cypherpunks-legacy
Threads by month
- ----- 2025 -----
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1998 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1997 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1996 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1995 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1994 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1993 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1992 -----
- December
- November
- October
- September
July 2018
- 1371 participants
- 9656 discussions
============================================================
EDRi-gram
biweekly newsletter about digital civil rights in Europe
Number 9.22, 16 November 2011
============================================================
Contents
============================================================
1. EDRi letter: EC proposes reduced retention periods for retained data
2. US court allows access to world-wide Twitter accounts data
3. Online Distribution of Audiovisual Works: EDRi's answer to the EC
4. Unlocking education in the Netherlands
5. EDRi Responds to BEREC's Consultation on Net Neutrality and Transparency
6. 2011 Public Voice Civil Society Conference: "Privacy is Freedom"
7. 33rd International DPA Conference in Mexico City
8. Will the new flawed EU-US PNR agreement be approved by the EP?
9. ENDitorial: Copyright combinatronics
10. Recommended Action
11. Recommended Reading
12. Agenda
13. About
============================================================
1. EDRi letter: EC proposes reduced retention periods for retained data
============================================================
In September 2011, European Digital Rights and 37 other NGOs sent a
detailed letter to the European Commission with regard to the current stage
of the review of the Data retention Directive - the impact assessment. The
purpose of the letter was to provide early input to the Commission, in order
to give maximum opportunity to take our concerns into account.
The response from the Commission acknowledges the problems with the
Directive. Without being specific, Commissioner Malmstrvm responded that the
maximum retention periods needs to be reduced and also pointed out that the
text must be improved with regard to its clarity. She also recognised and
accepted the need for a followup of the methodology detailed in the
Fundamental Rights Checklist and that cost-reimbursement for Internet
providers is a way of minimising access to retained traffic data.
The Commissioner promises improvements to resolve two problems in the
Directive: - the length of the maximum retention periods and the lack of
clarity (and therefore predictability) of the Directive. However, the
recognition of these two problems implies an acceptance of doubts regarding
the compliance of the current Directive with the Charter of Fundamental
Rights and the European Convention on Human Rights. .
This raises an important question: - in such circumstances, how can it be
appropriate to recognise the questionable legality of the Directive, on the
one hand, and undertake legal proceedings against Germany, Romania and
Sweden for failing to implement the Directive, on the other?
Rather disappointingly, the Commissioner decided to answer a question which
was not asked, namely how difficult it would be to get major improvements
past the Council of Ministers. While the political obstacles to an adequate
resolution of the data retention Directive's problems are certainly massive,
the current College of Commissioners took an oath, as individual citizens,
to defend the Charter on Fundamental Rights. This oath was without
exceptions, to cover challenging political environments. However, the
subtext of the Commissioner's response to civil society is clear - without a
shift in the positions of Member States, the Commission does not feel able
to resolve the deep problems with data retention.
Nonetheless, the tone of the letter is very positive and the constructive
engagement of civil society is clearly welcomed. EDRi and the co-signatories
of the letter will continue to engage constructively with the Commission.
Joint letter on data retention (26.09.2011)
http://www.edri.org/files/dr_letter_260911.pdf
Commissioner Malmstrvm's response (dated 31.10.2011)
http://www.edri.org/files/malmstroem_letter31Oct2011.pdf
Fundamental rights checklist
http://ec.europa.eu/justice/news/intro/doc/com_2010_573_4_en.pdf
Oath to respect the EU Treaties and Charter:
http://europa.eu/rapid/pressReleasesAction.do?reference=IP/10/487
(Contribution by Joe McNamee - EDRi)
============================================================
2. US court allows access to world-wide Twitter accounts data
============================================================
A US judge decided on 10 November 2011 that Twitter had to release to the US
authorities data on the Twitter accounts of people involved in WikiLeaks
founder Julian Assange case investigated by the US Justice Department.
The Twitter accounts in question belong to Icelandic MP and former WikiLeaks
volunteer Birgitta Jsnsdsttir, Seattle-based WikiLeaks volunteer Jacob
Appelbaum and Dutch XS4ALL Internet provider co-founder Rop Gonggrijp.
The judge's ruling is a response to the appeal made by the three twitter
account holders, thus backing up the previous decision in March of another
judge.
Even more worrying is the fact that the investigated people have found out
about the US first court's decision only because Twitter notified the
subscribers that prosecutors had obtained a court order for their account
information. Furthermore, the judge blocked the users' attempt to discover
whether other Internet companies had been ordered to release their data to
the US government.
"With this decision, the court is telling all users of online tools hosted
in the U.S. that the U.S. government will have secret access to their data,"
said Jonsdottir who expressed her intention to take the case to the Council
of Europe.
The court order of the appeal was criticised by IPU (Inter-Parliamentary
Union, the international organization of Parliaments with MPs from 157
countries), which adopted a resolution condemning the move which, in their
opinion, threatens free speech and may be in violation of Article 19 of the
Universal Declaration of Human Rights which gives everyone the right to
freedom of opinion and expression.
In seeking the respective information, US authorities used the Stored
Communications Act to demand that Twitter provide the internet protocol
addresses of users as well as bank account details, user names, screen names
or other identities, mailing and other addresses.
In the judge' opinion, "the information sought was clearly material to
establishing key facts related to an ongoing investigation and would have
assisted a grand jury in conducting an inquiry into the particular matters
under investigation."
Also extremely worrying is that he also considered that the Twitter users
had implicitly given their agreement to give over their IP addresses the
moment they signed up for an account and relinquished an expectation of
privacy.
"Petitioners knew or should have known that their IP information was subject
to examination by Twitter, so they had a lessened expectation of privacy in
that information, particularly in light of their apparent consent to the
Twitter terms of service and privacy policy," wrote the judge in his
decision.
Basically, what this decision says is that US authorities can require
account information on any users of US-based online social networks,
irrespective of their location and citizenship. This brings forth very
serious concerns related to online privacy.
EFF Legal Director Cindy Cohn also expressed her concern that in a world
where Internet users place online more and more of their conversations,
experiences, pictures, locations and many other types of personal
information, the court's conclusion is that "records about you that are
collected by Internet services like Twitter, Facebook, Skype and Google are
fair game for warrantless searches by the government."
US court verdict 'huge blow' to privacy, says fomer WikiLeaks aide
(11.11.2011)
http://www.guardian.co.uk/world/2011/nov/11/us-verdict-privacy-wikileaks-tw…
Second judge gives DOJ access to WikiLeaks-related Twitter accounts
(10.11.2011)
http://news.cnet.com/8301-31921_3-57322538-281/second-judge-gives-doj-acces…
Privacy Loses in Twitter/Wikileaks Records Battle (10.11.2011)
https://www.eff.org/press/releases/privacy-loses-twitterwikileaks-records-b…
============================================================
3. Online Distribution of Audiovisual Works: EDRi's answer to the EC
============================================================
Adapting the European policy to the digital environment would offer the
audiovisual industry access to an even broader audience and would give
the consumer greater access to cultural works. It is the opportunity to
redefine a simple and harmonised framework. It is a chance to achieve a
digital single market.
What creates obstacles to achieving this goal? Which interests should be
taken into account? What should the EU policy-maker do to offer a
satisfactory environment to both rightsholders and consumers?
EU policy must be user-friendly, innovation-friendly and creation-friendly.
The current framework somehow fails to take into account all those aspects
and to find the right balance between the interests at stake.
One of the essential aspects is access to culture. The current divided
market, particularly on the copyright aspects, creates barriers that prevent
EU citizens to access, use and enjoy cultural content such as the
audiovisual works. Nowadays, consumers consider the current copyright law
system as illegitimate, which explains the level of infringements. The
current system not only is not consumer-unfriendly but it also has an
economic downturn, it indeed stifles the development of new technology. Its
overly strict application of copyright, indefensible and ineffective
repressive enforcement measures are counterproductive.
There are numerous ways to improve the actual eco-environment without
putting aside any interests: harmonising the actual framework, minimising
the complexity and waste generated by intermediaries, micro-payments,
enabling the development of legal platforms to access, share and stream
audiovisual content, cross-border licensing, pan-European offers.
The achievement a digital single market should not be undermined by efforts
to create more restrictions over the use of content, such as limiting
exceptions and limitations to copyright. Equal access to culture should also
be recognised for people with disabilities and the copyright exception
should be made mandatory for that purpose.
The digital environment offers new perspectives, new possibilities and new
opportunities for the industries and for citizens and those opportunities
must be embraced by the EU. The right balance between economic and social
goals, the interests of creators and consumers can be found without putting
the interests of one above the others. More repressive enforcement will risk
making the legal framework even more illegitimate. What the EU needs is a
clear, simple and harmonised framework.
EC Green Paper on the Online Distribution of Audiovisual Works:
http://ec.europa.eu/internal_market/consultations/docs/2011/audiovisual/gre…
EDRi's answer to the consultation (11.2011)
http://www.edri.org/files/2011EDRi_response_OnlineAudiovisual_Works.pdf
(Contribution by Marie Humeau - EDRi)
============================================================
4. Unlocking education in the Netherlands
============================================================
Dutch schools are progressively locking out students from online
environments due to the use of proprietary web-technology
(Silverlight) and closed standards. This contravenes with the 2007
Netherlands Open in Connection policy framework that mandates the use
of open standards for all public sector organizations, including
educational institutions. In responding to questions by the Parliament
about this situation, the minister of Education, Marja van
Bijsterveldt, stated she was unwilling to force educational
institutions to comply with the official open standards policy.
The Dutch open standards policy framework calls for a mandatory use of
open standards in all public sector organizations (via comply or
explain). The ministry of education should have begun taking steps to
implement it four years ago. However, open standards have not become
an integral part of educational IT-procurement and thus are not
considered when purchasing, renewing or upgrading (educational)
IT-services, software and digital learning materials. The negligent
attitude of the ministry of education resulted in an increasing
vendor-lock, effectively locking out substantial and growing numbers
of students.
Through the "Unlocking education, for growth without limits" campaign,
Dutch activists are pushing for a more robust implementation of
the open standards policy, by making the use of open standards
mandatory for all publicly-funded institutions. The campaign is
supported by a various range of Dutch organizations (NLLGG, NLUUG, LPI
Netherlands, HCC!, ISOC.nl, Free Knowledge Institute and the Dutch
Pirate Party), the Free Software Foundation Europe and over 900
individuals who signed the petition. Arjan el Fassed, MP for the
Green party (GroenLinks), expressed dissatisfaction with the minister
of Education's answers. The next round of parliamentary questions is
being prepared in collaboration with the activists.
FSFE campaign page - Unlocking education, for growth without limits
http://fsfe.org/campaigns/nledu/nledu.en.html
The lack of open standards in secondary education (only in Dutch, 5.10.2011)
http://www.ikregeer.nl/documenten/kv-132148
Answer to Parliamentary questions about the lack of open standards in
secondary education (only in Dutch, 28.10.2011)
http://www.rijksoverheid.nl/bestanden/documenten-en-publicaties/kamerstukke…
Dutch government hands over education's keys to Microsoft (7.11.2011)
http://fsfe.org/news/2011/news-20111107-01.en.html
Dutch petition (only in Dutch, 27.09.2011)
http://www.janstedehouder.nl/2011/09/27/petitie-weg-met-het-overgewicht-in-…
International petition (28.09.2011)
http://www.janstedehouder.nl/2011/09/28/make-the-use-of-open-standards-in-e…
(contribution from Jan Stedehouder - EDRi-member Vrijschrift - Netherlands)
============================================================
5. EDRi Responds to BEREC's Consultation on Net Neutrality and Transparency
============================================================
Net Neutrality is at the centre of the debate in almost every European
institution. The European Commission has been looking at this topic for more
than a year now and is moving more and more away from its initial position
to uphold net neutrality in Europe. In contrast to her own statements in
January 2010, Vice-President Neelie Kroes is now advocating a
wait-and-see-approach stressing the importance of transparency and the
ability to switch operators. In a speech during the EUHackathon on 9
November 2011, Kroes said she heard "allegations that some internet
providers throttle, degrade the quality of services". Earlier this year she
therefore asked the EU Telecom's regulator BEREC to go on a fact-finding
mission in order to prove these "allegations".
