============================================================ EDRi-gram biweekly newsletter about digital civil rights in Europe Number 7.5, 11 March 2009 ============================================================ Contents ============================================================ 1. Nokia Law approved 2. IRMA tries to block websites 3. No e-voting in Germany 4. EP wants a better balance between Internet security and privacy rights 5. At Large Structures in ICANN get together for the first time 6. Swedish Pirate Bay trial waiting now for the decision 7. Biometric passports law - upheld by the Romanian authorities 8. Yahoo penalised in Belgium for not disclosing personal data 9. UK Tribunal wants the Gateway reviews on ID scheme made public 10. Recommended Reading 11. Agenda 12. About ============================================================ 1. Nokia Law approved ============================================================ The snooping law, also called Lex Nokia, was approved in the Finnish Parliament two weeks ago. EDRi-member Electronic Frontier Finland has appealed to Tarja Halonen, the President of Finland, to intervene: before signing it President Halonen should request the Supreme Court's opinion on whether the amended Act on the Protection of Privacy in Electronic Communications clashes with the constitution. Member of Parliament, Jaakko Laakso (Left Alliance) suggested that the Parliament should request a statement on the constitutionality of the law from the Venice Commission. Some parliamentarians, for example Heli Jdrvinen (Greens), also agreed with professor Tuomas Ojanen, who has advised that some organizations should take the matter up with the European Court of Human Rights. Other EDRi-members have confirmed that the situation can be worst in other European countries. In Spain there is no specific law, but based on a sentence from the Spanish Supreme Court, employers can inspect data and communications at work under the condition that the employer previously declares a policy for the use of computers and Internet at work, e.g. what digital communications and files are going to be inspected. Therefore, employers can establish the level of privacy at work, as for the Supreme Court the usage of computers and Internet is not covered by the law on worker's rights. In France there is a decision from 9 July 2008 by the Cassation Court concluding that "connections established by an employee to Internet websites during his working time and thanks to the computer provided by his employer to execute his work are presumed to have a professional character, such that the employer may search them in order to identify them, in the absence of the employee". In other words, the whole navigation history of an employee can be searched by the employer. Previously, a decision of 2006 by the same court in a different case, established that all computer files of an employee are presumed as professional, unless they are explicitely marked as "personal", and can thus be searched in his absence. For email messages, the same court ruled in a third case in 2001 that email should obey the same regime (professional, unless marked as "personal"). In summary, in France anything unmarked as "personal" is searchable by the employer, in the absence of the employee. Parliament Passes "Lex Nokia" Bill (4.03.2009) http://www.yle.fi/uutiset/news/2009/03/parliament_passes_quotlex_nokiaquot_b... Finnish Parliament approves e-mail tracking law (5.03.2009) http://www.google.com/hostednews/ap/article/ALeqM5jRG7d99c10vDp52Lh3KNxJKz83... EFFI urges Finnish president to intervene in Lex Nokia (5.03.2009) http://newsroom.finland.fi/stt/showarticle.asp?intNWSAID=21122&group=Politics Spanish Supreme Court Decision on snooping (only in Spanish, 26.09.2007) http://www.habeasdata.org/Sentencia-TS-sobre-control-empresarial-del-correo-... Cybersurveillance at work in France (only in French, 28.07.2008) http://www.legalbiznext.com/droit/Cybersurveillance-du-salarie-dans French DPA (CNIL) - Guide for employers and employees (only in French, 2008) http://www.cnil.fr/fileadmin/documents/La_CNIL/publications/CNIL_GuideTravai... Venice Commission http://www.venice.coe.int/site/main/Presentation_E.asp EDRi-gram: Lex Nokia storms into the Finnish Parliament (25.02.2009) http://www.edri.org/edri-gram/number7.4/lex-nokia-finland ============================================================ 2. IRMA tries to block websites ============================================================ IRMA, the Irish Recorded Music Association, wants to block Irish Internet users' access to certain websites. In February 2009, after having reached the deal with Eircom, the association sent letters to Irish Internet providers asking them to block the sites that it indicated, under threat of legal action. Eircom has already agreed to a "three strikes" approach and IRMA was to take the same approach with all other Irish ISPs. In terms of the agreement, the evidence of illegal downloads will be provided by IRMA and Eircom will take action without a court hearing. Unfortunately, the agreement also means that Eircom is not to oppose any application blocking file-sharing websites from their network. Apparently, IRMA will monitor peer-to-peer networks using DtecNet. Any allegedly suspicious IP addresses will be passed on to IRMA which will "present the evidence" to Eircom, without the necessity of a court hearing and in the absence of the accused. "While IrelandOffline doesn't condone illegal file-sharing, this move is not a proper solution to the problem, and impedes on legal and legitimate internet access in the process," said Eamonn Wallace, spokesperson for broadband lobby group IrelandOffline. According to Damien Mulley, former chairman of IrelandOffline, IRMA will start by blocking The Pirate Bay, then Mininova, IsoHunt, YouTube and "I don't think they'll stop there too, any site that links to The Pirate Bay and the others on the hate list will probably be added to the list too. (..) this is what it is in my view an attack on our freedom to read, our freedom to write, our freedom to move around the web". Those who will suffer most will the users, who will be cut off based on allegations made by the association without any involvement of the court and the websites which could be blocked, based on a court hearing where they will have no say. Blackout Ireland, a group of Irish Internet users, believes that this scheme not only is inefficient in combating piracy but it is also a serious breach of civil liberties. At the same time, blocking websites never works as pirates can easily circumvent any blockage and only legitimate users will actually suffer from it. "Censorship is not a solution. It is avoiding the issue. It does not pay artists for their work," says Blackout Ireland. Blackout Ireland is also organizing a blackout that started on 5 March and will last for one week encouraging people to set their picture on sites like Facebook, Bebo, Twitter, MSN, etc black and to take a stand on this issue by blog posts, letters to newspapers or any form of communication. Irish Blackout: Why Irish ISPs Should Stand with Their Customers (4.03.2009) http://www.eff.org/deeplinks/2009/03/irish-blackout Blackout Ireland - Some Questions (28.02.2009) http://andyaz.ie/blackout-ireland-some-questions/ Lobby group calls for stop to censorship plans (26.02.2009) http://www.siliconrepublic.com/news/article/12374/digital-life/lobby-group-c... Music industry pushing for internet filtering as well as "three strikes" - what can you do about it?(26.02.2009) http://www.digitalrights.ie/2009/02/26/music-industry-pushing-for-internet-f... Blackout Ireland http://www.blackoutireland.com/ IRMA letter to ISPs (13.02.2009) http://blog.blacknight.com/images/irmaletter.pdf EDRI-gram: Irish ISP settled to introduce 3 strikes (11.02.2009) http://www.edri.org/edri-gram/number7.3/3-strikes-ireland ============================================================ 3. No e-voting in Germany ============================================================ The German Federal Constitutional Court decided on 3 March 2009 that electronic voting used for the last 10 years, including for the 2005 general elections, was unconstitutional and therefore not to be used for the next elections in September 2009. The court ruled that the use of the electronic machines contradicts the public nature of elections and the equipment used in 2005 had some shortcomings. However, as there has been no evidence of errors in the past, the results of the previous elections remain valid. The use of e-voting was challenged by political scientist Joachim Wiesner and his son, physicist Ulrich Wiesner who complained that the system was not transparent because the voter could not check what actually happened to his vote, being actually asked to blindly trust the technology. The voting machines which are manufactured by the Dutch firm Nedap, do not print out receipts. In the plaintiffs' opinion, the results could be manipulated. A petition signed by over 45 000 people in 2005, trying to ban e-voting, had been rejected by the German Government. Now, the court ruled that the Federal Voting Machines Ordinance having introduced e-voting was unconstitutional because it did not "ensure that only such voting machines are permitted and used which meet the constitutional requirements of the principle of the public nature of elections." Also the court considered that, differently from the traditional voting system where manipulations and frauds are much more difficult involving a high degree of effort and a high risk of detection, "programming errors in the software or deliberate electoral fraud committed by manipulating the software of electronic voting machines can be recognised only with difficulty." Also, in the court's opinion, the electors should be able to verify how their vote is recorded without having to possess detailed computer knowledge. "If the election result is determined through computer-controlled processing of the votes stored in an electronic memory, it is not sufficient if merely the result of the calculation process carried out in the voting machine can be taken note of by means of a summarising printout or an electronic display." A campaign against electronic voting has been initiated by EDRi member Chaos Computer Club together with the Dutch foundation Wij vertrouwen stemcomputers niet (We don't trust voting computers) because of the risk of electronic errors and the potential for abuse. After a group of hackers had succeeded in tampering with similar machines in the Netherlands in 2006, the Dutch Government imposed a moratorium on the use of electronic voting machines and Ireland also has banned electronic voting. German Court Rules E-Voting Unconstitutional (3.03.2009) http://www.dw-world.de/dw/article/0,,4069101,00.html Federal Constitutional Court - Press release on Use of voting computers in 2005 Bundestag election unconstitutional (3.03.2009) http://www.bundesverfassungsgericht.de/en/press/bvg09-019en.html Voting machines unconstitutional in Germany (3.03.2009) http://able2know.org/topic/129942-1 EDRi-gram: Electronic voting machines eliminated in the Netherlands (24.10.2007) http://www.edri.org/edrigram/number5.20/e-voting-machines-netherlands ============================================================ 4. EP wants a better balance between Internet security and privacy rights ============================================================ On 5 March 2009, during a hearing of the Civil Liberties and Home Affairs (LIBE) Committee focused on the strengths and weaknesses of the current framework on security and privacy on the Internet, Members of the European Parliament (EP) and experts agreed on the necessity to create a better balance between Internet security and the protection of online personal data. The participants, including the European Data Protection Supervisor, academics, representatives of the Commission and of the Czech Presidency, supported a report drafted by Stavros Lambridinis proposing recommendations aimed at providing "adequate protection of fundamental freedoms while delivering also an enhanced security." The report calls on the Member States and the European Commission to draft proposals defining global standards for data protection, security and freedom of expression. The rapporteur believes the access to the internet should be treated just like the access to education and should never be blocked by governments or private companies. He also considers that the user's consent to share data should be clearly defined to create a fairer balance of powers between users and governments and private companies. EDPS Peter Hustinx said that as the Internet has become an integral part of our everyday life, "we must apply the same values as we do in our society (...), fundamental rights must apply and that's that. (...) In the old world it was fairly simple. On the internet there is a system of layers, responsibility is more complex and therefore tends to vanish. This must be clarified". Hustinx emphasized the fact that the present European regulatory framework applying to the Internet is a holistic one and that a horizontal approach was needed. In his opinion, the Data Protection Directive applying to the Internet does not give a very clear definition of personal data on the Internet and that the current responsibility and control mechanisms should be also clarified and improved. He believes a key issue is that of the user's consent for data sharing. Presently, there is a large range of types of online consents which leads to a complex regulatory environment. It is also difficult now to reach transparency of the data processing. The EDPS added that he did not want to see "an environment of permanent surveillance" (making reference to three-strikes schemes), that international cooperation and self-regulation should be promoted and children awareness-raising should be increased. During the hearing, Gus Hosein of Privacy International expressed his concern related to the fact that the EU seems to have followed Bush administration as regards data retention. "Is that what you want to export to the rest of the world? The EU should be a ray of light for human rights but at the moment it's the opposite (...) we must change course and the Lambrinidis report is the opportunity to turn things round," he said. Jim Killock, executive director of the Open Rights Group, warned about potential dangers of an uncontrolled use of personal data by the governments and public institutions and asked the EU for a close monitoring and the issue. In his opinion, transparency and user consent must be clear rules and strict regulation should apply to protect personal data. He believes it is important "to ensure that a charter of rights comes into being very soon". Professor Steve Peers from University of Essex, the author of "Strengthening security and fundamental freedoms on the Internet - An EU Policy on the fight against cybercrime" study commissioned by the EP, also made some recommendations. He believes in the necessity of adopting a non-binding Internet Bill of Rights, drawn up by the EP and supported by industry players, NGOs, Member States, EU institutions and national public authorities. He also recommended that the EU criminal law should be brought in line with the provisions of the different Council of Europe Conventions regarding offences related to data interception, breach of confidentiality and data security, spam or child pornography. As final remarks of the hearing, the Presidency representative, Mr Ondrej Veselsk}, Head of International Law Department at the Ministry of Interior of the Czech Republic, stated that a balance between privacy and security should be achieved, that the rules of the "real world" should apply to the Internet as well, that access to the Internet should be open and that a larger cooperation is necessary in the fight against cybercrime. He stated that one of the priorities of the Czech Presidency was the protection of minors and the presidency intended to improve the cooperation between the different police of the Member States. Stavros Lambridinis's report will be put to the vote at the Strasbourg full plenary session of the European Parliament on 23 March 2009. Committee on Civil Liberties, Justice and Home Affairs - Streanghening Fundamental Freedoms and Security on the Internet (5.03.2009) http://www.europarl.europa.eu/meetdocs/2004_2009/documents/oj/770/770844/770... EP Press Release - Protecting citizens' rights on the internet (6.03.2009) http://www.europarl.europa.eu/news/expert/infopress_page/019-50634-061-03-10... Europeans push for more online rights to privacy (6.03.2009) http://www.macworld.com/article/139244/privacy.html ============================================================ 5. At Large Structures in ICANN get together for the first time ============================================================ For the first time in ICANN history, at the 34th International ICANN meeting in Mexico City the representatives of 88 At-Large Structures (ALS) from five Regional At-Large Organizations representing ICANN's global At-Large community came together to discuss the main ICANN policies and ALS's role in ICANN institutions. The first-ever gathering of the representatives of individual Internet users (At Large Summit - ATLAS) participating in ICANN was an opportunity to make direct recommendations in relation with ICANN policy, by developing a public statement on 5 key-areas where five working groups with ALS members have identified the major issues as brought up by the Internet user representatives. Four EDRi-members (Netzwerk Neue Medien - Germany, FITUG- Germany, ISOC Bulgaria and APTI Romania) part of the European At Large Organization (EURALO) participated in the working groups. The first working group focused on engagement in ICANN recommending the consultation of regional ALSes for the most effective ways to reach communities and end users and to use the multilingualism best practices of other international organizations, such as the UN. The second working group discussed the future structure and governance of ICANN, as capture, internationalization and the continued funding of ICANN are among the more important governance issues now facing the institution. The group suggested a number of actions to provide safeguards against capture. They have also underlined that "given the economic and social importance globally of a safe and stable Internet, the process of internationalization of ICANN must safeguard the global/worldwide role of ICANN regarding domain names and numbers identifiers and promote larger participation from all stakeholders globally." The new gTLDS (generic Top Level Domains) and IDNs (internationalized domain name) was the main focus of the third working group, highlighting that the current fee schedule for the new gTLDs is a clear barrier to the entry of potential applicants, especially those who have no interest in monetizing the TLD and those initiated in the developing and least developed countries. The group also suggested opening a third round of gTLD applications, with a fixed deadline, that will be subject to the string contention dispute mechanisms described in the current guide. The ALSes expressed their concern that the proposed "Legal Rights" objection protocol exceeded the existing territorial and class-of-goods limitations contained in the current international trademark treaties. They suggested that ICANN should not engage in any trademark protection regime which extends beyond existing international treaties; doing so in effect turns ICANN into an unauthorized treaty organization. Working group four debated the hot topics of transparency and accountability and issued reconsiderations regarding the development of a budget for each ICANN entity (including At-Large) according to their mandates including staff costs. The budgets should be made public with the annotation of substantive ICANN documents under consultation to indicate the origin of support or dissent for specific proposals. The members of ALSes also envisaged "that in order to give ICANN a clearer image of a multi-stakeholder organisation, including Civil Society, the composition of the Board should be re-balanced to afford a greater visibility and representation of the Civil Society as represented by the At Large Community. ALAC proposes that the ICANN Board should include two voting Directors nominated by the At Large Community." New DNS security issues that fall within the ICANN's Mandate formed the core of the debates in the fifth working group and urged ICANN to support the industry efforts to accommodate DNSSEC and its provision in a more secure environment and to proceed in the process of having the root signed in a way that provides integrity and is globally accepted. The ALSes also initiated a series of thematic sessions on the topics interesting for its members, but also other ICANN constituencies. The session on the Internet rights and principles noted that "ICANN still lacks a coherent and systemic approach to evaluate the impact that its policy decisions have on rights in general, be them human rights, consumer rights or other founding principles, as internationally recognized and/or defined in the major national legislations." A hot topic was privacy and the Whois database, where the Internet users representatives highlighted the ICANN's inability to progress and to make policies compatible with the various national laws. It was suggested that ICANN should cease aiming at a single global policy and accommodate national differences instead, depending on the country of the registrar and registrant, explaining the differences in privacy regulation between Europe and US. The sessions discussed the issue of respecting freedom of expression when selecting new gTLDs. The ongoing policy provision that allows ICANN to reject applications based on morality-based objections was criticized. The participants supported the idea of a standardized statement of registrant rights (Registrants Rights Charter) to be compulsorily shown by registrars (and resellers as well) when a registrant buys a domain name. Participants agreed to work further on a proposal for its substance as well as means to include the charter into ICANN's policy body as a follow-up to the meeting. The process is open and anyone can join. Another Thematic Session highlighted the failure of ccTLDs as regards the identity control of registrants and registrars. A second aspect was the abuse of the weakness of registrars in the GTLD space giving the spammers and other criminals, free way to do what they want. At the end of this ICANN meeting, the announcement of Dr Paul Twomey, the President and Chief Executive Officer of ICANN that he would not seek renewal of his contract at the end of 2009, was acknowledged by the ALSes as a starting point for further activities and challenges. At Large Summit (Atlas) Declaration Mexico (4.03.2009) http://www.atlarge.icann.org/files/atlarge/correspondence-05mar09-en.pdf At-Large Summit Successfully Concluded (5.03.2009) http://www.atlarge.icann.org/announcements/announcement-05mar09-en.htm Registrants Rights Charter - draft http://internetrightsandprinciples.org/node/74 ICANN's President and CEO Announces Departure (2.03.2009) http://www.icann.org/en/announcements/announcement-02mar09-en.htm Briefing Note - Overall Summary of the Mexico City Meeting (5.03.2009) http://mex.icann.org/briefing-note ============================================================ 6. Swedish Pirate Bay trial waiting now for the decision ============================================================ The Pirate Bay trial in Sweden continued until 3 March 2009 with the hearings of the prosecution and defence witnesses. The earlier events of the trial