cypherpunks-legacy
Threads by month
- ----- 2024 -----
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1998 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1997 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1996 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1995 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1994 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1993 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1992 -----
- December
- November
- October
- September
July 2018
- 1371 participants
- 9656 discussions
============================================================
EDRi-gram
biweekly newsletter about digital civil rights in Europe
Number 7.7, 8 April 2009
============================================================
Contents
============================================================
1. EP needs to protect users' rights in the Telecom Package!
2. French National Assembly votes for the three strikes law
3. European Parliament asks for respect of human rights on the Internet
4. Extended copyright term for sound recordings pushed back
5. Behavioural targeting at the European Consumer Summit
6. Second PrivacyOS Conference
7. Phorm - under scrutiny at the European level
8. ISPs asked to block child porn sites on the Internet
9. Big Brother Awards France 2009
10. Recommended Reading
11. Agenda
12. About
============================================================
1. EP needs to protect users' rights in the Telecom Package!
============================================================
The new developments on the Telecom Package over the last two weeks,
with the approval of a new text in the IMCO (Internal Market Committee) of
the European Parliament (EP) and the initiation of the trialogue between EU
Council, the European Commission and the Parliament in order to reach an
agreement on the final text, shows the worst situation for Internet users.
Although much of the MEPs seem happy with the new text that allows
"simplifying life for telecom users", they seem to forget that other
articles are raising much bigger problems for Internet users, especially
related to the 3 strikes proposal or to privacy on the Internet. And facing
the June 2009 Euro-elections, MEPs need to support the users' rights also
for the second reading of the text, which will probably take place during
the first week of May.
Thus, the much praised Amendment 138 adopted by a large majority of the MEPs
in the first instance has been turned up-side-down by the COREPER (Committee
of Permanent Representatives), which transformed it from a substantive law
provision (an amendment to the directive) into a simple recital and
completly change it in a pro-copyright amendment. Thus the new text says "no
restriction may be imposed on the fundamental rights of end-users, without a
prior decision taken by legally competent authorities".
By changing the initial text: "judicial authorities", the new text opens the
backdoor for the recently adopted 3 strikes law in France and shows the
weaknesses of the European Parliament rapporteur, Catherine Trautmann, that
gave in to pressure from the UK and France.
And this is not the only case where the EP has given in. In relation with
the scope of the data breach notification obligation for the providers of
telephony and Internet access services, this has been radically limited
comparing with the initial text adopted in the first reading by the EP. It
seems that the new text already negotiated in the trialogue discussions will
apply only for the the data breaches by electronic communication providers,
which is a major hold-back taking into consideration that most of the
"headlines" data breaches belonged to Government services, banks and online
services. The new text just forgets the excellent points made by Article 29
Working Group and the European Data Protection Supervisor, that pushed for a
larger constituency for this obligation.
Even though the European Parliament's Telecoms Package rapporteur, Catherine
Trautmann, and the European Commissioner of Information Society, Viviane
Reding had been publicly supportive of the net neutrality principle, it
seems that the negotiations might accept an amendment that will not give
users "unrestricted rights" of access to the Internet.
The new situation prompted a response from several Internet communications
companies such as Google, Microsoft and Skype that, gathered as the Voice on
the Net Coalition Europe urged "the European decision-makers to adopt
principles to allow consumers to access the services, applications and
content of their choice on any public network, regardless of the provider
that offers them." This move comes also after the announcement of T-Mobile
in Germany or Telefonica in Spain to block Skype on iPhones.
There is also a glimpse of good news, after it has been decided by the IMCO
that "voluntary data retention" clause should to be deleted. It also seems
that this compromise amendment will survive the trialogue negotiations.
Telecoms package: strengthening users' rights and internet security
(31.03.2009)
http://www.europarl.europa.eu/news/expert/infopress_page/058-52901-089-03-1…
Distorted amendment 138 tries to present graduated response as legal
(2.04.2009)
http://www.laquadrature.net/en/distorted-amendment-138-tries-to-present-gra…
European Parliament compromises on Internet rights (31.03.2009)
http://www.iptegrity.com/index.php?option=com_content&task=view&id=302&Item…
Trautmann deal wraps up Internet limitations (1.04.2009)
http://www.iptegrity.com/index.php?option=com_content&task=view&id=304&Item…
Leading Providers of Voice Solutions over the Internet Protest Against
Blocking or Degrading of VoIP applications over mobile networks, after
T-Mobile announcement (3.04.2009)
http://www.iptegrity.com/pdf/VON.europe.telecoms.package.pdf
Internet rights being written out as Spain blocks Skype (7.04.2009)
http://www.iptegrity.com/index.php?option=com_content&task=view&id=309&Item…
EDRi-gram:Data protection authorities support civil society on the Telecom
Package (25.02.2009)
http://www.edri.org/edri-gram/number7.4/data-protection-telecom-package
============================================================
2. French National Assembly votes for the three strikes law
============================================================
An almost empty National Assembly voted on 2 April 2009 in favour of the
extremely controversial law introducing the graduate response system in
France, in spite of the fierce opposition from privacy campaigners,
individuals, associations and even some French deputies.
The poor attendance of the Assembly at the vote is considered by some as one
of the reasons for the success of the draft law so strongly pushed by the
French Minister of Culture, Christine Albanel.
The approved text has undergone some modifications during the discussion in
the assembly. One of the voted amendments is apparently amnestying all the
Internet users sued for downloading. Actually the text refers only to users
accused of counterfeiting in relation to related rights.
One of the few victories of the opposition in the National Assembly was the
amendment allowing an Internet subscriber whose connection has been cut by
Hadopi to stop paying for the respective subscription related to the
Internet.
A so called Hallyday clause was voted, stipulating that illegal downloading
will not be subject to sanction when the author of the downloaded work
resides in a tax haven, such as is the case of French artist Johnny Hallyday
(hence the name of the clause) who lives now in Switzerland and pays a
minimum amount of taxes for the fortune he has earned in France from his
works.
Differently from the initial text where the sanctioned Internet user had
only 7 days to make an appeal to the court, the modified version allows now
a period of 30 days for the formulation of an appeal, after the notification
date.
Rapporteur Franck Riester introduced the proposal that Hadopi applies a
label to the legal downloading sites thus favouring the legal offers. The
amendment says that the search engines should thus emphasize the authorised
sites. Faced with opposition arguments and questions related to whether this
would force sites like Google to point out such sites, the rapporteur
answered that Google should not be affected and that the proposal was only
to create lists of legal sites.
The law gives entire freedom to Hadopi authority regarding the sanctions to
be taken against infringers. The authority may either cut the connection of
the user after three infringements or choose to ask the user to protect the
connection against downloading. The measure is to allow an institution, such
as a hospital, to keep its Internet connection. Therefore, a physical person
may have his connection cut but not an institution. Still, the decision will
belong to Hadopi authority which is free to choose the sanction according to
the user.
On 2 April, the Culture Minister has also confirmed that the Internet users
that want to be sure that they will not be considered liable under the
Hadopi law, should install filtering software on their computers. This
software, approved by Hadopi, will need to communicate with a remote server
showing that the software is active at the moment the alleged infringement
takes place.
Nicolas Maubert, attorney with Gide Loyrette Nouel, has argued that the
Hadopi law could be in breach of the protections provided by the French
Constitution and therefore might be challenged by the French judicial body.
"When a law seems so risky in its application, so unpredictable and random
from the technical point of view, it is not a good law and it takes
something from Courteline, a little from Kafka and a lot from Alfred
Jarry", stated opposition deputy Christian Paul.
Also, in view of the recent position of the European Parliament which has
voted for guaranteeing the Internet access to all citizens as a fundamental
human right, the French law may be is a critical position. However, during
the debates in the National Assembly, on 30 March, Christine Albanel, stated
that the European Parliament's votes against the graduate response had no
legal or political incidence.
And even if the point related to the cutting off of the Internet user is
solved, Hadopi authority will still have the power to apply fines and other
penalties and pass injunctions. French users who frequently download content
illegally might soon find themselves severely fined.
As last minute news, on 7 April, the Joint Mixed Commission (Commission Mixe
Paritaire - CMP), a commission including 7 deputies and 7 senators, supposed
to agree upon a compromise text on the draft law before the law is sent for
the final vote in the Parliament on 9 April, took its decision.
The graduated response mechanism proposed now is that Hadopy authority sends
two electronic warnings, followed by a registered letter to the alleged
illegal Internet downloaders. In case of non-compliance during a period of a
year, the infringers' access will be cut off for 2 months to one year or up
to three months in case the user commits to stop the infringement. CMP
rejected the amendment which proposed that Internet users sanctioned for
alleged illegal downloading should stop paying their subscription. So,
besides having their access cut off, they would also continue to pay for a
service they will not be able to use. Furthermore, the commission rejected
the amendment proposing an amnesty for Internet users prosecuted for illegal
downloading before the entering into force of the law.
The Commssion has also reduced the present period of 6 months to 4 months
from the issuing of a movie in cinema halls to the occurrence on DVDs.
In case the text is finally voted by the French Parliament on 9 April, the
socialists, who consider the law as "inefficient, useless, technically
inapplicable and which will not bring any euro to the creation", will appeal
to the Constitutional Council.
French pass 'three strikes' file-sharing law (3.04.2009)
http://www.theregister.co.uk/2009/04/03/french_three_strikes/
How the Assembly modified the Hadopi (only in French, 3.04.2009)
http://www.20minutes.fr/article/317785/High-Tech-Comment-l-Assemblee-a-modi…
The Criation et Internet law adopted in a quasi empty Assembly (only in
French, 2.04.2009)
http://www.20minutes.fr/article/317513/High-Tech-La-loi-Creation-et-Interne…
Draft law favouring the distribution and protection of the creation on the
internet, modified by the National Assembly in first reading (only in
French, 2.04.2009)
http://www.assembleenationale.org/13/ta/ta0249.asp
Hadopi adopted (only in French, 3.04.2009)
http://www.ecrans.fr/Hadopi-adoptee,6848.html
Hadopi debates: catching up session for the week-end (only in French,
3.04.2009)
http://www.numerama.com/magazine/12532-Debats-Hadopi-seance-de-rattrapage-p…
Hadopi: The Mixed Joint Commission (CMP) advanced for Tuesday (only in
French, 6.04.2009)
http://www.numerama.com/magazine/12550-Hadopi-la-Commission-Mixte-Paritaire…
Hadopi law: the "double pain" re-established before the final vote (only in
French, 8.04.2009)
http://www.challenges.fr/actualites/high_tech/20090408.CHA2775/piratage__la…
EDRI-gram: France: Three strikes law debated by the General Assembly
(25.03.2009)
http://www.edri.org/edri-gram/number7.6/3-strikes-france-assembly
============================================================
3. European Parliament asks for respect of human rights on the Internet
============================================================
On 26 March 2009, the European Parliament voted with a large majority to
support Lambrinidis report concerning the protection of individual liberties
on the Internet, rejecting the amendments proposed by the French Government
and the copyright industry.
The position of the EP is that "guaranteeing Internet access to all citizens
is the same as guaranteeing all citizens access to education" and that "such
access must not be refused in punishment by governments or private
organizations". The MEPs ask the Member States to "recognise that the
Internet can be an extraordinary opportunity to enhance active citizenship
and that, in this respect, access to networks and contents is one of the key
elements; recommend that this issue be further developed on the basis of the
assumption that everyone has a right to participate in the information
society and that institutions and stakeholders at all levels have a general
responsibility to assist in this development, thus attacking the twin new
challenges of e-illiteracy and democratic exclusion in the electronic age."
The report adopted by the MEPs acknowledges the necessity of providing
safety measures for the protection of Internet users, especially children,
due to the risks users may be exposed on the Internet which can be used as a
tool for criminals or terrorists. The report proposes actions against
cybercriminals but at the same time, asks for a balance between security on
the Internet and the guarantee of the fundamental rights of Internet users'
privacy. The MEPs call to Member States to protect the "respect for private
life, data protection, freedom of speech and association, freedom of press,
political expression and participation, non-discrimination and
education.(...) Having in view the global character of the Internet, the
MEPs recommend that Member States and the European Commission should draw
regulations for data protection, security and freedom of speech in order to
protect the privacy of Internet users," says the EP recommendation.
The EP also urges Member States to take due account of the "importance of
anonymity, pseudonymity and control of information flows for privacy and the
fact that users should be provided with, and educated about, the means to
protect it efficiently, for instance through various available
Privacy-Enhancing Technologies (PETs)." The recommandation asks the Member
States to identify all entities which use Net Surveillance and to draw up
publicly accessible annual reports on Net Surveillance ensuring legality,
proportionality and transparency.
In the EP's opinion, attention must be paid to "network neutrality,
interoperability, the global accessibility of all Internet nodes, and the
use of open formats and standards". EP also raises the issue of the Internet
users' consent for giving personal information to governments or private
companies, drawing the attention on the imbalance of the negotiating power
between users and institutions. The MEPs' position is that users should be
able to have the right to permanently delete any of their personal details
saved on "internet websites or on any third party data storage medium."
By rejecting France's amendments to the report, the EP has rejected again
the graduate response scheme pushed so hard by France. The EP considers that
the IPR enforcement does not need to use "the systematic monitoring and
surveillance of all users activities on the Internet" and that the penalties
need to be proportionate to the infringements committed.
The European Parliament also publicly supports the "Internet Bill of Rights"
and the promotion of the "privacy by design" principle.
Recomamndation on Security and fundamental freedoms on the Internet
(26.03.2009)
http://www.europarl.europa.eu/news/expert/infopress_page/017-52613-082-03-1…
EP recommendation on Strengthening security and fundamental freedoms on the
Internet (26.03.2009)
http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//TEXT+TA+P6-TA-2…
Lambrinidis report: pro-copyright changes rejected (26.03.2009)
http://www.iptegrity.com/index.php?option=com_content&task=view&id=292&Item…
The European Parliament rejects "graduated response"... for the third time
(26.03.2009)
http://www.laquadrature.net/en/the-european-parliament-rejects-graduated-re…
Privacy and Fundamental Freedoms Put to Vote (27.03.2009)
http://lavasoft.com/mylavasoft/securitycenter/blog/privacy-and-fundamental-…
EDRI-gram: EP wants a better balance between Internet security and privacy
rights (11.03.2009)
http://www.edri.org/edri-gram/number7.5/ep-balance-security-privacy
============================================================
4. Extended copyright term for sound recordings pushed back
============================================================
The proposal for the extension of the copyright terms for sound recordings
was rejected on 27 March 2009 by COREPER, which has the task to negotiate a
consensus before the EU Council of Ministers takes votes.
To the great disappointment of the recording industry, COREPER rejected the
extension of the copyright term as there was no consensus of the Member
States on the matter. A sufficient number of states opposed the legislative
proposal to constitute a "blocking minority".
So, the European Commission's intention to extend the term from the current
50 years to 95 years, although backed by the legal affairs committee in the
European Parliament is at least postponed. UK is one of the states having
changed its position in this matter, having reservations to the attempts of
industry lobbyists to oppose to a related retirement fund for future
musicians. The British government stated having voted against the proposal
because the "current text did not yet give sufficient benefit for
performers." UK would be in favour of a shorter extension of up to 70 years.
"It is clear that today's outcome will not kill off the proposals to extend
copyright term, but rather that member states need more time to consider
that details of the proposal and reach an agreement," said John Denham,
British MP, UK secretary of state for innovation.
The Featured Artists' Coalition (FAC) considers any extension of the
existing rights would only benefit record companies and that at the end of
the 50-year period, copyright should automatically transfer from record
labels to artists. "Record companies would simply gain another 45 years of
ownership, entrenching the terms of record contracts signed in an analogue
age," was FAC's statement.
The FAC has set up a different set of policies on copyright and intellectual
property than that of the music industry lobbying groups and has launched
a "Charter for fair play". The Charter states that artists should have the
"ultimate ownership of thei music" and that "rights holders should have a
fiduciary duty of care to ther originator of those rights and must always
explain how any agreement may affect how their work is exploited."
The coallition's opinion this will not be achieved by the extension of the
copyright term but by a change in the approach of the agreements between
artists and the music industry and in the up-dating of the legislation. "So
we will campaign for laws, regulations, business practices and policies that
protect artists' rights. We will stand up for all artists by engaging with
government, music and technology companies, and collection societies. We
will argue for fair play and will expose unfair practices," says the
Charter.
The EU Czech presidency will continue working on the proposal in order to
prepare a second reading for a possible agreement in the future.
EU governments vote against copyright extension in Brussels (1.04.2009)
http://www.openrightsgroup.org/2009/04/01/eu-governments-vote-against-copyr…
Europe split on music copyright extension (28.03.2009)
http://www.ft.com/cms/s/0/b1f9dd4e-1b0a-11de-8aa3-0000779fd2ac,dwp_uuid=bd2…
Every Vote Counts: the EU Copyright Term Extension Battle Heats Up
(30.03.2009)
http://www.eff.org/deeplinks/2009/03/every-vote-counts-eu-copyright-term-ex…
U.K. Biz 'Disappointed' At EU Term Extension Rejection (27.03.2009)
http://www.billboard.biz/bbbiz/content_display/industry/e3ie96e4a3e8c042db2…
Pop star union demands new kind of copyright extension (2.04.2009)
http://www.out-law.com//default.aspx?page=9922
FAC - A charter for fair play in the digital age
http://www.featuredartistscoalition.com/our_charter.html
EDRi-gram: Extension of copyright term postponed in the European Parliament
(25.03.2008)
http://www.edri.org/edri-gram/number7.6/copyright-extension-delayed
============================================================
5. Behavioural targeting at the European Consumer Summit
============================================================
The European Commission Directorate - General for Health & Consumers
organized the European Consumer Summit on "Consumer Trust in the Digital
Market Place" held in Brussels on 1 and 2 April, 2009. The agenda featured
policy workshops on 'Consumer challenges and opportunities in the digital
world' and 'Consumer advocacy'. Within the first topic, the whole range of
consumer concerns in the digital market place considered to be major
obstacles to the full take-off of business to consumer e-commerce and
possible solutions to create consumer trust were discussed. Thematically,
the topic of consumer data collection, profiling and targeting was arching
out pointing the heavy reliance on personal information in the digital
environment; something which captured policy makers' attention in Europe
fairly recently.
In a preceding 'Roundtable on Online Data Collection, Targeting and
Profiling' hosted by the Directorate-General for Health & Consumers on 31
March experts and stakeholders' input had been generated in order to feed
back into the main event. In her key note speech Commissioner Meglena Kuvena
observed that "personal data is the new oil of the Internet and the currency
of the digital world" - a reality to be accepted in exchange for free
content online. However, well established consumer protection principles,
including the applicable data protection regulations, are not fully complied
with in the "World Wide Web (...) turning out to be the world 'wild west'."
In order to reassert the confidence of the users and consumers, Mrs. Kuneva
sees privacy policies as the key to implement fairness and transparency
standards as well as meaningful consumer control. Her message to the
participants of the roundtable showed determination to enforce existing
regulation on the Internet and to regulate where adequate response to
consumer concerns on the issue of data collection and profiling is missing.
