============================================================ EDRi-gram biweekly newsletter about digital civil rights in Europe Number 9.12, 15 June 2011 ============================================================ Contents ============================================================ 1. European Commission consults with civil society on data retention 2. Irish "three strikes" system investigated by Data Protection Commissioner 3. European Commission consultation on IPR enforcement 4. UK: The Home Office's Prevent Strategy includes Internet filtering 5. Facebook's face recognition raises privacy complaints 6. Germany: Police statistics prove data retention superfluous 7. Big Brother Awards Italy 2011 8. ENDitorial: Hello CIRCAMP web blocking, goodbye democracy 9. Recommended Action. Smart meters: Let's be clever and team up 10. Recommended Reading 11. Agenda 12. About ============================================================ 1. European Commission consults with civil society on data retention ============================================================ Last week, the European Commission held the first of its series of consultation meetings with different groups of stakeholders on the revision of the infamous Data Retention Directive. The first meeting was with the "civil society", including representatives of industry and one lobbying company representing unspecified clients. The meeting was originally intended to address the details of the Directive. However, civil society representatives broadly took the view that it was impossible to have a coherent discussion on the Directive itself, if the Member States were going to fail to provide credible data to the Commission for its decision-making process. As evidenced by the Commission's Implementation Report, there is simply not enough data available from the Member States to show that the Directive is "necessary" (the minimum requirement for it to be legal). Participants at the meeting felt that if the Commission was going to be forced to defend the Directive using anecdotes about the use of data that would have been retained even in the absence of the Directive, the whole process, including the consultations, would be undermined. In particular, participants requested that the Commission only used information from Member States related to data stored under the Directive. Also older data should be considered "necessary" only if the delay in accessing the data could have been avoided through better police cooperation. The Commission asked for an expert from the Council of Europe to present a law enforcement view of the relative merits of data retention and data preservation. The expert, from the Serbian police, explained that long-term retention of data is the only solution and compared the proportionality of retaining vast amounts of data in relation to innocent and unsuspected citizens to trawling the Danube to find a dead body. The fact that the river is big is not a reason not to find the body. It was unclear who he was representing at the meeting. Despite that, the overall feeling is that the meeting was productive. The concerns raised appear to have been taken on board by the Commission, which will take our demands to their meeting with the law enforcement authorities and the communications industry. Participants also appreciated the willingness of the Commission to acknowledge the fact that political decisions have already been taken on the dossier and the Commission's promise that a serious evaluation of data preservation would be included in the upcoming impact assessment. The Commission has the unenviable task of trying to extract the necessary data from the Member States and the probably impossible task of producing a revised legislative proposal which is both legal and which will not end up gathering dust on a shelf in the Council of Ministers after being vetoed by certain large Member States. European Commission Data Retention Evaluation Report (18.04.2011) http://ec.europa.eu/commission_2010-2014/malmstrom/archive/20110418_data_ret... EDRi Shadow Report (17.04.2011) http://www.edri.org/files/shadow_drd_report_110417.pdf Panoptykon Foundation article on the meeting (only in Polish, 10.06.2011) http://www.panoptykon.org/wiadomosc/pomieszanie-jezykow-komisja-europejska-r... (Contribution by Joe McNamee - EDRi ) ============================================================ 2. Irish "three strikes" system investigated by Data Protection Commissioner ============================================================ The Irish Data Protection Commissioner is investigating the Eircom / music industry three strikes system, a report in the Sunday Times has revealed. According to the story by Mark Tighe, predictions that Eircom would end up falsely accusing innocent users have now proved correct, with over 300 users wrongfully being sent a "first strike" letter accusing them of sharing music. Eircom have admitted to the mistakes, stating that "this was due to a software failure caused when the clocks went back last October". However, far from being a technical sounding "software failure", this appears to show up failings in relation