were covered in the previous EDRi-gram. While a day before, the representatives of the music industry tried to convince the jury that The Pirate Bay was responsible for half of the losses the industry had suffered during the last years because of illegal downloadings, the defence witnesses tried to show BitTorrent was not a bad thing and file-sharing was actually beneficial. One of the witnesses, Kristoffer Schollin from Gothenburg University, an IT lecturer with interest in file sharing, made a special witness report for the court and explained that torrent files were a more sophisticated type of Internet link (such as an http hyperlink) and that The Pirate Bay was an "open database" of torrent files, a type of Bulletin Board. He also stated that there were other large companies using the same technology and besides. He also admitted that while searching for torrents via Google, more results could be found than with The Pirate Bay. Regarding the issue of whose actual tracker is used when a torrent file is activated, Schollin said that a torrent being available on The Pirate Bay, doesn't automatically mean that the file uses The Pirate Bay's tracker. He explained also how to make a torrent file which links to content. In the creation stage, an Internet connection is not even necessary everything being done on a user's PC with a torrent client, not on The Pirate Bay. The torrent file thus created can be uploaded on the Internet and it is further on indexed by Google, which then allows anyone to access the torrent via a Google search. One of the points he emphasized was that actually he believed the popularity of The Pirate Bay was mostly due to the many discussions and mediatization Contradicting the music industry representatives who declare that sales of CDs have decreased due to illegal downloading, Roger Wallis, a media professor, composer and Chairman of the Swedish Composers of Popular Music, confirmed that downloading caused an increase in sales of live event tickets and that there were also other reasons for the CD sales decrease, such as the growth of computer games. During the same day, a film was played to show how a torrent is created. and how torrent files can be shared through MSN, Skype, through blogs like Wordpress. The last two days of the trial were dedicated to the closing arguments of the prosecution and of the defence. Prosecutor Hekan Roswall said The Pirate Bay should not be treated as a service provider to get a "common carrier" status, and that the Supreme Court had already previously ruled that someone running a BBS could be found guilty of assisting copyright infringement and The Pirate Bay should be viewed as such. He said he was not asking the court to rule on the legality of BitTorrent itself, but on what the defendants did with the technology. Roswall called for the confiscation of The Pirate Bay hardware and demanded for one year jail for all four defendants. Peter Danowsky of the IFPI claimed that The Pirate Bay was a commercial operation and that the defendants had contributed to copyright infringement. Therefore the record labels had to be compensated for the losses caused by the operation of The Pirate Bay. Henrik Pontin from Antipiratbyren argued that the defendants clearly knew that what they were doing was illegal, and The Pirate Bay clearly operated as a business, making money from advertising revenue. He asked for damages for the entertainment industry and for jail for the defendants so as to give an example to others who wics to infringe copyright. Monique Wadsted, representing the movie companies, also called for a "very significant" prison sentence because the defendants were aware of their criminal acts and made money from it. "They have made more than 10 million Swedish crowns in revenue during one year. And they continue to run the operation in spite of being convicted in other countries. Furthermore, they spit on the rights holders and tell them to go to hell," she said. During the last day of the trial, the four defence lawyers made their closing statements arguing that the Pirate Bay site acted just as a search engine. They considered the prosecution had failed in revealing any uploaders or downloaders from The Pirate Bay, and in establishing that most of the links on the Pirate Bay were to copyright material. Linking to copyright material wasn't specific to The Pirate Bay, it was an Internet problem. Carl Lundstrvm's lawyer, Per E Samuelson, argued that attacking The Pirate Bay was like going against car manufacturers for the problems experienced on the roads. Regarding the financial issues of the matter, in the defence opinion, the prosecution had exaggerated regarding the amount of money the site made. Gottfrid Svartholm's lawyer Ola Salomonsson said there were only four adverts on The Pirate Bay, not 64 as the prosecution had claimed. The revenues therefore were less than the costs. The defence approach in the court was that of "I am not Responsible". The verdict is due on 17 April 2009. The Pirate Bay Trial Day 9: BitTorrent Is Not Evil (26.02.2009) http://torrentfreak.com/pirate-bay-trial-day-9-bittorrent-is-not-evil-090226... A good day for the roses: Pirate Bay trial, day 9 (26.02.2009) http://www.guardian.co.uk/technology/blog/2009/feb/26/pirate-bay-trial-roses The Pirate Bay Trial Day 10: Calls for Jail Time (02.03.2009) http://torrentfreak.com/the-pirate-bay-trial-day-10-calls-for-jail-time-0903... Pirate Bay Day 11: trial ends, verdict awaited (3.03.2009) http://www.guardian.co.uk/technology/blog/2009/mar/03/pirate-bay-last-day EDRI-gram: The trial of The Pirate Bay in Sweden (25.02.2009) http://www.edri.org/edri-gram/number7.4/pirate-bay-trial-sweden ============================================================ 7. Biometric passports law - upheld by the Romanian authorities ============================================================ The Emergency Government Ordinance introducing biometric passports in Romania remains applicable as the Legal Commission of the Senate advised it favourably on 3 March 2009 and the Romanian Appeal Court rejected on 18 February the appeal made by several NGOs for its suspension. The ordinance had been resent on the 28 February to the legal commission by the Romanian Senate after heavy debates and concerns. Besides the very hot debate around the "malefic figure 666" allegedly occurring in the chip of the passports, the discussions in the Senate addressed also concerns related to the lack of a proper security system for the data stored for biometric passports. "If a hacker with a laptop passes by you and captures the frequency of your passport chip, he can change you, in a few hours, from a criminal record free person into a drug or weapon dealer for example" stated Georgian Pop, deputy in the defence commission. The ordinance has been heavily contested, the opponents arguing that it breaches the rights provided by the Constitution of Romania, the right to private life and the right to religion. It was also argued that the Government had not announced this act publicly, with the intention to meet EU requirements without taking into consideration the public opinion. A big debate turned around the religious aspect of the matter. A lawyer at the case opened by the NGOs stated that "the introduction of chips into passports affects the right to religion because it changes the name given by God into a figure" and the procedure affects human freedom by surveillance and control measures. Recently, the Saint Synod, the Romanian Orthodox Church highest board has agreed with the introduction of the biometric passports, but required the implementation of an alternative for those who do not wish to have biometric passports with chips. "As some people are reluctant towards the biometric passports, an intervention will be made to the institutions of the Romanian State (Presidency, Parliament, Government) with the request to adopt the necessary measures to modify and complete the legislation in force by extending the provisions regarding the emergency cases (temporary passport) and for cases when, due to conscience or religious reasons, the person does not want an electronic passport including biometric data" says the press release of the Romanian Patriarchy. The head of the General Division of passports Aurel-Vasile Sime stated that figure 666 did not occur anywhere and that the passports would not be biometric but electronic, including two biometric elements: face image and fingerprints. He also added that these new passports would not be mandatory, the Romanian citizens being able to choose temporary passports valid for one year that do not include biometric elements. Since the end of 2008 many protests have taken places in several cities in the country against the introduction of electronic passports in Romania and they continued even after the favourable advice of the Legal Commission of the Senate and the rejection by the Bucharest Appeal Court of the NGOs appeal. About 300 members from several protested on 7 March in front of the Romanian Patriarchy. The participants stated that the measure meant all Romanians are considered potential criminals and that was an attack to their identity. They also protested against the lack of firmness from the Orthodox Church in this matter. Romania is one of the first country to introduce biometric passports that include fingerprints, while even in the EU countries a strategy for the personal data protection in this respect is still unclear. Favourable advice for the EGO introducing electronic passports with biometric identification elements (only in Romanian, 3.03.2009) http://www.hotnews.ro/stiri-ultima_ora-5464136-aviz-favorabil-pentru-oug-pri... The senators decided to resend the ordinance on the introduction of biometric passports to the Legal Commission (only in Romanian, 25.02.2009) http://www.hotnews.ro/stiri-politic-5448158-senatorii-decis-retrimiterea-com... The Ordinance on biometric passports goes forward (Video) (only in Romanian, 18.02.2009) http://www.mediafax.ro/social/ordonanta-privind-pasapoartele-biometrice-merg... The biometric passports advised by the defence commission of the Deputy Chamber (only in Romanian, 10.02.2009) http://www.mediafax.ro/social/pasapoartele-biometrice-avizate-de-comisia-de-... Saint Synod requires an alternative to the biometric passports (only in Romanian, 28.02.2009) http://www.realitatea.net/sfantul-sinod-solicita-alternativa-la-pasapoartele... The request regarding the suspension of the effects of the ordinance on the introduction of biometric passports rejected by the court (only in Romanian, 18.02.2009) http://www.hotnews.ro/stiri-esential-5428486-cererea-privind-suspendarea-efe... EDRIgram: Romania: Protests against biometric passports (11.02.2009) http://www.edri.org/edri-gram/number7.3/romania-biometric-passports-protests ============================================================ 8. Yahoo penalised in Belgium for not disclosing personal data ============================================================ Yahoo was fined by a Belgian court on 2 March 2009 for refusing to hand over to the Belgium authorities personal data of people involved in a cyber-crime investigation. The Belgium authorities had required Yahoo to disclose detailed account information for a number of e-mail addresses used by alleged cons under pseudonyms. Yahoo refused, arguing that such a request should have followed the proper channels and should have been addressed to US authorities and not to them as a commercial company. They would be willing to offer the information at the request of the US authorities. However, the prosecution claimed that the company should hand over the required data as the company has operation services in Belgium and therefore they should comply with the laws of the country. The court ruled in favour of the prosecution and fined the American company 55 000 euro plus 10 000 euro for each day it keeps