July 2018 - cypherpunks-legacy

"Securing the Network against Web-based Proxies"
by Leichter, Jerry 06 Jul '18

06 Jul '18

Ah, where the web is going. 8e6 Technologies sells a hardware box that it claims does signature analysis to detect HTTP proxies and blocks them. It can also block HTTPS proxies "that do not have a valid certificate" (whatever that means), as well as do such things as block IM, force Google and Yahoo searches to be done in Safe mode, and so on. They're marketing this to the education community (with the typical horror stories of the problems your school district can run into if students use proxies to get around your rules). What I find most interesting, though, is that the company, based in California, has an overseas presence in exactly two other countries: Taiwan and China. One doesn't need much imagination to see what market they are going after there.... -- Jerry --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo(a)metzdowd.com ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

EDRI-gram newsletter - Number 4.6, 29 March 2006
by EDRI-gram newsletter 06 Jul '18

06 Jul '18

============================================================ EDRI-gram biweekly newsletter about digital civil rights in Europe Number 4.6, 29 March 2006 ============================================================ Contents ============================================================ 1. Telecom data to be retained for one year in France 2. Internet under attack on election day in Belarus 3. Slovenia : Draft Police act endangers privacy 4. Creative Commons license upheld in Dutch and Spanish courts 5. New anti-terror bill proposed in Denmark 6. Update on French EUCD Transposition 7. Damages on online defamatory statements in UK 8. Swedish Foreign Minister resigned following pressure on website 9. TACD debate on the politics and ideology of intellectual property 10. Commission progress report on electronic signatures 11. Agenda 12. About ============================================================ 1. Telecom data to be retained for one year in France ============================================================ The long-awaited application decree for telecommunication data retention was finally published in France on 26 March 2006. It requires telecommunication data operators (Internet and telephony) to retain data for one year. Concerned data are those allowing the identification of: - the user and its terminal equipment - the recipients of the communication - the date, time and duration of the communication - the additional services used and their suppliers - the origin and the location of the communication (for telephony services). The decree specifies provisions that were first introduced in the Daily Safety Law ('Loi sur la sicuriti quotidienne' or LSQ), in November 2001, as an allegedly urgent procedure to fight terrorism, after the 11 September attacks in the USA. Four years and four months after its adoption, this law becomes applicable. In the mean time, these provisions have been twice modified. In March 2003, the Home Safety Law ('Loi sur la sicuriti intirieure' or LSI) made these provisions perennial, while they were supposed to last only until December 2003 and be assessed by the Parliament. In January 2006, the new French anti-terror law has extended the concerned provisions in two ways. First, not only the judicial authority but also the police forces may access the retained data. Secondly, data retention obligations now apply to Internet cafes, hotels, restaurants, and more generally to any person or organisation providing Internet access, free or for a fee, as a main or side activity. France has then chosen the maximum period of retention allowed by its national law, instead of choosing the minimum period, according to the new EU legislation. The European Directive on telecom data retention, recently adopted by the Parliament and the Council of Justice and Home Affairs, requires a retention period of no less than 6 months and no more than 2 years. French EDRI member IRIS has qualified this decree as the "maximal penalty for privacy", in a press release issued on the day of the decree publication. The organisation reminds that short after the LSQ adoption, it has filed a complaint with the European Commission against France, for violating the EU legislation. However, this complaint remained in standby, the EC waiting for the application decree to process the complaint. In the mean time, two European Directives on data retention were adopted, in 2002 and 2006 respectively, making this complaint obsolete. The French ISP association (AFA, French EUROISPA member) announced on 28 March that it would challenge this application decree before the Conseil d'Etat, highest administrative court. The main disputed point is that, while the decree provides for reimbursement of costs incurred by a requirement of law enforcement authorites, on a case by case basis, it remains silent on the general data retention cost which needs important investment from ISPs. In addition, the AFA deplores the lack of transition period to set up the retention system, and more generally the lack of discussion on the decree. Decree no. 2006-358 of 24 March 2006 regarding electronic communications (in French, 26.03.2006) http://www.legifrance.gouv.fr/WAspad/UnTexteDeJorf?numjo=JUSD0630025D Decree LSQ - Maximum penalty for private life (in French, 26.03.2006) http://www.iris.sgdg.org/info-debat/comm-decretlsq0306.html ISP Association will file an appeal to Conseil d'Etat (in French, 28.03.2006) http://www.afa-france.com/p_20060328.html EDRI-gram : Data Retention Directive Adopted By JHA Council (01.03.2006) http://www.edri.org/edrigram/number4.4/dataretention IRIS dossier on data retention (with information on the complaint to EC) http://www.iris.sgdg.org/actions/retention/ (Contribution by Meryem Marzouki, EDRI-member IRIS) ============================================================ 2. Internet under attack on election day in Belarus ============================================================ On 19 March 2006, date of the presidential elections in Belarus, the major online independent news resources (svaboda.org, charter97.org, belapan.com, ucpb.org, naviny.by, kozylin.com, zubr-belarus.com) were the targets of various types of attacks. The Website of "Nasha Niva" newspaper was not available from Belarus on 18 March on the Internet. Other problems were spotted in accessing tut.by, a major Belarusian portal with about 60 000 visitors/day. Also, Milinkievich's (candidate from Unified Democratic Forces) official website was unavailable for 2 days starting on 19 March. According with website administrators, they lost control over the server. Charter97 press-centre websites were permanently attacked. Authorities not only used their usual techniques (IP address blocking, massive DoS attacks) but Internet filtering as well. As a result a number of websites were unavailable from Belarus. Belarus has a large system put in place in order to restrict Internet access and control unwanted content. Some laws make it illegal to publish information that is contrary to state interests. ISPs from Belarus have to buy their connectivity from the telecom monopoly company. Internet Filtering in Belarus ( 20.03.2006) http://www.e-belarus.org/news/200603201.html OpenNet Initiative to Monitor Internet during the Belarus Presidential Elections (17.03.2006) http://www.opennetinitiative.net/blog/?p=92 Charter '97 - Milinkevich's official web site broken open (19.03.2006) http://67.18.131.22/eng/news/2006/03/19/mil (Thanks to Mikhail Doroshevich - E-belarus.org) ============================================================ 3. Slovenia : Draft Police Act endangers privacy ============================================================ The draft of new Police Act has raised a lot of criticism in the last days from privacy activists and legal experts on its broad encroachment upon citizens' right to privacy, granted by the Slovenian Constitution. Through the suggested act, the Slovenian government grants more power to the police, using terrorism, the Schengen treaty and recent serious crimes as a handy excuse. The Minister for Interior Affairs replied that changes to the Police Act were inevitable due to demands of the Schengen treaty. Experts agree that the Police Act should recieve some new provisions if Slovenia wants to fully enter the Schengen regime, however, such disproportionate and overall measures are not required by the Schengen treaty. Goran Klemencic from the Faculty of Criminal Justice and Security says that the draft represents an unconstitutional and dangerous attempt to broaden police powers. Similar opinions came from the Faculty of Law in Ljubljana and some privacy advocates. The draft provides for concealed collection of personal data without court