The roundtable proceeded with contributions from industry, lobbies and
consumer organizations as well as academics discussing the data collection
practices and business models as well as risks and opportunities for
consumers. The business model to (co)finance content and free services with
online advertisement that incorporates to a varying degree targeted
information and personal data is certainly pervasive also beyond gratis
offers. It is important however to tell apart the numerous online
advertising practices and assess whether and to what extent personal
information of users is involved. Companies and industry associations favour
good practice principles and self-regulation, and, inevitably, see consumer
control implemented with the opt-out mechanism. According to this spectrum,
users are empowered individually to control the use of their personal
information and collectively through the lever of brand value that would
caution companies. Critical interventions raised the need for special
protection of sensitive segments such as children and sensitive personal
data, a state of fairness in privacy policies and consent generation, and
the problem of multi-layered and networked data collection, leaving the user
largely unaware of who controls which personal information. Consumer
education about online advertising and the meaning of privacy policies and
consent emerged as a consensus from the discussion.
Member of European Parliament Stavros Lambrinidis, rapporteur of the
recent report on strengthening security and fundamental freedoms on the
Internet, stressed the necessity to prescribe limits to the 'consent' that
can be obtained from users regarding the processing of their personal data
in the digital marketplace. As reflected in his report, the imbalance of
negotiating power and knowledge between individual users and data
processing industry and authorities bears the risk that "Big Brother" will
come stealthily and with our "consent".
In the progress of the European Consumer Summit behavioral advertisement and
its consumer policy implications were prominently raised and wrapped up,
asking for:
a. the evaluation of different online advertising practices,
b. ways to improve consumer control and information,
c. the role and robustness of standards and best practices, and
d. how the fairness concept can be best transposed from offline to online.
In order to keep a channel for discussion open, the Directorate-General for
Health & Consumers proposed to set up a privacy blog on its webpage and
invited comments. The way forward was not specified and is further
complicated by the fact that online consumer data protection is situated at
the intersection of the tasks of theree Directorates - General: Health and
Consumers, Freedom Security and Justice, and Information Society and Media.
In the U.S., the Federal Trade Commission (FTC) examined online behavioral
advertisement to some length and published in February 2009 a Staff Report
on Self-Regulatory Principles for Online Behavioral Advertising.
Meglena Kuneva, European Consumer Commissioner, Keynote Speech (31.03.2009)
http://europa.eu/rapid/pressReleasesAction.do?reference=SPEECH/09/156&forma…
Report with a proposal for a European Parliament recommendation to the
Council on strengthening security and fundamental freedoms on the Internet
(25.02.2009)
http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//TEXT+REPORT+A6-…
FTC Staff Report on Self-Regulatory Principles for Online Behavioral
Advertising (12.02.2009),
http://www.ftc.gov/opa/2009/02/behavad.shtm
Center for Democracy & Technology, A Guide to Behavioral Advertising,
http://www.cdt.org/privacy/targeting/
Center for Democracy & Technology, Threshold Analysis for Online Advertising
Practices (28.01.2009)
http://cdt.org/press/20090128press.php
Internet Governance Forum (IGF), Workshop 83: The Future of Online Privacy:
"Online advertising and behavioral targeting" (5.12.2008),
http://www.intgovforum.org/cms/Contributions2009/Workshop-Report-IGF-vf.pdf
(contribution by Kristina Irion - Central European University)
============================================================
6. Second PrivacyOS Conference
============================================================
Meetings between researchers from universities with representatives from
industry, data protection authorities, standardizers from W3C and ISO and
NGOs to discuss privacy challenges and develop privacy infrastructures
represent the idea behind the European Privacy Open Space. The second
PrivacyOS event was held in Berlin, 1-3 April at the same time as
Re:publica.
As a PrivacyOS project partner, EDRI participated in conference with a
delegation of 4 persons representing its members: Andreas Krisch (Vibe!AT,
Austria), Leena Romppainen (Electronic Frontier Finland), Ralf Bendrath
(Netzwerk Neue Medien, Germany) and Filip Pospisil (Iuridicum Remedium,
Czech Republic). Other EDRI members, such as Metamorphosis (Macedonia) are
also partners in this project on their own. A huge number of presentations
were packed into the three day period, varying from eGovernment development
in Austria and Lithuania to UK database state and from Deep packet
inspection to eHealth. The presentations will be available from the
PrivacyOS web site in the near future.
On the Re:publica side, Stanford Law School professor, founder of
Creative Commons and author Lawrence Lessig gave a presentation about
copyright issues, illustrating his ideas and urging people to resist the
copyright extension being processed in the European Parliament.
Due to the events and presentations being on top of each other, it was
impossible to attend everything that was interesting, but PrivacyOS was
definitely worth going to for the wide variety of topics, forming contacts
and remixing ideas.
PrivacyOS
http://www.privacyos.eu/
Re:publica (1-2.04.2009)
http://www.re-publica.de/09/
Reject the Term Extension Directive
http://www.edri.org/reject-term-extention-directive
Every Vote Counts: the EU Copyright Term Extension Battle Heats Up (03.2009)
http://www.eff.org/deeplinks/2009/03/every-vote-counts-eu-copyright-term-ex…
Data Retention Austria - Second Attempt - Presentation by Andreas Krisch
(1.04.2009)
http://www.edri.org/files/Krisch_PrivacyOS_DR_Austria_20090401_03.pdf
(contribution by Leena Romppainen- EDRi-member EFFi)
============================================================
7. Phorm - under scrutiny at the European level
============================================================
On the event on 31 March 2009, the European Commissioner for consumers,
Meglena Kuneva, warned on the transparency in the online environment: "We
must establish the principles of transparency, clear language, opt-in or
opt-out options that are meaningful and easy to use. (...) I am talking
about the right to have a stable contract and the right to withdraw."
The concern of the Commission is related to Deep Packet Inspection (DPI)
technology experiments such as the profiling and ad-serving system Phorm
secret tests performed in UK by BT in 2006 and 2007.
In a report issued in March 2009, Free Press advocacy group considers the
use of DPI technologies is a threat to the open nature of the Internet.
"Improper use of DPI (deep packet inspection) can change the Internet as we
know it--turning an open and innovative platform into just another form of
pay-for-play media. (...) When a network provider chooses to install DPI
equipment, that provider knowingly arms itself with the capacity to monitor
and monetize the Internet in ways that threaten to destroy Net Neutrality
and the essential open nature of the Internet" says the report.
The report concludes that although DPI can help in solving network
congestion problems the "technology--the same electronics equipment, in
fact--also allows providers to monitor and monetize every use of the
Internet, and DPI vendors succeed by developing and marketing this
capability."
EDRi-member Open Rights Group (ORG) has recently sent a letter to the major
websites such as Microsoft, Google, YouTube, Facebook, AOL, Bebo, Yahoo,
Amazon and eBay, urging them to opt out the controversial Phorm technology.
A petition initiated by the group, signed by about 21 000 people, is asking
for the investigation of Phorm and its banning if the system breaches
privacy laws.
A spokeswoman for Phorm said most of the companies having received the ORG
letter were already using the targeted advertising offered by the system and
that many of them have proven "their commitment to user privacy as
signatories to the IAB UK's interest-based advertising good practice
principles".
While the UK peers consider that in relation to behavioural targeting, the
Information Commissioner's Office, responsible for enforcing EU privacy
regulations, had failed in its duty to consumers (as in 2008, ICO accepted
Phorm provided it got permission from users if the data collected was used
for "value added services."), the UK Government plans however to employ
similar technologies to track UK Internet users' behaviour. Viviane Reding,
the European Commission's telecoms commissioner who is currently
investigating Phorm believes an agreement with the UK government might be
possible on this matter.
In preparation of eventual regulatory measures, Kuneva's department is
initiating an informal investigation of online privacy and data collection.
In the meantime, Phorm continues its tests. On 30 March 2009, Phorm
officially announced a trial of its technology by Korea Telecom.
EU issues ultimatum on internet privacy (31.03.2009)
http://www.out-law.com//default.aspx?page=9915
Major Websites Are Urged To Reject Phorm Profiling (24.03.2009)
http://news.digitaltrends.com/news-article/19554/major-websites-are-urged-t…
Report Warns Against DPI Technology (20.03.2009)
http://www.mediapost.com/publications/?fa=Articles.showArticle&art_aid=1024…
EU Extends Deep Packet Inspection Technology Investigation (30.03.2009)
http://www.ispreview.co.uk/story/2009/03/30/eu-extends-deep-packet-inspecti…
Deep Packet Inspection - The end of the Internet as we know it? (03.2009)
http://www.freepress.net/files/Deep_Packet_Inspection_The_End_of_the_Intern…
EDRI-gram: UK Government ignores the European Commission regarding Phorm
(25.02.2009)
http://www.edri.org/edri-gram/number7.4/phorm-uk-ec
============================================================
8. ISPs asked to block child porn sites on the Internet
============================================================
In Germany, based on the initiative of the Federal Ministry of Family
Affairs, Senior Citizens, Women and Youth (BMFSFJ), the government has had
discussions for several months now on how to block child pornography sites
hosted on servers outside of the country. The German Government announced on
25 March 2009 a draft law that would cover rights and obligations of
telecommunication media content providers and would include the obligation
to block access to child pornography sites listed by a government agency.
According to BMFSFJ Minister Ursula von der Leyen who has been pushing for
some time for an agreement with big ISPs, "The rights of children carry more
weight than unhindered mass communication."
However, some members of the German Parliament and Justice Minister Brigitte
Zypries have shown reservations to a contractual solution considering a
regular law should cover the filtering regime as such measures could impact
on fundamental rights of citizens. Policies should be put in place in order
to deal with the liabilities in cases of errors.
The movement is criticised by the industry and non-governmental
organisations, which consider that blocking only makes access more difficult
but is not able to entirely prevent it. The EDRi-member FITUG (Fvrderverein
Informationstechnik und Gesellschaft) Germany has also warned on the fact
that, until now, blocking has been useless in fighting child pornography and
such measures might lead to blocking sites that have no relation to child
pornography as it has happened in other countries.
Blocking systems exist now in several European countries. The CIRCAMP
system, developed in Norway in 2004, which blocks entry to known child
pornography sites by a red stop sign graphic and a message, is used in nine
European countries among which the Netherlands, Denmark, Belgium,
Switzerland, and the United Kingdom.
In UK, 95% of the main UK ISPs have already adopted a similar service via
the Internet Watch Foundation (IWF). A system developed by BT, called
Cleanfeed, checks IP addresses against the child pornography blocklist
created by IWF and blocks users from accessing their content.
Malcolm Hutty, president of EuroISPA, representing ISPs from across Europe
at the EU, considers the EU plans to block sites will "increase risks to the
security, resilience and interoperability of the internet" and also stated:
"For technical reasons, blocking simply cannot provide the level of
protection that is necessary, and simple morality demands that we take
strong collective action to get child pornography removed from the Internet,
rather than simply hiding behind national firewalls," he added.
All the national plans seem to be in line with the new EU proposal to
legally bind all broadband ISPs in Europe to block "access by Internet users
to Internet pages containing or disseminating child pornography."
With the view to "combating the sexual abuse, sexual exploitation of
children and child pornography", the proposal for an EU framework decision
on prevention and settlement of conflicts of jurisdiction in criminal
procedures of 20 January 2009 asks that: "Each Member State shall take the
necessary measures to enable the competent judicial or police authorities to
order or similarly obtain the blocking of access by internet users to
internet pages containing or disseminating child pornography, subject to
adequate safeguards."
Germany Opts For ISP Filtering Of Child Pornography; NGOs Warn Of Unintended
Impact (30.03.2009)
http://www.ip-watch.org/weblog/2009/03/30/germany-opts-for-isp-filtering-of…
Germany Cracks Down on Child Porn Sites But Critics Want More Action
(25.03.2009)
http://www.dw-world.de/dw/article/0,,4126813,00.html
German Minister Announces Plans for Mandatory Web Filtering (16.01.2009)
http://www.zeropaid.com/news/9960/german_minister_announces_plans_for_manda…
Germany to implement obligatory block on child porn sites (16.01.2009)
http://www.thelocal.de/sci-tech/20090116-16825.html
UK.gov to get power to force ISPs to block child porn (2.04.2009)
http://www.theregister.co.uk/2009/04/02/eu_filtering_framework/
EU proposal for a Council Framework Decision on prevention and settlement of
conflicts of jurisdiction in criminal procedures (20.01.2009)
http://register.consilium.europa.eu/pdf/en/09/st05/st05208.en09.pdf
EU Proposal Could Force UK ISPs to Block Child Abuse Sites (2.04.2009)
http://www.ispreview.co.uk/story/2009/04/02/eu-proposal-could-force-uk-isps…
============================================================
9. Big Brother Awards France 2009
============================================================
The French Big Brother Awards ceremony, or 'Orwell Party', was held this
year on Saturday 4 April. The 2009 edition awarded 12 of the 35 nominees, in
6 categories, one of them being the positive 'Voltaire Award'. Armand
Mattelart, a renowned professor of Information and Communication Studies,
chaired the 2009 jury composed by 10 other members, among them academics,
artists, and representatives from French NGOs, including EDRI-member IRIS.
Awarding almost one third of the nominees is a sign that the Jury task was
hard this year, with the increase of surveillance and social control in
France.
The French ministry of Interior, Michhle Alliot-Marie, received the lifetime
menace award, for her 'immoderate taste for police files', which quantity
has increased by 70% in 3 years, as well as for her other 'qualities': her
'novlang' (video-surveillance is now called video-protection by French
officials), her 'incitements to denouncement', and her talent to construct
the 'internal enemy'.
The French ministry of Budget, Eric Woerth, received the State award. The
Jury wanted to particularly alert against the centralised database RNCPS to
be created, massively interconnecting data from the social sector in view of
fraud fighting, using the social security number as identifier. This, of
course, reminds the SAFARI project scandal that led to the adoption of the
French Data Protection Act in 1978.
The award for companies was given to the French mutual insurance system, a
not-for-profit organization, for 'its joint activism with private insurance
companies in order to access some medical data from the social security
administration'.
Paris Mayor, Bertrand Delanok, earned the local authorities award for 'his
conversion to video-surveillance', after he agreed to contribute to the
government efforts in this field, increasing by 4 times the number of
cameras in Paris, reaching 1200 of them in public areas.
The Novlang award has two ex aequo recipients. The first one is Humabio, an
EC funded research project on multimodal biometrics, most notably relying on
behavioural biometrics to 'increase freedom of movement'. The second
recipient is the family benefits sector of the social security system, for
having trained its employee using a method, called IGGACE, which goes even
further than a simple lie detector, since it is supposed to detect 'lying
intent'. The method was originally developed for the police sector.
Not only the jury gave an additional award as a 'special mention', but it
also awarded two ex aequo recipients. Fridiric Lefebvre, French MEP and
spokesperson of Nicolas Sarkozy's party, certainly deserved his award for
his 'incompetence and insistence to control the Internet', including by
supporting the French 'three strikes law'. The other recipients is the
'anonymous zealot': having seen the number of individual civil servants who
denounced irregular migrants, sometimes in breach of the professional
secret, decided to highlight this phenomenon through a generic category.
Finally, the Voltaire award or positive prize was given to three ex aequo
recipients, actually three coalitions that have been particularly active and
gain some success: the coalition against the EDVIGE police file, the
coalition of elementary and primary school directors against the central
database of children (Base ilhves), and the coalition against the use of
biometrics in schools. In addition, another Voltaire prize was awarded, as a
'special mention', to Mireille and Monique, two volunteers who help
irregular migrants based in Calais with the hope to reach the UK. This
simple humanitarian help is a highly risky activity in France, a country
where such help is now criminalized.
2009 Big Brother Awards France (only in French, 05.04.2009)
http://bigbrotherawards.eu.org/Les-decorations-promotion-2009.html
(Contribution by Meryem Merzouki - EDRi-member IRIS France)
============================================================
10. Recommended Reading
============================================================
Annual report for 2008 on access to EU documents
The most popular area for requests in Justice and Home Affairs. Just over
73% of the documents listed on the Council register are accessible
full-text. But, of course, the remaining 27% include many documents
concerning measures under discussion. There has been an increase in the
number of documents classified as "Restricted", where disclosure would be
"disadvantageous" to the interests of the EU or its member states - in 2008
there were 505 "Restricted" documents some 40% of which concerned justice
and home affairs (around 200+).
http://www.statewatch.org/news/2009/apr/eu-council-access-report-for-2008.p…
"The Economics of Intellectual Property. Suggestions for Further Research in
Developing Countries and Countries with Economies in Transition"
The series of papers in this publication were commissioned from renowned
international economists from all regions. They review the existing
empirical literature on six selected themes relating to the economics of
intellectual property, identify the key research questions, point out
research gaps and explore possible avenues for future research.
http://www.wipo.int/ip-development/en/economics/index.html
============================================================
11. Agenda
============================================================
21-23 April 2009, Winchester, UK
BILETA 2009 Annual Conference
http://www.winchester.ac.uk/?page=9871
23-24 April 2009, Brussels, Belgium
The future of intellectual property - Creativity and innovation in the
digital era
http://www.intellectualproperty-conference.eu
23-24 April 2009, Amsterdam, Netherlands
Second European Licensing and Legal Workshop organized by Free Software
Foundation Europe
http://www.fsfeurope.org/news/2009/news-20090323-01.en.html
22-23 May 2009, Florence, Italy
E-privacy: Towards total control
Call for papers deadline: 15 April 2009
http://e-privacy.winstonsmith.info/
23 May 2009, Florence, Italy
Big Brother Award Italia 2009
Nominations by 17 April 2009
http://bba.winstonsmith.info/
11 May 2009, Brussels, Belgium
GigaNet is organizing the 2nd international academic workshop on Global
Internet Governance: An Interdisciplinary Research Field in Construction.
http://giganet.igloogroups.org/publiclibr/giganetcos/2009brusse
13-14 May 2009 Uppsala, Sweden
Mashing-up Culture: The Rise of User-generated Content
http://www.counter2010.org/workshop_call
19-20 May 2009, Brussels, Belgium
European Commission organizes a personal data protection conference to look
at new challenges for privacy
http://ec.europa.eu/justice_home/fsj/privacy/news/docs/pr_03_03_09_en.pdf
24-28 May 2009, Venice, Italy
ICIMP 2009, The Fourth International Conference on Internet Monitoring
and Protection
http://www.iaria.org/conferences2009/ICIMP09.html
1-4 June 2009, Washington, DC, USA
Computers Freedom and Privacy 2009
http://www.cfp2009.org/
5 June 2009, London, UK
The Second Multidisciplinary Workshop on Identity in the Information
Society (IDIS 09): "Identity and the Impact of Technology"
http://is2.lse.ac.uk/idis/2009/
28-30 June 2009, Torino, Italy
COMMUNIA Conference 2009: Global Science & Economics of Knowledge-Sharing
Institutions
http://www.communia-project.eu/conf2009
2-3 July 2009, Padova, Italy
3rd FLOSS International Workshop on Free/Libre Open Source Software
http://www.decon.unipd.it/personale/curri/manenti/floss/floss09.html
13-16 August 2009, Vierhouten, The Netherlands
Hacking at Random
http://www.har2009.org/
23-27 August 2009, Milan, Italy
World Library and Information Congress: 75th IFLA General Conference and
Council: "Libraries create futures: Building on cultural heritage"
http://www.ifla.org/IV/ifla75/index.htm
10-12 September 2009, Potsdam, Germany
5th ECPR General Conference, Potsdam
Section: Protest Politics
Panel: The Contentious Politics of Intellectual Property
http://www.ecpr.org.uk/potsdam/default.asp
16-18 September 2009, Crete, Greece
World Summit on the Knowledge Society WSKS 2009
http://www.open-knowledge-society.org/
21-23 October 2009, Istanbul, Turkey
eChallenges 2009
http://www.echallenges.org/e2009/default.asp
16 October 2009, Bielefeld, Germany
10th German Big Brother Awards
Deadline for nominations: 15 July 2009
http://www.bigbrotherawards.de/
15-18 November 2009, Sharm El Sheikh, Egypt
UN Internet Governance Forum
http://www.intgovforum.org/
============================================================
12. About
============================================================
EDRI-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRI has 29 members based or with offices in 18 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge and
awareness through the EDRI-grams.