Net neutrality was also recently discussed in the European Parliament. The
Industry Committee just adopted a resolution which called on the BEREC to
swiftly publish the evidence emerging from its investigations. The
resolution emphasised that net neutrality is crucial for fundamental
freedoms, innovation and competition. Indeed, there is a growing number of
threats to it, such as blocking of applications and degradation of services.
These experiments with the essence of the Internet have sometimes been
transparently declared by operators themselves and reported by end users and
content providers, while at other times consumers' services have simply been
restricted, without notification or explanation. Not only do operators have
incentives to seize more control over internet traffic, they are also
increasingly under pressure from vested interests to take measures which run
counter to their role as a mere conduit.
On 2 November 2011, EDRi responded to the consultation on BEREC's
"transparency and net neutrality" which will be followed by a paper on
Quality of Service and a report on competition and discrimination issues
next year. BEREC's draft guidelines on transparency however, are in line
with the Commission's wait-and-see approach and argue that transparency is
an effective tool to achieve the regulatory objective of maintaining an open
and competitive Internet.
In its response, EDRi explains that transparency on service restrictions
will lead neither to sufficient protection nor to empowerment of end users.
In the light of numerous transparent and non-transparent violations of the
principle of net neutrality, EDRi expresses its deep concerns about the
Guidelines' apparent acceptance of restricted offers that provide limited
access to the Internet. EDRi fears that relying solely on transparency
requirements and on market forces will lead to the development of a
multiple-tier Internet, to the detriment of citizens' rights and the
competitive online marketplace. Few would be able to access premium managed
services and many would be left in the slow lane with a low quality and
restricted access to the Internet.
EDRi asks the BEREC to design regulatory tools for national regulatory
bodies to ensure that traffic management practices do not unsettle the
Internet ecosystem. The BEREC should promote narrowly-tailored measures to
protect net neutrality and the open Internet's core characteristic as a
unique platform for innovation and freedom of expression defined by end user
control.
EDRi's response to the net neutrality consultation (2.11.2011)
http://www.edri.org/02112011EDRi_response_BEREC_NNtransp.pdf
BEREC guidelines on transparency and net neutrality (10.2011)
http://erg.eu.int/doc/berec/consultation_draft_guidelines.pdf
Speech given by Neelie Kroes on 9 November 2011during the EUHackathon
(9.11.2011)
http://www.youtube.com/watch?v=LhlBpE4llLM
Net Neutrality Resolution as adopted by ITRE (7.11.2011)
http://www.europarl.europa.eu/sides/getDoc.do?type=MOTION&reference=B7-2011…
EDRi-gram: Neelie Kroes on Net Neutrality (27.01.2010)
http://www.edri.org/edrigram/number8.2/kroes-net-neutrality
(Contribution by Kirsten Fiedler - EDRi)
==========================================================
6. 2011 Public Voice Civil Society Conference: "Privacy is Freedom"
==========================================================
The Public Voice meeting that took place on 31 October 2011 in Mexico City
began with a discussion of the 2009 Madrid declarations (both those from
DPAs and civil society). Most participants felt there had been little
progress towards implementation or acceptance by governments. Peter Schaar
(Federal DPC Germany) stressed that upholding the rights of data subjects
required independent oversight, and that CoE Convention 108 was still
available for regulating transborder data flows, and was open to
third-countries. Discussions about multilateral vs. single global
instruments were becoming repetitive.
In the panel on Cultures of Privacy, Jacob Kohnstamm (Netherlands DPC &
Art.29 WP Chair) noted that databases were implicated in extensive human
rights violations during WW2, and the families of many Europeans had cause
to remember such risks. David Vladeck (FTC) saw his role not as "referee"
over different and clashing cultures, but to preserve consumer choice;
clicking through EULA "wordbarf" is not "meaningful" consent. He stated US
could not be more different from EU culture, but "we get to the same
result", citing FTC support for "Do Not Track".
Lara Ballard (US State Department) described an Egyptian activist creating a
database identifying members of the secret police (to name and shame them).
Flicker took down the pictures on copyright (not privacy) grounds. The
activist's view was that the secret police had invalidated their own right
to privacy, because their conduct undermined the rule of law itself. Ballard
was sceptical of nostrums about lack of Asian sense of privacy, (e.g.,
non-legal concepts of Japanese politeness are similar) and, cited
sociologist Irwin Altman on privacy as dynamically negotiated social
boundaries. She asserted EU DPCs were mistrustful of major US Internet
companies, but trusted their own governments. She praised the concept of
"accountability agents" and the APEC privacy process. Moderator Alberto
Cerda (Derechos Digitales - Chile) remarked that global agreements for the
enforcement of "intellectual property" already existed, but there seemed to
be little prospect of comparable treaties for privacy.
Zhou Hanhua (China - Social Science Academy) said although China had no
history of privacy, the real concerns of people were similar. China today
may have the worst of both worlds. People felt resigned to marketing privacy
invasions such as endemic mobile voice spam. China has still not enacted a
DP law (and the choice between US and EU systems was most difficult), but on
paper, Constitutional protections were similar to developed countries, and
culture is changing rapidly. Moez Chakchouk (Tunisia) spoke of their first
free election, and new constitution next year. Their main priority was to
transform the former censorship agency into a human rights and privacy
agency (sic). Cerda asked whether EU standards were too high (so few
countries attained adequacy), and Kohnstamm replied national authorities
couldn't do much without co-operation from the rest of the world. Schaar
said the EU should not lower standards, given European history; data
protection will stay a fundamental right in Europe.
Vladeck contrasted common-law vs. civil law cultures; in the EU privacy law
is very specific, in the US not. There was a vocabulary problem. To US ears,
rights mean what is in the US Constitution, "and why do I have to fill in a
form for the police when I check into a hotel in Europe?" - a right not
enforced isn't much of a right. US goals were similar to the EU. "There is
no difference between opt-in and opt-out given current technology" (sic).
Ballard re-iterated support for "accountability agents" ("a new legal regime
accountable to e.g. TRUSTe").
The panel on Raising Public Awareness on Privacy vs. Technology was
moderated by Pablo Molina (US), and began with a description of the new
Brazilian law from Danilo Doneda. Michael Donohue (OECD) stated that
transborder flows of data can be blocked only if there was no adequate
protection of sensitive data. Omer Tene said face recognition was not a new
issue (e.g. police line-ups). His view of consent was that an opt-out should
be sufficient if good information was provided. Thomas Nortvedt (TACD)
emphasized that consumers needed to be able to enforce rights.
Korina Velazquez (MEX) moderated the panel on Children's Privacy Online,
with contributions from Adriana Labardini (Mexico - Alconsumidor), Kristina
Irion (CEU Hungary), and Conchy Martin Rey (TACD). Neuro-marketing
techniques were discussed, and Jeff Chester remarked that the COPPA
legislation was unique in the US, in that it gave opt-in protection (to
minors). There were few answers to a question on when children should attain
legal independence from their parents for the exercise of privacy rights,
given the wide differences between individual children.
Dave Banisar (Article 19) led a conversation with Marc Rotenberg (EPIC) on
the relationship (both deprecated the word "balance") between Privacy and
Freedom of Expression. There were strong analogies between the right to
withhold identity and freedom of expression rights. Business obviously
prefers to conduct their activities unregulated. Banisar remarked that in
the UK, some attempted to justify "phone-hacking" in the name of free
expression, and Rotenberg recalled that Warren & Brandeis stipulated a
public interest exemption in their seminal article. Caspar Bowden asked if a
right of subject access to data in the private sector was feasible in the
US, and Rotenberg replied that the Federal Constitution normally doesn't
coerce private parties, but some state constitutions do. Probably "compelled
speech" cases can be distinguished (to allow a subject access right). EPIC
has pursued information self-determination rights, and this one is on their
"to do" list. The office of the EDPS pointed to the ECJ "Bavarian beer"
case, and their intervention to ensure FOI rights aren't subordinated to
privacy rights, in cases of public interest. Lara Ballard (US State
Department) asked whether government officials had privacy rights when
offering confidential advice. Dave Banisar said no, and deprecated the use
of the word privacy to mean "organizational secrecy".
Simon Davies (PI) moderated the panel on a Right to Forget. Marie-Helen
Boulanger (EU Commission) said the data subjects' existing rights needed to
be clarified, and that the impact of cheap data storage was that many traces
were left in online services. Data must be fully deleted when its processing
would be unlawful, e.g. when the retention period is not in line with the
purpose. However there is no "right to hide" in EU law. Regarding a right to
erasure of public records, it was preferable that unnecessary data was not
collected at all - data minimization remains a sound principle, in
conjunction with privacy-by-design. Peter Fleischer said Google merely
reflected the web, and should be allowed to index whatever is lawful on the
web, and mentioned a possible ECJ referral of the current Spanish case.
Alejandro Pisanty (Mexico) stressed the end-to-end principle of the Internet
(network flows should not depend on the content), and that
Mayer-Schvnberger's idea for self-deleting data would still leave metadata
traces behind, even after content was deleted. Banisar recalled that the
possibility for rehabilitation was an internationally accepted principle in
Freedom of Expression.
Chris Soghoian rounded on Fleischer's assertion that Google "deleted" search
data after nine months, pointing out that their actual practice
(IP-last-byte-deletion) did not even properly anonymize the data. The
important "right to be forgotten" is over the behavioural data we are
scarcely conscious is being collected, but the public debate mostly avoids
this issue, focussing on e.g. tagged photos. The major Internet companies
don't let the user delete behavioural data. Moreover there is the further
issue of aggregate data used to sort users automatically into marketing
buckets. Caspar Bowden asked why Google didn't permit users to delete web
history from a "parallel" logging system, only disclosed by an elliptical
reference in an FAQ outside the privacy statement.
Gus Hosein (PI) moderated the final panel on Government Databases. Caspar
Bowden (EDRi) summarised the effect of the US law FISAA 2008 1881a; that
Cloud providers within US jurisdiction may be coerced into wiretapping their
own datacentres (inside or outside the US) to conduct purely political
surveillance on non-US persons outside the US.
Meryem Marzouki (France - CNRS) made a plea for a data confinement doctrine
and its strict application by law, in response to the vulnerability of
mega-databases to malicious intrusions, technical breaches and unlawful use.
Katitza Rodriguez (EFF), Cedric Laurent (Access) and Jessica Matus Arenas
(Chile) provided analysis on national legislations on data protection and
access to information, respectively in Mexico, Colombia and Chile, as well
as commented the current situation in these countries.
Public Voice conference
http://thepublicvoice.org/events/mexicocity11/
Caspar Bowden's presentation at Public Voice event (31.10.2011)
http://edri.org/files/Public%20Voice%20-%20Mexico%20%28Caspar%20Bowden%20-%…
(Contribution by Caspar Bowden - EDRi Observer)
============================================================
7. 33rd International DPA Conference in Mexico City
============================================================
The 33rd International Conference of Data Protection and Privacy
Commissioners was held in Mexico City, on 2-3 November 2011, hosted by IFAI
(The Mexican Federal Institute for Access to Information and Data
Protection). This year theme, "Privacy, the Global Age", showed the clear
willing of the organizers to make it a direct follow-up to the 31st
Conference held in Madrid and its adopted resolution on global standards. As
a matter of fact, Jacqueline Peschard, IFAI President, called in her opening
remarks for a plan of action to be proposed by this conference. This
commitment to take further steps was shared by most, though not all, of the
DPA (Data Protection Authorities) at the conference.
The two-days conference included four plenary sessions and four sets of four
parallel sessions. A useful innovation consisted in the presentation of
highlights from parallel sessions, to keep the audience updated of all
discussions. While the parallel sessions addressed a broad range of current
hot data protection issues, the plenary sessions focused on various aspects
of the "big and distributed data" challenge: "Observation, Analytics,
Innovation and Privacy", "The Drivers for Data Protection Law in Latin
America, Asia, and Africa", "Security in an Insecure World "and "One Data
Protection Community. Many Cultures, Threats and Risks".
The "big data challenge" was rather overstressed in the first plenary
session, especially through the keynote presentation by Ken Cukier (The
Economist), followed by two panel sessions.