warrant and enables interpretation that allows targeted and continuous surveillance. Targeted data collection would include financial and welfare data, lists of co-passengers and relations, data about vehicle and luggage etc. And all this for individuals as well that might commit a crime somewhere in the future. To add some more oil on the fire, the decision-making for approving these invasive measures would not be granted to a court or public prosecutor, but to the police itself, namely to the Head of Criminal Police. The Minister for Interior Affairs, Dragutin Mate, responded in an interview for national television. His reaction showed that the draft Police Act might not be sent to the Parliament in the current form because of the numerous criticisms. However, in his opinion, this is not an invasion to privacy, it is "just collecting some data at the moment when an individual's data are entered into the Schengen database and when the respective individual is randomly stopped by the police inside the country or at the border [...] The data includes accurate destination, reason for stopping and of course all the data about how this individual travels". According to Mr. Mate, this complies with article 99 of Schengen treaty. This might be true but he did not list all the data to be collected according to the draft act. The latter includes "targeted data collection"; "discreet collection"; so called "serious suspicion" (which is not defined); "collection of personal data from other subjects"; family, financial and welfare data etc. The interpretation would therefore also allow gathering of telecommunications traffic and location data from telcos and ISPs ("collection of personal data from other subjects"), maybe even personal data gathered by employers. Moreover, the draft does not provide for an afterward notification to the individual that he or she was a subject of police surveillance. According to the draft, the police could "randomly" stop an individual (following a suspicion that he or she might commit a crime somewhere in the future) and gather the most private data about him or her, including the family and co-passengers that would be an "excellent" accessory for police to build the social networks. These disproportionate and invasive measures included in the draft of the Police Act may go well together with the Data Retention Directive that was passed by the European Parliament in December 2005. Seeing "the big picture", some are asking where Slovenia is heading. Is it really to become a police country? The critics might have been successful. The Minister for Interior Affairs later revealed that "they will most likely include judicial supervision" over measures that invade individual's constitutional rights. However, it is incredible how such totalitarian solutions even managed to get a place inside an official draft . Draft of the new Police Act - limiting privacy and more power for the police? (only in Slovenian, 19.3.2006) http://www.slo-tech.com/script/forum/izpisitemo.php?threadID=211864&mesto=0 Will police invade the privacy? (only in Slovenian, 17.3.2006) http://24ur.com/bin/article.php?article_id=3071039 Ministry does not want a police country (only in Slovenian, 18.3.2006) http://www.delo.si/index.php?sv_path=41,35,125949 (Contribution by Aljaz Marn, EDRI observer, privacyblog.net, Slovenia) ============================================================ 4. Creative Commons license upheld in Dutch and Spanish courts ============================================================ Both in The Netherlands and in Spain the Creative Commons license was judged in court. In both cases the validity of this alternative copyright license was upheld. In the Netherlands, the first court case about the validity of the Creative Commons license produced clear victory for the user of the license. On 9 March 2006 the district court of Amsterdam ruled in summary proceedings that the weekly gossip magazine 'Weekend' could not republish pictures that were published under a specific non-commercial CC license. The family pictures were made by Adam Curry, famous in internet circles for promoting podcasting. Curry had published the pictures on the pictures-website flickr.com under a so-called Attribution-Noncommercial-Sharealike license, with the text 'this photo is public' and a reference to the appropriate CC license. Weekend did not seek or obtain prior permission. Curry sued for both copyright and privacy infringement. Weekend defended itself by saying it did not understand the reference to the CC license. The magazine also claimed there could be no damages, since the pictures were freely available on the flickr website anyway. The court ruled the copyright was unmistakable. Especially a professional party like the publisher of the magazine should conduct a thorough investigation before publishing pictures taken from the Internet. Professor Bernt Hugenholtz, director of the Institute for Information Science of the University of Amsterdam and main creator of the Dutch CC license was very pleased with the ruling. He commented on the creative commons mailing-list: "The Dutch court's decision is especially noteworthy because it confirms that the conditions of a Creative Commons license automatically apply to the content licensed under it, and bind users of such content even without expressly agreeing to, or having knowledge of, the conditions of the license." A few weeks earlier, on 17 February 2006 the Spanish court of Badajoz decided against SGAE, the Spanish music rights collecting society, in favor of a bar owner who played music released under a Creative Commons license. The court said none of the music played in disco bar Metropol between November 2002 and August 2005 was actually licensed by the collecting society. On the other hand, the CC licenses did allow for public performance of the work. Full text of the Amsterdam district court decision (in Dutch only, 09.03.2006) http://www.rechtspraak.nl/ljn.asp?ljn=AV4204 Mailinglist iCommons community discussion http://lists.ibiblio.org/mailman/listinfo/cc-icommons Full text of the Badajoz court decision (in Spanish only, 17.02.2006) http://www.internautas.org/archivos/sentencia_metropoli.pdf Spanish Court Recognizes CC-Music (23.03.2006) http://creativecommons.org/weblog/entry/5830 (Contribution by Sjoera Nas, EDRI-member Bits of Freedom, the Netherlands) ============================================================ 5. New anti-terror bill proposed in Denmark ============================================================ As a follow up to the latest anti-terror plan of action (49 proposals) of November 2005, the Danish government is now proposing new anti-terror legislation. In the current round of public hearing, massive criticism has been raised by NGOs, legal experts, Danish industry, telecom providers, and from a number of political parties, including the Liberal Party, which is one of the ruling parties in the current government. The criticism concerns both the substance in the proposals and the process of their preparation. The proposals presented by the Ministry of Justice and Ministry of Science & Technology are quite far reaching and encompass a range of intrusions into citizens' privacy. Among the most debated proposals are: - An access for the police intelligence services (PET) to request information about a citizen from any public authority as long as the information "might serve a purpose" in relation to an investigation, i.e. without a request for the police to justify the request. Furthermore there is increased access for the intelligence services to exchange this information with the defence intelligence services (FET). - A request for telecom and Internet Service Providers to provide the police with information on a given cell phone location at a given point in time (so called tele observation). - An obligation for telecom and Internet Service Providers to implement technical measures to enable the authorities to wiretap any given communication at short notice. - An obligation for telecom and Internet Service Providers to implement technical measures to provide unspecified historical data about a citizen (data retention), though the specific data to be retained in Denmark are still unresolved and have been so since the adoption of the first anti-terror law in June 2002. - An access to the police to request that public authorities or private companies put in place CCTV surveillance of public spaces. Furthermore, access to the police to specify technical requirements for the surveillance records. - A request for airline companies to retain passenger and airline staff data for one year, and to hand these over to the police intelligence services upon request. A heated public hearing was held on 28 March at the Danish Human Rights Institute and a new round of debate will take