July 2018 - cypherpunks-legacy

[liberationtech] Single board mini computers as circumvention tools
by Frank Corrigan 06 Jul '18

06 Jul '18

Does anyone know of any research being done on the use of low-cost single board mini computers to run the likes of online circumvention tools like VPN, Tor, Gibberbot etc Whilst these boards have been around for sometime, since the introduction of Rasberry Pi, interest has grown and now there are many boards are being created like: ARM Mini PCs http://www.reghardware.com/2012/05/10/product_round_up_arm_mini_computers_t… _best_and_the_rest/ http://liliputing.com/2012/06/74-mk802-android-4-0-mini-pc-first-impression… video.html Android OS and other Linux OS appears to run easily on these boards and allows for use of software from the likes of: https://guardianproject.info/apps/ and http://www.whispersys.com/ (sadly now defunct) Some of these boards are also so cheap as to be disposable single use, or at least simple reuse after OS/Data erase. I am looking at how easy it would be to develop and use a Linux OS that only runs from the board's ram (LiveCD/USB/SDcard), such as TAILs <http://tails.boum.org> Frank _______________________________________________ liberationtech mailing list liberationtech(a)lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

1 0

Secrecy News -- 09/06/12
by Steven Aftergood 06 Jul '18

06 Jul '18

Format Note: If you cannot easily read the text below, or you prefer to receive Secrecy News in another format, please reply to this email to let us know. SECRECY NEWS from the FAS Project on Government Secrecy Volume 2012, Issue No. 89 September 6, 2012 Secrecy News Blog: http://www.fas.org/blog/secrecy/ ** GREATER AUTONOMY FOR UNMANNED MILITARY SYSTEMS URGED ** NEW ARMY DOCTRINAL PUBLICATIONS ON INTELLIGENCE, SPECIAL OPS ** TRANS-PACIFIC PARTNERSHIP NEGOTIATIONS, AND MORE FROM CRS GREATER AUTONOMY FOR UNMANNED MILITARY SYSTEMS URGED The Department of Defense should focus on increasing the autonomy of drones and other unmanned military systems, a new report from the Defense Science Board said. DoD should "more aggressively use autonomy in military missions," the Board report said, because currently "autonomy technology is being underutilized." See "The Role of Autonomy in DoD Systems," Defense Science Board, dated July 2012 and released last week. http://www.fas.org/irp/agency/dod/dsb/autonomy.pdf "Autonomy" in this context does not mean "computers making independent decisions and taking uncontrolled action." The Board is not calling for the immediate development of Skynet at this time. Rather, autonomy refers to the automation of a particular function within programmed limits. "It should be made clear that all autonomous systems are supervised by human operators at some level," the report stressed. Increased autonomy for unmanned military systems "can enable humans to delegate those tasks that are more effectively done by computer... thus freeing humans to focus on more complex decision making." "However, the true value of these systems is not to provide a direct human replacement, but rather to extend and complement human capability by providing potentially unlimited persistent capabilities, reducing human exposure to life threatening tasks, and with proper design, reducing the high cognitive load currently placed on operators/supervisors." But all of that is easier said than done. "Current designs of autonomous systems, and current design methods for increasing autonomy, can create brittle platforms" that are subject to irreversible error. There are also "new failure paths associated with more autonomous platforms, which has been seen in friendly fire fatalities.... This brittleness, which is resident in many current designs, has severely retarded the potential benefits that could be obtained by using advances in autonomy." The Defense Science Board report discusses the institutional challenges confronting a move toward increasing autonomy, including the obstacles posed by proprietary software. It offers an extended discussion of conflict scenarios in which the enemy employs its own autonomous systems against U.S. forces. The authors describe China's "alarming" investment in unmanned systems, and encourage particular attention to the relatively neglected topic of the vulnerability of unmanned systems. The report includes some intriguing citations, such as a volume on "Governing Lethal Behavior in Autonomous Robots," and presents numerous incidental observations of interest. For example: "Big data has evolved as a major problem at the National Geospatial Intelligence Agency (NGA). Over 25 million minutes of full motion video are stored at NGA." But new sensors will produce "exponentially more data" than full motion video, and will overwhelm current analytical capabilities. "Today nineteen analysts are required per UAV orbit [i.e. per 24 hour operational cycle]. With the advent of Gorgon Stare, ARGUS, and other Broad Area Sensors, up to 2,000 analysts will be required per orbit." The government "can't hire enough analysts or buy enough equipment to close these gaps." NEW ARMY DOCTRINAL PUBLICATIONS ON INTELLIGENCE, SPECIAL OPS The U.S. Army has recently begun publishing two new series of Army Doctrine Publications (ADP) and Army Doctrine Reference Publications (ADRP). http://www.fas.org/irp/doddir/army/index.html#adp These publications generally offer a digest of existing doctrine in introductory form for broad consumption, with limited modifications and a few updates. Last week, the Army issued new unclassified publications on intelligence and special operations, among other topics. TRANS-PACIFIC PARTNERSHIP NEGOTIATIONS, AND MORE FROM CRS New and updated reports from the Congressional Research Service that Congress has chosen not to make available to the public include the following. The Trans-Pacific Partnership Negotiations and Issues for Congress, September 5, 2012: http://www.fas.org/sgp/crs/row/R42694.pdf Weather-Related Power Outages and Electric System Resiliency, August 28, 2012: http://www.fas.org/sgp/crs/misc/R42696.pdf SBA Veterans Assistance Programs: An Analysis of Contemporary Issues, September 4, 2012: http://www.fas.org/sgp/crs/misc/R42695.pdf Worker Adjustment and Retraining Notification (WARN) Act, September 4, 2012: http://www.fas.org/sgp/crs/misc/R42693.pdf Immigration Detainers: Legal Issues, August 31, 2012: http://www.fas.org/sgp/crs/homesec/R42690.pdf Tajikistan: Recent Developments and U.S. Interests, updated August 31, 2012: http://www.fas.org/sgp/crs/row/98-594.pdf Defense: FY2013 Authorization and Appropriations, updated September 5, 2012: http://www.fas.org/sgp/crs/natsec/R42607.pdf _______________________________________________ Secrecy News is written by Steven Aftergood and published by the Federation of American Scientists. The Secrecy News Blog is at: http://www.fas.org/blog/secrecy/ To SUBSCRIBE to Secrecy News, go to: http://www.fas.org/sgp/news/secrecy/subscribe.html To UNSUBSCRIBE, go to http://www.fas.org/sgp/news/secrecy/unsubscribe.html OR email your request to saftergood(a)fas.org Secrecy News is archived at: http://www.fas.org/sgp/news/secrecy/index.html Support the FAS Project on Government Secrecy with a donation: http://www.fas.org/member/donate_today.html _______________________ Steven Aftergood Project on Government Secrecy Federation of American Scientists web: www.fas.org/sgp/index.html email: saftergood(a)fas.org voice: (202) 454-4691 twitter: @saftergood ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

