cypherpunks-legacy
Threads by month
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1998 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1997 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1996 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1995 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1994 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1993 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1992 -----
- December
- November
- October
- September
July 2018
- 1371 participants
- 9656 discussions
Ah, where the web is going. 8e6 Technologies sells a hardware box
that it claims does signature analysis to detect HTTP proxies and
blocks them. It can also block HTTPS proxies "that do not have a
valid certificate" (whatever that means), as well as do such things
as block IM, force Google and Yahoo searches to be done in Safe
mode, and so on.
They're marketing this to the education community (with the typical
horror stories of the problems your school district can run into
if students use proxies to get around your rules).
What I find most interesting, though, is that the company, based
in California, has an overseas presence in exactly two other
countries: Taiwan and China. One doesn't need much imagination
to see what market they are going after there....
-- Jerry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo(a)metzdowd.com
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
============================================================
EDRI-gram
biweekly newsletter about digital civil rights in Europe
Number 4.6, 29 March 2006
============================================================
Contents
============================================================
1. Telecom data to be retained for one year in France
2. Internet under attack on election day in Belarus
3. Slovenia : Draft Police act endangers privacy
4. Creative Commons license upheld in Dutch and Spanish courts
5. New anti-terror bill proposed in Denmark
6. Update on French EUCD Transposition
7. Damages on online defamatory statements in UK
8. Swedish Foreign Minister resigned following pressure on website
9. TACD debate on the politics and ideology of intellectual property
10. Commission progress report on electronic signatures
11. Agenda
12. About
============================================================
1. Telecom data to be retained for one year in France
============================================================
The long-awaited application decree for telecommunication data retention was
finally published in France on 26 March 2006. It requires telecommunication
data operators (Internet and telephony) to retain data for one year.
Concerned data are those allowing the identification of:
- the user and its terminal equipment
- the recipients of the communication
- the date, time and duration of the communication
- the additional services used and their suppliers
- the origin and the location of the communication (for telephony services).
The decree specifies provisions that were first introduced in the Daily
Safety Law ('Loi sur la sicuriti quotidienne' or LSQ), in November 2001, as
an allegedly urgent procedure to fight terrorism, after the 11 September
attacks in the USA. Four years and four months after its adoption, this law
becomes applicable. In the mean time, these provisions have been
twice modified. In March 2003, the Home Safety Law ('Loi sur la sicuriti
intirieure' or LSI) made these provisions perennial, while they were
supposed to last only until December 2003 and be assessed by the Parliament.
In January 2006, the new French anti-terror law has extended the concerned
provisions in two ways. First, not only the judicial authority but also the
police forces may access the retained data. Secondly, data retention
obligations now apply to Internet cafes, hotels, restaurants, and more
generally to any person or organisation providing Internet access, free or
for a fee, as a main or side activity.
France has then chosen the maximum period of retention allowed by its
national law, instead of choosing the minimum period, according to the new
EU legislation. The European Directive on telecom data retention, recently
adopted by the Parliament and the Council of Justice and Home Affairs,
requires a retention period of no less than 6 months and no more than 2
years.
French EDRI member IRIS has qualified this decree as the "maximal penalty
for privacy", in a press release issued on the day of the decree
publication. The organisation reminds that short after the LSQ adoption, it
has filed a complaint with the European Commission against France, for
violating the EU legislation. However, this complaint remained in standby,
the EC waiting for the application decree to process the complaint. In the
mean time, two European Directives on data retention were adopted, in 2002
and 2006 respectively, making this complaint obsolete.
The French ISP association (AFA, French EUROISPA member) announced on 28
March that it would challenge this application decree before the Conseil
d'Etat, highest administrative court. The main disputed point is that, while
the decree provides for reimbursement of costs incurred by a requirement of
law enforcement authorites, on a case by case basis, it remains silent on
the general data retention cost which needs important investment from ISPs.
In addition, the AFA deplores the lack of transition period to set up the
retention system, and more generally the lack of discussion on the decree.
Decree no. 2006-358 of 24 March 2006 regarding electronic communications (in
French, 26.03.2006)
http://www.legifrance.gouv.fr/WAspad/UnTexteDeJorf?numjo=JUSD0630025D
Decree LSQ - Maximum penalty for private life (in French, 26.03.2006)
http://www.iris.sgdg.org/info-debat/comm-decretlsq0306.html
ISP Association will file an appeal to Conseil d'Etat (in French,
28.03.2006)
http://www.afa-france.com/p_20060328.html
EDRI-gram : Data Retention Directive Adopted By JHA Council (01.03.2006)
http://www.edri.org/edrigram/number4.4/dataretention
IRIS dossier on data retention (with information on the complaint to EC)
http://www.iris.sgdg.org/actions/retention/
(Contribution by Meryem Marzouki, EDRI-member IRIS)
============================================================
2. Internet under attack on election day in Belarus
============================================================
On 19 March 2006, date of the presidential elections in Belarus, the
major online independent news resources (svaboda.org, charter97.org,
belapan.com, ucpb.org, naviny.by, kozylin.com, zubr-belarus.com) were the
targets of various types of attacks.
The Website of "Nasha Niva" newspaper was not available from Belarus on 18
March on the Internet. Other problems were spotted in accessing tut.by, a
major Belarusian portal with about 60 000 visitors/day.
Also, Milinkievich's (candidate from Unified Democratic Forces) official
website was unavailable for 2 days starting on 19 March. According with
website administrators, they lost control over the server.
Charter97 press-centre websites were permanently attacked. Authorities not
only used their usual techniques (IP address blocking, massive DoS attacks)
but Internet filtering as well. As a result a number of websites were
unavailable from Belarus.
Belarus has a large system put in place in order to restrict Internet access
and control unwanted content. Some laws make it illegal to publish
information that is contrary to state interests. ISPs from Belarus have to
buy their connectivity from the telecom monopoly company.
Internet Filtering in Belarus ( 20.03.2006)
http://www.e-belarus.org/news/200603201.html
OpenNet Initiative to Monitor Internet during the Belarus Presidential
Elections (17.03.2006)
http://www.opennetinitiative.net/blog/?p=92
Charter '97 - Milinkevich's official web site broken open (19.03.2006)
http://67.18.131.22/eng/news/2006/03/19/mil
(Thanks to Mikhail Doroshevich - E-belarus.org)
============================================================
3. Slovenia : Draft Police Act endangers privacy
============================================================
The draft of new Police Act has raised a lot of criticism in the last days
from privacy activists and legal experts on its broad encroachment upon
citizens' right to privacy, granted by the Slovenian Constitution. Through
the suggested act, the Slovenian government grants more power to the police,
using terrorism, the Schengen treaty and recent serious crimes as a handy
excuse.
The Minister for Interior Affairs replied that changes to the Police
Act were inevitable due to demands of the Schengen treaty. Experts agree
that the Police Act should recieve some new provisions if Slovenia wants to
fully enter the Schengen regime, however, such disproportionate and overall
measures are not required by the Schengen treaty.
Goran Klemencic from the Faculty of Criminal Justice and Security says that
the draft represents an unconstitutional and dangerous attempt to broaden
police powers. Similar opinions came from the Faculty of Law in Ljubljana
and some privacy advocates.
The draft provides for concealed collection of personal data without court
warrant and enables interpretation that allows targeted and continuous
surveillance. Targeted data collection would include financial and welfare
data, lists of co-passengers and relations, data about vehicle and luggage
etc. And all this for individuals as well that might commit a crime
somewhere in the future. To add some more oil on the fire, the
decision-making for approving these invasive measures would not be granted
to a court or public prosecutor, but to the police itself, namely to the
Head of Criminal Police.
The Minister for Interior Affairs, Dragutin Mate, responded in an interview
for national television. His reaction showed that the draft Police Act might
not be sent to the Parliament in the current form because of the numerous
criticisms. However, in his opinion, this is not an invasion to privacy, it
is "just collecting some data at the moment when an individual's data are
entered into the Schengen database and when the respective individual is
randomly stopped by the police inside the country or at the border [...] The
data includes accurate destination, reason for stopping and of course all
the data about how this individual travels". According to Mr. Mate, this
complies with article 99 of Schengen treaty. This might be true but he did
not list all the data to be collected according to the draft act. The latter
includes "targeted data collection"; "discreet collection"; so called
"serious suspicion" (which is not defined); "collection of personal data
from other subjects"; family, financial and welfare data etc. The
interpretation would therefore also allow gathering of telecommunications
traffic and location data from telcos and ISPs ("collection of personal data
from other subjects"), maybe even personal data gathered by employers.