All contributions, suggestions for content, corrections or agenda-tips are
most welcome. Errors are corrected as soon as possible and visibly on the
EDRI website.
Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 3.0 License. See the full text at
http://creativecommons.org/licenses/by/3.0/
Newsletter editor: Bogdan Manolea <edrigram(a)edri.org>
Information about EDRI and its members:
http://www.edri.org/
European Digital Rights needs your help in upholding digital rights in the
EU. If you wish to help us promote digital rights, please consider making a
private donation.
http://www.edri.org/about/sponsoring
- EDRI-gram subscription information
subscribe by e-mail
To: edri-news-request(a)edri.org
Subject: subscribe
You will receive an automated e-mail asking to confirm your request.
unsubscribe by e-mail
To: edri-news-request(a)edri.org
Subject: unsubscribe
- EDRI-gram in Macedonian
EDRI-gram is also available partly in Macedonian, with delay. Translations
are provided by Metamorphosis
http://www.metamorphosis.org.mk/edrigram-mk.php
- EDRI-gram in German
EDRI-gram is also available in German, with delay. Translations are provided
Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for
Internet Users
http://www.unwatched.org/
- Newsletter archive
Back issues are available at:
http://www.edri.org/edrigram
- Help
Please ask <edrigram(a)edri.org> if you have any problems with subscribing or
unsubscribing.
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
On 11/8/05 5:49 PM, "poncenby smythe" <smythe(a)poncenby.plus.com> wrote:
>>
>> For the record, Tor developers (and many at the EFF) are indeed of
>> many reasons people have claimed that developing anonymity is bad. We
>> think about them a lot, and right now, we don't think that they're
>> correct. In fact, we discuss many of them in the abuse faq, the main
>> faq, and the "Challenges" paper.
>>
>> In case anybody cares.
>>
>
> I believe(and hope) a great many people care about this.
> Does anyone know of other papers written on the subject of 'abuse' of
> anonymous systems?
I am not aware of such a study. I'm not certain about the usefulness of such
a study. For 100s of years my ancestors have attempted to obtain the maximum
privacy possible, whether in Europe or the U.S. Frankly, we have moved away
from heavily populated areas, not because we were avoiding people, but
because we wanted to retreat to a private place, where we could have private
conversations.
Privacy is not a new desire. Once the Roman Church was outlawed in Britain,
Catholics just went underground and used secret means of communicating.
Witness the so-called secret societies that have existed over the centuries.
Freemasonry is but one example. In most dictatorships, Freemasons are
repressed and the society is driven underground. Hitler outlawed the
Freemasons. The Soviet Union drove them underground. However, in both cases
Freemasons continued to communicate via private channels with secret
handshakes, etc.
I don't mean to be long-winded, but many worthy causes have required private
communications. So, I suppose, there ARE studies over the millennia that
demonstrate the need for privacy. Early Christians worshipped and used
private communication channels. Of course, EFF web site demonstrates what is
at issue in areas of the world where governments are trying to prohibit
private communication - places like China.
> at the moment I personally feel that Tor is affording people with
> questionable intentions an extremely robust and simple to use method
> to conceal their identity. I have not read the 'challenges' paper
> but is it correct to think tor developers justify (if that is the
> right word) their developments by believing that if miscreants did
> not use Tor they would simply move onto another similar mechanism for
> conducting their business.
> or would taking the tor network down cause any kind of disruption?
>
> impossible questions....
The questions are very difficult, but not impossible, IMHO. In the U.S., we
have decided long ago that individuals would have as much individual
freedom, as long as the exercise thereof would not abridge anyone else's
freedom, health, property or safety. Privacy is evolved from individual
rights.
Therefore, IMHO, individuals can be held responsible for nefarious deeds,
but not the mechanism that allowed the crime - whether that be firearm, or
privacy service.
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
1
0
============================================================
EDRi-gram
biweekly newsletter about digital civil rights in Europe
Number 7.7, 8 April 2009
============================================================
Contents
============================================================
1. EP needs to protect users' rights in the Telecom Package!
2. French National Assembly votes for the three strikes law
3. European Parliament asks for respect of human rights on the Internet
4. Extended copyright term for sound recordings pushed back
5. Behavioural targeting at the European Consumer Summit
6. Second PrivacyOS Conference
7. Phorm - under scrutiny at the European level
8. ISPs asked to block child porn sites on the Internet
9. Big Brother Awards France 2009
10. Recommended Reading
11. Agenda
12. About
============================================================
1. EP needs to protect users' rights in the Telecom Package!
============================================================
The new developments on the Telecom Package over the last two weeks,
with the approval of a new text in the IMCO (Internal Market Committee) of
the European Parliament (EP) and the initiation of the trialogue between EU
Council, the European Commission and the Parliament in order to reach an
agreement on the final text, shows the worst situation for Internet users.
Although much of the MEPs seem happy with the new text that allows
"simplifying life for telecom users", they seem to forget that other
articles are raising much bigger problems for Internet users, especially
related to the 3 strikes proposal or to privacy on the Internet. And facing
the June 2009 Euro-elections, MEPs need to support the users' rights also
for the second reading of the text, which will probably take place during
the first week of May.
Thus, the much praised Amendment 138 adopted by a large majority of the MEPs
in the first instance has been turned up-side-down by the COREPER (Committee
of Permanent Representatives), which transformed it from a substantive law
provision (an amendment to the directive) into a simple recital and
completly change it in a pro-copyright amendment. Thus the new text says "no
restriction may be imposed on the fundamental rights of end-users, without a
prior decision taken by legally competent authorities".
By changing the initial text: "judicial authorities", the new text opens the
backdoor for the recently adopted 3 strikes law in France and shows the
weaknesses of the European Parliament rapporteur, Catherine Trautmann, that
gave in to pressure from the UK and France.
And this is not the only case where the EP has given in. In relation with
the scope of the data breach notification obligation for the providers of
telephony and Internet access services, this has been radically limited
comparing with the initial text adopted in the first reading by the EP. It
seems that the new text already negotiated in the trialogue discussions will
apply only for the the data breaches by electronic communication providers,
which is a major hold-back taking into consideration that most of the
"headlines" data breaches belonged to Government services, banks and online
services. The new text just forgets the excellent points made by Article 29
Working Group and the European Data Protection Supervisor, that pushed for a
larger constituency for this obligation.
Even though the European Parliament's Telecoms Package rapporteur, Catherine
Trautmann, and the European Commissioner of Information Society, Viviane
Reding had been publicly supportive of the net neutrality principle, it
seems that the negotiations might accept an amendment that will not give
users "unrestricted rights" of access to the Internet.
The new situation prompted a response from several Internet communications
companies such as Google, Microsoft and Skype that, gathered as the Voice on
the Net Coalition Europe urged "the European decision-makers to adopt
principles to allow consumers to access the services, applications and
content of their choice on any public network, regardless of the provider
that offers them." This move comes also after the announcement of T-Mobile
in Germany or Telefonica in Spain to block Skype on iPhones.
There is also a glimpse of good news, after it has been decided by the IMCO
that "voluntary data retention" clause should to be deleted. It also seems
that this compromise amendment will survive the trialogue negotiations.
Telecoms package: strengthening users' rights and internet security
(31.03.2009)
http://www.europarl.europa.eu/news/expert/infopress_page/058-52901-089-03-1…
Distorted amendment 138 tries to present graduated response as legal
(2.04.2009)
http://www.laquadrature.net/en/distorted-amendment-138-tries-to-present-gra…
European Parliament compromises on Internet rights (31.03.2009)
http://www.iptegrity.com/index.php?option=com_content&task=view&id=302&Item…
Trautmann deal wraps up Internet limitations (1.04.2009)
http://www.iptegrity.com/index.php?option=com_content&task=view&id=304&Item…
Leading Providers of Voice Solutions over the Internet Protest Against
Blocking or Degrading of VoIP applications over mobile networks, after
T-Mobile announcement (3.04.2009)
http://www.iptegrity.com/pdf/VON.europe.telecoms.package.pdf
Internet rights being written out as Spain blocks Skype (7.04.2009)
http://www.iptegrity.com/index.php?option=com_content&task=view&id=309&Item…
EDRi-gram:Data protection authorities support civil society on the Telecom
Package (25.02.2009)
http://www.edri.org/edri-gram/number7.4/data-protection-telecom-package
============================================================
2. French National Assembly votes for the three strikes law
============================================================
An almost empty National Assembly voted on 2 April 2009 in favour of the
extremely controversial law introducing the graduate response system in
France, in spite of the fierce opposition from privacy campaigners,
individuals, associations and even some French deputies.
The poor attendance of the Assembly at the vote is considered by some as one
of the reasons for the success of the draft law so strongly pushed by the
French Minister of Culture, Christine Albanel.
The approved text has undergone some modifications during the discussion in
the assembly. One of the voted amendments is apparently amnestying all the
Internet users sued for downloading. Actually the text refers only to users
accused of counterfeiting in relation to related rights.
One of the few victories of the opposition in the National Assembly was the
amendment allowing an Internet subscriber whose connection has been cut by
Hadopi to stop paying for the respective subscription related to the
Internet.
A so called Hallyday clause was voted, stipulating that illegal downloading
will not be subject to sanction when the author of the downloaded work
resides in a tax haven, such as is the case of French artist Johnny Hallyday
(hence the name of the clause) who lives now in Switzerland and pays a
minimum amount of taxes for the fortune he has earned in France from his
works.
Differently from the initial text where the sanctioned Internet user had
only 7 days to make an appeal to the court, the modified version allows now
a period of 30 days for the formulation of an appeal, after the notification
date.
Rapporteur Franck Riester introduced the proposal that Hadopi applies a
label to the legal downloading sites thus favouring the legal offers. The
amendment says that the search engines should thus emphasize the authorised
sites. Faced with opposition arguments and questions related to whether this
would force sites like Google to point out such sites, the rapporteur
answered that Google should not be affected and that the proposal was only
to create lists of legal sites.
The law gives entire freedom to Hadopi authority regarding the sanctions to
be taken against infringers. The authority may either cut the connection of
the user after three infringements or choose to ask the user to protect the
connection against downloading. The measure is to allow an institution, such
as a hospital, to keep its Internet connection. Therefore, a physical person
may have his connection cut but not an institution. Still, the decision will
belong to Hadopi authority which is free to choose the sanction according to
the user.
On 2 April, the Culture Minister has also confirmed that the Internet users
that want to be sure that they will not be considered liable under the
Hadopi law, should install filtering software on their computers. This
software, approved by Hadopi, will need to communicate with a remote server
showing that the software is active at the moment the alleged infringement
takes place.
Nicolas Maubert, attorney with Gide Loyrette Nouel, has argued that the
Hadopi law could be in breach of the protections provided by the French
Constitution and therefore might be challenged by the French judicial body.
"When a law seems so risky in its application, so unpredictable and random
from the technical point of view, it is not a good law and it takes
something from Courteline, a little from Kafka and a lot from Alfred
Jarry", stated opposition deputy Christian Paul.
Also, in view of the recent position of the European Parliament which has
voted for guaranteeing the Internet access to all citizens as a fundamental
human right, the French law may be is a critical position. However, during
the debates in the National Assembly, on 30 March, Christine Albanel, stated
that the European Parliament's votes against the graduate response had no
legal or political incidence.
And even if the point related to the cutting off of the Internet user is
solved, Hadopi authority will still have the power to apply fines and other
penalties and pass injunctions. French users who frequently download content
illegally might soon find themselves severely fined.
As last minute news, on 7 April, the Joint Mixed Commission (Commission Mixe
Paritaire - CMP), a commission including 7 deputies and 7 senators, supposed
to agree upon a compromise text on the draft law before the law is sent for
the final vote in the Parliament on 9 April, took its decision.
The graduated response mechanism proposed now is that Hadopy authority sends
two electronic warnings, followed by a registered letter to the alleged
illegal Internet downloaders. In case of non-compliance during a period of a
year, the infringers' access will be cut off for 2 months to one year or up
to three months in case the user commits to stop the infringement. CMP
rejected the amendment which proposed that Internet users sanctioned for
alleged illegal downloading should stop paying their subscription. So,
besides having their access cut off, they would also continue to pay for a
service they will not be able to use. Furthermore, the commission rejected
the amendment proposing an amnesty for Internet users prosecuted for illegal
downloading before the entering into force of the law.
The Commssion has also reduced the present period of 6 months to 4 months
from the issuing of a movie in cinema halls to the occurrence on DVDs.
In case the text is finally voted by the French Parliament on 9 April, the
socialists, who consider the law as "inefficient, useless, technically
inapplicable and which will not bring any euro to the creation", will appeal
to the Constitutional Council.
French pass 'three strikes' file-sharing law (3.04.2009)
http://www.theregister.co.uk/2009/04/03/french_three_strikes/
How the Assembly modified the Hadopi (only in French, 3.04.2009)
http://www.20minutes.fr/article/317785/High-Tech-Comment-l-Assemblee-a-modi…
The Criation et Internet law adopted in a quasi empty Assembly (only in
French, 2.04.2009)
http://www.20minutes.fr/article/317513/High-Tech-La-loi-Creation-et-Interne…
Draft law favouring the distribution and protection of the creation on the
internet, modified by the National Assembly in first reading (only in
French, 2.04.2009)
http://www.assembleenationale.org/13/ta/ta0249.asp
Hadopi adopted (only in French, 3.04.2009)
http://www.ecrans.fr/Hadopi-adoptee,6848.html
Hadopi debates: catching up session for the week-end (only in French,
3.04.2009)
http://www.numerama.com/magazine/12532-Debats-Hadopi-seance-de-rattrapage-p…
Hadopi: The Mixed Joint Commission (CMP) advanced for Tuesday (only in
French, 6.04.2009)
http://www.numerama.com/magazine/12550-Hadopi-la-Commission-Mixte-Paritaire…
Hadopi law: the "double pain" re-established before the final vote (only in
French, 8.04.2009)
http://www.challenges.fr/actualites/high_tech/20090408.CHA2775/piratage__la…
EDRI-gram: France: Three strikes law debated by the General Assembly
(25.03.2009)
http://www.edri.org/edri-gram/number7.6/3-strikes-france-assembly
============================================================
3. European Parliament asks for respect of human rights on the Internet
============================================================
On 26 March 2009, the European Parliament voted with a large majority to
support Lambrinidis report concerning the protection of individual liberties
on the Internet, rejecting the amendments proposed by the French Government
and the copyright industry.
The position of the EP is that "guaranteeing Internet access to all citizens
is the same as guaranteeing all citizens access to education" and that "such
access must not be refused in punishment by governments or private
organizations". The MEPs ask the Member States to "recognise that the
Internet can be an extraordinary opportunity to enhance active citizenship
and that, in this respect, access to networks and contents is one of the key
elements; recommend that this issue be further developed on the basis of the
assumption that everyone has a right to participate in the information
society and that institutions and stakeholders at all levels have a general
responsibility to assist in this development, thus attacking the twin new
challenges of e-illiteracy and democratic exclusion in the electronic age."
The report adopted by the MEPs acknowledges the necessity of providing
safety measures for the protection of Internet users, especially children,
due to the risks users may be exposed on the Internet which can be used as a
tool for criminals or terrorists. The report proposes actions against
cybercriminals but at the same time, asks for a balance between security on
the Internet and the guarantee of the fundamental rights of Internet users'
privacy. The MEPs call to Member States to protect the "respect for private
life, data protection, freedom of speech and association, freedom of press,
political expression and participation, non-discrimination and
education.(...) Having in view the global character of the Internet, the
MEPs recommend that Member States and the European Commission should draw
regulations for data protection, security and freedom of speech in order to
protect the privacy of Internet users," says the EP recommendation.
The EP also urges Member States to take due account of the "importance of
anonymity, pseudonymity and control of information flows for privacy and the
fact that users should be provided with, and educated about, the means to
protect it efficiently, for instance through various available
Privacy-Enhancing Technologies (PETs)." The recommandation asks the Member
States to identify all entities which use Net Surveillance and to draw up
publicly accessible annual reports on Net Surveillance ensuring legality,
proportionality and transparency.
In the EP's opinion, attention must be paid to "network neutrality,
interoperability, the global accessibility of all Internet nodes, and the
use of open formats and standards". EP also raises the issue of the Internet
users' consent for giving personal information to governments or private
companies, drawing the attention on the imbalance of the negotiating power
between users and institutions. The MEPs' position is that users should be
able to have the right to permanently delete any of their personal details
saved on "internet websites or on any third party data storage medium."
By rejecting France's amendments to the report, the EP has rejected again
the graduate response scheme pushed so hard by France. The EP considers that
the IPR enforcement does not need to use "the systematic monitoring and
surveillance of all users activities on the Internet" and that the penalties
need to be proportionate to the infringements committed.
The European Parliament also publicly supports the "Internet Bill of Rights"
and the promotion of the "privacy by design" principle.
Recomamndation on Security and fundamental freedoms on the Internet
(26.03.2009)
http://www.europarl.europa.eu/news/expert/infopress_page/017-52613-082-03-1…
EP recommendation on Strengthening security and fundamental freedoms on the
Internet (26.03.2009)
http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//TEXT+TA+P6-TA-2…
Lambrinidis report: pro-copyright changes rejected (26.03.2009)
http://www.iptegrity.com/index.php?option=com_content&task=view&id=292&Item…
The European Parliament rejects "graduated response"... for the third time
(26.03.2009)
http://www.laquadrature.net/en/the-european-parliament-rejects-graduated-re…
Privacy and Fundamental Freedoms Put to Vote (27.03.2009)
http://lavasoft.com/mylavasoft/securitycenter/blog/privacy-and-fundamental-…
EDRI-gram: EP wants a better balance between Internet security and privacy
rights (11.03.2009)
http://www.edri.org/edri-gram/number7.5/ep-balance-security-privacy
============================================================
4. Extended copyright term for sound recordings pushed back
============================================================
The proposal for the extension of the copyright terms for sound recordings
was rejected on 27 March 2009 by COREPER, which has the task to negotiate a
consensus before the EU Council of Ministers takes votes.
