maximise awareness of opportunities for unauthorised access to
copyrighted material online.
Legitimacy of laws cannot ever be imposed by repressive measures. Legitimacy
most certainly cannot be imposed by repressive measures which are comically
ineffective. As long as the Internet retains the characteristics which are
the basis of its success - openness and resilience - content cannot be
definitively blocked. It is time to abandon measures that place creators and
users in opposition to each other, time to abandon policies that serve only
to illustrate the lack of understanding of the Internet by certain parts of
industry and politicians and time to build a legal framework that earns
respect and facilitates creation.
IFPI losses 2008-2015 (20.01.2011)
http://www.guardian.co.uk/technology/pda/2011/jan/20/ifpi-report-music-pira…
National debts (7.04.2011)
http://www.economicshelp.org/blog/774/economics/list-of-national-debt-by-co…
European Commission IPRED implementation report (22.12.2010)
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2010:0779:FIN:EN:…
SABAM's questionable royalty claims (09.02.2011)
http://www.techdirt.com/articles/20110209/04101413022/belgian-collection-so…
Sabam Video
http://www.youtube.com/watch?v=HZAsa9QmQO8
(contribution by Joe McNamee - EDRi)
============================================================
9. Recommended Action
============================================================
EDRi is Flattrable starting with this week!
http://flattr.com/thing/417077/edri-on-Flattr
CPDP 2011 Conference Multidisciplinary Privacy Award
The award, to be presented at the annual Computers, Data Protection and
Privacy (CPDP) Conference held in Brussels at the end of January 2012, will
be given to the authors of the best multidisciplinary paper that describes
new ideas in privacy and data protection. Eligible papers need to have been
published or accepted for publication between 1 November 2010 and 31 October
2011.
Deadline: 10 November 2011
http://www.cpdpconferences.org/privacyaward.html
============================================================
10. Recommended Reading
============================================================
EPO, European Commission Renew Commitment To Unitary Patent (6.10.2011)
http://www.ip-watch.org/weblog/2011/10/06/epo-european-commission-renew-com…
============================================================
11. Agenda
============================================================
20-21 October 2011, Warsaw, Poland
Open Government Data Camp
http://opengovernmentdata.org/camp2011/
25-28 October 2011, Berlin, Germany
1st Berlin Symposium on Internet and Society: Exploring the Digital Future
http://berlinsymposium.org/
27-29 October 2011, Barcelona, Spain
Oxcars and FreeCultureForum 2011
Networks for a R-evolution
http://www.2011.fcforum.net/en
31 October 2011, Mexico City, Mexico
2011 The Public Voice Civil Society Meeting
http://thepublicvoice.org/events/mexicocity11/
2-3 November 2011, Mexico City, Mexico
33rd International Conference of Data Protection and Privacy Commissioners
Privacy: The Global Age
http://www.privacyconference2011.org/index.php?lang=Eng
8-9 November 2011, Brussels, Belgium
Hack4Transparency
http://www.euhackathon.eu/
9 November 2011, Bucharest, Romania
Inet Conference: Access, Trust and Freedom: Coordinates for future Internet
http://www.isoc.org/isoc/conferences/inet/11/bucharest-agenda.shtml
11-13 November 2011, Munich, Germany
FIfF annual congress: Dialectics in Information Security:
Colliding Interests of Anonymity, Integrity and Confidentiality
http://fiff.de/2011
11-13 November 2011, Gothenburg, Sweden
FSCONS is the Nordic countries' largest gathering for free culture, free
software and a free society.
http://fscons.org/
24-25 November 2011, Vienna, Austria
"Our Internet - Our Rights, Our Freedoms"
Towards the Council of Europe Strategy on Internet Governance 2012 - 2015
http://www.coe.int/t/informationsociety/conf2011/
25-27 January 2012, Brussels, Belgium
Computers, Privacy and Data Protection 2012
http://www.cpdpconferences.org/
============================================================
12. About
============================================================
EDRi-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRi has 28 members based or with offices in 18 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge and
awareness through the EDRi-grams.
All contributions, suggestions for content, corrections or agenda-tips are
most welcome. Errors are corrected as soon as possible and are visible on
the EDRi website.