In the first panel session, Jacob Kohnstamm, Peter Schaar and Marie Shroff
(DP Commissioners of The Netherlands, Germany and New Zealand, respectively)
and David Vladeck (FTC, USA) were asked whether the growth of data, its
mining and application challenge the way privacy enforcement agencies
protect individuals. The two European DP Commissioners insisted on the need
for a strict application of the legislation and more independent control
powers given to DPA, while the New Zealand Commissioner rather took the view
that there is a need to move from a focus of compliance to rules towards
being more strategic, identifiy the big risks, strategizing, and move to a
leadership mode or, as she said, "move from a negative mode to a positive
mode". The FTC representative insisted on the changing nature of big data
(collected from smartphones, sensors, social networks.), leading to the
importance of privacy by design. He acknowledged that "the burden has to be
on the company, not on the consumer, to protect the data".
In the second part of this session, gathering a panel of other stakeholders,
Gus Hosein (Privacy International) and Joel Reidenberg (Fordham Law School)
reminded the audience that the basic DP principles still applies. The former
warned that it would be a mistake to only focus on the use of big data while
forgetting about their collection process. The latter insisted on the need
to consider the broader systemic risks arising with big data, as they create
an unprecedented level of transparency of the citizen, who loses any
anonymity and choice capabilities, with the consent model breaking down.
One very informative sessions on new legal developments was the one dealing
with "changing laws in the US and the States".
Frangoise Lebail (EC DG Justice) presented the main features of the deep
reform the EU has undertaken in terms of privacy legislation. She made clear
that the revised legislation, to be adopted at the beginning of next year,
will leave less room for intrepretation for Member States, as the
disparities are currently huge: "no longer legal fragmentation", she said,
mentioning both the national legislations and the two sectors, public and
private, including sectors formerly falling under the 3rd pillar. Other
important new features include: data breach notification, better enforcement
of rights, harmonization and increase of DPAs resources and powers, stronger
cooperation between DPAs (a reflection on a cooperation mechanism is
ongoing). On International aspects, she mentioned the need for a
continuation of EU citizen protection, not only through the adequacy but
also through the interoperability of the different DP schemes.
Lawrence Strickling (NTIA, USA) also introduced the big changes undertaken
in the USA to strengthen the privacy regime towards a general regime of
consumer data privacy, with a large focus on the international
interoperability of DP systems. A white paper will be issued in the weeks to
come, valid for the entire Obama administration, developing a four-pillars
framework: (1) A consumer bill of rights, that should be enacted in
legislation; (2) Codes of conduct developed by stakeholders; (3) Enforcement
of these codes of conducts by FTC; and (4) International interoperability.
One probably needs to wait until this white paper will be made available to
understand the exact share of enforced legislation and of self-regulation
this framework will actually encompass, as well as to which extent industry
lobbies will impose their views in the so-called multi-stakeholder process
of codes of conduct development.
"International interoperability" seems thus to be the new buzzword, and the
most that would be conceded in international discussions on a global privacy
and data protection framework. Civil society, as well as many DPAs, expect
more, though. They expect global privacy and data protection standards, and
this was precisely the topic addressed at the session on "Global Standards
Linked to Global Value", organized and moderated by Lillie Coney (Electronic
Privacy Information Center).
During this session, Jvrg Polakiewicz (Council of Europe) introduced the
major features of the current revision of Convention 108 that will soon
been submitted to consultation, and insisted on the fact that this
Convention is and will still be open to signatures and ratifications by
third countries, being the ideal vehicle towards a global privacy and data
protection standard.
Rafel Garcia (Spanish DPA) reminded the main advances of the Madrid
Resolution on global standards, adopted at the 31st DPA two years ago, and
mentioned the progress, though slow, made since then.
Meryem Marzouki (EDRi) took as a starting point the Madrid Civil Society
Declaration on "Global Privacy Standards in a Global World" adopted at the
2009 Public Voice Civil Society Conference organized in Madrid, in liaison
with the DPA Conference. She identified 6 main steps for an urgent action
plan to implement the provisions of this Declaration. EDRi representative
also reacted to the way the "big data" issue (or rather propaganda, in view
of radical deregulation of privacy forced by technological determinism, as
many civil society representative analysed) was addressed during the
conference. Meryem Marzouki reminded that "privacy is a fundamental human
right, that shouldn't be adapted to new technical developments or economic
models". Asking to put this dialectic back on its feet, she added that "it
is rather the technical, economic and behavioral norms that should comply to
international human rights standards."
The next International Conference of Data Protection and Privacy
Commissioners will certainly bring interesting follow-up to this year
conference, especially with the new EU and US legislative frameworks, as
well as the revised Council of Europe Convention 108 being discussed. The
34th Conference will be held again in Latin America (Uruguay).
33rd DPA Conference, Mexico City (2-3.11.2011)
http://www.privacyconference2011.org
31st DPA Conference, Madrid (4-6.11. 2009)
http://www.privacyconference2009.org
The Madrid Civil Society Declaration (3.11.2009)
http://thepublicvoice.org/madrid-declaration/
Meryem Marzouki (EDRi) Presentation (3.11.2011)
http://edri.org/files/Marzouki-DPA-talk.pdf
"Big data and Small Agencies" - Colin Bennet's Reflections on the 33rd DPA
Conference (7.11.2011)
http://www.colinbennett.ca/2011/11/big-data-and-small-agencies-reflections-…
(Contribution by Meryem Marzouki (EDRI member IRIS - France)
============================================================
8. Will the new flawed EU-US PNR agreement be approved by the EP?
============================================================
In May 2011, the European Commission's Legal Service said the EU-USA PNR
agreement on the transfer of personal data of travellers flying from Europe
to the US was not compatible with fundamental rights. Five months later a
new, but similarly flawed version, is now presented to the European
Parliament.
With the US side having kept pressing the EU on finalising the PNR
agreement, a new slightly changed version is now under discussion. Although
the new text still raises privacy concerns, it seems unlikely that the
European Parliament will reject this version.
Commissioner Malmstrvm presented details of the new EU-US agreement to the
German newspaper FAZ on 9 November 2011. While Parliamentarians
currently do not have the right to talk about details of the negotiations,
the Commission has apparently every right to go on a promotion campaign. The
text of the Agreement is available for Parliamentarians in a secret reading
room of the EU-Parliament where they can only read it, but do not have the
right to take photos or notes. It is bizarre that there has been no reaction
so far by MEPs on the fact that the German newspaper got briefed before the
official briefing for the rapporteur and shadow rapporteurs which took place
only on 15 November. This is clearly in breach of art.
218(10) TFEU, which reads "The European Parliament shall be immediately and
fully informed at all stages of the procedure."
The retention period for the all data remains 15 years but now there are
restrictions for accesing that data after 10 years for serious crimes, such
as drug and human trafficking.
Also, under the draft deal, the data sent to US authorities would become
"pseudonymous" after six months which means that some data would be masked
out although still available in case of an event. Other data, including
frequent flier info and payment/biling info will still be unmasked.
The data would remain in an "active" database easily accessible to US
officials for five years, and then would be transferred to a "dormant"
database which will require stricter conditions to be accessed. The US
police or intelligence officers can retrieve or black out the data only with
special permission from a superior.
"Whatever they did are just cosmetic changes, the substance of blanket data
retention has remained. And even if they say personal data will be
'anonymised' after six months, the US still keeps all the records for 15
years," said German Green MEP Jan Philipp Albrecht.
In his opinion, the agreement still violates EU data privacy rules as the US
will still access and store all private data, (including telephone numbers,
email addresses and even credit card data).
MEP Sophie in't Veld (LIBE / Netherlands), said that her group would wait
for legal advice before deciding on the vote but also expressed concern
regarding the fact that the text still allows the use of data for boarder
purposes than the fight against terrorism and organised crime. She also
showed her disappointment that after a long negotiation period, the final
version of the text is still only very little better than what MEPs have
continuously been asking for some years now.
"If this is what we are able to get out of our closest allies, what will
come out of negotiations with other countries? South Korea and Qatar are
also interested in PNR agreements, South Africa, Malaysia and Cuba are
preparing demands and it will be only a matter of time until Russia and
China will want this, too," stated Sophie in't Veld.
Michele Cercone, spokesman for EU Home Affairs Commissioner Cecilia
Malmstroem, stated however that, in their opinion, the new draft was a big
improvement to the last text: "The new agreement will guarantee that PNR
data will be used for restricted and well defined purposes, which are
fighting transnational crime and terrorism."
According to the proponents of the new treaty, the EU is not in the best
position to negotiate considering that European airlines will have to pass
travellers' information to the US authorities in order to be able to fly to
the US. By rejecting the agreement, the EU may put airlines in the position
to face potential law cases for infringing privacy regulations.
In October 2011, a PNR agreement with Australian was approved by MEPs but in
that case the retention period is only five and a half years and the data
transfer is limited to terrorism and organised crime.
Unhappy MEPs to approve passenger data deal (11.11.2011)
http://euobserver.com/22/114252
FAZ article with Commissioner Malmstrvm (only in German, 10.11.2011)
http://www.faz.net/aktuell/politik/eu-einigt-sich-mit-amerika-neues-abkomme…
EU, US pen new passenger data deal to ease privacy fears (11.11.2011)
http://www.google.com/hostednews/afp/article/ALeqM5i3XjX6aLv4Ab9X2znGo8AbFB…
EDRi-gram: EU-US PNR agreement found incompatible with human rights
(29.06.2011)
http://edri.org/edrigram/number9.13/us-eu-pnr-breaches-human-rights
============================================================
9. ENDitorial: Copyright combinatronics
============================================================
Although the creation of the single market has been the primary focus of
the European Union for decades, it often seems that for every step
forward it takes two back. In that respect it's often rather interesting
to look at the mathematics as they play out in the different directives
that come out of Brussels.
The EU Copyright Directive outlines 21 different optional exceptions or
limitations to the right of reproduction of copyrighted works. Each
country implementing the directive can choose to either include or leave
out the exception clause.
If we imagine this as a set of 21 switches where each has two positions,
then to calculate the number of total possible configurations for these
switches we multiply together the number of options for each one:
2*2*2*2*2*2*2*2*2*2*2*2*2*2*2*2*2*2*2*2*2, or written more concisely,
2^21 (two to the power of twenty-one).
This gives us 2.097.152 different ways to implement the directive.
But it gets better. After the 21 exception clauses for reproduction
rights, there comes a paragraph stating that where the Member States may
provide exceptions or limitations for reproduction, they may provide
similarly an exception or limitation to the right of distribution.
This can be understood in at least two different ways, with radically
different results. On the one hand, if you have an exception on
reproduction then you may also have the same exception for distribution
(meaning we'd have 21 switches with 3 settings each), or on the other
hand, you may apply the same exception independently of each other
(meaning we'd have 42 switches with 2 settings each, or 21 switches with
4 settings - doesn't matter). The wording suggests the latter, but at
the same time it seems slightly absurd to have an "oh by the way you may
also" in a directive; there are other cleaner ways to approach this.
There is probably some literature that I'm unaware of about which one
they mean, but it's easier to do the math on both cases than it is to
navigate through commission and parliament documentation.
The first case is a three step process where each exception can be
either "off", "on for reproduction" or "on for reproduction and
distribution". This means we get three to the power of twenty-one
options, totalling 10.460.353.203.
The second case is a four step process where each exception can be
"off", "on for reproduction", "on for distribution", or "on for
reproduction and distribution". This gives us four to the power of
twenty-one options, totalling 4.398.046.511.104.
That's either ten billion or four trillion ways to implement the
copyright directive, depending on how you read article 5, paragraph 4.
It's very hard to visualize numbers of this size, but the larger number
is about fifteen times larger than the number of stars in our galaxy.
This back-of-envelope analysis doesn't even touch on the combinatorical
implications of different understandings of the details of articles 5.5,
6 and 7 in particular, and in general the rest of the directive, mostly
because they're less directly quantifiable. Let alone the distinction
between "exception" and "limitation", which could easily
bring the number up significantly.
This basically means that, a priori, there is a one in three hundred and
eighty million chance that any two member states come up with the same
implementation, taking the slightly better case. How does that serve the
ideal of a single market? It looks like internal dissolution about the
specifics of the exception clauses, with each country being difficult in
its own little way and no political hardheadedness forcing a tenable
solution, has yielded a completely useless directive in terms of
unification.