Moreover, the draft does not provide for an afterward notification to the
individual that he or she was a subject of police surveillance.
According to the draft, the police could "randomly" stop an individual
(following a suspicion that he or she might commit a crime somewhere in the
future) and gather the most private data about him or her, including the
family and co-passengers that would be an "excellent" accessory for police
to build the social networks.
These disproportionate and invasive measures included in the draft of
the Police Act may go well together with the Data Retention Directive that
was passed by the European Parliament in December 2005. Seeing "the big
picture", some are asking where Slovenia is heading. Is it really to become
a police country?
The critics might have been successful. The Minister for Interior Affairs
later revealed that "they will most likely include judicial supervision"
over measures that invade individual's constitutional rights. However, it is
incredible how such totalitarian solutions even managed to get a place
inside an official draft .
Draft of the new Police Act - limiting privacy and more power for the
police? (only in Slovenian, 19.3.2006)
http://www.slo-tech.com/script/forum/izpisitemo.php?threadID=211864&mesto=0
Will police invade the privacy? (only in Slovenian, 17.3.2006)
http://24ur.com/bin/article.php?article_id=3071039
Ministry does not want a police country (only in Slovenian, 18.3.2006)
http://www.delo.si/index.php?sv_path=41,35,125949
(Contribution by Aljaz Marn, EDRI observer, privacyblog.net, Slovenia)
============================================================
4. Creative Commons license upheld in Dutch and Spanish courts
============================================================
Both in The Netherlands and in Spain the Creative Commons license was
judged in court. In both cases the validity of this alternative
copyright license was upheld.
In the Netherlands, the first court case about the validity of the
Creative Commons license produced clear victory for the user of the
license. On 9 March 2006 the district court of Amsterdam ruled in
summary proceedings that the weekly gossip magazine 'Weekend' could not
republish pictures that were published under a specific non-commercial
CC license. The family pictures were made by Adam Curry, famous in
internet circles for promoting podcasting. Curry had published the
pictures on the pictures-website flickr.com under a so-called
Attribution-Noncommercial-Sharealike license, with the text 'this photo
is public' and a reference to the appropriate CC license. Weekend did
not seek or obtain prior permission.
Curry sued for both copyright and privacy infringement. Weekend
defended itself by saying it did not understand the reference to the CC
license. The magazine also claimed there could be no damages, since the
pictures were freely available on the flickr website anyway.
The court ruled the copyright was unmistakable. Especially a
professional party like the publisher of the magazine should conduct a
thorough investigation before publishing pictures taken from the
Internet. Professor Bernt Hugenholtz, director of the Institute for
Information Science of the University of Amsterdam and main creator of
the Dutch CC license was very pleased with the ruling. He commented on
the creative commons mailing-list: "The Dutch court's decision is
especially noteworthy because it confirms that the conditions of a
Creative Commons license automatically apply to the content licensed
under it, and bind users of such content even without expressly
agreeing to, or having knowledge of, the conditions of the license."
A few weeks earlier, on 17 February 2006 the Spanish court of Badajoz
decided against SGAE, the Spanish music rights collecting society, in
favor of a bar owner who played music released under a Creative Commons
license. The court said none of the music played in disco bar Metropol
between November 2002 and August 2005 was actually licensed by the
collecting society. On the other hand, the CC licenses did allow for
public performance of the work.
Full text of the Amsterdam district court decision (in Dutch only,
09.03.2006)
http://www.rechtspraak.nl/ljn.asp?ljn=AV4204
Mailinglist iCommons community discussion
http://lists.ibiblio.org/mailman/listinfo/cc-icommons
Full text of the Badajoz court decision (in Spanish only, 17.02.2006)
http://www.internautas.org/archivos/sentencia_metropoli.pdf
Spanish Court Recognizes CC-Music (23.03.2006)
http://creativecommons.org/weblog/entry/5830
(Contribution by Sjoera Nas, EDRI-member Bits of Freedom, the
Netherlands)
============================================================
5. New anti-terror bill proposed in Denmark
============================================================
As a follow up to the latest anti-terror plan of action (49 proposals) of
November 2005, the Danish government is now proposing new anti-terror
legislation.
In the current round of public hearing, massive criticism has been raised by
NGOs, legal experts, Danish industry, telecom providers, and from a number
of political parties, including the Liberal Party, which is one of the
ruling parties in the current government. The criticism concerns both the
substance in the proposals and the process of their preparation.
The proposals presented by the Ministry of Justice and Ministry of Science &
Technology are quite far reaching and encompass a range of intrusions into
citizens' privacy.
Among the most debated proposals are:
- An access for the police intelligence services (PET) to request
information about a citizen from any public authority as long as the
information "might serve a purpose" in relation to an investigation, i.e.
without a request for the police to justify the request. Furthermore there
is increased access for the intelligence services to exchange this
information with the defence intelligence services (FET).
- A request for telecom and Internet Service Providers to provide the police
with information on a given cell phone location at a given point in time
(so called tele observation).
- An obligation for telecom and Internet Service Providers to implement
technical measures to enable the authorities to wiretap any given
communication at short notice.
- An obligation for telecom and Internet Service Providers to implement
technical measures to provide unspecified historical data about a citizen
(data retention), though the specific data to be retained in Denmark are
still unresolved and have been so since the adoption of the first
anti-terror
law in June 2002.
- An access to the police to request that public authorities or private
companies put in place CCTV surveillance of public spaces. Furthermore,
access to the police to specify technical requirements for the surveillance
records.
- A request for airline companies to retain passenger and airline staff data
for one year, and to hand these over to the police intelligence services
upon request.
A heated public hearing was held on 28 March at the Danish Human Rights
Institute and a new round of debate will take place in the Parliamentary
judicial committee on 31 March. The coming weeks will show whether
the government will stick to the original proposals or whether some of the
more controversial part will be modified.
Revolt threatens anti-terror bill (28.03.2006)
http://www.cphpost.dk/get/94770.html
Responses from Digital Rights (in Danish)
www.digitalrights.dk
Responses from the Danish Human Rights Institute (in Danish)
http://www.humanrights.dk/hoeringssvar/notat2006/
Government wants to strengthen the fight against terror (in Danish)
http://www.jm.dk/wimpdoc.asp?page=document&objno=74912
Ministry of Justice draft bill (in Danish)
http://hoeringsportalen.dk/pls/portal/docs/PAGE/HOERINGSPORTAL/JUSTITSMINIS…
RIET/LOVFORSLAG_FRA_JUSTITSMINISTERIET/AENDRING_AF_LOV_OM_RETSPLEJELOVEN_MV._
76/LOVUDKAST.PDF
Ministry of Science & Technology draft bill (in Danish)
http://www.videnskabsministeriet.dk/cgi-bin/left-lovstof-list.cgi?law_type=…
vudkthrng&Line=All
Government Action Plan on anti-terrorism (in Danish)
http://www.stm.dk/publikationer/terrorpakke/index.htm
EDRI-gram : New anti-terrorism measures in Denmark (5.12.2005)
http://www.edri.org/edrigram/number3.24/Danish_antiterror
(Contribution by Rikke Frank Jxrgensen, EDRI-member Digital Rights Denmark)
============================================================
6. Update on French EUCD Transposition
============================================================
The DADVSI draft law (French EUCD Transposition) made its first step on 21
March, with 286 votes in favour and 193 votes against. In an unusually
crowded National Assembly, 501 out of the 577 Members of the Parliament took
part in the vote. All the votes in favour came from representatives of the
Conservative government party, which has the absolute majority. The NO votes
repartition is: 7 from the government's party (14 abstentions), 162 from the
Socio-democrat, Communist and Green opposition (4 abstentions), and 24 from
the Liberal Democrat Centrists (4 abstentions).
The result is largely a victory for the cultural industry majors: the
'global licence' idea is over, copyright exceptions granted by law are few
and painless; while downsized, a penalty regime for unauthorized upload or
download of content protected under intellectual property legislation is
still in place for non commercial use; DRMs circumvention is assimilated to
counterfeit, unless for research purpose; an administrative authority has
been created to decide on the allowed number of private copies for cultural
goods, with no minimum granted by law; and, most importantly, the so-called
'Vivendi Universal amendment' has been adopted, criminalizing P2P software
edition and dissemination.
However, the draft law brings important progress on the interoperability
side: not only DRM vendors are required to open their technology to
competitors, but also commercial platforms are required to make their files
compatible with any player. This has soon led to strong criticism, with
Apple accusing France of "State-sponsored piracy" and Americans for
Technology Leadership (an industry coalition including members such as
Microsoft) claiming that such measures "strip away the intellectual property
rights of companies". The issue seems serious to US Commerce Secretary
Carlos Gutierrez, who backed Apple protests.
The draft law will go to the Senate, where discussions are scheduled in
mid-May. Not only copyright, but also competition is clearly at stake now.
No doubt that French Senators already start facing strong lobbying.
EDRI-gram: What's so special about French EUCD transposition? (15.03.2006)
http://www.edri.org/edrigram/number4.5/franceeucd
Sign Of The (Digital) Times: France's Struggle With A New Copyright Law
(18.03.2006)
http://www.ip-watch.org/weblog/index.php?p=248
Draft law adopted by the National Assembly (in French, 21.03.2006)
http://www.assemblee-nationale.fr/12/ta/ta0554.asp
A compilation of reactions on the French draft copyright law (since
22.03.2006)
http://eucd.info/index.php?2006/03/21/288-dadvsi-code-nirvana-or-nightmare
(Contribution by Meryem Marzouki, EDRI-member IRIS)
============================================================
7. Damages on online defamatory statements in UK
============================================================
Michael Keith Smith, a former parliamentary candidate for the UK
Independence Party has received #10,000 in damages in a defamation case
occurred on the internet
Smith was a participant in a discussion on the Iraq war held on a discussion
board run by Yahoo!. Tracy Williams, another participant in the discussion,
posted under pseudonym series of defamatory remarks about Smith on an
internet bulletin board calling him a "lard brain" a "Nazi", a "racist
bigot" and a "nonce". She also alleged that he had sexually harassed a
female co-worker.
Although Smith had obtained court orders in June 2004 that allowed him to
identify the person behind the remarks, Williams continued the defamatory
campaign in 2005. Smith sued her and Judge Alistair MacDuff considered the
remarks clearly defamatory and awarded Smith #10,000 damages - #5,000
general damages plus #5,000 aggravated damages to reflect Ms Williams'
behaviour. He issued an injunction prohibiting Williams from repeating the
remarks and ordered her to pay #7,200 costs involved in the legal action. Ms
Williams did not defend the action.
"I'm happy with the judge's ruling but firms hosting online chat rooms
should be prepared to get involved and step in to moderate defamatory
statements," Smith told The Guardian.
Legal experts say the case, the first of this kind, should be taken as a
warning that the lows of libel apply to chat rooms, message boards and
personal blogs just as they apply to comments published in a newsletter.
On the other hand, Mark Stephens, head of media law at Finer Stephens
Innocent, said the case should lead to a larger discussion on whether such
cases should reach the court. A chat room is self-moderating and has a
limited circulation. Most such cases are solved much easier as the
complaints are addressed to an ISP or site owner, which would take down the
defamatory content as soon as it was notified.
UKIP candidate wins #10,000 for internet libel (21.03.2006)
http://www.timesonline.co.uk/article/0,,2-2096902,00.html
#10,000 damages awarded for internet libel (23.03.2006)
http://www.theregister.co.uk/2006/03/23/internet_libel_payout/
Warning to chatroom users after libel award for man labelled a Nazi
(23.03.2006)
http://www.guardian.co.uk/law/story/0,,1737445,00.html
============================================================
8. Swedish Foreign Minister resigned following pressure on website
============================================================
Laila Freivalds, the Swedish Foreign Minister resigned on 21 March after
having been cornered by the press on her involvement in the closure on 9
February of a far-right party's website.
The Web site, which was planning to publish caricatures of Muhammad like
those that led to deadly protests by Muslims all over the world, was
contacted by a top Foreign Ministry official who said it should be closed
for security reasons.
Although, in the beginning, the minister denied having known about the
official's action and having exerted pressure on the hosting company, a
later report from the ministry said she had been involved in the decision.
The minister told the media that the cartoons were "offensive to other
peoples' religious beliefs" and admitted to the media that she was concerned
that these cartoons may damage Sweden. Critics considered this action as
an attack to freedom of speech.
Sweden's government is forbidden by law to interfere with what is written in
newspapers and on the Internet.
Sweden FM quits over cartoon row (21.03.2006)
http://news.bbc.co.uk/2/hi/europe/4828052.stm
Swedish Foreign Minister Laila Freivalds Resigns (21.03.2006)
http://www.bloomberg.com/apps/news?pid=10000085&sid=axCmZPNbpAF4&refer=euro…
============================================================
9. TACD debate on the politics and ideology of intellectual property
============================================================
Civil society groups from around the world met in Brussels 20/21 March
to discuss the politics and ideology of intellectual property. Speakers
included representatives from WIPO and the EU, former US Patent
Commissioner Bruce Lehman, consumer and development campaigners and
noted IP academics Peter Drahos and Susan Sell.
The conference tried to step back from immediate IP controversies and
take a look at the rhetoric and politicking behind the framing of IP
debates and legislation. Jamie Love set the tone for the meeting by
looking at the loaded terms used by proponents and critics of stronger
IP rights, contrasting positive language such as "innovation", "value"
and "wealth creation" with negative descriptions such as "monopoly",
"privilege" and "exploitation".
The practical politics of the recent software patent debate were laid
out by pro-patent lobbyist Jonathan Zuck, anti-software patents
campaigner Florian Muller and European Parliament member and patent
attorney Sharon Bowles. Bowles complained that few involved in the
debate understood even the definitions involved; many in the audience
doubtless felt the same way! Bruce Lehman and Rufus Pollock described
the pro-IP consensus that exists across mainstream US and EU political
parties, which gave Green MEP David Hammerstein a chance to describe his
party's lone stance that instead favours innovation and consumer rights.
The most notable comment of the conference came from Bruce Lehman. While
head of intellectual property policy for President Clinton, he drove the
creation of the Agreement on Trade Related Aspects of Intellectual
Property Rights (TRIPS), which embedded IP into global trade treaties.
But Lehman now feels that TRIPS has been a "huge failure" for the US,
providing US market access to developing countries that have not
reciprocated with strong IP enforcement.
Europeans can only hope that those in the Commission and member state
governments responsible for IP policy are listening to this gale of
criticism of ever-stronger private property rights in ideas. Leonardo
Cervera Navas of DG Internal Market said at the meeting that shorter
copyright terms were politically unthinkable. The debate will only move
forward once such blinkers are removed and we see evidence- rather than
faith-based IP policy development.
TACD Conference website: The Politics and Ideology of Intellectual Property
http://www.tacd.org/docs/?id=286
Lehman: TRIPS was a mistake (20.03.2006)
http://dooooooom.blogspot.com/2006/03/lehman-trips-was-mistake.html
The debate on software patents as a litmus test for the knowledge
society (in German, 21.03.2006)
http://www.heise.de/newsticker/meldung/71069
Discussion over intellectual monopoly rights at TACD's Brussels conference
(20.03.2006)
https://www.fsfe.org/en/fellows/gerloff/blog/discussion_over_intellectual_m…
opoly_rights_at_tacd_s_brussels_conference
Experts: Intellectual Property Policy Not A Traditional Left-Right Political
Issue (21.03.2006)
http://www.ip-watch.org/weblog/index.php?p=250&res=1024_ff&print=0
The Politics and Ideology of Intellectual Property - A New Political
Order(22.03.2006)
http://patentinglives.blogspot.com/2006/03/politics-and-ideology-of-intelle…
ual.html
(Contribution by EDRI board member Ian Brown)
============================================================
10. Commission progress report on electronic signatures
============================================================
A new progress report by the European Commission on the evolution of the
electronic signatures in the European Union was made public on 17 March
2006. The report highlights the low usage of the qualified electronic
signatures by European businesses and citizens.
The report focuses on the "Directive on a Community framework for
electronic signatures" adopted in 1999. The directive has introduced legal
certainty with respect to the general admissibility of electronic
signatures, all the general principles being now included in the legislation
of all 25 Member States.
The commission sees a much larger use of the qualified electronic
signatures - based on Public Key Infrastructure (PKI) technology - in the
future with the introduction of the electronic ID cards and in some
e-government services, such as on-line income tax returns.
Information Society and Media Commissioner Viviane Reding said "much work
still has to be done in particular to make signatures work across borders. I
also see a need for asking whether we need further adaptations of our EU
framework for electronic signatures to technological and market developments
and to the better regulation-policy of this Commission."
The official press release announced that The Commission would also prepare
a report on standards for electronic signatures in 2006 to see whether
further regulatory measures by the EU would be necessary.
Also, the Commission will hold a series of meetings with EU Member State
experts and stakeholders to consider possible complementary measures to
address, where appropriate, any differences between national laws
transposing the e-signatures Directive that could fragment the single
market, any clarifications needed in specific articles of the e-signatures
Directive and any technical and standardisation work necessary to improve
the cross-border interoperability of the e-signature systems.
Electronic signatures: legally recognised but cross-border take-up too slow,
says Commission (17.03.2006)
http://europa.eu.int/rapid/pressReleasesAction.do?reference=IP/06/325&forma…
HTML&aged=0&language=EN&guiLanguage=en
Report on the operation of Directive 1999/93/EC on a Community framework for
electronic signatures (15.03.2006)
http://europa.eu.int/information_society/eeurope/i2010/docs/single_info_spa…
/com_electronic_signatures_report_en.pdf
============================================================
11. Agenda
============================================================
12 April 2006, Dublin, Ireland
Royal Irish Academy
"Enabling Open Access to Scientific Data and Information within
the Modern Knowledge Economy; the Case for a Scientific Commons"
http://www.codataweb.org/codata-ria/
15 April 2006, Deadline funding applications
Civil rights organisations and initiatives are invited to send funding
applications to the German foundation 'Bridge - B|rgerrechte in der
digitalen Gesellschaft'. A total of 15 000 euro is available for
applications that promote civil rights in the digitised society.
http://www.stiftung-bridge.de
21-23 April 2006, Yale Law School, USA
Access to Knowledge Conference
Yale Information Society Project
http://islandia.law.yale.edu/isp/a2kconfmain.html
27-28 April 2006, Washington, USA
IP Disputes of the Future - TACD
This conference will ask what will be the IP disputes in new fields of
technology, and how advances in biotechnology and information technologies
will change the nature of IP disputes.
http://www.tacd.org/docs/?id=287
30 April - 2 May 2006, Hamburg, Germany
LSPI Conference 2006
The First International Conference on Legal, Security and Privacy Issues in
IT
http://www.kierkegaard.co.uk/
2-5 May 2006, Washington, USA
CFP2006
The Sixteenth Conference on Computers, Freedom & Privacy
http://www.cfp2006.org
3-6 May 2006, Wiesbaden, Germany
LinuxTag - Europe's biggest fair and congress around free software,
http://www.linuxtag.org
10 May - 23 July, Austria
Annual decentralized community event around free software
lectures, panel discussions, workshops, fairs and socialising
http://www.linuxwochen.at
21 June 2006, Luxembourg
Safer Internet Forum 2006
Focus on two topics: "Children's use of new media" and "Blocking access to
illegal content: child sexual abuse images"
http://europa.eu.int/information_society/activities/sip/si_forum/forum_june…
006/index_en.htm
26-27 June 2006, Berlin, Germany
The Rising Power of Search-Engines on the Internet: Impacts on
Users, Media Policy, and Media Business
http://www.uni-leipzig.de/journalistik/suma/home_e.html
16 - 28 July 2006, Oxford, UK
Annenberg/Oxford Summer Institute: Global Media Policy: Technology and New
Themes in Media Regulation
Application deadline 1 May 2006.
http://www.pgcs.asc.upenn.edu/events/ox06/index.php
2-4 August 2006, Bregenz, Austria,
2nd International Workshop on Electronic Voting 2006
Students may apply for funds to attend the workshop until 30 June 2006.
http://www.e-voting.cc/stories/1246056/
===========================================================
12. About
===========================================================
EDRI-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRI has 21 members from 14 European countries and 5 observers
from 5 more countries (Italy, Ireland, Poland, Portugal and Slovenia).
European Digital Rights takes an active interest in developments in the EU
accession countries and wants to share knowledge and awareness through the
EDRI-grams. All contributions, suggestions for content, corrections or
agenda-tips are most welcome. Errors are corrected as soon as possible and
visibly on the EDRI website.
Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 2.0 License. See the full text at
http://creativecommons.org/licenses/by/2.0/
Newsletter editor: Bogdan Manolea <edrigram(a)edri.org>
Information about EDRI and its members:
http://www.edri.org/
- EDRI-gram subscription information
subscribe by e-mail
To: edri-news-request(a)edri.org
Subject: subscribe
You will receive an automated e-mail asking to confirm your request.
unsubscribe by e-mail
To: edri-news-request(a)edri.org
Subject: unsubscribe
- EDRI-gram in Macedonian
EDRI-gram is also available partly in Macedonian, with delay. Translations
are provided by Metamorphosis
http://www.metamorphosis.org.mk/index.php?option=com_content&task=view&id=6…
&Itemid=4&lang=mk
- Newsletter archive
Back issues are available at:
http://www.edri.org/edrigram
- Help
Please ask <edrigram(a)edri.org> if you have any problems with subscribing or
unsubscribing.
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
1
0
Ah, where the web is going. 8e6 Technologies sells a hardware box
that it claims does signature analysis to detect HTTP proxies and
blocks them. It can also block HTTPS proxies "that do not have a
valid certificate" (whatever that means), as well as do such things
as block IM, force Google and Yahoo searches to be done in Safe
mode, and so on.
They're marketing this to the education community (with the typical
horror stories of the problems your school district can run into
if students use proxies to get around your rules).
What I find most interesting, though, is that the company, based
in California, has an overseas presence in exactly two other
countries: Taiwan and China. One doesn't need much imagination
to see what market they are going after there....
-- Jerry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo(a)metzdowd.com
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
============================================================
EDRI-gram
biweekly newsletter about digital civil rights in Europe
Number 4.6, 29 March 2006
============================================================
Contents
============================================================
1. Telecom data to be retained for one year in France
2. Internet under attack on election day in Belarus
3. Slovenia : Draft Police act endangers privacy
4. Creative Commons license upheld in Dutch and Spanish courts
5. New anti-terror bill proposed in Denmark
6. Update on French EUCD Transposition
7. Damages on online defamatory statements in UK
8. Swedish Foreign Minister resigned following pressure on website
9. TACD debate on the politics and ideology of intellectual property
10. Commission progress report on electronic signatures
11. Agenda
12. About
============================================================
1. Telecom data to be retained for one year in France
============================================================
The long-awaited application decree for telecommunication data retention was
finally published in France on 26 March 2006. It requires telecommunication
data operators (Internet and telephony) to retain data for one year.
Concerned data are those allowing the identification of:
- the user and its terminal equipment
- the recipients of the communication
- the date, time and duration of the communication
- the additional services used and their suppliers
- the origin and the location of the communication (for telephony services).
The decree specifies provisions that were first introduced in the Daily
Safety Law ('Loi sur la sicuriti quotidienne' or LSQ), in November 2001, as
an allegedly urgent procedure to fight terrorism, after the 11 September
attacks in the USA. Four years and four months after its adoption, this law
becomes applicable. In the mean time, these provisions have been
twice modified. In March 2003, the Home Safety Law ('Loi sur la sicuriti
intirieure' or LSI) made these provisions perennial, while they were
supposed to last only until December 2003 and be assessed by the Parliament.
In January 2006, the new French anti-terror law has extended the concerned
provisions in two ways. First, not only the judicial authority but also the
police forces may access the retained data. Secondly, data retention
obligations now apply to Internet cafes, hotels, restaurants, and more
generally to any person or organisation providing Internet access, free or
for a fee, as a main or side activity.
France has then chosen the maximum period of retention allowed by its
national law, instead of choosing the minimum period, according to the new
EU legislation. The European Directive on telecom data retention, recently
adopted by the Parliament and the Council of Justice and Home Affairs,
requires a retention period of no less than 6 months and no more than 2
years.
French EDRI member IRIS has qualified this decree as the "maximal penalty
for privacy", in a press release issued on the day of the decree
publication. The organisation reminds that short after the LSQ adoption, it
has filed a complaint with the European Commission against France, for
violating the EU legislation. However, this complaint remained in standby,
the EC waiting for the application decree to process the complaint. In the
mean time, two European Directives on data retention were adopted, in 2002
and 2006 respectively, making this complaint obsolete.
The French ISP association (AFA, French EUROISPA member) announced on 28
March that it would challenge this application decree before the Conseil
d'Etat, highest administrative court. The main disputed point is that, while
the decree provides for reimbursement of costs incurred by a requirement of
law enforcement authorites, on a case by case basis, it remains silent on
the general data retention cost which needs important investment from ISPs.
In addition, the AFA deplores the lack of transition period to set up the
retention system, and more generally the lack of discussion on the decree.
Decree no. 2006-358 of 24 March 2006 regarding electronic communications (in
French, 26.03.2006)
http://www.legifrance.gouv.fr/WAspad/UnTexteDeJorf?numjo=JUSD0630025D
Decree LSQ - Maximum penalty for private life (in French, 26.03.2006)
http://www.iris.sgdg.org/info-debat/comm-decretlsq0306.html
ISP Association will file an appeal to Conseil d'Etat (in French,
28.03.2006)
http://www.afa-france.com/p_20060328.html
EDRI-gram : Data Retention Directive Adopted By JHA Council (01.03.2006)
http://www.edri.org/edrigram/number4.4/dataretention
IRIS dossier on data retention (with information on the complaint to EC)
http://www.iris.sgdg.org/actions/retention/
(Contribution by Meryem Marzouki, EDRI-member IRIS)
============================================================
2. Internet under attack on election day in Belarus
============================================================
On 19 March 2006, date of the presidential elections in Belarus, the
major online independent news resources (svaboda.org, charter97.org,
belapan.com, ucpb.org, naviny.by, kozylin.com, zubr-belarus.com) were the
targets of various types of attacks.
The Website of "Nasha Niva" newspaper was not available from Belarus on 18
March on the Internet. Other problems were spotted in accessing tut.by, a
major Belarusian portal with about 60 000 visitors/day.
Also, Milinkievich's (candidate from Unified Democratic Forces) official
website was unavailable for 2 days starting on 19 March. According with
website administrators, they lost control over the server.
Charter97 press-centre websites were permanently attacked. Authorities not
only used their usual techniques (IP address blocking, massive DoS attacks)
but Internet filtering as well. As a result a number of websites were
unavailable from Belarus.
Belarus has a large system put in place in order to restrict Internet access
and control unwanted content. Some laws make it illegal to publish
information that is contrary to state interests. ISPs from Belarus have to
buy their connectivity from the telecom monopoly company.
Internet Filtering in Belarus ( 20.03.2006)
http://www.e-belarus.org/news/200603201.html
OpenNet Initiative to Monitor Internet during the Belarus Presidential
Elections (17.03.2006)
http://www.opennetinitiative.net/blog/?p=92
Charter '97 - Milinkevich's official web site broken open (19.03.2006)
http://67.18.131.22/eng/news/2006/03/19/mil
(Thanks to Mikhail Doroshevich - E-belarus.org)
============================================================
3. Slovenia : Draft Police Act endangers privacy
============================================================
The draft of new Police Act has raised a lot of criticism in the last days
from privacy activists and legal experts on its broad encroachment upon
citizens' right to privacy, granted by the Slovenian Constitution. Through
the suggested act, the Slovenian government grants more power to the police,
using terrorism, the Schengen treaty and recent serious crimes as a handy
excuse.
The Minister for Interior Affairs replied that changes to the Police
Act were inevitable due to demands of the Schengen treaty. Experts agree
that the Police Act should recieve some new provisions if Slovenia wants to
fully enter the Schengen regime, however, such disproportionate and overall
measures are not required by the Schengen treaty.
Goran Klemencic from the Faculty of Criminal Justice and Security says that
the draft represents an unconstitutional and dangerous attempt to broaden
police powers. Similar opinions came from the Faculty of Law in Ljubljana
and some privacy advocates.
The draft provides for concealed collection of personal data without court
warrant and enables interpretation that allows targeted and continuous
surveillance. Targeted data collection would include financial and welfare
data, lists of co-passengers and relations, data about vehicle and luggage
etc. And all this for individuals as well that might commit a crime
somewhere in the future. To add some more oil on the fire, the
decision-making for approving these invasive measures would not be granted
to a court or public prosecutor, but to the police itself, namely to the
Head of Criminal Police.
The Minister for Interior Affairs, Dragutin Mate, responded in an interview
for national television. His reaction showed that the draft Police Act might
not be sent to the Parliament in the current form because of the numerous
criticisms. However, in his opinion, this is not an invasion to privacy, it
is "just collecting some data at the moment when an individual's data are
entered into the Schengen database and when the respective individual is
randomly stopped by the police inside the country or at the border [...] The
data includes accurate destination, reason for stopping and of course all
the data about how this individual travels". According to Mr. Mate, this
complies with article 99 of Schengen treaty. This might be true but he did
not list all the data to be collected according to the draft act. The latter
includes "targeted data collection"; "discreet collection"; so called
"serious suspicion" (which is not defined); "collection of personal data
from other subjects"; family, financial and welfare data etc. The
interpretation would therefore also allow gathering of telecommunications
traffic and location data from telcos and ISPs ("collection of personal data
from other subjects"), maybe even personal data gathered by employers.
Moreover, the draft does not provide for an afterward notification to the
individual that he or she was a subject of police surveillance.
According to the draft, the police could "randomly" stop an individual
(following a suspicion that he or she might commit a crime somewhere in the
future) and gather the most private data about him or her, including the
family and co-passengers that would be an "excellent" accessory for police
to build the social networks.
These disproportionate and invasive measures included in the draft of
the Police Act may go well together with the Data Retention Directive that
was passed by the European Parliament in December 2005. Seeing "the big
picture", some are asking where Slovenia is heading. Is it really to become
a police country?
The critics might have been successful. The Minister for Interior Affairs
later revealed that "they will most likely include judicial supervision"
over measures that invade individual's constitutional rights. However, it is
incredible how such totalitarian solutions even managed to get a place
inside an official draft .
Draft of the new Police Act - limiting privacy and more power for the
police? (only in Slovenian, 19.3.2006)
http://www.slo-tech.com/script/forum/izpisitemo.php?threadID=211864&mesto=0
Will police invade the privacy? (only in Slovenian, 17.3.2006)
http://24ur.com/bin/article.php?article_id=3071039
Ministry does not want a police country (only in Slovenian, 18.3.2006)
http://www.delo.si/index.php?sv_path=41,35,125949
(Contribution by Aljaz Marn, EDRI observer, privacyblog.net, Slovenia)
============================================================
4. Creative Commons license upheld in Dutch and Spanish courts
============================================================
Both in The Netherlands and in Spain the Creative Commons license was
judged in court. In both cases the validity of this alternative
copyright license was upheld.
In the Netherlands, the first court case about the validity of the
Creative Commons license produced clear victory for the user of the
license. On 9 March 2006 the district court of Amsterdam ruled in
summary proceedings that the weekly gossip magazine 'Weekend' could not
republish pictures that were published under a specific non-commercial
CC license. The family pictures were made by Adam Curry, famous in
internet circles for promoting podcasting. Curry had published the
pictures on the pictures-website flickr.com under a so-called
Attribution-Noncommercial-Sharealike license, with the text 'this photo
is public' and a reference to the appropriate CC license. Weekend did
not seek or obtain prior permission.
Curry sued for both copyright and privacy infringement. Weekend
defended itself by saying it did not understand the reference to the CC
license. The magazine also claimed there could be no damages, since the
pictures were freely available on the flickr website anyway.
The court ruled the copyright was unmistakable. Especially a
professional party like the publisher of the magazine should conduct a
thorough investigation before publishing pictures taken from the
Internet. Professor Bernt Hugenholtz, director of the Institute for
Information Science of the University of Amsterdam and main creator of
the Dutch CC license was very pleased with the ruling. He commented on
the creative commons mailing-list: "The Dutch court's decision is
especially noteworthy because it confirms that the conditions of a
Creative Commons license automatically apply to the content licensed
under it, and bind users of such content even without expressly
agreeing to, or having knowledge of, the conditions of the license."
A few weeks earlier, on 17 February 2006 the Spanish court of Badajoz
decided against SGAE, the Spanish music rights collecting society, in
favor of a bar owner who played music released under a Creative Commons
license. The court said none of the music played in disco bar Metropol
between November 2002 and August 2005 was actually licensed by the
collecting society. On the other hand, the CC licenses did allow for
public performance of the work.
Full text of the Amsterdam district court decision (in Dutch only,
09.03.2006)
http://www.rechtspraak.nl/ljn.asp?ljn=AV4204
Mailinglist iCommons community discussion
http://lists.ibiblio.org/mailman/listinfo/cc-icommons
Full text of the Badajoz court decision (in Spanish only, 17.02.2006)
http://www.internautas.org/archivos/sentencia_metropoli.pdf
Spanish Court Recognizes CC-Music (23.03.2006)
http://creativecommons.org/weblog/entry/5830
(Contribution by Sjoera Nas, EDRI-member Bits of Freedom, the
Netherlands)
============================================================
5. New anti-terror bill proposed in Denmark
============================================================
As a follow up to the latest anti-terror plan of action (49 proposals) of
November 2005, the Danish government is now proposing new anti-terror
legislation.
In the current round of public hearing, massive criticism has been raised by
NGOs, legal experts, Danish industry, telecom providers, and from a number
of political parties, including the Liberal Party, which is one of the
ruling parties in the current government. The criticism concerns both the
substance in the proposals and the process of their preparation.
The proposals presented by the Ministry of Justice and Ministry of Science &
Technology are quite far reaching and encompass a range of intrusions into
citizens' privacy.
Among the most debated proposals are:
- An access for the police intelligence services (PET) to request
information about a citizen from any public authority as long as the
information "might serve a purpose" in relation to an investigation, i.e.
without a request for the police to justify the request. Furthermore there
is increased access for the intelligence services to exchange this
information with the defence intelligence services (FET).
- A request for telecom and Internet Service Providers to provide the police
with information on a given cell phone location at a given point in time
(so called tele observation).
- An obligation for telecom and Internet Service Providers to implement
technical measures to enable the authorities to wiretap any given
communication at short notice.
- An obligation for telecom and Internet Service Providers to implement
technical measures to provide unspecified historical data about a citizen
(data retention), though the specific data to be retained in Denmark are
still unresolved and have been so since the adoption of the first
anti-terror
law in June 2002.
- An access to the police to request that public authorities or private
companies put in place CCTV surveillance of public spaces. Furthermore,
access to the police to specify technical requirements for the surveillance
records.
- A request for airline companies to retain passenger and airline staff data
for one year, and to hand these over to the police intelligence services
upon request.
A heated public hearing was held on 28 March at the Danish Human Rights
Institute and a new round of debate will take place in the Parliamentary
judicial committee on 31 March. The coming weeks will show whether
the government will stick to the original proposals or whether some of the
more controversial part will be modified.
Revolt threatens anti-terror bill (28.03.2006)
http://www.cphpost.dk/get/94770.html
Responses from Digital Rights (in Danish)
www.digitalrights.dk
Responses from the Danish Human Rights Institute (in Danish)
http://www.humanrights.dk/hoeringssvar/notat2006/
Government wants to strengthen the fight against terror (in Danish)
http://www.jm.dk/wimpdoc.asp?page=document&objno=74912
Ministry of Justice draft bill (in Danish)
http://hoeringsportalen.dk/pls/portal/docs/PAGE/HOERINGSPORTAL/JUSTITSMINIS…
RIET/LOVFORSLAG_FRA_JUSTITSMINISTERIET/AENDRING_AF_LOV_OM_RETSPLEJELOVEN_MV._
76/LOVUDKAST.PDF
Ministry of Science & Technology draft bill (in Danish)
http://www.videnskabsministeriet.dk/cgi-bin/left-lovstof-list.cgi?law_type=…
vudkthrng&Line=All
Government Action Plan on anti-terrorism (in Danish)
http://www.stm.dk/publikationer/terrorpakke/index.htm
EDRI-gram : New anti-terrorism measures in Denmark (5.12.2005)
http://www.edri.org/edrigram/number3.24/Danish_antiterror
(Contribution by Rikke Frank Jxrgensen, EDRI-member Digital Rights Denmark)
============================================================
6. Update on French EUCD Transposition
============================================================
The DADVSI draft law (French EUCD Transposition) made its first step on 21
March, with 286 votes in favour and 193 votes against. In an unusually
crowded National Assembly, 501 out of the 577 Members of the Parliament took
part in the vote. All the votes in favour came from representatives of the
Conservative government party, which has the absolute majority. The NO votes
repartition is: 7 from the government's party (14 abstentions), 162 from the
Socio-democrat, Communist and Green opposition (4 abstentions), and 24 from
the Liberal Democrat Centrists (4 abstentions).
The result is largely a victory for the cultural industry majors: the
'global licence' idea is over, copyright exceptions granted by law are few
and painless; while downsized, a penalty regime for unauthorized upload or
download of content protected under intellectual property legislation is
still in place for non commercial use; DRMs circumvention is assimilated to
counterfeit, unless for research purpose; an administrative authority has
been created to decide on the allowed number of private copies for cultural
goods, with no minimum granted by law; and, most importantly, the so-called
'Vivendi Universal amendment' has been adopted, criminalizing P2P software
edition and dissemination.
However, the draft law brings important progress on the interoperability
side: not only DRM vendors are required to open their technology to
competitors, but also commercial platforms are required to make their files
compatible with any player. This has soon led to strong criticism, with
Apple accusing France of "State-sponsored piracy" and Americans for
Technology Leadership (an industry coalition including members such as
Microsoft) claiming that such measures "strip away the intellectual property
rights of companies". The issue seems serious to US Commerce Secretary
Carlos Gutierrez, who backed Apple protests.
The draft law will go to the Senate, where discussions are scheduled in
mid-May. Not only copyright, but also competition is clearly at stake now.
No doubt that French Senators already start facing strong lobbying.
EDRI-gram: What's so special about French EUCD transposition? (15.03.2006)
http://www.edri.org/edrigram/number4.5/franceeucd
Sign Of The (Digital) Times: France's Struggle With A New Copyright Law
(18.03.2006)
http://www.ip-watch.org/weblog/index.php?p=248
Draft law adopted by the National Assembly (in French, 21.03.2006)
http://www.assemblee-nationale.fr/12/ta/ta0554.asp
A compilation of reactions on the French draft copyright law (since
22.03.2006)
http://eucd.info/index.php?2006/03/21/288-dadvsi-code-nirvana-or-nightmare
(Contribution by Meryem Marzouki, EDRI-member IRIS)
============================================================
7. Damages on online defamatory statements in UK
============================================================
Michael Keith Smith, a former parliamentary candidate for the UK
Independence Party has received #10,000 in damages in a defamation case
occurred on the internet
Smith was a participant in a discussion on the Iraq war held on a discussion
board run by Yahoo!. Tracy Williams, another participant in the discussion,
posted under pseudonym series of defamatory remarks about Smith on an
internet bulletin board calling him a "lard brain" a "Nazi", a "racist
bigot" and a "nonce". She also alleged that he had sexually harassed a
female co-worker.
Although Smith had obtained court orders in June 2004 that allowed him to
identify the person behind the remarks, Williams continued the defamatory
campaign in 2005. Smith sued her and Judge Alistair MacDuff considered the
remarks clearly defamatory and awarded Smith #10,000 damages - #5,000
general damages plus #5,000 aggravated damages to reflect Ms Williams'
behaviour. He issued an injunction prohibiting Williams from repeating the
remarks and ordered her to pay #7,200 costs involved in the legal action. Ms
Williams did not defend the action.
"I'm happy with the judge's ruling but firms hosting online chat rooms
should be prepared to get involved and step in to moderate defamatory
statements," Smith told The Guardian.
Legal experts say the case, the first of this kind, should be taken as a
warning that the lows of libel apply to chat rooms, message boards and
personal blogs just as they apply to comments published in a newsletter.
On the other hand, Mark Stephens, head of media law at Finer Stephens
Innocent, said the case should lead to a larger discussion on whether such
cases should reach the court. A chat room is self-moderating and has a
limited circulation. Most such cases are solved much easier as the
complaints are addressed to an ISP or site owner, which would take down the
defamatory content as soon as it was notified.
UKIP candidate wins #10,000 for internet libel (21.03.2006)
http://www.timesonline.co.uk/article/0,,2-2096902,00.html
#10,000 damages awarded for internet libel (23.03.2006)
http://www.theregister.co.uk/2006/03/23/internet_libel_payout/
Warning to chatroom users after libel award for man labelled a Nazi
(23.03.2006)
http://www.guardian.co.uk/law/story/0,,1737445,00.html
============================================================
8. Swedish Foreign Minister resigned following pressure on website
============================================================
Laila Freivalds, the Swedish Foreign Minister resigned on 21 March after
having been cornered by the press on her involvement in the closure on 9
February of a far-right party's website.
The Web site, which was planning to publish caricatures of Muhammad like
those that led to deadly protests by Muslims all over the world, was
contacted by a top Foreign Ministry official who said it should be closed
for security reasons.
Although, in the beginning, the minister denied having known about the
official's action and having exerted pressure on the hosting company, a
later report from the ministry said she had been involved in the decision.
The minister told the media that the cartoons were "offensive to other
peoples' religious beliefs" and admitted to the media that she was concerned
that these cartoons may damage Sweden. Critics considered this action as
an attack to freedom of speech.
Sweden's government is forbidden by law to interfere with what is written in
newspapers and on the Internet.
Sweden FM quits over cartoon row (21.03.2006)
http://news.bbc.co.uk/2/hi/europe/4828052.stm
Swedish Foreign Minister Laila Freivalds Resigns (21.03.2006)
http://www.bloomberg.com/apps/news?pid=10000085&sid=axCmZPNbpAF4&refer=euro…
============================================================
9. TACD debate on the politics and ideology of intellectual property
============================================================
Civil society groups from around the world met in Brussels 20/21 March
to discuss the politics and ideology of intellectual property. Speakers
included representatives from WIPO and the EU, former US Patent
Commissioner Bruce Lehman, consumer and development campaigners and
noted IP academics Peter Drahos and Susan Sell.
The conference tried to step back from immediate IP controversies and
take a look at the rhetoric and politicking behind the framing of IP
debates and legislation. Jamie Love set the tone for the meeting by
looking at the loaded terms used by proponents and critics of stronger
IP rights, contrasting positive language such as "innovation", "value"
and "wealth creation" with negative descriptions such as "monopoly",
"privilege" and "exploitation".
The practical politics of the recent software patent debate were laid
out by pro-patent lobbyist Jonathan Zuck, anti-software patents
campaigner Florian Muller and European Parliament member and patent
attorney Sharon Bowles. Bowles complained that few involved in the
debate understood even the definitions involved; many in the audience
doubtless felt the same way! Bruce Lehman and Rufus Pollock described
the pro-IP consensus that exists across mainstream US and EU political
parties, which gave Green MEP David Hammerstein a chance to describe his
party's lone stance that instead favours innovation and consumer rights.
The most notable comment of the conference came from Bruce Lehman. While
head of intellectual property policy for President Clinton, he drove the
creation of the Agreement on Trade Related Aspects of Intellectual
Property Rights (TRIPS), which embedded IP into global trade treaties.
But Lehman now feels that TRIPS has been a "huge failure" for the US,
providing US market access to developing countries that have not
reciprocated with strong IP enforcement.
Europeans can only hope that those in the Commission and member state
governments responsible for IP policy are listening to this gale of
criticism of ever-stronger private property rights in ideas. Leonardo
Cervera Navas of DG Internal Market said at the meeting that shorter
copyright terms were politically unthinkable. The debate will only move
forward once such blinkers are removed and we see evidence- rather than
faith-based IP policy development.
TACD Conference website: The Politics and Ideology of Intellectual Property
http://www.tacd.org/docs/?id=286
Lehman: TRIPS was a mistake (20.03.2006)
http://dooooooom.blogspot.com/2006/03/lehman-trips-was-mistake.html
The debate on software patents as a litmus test for the knowledge
society (in German, 21.03.2006)
http://www.heise.de/newsticker/meldung/71069
Discussion over intellectual monopoly rights at TACD's Brussels conference
(20.03.2006)
https://www.fsfe.org/en/fellows/gerloff/blog/discussion_over_intellectual_m…
opoly_rights_at_tacd_s_brussels_conference
Experts: Intellectual Property Policy Not A Traditional Left-Right Political
Issue (21.03.2006)
http://www.ip-watch.org/weblog/index.php?p=250&res=1024_ff&print=0
The Politics and Ideology of Intellectual Property - A New Political
Order(22.03.2006)
http://patentinglives.blogspot.com/2006/03/politics-and-ideology-of-intelle…
ual.html
(Contribution by EDRI board member Ian Brown)
============================================================
10. Commission progress report on electronic signatures
============================================================
A new progress report by the European Commission on the evolution of the
electronic signatures in the European Union was made public on 17 March
2006. The report highlights the low usage of the qualified electronic
signatures by European businesses and citizens.
The report focuses on the "Directive on a Community framework for
electronic signatures" adopted in 1999. The directive has introduced legal
certainty with respect to the general admissibility of electronic
signatures, all the general principles being now included in the legislation
of all 25 Member States.
The commission sees a much larger use of the qualified electronic
signatures - based on Public Key Infrastructure (PKI) technology - in the
future with the introduction of the electronic ID cards and in some
e-government services, such as on-line income tax returns.
Information Society and Media Commissioner Viviane Reding said "much work
still has to be done in particular to make signatures work across borders. I
also see a need for asking whether we need further adaptations of our EU
framework for electronic signatures to technological and market developments
and to the better regulation-policy of this Commission."
The official press release announced that The Commission would also prepare
a report on standards for electronic signatures in 2006 to see whether
further regulatory measures by the EU would be necessary.
Also, the Commission will hold a series of meetings with EU Member State
experts and stakeholders to consider possible complementary measures to
address, where appropriate, any differences between national laws
transposing the e-signatures Directive that could fragment the single
market, any clarifications needed in specific articles of the e-signatures
Directive and any technical and standardisation work necessary to improve
the cross-border interoperability of the e-signature systems.
Electronic signatures: legally recognised but cross-border take-up too slow,
says Commission (17.03.2006)
http://europa.eu.int/rapid/pressReleasesAction.do?reference=IP/06/325&forma…
HTML&aged=0&language=EN&guiLanguage=en
Report on the operation of Directive 1999/93/EC on a Community framework for
electronic signatures (15.03.2006)
http://europa.eu.int/information_society/eeurope/i2010/docs/single_info_spa…
/com_electronic_signatures_report_en.pdf
============================================================
11. Agenda
============================================================
12 April 2006, Dublin, Ireland
Royal Irish Academy
"Enabling Open Access to Scientific Data and Information within
the Modern Knowledge Economy; the Case for a Scientific Commons"
http://www.codataweb.org/codata-ria/
15 April 2006, Deadline funding applications
Civil rights organisations and initiatives are invited to send funding
applications to the German foundation 'Bridge - B|rgerrechte in der
digitalen Gesellschaft'. A total of 15 000 euro is available for
applications that promote civil rights in the digitised society.
http://www.stiftung-bridge.de
21-23 April 2006, Yale Law School, USA
Access to Knowledge Conference
Yale Information Society Project
http://islandia.law.yale.edu/isp/a2kconfmain.html
27-28 April 2006, Washington, USA
IP Disputes of the Future - TACD
This conference will ask what will be the IP disputes in new fields of
technology, and how advances in biotechnology and information technologies
will change the nature of IP disputes.
http://www.tacd.org/docs/?id=287
30 April - 2 May 2006, Hamburg, Germany
LSPI Conference 2006
The First International Conference on Legal, Security and Privacy Issues in
IT
http://www.kierkegaard.co.uk/
2-5 May 2006, Washington, USA
CFP2006
The Sixteenth Conference on Computers, Freedom & Privacy
http://www.cfp2006.org
3-6 May 2006, Wiesbaden, Germany
LinuxTag - Europe's biggest fair and congress around free software,
http://www.linuxtag.org
10 May - 23 July, Austria
Annual decentralized community event around free software
lectures, panel discussions, workshops, fairs and socialising
http://www.linuxwochen.at
21 June 2006, Luxembourg
Safer Internet Forum 2006
Focus on two topics: "Children's use of new media" and "Blocking access to
illegal content: child sexual abuse images"
http://europa.eu.int/information_society/activities/sip/si_forum/forum_june…
006/index_en.htm
26-27 June 2006, Berlin, Germany
The Rising Power of Search-Engines on the Internet: Impacts on
Users, Media Policy, and Media Business
http://www.uni-leipzig.de/journalistik/suma/home_e.html
16 - 28 July 2006, Oxford, UK
Annenberg/Oxford Summer Institute: Global Media Policy: Technology and New
Themes in Media Regulation
Application deadline 1 May 2006.
http://www.pgcs.asc.upenn.edu/events/ox06/index.php
2-4 August 2006, Bregenz, Austria,
2nd International Workshop on Electronic Voting 2006
Students may apply for funds to attend the workshop until 30 June 2006.
http://www.e-voting.cc/stories/1246056/
===========================================================
12. About
===========================================================
EDRI-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRI has 21 members from 14 European countries and 5 observers
from 5 more countries (Italy, Ireland, Poland, Portugal and Slovenia).
European Digital Rights takes an active interest in developments in the EU
accession countries and wants to share knowledge and awareness through the
EDRI-grams. All contributions, suggestions for content, corrections or
agenda-tips are most welcome. Errors are corrected as soon as possible and
visibly on the EDRI website.
Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 2.0 License. See the full text at
http://creativecommons.org/licenses/by/2.0/
Newsletter editor: Bogdan Manolea <edrigram(a)edri.org>
Information about EDRI and its members:
http://www.edri.org/
- EDRI-gram subscription information
subscribe by e-mail
To: edri-news-request(a)edri.org
Subject: subscribe
You will receive an automated e-mail asking to confirm your request.
unsubscribe by e-mail
To: edri-news-request(a)edri.org
Subject: unsubscribe
- EDRI-gram in Macedonian
EDRI-gram is also available partly in Macedonian, with delay. Translations
are provided by Metamorphosis
http://www.metamorphosis.org.mk/index.php?option=com_content&task=view&id=6…
&Itemid=4&lang=mk
- Newsletter archive
Back issues are available at:
http://www.edri.org/edrigram
- Help
Please ask <edrigram(a)edri.org> if you have any problems with subscribing or
unsubscribing.
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
1
0
And then too, of course, the "dramatic demonstration" from
http://www.satsecurity.com/news103103.htm
SAN DIEGO - October 31, 2003 -- Satellite Security Systems (S3), a global
provider of asset security and logistics control, in cooperation with the
California Highway Patrol (CHP) and InterState Oil Company, dramatically
demonstrated the first wireless remote shutdown of a fully loaded moving
petrochemical tanker truck.
>From S3's headquarters in San Diego - 530 miles from the demonstration
site - satellite communications were used to disable the truck in seconds,
proving S3's GlobalGuardT and FleetGuardT a viable solution to the challenge
of controlling rogue hazardous waste vehicles that could pose a threat to
homeland security.
The event, conducted on CHP Academy grounds in Sacramento and administered
by the CHP, addresses ongoing concerns about the affordability of effective
security technology, stealthiness of such a security device, and how GPS
monitoring can be incorporated safely into law enforcement protocol.
<snip>
--
Neil Johnson
http://www.njohnsn.com
PGP key available on request.
1
0
Dave,
The former Disruptive Technology Office has been merged into the
newly formed IARPA -- Intelligence Advanced Research Projects
Activity. We've also just released (via AFRL) updated language for
the NICECAP BAA:
A revision of the National Intelligence Community Enterprise Cyber
Assurance Program (NICECAP) BAA (AFRL BAA-06-11-IFKA) has been
released and is available at:
http://tinyurl.com/yw7k9s
A new focus area soliciting research on Privacy Protecting
Technologies is added under the Accountable Information Flow thrust.
White papers are due to AFRL November 2, 2007.
Regards,
--Carl
-------------------------------------------
Archives: http://v2.listbox.com/member/archive/247/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
06 Jul '18
Begin forwarded message:
1
0
On Thu, Dec 01, 2011 at 11:16:14PM -0600, Marsh Ray wrote:
> On 12/01/2011 10:15 PM, Solar Designer wrote:
> >http://whitepixel.zorinaq.com is probably the fastest single MD5 hash
> >cracker. This one tests 33.1 billion of passwords per second against a
> >raw MD5 hash on 4 x AMD Radeon HD 5970 (8 GPUs). Of course, the
> >passwords being tested are not arbitrary (e.g., you can't just feed a
> >wordlist to such a cracker), although the character set is configurable.
>
> Where would you find a wordlist to keep it busy for more than a
> millisecond anyway?
Not a plain wordlist, but wordlist + thousands or millions of rules.
In fact, another tool implements that and achieves just slightly slower
speeds: http://hashcat.net/oclhashcat-plus/
> >1. Already discussed: implement constant-time comparisons by using XORs
> >and ORs.
>
> Talking with people who work closely with code generation convinced me
> that it's essential to examine the generated code. A compiler might
> recognize and exploit the opportunity for early loop termination.
That's correct.
> >2. Pass both strings to compare through an HMAC with a secret. If one
> >of the strings is a secret, then that secret may be reused for this HMAC
> >as well.
>
> http://www.isecpartners.com/blog/2011/2/18/double-hmac-verification.html
Yes, Nate had pointed me at this one too.
> >It'd be curious to explore how much entropy in the salt is needed for
> >this. Are 12-bit salts of traditional DES-based crypt(3) sufficient
> >against remote timing attacks or not?
>
> Let's assume crypt(3) returns a string which is compared against the
> expected value using strcmp(), and the salted hash is formed of hex
> digits like:
>
> %crypt(3)%SSS%HHHHHHHHHHHHHHHH%
>
> SSS - 12 bit salt
> HHH - 64 bit value from DES-like function
OK, let's assume this.
> (I know it uses $ and some form of base-64 in practice,
For traditional DES-based crypt(3), it is 13 characters:
sshhhhhhhhhhh
There's no fixed part, just two characters of salt and 11 of hash (using
a base-64 character set).
But let's continue to assume your format for the string for now:
> The attacker generates, say, 4096 random passwords and accurately times
> their evaluation. If there isn't too much jitter on the network (or the
> local machine), and his timing measurements are accurate enough, he will
> observe the timings grouping into two clusters:
>
> 1. The largest cluster will represent the case where H[0] fails the
> comparison in strcmp().
>
> 2. The second cluster will be on the order of a few machine cycles
> longer, representing times that H[0] compared successfully.
Yes.
> This cluster will be approximately 256 times smaller than the first.
Why not 16 times, if we use hex digits and assume a char-by-char strcmp()?
> With
> 4096 trials the expectation is that this cluster will contain about 16
> members.
256 with the above correction.
> Now that he has a fuzzy idea of which passwords succeed in matching
> H[0], he evaluates this set for all 4096 possible salt values. There
> will be only one salt value that produces the same H[0] for all of these
> passwords.
Did you mean there will _likely_ (but not necessarily) be only one such
salt value?
> So if his timing data is any good, he has learned the salt
Yes, well done.
> Conclusion: Salts placed at the beginning of the password string must
> contain sufficient entropy to resist offline brute-force in order to
> provide mitigation against timing attacks. It may be better to place
> them at the end of the password hash string.
I don't see how placement of the salt in the encoded salt+hash string
matters. With either placement, the salt characters in the string will
always match because crypt(3) is called with that stored salt. The fact
that with salt placement at the beginning strcmp() actually does compare
those characters before it gets to comparing H[0] doesn't affect
anything, as far as I can see, assuming a char-by-char strcmp().
Am I missing something?
Alexander
_______________________________________________
cryptography mailing list
cryptography(a)randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
And then too, of course, the "dramatic demonstration" from
http://www.satsecurity.com/news103103.htm
SAN DIEGO - October 31, 2003 -- Satellite Security Systems (S3), a global
provider of asset security and logistics control, in cooperation with the
California Highway Patrol (CHP) and InterState Oil Company, dramatically
demonstrated the first wireless remote shutdown of a fully loaded moving
petrochemical tanker truck.
>From S3's headquarters in San Diego - 530 miles from the demonstration
site - satellite communications were used to disable the truck in seconds,
proving S3's GlobalGuardT and FleetGuardT a viable solution to the challenge
of controlling rogue hazardous waste vehicles that could pose a threat to
homeland security.
The event, conducted on CHP Academy grounds in Sacramento and administered
by the CHP, addresses ongoing concerns about the affordability of effective
security technology, stealthiness of such a security device, and how GPS
monitoring can be incorporated safely into law enforcement protocol.
<snip>
--
Neil Johnson
http://www.njohnsn.com
PGP key available on request.
1
0
Dave,
The former Disruptive Technology Office has been merged into the
newly formed IARPA -- Intelligence Advanced Research Projects
Activity. We've also just released (via AFRL) updated language for
the NICECAP BAA:
A revision of the National Intelligence Community Enterprise Cyber
Assurance Program (NICECAP) BAA (AFRL BAA-06-11-IFKA) has been
released and is available at:
http://tinyurl.com/yw7k9s
A new focus area soliciting research on Privacy Protecting
Technologies is added under the Accountable Information Flow thrust.
White papers are due to AFRL November 2, 2007.
Regards,
--Carl
-------------------------------------------
Archives: http://v2.listbox.com/member/archive/247/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0