place in the Parliamentary judicial committee on 31 March. The coming weeks will show whether the government will stick to the original proposals or whether some of the more controversial part will be modified. Revolt threatens anti-terror bill (28.03.2006) http://www.cphpost.dk/get/94770.html Responses from Digital Rights (in Danish) www.digitalrights.dk Responses from the Danish Human Rights Institute (in Danish) http://www.humanrights.dk/hoeringssvar/notat2006/ Government wants to strengthen the fight against terror (in Danish) http://www.jm.dk/wimpdoc.asp?page=document&objno=74912 Ministry of Justice draft bill (in Danish) http://hoeringsportalen.dk/pls/portal/docs/PAGE/HOERINGSPORTAL/JUSTITSMINIS… RIET/LOVFORSLAG_FRA_JUSTITSMINISTERIET/AENDRING_AF_LOV_OM_RETSPLEJELOVEN_MV._ 76/LOVUDKAST.PDF Ministry of Science & Technology draft bill (in Danish) http://www.videnskabsministeriet.dk/cgi-bin/left-lovstof-list.cgi?law_type=… vudkthrng&Line=All Government Action Plan on anti-terrorism (in Danish) http://www.stm.dk/publikationer/terrorpakke/index.htm EDRI-gram : New anti-terrorism measures in Denmark (5.12.2005) http://www.edri.org/edrigram/number3.24/Danish_antiterror (Contribution by Rikke Frank Jxrgensen, EDRI-member Digital Rights Denmark) ============================================================ 6. Update on French EUCD Transposition ============================================================ The DADVSI draft law (French EUCD Transposition) made its first step on 21 March, with 286 votes in favour and 193 votes against. In an unusually crowded National Assembly, 501 out of the 577 Members of the Parliament took part in the vote. All the votes in favour came from representatives of the Conservative government party, which has the absolute majority. The NO votes repartition is: 7 from the government's party (14 abstentions), 162 from the Socio-democrat, Communist and Green opposition (4 abstentions), and 24 from the Liberal Democrat Centrists (4 abstentions). The result is largely a victory for the cultural industry majors: the 'global licence' idea is over, copyright exceptions granted by law are few and painless; while downsized, a penalty regime for unauthorized upload or download of content protected under intellectual property legislation is still in place for non commercial use; DRMs circumvention is assimilated to counterfeit, unless for research purpose; an administrative authority has been created to decide on the allowed number of private copies for cultural goods, with no minimum granted by law; and, most importantly, the so-called 'Vivendi Universal amendment' has been adopted, criminalizing P2P software edition and dissemination. However, the draft law brings important progress on the interoperability side: not only DRM vendors are required to open their technology to competitors, but also commercial platforms are required to make their files compatible with any player. This has soon led to strong criticism, with Apple accusing France of "State-sponsored piracy" and Americans for Technology Leadership (an industry coalition including members such as Microsoft) claiming that such measures "strip away the intellectual property rights of companies". The issue seems serious to US Commerce Secretary Carlos Gutierrez, who backed Apple protests. The draft law will go to the Senate, where discussions are scheduled in mid-May. Not only copyright, but also competition is clearly at stake now. No doubt that French Senators already start facing strong lobbying. EDRI-gram: What's so special about French EUCD transposition? (15.03.2006) http://www.edri.org/edrigram/number4.5/franceeucd Sign Of The (Digital) Times: France's Struggle With A New Copyright Law (18.03.2006) http://www.ip-watch.org/weblog/index.php?p=248 Draft law adopted by the National Assembly (in French, 21.03.2006) http://www.assemblee-nationale.fr/12/ta/ta0554.asp A compilation of reactions on the French draft copyright law (since 22.03.2006) http://eucd.info/index.php?2006/03/21/288-dadvsi-code-nirvana-or-nightmare (Contribution by Meryem Marzouki, EDRI-member IRIS) ============================================================ 7. Damages on online defamatory statements in UK ============================================================ Michael Keith Smith, a former parliamentary candidate for the UK Independence Party has received #10,000 in damages in a defamation case occurred on the internet Smith was a participant in a discussion on the Iraq war held on a discussion board run by Yahoo!. Tracy Williams, another participant in the discussion, posted under pseudonym series of defamatory remarks about Smith on an internet bulletin board calling him a "lard brain" a "Nazi", a "racist bigot" and a "nonce". She also alleged that he had sexually harassed a female co-worker. Although Smith had obtained court orders in June 2004 that allowed him to identify the person behind the remarks, Williams continued the defamatory campaign in 2005. Smith sued her and Judge Alistair MacDuff considered the remarks clearly defamatory and awarded Smith #10,000 damages - #5,000 general damages plus #5,000 aggravated damages to reflect Ms Williams' behaviour. He issued an injunction prohibiting Williams from repeating the remarks and ordered her to pay #7,200 costs involved in the legal action. Ms Williams did not defend the action. "I'm happy with the judge's ruling but firms hosting online chat rooms should be prepared to get involved and step in to moderate defamatory statements," Smith told The Guardian. Legal experts say the case, the first of this kind, should be taken as a warning that the lows of libel apply to chat rooms, message boards and personal blogs just as they apply to comments published in a newsletter. On the other hand, Mark Stephens, head of media law at Finer Stephens Innocent, said the case should lead to a larger discussion on whether such cases should reach the court. A chat room is self-moderating and has a limited circulation. Most such cases are solved much easier as the complaints are addressed to an ISP or site owner, which would take down the defamatory content as soon as it was notified. UKIP candidate wins #10,000 for internet libel (21.03.2006) http://www.timesonline.co.uk/article/0,,2-2096902,00.html #10,000 damages awarded for internet libel (23.03.2006) http://www.theregister.co.uk/2006/03/23/internet_libel_payout/ Warning to chatroom users after libel award for man labelled a Nazi (23.03.2006) http://www.guardian.co.uk/law/story/0,,1737445,00.html ============================================================ 8. Swedish Foreign Minister resigned following pressure on website ============================================================ Laila Freivalds, the Swedish Foreign Minister resigned on 21 March after having been cornered by the press on her involvement in the closure on 9 February of a far-right party's website. The Web site, which was planning to publish caricatures of Muhammad like those that led to deadly protests by Muslims all over the world, was contacted by a top Foreign Ministry official who said it should be closed for security reasons. Although, in the beginning, the minister denied having known about the official's action and having exerted pressure on the hosting company, a later report from the ministry said she had been involved in the decision. The minister told the media that the cartoons were "offensive to other peoples' religious beliefs" and admitted to the media that she was concerned that these cartoons may damage Sweden. Critics considered this action as an attack to freedom of speech. Sweden's government is forbidden by law to interfere with what is written in newspapers and on the Internet. Sweden FM quits over cartoon row (21.03.2006) http://news.bbc.co.uk/2/hi/europe/4828052.stm Swedish Foreign Minister Laila Freivalds Resigns (21.03.2006) http://www.bloomberg.com/apps/news?pid=10000085&sid=axCmZPNbpAF4&refer=euro… ============================================================ 9. TACD debate on the politics and ideology of intellectual property ============================================================ Civil society groups from around the world met in Brussels 20/21 March to discuss the politics and ideology of intellectual property. Speakers included representatives from WIPO and the EU, former US Patent Commissioner Bruce Lehman, consumer and development campaigners and noted IP academics Peter Drahos and Susan Sell. The conference tried to step back from immediate IP controversies and take a look at the rhetoric and politicking behind the framing of IP debates and legislation. Jamie Love set the tone for the meeting by looking at the loaded terms used by proponents and critics of stronger IP rights, contrasting positive language such as "innovation", "value" and "wealth creation" with negative