July 2018 - cypherpunks-legacy

[Geowanking] new Microsoft privacy policy?
by Mike Liebhold 06 Jul '18

06 Jul '18

Jeremy Irish wrote: >Many seem to faint in the site of Microsoft knowing your location - Jeremy, This is not about "fainting" , and the problem is -much- larger than Microsoft. Privacy concerns, have in part delayed the availibility of location APIs from telcos and from others including Google, et. al. Intel has been widely praised for breaking a conceptual logjam. When it became clearer that Microsoft was actually going to productize the technology, a lot of us expected that they would embrace the same philosophy in their implementation. Instead, the published a privacy disclaimer that, instead of reinforcing privacy -equivocated- on privacy, despite the misleading and insincere introduction " your privacy is important" The good news is that I got a note, this morning from Microsoft [thanks Nat] agreeing essentially and promising to revisit the policy and to draft a new privacy statement to reflect a genuine emphasis on privacy in the "location finder" service ofering. -Mike _______________________________________________ Geowanking mailing list Geowanking(a)lists.burri.to http://lists.burri.to/mailman/listinfo/geowanking ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

1 0

Re: [drone-list] drone-list Digest, Vol 33, Issue 3
by Alex Rose 06 Jul '18

06 Jul '18

This editorial in Pakistan's Daily Times may be of interest... Living Under Drones: the Psychological, Social, and Economic Impact of Drones in FATA. http://www.dailytimes.com.pk/default.asp?page=2012\05\10\story_10-5-2012_pg… _______________________________________________ drone-list mailing list drone-list(a)lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/drone-list If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. Should you need immediate assistance, please contact the list moderator. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

EDRi-gram newsletter - Number 9.2, 26 January 2011
by EDRI-gram newsletter 06 Jul '18