[silk] Security theatre, once again...
by Deepa Mohan 06 Jul '18

06 Jul '18

http://www.theatlantic.com/magazine/archive/2008/11/the-things-he-carried/3… If I were a terrorist, and Ibm not, but if I were a terroristba frosty, tough-like-Chuck-Norris terrorist, say a C-title jihadist with Hezbollah or, more likely, a donkey-work operative with the Judean Peoplebs FrontbI would not do what I did in the bathroom of the MinneapolisbSt. Paul International Airport, which was to place myself in front of a sink in open view of the male American flying public and ostentatiously rip up a sheaf of counterfeit boarding passes that had been created for me by a frenetic and acerbic security expert named Bruce SchneiB-er. He had made these boarding passes in his sophisticated underground forgery works, which consists of a Sony Vaio laptop and an HP LaserJet printer, in order to prove that the Transportation Security Administration, which is meant to protect American aviation from al-Qaeda, represents an egregious waste of tax dollars, dollars that could otherwise be used to catch terrorists before they arrive at the MinneapolisbSt. Paul International Airport, by which time it is, generally speaking, too late. I could have ripped up these counterfeit boarding passes in the privacy of a toilet stall, but I chose not to, partly because this was the renowned Senator Larry Craig Memorial Wide-Stance Bathroom, and since the commencement of the Global War on Terror this particular bathroom has been patrolled by security officials trying to protect it from gay sex, and partly because I wanted to see whether my fellow passengers would report me to the TSA for acting suspiciously in a public bathroom. No one did, thus thwarting, yet again, my plans to get arrested, or at least be the recipient of a thorough sweating by the FBI, for dubious behavior in a large American airport. Suspicious that the measures put in place after the attacks of September 11 to prevent further such attacks are almost entirely for showbsecurity theater is the term of artbI have for some time now been testing, in modest ways, their effectiveness. Because the TSAbs security regimen seems to be mainly thing-basedbmost of its 44,500 airport officers are assigned to truffle through carry-on bags for things like guns, bombs, three-ounce tubes of anthrax, Crest toothpaste, nail clippers, Snapple, and so onbI focused my efforts on bringing bad things through security in many different airports, primarily my home airport, Washingtonbs Reagan National, the one situated approximately 17 feet from the Pentagon, but also in Los Angeles, New York, Miami, Chicago, and at the Wilkes-Barre/Scranton International Airport (which is where I came closest to arousing at least a modest level of suspicion, receiving a symbolic pat-downball frisks that avoid the sensitive regions are by definition symbolicband one question about the presence of a Leatherman Multi-Tool in my pocket; said Leatherman was confiscated and is now, I hope, living with the loving family of a TSA employee). And because I have a fair amount of experience reporting on terrorists, and because terrorist groups produce large quantities of branded knickknacks, Ibve amassed an inspiring collection of al-Qaeda T-shirts, Islamic Jihad flags, Hezbollah videotapes, and inflatable Yasir Arafat dolls (really). All these things Ibve carried with me through airports across the country. Ibve also carried, at various times: pocketknives, matches from hotels in Beirut and Peshawar, dust masks, lengths of rope, cigarette lighters, nail clippers, eight-ounce tubes of toothpaste (in my front pocket), bottles of Fiji Water (which is foreign), and, of course, box cutters. I was selected for secondary screening four timesbout of dozens of passages through security checkpointsbduring this extended experiment. At one screening, I was relieved of a pair of nail clippers; during another, a can of shaving cream. During one secondary inspection, at ObHare International Airport in Chicago, I was wearing under my shirt a spectacular, only-in-America device called a b Beerbelly,b a neoprene sling that holds a polyurethane bladder and drinking tube. The Beerbelly, designed originally to sneak alcoholbup to 80 ouncesbinto football games, can quite obviously be used to sneak up to 80 ounces of liquid through airport security. (The company that manufactures the Beerbelly also makes something called a b Winerack,b a bra that holds up to 25 ounces of booze and is recommended, according to the companybs Web site, for PTA meetings.) My Beerbelly, which fit comfortably over my beer belly, contained two cansb worth of Bud Light at the time of the inspection. It went undetected. The eight-ounce bottle of water in my carry-on bag, however, was seized by the federal government. On another occasion, at LaGuardia, in New York, the transportation-security officer in charge of my secondary screening emptied my carry-on bag of nearly everything it contained, including a yellow, three-foot-by-four-foot Hezbollah flag, purchased at a Hezbollah gift shop in south Lebanon. The flag features, as its charming main image, an upraised fist clutching an AK-47 automatic rifle. Atop the rifle is a line of Arabic writing that reads Then surely the party of God are they who will be triumphant. The officer took the flag and spread it out on the inspection table. She finished her inspection, gave me back my flag, and told me I could go. I said, b Thatbs a Hezbollah flag.b She said, b Uh-huh.b Not b Uh-huh, Ibve been trained to recognize the symbols of anti-American terror groups, but after careful inspection of your physical person, your behavior, and your last name, Ibve come to the conclusion that you are not a Bekaa Valleybtrained threat to the United States commercial aviation system,b but b Uh-huh, Ibm going on break, why are you talking to me?b ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

[mnet-devel] progress implementing emergent networks
by Zooko 06 Jul '18

06 Jul '18

Myers reported (I think) that his twisted Chord network passes a unit test where you start with two separate Chord networks and introduce one node from the first net to one node from the other, and then the two nets merge. Meanwhile, I've finished implementing a version of ent (based on Kademlia) which keeps only one node per k-bucket, and fixed several bugs, but there remains some bug that I haven't investigated (I'm out of time) which causes it to fail the basic "contruct a network, publish a block, fetch the block" unit test. (Please, someone fix it, as I'm probably busy this week.) I just wanted to comment that there is no way known (to me at least) for Kademlia to pass the unit test that Myers is using on his Chord net -- merging two separate nets into one. Kademlia can't do that AFAIK. (This is one way of observing the "Kademlia doesn't self-heal" problem.) I also wanted to mention that Chord can sometimes fail, too, if the nets happen to line up so that the resulting merged Chord net is "loopy". The Liben-Nowell paper [1] explains how to fix that. --Z [1] http://citeseer.nj.nec.com/553810.html ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ mnet-devel mailing list mnet-devel(a)lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mnet-devel ----- End forwarded message ----- [demime 0.97c removed an attachment of type application/pgp-signature]

1 0

Re: [s-t] needle in haystack digest #3
by Nick Barnes 06 Jul '18

06 Jul '18

> Subject: Re: [s-t] privacy and caution digest #2 > From: "Bryan O'Sullivan" <bos(a)serpentine.com> > Date: Mon, 27 Oct 2003 22:49:19 -0800 > > On Mon, 2003-10-27 at 14:49, Nick B wrote: > > > Nobody, but nobody, builds _anything_ electronic from the ground up. > > Not me, not you, not Apple, not Microsoft, not Sony, not Intel, not > > the NSA. [Apple,] Sony, Intel and the NSA get closer by fabbing their > > own silicon. > > No Such Agency doesn't fab much of anything; they can't afford to. They > and their ilk are far more interested in things like FPGAs and adapting > numerical algorithms to COTS SIMD hardware, such as graphics processors > (a la http://www.gpgpu.org/) My apologies; I don't have much information on the budget, interests, capabilities, facilities, or operations of the NSA. > > Who knows > > what sort of spyware those tools are adding? > > Don't be silly. The amount of computation you need to do to get a > circuit of any useful complexity to do something predictable is > enormous. You can't stuff a thousand CPUs and 200 engineers into an > Applied Materials mask etch machine, so that they can rig a WiFi card > and antenna onto your PS2's vector chip without Sony finding out. Even > if you could, how would they talk to the evil animalcules inside the > Novellus metal deposition machine in the facility next door, so the > right traces get metallised? I guess I didn't make myself clear. I wasn't hypothesizing an attack against a fab. I was saying that deeply paranoid "don't trust anyone" types could well hypothesize such attacks. They don't have to be semi-automated Thompson-style attacks (and I didn't have those in mind). Put yourself in a "don't trust anyone" frame of mind, and imagine that some part of the toolchain at (say) Intel includes spyware which allows it to be controlled by (say) NSA. Using this spyware, NSA can watch a part of a CPU going through design-and-test cycles, pick a part of the design to subvert, and carefully craft a replacement for that part of the design. Making the replacement part do something useful for the NSA is left as an exercise for those who enjoy this type of thing. My point was that anyone who has a tendency to believe in this sort of nonsense should, for consistency, be shunning mainstream hardware altogether. Even if they trust Intel, ho ho ho. > Never even mind that automatically figuring out what a bunch of geometry > in a set of masks represents is vastly harder than reverse compilation > for software. Yes. I wasn't intending to suggest an attack based solely on masks. The hypothesized attackers, having subverted the toolchain, have full access at all levels of the hardware design (including design documents, sources in various description languages, etc). > > It is actually quite hard. And if anybody > > ever does implement it really well, they can win, in principle even > > against projects like Plan 9 > > No they can't. Identifying something as "a compiler" and instrumenting > the right code is impossible for automated systems. I agree (almost), but a Thompson attack doesn't have to do that. Compilers read source code by calling read() and write object code by calling write(). These are, IMO, the right places to attack. A program which open()s a descriptor on a file called \(*\).c and read()s some source code from it, and open()s another descriptor on a file called \1.o and write()s some object code to it, is probably a compiler. Any Thompson attack is directed against a particular platform (e.g. OS + compiler + hardware) *or set of platforms*. That was the point I was trying to make. Plan 9 could have been vulnerable to an attack created after the start of the project, targetting both gcc and (say) 2c. I agree that [barring global conspiracies of the sort outlined above] someone designing a new system from scratch tomorrow, *using only tools and equipment available today*, and making the avoidance of Thompson-style attacks a priority, could come away clean. Off-hand, I guess that I would do it by avoiding having a modern bootstrap in the first place. I'd write my main compiler in some much smaller simpler language, and keep it that way. For myself, I still don't believe in Thompson attacks, or global conspiracies subverting fab toolchains. Global conspiracies seem to use much less subtle approaches (insert here stuff about chads, airliners, and Wars on Abstract Nouns). I'm so unparanoid that I'm running GNU Emacs 21.3, built from suspect sources. Heck, I'm so unparanoid that I don't even believe that Diebold is part of a global conspiracy. Hanlon's razor, and all that. Nick B ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 0.97c removed an attachment of type application/pgp-signature]