descriptions such as "monopoly", "privilege" and "exploitation". The practical politics of the recent software patent debate were laid out by pro-patent lobbyist Jonathan Zuck, anti-software patents campaigner Florian Muller and European Parliament member and patent attorney Sharon Bowles. Bowles complained that few involved in the debate understood even the definitions involved; many in the audience doubtless felt the same way! Bruce Lehman and Rufus Pollock described the pro-IP consensus that exists across mainstream US and EU political parties, which gave Green MEP David Hammerstein a chance to describe his party's lone stance that instead favours innovation and consumer rights. The most notable comment of the conference came from Bruce Lehman. While head of intellectual property policy for President Clinton, he drove the creation of the Agreement on Trade Related Aspects of Intellectual Property Rights (TRIPS), which embedded IP into global trade treaties. But Lehman now feels that TRIPS has been a "huge failure" for the US, providing US market access to developing countries that have not reciprocated with strong IP enforcement. Europeans can only hope that those in the Commission and member state governments responsible for IP policy are listening to this gale of criticism of ever-stronger private property rights in ideas. Leonardo Cervera Navas of DG Internal Market said at the meeting that shorter copyright terms were politically unthinkable. The debate will only move forward once such blinkers are removed and we see evidence- rather than faith-based IP policy development. TACD Conference website: The Politics and Ideology of Intellectual Property http://www.tacd.org/docs/?id=286 Lehman: TRIPS was a mistake (20.03.2006) http://dooooooom.blogspot.com/2006/03/lehman-trips-was-mistake.html The debate on software patents as a litmus test for the knowledge society (in German, 21.03.2006) http://www.heise.de/newsticker/meldung/71069 Discussion over intellectual monopoly rights at TACD's Brussels conference (20.03.2006) https://www.fsfe.org/en/fellows/gerloff/blog/discussion_over_intellectual_m… opoly_rights_at_tacd_s_brussels_conference Experts: Intellectual Property Policy Not A Traditional Left-Right Political Issue (21.03.2006) http://www.ip-watch.org/weblog/index.php?p=250&res=1024_ff&print=0 The Politics and Ideology of Intellectual Property - A New Political Order(22.03.2006) http://patentinglives.blogspot.com/2006/03/politics-and-ideology-of-intelle… ual.html (Contribution by EDRI board member Ian Brown) ============================================================ 10. Commission progress report on electronic signatures ============================================================ A new progress report by the European Commission on the evolution of the electronic signatures in the European Union was made public on 17 March 2006. The report highlights the low usage of the qualified electronic signatures by European businesses and citizens. The report focuses on the "Directive on a Community framework for electronic signatures" adopted in 1999. The directive has introduced legal certainty with respect to the general admissibility of electronic signatures, all the general principles being now included in the legislation of all 25 Member States. The commission sees a much larger use of the qualified electronic signatures - based on Public Key Infrastructure (PKI) technology - in the future with the introduction of the electronic ID cards and in some e-government services, such as on-line income tax returns. Information Society and Media Commissioner Viviane Reding said "much work still has to be done in particular to make signatures work across borders. I also see a need for asking whether we need further adaptations of our EU framework for electronic signatures to technological and market developments and to the better regulation-policy of this Commission." The official press release announced that The Commission would also prepare a report on standards for electronic signatures in 2006 to see whether further regulatory measures by the EU would be necessary. Also, the Commission will hold a series of meetings with EU Member State experts and stakeholders to consider possible complementary measures to address, where appropriate, any differences between national laws transposing the e-signatures Directive that could fragment the single market, any clarifications needed in specific articles of the e-signatures Directive and any technical and standardisation work necessary to improve the cross-border interoperability of the e-signature systems. Electronic signatures: legally recognised but cross-border take-up too slow, says Commission (17.03.2006) http://europa.eu.int/rapid/pressReleasesAction.do?reference=IP/06/325&forma… HTML&aged=0&language=EN&guiLanguage=en Report on the operation of Directive 1999/93/EC on a Community framework for electronic signatures (15.03.2006) http://europa.eu.int/information_society/eeurope/i2010/docs/single_info_spa… /com_electronic_signatures_report_en.pdf ============================================================ 11. Agenda ============================================================ 12 April 2006, Dublin, Ireland Royal Irish Academy "Enabling Open Access to Scientific Data and Information within the Modern Knowledge Economy; the Case for a Scientific Commons" http://www.codataweb.org/codata-ria/ 15 April 2006, Deadline funding applications Civil rights organisations and initiatives are invited to send funding applications to the German foundation 'Bridge - B|rgerrechte in der digitalen Gesellschaft'. A total of 15 000 euro is available for applications that promote civil rights in the digitised society. http://www.stiftung-bridge.de 21-23 April 2006, Yale Law School, USA Access to Knowledge Conference Yale Information Society Project http://islandia.law.yale.edu/isp/a2kconfmain.html 27-28 April 2006, Washington, USA IP Disputes of the Future - TACD This conference will ask what will be the IP disputes in new fields of technology, and how advances in biotechnology and information technologies will change the nature of IP disputes. http://www.tacd.org/docs/?id=287 30 April - 2 May 2006, Hamburg, Germany LSPI Conference 2006 The First International Conference on Legal, Security and Privacy Issues in IT http://www.kierkegaard.co.uk/ 2-5 May 2006, Washington, USA CFP2006 The Sixteenth Conference on Computers, Freedom & Privacy http://www.cfp2006.org 3-6 May 2006, Wiesbaden, Germany LinuxTag - Europe's biggest fair and congress around free software, http://www.linuxtag.org 10 May - 23 July, Austria Annual decentralized community event around free software lectures, panel discussions, workshops, fairs and socialising http://www.linuxwochen.at 21 June 2006, Luxembourg Safer Internet Forum 2006 Focus on two topics: "Children's use of new media" and "Blocking access to illegal content: child sexual abuse images" http://europa.eu.int/information_society/activities/sip/si_forum/forum_june… 006/index_en.htm 26-27 June 2006, Berlin, Germany The Rising Power of Search-Engines on the Internet: Impacts on Users, Media Policy, and Media Business http://www.uni-leipzig.de/journalistik/suma/home_e.html 16 - 28 July 2006, Oxford, UK Annenberg/Oxford Summer Institute: Global Media Policy: Technology and New Themes in Media Regulation Application deadline 1 May 2006. http://www.pgcs.asc.upenn.edu/events/ox06/index.php 2-4 August 2006, Bregenz, Austria, 2nd International Workshop on Electronic Voting 2006 Students may apply for funds to attend the workshop until 30 June 2006. http://www.e-voting.cc/stories/1246056/ =========================================================== 12. About =========================================================== EDRI-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRI has 21 members from 14 European countries and 5 observers from 5 more countries (Italy, Ireland, Poland, Portugal and Slovenia). European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRI-grams. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and visibly on the EDRI website. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 2.0 License. See the full text at http://creativecommons.org/licenses/by/2.0/ Newsletter editor: Bogdan Manolea <edrigram(a)edri.org> Information about EDRI and its members: http://www.edri.org/ - EDRI-gram subscription information subscribe by e-mail To: edri-news-request(a)edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. unsubscribe by e-mail To: edri-news-request(a)edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/index.php?option=com_content&task=view&id=6… &Itemid=4&lang=mk - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask <edrigram(a)edri.org> if you have any problems with subscribing or unsubscribing. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

1 0

"Securing the Network against Web-based Proxies"
by Leichter, Jerry 06 Jul '18

06 Jul '18

Ah, where the web is going. 8e6 Technologies sells a hardware box that it claims does signature analysis to detect HTTP proxies and blocks them. It can also block HTTPS proxies "that do not have a valid certificate" (whatever that means), as well as do such things as block IM, force Google and Yahoo searches to be done in Safe mode, and so on. They're marketing this to the education community (with the typical horror stories of the problems your school district can run into if students use proxies to get around your rules). What I find most interesting, though, is that the company, based in California, has an overseas presence in exactly two other countries: Taiwan and China. One doesn't need much imagination to see what market they are going after there.... -- Jerry --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo(a)metzdowd.com ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

EDRI-gram newsletter - Number 4.6, 29 March 2006
by EDRI-gram newsletter 06 Jul '18

06 Jul '18

============================================================ EDRI-gram biweekly newsletter about digital civil rights in Europe Number 4.6, 29 March 2006 ============================================================ Contents ============================================================ 1. Telecom data to be retained for one year in France 2. Internet under attack on election day in Belarus 3. Slovenia : Draft Police act endangers privacy 4. Creative Commons license upheld in Dutch and Spanish courts 5. New anti-terror bill proposed in Denmark 6. Update on French EUCD Transposition 7. Damages on online defamatory statements in UK 8. Swedish Foreign Minister resigned following pressure on website 9. TACD debate on the politics and ideology of intellectual property 10. Commission progress report on electronic signatures 11. Agenda 12. About ============================================================ 1. Telecom data to be retained for one year in France ============================================================ The long-awaited application decree for telecommunication data retention was finally published in France on 26 March 2006. It requires telecommunication data operators (Internet and telephony) to retain data for one year. Concerned data are those allowing the identification of: - the user and its terminal equipment - the recipients of the communication - the date, time and duration of the communication - the additional services used and their suppliers - the origin and the location of the communication (for telephony services). The decree specifies provisions that were first introduced in the Daily Safety Law ('Loi sur la sicuriti quotidienne' or LSQ), in November 2001, as an allegedly urgent procedure to fight terrorism, after the 11 September attacks in the USA. Four years and four months after its adoption, this law becomes applicable. In the mean time, these provisions have been twice modified. In March 2003, the Home Safety Law ('Loi sur la sicuriti intirieure' or LSI) made these provisions perennial, while they were supposed to last only until December 2003 and be assessed by the Parliament. In January 2006, the new French anti-terror law has extended the concerned provisions in two ways. First, not only the judicial authority but also the police forces may access the retained data. Secondly, data retention obligations now apply to Internet cafes, hotels, restaurants, and more generally to any person or organisation providing Internet access, free or for a fee, as a main or side activity. France has then chosen the maximum period of retention allowed by its national law, instead of choosing the minimum period, according to the new EU legislation. The European Directive on telecom data retention, recently adopted by the Parliament and the Council of Justice and Home Affairs, requires a retention period of no less than 6 months and no more than 2 years. French EDRI member IRIS has qualified this decree as the "maximal penalty for privacy", in a press release issued on the day of the decree publication. The organisation reminds that short after the LSQ adoption, it has filed a complaint with the European Commission against France, for violating the EU legislation. However, this complaint remained in standby, the EC waiting for the application decree to process the complaint. In the mean time, two European Directives on data retention were adopted, in 2002 and 2006 respectively, making this complaint obsolete. The French ISP association (AFA, French EUROISPA member) announced on 28 March that it would challenge this application decree before the Conseil d'Etat, highest administrative court. The main disputed point is that, while the decree provides for reimbursement of costs incurred by a requirement of law enforcement authorites, on a case by case basis, it remains silent on the general data retention cost which needs important investment from ISPs. In addition, the AFA deplores the lack of transition period to set up the retention system, and more generally the lack of discussion on the decree. Decree no. 2006-358 of 24 March 2006 regarding electronic communications (in French, 26.03.2006) http://www.legifrance.gouv.fr/WAspad/UnTexteDeJorf?numjo=JUSD0630025D Decree LSQ - Maximum penalty for private life (in French, 26.03.2006) http://www.iris.sgdg.org/info-debat/comm-decretlsq0306.html ISP Association will file an appeal to Conseil d'Etat (in French, 28.03.2006) http://www.afa-france.com/p_20060328.html EDRI-gram : Data Retention Directive Adopted By JHA Council (01.03.2006) http://www.edri.org/edrigram/number4.4/dataretention IRIS dossier on data retention (with information on the complaint to EC) http://www.iris.sgdg.org/actions/retention/ (Contribution by Meryem Marzouki, EDRI-member IRIS) ============================================================ 2. Internet under attack on election day in Belarus ============================================================ On 19 March 2006, date of the presidential elections in Belarus, the major online independent news resources (svaboda.org, charter97.org, belapan.com, ucpb.org, naviny.by, kozylin.com, zubr-belarus.com) were the targets of various types of attacks. The Website of "Nasha Niva" newspaper was not available from Belarus on 18 March on the Internet. Other problems were spotted in accessing tut.by, a major Belarusian portal with about 60 000 visitors/day. Also, Milinkievich's (candidate from Unified Democratic Forces) official website was unavailable for 2 days starting on 19 March. According with website administrators, they lost control over the server. Charter97 press-centre websites were permanently attacked. Authorities not only used their usual techniques (IP address blocking, massive DoS attacks) but Internet filtering as well. As a result a number of websites were unavailable from Belarus. Belarus has a large system put in place in order to restrict Internet access and control unwanted content. Some laws make it illegal to publish information that is contrary to state interests. ISPs from Belarus have to buy their connectivity from the telecom monopoly company. Internet Filtering in Belarus ( 20.03.2006) http://www.e-belarus.org/news/200603201.html OpenNet Initiative to Monitor Internet during the Belarus Presidential Elections (17.03.2006) http://www.opennetinitiative.net/blog/?p=92 Charter '97 - Milinkevich's official web site broken open (19.03.2006) http://67.18.131.22/eng/news/2006/03/19/mil (Thanks to Mikhail Doroshevich - E-belarus.org) ============================================================ 3. Slovenia : Draft Police Act endangers privacy ============================================================ The draft of new Police Act has raised a lot of criticism in the last days from privacy activists and legal experts on its broad encroachment upon citizens' right to privacy, granted by the Slovenian Constitution. Through the suggested act, the Slovenian government grants more power to the police, using terrorism, the Schengen treaty and recent serious crimes as a handy excuse. The Minister for Interior Affairs replied that changes to the Police Act were inevitable due to demands of the Schengen treaty. Experts agree that the Police Act should recieve some new provisions if Slovenia wants to fully enter the Schengen regime, however, such disproportionate and overall measures are not required by the Schengen treaty. Goran Klemencic from the Faculty of Criminal Justice and Security says that the draft represents an unconstitutional and dangerous attempt to broaden police powers. Similar opinions came from the Faculty of Law in Ljubljana and some privacy advocates. The draft provides for concealed collection of personal data without court warrant and enables interpretation that allows targeted and continuous surveillance. Targeted data collection would include financial and welfare data, lists of co-passengers and relations, data about vehicle and luggage etc. And all this for individuals as well that might commit a crime somewhere in the future. To add some more oil on the fire, the decision-making for approving these invasive measures would not be granted to a court or public prosecutor, but to the police itself, namely to the Head of Criminal Police. The Minister for Interior Affairs, Dragutin Mate, responded in an interview for national television. His reaction showed that the draft Police Act might not be sent to the Parliament in the current form because of the numerous criticisms. However, in his opinion, this is not an invasion to privacy, it is "just collecting some data at the moment when an individual's data are entered into the Schengen database and when the respective individual is randomly stopped by the police inside the country or at the border [...] The data includes accurate destination, reason for stopping and of course all the data about how this individual travels". According to Mr. Mate, this complies with article 99 of Schengen treaty. This might be true but he did not list all the data to be collected according to the draft act. The latter includes "targeted data collection"; "discreet collection"; so called "serious suspicion" (which is not defined); "collection of personal data from other subjects"; family, financial and welfare data etc. The interpretation would therefore also allow gathering of telecommunications traffic and location data from telcos and ISPs ("collection of personal data from other subjects"), maybe even personal data gathered by employers. Moreover, the draft does not provide for an afterward notification to the individual that he or she was a subject of police surveillance. According to the draft, the police could "randomly" stop an individual (following a suspicion that he or she might commit a crime somewhere in the future) and gather the most private data about him or her, including the family and co-passengers that would be an "excellent" accessory for police to build the social networks. These disproportionate and invasive measures included in the draft of the Police Act may go well together with the Data Retention Directive that was passed by the European Parliament in December 2005. Seeing "the big picture", some are asking where Slovenia is heading. Is it really to become a police country? The critics might have been successful. The Minister for Interior Affairs later revealed that "they will most likely include judicial supervision" over measures that invade individual's constitutional rights. However, it is incredible how such totalitarian solutions even managed to get a place inside an official draft . Draft of the new Police Act - limiting privacy and more power for the police? (only in Slovenian, 19.3.2006) http://www.slo-tech.com/script/forum/izpisitemo.php?threadID=211864&mesto=0 Will police invade the privacy? (only in Slovenian, 17.3.2006) http://24ur.com/bin/article.php?article_id=3071039 Ministry does not want a police country (only in Slovenian, 18.3.2006) http://www.delo.si/index.php?sv_path=41,35,125949 (Contribution by Aljaz Marn, EDRI observer, privacyblog.net, Slovenia) ============================================================ 4. Creative Commons license upheld in Dutch and Spanish courts ============================================================ Both in The Netherlands and in Spain the Creative Commons license was judged in court. In both cases the validity of this alternative copyright license was upheld. In the Netherlands, the first court case about the validity of the Creative Commons license produced clear victory for the user of the license. On 9 March 2006 the district court of Amsterdam ruled in summary proceedings that the weekly gossip magazine 'Weekend' could not republish pictures that were published under a specific non-commercial CC license. The family pictures were made by Adam Curry, famous in internet circles for promoting podcasting. Curry had published the pictures on the pictures-website flickr.com under a so-called Attribution-Noncommercial-Sharealike license, with the text 'this photo is public' and a reference to the appropriate CC license. Weekend did not seek or obtain prior permission. Curry sued for both copyright and privacy infringement. Weekend defended itself by saying it did not understand the reference to the CC license. The magazine also claimed there could be no damages, since the pictures were freely available on the flickr website anyway. The court ruled the copyright was unmistakable. Especially a professional party like the publisher of the magazine should conduct a thorough investigation before publishing pictures taken from the Internet. Professor Bernt Hugenholtz, director of the Institute for Information Science of the University of Amsterdam and main creator of the Dutch CC license was very pleased with the ruling. He commented on the creative commons mailing-list: "The Dutch court's decision is especially noteworthy because it confirms that the conditions of a Creative Commons license automatically apply to the content licensed under it, and bind users of such content even without expressly agreeing to, or having knowledge of, the conditions of the license." A few weeks earlier, on 17 February 2006 the Spanish court of Badajoz decided against SGAE, the Spanish music rights collecting society, in favor of a bar owner who played music released under a Creative Commons license. The court said none of the music played in disco bar Metropol between November 2002 and August 2005 was actually licensed by the collecting society. On the other hand, the CC licenses did allow for public performance of the work. Full text of the Amsterdam district court decision (in Dutch only, 09.03.2006) http://www.rechtspraak.nl/ljn.asp?ljn=AV4204 Mailinglist iCommons community discussion http://lists.ibiblio.org/mailman/listinfo/cc-icommons Full text of the Badajoz court decision (in Spanish only, 17.02.2006) http://www.internautas.org/archivos/sentencia_metropoli.pdf Spanish Court Recognizes CC-Music (23.03.2006) http://creativecommons.org/weblog/entry/5830 (Contribution by Sjoera Nas, EDRI-member Bits of Freedom, the Netherlands) ============================================================ 5. New anti-terror bill proposed in Denmark ============================================================ As a follow up to the latest anti-terror plan of action (49 proposals) of November 2005, the Danish government is now proposing new anti-terror legislation. In the current round of public hearing, massive criticism has been raised by NGOs, legal experts, Danish industry, telecom providers, and from a number of political parties, including the Liberal Party, which is one of the ruling parties in the current government. The criticism concerns both the substance in the proposals and the process of their preparation. The proposals presented by the Ministry of Justice and Ministry of Science & Technology are quite far reaching and encompass a range of intrusions into citizens' privacy. Among the most debated proposals are: - An access for the police intelligence services (PET) to request information about a citizen from any public authority as long as the information "might serve a purpose" in relation to an investigation, i.e. without a request for the police to justify the request. Furthermore there is increased access for the intelligence services to exchange this information with the defence intelligence services (FET). - A request for telecom and Internet Service Providers to provide the police with information on a given cell phone location at a given point in time (so called tele observation). - An obligation for telecom and Internet Service Providers to implement technical measures to enable the authorities to wiretap any given communication at short notice. - An obligation for telecom and Internet Service Providers to implement technical measures to provide unspecified historical data about a citizen (data retention), though the specific data to be retained in Denmark are still unresolved and have been so since the adoption of the first anti-terror law in June 2002. - An access to the police to request that public authorities or private companies put in place CCTV surveillance of public spaces. Furthermore, access to the police to specify technical requirements for the surveillance records. - A request for airline companies to retain passenger and airline staff data for one year, and to hand these over to the police intelligence services upon request. A heated public hearing was held on 28 March at the Danish Human Rights Institute and a new round of debate will take place in the Parliamentary judicial committee on 31 March. The coming weeks will show whether the government will stick to the original proposals or whether some of the more controversial part will be modified. Revolt threatens anti-terror bill (28.03.2006) http://www.cphpost.dk/get/94770.html Responses from Digital Rights (in Danish) www.digitalrights.dk Responses from the Danish Human Rights Institute (in Danish) http://www.humanrights.dk/hoeringssvar/notat2006/ Government wants to strengthen the fight against terror (in Danish) http://www.jm.dk/wimpdoc.asp?page=document&objno=74912 Ministry of Justice draft bill (in Danish) http://hoeringsportalen.dk/pls/portal/docs/PAGE/HOERINGSPORTAL/JUSTITSMINIS… RIET/LOVFORSLAG_FRA_JUSTITSMINISTERIET/AENDRING_AF_LOV_OM_RETSPLEJELOVEN_MV._ 76/LOVUDKAST.PDF Ministry of Science & Technology draft bill (in Danish) http://www.videnskabsministeriet.dk/cgi-bin/left-lovstof-list.cgi?law_type=… vudkthrng&Line=All Government Action Plan on anti-terrorism (in Danish) http://www.stm.dk/publikationer/terrorpakke/index.htm EDRI-gram : New anti-terrorism measures in Denmark (5.12.2005) http://www.edri.org/edrigram/number3.24/Danish_antiterror (Contribution by Rikke Frank Jxrgensen, EDRI-member Digital Rights Denmark) ============================================================ 6. Update on French EUCD Transposition ============================================================ The DADVSI draft law (French EUCD Transposition) made its first step on 21 March, with 286 votes in favour and 193 votes against. In an unusually crowded National Assembly, 501 out of the 577 Members of the Parliament took part in the vote. All the votes in favour came from representatives of the Conservative government party, which has the absolute majority. The NO votes repartition is: 7 from the government's party (14 abstentions), 162 from the Socio-democrat, Communist and Green opposition (4 abstentions), and 24 from the Liberal Democrat Centrists (4 abstentions). The result is largely a victory for the cultural industry majors: the 'global licence' idea is over, copyright exceptions granted by law are few and painless; while downsized, a penalty regime for unauthorized upload or download of content protected under intellectual property legislation is still in place for non commercial use; DRMs circumvention is assimilated to counterfeit, unless for research purpose; an administrative authority has been created to decide on the allowed number of private copies for cultural goods, with no minimum granted by law; and, most importantly, the so-called 'Vivendi Universal amendment' has been adopted, criminalizing P2P software edition and dissemination. However, the draft law brings important progress on the interoperability side: not only DRM vendors are required to open their technology to competitors, but also commercial platforms are required to make their files compatible with any player. This has soon led to strong criticism, with Apple accusing France of "State-sponsored piracy" and Americans for Technology Leadership (an industry coalition including members such as Microsoft) claiming that such measures "strip away the intellectual property rights of companies". The issue seems serious to US Commerce Secretary Carlos Gutierrez, who backed Apple protests. The draft law will go to the Senate, where discussions are scheduled in mid-May. Not only copyright, but also competition is clearly at stake now. No doubt that French Senators already start facing strong lobbying. EDRI-gram: What's so special about French EUCD transposition? (15.03.2006) http://www.edri.org/edrigram/number4.5/franceeucd Sign Of The (Digital) Times: France's Struggle With A New Copyright Law (18.03.2006) http://www.ip-watch.org/weblog/index.php?p=248 Draft law adopted by the National Assembly (in French, 21.03.2006) http://www.assemblee-nationale.fr/12/ta/ta0554.asp A compilation of reactions on the French draft copyright law (since 22.03.2006) http://eucd.info/index.php?2006/03/21/288-dadvsi-code-nirvana-or-nightmare (Contribution by Meryem Marzouki, EDRI-member IRIS) ============================================================ 7. Damages on online defamatory statements in UK ============================================================ Michael Keith Smith, a former parliamentary candidate for the UK Independence Party has received #10,000 in damages in a defamation case occurred on the internet Smith was a participant in a discussion on the Iraq war held on a discussion board run by Yahoo!. Tracy Williams, another participant in the discussion, posted under pseudonym series of defamatory remarks about Smith on an internet bulletin board calling him a "lard brain" a "Nazi", a "racist bigot" and a "nonce". She also alleged that he had sexually harassed a female co-worker. Although Smith had obtained court orders in June 2004 that allowed him to identify the person behind the remarks, Williams continued the defamatory campaign in 2005. Smith sued her and Judge Alistair MacDuff considered the remarks clearly defamatory and awarded Smith #10,000 damages - #5,000 general damages plus #5,000 aggravated damages to reflect Ms Williams' behaviour. He issued an injunction prohibiting Williams from repeating the remarks and ordered her to pay #7,200 costs involved in the legal action. Ms Williams did not defend the action. "I'm happy with the judge's ruling but firms hosting online chat rooms should be prepared to get involved and step in to moderate defamatory statements," Smith told The Guardian. Legal experts say the case, the first of this kind, should be taken as a warning that the lows of libel apply to chat rooms, message boards and personal blogs just as they apply to comments published in a newsletter. On the other hand, Mark Stephens, head of media law at Finer Stephens Innocent, said the case should lead to a larger discussion on whether such cases should reach the court. A chat room is self-moderating and has a limited circulation. Most such cases are solved much easier as the complaints are addressed to an ISP or site owner, which would take down the defamatory content as soon as it was notified. UKIP candidate wins #10,000 for internet libel (21.03.2006) http://www.timesonline.co.uk/article/0,,2-2096902,00.html #10,000 damages awarded for internet libel (23.03.2006) http://www.theregister.co.uk/2006/03/23/internet_libel_payout/ Warning to chatroom users after libel award for man labelled a Nazi (23.03.2006) http://www.guardian.co.uk/law/story/0,,1737445,00.html ============================================================ 8. Swedish Foreign Minister resigned following pressure on website ============================================================ Laila Freivalds, the Swedish Foreign Minister resigned on 21 March after having been cornered by the press on her involvement in the closure on 9 February of a far-right party's website. The Web site, which was planning to publish caricatures of Muhammad like those that led to deadly protests by Muslims all over the world, was contacted by a top Foreign Ministry official who said it should be closed for security reasons. Although, in the beginning, the minister denied having known about the official's action and having exerted pressure on the hosting company, a later report from the ministry said she had been involved in the decision. The minister told the media that the cartoons were "offensive to other peoples' religious beliefs" and admitted to the media that she was concerned that these cartoons may damage Sweden. Critics considered this action as an attack to freedom of speech. Sweden's government is forbidden by law to interfere with what is written in newspapers and on the Internet. Sweden FM quits over cartoon row (21.03.2006) http://news.bbc.co.uk/2/hi/europe/4828052.stm Swedish Foreign Minister Laila Freivalds Resigns (21.03.2006) http://www.bloomberg.com/apps/news?pid=10000085&sid=axCmZPNbpAF4&refer=euro… ============================================================ 9. TACD debate on the politics and ideology of intellectual property ============================================================ Civil society groups from around the world met in Brussels 20/21 March to discuss the politics and ideology of intellectual property. Speakers included representatives from WIPO and the EU, former US Patent Commissioner Bruce Lehman, consumer and development campaigners and noted IP academics Peter Drahos and Susan Sell. The conference tried to step back from immediate IP controversies and take a look at the rhetoric and politicking behind the framing of IP debates and legislation. Jamie Love set the tone for the meeting by looking at the loaded terms used by proponents and critics of stronger IP rights, contrasting positive language such as "innovation", "value" and "wealth creation" with negative descriptions such as "monopoly", "privilege" and "exploitation". The practical politics of the recent software patent debate were laid out by pro-patent lobbyist Jonathan Zuck, anti-software patents campaigner Florian Muller and European Parliament member and patent attorney Sharon Bowles. Bowles complained that few involved in the debate understood even the definitions involved; many in the audience doubtless felt the same way! Bruce Lehman and Rufus Pollock described the pro-IP consensus that exists across mainstream US and EU political parties, which gave Green MEP David Hammerstein a chance to describe his party's lone stance that instead favours innovation and consumer rights. The most notable comment of the conference came from Bruce Lehman. While head of intellectual property policy for President Clinton, he drove the creation of the Agreement on Trade Related Aspects of Intellectual Property Rights (TRIPS), which embedded IP into global trade treaties. But Lehman now feels that TRIPS has been a "huge failure" for the US, providing US market access to developing countries that have not reciprocated with strong IP enforcement. Europeans can only hope that those in the Commission and member state governments responsible for IP policy are listening to this gale of criticism of ever-stronger private property rights in ideas. Leonardo Cervera Navas of DG Internal Market said at the meeting that shorter copyright terms were politically unthinkable. The debate will only move forward once such blinkers are removed and we see evidence- rather than faith-based IP policy development. TACD Conference website: The Politics and Ideology of Intellectual Property http://www.tacd.org/docs/?id=286 Lehman: TRIPS was a mistake (20.03.2006) http://dooooooom.blogspot.com/2006/03/lehman-trips-was-mistake.html The debate on software patents as a litmus test for the knowledge society (in German, 21.03.2006) http://www.heise.de/newsticker/meldung/71069 Discussion over intellectual monopoly rights at TACD's Brussels conference (20.03.2006) https://www.fsfe.org/en/fellows/gerloff/blog/discussion_over_intellectual_m… opoly_rights_at_tacd_s_brussels_conference Experts: Intellectual Property Policy Not A Traditional Left-Right Political Issue (21.03.2006) http://www.ip-watch.org/weblog/index.php?p=250&res=1024_ff&print=0 The Politics and Ideology of Intellectual Property - A New Political Order(22.03.2006) http://patentinglives.blogspot.com/2006/03/politics-and-ideology-of-intelle… ual.html (Contribution by EDRI board member Ian Brown) ============================================================ 10. Commission progress report on electronic signatures ============================================================ A new progress report by the European Commission on the evolution of the electronic signatures in the European Union was made public on 17 March 2006. The report highlights the low usage of the qualified electronic signatures by European businesses and citizens. The report focuses on the "Directive on a Community framework for electronic signatures" adopted in 1999. The directive has introduced legal certainty with respect to the general admissibility of electronic signatures, all the general principles being now included in the legislation of all 25 Member States. The commission sees a much larger use of the qualified electronic signatures - based on Public Key Infrastructure (PKI) technology - in the future with the introduction of the electronic ID cards and in some e-government services, such as on-line income tax returns. Information Society and Media Commissioner Viviane Reding said "much work still has to be done in particular to make signatures work across borders. I also see a need for asking whether we need further adaptations of our EU framework for electronic signatures to technological and market developments and to the better regulation-policy of this Commission." The official press release announced that The Commission would also prepare a report on standards for electronic signatures in 2006 to see whether further regulatory measures by the EU would be necessary. Also, the Commission will hold a series of meetings with EU Member State experts and stakeholders to consider possible complementary measures to address, where appropriate, any differences between national laws transposing the e-signatures Directive that could fragment the single market, any clarifications needed in specific articles of the e-signatures Directive and any technical and standardisation work necessary to improve the cross-border interoperability of the e-signature systems. Electronic signatures: legally recognised but cross-border take-up too slow, says Commission (17.03.2006) http://europa.eu.int/rapid/pressReleasesAction.do?reference=IP/06/325&forma… HTML&aged=0&language=EN&guiLanguage=en Report on the operation of Directive 1999/93/EC on a Community framework for electronic signatures (15.03.2006) http://europa.eu.int/information_society/eeurope/i2010/docs/single_info_spa… /com_electronic_signatures_report_en.pdf ============================================================ 11. Agenda ============================================================ 12 April 2006, Dublin, Ireland Royal Irish Academy "Enabling Open Access to Scientific Data and Information within the Modern Knowledge Economy; the Case for a Scientific Commons" http://www.codataweb.org/codata-ria/ 15 April 2006, Deadline funding applications Civil rights organisations and initiatives are invited to send funding applications to the German foundation 'Bridge - B|rgerrechte in der digitalen Gesellschaft'. A total of 15 000 euro is available for applications that promote civil rights in the digitised society. http://www.stiftung-bridge.de 21-23 April 2006, Yale Law School, USA Access to Knowledge Conference Yale Information Society Project http://islandia.law.yale.edu/isp/a2kconfmain.html 27-28 April 2006, Washington, USA IP Disputes of the Future - TACD This conference will ask what will be the IP disputes in new fields of technology, and how advances in biotechnology and information technologies will change the nature of IP disputes. http://www.tacd.org/docs/?id=287 30 April - 2 May 2006, Hamburg, Germany LSPI Conference 2006 The First International Conference on Legal, Security and Privacy Issues in IT http://www.kierkegaard.co.uk/ 2-5 May 2006, Washington, USA CFP2006 The Sixteenth Conference on Computers, Freedom & Privacy http://www.cfp2006.org 3-6 May 2006, Wiesbaden, Germany LinuxTag - Europe's biggest fair and congress around free software, http://www.linuxtag.org 10 May - 23 July, Austria Annual decentralized community event around free software lectures, panel discussions, workshops, fairs and socialising http://www.linuxwochen.at 21 June 2006, Luxembourg Safer Internet Forum 2006 Focus on two topics: "Children's use of new media" and "Blocking access to illegal content: child sexual abuse images" http://europa.eu.int/information_society/activities/sip/si_forum/forum_june… 006/index_en.htm 26-27 June 2006, Berlin, Germany The Rising Power of Search-Engines on the Internet: Impacts on Users, Media Policy, and Media Business http://www.uni-leipzig.de/journalistik/suma/home_e.html 16 - 28 July 2006, Oxford, UK Annenberg/Oxford Summer Institute: Global Media Policy: Technology and New Themes in Media Regulation Application deadline 1 May 2006. http://www.pgcs.asc.upenn.edu/events/ox06/index.php 2-4 August 2006, Bregenz, Austria, 2nd International Workshop on Electronic Voting 2006 Students may apply for funds to attend the workshop until 30 June 2006. http://www.e-voting.cc/stories/1246056/ =========================================================== 12. About =========================================================== EDRI-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRI has 21 members from 14 European countries and 5 observers from 5 more countries (Italy, Ireland, Poland, Portugal and Slovenia). European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRI-grams. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and visibly on the EDRI website. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 2.0 License. See the full text at http://creativecommons.org/licenses/by/2.0/ Newsletter editor: Bogdan Manolea <edrigram(a)edri.org> Information about EDRI and its members: http://www.edri.org/ - EDRI-gram subscription information subscribe by e-mail To: edri-news-request(a)edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. unsubscribe by e-mail To: edri-news-request(a)edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/index.php?option=com_content&task=view&id=6… &Itemid=4&lang=mk - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask <edrigram(a)edri.org> if you have any problems with subscribing or unsubscribing. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

1 0

[aprssig] Re: Commercial APRS Service
by None 06 Jul '18

06 Jul '18

And then too, of course, the "dramatic demonstration" from http://www.satsecurity.com/news103103.htm SAN DIEGO - October 31, 2003 -- Satellite Security Systems (S3), a global provider of asset security and logistics control, in cooperation with the California Highway Patrol (CHP) and InterState Oil Company, dramatically demonstrated the first wireless remote shutdown of a fully loaded moving petrochemical tanker truck. >From S3's headquarters in San Diego - 530 miles from the demonstration site - satellite communications were used to disable the truck in seconds, proving S3's GlobalGuardT and FleetGuardT a viable solution to the challenge of controlling rogue hazardous waste vehicles that could pose a threat to homeland security. The event, conducted on CHP Academy grounds in Sacramento and administered by the CHP, addresses ongoing concerns about the affordability of effective security technology, stealthiness of such a security device, and how GPS monitoring can be incorporated safely into law enforcement protocol. <snip> -- Neil Johnson http://www.njohnsn.com PGP key available on request.

1 0

for IP if you wish
by Carl E. Landwehr 06 Jul '18

06 Jul '18

Dave, The former Disruptive Technology Office has been merged into the newly formed IARPA -- Intelligence Advanced Research Projects Activity. We've also just released (via AFRL) updated language for the NICECAP BAA: A revision of the National Intelligence Community Enterprise Cyber Assurance Program (NICECAP) BAA (AFRL BAA-06-11-IFKA) has been released and is available at: http://tinyurl.com/yw7k9s A new focus area soliciting research on Privacy Protecting Technologies is added under the Accountable Information Flow thrust. White papers are due to AFRL November 2, 2007. Regards, --Carl ------------------------------------------- Archives: http://v2.listbox.com/member/archive/247/=now RSS Feed: http://v2.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

[IP] National Intelligence Community Enterprise Cyber Assurance Program
by David Farber 06 Jul '18

06 Jul '18

Begin forwarded message:

1 0

Re: [cryptography] Digest comparison algorithm
by Solar Designer 06 Jul '18

06 Jul '18

On Thu, Dec 01, 2011 at 11:16:14PM -0600, Marsh Ray wrote: > On 12/01/2011 10:15 PM, Solar Designer wrote: > >http://whitepixel.zorinaq.com is probably the fastest single MD5 hash > >cracker. This one tests 33.1 billion of passwords per second against a > >raw MD5 hash on 4 x AMD Radeon HD 5970 (8 GPUs). Of course, the > >passwords being tested are not arbitrary (e.g., you can't just feed a > >wordlist to such a cracker), although the character set is configurable. > > Where would you find a wordlist to keep it busy for more than a > millisecond anyway? Not a plain wordlist, but wordlist + thousands or millions of rules. In fact, another tool implements that and achieves just slightly slower speeds: http://hashcat.net/oclhashcat-plus/ > >1. Already discussed: implement constant-time comparisons by using XORs > >and ORs. > > Talking with people who work closely with code generation convinced me > that it's essential to examine the generated code. A compiler might > recognize and exploit the opportunity for early loop termination. That's correct. > >2. Pass both strings to compare through an HMAC with a secret. If one > >of the strings is a secret, then that secret may be reused for this HMAC > >as well. > > http://www.isecpartners.com/blog/2011/2/18/double-hmac-verification.html Yes, Nate had pointed me at this one too. > >It'd be curious to explore how much entropy in the salt is needed for > >this. Are 12-bit salts of traditional DES-based crypt(3) sufficient > >against remote timing attacks or not? > > Let's assume crypt(3) returns a string which is compared against the > expected value using strcmp(), and the salted hash is formed of hex > digits like: > > %crypt(3)%SSS%HHHHHHHHHHHHHHHH% > > SSS - 12 bit salt > HHH - 64 bit value from DES-like function OK, let's assume this. > (I know it uses $ and some form of base-64 in practice, For traditional DES-based crypt(3), it is 13 characters: sshhhhhhhhhhh There's no fixed part, just two characters of salt and 11 of hash (using a base-64 character set). But let's continue to assume your format for the string for now: > The attacker generates, say, 4096 random passwords and accurately times > their evaluation. If there isn't too much jitter on the network (or the > local machine), and his timing measurements are accurate enough, he will > observe the timings grouping into two clusters: > > 1. The largest cluster will represent the case where H[0] fails the > comparison in strcmp(). > > 2. The second cluster will be on the order of a few machine cycles > longer, representing times that H[0] compared successfully. Yes. > This cluster will be approximately 256 times smaller than the first. Why not 16 times, if we use hex digits and assume a char-by-char strcmp()? > With > 4096 trials the expectation is that this cluster will contain about 16 > members. 256 with the above correction. > Now that he has a fuzzy idea of which passwords succeed in matching > H[0], he evaluates this set for all 4096 possible salt values. There > will be only one salt value that produces the same H[0] for all of these > passwords. Did you mean there will _likely_ (but not necessarily) be only one such salt value? > So if his timing data is any good, he has learned the salt Yes, well done. > Conclusion: Salts placed at the beginning of the password string must > contain sufficient entropy to resist offline brute-force in order to > provide mitigation against timing attacks. It may be better to place > them at the end of the password hash string. I don't see how placement of the salt in the encoded salt+hash string matters. With either placement, the salt characters in the string will always match because crypt(3) is called with that stored salt. The fact that with salt placement at the beginning strcmp() actually does compare those characters before it gets to comparing H[0] doesn't affect anything, as far as I can see, assuming a char-by-char strcmp(). Am I missing something? Alexander _______________________________________________ cryptography mailing list cryptography(a)randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

[aprssig] Re: Commercial APRS Service
by None 06 Jul '18

06 Jul '18

And then too, of course, the "dramatic demonstration" from http://www.satsecurity.com/news103103.htm SAN DIEGO - October 31, 2003 -- Satellite Security Systems (S3), a global provider of asset security and logistics control, in cooperation with the California Highway Patrol (CHP) and InterState Oil Company, dramatically demonstrated the first wireless remote shutdown of a fully loaded moving petrochemical tanker truck. >From S3's headquarters in San Diego - 530 miles from the demonstration site - satellite communications were used to disable the truck in seconds, proving S3's GlobalGuardT and FleetGuardT a viable solution to the challenge of controlling rogue hazardous waste vehicles that could pose a threat to homeland security. The event, conducted on CHP Academy grounds in Sacramento and administered by the CHP, addresses ongoing concerns about the affordability of effective security technology, stealthiness of such a security device, and how GPS monitoring can be incorporated safely into law enforcement protocol. <snip> -- Neil Johnson http://www.njohnsn.com PGP key available on request.

1 0

for IP if you wish
by Carl E. Landwehr 06 Jul '18

06 Jul '18

Dave, The former Disruptive Technology Office has been merged into the newly formed IARPA -- Intelligence Advanced Research Projects Activity. We've also just released (via AFRL) updated language for the NICECAP BAA: A revision of the National Intelligence Community Enterprise Cyber Assurance Program (NICECAP) BAA (AFRL BAA-06-11-IFKA) has been released and is available at: http://tinyurl.com/yw7k9s A new focus area soliciting research on Privacy Protecting Technologies is added under the Accountable Information Flow thrust. White papers are due to AFRL November 2, 2007. Regards, --Carl ------------------------------------------- Archives: http://v2.listbox.com/member/archive/247/=now RSS Feed: http://v2.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0