06 Jul '18

============================================================ EDRi-gram biweekly newsletter about digital civil rights in Europe Number 9.2, 26 January 2011 ============================================================ Contents ============================================================ 1. EDRi responds to data protection consultation 2. EC's leak describes blocking as "challenging", "costly" and ineffective 3. EU institutions want clarifications form Hungary on its media legislation 4. European Commission concerned over illegal eavesdropping in Bulgaria 5. Romanian NGOs demand stopping data retention in Europe 6. Spain: Right to be forgotten and Google 7. Sarkozy wants a "civilised" Internet 8. ENDitorial: EDRi publishes study on self-regulation and censorship 9. Recommended Action 10. Recommended Reading 11. Agenda 12. About ============================================================ 1. EDRi responds to data protection consultation ============================================================ Building on the analysis produced for the European Commission's initial data protection consultation in 2009, European Digital Rights has submitted its second round of comments on the review of the 1995 Data Protection Directive. One of EDRi's primary concerns with regard to the existing legal framework is the lack of predictability - due to vast differences in the way basic parts of the Directive are understood by Member States' authorities and courts as well as the powers and resources of national data protection authorities. This led EDRi to the conclusion that a directly applicable EU Regulation is needed, rather than the current situation, where 27 Member States have to implement a Directive into their national law, leading to these diverging implementations. Another core problem to address is the plummeting costs of data processing which causes more and more data to be collected and used. Such processing will lead to ever-greater risks being taken with personal data unless legal provisions ensure that the risk-reward balance for data processors is adapted appropriately. Processing of personal data by states comes in for particular criticism in EDRi's submission. The actions of Member States must be consistent with what they expect from private companies, and there are many examples of this not being the case. There are numerous examples of electronic patient records, e-government systems and public transport payment systems which do not respect "privacy by design", data minimization and other key principles. Worse still, the broad exception given to Council of Europe Member States in that institution's Recommendation on profiling, which accepts in principle that the most basic of privacy protections, may be set aside by European governments. Regarding data processing by companies, EDRi welcomes many of the policies described in the Commission Communication, such as data minimization, the right to be forgotten, rights of access and erasure of data etc, but points out that many of these rights are already in the existing legislation. The task at hand, therefore, is not to re-legislate for existing rights, but to establish why these rights are not readily enforceable. Concerning new technologies, EDRi suggests that there are three trends which need to be taken into account - the exponential growth in personal data processing capabilities, the growing disconnection between data processing and physical location and the Internet of Things. In order to improve implementation, EDRi called for increased implementation powers for national data protection authorities (DPAs) as well as a targeted reduction in the administrative burden. The reduction of the administrative burden should (and must) lead to national DPAs having more time and resources to devote to practical improvements in privacy protection for data subjects. Both the change of legal environment as a result of the Lisbon Treaty and the increasing trend for data collected by private companies to be used for policing purposes means that it is essential to include data collected for policing purposes in the Directive. A strong data protection framework is the minimum price that should be paid for the levels of police and security cooperation that are currently demanded and enacted within the EU and between the EU and third states. EDRi believes that a Regulation would be a better instrument to ensure clarification and simplification of rules for international data transfers. EDRi believes that the current "safe harbour" exceptions result in an opaque and unaccountable situation for data subjects. At the same time, EDRi feels very strongly about retaining the base principle that personal data should not be exported to jurisdictions without safeguards that are materially similar to those within the European Free Trade Area. Finally, EDRi drew attention to a separate consultation that overlaps with the Commission's work on Data Protection - the Communication on the IPR Enforcement Directive. This latter Communication seeks to undermine the fundamental right to privacy by suggesting an opaque effort to "rebalance" rights to the benefit of so-called property rights. It is entirely and obviously unacceptable that the European Commission can simultaneously be negotiating ratification of the European Convention on Human Rights and seeking to undermine its core provisions. EDRi response to 2010 Communication on Data Protection Directive revision (15.01.2011) http://www.edri.org/files/20110115_EDRi_data_protection_final.pdf European Commission 2010 Communication on Data Protection Directive revision (4.11.2010) http://ec.europa.eu/justice/news/consulting_public/0006/com_2010_609_en.pdf Data Protection Reform Strategy: EDPS sets out his vision for the new framework (18.01.2011) http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consu… Communication on IPR Enforcement Directive (22.12.2010) http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2010:0779:FIN:EN:… EDRi response to 2009 Consultation on Data Protection Directive revision (13.01.2010) http://www.edri.org/edrigram/number8.1/position-data-protection-review (Contribution by Joe McNamee - EDRi) ============================================================ 2. EC's leak describes blocking as "challenging", "costly" and ineffective ============================================================ A leaked draft of the European Commission's (EC) Green Paper on gambling provides some valuable insights into the Commission's views on web blocking. Firstly, contrary to Commissioner Malmstrvm's repeated promises to the contrary, the leak shows that the Commission has no objections in principle to blocking being used against content other than child abuse. The document states that blocking of unlicensed gambling websites "might be justified". The draft policy document goes on to describe what it sees as a key advantage of DNS blocking - that it can be used to hijack users' connections to direct them to approved sites. Nonetheless, while in favour of blocking in principle, the document explicitly recognises that blocking is "technically challenging and costly" and that blocking will leave a "significant" residual level of illegal sites publicly available. In particular, and this is of importance for blocking in relation to child abuse material, the document says that regular updating of a blocking list will be "costly" - a point studiously avoided by the European Commission in the blocking debate so far. Meanwhile, the Civil Liberties Committee of the European Parliament is getting ready for its vote on blocking next week. 342 amendments have been tabled to the Child Exploitation Directive as a whole, with 45 addressing the issue of Internet blocking. While there is a large consensus that blocking should not be mandatory on Member States, there is a wide divergence of opinion on whether blocking should be promoted or not by the Directive and whether "non-legislative" measures should be encouraged as a means of achieving blocking. Among MEPs that have been diligently working on the dossier in the 22 months since the original proposal was made, there is widespread agreement that neither blocking nor non-legislative measures should not be promoted. However, numerous amendments have been tabled by MEPs that have never spoken in a single debate on the issue. When the vote happens, therefore, all will hang on the efforts by activists to contact MEPs and persuade them that blocking is dangerous and that extra-judicial actions by Internet access providers to restrict access to content would be wrong and contrary to the most basic principles of fundamental rights. Draft European Commission Green Paper on online gambling in the Internal market (01.2011) http://www.statewatch.org/news/2011/jan/eu-com-draft-green-paper-on-interne… EDRi's web blocking campaign page http://www.edri.org/stop_web_blocking (Contribution by Joe McNamee - EDRi) ============================================================ 3. EU institutions want clarifications form Hungary on its media legislation ============================================================ The Hungarian EU Presidency was met on 19 January 2011 with opposition and criticism due to the controversial media legislation Hungary has recently introduced. Some MEPs displayed white banners that read "censored". Viktor Orban, the Hungarian Prime-Minister started his speech by stating that the Hungarian government was willing to change the legislation if the European Commission finds it to be at fault, as the law is presently under its legal review to establish whether it contravenes the EU law. Orban added that Hungary would follow the EC opinion provided it was scrupulously objective, and insisted that Hungary should be treated like any other EU member state. Also, that a separation should be made between Hungary's EU presidency and Hungary's internal affairs. Several MEPs expressed the opinion that the legislation ought to be scrapped entirely. The new law establishes a Media Council (MC) to ensure "balanced" reporting, and requires all media types to be registered, including online media such as forums and blogs. Miklos Haraszti, former OSCE Representative on Freedom of the Media, explained that there are actually five interconnected legislative acts introduced in Hungary since June 2010 that were passed in a rush, at the end of the year, without any consultation. According to the corroborated legislation, all media (including the Internet) are bound to provide "comprehensive, factual, up-to-date, objective and balanced coverage on local, national and European issues that may be of interest for the general public and on any event bearing relevance to the citizens of the Republic of Hungary and members of the Hungarian nation." In Haraszti's opinion, the obligation of the registration for all news providers (including print and Internet-based ) is specifically forbidden in the Council of Europe guidelines. The new Hungarian legislation stipulates high penalties, from 90 000 to 722000 Euro for infringements such as the provision of content that may potentially hurt any community. In order to verify the violations, MC may access any data, including legally protected information.. Refusal to offer the required data may bring a fine of up to180 000 Euro to any media provider.. The legislation thus puts the entire media under the power of a single governmental authority and, according to Judit Bayer, associate professor of media law at King Sigismund College in Budapest, the law is "unquestionably a serious attack on press freedom, and contrary to Article 2 of Lisbon Treaty, Article 10 of the European Convention of Human Rights and Article 19 of the International Covenant on Civil and Political Rights." On 21 January 2011, the European Commission sent a letter to the Hungarian government, giving them two weeks to answer the concerns related to this law. In case of an inadequate answer, Hungary may face legal action. "The commission services have serious doubts as to the compatibility of the Hungarian legislation with Union law," wrote Vice-President of the Commission in charge of the Digital Agenda, , Neelie Kroes. The letter also refers to the provisions of the law that allow Hungary to fine broadcasters based outside the country for what is deemed hate speech, as well as the mandatory registration of all media, including websites, which appear to be incompatible with EU rules. Orban meets barrage of MEP criticism over media law (19.01.2011) http://euobserver.com/9/31669/?rk=1 Hungary's Media Law Package (16.01.2011) http://www.statewatch.org/news/2011/jan/hungary-haraszti-media-law-package.… Hungary's new law a threat to democracy (17.01.2011) http://www.indexoncensorship.org/2011/01/hungary-media-law/ EC to inform Hungary about concerns with media law this week (19.01.2011) http://www.politics.hu/20110119/ec-to-inform-hungary-about-concerns-with-me… EU gives Hungary two weeks to reply on media law (22.01.2011) http://www.earthtimes.org/articles/news/363678,hungary-reply-media-law.html EDRi-gram: New media law in Hungary allows Internet censorship (12.01.2011) http://www.edri.org/edrigram/number9.1/media-law-hungary-blocks-internet ============================================================ 4. European Commission concerned over illegal eavesdropping in Bulgaria ============================================================ Based on a request for access to public information, Dnevnik daily newspaper has been able to access and publish information showing that a third of the wiretaps in Bulgaria have no proper legal coverage, being performed without an authorisation from a judge. This is possible due to a "flexible" formulation of the procedure for requesting the interception of a person's communications. An internal directive issued by Boris Velchev, the prosecutor-general allows prosecutors to request eavesdropping without the authorisation of a judge when a criminal investigation has been opened. According to Dvevnik, based on this procedure, 2 767 such cases of illegal eavesdropping have already taken place in seven months. The daily also revealed that, according to economists, Bulgaria spends 50 times more than the UK on eavesdropping. While the Bulgarian press reveals a significant increase of eavesdropping under the government of Boyko Borissov, the Bulgarian Prime-Minister justifies the government eavesdropping as an important instrument in fighting organised crime. The European Commission has recently requested information from the Bulgarian authorities related to the legality of the eavesdropping activities, following leaks into Galeria tabloid concerning taped phone conversations in which apparently Boyko Borissov spoke of the need to "protect" a controversial businessperson from customs checks. As a result of the scandal in the press, Borissov asked for a vote of confidence in the Parliament, which he won on 20 January 2011. The ALDE group submitted on 21 January 2011 a question to the Commission asking clarifications over the application of the Bulgarian wiretap law, which infringes the Bulgarian Constitution, the provisions of the Lisbon Treaty, the ECHR and the European Charter of Fundamental Rights. "The current Bulgarian scandal over the escalating use of Special Intelligence Means is a stain on the image of Bulgaria in the same way as the Hungarian media law this week taints the international image of that country. The data collected from the special services in Bulgaria is leaking widely and the only independent mechanism for control over the special services has been abolished. There is a widespread paranoia spreading amongst Bulgarian society. The European Commission should step in and uphold the rights of Bulgarian citizens under EU law before this situation gets out of hand," said ALDE MEP Stanimir Ilchev. The European Commission is expected to present a report in February on progress made by Bulgaria under the Cooperation and Verification Mechanism monitoring procedure. One third of eavesdropping in Bulgaria illegal (21.01.2011) http://www.euractiv.com/en/enlargement/third-eavesdropping-bulgaria-illegal… Wiretap scandal rocks Bulgarian government (18.01.2011) http://www.euractiv.com/en/enlargement/wiretap-scandal-rocks-bulgarian-gove… Any third monitoring of GSM and the Internet has no control (only in Bulgarian, 22.01.2011) http://www.dnevnik.bg/bulgaria/2011/01/20/1028603_vsiako_treto_sledene_na_g… Eavesdropping scandal in Bulgaria: Commission must investigate (21.01.2011) http://www.alde.eu/press/press-and-release-news/press-release/article/eaves… EDRi-gram: Protests in Bulgaria against eavesdropping and data retention law (13.01.2010) http://www.edri.org/edrigram/number8.1/bulgarian-protests-data-retention ============================================================ 5. Romanian NGOs demand stopping data retention in Europe ============================================================ In an open letter sent to the European institutions, several Romanian NGOs, including EDRi-member APTI Romania, demanded stopping data retention in Europe, following the decisions of the Constitutional Courts in Romania and Germany. The letter asks the European Commission to take advantage of the evaluation process of the Data Retention Directive in order to correct the mistakes of the past and to nullify the Directive, as it has been shown there are difficulties in obtaining the relevant data regarding the efficiency of such a system. The Commission has also received clear examples of abuses and adverse effects on privacy. The signatories underline that a Romanian implementation of the EU Directive on data retention is impossible, after the 2009 decision of the Constitutional Court that considered that the fundamental scope of the law (and thus of the Directive) - legal obligation to continuously and indiscriminately store telecommunication data- is unconstitutional. They are also asking the competent European institutions to take note of the irreconcilable conflict between the telecommunication data retention and the human right to privacy and to act accordingly to respect the