to a very basic aspect of network management - i.e. making sure that the server clock reflects daylight savings time. As a result, it seems that users found themselves being accused on the basis of what somebody else did from the same IP address either an hour earlier or an hour later. Consequently, the users who were wrongfully accused should consider themselves lucky that this incompetence did not lead to their being accused of a serious crime - for example, being arrested and having their homes searched due to the wrong time being used (as has previously happened e.g. to a number of Indian users). The significance of this case goes well beyond simple technical failings however, as the complaint to the Data Protection Commissioner has triggered a wider investigation of the legality of the entire three strikes system. According to the Sunday Times, "the DPC said it was investigating the complaint 'including whether the subject matter gives rise to any questions as to the proportionality of the graduated response system operated by Eircom and the music industry'." This is unsurprising. When the Eircom / music industry three strikes settlement was being agreed, the Data Protection Commissioner identified significant data protection problems with it. These problems remain, notwithstanding the deeply flawed High Court judgement which permitted the parties to operate the system - a judgement which, for example, decided on the question of whether or not IP addresses are personal data without once considering the views of the Article 29 Working Party. The Data Protection Commissioner was not convinced by that judgement (it was problematic at least in part because the Commissioner was not represented - the only parties before the court had a vested interest in the system being implemented). However, until a concrete complaint arose no further action could be taken. The complaint in this case has now triggered that action, and it seems likely that the Commissioner will reach a decision reflecting his previous views that using IP addresses to cut off customers' internet connections is disproportionate and does not constitute "fair use" of personal information. If so, the Commissioner has the power and indeed the duty to issue an enforcement notice which would prevent Eircom from using personal data for this purpose - an outcome which would derail the three strikes system unless Eircom successfully challenges that notice before the courts, or unless the music industry were to succeed in its campaign to secure legislation introducing three strikes into Irish law. Eircom investigated after falsely accusing customers of piracy (5.05.2011) http://www.thesundaytimes.co.uk/sto/news/ireland/article642095.ece Data Protection Commissioner investigating Eircom's "three strikes" system (11.06.2011) http://www.tjmcintyre.com/2011/06/300-false-accusations-data-protection.html (Contribution by TJ McIntyre - EDRi-member Digital Rights Ireland) ============================================================ 3. European Commission consultation on IPR enforcement ============================================================ Last week, the European Commission organised an open consultation on "Directive 2004/48/EC on the enforcement of intellectual property rights: Challenges posed by the digital environment". The meeting opened with initial presentations from Jonathan Faull, Director General of the Internal Market Directorate General of the Commission, Margot Frvhlinger, Director of the Copyright Directorate of the Commission and Bryan Cassidy of the Economic and Social Committee. The Commission then made a presentation of the not yet final summary of the consultation on the IPR Enforcement Directive. The consultation generated 165 replies from individual citizens and 297 replies from organisations were received within the deadline. The main trends were that: - Member States were divided between wanting the Directive to be updated and believing that the legislation has not been in place long enough to be properly analysed. Eight believe that ISP liability should be increased while seven believe that it should not change; - Rightsholders are keen to separate liability from the right to impose injunctions (as a method of circumventing the safeguards in the E-Commerce Directive, which are restricted to situations where ISPs are subject to liability for content). Oddly, the Commission's view of all of the replies from user groups was that end users did not like increased ISP liability because of fears regarding costs (and not the dangers that this creates for privacy, freedom of expression, net neutrality, innovation and competition) During the presentations, rightsholder groups variously suggested comprehensive policing of the Internet by ISPs, extra-judicial blocking and takedown of content, mass surveillance via deep packet inspection and using the domain name system to police and "remove" content. Various consumer and citizens' organisations, including EDRi, raised a variety of questions about the approach of the rightholder groups, in particular: - the appropriateness of permitting, encouraging or coercing