1 0

LiveCD For Testing
by Robert Hogan 06 Jul '18

06 Jul '18

I'm currently seeding a rather large experimental Tor/TorK LiveCD (675 MB!). http://torrents.thepiratebay.org/3651803/Tor_LiveCD_-_testing_only.3651803.… The CD is based on Knoppix and was created using the procedure documented at: http://tork.sourceforge.net/wiki/index.php/LiveCD The only part of the procedure not fully implemented is 'Removing unnecessary packages'. I drew up a shortlist on the wiki page this morning, so if anyone can think of other worthy removals, please add them there. I understand that without a full diff from knoppix sources the LiveCD is mystery meat and not particularly GPL compliant to boot. I think this is something to address in the medium term, when/if it ever begins to take shape as a serious proposition. I believe the Knoppix sources are available at: http://debian-knoppix.alioth.debian.org/. I have about 40KB/s TX bandwidth on my home connection, so if you manage a full download please continue to seed. Elements of the CD that need some attention: * Firefox - firefox sessions load from tork with pretty much everything disabled. The next version will have Mike Perry's torbutton - which looks like the most sensible way of doing things. I also haven't attempted to strip any plugins yet. * Firewall - just a basic firewall is used. No attempt is made to block outgoing dns requests. Instead these are tracked and reported in a very rudimentary, not-exactly-foolproof way by tork. I guess this comes down to whether an anonymous cd should permit non-anonymous browsing. * Policy on software included. What applications should the CD include? Should the user want/be able to print? Should there be more than one type of CD offered, full featured vs just browsing? * Are there security features that the wiki page doesn't even mention or address? Anyway, be gentle! I'll probably try to create a new and improved version of the CD every few weeks for the next while. -- KlamAV - An Anti-Virus Manager for KDE - http://www.klamav.net TorK - A Tor Controller For KDE - http://tork.sf.net ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

Re: [liberationtech] Privacy, Moglen, @ioerror, #rp12
by Andre Rebentisch 06 Jul '18

06 Jul '18

Am 10.05.2012 18:40, schrieb Lee Alley: >> Your model is being tested in Somalia. ;-) > </lurkmode> > Also depends on which bit of Somalia you mean ;-) > http://www.economist.com/blogs/baobab/2011/06/aid-and-somaliland > > +1 for this discussion! Fascinating and informative! Thanks :-) I do share the general scepticism against government regulators. It makes a difference if you argue markets are contestable by virtue (which is true to a certain degree) to prevent regulation or enact policies so that markets ought to become contestable. In the 1990ths cyberlibertarianism was widespread, as we had to struggle with the old state telecom monopolies, analog governments and crypto export regulations or even the remains of central planning. After 911 the state security paradigm set the agenda where civil society took the pro-freedom narrative. In the past five years old postponed debates reemerged that found new commercial allies (blocking, child porn, filtering, trade funnel). The surveillance and privacy debate of the 1980ths onwards was mostly focussed on state interest in our individual data, today companies harvest data (made available to the state). In the Arab spring the targets are geriatric regimes and a rebellious youth. The main question for me is how to get "good governance" in a field characterized by Schumpeterian competition. http://en.wikipedia.org/wiki/Creative_destruction How to make governance side with the challengers, not the old bulls. For instance 10 years ago Google was still weak in lobbying. How do we avoid that regulators shoot in the cradle of emerging technology firms, add risks and strangulate emerging models? The toolset of open market policies (pro-competition, pro-openstandards, pro unlicensed spectrum, pro-open internet..) has insufficient support in multistakeholder fora. Patent regimes slow down the transition because challengers do not have large portfolios. I originate from a city that was mostly dependend on the typewriter industry. All the companies a domestic legislator would have consulted back then about the future of word processing are now gone. When governments do not know what the dominant players of tomorrow would be it still makes sense to be first. Being first implies that you naturally would regulate against the current dominant business players to path the way for the challengers. Best, Andri _______________________________________________ liberationtech mailing list liberationtech(a)lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