principles in the Charter of Fundamental Rights of the European Union. The text is meant to remind, support and respect the decision of the Romanian Constitutional Court and not to put an EU Member State in a position that will breach its constitutional texts: "The decision stipulates that keeping all traffic data for all Romanian citizens is a measure that breaches human rights, as foreseen by the Romanian Constitution. Thus 'the legal obligation with a continuous character, generally applicable, of data retention (...) harms in an unacceptable way the exercise of the right to privacy or the freedom of expression.'" Telecommunication data retention must be stopped in Europe (26.01.2011) http://www.apti.ro/pastrare-date-trafic.pdf Decision of the Romanian Constitutional Court (8.10.2009) http://www.legi-internet.ro/english/jurisprudenta-it-romania/decizii-it/rom… EDRi-gram: Data Retention Directive evaluation: expect the unexpected? (15.12.2010) http://www.edri.org/edrigram/number8.24/evaluation-data-retention-directive ============================================================ 6. Spain: Right to be forgotten and Google ============================================================ The Spanish data protection authority (AEPD) has recently been focusing on a privacy-related campaign against major Internet intermediaries, accusing them to "have crossed the red line" in regard to protection of personal data on the Internet. Facebook, Google or Myspace are under scrutiny for their privacy policies and how they are respected. On 17 January 2010, AEPD accused Google of invading personal privacy of users, arguing the company was in breach of the "right to be forgotten", the Spanish law allowing people to control information about them. The Spanish Authority ordered the search engine company to remove links to more than 100 Spanish online articles and to delete links to websites that contained out of date or inaccurate information about a specific individual that complained to the AEPD. Google argues that deleting results "would be a form of censorship", that the company, as an intermediary, is not liable for the content of the materials it links to. Moreover deleting content is not the role of search engines but of publishers. "We are disappointed by the actions of the Spanish privacy regulator. Spanish and European law rightly hold the publisher of the material responsible for its content. Requiring intermediaries like search engines to censor material published by others would have a profound, chilling effect on free expression without protecting people's privacy," stated Peter Barron, Google's director of external relations for Europe. But even if Google loses the case, the articles blocked by the search engine will still be available on the websites of the newspapers and journals that published the respective articles. However, Google will have to delete information about the concerned individuals from its Spanish site and respond to another 88 cases also brought to the Spanish regulator. The case is closely followed by the European Union because its outcomes may have implications outside Spain, having in view that EU has already announced looking at how the application of the right to be forgotten is implemented in the online world. "Internet users must have effective control of what they put online and be able to correct, withdraw or delete it at will. What happens if you want to permanently delete your profile on a social networking site? Can this be done easily? The right to be forgotten is essential in today's digital world." said Viviane Reding, European Commission's Vice-president, in a statement made in November 2010. Building Trust in Europe's Online Single Market Speech at the American Chamber of Commerce to the EU Brussels - Viviane Reding speech (22.06.2010) http://europa.eu/rapid/pressReleasesAction.do?reference=SPEECH/10/327 Google fights Spanish privacy order in court (20.01.2011) http://www.bbc.co.uk/news/technology-12239674 Google fights Spanish court order over libel (17.01.2011) http://www.dw-world.de/dw/article/0,,14771969,00.html AEPD Director warns that the large Internet company has crossed "several red lines" of the respect to privacy (only in Spanish, 12.2010) https://www.agpd.es/portalwebAGPD/revista_prensa/revista_prensa/2010/notas_… Google search engine, ripe for judgment (only in Spanish, 22.01.2011) http://www.larazon.es/noticia/5222-el-buscador-google-visto-para-sentencia ============================================================ 7. Sarkozy wants a "civilised" Internet ============================================================ With France at the Presidency of the G20 group in 2011, Nicolas Sarkozy has recently announced the intention to convene a G20 meeting to discuss Internet and copyright issues, before the full G20 summit of heads of state and government in Cannes in November. The French President has had the same discourse for some time now, having pushed the idea of a "civilised" Internet on various occasions since the signature in November 2007 of the so-called "Olivennes agreement", which established the Hadopi authority. The subject of a "civilised" Internet will also be discussed during the G8 meeting that will take place in Deauville, France, on 26 and 27 May 2011. "We will table a central question, that of a civilised Internet (....).We cannot consume as never before images, music, authors, creation, and not ensure the property rights for the person who put all the emotion, talent and creativity (...). The day we no longer remunerate the creation, we will kill the creation" said Sarkozy. In the French government's opinion, expressed by Deputy Muriel Marland-Militello, France is the "world's pioneer of the civilised Internet", thanks to Hadopi. A pioneer who obstinately continues its efforts to promote its repressive three-strikes system with every occasion. In October 2010, an international conference on online freedom of expression was supposed to be organised by French minister of Foreign Affairs Bernard Kouchner. A letter sent by Nicolas Sarkozy to Houchner shows that Sarkozy was trying to take the opportunity of the conference to promote Hadopi law establishing the three-strikes system. In Sarkozy's opinion, the conference provided "the opportunity to promote the balanced regulatory initiatives carried on by France during these past three years, and in particular the HADOPI law in the field of copyright." In the meantime, Hadopi presented on 23 January 2011, on the occasion of MIDEM 2011 (Marchi International du Disque et de l'Edition Musicale - International Market of the Record and Musical Edition) the results of its first study, performed between 25 October and 4 November 2010, on Internet usage in France. The study revealed that half of the French Internet users engage in alleged illegal downloads. A rather unpleasant finding for Hadopi is that 29 % of the "pirates" admit to having started downloading during the last 6 months, meaning after the introduction of Hadopi law and the issuing of the first warnings by the authority. Moreover 50% of the "pirates" stated they did not intend to change their habits, irrespective of the authority's actions. The study has also revealed that the persons who illegally download cultural goods are also the ones that spend more on culture than others who do not. The main obstacle to legal consumption of digital cultural goods is the price for 37% of users, while for 21% of them the reason is a lack of offer diversity, and only 13% state they are more used to "illegal consumption." The findings of the report are not quite in favour of Hadopi and only prove the inefficiency of the system. Sarkozy wants a G20 of the copyright for a "civilised Internet" (only in French, 19.01.2011) http://www.numerama.com/magazine/17849-sarkozy-veut-un-g20-du-droit-d-auteu… Sarkozy Exports Repressive Internet (21.10.2010) http://www.laquadrature.net/en/sarkozy-exports-repressive-internet Hadopi presents its study: 50 % of the pirates don't want to change (only in French, 24.01.2011) http://www.numerama.com/magazine/17864-l-hadopi-presente-son-etude-50-des-p… Hadopi, Cultural goods and Internet use: the French users' practices and perceptions (only in French, 23.01.2011) http://www.scribd.com/doc/47451295/hadopiT0 ============================================================ 8. ENDitorial: EDRi publishes study on self-regulation and censorship ============================================================ European Digital Rights has published a study on the scale of measures being undertaken to outsource policing activities to private companies in the Internet environment and its significance for fundamental rights, transparency and openness on the Internet. Internet intermediaries around the world are taking on more important roles in their states' efforts to address the dissemination of illegal online content and this trend is likely to become stronger as we move into a new environment of "extra-judicial sanctions" against consumers. With some notable exceptions, these activities are being forced onto Internet intermediaries rather than being demanded by them. The study found that the term "self-regulation" is being inappropriately used to describe what is not self-regulation at all, but the monitoring, policing and even punishing of alleged illegal activities of citizens. Proposed legislation and "non-binding guidelines" are forcing intermediaries into a position in which they can no longer avail themselves of legal protections - where they are obliged, in effect, to police private online communications, often in blatant disregard of legal safeguards and even to impose sanctions for alleged infringements. Should Internet intermediaries become privatised enforcement systems? The measures recently taken by Visa, Mastercard, PayPal and EveryDNS against WikiLeaks are a case in point. Even without WikiLeaks being charged with any particular crime, private companies have acted unilaterally against it. The devolved enforcement initiatives documented in the report aim to persuade industry to engage in a vigilante system of monitoring and sanctioning; the report catalogues current international proposals, which include: - a series of ongoing "public-private dialogues" organised by the European Commission to encourage hosting providers to engage in extra-judicial rulings of illegality; - a 2010 European Commission funding proposal incentivising companies to engage in "self-regulatory" Internet blocking of allegedly illegal online material; - discussions launched by the Council of Europe's Assembly in 2010 whose intention appears to be to increase the legal obligations of intermediaries, despite the fact that this would be "contrary both to the letter and the spirit of the 2003 Declaration on freedom of communication on the Internet"; - 2010 OECD discussions, which aim to increase the responsibility of Internet intermediaries in advancing "public policy objectives"; - the Anti-Counterfeiting Trade Agreement (ACTA) that contains provisions that would encourage or coerce ISPs into policing their networks and enforcing extra-judicial sanctions, where they deem it to be appropriate; - an OSCE consultation in 2010, the aim of which was to explore ways to enable ISPs to "'regulate' online legal or illegal 'hate speech'"'; - EU/India and EU/Korea bilateral free trade agreements that would change the EU acquis on intermediary liability. The encouragement of extra-legal measures to limit access to information, proactive policing of the Internet and the exclusion of law enforcement authorities in investigating serious crimes are factors that contribute to the weakening of the rule of law and democracy. Indeed, by taking responsibility away from legal authorities, such measures can result in serious crime, such as the publication of child abuse material online, being addressed by industry through cosmetic measures (such as blocking) rather than proper investigation and prosecution. While these appear to be regressive steps away from freedom, the study found, for instance, that the European Commission appears far from perturbed by the dangers for fundamental rights of this approach and appears keen to export the approach. This process is gradually strangling the openness that is at the core of the Internet. This openness has enhanced democracy, has shaken dictatorships and has boosted economies worldwide. This openness is what we will lose through privatised policing of the Internet by private companies - what will we gain? EDRi report: The slide from "self-regulation" to corporate censorship (24.01.2011) http://www.edri.org/files/EDRI_selfreg_final_20110124.pdf Text of the press releas also available in: German http://www.edri.org/files/EDRi_pressemiteilung_deutsch.pdf Swedish http://www.edri.org/files/EDRi_pressmedel_svenska.pdf French http://www.edri.org/files/EDRi_communique_francaise.pdf Hungarian http://www.edri.org/files/magyar_sajtokozlemeny_EDRi_jelentes.pdf Slovak: http://www.soit.sk/sk/aktualne/oit-vo-svete/2011-01-26/106-nova-studia-doku… (Contribution by Joe McNamee - EDRi) ============================================================ 9. Recommended Action ============================================================ Opinion of European Academics on ACTA Open for signatures until 7 February 2011 http://www.iri.uni-hannover.de/acta-1668.html http://www.iri.uni-hannover.de/tl_files/pdf/ACTA_opinion_200111_2.pdf ============================================================ 10. Recommended Reading ============================================================ ACTA Blog: Certainly, the professors should know the difference between 'shall' and 'may' (25.01.2011) http://acta.ffii.org/wordpress/?p=390 ENISA: Review of the current situation in the implementation of data breach notifications requirement, set up by the Article 4 of the reviewed ePrivacy Directive (14.01.2011) http://www.enisa.europa.eu/media/press-releases/new-report-data-breach-noti… http://www.enisa.europa.eu/act/it/dbn/ Statewatch analysis: Six months on: An update on the UK coalition government's commitment to civil liberties (21.01.2011) http://www.statewatch.org/analyses/no-118-uk-civil-liberties-six-months-on.… The Commission is publishing the statistics and the responses to the on-line public consultation on the PSI Directive. The full analysis of the responses will be published in the form of a report in the coming weeks. (20.01.2011) http://ec.europa.eu/information_society/policy/psi/index_en.htm ============================================================ 11. Agenda ============================================================ 25-28 January 2011, Brussels, Belgium The annual Conference Computers, Privacy & Data Protection CPDP 2011 European Data Protection: In Good Health? http://www.cpdpconferences.org/ 26 January 2011, Brussels, Belgium Cultural Diversity and Europe 2020: Nuisance or necessity? http://conferences.euobserver.com/cultural/index/ 28 January 2011, Brussels, Belgium Joint High Level meeting on Data Protection: "Data protection (30 years later): from European to international standards?" http://www.data-protection-day.net 31 January 2011, Brussels, Belgium Public Workshop on indicators for the independence and efficient functioning of AVMS regulatory bodies http://cmcs.ceu.hu/news/31-january-public-workshop-indicators-independence-… 23-28 February 2011, Gosier, Guadeloupe, France ICDS 2011- 5th International Conference on Digital Society http://www.iaria.org/conferences2011/ICDS11.html 24-25 February 2011, Berlin, Germany The First OAPEN Conference http://meetings.copernicus.org/oapen2011/ 11-12 March 2011, Ankara, Turkey ICEGEG-2011- 3rd International Conference on E-Government and E-Governance http://www.icegeg.com/index.html 28 March 2011, Paris, France 5th European eAccessbility Forum: Benefits and costs of e-accessibility http://inova.snv.jussieu.fr/evenements/colloques/colloques/70_index_en.html 1 April 2011, Bielefeld, Germany Big Brother Awards Germany http://www.bigbrotherawards.de/index_html-en 17-18 May 2011, Berlin Germany European Data Protection Reform & International Data Protection Compliance http://www.edpd-conference.com 12-15 June 2011, Bled, Slovenia 24th Bled eConference, eFuture: Creating Solutions for the Individual, Organisations and Society http://www.bledconference.org/index.php/eConference/2011 11-12 July 2011, Barcelona, Spain 7th International Conference on Internet, Law & Politics (IDP 2011): Net Neutrality and other challenges for the future of the Internet Abstract submission: 18 February 2011 http://p2pfoundation.ning.com/profiles/blogs/7th-international-conference ============================================================ 12. About ============================================================ EDRI-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRI has 29 members based or with offices in 18 different countries in Europe. European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRI-grams. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and are visible on the EDRI website. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 3.0 License. See the full text at http://creativecommons.org/licenses/by/3.0/ Newsletter editor: Bogdan Manolea <edrigram(a)edri.org> Information about EDRI and its members: http://www.edri.org/ European Digital Rights needs your help in upholding digital rights in the EU. If you wish to help us promote digital rights, please consider making a private donation. http://www.edri.org/about/sponsoring - EDRI-gram subscription information subscribe by e-mail To: edri-news-request(a)edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. Unsubscribe by e-mail To: edri-news-request(a)edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/edri/2.html - EDRI-gram in German EDRI-gram is also available in German, with delay. Translations are provided Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users http://www.unwatched.org/ - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask <edrigram(a)edri.org> if you have any problems with subscribing or unsubscribing. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

EDRi-gram newsletter - Number 9.2, 26 January 2011
by EDRI-gram newsletter 06 Jul '18

06 Jul '18

============================================================ EDRi-gram biweekly newsletter about digital civil rights in Europe Number 9.2, 26 January 2011 ============================================================ Contents ============================================================ 1. EDRi responds to data protection consultation 2. EC's leak describes blocking as "challenging", "costly" and ineffective 3. EU institutions want clarifications form Hungary on its media legislation 4. European Commission concerned over illegal eavesdropping in Bulgaria 5. Romanian NGOs demand stopping data retention in Europe 6. Spain: Right to be forgotten and Google 7. Sarkozy wants a "civilised" Internet 8. ENDitorial: EDRi publishes study on self-regulation and censorship 9. Recommended Action 10. Recommended Reading 11. Agenda 12. About ============================================================ 1. EDRi responds to data protection consultation ============================================================ Building on the analysis produced for the European Commission's initial data protection consultation in 2009, European Digital Rights has submitted its second round of comments on the review of the 1995 Data Protection Directive. One of EDRi's primary concerns with regard to the existing legal framework is the lack of predictability - due to vast differences in the way basic parts of the Directive are understood by Member States' authorities and courts as well as the powers and resources of national data protection authorities. This led EDRi to the conclusion that a directly applicable EU Regulation is needed, rather than the current situation, where 27 Member States have to implement a Directive into their national law, leading to these diverging implementations. Another core problem to address is the plummeting costs of data processing which causes more and more data to be collected and used. Such processing will lead to ever-greater risks being taken with personal data unless legal provisions ensure that the risk-reward balance for data processors is adapted appropriately. Processing of personal data by states comes in for particular criticism in EDRi's submission. The actions of Member States must be consistent with what they expect from private companies, and there are many examples of this not being the case. There are numerous examples of electronic patient records, e-government systems and public transport payment systems which do not respect "privacy by design", data minimization and other key principles. Worse still, the broad exception given to Council of Europe Member States in that institution's Recommendation on profiling, which accepts in principle that the most basic of privacy protections, may be set aside by European governments. Regarding data processing by companies, EDRi welcomes many of the policies described in the Commission Communication, such as data minimization, the right to be forgotten, rights of access and erasure of data etc, but points out that many of these rights are already in the existing legislation. The task at hand, therefore, is not to re-legislate for existing rights, but to establish why these rights are not readily enforceable. Concerning new technologies, EDRi suggests that there are three trends which need to be taken into account - the exponential growth in personal data processing capabilities, the growing disconnection between data processing and physical location and the Internet of Things. In order to improve implementation, EDRi called for increased implementation powers for national data protection authorities (DPAs) as well as a targeted reduction in the administrative burden. The reduction of the administrative burden should (and must) lead to national DPAs having more time and resources to devote to practical improvements in privacy protection for data subjects. Both the change of legal environment as a result of the Lisbon Treaty and the increasing trend for data collected by private companies to be used for policing purposes means that it is essential to include data collected for policing purposes in the Directive. A strong data protection framework is the minimum price that should be paid for the levels of police and security cooperation that are currently demanded and enacted within the EU and between the EU and third states. EDRi believes that a Regulation would be a better instrument to ensure clarification and simplification of rules for international data transfers. EDRi believes that the current "safe harbour" exceptions result in an opaque and unaccountable situation for data subjects. At the same time, EDRi feels very strongly about retaining the base principle that personal data should not be exported to jurisdictions without safeguards that are materially similar to those within the European Free Trade Area. Finally, EDRi drew attention to a separate consultation that overlaps with the Commission's work on Data Protection - the Communication on the IPR Enforcement Directive. This latter Communication seeks to undermine the fundamental right to privacy by suggesting an opaque effort to "rebalance" rights to the benefit of so-called property rights. It is entirely and obviously unacceptable that the European Commission can simultaneously be negotiating ratification of the European Convention on Human Rights and seeking to undermine its core provisions. EDRi response to 2010 Communication on Data Protection Directive revision (15.01.2011) http://www.edri.org/files/20110115_EDRi_data_protection_final.pdf European Commission 2010 Communication on Data Protection Directive revision (4.11.2010) http://ec.europa.eu/justice/news/consulting_public/0006/com_2010_609_en.pdf Data Protection Reform Strategy: EDPS sets out his vision for the new framework (18.01.2011) http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consu… Communication on IPR Enforcement Directive (22.12.2010) http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2010:0779:FIN:EN:… EDRi response to 2009 Consultation on Data Protection Directive revision (13.01.2010) http://www.edri.org/edrigram/number8.1/position-data-protection-review (Contribution by Joe McNamee - EDRi) ============================================================ 2. EC's leak describes blocking as "challenging", "costly" and ineffective ============================================================ A leaked draft of the European Commission's (EC) Green Paper on gambling provides some valuable insights into the Commission's views on web blocking. Firstly, contrary to Commissioner Malmstrvm's repeated promises to the contrary, the leak shows that the Commission has no objections in principle to blocking being used against content other than child abuse. The document states that blocking of unlicensed gambling websites "might be justified". The draft policy document goes on to describe what it sees as a key advantage of DNS blocking - that it can be used to hijack users' connections to direct them to approved sites. Nonetheless, while in favour of blocking in principle, the document explicitly recognises that blocking is "technically challenging and costly" and that blocking will leave a "significant" residual level of illegal sites publicly available. In particular, and this is of importance for blocking in relation to child abuse material, the document says that regular updating of a blocking list will be "costly" - a point studiously avoided by the European Commission in the blocking debate so far. Meanwhile, the Civil Liberties Committee of the European Parliament is getting ready for its vote on blocking next week. 342 amendments have been tabled to the Child Exploitation Directive as a whole, with 45 addressing the issue of Internet blocking. While there is a large consensus that blocking should not be mandatory on Member States, there is a wide divergence of opinion on whether blocking should be promoted or not by the Directive and whether "non-legislative" measures should be encouraged as a means of achieving blocking. Among MEPs that have been diligently working on the dossier in the 22 months since the original proposal was made, there is widespread agreement that neither blocking nor non-legislative measures should not be promoted. However, numerous amendments have been tabled by MEPs that have never spoken in a single debate on the issue. When the vote happens, therefore, all will hang on the efforts by activists to contact MEPs and persuade them that blocking is dangerous and that extra-judicial actions by Internet access providers to restrict access to content would be wrong and contrary to the most basic principles of fundamental rights. Draft European Commission Green Paper on online gambling in the Internal market (01.2011) http://www.statewatch.org/news/2011/jan/eu-com-draft-green-paper-on-interne… EDRi's web blocking campaign page http://www.edri.org/stop_web_blocking (Contribution by Joe McNamee - EDRi) ============================================================ 3. EU institutions want clarifications form Hungary on its media legislation ============================================================ The Hungarian EU Presidency was met on 19 January 2011 with opposition and criticism due to the controversial media legislation Hungary has recently introduced. Some MEPs displayed white banners that read "censored". Viktor Orban, the Hungarian Prime-Minister started his speech by stating that the Hungarian government was willing to change the legislation if the European Commission finds it to be at fault, as the law is presently under its legal review to establish whether it contravenes the EU law. Orban added that Hungary would follow the EC opinion provided it was scrupulously objective, and insisted that Hungary should be treated like any other EU member state. Also, that a separation should be made between Hungary's EU presidency and Hungary's internal affairs. Several MEPs expressed the opinion that the legislation ought to be scrapped entirely. The new law establishes a Media Council (MC) to ensure "balanced" reporting, and requires all media types to be registered, including online media such as forums and blogs. Miklos Haraszti, former OSCE Representative on Freedom of the Media, explained that there are actually five interconnected legislative acts introduced in Hungary since June 2010 that were passed in a rush, at the end of the year, without any consultation. According to the corroborated legislation, all media (including the Internet) are bound to provide "comprehensive, factual, up-to-date, objective and balanced coverage on local, national and European issues that may be of interest for the general public and on any event bearing relevance to the citizens of the Republic of Hungary and members of the Hungarian nation." In Haraszti's opinion, the obligation of the registration for all news providers (including print and Internet-based ) is specifically forbidden in the Council of Europe guidelines. The new Hungarian legislation stipulates high penalties, from 90 000 to 722000 Euro for infringements such as the provision of content that may potentially hurt any community. In order to verify the violations, MC may access any data, including legally protected information.. Refusal to offer the required data may bring a fine of up to180 000 Euro to any media provider.. The legislation thus puts the entire media under the power of a single governmental authority and, according to Judit Bayer, associate professor of media law at King Sigismund College in Budapest, the law is "unquestionably a serious attack on press freedom, and contrary to Article 2 of Lisbon Treaty, Article 10 of the European Convention of Human Rights and Article 19 of the International Covenant on Civil and Political Rights." On 21 January 2011, the European Commission sent a letter to the Hungarian government, giving them two weeks to answer the concerns related to this law. In case of an inadequate answer, Hungary may face legal action. "The commission services have serious doubts as to the compatibility of the Hungarian legislation with Union law," wrote Vice-President of the Commission in charge of the Digital Agenda, , Neelie Kroes. The letter also refers to the provisions of the law that allow Hungary to fine broadcasters based outside the country for what is deemed hate speech, as well as the mandatory registration of all media, including websites, which appear to be incompatible with EU rules. Orban meets barrage of MEP criticism over media law (19.01.2011) http://euobserver.com/9/31669/?rk=1 Hungary's Media Law Package (16.01.2011) http://www.statewatch.org/news/2011/jan/hungary-haraszti-media-law-package.… Hungary's new law a threat to democracy (17.01.2011) http://www.indexoncensorship.org/2011/01/hungary-media-law/ EC to inform Hungary about concerns with media law this week (19.01.2011) http://www.politics.hu/20110119/ec-to-inform-hungary-about-concerns-with-me… EU gives Hungary two weeks to reply on media law (22.01.2011) http://www.earthtimes.org/articles/news/363678,hungary-reply-media-law.html EDRi-gram: New media law in Hungary allows Internet censorship (12.01.2011) http://www.edri.org/edrigram/number9.1/media-law-hungary-blocks-internet ============================================================ 4. European Commission concerned over illegal eavesdropping in Bulgaria ============================================================ Based on a request for access to public information, Dnevnik daily newspaper has been able to access and publish information showing that a third of the wiretaps in Bulgaria have no proper legal coverage, being performed without an authorisation from a judge. This is possible due to a "flexible" formulation of the procedure for requesting the interception of a person's communications. An internal directive issued by Boris Velchev, the prosecutor-general allows prosecutors to request eavesdropping without the authorisation of a judge when a criminal investigation has been opened. According to Dvevnik, based on this procedure, 2 767 such cases of illegal eavesdropping have already taken place in seven months. The daily also revealed that, according to economists, Bulgaria spends 50 times more than the UK on eavesdropping. While the Bulgarian press reveals a significant increase of eavesdropping under the government of Boyko Borissov, the Bulgarian Prime-Minister justifies the government eavesdropping as an important instrument in fighting organised crime. The European Commission has recently requested information from the Bulgarian authorities related to the legality of the eavesdropping activities, following leaks into Galeria tabloid concerning taped phone conversations in which apparently Boyko Borissov spoke of the need to "protect" a controversial businessperson from customs checks. As a result of the scandal in the press, Borissov asked for a vote of confidence in the Parliament, which he won on 20 January 2011. The ALDE group submitted on 21 January 2011 a question to the Commission asking clarifications over the application of the Bulgarian wiretap law, which infringes the Bulgarian Constitution, the provisions of the Lisbon Treaty, the ECHR and the European Charter of Fundamental Rights. "The current Bulgarian scandal over the escalating use of Special Intelligence Means is a stain on the image of Bulgaria in the same way as the Hungarian media law this week taints the international image of that country. The data collected from the special services in Bulgaria is leaking widely and the only independent mechanism for control over the special services has been abolished. There is a widespread paranoia spreading amongst Bulgarian society. The European Commission should step in and uphold the rights of Bulgarian citizens under EU law before this situation gets out of hand," said ALDE MEP Stanimir Ilchev. The European Commission is expected to present a report in February on progress made by Bulgaria under the Cooperation and Verification Mechanism monitoring procedure. One third of eavesdropping in Bulgaria illegal (21.01.2011) http://www.euractiv.com/en/enlargement/third-eavesdropping-bulgaria-illegal… Wiretap scandal rocks Bulgarian government (18.01.2011) http://www.euractiv.com/en/enlargement/wiretap-scandal-rocks-bulgarian-gove… Any third monitoring of GSM and the Internet has no control (only in Bulgarian, 22.01.2011) http://www.dnevnik.bg/bulgaria/2011/01/20/1028603_vsiako_treto_sledene_na_g… Eavesdropping scandal in Bulgaria: Commission must investigate (21.01.2011) http://www.alde.eu/press/press-and-release-news/press-release/article/eaves… EDRi-gram: Protests in Bulgaria against eavesdropping and data retention law (13.01.2010) http://www.edri.org/edrigram/number8.1/bulgarian-protests-data-retention ============================================================ 5. Romanian NGOs demand stopping data retention in Europe ============================================================ In an open letter sent to the European institutions, several Romanian NGOs, including EDRi-member APTI Romania, demanded stopping data retention in Europe, following the decisions of the Constitutional Courts in Romania and Germany. The letter asks the European Commission to take advantage of the evaluation process of the Data Retention Directive in order to correct the mistakes of the past and to nullify the Directive, as it has been shown there are difficulties in obtaining the relevant data regarding the efficiency of such a system. The Commission has also received clear examples of abuses and adverse effects on privacy. The signatories underline that a Romanian implementation of the EU Directive on data retention is impossible, after the 2009 decision of the Constitutional Court that considered that the fundamental scope of the law (and thus of the Directive) - legal obligation to continuously and indiscriminately store telecommunication data- is unconstitutional. They are also asking the competent European institutions to take note of the irreconcilable conflict between the telecommunication data retention and the human right to privacy and to act accordingly to respect the principles in the Charter of Fundamental Rights of the European Union. The text is meant to remind, support and respect the decision of the Romanian Constitutional Court and not to put an EU Member State in a position that will breach its constitutional texts: "The decision stipulates that keeping all traffic data for all Romanian citizens is a measure that breaches human rights, as foreseen by the Romanian Constitution. Thus 'the legal obligation with a continuous character, generally applicable, of data retention (...) harms in an unacceptable way the exercise of the right to privacy or the freedom of expression.'" Telecommunication data retention must be stopped in Europe (26.01.2011) http://www.apti.ro/pastrare-date-trafic.pdf Decision of the Romanian Constitutional Court (8.10.2009) http://www.legi-internet.ro/english/jurisprudenta-it-romania/decizii-it/rom… EDRi-gram: Data Retention Directive evaluation: expect the unexpected? (15.12.2010) http://www.edri.org/edrigram/number8.24/evaluation-data-retention-directive ============================================================ 6. Spain: Right to be forgotten and Google ============================================================ The Spanish data protection authority (AEPD) has recently been focusing on a privacy-related campaign against major Internet intermediaries, accusing them to "have crossed the red line" in regard to protection of personal data on the Internet. Facebook, Google or Myspace are under scrutiny for their privacy policies and how they are respected. On 17 January 2010, AEPD accused Google of invading personal privacy of users, arguing the company was in breach of the "right to be forgotten", the Spanish law allowing people to control information about them. The Spanish Authority ordered the search engine company to remove links to more than 100 Spanish online articles and to delete links to websites that contained out of date or inaccurate information about a specific individual that complained to the AEPD. Google argues that deleting results "would be a form of censorship", that the company, as an intermediary, is not liable for the content of the materials it links to. Moreover deleting content is not the role of search engines but of publishers. "We are disappointed by the actions of the Spanish privacy regulator. Spanish and European law rightly hold the publisher of the material responsible for its content. Requiring intermediaries like search engines to censor material published by others would have a profound, chilling effect on free expression without protecting people's privacy," stated Peter Barron, Google's director of external relations for Europe. But even if Google loses the case, the articles blocked by the search engine will still be available on the websites of the newspapers and journals that published the respective articles. However, Google will have to delete information about the concerned individuals from its Spanish site and respond to another 88 cases also brought to the Spanish regulator. The case is closely followed by the European Union because its outcomes may have implications outside Spain, having in view that EU has already announced looking at how the application of the right to be forgotten is implemented in the online world. "Internet users must have effective control of what they put online and be able to correct, withdraw or delete it at will. What happens if you want to permanently delete your profile on a social networking site? Can this be done easily? The right to be forgotten is essential in today's digital world." said Viviane Reding, European Commission's Vice-president, in a statement made in November 2010. Building Trust in Europe's Online Single Market Speech at the American Chamber of Commerce to the EU Brussels - Viviane Reding speech (22.06.2010) http://europa.eu/rapid/pressReleasesAction.do?reference=SPEECH/10/327 Google fights Spanish privacy order in court (20.01.2011) http://www.bbc.co.uk/news/technology-12239674 Google fights Spanish court order over libel (17.01.2011) http://www.dw-world.de/dw/article/0,,14771969,00.html AEPD Director warns that the large Internet company has crossed "several red lines" of the respect to privacy (only in Spanish, 12.2010) https://www.agpd.es/portalwebAGPD/revista_prensa/revista_prensa/2010/notas_… Google search engine, ripe for judgment (only in Spanish, 22.01.2011) http://www.larazon.es/noticia/5222-el-buscador-google-visto-para-sentencia ============================================================ 7. Sarkozy wants a "civilised" Internet ============================================================ With France at the Presidency of the G20 group in 2011, Nicolas Sarkozy has recently announced the intention to convene a G20 meeting to discuss Internet and copyright issues, before the full G20 summit of heads of state and government in Cannes in November. The French President has had the same discourse for some time now, having pushed the idea of a "civilised" Internet on various occasions since the signature in November 2007 of the so-called "Olivennes agreement", which established the Hadopi authority. The subject of a "civilised" Internet will also be discussed during the G8 meeting that will take place in Deauville, France, on 26 and 27 May 2011. "We will table a central question, that of a civilised Internet (....).We cannot consume as never before images, music, authors, creation, and not ensure the property rights for the person who put all the emotion, talent and creativity (...). The day we no longer remunerate the creation, we will kill the creation" said Sarkozy. In the French government's opinion, expressed by Deputy Muriel Marland-Militello, France is the "world's pioneer of the civilised Internet", thanks to Hadopi. A pioneer who obstinately continues its efforts to promote its repressive three-strikes system with every occasion. In October 2010, an international conference on online freedom of expression was supposed to be organised by French minister of Foreign Affairs Bernard Kouchner. A letter sent by Nicolas Sarkozy to Houchner shows that Sarkozy was trying to take the opportunity of the conference to promote Hadopi law establishing the three-strikes system. In Sarkozy's opinion, the conference provided "the opportunity to promote the balanced regulatory initiatives carried on by France during these past three years, and in particular the HADOPI law in the field of copyright." In the meantime, Hadopi presented on 23 January 2011, on the occasion of MIDEM 2011 (Marchi International du Disque et de l'Edition Musicale - International Market of the Record and Musical Edition) the results of its first study, performed between 25 October and 4 November 2010, on Internet usage in France. The study revealed that half of the French Internet users engage in alleged illegal downloads. A rather unpleasant finding for Hadopi is that 29 % of the "pirates" admit to having started downloading during the last 6 months, meaning after the introduction of Hadopi law and the issuing of the first warnings by the authority. Moreover 50% of the "pirates" stated they did not intend to change their habits, irrespective of the authority's actions. The study has also revealed that the persons who illegally download cultural goods are also the ones that spend more on culture than others who do not. The main obstacle to legal consumption of digital cultural goods is the price for 37% of users, while for 21% of them the reason is a lack of offer diversity, and only 13% state they are more used to "illegal consumption." The findings of the report are not quite in favour of Hadopi and only prove the inefficiency of the system. Sarkozy wants a G20 of the copyright for a "civilised Internet" (only in French, 19.01.2011) http://www.numerama.com/magazine/17849-sarkozy-veut-un-g20-du-droit-d-auteu… Sarkozy Exports Repressive Internet (21.10.2010) http://www.laquadrature.net/en/sarkozy-exports-repressive-internet Hadopi presents its study: 50 % of the pirates don't want to change (only in French, 24.01.2011) http://www.numerama.com/magazine/17864-l-hadopi-presente-son-etude-50-des-p… Hadopi, Cultural goods and Internet use: the French users' practices and perceptions (only in French, 23.01.2011) http://www.scribd.com/doc/47451295/hadopiT0 ============================================================ 8. ENDitorial: EDRi publishes study on self-regulation and censorship ============================================================ European Digital Rights has published a study on the scale of measures being undertaken to outsource policing activities to private companies in the Internet environment and its significance for fundamental rights, transparency and openness on the Internet. Internet intermediaries around the world are taking on more important roles in their states' efforts to address the dissemination of illegal online content and this trend is likely to become stronger as we move into a new environment of "extra-judicial sanctions" against consumers. With some notable exceptions, these activities are being forced onto Internet intermediaries rather than being demanded by them. The study found that the term "self-regulation" is being inappropriately used to describe what is not self-regulation at all, but the monitoring, policing and even punishing of alleged illegal activities of citizens. Proposed legislation and "non-binding guidelines" are forcing intermediaries into a position in which they can no longer avail themselves of legal protections - where they are obliged, in effect, to police private online communications, often in blatant disregard of legal safeguards and even to impose sanctions for alleged infringements. Should Internet intermediaries become privatised enforcement systems? The measures recently taken by Visa, Mastercard, PayPal and EveryDNS against WikiLeaks are a case in point. Even without WikiLeaks being charged with any particular crime, private companies have acted unilaterally against it. The devolved enforcement initiatives documented in the report aim to persuade industry to engage in a vigilante system of monitoring and sanctioning; the report catalogues current international proposals, which include: - a series of ongoing "public-private dialogues" organised by the European Commission to encourage hosting providers to engage in extra-judicial rulings of illegality; - a 2010 European Commission funding proposal incentivising companies to engage in "self-regulatory" Internet blocking of allegedly illegal online material; - discussions launched by the Council of Europe's Assembly in 2010 whose intention appears to be to increase the legal obligations of intermediaries, despite the fact that this would be "contrary both to the letter and the spirit of the 2003 Declaration on freedom of communication on the Internet"; - 2010 OECD discussions, which aim to increase the responsibility of Internet intermediaries in advancing "public policy objectives"; - the Anti-Counterfeiting Trade Agreement (ACTA) that contains provisions that would encourage or coerce ISPs into policing their networks and enforcing extra-judicial sanctions, where they deem it to be appropriate; - an OSCE consultation in 2010, the aim of which was to explore ways to enable ISPs to "'regulate' online legal or illegal 'hate speech'"'; - EU/India and EU/Korea bilateral free trade agreements that would change the EU acquis on intermediary liability. The encouragement of extra-legal measures to limit access to information, proactive policing of the Internet and the exclusion of law enforcement authorities in investigating serious crimes are factors that contribute to the weakening of the rule of law and democracy. Indeed, by taking responsibility away from legal authorities, such measures can result in serious crime, such as the publication of child abuse material online, being addressed by industry through cosmetic measures (such as blocking) rather than proper investigation and prosecution. While these appear to be regressive steps away from freedom, the study found, for instance, that the European Commission appears far from perturbed by the dangers for fundamental rights of this approach and appears keen to export the approach. This process is gradually strangling the openness that is at the core of the Internet. This openness has enhanced democracy, has shaken dictatorships and has boosted economies worldwide. This openness is what we will lose through privatised policing of the Internet by private companies - what will we gain? EDRi report: The slide from "self-regulation" to corporate censorship (24.01.2011) http://www.edri.org/files/EDRI_selfreg_final_20110124.pdf Text of the press releas also available in: German http://www.edri.org/files/EDRi_pressemiteilung_deutsch.pdf Swedish http://www.edri.org/files/EDRi_pressmedel_svenska.pdf French http://www.edri.org/files/EDRi_communique_francaise.pdf Hungarian http://www.edri.org/files/magyar_sajtokozlemeny_EDRi_jelentes.pdf Slovak: http://www.soit.sk/sk/aktualne/oit-vo-svete/2011-01-26/106-nova-studia-doku… (Contribution by Joe McNamee - EDRi) ============================================================ 9. Recommended Action ============================================================ Opinion of European Academics on ACTA Open for signatures until 7 February 2011 http://www.iri.uni-hannover.de/acta-1668.html http://www.iri.uni-hannover.de/tl_files/pdf/ACTA_opinion_200111_2.pdf ============================================================ 10. Recommended Reading ============================================================ ACTA Blog: Certainly, the professors should know the difference between 'shall' and 'may' (25.01.2011) http://acta.ffii.org/wordpress/?p=390 ENISA: Review of the current situation in the implementation of data breach notifications requirement, set up by the Article 4 of the reviewed ePrivacy Directive (14.01.2011) http://www.enisa.europa.eu/media/press-releases/new-report-data-breach-noti… http://www.enisa.europa.eu/act/it/dbn/ Statewatch analysis: Six months on: An update on the UK coalition government's commitment to civil liberties (21.01.2011) http://www.statewatch.org/analyses/no-118-uk-civil-liberties-six-months-on.… The Commission is publishing the statistics and the responses to the on-line public consultation on the PSI Directive. The full analysis of the responses will be published in the form of a report in the coming weeks. (20.01.2011) http://ec.europa.eu/information_society/policy/psi/index_en.htm ============================================================ 11. Agenda ============================================================ 25-28 January 2011, Brussels, Belgium The annual Conference Computers, Privacy & Data Protection CPDP 2011 European Data Protection: In Good Health? http://www.cpdpconferences.org/ 26 January 2011, Brussels, Belgium Cultural Diversity and Europe 2020: Nuisance or necessity? http://conferences.euobserver.com/cultural/index/ 28 January 2011, Brussels, Belgium Joint High Level meeting on Data Protection: "Data protection (30 years later): from European to international standards?" http://www.data-protection-day.net 31 January 2011, Brussels, Belgium Public Workshop on indicators for the independence and efficient functioning of AVMS regulatory bodies http://cmcs.ceu.hu/news/31-january-public-workshop-indicators-independence-… 23-28 February 2011, Gosier, Guadeloupe, France ICDS 2011- 5th International Conference on Digital Society http://www.iaria.org/conferences2011/ICDS11.html 24-25 February 2011, Berlin, Germany The First OAPEN Conference http://meetings.copernicus.org/oapen2011/ 11-12 March 2011, Ankara, Turkey ICEGEG-2011- 3rd International Conference on E-Government and E-Governance http://www.icegeg.com/index.html 28 March 2011, Paris, France 5th European eAccessbility Forum: Benefits and costs of e-accessibility http://inova.snv.jussieu.fr/evenements/colloques/colloques/70_index_en.html 1 April 2011, Bielefeld, Germany Big Brother Awards Germany http://www.bigbrotherawards.de/index_html-en 17-18 May 2011, Berlin Germany European Data Protection Reform & International Data Protection Compliance http://www.edpd-conference.com 12-15 June 2011, Bled, Slovenia 24th Bled eConference, eFuture: Creating Solutions for the Individual, Organisations and Society http://www.bledconference.org/index.php/eConference/2011 11-12 July 2011, Barcelona, Spain 7th International Conference on Internet, Law & Politics (IDP 2011): Net Neutrality and other challenges for the future of the Internet Abstract submission: 18 February 2011 http://p2pfoundation.ning.com/profiles/blogs/7th-international-conference ============================================================ 12. About ============================================================ EDRI-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRI has 29 members based or with offices in 18 different countries in Europe. European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRI-grams. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and are visible on the EDRI website. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 3.0 License. See the full text at http://creativecommons.org/licenses/by/3.0/ Newsletter editor: Bogdan Manolea <edrigram(a)edri.org> Information about EDRI and its members: http://www.edri.org/ European Digital Rights needs your help in upholding digital rights in the EU. If you wish to help us promote digital rights, please consider making a private donation. http://www.edri.org/about/sponsoring - EDRI-gram subscription information subscribe by e-mail To: edri-news-request(a)edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. Unsubscribe by e-mail To: edri-news-request(a)edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/edri/2.html - EDRI-gram in German EDRI-gram is also available in German, with delay. Translations are provided Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users http://www.unwatched.org/ - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask <edrigram(a)edri.org> if you have any problems with subscribing or unsubscribing. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

[silk] Flame is Lame
by Biju Chacko 06 Jul '18

06 Jul '18

http://www.f-secure.com/weblog/archives/00002383.html When the Flame malware was found two weeks ago, it was characterized as 'Highly advanced', 'Supermalware' and 'The biggest malware in history'. These comments were immediately met with ridicule from experts who were quick to point out that there was nothing particularly new or interesting in Flame. In fact, the only unique thing in Flame seemed to be its large size. Even that was not too exciting as analysts went digging for examples of even larger malware and indeed found them (some malware tries to look like video files so they carry full-length movies inside their bodies). Suggestions that Flame was created by a government and, like Stuxnet and Duqu, would be the product of a nation-state were met with ridicule as well. But let's have a look at what we've learned about Flame over these two weeks. 1. Flame has a keylogger and a screengrabber They naysayers are unimpressed. "We've seen that before. Flame is lame." 2. Flame has built-in SSH, SSL and LUA libraries "Bloated. Slow. Flame is still lame." 3. Flame searches for all Office documents, PDF files, Autodesk files and text files on the local drives and on network drives. As there would easily be too much information to steal, it uses IFilters to extract text excerpts from the documents. These are stored in a local SQLLite database and sent to the malware operators. This way they can instruct the malware to hone in on the really interesting material. "Flame is lame" 4. Flame can turn on the microphone of the infected computer to record discussions spoken near the machine. These discussions are saved as audio files and sent back to the malware operators. "Flame is lame, lol" 5. Flame searches the infected computer and the network for image files taken with digital cameras. It extracts the GPS location from these images and sends it back to the malware operators. "Still, Flame is lame" 6. Flame checks if there are any mobile phones paired via Bluetooth to the infected computer. If so, it connects to the phone (iPhone, Android, Nokia etc), collects the Address Book from the phone and sends it to the malware operators. "Flame is still lame, kind of." 7. The stolen info is sent out by infecting USB sticks that are used in an infected machine and copying an encrypted SQLLite database to the sticks, to be sent when they are used outside of the closed environment. This way data can be exfiltrated even from a high-security environment with no network connectivity. "Agent.BTZ did something like this already in 2008. Flame is lame." 8. When Flame was now finally caught, the attackers have been busy destroying all evidence and actively removing the infections from the affected machines. "Doesn't prove anything. Lame." 9. Latest research proves that Flame is indeed linked to Stuxnet. And just one week after Flame was discovered, US Government admitted that they had developed Stuxnet together with the Israeli Armed Forces. "You're just trying to hype it up. Still lame." 10. Flame creates a local proxy which it uses to intercept traffic to Microsoft Update. This is used to spread Flame to other machines in a local area network. "Lame. Even if other computers would receive such a bogus update, they wouldn't accept it as it wouldn't be signed by Microsoft". The fake update was signed with a certificate linking up to Microsoft root, as the attackers found a way to repurpose Microsoft Terminal Server license certificates. Even this wasn't enough to spoof newer Windows versions, so they did some cutting-edge cryptographic research and came up with a completely new way to create hash collisions, enabling them to spoof the certificate. They still needed a supercomputer though. And they've been doing this silently since 2010. "b&" And suddenly, just like that, the discussion on whether Flame is lame or not b&vanished. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

[silk] Flame is Lame
by Biju Chacko 06 Jul '18

06 Jul '18

http://www.f-secure.com/weblog/archives/00002383.html When the Flame malware was found two weeks ago, it was characterized as 'Highly advanced', 'Supermalware' and 'The biggest malware in history'. These comments were immediately met with ridicule from experts who were quick to point out that there was nothing particularly new or interesting in Flame. In fact, the only unique thing in Flame seemed to be its large size. Even that was not too exciting as analysts went digging for examples of even larger malware and indeed found them (some malware tries to look like video files so they carry full-length movies inside their bodies). Suggestions that Flame was created by a government and, like Stuxnet and Duqu, would be the product of a nation-state were met with ridicule as well. But let's have a look at what we've learned about Flame over these two weeks. 1. Flame has a keylogger and a screengrabber They naysayers are unimpressed. "We've seen that before. Flame is lame." 2. Flame has built-in SSH, SSL and LUA libraries "Bloated. Slow. Flame is still lame." 3. Flame searches for all Office documents, PDF files, Autodesk files and text files on the local drives and on network drives. As there would easily be too much information to steal, it uses IFilters to extract text excerpts from the documents. These are stored in a local SQLLite database and sent to the malware operators. This way they can instruct the malware to hone in on the really interesting material. "Flame is lame" 4. Flame can turn on the microphone of the infected computer to record discussions spoken near the machine. These discussions are saved as audio files and sent back to the malware operators. "Flame is lame, lol" 5. Flame searches the infected computer and the network for image files taken with digital cameras. It extracts the GPS location from these images and sends it back to the malware operators. "Still, Flame is lame" 6. Flame checks if there are any mobile phones paired via Bluetooth to the infected computer. If so, it connects to the phone (iPhone, Android, Nokia etc), collects the Address Book from the phone and sends it to the malware operators. "Flame is still lame, kind of." 7. The stolen info is sent out by infecting USB sticks that are used in an infected machine and copying an encrypted SQLLite database to the sticks, to be sent when they are used outside of the closed environment. This way data can be exfiltrated even from a high-security environment with no network connectivity. "Agent.BTZ did something like this already in 2008. Flame is lame." 8. When Flame was now finally caught, the attackers have been busy destroying all evidence and actively removing the infections from the affected machines. "Doesn't prove anything. Lame." 9. Latest research proves that Flame is indeed linked to Stuxnet. And just one week after Flame was discovered, US Government admitted that they had developed Stuxnet together with the Israeli Armed Forces. "You're just trying to hype it up. Still lame." 10. Flame creates a local proxy which it uses to intercept traffic to Microsoft Update. This is used to spread Flame to other machines in a local area network. "Lame. Even if other computers would receive such a bogus update, they wouldn't accept it as it wouldn't be signed by Microsoft". The fake update was signed with a certificate linking up to Microsoft root, as the attackers found a way to repurpose Microsoft Terminal Server license certificates. Even this wasn't enough to spoof newer Windows versions, so they did some cutting-edge cryptographic research and came up with a completely new way to create hash collisions, enabling them to spoof the certificate. They still needed a supercomputer though. And they've been doing this silently since 2010. "b&" And suddenly, just like that, the discussion on whether Flame is lame or not b&vanished. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

Lucrative update
by Patrick 06 Jul '18

06 Jul '18

Lucrative release 4 is out. I know many people are used to seeing releases numbered like "0.000001", "0.000002", "2.0.3.0.14.657" etc. but release numbering systems are essentially arbitrary in nature so don't get excited as Lucrative goes toward version 50+. This release is a fairly minor one, but included some changes such as the client name that I wanted to get out as soon as possible. There is also a new development weblog at http://lucrative.thirdhost.com/weblog/. I went through an install with someone over IRC last night and made a blog entry summarizing the install notes. I recommend reading the notes before attempting an install. I am glad to help with an install, drop me a note at patrick(a)lfcgate.com if you have trouble. Some documentation on the various entities in the Lucrative system is now available on the website, http://lucrative.thirdhost.com/documentation.php but more is needed and coming. If Lucrative is interesting to you, please consider helping in any way you can: Feedback Installation reports Suggestions Comments Criticism Feature requests Source code patches Donations Are all very much welcomed. And criticism is more useful to me than praise. My sincere thanks to everyone who has participated so far by installing, testing, providing feedback, spreading the word, and donating. And finally I just received word from SourceForge that the project registration for Lucrative has been approved. Regards, Patrick -----BEGIN PGP PUBLIC KEY BLOCK----- Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com> mQGiBD5ECKcRBADUvjXHwLtxIyS4AyjBs/dFtN6rdeP18Fhzh1hD5fJwkFevqY9Z I1ASROTh6eXYF7pU5sEvbcPshHyTB41ZtTqZvQvpwWN0fUzOuutuI0mtC5UPp9Rz j47SdWLdEXNHjwnHDCYSyqtqZu8GujGRQybR0eP3NIh/NwbSDUKdgz7IjwCg//Jo UtjP3zUFobm/0UYA+CJ5krED/091x9Js0gwNwvjbzM8DqO+r8qNz0kXI13FkrPRk QNd37lxt6m2m8HZD1WYM2wKwtMzHSwJcWzaDZ/tNc+ppYjzpw0EQCh9FqjGs8Vau guF6PA1M8lJTCcLKaL4e7ynic+PAw5Xa/tdOYgFCG+eLMU5RLvzRCYoOLIjgMJLJ yG98BACAMlDmFVYgC/UKvzZmHfZ5CtCKd8sPfCXrYLu5NeFRE0LR6D6zjzmhi1xX okfreR5o3T/y78VBM98js+m2/+7Z0AElqydeW/RnV1zqwDGjDr9z2MgARf3yLAbs n3BU8Fz61RwvHy6cRkT+2dR2f69QQUSpkupvLwZIGX/iwm4uKLQdUGF0cmljayA8 cGF0cmlja0BsZmNnYXRlLmNvbT6JAE4EEBECAA4FAj5ECKcECwMCAQIZAQAKCRBb mvb9yuOVfaA2AKDAu5tDj9F2KI8cJMrKKkQRAcUyxACg6/bei7lUJH+E5igJqGRx SjKrRA65BA0EPkQIpxAQAPkYoH5aBmF6Q5CV3AVsh4bsYezNRR8O2OCjecbJ3HoL rOQ/40aUtjBKU9d8AhZIgLUV5SmZqZ8HdNP/46HFliBOmGW42A3uEF2rthccUdhQ yiJXQym+lehWKzh4XAvb+ExN1eOqRsz7zhfoKp0UYeOEqU/Rg4Soebbvj6dDRgjG zB13VyQ4SuLE8OiOE2eXTpITYfbb6yUOF/32mPfIfHmwch04dfv2wXPEgxEmK0Ng w+Po1gr9oSgmC66prrNlD6IAUwGgfNaroxIe+g8qzh90hE/K8xfzpEDp19J3tkIt AjbBJstoXp18mAkKjX4t7eRdefXUkk+bGI78KqdLfDL2Qle3CH8IF3KiutapQvMF 6PlTETlPtvFuuUs4INoBp1ajFOmPQFXz0AfGy0OplK33TGSGSfgMg71l6RfUodNQ +PVZX9x2Uk89PY3bzpnhV5JZzf24rnRPxfx2vIPFRzBhznzJZv8V+bv9kV7HAarT W56NoKVyOtQa8L9GAFgr5fSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY72 88kjwEPwpVsYjY67VYy4XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy 1obEAxnIByl6ypUM2Zafq9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XrPdYX AAICD/wKwtF7Y4NKBe8PQ6jDbjWziiTv9Ac/EnRTJDQEoqgLa2LyE+6Ahw/VPGvp mfxkD2MKxC9E7kYVmasn6sHnSpvAv3e7O1Bqbo/qLzzCcJQ5VCurZ+elRM1GZ4Oc fM19FPKutb0/JFEv0nrqS4BGkF7WFBbu5dKYl/GIO7Co1mAerFIb719dOwMPVEIz OT08u8uB9jyR8gEElf+CVuNfOUkrUGg4HS4SbmTTrCSz3/8n5PkquSuAyjCB/dwM ZsZwA0/TTR8sDYlmlf9xPj5PGpGnV9OUwfig6eE0eWtRFeasmz0uiX+yp45ABtNh 6EXP/PFaBgXi9omXXjeeFYfpDvmfA6izvTIQfXTV6V9ZWrBfXarM+GQ+6guXWVbd 9fXvmCr982LkzuKQrK1OpRXBMUapXL+tOy/LYzz91InqKKhgPNGa12fvotZ4LzlM iqoM+Hpz5L9B5We1Ph0lD6RBVXDCqd+P8extnY/7AaDy7tC0UghaAaUuEZXJQPIc oQ3QGbpjM0nGe/VZN5EZhljau0NNENFaU56cOpvOhcO04gLGNNc2NS+rIpTMsaHh o1CG90c5zZZJuUbyx0mIHriNQXDgEwunSZPQorKK9KSppyyjeuOyi5F/mBBPXeyT weLhLqLvAr9se/+Z3aQvMADJi8zUZtGggLTw+N9R5XSwtSh2R4kARgQYEQIABgUC PkQIpwAKCRBbmvb9yuOVfWayAKC+mBhHdn1XZ5uH0RocAyJ32hx2kgCePyhB+IqM TjWLDLarQxcPYhbkFi4= =nx1M -----END PGP PUBLIC KEY BLOCK----- --- end forwarded text -- ----------------- R. A. Hettinga <mailto: rah(a)ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo(a)wasabisystems.com

1 0

Re: [Politech] Wiretapping innocent people on the Internet
by John Gilmore 06 Jul '18

06 Jul '18

The NYT covered this story, on the front page, too. But somehow it was all about "Colleges Protest Call to Upgrade Online Systems". It wasn't about the government automating the bugging of every student, professor, and staff person by typing a few commands from the basement of the FBI building. The nasty word "wiretap" didn't appear til the eighth paragraph, "below the fold", and when it did appear, it was buried in mid-sentence, right next to "criminals, terrorists and spies". (They never wiretap "citizens", "innocent bystanders", or "suspects", and everyone wiretapped is of course guilty-as-charged, though they haven't been charged with any crime yet.) There's no shortage of bias in the New York Times, but this is a particularly blatant example. Now why is it in the interest of the Times to build wiretapping into the hardware of the Internet? The story also claimed that "Because the government would have to win court orders before undertaking surveillance, the universities are not raising civil liberties issues." I think there's a civil liberties issue when the US Government wants to wire the country like the Stasi wired East Germany for indiscriminate bugging. And there's no "winning" of these court orders; they happen in secret, without the participation or knowledge of the target of the wiretap. The university cannot appear in court to argue about whether the order should be issued (and very few challenge them after issuance). In most cases the judge is *required* to issue the secret wiretap order every time the Feds merely say "we need the info". To get 99% of such orders, they don't need a warrant, nor probable cause to believe that a crime has been committed. What used to be tough wiretap standards have been whittled away inch by inch by decades of aggressive pushing on the part of the FBI, DEA, CIA, NSA, and DoJ. In August, one judge woke up and published a decision that said, despite his previously regular issuance of secret orders to track the location of peoples' cellphones in real time, without probable cause or any suspicion of criminal activity, he was concerned about whether this routine secret practice was actually legal. (See http://www.eff.org/news/archives/2005_09.php#004002) Bravo for that one judge who found his conscience. The government argues that under the same conditions (no warrant, no reason to suspect you in particular), they can monitor about 40% of the bits you send over the Internet, in real time, including where you are, who you're talking with, what protocols you're using, and every URL, email address, IM name, or other "addressing and signaling information". (I argue that they don't have this authority, but I never get to show up in court at these discussions with the judge.) Not only is this information supposedly legal for the government to get about every citizen, it's perfect for automated software tracking of who's-talking-to-who, all the time. The NSA term for it is "traffic analysis", and most of it works even if your communications are encrypted. I understand why the authoritarian brass would want routine wiretaps of the innocent; as Orson Welles said, "Only in a police state is the job of a policeman easy." They've lost sight of their goal (keeping people safe and free), yet redoubled their efforts. Why this would be in the interest of the citizens (or the FCC, or the NY Times) is the puzzle. John Gilmore (speaking for myself) ------------------------------------- You are subscribed as eugen(a)leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

1 0

[IP] Wiretapping innocent people on the Internet
by David Farber 06 Jul '18

06 Jul '18

1 0

[Politech] Real ID Act regulations finally released by Homeland Security [priv]
by Declan McCullagh 06 Jul '18

06 Jul '18

We've had plenty of discussions about the Real ID Act here on Politech, including these: http://www.politechbot.com/2007/02/09/california-officials-like/ http://www.politechbot.com/2007/01/25/maine-becomes-first/ http://www.politechbot.com/2005/03/24/john-gilmore-on/ But so far it's been difficult to figure out how bad the bloody law will be in practice. That's because the Department of Homeland Security has remarkably broad power to come up with regulations, which they finally did in draft form: http://www.dhs.gov/xlibrary/assets/nprm_realid.pdf Here's a summary I wrote trying to put this in perspective: http://news.com.com/2100-1028_3-6163509.html Among the outstanding unanswered questions: Will the final rules include an RFID tag? Will all drivers licenses have a standard design dictated by Homeland Security? Will the information that has to be stored on the nationalized licenses (in the form of a 2D barcode) be encrypted? The deadline extension by Homeland Security was cunning. It's almost certainly intended to fragment opposition in state capitals. If the federalized ID card doesn't have to be complete until 2013 -- the earlier date was 2008 -- state DMVs won't be as alarmed right now and voters won't be either. Here's some more background: http://www.epic.org/privacy/id_cards/ http://www.realnightmare.org/ -Declan _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/) ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

1 0