To the great disappointment of the recording industry, COREPER rejected the
extension of the copyright term as there was no consensus of the Member
States on the matter. A sufficient number of states opposed the legislative
proposal to constitute a "blocking minority".
So, the European Commission's intention to extend the term from the current
50 years to 95 years, although backed by the legal affairs committee in the
European Parliament is at least postponed. UK is one of the states having
changed its position in this matter, having reservations to the attempts of
industry lobbyists to oppose to a related retirement fund for future
musicians. The British government stated having voted against the proposal
because the "current text did not yet give sufficient benefit for
performers." UK would be in favour of a shorter extension of up to 70 years.
"It is clear that today's outcome will not kill off the proposals to extend
copyright term, but rather that member states need more time to consider
that details of the proposal and reach an agreement," said John Denham,
British MP, UK secretary of state for innovation.
The Featured Artists' Coalition (FAC) considers any extension of the
existing rights would only benefit record companies and that at the end of
the 50-year period, copyright should automatically transfer from record
labels to artists. "Record companies would simply gain another 45 years of
ownership, entrenching the terms of record contracts signed in an analogue
age," was FAC's statement.
The FAC has set up a different set of policies on copyright and intellectual
property than that of the music industry lobbying groups and has launched
a "Charter for fair play". The Charter states that artists should have the
"ultimate ownership of thei music" and that "rights holders should have a
fiduciary duty of care to ther originator of those rights and must always
explain how any agreement may affect how their work is exploited."
The coallition's opinion this will not be achieved by the extension of the
copyright term but by a change in the approach of the agreements between
artists and the music industry and in the up-dating of the legislation. "So
we will campaign for laws, regulations, business practices and policies that
protect artists' rights. We will stand up for all artists by engaging with
government, music and technology companies, and collection societies. We
will argue for fair play and will expose unfair practices," says the
Charter.
The EU Czech presidency will continue working on the proposal in order to
prepare a second reading for a possible agreement in the future.
EU governments vote against copyright extension in Brussels (1.04.2009)
http://www.openrightsgroup.org/2009/04/01/eu-governments-vote-against-copyr…
Europe split on music copyright extension (28.03.2009)
http://www.ft.com/cms/s/0/b1f9dd4e-1b0a-11de-8aa3-0000779fd2ac,dwp_uuid=bd2…
Every Vote Counts: the EU Copyright Term Extension Battle Heats Up
(30.03.2009)
http://www.eff.org/deeplinks/2009/03/every-vote-counts-eu-copyright-term-ex…
U.K. Biz 'Disappointed' At EU Term Extension Rejection (27.03.2009)
http://www.billboard.biz/bbbiz/content_display/industry/e3ie96e4a3e8c042db2…
Pop star union demands new kind of copyright extension (2.04.2009)
http://www.out-law.com//default.aspx?page=9922
FAC - A charter for fair play in the digital age
http://www.featuredartistscoalition.com/our_charter.html
EDRi-gram: Extension of copyright term postponed in the European Parliament
(25.03.2008)
http://www.edri.org/edri-gram/number7.6/copyright-extension-delayed
============================================================
5. Behavioural targeting at the European Consumer Summit
============================================================
The European Commission Directorate - General for Health & Consumers
organized the European Consumer Summit on "Consumer Trust in the Digital
Market Place" held in Brussels on 1 and 2 April, 2009. The agenda featured
policy workshops on 'Consumer challenges and opportunities in the digital
world' and 'Consumer advocacy'. Within the first topic, the whole range of
consumer concerns in the digital market place considered to be major
obstacles to the full take-off of business to consumer e-commerce and
possible solutions to create consumer trust were discussed. Thematically,
the topic of consumer data collection, profiling and targeting was arching
out pointing the heavy reliance on personal information in the digital
environment; something which captured policy makers' attention in Europe
fairly recently.
In a preceding 'Roundtable on Online Data Collection, Targeting and
Profiling' hosted by the Directorate-General for Health & Consumers on 31
March experts and stakeholders' input had been generated in order to feed
back into the main event. In her key note speech Commissioner Meglena Kuvena
observed that "personal data is the new oil of the Internet and the currency
of the digital world" - a reality to be accepted in exchange for free
content online. However, well established consumer protection principles,
including the applicable data protection regulations, are not fully complied
with in the "World Wide Web (...) turning out to be the world 'wild west'."
In order to reassert the confidence of the users and consumers, Mrs. Kuneva
sees privacy policies as the key to implement fairness and transparency
standards as well as meaningful consumer control. Her message to the
participants of the roundtable showed determination to enforce existing
regulation on the Internet and to regulate where adequate response to
consumer concerns on the issue of data collection and profiling is missing.
The roundtable proceeded with contributions from industry, lobbies and
consumer organizations as well as academics discussing the data collection
practices and business models as well as risks and opportunities for
consumers. The business model to (co)finance content and free services with
online advertisement that incorporates to a varying degree targeted
information and personal data is certainly pervasive also beyond gratis
offers. It is important however to tell apart the numerous online
advertising practices and assess whether and to what extent personal
information of users is involved. Companies and industry associations favour
good practice principles and self-regulation, and, inevitably, see consumer
control implemented with the opt-out mechanism. According to this spectrum,
users are empowered individually to control the use of their personal
information and collectively through the lever of brand value that would
caution companies. Critical interventions raised the need for special
protection of sensitive segments such as children and sensitive personal
data, a state of fairness in privacy policies and consent generation, and
the problem of multi-layered and networked data collection, leaving the user
largely unaware of who controls which personal information. Consumer
education about online advertising and the meaning of privacy policies and
consent emerged as a consensus from the discussion.
Member of European Parliament Stavros Lambrinidis, rapporteur of the
recent report on strengthening security and fundamental freedoms on the
Internet, stressed the necessity to prescribe limits to the 'consent' that
can be obtained from users regarding the processing of their personal data
in the digital marketplace. As reflected in his report, the imbalance of
negotiating power and knowledge between individual users and data
processing industry and authorities bears the risk that "Big Brother" will
come stealthily and with our "consent".
In the progress of the European Consumer Summit behavioral advertisement and
its consumer policy implications were prominently raised and wrapped up,
asking for:
a. the evaluation of different online advertising practices,
b. ways to improve consumer control and information,
c. the role and robustness of standards and best practices, and
d. how the fairness concept can be best transposed from offline to online.
In order to keep a channel for discussion open, the Directorate-General for
Health & Consumers proposed to set up a privacy blog on its webpage and
invited comments. The way forward was not specified and is further
complicated by the fact that online consumer data protection is situated at
the intersection of the tasks of theree Directorates - General: Health and
Consumers, Freedom Security and Justice, and Information Society and Media.
In the U.S., the Federal Trade Commission (FTC) examined online behavioral
advertisement to some length and published in February 2009 a Staff Report
on Self-Regulatory Principles for Online Behavioral Advertising.
Meglena Kuneva, European Consumer Commissioner, Keynote Speech (31.03.2009)
http://europa.eu/rapid/pressReleasesAction.do?reference=SPEECH/09/156&forma…
Report with a proposal for a European Parliament recommendation to the
Council on strengthening security and fundamental freedoms on the Internet
(25.02.2009)
http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//TEXT+REPORT+A6-…
FTC Staff Report on Self-Regulatory Principles for Online Behavioral
Advertising (12.02.2009),
http://www.ftc.gov/opa/2009/02/behavad.shtm
Center for Democracy & Technology, A Guide to Behavioral Advertising,
http://www.cdt.org/privacy/targeting/
Center for Democracy & Technology, Threshold Analysis for Online Advertising
Practices (28.01.2009)
http://cdt.org/press/20090128press.php
Internet Governance Forum (IGF), Workshop 83: The Future of Online Privacy:
"Online advertising and behavioral targeting" (5.12.2008),
http://www.intgovforum.org/cms/Contributions2009/Workshop-Report-IGF-vf.pdf
(contribution by Kristina Irion - Central European University)
============================================================
6. Second PrivacyOS Conference
============================================================
Meetings between researchers from universities with representatives from
industry, data protection authorities, standardizers from W3C and ISO and
NGOs to discuss privacy challenges and develop privacy infrastructures
represent the idea behind the European Privacy Open Space. The second
PrivacyOS event was held in Berlin, 1-3 April at the same time as
Re:publica.
As a PrivacyOS project partner, EDRI participated in conference with a
delegation of 4 persons representing its members: Andreas Krisch (Vibe!AT,
Austria), Leena Romppainen (Electronic Frontier Finland), Ralf Bendrath
(Netzwerk Neue Medien, Germany) and Filip Pospisil (Iuridicum Remedium,
Czech Republic). Other EDRI members, such as Metamorphosis (Macedonia) are
also partners in this project on their own. A huge number of presentations
were packed into the three day period, varying from eGovernment development
in Austria and Lithuania to UK database state and from Deep packet
inspection to eHealth. The presentations will be available from the
PrivacyOS web site in the near future.
On the Re:publica side, Stanford Law School professor, founder of
Creative Commons and author Lawrence Lessig gave a presentation about
copyright issues, illustrating his ideas and urging people to resist the
copyright extension being processed in the European Parliament.
Due to the events and presentations being on top of each other, it was
impossible to attend everything that was interesting, but PrivacyOS was
definitely worth going to for the wide variety of topics, forming contacts
and remixing ideas.
PrivacyOS
http://www.privacyos.eu/
Re:publica (1-2.04.2009)
http://www.re-publica.de/09/
Reject the Term Extension Directive
http://www.edri.org/reject-term-extention-directive
Every Vote Counts: the EU Copyright Term Extension Battle Heats Up (03.2009)
http://www.eff.org/deeplinks/2009/03/every-vote-counts-eu-copyright-term-ex…
Data Retention Austria - Second Attempt - Presentation by Andreas Krisch
(1.04.2009)
http://www.edri.org/files/Krisch_PrivacyOS_DR_Austria_20090401_03.pdf
(contribution by Leena Romppainen- EDRi-member EFFi)
============================================================
7. Phorm - under scrutiny at the European level
============================================================
On the event on 31 March 2009, the European Commissioner for consumers,
Meglena Kuneva, warned on the transparency in the online environment: "We
must establish the principles of transparency, clear language, opt-in or
opt-out options that are meaningful and easy to use. (...) I am talking
about the right to have a stable contract and the right to withdraw."
The concern of the Commission is related to Deep Packet Inspection (DPI)
technology experiments such as the profiling and ad-serving system Phorm
secret tests performed in UK by BT in 2006 and 2007.
In a report issued in March 2009, Free Press advocacy group considers the
use of DPI technologies is a threat to the open nature of the Internet.
"Improper use of DPI (deep packet inspection) can change the Internet as we
know it--turning an open and innovative platform into just another form of
pay-for-play media. (...) When a network provider chooses to install DPI
equipment, that provider knowingly arms itself with the capacity to monitor
and monetize the Internet in ways that threaten to destroy Net Neutrality
and the essential open nature of the Internet" says the report.
The report concludes that although DPI can help in solving network
congestion problems the "technology--the same electronics equipment, in
fact--also allows providers to monitor and monetize every use of the
Internet, and DPI vendors succeed by developing and marketing this
capability."
EDRi-member Open Rights Group (ORG) has recently sent a letter to the major
websites such as Microsoft, Google, YouTube, Facebook, AOL, Bebo, Yahoo,
Amazon and eBay, urging them to opt out the controversial Phorm technology.
A petition initiated by the group, signed by about 21 000 people, is asking
for the investigation of Phorm and its banning if the system breaches
privacy laws.
A spokeswoman for Phorm said most of the companies having received the ORG
letter were already using the targeted advertising offered by the system and
that many of them have proven "their commitment to user privacy as
signatories to the IAB UK's interest-based advertising good practice
principles".
While the UK peers consider that in relation to behavioural targeting, the
Information Commissioner's Office, responsible for enforcing EU privacy
regulations, had failed in its duty to consumers (as in 2008, ICO accepted
Phorm provided it got permission from users if the data collected was used
for "value added services."), the UK Government plans however to employ
similar technologies to track UK Internet users' behaviour. Viviane Reding,
the European Commission's telecoms commissioner who is currently
investigating Phorm believes an agreement with the UK government might be
possible on this matter.
In preparation of eventual regulatory measures, Kuneva's department is
initiating an informal investigation of online privacy and data collection.
In the meantime, Phorm continues its tests. On 30 March 2009, Phorm
officially announced a trial of its technology by Korea Telecom.
EU issues ultimatum on internet privacy (31.03.2009)
http://www.out-law.com//default.aspx?page=9915
Major Websites Are Urged To Reject Phorm Profiling (24.03.2009)
http://news.digitaltrends.com/news-article/19554/major-websites-are-urged-t…
Report Warns Against DPI Technology (20.03.2009)
http://www.mediapost.com/publications/?fa=Articles.showArticle&art_aid=1024…
EU Extends Deep Packet Inspection Technology Investigation (30.03.2009)
http://www.ispreview.co.uk/story/2009/03/30/eu-extends-deep-packet-inspecti…
Deep Packet Inspection - The end of the Internet as we know it? (03.2009)
http://www.freepress.net/files/Deep_Packet_Inspection_The_End_of_the_Intern…
EDRI-gram: UK Government ignores the European Commission regarding Phorm
(25.02.2009)
http://www.edri.org/edri-gram/number7.4/phorm-uk-ec
============================================================
8. ISPs asked to block child porn sites on the Internet
============================================================
In Germany, based on the initiative of the Federal Ministry of Family
Affairs, Senior Citizens, Women and Youth (BMFSFJ), the government has had
discussions for several months now on how to block child pornography sites
hosted on servers outside of the country. The German Government announced on
25 March 2009 a draft law that would cover rights and obligations of
telecommunication media content providers and would include the obligation
to block access to child pornography sites listed by a government agency.
According to BMFSFJ Minister Ursula von der Leyen who has been pushing for
some time for an agreement with big ISPs, "The rights of children carry more
weight than unhindered mass communication."
However, some members of the German Parliament and Justice Minister Brigitte
Zypries have shown reservations to a contractual solution considering a
regular law should cover the filtering regime as such measures could impact
on fundamental rights of citizens. Policies should be put in place in order
to deal with the liabilities in cases of errors.
The movement is criticised by the industry and non-governmental
organisations, which consider that blocking only makes access more difficult
but is not able to entirely prevent it. The EDRi-member FITUG (Fvrderverein
Informationstechnik und Gesellschaft) Germany has also warned on the fact
that, until now, blocking has been useless in fighting child pornography and
such measures might lead to blocking sites that have no relation to child
pornography as it has happened in other countries.
Blocking systems exist now in several European countries. The CIRCAMP
system, developed in Norway in 2004, which blocks entry to known child
pornography sites by a red stop sign graphic and a message, is used in nine
European countries among which the Netherlands, Denmark, Belgium,
Switzerland, and the United Kingdom.
In UK, 95% of the main UK ISPs have already adopted a similar service via
the Internet Watch Foundation (IWF). A system developed by BT, called
Cleanfeed, checks IP addresses against the child pornography blocklist
created by IWF and blocks users from accessing their content.
Malcolm Hutty, president of EuroISPA, representing ISPs from across Europe
at the EU, considers the EU plans to block sites will "increase risks to the
security, resilience and interoperability of the internet" and also stated:
"For technical reasons, blocking simply cannot provide the level of
protection that is necessary, and simple morality demands that we take
strong collective action to get child pornography removed from the Internet,
rather than simply hiding behind national firewalls," he added.
All the national plans seem to be in line with the new EU proposal to
legally bind all broadband ISPs in Europe to block "access by Internet users
to Internet pages containing or disseminating child pornography."
With the view to "combating the sexual abuse, sexual exploitation of
children and child pornography", the proposal for an EU framework decision
on prevention and settlement of conflicts of jurisdiction in criminal
procedures of 20 January 2009 asks that: "Each Member State shall take the
necessary measures to enable the competent judicial or police authorities to
order or similarly obtain the blocking of access by internet users to
internet pages containing or disseminating child pornography, subject to
adequate safeguards."
Germany Opts For ISP Filtering Of Child Pornography; NGOs Warn Of Unintended
Impact (30.03.2009)
http://www.ip-watch.org/weblog/2009/03/30/germany-opts-for-isp-filtering-of…
Germany Cracks Down on Child Porn Sites But Critics Want More Action
(25.03.2009)
http://www.dw-world.de/dw/article/0,,4126813,00.html
German Minister Announces Plans for Mandatory Web Filtering (16.01.2009)
http://www.zeropaid.com/news/9960/german_minister_announces_plans_for_manda…
Germany to implement obligatory block on child porn sites (16.01.2009)
http://www.thelocal.de/sci-tech/20090116-16825.html
UK.gov to get power to force ISPs to block child porn (2.04.2009)
http://www.theregister.co.uk/2009/04/02/eu_filtering_framework/
EU proposal for a Council Framework Decision on prevention and settlement of
conflicts of jurisdiction in criminal procedures (20.01.2009)
http://register.consilium.europa.eu/pdf/en/09/st05/st05208.en09.pdf
EU Proposal Could Force UK ISPs to Block Child Abuse Sites (2.04.2009)
http://www.ispreview.co.uk/story/2009/04/02/eu-proposal-could-force-uk-isps…
============================================================
9. Big Brother Awards France 2009
============================================================
The French Big Brother Awards ceremony, or 'Orwell Party', was held this
year on Saturday 4 April. The 2009 edition awarded 12 of the 35 nominees, in
6 categories, one of them being the positive 'Voltaire Award'. Armand
Mattelart, a renowned professor of Information and Communication Studies,
chaired the 2009 jury composed by 10 other members, among them academics,
artists, and representatives from French NGOs, including EDRI-member IRIS.
Awarding almost one third of the nominees is a sign that the Jury task was
hard this year, with the increase of surveillance and social control in
France.
The French ministry of Interior, Michhle Alliot-Marie, received the lifetime
menace award, for her 'immoderate taste for police files', which quantity
has increased by 70% in 3 years, as well as for her other 'qualities': her
'novlang' (video-surveillance is now called video-protection by French
officials), her 'incitements to denouncement', and her talent to construct
the 'internal enemy'.
The French ministry of Budget, Eric Woerth, received the State award. The
Jury wanted to particularly alert against the centralised database RNCPS to
be created, massively interconnecting data from the social sector in view of
fraud fighting, using the social security number as identifier. This, of
course, reminds the SAFARI project scandal that led to the adoption of the
French Data Protection Act in 1978.
The award for companies was given to the French mutual insurance system, a
not-for-profit organization, for 'its joint activism with private insurance
companies in order to access some medical data from the social security
administration'.