While it is true that all the member states could in theory decide on
the same exceptions, making this headache go away, the fact that they're
all optional suggests that, in each case, there was at least some strongly
for and some strongly against. At some point somebody must have gotten
so tired of debating the exceptions that they just lumped all of them
together under optional and decided to let the Member States figure it out.
What this shows is that the EU is not effectively managing to create a
single market, and through its policy on intellectual monopolies may
even be pushing the markets further apart. The question of who stands to
gain from this state of affairs is left as an exercise to the reader.
(Contribution by Smari McCarthy - International Modern Media Institute)
============================================================
10. Recommended Action
============================================================
Stop ACTA !
http://www.edri.org/stopacta
Beat the censor - online game
http://stefanwehrmeyer.com/projects/beatcensors/
============================================================
11. Recommended Reading
============================================================
Civil society letter against the US SOPA law - Stop Online Piracy Act
(15.11.2011)
http://www.edri.org/files/sopa_civilsociety_15Nov_2011.pdf
EU charter creating "confusion" on human rights (11.11.2011)
http://euobserver.com/18/114247
Want to create a really strong password? Don't ask Google (8.11.2011)
http://www.lightbluetouchpaper.org/2011/11/08/want-to-create-a-really-stron…
INTA chairman defends secrecy (12.11.2011)
http://acta.ffii.org/?p=869
============================================================
12. Agenda
============================================================
24-25 November 2011, Vienna, Austria
"Our Internet - Our Rights, Our Freedoms"
Towards the Council of Europe Strategy on Internet Governance 2012 - 2015
http://www.coe.int/t/informationsociety/conf2011/
30 November 2011, Brussels, Belgium
Horizon 2020: investing in the common good
Treating knowledge as a public good in EU research and innovation
http://tacd-ip.org/archives/459
27-30 December 2011, Berlin, Germany
28C3 - 28th Chaos Communication Congress
http://events.ccc.de/category/28c3/
http://events.ccc.de/congress/2011/
25-27 January 2012, Brussels, Belgium
Computers, Privacy and Data Protection 2012
http://www.cpdpconferences.org/
14-15 June 2012, Stockholm, Sweden
EuroDIG 2012
http://www.eurodig.org/
9-10 July 2012, Barcelona, Spain
8th International Conference on Internet Law & Politics: Challenges and
Opportunities of Online Entertainment
Abstracts deadline: 20 December 2011
http://edcp.uoc.edu/symposia/idp2012/cfp/?lang=en
============================================================
13. About
============================================================
EDRi-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRi has 28 members based or with offices in 18 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge and
awareness through the EDRi-grams.
All contributions, suggestions for content, corrections or agenda-tips are
most welcome. Errors are corrected as soon as possible and are visible on
the EDRi website.
This EDRi-gram has been published with financial support from the EU's
Fundamental Rights and Citizenship Programme.
Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 3.0 License. See the full text at
http://creativecommons.org/licenses/by/3.0/
Newsletter editor: Bogdan Manolea <edrigram(a)edri.org>
Information about EDRI and its members:
http://www.edri.org/
European Digital Rights needs your help in upholding digital rights in the
EU. If you wish to help us promote digital rights, please consider making a
private donation.
http://www.edri.org/about/sponsoring
http://flattr.com/thing/417077/edri-on-Flattr
- EDRI-gram subscription information
subscribe by e-mail
To: edri-news-request(a)edri.org
Subject: subscribe
You will receive an automated e-mail asking to confirm your request.
Unsubscribe by e-mail
To: edri-news-request(a)edri.org
Subject: unsubscribe
- EDRI-gram in Macedonian
EDRI-gram is also available partly in Macedonian, with delay. Translations
are provided by Metamorphosis
http://www.metamorphosis.org.mk/edri/2.html
- EDRI-gram in German
EDRI-gram is also available in German, with delay. Translations are provided
Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for
Internet Users
http://www.unwatched.org/
- Newsletter archive
Back issues are available at:
http://www.edri.org/edrigram
- Help
Please ask <edrigram(a)edri.org> if you have any problems with subscribing or
unsubscribing
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
On Sat, Dec 09, 2000 at 10:06:03PM +0100, Anonymous wrote:
>
> I was unable to locate any other states with statutes addressing "mask
> wearing" in public (without intent to commit burglary). No doubt the
rest
> of the offending rules are ordinances instead.
>
Also see 18 USC 242 and 42 USC 1985 for criminal and civil penalties,
respectively, for "two or more persons" who "go in disguise on the highway,
or on the premises of another, with intent to prevent or hinder his free
exercise or enjoyment of any right or privilege" secured by the US
constitution or the laws of the United States.
--
Greg Broiles gbroiles(a)netbox.com
PO Box 897
Oakland CA 94604
1
0
At 14:12 2004-08-17 -0300, Mads Rasmussen wrote:
>Eric Rescorla wrote:
>
>>Check out this ePrint paper, which claims to have collisions in
>>MD5, MD4, HAVAL, and full RIPEMD.
>>
>>http://eprint.iacr.org/2004/199.pdf
>>
>>The authors claim that the MD5 attack took an hour for the first
>>collision and 15 seconds to 5 minutes for subsequent attacks
>>with the same first 512 bits.
>So what's the status?, the MD5 collisions has been confirmed by Eric
>Rescorla (taken the type into consideration), the MD4 by David Shaw, what
>about Haval and RipeMD?.
>
>I did a test on the RipeMD results and couldn't get the results written.
>Anybody else having the same problems?
>
>Any news on Antoine Joux and his attack on SHA-0? how did he create the
>collision previously announced on sci.crypt?
Eli Biham -- has collisions on 34 (out of 80) rounds of SHA-1, but can
extend that to probably 46. Still nowhere near a break.
Antoine Joux -- his team announced the collision on SHA-0 earlier this
week. There is concentration on the so-called "IF" function in the first 20
rounds... f(a,b,c) = (a & b) ^ (~a & c). That is, the bits of a choose
whether to pass the bits from b, or c, to the result. The technique (and
Eli's) depends on getting a "near collision" in the first block hashed,
then using more near collisions to move the different bits around, finally
using another near collision to converge after the fourth block hashed.
This took 20 days on 160 Itanium processors. It was about 2^50 hash
evaluations.
Xiaoyun Wang was almost unintelligible. But the attack works with "any
initial values", which means that they can take any prefix, and produce
collisions between two different suffixes. The can produce the first
collision for a given initial value in less than an hour, and then can
crank them out at about one every 5 minutes. It seems to be a
straightforward differential cryptanalysis attack, so one wonders why
no-one else came up with it. The attack on Haval takes about 64 tries. On
MD4, about 4 tries. RIPE-MD, about 2 hours (but can improve it). SHA-0
about 2^40 (1000 times better than Joux).
Xuejia Lai clarified that the paper on E-print has been updated with
correct initial values. They were initially byte-reversed, which they
blamed on Bruce Schneier.
Greg.
>Regards,
>
>Mads Rasmussen
>Open Communications Security
>
>---------------------------------------------------------------------
>The Cryptography Mailing List
>Unsubscribe by sending "unsubscribe cryptography" to majordomo(a)metzdowd.com
Greg Rose INTERNET: ggr(a)qualcomm.com
Qualcomm Australia VOICE: +61-2-9817 4188 FAX: +61-2-9817 5199
Level 3, 230 Victoria Road, http://people.qualcomm.com/ggr/
Gladesville NSW 2111/232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo(a)metzdowd.com
--- end forwarded text
--
-----------------
R. A. Hettinga <mailto: rah(a)ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
1
0
nym-0.5 is now available from:
http://www.lunkwill.org/src/nym/
Most notably, this release fixes a bug whereby the client code didn't check
that returned signatures are valid. Thus, a token server could "tag"
clients by returning invalid signatures which the CA would then detect.
A preprint of an academic paper on nym is also now included in the
distribution as well.
-J
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
1
0
[So now we get an idea of at least one thing the NSA is doing with
the Data they have collected from the phone companies - Rob]
Federal Source to ABC News: We Know Who You're Calling
http://blogs.abcnews.com/theblotter/2006/05/federal_source_.html
May 15, 2006 10:33 AM
Brian Ross and Richard Esposito Report:
A senior federal law enforcement official tells ABC News the
government is tracking the phone numbers we call in an effort to root
out confidential sources.
"It's time for you to get some new cell phones, quick," the source
told us in an in-person conversation.
ABC News does not know how the government determined who we are
calling, or whether our phone records were provided to the government
as part of the recently-disclosed NSA collection of domestic phone
calls.
Other sources have told us that phone calls and contacts by reporters
for ABC News, along with the New York Times and the Washington Post,
are being examined as part of a widespread CIA leak investigation.
One former official was asked to sign a document stating he was not a
confidential source for New York Times reporter James Risen.
Our reports on the CIA's secret prisons in Romania and Poland were
known to have upset CIA officials.
People questioned by the FBI about leaks of intelligence information
say the CIA was also disturbed by ABC News reports that revealed the
use of CIA predator missiles inside Pakistan.
Under Bush Administration guidelines, it is not considered illegal
for the government to keep track of numbers dialed by phone customers.
The official who warned ABC News said there was no indication our
phones were being tapped so the content of the conversation could be
recorded.
A pattern of phone calls from a reporter, however, could provide
valuable clues for leak investigators.
May 15, 2006 | Permalink
bbbbbbbbbbbbbbbbbbbbbbbbbb
bbbb
Robert J. Berger - Internet Bandwidth Development, LLC.
Voice: 408-882-4755 eFax: +1-408-490-2868
http://www.ibd.com
-------------------------------------
You are subscribed as eugen(a)leitl.org
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
1
0
Begin forwarded message:
1
0
============================================================
EDRi-gram
biweekly newsletter about digital civil rights in Europe
Number 9.22, 16 November 2011
============================================================
Contents
============================================================
1. EDRi letter: EC proposes reduced retention periods for retained data
2. US court allows access to world-wide Twitter accounts data
3. Online Distribution of Audiovisual Works: EDRi's answer to the EC
4. Unlocking education in the Netherlands
5. EDRi Responds to BEREC's Consultation on Net Neutrality and Transparency
6. 2011 Public Voice Civil Society Conference: "Privacy is Freedom"
7. 33rd International DPA Conference in Mexico City
8. Will the new flawed EU-US PNR agreement be approved by the EP?
9. ENDitorial: Copyright combinatronics
10. Recommended Action
11. Recommended Reading
12. Agenda
13. About
============================================================
1. EDRi letter: EC proposes reduced retention periods for retained data
============================================================
In September 2011, European Digital Rights and 37 other NGOs sent a
detailed letter to the European Commission with regard to the current stage
of the review of the Data retention Directive - the impact assessment. The
purpose of the letter was to provide early input to the Commission, in order
to give maximum opportunity to take our concerns into account.
The response from the Commission acknowledges the problems with the
Directive. Without being specific, Commissioner Malmstrvm responded that the
maximum retention periods needs to be reduced and also pointed out that the
text must be improved with regard to its clarity. She also recognised and
accepted the need for a followup of the methodology detailed in the
Fundamental Rights Checklist and that cost-reimbursement for Internet
providers is a way of minimising access to retained traffic data.
The Commissioner promises improvements to resolve two problems in the
Directive: - the length of the maximum retention periods and the lack of
clarity (and therefore predictability) of the Directive. However, the
recognition of these two problems implies an acceptance of doubts regarding
the compliance of the current Directive with the Charter of Fundamental
Rights and the European Convention on Human Rights. .
This raises an important question: - in such circumstances, how can it be
appropriate to recognise the questionable legality of the Directive, on the
one hand, and undertake legal proceedings against Germany, Romania and
Sweden for failing to implement the Directive, on the other?
Rather disappointingly, the Commissioner decided to answer a question which
was not asked, namely how difficult it would be to get major improvements
past the Council of Ministers. While the political obstacles to an adequate
resolution of the data retention Directive's problems are certainly massive,
the current College of Commissioners took an oath, as individual citizens,
to defend the Charter on Fundamental Rights. This oath was without
exceptions, to cover challenging political environments. However, the
subtext of the Commissioner's response to civil society is clear - without a
shift in the positions of Member States, the Commission does not feel able
to resolve the deep problems with data retention.
Nonetheless, the tone of the letter is very positive and the constructive
engagement of civil society is clearly welcomed. EDRi and the co-signatories
of the letter will continue to engage constructively with the Commission.
Joint letter on data retention (26.09.2011)
http://www.edri.org/files/dr_letter_260911.pdf
Commissioner Malmstrvm's response (dated 31.10.2011)
http://www.edri.org/files/malmstroem_letter31Oct2011.pdf
Fundamental rights checklist
http://ec.europa.eu/justice/news/intro/doc/com_2010_573_4_en.pdf
Oath to respect the EU Treaties and Charter:
http://europa.eu/rapid/pressReleasesAction.do?reference=IP/10/487
(Contribution by Joe McNamee - EDRi)
============================================================
2. US court allows access to world-wide Twitter accounts data
============================================================
A US judge decided on 10 November 2011 that Twitter had to release to the US
authorities data on the Twitter accounts of people involved in WikiLeaks
founder Julian Assange case investigated by the US Justice Department.
The Twitter accounts in question belong to Icelandic MP and former WikiLeaks
volunteer Birgitta Jsnsdsttir, Seattle-based WikiLeaks volunteer Jacob
Appelbaum and Dutch XS4ALL Internet provider co-founder Rop Gonggrijp.
The judge's ruling is a response to the appeal made by the three twitter
account holders, thus backing up the previous decision in March of another
judge.
Even more worrying is the fact that the investigated people have found out
about the US first court's decision only because Twitter notified the
subscribers that prosecutors had obtained a court order for their account
information. Furthermore, the judge blocked the users' attempt to discover
whether other Internet companies had been ordered to release their data to
the US government.
"With this decision, the court is telling all users of online tools hosted
in the U.S. that the U.S. government will have secret access to their data,"
said Jonsdottir who expressed her intention to take the case to the Council
of Europe.
The court order of the appeal was criticised by IPU (Inter-Parliamentary
Union, the international organization of Parliaments with MPs from 157
countries), which adopted a resolution condemning the move which, in their
opinion, threatens free speech and may be in violation of Article 19 of the
Universal Declaration of Human Rights which gives everyone the right to
freedom of opinion and expression.
In seeking the respective information, US authorities used the Stored
Communications Act to demand that Twitter provide the internet protocol
addresses of users as well as bank account details, user names, screen names
or other identities, mailing and other addresses.
In the judge' opinion, "the information sought was clearly material to
establishing key facts related to an ongoing investigation and would have
assisted a grand jury in conducting an inquiry into the particular matters
under investigation."
Also extremely worrying is that he also considered that the Twitter users
had implicitly given their agreement to give over their IP addresses the
moment they signed up for an account and relinquished an expectation of
privacy.
"Petitioners knew or should have known that their IP information was subject
to examination by Twitter, so they had a lessened expectation of privacy in
that information, particularly in light of their apparent consent to the
Twitter terms of service and privacy policy," wrote the judge in his
decision.
Basically, what this decision says is that US authorities can require
account information on any users of US-based online social networks,
irrespective of their location and citizenship. This brings forth very
serious concerns related to online privacy.
EFF Legal Director Cindy Cohn also expressed her concern that in a world
where Internet users place online more and more of their conversations,
experiences, pictures, locations and many other types of personal
information, the court's conclusion is that "records about you that are
collected by Internet services like Twitter, Facebook, Skype and Google are
fair game for warrantless searches by the government."
US court verdict 'huge blow' to privacy, says fomer WikiLeaks aide
(11.11.2011)
http://www.guardian.co.uk/world/2011/nov/11/us-verdict-privacy-wikileaks-tw…
Second judge gives DOJ access to WikiLeaks-related Twitter accounts
(10.11.2011)
http://news.cnet.com/8301-31921_3-57322538-281/second-judge-gives-doj-acces…
Privacy Loses in Twitter/Wikileaks Records Battle (10.11.2011)
https://www.eff.org/press/releases/privacy-loses-twitterwikileaks-records-b…
============================================================
3. Online Distribution of Audiovisual Works: EDRi's answer to the EC
============================================================
Adapting the European policy to the digital environment would offer the
audiovisual industry access to an even broader audience and would give
the consumer greater access to cultural works. It is the opportunity to
redefine a simple and harmonised framework. It is a chance to achieve a
digital single market.
What creates obstacles to achieving this goal? Which interests should be
taken into account? What should the EU policy-maker do to offer a
satisfactory environment to both rightsholders and consumers?
EU policy must be user-friendly, innovation-friendly and creation-friendly.
The current framework somehow fails to take into account all those aspects
and to find the right balance between the interests at stake.
One of the essential aspects is access to culture. The current divided
market, particularly on the copyright aspects, creates barriers that prevent
EU citizens to access, use and enjoy cultural content such as the
audiovisual works. Nowadays, consumers consider the current copyright law
system as illegitimate, which explains the level of infringements. The
current system not only is not consumer-unfriendly but it also has an
economic downturn, it indeed stifles the development of new technology. Its
overly strict application of copyright, indefensible and ineffective
repressive enforcement measures are counterproductive.
There are numerous ways to improve the actual eco-environment without
putting aside any interests: harmonising the actual framework, minimising
the complexity and waste generated by intermediaries, micro-payments,
enabling the development of legal platforms to access, share and stream
audiovisual content, cross-border licensing, pan-European offers.
The achievement a digital single market should not be undermined by efforts
to create more restrictions over the use of content, such as limiting
exceptions and limitations to copyright. Equal access to culture should also
be recognised for people with disabilities and the copyright exception
should be made mandatory for that purpose.
The digital environment offers new perspectives, new possibilities and new
opportunities for the industries and for citizens and those opportunities
must be embraced by the EU. The right balance between economic and social
goals, the interests of creators and consumers can be found without putting
the interests of one above the others. More repressive enforcement will risk
making the legal framework even more illegitimate. What the EU needs is a
clear, simple and harmonised framework.
EC Green Paper on the Online Distribution of Audiovisual Works:
http://ec.europa.eu/internal_market/consultations/docs/2011/audiovisual/gre…
EDRi's answer to the consultation (11.2011)
http://www.edri.org/files/2011EDRi_response_OnlineAudiovisual_Works.pdf
(Contribution by Marie Humeau - EDRi)
============================================================
4. Unlocking education in the Netherlands
============================================================
Dutch schools are progressively locking out students from online
environments due to the use of proprietary web-technology
(Silverlight) and closed standards. This contravenes with the 2007
Netherlands Open in Connection policy framework that mandates the use
of open standards for all public sector organizations, including
educational institutions. In responding to questions by the Parliament
about this situation, the minister of Education, Marja van
Bijsterveldt, stated she was unwilling to force educational
institutions to comply with the official open standards policy.
The Dutch open standards policy framework calls for a mandatory use of
open standards in all public sector organizations (via comply or
explain). The ministry of education should have begun taking steps to
implement it four years ago. However, open standards have not become
an integral part of educational IT-procurement and thus are not
considered when purchasing, renewing or upgrading (educational)
IT-services, software and digital learning materials. The negligent
attitude of the ministry of education resulted in an increasing
vendor-lock, effectively locking out substantial and growing numbers
of students.
Through the "Unlocking education, for growth without limits" campaign,
Dutch activists are pushing for a more robust implementation of
the open standards policy, by making the use of open standards
mandatory for all publicly-funded institutions. The campaign is
supported by a various range of Dutch organizations (NLLGG, NLUUG, LPI
Netherlands, HCC!, ISOC.nl, Free Knowledge Institute and the Dutch
Pirate Party), the Free Software Foundation Europe and over 900
individuals who signed the petition. Arjan el Fassed, MP for the
Green party (GroenLinks), expressed dissatisfaction with the minister
of Education's answers. The next round of parliamentary questions is
being prepared in collaboration with the activists.
FSFE campaign page - Unlocking education, for growth without limits
http://fsfe.org/campaigns/nledu/nledu.en.html
The lack of open standards in secondary education (only in Dutch, 5.10.2011)
http://www.ikregeer.nl/documenten/kv-132148
Answer to Parliamentary questions about the lack of open standards in
secondary education (only in Dutch, 28.10.2011)
http://www.rijksoverheid.nl/bestanden/documenten-en-publicaties/kamerstukke…
Dutch government hands over education's keys to Microsoft (7.11.2011)
http://fsfe.org/news/2011/news-20111107-01.en.html
Dutch petition (only in Dutch, 27.09.2011)
http://www.janstedehouder.nl/2011/09/27/petitie-weg-met-het-overgewicht-in-…
International petition (28.09.2011)
http://www.janstedehouder.nl/2011/09/28/make-the-use-of-open-standards-in-e…
(contribution from Jan Stedehouder - EDRi-member Vrijschrift - Netherlands)
============================================================
5. EDRi Responds to BEREC's Consultation on Net Neutrality and Transparency
============================================================
Net Neutrality is at the centre of the debate in almost every European
institution. The European Commission has been looking at this topic for more
than a year now and is moving more and more away from its initial position
to uphold net neutrality in Europe. In contrast to her own statements in
January 2010, Vice-President Neelie Kroes is now advocating a
wait-and-see-approach stressing the importance of transparency and the
ability to switch operators. In a speech during the EUHackathon on 9
November 2011, Kroes said she heard "allegations that some internet
providers throttle, degrade the quality of services". Earlier this year she
therefore asked the EU Telecom's regulator BEREC to go on a fact-finding
mission in order to prove these "allegations".
Net neutrality was also recently discussed in the European Parliament. The
Industry Committee just adopted a resolution which called on the BEREC to
swiftly publish the evidence emerging from its investigations. The
resolution emphasised that net neutrality is crucial for fundamental
freedoms, innovation and competition. Indeed, there is a growing number of
threats to it, such as blocking of applications and degradation of services.
These experiments with the essence of the Internet have sometimes been
transparently declared by operators themselves and reported by end users and
content providers, while at other times consumers' services have simply been
restricted, without notification or explanation. Not only do operators have
incentives to seize more control over internet traffic, they are also
increasingly under pressure from vested interests to take measures which run
counter to their role as a mere conduit.
On 2 November 2011, EDRi responded to the consultation on BEREC's
"transparency and net neutrality" which will be followed by a paper on
Quality of Service and a report on competition and discrimination issues
next year. BEREC's draft guidelines on transparency however, are in line
with the Commission's wait-and-see approach and argue that transparency is
an effective tool to achieve the regulatory objective of maintaining an open
and competitive Internet.
In its response, EDRi explains that transparency on service restrictions
will lead neither to sufficient protection nor to empowerment of end users.
In the light of numerous transparent and non-transparent violations of the
principle of net neutrality, EDRi expresses its deep concerns about the
Guidelines' apparent acceptance of restricted offers that provide limited
access to the Internet. EDRi fears that relying solely on transparency
requirements and on market forces will lead to the development of a
multiple-tier Internet, to the detriment of citizens' rights and the
competitive online marketplace. Few would be able to access premium managed
services and many would be left in the slow lane with a low quality and
restricted access to the Internet.
EDRi asks the BEREC to design regulatory tools for national regulatory
bodies to ensure that traffic management practices do not unsettle the
Internet ecosystem. The BEREC should promote narrowly-tailored measures to
protect net neutrality and the open Internet's core characteristic as a
unique platform for innovation and freedom of expression defined by end user
control.
EDRi's response to the net neutrality consultation (2.11.2011)
http://www.edri.org/02112011EDRi_response_BEREC_NNtransp.pdf
BEREC guidelines on transparency and net neutrality (10.2011)
http://erg.eu.int/doc/berec/consultation_draft_guidelines.pdf
Speech given by Neelie Kroes on 9 November 2011during the EUHackathon
(9.11.2011)
http://www.youtube.com/watch?v=LhlBpE4llLM
Net Neutrality Resolution as adopted by ITRE (7.11.2011)
http://www.europarl.europa.eu/sides/getDoc.do?type=MOTION&reference=B7-2011…
EDRi-gram: Neelie Kroes on Net Neutrality (27.01.2010)
http://www.edri.org/edrigram/number8.2/kroes-net-neutrality
(Contribution by Kirsten Fiedler - EDRi)
==========================================================
6. 2011 Public Voice Civil Society Conference: "Privacy is Freedom"
==========================================================
The Public Voice meeting that took place on 31 October 2011 in Mexico City
began with a discussion of the 2009 Madrid declarations (both those from
DPAs and civil society). Most participants felt there had been little
progress towards implementation or acceptance by governments. Peter Schaar
(Federal DPC Germany) stressed that upholding the rights of data subjects
required independent oversight, and that CoE Convention 108 was still
available for regulating transborder data flows, and was open to
third-countries. Discussions about multilateral vs. single global
instruments were becoming repetitive.
In the panel on Cultures of Privacy, Jacob Kohnstamm (Netherlands DPC &
Art.29 WP Chair) noted that databases were implicated in extensive human
rights violations during WW2, and the families of many Europeans had cause
to remember such risks. David Vladeck (FTC) saw his role not as "referee"
over different and clashing cultures, but to preserve consumer choice;
clicking through EULA "wordbarf" is not "meaningful" consent. He stated US
could not be more different from EU culture, but "we get to the same
result", citing FTC support for "Do Not Track".
Lara Ballard (US State Department) described an Egyptian activist creating a
database identifying members of the secret police (to name and shame them).
Flicker took down the pictures on copyright (not privacy) grounds. The
activist's view was that the secret police had invalidated their own right
to privacy, because their conduct undermined the rule of law itself. Ballard
was sceptical of nostrums about lack of Asian sense of privacy, (e.g.,
non-legal concepts of Japanese politeness are similar) and, cited
sociologist Irwin Altman on privacy as dynamically negotiated social
boundaries. She asserted EU DPCs were mistrustful of major US Internet
companies, but trusted their own governments. She praised the concept of
"accountability agents" and the APEC privacy process. Moderator Alberto
Cerda (Derechos Digitales - Chile) remarked that global agreements for the
enforcement of "intellectual property" already existed, but there seemed to
be little prospect of comparable treaties for privacy.
Zhou Hanhua (China - Social Science Academy) said although China had no
history of privacy, the real concerns of people were similar. China today
may have the worst of both worlds. People felt resigned to marketing privacy
invasions such as endemic mobile voice spam. China has still not enacted a
DP law (and the choice between US and EU systems was most difficult), but on
paper, Constitutional protections were similar to developed countries, and
culture is changing rapidly. Moez Chakchouk (Tunisia) spoke of their first
free election, and new constitution next year. Their main priority was to
transform the former censorship agency into a human rights and privacy
agency (sic). Cerda asked whether EU standards were too high (so few
countries attained adequacy), and Kohnstamm replied national authorities
couldn't do much without co-operation from the rest of the world. Schaar
said the EU should not lower standards, given European history; data
protection will stay a fundamental right in Europe.
Vladeck contrasted common-law vs. civil law cultures; in the EU privacy law
is very specific, in the US not. There was a vocabulary problem. To US ears,
rights mean what is in the US Constitution, "and why do I have to fill in a
form for the police when I check into a hotel in Europe?" - a right not
enforced isn't much of a right. US goals were similar to the EU. "There is
no difference between opt-in and opt-out given current technology" (sic).
Ballard re-iterated support for "accountability agents" ("a new legal regime
accountable to e.g. TRUSTe").
The panel on Raising Public Awareness on Privacy vs. Technology was
moderated by Pablo Molina (US), and began with a description of the new
Brazilian law from Danilo Doneda. Michael Donohue (OECD) stated that
transborder flows of data can be blocked only if there was no adequate
protection of sensitive data. Omer Tene said face recognition was not a new
issue (e.g. police line-ups). His view of consent was that an opt-out should
be sufficient if good information was provided. Thomas Nortvedt (TACD)
emphasized that consumers needed to be able to enforce rights.
Korina Velazquez (MEX) moderated the panel on Children's Privacy Online,
with contributions from Adriana Labardini (Mexico - Alconsumidor), Kristina
Irion (CEU Hungary), and Conchy Martin Rey (TACD). Neuro-marketing
techniques were discussed, and Jeff Chester remarked that the COPPA
legislation was unique in the US, in that it gave opt-in protection (to
minors). There were few answers to a question on when children should attain
legal independence from their parents for the exercise of privacy rights,
given the wide differences between individual children.
Dave Banisar (Article 19) led a conversation with Marc Rotenberg (EPIC) on
the relationship (both deprecated the word "balance") between Privacy and
Freedom of Expression. There were strong analogies between the right to
withhold identity and freedom of expression rights. Business obviously
prefers to conduct their activities unregulated. Banisar remarked that in
the UK, some attempted to justify "phone-hacking" in the name of free
expression, and Rotenberg recalled that Warren & Brandeis stipulated a
public interest exemption in their seminal article. Caspar Bowden asked if a
right of subject access to data in the private sector was feasible in the
US, and Rotenberg replied that the Federal Constitution normally doesn't
coerce private parties, but some state constitutions do. Probably "compelled
speech" cases can be distinguished (to allow a subject access right). EPIC
has pursued information self-determination rights, and this one is on their
"to do" list. The office of the EDPS pointed to the ECJ "Bavarian beer"
case, and their intervention to ensure FOI rights aren't subordinated to
privacy rights, in cases of public interest. Lara Ballard (US State
Department) asked whether government officials had privacy rights when
offering confidential advice. Dave Banisar said no, and deprecated the use
of the word privacy to mean "organizational secrecy".
Simon Davies (PI) moderated the panel on a Right to Forget. Marie-Helen
Boulanger (EU Commission) said the data subjects' existing rights needed to
be clarified, and that the impact of cheap data storage was that many traces
were left in online services. Data must be fully deleted when its processing
would be unlawful, e.g. when the retention period is not in line with the
purpose. However there is no "right to hide" in EU law. Regarding a right to
erasure of public records, it was preferable that unnecessary data was not
collected at all - data minimization remains a sound principle, in
conjunction with privacy-by-design. Peter Fleischer said Google merely
reflected the web, and should be allowed to index whatever is lawful on the
web, and mentioned a possible ECJ referral of the current Spanish case.
Alejandro Pisanty (Mexico) stressed the end-to-end principle of the Internet
(network flows should not depend on the content), and that
Mayer-Schvnberger's idea for self-deleting data would still leave metadata
traces behind, even after content was deleted. Banisar recalled that the
possibility for rehabilitation was an internationally accepted principle in
Freedom of Expression.
Chris Soghoian rounded on Fleischer's assertion that Google "deleted" search
data after nine months, pointing out that their actual practice
(IP-last-byte-deletion) did not even properly anonymize the data. The
important "right to be forgotten" is over the behavioural data we are
scarcely conscious is being collected, but the public debate mostly avoids
this issue, focussing on e.g. tagged photos. The major Internet companies
don't let the user delete behavioural data. Moreover there is the further
issue of aggregate data used to sort users automatically into marketing
buckets. Caspar Bowden asked why Google didn't permit users to delete web
history from a "parallel" logging system, only disclosed by an elliptical
reference in an FAQ outside the privacy statement.
Gus Hosein (PI) moderated the final panel on Government Databases. Caspar
Bowden (EDRi) summarised the effect of the US law FISAA 2008 1881a; that
Cloud providers within US jurisdiction may be coerced into wiretapping their
own datacentres (inside or outside the US) to conduct purely political
surveillance on non-US persons outside the US.
Meryem Marzouki (France - CNRS) made a plea for a data confinement doctrine
and its strict application by law, in response to the vulnerability of
mega-databases to malicious intrusions, technical breaches and unlawful use.
Katitza Rodriguez (EFF), Cedric Laurent (Access) and Jessica Matus Arenas
(Chile) provided analysis on national legislations on data protection and
access to information, respectively in Mexico, Colombia and Chile, as well
as commented the current situation in these countries.
Public Voice conference
http://thepublicvoice.org/events/mexicocity11/
Caspar Bowden's presentation at Public Voice event (31.10.2011)
http://edri.org/files/Public%20Voice%20-%20Mexico%20%28Caspar%20Bowden%20-%…
(Contribution by Caspar Bowden - EDRi Observer)
============================================================
7. 33rd International DPA Conference in Mexico City
============================================================
The 33rd International Conference of Data Protection and Privacy
Commissioners was held in Mexico City, on 2-3 November 2011, hosted by IFAI
(The Mexican Federal Institute for Access to Information and Data
Protection). This year theme, "Privacy, the Global Age", showed the clear
willing of the organizers to make it a direct follow-up to the 31st
Conference held in Madrid and its adopted resolution on global standards. As
a matter of fact, Jacqueline Peschard, IFAI President, called in her opening
remarks for a plan of action to be proposed by this conference. This
commitment to take further steps was shared by most, though not all, of the
DPA (Data Protection Authorities) at the conference.
The two-days conference included four plenary sessions and four sets of four
parallel sessions. A useful innovation consisted in the presentation of
highlights from parallel sessions, to keep the audience updated of all
discussions. While the parallel sessions addressed a broad range of current
hot data protection issues, the plenary sessions focused on various aspects
of the "big and distributed data" challenge: "Observation, Analytics,
Innovation and Privacy", "The Drivers for Data Protection Law in Latin
America, Asia, and Africa", "Security in an Insecure World "and "One Data
Protection Community. Many Cultures, Threats and Risks".
The "big data challenge" was rather overstressed in the first plenary
session, especially through the keynote presentation by Ken Cukier (The
Economist), followed by two panel sessions.
In the first panel session, Jacob Kohnstamm, Peter Schaar and Marie Shroff
(DP Commissioners of The Netherlands, Germany and New Zealand, respectively)
and David Vladeck (FTC, USA) were asked whether the growth of data, its
mining and application challenge the way privacy enforcement agencies
protect individuals. The two European DP Commissioners insisted on the need
for a strict application of the legislation and more independent control
powers given to DPA, while the New Zealand Commissioner rather took the view
that there is a need to move from a focus of compliance to rules towards
being more strategic, identifiy the big risks, strategizing, and move to a
leadership mode or, as she said, "move from a negative mode to a positive
mode". The FTC representative insisted on the changing nature of big data
(collected from smartphones, sensors, social networks.), leading to the
importance of privacy by design. He acknowledged that "the burden has to be
on the company, not on the consumer, to protect the data".
In the second part of this session, gathering a panel of other stakeholders,
Gus Hosein (Privacy International) and Joel Reidenberg (Fordham Law School)
reminded the audience that the basic DP principles still applies. The former
warned that it would be a mistake to only focus on the use of big data while
forgetting about their collection process. The latter insisted on the need
to consider the broader systemic risks arising with big data, as they create
an unprecedented level of transparency of the citizen, who loses any
anonymity and choice capabilities, with the consent model breaking down.
One very informative sessions on new legal developments was the one dealing
with "changing laws in the US and the States".
Frangoise Lebail (EC DG Justice) presented the main features of the deep
reform the EU has undertaken in terms of privacy legislation. She made clear
that the revised legislation, to be adopted at the beginning of next year,
will leave less room for intrepretation for Member States, as the
disparities are currently huge: "no longer legal fragmentation", she said,
mentioning both the national legislations and the two sectors, public and
private, including sectors formerly falling under the 3rd pillar. Other
important new features include: data breach notification, better enforcement
of rights, harmonization and increase of DPAs resources and powers, stronger
cooperation between DPAs (a reflection on a cooperation mechanism is
ongoing). On International aspects, she mentioned the need for a
continuation of EU citizen protection, not only through the adequacy but
also through the interoperability of the different DP schemes.
Lawrence Strickling (NTIA, USA) also introduced the big changes undertaken
in the USA to strengthen the privacy regime towards a general regime of
consumer data privacy, with a large focus on the international
interoperability of DP systems. A white paper will be issued in the weeks to
come, valid for the entire Obama administration, developing a four-pillars
framework: (1) A consumer bill of rights, that should be enacted in
legislation; (2) Codes of conduct developed by stakeholders; (3) Enforcement
of these codes of conducts by FTC; and (4) International interoperability.
One probably needs to wait until this white paper will be made available to
understand the exact share of enforced legislation and of self-regulation
this framework will actually encompass, as well as to which extent industry
lobbies will impose their views in the so-called multi-stakeholder process
of codes of conduct development.
"International interoperability" seems thus to be the new buzzword, and the
most that would be conceded in international discussions on a global privacy
and data protection framework. Civil society, as well as many DPAs, expect
more, though. They expect global privacy and data protection standards, and
this was precisely the topic addressed at the session on "Global Standards
Linked to Global Value", organized and moderated by Lillie Coney (Electronic
Privacy Information Center).
During this session, Jvrg Polakiewicz (Council of Europe) introduced the
major features of the current revision of Convention 108 that will soon
been submitted to consultation, and insisted on the fact that this
Convention is and will still be open to signatures and ratifications by
third countries, being the ideal vehicle towards a global privacy and data
protection standard.
Rafel Garcia (Spanish DPA) reminded the main advances of the Madrid
Resolution on global standards, adopted at the 31st DPA two years ago, and
mentioned the progress, though slow, made since then.
Meryem Marzouki (EDRi) took as a starting point the Madrid Civil Society
Declaration on "Global Privacy Standards in a Global World" adopted at the
2009 Public Voice Civil Society Conference organized in Madrid, in liaison
with the DPA Conference. She identified 6 main steps for an urgent action
plan to implement the provisions of this Declaration. EDRi representative
also reacted to the way the "big data" issue (or rather propaganda, in view
of radical deregulation of privacy forced by technological determinism, as
many civil society representative analysed) was addressed during the
conference. Meryem Marzouki reminded that "privacy is a fundamental human
right, that shouldn't be adapted to new technical developments or economic
models". Asking to put this dialectic back on its feet, she added that "it
is rather the technical, economic and behavioral norms that should comply to
international human rights standards."
The next International Conference of Data Protection and Privacy
Commissioners will certainly bring interesting follow-up to this year
conference, especially with the new EU and US legislative frameworks, as
well as the revised Council of Europe Convention 108 being discussed. The
34th Conference will be held again in Latin America (Uruguay).
33rd DPA Conference, Mexico City (2-3.11.2011)
http://www.privacyconference2011.org
31st DPA Conference, Madrid (4-6.11. 2009)
http://www.privacyconference2009.org
The Madrid Civil Society Declaration (3.11.2009)
http://thepublicvoice.org/madrid-declaration/
Meryem Marzouki (EDRi) Presentation (3.11.2011)
http://edri.org/files/Marzouki-DPA-talk.pdf
"Big data and Small Agencies" - Colin Bennet's Reflections on the 33rd DPA
Conference (7.11.2011)
http://www.colinbennett.ca/2011/11/big-data-and-small-agencies-reflections-…
(Contribution by Meryem Marzouki (EDRI member IRIS - France)
============================================================
8. Will the new flawed EU-US PNR agreement be approved by the EP?
============================================================
In May 2011, the European Commission's Legal Service said the EU-USA PNR
agreement on the transfer of personal data of travellers flying from Europe
to the US was not compatible with fundamental rights. Five months later a
new, but similarly flawed version, is now presented to the European
Parliament.
With the US side having kept pressing the EU on finalising the PNR
agreement, a new slightly changed version is now under discussion. Although
the new text still raises privacy concerns, it seems unlikely that the
European Parliament will reject this version.
Commissioner Malmstrvm presented details of the new EU-US agreement to the
German newspaper FAZ on 9 November 2011. While Parliamentarians
currently do not have the right to talk about details of the negotiations,
the Commission has apparently every right to go on a promotion campaign. The
text of the Agreement is available for Parliamentarians in a secret reading
room of the EU-Parliament where they can only read it, but do not have the
right to take photos or notes. It is bizarre that there has been no reaction
so far by MEPs on the fact that the German newspaper got briefed before the
official briefing for the rapporteur and shadow rapporteurs which took place
only on 15 November. This is clearly in breach of art.
218(10) TFEU, which reads "The European Parliament shall be immediately and
fully informed at all stages of the procedure."
The retention period for the all data remains 15 years but now there are
restrictions for accesing that data after 10 years for serious crimes, such
as drug and human trafficking.
Also, under the draft deal, the data sent to US authorities would become
"pseudonymous" after six months which means that some data would be masked
out although still available in case of an event. Other data, including
frequent flier info and payment/biling info will still be unmasked.
The data would remain in an "active" database easily accessible to US
officials for five years, and then would be transferred to a "dormant"
database which will require stricter conditions to be accessed. The US
police or intelligence officers can retrieve or black out the data only with
special permission from a superior.
"Whatever they did are just cosmetic changes, the substance of blanket data
retention has remained. And even if they say personal data will be
'anonymised' after six months, the US still keeps all the records for 15
years," said German Green MEP Jan Philipp Albrecht.
In his opinion, the agreement still violates EU data privacy rules as the US
will still access and store all private data, (including telephone numbers,
email addresses and even credit card data).
MEP Sophie in't Veld (LIBE / Netherlands), said that her group would wait
for legal advice before deciding on the vote but also expressed concern
regarding the fact that the text still allows the use of data for boarder
purposes than the fight against terrorism and organised crime. She also
showed her disappointment that after a long negotiation period, the final
version of the text is still only very little better than what MEPs have
continuously been asking for some years now.
"If this is what we are able to get out of our closest allies, what will
come out of negotiations with other countries? South Korea and Qatar are
also interested in PNR agreements, South Africa, Malaysia and Cuba are
preparing demands and it will be only a matter of time until Russia and
China will want this, too," stated Sophie in't Veld.
Michele Cercone, spokesman for EU Home Affairs Commissioner Cecilia
Malmstroem, stated however that, in their opinion, the new draft was a big
improvement to the last text: "The new agreement will guarantee that PNR
data will be used for restricted and well defined purposes, which are
fighting transnational crime and terrorism."
According to the proponents of the new treaty, the EU is not in the best
position to negotiate considering that European airlines will have to pass
travellers' information to the US authorities in order to be able to fly to
the US. By rejecting the agreement, the EU may put airlines in the position
to face potential law cases for infringing privacy regulations.
In October 2011, a PNR agreement with Australian was approved by MEPs but in
that case the retention period is only five and a half years and the data
transfer is limited to terrorism and organised crime.
Unhappy MEPs to approve passenger data deal (11.11.2011)
http://euobserver.com/22/114252
FAZ article with Commissioner Malmstrvm (only in German, 10.11.2011)
http://www.faz.net/aktuell/politik/eu-einigt-sich-mit-amerika-neues-abkomme…
EU, US pen new passenger data deal to ease privacy fears (11.11.2011)
http://www.google.com/hostednews/afp/article/ALeqM5i3XjX6aLv4Ab9X2znGo8AbFB…
EDRi-gram: EU-US PNR agreement found incompatible with human rights
(29.06.2011)
http://edri.org/edrigram/number9.13/us-eu-pnr-breaches-human-rights
============================================================
9. ENDitorial: Copyright combinatronics
============================================================
Although the creation of the single market has been the primary focus of
the European Union for decades, it often seems that for every step
forward it takes two back. In that respect it's often rather interesting
to look at the mathematics as they play out in the different directives
that come out of Brussels.
The EU Copyright Directive outlines 21 different optional exceptions or
limitations to the right of reproduction of copyrighted works. Each
country implementing the directive can choose to either include or leave
out the exception clause.
If we imagine this as a set of 21 switches where each has two positions,
then to calculate the number of total possible configurations for these
switches we multiply together the number of options for each one:
2*2*2*2*2*2*2*2*2*2*2*2*2*2*2*2*2*2*2*2*2, or written more concisely,
2^21 (two to the power of twenty-one).
This gives us 2.097.152 different ways to implement the directive.
But it gets better. After the 21 exception clauses for reproduction
rights, there comes a paragraph stating that where the Member States may
provide exceptions or limitations for reproduction, they may provide
similarly an exception or limitation to the right of distribution.
This can be understood in at least two different ways, with radically
different results. On the one hand, if you have an exception on
reproduction then you may also have the same exception for distribution
(meaning we'd have 21 switches with 3 settings each), or on the other
hand, you may apply the same exception independently of each other
(meaning we'd have 42 switches with 2 settings each, or 21 switches with
4 settings - doesn't matter). The wording suggests the latter, but at
the same time it seems slightly absurd to have an "oh by the way you may
also" in a directive; there are other cleaner ways to approach this.
There is probably some literature that I'm unaware of about which one
they mean, but it's easier to do the math on both cases than it is to
navigate through commission and parliament documentation.
The first case is a three step process where each exception can be
either "off", "on for reproduction" or "on for reproduction and
distribution". This means we get three to the power of twenty-one
options, totalling 10.460.353.203.
The second case is a four step process where each exception can be
"off", "on for reproduction", "on for distribution", or "on for
reproduction and distribution". This gives us four to the power of
twenty-one options, totalling 4.398.046.511.104.
That's either ten billion or four trillion ways to implement the
copyright directive, depending on how you read article 5, paragraph 4.
It's very hard to visualize numbers of this size, but the larger number
is about fifteen times larger than the number of stars in our galaxy.
This back-of-envelope analysis doesn't even touch on the combinatorical
implications of different understandings of the details of articles 5.5,
6 and 7 in particular, and in general the rest of the directive, mostly
because they're less directly quantifiable. Let alone the distinction
between "exception" and "limitation", which could easily
bring the number up significantly.
This basically means that, a priori, there is a one in three hundred and
eighty million chance that any two member states come up with the same
implementation, taking the slightly better case. How does that serve the
ideal of a single market? It looks like internal dissolution about the
specifics of the exception clauses, with each country being difficult in
its own little way and no political hardheadedness forcing a tenable
solution, has yielded a completely useless directive in terms of
unification.
While it is true that all the member states could in theory decide on
the same exceptions, making this headache go away, the fact that they're
all optional suggests that, in each case, there was at least some strongly
for and some strongly against. At some point somebody must have gotten
so tired of debating the exceptions that they just lumped all of them
together under optional and decided to let the Member States figure it out.
What this shows is that the EU is not effectively managing to create a
single market, and through its policy on intellectual monopolies may
even be pushing the markets further apart. The question of who stands to
gain from this state of affairs is left as an exercise to the reader.
(Contribution by Smari McCarthy - International Modern Media Institute)
============================================================
10. Recommended Action
============================================================
Stop ACTA !
http://www.edri.org/stopacta
Beat the censor - online game
http://stefanwehrmeyer.com/projects/beatcensors/
============================================================
11. Recommended Reading
============================================================
Civil society letter against the US SOPA law - Stop Online Piracy Act
(15.11.2011)
http://www.edri.org/files/sopa_civilsociety_15Nov_2011.pdf
EU charter creating "confusion" on human rights (11.11.2011)
http://euobserver.com/18/114247
Want to create a really strong password? Don't ask Google (8.11.2011)
http://www.lightbluetouchpaper.org/2011/11/08/want-to-create-a-really-stron…
INTA chairman defends secrecy (12.11.2011)
http://acta.ffii.org/?p=869
============================================================
12. Agenda
============================================================
24-25 November 2011, Vienna, Austria
"Our Internet - Our Rights, Our Freedoms"
Towards the Council of Europe Strategy on Internet Governance 2012 - 2015
http://www.coe.int/t/informationsociety/conf2011/
30 November 2011, Brussels, Belgium
Horizon 2020: investing in the common good
Treating knowledge as a public good in EU research and innovation
http://tacd-ip.org/archives/459
27-30 December 2011, Berlin, Germany
28C3 - 28th Chaos Communication Congress
http://events.ccc.de/category/28c3/
http://events.ccc.de/congress/2011/
25-27 January 2012, Brussels, Belgium
Computers, Privacy and Data Protection 2012
http://www.cpdpconferences.org/
14-15 June 2012, Stockholm, Sweden
EuroDIG 2012
http://www.eurodig.org/
9-10 July 2012, Barcelona, Spain
8th International Conference on Internet Law & Politics: Challenges and
Opportunities of Online Entertainment
Abstracts deadline: 20 December 2011
http://edcp.uoc.edu/symposia/idp2012/cfp/?lang=en
============================================================
13. About
============================================================
EDRi-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRi has 28 members based or with offices in 18 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge and
awareness through the EDRi-grams.
All contributions, suggestions for content, corrections or agenda-tips are
most welcome. Errors are corrected as soon as possible and are visible on
the EDRi website.
This EDRi-gram has been published with financial support from the EU's
Fundamental Rights and Citizenship Programme.
Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 3.0 License. See the full text at
http://creativecommons.org/licenses/by/3.0/
Newsletter editor: Bogdan Manolea <edrigram(a)edri.org>
Information about EDRI and its members:
http://www.edri.org/
European Digital Rights needs your help in upholding digital rights in the
EU. If you wish to help us promote digital rights, please consider making a
private donation.
http://www.edri.org/about/sponsoring
http://flattr.com/thing/417077/edri-on-Flattr
- EDRI-gram subscription information
subscribe by e-mail
To: edri-news-request(a)edri.org
Subject: subscribe
You will receive an automated e-mail asking to confirm your request.
Unsubscribe by e-mail
To: edri-news-request(a)edri.org
Subject: unsubscribe
- EDRI-gram in Macedonian
EDRI-gram is also available partly in Macedonian, with delay. Translations
are provided by Metamorphosis
http://www.metamorphosis.org.mk/edri/2.html
- EDRI-gram in German
EDRI-gram is also available in German, with delay. Translations are provided
Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for
Internet Users
http://www.unwatched.org/
- Newsletter archive
Back issues are available at:
http://www.edri.org/edrigram
- Help
Please ask <edrigram(a)edri.org> if you have any problems with subscribing or
unsubscribing
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
Re: [serval-project-dev] Implementing a different routing protocol
by Paul Gardner-Stephen 06 Jul '18
by Paul Gardner-Stephen 06 Jul '18
06 Jul '18
Hello Fraser,
Sounds like an interesting project.
Jeremy has been doing the most work on the mesh routing parts of
Serval, so I expect that he will chime in with where things are in the
current state of the code. Note that routing is currently under
active development, so things are liable to change.
Back to your actual goal, which is to stream multimedia content for
disaster recovery scenarios, this is something that we have been
thinking about from the earliest, and it is nice to hear that someone
is looking to work on it.
Thinking about the general approach you are considering around greedy
routing, it may make more sense to use the Serval Rhizome
store-and-forward scheme as the basis, rather than the MDP/overlay
real-time routing. Rhizome understands the idea of a "journal" which
is really just a file that grows in successive versions. Nodes
receiving a journal can, in principle at least, pull just the new part
of the file. If the file has grown further in the meantime, then
another pull will occur. There would still be some tweaking
required using this approach, such as making Rhizome be more selective
about who it exchanges with so that it can be directed towards the
destination, but I think it would give you more resilient routing. The
tradeoff is likely to be increased latency, although I think that the
actual useful throughput would increase, because packet loss and
retransmission would be dealt with each hop. You would also be able
to use WiFi unicast packets, and thus the full WiFi bandwidth.
You should also take a look at Serval Maps that provides functionality
for nodes to share their geographic location (via Rhizome), and that
could be used in place of adding geo tags to each packet.
I guess overall I am envisaging a solution where Serval Maps provides
the geolocation information, and also possibly the user interface for
choosing which phone you want to see the video from. Then the video
or other content is pulled down via the improved Rhizome that you
would create. By using Rhizome, it doesn't matter if a link drops for
a short while, as the content will be cached on intermediate nodes,
and so it will deliver as soon as it is able.
Anyway, happy to keep thinking through the options with you, and
looking forward to seeing what you create.
We would prefer that you contribute any modifications you make back to
our repo so that everyone can benefit. We have a standard Harmony
Project issued contributor agreement that can facilitate that fairly
painlessly.
Paul.
On Wed, Nov 28, 2012 at 6:30 AM, Fraser Cadger <cadge01(a)googlemail.com> wrote:
> Hi all,
>
>
> First of all, let me start by stating that I am very impressed with the work
> of the Serval Project and the Serval app. I appreciate that it is still
> under development, but having experimented on several Android phones I have
> found it really easy to use and effective.
>
>
> My name is Fraser Cadger and I am a third year PhD student at the University
> of Ulster in Northern Ireland. My project is concerned with developing a
> framework to allow the streaming of multimedia content both live (i.e. video
> call) and on-demand (recorded videos) in disaster recovery scenarios using a
> mesh network of WiFi-enabled devices (currently this entails a testbed of
> six Android phones). As I am working with Android devices this obviously
> adds a layer of difficult when trying to implement ad-hoc networking. After
> doing some searching I came across several different implementations of
> ad-hoc routing on Android, and after some experimentation the two I was most
> interested in were Serval and Commotion (who I believe the Serval Project
> collaborates with). In the end I decided to work with the Serval app because
> I felt that was the closest to what I was doing, and I also liked how it
> worked on the phones.
>
>
> Currently what I am interested in doing is implementing my own routing
> protocol (which is still under development) on the phones using Serval as a
> base. That is to say, that I want to replace the modified BATMAN code Serval
> uses for routing with the current version of my routing algorithm
> (originally written in C++ for ns-2 but re-writing in C should not be a huge
> problem). Obviously I realise this will not be a simple as copying and
> pasting my code in and that is why I am sending this message. From reading
> various comments in the code I understand that one of the main modifications
> to Serval is to restrict broadcasting to link-local nodes (i.e. not
> network-wide broadcasting), if I have understand the code correctly that is.
> The protocol I am developing is a variation of the greedy routing protocol
> GPSR http://www0.cs.ucl.ac.uk/staff/b.karp/gpsr/gpsr.html . Both the
> original GPSR and my own protocol use limited broadcasting as well; beacon
> (regular hello messages) are broadcast as far as one hop and nodes maintain
> tables of neighbours who can be reached directly only. There is no
> conventional collection of routes; instead each node forwards a packet to
> their neighbour who best meets the criterion/criteria (generally geographic
> location, i.e. located closest to the destination) one hop at a time. So
> packets are effectively passed from node to node without a formal route
> existing. This version of geographic routing is not perfect, and that is why
> we are working on several modifications, but for now I am content to have
> some form of working geographic routing up and running.
>
>
> I have been reading through the code and trying to determine what parts I
> need to change and where to add my code. What I am looking for is the point
> at which a node determines where to send a packet. I realise that this will
> vary depending on the packet's origin, that is to say that when a node
> generates a new packet it will usually be treated differently from when an
> intermediate node receives a packet from another node. Now, if I understand
> correctly Serval's version of BATMAN does not use an explicit routing table
> structure. I have came across a struct called subscriber defined in
> overlay_address.h, and from what I have read this seems to act as a record
> of different nodes (destinations). Within the subscriber struct there is an
> integer variable called reachable and this determines whether a node is
> reachable directly via unicast, broadcast, or must be reached indirectly. If
> a node must be reached indirectly then there is a field called next_hop
> which if I understand correctly is a pointer to another struct (the
> intermediate node between ourselves and the destination). Is this correct?
> Now, what I have noticed in the code is that sometimes next_hop contains a
> pointer to another next_hop (i.e. next_hop->next_hop). What I'm guessing
> this means is that if there are multiple intermediate nodes (i.e. to send a
> packet to node D node A needs to send it via B and C), then this is a way of
> linking them as a route. So in essence, the subscriber struct contains the
> route to a destination (by way of the next_hop attribute).
>
>
> For the actual routing, from reading the code I'm guessing that the
> 'overlay_route_recalc_node_metrics' function is used to determine whether a
> destination can be reached directly or indirectly, and if indirectly it will
> then assign the appropriate intermediate nodes as next_hop's. Therefore, to
> create or change a route this function is called. Is this correct?
>
>
> In my case, I would like to do things slightly differently. As I am not
> doing end-to-end routing I do not need a list of destinations, instead all I
> want is a list of 1-hop neighbours who can be accessed directly. Then from
> that list I would determine which of these is the most suitable as the next
> hop (obviously in my case this will require other stuff, for instance adding
> GPS coordinates to the packet header and storing this in the subscriber
> field) and forward the packet to that node, and so on until the packet has
> been delivered (or has to be dropped).
>
>
> The main questions I have are:
>
>
> Exactly where is a packet received and the node to which it should be sent
> decided?
>
> i.e. if I want to decide which node to forward a packet to where should I
> decide this?
>
> I came across a method called 'overlay_mdp_receive' in mdp_client.c, is this
> maybe what I'm looking for?
>
> Concerning the subscriber entity, is there an actual table/list/array of
> these b as I can't seem to find one?
>
> i.e. a list of neighbours/known nodes/destinations?
>
>
> I apologise if my questions and this email aren't very well-worded.
> Essentially what I'm looking for is some advice/guidance on exactly how
> routing (determining intermediate nodes for nodes which cannot be reached
> directly) and forwarding (looking at a received/originated packet and
> determining which node to send it to) is done. As I indicated earlier in
> this message, there are a few functions/structs I have stumbled across that
> I think are relevant and I have made some guesses at what they are doing, so
> I would appreciate if someone could correct/expand on my guesses.
>
>
> Any help/guidance I have would be greatly appreciated. It goes without
> saying that any code I develop myself I will happily share, and any
> issues/bugs I come across with Serval will be reported.
>
>
> Thank you for taking the time to read this message, I'm sorry it's a bit on
> the long side but hopefully I've made myself clear.
>
>
> Regards,
>
>
> Fraser
>
>
> Ps. I realise this topic has been covered before, but I think some of the
> questions I am asking in this message are new.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Serval Project Developers" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/serval-project-developers/-/MgHT2-tr_dcJ.
> To post to this group, send email to
> serval-project-developers(a)googlegroups.com.
> To unsubscribe from this group, send email to
> serval-project-developers+unsubscribe(a)googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/serval-project-developers?hl=en.
--
You received this message because you are subscribed to the Google Groups "Serval Project Developers" group.
To post to this group, send email to serval-project-developers(a)googlegroups.com.
To unsubscribe from this group, send email to serval-project-developers+unsubscribe(a)googlegroups.com.
For more options, visit this group at http://groups.google.com/group/serval-project-developers?hl=en.
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
06 Jul '18
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
"Fabio Pietrosanti (naif)" <lists(a)infosecurity.ch> writes:
> for whose who has still not see that project, i wanted to send a notice
> about MailVelope, OpenPGP encryption for webmail: http://www.mailvelope.com
> It's a client-side, plug-in based (similar to CryptoCat), OpenPGP email
> encryption plugin available for Chrome and Firefox.
To compare it with CryptoCat is unfair to MailVelope. As I understand
things, CryptoCat has an ongoing reliance on server integrity. On the
other hand, MailVelope is self-contained once securely installed, thus
providing true peer-to-peer confidentiality and authentication
(assuming that the correspondents have confirmed keys out-of-band).
Please correct this if in error.
- --
-- StealthMonger <StealthMonger(a)nym.mixmin.net>
Long, random latency is part of the price of Internet anonymity.
anonget: Is this anonymous browsing, or what?
http://groups.google.ws/group/alt.privacy.anon-server/msg/073f34abb668df33?…
stealthmail: Hide whether you're doing email, or when, or with whom.
mailto:stealthsuite@nym.mixmin.net?subject=send%20index.html
Key: mailto:stealthsuite@nym.mixmin.net?subject=send%20stealthmonger-key
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.9 <http://mailcrypt.sourceforge.net/>
iEYEARECAAYFAlDGTA0ACgkQDkU5rhlDCl4oUgCdGJJIXDNS5c3yIeuKIMzbzHo+
F2gAoLzRcHoro25IaTbezc1fk8imYvyT
=PD9O
-----END PGP SIGNATURE-----
--
Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
On Nov 15, 2007 9:51 AM, David Hansen <davidh(a)spidacom.co.uk> wrote:
> I admire those who had the enthusiasm to rebuild the machine and who
> had the contacts to get hold of the plans and notes that remained. The
> last time I took a particular interest in the project, some years ago,
> they were trying to find the right sort of valve and had just completed
> the framework for hurtling paper tape round and round.
We visited a couple of weeks ago and I took some snaps of the rebuild
project http://flickr.com/photos/tug/sets/72157602953115982/
BP has improved markedly since we last visited (about three years
ago). However the guided tours are even worse than ever (our guide
remonstrated with passers by for taking whilst he was droning on).
Take one of the excellent electronic guides and do your own tour.
John Wilson
----------
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo(a)metzdowd.com
1
0