EDRi-gram newsletter - Number 10.12, 20 June 2012
by EDRi-gram 06 Jul '18

06 Jul '18

======================================================================= EDRi-gram biweekly newsletter about digital civil rights in Europe Number 10.12, 20 June 2012 ======================================================================= Contents ======================================================================= 1. The rise of the European upload filter 2. Austria: Data retention petition ignored by the Parliament 3. Google Transparency report: increasing trend of government censorship 4. German news article removed from search results after DMCA complaint 5. Article 29 WPbs opinion on the cookie exemptions 6. UK websites might have to identify b trollsb 7. Spanish Supreme Court says Google is not breaching copyright 8. Googlebs Street View privacy breach again in the public eye 9. Prague ICANN meeting to discuss Whois data 10. Culture: Global changes in production and consumption 11. ENDitorial: Data retention - faint heart never won fair lady 12. Recommended Reading 13. Agenda 14. About ======================================================================= 1. The rise of the European upload filter ======================================================================= In 2011, the European Union decided against the introduction of mandatory filtering in Europe, because a democratic analysis of the evidence showed that this was not necessary. In 2012, the European Union is working on a variety of projects to introduce b voluntaryb upload filters and, because they would be introduced on a so-called b voluntaryb basis, there will be no democratic analysis. There are at least three different initiatives currently underway with this target. Firstly, Commissioner Kroes' b CEO Coalitionb. As previously mentioned in the EDRi-gram, this initiative involves the Commission inviting big business to propose measures that will make the Internet a b safer place for childrenb. The fact that Facebook is in charge of privacy settings and Microsoft is in charge of b notice and takedownb appears to raise no concerns about the process being instrumentalised for business purposes. Microsoft's history in b notice and takedownb is hardly exemplary. Recent cases showing that Microsoft, using Google's global application of US copyright law, has repeatedly demanded that Google removes links from its search results b links which remain available on Microsoft's own search engine. Microsoft, on the other hand, has also developed a product called b photoDNA,b used by Facebook UK as an upload filter to prevent known child abuse material being added to their site. What happens when somebody tries to do this? Nobody knows. What happens if a criminal tries to upload innocent parts of images as a way of filtering his/her own collection of illegal images to identify images unknown to the police? We don't know. How big is the risk that this could lead to incentives to creating new illegal images and new abuse? We don't know. In the same vein, the b Safer Internet Programme 2012b announced that one of its strategies was to b develop a pilot test for trusted hash code / fingerprint series for preventing re-uploading of identified child sexual abuse materialb. Remarkably, the Commission's proposal includes an explicit reference to PhotoDNA, Microsoft's product. The plan is also to extend beyond photographic material and cover videos. Finally, the European Parliament is currently working on a non-legislative resolution on b the protection of minors in the digital world,b with Silvia Costa (S&D, Italy) as MEP in charge. Neither her draft report nor any of the amendments make a reference to filtering of any kind. However, the text, largely (as it seems reasonable to assume) donated by the child protection industry, is replete with references to b preventingb various online activities, without any discussions in the Parliament about filtering uploads to the Internet. The draft report also masterfully confuses illegal content with unspecified b unsuitableb content arguing that b measures to prevent illegal online content lead to differing approaches to the prevention of unsuitable conduct". But one can't really oppose the use of such a far-reaching strategy for child protection. If it protects children, why ask questions about whether there will be unforeseen or even counter-productive consequences? Why ask questions about whether this is the most effective use of resources? Why ask for democratic oversight or evidence of usefulness? And, of course, nobody would be so cynical as to re-use the technology for any other purpose, would they? Well, apart from terrorism, of course. The EU-funded b Clean ITb (not to be confused with the Iranian b clean Internetb) project is proposing the creation of a database of content b consideredb illegal. b Why not try and create a database where internet companies can check it to see if it's known illegal materialb asks the project manager? And if it protects society, why ask questions about whether there will be unforeseen or even counter-productive consequences? And all of the questions that are not asked about upload filters for child abuse material are not asked again in relation to terrorism. Well, apart from copyright, of course. The European Commission's report from 2010 on the application of the IPR Enforcement Directive argues that, b given intermediaries' favourable position to contribute to the prevention and termination of online infringements, the Commission could explore how to involve them more closely.b Safer Internet Programme http://ec.europa.eu/information_society/activities/sip/docs/call_2012/work_… IPR Enforcement Directive http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2010:0779:FIN:EN:… Draft European Parliament report on protection of minors (2.04.2012) http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&languag… Clean IT project considers terrorist content database (6.06.2012) http://www.itnews.com.au/News/303729,clean-it-project-considers-terrorist-c… Busted: Microsoft Harbors BitTorrent Pirates (27.05.2012) http://torrentfreak.com/busted-microsoft-harbors-bittorrent-pirates-120527/ Facebook & PhotoDNA (19.05.2011) http://blogs.technet.com/b/microsoft_on_the_issues/archive/2011/05/19/faceb… (Contribution by Joe McNamee - EDRi) ======================================================================= 2. Austria: Data retention petition ignored by the Parliament ======================================================================= The Austrian Working Group on Data Retention counters the lack of responsiveness to citizens' political participation with even more participation. Albeit gaining support of over 100 000 citizens, the Austrian citizens' petition against data retention has been deferred to the Parliament Justice Committee by the Petition Committee. The Austrian working group on data retention (AKVorrat.at) has decided to change pace in the campaign and asks its supporters to contact the representatives in the justice committee, to ensure that their concerns are taken seriously. In October 2011, the Austrian working group on data retention (AKVorrat.at) started a petition, called citizens' initiative, asking the Austrian government to oppose the EU data retention directive and to evaluate all laws created with the aim to fight terrorism. In December, the initiative was passed to the Parliament with more than 4400 supporters. Since mid-December the initiative could be signed online and reached a total of 106 067 supporters until 30 May 2012. The Petition Committee of the Austrian Parliament dealt with the issue twice: in March and on 30 May 2012. Both times their schedule allowed only less than 5 minutes to deal with the initiative and its consequences. In March 2012, the Committee decided to ask three ministries (Justice, Interior and Infrastructure) as well as the Chancellor's office for statements. All ministries' statements clearly missed the point by stating that Austria had to implement data retention because of the Data Retention Directive of the European Parliament and of the Council. These statements are quite surprising as one of the key demands of the initiative is that the Austrian government should act within the European Union to abolish the Data Retention Directive. The other main demand - the evaluation of laws designed to fight terrorism - was completely ignored. In the second meeting, there was no reaction to the statements and the initiative was passed on to the Justice Committee. AKVorrat.at reacted quickly: "After being astonished initially by the brief treatment in the petition committee a new campaign was kicked off. Since the citizens' initiative can no longer be signed the new campaign asks all the supporters to contact the representatives in the justice committee to ensure proper treatment of the demands supported by more than 100,000 citizens. To date it is unclear how and when the initiative will be discussed in the committee. Nevertheless, the activists of AKVorrat.at are determined to maintain data retention as one of the hot topics in Austrian politics." Austrian Parliament - Citizens' initiative - Stop Data retention (only in German) http://www.parlament.gv.at/PAKT/VHG/XXIV/BI/BI_00037/index.shtml AK Vorrat Austria campaign against data retention (only in German) https://zeichnemit.at (Contribution by AK Vorrat - Austria) ======================================================================= 3. Google Transparency report: increasing trend of government censorship ======================================================================= According to Googlebs latest bi-annual transparency report covering the July-December 2011 period, the number of governmental requests for usersb private data and content taking down has continued to grow. The report shows the situation for each country separately and refers to the requests received from judiciary and executive power authorities, the request for content removal related to copyright infringements being dealt with separately. Thus, the total number of requests has reached 11 936 in the second half of 2011 as compared with 9 600 in the same period in 2010 and 8 959 in the second half of 2009. The Spanish Data Protection Agency, for instance, has made 14 requests for content removal, most of them related to results leading to blogs or websites that referred to political or public people. The agency has also requested the elimination of three blogs hosted by Blogger and 3 video clips from YouTube. Google has however refused to comply with the requests which had no court support, considering them as governmental censorship. In Poland the Agency for Development of Businesses had demanded the search engine to delete a search result that was not favourable to the Agency and 8 other links that were pointing to this result. In France, the state demanded the deletion of 61 content pieces by 31 requests, most of them for defamatory content or pornography on YouTube. Googlebs report is giving the number of requests the company complied with or rejected making a distinction between the judicial requests and the administrative ones. b There are several reasons why we do not comply with certain requests. Some of them may be specific enough so that we may know what the government wants us to suppressb. Google policy analyst Dorothy Chou has stated for Forbes that Google requires certain criteria for the requests. These must be submitted in a written form, have to come from an appropriate agency, must cite a criminal case and have to be narrow enough regarding the number of users that they affect and the time frame of data that is requested. bWe want to show that webre advocating on your behalf. But we also want to do right by the spirit and letter of the law,b says Chou. Google considers as alarming the fact that even countries considered democratic, such as Spain, France, Poland, UK, US or Canada have increased their requests related to political expressions. b We noticed that government agencies from different countries would sometimes ask us to remove political content that our users had posted on our services. We hoped this was an aberration. But now we know itbs not. Just like every other time before, webve been asked to take down political speech. Itbs alarming not only because free expression is at risk, but because some of these requests come from countries you might not suspectbWestern democracies not typically associated with censorship,b stated Chou. Google Transparency Report for July-December 2011 http://www.google.com/transparencyreport/removals/government/ Google denounces an alarming level of governmental censorship (only in French, 18.06.2012) http://www.numerama.com/magazine/22912-google-denonce-un-niveau-alarmant-de… Google refuses the removal of the links that the Protection of Data requires (only in Spanish, 18.06.2012) http://tecnologia.elpais.com/tecnologia/2012/06/18/actualidad/1339999915_71… U.S. Government Requests For Google Users' Private Data Jump 37% In One Year (17.06.2012) http://www.forbes.com/sites/andygreenberg/2012/06/17/u-s-government- requests-for-google-users-private-data-spike-37-in-one-year/ ======================================================================= 4. German news article removed from search results after DMCA complaint ======================================================================= European procedures for the removal of online content that is judged or accused of being illegal currently depend on the interpretation of the e-Commerce Directive by Member States and private companies. This means that whenever sites, blog posts, images or comments on the internet are accused of being illegal, procedures implementing this Directive are not clear, not harmonised and lead to legal uncertainty. Internet service and hosting providers risk liability for the content of their customers once they have b actual knowledgeb of its illegality or, possibly, just its existence, and do not remove the content 'expeditiously'. It is however very foggy what b actual knowledgeb or b expeditiousb means and what the requirements for a valid notice can be. Any lack of clarity leads almost automatically to the undermining of fundamental freedoms and the due process of law, because online companies will seek to defend themselves by deleting any content that creates a legal risk for them. In the US, service and hosting providers can maintain their immunity via the so-called Digital Millennium Copyright Act (DMCA). Under these safe harbour protections, they cannot be held responsible for material that has been posted in breach of copyright. However, as soon as they receive a notification meeting certain conditions, they need to remove it from their services. Even though it can be argued that the structured US system is more predictable than the current European approach, it also has major flaws. Google's latest transparency report, which focuses on the takedowns for search links, has revealed how absurd some requests are. Microsoft for instance has requested the removal of over 2.5 million URLs. The sheer volume means that the complaints procedure is mainly or fully automatic, with Google and other recipients of the "notices" automatically deleting the information in question. On the basis of DMCA complaints, Google also deletes sites from global search results b with no concern for whether the content is legal outside the U S. For example, on 6 June 2012, Microsoft sent a DMCA takedown notice to Google regarding an article about Windows 8 published by the German IT-news platform Heise. The link to the article was removed without questioning the validity of the complaint. It was removed without even asking if the content would be legal in Germany. And it was removed without any consultation with the author of the article. Heise staff noticed accidentally that the link was removed only after finding the DMCA report on their Webmaster Tools service. The German publisher immediately sent a counter-notice which however implied that the counter-notifier gives its consent that the legal competent authority is the District Court of Santa Clara County in California b despite the fact that the affected company, blog, news platform or website owner is based in Europe. The initial notifying party then has 10 working days to react to the counter-notice. During this period, the website will still not appear in search results. According to Google's DMCA report received by Heise, it can take up to 11 hours to remove links from its search result upon receipt of a DMCA takedown request. However, it can take several weeks until a takedown is reported by the collaborative archive Chilling Effects Clearinghouse (chillingeffects.org) This recent example shows that the DMCA is, despite being more predictable than the European system, a process in which a website is first shut down and only then questions are being asked with regards to the legality of the content. In the US and elsewhere, the application of the DMCA has led to the deletion of speech content without warning in numerous cases. In Europe, it is now essential to establish a differentiated approach, procedures that are transparent and allow for due process to avoid void, accidental and deliberate abuse leading to the take down of legitimate, non-infringing content and to ensure the functioning of the Digital Single Market. With the aim to establish a framework and to provide guidance on European notice and takedown procedures, the EU Commission has just launched a public consultation in order to clarify the implementation of the e-Commerce Directive by the end of this year. All stakeholders and interested individuals are invited to reply to the public consultation and to provide the Commission with input before 5 September. Microsoft asked to delete Heise article from Google search results (only in German, 8.06.2012) http://www.heise.de/newsticker/meldung/Microsoft-liess-Heise-Meldung-aus-Go… Google's Transparency Report on takedown requests http://www.google.com/transparencyreport/removals/copyright/ RIAA Demands Unlimited DMCA Power From Google (2.06.2012) http://torrentfreak.com/riaa-demands-unlimited-dmca-power-from-google-12050… European Commission consultation questionnaire - A clean and open Internet: Public consultation on procedures for notifying and acting on illegal content hosted by online intermediaries Deadline: 5 September 2012 http://ec.europa.eu/yourvoice/ipm/forms/dispatch?form=noticeandaction (Contribution by Kirsten Fiedler - EDRi) ======================================================================= 5. Article 29 WPbs opinion on the cookie exemptions ======================================================================= On 12 June 2012, the Article 29 Working Party (WP 29) published an opinion on the issue, focusing on two exemption criteria established by the new cookie-related provisions in the ePrivacy Directive: A- the use of the cookie b for the sole purpose of carrying out the transmission of a communication over an electronic communications networkb and B - the use of a cookie if b strictly necessary in order for the provider of an information society service explicitly requested by the subscriber or user to provide the serviceb. WP 29 established in its opinion the circumstances when the exemption criteria do not apply such as forcing controllers, processors, and third party actors to obtain informed consent before using a cookie. As regarding criterion A, the WP 29 considers this exemption can be used only when the cookies are pivotal to the transmission of the communication and when the transmission is not be possible without the use of the cookies. "Simply using a cookie to assist, speed up or regulate the transmission of a communication over an electronic communications network is not sufficient," says the opinion. Regarding criterion B, the opinion says: "There has to be a clear link between the strict necessity of a cookie and the delivery of the service explicitly requested by the user for the exemption to apply." Cookies served for the purposes of providing a specific functionality within websites will not be considered b strictly necessaryb unless "the functionality will not be available" without the cookie and the user has "explicitly requested" the functionality from the website. According to the opinion, some cookies can be exempted from informed consent under certain conditions if they are not used for additional purposes - these cookies include for example b user-inputb cookies (used to keep track of the userbs input when filling online forms or as a shopping cart, also known as session-id cookies), multimedia player session cookies and user interface customization cookies (for example language preference cookies to remember the language selected by a user). The cookies that should not be covered by the exemption include social plug-in tracking cookies; third party advertising cookies, third party and first party analytics cookies. Regarding third party and first party analytics cookies, WP 29 remarks however that they carry low privacy risks when they are limited to first party aggregated statistical purposes and when used by websites which also provide adequate privacy safeguards. WP 29 also believes e-Privacy Directive should be amended in order to introduce a new exemption to consent "for cookies that are strictly limited to first party anonymized and aggregated statistical purposes." Opinion 04/2012 on Cookie Consent Exemption (7.06.2012) http://ec.europa.eu/justice/data-protection/article-29/documentation/opinio… Article 29 Press Release on cookie consent exemption (12.06.2012) http://www.statewatch.org/news/2012/jun/eu-wp-29-dp-cookies.pdf Websites may only place cookies without user consent if services would not work without them, say regulators (13.06.2012) http://www.out-law.com/en/articles/2012/june/websites-may-only-place-cookie… ======================================================================= 6. UK websites might have to identify b trollsb ======================================================================= According to the new UK government proposals, website operators might soon have to identify users who have posted defamatory messages online, so that the victims of the respective messages may take legal action against the "trolls". Presently in UK, a website operator is liable for everything that appears on its site and therefore it can be taken to court by anybody who claims something defamatory has been posted about him/her on the respective website. The websites are now removing content as soon as a defamation claim is made, irrespective of whether it is right or wrong. "As the law stands, individuals can be the subject of scurrilous rumour and allegation on the web with little meaningful remedy against the person responsible. Website operators are in principle liable as publishers for everything that appears on their sites, even though the content is often determined by users,b says Justice Secretary Ken Clarke. The UK Ministry of Justice is now proposing a Defamation Bill, which is under debate in the House of Commons, that will force operators to identify the creator of a defamatory message and to give that information to the victim so that he (she) may take action directly against the person having posted the defamatory content. The government states that there will also be measures to strengthen freedom of speech and prevent false claims meant to get material removed. "It will be very important to ensure that these measures do not inadvertently expose genuine whistleblowers, and we are committed to getting the detail right to minimise this risk," said Clarke. The present rule that currently counts each separate viewing of a controversial web page as a separate defamatory offence will be removed and a one-year time limit will be introduced to online defamation claims in order to stop people complaining about old articles. However, privacy advocates are concerned about the possible abuse that the new bill might bring forth. Privacy International believes that a large part of the content posted by online trolls is not actually defamatory being rather b harassment, invasion of privacy or simply unpleasant but lawfully-expressed opinionb and is concerned that "gun-shy website operators will start automatically divulging user details the moment someone alleges defamation in order to shield themselves from libel actions". b If the choice is between protecting users' anonymity and avoiding a potentially costly lawsuit, many small operators are not going to be overly concerned about whether or not a user has genuinely defamed the complainant," said Emma Draper, head of communications at Privacy International to BBC News. For the time being, ISPs seem critical to the proposal as they will be forced to store more information about Internet usage and emails. The proposal will also force them to block all access to pornography websites unless customers specifically state otherwise. Websites to be forced to identify trolls under new measures (12.06.2012) http://www.bbc.co.uk/news/technology-18404621 Victims of internet abuse to get new power to identify 'trolls' (12.06.2012) http://www.telegraph.co.uk/technology/news/9324956/Victims-of-internet-abus… Q&A: Who are internet trolls - and how is the law changing? (12.06.2012) http://www.bbc.co.uk/news/technology-18408457 ======================================================================= 7. Spanish Supreme Court says Google is not breaching copyright ======================================================================= The Spanish Supreme Court ruled on 3 April 2012 that Google was not in breach of copyright with its browser and cache services. The ruling was given in a case filed in 2006 by the owner of a web page (Megakini.com) for having reproduced and made available its contents, by means of the Google search engine and the Google Cache service, without authorisation. The Supreme Court comes to confirm the previous decision given by the lower court in Barcelona, on 30 March 2007, and the ruling on the appeal of the Provincial Audience of Barcelona, on 17 Sept. 2008, which both concluded the same, although on different grounds. Regarding the reproduction and making available of parts of the webpage contents, all three courts agreed this was not an infringement of the copyright law as it had a temporary, incidental and minimal character. The Supreme Court also rejected the infringement claim in relation to Google cache service. The reason that laid at the basis of the decision was the three-step-test guiding the interpretation of the statutory limitations to the exclusive copyrights. Google Cache service is a b socially toleratedb use which was not prejudicial to the interests of the claimant. The claimant had asked for 2000 Euro in damages and for the shut down the whole operation of the search engine which the court considered a b maximalist petitum". According to the court the copyright laws "do not authorize abusive claims nor absurd hypotheses meant to prejudice another without own benefit". However, the court made it clear that the ruling only extended to the specific circumstances of the case and that b courts do not solve doctrinal polemics.b Court decision (only in Spanish, 3.04.2012) http://pdfs.wke.es/8/6/1/5/pd0000078615.pdf The Supreme Court agrees with Google and considers that its activity does not breach copyright (only in Spanish, 13.06.12) http://www.elmundo.es/elmundo/2012/06/13/navegante/1339570444.html The Supreme Court makes clear that the ruling only extends to the specific circumstances of this case and Spanish Supreme Court rules in favour of Google search engine (15.06.2012) http://kluwercopyrightblog.com/2012/06/15/spanish-supreme-court-rules-in-fa… ======================================================================= 8. Googlebs Street View privacy breach again in the public eye ======================================================================= Recently, the UK Data Protection Authority - Information Commissioner's Office (ICO) has decided to reopen its investigation on Google over the collection of personal information by Google Street View project from May 2010. As a reaction to the US Federal Communications Commission (FCC)bs report issued earlier this year into the Street View data collection, ICO has now sent a written request to the search engine asking for more details regarding its knowledge of, and reaction to, the data collection. FCCbs report concluded that an engineer working for the company, with the approval of a manager of the company, had written a software code allowing the Street View cars to collect "payload" data from unencrypted Wi-Fi networks in the area covered by the cars "for possible use in other Google projects." The software allowed for the gathering of entire emails, usernames and passwords. "The ICO have reviewed the findings of the FCC report and we understand that a wide range of personal data together with some sensitive data was present in the payloads including, IP addresses, full user names, telephone numbers, complete email messages, email headings, instant messages and their content, logging in credentials, medical listing's and legal infractions, information in relation to online dating and visits to pornographic sites and data contained in video and audio files," says Steve Eckersley, the ICO's head of enforcement, in the letter addressed to Google. Having in view that in 2010 Google admitted to have gathered personal data but stated this had been done by mistake and that now the situation reported by FCC shows that it is likely that such information was deliberately captured, the ICO asks now more information regarding what personal and sensitive personal data was captured in the UK. It also wants details regarding the time when Google managers first became aware that personal information was being gathered and about the technological or organisational measures taken by the company to limit any further data collection. Google is also asked to provide a b substantial explanation" of the sample data sent during the initial assessment of the issue as well as copies of the design documents and associated logs containing "managerial decisions and rationale". Google stands in a better position in Switzerland however where the Federal Tribunal has recently ruled that Google did not have to guarantee absolute anonymity for people pictured in its Street View service. "It must be accepted that up to a maximum of 1 percent of the images uploaded are insufficiently anonymized," ruled the Supreme Court on 8 June 2012. However, the Court also stated that Google had to make it easy for people to have their images manually blurred, and ensure total anonymity in sensitive areas such as schools, hospitals, women's shelters and courts. ICO reinvestigates Google's Street View data collection (13.06.2012) http://www.out-law.com/en/articles/2012/june/ico-reinvestigates-googles-str… Google wins partial repeal of Swiss privacy ruling (8.06.2012) http://www.google.com/hostednews/ap/article/ALeqM5jqamDsi-XekvVlZOrHULCU9Hm… EDRi-gram: Google admits it was gathering passwords and emails via StreetView (3.11.2010) http://www.edri.org/edrigram/number8.21/street-view-collects-emails ======================================================================= 9. Prague ICANN meeting to discuss Whois data ======================================================================= An ICANN meeting will be held in Prague between 24-29 June 2012, where issues and topics impacting users, consumers and registrants, like whois access and the extension of domain space with ongoing new gTLD program, will be discussed. As a reminder, ICANN is an Internet governing body managing mainly IP addressing and domain names and which is implementing a multi-stakeholder model, bottom-up and consensus-based policy-making process . ICANN as an organization still needs important improvements on accountability, transparency and public interest aspects and also in the involvement of the civil society, activists and academics. It is also developing more complex structure and processes advantaging insiders. The debates are dominated by business and trademark perspective and privacy, human rights, freedom of expression are still marginalized and not systematically included or assessed in the policy making process. One of the rare open spaces in ICANN for the participation of the civil society remains the Non-commercial Stakeholder Group (which includes for example NCUC - the historical non-commercial users constituency). It is one of the stakeholders forming the GNSO (the structure responsible for policy making for gTLD). Prague meeting is an opportunity for NGOs in Europe to follow ICANN activities more closely and to participate in the process since there are several public sessions and in particular the traditional public forum on Thursdays where they can express their concerns. >From a European perspective, the discussion about Thick Whois may definitely interest privacy advocacy organization and also people interested in data protection. ICANN is getting pressure from LEAs with support of some governments (US,UK etc), members of GAC (Governmental Advisory Committee) to implement Thick Whois without real privacy safeguards or a privacy impact assessment and pushing to include those provisions in the registrar's agreements or RAA (Registrar Accreditation Agreement) which is currently under negotiations as well as in the expected new gTLDs to be launched in next years. The ongoing new gTLD program also represents new challenges, benefits and risks for consumers and users. The list of applications for new gTLD was revealed on the 13 June 2012. The process will continue and will include a period for community comments and also possible objections against some TLDs, which may raise a Freedom of Expression issue, in particular, with giving governments, via GAC, the possibility to send "early warnings". Finally, European NGOs are strongly advised to attend the ICANN meeting to be more familiar with those topics and to see how they can be involved in the process to influence it although domain names issues seem narrow as compared to Internet policy topics in general. The development of policies in ICANN and its own model are setting a precedent in the Internet governance context that we need to care about. Website with practical information about ICANN Prague meeting (24-29 June 2012) http://prague44.icann.org Explanation of the process to object an applied gTLD http://newgtlds.icann.org/en/program-status/objection-dispute-resolution Whois recommendations from the review team (5.12.2011) http://www.icann.org/en/news/public-comment/whois-rt-draft-final-report-05d… Homepage of Non-commercial Stakeholder Group http://gnso.icann.org/en/about/non-commercial.htm (Contribution by Rafik Dammak - Non-Commercial Users Constituency/Non-commercial Stakeholder Group) ======================================================================= 10. Culture: Global changes in production and consumption ======================================================================= The Green MEPs Eva Lichtenberger, Sandrine BC)lier and Helga TrC<pel hosted an event on 7 June 2012 in the European Parliament on the global changes in production and consumption of cultural goods. The first speaker at the event was FrC)dC)ric Martel, writer, journalist, researcher and book critic who worked at the French Embassy in Boston as head of the French cultural and academic services. The mutation is due to two different phenomena: globalisation and digitalisation. The novelty is that the developing countries are taking part in those phenomena and they have to adapt to both globalisation and digitalisation at the same time. The approach to digitalisation is different in Europe from that in the developing countries. In Europe the content industries are adopting a defensive behaviour against digitalisation, while in the developing countries they see it as an opportunity. The creative industry is changing, but one should not forget that the big American studios also finance small independent studios. A new debate on diversity is appearing because even though there is globalisation, the cultural issues stay national. Countries like Brazil do not have the capacity to function by the US and European system of copyright. The second panellist was Philippe Aigrain, co-funder of la Quadrature du Net. He introduced his speech by defending the legalisation of file sharing and the necessity to find a new financing system b such as a global license. But he focused his speech on looking at the reality of the cultural production and the example of creative writing as a new production opportunity. Today, the non-market practices of individuals are playing an important role even more than the selling and licensing of content, he said. Internet should not be seen as a distribution channel but a a place of cultural, creative and expressive activities. Internet is a creation tool. There is a huge textual production with blogs, microblogs and so on, that allow fair trade publishing favouring both authors and readers. It is however true that this cannot apply to all media. The last speaker was Lucy Montgomery, from Queensland University of Technology (Australia). She spoke about the Chinese market. New models are emerging in China. She took the examples of music, film and fashion in which even though there is piracy and counterfeit, the market is booming and people consume a lot, but differently. Getting completely rid of copyright is a crazy idea, but there is a necessity to understand the co-evolution of innovation and copyright which creates a complex eco-system. Webpage of the event (7.06.2012) http://www.greens-efa.eu/global-changes-in-the-production-and-consumption-o… Recorded stream of the event (7.06.2012) http://greenmediabox.eu/archive/2012/06/07/culture/ (Contribution by Elena Cantello - EDRi intern) ======================================================================= 11. ENDitorial: Data retention - faint heart never won fair lady ======================================================================= Six years ago, as a result of pressure from the UK, the European Union adopted the Data Retention Directive. The measure was intended to harmonise the EU single market for telecommunications, requiring all EU operators to retain data for the purposes of b investigation, detection and prosecution of serious crime,b including terrorism. Member States were placed under an obligation to produce statistical information about the use of such data, with an evaluation report planned for September 2010. None of the elements of that plan has been achieved: The evaluation report which the Commission was legally obliged to produce by September 2010 was finally released in March 2011. Despite the fact that the legal basis of the Directive is the creation of a b Single Marketb, the report produced a long list of examples of how the Directive has failed to harmonise the single market b to the point of probably having created new barriers. The report also shows that several EU Member States have no definition of b serious crimeb, meaning that the core safeguard against disproportionate use of the data has no agreed meaning. Finally, the report illustrates that the Member States have, with very few exceptions, failed to live up to their obligation under the Directive to provide statistical information. In the context of the lamentable failure of the Directive, Commissioner Cecilia MalmstrC6m has taken the only decision available to her. She has decided to review the legislation and her services have recently completed an b impact assessmentb which details the various policy options available to her. In order for a new proposal to become law, it would need to be approved by a majority of Member States (based on a complicated weighted voting system) and a majority in the European Parliament. It is the mathematics of this process which makes the Commissioner's choice a very difficult political one. Whatever solution is found also needs to deal realistically with the fact that the b e-privacy Directiveb (Article 15) recognises a right for Member States to introduce data retention with very vague, unclear safeguards. The uncertainty and confusion created by that provision (also a UK initiative) was illustrated in the recent Bonnier Audio case in the European Court of Justice (Case C-461/10). Even a full repeal of the Data Retention Directive would not stop Member States from exploiting that loophole to impose retention measures and maintaining their confused, disproportionate and counterproductive domestic legislation. The repeal of Article 15 of the E-Privacy Directive is therefore the only logical policy b and internal Commission politics (the e-Privacy Directive is not administered by Commissioner MalmstrC6m's services) should not stop this from happening. Once that essential step has been taken, the Commission has four options: it can do nothing, it can propose minor reforms that it knows the Council will accept, it can propose major reforms or it can repeal the Directive. Option 1: Do nothing On 3 May 2009, Commissioner MalmstrC6m took a personal oath to uphold the European Charter of Fundamental Rights. The Charter includes Article 52, which says that restrictions on fundamental rights are only permissible if they b necessary and genuinely meet objectives of general interest recognised by the Union.b It is impossible to read the Commission's implementation report of the Directive and conclude that there is any possibility that this requirement is currently being met. Doing nothing also does not solve the problem that the Data Retention Directive is a b single market Directiveb that has not harmonised the single market and cannot do so in its current form. Option 2: Minor reforms Similarly, proposing minor amendments would be expedient and is definitely a politically attractive option. The Commission could propose measures that it knows the Member States would accept, such as a small reduction in the maximum retention period and some others, like cost-reimbursement for operators, which the Member States would not accept. The Commission would then have b clean handsb and could blame the Member States for not accepting all of its b reformsb. This approach also comes with considerable risks. In particular, the European Parliament is somewhat unpredictable on this dossier. On the other hand, the UK, which single-handedly pushed through the initial Directive, is now proposing even more extreme measures, such as the creation of vast silos of communications data b a 1.8 million pound set of databases of essentially every online interaction of every citizen. As a Liberal, Commissioner MalmstrC6m would hardly like to be remembered as the Commissioner whose legislative proposal has led to EU-wide surveillance of a scale that would have shocked Orwell. Option 3: Major reforms While keeping data retention, the Commission could propose big reductions in retention periods, to bring them approximately in line with technically necessary retention of data (for billing and network security purposes). The problem with this approach is that it would generate huge opposition among the Member States in the Council. One of the unwritten rules in the Council is that, if two large Member States are opposed to a proposal, it is not even put to a vote. Currently, three large Member States (UK, France, Italy) are vehemently opposed to any significant reform. Despite the difficulty of the task, overturning a big majority would however show leadership, show that the Commission does respect the Charter of Fundamental Rights and show due deference to the legal framework of the European Union more broadly. A strong leadership from the Commission supporting fundamental rights stands a good chance of support from the European Parliament, which would help put pressure on the Member States. Option 4: Repeal All other things being equal (Ceteris paribus), getting enough political support from the Council and the Parliament for a repeal of the Directive faces as many barriers as a major reform. However, there is now a referral of data retention to the European Court. The court has already expressed concern about the legality of data retention. In the Telefonica/Promusicae case, the Advocate General questioned whether b the storage of traffic data of all users without any concrete suspicions b laying in a stock, as it were b is compatible with fundamental rightsb. With the background of the ECJ referral, the failures of the Directive to achieve its goals and the European Parliament's long-standing antipathy to the principle of Data Retention, existing doubts in the European Court about the legality of data retention, a repeal is not as extreme as it sounds. Solving the single market and predictability problems created by a repeal of the Directive will be less challenging than solving the single market and predictability problems created by the continuing existence of the Directive. In any event, one thing is clear, the easiest solutions for Commissioner MalmstrC6m are the least defensible. Courage is needed. (Contribution by Joe McNamee - EDRi) ======================================================================= 12. Recommended Reading ======================================================================= EDPS opinion on smart metering (8.06.2012) http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consu… Letter from the Article 29 Working Party addressed to Mr. Juan Fernando LC3pez Aguilar, Chairman of the LIBE Committee, regarding the negotiations on the Proposal for a Directive on EU PNR (12.06.2012) http://ec.europa.eu/justice/data-protection/article-29/documentation/other-… Letter from the Article 29 Working Party addressed to Ms. Cecilia MalmstrC6m, Commissioner for Home Affairs, regarding Smart Borders (12.06.2012) http://ec.europa.eu/justice/data-protection/article-29/documentation/other-… ======================================================================= 13. Agenda ======================================================================= 24-29 June 2012, Prague, Czech Republic ICANN 44 meeting http://prague44.icann.org/ 27 June 2012, Brussels, Belgium Pan-European Forum on Media Pluralism and New Media http://www.mediapluralism.eu/ 2-6 July 2012, Budapest, Hungary Policies and Practices in Access to Digital Archives: Towards a New Research and Policy Agenda http://www.summer.ceu.hu/sites/default/files/course_files/Policies-and-Prac… 9-10 July 2012, Barcelona, Spain 8th International Conference on Internet Law & Politics: Challenges and Opportunities of Online Entertainment http://edcp.uoc.edu/symposia/idp2012/cfp/?lang=en 11-13 July 2012, Vigo, Spain The 12th Privacy Enhancing Technologies Symposium (PETS 2012) http://petsymposium.org/2012/ 25-26 August 2012, Bonn, Germany Free and Open Source software conference (FrOSCon) http://www.froscon.de/en/program/call-for-papers/ 6-7 September 2012, Cluj-Napoca, Romania CONSENT policy conference: Perceptions, Privacy and Permissions: the role of consent in on-line services Call for papers by 30 June 2012 http://conference.ubbcluj.ro/consent/ 8-9 September 2012, Vienna, Austria Daten, Netz & Politik 2012 Call for Contributions Deadline: 22 July 2012 https://dnp12.unwatched.org/ 12-14 September 2012, Louvain-la-Neuve, Belgium Building Institutions for Sustainable Scientific, Cultural and Genetic Resources Commons. http://biogov.uclouvain.be/iasc/index.php 7-10 October 2012, Amsterdam, Netherlands 2012 Amsterdam Privacy Conference http://www.ivir.nl/news/CallforPapersAPC2012.pdf 25-28 October 2012, Barcelona, Spain Free Culture Forum 2012 http://fcforum.net/ 6-9 November 2012, Baku, Azerbaijan Seventh Annual IGF Meeting: "Internet Governance for Sustainable Human, Economic and Social Development" http://www.intgovforum.org/cms/ 9-11 November 2012, Fulda, Germany Digitalisierte Gesellschaft - Wege und Irrwege FIfF Annual Conference in cooperation with Fuldaer Informatik Kollquium http://www.fiff.de/2012 ============================================================ 14. About ============================================================ EDRi-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRi has 31 members based or with offices in 19 different countries in Europe. European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRi-grams. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and are visible on the EDRi website. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 3.0 License. See the full text at http://creativecommons.org/licenses/by/3.0/ Newsletter editor: Bogdan Manolea <edrigram(a)edri.org> Information about EDRI and its members: http://www.edri.org/ European Digital Rights needs your help in upholding digital rights in the EU. If you wish to help us promote digital rights, please consider making a private donation. http://www.edri.org/about/sponsoring http://flattr.com/thing/417077/edri-on-Flattr - EDRI-gram subscription information subscribe by e-mail To: edri-news-request(a)edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. Unsubscribe by e-mail To: edri-news-request(a)edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/mk/vesti/edri - EDRI-gram in German EDRI-gram is also available in German, with delay. Translations are provided by Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users http://www.unwatched.org/ - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask <edrigram(a)edri.org> if you have any problems with subscribing or unsubscribing. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

Re: [liberationtech] Single board mini computers as circumvention tools
by Jacob Appelbaum 06 Jul '18

06 Jul '18

On 06/23/2012 04:21 AM, Frank Corrigan wrote: > Does anyone know of any research being done on the use of low-cost > single board mini computers to run the likes of online circumvention > tools like VPN, Tor, Gibberbot etc > The Guardian Project...? > Whilst these boards have been around for sometime, since the > introduction of Rasberry Pi, interest has grown and now there are many > boards are being created like: > Rasberry Pi easily runs Debian - so it's basically the same as the Torouter project with different hardware: https://trac.torproject.org/projects/tor/wiki/doc/Torouter > ARM Mini PCs > http://www.reghardware.com/2012/05/10/product_round_up_arm_mini_computers_t… > http://liliputing.com/2012/06/74-mk802-android-4-0-mini-pc-first-impression… > Yep that's what we did with the Excito and the DreamPlug. > Android OS and other Linux OS appears to run easily on these boards and > allows for use of software from the likes of: > https://guardianproject.info/apps/ and http://www.whispersys.com/ (sadly > now defunct) > > Some of these boards are also so cheap as to be disposable single use, > or at least simple reuse after OS/Data erase. > There are some really nice things coming soon. > I am looking at how easy it would be to develop and use a Linux OS that > only runs from the board's ram (LiveCD/USB/SDcard), such as TAILs > <http://tails.boum.org> Use Tails. All the best, Jacob _______________________________________________ liberationtech mailing list liberationtech(a)lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

[mnet-devel] progress implementing emergent networks
by Zooko 06 Jul '18

06 Jul '18

Myers reported (I think) that his twisted Chord network passes a unit test where you start with two separate Chord networks and introduce one node from the first net to one node from the other, and then the two nets merge. Meanwhile, I've finished implementing a version of ent (based on Kademlia) which keeps only one node per k-bucket, and fixed several bugs, but there remains some bug that I haven't investigated (I'm out of time) which causes it to fail the basic "contruct a network, publish a block, fetch the block" unit test. (Please, someone fix it, as I'm probably busy this week.) I just wanted to comment that there is no way known (to me at least) for Kademlia to pass the unit test that Myers is using on his Chord net -- merging two separate nets into one. Kademlia can't do that AFAIK. (This is one way of observing the "Kademlia doesn't self-heal" problem.) I also wanted to mention that Chord can sometimes fail, too, if the nets happen to line up so that the resulting merged Chord net is "loopy". The Liben-Nowell paper [1] explains how to fix that. --Z [1] http://citeseer.nj.nec.com/553810.html ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ mnet-devel mailing list mnet-devel(a)lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mnet-devel ----- End forwarded message ----- [demime 0.97c removed an attachment of type application/pgp-signature]

1 0