Paris Mayor, Bertrand Delanok, earned the local authorities award for 'his
conversion to video-surveillance', after he agreed to contribute to the
government efforts in this field, increasing by 4 times the number of
cameras in Paris, reaching 1200 of them in public areas.
The Novlang award has two ex aequo recipients. The first one is Humabio, an
EC funded research project on multimodal biometrics, most notably relying on
behavioural biometrics to 'increase freedom of movement'. The second
recipient is the family benefits sector of the social security system, for
having trained its employee using a method, called IGGACE, which goes even
further than a simple lie detector, since it is supposed to detect 'lying
intent'. The method was originally developed for the police sector.
Not only the jury gave an additional award as a 'special mention', but it
also awarded two ex aequo recipients. Fridiric Lefebvre, French MEP and
spokesperson of Nicolas Sarkozy's party, certainly deserved his award for
his 'incompetence and insistence to control the Internet', including by
supporting the French 'three strikes law'. The other recipients is the
'anonymous zealot': having seen the number of individual civil servants who
denounced irregular migrants, sometimes in breach of the professional
secret, decided to highlight this phenomenon through a generic category.
Finally, the Voltaire award or positive prize was given to three ex aequo
recipients, actually three coalitions that have been particularly active and
gain some success: the coalition against the EDVIGE police file, the
coalition of elementary and primary school directors against the central
database of children (Base ilhves), and the coalition against the use of
biometrics in schools. In addition, another Voltaire prize was awarded, as a
'special mention', to Mireille and Monique, two volunteers who help
irregular migrants based in Calais with the hope to reach the UK. This
simple humanitarian help is a highly risky activity in France, a country
where such help is now criminalized.
2009 Big Brother Awards France (only in French, 05.04.2009)
http://bigbrotherawards.eu.org/Les-decorations-promotion-2009.html
(Contribution by Meryem Merzouki - EDRi-member IRIS France)
============================================================
10. Recommended Reading
============================================================
Annual report for 2008 on access to EU documents
The most popular area for requests in Justice and Home Affairs. Just over
73% of the documents listed on the Council register are accessible
full-text. But, of course, the remaining 27% include many documents
concerning measures under discussion. There has been an increase in the
number of documents classified as "Restricted", where disclosure would be
"disadvantageous" to the interests of the EU or its member states - in 2008
there were 505 "Restricted" documents some 40% of which concerned justice
and home affairs (around 200+).
http://www.statewatch.org/news/2009/apr/eu-council-access-report-for-2008.p…
"The Economics of Intellectual Property. Suggestions for Further Research in
Developing Countries and Countries with Economies in Transition"
The series of papers in this publication were commissioned from renowned
international economists from all regions. They review the existing
empirical literature on six selected themes relating to the economics of
intellectual property, identify the key research questions, point out
research gaps and explore possible avenues for future research.
http://www.wipo.int/ip-development/en/economics/index.html
============================================================
11. Agenda
============================================================
21-23 April 2009, Winchester, UK
BILETA 2009 Annual Conference
http://www.winchester.ac.uk/?page=9871
23-24 April 2009, Brussels, Belgium
The future of intellectual property - Creativity and innovation in the
digital era
http://www.intellectualproperty-conference.eu
23-24 April 2009, Amsterdam, Netherlands
Second European Licensing and Legal Workshop organized by Free Software
Foundation Europe
http://www.fsfeurope.org/news/2009/news-20090323-01.en.html
22-23 May 2009, Florence, Italy
E-privacy: Towards total control
Call for papers deadline: 15 April 2009
http://e-privacy.winstonsmith.info/
23 May 2009, Florence, Italy
Big Brother Award Italia 2009
Nominations by 17 April 2009
http://bba.winstonsmith.info/
11 May 2009, Brussels, Belgium
GigaNet is organizing the 2nd international academic workshop on Global
Internet Governance: An Interdisciplinary Research Field in Construction.
http://giganet.igloogroups.org/publiclibr/giganetcos/2009brusse
13-14 May 2009 Uppsala, Sweden
Mashing-up Culture: The Rise of User-generated Content
http://www.counter2010.org/workshop_call
19-20 May 2009, Brussels, Belgium
European Commission organizes a personal data protection conference to look
at new challenges for privacy
http://ec.europa.eu/justice_home/fsj/privacy/news/docs/pr_03_03_09_en.pdf
24-28 May 2009, Venice, Italy
ICIMP 2009, The Fourth International Conference on Internet Monitoring
and Protection
http://www.iaria.org/conferences2009/ICIMP09.html
1-4 June 2009, Washington, DC, USA
Computers Freedom and Privacy 2009
http://www.cfp2009.org/
5 June 2009, London, UK
The Second Multidisciplinary Workshop on Identity in the Information
Society (IDIS 09): "Identity and the Impact of Technology"
http://is2.lse.ac.uk/idis/2009/
28-30 June 2009, Torino, Italy
COMMUNIA Conference 2009: Global Science & Economics of Knowledge-Sharing
Institutions
http://www.communia-project.eu/conf2009
2-3 July 2009, Padova, Italy
3rd FLOSS International Workshop on Free/Libre Open Source Software
http://www.decon.unipd.it/personale/curri/manenti/floss/floss09.html
13-16 August 2009, Vierhouten, The Netherlands
Hacking at Random
http://www.har2009.org/
23-27 August 2009, Milan, Italy
World Library and Information Congress: 75th IFLA General Conference and
Council: "Libraries create futures: Building on cultural heritage"
http://www.ifla.org/IV/ifla75/index.htm
10-12 September 2009, Potsdam, Germany
5th ECPR General Conference, Potsdam
Section: Protest Politics
Panel: The Contentious Politics of Intellectual Property
http://www.ecpr.org.uk/potsdam/default.asp
16-18 September 2009, Crete, Greece
World Summit on the Knowledge Society WSKS 2009
http://www.open-knowledge-society.org/
21-23 October 2009, Istanbul, Turkey
eChallenges 2009
http://www.echallenges.org/e2009/default.asp
16 October 2009, Bielefeld, Germany
10th German Big Brother Awards
Deadline for nominations: 15 July 2009
http://www.bigbrotherawards.de/
15-18 November 2009, Sharm El Sheikh, Egypt
UN Internet Governance Forum
http://www.intgovforum.org/
============================================================
12. About
============================================================
EDRI-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRI has 29 members based or with offices in 18 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge and
awareness through the EDRI-grams.
All contributions, suggestions for content, corrections or agenda-tips are
most welcome. Errors are corrected as soon as possible and visibly on the
EDRI website.
Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 3.0 License. See the full text at
http://creativecommons.org/licenses/by/3.0/
Newsletter editor: Bogdan Manolea <edrigram(a)edri.org>
Information about EDRI and its members:
http://www.edri.org/
European Digital Rights needs your help in upholding digital rights in the
EU. If you wish to help us promote digital rights, please consider making a
private donation.
http://www.edri.org/about/sponsoring
- EDRI-gram subscription information
subscribe by e-mail
To: edri-news-request(a)edri.org
Subject: subscribe
You will receive an automated e-mail asking to confirm your request.
unsubscribe by e-mail
To: edri-news-request(a)edri.org
Subject: unsubscribe
- EDRI-gram in Macedonian
EDRI-gram is also available partly in Macedonian, with delay. Translations
are provided by Metamorphosis
http://www.metamorphosis.org.mk/edrigram-mk.php
- EDRI-gram in German
EDRI-gram is also available in German, with delay. Translations are provided
Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for
Internet Users
http://www.unwatched.org/
- Newsletter archive
Back issues are available at:
http://www.edri.org/edrigram
- Help
Please ask <edrigram(a)edri.org> if you have any problems with subscribing or
unsubscribing.
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
Google has an orientation that is opposed to my agenda.
I joined the internet in 1992. It was a pretty decentralized place,
and any person on it could set up an online service accessible to any
other person on it; but you pretty much had to write your service in C
(less of a security worry at the time) and it was easy to get in
trouble by bogging down the DECStation you shared with fifty other
people. So it was such a hassle that there were only a few dozen
online services, plus a few thousand FTP sites. As an example, there
were no public porn sites, although there was lots of porn.
A few years later, when the internet hit mainstream, it was a
decentralizing force; server-centric Novell LANs and
mainframe-terminal networks gave way to workstation networks, where
anybody at the company, or anybody with an ISP account, could set up a
web server on their personal workstation with a little trouble.
I started running my own mail and web server when I moved to Ohio in
1997, and Ibve been running one ever since, first alone and later with
half a dozen friends. Until 2001 it was on dialup, which was fine,
although obviously there are limits on how much traffic I could cope
with.
But this rosy picture is complicated by centralizing forces. Apple
wants to relegate websites to second-class status on their popular
computers, and exercises viewpoint censorship on what b appsb
they
allow in their b app storeb
. Google wants you to keep your mail in
Gmail instead of on your home computer (if you kept your mail on your
home computer, youbd keep your backups on your friendsb home
computers), and theybll delete your account with no recourse if you
admit youbre only 10. Microsoft wonbt let you run unsigned device
drivers on your own computer any more. Facebook wants to know every
web page you visit, anywhere on the internet, and log that information
permanently for later analysis.
And email from our little mail server automatically gets dropped into
the spam box on Gmail these days. Not sure why. Apparently our
domain has a b bad reputationb
, but even finding that out required an
inside connection; no way to find out more.
I imagine a different future, where if Alice wants to talk to Bob and
Bob wants to talk to Alice, therebs no unaccountable intermediary that
can interfere with their communication, whether theybre speaking text,
or video, or 3-D models, or simulation. If Alicebs email gets marked
as spam, Bob ought to be able to find out why b and fix it! I imagine
a future where every human being can participate in creating the
culture they live in, without needing permission from anybody, and
without fearing repercussions.
Webre a lot closer to that world today than we were in 1992, and the
evidence suggests that it is to that that we owe the collapse of
oppressive regimes throughout the Middle East and Northern Africa; the
revelation and destruction of the nascent government-funded slander
campaign against Glenn Greenwald and other WikiLeaks supporters; and
the public discovery of the CIAbs b extraordinary renditionb
flights.
If we successfully beat back the global menaces of governmental
corruption, global warming, overfishing, and terrorism, it will be
because we were able to collaborate and organize more effectively
around the world by means of this new medium.
Google, of course, wants to solve these problems too. But it has a
different, less-democratic approach in mind. While of course the
company contains an enormous diversity of opinion internally, their
approach publicly has been somewhat paternalistic, and their
engineering culture is organized around big centralized solutions;
warehouse-scale computing, as the title of Barroso and HC6lzlebs
excellent book puts it.
Googlebs undemocratic orientation sometimes leads them to impose
policies at odds with my vision of the future. Their b real namesb
policy on Google+ is one example; it makes it likely that only people
who feel they have no repercussions to fear from anyone, ever, will
write there. There has been quite a [backlash][], but they do not
appear to be interested in compromising.
[backlash]: http://my.nameis.me/
A rather shocking view of the depth of some Googlersb commitment to
centralized computing can be found in [Steven Levybs recent
article][Skype]. After thinking about it for a while, I realized they
were right factually, if not normatively: peer-to-peer overlay
networks are [inherently inefficient][] on todaybs residential
internet.
[Skype]: http://www.stevenlevy.com/index.php/05/10/why-google-does-not-own-skype
(Why Google does not own Skype, 2011-05-10, by Steven Levy)
[inherently inefficient]: http://lists.canonical.org/pipermail/kragen-tol/2011-August/000935.html
(b Peer-to-peer overlay networks are a bad idea on a DSL-based internetb
, by me, 2011-08-18.)
I believe that warehouse-scale client-server computing will, in the
end, undermine the kind of democratic freedom of communication that we
need to deal with todaybs global menaces. Itbs more practical than
peer-to-peer computing at the moment, but that pendulum has swung back
and forth several times over the decades. (Some of my friends were
among the first employees of a hot cloud-computing startup, in 1964,
called Tymshare.) The proper response to the current impracticality
of decentralized computing is not to sigh and build centralized
systems. The proper response is to build the systems to *make
decentralized computing practical again*.
Google is not institutionally opposed to this; theybve funded
substantial and important work on it. Nevertheless, because of their
overall orientation toward centralized solutions with
undemocratically-imposed policies, I believe working there would be a
further distraction from that goal. Worse, with every advance that
companies like Google and Apple make, the higher is the bar that
decentralized systems must leap to achieve real adoption.
Ibm not making much progress on that. My friends Len Sassaman (who
committed suicide in the first few days of July), Bram Cohen, Jacob
Appelbaum, and Zooko ObWhielacronx have made substantial
contributions. But I donbt think Ibd make *more* progress at Google,
and I might make *negative* progress.
So thatbs why I donbt want to work at Google.
--
To unsubscribe: http://lists.canonical.org/mailman/listinfo/kragen-tol
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
On 11/8/05 5:49 PM, "poncenby smythe" <smythe(a)poncenby.plus.com> wrote:
>>
>> For the record, Tor developers (and many at the EFF) are indeed of
>> many reasons people have claimed that developing anonymity is bad. We
>> think about them a lot, and right now, we don't think that they're
>> correct. In fact, we discuss many of them in the abuse faq, the main
>> faq, and the "Challenges" paper.
>>
>> In case anybody cares.
>>
>
> I believe(and hope) a great many people care about this.
> Does anyone know of other papers written on the subject of 'abuse' of
> anonymous systems?
I am not aware of such a study. I'm not certain about the usefulness of such
a study. For 100s of years my ancestors have attempted to obtain the maximum
privacy possible, whether in Europe or the U.S. Frankly, we have moved away
from heavily populated areas, not because we were avoiding people, but
because we wanted to retreat to a private place, where we could have private
conversations.
Privacy is not a new desire. Once the Roman Church was outlawed in Britain,
Catholics just went underground and used secret means of communicating.
Witness the so-called secret societies that have existed over the centuries.
Freemasonry is but one example. In most dictatorships, Freemasons are
repressed and the society is driven underground. Hitler outlawed the
Freemasons. The Soviet Union drove them underground. However, in both cases
Freemasons continued to communicate via private channels with secret
handshakes, etc.
I don't mean to be long-winded, but many worthy causes have required private
communications. So, I suppose, there ARE studies over the millennia that
demonstrate the need for privacy. Early Christians worshipped and used
private communication channels. Of course, EFF web site demonstrates what is
at issue in areas of the world where governments are trying to prohibit
private communication - places like China.
> at the moment I personally feel that Tor is affording people with
> questionable intentions an extremely robust and simple to use method
> to conceal their identity. I have not read the 'challenges' paper
> but is it correct to think tor developers justify (if that is the
> right word) their developments by believing that if miscreants did
> not use Tor they would simply move onto another similar mechanism for
> conducting their business.
> or would taking the tor network down cause any kind of disruption?
>
> impossible questions....
The questions are very difficult, but not impossible, IMHO. In the U.S., we
have decided long ago that individuals would have as much individual
freedom, as long as the exercise thereof would not abridge anyone else's
freedom, health, property or safety. Privacy is evolved from individual
rights.
Therefore, IMHO, individuals can be held responsible for nefarious deeds,
but not the mechanism that allowed the crime - whether that be firearm, or
privacy service.
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
1
0
Google has an orientation that is opposed to my agenda.
I joined the internet in 1992. It was a pretty decentralized place,
and any person on it could set up an online service accessible to any
other person on it; but you pretty much had to write your service in C
(less of a security worry at the time) and it was easy to get in
trouble by bogging down the DECStation you shared with fifty other
people. So it was such a hassle that there were only a few dozen
online services, plus a few thousand FTP sites. As an example, there
were no public porn sites, although there was lots of porn.
A few years later, when the internet hit mainstream, it was a
decentralizing force; server-centric Novell LANs and
mainframe-terminal networks gave way to workstation networks, where
anybody at the company, or anybody with an ISP account, could set up a
web server on their personal workstation with a little trouble.
I started running my own mail and web server when I moved to Ohio in
1997, and Ibve been running one ever since, first alone and later with
half a dozen friends. Until 2001 it was on dialup, which was fine,
although obviously there are limits on how much traffic I could cope
with.
But this rosy picture is complicated by centralizing forces. Apple
wants to relegate websites to second-class status on their popular
computers, and exercises viewpoint censorship on what b appsb they
allow in their b app storeb. Google wants you to keep your mail in
Gmail instead of on your home computer (if you kept your mail on your
home computer, youbd keep your backups on your friendsb home
computers), and theybll delete your account with no recourse if you
admit youbre only 10. Microsoft wonbt let you run unsigned device
drivers on your own computer any more. Facebook wants to know every
web page you visit, anywhere on the internet, and log that information
permanently for later analysis.
And email from our little mail server automatically gets dropped into
the spam box on Gmail these days. Not sure why. Apparently our
domain has a b bad reputationb, but even finding that out required an
inside connection; no way to find out more.
I imagine a different future, where if Alice wants to talk to Bob and
Bob wants to talk to Alice, therebs no unaccountable intermediary that
can interfere with their communication, whether theybre speaking text,
or video, or 3-D models, or simulation. If Alicebs email gets marked
as spam, Bob ought to be able to find out why b and fix it! I imagine
a future where every human being can participate in creating the
culture they live in, without needing permission from anybody, and
without fearing repercussions.
Webre a lot closer to that world today than we were in 1992, and the
evidence suggests that it is to that that we owe the collapse of
oppressive regimes throughout the Middle East and Northern Africa; the
revelation and destruction of the nascent government-funded slander
campaign against Glenn Greenwald and other WikiLeaks supporters; and
the public discovery of the CIAbs b extraordinary renditionb flights.
If we successfully beat back the global menaces of governmental
corruption, global warming, overfishing, and terrorism, it will be
because we were able to collaborate and organize more effectively
around the world by means of this new medium.
Google, of course, wants to solve these problems too. But it has a
different, less-democratic approach in mind. While of course the
company contains an enormous diversity of opinion internally, their
approach publicly has been somewhat paternalistic, and their
engineering culture is organized around big centralized solutions;
warehouse-scale computing, as the title of Barroso and HC6lzlebs
excellent book puts it.
Googlebs undemocratic orientation sometimes leads them to impose
policies at odds with my vision of the future. Their b real namesb
policy on Google+ is one example; it makes it likely that only people
who feel they have no repercussions to fear from anyone, ever, will
write there. There has been quite a [backlash][], but they do not
appear to be interested in compromising.
[backlash]: http://my.nameis.me/
A rather shocking view of the depth of some Googlersb commitment to
centralized computing can be found in [Steven Levybs recent
article][Skype]. After thinking about it for a while, I realized they
were right factually, if not normatively: peer-to-peer overlay
networks are [inherently inefficient][] on todaybs residential
internet.
[Skype]: http://www.stevenlevy.com/index.php/05/10/why-google-does-not-own-skype
(Why Google does not own Skype, 2011-05-10, by Steven Levy)
[inherently inefficient]: http://lists.canonical.org/pipermail/kragen-tol/2011-August/000935.html
(b Peer-to-peer overlay networks are a bad idea on a DSL-based internetb, by me, 2011-08-18.)
I believe that warehouse-scale client-server computing will, in the
end, undermine the kind of democratic freedom of communication that we
need to deal with todaybs global menaces. Itbs more practical than
peer-to-peer computing at the moment, but that pendulum has swung back
and forth several times over the decades. (Some of my friends were
among the first employees of a hot cloud-computing startup, in 1964,
called Tymshare.) The proper response to the current impracticality
of decentralized computing is not to sigh and build centralized
systems. The proper response is to build the systems to *make
decentralized computing practical again*.
Google is not institutionally opposed to this; theybve funded
substantial and important work on it. Nevertheless, because of their
overall orientation toward centralized solutions with
undemocratically-imposed policies, I believe working there would be a
further distraction from that goal. Worse, with every advance that
companies like Google and Apple make, the higher is the bar that
decentralized systems must leap to achieve real adoption.
Ibm not making much progress on that. My friends Len Sassaman (who
committed suicide in the first few days of July), Bram Cohen, Jacob
Appelbaum, and Zooko ObWhielacronx have made substantial
contributions. But I donbt think Ibd make *more* progress at Google,
and I might make *negative* progress.
So thatbs why I donbt want to work at Google.
--
To unsubscribe: http://lists.canonical.org/mailman/listinfo/kragen-tol
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
Okay.... I'm going to summarize this protocol as I understand it.
I'm filling in some operational details that aren't in the paper
by supplementing what you wrote with what my own "design sense"
tells me are critical missing bits or "obvious" methodologies for
use.
First, people spend computer power creating a pool of coins to use
as money. Each coin is a proof-of-work meeting whatever criteria
were in effect for money at the time it was created. The time of
creation (and therefore the criteria) is checkable later because
people can see the emergence of this particular coin in the
transaction chain and track it through all its "consensus view"
spends. (more later on coin creation tied to adding a link).
When a coin is spent, the buyer and seller digitally sign a (blinded)
transaction record, and broadcast it to a bunch of nodes whose purpose
is keeping track of consensus regarding coin ownership. If someone
double spends, then the transaction record can be unblinded revealing
the identity of the cheater. This is done via a fairly standard cut-
and-choose algorithm where the buyer responds to several challenges
with secret shares, and the seller then asks him to "unblind" and
checks all but one, verifying that they do contain secret shares any
two of which are sufficient to identify the buyer. In this case the
seller accepts the unblinded spend record as "probably" containing
a valid secret share.
The nodes keeping track of consensus regarding coin ownership are in
a loop where they are all trying to "add a link" to the longest chain
they've so far recieved. They have a pool of reported transactions
which they've not yet seen in a "consensus" signed chain. I'm going
to call this pool "A". They attempt to add a link to the chain by
moving everything from pool A into a pool "L" and using a CPU-
intensive digital signature algorithm to sign the chain including
the new block L. This results in a chain extended by a block
containing all the transaction records they had in pool L, plus
the node's digital signature. While they do this, new
transaction records continue to arrive and go into pool A again
for the next cycle of work.
They may also recieve chains as long as the one they're trying to
extend while they work, in which the last few "links" are links
that are *not* in common with the chain on which they're working.
These they ignore. (? Do they ignore them? Under what
circumstances would these become necessary to ever look at again,
bearing in mind that any longer chain based on them will include
them?)
But if they recieve a _longer_ chain while working, they
immediately check all the transactions in the new links to make
sure it contains no double spends and that the "work factors" of
all new links are appropriate. If it contains a double spend,
then they create a "transaction" which is a proof of double
spending, add it to their pool A, broadcast it, and continue work.
If one of the "new" links has an inappropriate work factor (ie,
someone didn't put enough CPU into it for it to be "licit"
according to the rules) a new "transaction" which is a proof
of the protocol violation by the link-creating node is created,
broadcast, and added to pool A, and the chain is rejected. In
the case of no double spends and appropriate work factors for
all links not yet seen, they accept the new chain as consensus.
If the new chain is accepted, then they give up on adding their
current link, dump all the transactions from pool L back into pool
A (along with transactions they've recieved or created since
starting work), eliminate from pool A those transaction records
which are already part of a link in the new chain, and start work
again trying to extend the new chain.
If they complete work on a chain extended with their new link, they
broadcast it and immediately start work on another new link with
all the transactions that have accumulated in pool A since they
began work.
Do I understand it correctly?
Biggest Technical Problem:
Is there a mechanism to make sure that the "chain" does not consist
solely of links added by just the 3 or 4 fastest nodes? 'Cause a
broadcast transaction record could easily miss those 3 or 4 nodes
and if it does, and those nodes continue to dominate the chain, the
transaction might never get added.
To remedy this, you need to either ensure provable propagation of
transactions, or vary the work factor for a node depending on how
many links have been added since that node's most recent link.
Unfortunately, both measures can be defeated by sock puppets.
This is probably the worst problem with your protocol as it
stands right now; you need some central point to control the
identities (keys) of the nodes and prevent people from making
new sock puppets.
Provable propagation would mean that When Bob accepts a new chain
from Alice, he needs to make sure that Alice has (or gets) all
transactions in his "A" and "L" pools. He sends them, and
Alice sends back a signed hash to prove she got them. Once
Alice has recieved this block of transactions, if any subsequent
chains including a link added by Alice do not include those
transactions at or before that link, then Bob should be able to
publish the block he sent Alice, along with her signature, in a
transaction as proof that Alice violated protocol. Sock puppets
defeat this because Alice just signs subsequent chains using a
new key, pretending to be a different node.
If we go with varying the work factor depending on how many new
links there are, then we're right back to domination by the 3
or 4 fastest nodes, except now they're joined by 600 or so
sock puppets which they use to avoid the work factor penalty.
If we solve the sock-puppet issue, or accept that there's a central
point controlling the generation of new keys, then generation of
coins should be tied to the act of successfully adding a block to
the "consensus" chain. This is simple to do; creation of a coin
is a transaction, it gets added along with all the other transactions
in the block. But you can only create one coin per link, and of
course if your version of the chain isn't the one that gets accepted,
then in the "accepted" view you don't have the coin and can't spend
it. This gives the people maintaining the consensus database a
reason to spend CPU cycles, especially since the variance in work
factor by number of links added since their own last link (outlined
above) guarantees that everyone, not just the 3 or 4 fastest nodes,
occasionally gets the opportunity to create a coin.
Also, the work requirement for adding a link to the chain should
vary (again exponentially) with the number of links added to that
chain in the previous week, causing the rate of coin generation
(and therefore inflation) to be strictly controlled.
You need coin aggregation for this to scale. There needs to be
a "provable" transaction where someone retires ten single coins
and creates a new coin with denomination ten, etc. This is not
too hard, using the same infrastructure you've already got; it
simply becomes part of the chain, and when the chain is accepted
consensus, then everybody can see that it happened.
Bear
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo(a)metzdowd.com
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
WT: FBI up for private screens
By Guy Taylor
THE WASHINGTON TIMES
Published March 26, 2004
_________________________________________________________________
The FBI and the Department of Homeland Security are developing a
database that will allow private companies to submit lists of
individuals to be screened for a connection to terrorism, the FBI
Terrorist Screening Center Director Donna A. Bucella told legislators
yesterday.
The database "will eventually allow private-sector entities, such
as operators of critical infrastructure facilities or organizers of
large events, to submit a list of persons associated with those events
to the U.S. government to be screened for any nexus to terrorism,"
Miss Bucella said at a joint hearing of the House Judiciary and
Homeland Security subcommittees.
The screening center oversees the master database of known and
suspected terrorists, which became operational in December. That
database, created by the FBI and the Department of Homeland Security,
was developed to ensure investigators, screeners and agents work off a
unified set of antiterrorist information.
In his opening statement for the hearing, Rep. Christopher Cox,
California Republican and chairman of the House Select Committee on
Homeland Security, said the screening center's support is
"particularly important to our nation's first responders, our border
protection officials, and the consular officers who adjudicate
hundreds of visa applications every day."
However, Mr. Cox also raised concerns about the need for the watch
list not to violate the privacy of Americans. "To be the right
solution, the TSC must not come at the price of the civil rights or
First Amendment freedoms of American citizens," he said.
Civil liberties groups say federal law-enforcement and
intelligence officials are keeping the terror watch lists so secret by
that mistakes are inevitable.
Mrs. Bucella said a process to address "misidentification issues"
is in place.
"We recognize that with all of these capabilities also comes the
responsibility to ensure that we continue to protect our civil
liberties," she said. "Procedures are in place to review and promptly
adjust or delete erroneous or outdated domestic terrorism
information."
After the deadly hijackings of September 11, 2001, the Bush
administration attempted to stem confusion caused by the existence of
multiple terrorist watch lists by establishing a joint FBI-CIA
Terrorist Threat Integration Center (TTIC), consolidating more than a
dozen previous lists, including the State Department's TIPOFF database
of more than 110,000 known and suspected terrorists.
In September, a few days after the two-year anniversary of the
hijackings that killed about 3,000 people, officials announced the
creation of the TSC to consolidate watch lists and provide
round-the-clock operation support for federal screeners across the
country and around the world.
Mrs. Bucella outlined several successes since the TSC became
operational in September, including the establishment of a
consolidated 24-hour call center that law-enforcement authorities can
call to determine whether an individual in question is a suspected
terrorist.
After a positive or negative match, "we help coordinate operation
support as to how the person should be handled," Mrs. Bucella said.
The system has fielded 2,000 calls since its inception.
------------------------ Yahoo! Groups Sponsor ---------------------~-->
Buy Ink Cartridges or Refill Kits for your HP, Epson, Canon or Lexmark
Printer at MyInks.com. Free s/h on orders $50 or more to the US & Canada.
http://www.c1tracking.com/l.asp?cid=5511
http://us.click.yahoo.com/mOAaAA/3exGAA/qnsNAA/PMYolB/TM
---------------------------------------------------------------------~->
-----BEGIN TRANSHUMANTECH SIGNATURE-----
Post message: transhumantech(a)yahoogroups.com
Subscribe: transhumantech-subscribe(a)yahoogroups.com
Unsubscribe: transhumantech-unsubscribe(a)yahoogroups.com
List owner: transhumantech-owner(a)yahoogroups.com
List home: http://www.yahoogroups.com/group/transhumantech/
-----END TRANSHUMANTECH SIGNATURE-----
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/transhumantech/
<*> To unsubscribe from this group, send an email to:
transhumantech-unsubscribe(a)yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net
[demime 1.01d removed an attachment of type application/pgp-signature]
1
0
Okay.... I'm going to summarize this protocol as I understand it.
I'm filling in some operational details that aren't in the paper
by supplementing what you wrote with what my own "design sense"
tells me are critical missing bits or "obvious" methodologies for
use.
First, people spend computer power creating a pool of coins to use
as money. Each coin is a proof-of-work meeting whatever criteria
were in effect for money at the time it was created. The time of
creation (and therefore the criteria) is checkable later because
people can see the emergence of this particular coin in the
transaction chain and track it through all its "consensus view"
spends. (more later on coin creation tied to adding a link).
When a coin is spent, the buyer and seller digitally sign a (blinded)
transaction record, and broadcast it to a bunch of nodes whose purpose
is keeping track of consensus regarding coin ownership. If someone
double spends, then the transaction record can be unblinded revealing
the identity of the cheater. This is done via a fairly standard cut-
and-choose algorithm where the buyer responds to several challenges
with secret shares, and the seller then asks him to "unblind" and
checks all but one, verifying that they do contain secret shares any
two of which are sufficient to identify the buyer. In this case the
seller accepts the unblinded spend record as "probably" containing
a valid secret share.
The nodes keeping track of consensus regarding coin ownership are in
a loop where they are all trying to "add a link" to the longest chain
they've so far recieved. They have a pool of reported transactions
which they've not yet seen in a "consensus" signed chain. I'm going
to call this pool "A". They attempt to add a link to the chain by
moving everything from pool A into a pool "L" and using a CPU-
intensive digital signature algorithm to sign the chain including
the new block L. This results in a chain extended by a block
containing all the transaction records they had in pool L, plus
the node's digital signature. While they do this, new
transaction records continue to arrive and go into pool A again
for the next cycle of work.
They may also recieve chains as long as the one they're trying to
extend while they work, in which the last few "links" are links
that are *not* in common with the chain on which they're working.
These they ignore. (? Do they ignore them? Under what
circumstances would these become necessary to ever look at again,
bearing in mind that any longer chain based on them will include
them?)
But if they recieve a _longer_ chain while working, they
immediately check all the transactions in the new links to make
sure it contains no double spends and that the "work factors" of
all new links are appropriate. If it contains a double spend,
then they create a "transaction" which is a proof of double
spending, add it to their pool A, broadcast it, and continue work.
If one of the "new" links has an inappropriate work factor (ie,
someone didn't put enough CPU into it for it to be "licit"
according to the rules) a new "transaction" which is a proof
of the protocol violation by the link-creating node is created,
broadcast, and added to pool A, and the chain is rejected. In
the case of no double spends and appropriate work factors for
all links not yet seen, they accept the new chain as consensus.
If the new chain is accepted, then they give up on adding their
current link, dump all the transactions from pool L back into pool
A (along with transactions they've recieved or created since
starting work), eliminate from pool A those transaction records
which are already part of a link in the new chain, and start work
again trying to extend the new chain.
If they complete work on a chain extended with their new link, they
broadcast it and immediately start work on another new link with
all the transactions that have accumulated in pool A since they
began work.
Do I understand it correctly?
Biggest Technical Problem:
Is there a mechanism to make sure that the "chain" does not consist
solely of links added by just the 3 or 4 fastest nodes? 'Cause a
broadcast transaction record could easily miss those 3 or 4 nodes
and if it does, and those nodes continue to dominate the chain, the
transaction might never get added.
To remedy this, you need to either ensure provable propagation of
transactions, or vary the work factor for a node depending on how
many links have been added since that node's most recent link.
Unfortunately, both measures can be defeated by sock puppets.
This is probably the worst problem with your protocol as it
stands right now; you need some central point to control the
identities (keys) of the nodes and prevent people from making
new sock puppets.
Provable propagation would mean that When Bob accepts a new chain
from Alice, he needs to make sure that Alice has (or gets) all
transactions in his "A" and "L" pools. He sends them, and
Alice sends back a signed hash to prove she got them. Once
Alice has recieved this block of transactions, if any subsequent
chains including a link added by Alice do not include those
transactions at or before that link, then Bob should be able to
publish the block he sent Alice, along with her signature, in a
transaction as proof that Alice violated protocol. Sock puppets
defeat this because Alice just signs subsequent chains using a
new key, pretending to be a different node.
If we go with varying the work factor depending on how many new
links there are, then we're right back to domination by the 3
or 4 fastest nodes, except now they're joined by 600 or so
sock puppets which they use to avoid the work factor penalty.
If we solve the sock-puppet issue, or accept that there's a central
point controlling the generation of new keys, then generation of
coins should be tied to the act of successfully adding a block to
the "consensus" chain. This is simple to do; creation of a coin
is a transaction, it gets added along with all the other transactions
in the block. But you can only create one coin per link, and of
course if your version of the chain isn't the one that gets accepted,
then in the "accepted" view you don't have the coin and can't spend
it. This gives the people maintaining the consensus database a
reason to spend CPU cycles, especially since the variance in work
factor by number of links added since their own last link (outlined
above) guarantees that everyone, not just the 3 or 4 fastest nodes,
occasionally gets the opportunity to create a coin.
Also, the work requirement for adding a link to the chain should
vary (again exponentially) with the number of links added to that
chain in the previous week, causing the rate of coin generation
(and therefore inflation) to be strictly controlled.
You need coin aggregation for this to scale. There needs to be
a "provable" transaction where someone retires ten single coins
and creates a new coin with denomination ten, etc. This is not
too hard, using the same infrastructure you've already got; it
simply becomes part of the chain, and when the chain is accepted
consensus, then everybody can see that it happened.
Bear
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo(a)metzdowd.com
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
============================================================
EDRi-gram
biweekly newsletter about digital civil rights in Europe
Number 10.3, 15 February 2012
============================================================
Contents
============================================================
1. European Anti-ACTA protests from 11 February
2. European Commission discusses tactical, partial retreat on ACTA
3. European Commission "Roadmap" for review of the IPR Enforcement Directive
4. Hadopi takes the final steps towards cutting Internet access
5. Two Strikes in Germany?
6. Software-hardware bundling not accepted in France
7. UK: 3 million checks on criminal records in 2011
8. RFID - a dangerous fashion trend highlighted on German streets by FoeBuD
9. Irish ISP puts its customers' personal data at risk
10. EU DP Regulation Proposal: The French CNIL defends its turf
11. Recommended Action
12. Recommended Reading
13. Agenda
14. About
============================================================
1. European Anti-ACTA protests of 11 February
============================================================
Several tens of thousands of citizens from an estimated 200 cities in Europe
went out in the streets on a cold 11 February 2012, in a massive
pan-european protest against ACTA and to support digital civil rights.
Several EDRI members and observers have reported for the EDRi-gram on what
happened in their countries.
The biggest turnout was in Germany, where 100 000 protesters flooded the
streets to demonstrate against the ACTA agreement. These massive protests in
spite of sub-zero temperature have caught the attention of not only
politicians but also media and the wider public completely by surprise. A
day before, the German government backed down in face of this wave of online
protest and postponed the signing of ACTA until the decision of the European
Parliament. The demonstrations were organized entirely in a decentralized
manner via the Internet. The participants were mostly very young and took
part in a demonstration for the first time. In Berlin 10 000 people took the
streets against ACTA, in Munich even 16 000. Never before have so many
people protested for reforming copyright legislation and against
overshooting surveillance of the digital realm. Because of the protests,
ACTA became the main topic in the news in Germany and has remained so ever
since. For the first time, these protests have ignited a wider debate on how
the outdated copyright law can be adapted to the requirements of the digital
age. Therefore, EDRi-member Digitale Gesellschaft e.V. demanded: "We must
reform copyright but must not cement it with ACTA."
In the capital of Bulgaria approx 6-8 000 people showed up in one of the
largest demonstration since 1997, shouting slogans against ACTA and for
Internet freedom. In some cases the local police did not allow the
participants in Sofia to wear the Guy Fawkes - or "V" - masks and even asked
for purchase proof for the laptops people brought at the event, to "make
sure they were not stolen".
Since the Austrian government signed ACTA on 26 January, a broad movement
against the treaty has formed. It consists of activists in and around the
EDRi member VIBE!AT, a group of former Pirate Party members who started
their own initiative (netzfreiheit.org) political parties and
representatives (the Greens, MEP Ehrenhauser and the Pirate Party) and
Anonymous. Together, these different groups have dominated the public
perception of ACTA. The efforts included: concentrated press releases to
push the story out of the tech departments, press conferences held by ACTA
opponents and discussions in independent media formats. The action peaked on
11 February when all over Austria close to 10 000 people took to the streets
to protest against ACTA.
Around 5 000 Romanians gathered in over 20 major cities, most of them
in Cluj-Napoca and Bucharest, to demonstrate against ACTA. They were also
chanting for Internet freedom and against surveillance. There are several
national online petitions gathering more than 40 000 signatures asking for
ACTA not to be ratified by the European Parliament or the national
Parliament.
After the publication of the information that the Czech Republic had signed
ACTA, EDRi-member Iuridicum Remedium published a Czech translation of the
campaign "Call your MPs" (EDRi). The media began to seriously inform about
ACTA and the first debate about the agreement was held on 2 February. On 6
February the Czech government office issued a statement that the Czech
Republic had stopped the ratification of ACTA, but that didn't stop several
Czech cities to join the demonstration against ACTA on 11 February 2012.
Around a thousand Hungarians gathered in Budapest for the country's first
ACTA protest, with smaller rallies held in Szikesfihervar, Szeged and Pics.
The demonstrations were organized by the Pirate Party movements and
generated substantial media coverage.
Close to a thousand Hungarians gathered in Budapest for the the nation's
first ACTA protest, with smaller rallies also held in Szikesfihervar,
Szeged and Pics. The demonstrations were organized by the Hungarian
Anonymous Group, Occupy Budapest and the Pirate Party movement.
In Finland about 400 people attended the anti-ACTA demonstration on 11
February in the streets of Helsinki. The demonstrations helped raise
media attention, especially because earlier coverage on ACTA was very
low. The Finnish Parliament is expected to discuss ACTA in Autumn 2012.
Protesters also demonstrated against ACTA in The Netherlands. People in
various cities, including Amsterdam and Rotterdam, faced the cold and
expressed their discontent with ACTA. In Amsterdam some 250 people gathered
in Dam Square where there were some improvised speeches. MEP Marietje
Schaake visited the demonstration. Halfway in the afternoon, about half of
the demonstrators made an improvised march through the city.
In Brussels, around 300 people protested in the city centre shouting slogans
against ACTA and rolling out a huge banner: "ACTA: Sharing culture is a now
crime - Thank you EU!" Participants included local politicians,
representatives from several Belgian NGOs (such as Constant, datapanik and
Nurpa), international NGO AccessNow.org, press people and many Anonymous
masks.
Around 500 protesters also gathered in central London outside the offices of
rights holder representative groups to protest against ACTA.
There are several online petitions against ACTA gathering milllions ofore
than 40 000 signatures (the Access global petition has almost 400 000 and
the Avaaz petition has over 2 million signatures already).
Pictures from demonstrations on 11.02.2012
Sofia
http://www.dnevnik.bg/photos/2012/02/11/1764407_fotogaleriia_protestut_sres…
Austria
http://fotos.stopp-acta.at/
Czech Republic
http://www.rozhlas.cz/zpravy/spolecnost/_galerie/1017187?type=image&pozice=1
Germany
http://netzpolitik.org/2012/bilder-von-berliner-anti-acta-demo/
Romania
http://www.facebook.com/spune.nu.acta?sk=photos
Bruxelles
https://secure.flickr.com/photos/hermapix/sets/72157629276115405/
Hungary
http://bit.ly/xlAkEa
Finland
http://www.flickr.com/photos/charris87/sets/72157629270109515/
Several European cities
http://www.numerama.com/magazine/21630-manif-anti-acta-les-meilleures-photo…
Videos from demonstrations on 11.02.2012
Sofia
http://www.youtube.com/watch?v=6Y59XxJoStA
Austria
http://youtu.be/ViXKnH_Vnu8
Bucharest
http://www.youtube.com/watch?v=R2st38pe5CQ
Czech Republic
http://www.stopacta.cz/videa.html
Hungary
https://www.youtube.com/watch?v=-1Hscb-HGPc
Amsterdam
http://www.youtube.com/user/koelkast30
Helsinki
http://www.youtube.com/watch?v=Z0CdQIDbujI
National platforms against ACTA
Austria
http://stopp-acta.at
Czech Republic
http://www.stopacta.cz
Romania
http://www.stopacta.ro
UK
http://www.openrightsgroup.org/campaigns/stopacta
Global petition against ACTA and map of protests
https://www.accessnow.org/policy-activism/press-blog/acta-protest-feb-11
Aaavaz Petition: ACTA: The new threat to the net
https://secure.avaaz.org/en/eu_save_the_internet_spread/
(contributions by several EDRi members and observers)
============================================================
2. European Commission discusses tactical, partial retreat on ACTA
============================================================
At the meeting of the heads of cabinet of the European Commission on Monday
of this week, Commissioner De Gucht's representative announced that a
referral of ACTA to the Court of Justice of the European Union is currently
being considered.
The minutes of the meeting, which have been obtained by EDRi, say that the
head of cabinet described the "strong mobilisation" against the Agreement by
"certain NGOs and movements active on the Internet" and stated that a
referral of the Agreement to the Court of Justice is being considered. It is
noteworthy that the suggestion is only to check the compatibility of ACTA
with primary EU law. Such a referral, depending on how it is framed, risks
being quite vague and may not lead to a comprehensive response. However, any
broadly favourable response from the Court would most certainly be used to
push through the Agreement, on the basis that the ruling "proves" that there
is no problem.
The head of cabinet added that it is necessary to instigate a period of
reflection on how the EU should position itself on this issue and to make an
effort to go beyond the argument that growth in the digital economy is only
possible with adequate protection of intellectual property. The Secretary
General of the Commission closed the discussion by saying the Commission
would return to the dossier in due course, after a "period of thorough
reflection."
This brief exchange of views exposes a number of interesting points.
Firstly, the Commission, and Commissioner De Gucht in particular, were
clearly profoundly impressed by the weekend's demonstrations, contrary to
the Commission's public statements. Secondly, the Commission now has
sufficient doubts regarding the legality of the Agreement, again contrary to
the Commission's public statements, that a request for confirmation of
legality from the European Union's highest court is being seriously
considered. Finally, the comments of the Secretary General clearly show that
she sees a need for the Commission to think again.
Bearing in mind the extreme credibility problems of the European Commission
on this dossier, any hint that such a referral is a delaying tactic, to wait
until the furore surrounding the Agreement has died down, will further
inflame the tensions around ACTA.
The Commission must finally recognise the breadth of serious criticism of
ACTA, from thirteen members of the Sakharov Network of winners of the
European Parliament's Sakharov Prize for Freedom of Thought, from the
European Data Protection Supervisor, from the Organisation for Security and
Cooperation in Europe, from the UN Special Rapporteur on Freedom of
Expression (in his general comments on privatised online enforcement), from
the group of European Academics and the European Economic and Social
Committee. It may be comfortable to caricature critics of ACTA as
ill-informed anti-IPR activists. As with many comfortable assumptions, it is
wrong, it is insulting and it is counterproductive.
EDRi will write to the European Commission in order to warn of the dangers
of being perceived to be manipulating the decision-making process by sending
a weakly framed question to the Court of Justice or claiming that this will
give a comprehensive answer to critics' concerns. The Commission needs to
draw the consequences of the need for "thorough reflection" and use all
legal and research options at its disposal to address the problem of the
likely incompatibility of ACTA with primary and secondary European Union
law. This needs to be done in a comprehensive manner.
Furthermore, if the Commission does indeed want "a period of thorough
reflection," it should also undertake a thorough impact assessment, in order
to study the possible impact of ACTA, regardless of the legality of the
Agreement. By adopting ACTA, a decision would be made to make it impossible
to reform key aspects of the 2004 IPR Enforcement before reviewing their
impact and to export those measures to other countries, a decision would be
made to encourage the Internet companies abroad to police their networks and
potentially use this power to restrict access to markets, a decision is
being made to impose disproportionate rules on damages and impose a grossly
unsatisfactory set of criteria for imposing criminal sanctions for
infringements. It is time for a full and independent impact assessment. Why
would the Commission reject this request? Perhaps this is the one time that
the phrase "if you have nothing to hide, you have nothing to fear" actually
makes sense.
If all of this is done, we will find ourselves in about two years in the
position we should be in already - with a legal proposal, backed up with an
impact assessment that can be discussed on its merits.
Sakharov Prize winners: Online Freedoms threatened by another step towards
treaty's adoption (15.12.2011)
http://en.rsf.org/union-europeenne-online-freedoms-threatened-by-15-12-2011…
EDPS: Anti-Counterfeiting Trade Agreement: EDPS warns about its potential
incompatibility with EU data protection regime (22.02.2010)
http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/EDPS/…
OSCE media representative urges European Parliament to reassess ACTA to
safeguard freedom of expression (14.02.2012)
http://www.osce.org/fom/88154
UN Special Rapporteur - Report of the Special Rapporteur on the promotion
and protection of the right to freedom of opinion and expression, Frank La
Rue (16.05.2011)
http://www2.ohchr.org/english/bodies/hrcouncil/docs/17session/A.HRC.17.27_e…
Academics' Opinion on ACTA (11.02.2011)
http://www.iri.uni-hannover.de/tl_files/pdf/ACTA_opinion_110211_DH2.pdf
Economic and Social Committee on IPR Strategy (12.01.2012)
https://www.laquadrature.net/wiki/EESC_on_IPR_Strategy
IPR Enforcement Directive
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32004L0048R%280…
(Contribution by Joe McNamee - EDRi)
============================================================
3. European Commission "Roadmap" for review of the IPR Enforcement Directive
============================================================
The European Commission recently published a "roadmap" to the review of the
Directive on Intellectual Property Enforcement (2004/48/EC). As it is
becoming traditional, the Commission neatly mixes up all kinds of
infringements, from dangerous fake medicines to illegal downloads and seeks
a "one size fits all" solution. In addition, the previously published
implementation report graphically describes the breakdown in the credibility
and perceived legitimacy of copyright in the digital environment (referring,
for example, to "ubiquitous" infringements).
Faced with the unquestionable failure (hence the calls for a review) of the
existing "one size fits" all legal framework and the seemingly obvious need
to reform the legal framework for copyright, the approach is to plough
forward with increased enforcement, as well as increased involvement of the
private sector in practical law enforcement. A non-committal statement that
"measures aimed at promoting the legal offer" is made but not expanded upon.
Interestingly, the "road map" explains that the current Directive's
definition of "commercial scale" needs to be clarified, in order to ensure
that individual consumers are not targeted. This is quite significant,
because the definition is significantly narrower than the one in the
Anti-Counterfeiting Trade Agreement (ACTA). This raises a fundamental
question - how can the EU be so confident that ACTA's definition of
"commercial scale" will not lead to disproportionate criminalisation of
end-users, when it believes that a more precise definition risks leading to
disproportionate measures against citizens in civil law?
It is also somewhat surprising to note that no problem has been identified
regarding the provision of personal data by Internet intermediaries -
despite the widespread of abuse of both process and data, particularly in
the UK and Germany. The focus instead is on developing the tools for
obtaining "evidence" from intermediaries.
It must be pointed out, of course, that much of what is in the IPR
Enforcement Directive is proposed in ACTA. As a result, as long as the
European Commission harbours hopes of being able to ratify that agreement,
it will consider itself to be prevented from making or even considering any
significant changes or improvements to this Directive.
Roadmap on IPRED (01.2012)
http://ec.europa.eu/governance/impact/planned_ia/docs/2011_markt_006_review…
ACTA
http://register.consilium.europa.eu/pdf/en/11/st12/st12196.en11.pdf
IPR Enforcement Directive Implementation Report (22.12.2010)
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2010:0779:FIN:EN:…
(Contribution by Joe McNamee - EDRi)
============================================================
4. Hadopi takes the final steps towards cutting Internet access
============================================================
French authority Hadopi announced on 13 February 2012 that its Commission
for the Protection of Rights had sent the first complaints to court against
Internet users for illegal downloading of files as the last stage in its
three-strike system.
Since November 2010, more than 800 000 French Internet users have received
e-mail alerts that they were suspected of illegal downloading of copyrighted
material. Out of these, about 45 000 considered recidivists received a
letter of warning and after six months around 165 seem to have been convened
by the Commission on the Protection of Rights to be sent to court for a
decision to have their Internet connection cut.
Although a precise number has not been revealed, a Hadopi spokesperson
stated the cases had been sent to the prosecutors all over France, according
to the residence places of the accused Internet users. The Prosecutor's
Office will process cases and decide whether to take them to court which may
apply a maximum fine of 1 500 euro and a 1 month suspension of the Internet
service.
The offence that the Internet users are being accused is of not
implementing a system to "secure" their Internet connection or not
having made efforts to make such as system operates properly. Hadopi
produces as proof of the offence only the proceedings drafted by the
assigned agents on the basis of the findings provided by the company
hired by the rightsholders.
The law allows for a speedy simplified procedure for Hadopi where there is
no need to hear the defendant and through which the court may apply
sanctions if "it comes out from the judicial investigation that the facts
the user is accused of, are simple and proven."
The ministry of justice has even issued a letter asking the prosecutor
offices to avoid, except for particular cases, a more detailed investigation
because the proofs provided by Hadopi are enough to prove the offence.
"This is the myth of the pedagogical Hadopi that slumps. All those who
wanted to make you believe that Hadopi was a device meant only to sensitize
young Internet users on copyright, are now facing their own contradictions"
said Aurilie Filippetti, in charge of culture for the presidential candidate
Frangois Hollande's campaign.
Hadopi transmits its first cases to court! (only in French, 13.02.2012)
http://www.numerama.com/magazine/21634-hadopi-transmet-ses-premiers-dossier…
Internet users sent to court by Hadopi (only in French, 13.02.2012)
http://www.lepoint.fr/chroniqueurs-du-point/emmanuel-berretta/exclusif-les-…
Hadopi: the first cases sent to court. But how many? (only in French,
13.02.2012)
http://www.zdnet.fr/actualites/hadopi-les-premiers-dossiers-transmis-a-la-j…
EDRi-gram: French Internet users on the verge of being disconnected
(5.10.2011)
http://www.edri.org/edrigram/number9.19/hadopi-report-france-18-months
============================================================
5. Two Strikes in Germany?
============================================================
On 3 February 2012, the German Ministry of Economics and Technology (BMWi)
published a comparative study on graduated response systems in Europe which
have been established to fight against copyright infringements on the
Internet. The study looked at the situation in France, UK and Ireland.
Regarding the Hadopi system in France, the study found that one of the main
results and successes is the drop by 31% of peer-to-peer between April 2010
and April 2011, thus completely ignoring the rising use of streaming and VPN
in France.
Even though the study admits that illegal filesharing has "not caused any
serious collapse in the turnover of the industry" (p. 61), the Ministry
recommends the introduction of a "two strikes" or "pre-litigation" model for
Germany. According to the study, this model should be based on a combination
of "educational notifications" and the disclosure of information to
rightsholders. The Secretary of State Hans-Joachim Otto considered the study
a valuable basis for the future discussions regarding online piracy.
However, cutting off users from the Internet has been ruled out.
As significant grounds for concern were already well known (it is widely
understood to have been mainly written by media lobbyists and
rightsholders), EDRi-member Digitale Gesellschaft published a shadow report.
It pointed out that existing models raise significant and fundamental data
protection problems. For instance, the Irish voluntary three-strikes system
is currently experiencing legal difficulties due to such concern and
numerous complaints to the data protection authority. In Ireland, hundreds
of notifications were received by innocent users.
The shadow report also highlighted the high costs for the French state
compared to the almost non-existing benefits for the economy. The shadow
report concluded that all efforts and means should be focused on the
creation of attractive offers instead of repressive measures and recommended
a general reform of outdated copyright laws.
Shadow report of the Digital Gesellschaft (only in German, 02.2012)
http://digitalegesellschaft.de/wp-content/uploads/2012/02/schattenbericht-d…
Long version of the BMWi study (only in German, 01.2012)
http://www.bmwi.de/BMWi/Redaktion/PDF/Publikationen/Technologie-und-Innovat…
(Contribution by Kirsten Fielder - EDRi)
============================================================
6. Software-hardware bundling not accepted in France
============================================================
The giant Lenovo computer hardware manufacturer that sold computers with
Windows OS included suffered a defeat in a French court of Aix-en-Provence
in a case introduced by a French customer. This is another case in a long
line of defeats in France for companies that sell computers who include
mandatory unwanted software licences in their products' sales.
The case was brought to court in 2007 by Mr. Pitrus who decided to buy a
Lenovo laptop. As the laptop was not offered for sale without a Windows
Vista license and as he was using GNU-Linux, Mr. Pitrus rejected the Windows
Vista End User License Agreement (EULA) and contacted Lenovo to obtain a
refund. His request being denied, he brought the case to court. After a
first negative ruling in the court of Tarascon, the French Court of
Cassation reversed the judgment in a decisive ruling in November 2010 and
sent back the case to a court in Aix-en-Provence. The final judgement
obliged Lenovo to pay the plaintiff 120 euro as a refund for the software,
but also 800 euro for personal damages and 1000 euro for legal expenses.
The judge insisted on the distinction between hardware and software and
rejected Lenovo's argument that the sale in question was that of "complex
products made of an assembly of indispensable components for the definition
of a product as desired by the manufacturer". The company even compared the
sale of the computer which cannot operate without the software to that of a
car which cannot run without wheels.
The judge explained that the hardware is the object of a sale contract
giving the owner full right over it after having paid for it. On the other
hand, the supply of software is the provision of a service which gives only
the right to usage of the software (fact which is actually stipulated in the
licence of the software). Moreover, joking over the comparison made by
Lenovo with the car and wheels, he considered that a better comparison would
be that of selling a car with a driver included.
This is a real victory and this significant decision is a positive precedent
as the legal ground of the ruling was European directive 2005/29/CE on
unfair business-to-consumer commercial practices in the internal market,
which could be used again as legal argument in similar cases in all EU
countries.
Hardware-software bundling crumbles in France (6.02.2012)
http://no.more.racketware.info/news/hardware-software-bundling-crumbles-fra…
Condemnation of Lenovo, symbol of computer and software bundled sale (only
in French, 6.02.2012)
http://non.aux.racketiciels.info/nouvelles/condamnation-lenovo-symbole-vent…
Court's Decision (only in French, 9.01.2012)
http://www.cuifavocats.com/IMG/pdf/20120109_JproxAixEnProvence_PetruscLevov…
Pitrus vs. Lenovo: the supply of unsolicited software is a unfair commercial
practice (only in French, 6.02.2012)
http://www.cuifavocats.com/Petrus-c-Lenovo-la-fourniture-de
List of similar French cases (only in French)
http://non.aux.racketiciels.info/documentation/droit/#jugements-proximite-e…
============================================================
7. UK: 3 million checks on criminal records in 2011
============================================================
UK Privacy campaign group Big Brother Watch has recently revealed that
almost 3 million Criminal Records Bureau (CRB) checks were carried out in
England and Wales in 2011 by almost 4000 registered bodies.
The figures basically say that 1 in 17 Britons was checked and that a large
number of organizations had access to the individuals' private data without
the knowledge of the individuals in question.
Big Brother Watch said the figures were "a sad indictment of a country that
has lost all sight of proportion and has substituted common sense for a
piece of paper".
CRB checks were meant to protect children from coming into contact with
dangerous adults but the reality is that any person with or without a
conviction or a simple caution which has nothing to do with children, based
on a CRB check, may be considered as a dangerous criminal.
And an even more worrying aspect is that the system has proven wrong
time and again leading to perfectly innocent people being considered sex
offenders and losing their jobs.
In 2010, Big Brother Watch already revealed the inaccuracies and
inefficiencies of the CRB system (which should be entirely reliable) which
have been adding up to an average of 7 errors a day since 2004.
On 9 February 2012, High Court judge Kenneth Parker suggested that the CRB
system was disproportionate and not compatible with the right to private
life stipulated by the European Convention on Human Rights and that the
issue fully deserved to be considered by the Court of Appeal.
Deputy Prime Minister Nick Clegg stated the system would be scaled back and
the Protection of Freedoms Bill included plans to ease Criminal Records
Bureau checks.
Regarding the respective changes, Home Office minister Lord Henley stated:
"What we are trying to do is create a system that will provide the necessary
safeguards but does not make parents feel that their children are
automatically safe - parents must still have the duty of looking after their
children by warning them of potential dangers," adding at the same time that
schools and other organisations would be allowed to insist on CRB checks.
3 Million Background Checks in 2011 (10.02.2012)
http://www.bigbrotherwatch.org.uk/home/2012/02/3-million-background-checks-…
The Grim Consequences of CRB Mistakes (22.04.2010)
http://www.bigbrotherwatch.org.uk/home/2010/04/the-grim-consequences-of-crb…
CRB checks 'near 3m' says Big Brother Watch (10.02.2012)
http://www.bbc.co.uk/news/uk-16970424
Student in legal challenge to criminal record of GMP warning for stealing
bikes when he was aged 11 (9.02.2012)
http://menmedia.co.uk/manchestereveningnews/news/s/1485057_student-in-legal…
============================================================
8. RFID - a dangerous fashion trend highlighted on German streets by FoeBuD
============================================================
On 11 January 2012, EDRi member FoeBuD staged an event on a shopping
street in Bielefeld, Germany, to raise awareness about RFID tags ("spy
chips") in clothing.
FoeBuD played an important role in putting this issue on the political
agenda in 2003, when major German retailer Metro AG conducted RFID
field trials in a model supermarket, dubbed "Future Store". While RFID
roll-outs in supermarkets have not occurred as quickly as expected at that
time (probably due in part to the concerns raised by privacy advocates),
recently the fashion industry seems to have taken a lead in introducing RFID
in goods sold to and carried by consumers.
RFID ("Radio Frequency Identification") tags are tiny chips with an
antenna, whish respond to a radio signal by transmitting back some
previously stored data including their unique serial number. Because
every single chip can be recognised by this ID, an RFID tag is not just
a contactless product bar code - it allows every individual item to be
identified. This makes RFID a very interesting technology for retail
logistics. But an RFID tag on a highly personal item (such as a piece of
clothing) could identify its owner if the owner's personal data somehow
becomes available - if the owner makes a payment with a card, for
example. The owner's data does not need to be stored on the chip itself,
it could be related to the chip's ID via an external database. Personal
tracking becomes a distinct possibility, indeed a patent for this has
been granted in the US.
RFID data transmissions cannot be seen or heard, so FoeBuD looked for a
way to visualise the threat to any passer-by on a regular shopping
street. An RFID reader was connected to a portable computer and
projector, which beamed any RFID data that was read onto a "speech
bubble"-shaped banner. Suddenly it was there for anyone to see that
RFID-tagged clothes are effectively announcing an identity to every
"interested" party reading the device at a distance of up to 10 metres
(approximately, and depending on the type of RFID chip and reader).
At this event, FoeBuD targeted local fashion company Gerry Weber and
Italian fashion brand Peuterey (which had received a German Big Brother
Award from FoeBuD in 2011 for introducing RFID in a particularly
secretive way). Gerry Weber had actually been in contact with FoeBuD
about their RFID roll-out, but had ultimately chosen not to implement a
fundamental requirement: that the RFID tags be detached from every item
at the point of sale, without the customer having to ask for this. The
FoeBuD activists had alerted Gerry Weber about their action and were met by
the company's CIO and RFID project leader, and later by the company's
owner Gerhard Weber himself, who regrettably did not show a lot of
understanding towards the activists' concerns. But at least it is
possible to tear off Gerry Weber's RFID tags. In contrast, Peuterey does
not give any in-store information to its customers, and their RFID tags
are sown in beneath a label imprinted "do not remove this label".
FoeBuD's event and their demand that all RFID tags be removed or
permanently disabled at the point of sale were covered by the regional TV
and by newspapers across Germany. The group hopes to keep the momentum
going.
FoeBuD's coverage about their action, with pictures (only in German,
01.2012)
http://www.foebud.org/rfid/wdr-sendung-markt-kleidungsstuecke-mit-rfid-schn…
Coverage by regional public TV station WDR (only in German, 16.01.2012)
http://www.wdr.de/tv/markt/sendungsbeitraege/2012/0116/01_rfid-chips.jsp
Privacy advocates discover RFID chips in clothing (only in German,
16.01.2012)
http://www.zeit.de/digital/datenschutz/2012-01/foebud-rfid-gerry-weber
Why RFID tags are a danger to consumers (only in German, 18.01.2012)
http://www.sueddeutsche.de/digital/2.220/rfid-aufkleber-als-schnueffelchips…
BigBrotherAward 2011 to Peuterey (English summary, full speech in German)
https://www.bigbrotherawards.de/2011/.tec
BigBrotherAward 2003 to Metro (available in English and German)
https://www.bigbrotherawards.de/2003/.cop
Report on Metro's "Future Store" and 2003/04 RFID scandal:
http://www.spychips.com/metro/overview.html
US patent 7,076,441 on "Identification and tracking of persons using
RFID-tagged items in store environments"
http://patft.uspto.gov/netacgi/nph-Parser?Sect2=PTO1&Sect2=HITOFF&p=1&u=/ne…
(Contribution by Sebastian Lisken, EDRi member FoeBuD - Germany)
============================================================
9. Irish ISP puts its customers' personal data at risk
============================================================
Personal data of more than 6 800 current and former customers of Eircom's
(biggest Irish ISP) mobile divisions may be at risk after three unencrypted
laptops have been stolen, two from the company offices in Parkwest Dublin
during 28 December 2011 - 2 January 2012 and one from an employee's home on
19 December 2011.
Eircom stated that most of the data involved were personal data including
name, address and telephone numbers, but in some cases passport, driving
licence numbers or utility bills and for about 550 customers the data on one
of the laptops included financial information such as bank accounts, debit
and credit card information.
Data Protection Commissioner Billy Hawkes considers the breach as one of the
most serious ones and said that Eircom had put its customers at risk of
identity theft. He also criticised the company for the delay in announcing
people of the thefts that would have given them the opportunity to protect
themselves.
"Our normal delay in getting reports in is 24 to 48 hours which is our
guideline for reports of such incidents. So I find it very surprising to
hear that reason being given by Eircom," said Hawkes as a reaction to
Eircom's statement that the delay in reporting came from the fact that the
company had tried to find out what data had been breached.
Furthermore, as Hawkes said, Eircom as a telecom company was supposed to
have higher protection standards and therefore it was "very surprising that
in two separate incidents Eircom laptops were not encrypted."
His conclusion is that "telecommunications companies have a huge amount of
data on all of us and should be subject to more stringent requirements."
Eircom stated the incidents had been immediately reported to the police, two
separate investigations were ongoing and that there was no evidence that the
lost data has been used by a third party. "Eircom treats privacy and
protection of all data extremely seriously and we have taken the following
pro-active measures to address the situation. As a precautionary step, we
have contacted the Irish Banking Federation, who has notified their members
of the potential risk to data for affected eMobile and Meteor customers."
The company also stated it would contact by telephone those customers whose
financial data was potentially at risk, and would send letters to all
affected customers to notify them of the breach.
The fact that the laptops in question were unencrypted was considered as
inexcusable and according to data protection consultant Daragh O'Brien the
delay in alerting the commissioner's office suggested faulty prevention and
detection policies in Eircom. Information security consultant Brian Honan
also said that companies were obliged, under various laws, to ensure the
proper security of information such as card payment information.
According to Eircom, a review of the group's encryption policy is in
progress "to ensure all computers and laptops are compliant with the group's
encryption policy."
Eircom customer data breached (10.02.2012)
http://www.irishtimes.com/newspaper/breaking/2012/0210/breaking9.html
Press Release - eircom Group Statement on Laptop Theft
http://pressroom.eircom.net/press_releases/article/eircom_Group_Statement_o…
Eircom slammed for laptop and data loss (13.02.2012)
http://www.scmagazineuk.com/eircom-slammed-for-laptop-and-data-loss/article…
============================================================
10. ENDitorial: EU DP Regulation Proposal: The French CNIL defends its turf
============================================================
The French CNIL was one of the first national Data Protection Authority
(DPA) to react to the publication, by the European Commission, of its Data
Protection Framework Proposal on 25 January 2012. In a very negative press
release published the day after, while quickly welcoming "substantial
improvements that were expected and necessary", the CNIL develops surprising
arguments to justify its particular concern, namely that "the defence of
data protection" would be "driven apart from citizens". CNIL's anger is
directed at Article 51 provision, defining the competent DPA. This article
provides that the competent supervisory authority shall be the one "of main
establishment of the data controller or processor".
When examining CNIL's arguments, one might wonder whether it has carefully
and entirely read the proposed Regulation before showing such a reaction.
This impression is even strengthened when learning about CNIL's intense
lobbying towards the French Parliament and Government, which need to provide
their opinion during the EC proposal discussion process. Actually, the
European Affairs Commission of the French National Assembly has already
adopted a resolution in line with the CNIL's opinion, and the Constitutional
Laws Commission of the French Senate is currently conducting hearings
(inviting inter alia French EDRi- ember IRIS to provide its views on 14
January), before adopting its own resolution on the proposed EC Data
Protection Framework (this French Parliament quick process is determined by
next Presidential elections, meaning that the Parliament will have to stop
its work early March 2012).
Arguments put forward by the CNIL could easily be refuted, especially since
some of them are based on a wrong or partial interpretation of the proposed
Regulation.
The CNIL claims that the provision "will reduce the national DPAs role to
that of a mailbox"; "will deprive widely the citizens of the protection
offered by their national authority"; "will constitute a real regression of
citizens' rights", which "would finally be less protected than consumer
rights" given that consumer laws allows for the competence of the consumer's
jurisdiction. Interestingly enough, the CNIL gives as example "a web user
having a problem with a social network which main establishment is in
another member state". Furthermore, the CNIL fears that the provision will
lead to "forum shopping" practices by companies when they decide on their
country of main establishment, a situation that would end not only in
"dumbing down" of citizens' data protection, but also in putting at risk the
French economy! Finally, the CNIL "considers that the proposed scheme leads
to a centralization of the regulation of privacy in the hands of a limited
number of authorities", and that "the European Commission will also benefit
from an important normative power".
It is true that the EC will play an important role, that could be balanced
through improving the powers, independence and processing of the European
Data Protection Board (Chapter VII of the Regulation) and the national
Supervisory Authorities (Chapter VI) as well as, of course, the substantive
provisions of the data protection principles themselves, as EDRI pointed out
in its initial comments and will detail further in the process.
However, the CNIL seems to ignore the difference between a Regulation and a
Directive! The very reason for the EC choice for the former is indeed the
fact that a Regulation goes far beyond simply harmonizing the national laws,
to rather impose the same law to all Member States, requiring in addition
that same independence and powers be allowed to all national DPAs. Given
this new situation, why a French citizen would be less protected by, say,
the German DPA than by the CNIL? Especially since, even currently, French
citizens and privacy defenders would have appreciated to see the CNIL taking
the position of other Member States DPAs on some particular issues.
Moreover, through the European Data Protection Board proceedings, European
citizens could only benefit from the emulation among DPAs: they will have to
be accountable to and controlled by each other. The national DPA would
certainly not be "reduced to a mailbox" in this game, since its role will be
essential here, and is guaranteed by provisions of Articles 55-56 and 66.
Moreover, Article 73-75 provides for better democratic control and recourses
not only by citizens, but also by non profit associations such as privacy
watchdogs or human rights organizations acting in their names.
The example provided by CNIL of a social network as the data controller and
processor is particularly misleading and perverse: as a matter of fact,
while Article 51 provision only concerns companies established in the EU,
many French Members of Parliaments already interpreted this example as the
future impossibility for the CNIL to impose penalty on major US companies,
such as Facebook (or Google which it already sanctioned).
Furthermore, the "forum shopping" risk is ridiculous: who on earth could
reasonably think that a company will choose its country of main
establishment according to data protection law (which, again, will in
addition be the same in all EU countries), rather than on the basis of
taxation and labour laws and practices?! Who on earth could reasonably think
that French economy would be put at risk by the CNIL's "superpowers"?!
Many other counter-arguments can be found in the text of the proposed
Regulation itself (such as the provided exceptions in Articles 80-83 and
other provisions as well). The fact is that, rather than raising sound
arguments towards improving the current proposal (and this is indeed much
needed), the CNIL currently seems to only be busy defending its turf.
Ungloriously.
CNIL - Draft EU Regulation on data protection: the defense of data
protection driven apart from citizens (31.01.2012 original in French on
26.01.2012)
http://www.cnil.fr/english/news-and-events/news/article/draft-eu-regulation…
CNIL - Draft EU regulation: the CNIL welcomes the French Parliament
commitment (only in French, 08.02.2012)
http://www.cnil.fr/la-cnil/actualite/article/article/projet-de-reglement-eu…
French National Assembly - EU Affairs Commission Resolution on Draft EU DP
Framework (only in French, 07.02.2012)
http://www.assemblee-nationale.fr/13/propositions/pion4227.asp
French Senate - Oral Question and public discussion on privacy and data
protection (only in French, 08.02.2012)
http://www.senat.fr/seances/s201202/s20120208/s20120208_mono.html#Niv1_SOM3
EDRi - Initial Comments On The Proposal For A Data Protection Regulation
(27.01.2012)
http://www.edri.org/CommentsDPR
(Contribution by Meryem Marzouki, EDRI-member IRIS - France)
============================================================
11. Recommended Action
============================================================
Petition: Support the establishment of a common European OpenData license
within the review of the Public Sector Information re-use Directive
Deadline: 1 March 2012
Available in Spanish and English
http://actuable.es/peticiones/say-to-neeliekroeseu-we-want-single-opendata-…
============================================================
12. Recommended Reading
============================================================
EDRi papers: DRM - The strange, broken world of the digital rights
management
http://www.edri.org/files/2012EDRiPapers/DRM.pdf
ACTA Survival Guide For Website Owners (7.02.2012)
http://www.edri.org/ACTAhowto
10 European Commission Myths About ACTA (8.02.2012)
http://www.edri.org/commission_myths
Sharing: Culture and the Economy in the Internet Age - By Philippe
Aigrain (3.02.2012)
http://www.laquadrature.net/en/sharing-culture-and-the-economy-in-the-inter…
============================================================
13. Agenda
============================================================
25 February 2012, Szeged, Hungary
Copyright and Human Rights in the Information Age: Conflict or Harmonious
Coexistence
http://www.juris.u-szeged.hu/english/news/conference-on-copyright
7 March 2012, Amsterdam, Netherlands
Big Brother Awards Netherlands 2012
https://www.bigbrotherawards.nl/
16 March 2012, Rotterdam, Netherlands
EPSIplatform Conference: Taking government data re-use to the next level!
http://epsiplatform.eventbrite.com/
30 March - 1 April 2012, Berlin, Germany
Wikimedia Chapters Meeting 2012
http://meta.wikimedia.org/wiki/Wikimedia_Conference_2012
13 April 2012, Biefeld, Germany
Big Brother Awards Germany
http://www.bigbrotherawards.de/
16-18 April 2012, Cambridge, UK
Cambridge 2012: Innovation and Impact - Openly Collaborating to Enhance
Education
OER12 and the OCW Consortium's Global Conference
http://conference.ocwconsortium.org/index.php/2012/uk
2-4 May 2012, Berlin, Germany
Re:Publica 2012: ACTION!
http://re-publica.de/12/en
14-15 June 2012, Stockholm, Sweden
EuroDIG 2012
http://www.eurodig.org/
20-22 June 2012, Paris, France
2012 World Open Educational Resources Congress
http://www.unesco.org/webworld/en/oer
2-6 July 2012, Budapest, Hungary
Policies and Practices in Access to Digital Archives: Towards a New
Research and Policy Agenda
http://www.summer.ceu.hu/sites/default/files/course_files/Policies-and-Prac…
9-10 July 2012, Barcelona, Spain
8th International Conference on Internet Law & Politics: Challenges and
Opportunities of Online Entertainment
http://edcp.uoc.edu/symposia/idp2012/cfp/?lang=en
11-13 July 2012, Vigo, Spain
The 12th Privacy Enhancing Technologies Symposium
(PETS 2012)
http://petsymposium.org/2012/
12-14 September 2012, Louvain-la-Neuve, Belgium
Building Institutions for Sustainable Scientific, Cultural and genetic
Resources Commons.
http://biogov.uclouvain.be/iasc/index.php
7-10 October 2012, Amsterdam, Netherlands
2012 Amsterdam Privacy Confernece
http://www.ivir.nl/news/CallforPapersAPC2012.pdf
============================================================
14. About
============================================================
EDRi-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRi has 28 members based or with offices in 18 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge and
awareness through the EDRi-grams.
All contributions, suggestions for content, corrections or agenda-tips are
most welcome. Errors are corrected as soon as possible and are visible on
the EDRi website.
Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 3.0 License. See the full text at
http://creativecommons.org/licenses/by/3.0/
Newsletter editor: Bogdan Manolea <edrigram(a)edri.org>
Information about EDRI and its members:
http://www.edri.org/
European Digital Rights needs your help in upholding digital rights in the
EU. If you wish to help us promote digital rights, please consider making a
private donation.
http://www.edri.org/about/sponsoring
http://flattr.com/thing/417077/edri-on-Flattr
- EDRI-gram subscription information
subscribe by e-mail
To: edri-news-request(a)edri.org
Subject: subscribe
You will receive an automated e-mail asking to confirm your request.
Unsubscribe by e-mail
To: edri-news-request(a)edri.org
Subject: unsubscribe
- EDRI-gram in Macedonian
EDRI-gram is also available partly in Macedonian, with delay. Translations
are provided by Metamorphosis
http://www.metamorphosis.org.mk/edri/2.html
- EDRI-gram in German
EDRI-gram is also available in German, with delay. Translations are provided
Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for
Internet Users
http://www.unwatched.org/
- Newsletter archive
Back issues are available at:
http://www.edri.org/edrigram
- Help
Please ask <edrigram(a)edri.org> if you have any problems with subscribing or
unsubscribing.
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0