This EDRi-gram has been published with financial support from the EU's
Fundamental Rights and Citizenship Programme.
Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 3.0 License. See the full text at
http://creativecommons.org/licenses/by/3.0/
Newsletter editor: Bogdan Manolea <edrigram(a)edri.org>
Information about EDRI and its members:
http://www.edri.org/
European Digital Rights needs your help in upholding digital rights in the
EU. If you wish to help us promote digital rights, please consider making a
private donation.
http://www.edri.org/about/sponsoring
http://flattr.com/thing/417077/edri-on-Flattr
- EDRI-gram subscription information
subscribe by e-mail
To: edri-news-request(a)edri.org
Subject: subscribe
You will receive an automated e-mail asking to confirm your request.
Unsubscribe by e-mail
To: edri-news-request(a)edri.org
Subject: unsubscribe
- EDRI-gram in Macedonian
EDRI-gram is also available partly in Macedonian, with delay. Translations
are provided by Metamorphosis
http://www.metamorphosis.org.mk/edri/2.html
- EDRI-gram in German
EDRI-gram is also available in German, with delay. Translations are provided
Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for
Internet Users
http://www.unwatched.org/
- Newsletter archive
Back issues are available at:
http://www.edri.org/edrigram
- Help
Please ask <edrigram(a)edri.org> if you have any problems with subscribing or
unsubscribing
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
On Friday, April 12, 2013 9:57:55 PM UTC-7, Anu wrote:
>
>
>
>
> 2013/4/13 Lodewijk andri de la porte <l...(a)odewijk.nl <javascript:>>
>
>> Or a single person trading against himself a lot.
>>
>> The weak to strong hands is likely true though. But, weren't we already
>> screwed? I mean Bitcoin was never able to change the balance of wealth, the
>> rich buy Bitcoin and get rich in Bitcoin. So with Bitcoin we just remain
>> screwed.
>>
>>
>
No. You are wrong. The world has changed forever. Bitcoin was
a technological djinni like the nuke. Now that it has been loosed in the
world. All the kings horses and all the kings men cannot get bitcoin back
into the bottle again. But you are also right: the king is forced into the
game now so he is both vulnerable and dangerous.
>
>>
>> Indeed. It could have been different. I really tried hard for a different
> outcome. Gave presentations in Berlin at a number of African embassies, in
> Nigeria, in many other places. Wrote articles. Talked to the church even. I
> guess I spent a fortune to make this a different outcome. I did move
> things, but certainly not in the ways I intended. Quite the opposite. I
> made very few friends with the poor but I am now well connected with the
> rich & powerful. With billionaires, congressmen, MPs, PMs, ministers,
> embassadors, cardinals. Fuck. This is indeed the golden rule: Those with
> the gold make the rules.
>
Yeah. That Steve Jobs guy had lots of gold. Too bad he didn't make any
rules against cancer with all that gold. What's with this rant
anyway? Did you lose money? Did you get robbed while slumming in the
hood? I just don't understand how you could be upset that spending money
made you more wealthy friends than it did poor friends. My problem is the
exact opposite. I would be happy to be your poor friend if that's all you
want. Or is this perhaps you declaring your side in the class war or
something?
> What I have learned: There is a reason poor people are poor and rich
> people are rich. There is a reason poor nations are poor and rich nations
> are rich. Much of it has to do with people refusing to think, letting
> others do the thinking for them. It has to do with religion, collectivism
> and the belief in authority.
>
>
There are *lots* of reason why people are what they are. A lot of your
angst stems from thinking too *much*. About what was and what could be
rather than opening yourself up to the present moment in all its glory.
Lighten up. Enjoy your new found wealth.
>
> Frankly, I see very little hope. This whole thing will go the Malthusian
> way. Humanity itself is a huge bubble and it will pop.
>
> Una salus victis nullam sperare salutem. I for one, plan to rage against
the dying of the light. Are you giving up?
Stuart LaForge
--
You received this message because you are subscribed to the Google Groups "zs-business" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zs-business+unsubscribe(a)googlegroups.com.
To post to this group, send email to zs-business(a)googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msg/zs-business/-/Zbm7kNwdr74J.
For more options, visit https://groups.google.com/groups/opt_out.
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0