refusing to hand over the requested users' data. The judge said that the procedure for requesting data "poses absolutely no problem with Google and Microsoft". The official statement of the company was that it strongly disagreed with the court's ruling and that it would file an appeal. "Yahoo! Inc., a U.S. corporation, does not have business operations in Belgium and does not maintain the customer information at issue in Belgium. The United States and Belgium have a formal international treaty which the prosecutor should have followed to properly seek information from a U.S. company. Yahoo! is not withholding information from the Belgium government. We have a legal and policy basis for not disclosing information in this type of case until the recognized international legal process is followed. We have raised this issue with the U.S. Government," was the company statement. Yahoo seems to be more cautious after fierce criticism as it happened in 2007 after having complied with the request of the Chinese authorities and gave up personal account information which led to the imprisonment of a political dissident back. Since then, the company has signed up for the Global Network Initiative (GNI), an organisation aimed at preserving free speech on the Internet. GNI members are bound to challenge requests for disclosure of private data from governments in case these requests are considered to be in breach of international human rights laws. Belgium condemns Yahoo! for its refusal to communicate personal data (only in French, 3.03.2009) http://tempsreel.nouvelobs.com/actualites/medias/multimedia/20090303.OBS7047... Yahoo Fined By Belgian Court For Refusing To Give Up E-Mail Account Info (2.03.2009) http://www.techcrunch.com/2009/03/02/yahoo-fined-by-belgian-court-for-refusi... EDRIgram: Internet giants gather for freedom of speech - Global Network Initiative (5.11.2008) http://www.edri.org/edrigram/number6.21/global-network-initiative ============================================================ 9. UK Tribunal wants the Gateway reviews on ID scheme made public ============================================================ On 19 February, the UK tribunal ordered the disclosure of two internal reviews called the Gateway reviews regarding the national identity card scheme of the government. The Gateway reviews are independent and expert reviews carried out at key decision points of significant programmes or programs of those deemed risky. The reviews are performed by independent practitioners from outside the programme/project by using a series of interviews, documentation reviews and their expertise to provide valuable additional perspective on the respective programmes/projects and on the external challenge of the processes. The ID government programme was subjected to two "Gateway zero" reviews, in 2003 and 2004. The Treasury's Office of Government Commerce (OGC) operating the Gateway system did not wish to disclose the reports stating that it was in the public interest to maintain them out of the public eyes and argueing that making the reports public would make them "bland and anodyne". The tribunal refuted OGC argument considering OGC had to prove a "real and weighty" causal relationship between disclosure and damage and as OGC failed to do so, secrecy would be far from being in the public interest. The tribunal concluded that "disclosure of the requested information would clearly add to the public's knowledge in this respect and therefore to the public interest which sought to ensure that schemes as complex albeit as sensitive as the ID cards scheme were properly scrutinised and implemented." OGC claimed that the disclosures of the report might have "adverse press reactions ... if any form of criticism were contained in the report in question" and that the reviews should be kept away from citizens because they might seem "uninformative or hard to understand". It also argued that the respective information did not bring any valuable addition to the debate on the merits of identity cards as a whole. The tribunal considered that none of the arguments presented was OGC's problem. "It is not for the tribunal, let alone the OGC or the (information) commissioner, to second-guess the scope and content of the possible public debate." In the UK, the Freedom of Information Act 2000 which came into force in 2005 requires 100 000 public authorities to respond promptly to requests for information and provide that information, including emails, meeting minutes, research and reports, with a series of exceptions. These exemptions range from sensible data (personal data, national security) to materials deemed to be commercially sensitive. An authority can deny requests considered vexatious or too expensive to carry out. The tribunal decision was promulgated on 19 February, giving the OGC 28 days to comply. Public interest is not served by secrecy (3.03.2009) http://www.guardian.co.uk/commentisfree/libertycentral/2009/mar/03/identity-... What is an OGC Gateway Review? - OGC Gateway Review for Programmes & Projects http://www.ogc.gov.uk/what_is_ogc_gateway_review.asp Explainer: Freedom of information (24.02.2009) http://www.guardian.co.uk/commentisfree/libertycentral/2009/feb/24/freedomof... ============================================================ 10. Recommended Reading ============================================================ Article 29 Working Group - Opinion 2/2009 on the protection of children's personal data (General Guidelines and the special case of schools) http://ec.europa.eu/justice_home/fsj/privacy/workinggroup/wpdocs/2009_en.htm http://ec.europa.eu/justice_home/fsj/privacy/workinggroup/wpdocs/2009_de.htm http://ec.europa.eu/justice_home/fsj/privacy/workinggroup/wpdocs/2009_fr.htm Report of the Special Rapporteur on the promotion and protection of human rights and fundamental freedoms while countering terrorism, Martin Scheinin http://www2.ohchr.org/english/issues/terrorism/rapporteur/docs/A.HRC.10.3.pd... Report: Leading Jurists Call for Urgent Steps to Restore Human Rights in efforts to counter terrorism http://ejp.icj.org/hearing2.php3?id_article=167&lang=en ============================================================ 11. Agenda ============================================================ 17 March 2009, Brussels, Belgium Conference on the European patent system organised by the Science and Technology Options Assessment (STOA) panel of the European Parliament http://cordis.europa.eu/search/index.cfm?fuseaction=events.document&EV_LANG=EN&EV_RCN=30540 18-20 March 2009, Prague, Czech Republic The Responsibilities of Content Providers and Users http://www.media-conference.cz 18-20 March 2009, Athens, Greece WebSci'09: Society On-Line http://www.websci09.org/ 23 March 2009, Berlin, Germany German-French Experts Meeting on Technologies for Electronic Identification http://www.e-identify-df.de/ 26-27 March 2009, London, UK 5th Communia Workshop: Accessing, Using, Reusing Public Sector Content and Data http://www.communia-project.eu/ws05 27-29 March 2009, Manchester, UK Oekonux Conference: Free Software and Beyond The World of Peer Production http://www.oekonux-conference.org/ 28 March 2009, London, UK Open Knowledge Conference (OKCon) 2009 http://www.okfn.org/okcon/ 29-31 March 2009, Edinburgh, UK Governance Of New Technologies: The Transformation Of Medicine, Information Technology And Intellectual Property - An International Interdisciplinary Conference http://www.law.ed.ac.uk/ahrc/conference09/ 1-3 April 2009, Berlin, Germany re:publica 2009 "Shift happens" http://www.re-publica.de/09/ Subconference: 2nd European Privacy Open Space http://www.privacyos.eu/ 4 April 2009, Paris, France French 2009 Big Brother Awards http://bigbrotherawards.eu.org/ 21-23 April 2009, Winchester, UK BILETA 2009 Annual Conference http://www.winchester.ac.uk/?page=9871 23-24 April 2009, Brussels, Belgium The future of intellectual property - Creativity and innovation in the digital era http://www.intellectualproperty-conference.eu 11 May 2009, Brussels, Belgium GigaNet is organizing the 2nd international academic workshop on Global Internet Governance: An Interdisciplinary Research Field in Construction. Deadline for abstracts submissions is 20 March 2009. http://giganet.igloogroups.org/publiclibr/giganetcos/2009brusse 13-14 May 2009 Uppsala, Sweden Mashing-up Culture: The Rise of User-generated Content http://www.counter2010.org/workshop_call 19-20 May 2009, Brussels, Belgium European Commission organizes a personal data protection conference to look at new challenges for privacy http://ec.europa.eu/justice_home/fsj/privacy/news/docs/pr_03_03_09_en.pdf 24-28 May 2009, Venice, Italy ICIMP 2009, The Fourth International Conference on Internet Monitoring and Protection http://www.iaria.org/conferences2009/ICIMP09.html 1-4 June 2009, Washington, DC, USA Computers Freedom and Privacy 2009 http://www.cfp2009.org/ 5 June 2009, London, UK The Second Multidisciplinary Workshop on Identity in the Information Society (IDIS 09): "Identity and the Impact of Technology" Call for papers deadline: 13 March 2009 http://is2.lse.ac.uk/idis/2009/ 28-30 June 2009, Torino, Italy COMMUNIA Conference 2009: Global Science & Economics of Knowledge-Sharing Institutions http://www.communia-project.eu/conf2009 2-3 July 2009, Padova, Italy 3rd FLOSS International Workshop on Free/Libre Open Source Software Paper submission by 31 March 2009 http://www.decon.unipd.it/personale/curri/manenti/floss/floss09.html 13-16 August 2009, Vierhouten, The Netherlands Hacking at Random http://www.har2009.org/ 23-27 August 2009, Milan, Italy World Library and Information Congress: 75th IFLA General Conference and Council: "Libraries create futures: Building on cultural heritage" http://www.ifla.org/IV/ifla75/index.htm 10-12 September 2009, Potsdam, Germany 5th ECPR General Conference, Potsdam Section: Protest Politics Panel: The Contentious Politics of Intellectual Property http://www.ecpr.org.uk/potsdam/default.asp 16-18 September 2009, Crete, Greece World Summit on the Knowledge Society WSKS 2009 http://www.open-knowledge-society.org/ October 2009, Istanbul, Turkey eChallenges 2009 http://www.echallenges.org/e2009/default.asp 16 October 2009, Bielefeld, Germany 10th German Big Brother Awards Deadline for nominations: 15 July 2009 http://www.bigbrotherawards.de/ 15-18 November 2009, Sharm El Sheikh, Egypt UN Internet Governance Forum http://www.intgovforum.org/ ============================================================ 12. About ============================================================ EDRI-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRI has 29 members based or with offices in 18 different countries in Europe. European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRI-grams. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and visibly on the EDRI website. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 3.0 License. See the full text at http://creativecommons.org/licenses/by/3.0/ Newsletter editor: Bogdan Manolea <edrigram@edri.org> Information about EDRI and its members: http://www.edri.org/ European Digital Rights needs your help in upholding digital rights in the EU. If you wish to help us promote digital rights, please consider making a private donation. http://www.edri.org/about/sponsoring - EDRI-gram subscription information subscribe by e-mail To: edri-news-request@edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. unsubscribe by e-mail To: edri-news-request@edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/edrigram-mk.php - EDRI-gram in German EDRI-gram is also available in German, with delay. Translations are provided Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users http://www.unwatched.org/ - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask <edrigram@edri.org> if you have any problems with subscribing or unsubscribing. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE