============================================================ EDRI-gram biweekly newsletter about digital civil rights in Europe Number 4.7, 12 April 2006 ============================================================ Contents ============================================================ 1. Article 29 asks for safeguards on data retention 2. US wants access to retained traffic data 3. Free parental control software in France 4. Changes in the Slovenian Intelligence Agency Act 5. Lie detectors in Russian airports 6. UK teachers are spied in classrooms 7. Legal actions against file-sharers in Europe 8. Recommended reading 9. Agenda 10. About ============================================================ 1. Article 29 asks for safeguards on data retention ============================================================ Article 29 Data Protection Working Party has adopted its opinion on data retention directive as adopted by the Council on 21 February 2006, pointing out major criticism to the adoption and to the present text agreed by the Parliament. The Working Party recalls its previous concerns and reservations expressed in its last Opinion 113 of 21 October 2005 on the then draft Directive. The decision to retain communication data for the purpose of combating serious crime was considered as an unprecedented one that may endanger the fundamental values and freedoms all European citizens. The privacy experts consider of utmost importance that the Directive is implemented and accompanied in each Member State by measures protecting privacy. The Directive leaves room for interpretation and therefore adequate and specific safeguards are necessary to protect the vital interests of the individual, mainly the right to confidentiality when using publicly available electronic communications services. The Working Party also thinks the provisions of the Directive should be interpreted and implemented in a harmonised way and proposes a uniform, European-wide implementation of the Directive that would respect the highest level possible of personal data protection. This should also be done in order to reduce the considerable costs borne by the service providers when complying with the Directive. Article 29 is suggesting that the member states should implement adequate safeguards at least on Purpose specification, Access limitation, Data minimization, Data mining, Judicial/ independent scrutiny of authorized access, Retention purposes of providers, System separation and Security measures. The data retention directive is heavily criticized also by other privacy authorities. Peter Hustinx, the European data protection supervisor considered the lawmakers had not protected the privacy of Europeans. His opinion is that "The data retention directive - turned the rules upside down. We were not very pleased with that - we still think there is too little in terms of safeguards." Hustinx also stated: "I believe that politicians, people - you, I, everyone else - have to be aware of the real threats. At the same time, that is not going to justify disproportionate solutions - it is going to hurt the texture of trust and confidence... I think we have reached a point that more and more people start wondering whether legislation is getting excessive and that is a good thing. We have to build in safeguards and keep asking the question of 'is this necessary?'" Opinion 3/2006 on the Directive 2006/XX/EC on the retention of data processed in connection with the provision of public electronic communication services (25.03.2006) http://europa.eu.int/comm/justice_home/fsj/privacy/docs/wpdocs/2006/wp119_en. pdf Tech must not invade privacy, says EU data protection head (7.04.2006) http://www.silicon.com/0,39024729,39157943,00.htm EDRI-gram : Opinion EU privacy authorities on data retention (17.11.2004) http://www.edri.org/edrigram/number2.22/dataretention EDRI-gram : Renewed rejection of data retention by European institutions (5.10.2005) http://www.edri.org/edrigram/number3.20/retention ============================================================ 2. US wants access to retained traffic data ============================================================ Unites States has indicated in a recent meeting with the EU Council that it will be interested in accessing the traffic data collected by the European countries according with the recent Directive on Data Retention. Also the US officials expressed concerns over the draft Framework Decision on Data Protection. During the EU-US informal High Level meeting on Freedom, Security and Justice on 2-3 March 2006, in Vienna, the US officials mentioned in the context of fighting terrorist use of Internet that they were "considering approaching each Member State to ensure that the data collected on the basis of the recently adopted Directive on data retention be accessible to them." The Presidency and the Commission replied that these data were accessible like any other data on the basis of the existing MLA agreements (bilateral as well as EU/US agreement). The Commission would convene an expert meeting on this subject. During the same meeting the US officials lobbied against the provisions in article 15 of the proposal for a framework decision on the protection of personal data processed in the third pillar. " US side expressed serious concerns about the negative impact that the draft Framework Decision on data protection would have on its bilateral relations with Member States if it was to be adopted in its present form (see in particular Article 15 of the draft). The Presidency indicated that agreements already concluded would not be affected by the new legislation. In addition, Member States were divided on the need for such a provision." Article 15 refers to Transfer to competent authorities in third countries or to international bodies. The Proposal for a Council Framework Decision on the protection of personal data processed in the framework of police and judicial co-operation in criminal matters was initiated in October 2005 when a draft version was sent to the Council. Opinions on the draft have been received from the European Data Protection Supervisor, Conference of European Data Protection Authorities and European member countries. A new version of the Decision, still under discussion within the Multidisciplinary group on organised crime (MDG) - Mixed Committee, was published by Statewatch at the end of March 2006. The conclusions of the G6 of interior ministers of the EU call for a rapid adoption of the framework decision on the sharing of information under the availability principle in police and judicial cooperation in criminal matters, i.e. without waiting for the third pillar data protection framework decision. This would constitute a serious unbalance with regard to the processing of personal information under the third pillar. Tony Bunyan, Statewatch editor, commented " in other words state agencies should be allowed to exchange information and "intelligence" without any data protection rights for the individual being in place." EU Council: Report of the EU-US informal High Level meeting on Freedom, Security and Justice on 2-3 March 2006 in Vienna (27.03.2006) http://www.statewatch.org/news/2006/apr/eu-us-jha-7618-06.pdf Data Protection, EU doc no 6450/1/06, REV 1 (23.03.2006) http://www.statewatch.org/news/2006/mar/eu-dp-coun-draft-pos-6450-rev1-06.pd... EDRI-gram : Draft directive data protection in EU police co-operation (21.09.2005) http://www.edri.org/edrigram/number3.19/dataprotection Conclusions of the Meeting of the Interior Ministers of France, Germany, Italy, Poland, Spain and the United Kingdom, Heiligendamm (23.03.2006) http://www.statewatch.org/news/2006/mar/06eu-interior-minister-conclusions.h... m ============================================================ 3. Free parental control software in France ============================================================ As a result of the agreement signed between the French ISPs and the Ministry of the Family on 16 November 2005, starting with 1 April 2006, most of the ISPs started providing a free of charge parental control software to their subscribers. The agreement signed between ISPs and the French authorities has followed strong protests relayed in the media, after EDRi-member IRIS unveiled in September 2005 the intention of the government to impose by law "by default" filtering by ISPs for the purpose of parental control. After this, the intentions of the government have been downsized excluding " by default" parental control installed by the ISP. The current agreement still raises many concerns, especially since no real information is provided on the software and its criteria. Starting with 1 April 2006 new subscribers will have the software included in the connection kit with a window opening automatically on the software. Previous complaints addressed the lack of simple access to such kind of software as well as to their insufficient efficiency. For the old subscribers, the ISPs will develop an information campaign through e-mails, newsletters and on their home pages and those interested will be able to get the software from their access provider's site. Several providers are already in the position to provide the software while others are on the point of perfecting their parental control system. Providers like AOL, already advanced in this direction, can ensure various profiles according the child's age, with semantic filtering, more efficient than the URL filtering systems. Other providers like Wanadoo are clearly asking any new subscriber, when installing the connection kit, whether the filtering software should be installed or not. As regards to the software it seems that many ISPs are using the one developed (and updated with lists) by a Spanish company, Optenet. This company has signed a contract with the French Ministry of Education last April. Meryem Marzouki from EDRi-member IRIS notes that "very little information is provided to the user about who chooses the predefined white and black lists, according to which criteria etc. Also, no information is provided on the "plain language" analysis of websites, which are neither on white lists nor on black lists. " The ISPs filter more the Internet (in French only, 4.04.2006) http://www.01net.com/editorial/311150/securite/les-fai-filtrent-plus-net/ Mandatory and free of charge parental control on the Internet (in French only, 16.11.2005) http://www.01net.com/article/295101.html Automatic filtering of contents : the moral order toughens (in French only, 16.09.2005) http://www.iris.sgdg.org/info-debat/comm-filtrage0905.html ============================================================ 4. Changes in the Slovenian Intelligence Agency Act ============================================================ The proposed changes of Slovenian Intelligence Agency Act (ZSOVA) raised questions about its unconstitutionality. The government would like to exclude the current 6-month limitation for use of special operative methods, e.g. mail monitoring, recording of telephone conversations etc. The Government invoked cooperation with EU and NATO in the fight against terrorism as the reason for the proposed changes. There are two main changes being proposed. According to the first one, the competence to ordain measures that invade individual's information privacy would be transferred from the president of Ljubljana Circuit Court to the president of the Slovenian Supreme Court. Legal experts find this solution better, but still not optimal, as the decision-making is still in the hands of one single person. A panel of 3 Supreme Court judges would be a better option. The second and most important change is the exclusion of the current 6-month limitation for the concentrated and continuous monitoring of telecommunications. If the proposed changes pass through the Parliament, the Slovenian Intelligence agency (SOVA) will theoretically be able to perform surveillance over individual's communications for months, years or even decades. Under the current legislation, SOVA may monitor written correspondence and record telephone conversations (of individuals that may pose a threat for national security) for the maximum period of 3 months. Exceptionally, the duration of surveillance may be extended for a month each time, but the total duration must not exceed 6 months. According to the proposed changes to the Slovenian Intelligence Agency Act, the President of Slovenian Supreme Court would be authorised to extend the duration of measures for another 3 months each time, without any limitation of total duration. According to Goran Klemencic from the Faculty of Criminal Justice and Security, the proposed change violates article 37 of the Slovenian Constitution, which says that encroachment upon individual's right to privacy of correspondence and other means of communication may "be suspended for a period of time where it is so necessary for criminal proceedings or national security." Besides, Klemencic says that such a solution would also be disproportionate (regardless of court warrant), as "it cannot be admissible that law enables unlimited concentrated surveillance of an individual". This act broadens the power of the Slovenian Military Intelligence Agency, as well. The government wants the Parliament to discuss and pass the proposed changes using the quick procedure option, where the possibilities for extending discussions and filing amendments are vastly reduced. Longer time of secret surveillance? (only in Slovenian, 14.03.2006) http://www.privacyblog.net/index.php?p=151 Changes to Slovenian Intelligence Agency Act - Will SOVA be able to perform continuous eavesdropping (only in Slovenian, 16.03.2006) http://www.slo-tech.com/script/forum/izpisitemo.php?threadID=211601#neprebra... o Contestable Slovenian Intelligence Agency Act (only in Slovenian, 14.03.2006) http://24ur.com/bin/article.php?article_id=3070870 (Contribution by Aljaz Marn, EDRI observer, privacyblog.net, Slovenia) ============================================================ 5. Lie detectors in Russian airports ============================================================ Lie detectors will be used in Russian airports as part of the security measures starting with July 2006. Meant to identify terrorists or other types of criminals, a lie-detecting device developed in Israel, known as "truth verifier," will be first introduced in Moscow's Domodedovo airport as early as July. The technology, already used by UK insurance companies, is said to be able to detect answers coming from imagination or memory. The passengers will use a handset to answer four questions right after the X-ray check of luggage and shoes and in the beginning, only the suspicious passengers will take the test. Those failing the test will be further on interrogated in a separate cubicle as Vladimir Kornilov, the IT director for East Line, said. Eventually the procedure will be used for all passengers. Officials state that the process should not exceed a minute per passenger. Airline passengers face lie detector tests (6.04.2006) http://www.telegraph.co.uk/news/main.jhtml?xml=/news/2006/04/06/wlie06.xml ============================================================ 6. UK teachers are spied in classrooms ============================================================ Teachers protest against the installation of 50 CCTV systems with microphones in UK schools, used as surveillance measures by the school management. While observation in class was supposed to help teachers in improving their performances, the headmasters, who have also used two-way mirrors to survey the teachers, grade them according to the way they perform in class under observation. TES (The Times Educational Supplement) reported on 7 April that teachers were being "observed to death" and that surveillance was being used more like a punishment. Observed lessons are often graded on a scale of outstanding to poor. The National Association of Schoolmasters Union of Women Teachers (NASUWT), the largest teachers' union in UK, has proposed a conference motion to use "all means necessary" to stop the "yet another example of management bullying". NASUWT survey has found out that one in five teachers was observed more than six times last year. The union also expressed disagreement on the short notice given to some teachers on the installation of surveillance devices. Mary Bousted, general secretary of the Association of Teachers and Lecturers (ATL), said she had met an Oxford graduate having quitted teaching after only a year for having been officially observed at least once every three weeks,". Heads spy on teachers (10.04.2006) http://www.theregister.co.uk/2006/04/10/cctv_teachers/ Teachers revolt against spy in the classroom (7.04.2006) http://www.tes.co.uk/2216214 ============================================================ 7. Legal actions against file-sharers in Europe ============================================================ About 2000 new legal actions are taken in 10 countries by the International Federation of Phonographic Industry (IFPI) against file-sharers amounting now to a total number of 5500 cases outside US. IFPI persists in its actions against uploaders, stating it targets persistent file-sharers, who typically upload thousands of music files. "The campaign started in major music markets where sales were falling sharply; now these legal actions have spread to smaller markets." said John Kennedy, the chairman and chief executive of IFPI. In UK only, where the music industry states a loss of over #1.1bn over the last three years, there are 153 ongoing cases. The first cases have occurred in Portugal as well where the IFPI states sales of tradition al music formats have fallen by 40% in the last four years. Geoff Taylor, IFPI general counsel and executive vice president said the action was aimed at uploaders, but downloaders had to be reminded that their actions were also illegal and also predicted that the copyright owners would go after ISPs as well as users. The IFPI is also keen in warning parents that they are responsible for their children's online activities. As an example, last year Sylvia Price was fined #2,500 after her 14-year-old daughter was accused of sharing music on the internet. If the IFPI wins the cases, the defendants could end up paying several thousand euros. On average, those settling with the IFPI pay around 2,633 euros. Although the industry says that these cases are helping to win the war on illegal file-sharers and are encouraging people to use legal services, a report suggests that illegal downloads keep growing in spite of the legal risks. IFPI bases its actions on a report made by Jupiter Research stating 35% illegal file-sharers have reduced and even stopped while only 14% of them increased their activity and the legal actions were the main reasons for those who stopped their illegal music consumption. However, XTN data, a research firm, suggested in its report that fear of legal action was the least effective in encouraging people to use commercial services and that more efficient measures would be cheaper prices, the removal of digital rights management (DRM), and more user-friendly services. "Clunky software, difficulty in finding tracks and over zealous protection limiting where customers can play music they've bought are continuing to fuel file-sharing," said Greig Harper, founder of XTN Data. He also said: "We're the only big, anonymous UK survey - I'd be surprised if people were so honest to an organisation interested in suing them. There are probably seven million people in the UK file sharing to some extent, even if it's just picking up a track once a month, so legal action against so many people isn't really a realistic option." File-sharers face legal onslaught (4.04.2006) http://news.bbc.co.uk/2/hi/technology/4875142.stm 2000 cases against the P2P-ers (in French only, 5.04.2006) http://www.ratiatum.com/news3002_2000_plaintes_contre_des_P2Pistes.html U.K. music biz vexed by file sharing (4.04.2006) http://news.com.com/2100-1025_3-6057571.html Thousands more file sharers sued (4.04.2006) http://www.theregister.co.uk/2006/04/04/ifpi_sues_more_people/ ============================================================ 8. Recommended reading ============================================================ Racism, Racial Discrimination, Xenophobia and all forms of Discrimination: Comprehensive Implementation of and follow-up to the Durban Declaration and Programme of Action - Report of the Intergovernmental Working Group on the effective implementation of the Durban Declaration and Programme of Action on its fourth session. The report contains the all presentations, discussions, conclusions from the Chair and final recommendations from the High Level Seminar on Racism and the Internet that took place during 16-17 January 2006. Full report (20.03.2006) http://www.ohchr.org/english/bodies/chr/docs/62chr/E.CN.4.2006.18.pdf EDRI-gram : Combating Racism on Internet http://www.edri.org/edrigram/number4.2/internetracism ============================================================ 9. Agenda ============================================================ 12 April 2006, Dublin, Ireland Royal Irish Academy "Enabling Open Access to Scientific Data and Information within the Modern Knowledge Economy; the Case for a Scientific Commons" http://www.codataweb.org/codata-ria/ 15 April 2006, Deadline funding applications Civil rights organisations and initiatives are invited to send funding applications to the German foundation 'Bridge - B|rgerrechte in der digitalen Gesellschaft'. A total of 15 000 euro is available for applications that promote civil rights in the digitised society. http://www.stiftung-bridge.de 21-23 April 2006, Yale Law School, USA Access to Knowledge Conference Yale Information Society Project http://islandia.law.yale.edu/isp/a2kconfmain.html 27-28 April 2006, Washington, USA IP Disputes of the Future - TACD This conference will ask what will be the IP disputes in new fields of technology, and how advances in biotechnology and information technologies will change the nature of IP disputes. http://www.tacd.org/docs/?id=287 30 April - 2 May 2006, Hamburg, Germany LSPI Conference 2006 The First International Conference on Legal, Security and Privacy Issues in IT http://www.kierkegaard.co.uk/ 2-5 May 2006, Washington, USA CFP2006 The Sixteenth Conference on Computers, Freedom & Privacy http://www.cfp2006.org 3-6 May 2006, Wiesbaden, Germany LinuxTag - Europe's biggest fair and congress around free software http://www.linuxtag.org 10 May - 23 July 2006, Austria Annual decentralized community event around free software lectures, panel discussions, workshops, fairs and socialising http://www.linuxwochen.at 19 - 23 May 2006, Geneva, Switzerland A new round of consultations on the convening of the Internet Governance Forum will be held at the United Nations in Geneva on 19 May. The consultations will be followed by a meeting of the IGF Advisory Group on 22 - 23 May 2006. http://www.intgovforum.org 19-20 May 2006, Florence, Italy E-privacy 2006 Trusted Computing, Data retention: privacy between new technologies and new laws. The central theme of this year's edition is data retention, but several interventions on other relevant aspects of privacy protection are planned, including Trusted Computing and the new issues raised by the draft reform of Italian Criminal Law, with specific reference to Cybercrime. http://e-privacy.firenze.linux.it 20 May 2006, Florence, Italy Big Brother Award Italia 2006 Nominations accepted until 21 April 2006 http://bba.winstonsmith.info 21 June 2006, Luxembourg Safer Internet Forum 2006 Focus on two topics: "Children's use of new media" and "Blocking access to illegal content: child sexual abuse images" http://europa.eu.int/information_society/activities/sip/si_forum/forum... 26-27 June 2006, Berlin, Germany The Rising Power of Search-Engines on the Internet: Impacts on Users, Media Policy, and Media Business http://www.uni-leipzig.de/journalistik/suma/home_e.html 16 - 28 July 2006, Oxford, UK Annenberg/Oxford Summer Institute: Global Media Policy: Technology and New Themes in Media Regulation Application deadline 1 May 2006. http://www.pgcs.asc.upenn.edu/events/ox06/index.php 2-4 August 2006, Bregenz, Austria 2nd International Workshop on Electronic Voting 2006 Students may apply for funds to attend the workshop until 30 June 2006. http://www.e-voting.cc/stories/1246056/ =========================================================== 10. About =========================================================== EDRI-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRI has 21 members from 14 European countries and 5 observers from 5 more countries (Italy, Ireland, Poland, Portugal and Slovenia). European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRI-grams. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and visibly on the EDRI website. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 2.0 License. See the full text at http://creativecommons.org/licenses/by/2.0/ Newsletter editor: Bogdan Manolea <edrigram@edri.org> Information about EDRI and its members: http://www.edri.org/ - EDRI-gram subscription information subscribe by e-mail To: edri-news-request@edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. unsubscribe by e-mail To: edri-news-request@edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/index.php?option=com_content&task=view&id=626 &Itemid=4&lang=mk - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask <edrigram@edri.org> if you have any problems with subscribing or unsubscribing. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]