Internet intermediaries to police online communications; - the extent to which the legitimacy of current copyright law is definitively broken, as indicated by the apocalyptic levels of infringements described by the rightholders; - the wider costs (also for rightholders) for openness and innovation on the Internet as a result of ISPs being forced into a "gatekeeper" role; - the fact that rightholders groups are simultaneously fighting against measures that would lead to more legal offers, such as a "one stop shop" for rights clearance and then complaining about the infringements that are caused by a lack of legal offers; - the over-reliance on dubious studies on the impact of infringements, which often use questionable methodology and overlook numerous credible studies that present a very different picture including the report from the HADOPI authority itself, which shows that "pirates" spend the most money on cultural goods; - the need to address the issue of exceptions and limitations to copyright to ensure a more balanced and innovative environment. None of these points were addressed to any significant extent by the rightholder groups. This, together with the very clear message to the Commission that work on a revision of the Directive must take account all the available research, left a very positive impression that the outcome of the meeting had been a forceful communication of the views of civil society and a better awareness of the lack of balance of the approach to date. EDRi response to the IPRED consultation http://www.edri.org/files/edri_ipred_110331.pdf European Commission web page on IPR enforcement http://ec.europa.eu/internal_market/iprenforcement/directives_en.htm EDRi study on the side from self-regulation to corporate censorship http://www.edri.org/files/EDRI_selfreg_final_20110124.pdf (Contribution by Joe McNamee - EDRi) ============================================================ 4. UK: The Home Office's Prevent Strategy includes Internet filtering ============================================================ The UK Home Office has recently published its new version of the Prevent Strategy aimed at countering terrorism, which includes worrying suggestions about the necessity of Internet filtering. Besides the fact that one can read in the Prevent Strategy that "Internet filtering across the public estate is essential", the document also suggests the Home Office's intention to consider "the potential for violent and unlawful URL lists to be voluntarily incorporated into independent national blocking lists, including the list operated by the Internet Watch Foundation". The document seems to ignore issues related to transparency, censorship or accountability as well as the technical and financial consequences, in one more attempt to solve a series of social problems by blocking access to the Internet as the source of all evils. The strategy takes no consideration of the fact that, as UN Special Rapporteur Frank La Rue pointed out in his Report on the promotion and protection of the right to freedom of opinion and expression, website blocking would be a violation of rights to freedom of expression. Furthermore, what is even more worrying is the tendency towards ignoring legal means in establishing the unlawfulness of a site and blocking it. The strategy says nothing about the legal process leading to blocking the access to a site - quite the contrary, there seems to suggest the need for collaboration between law enforcement authorities and the Internet industry that would result in voluntary removal on Internet content. "This work will require effective dialogue with the private sector and in particular the internet industry. It will also require collaboration with international partners: the great majority of the websites and chat rooms which concern us in the context of radicalisation are hosted overseas," says the strategy report. Moreover, according to the strategy report, TACT (the Terrorism Act) allows the Government to charge website owners with encouraging terrorism and publishing terrorist information if they do not remove unlawful content. "TACT provides that those served with notices who fail to remove, without reasonable excuse, the material that is unlawful and terrorism-related within a specified period are treated as endorsing it." As many freedom advocates have several times emphasised, blocking access to Internet sites is no real solution in preventing harms, while affecting, at the same time, the users' rights to freedom of expression and access to information. Censorship of the Internet is also suggested by Reg Bailey, Chief Executive of the UK Mothers Union, who has recently published a series of worrying recommendations for privacy and confidentiality of communications. In his "Letting Children be Children - Report of an Independent Review of the Commercialisation and Sexualisation of Childhood", Bailey suggests making it easier for parents to block adult and age-restricted material from the Internet by providing "a consistent level of protection across all media" and that, "as a matter of urgency, the internet industry should ensure that customers must make an active choice over what sort of content they want to allow their children to access". The implication of Bailey's report, which seems to entirely disregard the censorship issues and the technical implications of the measures proposed, is that the entire UK telecom industry should impose communications surveillance, with Internet users forced to "opt out" of the censorship. "Specifically, we would like to see industry agreeing ... that when a new device or service is purchased or contract entered into, customers would be asked to make an active choice about whether filters should be switched off or on: they would be given the opportunity to choose to activate the solution immediately, whether it be network-level filtering by an ISP or pre-installed software on a new laptop." Again, the most unrealistic measures are being considered because they are, apparently, the simplest, in an attempt to eliminate the symptoms and not the causes. Real measures such as the education and supervision of children by their parents don't really seem to be encouraged. Home Office - Prevent Strategy http://www.homeoffice.gov.uk/counter-terrorism/review-of-prevent-strategy/ Home Office Prevent strategy claims: 'Internet filtering is essential' (10.06.2011) http://www.openrightsgroup.org/blog/2011/prevent-strategy-claims:-internet-f... UK 'blacklist' of terrorist-supporting websites should be developed, Government says (8.06.2011) http://www.out-law.com/page-11988 Media industry relaxed over Bailey report on sexualisation of children (7.06.2011) http://www.guardian.co.uk/media/2011/jun/07/media-industry-bailey-report-sex... Mothers Crawl Into Bed with Big Brother (7.06.2011) https://nodpi.org/2011/06/07/mothers-crawl-into-bed-with-big-brother/ UN - Human Rights Council - Report of the Special Rapporteur on thepromotion and protection of the right to freedom of opinion and expression, Frank La Rue (16.05.2011) http://www2.ohchr.org/english/bodies/hrcouncil/docs/17session/A.HRC.17.27_en... ============================================================ 5. Facebook's face recognition raises privacy complaints ============================================================ Facebook has again been criticised by privacy advocates for its facial recognition feature that has recently been added to the social networking service, world-wide, without any previous announcement to its users. Facebook users have the possibility to 'tag' themselves and their friends in the photos they upload to the site with pop-up captions that identify the people in the respective pictures. The new face recognition feature, which was launched in 2010 in US, now suggests automatically the names of people featured in photos uploaded by users. "Once again, Facebook seems to be sharing personal information by default," said Graham Cluley of IT security firm Sophos who added: "Many people feel distinctly uncomfortable about a site like Facebook learning what they look like, and using that information without their permission. (...) Most Facebook users still don't know how to set their privacy options safely, finding the whole system confusing. It's even harder though to keep control when Facebook changes the settings without your knowledge. (...) The onus should not be on Facebook users having to 'opt-out' of the facial recognition feature, but instead on users having to 'opt-in'. Yet again, it feels like Facebook is eroding the online privacy of its users by stealth." Facebook replied that the users could alter their settings so that their name would not be suggested for tagging. Beth Givens, director of the Privacy Rights Clearinghouse, considered that Facebook should have rather included an "opt-in" system for its users rather than applying an automatic tagging, letting them decide if they wanted the feature in the first place. The Electronic Privacy International Center (EPIC) has organised a complaint to the Federal Trade Commission in the US and asked several other privacy groups to sign it. Marc Rotenberg, president of EPIC, said the system raised questions related to personally identifiable information, such as email addresses, that would be associated with the photos in Facebook's database. The UK Data Protection Authority (Information Commissioner's Office - ICO) also made an official statement on the matter asking Facebook to tell users how they use personal information stored about them. "The privacy issues that this new software might raise are obvious and users should be given as much information as possible to give them the opportunity to make an informed choice about whether they wish to use it. We are speaking to Facebook about the privacy implications of this technology," the ICO said. Facebook's new feature will be studied by ICO, but also by the Article 29 Working Party. "Tags of people on pictures should only happen based on people's prior consent and it can't be activated by default," said Girard Lommel, a Luxembourg member of the Working Party who added that automatic tagging suggestions "can bear a lot of risks for users" and the European data protection officials would "clarify to Facebook that this can't happen like this." Having in view the reactions, Facebook admitted it had not handled the situation properly. "We should have been more clear with people during the roll-out process when this became available to them," was the company statement of 8 June. The company has added an option letting users opt out of the new feature, though it did not alert them when the new feature took effect or when the option was added. Facebook hit by privacy complaints (9.06.2011) http://www.ft.com/cms/s/2/00b50d52-9253-11e0-9e00-00144feab49a,dwp_uuid=9a36... Data protection watchdogs to probe Facebook about its use of facial recognition technology (9.06.2011) http://www.out-law.com/page-11992 Facebook 'Face Recognition' Feature Draws Privacy Scrutiny (8.06.2011) http://www.nytimes.com/2011/06/09/technology/09facebook.html?_r=2&partner=rss&emc=rss Facebook criticised for not telling users about new facial recognition feature (8.06.2011) http://www.out-law.com/page-11987 Facebook in new privacy row over facial recognition feature (8.06.2011) http://www.guardian.co.uk/technology/2011/jun/08/facebook-privacy-facial-rec... ============================================================ 6. Germany: Police statistics prove data retention superfluous ============================================================ The national crime statistics recently published by Germany's Federal Crime Agency reveal that after the policy of blanket telecommunications data retention was discontinued in Germany due to a Constitutional Court ruling on 3 March 2010, registered crime continued to decline and the crime clearance rate was the highest ever recorded (56,0%). Indiscriminate and blanket telecommunications data retention had no statistically relevant effect on crime or crime clearance trends. These findings confirm the position of more than 100 organisations in Europe that are opposing the EU policy of mass retention of telecommunications data, calling it unnecessary and disproportionate. The statistics refute the myth spread by certain politicians and police representatives that the Internet is "a lawless space" in the absence of mass retention of telecommunications data of non-suspects. Even without such a policy of blanket data retention, the German police achieved a clearance rate of nearly three out of four Internet offences (71%) in 2010, exceeding by far the average clearance rate for crimes committed without any use of the Internet (55%). Regarding other European countries, the Scientific Services of the German Parliament have recently analysed "the practical effects of data retention on crime clearance rates in EU Member States" and have come to the following conclusion: "In most States crime clearance rates have not changed significantly between 2005 and 2010. Only in Latvia did the crime clearance rate rise significantly in 2007. However, this is related to a new Criminal Procedure Law and is not reported to be connected to the transposition of the EU Data Retention Directive." "Since crime clearance trends are completely unaffected by the retention of communications data of non-suspects, there is no justification for the EU's "big brother" policy of collecting telecommunications data on all 500 million EU citizens", explains Florian Altherr, member of the German Working Group on Data Retention. "Ninety-eight percent of citizens are never suspected of any wrongdoing. The right of protection of their personal data from unjustified suspicion, data abuse and data loss due to data retention policies must prevail. The EU must respect its Charter of Fundamental Rights and give up its failed experiment of total data retention immediately." "In light of these new crime statistics, the irresponsible campaign of fear and continued scaremongering by some politicians after the annulment of the German data retention law finds no justification in reality", says Michael Ebeling of the German Working Group on Data Retention. "The truth is that with targeted investigations of suspects we live just as safely as we would with a policy of indiscriminate retention of all communications data. The endless exaggeration and emotionally charged descriptions of isolated cases combined with a massive media campaign is both misleading and unethical. In my view this is nothing less than a populist defence of the most privacy invasive and unpopular surveillance measure ever adopted by the EU." German police statistics prove telecommunications data retention superfluous (6.06.2011) http://www.vorratsdatenspeicherung.de/content/view/455/79/lang,en/ EDRi-gram: German study finds the data retention ineffective (9.02.2011) http://www.edri.org/edrigram/number9.3/telecom-data-retention-ineffective-ge... (Thanks to AK Vorrat - Germany) ============================================================ 7. Big Brother Awards Italy 2011 ============================================================ The winners of the Big Brother Awards Italy 2011 were designated on 3 June 2011, in Florence, on the occasion of the e-privacy conference 2011. Facebook was the "star" of the awards being nominated for several categories and won the price for the "Most Invasive Technology". The "Lament of the People" award was not given this year, as the votes were equally split between Telecom Italia, Facebook and the Ministry of Internal Affairs. "Worst Public Agency" was again a tie between Facebook and Sony Entertainment Systems which received an equal number of votes. PEC and CEC-PAC (certified electronic mail), as normative and legal obligation, received the award for the "Worst Public Agency" as the most damaging for people's privacy. The positive "Winston Smith - Privacy Hero" price was received by Stefano Rodota for his work to the legislative proposal for the modification of Constitution Article 21. Big Brother Awards Italy 2011 (only in Italian) http://bba.winstonsmith.org/ Big Brother Awards Italy: all the winners (only in Italian, 6.06.2011) http://punto-informatico.it/3182022/PI/News/big-brother-awards-italia-tutti-... ============================================================ 8. ENDitorial: Hello CIRCAMP web blocking, goodbye democracy ============================================================ Late in 2010, with the issue of web blocking still being discussed in the European Parliament, the European Commission decided, with complete disregard for the outcome of the democratic process on this issue, to invest a further 324 059 Euro in the COSPOL Internet Related Child Abuse Project (CIRCAMP). The purpose of the CIRCAMP project is to lobby for internet blocking in the European Union, both at an EU and a national level and to support its implementation. CIRCAMP promotes the use of blocking at a domain level (blocking a full domain such as yahoo.com rather than, for example yahoo.com/personalpage).The danger to innocent websites from this approach is growing, as a result of a trend identified by the Internet Watch Foundation of "individual offenders increasingly exploiting legitimate hosting services to publish images.". The inevitable blocking of innocent and entirely unrelated material as a result of such a primitive approach is sold as a positive advantage on the CIRCAMP website, which explains that "if a domain owner places, accidental or willingly, child abuse material on his/her domain, and it is blocked by the police, the blocking will not be lifted until the material is removed. We believe that this will motivate content providers on the Internet to actively make an effort to avoid files with child sexual abuse on their systems/services." Despite this overt support for domain-level blocking, in response to a parliamentary question, the Commission was mysteriously unaware of the activities of the project it has been funding for years and stated "the CIRCAMP project did not promote a specific level of blocking." CIRCAMP appears either unaware or indifferent to the fact that its analysis of its activities confuses basic concepts. Content providers (such asbloggers) and domain name owners (such as blogger.com) are entirely different. In a commercial environment, therefore, it is generally not the domain owner that is putting content on his/her domain, it is the company's customers. This leaves hosting companies with the threat of being blocked unless they seek to achieve an impossible level of permanent surveillance of their customers and delete anything that would risk the blocking system from being implemented - innocent or not. Therefore, in addition to entirely innocent material being deliberately blocked by the CIRCAMP system, it is highly likely that completely innocent material will be deleted to avoid an entire service from being blocked. As the Commission and pro-blocking lobbyists have explained, most people would hit the "blocking page" set up in such circumstances by accident. Thereforeo there's no need to worry if you happen to find yourself on such a page - the police, as usual, have no intention of undertaking investigations, the activity is kept at a purely superficial level. That said, despite the fact that the stop page is there to fight the unquantified problem of accidental access, the CIRCAMP website explains that, in most countries involved in CIRCAMP, ISPs hand over log files related to the end-users that "hit" the blocking page (once directly personally identifiable data has been removed). In particular, the CIRCAMP website explains that "the statistics from these logs will also provide an overview of the Internet usage related to child sexual abusive material in addition to information about search words, type of operating system, browser, time of day that most Internet users are redirected to the "stop page" etc. This will provide the police with the opportunity to have a qualified opinion about what their population look and search for, where on the Internet they originate, what time of day is most active and what kind of equipment they use." This volume of data means that, in the absence of directly identifiable data, there are still numerous ways that this data could be exploited to identify the individuals that are assumed innocent - such as via the search provider. It is difficult to imagine how it is possible for the European Commission to put such an amount of money into a process described this month by the UN, IACR, OSCE and ACHPR as an "extreme action that should only be taken in accordance with international standards" (which is clearly not the case in relation to CIRCAMP. It is difficult to imagine how the Commission can give a response to a parliamentary question on this issue which suggest that it either does not know or does not care about the collateral damage caused by CIRCAMP's support of domain level blocking. It is difficult to imagine why the Commission invests so much money in promoting and lobbying for blocking rather than investing in international efforts to investigate and prosecute the crimes directly. This does, however, explain why it is strongly opposing the European Parliament's proposal of a reporting obligation for the Commission to explain what it is doing internationally to deal with these crimes. International Human Rights organisations statement on blocking (1.06.2011) http://www.cidh.oas.org/relatoria/showarticle.asp?artID=848&lID=1 Internet Watch Foundation 2010 report http://www.iwf.org.uk/assets/media/annual-reports/Internet%20Watch%20Foundat... Parliamentary question: Internet blocking and child pornography (26.10.2010) http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//TEXT+WQ+E-2010-8... EDRi blocking booklet http://www.edri.org/files/blocking_booklet.pdf (Contribution by Joe McNamee - EDRi) ============================================================ 9. Recommended Action. Smart meters: Let's be clever and team up ============================================================ The European Union decided that 80% of all users are to have a smart meter in 2020. These instruments will then measure the consumption of gas and electricity. They can be integrated in a smart grid, a network of users and producers that ensures better tuning of supply and demand. When solar generators produce electricity, the washing machine can best do its work. This part sounds good? What about civil and digital rights? The issue is related since there are also potentially some undesirable effects attached to this new technology: Privacy: The government, electricity producers and/or others may gain access to detailed information about our energy use. The government may use this information for investigations about when you were home, if you have a new partner, if you lead a healthy life. You name it. Energy companies may decide to target you with specific advertisements or sell the information. In California, the energy company PG&E, smart meter producer GE and Google work together. Also, criminals can use the information to build a profile and ultimately use it for identity-theft, a once science fiction nightmare that for many became a reality. Look it up if identity-theft is an abstract word for you. Security: This is closely linked to privacy. A leaky system will reveal privacy data. In addition, the smart meter might give access to equipment inside the house like the connected PC. Hacking the smart grid can also give access to the light switch for the grid. By the way: smart meters can cut off your energy remotely. Electrosmog: With the authorities (WHO, Council of Europe) warning against electromagnetic radiation, the dangers of wireless technology might finally be taken seriously. Might. A smart meter can be equipped with wireless technology, like GPRS, "RF-meshed" or a separate, more secure protocol/frequency. Depending on the type of network and the information exchange rate, the radiation can be more or less serious for the health of humans, animals and plants. There is an alternative using wired technology. It's called PLC or Power Line Carrier. Italy has already implemented this system. These are a few of the issues that surround smart meters. We're in the early stages still. In Brussels, the representatives from all EU countries meet to decide on the technology and the demands for smart meters, including the rules and regulations. The zeal to implement the smart grid is staggering. For the Netherlands the whole issue started with a law proposal that would force every user to accept the smart meter. This came out when Vrijbit, a Dutch privacy organisation, and the Dutch Consumer NGO (Consumentenbond) read the small print. Those who would refuse the smart meter could face up to 6 months imprisonment. This brutal force was reason for the Senate to reject the law proposal. The revised law passed early this year. Now the Dutch pilot-implementation is planned by the start of 2012, comprising 400 000 smart meters in 2 years. After the evaluation in the parliament (end 2013), the final roll-out would comprise 7 million smart meters. If it all satisfies the needs, i.e. a lot can still change. In a recent meeting with people from the Ministry of Economic Affairs we discussed privacy aspects of the smart meter. They made it clear that if issues like privacy are to be taken seriously, European privacy organisations need to team up. If pressure is applied now, if representatives are compelled to take this issue seriously, then this increases the chance for a better smart meter. From a manufacturing viewpoint, special wishes will only be turned into actual product features if there is sufficient market for these. I am already member of Vrijbit, a Dutch privacy organisation. Other EDRi members are also interested in smart meters as well. Are you a member of a privacy organisation and interested in smart meters? Do you know people who are? Let us establish a network to ensure our demands on privacy are known in Brussels. Let's team up! Contact me by Twitter: Mr_Communicator or eMail: smitentertainment[ed]hotmail_com (Subject: Let's team up!) Dutch government public message 'What is a smart meter?' (only in Dutch) http://www.rijksoverheid.nl/onderwerpen/energie-en-kleinverbruikers/slimme-m... Vrijbit: File on Smart Meters (only in Dutch) https://www.vrijbit.nl/dossier/financien/dossier-slimme-meters.html The dark side of 'smart' meters (1.11.2010) http://www.youtube.com/watch?v=FLeCTaSG2-U The dark side of the smart electrical grid (24.10.2010) http://www.plusultratech.com/2010/10/dark-side-of-smart-electrical-grid.html Article 29 Working Party Opinion 12/2011 on smart metering (4.04.2011) http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2011/wp183_en.pdf (Contribution by Hendrick Smit, Utrecht, The Netherlands) ============================================================ 10. Recommended Reading ============================================================ EDPS Annual report 2010 (15.06.2011) http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/EDPS/P... New Brussels Lobbying Group Communia Works For A Stronger Public Domain (13.06.2011) http://www.ip-watch.org/weblog/2011/06/13/new-brussels-lobbying-group-commun... Michael Geist: Europe Considers Using CETA To Create "Anti-Counterfeiting Trade Agreement Plus" (13.06.2011) http://www.michaelgeist.ca/content/view/5853/125/ Statewatch Analysis: Rethinking the EU Security Research Programme (pdf) by Ben Hayes (06.2011) http://www.statewatch.org/analyses/no-133-esrp-consultation-response.pdf Policy brief: Protection of Personal Data in Republic of Moldova (9.06.2011) http://www.soros.md/files/publications/documents/policy-brief-eng_final%20ve... ============================================================ 11. Agenda ============================================================ 12-15 June 2011, Bled, Slovenia 24th Bled eConference, eFuture: Creating Solutions for the Individual, Organisations and Society http://www.bledconference.org/index.php/eConference/2011 14-16 June 2011, Washington DC, USA CFP 2011 - Computers, Freedom & Privacy "The Future is Now" http://www.cfp.org/2011/wiki/index.php/Main_Page 25 June 2011, London, UK Statewatching Europe: Civil liberties, the state and the EU European Conference marking Statewatch's 20th anniversary http://www.statewatch.org/conference/conference.pdf 30 June - 1 July 2011, Berlin, Germany OKCon 2011 - annual open knowledge conference of the Open Knowledge Foundation http://okcon.org/2011 5-6 July 2011, Gvttingen, Germany International Social Networking Summit Organized by CONSENT consortium http://consent.law.muni.cz/view.php?cisloclanku=2011050001 11-12 July 2011, Barcelona, Spain 7th International Conference on Internet, Law & Politics (IDP 2011): Net Neutrality and other challenges for the future of the Internet http://edcp.uoc.edu/symposia/lang/en/idp2011/?lang=en 24-30 July 2011, Meissen, Germany European Summer School on Internet Governance 2011 http://www.euro-ssig.eu/ 11 October 2011, Brussels, Belgium ePractice Workshop: Addressing evolving needs for cross-border eGovernment services http://www.epractice.eu/en/events/epractice-workshop-cross-border-services 27 - 30 October 2011, Barcelona, Spain Free Culture Forum 2011 http://fcforum.net/ ============================================================ 12. About ============================================================ EDRi-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRi has 28 members based or with offices in 18 different countries in Europe. European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRi-grams. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and are visible on the EDRi website. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 3.0 License. See the full text at http://creativecommons.org/licenses/by/3.0/ Newsletter editor: Bogdan Manolea <edrigram@edri.org> Information about EDRI and its members: http://www.edri.org/ European Digital Rights needs your help in upholding digital rights in the EU. If you wish to help us promote digital rights, please consider making a private donation. http://www.edri.org/about/sponsoring - EDRI-gram subscription information subscribe by e-mail To: edri-news-request@edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. Unsubscribe by e-mail To: edri-news-request@edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/edri/2.html - EDRI-gram in German EDRI-gram is also available in German, with delay. Translations are provided Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users http://www.unwatched.org/ - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask <edrigram@edri.org> if you have any problems with subscribing or unsubscribing. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE