cypherpunks-legacy
Threads by month
- ----- 2025 -----
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1998 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1997 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1996 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1995 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1994 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1993 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1992 -----
- December
- November
- October
- September
July 2018
- 1371 participants
- 9656 discussions
[Politech] German court bans police from installing Trojan Horses remotely [priv]
by Declan McCullagh 06 Jul '18
by Declan McCullagh 06 Jul '18
06 Jul '18
A few thoughts:
1. This seems to preclude German police from doing a remote search
(which would have to include malware or some way of exploiting a
security hole on the target's computer) even with a court order.
2. In the U.S., the FBI reportedly has developed similar malware called
Magic Lantern, which we've discussed here before:
http://www.politechbot.com/p-03034.html
http://en.wikipedia.org/wiki/Magic_Lantern_%28software%29
3. I can't think of any domestic case offhand when we know for a fact
that the FBI has gained unauthorized remote access to a suspect's
system. Can anyone? The Scarfo case involved physical access, and this
remote intrusion case dealt with a computer in Russia:
http://news.zdnet.com/2100-9595_22-529917.html
-Declan
---
http://www.nytimes.com/aponline/world/AP-Computer-Searches.html?_r=1&oref=s…
gin
German Court Nixes Hard Drive Search
By THE ASSOCIATED PRESS
Published: February 5, 2007
Filed at 1:42 p.m. ET
BERLIN (AP) -- A German court on Monday ruled that police cannot
remotely search criminal suspects' computer hard drives over the
Internet without their knowledge.
The decision of the Federal Court of Justice in Karlsruhe bars police
from using the online ''Trojan horse'' method, which involves using a
computer program to search through remote hard drives over an Internet
connection, unless parliament passes a law explicitly allowing it.
Police will still be allowed to seize evidence from computer hard drives
when conducting searches in person.
[...remainder snipped...]
_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
1
0
============================================================
EDRi-gram
biweekly newsletter about digital civil rights in Europe
Number 8.13, 30 June 2010
============================================================
Contents
============================================================
1. Data retention - time for evidence-based decision making
2. Same privacy concerns for the new SWIFT treaty
3. ACTA - new criminal sanctions for non-commercial copyright uses?
4. EP calls for a clear legal framework for the Internet of Things
5. Article 29 WP issues opinion on cookies in the new ePrivacy Directive
6. Increased pressure on Turkey to stop Internet blocking
7. Iceland - first steps for a new media haven
8. ENDitorial: Council of Europe draft Recommendation on Profiling
9. Recommended Action
10. Recommended Reading
11. Agenda
12. About
============================================================
1. Data retention - time for evidence-based decision making
============================================================
In June 2010 the European Parliament adopted a farcical "written
declaration" ostensibly on the creation of an "early warning system" to
fight pedophiles. Funded by unknown sources, the MEPs in charge (Zaborska
from the Czech Republic and Motti from Italy) put together the Declaration
in order to promote the retention of communications data and the extension
of this practice to "search engines".
After tabling the declaration, a highly polished, American-style lobby
campaign went into operation. The lobbying neatly avoided mentioning data
retention in any of the associated printed materials, in any of the e-mails
sent to MEPs and on the campaign's website.
The MEPs involved and their staff harangued and harassed parliamentarians,
even to the point of putting lobbying material on their desks in the
Parliament's hemicycle itself - with the simple message of "sign to fight
sexual harassment" using a picture of a vulnerable-looking child. Mainly as
a result of the large number of parliamentarians that signed due to
mistakenly trusting what they were told about the content of the
declaration, it was adopted.
The Declaration has now been sent to the European Commission, where Cecillia
Malmstrvm, who vehemently opposed the Data Retention Directive in her
previous job as a Member of the European Parliament, needs to decide how to
respond. Having indicated in the Swedish press that such an approach would
be disproportionate, there are reasons to be hopeful that her position will
be firm and favourable to citizens' rights. To make Commissioner Malmstrom's
task even easier, she took an oath in May of this year to respect the
Charter of Fundamental Rights of the European Union.
Unequivocal opposition to such extreme proposals is important, particularly
at the moment. By the end of this week, the relevant Directorate-General of
the Commission will have completed its first draft assessment of the Data
Retention Directive, which will then be reviewed by the Commissioner. This
will then be followed by a second round of drafting, consultation with the
other parts of the Commission and adoption of the final report, probably in
the second half of September. In the absence of evidence to suggest that
data retention has served any useful purpose, it is to be hoped that the
Commissioner will maintain her opposition to the Directive and propose
appropriate and ambitious amendments, removing obligations on all Member
States to impose long-term blanket data retention on all citizens.
This process is all the more important as a result of developments in the
Council of Europe, which will soon adopt its Recommendation on Profiling.
The current and almost final version of that text lends credibility to
Member States that wish to exploit retained data to assign "profiles" to
innocent citizens. The Recommendation exempts Member States from having to
apply three important chapters: on lawfulness, data quality and sensitive
data. In 2008, a report prepared for the Council of Europe pointed out that
registration of internet users is "likely to have a chilling effect not just
on journalists but on any users that wish to access public or legal, but
controversial materials." The implementation of profiling would make this
serious chilling effect seem minor in comparison.
Campaigning against the Data Retention Directive is already in full swing.
More than 100 organisations (including EDRi) from 23 European countries
asked last week EU Commissioners Malmstrvm, Reding and Kroes in a joint
letter to "propose the repeal of the EU requirements regarding data
retention in favour of a system of expedited preservation and targeted
collection of traffic data". Among the signatories are civil liberties, data
protection and human rights associations as well as crisis line and
emergency call operators, professional associations of journalists, jurists
and doctors, trade unions, consumer organisations and industry associations.
Study undertaken for the Council of Europe on the effects of anti-terror
legislation (11.2008)
http://www.coe.int/t/dghl/standardsetting/media/Doc/SpeakingOfTerror_en.pdf
Written declaration 29 website
http://www.smile29.eu
Oath sworn by Commissioners (3.05.2010)
http://europa.eu/rapid/pressReleasesAction.do?reference=IP/10/487
Draft Council of Europe Recommendation on profiling (3.06.2010)
http://www.coe.int/t/dghl/standardsetting/dataprotection/TPD%20documents/T-…
Data retention Directive
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2006:105:0054:00…
Malmstrom says no to Google Storage (only in Swedish, 28.06.2010)
http://www.svd.se/nyheter/inrikes/malmstrom-sager-nej-till-googlelagring_49…
Letter to Commissioner (22.06.2010)
http://www.vorratsdatenspeicherung.de/images/DRletter_Malmstroem.pdf
Civil society calls for an end to compulsory telecommunications data
retention (28.06.2010)
http://www.vorratsdatenspeicherung.de/content/view/370/79/lang,en/
(Contribution by Joe McNamee - EDRi)
============================================================
2. Same privacy concerns for the new SWIFT treaty
============================================================
The agreement between the EU and USA on the transfer of bank data through
SWIFT was signed on 28 June 2010 after the Spanish Presidency of the Council
of Ministers has accepted some of the changes on the text proposed by MEPs,
but with no significant improvements from the Agreement rejected by the
European Parliament in February 2010.
The text of the new SWIFT Agreement will now probably be rushed through the
next European Parliament plenary session in Strasbourg (5-8 July).
After the draft agreement was initiated by Commissioner Cecilia Malmstrvm on
10 June, MEPs asked for changes to the text concerning the bulk transfer of
data, the creation of an EU counterpart to the US Terrorist Finance Tracking
Programme (TFTP), and EU oversight of TFTP data-processing in the US.
Unfortunately, the new adopted text still allows for bulk data transfers.
The Parliament would have liked to replace bulk data with targeted searches
carried out by an EU-based authority but according to MEP Birgit Sippel, "We
cannot reduce the problem of bulk data for the moment as we do not have the
technical capability."
The retention period is still 5 years and there is no real system in
place from the US on a binding legal redress. The US Privacy Act court
clauses only apply to US citizens and legal residents. Therefore there is
currently no right of judicial review for foreign citizens and residents
(including EU) under the US law.
Another key critique to the current text is the role of Europol that should
authorize the data transfer requests from the US. Besides the fact that
Europol is not a judicial authority, as requested by the European Parliament
in May 2010 Resolution, the incentive from this agency to limit the amount
of data being transferred is extremely reduced due to the fact that they can
actually request data searches from the US.
On 25 June, EDPS Peter Hustinx expressed his concerns related to the
transfer of bulk amounts of bank data to the U.S. authorities and pointed
out the key elements to be improved for data protection, especially as
regarding data retention periods, enforceability of the citizens' data
protection rights, judicial oversight and independent supervision. "I am
fully aware that the fight against terrorism and terrorism financing may
require restrictions to the right to the protection of personal data.
However, in view of the intrusive nature of the draft agreement, which
allows transfers of data in bulk to the US, the necessity of such scheme
should first be unambiguously established, especially in relation to already
existing instruments. Would this be the case, other key elements should
however be improved in order to meet the conditions of the EU legal
framework for data protection."
As MEP Alexander Alvaro told EurActiv, in terms of the agreement, the
European Commission will write a framework for the extraction of data on US
soil in order to set up an EU equivalent to TFTP and in case after five
years this is not in place, the Commission will have to renegotiate or
terminate the present agreement. But the present text automatically extends
for one more year if nothing happens. It does not have to be renewed, it
just has to be actively terminated.
EU, US sign SWIFT agreement (28.06.2010)
http://www.europeanvoice.com:80/article/2010/06/eu,-us-sign-swift-agreement…
EU wins concessions on US bank data-sharing deal (25.06.2010)
http://www.euractiv.com/en/justice/eu-wins-concessions-on-US-bank-data-shar…
EU-US new draft agreement on financial data transfers: EDPS calls for
further data protection improvements (22.06.2010)
http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consu…
EDRi-gram: New SWIFT agreement as bad as the rejected one (16.06.2010)
http://www.edri.org/edrigram/number8.12/new-switf-proposal-bad
============================================================
3. ACTA - new criminal sanctions for non-commercial copyright uses?
============================================================
A new round of negotiations on the Anti-Counterfeiting Trade Agreement
(ACTA) is in progress until 1 July 2010 at Luzern, Switzerland between 11
parties including the EU.
A document leaked from the EU Presidency dated 7 April 2010 shows that EU
member states intended to introduce under ACTA more criminal sanctions for
copyright infringements even for non-commercial reasons.
The EU Presidency document stated that the position of the EU Member States
is still under examination with regard to article 2.14.1 covering copyright
or related rights infringements. Some proposals of this article explicitly
plan to apply criminal sanctions to "infringements that have no direct or
indirect motivation of financial gain".
"The ACTA agreement, by its opacity and undemocratic nature, allows criminal
sanctions to be simply negotiated. The leaked document shows that the EU
Member States are willing to impose prison sanctions for non-commercial
usages of copyrighted works on the Internet as well as for 'inciting and
aiding', a notion so broad that it could cover any Internet service or
speech questioning copyright policies. EU citizens should interrogate their
governments about their support to policies that obviously attack freedom of
speech, privacy and innovation" says Jirimie Zimmermann, spokesperson for
La Quadrature du Net.
ACTA will also hinder access to medicine by preventing the production and
the exportation of generic molecules. "ACTA would affect the access to
treatments worldwide, because it will hinder the access to cheap generic
drugs. Without generic drugs, it would have never been possible for 4
millions people to have access to antiretroviral drugs. If concluded, ACTA
would be a terrible stepback for millions of people living with HIV
worldwide," stated Pauline Londeix, spokesperson for Act Up-Paris.
Some countries, such as India, threatened to establish a coalition of
countries against the treaty as they believe ACTA is in conflict with
international trade law, and it undermines the balance of rights,
obligations and flexibilities that already exists within international law.
The Swiss Pirate Party together with their Pirate colleagues from Germany
and Switzerland organised a rally at the Lucerne train station. The Pirate
parties and a group of 12 non-governmental organisations are also having
short meetings with the Swiss and other delegations.
The Berne Declaration, Midecins Sans Frontihres , ACT UP Paris, Knowledge
Ecology International, Oxfam, La Quadrature du Net, Third World Network, and
representatives of the Washington College of Law issued on 23 June an urgent
ACTA Communique, which attracted a huge number of signatories from MEPs,
academics and NGOs. The document states that the new treaty will encourage
internet service providers to police the activities of internet users by
holding internet providers responsible for the actions of subscribers,
conditioning safe harbours on adopting policing policies, and by requiring
parties to encourage cooperation between service providers and rights
holders. It will also encourage this surveillance, and the potential for
punitive disconnections by private actors, without adequate court oversight
or due process.
In a joint statement of the European associations of fixed and mobile
telecoms operators, European internet service providers, cable companies and
digital media organisations have also warned that the "proposed obligation
on online providers to reveal the identity of their subscribers directly to
right holders violates the existing EU data protection obligations."
Also, the International Trademark Association and the International Chamber
of Commerce's Business Action to Stop Counterfeiting and Piracy submitted
joint recommendations and comments on the ACTA text and recommended
maintaining the "original, narrow scope of ACTA to trademark counterfeiting
and copyright piracy for ACTA's effective implementation in different
countries." According to them, "the scope of draft text of the agreement
includes a wide range of intellectual property rights, which risks diluting
the focus and overall strength of the trade agreement."
International Experts Find that Pending Anti-Counterfeiting Trade Agreement
Threatens Public Interests (23.06.2010)
http://www.wcl.american.edu/pijip/go/acta-communique
Leak: EU pushes for criminalizing non-commercial usages in ACTA (24.06.2010)
http://www.laquadrature.net/en/leak-eu-pushes-for-criminalizing-non-commerc…
ACTA: International 'three strikes', surveillance and worse (23.06.2010)
http://www.openrightsgroup.org/blog/2010/acta-international-three-strikes-s…
The ACTA casino must be closed (28.06.2010)
http://www.laquadrature.net/en/the-acta-casino-must-be-closed
Geist: Developing world opposition mounts to anti-counterfeiting agreement
(28.06.2010)
http://www.thestar.com/news/sciencetech/technology/lawbytes/article/828525-…
Scope Of Anti-Counterfeiting Agreement Again A Big Issue In Round Nine
(26.06.2010)
http://www.ip-watch.org/weblog/2010/06/26/scope-of-anti-counterfeiting-agre…
EDRi-gram: ACTA: European Commission transparently ignores European
Parliament (21.04.2010)
http://www.edri.org/edrigram/number8.8/acta-transparency-european-comission
============================================================
4. EP calls for a clear legal framework for the Internet of Things
============================================================
In a resolution on the Internet of Things, adopted on 15 June 2010, the
European Parliament (EP) welcomes the communication of the Commission on
the topic and in principle endorses the broad outlines of the action plan to
promote the Internet of Things.
The Parliament however takes the view that the development of new
applications and the actual functioning and business potential of the
Internet of Things will be intrinsically linked to the trust European
consumers have in the system, and points out that trust exists when doubts
about potential threats to privacy and health are clarified. It stresses
that this trust must be based on a clear legal framework, including rules
governing the control, collection, processing and use of the data collected
and transmitted by the Internet of Things and the types of consent needed
from consumers.
The Parliament further notes that the Internet of Things will lead to the
collection of truly massive amounts of data and calls on the Commission, in
this connection, to submit a proposal for the adaptation of the European
Data Protection Directive with a view to address the data collected and
transmitted by the Internet of Things.
In the view of the Parliament, respect for privacy and the protection of
personal data together with openness and interoperability are the only ways
the Internet of Things will gain wider social acceptance. The EP firmly
believes that all users should have control over their personal data and
stresses that a precondition for promoting technology is the introduction of
legal provisions to reinforce respect for the fundamental values and for the
protection of personal data and privacy.
In the context of privacy by design, the European Parliament also notes the
opinion of the European Data Protection Supervisor (EDPS) on this topic, who
stressed the importance of Privacy by Design as the guiding
principle and highlighted that in the context of RFID, the existing data
protection rules need to be complemented with additional rules imposing
specific safeguards, particularly making it mandatory to embed technical
solutions (Privacy by Design) in RFID technology. He furthermore expressed
his concern that RFID operators in the retail sector may overlook the
possibility for RFID tags to be monitored by unwanted third parties and
thinks it is conceivable that self-regulation will not deliver the expected
results. He therefore called upon the Commission to be ready to propose
legislative instruments regulating the main issues of RFID usage in case the
effective implementation of the existing legal framework fails.
This call for a regulation of the main issues of RFID usage now obviously
gained support from the European Parliament which, in addition, underlines
that RFID applications must be operated in accordance with the rules on
privacy and data protection enshrined in Articles 7 and 8 of the Charter of
Fundamental Rights of the European Union.
The resolution of the Parliament not only addresses the European Commission
but also calls on manufacturers to secure the right to "chip silence" and
calls for RFID application operators to take all reasonable steps to ensure
that data does not relate to an identified or identifiable natural person
unless such data is processed in compliance with the applicable principles
and legal rules on data protection.
It is the believe of the Parliament that a general principle should be
adopted whereby Internet of Things technologies should be designed to
collect and use only the absolute minimum amount of data needed to perform
their function, and should prevent from collecting any supplementary data.
It calls for a significant amount of the data shared by the Internet of
Things to be made anonymous before being transmitted, in order to secure
privacy.
The European Parliament believes in the importance of ensuring that all
fundamental rights - not only privacy - are protected in the process of
developing the Internet of Things and calls on the Commission to monitor
closely the implementation of the European regulations already adopted in
this area and to present, by the end of the year, a timetable for the
guidelines it intends to propose at the EU level for improving the safety of
the Internet of Things and of RFID applications.
As EDRi-gram reported earlier this year the resolution was drafted by MEP
Maria Badia i Cutchet, rapporteur to the European Parliament's Committee on
Industry, Research and Energy (ITRE) including opinions of the Committees on
International Trade, Internal Market and Consumer Protection and Legal
Affairs.
The EP Resolution has to be seen not only in the context of the European
Commission's communication on the Internet of Things and the EDPS opinion on
Privacy by Design, but also of the European Commission's RFID recommendation
and the Industry proposal for an RFID Privacy Impact Assessment, which
unfortunately fails to identify a single specific risk.
In this context, the resolution of the European Parliament can be seen as
another strong signal towards the European Commission to act without undue
delay to effectively protect the fundamental rights of individuals affected
by RFID and other technologies related to the Internet of Things and towards
manufacturers and RFID application operators to take their obligations
serious and effectively secure privacy and data protection rights of all
persons affected by their products and applications.
European Parliament resolution of 15 June 2010 on the Internet of Things
(2009/2224(INI)) (15.06.2010)
http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//TEXT+TA+P7-TA-2…
Communication to the European Parliament, the Council, the EESC and the
committee of the Regions: Internet of Things - An action plan for Europe
(18.06.2009)
http://ec.europa.eu/information_society/policy/rfid/documents/commiot2009.p…
EDRi-gram: EP, EDPS and EDRi on RFID and the Internet of Things (24.03.2010)
http://www.edri.org/edrigram/number8.6/ep-edps-edri-policy-rfid
EDRi-gram: Industry proposed RFID Privacy Impact Assessment Framework
(19.05.2010)
http://www.edri.org/edrigram/number8.10/rfid-privacy-impact-assesment-indus…
Commission Recommendation on the implementation of privacy and data
protection principles in applications supported by radio-frequency
identification (12.05.2009)
http://ec.europa.eu/information_society/policy/rfid/documents/recommendatio…
(Contribution by Andreas Krisch - EDRi)
============================================================
5. Article 29 WP issues opinion on cookies in the new ePrivacy Directive
============================================================
The Article 29 Data Protection Working Party (WP) representing the European
data protection authorities published on 24 June an opinion clarifying the
application of the data protection rules in online behavioural advertising,
with a focus on the new text of the ePrivacy Directive.
Article 29 Working Party believes that while online behavioural advertising
may be beneficial for businesses and users alike, it still raises personal
data protection and privacy issues. The opinion states that the advertising
providers using tracking cookies are bound, through the revised ePrivacy
Directive, to obtain the informed consent of their users before the
installation of tracking devices such as cookies. According to the
Directive, storing and accessing information on users' computers is lawful
only "on condition that the subscriber or user concerned has given his or
her consent, having been provided with clear and comprehensive information
about the purposes of the processing". The only except is in the case a
cookie is absolutely necessary for the provision of a certain service
required explicitly by a user.
In its Opinion, the Working Party asks for simple and effective mechanisms
by means of which users can give their consent for online behavioural
advertising but also simple and effective mechanisms by means of which they
can withdraw their consent. Presently, allowing cookies is a default setting
with three out of the four major used browsers and Article 29 WP believes
that the users not changing a default setting does not necessarily means
consent. The users should be clearly informed, in an understandable manner,
on the purposes of tracking and given the choice of having their behaviour
browsed or not.
"Average data subjects are not aware of the tracking of their online
behaviour, the purposes of the tracking, etc. They are not always aware of
how to use browser settings to reject cookies, even if this is included in
privacy policies," says the opinion.
However, the Working Party considered the consent may be given to an
advertising network and not to every single website. "....the consent
obtained to place the cookie and use the information to send targeting
advertising would cover subsequent 'readings' of the cookie that take place
every time the user visits a website partner of the ad network provider
which initially placed the cookie." Article 29 WP also said that this
consent should expire after a year, and that each advertising network should
request consent again after that period. It also said that the consent could
be withdrawn at any time.
The Internet Advertising Bureau Europe, the European Publishers Council and
other advertising and publishers' trade bodies reacted to this opinion by
issuing a statement saying: "The industry believes this is a gross
misinterpretation of the intention of the Directive and a misrepresentation
of the type of data typically collected and processed for the purposes of
serving interest-based advertising to consumers on our websites."
The Article 29 WG's opinion is based on the opinion presented on 23 June
2010 during EP Privacy Platform Meeting by Belgian Data Protection
Supervisor Mr. Debeuckelaere which focused on "Transparency, Information,
Consent". During the meeting, aspects of behavioural advertising were
discussed by more than 100 representatives from industry, privacy activists,
EU institutions, governments and European data protection supervisors.
The representatives of Privacy International and the Electronic Frontier
Foundation argued that the user control tools do not allow for the complete
erasure of profiles, and some data collection, for example by flash cookies,
remains invisible and outside the control of the user.
During the meeting, Mrs Sophia In 't Veld, rapporteur for competition issues
in the Economic Affairs committee, suggested that besides consent and
transparency, a key word should be "choice". "Often internet users are more
or less obliged to give their consent, as there is no alternative. Users
must have a real choice, otherwise it is just token consent", said In 't
Veld who also pointed out the necessity of having a single set of data
protection rules that would apply to the private as well as the public
sectors. "We must regulate the use of personal data for commercial purposes,
but the same standards of data protection should apply to the use of those
same data by public authorities for law enforcement purposes. We often do
not realise how government agencies are using data collected by companies
for commercial purposes. But different rules apply to the private and public
sectors. That must be corrected".
Article 29 Data Protection Working Party Opt-out is not sufficient
(24.06.2010)
http://ec.europa.eu/justice_home/fsj/privacy/news/docs/pr_26_06_10_en.pdf
Opt-out is not sufficient - European Data Protection Authorities clarify EU
rules on online behavioural Advertising (22.06.2010)
http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2010/wp171_en.pdf
Cookie consent can't be implied from browser settings, say privacy watchdogs
(25.06.2010)
http://www.out-law.com//default.aspx?page=11176
Transparency, Choice and Consent key words for cookies (24.06.2010)
http://www.d66.nl/europa/nieuws/20100624/transparency_choice_and_consent
============================================================
6. Increased pressure on Turkey to stop Internet blocking
============================================================
As Turkey continues its ban on Google's YouTube and other services, it
attracts more and more criticism. After Turkey's President Abdullah Gul
himself has taken position against its own government in this matter, it is
now OSCE turn to react.
On 22 June 2010, Dunja Mijatovic, the OSCE Representative on Freedom of the
Media, asked the Turkish authorities to restore access to Google's YouTube
and other services and change the much-criticized Law No. 5651 (so-called
Internet Law) in order to be in line with international standards on free
expression. "I ask the Turkish authorities to revoke the blocking provisions
that prevent citizens from being part of today's global information society.
I also ask them to carry out a very much needed reform of Law No. 5651,"
said Mijatovic.
OSCE representative has sent a letter to Turkish Foreign Minister Ahmet
Davutoglu, showing concern about the new blocking decisions taken at the
beginning of June when the ban was extended to other Google services such as
Google Translate or Google Docs.
The Turkish Communication Minister Binali Yildirim has lately argued that
the reason of banning Google services is related to tax disputes and has
accused Google of infringing the Turkish law and of failing to cooperate
with the Turkish authorities. "This site is waging a battle against the
Turkish." But not even the flawed Internet Law includes tax disputes among
the reasons for blocking websites, as was pointed out by Mijatovic who
added: "My office has been promoting the urgent reform of Law No. 5651,
because it considerably limits freedom of expression and severely restricts
citizens' right to access information."
Google, in its turn, is confident it complies with tax laws in every country
where it operates. "We are currently in discussion with the Turkish
authorities about this, and are confident we comply with Turkish law. We
report profits in Turkey which are appropriate for the activities of our
Turkish operations," was Google's statement.
A petition has been signed by hundreds of Internet users denouncing the ban
as an affront to "free speech and rights to access information" and calling
for Binali Yildirim's resignation. Three information technology groups are
challenging the ban in courts.
Richard Howitt, a British member of the European Parliament and advocate of
Turkey's European Union membership, has warned Turkey that the ban puts "the
country alongside Iran, North Korea and Vietnam as one of the world's worst
offenders for cyber censorship" and the country cannot expect to be
considered as a serious candidate for the EU as long as it continues to
censor the Internet.
On 18 June 2010, as a protest against the decision taken by the Turkish
Government, a group of hackers co-ordinated a DoS attack that
lasted 10 hours against the websites of the Ministry of Transportation,
Information and Communication Technologies Authority and the
Telecommunications Communication Presidency, the authorities that have been
directly involved in the banning.
OSCE media freedom representative asks Turkey to withdraw recent Internet
blocking provisions, calls for urgent reform of law (22.06.2010)
http://www.osce.org/item/44754.html
Turkey tightens Internet control in YouTube feud (26.06.2010)
http://www.google.com/hostednews/ap/article/ALeqM5iPZmDTKYEB6SFdyOAv97vXytV…
OSCE calls on Turkey to stop blocking YouTube (22.06.2010)
http://www.reuters.com/article/idUSTRE65L3MP20100622
Access Denied to Turkish Censorship Authorities' websites (18.06.2010)
http://cyberlaw.org.uk/2010/06/18/access-denied-to-turkish-censorship-autho…
EDRi-gram: Turkey extends the censorship of YouTube (16.06.2010)
http://www.edri.org/edrigram/number8.12/turkey-extends-blocking-youtube
============================================================
7. Iceland - first steps for a new media haven
============================================================
Iceland's Parliament has recently accepted a proposal by Icelandic Modern
Media Initiative (IMMI) asking the Icelandic Government to find "ways to
strengthen freedoms of expression and information freedom in Iceland, (and
provide) strong protections for sources and whistleblowers."
The proposal from IMMI came after secret dealings by a few banks in Iceland
in 2009 leading to enormous debts and the lack of regulation and control,
almost bankrupted the entire country. The initiative comes also in relation
to website Wikileaks, who made those Icelandese dealings public and which
has a policy to make public secretly-submitted documents and materials.
Its approval by the Parliament may turn Iceland into a haven for media, with
one of the strongest freedom of expression and whistleblowing protection
laws. "We can create a comprehensive policy and legal framework to protect
the free expression needed for investigative journalism and other
politically important publishing," says IMMI.
The IMMI has proposed several legal reforms including the limitation of the
scope of an exception to existing source protection laws, the increase of
protections for whistleblowers employed by the state and the creation of a
law similar to the free speech-protecting anti-SLAPP (Strategic Litigation
against Public Participation) law of California.
The plan intends to take advantage of protections in Iceland for material
published from web servers based there. "Iceland could become an ideal
environment for Internet-based international media and publishers to
register their services, start-ups, data centers and human rights
organizations. It could be a lever for the economy and create new work
employment opportunities," says the initiative.
Speaking at a meeting of the European Parliament on 21 June, MP Birgitta
Jsnsdsttir said the Icelandic initiative "pulls together the best
legislation from around the world to promote transparency" and suggested
that such measures for the protection of sources may also be brought in
Europe. "The right and ability to communicate knowledge is above most other
rights. We must take care when regulating freedom of speech, because that
speech is what all other rights are founded upon," said Jsnsdsttir.
For those who suffer from breaches of confidence, according to Struan
Robertson, a technology lawyer with Pinsent Masons, there will be some
safeguards. "If Iceland is granting immunity to websites that host leaked
documents, and if it's prepared to reject take-down orders from foreign
courts, that gives the overseas content owner a real problem when the threat
of domestic sanctions fails to deter a leak. The proposal does not affect
copyright law, though. So it may be that take-down demands based on
copyright infringement will be more effective than those based on breach of
confidence."
Icelandic parliament backs 'free speech haven' plan (21.06.2010)
http://www.out-law.com//default.aspx?page=11158
Videos of proposal's vote (only in Icelandic)
http://www.althingi.is/altext/hlusta.php?raeda=rad20100616T033127&horfa=1
http://www.althingi.is/altext/hlusta.php?raeda=rad20100616T033306&horfa=1
Icelandic Modern Media Initiative (IMMI)
http://www.immi.is/?l=en&p=intro
A Vision of Iceland as a Haven for Journalists (21.02.2010)
http://www.nytimes.com/2010/02/22/business/media/22link.html
EU 'must act as role model' in promoting free speech (23.06.2010)
http://www.euractiv.com/en/pa/eu-must-act-role-model-promoting-free-speech-…
============================================================
8. ENDitorial: Council of Europe draft Recommendation on Profiling
============================================================
Approximately in parallel to the work of the EU's Article 29 Committee on
cookies, the Council of Europe has been preparing a wider Recommendation on
profiling. The document has been discussed for over a year, with a
consultation on an earlier draft having been organised at the end of 2009.
While obviously responding to the increasing options offered by the digital
environment with regard to public and private sector profiling, the text
attempts to cover the online and offline environments. The document makes
some pertinent statements - in addition to acknowledging the positive
benefits of more targeted services, it points out that "the lack of
transparency or even "invisibility" of profiling and the lack of accuracy
that may derive from the automatic application of pre-established rules of
inference can pose significant risks for the individual's rights and
freedoms," that "violate the principle of non-discrimination" and that
profiling could expose individuals to particularly high risks of
discrimination and attacks on their personal rights and dignity. However, it
then does little to mitigate these risk and, worse still, appears to
increase the chances of such risks being taken with personal data by public
authorities.
The text copies and pastes definitions from the Convention on Data
Protection which seem rather incongruous in this context in the absence of
more detailed analysis and practical analysis. From the profiling
organisation's perspective, it seems obvious that data should and will be
"adequate, relevant and not excessive in relation to the purposes for which
they are collected or for which they will be processed". Generally, however,
a lot of questions are left open, such as what could be understood by
"informed consent", procedures for providing access to and correction of
data which is indirectly personally identifiable.
Overall, the current draft text does little to clarify the core issues of
effective communication to consumers, informed consent, access to and
correction of data and the "right to be forgotten". Earlier drafts of the
proposal were neutral on the use of profiling by states, indicating that the
Recommendation was aimed at the private sector, leaving the choice to
Member States to extend it to the public sector if they so wished. This was
replaced in the most recent version, which seems to assume the use of
profiling by state authorities and implicitly accepts that, when
"necessary".
Member States can both use profiling and avoid implementation of a large
swathe of the Recommendation covering lawfulness, information
and the rights of data subjects. Bearing in mind the dangers to fundamental
rights identified and enumerated in the text and previous positions taken by
the Council of Europe, it appears unlikely that implicit and uncritical
support for profiling is the intention of the Recommendation.
Draft Recommendation on the Protection of Individuals with regard to
automatic processing of personal data in the framework of profiling June
2010 (3.06.2010)
http://www.coe.int/t/e/legal_affairs/legal_co-operation/steering_committees…
Draft Recommendation on the Protection of Individuals with regard to
automatic processing of personal data in the framework of profiling
(2.10.2009)
http://www.coe.int/t/e/legal_affairs/legal_co-operation/data_protection/eve…
EDRi Consultation Response (3.11.2009)
http://www.edri.org/docs/edri_CoEprofiling_response_091103.pdf
(Contribution by Joe McNamee - EDRi)
============================================================
9. Recommended Action
============================================================
Public consultation on the open internet and net neutrality. DG Information
Society and Media has launched a public consultation on key questions
arising from the issue of net neutrality.
The consultation covers such issues as whether internet providers should be
allowed to adopt certain traffic management practices, prioritising one kind
of internet traffic over another; whether such traffic management practices
may create problems and have unfair effects for users; whether the level of
competition between different internet service providers and the
transparency requirements of the new telecom framework may be sufficient to
avoid potential problems by allowing consumers' choice; and whether the EU
needs to act further to ensure fairness in the internet market, or whether
industry should take the lead.
http://ec.europa.eu/information_society/policy/ecomm/library/public_consult…
http://europa.eu/rapid/pressReleasesAction.do?reference=IP/10/860&format=HT…
European Commissions4 public consultation on the future direction of EU
trade policy
Call open until 28 July 2010
http://ec.europa.eu/yourvoice/ipm/forms/dispatch?form=FutureTradePolicy
http://trade.ec.europa.eu/doclib/docs/2010/june/tradoc_146220.pdf
============================================================
10. Recommended Reading
============================================================
The European Court of Justice defines the scope of the protection of
personal data in the context of access to documents of the Union
institutions. Judgment of the Court of Justice in Case C-28/08: Commission v
Bavarian Lager
http://curia.europa.eu/jcms/jcms/P_65670/
http://curia.europa.eu/jurisp/cgi-bin/form.pl?lang=EN&Submit=rechercher&num…
OFCOM: No need for net neutrality
http://www.ofcom.org.uk/consult/condocs/net-neutrality/netneutrality.pdf
http://www.out-law.com//default.aspx?page=11177
============================================================
11. Agenda
============================================================
9-11 July 2010, Gdansk, Poland
Wikimedia 2010 - the 6th annual Wikimedia Conference
http://wikimania2010.wikimedia.org/wiki/Main_Page
25-31 July 2010, Meissen, Germany
European Summer School on Internet Governance
http://www.euro-ssig.eu
29-31 July 2010, Freiburg, Germany
IADIS - International Conference ICT, Society and Human Beings 2010
http://www.ict-conf.org/
2-6 August 2010, Helsingborg, Sweden
Privacy and Identity Management for Life (PrimeLife/IFIP Summer School 2010)
http://www.cs.kau.se/IFIP-summerschool/
31 August - 3 September 2010, Budapest, Hungary
OpenOffice 2010 Conference
http://www.ooocon.org/index.php/ooocon/2010
13-17 September 2010, Crete, Greece
Privacy and Security in the Future Internet
3rd Network and Information Security (NIS'10) Summer School
http://www.nis-summer-school.eu
14-16 September 2010, Vilnius, Lithuania
Internet Governance Forum 2010
http://igf2010.lt/
8-9 October 2010, Berlin, Germany
The 3rd Free Culture Research Conference
http://wikis.fu-berlin.de/display/fcrc/Home
25-26 October 2010, Jerusalem, Israel
OECD Conference on "Privacy, Technology and Global Data Flows", celebrating
the 30th anniversary of the OECD Guidelines on the Protection of Privacy and
Transborder Flows of Personal Data
http://www.oecd.org/sti/privacyanniversary
27-29 October 2010, Jerusalem, Israel
The 32nd Annual International Conference of Data Protection and Privacy
Commissioners
http://www.privacyconference2010.org/
28-31 October 2010, Barcelona, Spain
oXcars and Free Culture Forum 2010, the biggest free culture event of all
time
http://exgae.net/oxcars10
http://fcforum.net/10
3-5 November 2010, Barcelona, Spain
The Fifth International Conference on Legal, Security and Privacy Issues in
IT Law. Call for papers deadline: 10 September 2010
http://www.lspi.net/
17 November 2010, Gent, Belgium
Big Brother Awards 2010 Belgium
http://www.winuwprivacy.be/kandidaten
============================================================
12. About
============================================================
EDRI-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRI has 27 members based or with offices in 17 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge and
awareness through the EDRI-grams.
All contributions, suggestions for content, corrections or agenda-tips are
most welcome. Errors are corrected as soon as possible and visibly on the
EDRI website.
Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 3.0 License. See the full text at
http://creativecommons.org/licenses/by/3.0/
Newsletter editor: Bogdan Manolea <edrigram(a)edri.org>
Information about EDRI and its members:
http://www.edri.org/
European Digital Rights needs your help in upholding digital rights in the
EU. If you wish to help us promote digital rights, please consider making a
private donation.
http://www.edri.org/about/sponsoring
- EDRI-gram subscription information
subscribe by e-mail
To: edri-news-request(a)edri.org
Subject: subscribe
You will receive an automated e-mail asking to confirm your request.
unsubscribe by e-mail
To: edri-news-request(a)edri.org
Subject: unsubscribe
- EDRI-gram in Macedonian
EDRI-gram is also available partly in Macedonian, with delay. Translations
are provided by Metamorphosis
http://www.metamorphosis.org.mk/edrigram-mk.php
- EDRI-gram in German
EDRI-gram is also available in German, with delay. Translations are provided
Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for
Internet Users
http://www.unwatched.org/
- Newsletter archive
Back issues are available at:
http://www.edri.org/edrigram
- Help
Please ask <edrigram(a)edri.org> if you have any problems with subscribing or
unsubscribing.
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
============================================================
EDRi-gram
biweekly newsletter about digital civil rights in Europe
Number 8.13, 30 June 2010
============================================================
Contents
============================================================
1. Data retention - time for evidence-based decision making
2. Same privacy concerns for the new SWIFT treaty
3. ACTA - new criminal sanctions for non-commercial copyright uses?
4. EP calls for a clear legal framework for the Internet of Things
5. Article 29 WP issues opinion on cookies in the new ePrivacy Directive
6. Increased pressure on Turkey to stop Internet blocking
7. Iceland - first steps for a new media haven
8. ENDitorial: Council of Europe draft Recommendation on Profiling
9. Recommended Action
10. Recommended Reading
11. Agenda
12. About
============================================================
1. Data retention - time for evidence-based decision making
============================================================
In June 2010 the European Parliament adopted a farcical "written
declaration" ostensibly on the creation of an "early warning system" to
fight pedophiles. Funded by unknown sources, the MEPs in charge (Zaborska
from the Czech Republic and Motti from Italy) put together the Declaration
in order to promote the retention of communications data and the extension
of this practice to "search engines".
After tabling the declaration, a highly polished, American-style lobby
campaign went into operation. The lobbying neatly avoided mentioning data
retention in any of the associated printed materials, in any of the e-mails
sent to MEPs and on the campaign's website.
The MEPs involved and their staff harangued and harassed parliamentarians,
even to the point of putting lobbying material on their desks in the
Parliament's hemicycle itself - with the simple message of "sign to fight
sexual harassment" using a picture of a vulnerable-looking child. Mainly as
a result of the large number of parliamentarians that signed due to
mistakenly trusting what they were told about the content of the
declaration, it was adopted.
The Declaration has now been sent to the European Commission, where Cecillia
Malmstrvm, who vehemently opposed the Data Retention Directive in her
previous job as a Member of the European Parliament, needs to decide how to
respond. Having indicated in the Swedish press that such an approach would
be disproportionate, there are reasons to be hopeful that her position will
be firm and favourable to citizens' rights. To make Commissioner Malmstrom's
task even easier, she took an oath in May of this year to respect the
Charter of Fundamental Rights of the European Union.
Unequivocal opposition to such extreme proposals is important, particularly
at the moment. By the end of this week, the relevant Directorate-General of
the Commission will have completed its first draft assessment of the Data
Retention Directive, which will then be reviewed by the Commissioner. This
will then be followed by a second round of drafting, consultation with the
other parts of the Commission and adoption of the final report, probably in
the second half of September. In the absence of evidence to suggest that
data retention has served any useful purpose, it is to be hoped that the
Commissioner will maintain her opposition to the Directive and propose
appropriate and ambitious amendments, removing obligations on all Member
States to impose long-term blanket data retention on all citizens.
This process is all the more important as a result of developments in the
Council of Europe, which will soon adopt its Recommendation on Profiling.
The current and almost final version of that text lends credibility to
Member States that wish to exploit retained data to assign "profiles" to
innocent citizens. The Recommendation exempts Member States from having to
apply three important chapters: on lawfulness, data quality and sensitive
data. In 2008, a report prepared for the Council of Europe pointed out that
registration of internet users is "likely to have a chilling effect not just
on journalists but on any users that wish to access public or legal, but
controversial materials." The implementation of profiling would make this
serious chilling effect seem minor in comparison.
Campaigning against the Data Retention Directive is already in full swing.
More than 100 organisations (including EDRi) from 23 European countries
asked last week EU Commissioners Malmstrvm, Reding and Kroes in a joint
letter to "propose the repeal of the EU requirements regarding data
retention in favour of a system of expedited preservation and targeted
collection of traffic data". Among the signatories are civil liberties, data
protection and human rights associations as well as crisis line and
emergency call operators, professional associations of journalists, jurists
and doctors, trade unions, consumer organisations and industry associations.
Study undertaken for the Council of Europe on the effects of anti-terror
legislation (11.2008)
http://www.coe.int/t/dghl/standardsetting/media/Doc/SpeakingOfTerror_en.pdf
Written declaration 29 website
http://www.smile29.eu
Oath sworn by Commissioners (3.05.2010)
http://europa.eu/rapid/pressReleasesAction.do?reference=IP/10/487
Draft Council of Europe Recommendation on profiling (3.06.2010)
http://www.coe.int/t/dghl/standardsetting/dataprotection/TPD%20documents/T-…
Data retention Directive
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2006:105:0054:00…
Malmstrom says no to Google Storage (only in Swedish, 28.06.2010)
http://www.svd.se/nyheter/inrikes/malmstrom-sager-nej-till-googlelagring_49…
Letter to Commissioner (22.06.2010)
http://www.vorratsdatenspeicherung.de/images/DRletter_Malmstroem.pdf
Civil society calls for an end to compulsory telecommunications data
retention (28.06.2010)
http://www.vorratsdatenspeicherung.de/content/view/370/79/lang,en/
(Contribution by Joe McNamee - EDRi)
============================================================
2. Same privacy concerns for the new SWIFT treaty
============================================================
The agreement between the EU and USA on the transfer of bank data through
SWIFT was signed on 28 June 2010 after the Spanish Presidency of the Council
of Ministers has accepted some of the changes on the text proposed by MEPs,
but with no significant improvements from the Agreement rejected by the
European Parliament in February 2010.
The text of the new SWIFT Agreement will now probably be rushed through the
next European Parliament plenary session in Strasbourg (5-8 July).
After the draft agreement was initiated by Commissioner Cecilia Malmstrvm on
10 June, MEPs asked for changes to the text concerning the bulk transfer of
data, the creation of an EU counterpart to the US Terrorist Finance Tracking
Programme (TFTP), and EU oversight of TFTP data-processing in the US.
Unfortunately, the new adopted text still allows for bulk data transfers.
The Parliament would have liked to replace bulk data with targeted searches
carried out by an EU-based authority but according to MEP Birgit Sippel, "We
cannot reduce the problem of bulk data for the moment as we do not have the
technical capability."
The retention period is still 5 years and there is no real system in
place from the US on a binding legal redress. The US Privacy Act court
clauses only apply to US citizens and legal residents. Therefore there is
currently no right of judicial review for foreign citizens and residents
(including EU) under the US law.
Another key critique to the current text is the role of Europol that should
authorize the data transfer requests from the US. Besides the fact that
Europol is not a judicial authority, as requested by the European Parliament
in May 2010 Resolution, the incentive from this agency to limit the amount
of data being transferred is extremely reduced due to the fact that they can
actually request data searches from the US.
On 25 June, EDPS Peter Hustinx expressed his concerns related to the
transfer of bulk amounts of bank data to the U.S. authorities and pointed
out the key elements to be improved for data protection, especially as
regarding data retention periods, enforceability of the citizens' data
protection rights, judicial oversight and independent supervision. "I am
fully aware that the fight against terrorism and terrorism financing may
require restrictions to the right to the protection of personal data.
However, in view of the intrusive nature of the draft agreement, which
allows transfers of data in bulk to the US, the necessity of such scheme
should first be unambiguously established, especially in relation to already
existing instruments. Would this be the case, other key elements should
however be improved in order to meet the conditions of the EU legal
framework for data protection."
As MEP Alexander Alvaro told EurActiv, in terms of the agreement, the
European Commission will write a framework for the extraction of data on US
soil in order to set up an EU equivalent to TFTP and in case after five
years this is not in place, the Commission will have to renegotiate or
terminate the present agreement. But the present text automatically extends
for one more year if nothing happens. It does not have to be renewed, it
just has to be actively terminated.
EU, US sign SWIFT agreement (28.06.2010)
http://www.europeanvoice.com:80/article/2010/06/eu,-us-sign-swift-agreement…
EU wins concessions on US bank data-sharing deal (25.06.2010)
http://www.euractiv.com/en/justice/eu-wins-concessions-on-US-bank-data-shar…
EU-US new draft agreement on financial data transfers: EDPS calls for
further data protection improvements (22.06.2010)
http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consu…
EDRi-gram: New SWIFT agreement as bad as the rejected one (16.06.2010)
http://www.edri.org/edrigram/number8.12/new-switf-proposal-bad
============================================================
3. ACTA - new criminal sanctions for non-commercial copyright uses?
============================================================
A new round of negotiations on the Anti-Counterfeiting Trade Agreement
(ACTA) is in progress until 1 July 2010 at Luzern, Switzerland between 11
parties including the EU.
A document leaked from the EU Presidency dated 7 April 2010 shows that EU
member states intended to introduce under ACTA more criminal sanctions for
copyright infringements even for non-commercial reasons.
The EU Presidency document stated that the position of the EU Member States
is still under examination with regard to article 2.14.1 covering copyright
or related rights infringements. Some proposals of this article explicitly
plan to apply criminal sanctions to "infringements that have no direct or
indirect motivation of financial gain".
"The ACTA agreement, by its opacity and undemocratic nature, allows criminal
sanctions to be simply negotiated. The leaked document shows that the EU
Member States are willing to impose prison sanctions for non-commercial
usages of copyrighted works on the Internet as well as for 'inciting and
aiding', a notion so broad that it could cover any Internet service or
speech questioning copyright policies. EU citizens should interrogate their
governments about their support to policies that obviously attack freedom of
speech, privacy and innovation" says Jirimie Zimmermann, spokesperson for
La Quadrature du Net.
ACTA will also hinder access to medicine by preventing the production and
the exportation of generic molecules. "ACTA would affect the access to
treatments worldwide, because it will hinder the access to cheap generic
drugs. Without generic drugs, it would have never been possible for 4
millions people to have access to antiretroviral drugs. If concluded, ACTA
would be a terrible stepback for millions of people living with HIV
worldwide," stated Pauline Londeix, spokesperson for Act Up-Paris.
Some countries, such as India, threatened to establish a coalition of
countries against the treaty as they believe ACTA is in conflict with
international trade law, and it undermines the balance of rights,
obligations and flexibilities that already exists within international law.
The Swiss Pirate Party together with their Pirate colleagues from Germany
and Switzerland organised a rally at the Lucerne train station. The Pirate
parties and a group of 12 non-governmental organisations are also having
short meetings with the Swiss and other delegations.
The Berne Declaration, Midecins Sans Frontihres , ACT UP Paris, Knowledge
Ecology International, Oxfam, La Quadrature du Net, Third World Network, and
representatives of the Washington College of Law issued on 23 June an urgent
ACTA Communique, which attracted a huge number of signatories from MEPs,
academics and NGOs. The document states that the new treaty will encourage
internet service providers to police the activities of internet users by
holding internet providers responsible for the actions of subscribers,
conditioning safe harbours on adopting policing policies, and by requiring
parties to encourage cooperation between service providers and rights
holders. It will also encourage this surveillance, and the potential for
punitive disconnections by private actors, without adequate court oversight
or due process.
In a joint statement of the European associations of fixed and mobile
telecoms operators, European internet service providers, cable companies and
digital media organisations have also warned that the "proposed obligation
on online providers to reveal the identity of their subscribers directly to
right holders violates the existing EU data protection obligations."
Also, the International Trademark Association and the International Chamber
of Commerce's Business Action to Stop Counterfeiting and Piracy submitted
joint recommendations and comments on the ACTA text and recommended
maintaining the "original, narrow scope of ACTA to trademark counterfeiting
and copyright piracy for ACTA's effective implementation in different
countries." According to them, "the scope of draft text of the agreement
includes a wide range of intellectual property rights, which risks diluting
the focus and overall strength of the trade agreement."
International Experts Find that Pending Anti-Counterfeiting Trade Agreement
Threatens Public Interests (23.06.2010)
http://www.wcl.american.edu/pijip/go/acta-communique
Leak: EU pushes for criminalizing non-commercial usages in ACTA (24.06.2010)
http://www.laquadrature.net/en/leak-eu-pushes-for-criminalizing-non-commerc…
ACTA: International 'three strikes', surveillance and worse (23.06.2010)
http://www.openrightsgroup.org/blog/2010/acta-international-three-strikes-s…
The ACTA casino must be closed (28.06.2010)
http://www.laquadrature.net/en/the-acta-casino-must-be-closed
Geist: Developing world opposition mounts to anti-counterfeiting agreement
(28.06.2010)
http://www.thestar.com/news/sciencetech/technology/lawbytes/article/828525-…
Scope Of Anti-Counterfeiting Agreement Again A Big Issue In Round Nine
(26.06.2010)
http://www.ip-watch.org/weblog/2010/06/26/scope-of-anti-counterfeiting-agre…
EDRi-gram: ACTA: European Commission transparently ignores European
Parliament (21.04.2010)
http://www.edri.org/edrigram/number8.8/acta-transparency-european-comission
============================================================
4. EP calls for a clear legal framework for the Internet of Things
============================================================
In a resolution on the Internet of Things, adopted on 15 June 2010, the
European Parliament (EP) welcomes the communication of the Commission on
the topic and in principle endorses the broad outlines of the action plan to
promote the Internet of Things.
The Parliament however takes the view that the development of new
applications and the actual functioning and business potential of the
Internet of Things will be intrinsically linked to the trust European
consumers have in the system, and points out that trust exists when doubts
about potential threats to privacy and health are clarified. It stresses
that this trust must be based on a clear legal framework, including rules
governing the control, collection, processing and use of the data collected
and transmitted by the Internet of Things and the types of consent needed
from consumers.
The Parliament further notes that the Internet of Things will lead to the
collection of truly massive amounts of data and calls on the Commission, in
this connection, to submit a proposal for the adaptation of the European
Data Protection Directive with a view to address the data collected and
transmitted by the Internet of Things.
In the view of the Parliament, respect for privacy and the protection of
personal data together with openness and interoperability are the only ways
the Internet of Things will gain wider social acceptance. The EP firmly
believes that all users should have control over their personal data and
stresses that a precondition for promoting technology is the introduction of
legal provisions to reinforce respect for the fundamental values and for the
protection of personal data and privacy.
In the context of privacy by design, the European Parliament also notes the
opinion of the European Data Protection Supervisor (EDPS) on this topic, who
stressed the importance of Privacy by Design as the guiding
principle and highlighted that in the context of RFID, the existing data
protection rules need to be complemented with additional rules imposing
specific safeguards, particularly making it mandatory to embed technical
solutions (Privacy by Design) in RFID technology. He furthermore expressed
his concern that RFID operators in the retail sector may overlook the
possibility for RFID tags to be monitored by unwanted third parties and
thinks it is conceivable that self-regulation will not deliver the expected
results. He therefore called upon the Commission to be ready to propose
legislative instruments regulating the main issues of RFID usage in case the
effective implementation of the existing legal framework fails.
This call for a regulation of the main issues of RFID usage now obviously
gained support from the European Parliament which, in addition, underlines
that RFID applications must be operated in accordance with the rules on
privacy and data protection enshrined in Articles 7 and 8 of the Charter of
Fundamental Rights of the European Union.
The resolution of the Parliament not only addresses the European Commission
but also calls on manufacturers to secure the right to "chip silence" and
calls for RFID application operators to take all reasonable steps to ensure
that data does not relate to an identified or identifiable natural person
unless such data is processed in compliance with the applicable principles
and legal rules on data protection.
It is the believe of the Parliament that a general principle should be
adopted whereby Internet of Things technologies should be designed to
collect and use only the absolute minimum amount of data needed to perform
their function, and should prevent from collecting any supplementary data.
It calls for a significant amount of the data shared by the Internet of
Things to be made anonymous before being transmitted, in order to secure
privacy.
The European Parliament believes in the importance of ensuring that all
fundamental rights - not only privacy - are protected in the process of
developing the Internet of Things and calls on the Commission to monitor
closely the implementation of the European regulations already adopted in
this area and to present, by the end of the year, a timetable for the
guidelines it intends to propose at the EU level for improving the safety of
the Internet of Things and of RFID applications.
As EDRi-gram reported earlier this year the resolution was drafted by MEP
Maria Badia i Cutchet, rapporteur to the European Parliament's Committee on
Industry, Research and Energy (ITRE) including opinions of the Committees on
International Trade, Internal Market and Consumer Protection and Legal
Affairs.
The EP Resolution has to be seen not only in the context of the European
Commission's communication on the Internet of Things and the EDPS opinion on
Privacy by Design, but also of the European Commission's RFID recommendation
and the Industry proposal for an RFID Privacy Impact Assessment, which
unfortunately fails to identify a single specific risk.
In this context, the resolution of the European Parliament can be seen as
another strong signal towards the European Commission to act without undue
delay to effectively protect the fundamental rights of individuals affected
by RFID and other technologies related to the Internet of Things and towards
manufacturers and RFID application operators to take their obligations
serious and effectively secure privacy and data protection rights of all
persons affected by their products and applications.
European Parliament resolution of 15 June 2010 on the Internet of Things
(2009/2224(INI)) (15.06.2010)
http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//TEXT+TA+P7-TA-2…
Communication to the European Parliament, the Council, the EESC and the
committee of the Regions: Internet of Things - An action plan for Europe
(18.06.2009)
http://ec.europa.eu/information_society/policy/rfid/documents/commiot2009.p…
EDRi-gram: EP, EDPS and EDRi on RFID and the Internet of Things (24.03.2010)
http://www.edri.org/edrigram/number8.6/ep-edps-edri-policy-rfid
EDRi-gram: Industry proposed RFID Privacy Impact Assessment Framework
(19.05.2010)
http://www.edri.org/edrigram/number8.10/rfid-privacy-impact-assesment-indus…
Commission Recommendation on the implementation of privacy and data
protection principles in applications supported by radio-frequency
identification (12.05.2009)
http://ec.europa.eu/information_society/policy/rfid/documents/recommendatio…
(Contribution by Andreas Krisch - EDRi)
============================================================
5. Article 29 WP issues opinion on cookies in the new ePrivacy Directive
============================================================
The Article 29 Data Protection Working Party (WP) representing the European
data protection authorities published on 24 June an opinion clarifying the
application of the data protection rules in online behavioural advertising,
with a focus on the new text of the ePrivacy Directive.
Article 29 Working Party believes that while online behavioural advertising
may be beneficial for businesses and users alike, it still raises personal
data protection and privacy issues. The opinion states that the advertising
providers using tracking cookies are bound, through the revised ePrivacy
Directive, to obtain the informed consent of their users before the
installation of tracking devices such as cookies. According to the
Directive, storing and accessing information on users' computers is lawful
only "on condition that the subscriber or user concerned has given his or
her consent, having been provided with clear and comprehensive information
about the purposes of the processing". The only except is in the case a
cookie is absolutely necessary for the provision of a certain service
required explicitly by a user.
In its Opinion, the Working Party asks for simple and effective mechanisms
by means of which users can give their consent for online behavioural
advertising but also simple and effective mechanisms by means of which they
can withdraw their consent. Presently, allowing cookies is a default setting
with three out of the four major used browsers and Article 29 WP believes
that the users not changing a default setting does not necessarily means
consent. The users should be clearly informed, in an understandable manner,
on the purposes of tracking and given the choice of having their behaviour
browsed or not.
"Average data subjects are not aware of the tracking of their online
behaviour, the purposes of the tracking, etc. They are not always aware of
how to use browser settings to reject cookies, even if this is included in
privacy policies," says the opinion.
However, the Working Party considered the consent may be given to an
advertising network and not to every single website. "....the consent
obtained to place the cookie and use the information to send targeting
advertising would cover subsequent 'readings' of the cookie that take place
every time the user visits a website partner of the ad network provider
which initially placed the cookie." Article 29 WP also said that this
consent should expire after a year, and that each advertising network should
request consent again after that period. It also said that the consent could
be withdrawn at any time.
The Internet Advertising Bureau Europe, the European Publishers Council and
other advertising and publishers' trade bodies reacted to this opinion by
issuing a statement saying: "The industry believes this is a gross
misinterpretation of the intention of the Directive and a misrepresentation
of the type of data typically collected and processed for the purposes of
serving interest-based advertising to consumers on our websites."
The Article 29 WG's opinion is based on the opinion presented on 23 June
2010 during EP Privacy Platform Meeting by Belgian Data Protection
Supervisor Mr. Debeuckelaere which focused on "Transparency, Information,
Consent". During the meeting, aspects of behavioural advertising were
discussed by more than 100 representatives from industry, privacy activists,
EU institutions, governments and European data protection supervisors.
The representatives of Privacy International and the Electronic Frontier
Foundation argued that the user control tools do not allow for the complete
erasure of profiles, and some data collection, for example by flash cookies,
remains invisible and outside the control of the user.
During the meeting, Mrs Sophia In 't Veld, rapporteur for competition issues
in the Economic Affairs committee, suggested that besides consent and
transparency, a key word should be "choice". "Often internet users are more
or less obliged to give their consent, as there is no alternative. Users
must have a real choice, otherwise it is just token consent", said In 't
Veld who also pointed out the necessity of having a single set of data
protection rules that would apply to the private as well as the public
sectors. "We must regulate the use of personal data for commercial purposes,
but the same standards of data protection should apply to the use of those
same data by public authorities for law enforcement purposes. We often do
not realise how government agencies are using data collected by companies
for commercial purposes. But different rules apply to the private and public
sectors. That must be corrected".
Article 29 Data Protection Working Party Opt-out is not sufficient
(24.06.2010)
http://ec.europa.eu/justice_home/fsj/privacy/news/docs/pr_26_06_10_en.pdf
Opt-out is not sufficient - European Data Protection Authorities clarify EU
rules on online behavioural Advertising (22.06.2010)
http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2010/wp171_en.pdf
Cookie consent can't be implied from browser settings, say privacy watchdogs
(25.06.2010)
http://www.out-law.com//default.aspx?page=11176
Transparency, Choice and Consent key words for cookies (24.06.2010)
http://www.d66.nl/europa/nieuws/20100624/transparency_choice_and_consent
============================================================
6. Increased pressure on Turkey to stop Internet blocking
============================================================
As Turkey continues its ban on Google's YouTube and other services, it
attracts more and more criticism. After Turkey's President Abdullah Gul
himself has taken position against its own government in this matter, it is
now OSCE turn to react.
On 22 June 2010, Dunja Mijatovic, the OSCE Representative on Freedom of the
Media, asked the Turkish authorities to restore access to Google's YouTube
and other services and change the much-criticized Law No. 5651 (so-called
Internet Law) in order to be in line with international standards on free
expression. "I ask the Turkish authorities to revoke the blocking provisions
that prevent citizens from being part of today's global information society.
I also ask them to carry out a very much needed reform of Law No. 5651,"
said Mijatovic.
OSCE representative has sent a letter to Turkish Foreign Minister Ahmet
Davutoglu, showing concern about the new blocking decisions taken at the
beginning of June when the ban was extended to other Google services such as
Google Translate or Google Docs.
The Turkish Communication Minister Binali Yildirim has lately argued that
the reason of banning Google services is related to tax disputes and has
accused Google of infringing the Turkish law and of failing to cooperate
with the Turkish authorities. "This site is waging a battle against the
Turkish." But not even the flawed Internet Law includes tax disputes among
the reasons for blocking websites, as was pointed out by Mijatovic who
added: "My office has been promoting the urgent reform of Law No. 5651,
because it considerably limits freedom of expression and severely restricts
citizens' right to access information."
Google, in its turn, is confident it complies with tax laws in every country
where it operates. "We are currently in discussion with the Turkish
authorities about this, and are confident we comply with Turkish law. We
report profits in Turkey which are appropriate for the activities of our
Turkish operations," was Google's statement.
A petition has been signed by hundreds of Internet users denouncing the ban
as an affront to "free speech and rights to access information" and calling
for Binali Yildirim's resignation. Three information technology groups are
challenging the ban in courts.
Richard Howitt, a British member of the European Parliament and advocate of
Turkey's European Union membership, has warned Turkey that the ban puts "the
country alongside Iran, North Korea and Vietnam as one of the world's worst
offenders for cyber censorship" and the country cannot expect to be
considered as a serious candidate for the EU as long as it continues to
censor the Internet.
On 18 June 2010, as a protest against the decision taken by the Turkish
Government, a group of hackers co-ordinated a DoS attack that
lasted 10 hours against the websites of the Ministry of Transportation,
Information and Communication Technologies Authority and the
Telecommunications Communication Presidency, the authorities that have been
directly involved in the banning.
OSCE media freedom representative asks Turkey to withdraw recent Internet
blocking provisions, calls for urgent reform of law (22.06.2010)
http://www.osce.org/item/44754.html
Turkey tightens Internet control in YouTube feud (26.06.2010)
http://www.google.com/hostednews/ap/article/ALeqM5iPZmDTKYEB6SFdyOAv97vXytV…
OSCE calls on Turkey to stop blocking YouTube (22.06.2010)
http://www.reuters.com/article/idUSTRE65L3MP20100622
Access Denied to Turkish Censorship Authorities' websites (18.06.2010)
http://cyberlaw.org.uk/2010/06/18/access-denied-to-turkish-censorship-autho…
EDRi-gram: Turkey extends the censorship of YouTube (16.06.2010)
http://www.edri.org/edrigram/number8.12/turkey-extends-blocking-youtube
============================================================
7. Iceland - first steps for a new media haven
============================================================
Iceland's Parliament has recently accepted a proposal by Icelandic Modern
Media Initiative (IMMI) asking the Icelandic Government to find "ways to
strengthen freedoms of expression and information freedom in Iceland, (and
provide) strong protections for sources and whistleblowers."
The proposal from IMMI came after secret dealings by a few banks in Iceland
in 2009 leading to enormous debts and the lack of regulation and control,
almost bankrupted the entire country. The initiative comes also in relation
to website Wikileaks, who made those Icelandese dealings public and which
has a policy to make public secretly-submitted documents and materials.
Its approval by the Parliament may turn Iceland into a haven for media, with
one of the strongest freedom of expression and whistleblowing protection
laws. "We can create a comprehensive policy and legal framework to protect
the free expression needed for investigative journalism and other
politically important publishing," says IMMI.
The IMMI has proposed several legal reforms including the limitation of the
scope of an exception to existing source protection laws, the increase of
protections for whistleblowers employed by the state and the creation of a
law similar to the free speech-protecting anti-SLAPP (Strategic Litigation
against Public Participation) law of California.
The plan intends to take advantage of protections in Iceland for material
published from web servers based there. "Iceland could become an ideal
environment for Internet-based international media and publishers to
register their services, start-ups, data centers and human rights
organizations. It could be a lever for the economy and create new work
employment opportunities," says the initiative.
Speaking at a meeting of the European Parliament on 21 June, MP Birgitta
Jsnsdsttir said the Icelandic initiative "pulls together the best
legislation from around the world to promote transparency" and suggested
that such measures for the protection of sources may also be brought in
Europe. "The right and ability to communicate knowledge is above most other
rights. We must take care when regulating freedom of speech, because that
speech is what all other rights are founded upon," said Jsnsdsttir.
For those who suffer from breaches of confidence, according to Struan
Robertson, a technology lawyer with Pinsent Masons, there will be some
safeguards. "If Iceland is granting immunity to websites that host leaked
documents, and if it's prepared to reject take-down orders from foreign
courts, that gives the overseas content owner a real problem when the threat
of domestic sanctions fails to deter a leak. The proposal does not affect
copyright law, though. So it may be that take-down demands based on
copyright infringement will be more effective than those based on breach of
confidence."
Icelandic parliament backs 'free speech haven' plan (21.06.2010)
http://www.out-law.com//default.aspx?page=11158
Videos of proposal's vote (only in Icelandic)
http://www.althingi.is/altext/hlusta.php?raeda=rad20100616T033127&horfa=1
http://www.althingi.is/altext/hlusta.php?raeda=rad20100616T033306&horfa=1
Icelandic Modern Media Initiative (IMMI)
http://www.immi.is/?l=en&p=intro
A Vision of Iceland as a Haven for Journalists (21.02.2010)
http://www.nytimes.com/2010/02/22/business/media/22link.html
EU 'must act as role model' in promoting free speech (23.06.2010)
http://www.euractiv.com/en/pa/eu-must-act-role-model-promoting-free-speech-…
============================================================
8. ENDitorial: Council of Europe draft Recommendation on Profiling
============================================================
Approximately in parallel to the work of the EU's Article 29 Committee on
cookies, the Council of Europe has been preparing a wider Recommendation on
profiling. The document has been discussed for over a year, with a
consultation on an earlier draft having been organised at the end of 2009.
While obviously responding to the increasing options offered by the digital
environment with regard to public and private sector profiling, the text
attempts to cover the online and offline environments. The document makes
some pertinent statements - in addition to acknowledging the positive
benefits of more targeted services, it points out that "the lack of
transparency or even "invisibility" of profiling and the lack of accuracy
that may derive from the automatic application of pre-established rules of
inference can pose significant risks for the individual's rights and
freedoms," that "violate the principle of non-discrimination" and that
profiling could expose individuals to particularly high risks of
discrimination and attacks on their personal rights and dignity. However, it
then does little to mitigate these risk and, worse still, appears to
increase the chances of such risks being taken with personal data by public
authorities.
The text copies and pastes definitions from the Convention on Data
Protection which seem rather incongruous in this context in the absence of
more detailed analysis and practical analysis. From the profiling
organisation's perspective, it seems obvious that data should and will be
"adequate, relevant and not excessive in relation to the purposes for which
they are collected or for which they will be processed". Generally, however,
a lot of questions are left open, such as what could be understood by
"informed consent", procedures for providing access to and correction of
data which is indirectly personally identifiable.
Overall, the current draft text does little to clarify the core issues of
effective communication to consumers, informed consent, access to and
correction of data and the "right to be forgotten". Earlier drafts of the
proposal were neutral on the use of profiling by states, indicating that the
Recommendation was aimed at the private sector, leaving the choice to
Member States to extend it to the public sector if they so wished. This was
replaced in the most recent version, which seems to assume the use of
profiling by state authorities and implicitly accepts that, when
"necessary".
Member States can both use profiling and avoid implementation of a large
swathe of the Recommendation covering lawfulness, information
and the rights of data subjects. Bearing in mind the dangers to fundamental
rights identified and enumerated in the text and previous positions taken by
the Council of Europe, it appears unlikely that implicit and uncritical
support for profiling is the intention of the Recommendation.
Draft Recommendation on the Protection of Individuals with regard to
automatic processing of personal data in the framework of profiling June
2010 (3.06.2010)
http://www.coe.int/t/e/legal_affairs/legal_co-operation/steering_committees…
Draft Recommendation on the Protection of Individuals with regard to
automatic processing of personal data in the framework of profiling
(2.10.2009)
http://www.coe.int/t/e/legal_affairs/legal_co-operation/data_protection/eve…
EDRi Consultation Response (3.11.2009)
http://www.edri.org/docs/edri_CoEprofiling_response_091103.pdf
(Contribution by Joe McNamee - EDRi)
============================================================
9. Recommended Action
============================================================
Public consultation on the open internet and net neutrality. DG Information
Society and Media has launched a public consultation on key questions
arising from the issue of net neutrality.
The consultation covers such issues as whether internet providers should be
allowed to adopt certain traffic management practices, prioritising one kind
of internet traffic over another; whether such traffic management practices
may create problems and have unfair effects for users; whether the level of
competition between different internet service providers and the
transparency requirements of the new telecom framework may be sufficient to
avoid potential problems by allowing consumers' choice; and whether the EU
needs to act further to ensure fairness in the internet market, or whether
industry should take the lead.
http://ec.europa.eu/information_society/policy/ecomm/library/public_consult…
http://europa.eu/rapid/pressReleasesAction.do?reference=IP/10/860&format=HT…
European Commissions4 public consultation on the future direction of EU
trade policy
Call open until 28 July 2010
http://ec.europa.eu/yourvoice/ipm/forms/dispatch?form=FutureTradePolicy
http://trade.ec.europa.eu/doclib/docs/2010/june/tradoc_146220.pdf
============================================================
10. Recommended Reading
============================================================
The European Court of Justice defines the scope of the protection of
personal data in the context of access to documents of the Union
institutions. Judgment of the Court of Justice in Case C-28/08: Commission v
Bavarian Lager
http://curia.europa.eu/jcms/jcms/P_65670/
http://curia.europa.eu/jurisp/cgi-bin/form.pl?lang=EN&Submit=rechercher&num…
OFCOM: No need for net neutrality
http://www.ofcom.org.uk/consult/condocs/net-neutrality/netneutrality.pdf
http://www.out-law.com//default.aspx?page=11177
============================================================
11. Agenda
============================================================
9-11 July 2010, Gdansk, Poland
Wikimedia 2010 - the 6th annual Wikimedia Conference
http://wikimania2010.wikimedia.org/wiki/Main_Page
25-31 July 2010, Meissen, Germany
European Summer School on Internet Governance
http://www.euro-ssig.eu
29-31 July 2010, Freiburg, Germany
IADIS - International Conference ICT, Society and Human Beings 2010
http://www.ict-conf.org/
2-6 August 2010, Helsingborg, Sweden
Privacy and Identity Management for Life (PrimeLife/IFIP Summer School 2010)
http://www.cs.kau.se/IFIP-summerschool/
31 August - 3 September 2010, Budapest, Hungary
OpenOffice 2010 Conference
http://www.ooocon.org/index.php/ooocon/2010
13-17 September 2010, Crete, Greece
Privacy and Security in the Future Internet
3rd Network and Information Security (NIS'10) Summer School
http://www.nis-summer-school.eu
14-16 September 2010, Vilnius, Lithuania
Internet Governance Forum 2010
http://igf2010.lt/
8-9 October 2010, Berlin, Germany
The 3rd Free Culture Research Conference
http://wikis.fu-berlin.de/display/fcrc/Home
25-26 October 2010, Jerusalem, Israel
OECD Conference on "Privacy, Technology and Global Data Flows", celebrating
the 30th anniversary of the OECD Guidelines on the Protection of Privacy and
Transborder Flows of Personal Data
http://www.oecd.org/sti/privacyanniversary
27-29 October 2010, Jerusalem, Israel
The 32nd Annual International Conference of Data Protection and Privacy
Commissioners
http://www.privacyconference2010.org/
28-31 October 2010, Barcelona, Spain
oXcars and Free Culture Forum 2010, the biggest free culture event of all
time
http://exgae.net/oxcars10
http://fcforum.net/10
3-5 November 2010, Barcelona, Spain
The Fifth International Conference on Legal, Security and Privacy Issues in
IT Law. Call for papers deadline: 10 September 2010
http://www.lspi.net/
17 November 2010, Gent, Belgium
Big Brother Awards 2010 Belgium
http://www.winuwprivacy.be/kandidaten
============================================================
12. About
============================================================
EDRI-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRI has 27 members based or with offices in 17 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge and
awareness through the EDRI-grams.
All contributions, suggestions for content, corrections or agenda-tips are
most welcome. Errors are corrected as soon as possible and visibly on the
EDRI website.
Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 3.0 License. See the full text at
http://creativecommons.org/licenses/by/3.0/
Newsletter editor: Bogdan Manolea <edrigram(a)edri.org>
Information about EDRI and its members:
http://www.edri.org/
European Digital Rights needs your help in upholding digital rights in the
EU. If you wish to help us promote digital rights, please consider making a
private donation.
http://www.edri.org/about/sponsoring
- EDRI-gram subscription information
subscribe by e-mail
To: edri-news-request(a)edri.org
Subject: subscribe
You will receive an automated e-mail asking to confirm your request.
unsubscribe by e-mail
To: edri-news-request(a)edri.org
Subject: unsubscribe
- EDRI-gram in Macedonian
EDRI-gram is also available partly in Macedonian, with delay. Translations
are provided by Metamorphosis
http://www.metamorphosis.org.mk/edrigram-mk.php
- EDRI-gram in German
EDRI-gram is also available in German, with delay. Translations are provided
Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for
Internet Users
http://www.unwatched.org/
- Newsletter archive
Back issues are available at:
http://www.edri.org/edrigram
- Help
Please ask <edrigram(a)edri.org> if you have any problems with subscribing or
unsubscribing.
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
* Crist Clark:
> Any large, well funded national-level intelligence agency
> almost certainly has keys to a valid CA distributed with
> any browser or SSL package. It would be trivial for the US
> Gov't (and by extension, the whole AUSCANNZUKUS intelligence
> community) to simply form a shell company CA that could get
> a trusted cert in the distros or enlist a "legit" CA to do
> their patriotic duty (along with some $$$) and give up a key.
I think this is far too complicated. You just add your state PKI to
the browsers, and the CPS does not require any checks on the Common
Name, to verify it's actually somehow controlled by the certificate
holder. Curiously, such CAs can pass Webtrust audits.
Now I'm a realist and assume that the bureaucrats involved are just
too incompetent to write a proper CPS (and the auditors to lazy to
notice). Authoring policies and paying attention to detail, should be
second nature to them, but somehow I doubt that the FPKI (say) issues
certificates for non-federal entities to help with ongoing FBI
investigations. (Same for the German government agencies who actually
managed to get Mozilla approval for their non-CN-checking CAs.)
--
Florian Weimer <fweimer(a)bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstra_e 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
* Crist Clark:
> Any large, well funded national-level intelligence agency
> almost certainly has keys to a valid CA distributed with
> any browser or SSL package. It would be trivial for the US
> Gov't (and by extension, the whole AUSCANNZUKUS intelligence
> community) to simply form a shell company CA that could get
> a trusted cert in the distros or enlist a "legit" CA to do
> their patriotic duty (along with some $$$) and give up a key.
I think this is far too complicated. You just add your state PKI to
the browsers, and the CPS does not require any checks on the Common
Name, to verify it's actually somehow controlled by the certificate
holder. Curiously, such CAs can pass Webtrust audits.
Now I'm a realist and assume that the bureaucrats involved are just
too incompetent to write a proper CPS (and the auditors to lazy to
notice). Authoring policies and paying attention to detail, should be
second nature to them, but somehow I doubt that the FPKI (say) issues
certificates for non-federal entities to help with ongoing FBI
investigations. (Same for the German government agencies who actually
managed to get Mozilla approval for their non-CN-checking CAs.)
--
Florian Weimer <fweimer(a)bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstra_e 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
---------------------------------------------------------------------
THE 7TH WORKSHOP ON ELLIPTIC CURVE CRYPTOGRAPHY (ECC 2003)
University of Waterloo, Waterloo, Ontario, Canada
August 11, 12 & 13 2003
FINAL ANNOUNCEMENT July 19, 2003
*********************************************************************
NOTES:
1) Please note that the deadline for registration is August 1.
2) The last lecture at ECC 2003 will end at 3:00 pm on Wednesday
(Aug 13). This will give participants sufficient time to catch
flights scheduled to leave Toronto after 7:00 pm. There are
hourly flights from Toronto to Ottawa for those who wish to
attend SAC 2003.
3) If you would like to be removed from this mailing list please
reply with a brief note. You will be immediately removed from
the list.
*********************************************************************
*********************************************************************
ECC 2003 is the seventh in a series of annual workshops dedicated
to the study of elliptic curve cryptography and related areas.
The main themes of ECC 2003 will be:
- The discrete logarithm problem.
- Efficient parameter generation and point counting.
- Provably secure cryptographic protocols.
- Efficient software and hardware implementation.
- Side-channel attacks.
- Deployment of elliptic curve cryptography.
It is hoped that the meeting will continue to encourage and
stimulate further research on the security and implementation
of elliptic curve cryptosystems and related areas, and encourage
collaboration between mathematicians, computer scientists and
engineers in the academic, industry and government sectors.
Attendees of ECC 2003 might also wish to attend SAC 2003
(Ottawa, Aug 14-15) and CRYPTO 2003 (Santa Barbara, Aug 17-21).
The last lecture at ECC 2003 will end at 3:00 pm on Wednesday
(Aug 13). This will give participants sufficient time to catch
flights scheduled to leave Toronto after 7:00 pm. There are hourly
flights from Toronto to Ottawa.
SPONSORS:
Certicom Corp.
MITACS
Motorola
The Fields Institute
University of Essen
University of Waterloo
ORGANIZERS:
Gerhard Frey (University of Essen)
Darrel Hankerson (Auburn University)
Alfred Menezes (University of Waterloo)
Christof Paar (Ruhr-Universitat Bochum)
Edlyn Teske (University of Waterloo)
Scott Vanstone (University of Waterloo)
SPEAKERS:
Hans Dobbertin (Ruhr-Universitat Bochum, Germany)
Florian Hess (University of Bristol, UK)
Hugo Krawczyk (Technion, Israel, and IBM Research, USA)
Tanja Lange (Ruhr-Universitat Bochum, Germany)
Reynald Lercier (Centre d'Electronique de L'Armement, France)
Ben Lynn (Stanford University, USA)
William Martin (National Security Agency, USA)
Christof Paar (Ruhr-Universitat Bochum, Germany)
John Proos (University of Waterloo, Canada)
Jean-Jacques Quisquater (Universite Catholique de Louvain, Belgium)
Pankaj Rohatgi (IBM Research, USA)
Victor Shoup (New York University, USA)
Jerome A. Solinas (National Security Agency, USA)
Edlyn Teske (University of Waterloo, Canada)
Nicolas Theriault (University of Toronto, Canada)
Eran Tromer (Weizmann Institute of Science, Israel)
CONFERENCE PROGRAMME:
All lectures will take place in Room 1302 of the Davis Center,
University of Waterloo
====================
Monday, August 11
====================
8:00 - 9:00 am: Coffee and registration
9:00 - 10:00 am: William Martin: High confidence software
and systems, an NSA perspective
10:00 - 10:30 am: Mid-morning coffee break
10:30 - 11:30 am: Hans Dobbertin: To be announced
11:30 - 12:30 pm: Eran Tromer: Hardware-based implementation of
factoring algorithms
12:30 - 2:00 pm: lunch
2:00 - 3:00 pm: Hugo Krawczyk: Design and analysis of
authenticated Diffie-Hellman protocols
3:00 - 4:00 pm: Victor Shoup: Practical verifiable encryption
and decryption of discrete logarithms
4:00 - 4:30 pm: Afternoon coffee break
4:30 - 5:30 pm: Pankaj Rohatgi: Power, EM and all that: Is your
crypto device really secure?
6:00 pm: Reception at the Waterloo Inn
7:00 pm: Banquet at the Waterloo Inn
=====================
Tuesday, August 12
=====================
8:00 - 9:00 am: Morning coffee
9:00 - 10:00 am: Jean-Jacques Quisquater: 2 or 3 side-channels
for ECC
10:00 - 10:30 am: Mid-morning coffee break
10:30 - 11:30 am: Tanja Lange: Efficient arithmetic on
(hyper-)elliptic curves over finite fields
11:30 - 12:30 pm: Christof Paar: Hyperelliptic curve
cryptosystems for embedded applications
12:30 - 2:00 pm: lunch
2:00 - 3:00 pm: Reynald Lercier: Algorithmic aspects of
Mestre's p-adic point counting ideas
3:00 - 4:00 pm: Ben Lynn: Applications of bilinear maps
4:00 - 4:30 pm: Afternoon coffee break
4:30 - 5:30 pm: Jerome A. Solinas: ID-based digital signature
algorithms
5:30 - 7:00 pm: Cocktail Reception (Davis Centre, University
of Waterloo)
=======================
Wednesday, August 13
=======================
8:00 - 9:00 am: Morning coffee
9:00 - 10:00 am: John Proos: Security in the presence of
decryption failures
10:00 - 10:30 am: Mid-morning coffee break
10:30 - 11:30 am: Nicolas Theriault: Index calculus attack for
hyperelliptic curves of small genus
11:30 - 1:00 pm: lunch
1:00 - 2:00 pm: Florian Hess: The GHS attack revisited
2:00 - 3:00 pm: Edlyn Teske: Weak fields for ECC
REGISTRATION:
There will be a registration fee this year of $250 Cdn or $170 US
($150 Cdn or $100 US for full-time graduate students). Sorry, but
we cannot accept payment in Euros. PLEASE REGISTER AS SOON AS
POSSIBLE AS SPACE IS LIMITED FOR THIS WORKSHOP; REGISTRATION IS
ON A FIRST-COME FIRST-SERVE BASIS. We cannot process a registration
until all fees are paid in full. The deadline for all fees to be
paid and registration completed has been set for the
1st of August, 2003. However, you are encouraged to register
earlier than Aug 1 since some hotels have a cutoff date of
June 29. To register, complete, in full, the attached REGISTRATION
FORM and return it along with your payment to:
Mrs. Adrienne Richter, C&O Dept., University of Waterloo, Waterloo,
Ontario, Canada N2L 3G1. You can also send your registration form by
fax (519-725-5441) or by email (ecc2003(a)math.uwaterloo.ca)
Confirmation of your registration will be sent by email when payment
is received in full.
------------------------cut from here---------------------------------
ECC 2003 CONFERENCE REGISTRATION FORM
Fullname:
_________________________________________________________
Affiliation:
_________________________________________________________
Address:
_________________________________________________________
_________________________________________________________
_________________________________________________________
_________________________________________________________
_________________________________________________________
E-Mail Address:
_________________________________________________________
Telephone #:
_________________________________________________________
Registration Fee: Please check the appropriate box:
[ ] Registration .......$250.00 CAD ..............$________
[ ] Registration .......$170.00 USD ..............$________
[ ] Full-time Student ..$150.00 CAD ..............$________
[ ] Full-time Student ..$100.00 USD ..............$________
Registration Fee includes Banquet: Attending [ ] Yes [ ] No
Vegetarian [ ] Yes [ ] No
TOTAL AMOUNT PAYABLE: ............................$________
**Make Cheque/Money Order Payable to: ECC 2003
Credit Card Payments:
[ ] Visa [ ] MasterCard
Cardholder's Name: ________________________________________________
Card Number: ______________________________________________________
Expiration Date: __________________________________________________
Signature: ________________________________________________________
Additional Information: ___________________________________________
-------------------------cut from here-------------------------------
TRAVEL:
Kitchener-Waterloo is approximately 100 km/60 miles from Pearson
International Airport in Toronto. Ground transportation to
Kitchener-Waterloo can be pre-arranged with Airways Transit.
TRANSPORTATION TO AND FROM TORONTO AIRPORT PROVIDED BY AIRWAYS TRANSIT
It is advisable to book your transportation between the Pearson Airport,
Toronto, and Waterloo in advance to receive the advance booking rate of
$38 CAD per person, one way, with Airways Transit (open 24 hours a day).
Please quote "ECC2003" when making your reservation. Airways is a
door-to-door service; they accept cash (Cdn or US funds), MasterCard,
Visa and American Express.
Upon arrival:
Terminal 1: proceed to Ground Transportation Booth, Arrivals Level.
Terminal 2: proceed to Airways Transit desk, Arrivals Level, Area E.
Terminal 3: proceed to Ground Transportation Booth, Arrivals Level,
between Doors B and C.
You can make a reservation through their web site:
www.airwaystransit.com
Or, you can complete the form below and send by mail or
fax (519-886-2141) well in advance of your arrival to
Airways Transit. They will not fax confirmations: your fax
transmission record is confirmation of your reservation.
-------------------------cut from here---------------------------------
AIRWAYS TRANSIT ADVANCE BOOKING FORM - ECC 2003
ARRIVAL INFORMATION:
____________________________________________________________
Surname First name
____________________________________________________________
Toronto Arrival Date Airline Flight #
____________________________________________________________
Arrival Time Arriving From
____________________________________________________________
Destination in Kitchener/Waterloo No. in party
DEPARTURE INFORMATION:
____________________________________________________________
Surname First name
____________________________________________________________
Toronto Departure Date Airline Flight #
____________________________________________________________
Departure Time Flight # Destination
____________________________________________________________
Pickup From No. in party
____________________________________________________________
Signature Date
Send or Fax to:
Airways Transit
99A Northland Road
Waterloo, Ontario
Canada, N2V 1Y8
Fax: (519) 886-2141
Telephone: (519) 886-2121
-----------------------------cut form here--------------------------------
ACCOMMODATIONS:
There is a limited block of rooms set aside on a first-come
first-serve basis at the Waterloo Inn for the evenings of
August 10, 11, 12 and 13, and at the Comfort Inn for the
evenings of August 9, 10, 11, 12 and 13. Please note that
the Waterloo Inn is sold out for the evening of August 9.
COMFORT INN
Address: 190 Weber Street North, Waterloo, Ontario, Canada N2J 3H4
Phone: (519) 747-9400
Rate: $80 Cdn plus taxes/night for a single or double room
Please quote "ECC 2003" when making your reservation
Availability: Evenings of August 9, 10, 11, 12, 13
Cut-off date: July 7, 2003
WATERLOO INN
Address: 475 King Street North, Waterloo, Ontario, Canada N2J 2Z5
Phone: (519) 884-0222
Fax: (519) 884-0321
Toll Free: 1-800-361-4708
Website: www.waterlooinn.com
Rate: $118 Cdn plus taxes/night for a single or double room
Please quote "ECC 2003" when making your reservation
Availability: Evenings of August 10, 11, 12, 13
Cut-off date: June 29, 2003
Other hotels close to the University of Waterloo are:
UNIVERSITY OF WATERLOO CONFERENCE CENTRE
(on-campus accommodation; no air conditioning)
Ron Eydt Village, Box 16610, Waterloo, Ontario, Canada N3J 4C1
Phone: 519-884-5400, 519-746-7599
Website: www.conferences.uwaterloo.ca (see "Room Registration")
Approx rate: $52 Cdn plus taxes/night
DESTINATION INN
547 King Street North, Waterloo, Ontario, Canada N2L 5Z7
Phone: (519) 884-0100
Website: www.destinationinn.com
Approx rate: $73 Cdn plus taxes/night
BEST WESTERN INN
St. Jacobs Country Inn
50 Benjamin Road East, Waterloo, Ontario, Canada N2V 2J9
Phone: (519) 884-9295
Website: www.stjacobscountryinn.com
Approx rate: $129 Cdn plus taxes/night
THE WATERLOO HOTEL
2 King Street North, Waterloo, Ontario, Canada N2J 2W7
Phone: (519) 885-2626
Website: www.countryinns.org/inn_waterloo.html
Approx rate: $120-160 Cdn plus taxes/night
HOTEL TO CONFERENCE TRANSPORTATION:
A shuttle to/from the campus will be available each day of the
conference from the Waterloo Inn and Comfort Inn only. Place
and times for pickup and drop-off will be emailed to registrants
a week before the workshop.
FURTHER INFORMATION:
For further information or to return your Registration, please contact:
Mrs. Adrienne Richter
Department of Combinatorics & Optimization
University of Waterloo
Waterloo, Ontario, Canada N2L 3G1
e-mail: ecc2003(a)math.uwaterloo.ca
Fax: (519) 725-5441
Phone: (519) 888-4027
---------------------------------------------------------------------
--- end forwarded text
--
-----------------
R. A. Hettinga <mailto: rah(a)ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
1
0
[Politech] German court bans police from installing Trojan Horses remotely [priv]
by Declan McCullagh 06 Jul '18
by Declan McCullagh 06 Jul '18
06 Jul '18
A few thoughts:
1. This seems to preclude German police from doing a remote search
(which would have to include malware or some way of exploiting a
security hole on the target's computer) even with a court order.
2. In the U.S., the FBI reportedly has developed similar malware called
Magic Lantern, which we've discussed here before:
http://www.politechbot.com/p-03034.html
http://en.wikipedia.org/wiki/Magic_Lantern_%28software%29
3. I can't think of any domestic case offhand when we know for a fact
that the FBI has gained unauthorized remote access to a suspect's
system. Can anyone? The Scarfo case involved physical access, and this
remote intrusion case dealt with a computer in Russia:
http://news.zdnet.com/2100-9595_22-529917.html
-Declan
---
http://www.nytimes.com/aponline/world/AP-Computer-Searches.html?_r=1&oref=s…
gin
German Court Nixes Hard Drive Search
By THE ASSOCIATED PRESS
Published: February 5, 2007
Filed at 1:42 p.m. ET
BERLIN (AP) -- A German court on Monday ruled that police cannot
remotely search criminal suspects' computer hard drives over the
Internet without their knowledge.
The decision of the Federal Court of Justice in Karlsruhe bars police
from using the online ''Trojan horse'' method, which involves using a
computer program to search through remote hard drives over an Internet
connection, unless parliament passes a law explicitly allowing it.
Police will still be allowed to seize evidence from computer hard drives
when conducting searches in person.
[...remainder snipped...]
_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
1
0
06 Jul '18
Laptops could betray users in the developing world
http://technology.newscientist.com/article.ns?id=mg19826596.100&print=true
8.6.5
Colin Barras
IN JANUARY, a court in Mazar-e-Sharif, Afghanistan, sentenced a
young journalism student to death. Sayed Pervez Kambaksh's crime was
to download and distribute a document about Islam and women's rights
to his fellow students at Balkh University in Mazar, an action that
the court considered blasphemous. Despite widespread international
condemnation, the Afghan Senate later passed a motion confirming the
death sentence.
Kambaksh was caught because some of his fellow students reported him
to the authorities. But oppressive governments could soon have a
simple way to track the internet activity of their citizens
directly, potentially paving the way for many more such cases.
For security reasons, sensitive data sent over the internet, such as
that used for online banking transactions, is digitally signed at
source with a signature that can be traced to the user's computer.
This helps validate their identity and guard against fraud. The
system is known as non-repudiation, because the person creating the
digital signature can reasonably be assumed to be the source of the
sensitive data and, in a fraud case, for example, cannot repudiate
this.
If this system were to become the default setting for all traffic on
a network, there would be nothing to stop authorities from tracing
the source of any online activity, says Len Sassaman, a computer
security researcher at the Catholic University of Leuven (KUL) in
Belgium. Users would be stripped of their anonymity and authorities
could identify anyone that criticised them. "If countries like
Afghanistan were to switch to a system where the user cannot refute
any action they took on the internet, I suspect we'll see more cases
like Kambaksh's," says Sassaman.
Now Sassaman and his colleague Meredith Patterson at the University
of Iowa in Iowa City claim a prominent philanthropic organisation is
inadvertently in the process of introducing just such a system
across the developing world.
The One Laptop per Child foundation (OLPC), the brainchild of
Nicholas Negroponte, hopes to provide children around the world with
a cheap laptop, called the XO, and access to the internet. But
rolling out internet-ready laptops to inexperienced users across the
developing world poses a huge security problem, not least because
the devices could easily get stolen.
To minimise this risk, the OLPC security team, formerly led by Ivan
Krsti at Harvard University, developed the Bitfrost security model.
Bitfrost has garnered praise from security experts around the world
for its innovations, such as its anti-theft system, P_THEFT. Each
laptop automatically phones an anti-theft server each day, sending
its serial number. The server responds with an activation lease,
valid for the next 24 hours. Any laptop that has been reported
stolen is denied activation and becomes a useless lump of plastic
and metal. While this will discourage theft, Sassaman and Patterson
think there is a crucial element missing from the Bitfrost security
model - personal privacy.
Because the XO laptops will often be used in areas with limited
internet connectivity, the OLPC team chose to use a mesh network, in
which all XO computers in the region act as nodes. This means a
message might pass through many XOs before it reaches its target, so
each one is digitally signed to authenticate its source. While it is
possible to use a digital signature that simply confirms the device
is legitimate without identifying it, Bitfrost uses non-repudiable
digital signatures. These can be traced to a specific laptop and -
since children must register their details with a central database
on taking possession of their XO - an individual child.
"If a government happens to be monitoring, perhaps by inserting
itself into the network between two XOs, it can prove to the world
that the communicating parties said what they said," says Sassaman.
Then, taking advantage of the P_THEFT system, the government could
silence the user by simply denying their laptop a new activation
key.
Steven Murdoch, a privacy and security researcher at the University
of Cambridge, says that Sassaman and Patterson have made a useful
contribution to the Bitfrost model. "What I found most surprising
about the Bitfrost specification is that it doesn't appear to
consider governments as a risk to security," he says.
Simson Garfinkel, a former security consultant for OLPC, dismisses
the claims. He says Bitfrost does not use the signature to track
user activity, adding that the model was intensely scrutinised by
security experts after it was developed.
"It's an issue of intent versus possibility," counters Sassaman.
"They may not intend for the signatures to be used for
non-repudiation, but it's possible to use them for this purpose."
That won't be an issue, says Ricky Greenwald, a clinical
psychologist and founder of the Child Trauma Institute in
Greenfield, Massachusetts. Governments won't need to monitor the
internet activity of 5 to 10-year-olds. "Children that age are more
likely to use their computer for games and schoolwork," he says.
It's very unlikely that a child's laptop would be deactivated by an
oppressive regime, he says.
Sassaman disagrees. "Remember where these computers are being
deployed," he says. "We have 11-year-olds in some of these countries
being drafted as child soldiers. Why would we not want to give them
the ability to whistleblow?"
Furthermore, Sassaman points out that it is unlikely that XO laptops
will be used by children alone. "The OLPC project is laying the
groundwork for a major network across the Third World," he says.
"It's rather short-sighted to think that this would be limited to
children, or to education." With rumours that an adult XO programme
is in development, it is important to tackle security issues now, he
says.
To this end, Sassaman and Patterson are working on a modified
version of Bitfrost that will allow XO laptops to identify each
other without eroding the privacy of their users. Their work is at a
preliminary stage, but will be based on existing cryptographic
techniques that cannot be used for non-repudiation.
With recent changes at the OLPC project it remains to be seen how
widely Bitfrost will be installed in the XO laptops (see "Education,
or just the laptop?"). The security system was designed to run
alongside the Linux operating system and the experimental Sugar
graphical user interface developed for the project. Last month,
however, OLPC announced that the latest XO laptops will run Windows
XP, although the foundation said the machines will eventually be
able to run both operating systems. So far, there are 1000 XOs in
Mongolia and 8000 in Uruguay using Bitfrost, with thousands more due
to be delivered this year. Other countries that have agreed to buy
XOs include Peru, Libya, Nigeria and Rwanda.
Meanwhile Walter Bender, the former president of software and
content at the OLPC, has begun talks with a number of ultra-low-cost
laptop manufacturers that might see Sugar deployed on non-XO laptops
in the near future. "Bitfrost is a far-reaching design," Bender
says. "Much of it is of general use, and aspects of Bitfrost will be
folded into the Sugar efforts."
Sassaman welcomes this development. "Don't get me wrong, Bitfrost is
a highly ambitious project. It's an application of lessons learned
in software security and in that respect it has done a great job,"
he says. "They just happened to overlook a significant issue - user
privacy. But those problems can be fixed without changing the goals
of Bitfrost."
At the time New Scientist went to press, after four months of
international pressure, the Afghan authorities appear to be on the
verge of freeing Kambaksh. With modifications to Bitfrost, Sassaman
and Patterson hope that, in similar cases, at least people's
computers won't betray them.
Computer Viruses - Learn more about the threats to your PC in our
comprehensive special report.
Education, or just the laptop?
Earlier this year, Nicholas Negroponte claimed that One Laptop per
Child, the organisation he founded, had been acting "like a
terrorist group" and needed to be managed "more like Microsoft".
Since then, OLPC has lost some of its key members and all but
abandoned a Linux operating system in favour of the ubiquitous
Microsoft Windows XP.
Reports suggest Negroponte took the decision to adopt Windows after
requests from developing countries, which were stalling on placing
orders for the XO. Critics argue, though, that the switch, coupled
with the recent resignations of Walter Bender, president of software
and content, and Ivan Krsti, director of security architecture, are
signs that OLPC has abandoned its original mission to educate, and
is now simply a laptop manufacturer. "Teaching children to use a
proprietary system such as Windows does not make the world a better
place, because it puts them under the power of the system's
developer," wrote Richard Stallman, founder of the Free Software
Foundation, on the foundation's blog.
Krsti argues that a Windows computer is as useful an educational
tool as one running free software, but he agrees that OLPC's
priorities have changed. "I quit when Nicholas told me that learning
was never part of the mission. The mission was, in his mind, always
getting as many laptops as possible out there," he wrote on his
personal blog.
Related Articles
Hackers have poor nations' PCs in their sights
http://technology.newscientist.com/article/mg19626345.700
15 December 2007
$100-laptop created for world's poorest countries
http://technology.newscientist.com/article/dn8338
17 November 2005
Developing nations to test new $150 laptops
http://technology.newscientist.com/article/dn11177
13 February 2007
Weblinks
One Laptop Per Child
http://laptop.org/
_______________________________________________
tt mailing list
tt(a)postbiota.org
http://postbiota.org/mailman/listinfo/tt
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
06 Jul '18
Laptops could betray users in the developing world
http://technology.newscientist.com/article.ns?id=mg19826596.100&print=true
8.6.5
Colin Barras
IN JANUARY, a court in Mazar-e-Sharif, Afghanistan, sentenced a
young journalism student to death. Sayed Pervez Kambaksh's crime was
to download and distribute a document about Islam and women's rights
to his fellow students at Balkh University in Mazar, an action that
the court considered blasphemous. Despite widespread international
condemnation, the Afghan Senate later passed a motion confirming the
death sentence.
Kambaksh was caught because some of his fellow students reported him
to the authorities. But oppressive governments could soon have a
simple way to track the internet activity of their citizens
directly, potentially paving the way for many more such cases.
For security reasons, sensitive data sent over the internet, such as
that used for online banking transactions, is digitally signed at
source with a signature that can be traced to the user's computer.
This helps validate their identity and guard against fraud. The
system is known as non-repudiation, because the person creating the
digital signature can reasonably be assumed to be the source of the
sensitive data and, in a fraud case, for example, cannot repudiate
this.
If this system were to become the default setting for all traffic on
a network, there would be nothing to stop authorities from tracing
the source of any online activity, says Len Sassaman, a computer
security researcher at the Catholic University of Leuven (KUL) in
Belgium. Users would be stripped of their anonymity and authorities
could identify anyone that criticised them. "If countries like
Afghanistan were to switch to a system where the user cannot refute
any action they took on the internet, I suspect we'll see more cases
like Kambaksh's," says Sassaman.
Now Sassaman and his colleague Meredith Patterson at the University
of Iowa in Iowa City claim a prominent philanthropic organisation is
inadvertently in the process of introducing just such a system
across the developing world.
The One Laptop per Child foundation (OLPC), the brainchild of
Nicholas Negroponte, hopes to provide children around the world with
a cheap laptop, called the XO, and access to the internet. But
rolling out internet-ready laptops to inexperienced users across the
developing world poses a huge security problem, not least because
the devices could easily get stolen.
To minimise this risk, the OLPC security team, formerly led by Ivan
Krsti at Harvard University, developed the Bitfrost security model.
Bitfrost has garnered praise from security experts around the world
for its innovations, such as its anti-theft system, P_THEFT. Each
laptop automatically phones an anti-theft server each day, sending
its serial number. The server responds with an activation lease,
valid for the next 24 hours. Any laptop that has been reported
stolen is denied activation and becomes a useless lump of plastic
and metal. While this will discourage theft, Sassaman and Patterson
think there is a crucial element missing from the Bitfrost security
model - personal privacy.
Because the XO laptops will often be used in areas with limited
internet connectivity, the OLPC team chose to use a mesh network, in
which all XO computers in the region act as nodes. This means a
message might pass through many XOs before it reaches its target, so
each one is digitally signed to authenticate its source. While it is
possible to use a digital signature that simply confirms the device
is legitimate without identifying it, Bitfrost uses non-repudiable
digital signatures. These can be traced to a specific laptop and -
since children must register their details with a central database
on taking possession of their XO - an individual child.
"If a government happens to be monitoring, perhaps by inserting
itself into the network between two XOs, it can prove to the world
that the communicating parties said what they said," says Sassaman.
Then, taking advantage of the P_THEFT system, the government could
silence the user by simply denying their laptop a new activation
key.
Steven Murdoch, a privacy and security researcher at the University
of Cambridge, says that Sassaman and Patterson have made a useful
contribution to the Bitfrost model. "What I found most surprising
about the Bitfrost specification is that it doesn't appear to
consider governments as a risk to security," he says.
Simson Garfinkel, a former security consultant for OLPC, dismisses
the claims. He says Bitfrost does not use the signature to track
user activity, adding that the model was intensely scrutinised by
security experts after it was developed.
"It's an issue of intent versus possibility," counters Sassaman.
"They may not intend for the signatures to be used for
non-repudiation, but it's possible to use them for this purpose."
That won't be an issue, says Ricky Greenwald, a clinical
psychologist and founder of the Child Trauma Institute in
Greenfield, Massachusetts. Governments won't need to monitor the
internet activity of 5 to 10-year-olds. "Children that age are more
likely to use their computer for games and schoolwork," he says.
It's very unlikely that a child's laptop would be deactivated by an
oppressive regime, he says.
Sassaman disagrees. "Remember where these computers are being
deployed," he says. "We have 11-year-olds in some of these countries
being drafted as child soldiers. Why would we not want to give them
the ability to whistleblow?"
Furthermore, Sassaman points out that it is unlikely that XO laptops
will be used by children alone. "The OLPC project is laying the
groundwork for a major network across the Third World," he says.
"It's rather short-sighted to think that this would be limited to
children, or to education." With rumours that an adult XO programme
is in development, it is important to tackle security issues now, he
says.
To this end, Sassaman and Patterson are working on a modified
version of Bitfrost that will allow XO laptops to identify each
other without eroding the privacy of their users. Their work is at a
preliminary stage, but will be based on existing cryptographic
techniques that cannot be used for non-repudiation.
With recent changes at the OLPC project it remains to be seen how
widely Bitfrost will be installed in the XO laptops (see "Education,
or just the laptop?"). The security system was designed to run
alongside the Linux operating system and the experimental Sugar
graphical user interface developed for the project. Last month,
however, OLPC announced that the latest XO laptops will run Windows
XP, although the foundation said the machines will eventually be
able to run both operating systems. So far, there are 1000 XOs in
Mongolia and 8000 in Uruguay using Bitfrost, with thousands more due
to be delivered this year. Other countries that have agreed to buy
XOs include Peru, Libya, Nigeria and Rwanda.
Meanwhile Walter Bender, the former president of software and
content at the OLPC, has begun talks with a number of ultra-low-cost
laptop manufacturers that might see Sugar deployed on non-XO laptops
in the near future. "Bitfrost is a far-reaching design," Bender
says. "Much of it is of general use, and aspects of Bitfrost will be
folded into the Sugar efforts."
Sassaman welcomes this development. "Don't get me wrong, Bitfrost is
a highly ambitious project. It's an application of lessons learned
in software security and in that respect it has done a great job,"
he says. "They just happened to overlook a significant issue - user
privacy. But those problems can be fixed without changing the goals
of Bitfrost."
At the time New Scientist went to press, after four months of
international pressure, the Afghan authorities appear to be on the
verge of freeing Kambaksh. With modifications to Bitfrost, Sassaman
and Patterson hope that, in similar cases, at least people's
computers won't betray them.
Computer Viruses - Learn more about the threats to your PC in our
comprehensive special report.
Education, or just the laptop?
Earlier this year, Nicholas Negroponte claimed that One Laptop per
Child, the organisation he founded, had been acting "like a
terrorist group" and needed to be managed "more like Microsoft".
Since then, OLPC has lost some of its key members and all but
abandoned a Linux operating system in favour of the ubiquitous
Microsoft Windows XP.
Reports suggest Negroponte took the decision to adopt Windows after
requests from developing countries, which were stalling on placing
orders for the XO. Critics argue, though, that the switch, coupled
with the recent resignations of Walter Bender, president of software
and content, and Ivan Krsti, director of security architecture, are
signs that OLPC has abandoned its original mission to educate, and
is now simply a laptop manufacturer. "Teaching children to use a
proprietary system such as Windows does not make the world a better
place, because it puts them under the power of the system's
developer," wrote Richard Stallman, founder of the Free Software
Foundation, on the foundation's blog.
Krsti argues that a Windows computer is as useful an educational
tool as one running free software, but he agrees that OLPC's
priorities have changed. "I quit when Nicholas told me that learning
was never part of the mission. The mission was, in his mind, always
getting as many laptops as possible out there," he wrote on his
personal blog.
Related Articles
Hackers have poor nations' PCs in their sights
http://technology.newscientist.com/article/mg19626345.700
15 December 2007
$100-laptop created for world's poorest countries
http://technology.newscientist.com/article/dn8338
17 November 2005
Developing nations to test new $150 laptops
http://technology.newscientist.com/article/dn11177
13 February 2007
Weblinks
One Laptop Per Child
http://laptop.org/
_______________________________________________
tt mailing list
tt(a)postbiota.org
http://postbiota.org/mailman/listinfo/tt
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
======================================================================
EDRi-gram
biweekly newsletter about digital civil rights in Europe
Number 10.18, 26 September 2012
=======================================================================
Contents
=======================================================================
1. Facebook gives up its face recognition feature in EU
2. European Parliament steps back from promoting ISP liability
3. Ancillary copyright madness in Germany and France
4. EDRi responds to Commission b self-regulationb consultation
5. EU Parliament approves directive on orphan works
6. Data protection package: a proposed timetable in the EP
7. The Netherlands against ACTA in all its forms
8. Mapping Net Neutrality worldwide
9. Freedom Not Fear 2012
10. First victim of French 3 strikes law is found guilty for negligence
11. ENDitorial: Clean IT is just a symptom of the pinata politics of
privatised online enforcement
12. Recommended Reading
13. Agenda
14. About
=======================================================================
1. Facebook gives up its face recognition feature in EU
=======================================================================
Following pressure from Data Protection offices in EU, Facebook has
decided to give up the controversial face recognition feature in EU.
The feature used by Facebook was taking information given by users when
tagging friends' faces in photo, with the declared purpose to make
suggestions on tags for future images, thus making the process simpler
and faster.
This comes as a result of the work of the Irish Data Protection
Authority (Office of the Data Protection Commissioner of Ireland - DPCI)
which, in December 2011, performed an audit assessing Facebook Irelandbs
(FB-I) compliance with the Irish Data protection law as well as the EU
law and made a series of recommendations to Facebook.
On 21 September 2012, DPCI issued the outcomes of its Review
Implementation of Audit Recommendations finding that most
recommendations by the Audit had been met by the company, most notably
the turning off of the face recognition feature.
At the same time, DPCI gave Facebook four weeks to solve the remaining
issues that are still to be met. Among other things, Facebook has been
asked to provide more detailed information about the use of the "fr"
cookie and to explain the consent collected for this cookie. It has also
been asked to introduce a "robust process" to "irrevocably delete user
accounts and data upon request within 40 days" of being notified and to
address the concerns regarding the possibility of targeted advertising
utilising sensitive data on the network.
b I am satisfied that the Review has demonstrated a clear and ongoing
commitment on the part of FB-I to comply with its data protection
responsibilities by way of implementation or progress towards
implementation of the recommendations in the Audit Report. I am
particularly encouraged in relation to the approach it has decided to
adopt on the tag suggest/facial recognition feature by in fact agreeing
to go beyond our initial recommendations, in light of developments since
then, in order to achieve best practice. This feature has already been
turned off for new users in the EU and templates for existing users will
be deleted by 15 October, pending agreement with my Office on the most
appropriate means of collecting user consent. By doing so it is sending
a clear signal of its wish to demonstrate its commitment to best
practice in data protection compliance,b said Billy Hawkes, the Irish
Data Protection Commissioner.
Facebook declared it intends to re-introduce the tag feature in the
future, but it would do that under new guidelines and, according to
Billy Hawkes, the tool would only return if Facebook agreed on the b most
appropriate means of collecting user consentb.
Report of Review of Facebook Irelandbs Implementation of Audit
Recommendations Published b Facebook turns off Tag Suggest in the EU
(21.09.2012)
http://dataprotection.ie/viewdoc.asp?DocID=1233&m=f
Facebook Ireland Ltd b Report of Re-Audit (21.09.2012)
http://dataprotection.ie/documents/press/Facebook_Ireland_Audit_Review_Repo…
Facebook given 4 weeks to FULLY SATISFY Irish data commissioner -
Review mainly leads to whiskey doubles all round (21.09.2012)
http://www.theregister.co.uk/2012/09/21/irish_data_protection_commissioner_…
Facebook abandons face recognition within the EU (only in French,
updated 24.09.2012)
http://www.01net.com/editorial/573553/facebook-abandonne-la-reconnaissance-…
Facebook to switch off controversial facial recognition feature
following data protection concerns (22.09.2012)
http://www.dailymail.co.uk/news/article-2207098/Facebook-switch-controversi…
=======================================================================
2. European Parliament steps back from promoting ISP liability
=======================================================================
On 11 September 2012, the European Parliament voted on an own-initiative
report of Mr Jean-Marie Cavada (EPP, France) on the online distribution
of audiovisual works.
As we reported in the EDRi-gram after the vote in the leading Committee,
the Culture and Education Committee, last July, the report was
containing some surprising and potentially very problematic terms on the
liability of networks operators. The text was calling for b ways to
encourage network operators to standardise their technical toolsb for
copyright enforcement and arguing that the current trend was towards a
removal of liability of networks operators. This is factually wrong,
could lead to privatisation of censorship and would encourage
enforcement outside the rule of law. Finally, this is in no way pursuing
the goal of the report, which is to promote and develop access to
cultural content.
This problematic part of the report (point 59 of the final report) was
thankfully rejected in the final vote of the European Parliament on the
dossier following a lot of behind the scenes activity by
EDRi.
This vote is important for three reasons.
Firstly, the European Parliament would have faced difficulties
convincing the other institutions of its credibility on the dossier. A
report containing (obviously) inaccurate statements will not be
particularly credible.
Secondly, encouraging network operators to standardise their b technical
toolsb means encouraging Internet service providers to monitor, filter
and possibly block access to content. This call was going against recent
decisions of the Court of Justice of the European Union that protecting
intellectual property could not override other fundamental rights such
as the right to privacy, the freedom of information and the freedom to
conduct business. (C-70/10 Scarlet/SABAM and C-360/10 SABAM/Netlog). The
mix of b technical toolsb creates the motive, means and opportunity for
Internet companies to appoint themselves as the judge, jury and
executioner of online law enforcement.
Finally, and most importantly, it shows the willingness of the European
Parliament to move away from concentrating all intellectual property
related issues on enforcement b particularly privatised enforcement by
Internet companies. It is a clear reversal of the Parliament's previous
approach in the so-called b Gallo reportb adopted by the European
Parliament in 2010 that demanded b appropriate solutionsb from
Internet Service Providers in b dialogueb with stakeholders. One such
b dialogueb was the one convened by the European Commission, which
suggested the b voluntaryb implementation of exactly the kinds of
filtering systems that the European Court of Justice subsequently ruled
to be in breach of citizens' fundamental rights.
This vote is in tune with the recently adopted Opinion of the Industry
Committee of the European Parliament on Completing Digital Single
Market, led by Italian Conservative Parliamentarian Aldo Patriciello. In
that report, Parliamentarians focussed on eliminating the many barriers
to online services in Europe, demanding in particular b a harmonised
approach to copyright exceptions and limitationsb. This reflects a
growing awareness that it is time to move away from trying to use
disproportionate tools to enforce a copyright system that is devoid of
credibility and towards building a more credible approach.
The road will still be long to adapt the current framework to the
digital revolution and to overcome the barriers that prevent consumers
to access, use and enjoy cultural content but the European Parliament
has made it clear that it was the direction it wanted to take.
EDRi-gram: EP: Surprises in the online distribution of audiovisual
works' report (18.07.2012)
http://www.edri.org/edrigram/number10.14/online-distribution-works
Patriciello Opinion
Not yet published by Parliament
Cavada Report (25.07.2012)
http://www.europarl.europa.eu/sides/getDoc.do?type=REPORT&reference=A7-2012…
Gallo Report (22.10.2012)
http://www.europarl.europa.eu/sides/getDoc.do?type=TA&language=EN&reference…
(Contribution by Marie Humeau - EDRi)
=======================================================================
3. Ancillary copyright madness in Germany and France
=======================================================================
On 29 August 2012, the German government decided to pass a draft
legislative proposal for ancillary copyright (so-called
"Leistungsschutzrecht") aimed at b protectingb publishing houses' online
content from being quoted in news aggregation sites and on search engines.
This draft law would give publishers the right to limit or forbid any
publication or reproduction by third parties of snippets of their
content. Services (Google in particular) which publish (or "steal") even
very small parts or snippets as a means of helping end-users find
interesting information would have to obtain a license and pay a tax in
order to do so. The law would have an extensive impact since any
website, aggregator or blog could be affected by this.
A couple of years ago, German publishers suddenly realised that there
were companies on the internet which make billions of Euro from
advertising. Advertising has traditionally been the publishers' business
model and they have failed to adapt this part of their business to the
online environment. They therefore argue that companies that are able to
make money in the digital environment should subsidise their
pre-existing business model. Ironically, though, those companies are
still able to make significant profits. For example, Germany's biggest
publisher Axel Springer recently announced an increase in 55% for its
online products in the first half of 2012.
Just a few days ago, French magazine TC)lC)rama.fr revealed a draft
proposal written by the press association IPG and inspired by the
developments in Germany, in order to tax Google and cream off its
billion euro profits in France. The draft b lex Googleb wants to give
publishers the exclusive right to reproduce snippets from articles,
under penalty of a fine of 30 000 euro and 3 years imprisonment for
offenders.
The somewhat incomprehensive German and French provisions create a
disincentive for online companies to help people find the publishers'
online content and b compensateb the publishers when their content is
found. Following the same logic, concert venues could ban taxi drivers
to take people to their concerts, unless they pay b compensationb to the
venue for bringing customers to their doors. In an environment where
expensive, disjointed and out-of-date copyright law is already causing
significant damage to the European economy, this approach may be a joke,
but it certainly is not funny.
Civil society groups as well as the German association of internet
economy eco have highlighted the absurdities and negative consequences
of ancillary copyright provisions repeatedly. They have pointed out that
the current terms of the law are more than unclear, that it is difficult
to establish what makes a website "commercial" and therefore leads to
legal uncertainty. In addition, the current German draft would restrict
the diversity of information on the internet. Civil society groups have
also pointed out the complete superfluousness of such provisions -
publishers are already protected by copyright provisions and are given
extensive rights by journalists through contracts or general terms and
conditions.
Due to the vague definition of a "press product", search engines would
need to conclude thousands of individual contracts. Smaller publishers
and bloggers do not have the capacity to do the same. It is thus likely
to result in adverse effects: a creation of exceptions for monopolies,
leading to an uncompetitive market situation. Ultimately, this will also
limit the freedom of communication and freedom to do business.
3rd revision of the German draft proposal (only in German)
http://irights.info/userfiles/3_%20Referentenentwurf-LSR-Kabinettsfassung_S…
Axel Springer online profit (only in German, 8.08.2012)
http://www.welt.de/wirtschaft/article108532273/Axel-Springer-steigert-Gewin…
eco Comments on Planned Ancillary Copyright (10.07.2012)
http://international.eco.de/2012/news/eco-comments-on-planned-ancillary-cop…
TC)lC)rama reveals press publishers' project (only in French, 21.09.2012)
http://www.telerama.fr/medias/taxe-google-telerama-devoile-le-projet-des-ed…
Common declaration of French and German publishers (only in German,
19.09.2012)
http://www.bdzv.de/fileadmin/bdzv_hauptseite/aktuell/bdzv_branchendienste/b…
(Contribution by Kirsten Fiedler - EDRi)
=======================================================================
4. EDRi responds to Commission b self-regulationb consultation
=======================================================================
The Commission is asking for feedback on a draft b codeb for what it
describes as b multistakeholder actionsb. The intention is to use the
final text as a blueprint for future self- and co-regulatory actions, in
order to ensure that certain best practices are respected. The deadline
is at the end of this week (30 September 2012) and EDRi has already
submitted its response.
We have been (sometimes very!) critical of the Commission's approach to
self-regulation b most particularly when it is not self-regulation at
all but privatised law enforcement, as we see in the now infamous Clean
IT project and as was also proposed in ACTA. If the Commission were
currently following the draft code, many of the excesses that we see
today would not be happening. For example, the chaotic and expensive
two-year b brainstormingb of Clean IT would never have happened because
the code stipulates the establishment, from the outset, of b clear and
unambiguousb objectives, b starting from a well-defined baseline.b
Indeed, the confusion regarding the specific aims of the project is one
of the main reasons that EDRi felt that it was inappropriate to
participate in that group.
While the draft proposed by the European Commission would represent a
solid step forward, there are still valuable improvements that would
need to be made. For example, contrary to the process followed by Clean
IT, there should be an b up frontb understanding that any outcome cannot
legally result in restrictions of fundamental rights.
Secondly, it is very important that any involvement from public
authorities in self-regulatory measures result in those authorities
agreeing to take a formal position to either endorse or reject the
outcome of the project. The alternative is power without responsibility
b a public authority can convene industry discussions, push for a
particular outcome and then claim that the entire process was
b industry's idea.b We also suggest that the involvement of the public
authority be under constant review and only allowed to continue when a
majority of stakeholders are in favour. Power without responsibility is
a corrosive and corrupting factor for any administration. Our response
therefore highlights this point as being one of critical importance.
The third major point of our response refers to the actions that should
be taken if a stakeholder group resigns from a multi-stakeholder
process. In the Commission's draft code, representativeness is given a
high degree of priority, but the guarantees to ensure this is actually
respected are somewhat weak. For example, there is no clarity as to what
should be done if a stakeholder group loses faith in the process and
resigns. Our suggestion is that the group should have the right to
produce a statement of objections and for this to be appended to the
final, published agreement. We also suggest that the resignation of key
stakeholder groups or an agreed proportion of participants would
automatically trigger the ending of the project. In the same vein, we
propose that a level of non-compliance should be agreed which, if
attained, would also lead to the ending of the project.
The Commission consultation comes in two parts b a short questionnaire
and a PDF/DOC of the draft code, which should be submitted with b tracked
changesb after being edited in line with the respondent's views. We
encourage other civil society groups and also individuals to respond b
and we will not complain if any of our analysis is plagiarised.
On-line public consultation on Code for Effective Open Voluntarism:
Good design principles for self- and co-regulation and other
multistakeholder actions
Deadline: 30 September 2012
http://ec.europa.eu/information_society/digital-agenda/actions/consultation/
EDRi's tracked changes document
http://edri.org/files/EC_code_final.pdf
(Contribution by Joe McNamee - EDRi)
=======================================================================
5. EU Parliament approves directive on orphan works
=======================================================================
On 13 September 2012, the EU Parliament approved the draft legislation
on orphan works proposed in 2011, completed by the EU Parliament and
Council compromise in June 2012.
The European Commission issued an Impact Assessment in 2011 accompanying
the proposal for a directive on certain permitted used of orphan works,
considering there was an urgent need of a legislative initiative on
orphan works, as a result of the situation created by the US Google
Books Settlement (in its original formulation orphan works were to be
automatically included in the scope of the Google Books Settlement), the
need to obtain prior copyright permissions for the use of orphan works
in Europe and the risk of a knowledge gap in case orphan works could not
become part of European Digital Library projects.
The Commission also considered a key action of the Digital Agenda for
Europe was the creation of a legal framework to facilitate the
digitisation and dissemination of orphan works (works for which no
author is identified or located). The proposed directive was intended to
make it "safer and easier for public institutions such as museums and
libraries to search for and use orphan works (...)."
The directive defines what works that can be considered orphan works and
it stipulates that the public institutions would be required to carry
out a prior b diligent searchb, in terms with the proposed directive
requirements, in the Member State where the work was first published.
When the diligent search establishes the orphan status of a work, it
would be considered an orphan work all over the EU. Thus, orphan works
can be made available online for cultural and educational purposes
without prior authorisation, unless (or until) the owner of the work
puts an end to such status.
Following certain concerns and criticism, in June 2012, the draft
proposal was completed with two points which established that in case
the right holder showed up, he would be entitled to claim compensation
for the use of his own work and that public institutions should be
allowed to generate some revenue from the use of an orphan work to be
used to pay for the search and the digitisation process.
The approved text by the European Parliament also includes some other
additions such as that the diligent search will not be necessary for
each work but "in good faith" and "prior to the use of the work."
A new article was also added - the new Directive b shall be without
prejudice to the Member Statesb arrangements concerning mass-scale
digitisation of works, such as those relating to out-of-commerce works."
Although considered a good idea, the proposed directive does not impress
everybody. MEP Christian EngstrC6m, of the Swedish Pirate Party, believes
the directive is not bold enough and b is not going to help to make the
European common cultural heritage available the way it is drafted so I
would urge everyone to reconsider because at the moment it simply isn't
useful.b Another difficulty is that when dealing with musical works, a
cultural heritage institution will have to consider the future rules
that will result from the proposed directive on collective rights
management and multi-territorial licensing of rights in musical works
for online uses.
Commission's Vice-President Neelie Kroes has recently pointed out that
although the proposals on orphan works, as well as the proposal on
collective rights management, were good steps in the way to improve EU
copyright, there were also other problems beyond licensing or orphan
works and that "we need to focus also on substantive copyright reform."
Orphan works directive approved by EU Parliament (14.09.2012)
http://ipkitten.blogspot.nl/2012/09/orphan-works-directive-approved-by-eu.h…
Are European orphans about to be freed? (21.09.2012)
http://kluwercopyrightblog.com/2012/09/21/are-european-orphans-about-to-be-…
Finding a good home for orphan works online (12.09.2012)
http://www.europarl.europa.eu/news/en/headlines/content/20120706STO48456/ht…
"Orphan" works: informal deal done between MEPs and Council (6.06.2012)
http://www.europarl.europa.eu/news/en/pressroom/content/20120606IPR46383/ht…
European Parliament legislative resolution of 13 September 2012 on the
proposal for a directive of the European Parliament and of the Council
on certain permitted uses of orphan works (COM(2011)0289 b C7-0138/2011
b 2011/0136(COD) (13.09.2012)
http://www.europarl.europa.eu/sides/getDoc.do?type=TA&reference=P7-TA-2012-…
=======================================================================
6. Data protection package: a proposed timetable in the EP
=======================================================================
Last week, on 19 September 2012, the Civil Liberties, Justice and Home
Affairs (LIBE) Committee discussed the data protection package, in
particular the planned timetable.
LIBE is the Committee leading the dossier in the European Parliament and
will issue two reports, one on the proposal for a General Data
Protection Regulation ( b the Regulationb) and one on the proposal for a
Directive b on the protection of individuals with regard to the
processing of personal data by competent authorities for the purposes of
prevention, investigation, detection or prosecution of criminal offences
or the execution of criminal penalties, and the free movement of such
datab (b the Directiveb).
The two Rapporteurs, Mr Jan-Philipp Albrecht (Greens, Germany) for the
Regulation and Mr Droutsas (S&D, Greece) for the Directive, decided to
follow a package approach because of the important links between the two
proposed legislative measures. However, Mr Droutsas underlined the
difficulties that the Council seems to encounter on the Directive with
the position of certain Member States. The joint parliamentary meeting
taking place on 9 and 10 October is going to be crucial in solving this
issue, he added. Because of the problems in the Council, the feasibility
of the package approach was questioned by Mr Alvaro (ALDE, Germany) b
even though he recognised the benefit of such an approach - and Mr
Kirkhope (ECR, United Kingdom).
The cooperative approach of the dossier, desired by the Rapporteurs, was
warmly welcomed by the other members of the European Parliament from all
political groups. Important issues were underlined several times during
the debate such as the importance of a good implementation and of a
strong enforcement of data protection, the need for clarity, the
necessity of protecting fundamental rights and finally the issue of data
flow to third countries. Even if no final agreement on those issues was
found during the debate, the debate was very helpful to understand the
forthcoming steps in the process.
Mr Albrecht indeed presented his forecasted timetable for the
Regulation. The current plan is to have the Regulation definitely voted
before the end of this legislature, i.e. in 2014. To achieve this goal,
he would like to provide a second working paper for the joint
parliamentary meeting taking place beginning of October. At that time,
the paper will be available only in English and will subsequently be
translated for a debate in the Committee that will take place on 5 or 6
November 2012. The Rapporteur intends to have a draft report ready by
December of this year, so the vote can take place between February and
April 2013, to enable negotiation with the Council later on.
The envisaged timeframe is very important as it gives a great
perspective on the forthcoming steps.
However, this timetable is foreseen as being very ambitious by Mr
Alvaro, Mr Kirkhope and Mr Voss (EPP, Germany), the b Shadow
Rapporteursb. During the debate, they expressed the necessity to favour
quality over speed. It is a very important issue and the process should
not be rushed.
Mr Albrecht concluded by underlining the importance of a coherent and
harmonised framework and the necessity of consolidating the current
system of data protection. Good legislation needs good implementation
and a strong enforcement system. EU citizens have to be protected when
their data are processed, he said. Therefore, he agreed that if more
time was needed to make a good and strong legislation, then this time
will be taken.
More information on the procedure being followed and a glossary of the
key terminology is available in EDRibs b Activist Guide to the Brussels
Mazeb (2012)
http://www.edri.org/files/2012EDRiPapers/activist_guide_to_the_EU.pdf
The entire debate is available on the Parliament website (19.09.2012)
http://www.europarl.europa.eu/ep-live/en/committees/video?event=20120919-09…
(Contribution by Marie Humeau - EDRi)
=======================================================================
7. The Netherlands against ACTA in all its forms
=======================================================================
In response to an open letter sent by EDRi-member Bits of Freedom (BoF),
the Dutch government has confirmed that it opposes any controversial
ACTA-provisions in whatever form.
This confirmation was provoked by the news, only six days after ACTA was
rejected by the European Parliament, that a draft text of the Canada b
EU Trade Agreement contained provisions that were virtually identical to
provisions from ACTA. As the Netherlands set an important example by
rejecting ACTA long before the vote in the European Parliament, Bits of
Freedom requested the government to do the same with CETA or any
agreement alike. And it did.
More specifically in its letter of 17 September 2012, the government b
upon BoF request b confirmed that it would not agree to the
ACTA-provisions in CETA or any other treaty in which such provisions may
appear. It stated:
"The European Commission rightly agreed to respect the vote of the
European Parliament against ACTA and to observe this vote concerning
CETA. ACTA-provisions 27(3) and 27(4) regarding the liability of
Internet Service Providers are no longer part of the current draft of
CETA. Other provisions relating to the enforcement of intellectual
property rights are currently being studied with the aforementioned vote
in mind. If provisions do not correspond thereto, they will be changed
or deleted."
and:
"In light of resolution 288 of the House of Representatives [2], this
government will not agree b in whatever agreement this may be b to any
ACTA-provisions it voted against. Examples are provisions on the strict
enforcement of intellectual property on the internet and provisions that
stand in the way of future intellectual property reforms."
The government further noted that currently there were no other treaties
similar to ACTA being negotiated.
This confirmation by the Dutch government is of course very good news.
However, due to recent elections, a note of caution is in place: the new
government that is currently being formed may decide differently. Seeing
the latest positions of the two major parties there is not too much
reason for concern: in their election campaign, the liberal party (VVD)
took a position against ACTA and similar treaties; the labour party
(PvdA) took position only against ACTA but did support resolution 288
(also mentioned above) by which the government was requested to vote
against treaties similar to ACTA.
Bits of Freedom hopes that the formal position of the Dutch government
against controversial ACTA-provisions in whatever form serves as an
example to policymakers in other countries to do the same. This will
hopefully help the European Commission accept its loss and realize that
the only constructive way forward is to start looking for acceptable
alternatives in an open and transparent way.
Translation open letter: Dutch government must reject CETA (1.08.2012)
https://www.bof.nl/2012/08/01/translation-open-letter-dutch-government-must…
Translations of Dutch parliamentary resolutions against ACTA (29.05.2012)
https://www.bof.nl/2012/05/29/translations-of-dutch-parliamentary-resolutio…
(Contribution by Simone Halink - EDRi-member Bits of Freedom, Netherlands)
=======================================================================
8. Mapping Net Neutrality worldwide
=======================================================================
When questioned about Net Neutrality the European Commission previously
claimed that only little data existed to show that net neutrality
violations had occurred. A new project: netneutralitymap.org shows net
neutrality violations worldwide based on tests for shaping. It documents
the need for net neutrality legislation.
Although Net Neutrality is currently discussed throughout Europe, very
little actual data is used for campaigning. A new project tries to
change this by mapping data from Measurement Lab's global "Glasnost"
tests. The map uses the same metric previously used by the researchers
of Measurement Lab to detect violations of Net Neutrality along one year
and display them on a map. The map clearly shows: violations of Net
Neutrality are commonplace throughout Europe.
Especially the Bittorrent protocol is frequently shaped. While data from
small countries are sparse - data from larger countries confirm that net
neutrality violations are indeed common.
The map was created by activists around the Austrian EDRi member VIBE.at
and "Initiative fuer Netzfreiheit" which recently started a campaign to
promote Net Neutrality in Austria. "I did not perceive Net Neutrality
violations as a problem until I first looked at the map we created" says
Michael Bauer of VIBE.at. "It is striking how common shaping is in
todaybs internet".
The European Commission previously claimed a lack of data on Net
Neutrality violations as the main reason for not punishing them.
Measurement lab had this data since 2009. With this new way of
presenting the data it is clear that the lack of data is not a reason
for delaying net neutrality regulation any longer.
The Net Neutrality map
http://netneutralitymap.org
Austrian campaign on Net Neutrality (only in German)
http://unsernetz.at
Measurement Lab - open platform for researchers to deploy Internet
measurement tools
http://measurementlab.net
Initiative fur Netzfreiheit (only in German)
http://netzfreiheit.org
(contribution by Michael Bauer - EDRi-member VIBE.AT - Austria)
=======================================================================
9. Freedom Not Fear 2012
=======================================================================
The 4-day "Freedom Not Fear 2012" (FNF 2012) event came to a successful
end on Monday, 17 September 2012. Organisations and individuals from 11
EU-member states participated to raise their voice for better privacy
safeguards, to protest against emerging surveillance measures and to
exchange views on digital rights issues
The Brussels action in which several EDRi members participated (FoeBuD,
Digitale Gesellschaft, IuRe, Panoptykon, Bits of Freedom, VibeAt and the
Liga voor Mensenrechten) was accompanied by protest events in the US,
Argentina, Luxembourg and Australia.
Bits of Freedom (Netherlands) attended the FNF weekend in Brussels
focusing mainly on the events around the review of the data protection
framework. They consider it great to meet many activists working on
different topics of which many are related to the activities of the
Dutch organisation. Also, BoF found it inspiring to see which important
issues exist outside the scope of their work.
FoeBuD (Germany) said that several excellent results were produced at
FNF 2012. FoeBuD members really enjoyed the internationality this year -
and will continue working to bring even more organisations to next
year's event. One topic that FoeBuD has recently focused on is the
European Data Protection Regulation, and some good work on this was done
during the FNF activists' weekend and the meetings with European
officials. Another focus is the project to investigate and hopefully
start a European Citizens' Initiative (ECI) against data retention, on
which some valuable exchanges took place during FNF. The next step on
this will be to organise an international conference in Amsterdam to
talk about the ECI.
Three Digitale Gesellschaft (Germany) members were able to participate
in this year's FNF12. This was a perfect occasion for them to put their
energy into pan-European networking between activists and to explain
their position to European policy makers. During the conference, the
members gave a short introduction and overview of the German national
campaign on net neutrality.
The FNF 2012 started on Friday afternoon with a discussion about the
consultations of the EU Commission about a European notice-and-takedown
system of content on the Internet. Mr. Werner Stengg, Head of the EC
Unit "Online Services" presented the Commission's point of view on this
sensitive topic. The talk was followed by two hours of discussions with
Mr. Peter Hustinx, European Data Protection Supervisor, about the
upcoming EU Data Protection Reform. He started with a detailed
explanation of his interpretation of the Freedom Not Fear motto: "Fear
is always a bad adviser." He emphasized the need to keep on striving for
positive developments on privacy issues. Mentioning the whole range of
various kinds of activism, from single person engagement up to
professional privacy activism: "Keep on going - we need you!"
Three more days of the barcamp-like conference filled with meetings,
lectures and discussions followed, also including a colorful
demonstration within the city of Brussels and one more outside action
named the "Camspotting Game". One of the results of b Freedom Not Fearb
was the establishment of the International Working Group on Video
Surveillance, which announced a campaign targeting the latest
developments in privacy-intrusive technology such as "Facewatch" in the UK.
Freedom Not Fear 2012
http://wiki.vorratsdatenspeicherung.de/Freedom_Not_Fear_2012
Walk of Protest FNF 2012
http://wiki.vorratsdatenspeicherung.de/Freedom_Not_Fear_2012/Walk-of-protest
=======================================================================
10. First victim of French 3 strikes law is found guilty for negligence
=======================================================================
After almost two years since the 3-strikes law has entered into force in
France, the first Internet user was sentenced by the court to a 150 euro
fine for negligence for not using the Internet access security measures
and because the user has innocently confessed it.
Since October 2010, about 3 million French IP addresses have been
identified by rightholders of being possible infringers. Out of these,
Hadopi considered 1.15 million worthy of a b first strikeb notice, about
102 000 of a second warning, and only 340 of a third warning. Only 14
cases were sent to court, so far.
This is the first fine applied for the Hadopi law because the
infringement must be proven and this is not easy to do. In order to be
punished for negligence, one has to have failed to apply security means
to his Internet connection or to have not used accordingly these means,
both being rather difficult to prove.
However, this particular Internet user gave himself up by admitting that
he had not used any security means to prevent access to his Internet
account.
By trying to defend himself, the Internet user summoned by the court for
repeated infringements, gave the court the motives to condemn him for
negligence. He argued he was himself unable to download material from
the Internet and blamed his wife (with whom he is under divorce
procedures) for having illegally downloaded material from the Internet.
The woman confirmed she had downloaded Rhianna songs. b By saying he knew
she was downloading infringing content, but didnbt prevent her from
doing so, he self-incriminated,b explained Guillaume Champeau of Numerama.
So, although actually innocent, the man is now to pay for being
responsible for the downloading, because he did not prevent it.
Hadopi: one first condemned person, by ingenuity (only in French,
13.09.2012)
http://www.numerama.com/magazine/23715-hadopi-un-premier-condamne-par-naium…
Hadopi confirms that the first condemned betrayed himself (only in
French, 13.09.2012)
http://www.numerama.com/magazine/23718-la-hadopi-confirme-que-son-1er-conda…
French 3 Strikes: Court Fines First File-Sharer, Even Though Hebs
Innocent (13.09.2012)
http://torrentfreak.com/french-3-strikes-court-fines-first-file-sharer-even…
=======================================================================
11. ENDitorial: Clean IT is just a symptom of the pinata politics of
privatised online enforcement
=======================================================================
There has been a lot of attention to the b Clean ITb project since EDRi
published a leaked draft document last week, on 21 September 2011. Since
then, the project organisers have said that the statement on the front
page saying that b this document contains detailed recommendationsb was
incorrect and that it also contained (unidentified) other mistakes.
Project coordinator But Klaasen explained on Twitter that the leak was
little more than a b discussion document.b According to the Clean IT
website, this is the output of two day meetings in Amsterdam (October
2011), Madrid (January 2012), Brussels (March 2012) Berlin (June
2012) and Utrecht(September 2012). According to the website of Clean IT,
which has produced 23 pages of bullet points of policy suggestions,
there will be just one more meeting (Vienna, November 2012) before a
final presentation is made in February 2013. Mr Klaasen also explained
on Twitter that all suggestions received thus far are only b food for
discussionb, because they do not censor the ideas they receive.
Clean IT is therefore part of a wider problem b a conveyor-belt of
ill-defined projects whereby industry is expected to do b somethingb to
solve ill - or even undefined problems on the Internet. For example, it
takes an almost impressive amount of fragmentation for the European
Commission to be simultaneously funding two different and uncoordinated
projects (Clean IT and CEO Coalition on a Safer Internet for Kids)
developing b voluntaryb industry standards on b notice and takedownb, on
b upload filtersb, on b reporting buttonsb and all with little or no
analysis of the specific problems that need to be solved.
Worse still, Clean IT was born out of a failed b voluntaryb project
organised directly by the European Commission on b illegal online
contentb. That project failed because it did not have a problem
definition. Without knowing what problems it was trying to solve, it
ended up going round in ever smaller circles before finally disappearing
down the proverbial drain. Sadly, no lessons were learned before the
Commission committed to funding Clean IT, which is currently making the
same mistakes all over again.
Even bigger mistakes have not been learned from in this approach. In the
Commission-organised b dialogue on illegal uploading and downloadingb, a
proposal was made for widespread b voluntaryb filtering of peer-to-peer
networks. This was resisted by the Internet access provider industry and
ultimately ruled by the European Court of Justice (Scarlet/Sabam case
C70/10) to be in breach of fundamental rights.
All of this experience meant that EDRi could not possibly participate in
Clean IT without seeking to ensure that the project did not make the
same mistakes that we have seen over and over again. In 2011, as a
precondition of participation, we therefore set very reasonable demands:
1. Identify the specific problems to be solved. (At different moments,
Clean IT was meant to address b Al Quaida influencedb networks,
b terrorist and extremist 'use' of the Internetb and
b discriminationb/b illegal softwareb.)
2. Identify the scope of the industry involvement. Listing every single
type of online intermediary is neither credible nor effective.
3. Actively seek to identify and avoid possibilities for unintended
consequences for both fundamental rights and addressing illegal content.
The project leader rejected all of these preconditions, regrettably
leaving us no option but to stay outside the process. As a result, we
have a project that seeks to use unspecified industry participants to
solve unidentified problems in ways which may or may not be in breach of
the Union and international law. It would be unconscionable for EDRi to
participate in these circumstances.
We have also been contacted via Twitter by Commissioner Kroes'
spokesperson. Mr Heath's comments suggest that CleanIT is only a
b brainstormingb session and the Commission has spent hundreds of
thousands of Euro just for lists of possible policies.
It is very important to stress that absolutely nothing in the document
that we released last week has been officially approved as European
Commission policy. The recommendations, insofar as they are
recommendations, are the sole responsibility of the CleanIT project.
Commissioner MalmstrC6m has acted to distance herself from the project
and has made this very clear via Twitter messages. There are, however,
serious questions that are still to be asked regarding the budget
approval processes that lead to such projects being approved for public
funding.
The law is quite clear b the Charter of Fundamental Rights, the
Convention on Human Rights and the International Covenant on Civil and
Political Rights are quite clear b restrictions on fundamental rights
must be foreseen by law and not introduced as unpredictable, ad hoc
projects by industry. The rule of law cannot be defended by abandoning
the rule of law and EDRi will continue to defend this principle.
EDRi: Clean IT b Leak shows plans for large-scale, undemocratic
surveillance of all communications (21.09.2012)
http://edri.org/cleanIT
Clean IT rebuttal of our comments
http://www.cleanitproject.eu/edri-publishes-clean-it-discussion-document/
Mr Heath's comments
https://twitter.com/EDRi_org/status/250524464499023872
Mr Klaasen's tweet
https://twitter.com/ButKlaasen/status
/249145735453487105
Commissioner MalmstrC6m's tweets
https://twitter.com/MalmstromEU/status/250573911471845376
https://twitter.com/MalmstromEU/status/250574119991660545
https://twitter.com/MalmstromEU/status/250641266038173696
(Contribution by Joe McNamee - EDRi)
=======================================================================
12. Recommended Reading
=======================================================================
Islands of Resilience
Comparative Model for Energy, Connectivity and Jurisdiction
Realizing European ICT possibilities through a case study of Iceland
http://islandsofresilience.eu/
http://icg.greens-efa.org/pipermail/hub/attachments/20120925/83bf78da/attac…
JoaquC-n Almunia Vice President of the European Commission responsible
for Competition Policy - Competition enforcement in the knowledge
economy Fordham University/ New York City (20.09.2012)
http://europa.eu/rapid/pressReleasesAction.do?reference=SPEECH/12/629&forma…
EDPS issues comments on DG MARKT's public consultation on procedures for
notifying and acting on illegal content hosted by online intermediaries
(13.09.2012)
http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consu…
The internet in pieces
Harried by cyberattacks, Iran is making good on a vow to build its own
web. Others could follow (23.09.2012)
http://www.guardian.co.uk/commentisfree/2012/sep/23/iran-us-cyber-espionage…
=======================================================================
13. Agenda
=======================================================================
27 September 2012, Paris, France
Open Data - La ConfC)rence
http://www.opendata-laconference.com/agenda.html
7-10 October 2012, Amsterdam, Netherlands
2012 Amsterdam Privacy Conference
http://www.apc2012.org/
11-12 October 2012, Amsterdam, Netherlands
Economies of the commons 3 - Sustainable Futures for Digital Archives
http://ecommons.eu/
25-28 October 2012, Barcelona, Spain
Free Culture Forum 2012
http://fcforum.net/
3-4 November 2012, Baku, Azerbaijan
Best Bits b a strategic gathering of NGOs around Internet governance and
Internet principles
http://igf-online.net/bestbits.pdf
6-9 November 2012, Baku, Azerbaijan
Seventh Annual IGF Meeting: "Internet Governance for Sustainable Human,
Economic and Social Development"
http://www.intgovforum.org/cms/
9-11 November 2012, Fulda, Germany
Digitalisierte Gesellschaft - Wege und Irrwege
FIfF Annual Conference in cooperation with Fuldaer Informatik Kollquium
http://www.fiff.de/2012
29-30 November 2012, Brussels, Belgium
For Your Eyes Only: Privacy, Empowerment and Technology in the context
of Social Networks
http://www.foryoureyesonly.be
4 December 2012, Brussels, Belgium
3rd Annual European Data Protection and Privacy Conference
http://www.eu-ems.com/summary.asp?event_id=123&page_id=983
23-25 January 2013, Brussels, Belgium
CPDP 2013 Conference - Reloading data protection
CfP by 19 October 2012
http://www.cpdpconferences.org/callforpapers.html
6-8 May 2013, Berlin, Germany
re:publica 2013
http://re-publica.de/12/2012/08/28/der-termin-steht-vom-06-08-mai-2013-geht…
31 July b 4 August 2013, Geestmerambacht, Netherlands
Observe. Hack. Make. - OHM2013
https://ohm2013.org/
============================================================
14. About
============================================================
EDRi-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRi has 32 members based or with offices in 20 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge
and awareness through the EDRi-grams.
All contributions, suggestions for content, corrections or agenda-tips
are most welcome. Errors are corrected as soon as possible and are
visible on the EDRi website.
Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 3.0 License. See the full text at
http://creativecommons.org/licenses/by/3.0/
Newsletter editor: Bogdan Manolea <edrigram(a)edri.org>
Information about EDRI and its members:
http://www.edri.org/
European Digital Rights needs your help in upholding digital rights in
the EU. If you wish to help us promote digital rights, please consider
making a private donation.
http://www.edri.org/about/sponsoring
http://flattr.com/thing/417077/edri-on-Flattr
- EDRI-gram subscription information
subscribe by e-mail
To: edri-news-request(a)edri.org
Subject: subscribe
You will receive an automated e-mail asking to confirm your request.
Unsubscribe by e-mail
To: edri-news-request(a)edri.org
Subject: unsubscribe
- EDRI-gram in Macedonian
EDRI-gram is also available partly in Macedonian, with delay.
Translations are provided by Metamorphosis
http://www.metamorphosis.org.mk/mk/vesti/edri
- EDRI-gram in German
EDRI-gram is also available in German, with delay. Translations are
provided by Andreas Krisch from the EDRI-member VIBE!AT - Austrian
Association for Internet Users
http://www.unwatched.org/
- Newsletter archive
Back issues are available at:
http://www.edri.org/edrigram
- Help
Please ask <edrigram(a)edri.org> if you have any problems with subscribing
or unsubscribing.
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0