July 2018 - cypherpunks-legacy

Re: [liberationtech] Google Bows Down To Chinese Government On Censorship
by Martin Johnson 06 Jul '18

06 Jul '18

I am in China. Google is said to have a 5% market share in China. There are at least 500 million Internet users so that makes for about 25 million users. The number of users using VPNs or circumvention tools is unknown but likely much smaller. For example, Twitter is estimated to have less than 20,000 active users in China ( https://en.greatfire.org/blog/2013/jan/there-are-not-millions-twitter-users… ). Commercial VPNs require credit cards to sign up and are used by very few. Free circumvention tools like FreeGate reach many more but are also continuously targeted by authorities making them slow and unstable. Users who can circumvent the GFW do not always do it. Connecting is slow and, for running a general Google search, unnecessary. All this means that Google's user experience without a VPN matters a lot. Because of the decision they took in December, that user experience got worse. The users Wired talked to were not representative of Chinese netizens. As for the Techcrunch statements, "sources suggest" doesn't make it true. But it is true that "since the notification feature was implemented, access to Googlebs search engine in China has been blocked more often than usual". That is, it was blocked once (on November 9) as opposed to "usual" which is that it isn't blocked. This blocking being part of Google's decision to disable the feature was exactly the argument that we were making. The authorities blocked Google and likely used this and the threat to permanently block it to pressure Google into doing their bidding. Martin Johnson Founder https://GreatFire.org - Monitoring Online Censorship In China. https://FreeWeibo.com - Uncensored, Anonymous Sina Weibo Search. https://Unblock.cn.com - We Can Unblock Your Website In China. On Thu, Jan 10, 2013 at 8:01 PM, Maxim Kammerer <mk(a)dee.su> wrote: > On Thu, Jan 10, 2013 at 1:03 PM, Martin Johnson <greatfire(a)greatfire.org> > wrote: > > Yes, the question is what you call "working well". The censorship-warning > > feature added last year was clearly improving the user experience. > Removing > > it worsened the user experience again. > > Is this backed up by actual user experiences from China? > > b When Wired.co.uk spoke to a few Chinese residents about the disabled > Google feature, they were not even aware of it because they used VPNs, > demonstrating Google might not be taking into account just how savvy > its users are at all.b [1] > > b Sources close to the matter suggest Google pulled the feature because > it was making it more difficult for users to access its search > services. [b&] However, since the notification feature was implemented, > access to Googlebs search engine in China has been blocked more often > than usual [b&] meaning even fewer users were able to use Google > search.b [2] > > [1] > http://www.wired.co.uk/news/archive/2013-01/04/google-china-anti-censorship… > [2] > http://techcrunch.com/2013/01/04/google-quietly-removes-censorship-warning-… > > -- > Maxim Kammerer > LibertC) Linux: http://dee.su/liberte > -- > Unsubscribe, change to digest, or change password at: > https://mailman.stanford.edu/mailman/listinfo/liberationtech > -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

EDRI-gram newsletter - Number 6.9, 7 May 2008
by EDRI-gram newsletter 06 Jul '18

06 Jul '18

============================================================ EDRI-gram biweekly newsletter about digital civil rights in Europe Number 6.9, 7 May 2008 ============================================================ Contents ============================================================ 1. All Italian tax payers' data made public online by the Italian Government 2. Important personal data lost by the Bank of Ireland 3. More control over the Internet wanted in Russia 4. Automatic face recognition in UK airports 5. Radio Free Europe's websites in Belarus under attack 6. EDPS wants data protection considered by EU research projects 7. German Intelligence caught spying on journalist's emails 8. IFPI continues to pressure ISPs to act as Internet police 9. Recommended Reading 10. Agenda 11. About ============================================================ 1. All Italian tax payers' data made public online by the Italian Government ============================================================ To the unpleasant surprise of many Italians, for a few hours on 30 April 2008, the Italian government, through its Agenzia delle Entrate, published on the agency website, agenziaentrate.gov.it, the financial information filed by all Italian taxpayers. Although operational only for a few hours, many people had the opportunity of seeing how much other people were earning, including celebrities. As Corriere della Sera daily newspaper puts it, the site was "a delicious opportunity to find out with a click how much your neighbour or colleague or, for gossip fans, celebrities earn". The present centre-left government made public every citizen's declared taxable income as part of a crackdown on tax evasion. The action brought forth the quick attack and critical attitude of consumers, privacy advocates and politicians alike. The consumer group ADOC considered the action as "a clear violation of privacy law" as the tax return forms did not include any request of consent for data publishing, therefore, the appearance of the data on the Internet being illegal. At the complaint of the Italian Data Protection Authority for violation of privacy, the Italian Treasury ordered the national tax office to close down the site which was providing full details of tax returns, including declared income and tax paid for 2005 but also names, addresses and birth dates. The Deputy Finance Minister Vincenzo Visco said he did not see what the problem was: "It's all about transparency and democracy". Massimo Romano, head of the tax office,considered that the publication had been "in the public interest, in order to allow the free circulation of information in a framework of transparency" and he stated that the action had been in agreement with guidelines from the privacy watchdog. However, Francesco Pizzetti, the head of the Italian DPA, said that he had not been informed about this. The opposition which won the elections last month accused Visco of having released the data as "an act of revenge". "It's a very strange thing to do on the last day before clearing off" said Guido Crosetto, a member of Berlusconi's party who also added: "Taxpayers need to pay less tax, not to know how much all the other Italians are paying." "It's madness," was the comment of Beppe Grillo, a very well known Italian comic. In his opinion the government had "given criminals information about the income and address of taxpayers." He also added: "This is going to make paying taxes very dangerous. (...) It will be much safer and less risky to just evade taxes and pay the fine if you're caught." Uproar in Italy after Web publishes earning levels (30.04.2008) http://www.reuters.com/article/marketsNews/idUSL3079138220080430 Garante Decision on the online financial information (only in Italian, 2.05.2008) http://www.garanteprivacy.it/garante/doc.jsp?ID=1510761 Fiscal data, what does the law say? (only in Italian, 5.05.2008) http://punto-informatico.it/2273614/PI/Commenti/Dati-fiscali--cosa-dice-la-… Fury as tax officials post details of every Italian's salary on internet (1.05.2008) http://www.dailymail.co.uk/pages/live/articles/news/worldnews.html?in_artic… Do the rich pay taxes? Italy tells all (2.05.2008) http://article.wn.com/view/2008/05/02/Do_the_rich_pay_taxes_Italy_tells_all/ ============================================================ 2. Important personal data lost by the Bank of Ireland ============================================================ The personal data of about 10 000 customers of the Bank of Ireland (BOI) are now in the possession of thieves as four laptops with the unencrypted data were stolen from the bank between June and October 2007. The four stolen laptops had been used by staff working for the bank's life assurance division. Not only the customers' data including medical history, life assurance details, bank account details, names and addresses were not encrypted, but the bank notified the thefts to the Data Protection Commissioner in Ireland only on 18 April 2008. Furthermore, until now the bank has not written to individual customers whose information was lost. The case is now investigated by the Financial Regulator as well as by Billy Hawkes, the Irish Data Protection Commissioner. "The investigation will focus on the justification for the personal data, including sensitive medical data in some cases, being placed on the laptops in the first place, the security arrangements in place and the exact circumstances which led to the delay in the reporting of this matter internally within the Bank of Ireland to the appropriate personnel for the taking of further action," said a statement from the Commissioner. The only justification the bank gave in its defence was that it "monitored all of these customer accounts and can confirm that there has been no evidence of fraudulent or suspicious activity" which, of course, cannot possibly cover fraud that may occur somewhere else. And this definitely does not justify the fact that the bank did not notify its customers so that they may protect themselves. It's not yet clear what sanctions will the bank receive or whether it will receive any sanctions at all. In a similar case in England, the Nationwide Building Society was fined around 1 300 000 euro by the Financial Services Authority for having failed to provide proper information security procedures and controls. "Consideration will then be given as to what further action will be sought from Bank of Ireland to ensure that the obligations contained in the Data Protection Acts in this area are met. The Data Protection Commissioner and the Financial Regulator are cooperating on this matter and we will refer any relevant issues to the Financial Regulator" says the Commissioner's statement. More and more, financial organisations create a risk to the security of their customers' data. According to the UK Information Commissioner's Office half of the data security breaches in the private sector reported since last November involved financial services companies. The problem is that, presently, there is no general legal obligation for a body to notify the people in case of losing their data. As reported by EDRi-gram, the European Data Protection Supervisor has suggested amendments in this respect to the forthcoming e-Privacy Directive. Bank alert as details of 10,000 files stolen (22.04.2008) http://www.independent.ie/national-news/bank-alert--as-details-of-10000--fi… Lessons from Laptop Loss - the Bank of Ireland case and Mandatory Reporting of Data Loss (23.04.2008) http://www.digitalrights.ie/2008/04/23/lessons-from-laptop-loss-the-bank-of… Bank of Ireland loses thousands of customer records (23.04.2008) http://www.out-law.com/page-9069 EDRI gram - EDPS endorses data breach notification provision in ePrivacy Directive (23.04.2008) http://www.edri.org/edrigram/number6.8/edps-data-breach-notification ============================================================ 3. More control over the Internet wanted in Russia ============================================================ The Russian prosecutor's office wants to extend the anti-extremism laws to the Internet, proposing an amendment to the rules that presently govern printed media on the basis of which newspapers considered by the court to have published extremist material can be shut down. In terms of the new proposal, which began circulating in the State Duma's Security Committee on 10 April 2008, any kind of material considered extremist or website deemed to have hosted extremist material should be blocked by ISPs. If found guilty of repeatedly hosting extremist materials, the website will be shut down. A list of extremist Internet-based materials and sites must be regularly made available and the ISPs will be bound to stop hosting these sites. The proposal asks from law-makers to clearly delineate "what is unacceptable on the internet in terms of public morality, public safety and anti-extremist legislation" and to "place responsibility for the dissemination of any such materials on those who furnish space for it." "We are speaking about the self-controlling of the providers and telecommunications companies" said Aleksey Zhafyarov, the deputy head of Directorate supervising enforcement of laws on federal security, interethnic relations and countering extremism. Internet is considered too free by the Russian governors. Alexander Torshin, the vice-speaker of the Federation Council, has painted a very dark image of the Internet believing it is "a means of terror propaganda" that can be considered "the academy of terrorism." In his opinion, terrorists use the Internet to "practically propagandize their ideas in the open, recruiting new adherents, buying up weapons and munitions, (and) communicating with one another." He said that lawmakers should "work out unified identifying criteria for terrorist websites, formulate techniques to expose them and constantly monitor their activities, nationally and internationally, and also (work out) the means to close these sites." The proposal has created concerns related to the abuses that such a law might bring forth. "It is difficult to find anyone who is not against extremism but it depends on how the law is used. The government uses (it) selectively" said Oleg Panfilov, director of the Centre of Journalism in Extreme Situations. There have been cases when blogs and websites belonging to the opposition have been shut down after having been labelled as extremist. For example the news website gazeta.ru was warned for using extremist materials last year after it wrote about cartoons that satirised the prophet Mohammed. Even some of the Russian lawmakers have doubts about the usefulness of any new measures to control the Internet. "We tighten the screws and the situation only gets worse" said Gennady Gudkov, the deputy chairman of the State Duma Security Committee. Critics also believe that there is enough control already and law enforcement agencies have the means to shut down Internet providers as in the case of the 10 ISPs who were shut down by St. Petersburg prosecutors on 14 April 2008 for hosting extremist content. Since the beginning of this year, the pressure to regulate the Internet has increased in Russia. In January, Russia's Parliament began work on a law "On the Internet," that should create a legal framework to deal with online matters. In February, Vladimir Slutsker, a Federation Council delegate, introduced a draft normative act that will force all Internet sites with more than a thousand daily visitors to register as mass-media outlets. There is also a project currently in the State Duma that would limit foreign investment in the telecommunications and internet industries. On 25 April 2008 Russia's lower house of Parliament, the State Duma, passed, nearly unanimously, an amendment to the law on mass-media, in its first reading, giving greater powers to authorities to shut down media outlets. The new law forbids using a registered media source to spread "false facts that discredit the honour and dignity of another entity, or undermine their reputation." Russian prosecutors eye Internet censorship (23.04.2008) http://afp.google.com/article/ALeqM5gzKl0LhCkTUDVEcpowGh9oBfxUQw Russian Prosecutors Present Draft Law to Regulate Internet (12.04.2008) http://www.theotherrussia.org/2008/04/12/russian-prosecutors-present-draft-… Lawmakers in Russia Recommend Internet Regulation (18.04.2008) http://www.theotherrussia.org/2008/04/18/lawmakers-in-russia-recommend-inte… Russian Authorities Gain Powers to Shut Down Media (25.04.2008) http://www.theotherrussia.org/2008/04/25/russian-authorities-gain-powers-to… Russian Prosecutors Ask Parliament to Regulate Internet Content (18.03.2008) http://www.theotherrussia.org/2008/03/18/russian-prosecutors-ask-parliament… EDRI-gram: Russian Government wants to control all WiFi devices (23.04.2008) http://www.edri.org/edrigram/number6.8/russia-control-wifi ============================================================ 4. Automatic face recognition in UK airports ============================================================ Starting this summer, the UK Border Agency will use facial recognition technology at automated unmanned gates. A machine would accept or reject the match between the scan and the computer information on people with biometric passports. The pilot project will be open to UK and EU citizens holding new biometric passports. "We think a machine can do a better job (than manned passport inspections). What will the public reaction be? Will they use it? We need to test and see how people react and how they deal with rejection. We hope to get the trial up and running by the summer" said Gary Murphy, head of operational design and development for the UK Border Agency, during a biometrics-related conference that took place in London in April 2008. Home Office minister Liam Byrne said: "Britain's border security is now among the toughest in the world and tougher checks do take time, but we don't want long waits. So the UK Border Agency will soon be testing new automatic gates for British and European Economic Area citizens. We will test them this year and if they work put them at all key ports (and airports)." As there is concern that passengers will react badly if rejected by an automated gate, the technology will err on the side of caution and innocent passengers that are rejected may be redirected to traditional passport queues, or authorized officers may override the automatic gates after having performed the necessary checks. However, the technology is highly criticized. Phil Booth of the No2Id Campaign explains: "Someone is extremely optimistic. The technology is just not there. The last time I spoke to anyone in the facial recognition field they said the best systems were only operating at about a 40% success rate in a real time situation. I am flabbergasted they consider doing this at a time when there are so many measures making it difficult for passengers." The facial image contained by the EU passport is actually a digitised copy of the normal passport picture which is not a biometric data and, according to a report of the UK National Audit Office "current facial recognition technology is not reliable enough to enable the automated checking of applications against the full database of existing passport holders". The report also says that the technology may be useless in cases when the two-year guaranty chips are contained into 10-year long passports. Besides, the face may change very much in ten years making the database even more unreliable. Tony Bunyan, Statewatch editor, comments: "The UK and other EU governments refer to the digitised passport photo as a biometric when it is not for ideological reasons - to get us used to the idea that they already have one of our "biometrics" so why should we not give them another - our fingerprints. The process however is very different. In most cases the passport picture is simply submitted by post or at an office whereas the compulsory taking of fingerprints requires the physical presence of the person at an "enrolment centre" where they have to prove "they are who they are". The Government has not yet decided how many airports will take part in the trial but, if the pilot project is successful, the technology will be extended to all UK airports. Face scans for air passengers to begin in UK this summer (25.04.2004) http://www.guardian.co.uk/business/2008/apr/25/theairlineindustry.transport… Identity and Passport Service: Introduction of ePassports http://www.statewatch.org/news/2008/apr/uk-nao-report.pdf UK to introduce face scans at airports (26.04.2008) http://www.thepeninsulaqatar.com/Display_news.asp?section=world_news&month=… Computers to scan passengers at UK airports this summer (23.04.2008) http://economictimes.indiatimes.com/International_Business/Computers_to_sca… ============================================================ 5. Radio Free Europe's websites in Belarus under attack ============================================================ Several Radio Free Europe websites were under a distributed denial of service (DDoS) attack in the past week. The attacks started on 26 April 2008, the 22nd anniversary of the Chernobyl nuclear disaster, primary targeted at the Belarus Radio Free Europe/Radio Liberty (RFE/RL) service which was offering live coverage of a rally of protest organized in Minsk against the plight of uncompensated victims and a government decision to build a new nuclear plant. Martins Zvaners, RFE spokesman, thinks that was the largest attack ever experienced by RFE. At its peak, the DDoS attack was sending more than 50000 requests to the RFE sites, flooding its servers' capacity and throwing them offline. Although there is no proof of who was behind the attacks, Zvaners pointed his finger at the Belarus administration: "This started on the day of a demonstration that they wanted no one to cover. They've never been real happy with us. In an ongoing sense, they are always 'jamming' our signals. We can't say for certain who did it, but you look at the circumstances and you can start to draw some possible inferences." US State Department spokeswoman Jessica Simon stated that it was the Belarusian Government's responsibility to stop such kind of attacks while Nina Ognianova, the program coordinator for Europe and Central Asia at the New York-based Committee to Protect Journalists, said it was also the responsibility of President Alyaksandr Lukashenka to find and punish those responsible with the attacks. "In Belarus especially, RFE/RL service is significant now more than ever because Lukashenka's regime has destroyed the other independent and opposition broadcasters. (...) So we certainly are very concerned about this short-lived but successful attacks" said Ognianova. RFE issued a news release on 28 April following which the attacks stopped and the sites went back online. According to Zvaners, RFE has now taken protection measures against similar attacks. During the three days of the attack, RFR/RL's Belarus Service was supported by 22 Belarusian sites that hosted its content. "Dear friends. We value your solidarity and we promise to support any site that falls victim to such an attack in the future. (...) Thanks to all of you for your support of freedom" said Alyaksandr Lukashuk, director of RFE/RL's Belarus Service, who considers that the response to the attack was an example that could create a precedent for future online "esprit de corps" among journalists and pro-democracy advocates. Belarus: RFE/RL Cites Online 'Solidarity' In Face Of Cyberattack (29.04.2008) http://www.rferl.org/featuresarticle/2008/04/294d624f-a664-4791-adab-559d66… Chernobyl coverage blows up in Radio Free Europe's face (29.04.2008) http://www.theregister.co.uk/2008/04/29/radio_free_europe_ddos_attacks/ DDoS attacks knocked Radio Free Europe off the Web (4.05.2008) http://www.computerworld.com/action/article.do?command=viewArticleBasic&tax… U.S. Denounces Attack On RFE/RL Websites (29.04.2008) http://www.rferl.org/featuresarticle/2008/04/8277ba11-4725-49d1-8e8a-803140… ============================================================ 6. EDPS wants data protection considered by EU research projects ============================================================ Peter Hustinx, the European Data Protection Supervisor (EDPS) wants privacy and data protection requirements to be considered in the future EU research and technological development (RTD) projects, especially those developing information and communication technologies. The EDPS' main role is to monitor EU developments which have an impact on the protection of personal data, especially the development of ICT and "to advise the Commission and/or project developers on their efforts to use privacy and data protection-friendly RTD methodologies and of course to develop technologies and processes that will promote and reinforce the effectiveness of the EU data protection legal framework". On 28 April 2008, EDPS adopted a policy paper establishing his role and developing possible models of contribution both in the preparatory phase of the overall EU research framework programme as well as for individual research projects. The EDPS contributions have as purpose to reinforce the application of the "privacy by design" principle as an inherent part of the RTD initiatives. "Privacy and data protection requirements need to be highlighted and applied as soon as possible in the life cycle of new technological developments in order to contribute to a better implementation of the data protection legal framework. The European RTD efforts constitute a very good opportunity to accomplish these goals" says Hustinx. The EDPS' contributions in this direction could be achieved by: - participation in workshops and conferences intended to identify future challenges that can be relevant for EU RTD policy; - contribution to research advisory boards launched by the European Commission in connection with the Framework Programme, and provision of opinions on data protection matters; - assistance to the European Commission in the evaluation process of proposals, in particular regarding possible data protection issues these proposals might trigger; - provision of opinions on data protection matters in relation to individual RTD projects on his own initiative or at the request of a consortium. Also, as "research projects of an EU Framework Programme usually have the obligation to involve partners from several Member States, the EDPS could also, in this case, contribute to and facilitate the cooperation between the corresponding Member States or third country data protection authorities which might be involved" says the paper. The EDPS and EU Research and Technological Development -Policy paper (28.04.2008) http://edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/EDPS/Publ… Privacy chief: EU research must consider data protection (30.04.2008) http://www.euractiv.com/en/science/privacy-chief-eu-research-consider-data-… EDPS issues policy paper on his role in EU research and technological development (28.04.2008) http://europa.eu/rapid/pressReleasesAction.do?reference=EDPS/08/4&format=HT… ============================================================ 7. German Intelligence caught spying on journalist's emails ============================================================ The German Federal Intelligence Service, the Bundesnachrichtendienst (BND), has been recently under pressure for having illicitly monitored the e-mails between Spiegel correspondent Susanne Koelbl and Afghanistan's Commerce Minister Amin Farhang. The German parliamentary commission in charge with investigating the activities of the secret services (PKG) criticised BND, believing the agency had been compromised by this case that it considered "a grave breach of basic rights". "The trust between the PKG and the leadership of the BND has been violated by this," stated PKG. The commission also considered it unacceptable that Uhrlau, the BND president, had not informed the German government or the commission about the case and that even BND's leadership had learned about the case only a year after the operation took place, which represented a violation of the internal policy requiring official clearance. Although Uhrlau publicly apologised to Susanne Koelbl, apparently, the target was not the Spiegel journalist this time, but Amin Farhang, Afghanistan's commerce minister, who exchanged e-mails with the reporter between June and November 2006. Koelbl's correspondence was retrieved by using a "Trojan horse" software which invaded the minister's computer system and which was sending copies of his e-mail messages to the BND. Furthermore, Spiegel has learned that the BND was performing more extensive spying activities in Afghanistan having actually monitored the entire computer network of the Ministry of Commerce and Industry. BND specialists had succeeded in retrieving several government e-mail addresses, confidential documents and even passwords. Der Spiegel, after having asked Farhang's permission to reveal his name, stated that the minister had been a secret source for some of its articles in the recent years. The magazine called the case "a grave encroachment on press freedom" and threatened to take legal action against the BND. The Afghan government was shocked by the case. "I am appalled and disgusted by these methods, which have no place in a constitutional state," commented Afghan Foreign Minister Rangin Dadfar Spanta. German Foreign Minister Frank-Walter Steinmeier has called his Afghan counterpart to apologize for the monitoring operation. The German Foreign Ministry said Steinmeier would also contact Farhang to express his regrets personally. This espionage action is not the first for the BND in relation to journalists. In 2006 it came out that German reporters were placed under surveillance by the intelligence agents to find out sources of leaks from the BND. As a result of the big scandal the followed this discovery, the BND president was changed. Ernst Uhrlau, the new president, had pledged to make the service more transparent. "It hasn't even been three years since the BND's last scandal, over systematic domestic spying on journalists. (That scandal) led to an internal directive forbidding surveillance of reporters. The directive is still in force, according to the BND. But we now know that only a short while later, in June 2006, a new half-year bugging operation was mounted against a German journalist - this time in Afghanistan. There are hints that she was not the only one" wrote Die Tageszeitung. It appears Uhrlau will keep his job although he seems to have lost control over some of the agents and had failed to inform the Chancellery, which is responsible for supervising the BND's activities. However, a draft law would be drawn in the coming months to give the Parliament powers to monitor the agency, as stated Hans-Peter Uhl, a deputy from Chancellor Angela Merkel's conservative party. German spy agency rapped over Afghan email monitoring (24.04.2008) http://afp.google.com/article/ALeqM5hp_BYVtWMyJ3cHJx_CPY73l9R5KQ German Spies Put Afghan Ministry under Surveillance (26.04.2008) http://www.spiegel.de/international/germany/0,1518,549894,00.html Germany Apologizes for Spying on Afghan Minister (26.04.2008) http://www.dw-world.de/dw/article/0,2144,3294534,00.html BND Agents 'Knew What They Were Doing' (25.04.2008) http://www.spiegel.de/international/germany/0,1518,549765,00.html Agency Admits Spying on Afghan Politician and SPIEGEL Journalist (24.04.2008) http://www.spiegel.de/international/germany/0,1518,549488,00.html\ ============================================================ 8. IFPI continues to pressure ISPs to act as Internet police ============================================================ Despite the criticism and negative reaction of the ISPs in several countries, IFPI continues to pressures them in turning themselves into Internet police. Following Denmark, Norway and Ireland, it is the turn of the Swedish ISPs to be the target of the association. What IFPI asks is for ISPs to restrict their customers' access to websites allegedly facilitating copyright infringement. As until now it had little success in its discussions with the ISPs, IFPI has decided to use legal pressure. "We believe that ISPs have a special part to play in this and must help us. The discussions we've tried to have with the ISPs haven't led anywhere" said IFPI's Managing Director in Sweden, Lars Gustafsson. According to Gustaffson, the focus will be on one particular company that allegedly facilitates filesharing on the Internet and one of the services they are after is The PirateBay. IFPI has already sent out letters to several service providers, asking them to monitor their customers and to filter websites. However, most ISPs have refused to cooperate with the IFPI. Telia Sonera, a large Swedish ISP considered such actions are illegal under EU law and Norwegian ISPs had the same response. IFPI argue that restricting access to filesharing sites might be to the advantage of ISPs. "Illegal P2P file-sharing may have helped drive broadband subscriptions in the past, yet today these activities, particularly in respect of movies, are hogging bandwidth," they state. Until now, IFPI obtained a victory in February in Denmark when Tele2 was order by the court to block its customers' access to The PirateBay but the decision is now under appeal and the PirateBay has announced its intention to ask for compensation. IFPI to Sue Swedish ISP for Facilitating Copyright Infringement (2.05.2008) http://torrentfreak.com/ifpi-to-sue-swedish-isp-for-facilitating-copyright-… Swedish ISP Refuses To Block The Pirate Bay (27.03.2008) http://torrentfreak.com/swedish-isp-refuses-to-block-pirate-bay-080327/ EDRI-gram: Setback for IFPI in its case against PirateBay (23.04.2008) http://www.edri.org/edrigram/number6.8/ifpi-setback-piratebay ============================================================ 9. Recommended Reading ============================================================ Report on fraud regarding non cash means of payments in the EU: the implementation of the 2004-2007 EU Action Plan http://ec.europa.eu/internal_market/payments/docs/fraud/implementation_repo… ============================================================ 10. Agenda ============================================================ 9-10 May 2008, Florence, Italy Digital communities and data retention http://e-privacy.winstonsmith.info/ 10 May 2008, Florence, Italy Big Brother Awards Italy 2008 http://bba.winstonsmith.info/ 12 May 2008, Bled, Slovenia Workshop on ethics and e-Inclusion http://ec.europa.eu/information_society/newsroom/cf/itemdetail.cfm?item_id=… 15 May 2008, Brussels, Belgium EDPS Annual Report 2007 http://edps.europa.eu/ 15-17 May 2008, Ljubljana, Slovenia EURAM Conference 2008 - Track "Creating Value Through Digital Commons" How collective management of IPRs, open innovation models, and digital communities shape the industrial dynamics in the XXI century. http://www.euram2008.org 20-23 May 2008, New Haven, CT, USA 18th Annual Computers, Freedom, and Privacy conference http://cfp2008.org/ 30-31 May 2008, Bucharest, Romania eLiberatica 2008 - The benefits of Open and Free Technologies http://www.eliberatica.ro/2008/ 6-7 June 2008, Bremen, Germany IdentityCamp - a barcamp around identity 2.0 and privacy 2.0 http://barcamp.org/IdentityCampBremen 17-18 June 2008, Seoul, Korea The Future of the Internet Economy - OECD Ministerial Meeting http://www.oecd.org/FutureInternet 23 June 2008, Paris, France GigaNet is organizing an international academic workshop on "Global Internet Governance: An Interdisciplinary Research Field in Construction" http://tinyurl.com/3y9ld8 26-27 June 2008, London, UK International Conference on Digital Evidence http://www.mistieurope.com/default.asp?Page=65&Return=70&ProductID=8914&LS=… 30 June - 1 July 2008, Louvain-la-Neuve, Belgium First COMMUNIA Conference - Assessment of economic and social impact of digital public domain throughout Europe http://www.communia-project.eu/conf2008 7-9 July 2008, Cambridge, UK Privacy Laws & Business 21st Annual International Conference http://www.privacylaws.com/templates/AnnualConferences.aspx?id=641 7-8 July 2008, London, UK Developing New Models Of Content Delivery Online & Innovative Strategies For Effectively Tackling Copyright Infringement http://www.isp-content-regulation.com/conference.agenda.asp 23-25 July 2008, Leuven, Belgium The 8th Privacy Enhancing Technologies Symposium (PETS 2008) http://petsymposium.org/2008/ 19-20 July 2008, Stockholm, Sweden International Association for Media and Communication Research pre-conference - Civil Rights in Mediatized Societies: Which data privacy against whom and how ? http://www.iamcr.org/content/view/301/1/ 8-10 September 2008, Geneva, Switzerland The third annual Access to Knowledge Conference (A2K3) http://isp.law.yale.edu/ 24-28 September 2008, Athens, Greece World Summit on the Knowledge Society The deadline for articles submission is 10 May 2008 http://www.open-knowledge-society.org/summit.htm ============================================================ 11. About ============================================================ EDRI-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRI has 28 members based or with offices in 17 different countries in Europe. European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRI-grams. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and visibly on the EDRI website. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 2.0 License. See the full text at http://creativecommons.org/licenses/by/2.0/ Newsletter editor: Bogdan Manolea <edrigram(a)edri.org> Information about EDRI and its members: http://www.edri.org/ European Digital Rights needs your help in upholding digital rights in the EU. If you wish to help us promote digital rights, please consider making a private donation. http://www.edri.org/about/sponsoring - EDRI-gram subscription information subscribe by e-mail To: edri-news-request(a)edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. unsubscribe by e-mail To: edri-news-request(a)edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/edrigram-mk.php - EDRI-gram in German EDRI-gram is also available in German, with delay. Translations are provided Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users http://www.unwatched.org/ - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask <edrigram(a)edri.org> if you have any problems with subscribing or unsubscribing ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

Re: Hey guys, here is another (great?) idea
by Brian C 06 Jul '18

06 Jul '18

Matt Thorne wrote: >it would work better if they were required to contribute. It would work better from a technical perspective only. From an overall view "requiring" anyone who runs a tor client to run a tor server would not be good for the project. There would be backlash. We've seen that some websites (Slashdot, Wikipedia, Gentoo Forums) can take action against tor server operators that can be frustrating to resolve. If people who just want to run the client through a cool Firefox extension don't understand that they may also get banned from certain websites because they are "required" to also run a tor server, then we will hear from those frustrated users and the project/extension will get a bad rap. Instead, we should just make it really easy for people to opt-in to contributing some bandwidth as a server. Enough people would opt-in if it were really simple that we would probably still see some performance gains. I also have an idea for scaling the # of tor servers dramatically that I'll post about soon. I like this firefox extension idea a lot though too. Brian >On 11/19/05, Arrakis Tor <arrakistor(a)gmail.com> wrote: >>Hello fellow tor-nerds, >> >>This was mentioned to me last week. It was suggested to me to >>implement Torpark as a Firefox plugin. >> >>Well, I don't think that would work since Torpark is designed to be >>stand-alone and mobile. >> >>But tell you what, if we fitted Tor to be a firefox XPI/extension it >>sure would be the most popular Firefox plugin ever. >> >>What if we created a Firefox plugin for just Tor, and it allowed >>Firefox users to configure their level of involvement (using firefox >>extension as the GUI). They could set if they were just rendezvous/man >>middle, or even if they wanted to let their machine be an exit node, >>and of course plug their browser into Tor directly (thanks to firefox >>1.5 and later). All from a simple firefox extention. >> >>This would be an excellent solution to bandwidth issues, an bring a >>new level of global involvement for Tor server presence. >> >>What do you think? >> >>ST ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

1 0

EDRI-gram newsletter - Number 6.9, 7 May 2008
by EDRI-gram newsletter 06 Jul '18

06 Jul '18

============================================================ EDRI-gram biweekly newsletter about digital civil rights in Europe Number 6.9, 7 May 2008 ============================================================ Contents ============================================================ 1. All Italian tax payers' data made public online by the Italian Government 2. Important personal data lost by the Bank of Ireland 3. More control over the Internet wanted in Russia 4. Automatic face recognition in UK airports 5. Radio Free Europe's websites in Belarus under attack 6. EDPS wants data protection considered by EU research projects 7. German Intelligence caught spying on journalist's emails 8. IFPI continues to pressure ISPs to act as Internet police 9. Recommended Reading 10. Agenda 11. About ============================================================ 1. All Italian tax payers' data made public online by the Italian Government ============================================================ To the unpleasant surprise of many Italians, for a few hours on 30 April 2008, the Italian government, through its Agenzia delle Entrate, published on the agency website, agenziaentrate.gov.it, the financial information filed by all Italian taxpayers. Although operational only for a few hours, many people had the opportunity of seeing how much other people were earning, including celebrities. As Corriere della Sera daily newspaper puts it, the site was "a delicious opportunity to find out with a click how much your neighbour or colleague or, for gossip fans, celebrities earn". The present centre-left government made public every citizen's declared taxable income as part of a crackdown on tax evasion. The action brought forth the quick attack and critical attitude of consumers, privacy advocates and politicians alike. The consumer group ADOC considered the action as "a clear violation of privacy law" as the tax return forms did not include any request of consent for data publishing, therefore, the appearance of the data on the Internet being illegal. At the complaint of the Italian Data Protection Authority for violation of privacy, the Italian Treasury ordered the national tax office to close down the site which was providing full details of tax returns, including declared income and tax paid for 2005 but also names, addresses and birth dates. The Deputy Finance Minister Vincenzo Visco said he did not see what the problem was: "It's all about transparency and democracy". Massimo Romano, head of the tax office,considered that the publication had been "in the public interest, in order to allow the free circulation of information in a framework of transparency" and he stated that the action had been in agreement with guidelines from the privacy watchdog. However, Francesco Pizzetti, the head of the Italian DPA, said that he had not been informed about this. The opposition which won the elections last month accused Visco of having released the data as "an act of revenge". "It's a very strange thing to do on the last day before clearing off" said Guido Crosetto, a member of Berlusconi's party who also added: "Taxpayers need to pay less tax, not to know how much all the other Italians are paying." "It's madness," was the comment of Beppe Grillo, a very well known Italian comic. In his opinion the government had "given criminals information about the income and address of taxpayers." He also added: "This is going to make paying taxes very dangerous. (...) It will be much safer and less risky to just evade taxes and pay the fine if you're caught." Uproar in Italy after Web publishes earning levels (30.04.2008) http://www.reuters.com/article/marketsNews/idUSL3079138220080430 Garante Decision on the online financial information (only in Italian, 2.05.2008) http://www.garanteprivacy.it/garante/doc.jsp?ID=1510761 Fiscal data, what does the law say? (only in Italian, 5.05.2008) http://punto-informatico.it/2273614/PI/Commenti/Dati-fiscali--cosa-dice-la-… Fury as tax officials post details of every Italian's salary on internet (1.05.2008) http://www.dailymail.co.uk/pages/live/articles/news/worldnews.html?in_artic… Do the rich pay taxes? Italy tells all (2.05.2008) http://article.wn.com/view/2008/05/02/Do_the_rich_pay_taxes_Italy_tells_all/ ============================================================ 2. Important personal data lost by the Bank of Ireland ============================================================ The personal data of about 10 000 customers of the Bank of Ireland (BOI) are now in the possession of thieves as four laptops with the unencrypted data were stolen from the bank between June and October 2007. The four stolen laptops had been used by staff working for the bank's life assurance division. Not only the customers' data including medical history, life assurance details, bank account details, names and addresses were not encrypted, but the bank notified the thefts to the Data Protection Commissioner in Ireland only on 18 April 2008. Furthermore, until now the bank has not written to individual customers whose information was lost. The case is now investigated by the Financial Regulator as well as by Billy Hawkes, the Irish Data Protection Commissioner. "The investigation will focus on the justification for the personal data, including sensitive medical data in some cases, being placed on the laptops in the first place, the security arrangements in place and the exact circumstances which led to the delay in the reporting of this matter internally within the Bank of Ireland to the appropriate personnel for the taking of further action," said a statement from the Commissioner. The only justification the bank gave in its defence was that it "monitored all of these customer accounts and can confirm that there has been no evidence of fraudulent or suspicious activity" which, of course, cannot possibly cover fraud that may occur somewhere else. And this definitely does not justify the fact that the bank did not notify its customers so that they may protect themselves. It's not yet clear what sanctions will the bank receive or whether it will receive any sanctions at all. In a similar case in England, the Nationwide Building Society was fined around 1 300 000 euro by the Financial Services Authority for having failed to provide proper information security procedures and controls. "Consideration will then be given as to what further action will be sought from Bank of Ireland to ensure that the obligations contained in the Data Protection Acts in this area are met. The Data Protection Commissioner and the Financial Regulator are cooperating on this matter and we will refer any relevant issues to the Financial Regulator" says the Commissioner's statement. More and more, financial organisations create a risk to the security of their customers' data. According to the UK Information Commissioner's Office half of the data security breaches in the private sector reported since last November involved financial services companies. The problem is that, presently, there is no general legal obligation for a body to notify the people in case of losing their data. As reported by EDRi-gram, the European Data Protection Supervisor has suggested amendments in this respect to the forthcoming e-Privacy Directive. Bank alert as details of 10,000 files stolen (22.04.2008) http://www.independent.ie/national-news/bank-alert--as-details-of-10000--fi… Lessons from Laptop Loss - the Bank of Ireland case and Mandatory Reporting of Data Loss (23.04.2008) http://www.digitalrights.ie/2008/04/23/lessons-from-laptop-loss-the-bank-of… Bank of Ireland loses thousands of customer records (23.04.2008) http://www.out-law.com/page-9069 EDRI gram - EDPS endorses data breach notification provision in ePrivacy Directive (23.04.2008) http://www.edri.org/edrigram/number6.8/edps-data-breach-notification ============================================================ 3. More control over the Internet wanted in Russia ============================================================ The Russian prosecutor's office wants to extend the anti-extremism laws to the Internet, proposing an amendment to the rules that presently govern printed media on the basis of which newspapers considered by the court to have published extremist material can be shut down. In terms of the new proposal, which began circulating in the State Duma's Security Committee on 10 April 2008, any kind of material considered extremist or website deemed to have hosted extremist material should be blocked by ISPs. If found guilty of repeatedly hosting extremist materials, the website will be shut down. A list of extremist Internet-based materials and sites must be regularly made available and the ISPs will be bound to stop hosting these sites. The proposal asks from law-makers to clearly delineate "what is unacceptable on the internet in terms of public morality, public safety and anti-extremist legislation" and to "place responsibility for the dissemination of any such materials on those who furnish space for it." "We are speaking about the self-controlling of the providers and telecommunications companies" said Aleksey Zhafyarov, the deputy head of Directorate supervising enforcement of laws on federal security, interethnic relations and countering extremism. Internet is considered too free by the Russian governors. Alexander Torshin, the vice-speaker of the Federation Council, has painted a very dark image of the Internet believing it is "a means of terror propaganda" that can be considered "the academy of terrorism." In his opinion, terrorists use the Internet to "practically propagandize their ideas in the open, recruiting new adherents, buying up weapons and munitions, (and) communicating with one another." He said that lawmakers should "work out unified identifying criteria for terrorist websites, formulate techniques to expose them and constantly monitor their activities, nationally and internationally, and also (work out) the means to close these sites." The proposal has created concerns related to the abuses that such a law might bring forth. "It is difficult to find anyone who is not against extremism but it depends on how the law is used. The government uses (it) selectively" said Oleg Panfilov, director of the Centre of Journalism in Extreme Situations. There have been cases when blogs and websites belonging to the opposition have been shut down after having been labelled as extremist. For example the news website gazeta.ru was warned for using extremist materials last year after it wrote about cartoons that satirised the prophet Mohammed. Even some of the Russian lawmakers have doubts about the usefulness of any new measures to control the Internet. "We tighten the screws and the situation only gets worse" said Gennady Gudkov, the deputy chairman of the State Duma Security Committee. Critics also believe that there is enough control already and law enforcement agencies have the means to shut down Internet providers as in the case of the 10 ISPs who were shut down by St. Petersburg prosecutors on 14 April 2008 for hosting extremist content. Since the beginning of this year, the pressure to regulate the Internet has increased in Russia. In January, Russia's Parliament began work on a law "On the Internet," that should create a legal framework to deal with online matters. In February, Vladimir Slutsker, a Federation Council delegate, introduced a draft normative act that will force all Internet sites with more than a thousand daily visitors to register as mass-media outlets. There is also a project currently in the State Duma that would limit foreign investment in the telecommunications and internet industries. On 25 April 2008 Russia's lower house of Parliament, the State Duma, passed, nearly unanimously, an amendment to the law on mass-media, in its first reading, giving greater powers to authorities to shut down media outlets. The new law forbids using a registered media source to spread "false facts that discredit the honour and dignity of another entity, or undermine their reputation." Russian prosecutors eye Internet censorship (23.04.2008) http://afp.google.com/article/ALeqM5gzKl0LhCkTUDVEcpowGh9oBfxUQw Russian Prosecutors Present Draft Law to Regulate Internet (12.04.2008) http://www.theotherrussia.org/2008/04/12/russian-prosecutors-present-draft-… Lawmakers in Russia Recommend Internet Regulation (18.04.2008) http://www.theotherrussia.org/2008/04/18/lawmakers-in-russia-recommend-inte… Russian Authorities Gain Powers to Shut Down Media (25.04.2008) http://www.theotherrussia.org/2008/04/25/russian-authorities-gain-powers-to… Russian Prosecutors Ask Parliament to Regulate Internet Content (18.03.2008) http://www.theotherrussia.org/2008/03/18/russian-prosecutors-ask-parliament… EDRI-gram: Russian Government wants to control all WiFi devices (23.04.2008) http://www.edri.org/edrigram/number6.8/russia-control-wifi ============================================================ 4. Automatic face recognition in UK airports ============================================================ Starting this summer, the UK Border Agency will use facial recognition technology at automated unmanned gates. A machine would accept or reject the match between the scan and the computer information on people with biometric passports. The pilot project will be open to UK and EU citizens holding new biometric passports. "We think a machine can do a better job (than manned passport inspections). What will the public reaction be? Will they use it? We need to test and see how people react and how they deal with rejection. We hope to get the trial up and running by the summer" said Gary Murphy, head of operational design and development for the UK Border Agency, during a biometrics-related conference that took place in London in April 2008. Home Office minister Liam Byrne said: "Britain's border security is now among the toughest in the world and tougher checks do take time, but we don't want long waits. So the UK Border Agency will soon be testing new automatic gates for British and European Economic Area citizens. We will test them this year and if they work put them at all key ports (and airports)." As there is concern that passengers will react badly if rejected by an automated gate, the technology will err on the side of caution and innocent passengers that are rejected may be redirected to traditional passport queues, or authorized officers may override the automatic gates after having performed the necessary checks. However, the technology is highly criticized. Phil Booth of the No2Id Campaign explains: "Someone is extremely optimistic. The technology is just not there. The last time I spoke to anyone in the facial recognition field they said the best systems were only operating at about a 40% success rate in a real time situation. I am flabbergasted they consider doing this at a time when there are so many measures making it difficult for passengers." The facial image contained by the EU passport is actually a digitised copy of the normal passport picture which is not a biometric data and, according to a report of the UK National Audit Office "current facial recognition technology is not reliable enough to enable the automated checking of applications against the full database of existing passport holders". The report also says that the technology may be useless in cases when the two-year guaranty chips are contained into 10-year long passports. Besides, the face may change very much in ten years making the database even more unreliable. Tony Bunyan, Statewatch editor, comments: "The UK and other EU governments refer to the digitised passport photo as a biometric when it is not for ideological reasons - to get us used to the idea that they already have one of our "biometrics" so why should we not give them another - our fingerprints. The process however is very different. In most cases the passport picture is simply submitted by post or at an office whereas the compulsory taking of fingerprints requires the physical presence of the person at an "enrolment centre" where they have to prove "they are who they are". The Government has not yet decided how many airports will take part in the trial but, if the pilot project is successful, the technology will be extended to all UK airports. Face scans for air passengers to begin in UK this summer (25.04.2004) http://www.guardian.co.uk/business/2008/apr/25/theairlineindustry.transport… Identity and Passport Service: Introduction of ePassports http://www.statewatch.org/news/2008/apr/uk-nao-report.pdf UK to introduce face scans at airports (26.04.2008) http://www.thepeninsulaqatar.com/Display_news.asp?section=world_news&month=… Computers to scan passengers at UK airports this summer (23.04.2008) http://economictimes.indiatimes.com/International_Business/Computers_to_sca… ============================================================ 5. Radio Free Europe's websites in Belarus under attack ============================================================ Several Radio Free Europe websites were under a distributed denial of service (DDoS) attack in the past week. The attacks started on 26 April 2008, the 22nd anniversary of the Chernobyl nuclear disaster, primary targeted at the Belarus Radio Free Europe/Radio Liberty (RFE/RL) service which was offering live coverage of a rally of protest organized in Minsk against the plight of uncompensated victims and a government decision to build a new nuclear plant. Martins Zvaners, RFE spokesman, thinks that was the largest attack ever experienced by RFE. At its peak, the DDoS attack was sending more than 50000 requests to the RFE sites, flooding its servers' capacity and throwing them offline. Although there is no proof of who was behind the attacks, Zvaners pointed his finger at the Belarus administration: "This started on the day of a demonstration that they wanted no one to cover. They've never been real happy with us. In an ongoing sense, they are always 'jamming' our signals. We can't say for certain who did it, but you look at the circumstances and you can start to draw some possible inferences." US State Department spokeswoman Jessica Simon stated that it was the Belarusian Government's responsibility to stop such kind of attacks while Nina Ognianova, the program coordinator for Europe and Central Asia at the New York-based Committee to Protect Journalists, said it was also the responsibility of President Alyaksandr Lukashenka to find and punish those responsible with the attacks. "In Belarus especially, RFE/RL service is significant now more than ever because Lukashenka's regime has destroyed the other independent and opposition broadcasters. (...) So we certainly are very concerned about this short-lived but successful attacks" said Ognianova. RFE issued a news release on 28 April following which the attacks stopped and the sites went back online. According to Zvaners, RFE has now taken protection measures against similar attacks. During the three days of the attack, RFR/RL's Belarus Service was supported by 22 Belarusian sites that hosted its content. "Dear friends. We value your solidarity and we promise to support any site that falls victim to such an attack in the future. (...) Thanks to all of you for your support of freedom" said Alyaksandr Lukashuk, director of RFE/RL's Belarus Service, who considers that the response to the attack was an example that could create a precedent for future online "esprit de corps" among journalists and pro-democracy advocates. Belarus: RFE/RL Cites Online 'Solidarity' In Face Of Cyberattack (29.04.2008) http://www.rferl.org/featuresarticle/2008/04/294d624f-a664-4791-adab-559d66… Chernobyl coverage blows up in Radio Free Europe's face (29.04.2008) http://www.theregister.co.uk/2008/04/29/radio_free_europe_ddos_attacks/ DDoS attacks knocked Radio Free Europe off the Web (4.05.2008) http://www.computerworld.com/action/article.do?command=viewArticleBasic&tax… U.S. Denounces Attack On RFE/RL Websites (29.04.2008) http://www.rferl.org/featuresarticle/2008/04/8277ba11-4725-49d1-8e8a-803140… ============================================================ 6. EDPS wants data protection considered by EU research projects ============================================================ Peter Hustinx, the European Data Protection Supervisor (EDPS) wants privacy and data protection requirements to be considered in the future EU research and technological development (RTD) projects, especially those developing information and communication technologies. The EDPS' main role is to monitor EU developments which have an impact on the protection of personal data, especially the development of ICT and "to advise the Commission and/or project developers on their efforts to use privacy and data protection-friendly RTD methodologies and of course to develop technologies and processes that will promote and reinforce the effectiveness of the EU data protection legal framework". On 28 April 2008, EDPS adopted a policy paper establishing his role and developing possible models of contribution both in the preparatory phase of the overall EU research framework programme as well as for individual research projects. The EDPS contributions have as purpose to reinforce the application of the "privacy by design" principle as an inherent part of the RTD initiatives. "Privacy and data protection requirements need to be highlighted and applied as soon as possible in the life cycle of new technological developments in order to contribute to a better implementation of the data protection legal framework. The European RTD efforts constitute a very good opportunity to accomplish these goals" says Hustinx. The EDPS' contributions in this direction could be achieved by: - participation in workshops and conferences intended to identify future challenges that can be relevant for EU RTD policy; - contribution to research advisory boards launched by the European Commission in connection with the Framework Programme, and provision of opinions on data protection matters; - assistance to the European Commission in the evaluation process of proposals, in particular regarding possible data protection issues these proposals might trigger; - provision of opinions on data protection matters in relation to individual RTD projects on his own initiative or at the request of a consortium. Also, as "research projects of an EU Framework Programme usually have the obligation to involve partners from several Member States, the EDPS could also, in this case, contribute to and facilitate the cooperation between the corresponding Member States or third country data protection authorities which might be involved" says the paper. The EDPS and EU Research and Technological Development -Policy paper (28.04.2008) http://edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/EDPS/Publ… Privacy chief: EU research must consider data protection (30.04.2008) http://www.euractiv.com/en/science/privacy-chief-eu-research-consider-data-… EDPS issues policy paper on his role in EU research and technological development (28.04.2008) http://europa.eu/rapid/pressReleasesAction.do?reference=EDPS/08/4&format=HT… ============================================================ 7. German Intelligence caught spying on journalist's emails ============================================================ The German Federal Intelligence Service, the Bundesnachrichtendienst (BND), has been recently under pressure for having illicitly monitored the e-mails between Spiegel correspondent Susanne Koelbl and Afghanistan's Commerce Minister Amin Farhang. The German parliamentary commission in charge with investigating the activities of the secret services (PKG) criticised BND, believing the agency had been compromised by this case that it considered "a grave breach of basic rights". "The trust between the PKG and the leadership of the BND has been violated by this," stated PKG. The commission also considered it unacceptable that Uhrlau, the BND president, had not informed the German government or the commission about the case and that even BND's leadership had learned about the case only a year after the operation took place, which represented a violation of the internal policy requiring official clearance. Although Uhrlau publicly apologised to Susanne Koelbl, apparently, the target was not the Spiegel journalist this time, but Amin Farhang, Afghanistan's commerce minister, who exchanged e-mails with the reporter between June and November 2006. Koelbl's correspondence was retrieved by using a "Trojan horse" software which invaded the minister's computer system and which was sending copies of his e-mail messages to the BND. Furthermore, Spiegel has learned that the BND was performing more extensive spying activities in Afghanistan having actually monitored the entire computer network of the Ministry of Commerce and Industry. BND specialists had succeeded in retrieving several government e-mail addresses, confidential documents and even passwords. Der Spiegel, after having asked Farhang's permission to reveal his name, stated that the minister had been a secret source for some of its articles in the recent years. The magazine called the case "a grave encroachment on press freedom" and threatened to take legal action against the BND. The Afghan government was shocked by the case. "I am appalled and disgusted by these methods, which have no place in a constitutional state," commented Afghan Foreign Minister Rangin Dadfar Spanta. German Foreign Minister Frank-Walter Steinmeier has called his Afghan counterpart to apologize for the monitoring operation. The German Foreign Ministry said Steinmeier would also contact Farhang to express his regrets personally. This espionage action is not the first for the BND in relation to journalists. In 2006 it came out that German reporters were placed under surveillance by the intelligence agents to find out sources of leaks from the BND. As a result of the big scandal the followed this discovery, the BND president was changed. Ernst Uhrlau, the new president, had pledged to make the service more transparent. "It hasn't even been three years since the BND's last scandal, over systematic domestic spying on journalists. (That scandal) led to an internal directive forbidding surveillance of reporters. The directive is still in force, according to the BND. But we now know that only a short while later, in June 2006, a new half-year bugging operation was mounted against a German journalist - this time in Afghanistan. There are hints that she was not the only one" wrote Die Tageszeitung. It appears Uhrlau will keep his job although he seems to have lost control over some of the agents and had failed to inform the Chancellery, which is responsible for supervising the BND's activities. However, a draft law would be drawn in the coming months to give the Parliament powers to monitor the agency, as stated Hans-Peter Uhl, a deputy from Chancellor Angela Merkel's conservative party. German spy agency rapped over Afghan email monitoring (24.04.2008) http://afp.google.com/article/ALeqM5hp_BYVtWMyJ3cHJx_CPY73l9R5KQ German Spies Put Afghan Ministry under Surveillance (26.04.2008) http://www.spiegel.de/international/germany/0,1518,549894,00.html Germany Apologizes for Spying on Afghan Minister (26.04.2008) http://www.dw-world.de/dw/article/0,2144,3294534,00.html BND Agents 'Knew What They Were Doing' (25.04.2008) http://www.spiegel.de/international/germany/0,1518,549765,00.html Agency Admits Spying on Afghan Politician and SPIEGEL Journalist (24.04.2008) http://www.spiegel.de/international/germany/0,1518,549488,00.html\ ============================================================ 8. IFPI continues to pressure ISPs to act as Internet police ============================================================ Despite the criticism and negative reaction of the ISPs in several countries, IFPI continues to pressures them in turning themselves into Internet police. Following Denmark, Norway and Ireland, it is the turn of the Swedish ISPs to be the target of the association. What IFPI asks is for ISPs to restrict their customers' access to websites allegedly facilitating copyright infringement. As until now it had little success in its discussions with the ISPs, IFPI has decided to use legal pressure. "We believe that ISPs have a special part to play in this and must help us. The discussions we've tried to have with the ISPs haven't led anywhere" said IFPI's Managing Director in Sweden, Lars Gustafsson. According to Gustaffson, the focus will be on one particular company that allegedly facilitates filesharing on the Internet and one of the services they are after is The PirateBay. IFPI has already sent out letters to several service providers, asking them to monitor their customers and to filter websites. However, most ISPs have refused to cooperate with the IFPI. Telia Sonera, a large Swedish ISP considered such actions are illegal under EU law and Norwegian ISPs had the same response. IFPI argue that restricting access to filesharing sites might be to the advantage of ISPs. "Illegal P2P file-sharing may have helped drive broadband subscriptions in the past, yet today these activities, particularly in respect of movies, are hogging bandwidth," they state. Until now, IFPI obtained a victory in February in Denmark when Tele2 was order by the court to block its customers' access to The PirateBay but the decision is now under appeal and the PirateBay has announced its intention to ask for compensation. IFPI to Sue Swedish ISP for Facilitating Copyright Infringement (2.05.2008) http://torrentfreak.com/ifpi-to-sue-swedish-isp-for-facilitating-copyright-… Swedish ISP Refuses To Block The Pirate Bay (27.03.2008) http://torrentfreak.com/swedish-isp-refuses-to-block-pirate-bay-080327/ EDRI-gram: Setback for IFPI in its case against PirateBay (23.04.2008) http://www.edri.org/edrigram/number6.8/ifpi-setback-piratebay ============================================================ 9. Recommended Reading ============================================================ Report on fraud regarding non cash means of payments in the EU: the implementation of the 2004-2007 EU Action Plan http://ec.europa.eu/internal_market/payments/docs/fraud/implementation_repo… ============================================================ 10. Agenda ============================================================ 9-10 May 2008, Florence, Italy Digital communities and data retention http://e-privacy.winstonsmith.info/ 10 May 2008, Florence, Italy Big Brother Awards Italy 2008 http://bba.winstonsmith.info/ 12 May 2008, Bled, Slovenia Workshop on ethics and e-Inclusion http://ec.europa.eu/information_society/newsroom/cf/itemdetail.cfm?item_id=… 15 May 2008, Brussels, Belgium EDPS Annual Report 2007 http://edps.europa.eu/ 15-17 May 2008, Ljubljana, Slovenia EURAM Conference 2008 - Track "Creating Value Through Digital Commons" How collective management of IPRs, open innovation models, and digital communities shape the industrial dynamics in the XXI century. http://www.euram2008.org 20-23 May 2008, New Haven, CT, USA 18th Annual Computers, Freedom, and Privacy conference http://cfp2008.org/ 30-31 May 2008, Bucharest, Romania eLiberatica 2008 - The benefits of Open and Free Technologies http://www.eliberatica.ro/2008/ 6-7 June 2008, Bremen, Germany IdentityCamp - a barcamp around identity 2.0 and privacy 2.0 http://barcamp.org/IdentityCampBremen 17-18 June 2008, Seoul, Korea The Future of the Internet Economy - OECD Ministerial Meeting http://www.oecd.org/FutureInternet 23 June 2008, Paris, France GigaNet is organizing an international academic workshop on "Global Internet Governance: An Interdisciplinary Research Field in Construction" http://tinyurl.com/3y9ld8 26-27 June 2008, London, UK International Conference on Digital Evidence http://www.mistieurope.com/default.asp?Page=65&Return=70&ProductID=8914&LS=… 30 June - 1 July 2008, Louvain-la-Neuve, Belgium First COMMUNIA Conference - Assessment of economic and social impact of digital public domain throughout Europe http://www.communia-project.eu/conf2008 7-9 July 2008, Cambridge, UK Privacy Laws & Business 21st Annual International Conference http://www.privacylaws.com/templates/AnnualConferences.aspx?id=641 7-8 July 2008, London, UK Developing New Models Of Content Delivery Online & Innovative Strategies For Effectively Tackling Copyright Infringement http://www.isp-content-regulation.com/conference.agenda.asp 23-25 July 2008, Leuven, Belgium The 8th Privacy Enhancing Technologies Symposium (PETS 2008) http://petsymposium.org/2008/ 19-20 July 2008, Stockholm, Sweden International Association for Media and Communication Research pre-conference - Civil Rights in Mediatized Societies: Which data privacy against whom and how ? http://www.iamcr.org/content/view/301/1/ 8-10 September 2008, Geneva, Switzerland The third annual Access to Knowledge Conference (A2K3) http://isp.law.yale.edu/ 24-28 September 2008, Athens, Greece World Summit on the Knowledge Society The deadline for articles submission is 10 May 2008 http://www.open-knowledge-society.org/summit.htm ============================================================ 11. About ============================================================ EDRI-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRI has 28 members based or with offices in 17 different countries in Europe. European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRI-grams. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and visibly on the EDRI website. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 2.0 License. See the full text at http://creativecommons.org/licenses/by/2.0/ Newsletter editor: Bogdan Manolea <edrigram(a)edri.org> Information about EDRI and its members: http://www.edri.org/ European Digital Rights needs your help in upholding digital rights in the EU. If you wish to help us promote digital rights, please consider making a private donation. http://www.edri.org/about/sponsoring - EDRI-gram subscription information subscribe by e-mail To: edri-news-request(a)edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. unsubscribe by e-mail To: edri-news-request(a)edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/edrigram-mk.php - EDRI-gram in German EDRI-gram is also available in German, with delay. Translations are provided Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users http://www.unwatched.org/ - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask <edrigram(a)edri.org> if you have any problems with subscribing or unsubscribing ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

[cryptography] Reliably Erasing Data From Flash-Based Solid State Drives
by Alexander Klimov 06 Jul '18

06 Jul '18

<http://www.usenix.org/events/fast11/tech/full_papers/Wei.pdf>: We empirically evaluate the effectiveness of hard drive-oriented techniques and of the SSDs' built-in sanitization commands by extracting raw data from the SSD's flash chips after applying these techniques and commands. Our results lead to three conclusions: First, built-in commands are effective, but manufacturers sometimes implement them incorrectly. Second, overwriting the entire visible address space of an SSD twice is usually, but not always, sufficient to sanitize the drive. Third, none of the existing hard drive-oriented techniques for individual file sanitization are effective on SSDs. -- Regards, ASK _______________________________________________ cryptography mailing list cryptography(a)randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

[cryptography] Reliably Erasing Data From Flash-Based Solid State Drives
by Alexander Klimov 06 Jul '18

06 Jul '18

<http://www.usenix.org/events/fast11/tech/full_papers/Wei.pdf>: We empirically evaluate the effectiveness of hard drive-oriented techniques and of the SSDs' built-in sanitization commands by extracting raw data from the SSD's flash chips after applying these techniques and commands. Our results lead to three conclusions: First, built-in commands are effective, but manufacturers sometimes implement them incorrectly. Second, overwriting the entire visible address space of an SSD twice is usually, but not always, sufficient to sanitize the drive. Third, none of the existing hard drive-oriented techniques for individual file sanitization are effective on SSDs. -- Regards, ASK _______________________________________________ cryptography mailing list cryptography(a)randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

Re: Hey guys, here is another (great?) idea
by Brian C 06 Jul '18

06 Jul '18

Matt Thorne wrote: >it would work better if they were required to contribute. It would work better from a technical perspective only. From an overall view "requiring" anyone who runs a tor client to run a tor server would not be good for the project. There would be backlash. We've seen that some websites (Slashdot, Wikipedia, Gentoo Forums) can take action against tor server operators that can be frustrating to resolve. If people who just want to run the client through a cool Firefox extension don't understand that they may also get banned from certain websites because they are "required" to also run a tor server, then we will hear from those frustrated users and the project/extension will get a bad rap. Instead, we should just make it really easy for people to opt-in to contributing some bandwidth as a server. Enough people would opt-in if it were really simple that we would probably still see some performance gains. I also have an idea for scaling the # of tor servers dramatically that I'll post about soon. I like this firefox extension idea a lot though too. Brian >On 11/19/05, Arrakis Tor <arrakistor(a)gmail.com> wrote: >>Hello fellow tor-nerds, >> >>This was mentioned to me last week. It was suggested to me to >>implement Torpark as a Firefox plugin. >> >>Well, I don't think that would work since Torpark is designed to be >>stand-alone and mobile. >> >>But tell you what, if we fitted Tor to be a firefox XPI/extension it >>sure would be the most popular Firefox plugin ever. >> >>What if we created a Firefox plugin for just Tor, and it allowed >>Firefox users to configure their level of involvement (using firefox >>extension as the GUI). They could set if they were just rendezvous/man >>middle, or even if they wanted to let their machine be an exit node, >>and of course plug their browser into Tor directly (thanks to firefox >>1.5 and later). All from a simple firefox extention. >> >>This would be an excellent solution to bandwidth issues, an bring a >>new level of global involvement for Tor server presence. >> >>What do you think? >> >>ST ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

1 0

[ZS] Re: Quantified Prestige
by Josh Palmer 06 Jul '18

06 Jul '18

A very interesting read, I feel like it is a very promising idea. I have a few nitpicks with the documents and some more serious intrinsic questions about Fluido. I feel the idea behind Prestige is sound though. Minor points: - I am pleased to see that it only implements positive reputation to avoid "karmic bankruptcy", could there be a brief explanatory note about this? - You mention on page 30 about prestige allocation being optionally fractional, but apart from a throwaway comment about positive rational numbers being the amount for the prestige allocation allowed to a user, it doesn't appear until here. Could one of the examples produced use a fractional amount to clarify this? - In section 4.3 (p16) the example uses a trust rating of 0.5 but the description of trust levels imply they should be from the naturals, was my reading of this wrong or is the example wrong? - When talking about allocators in section 2.2.4 (p9) you mention that the creator of the group is the only one with the power to hire/fire managers of the group. I believe that ownership should be transferable, perhaps this should be rephrased as owner of the user circle, or maybe superuser? More substantial questions - Is the web of trust standard to use unconnectedness except through k? How does this work in mature groups where there is a large amount of connectedness? I'm thinking more where it would be used as a local, restricted reputation model rather than a global one as that would imply a substantially different shaped network. - Fluido seems, especially when taken as the continuous system seems like it would be particularly susceptable to falling into a trap of metaphorical thinking as a renewable energy source. What implications could this have? link - (http://www.ribbonfarm.com/2009/03/02/fools-and-their-money-metaphors/) -- -- Zero State mailing list: http://groups.google.com/group/DoctrineZero ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

Re: [cryptography] ICIJ's project - comment on cryptography & tools
by ianG 06 Jul '18

06 Jul '18

On 9/04/13 03:43 AM, Jeffrey Goldberg wrote: > On Apr 8, 2013, at 7:38 AM, ianG <iang(a)iang.org> wrote: > >> We all know stories. DES is now revealed as interfered with, yet for decades we told each other it was just parity bits. > > But it turned out that the interference was to make it *stronger* against attacks, differential cryptanalysis, that only the NSA and IBM knew about at the time. That's what we all believed. From Wikipedia (I haven't checked the primary references): ====================== In contrast, a declassified NSA book on cryptologic history states: In 1973 NBS solicited private industry for a data encryption standard (DES). The first offerings were disappointing, so NSA began working on its own algorithm. Then Howard Rosenblum, deputy director for research and engineering, discovered that Walter Tuchman of IBM was working on a modification to Lucifer for general use. NSA gave Tuchman a clearance and brought him in to work jointly with the Agency on his Lucifer modification."[8] and NSA worked closely with IBM to strengthen the algorithm against all except brute force attacks and to strengthen substitution tables, called S-boxes. Conversely, NSA tried to convince IBM to reduce the length of the key from 64 to 48 bits. Ultimately they compromised on a 56-bit key.[9] ======================== http://en.wikipedia.org/wiki/Data_Encryption_Standard#NSA.27s_involvement_i… Conclusion? We wuz tricked! In their own words, they managed the entire process, and succeeded in convincing everyone that they did not. And they made it weaker where they held the advantage: budget to crunch. Last two sentences, above. > If history is a guide, weakness that TLAs insist on are transparent. They are about (effective) key size. Indeed. Notice the subtlety of their attack: it is brutally simple. We others focus on elegance, and dismiss the simplistic. Cognitive dissonance? They focussed on mission, and used asymmetry of crunch strength. Recall that, in the old days, no other country could muster the budget and technology that they could. > We have no way to know whether this will continue to be the case, but I'd imagine that the gap in knowledge between the NSA and the academic community diminishes over time; so that makes me think that they'd be even more reluctant to try to slip in a hidden weakness today than in 1975. Possibly. In terms of algorithms, I don't think there has been a case where they've deliberately weakened the algorithm. OTOH, in terms of key strength, they have been very very finessed. Remember Skipjack? The comments at the time was that the key strength was beautifully aligned - right at the edge. 80 bit keys where the open community had already concluded 128 was the target. Which meant that if there was to be an advantage, all that was left was: budget in crunching. iang _______________________________________________ cryptography mailing list cryptography(a)randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

CDR: The Passive-Aggressive (Negativistic) Personality Disorder
by None 06 Jul '18

06 Jul '18

(PAPD) Case Study: Jim Choate From: aluger(a)hushmail.com Date: Mon, 12 Mar 2001 14:55:47 -0800 (PST) Cc: cypherpunks(a)einstein.ssz.com, cypherpunks(a)lne.com Old-Subject: The Passive-Aggressive (Negativistic) Personality Disorder (PAPD) Case Study: Jim Choate Reply-To: cypherpunks(a)ssz.com Sender: owner-cypherpunks(a)ssz.com >On Mon, 12 Mar 2001, Sunder wrote (referring to Jim Choate): > >> I'd wish that: >> >> 1. he'd stick to on-topic articles and not give us any random shit >he likes Choate replies: >Every post I send is 'on topic' to crypto, civil liberties, or economics. Sunder continues, along with Choate's replies: >> 2. he'd post a one or two paragraph quote from the article describing >> it under the urls. > >Keep wanting. > >> 3. put all the news stories from one site (slashdot for example) in >> one email as if it were a digest. > >Keep wanting. > >> The way he "helps" us is annoying at best and only one or two notches >> removed from spam. > >What makes you think I'm wanting to 'help' you or whatever 'us' you're >refering to. > >> What pisses me off is that I actually do read slashdot regularly, >>and don't > >You just want to be pissed off, and if you can make me the target so >much the better. Discussion: Essential Feature- The passive-aggressive (negativistic) personality disorder is located in Appendix B: "Criteria Sets and Axes Provided for Further Study" of the DSM- IV. Millon (1996, p. 198) proposes a comprehensive concept of a negativistic personality. He asserts that the negativistic personality reflects both this general contrariness and disinclination to do as others wish but also presents with a capricious impulsiveness, an irritable moodiness, and an unaccommodating, fault-finding pessimism. The DSM-IV (1994, p. 733) describes the PAPD essential feature as a pervasive pattern of negativistic attitudes and passive resistance to demands for adequate performance in social and occupational settings. The subject, Choate, demonstrates these traits clearly, particularly in the context of responses to otherwise reasonable requests from the electronic social group "cypherpunks" from which the above samples are taken. The general criteria of a personality disorder coupled with at least five of the following is sufficient to warrant a diagnosis of Passive-Aggressive Personality Disorder: procrastination and delay in completing essential tasks -- particularly those that others seek to have completed; unjustified protests that others make unreasonable demands; sulkiness, irritability or argumentativeness when asked to do something that the individual does not want to do; unreasonable criticism or scorn for authority figures; deliberately slow or poor work on unwanted tasks; obstruction of the efforts of others even as these individuals fail to do their share of the work; and avoidance of obligations by claiming to have forgotten them. Examining the small sample above it is clear that Choate meets at least four of these subset criteria. (This author has little doubt that a fifth will quickly emerge with further study). Procrastination and delay in completing any of the tasks requested of him (the addition of more substantive summaries which accompany his rote contributions to the mailing list), unjustified protests that others make unreasonable demands (in the case of Sunder above, Choate's responses to Sunder's request for a more digest format illustrates this), irritability or argumentativeness when asked to do something that the individual does not want to do (while Choate could easily have ignored the request, he chose instead to reply in an increasingly inflammatory and argumentative tone), unreasonable criticism or scorn for authority figures (as evidenced by material in his signature - "Legislators and Judges are the pimps of modern American society.") The passive-aggressive personality disorder was first introduced in a U.S. War Department technical bulletin in 1945. The term was coined by wartime psychiatrists who found themselves dealing with reluctant and uncooperative soldiers who followed orders with chronic, veiled hostility and smoldering resentment. Their style was a mixture of passive resistance and grumbling compliance (Stone, 1993, p. 361). Choate's response seems to mirror this type of response quite closely and further study under the reference of Stone's work should be pursued. The current criteria for the passive-aggressive personality disorder as proposed by the Personality Disorders Work Group for the DSM-IV includes: 1. passive resistance to fulfilling social and occupational tasks through procrastination and inefficiency; 2. complaints of being misunderstood, unappreciated, and victimized by others; 3. sullenness, irritability, and argumentativeness in response to expectations; 4. angry and pessimistic attitudes toward a variety of events; 5. unreasonable criticism and scorn toward those in authority; 6. envy and resentment toward those who are more fortunate; 7. self-definition as luckless in life and an inclination to whine and grumble about being jinxed; 8. alternating behavior between hostile assertion of personal autonomy and dependent contrition (Millon & Radovanov, Livesley, ed., 1995, p. 321). Millon suggests that the most essential features of PAPD are irritable affect; behavioral contrariness, obstructiveness, and sulking; discontented self- image, e.g. feels unappreciated and misunderstood; deficient regulatory control, i.e. poorly modulated emotional expression; and interpersonal ambivalence. They are noted for their interpersonal conflict, verbal aggressiveness, and manipulative behavior. Suicidal gestures and a lack of attention to everyday responsibilities are common (Millon, 1996, p. 198). Little study is needed to recognize the diagnosis as a strong one for the subject Choate. PAPD resistance to external demands is manifested in oppositional and obstructive behaviors. These individuals resent having to conform to the standards set by others. On the other hand, they fear direct confrontation. The combination of resentment and fear leads to passive, provocative behavior (as in the case of the subject Choate and Sunder exchange- wherein subject Choate incites Sunder and seeks to create a situation in which Sunder will escalate the rhetoric). Individuals with PAPD view themselves as self-sufficient but feel vulnerable to control and interference from others (Pretzer & Beck, Clarkin & Lenzenweger, eds., 1996, p. 60). They believe that they are misunderstood and unappreciated, a view that is exacerbated by the negative responses they receive from others for their consistent defeatist stance. They expect the worst in everything, even situations that are going well, and are inclined toward anger and irritability (Beck & Freeman, 1990, p. 339) (DSM-IV, 1994, p. 734). Subject Choate demonstrates this classically, particularly in the context of his often sardonically defeatist and pessimistic inclusions in the titles of his contributions). Individuals with PAPD are often disgruntled and declare that they are not treated as they should be. On the other hand, they are just as likely to express feeling unworthy of good fortune. They have a basic conflict concerning their self-worth; they oscillate between self-loathing and entitlement or moral superiority. Either side of this oscillation can be projected onto the environment. The chaotic nature of this experience of self and others often leads to people beginning to avoid or minimize contact with people with PAPD out of self-protection (Richards, 1993, p. 259). Individuals with PAPD see others as intrusive, demanding, interfering, controlling, and dominating. They believe that other people interfere with their freedom. They experience control by others as intolerable; they have to do things their own way (Pretzer & Beck, Clarkin & Lenzenweger, eds., 1996, p. 60). These individuals are determined that they will not be subject to the rules of others (Beck & Freeman, 1990, p. 227). They resent, oppose, and resist demands to meet expectations from others in a behavioral pattern seen in both work and social settings (DSM-IV, 1994, p. 733). Their main coping strategies are passive resistance, surface submissiveness, evasion, and circumventing of rules (Pretzer & Beck, Clarkin & Lenzenweger, eds., 1996, p. 60). Individuals with passive-aggressive (negativistic) personality disorder are ambivalent within their relationships and conflicted between their dependency needs and their desire for self-assertion. They waver between expressing hostile defiance toward people they see as causing their problems and attempting to mollify these people by asking forgiveness or promising to do better in the future (DSM-IV, 1994, p. 734). These individuals are noted for the stormy nature of their interpersonal relationships. They engage in a combination of quarrelsomeness and submissiveness. Their affect is sullen and they engage in deliberate rudeness. They are resentfully quarrelsome and irritable. They often feel like a victim. Central to the disorder is a pervasive pattern of argumentativeness and oppositional behavior with defeatist and negative attitudes (Millon & Radovanov, Livesley, ed., 1995, p. 317). Richards (1993, p. 260) believes that PAPD may be the most miserable personality disorder. These individuals inflict a great deal of discomfort on others through the use of their anxiety and emotional symptoms. They can become so destructive in their attitudes and so unable to provide rewards to others that they become socially isolated. For individuals with PAPD, authority figures can become the focus of their discontentment. They often criticize and voice hostility toward authority figures with minimal provocation. Their resistance toward authority is expressed by procrastination, forgetfulness, stubbornness, and intentional inefficiency. These individuals are also envious of and resentful toward peers who succeed or are viewed positively by authority figures (DSM-IV, 1994, pp. 733-734). Authority figures are seen by individuals with passive-aggressive (negativistic) personality disorder as arbitrary and unfair. When they are faced with the consequences of not adequately meeting obligations, these individuals will become angry at those in authority rather than seeing how their own behavior has contributed to the situation (Beck & Freeman, 1990, p. 339). Authority figures are defined as intrusive, demanding, interfering, controlling, and dominating. On the other hand, individuals with PAPD also see authority figures as capable of being approving, accepting, and caring. A key issue for individuals with PAPD is the desire to get benefits from authority figures while exerting their freedom and autonomy (Beck & Freeman, 1990, p. 45). The conflict is intense. Individuals with PAPD have a tendency to see any form of power as inconsiderate and neglectful. They are also likely to believe that authorities or caregivers are incompetent, unfair, and cruel. Nevertheless, these individuals are not inclined to rebel directly. They will agree to comply with demands or suggestions but will often fail to perform (or they will perform while experiencing increasing resentment). Then, when there is trouble, these individuals will complain of unfair treatment. They envy and resent others who manage authority situations and who are able to relate to authorities with less difficulty. These individuals believe that their suffering indicts the negligent caregiver or authority figure. They fear control in any form but long for nurturing restitution from those they perceive as having power (Benjamin, 1993, p. 272). Origins of PAPD in the Subject Choate- Stone (1993, p. 361) suggests that the contrary, sulking, and verbal nitpicking behaviors of PAPD appear to have their origin in unending power struggles with parents. The comparative helplessness of youth made it impossible to win in these struggles so the face-saving technique of passive resistance was employed. Parental overcontrol, neglect, or favoring of a sibling can all contribute to the development of the silent protest and grudging obedience associated with PAPD (Stone, 1993, p. 361). It is reasonable to assume that Subject Choate experienced some level of paternal angst and the description of unending power struggles seems apt in this context. Treatment- There are two major ways for individuals with PAPD to enter treatment. The first, and most common, is externally leveraged treatment for those individuals who do not see themselves as having a problem. Someone forced them into treatment, e.g., family, employers, or the legal system. These clients with PAPD have minimal insight; they fail to admit that they are a major factor in the problems they have. The second method for individuals with PAPD to enter treatment is via self-referral for vague complaints, e.g. "I'm just not getting anywhere" (Turkat, 1990, pp. 87-88). All of the personality disorders are composed mostly of abrasive traits that are negative in nature. Maladaptive traits are usually favored over adaptive traits (though there are adaptive traits within all personality disorders) (Kantor, 1992, p. 10). PAPD is a particularly abrasive personality and interpersonal problems are readily identifiable. However, individuals with PAPD do not frequently seek treatment for relationship issues as they consistently blame others for the problems they have. Even if they do come in for treatment for a marital or parent and child problem, they will uniformly demand that the treatment providers "fix" the other person or persons who are at fault for the problems within the relationship. Treatment for individuals with PAPD involves openly exploring the ways they indirectly and unassertively express aggression and neediness toward others by being contrary. Understanding this aggression can allow discovery of the depressive and invalidating experiences underneath -- which lead to a fear of loss of autonomy when others want to be close and a fear of loss of connectedness when others want to be alone (Kubacki & Smith, Retzlaff, ed., 1995, p. 175). This author believes that Subject Choate is unlikely to seek treatment individually and should be compelled to seek treatment in whatever fashion is most likely to produce results. Study continues... At Mon, 12 Mar 2001 17:56:49 -0600 (CST), Jim Choate <ravage(a)EINSTEIN.ssz.com> wrote: >Cool, we've got two wanna be head-shrinkers. This is gonna be fun. A common countertransference issue with these clients is outrage or punitive anger. They are manipulative individuals who are consistently stubborn, demanding, help-rejecting, critical, and inclined to ridicule both the treatment process and the service providers. Subject Choate has predictably responded in exactly this fashion to the onset of treatment. Identify all avoidance and anxiety-arousing situations. Address these issues with anxiety-management behavioral intervention techniques (Turkat, 1990, pp. 88-89). Cognitive therapy can help these individuals understand that they expect the worst from others and then proceed to behave in such a way that brings out the worst from these same people (Stone, 1993, p. 363). Group therapy provides individuals with PAPD with an opportunity to learn how to manage their hostility. When their hostility emerges, group leaders can comment on hostile behavior and encourage other group members to respond. The group leader can assist these individuals to process what it is they want or need at that moment and to rehearse appropriate behavior within the group context (Ries, TIP #9, 1994, p. 72).

1 0