============================================================ EDRi-gram biweekly newsletter about digital civil rights in Europe Number 9.9, 4 May 2011 ============================================================ Contents ============================================================ 1. The "Virtual Schengen Border" or "Great Firewall of Europe" 2. European Commission stumbles in ACTA opinion rebuttal 3. Facebook takes down activist groups' profiles 4. Don't use "crispy" on the Turkish Internet! 5. Data Retention has arrived in Austria 6. Copyright complaint leads to public domain music library takedown 7. The curious case of Internet filtering in Ireland 8. French Digital Council with no representative from Internet users 9. BitTorrent site blocked by Italian court 10. Privatised enforcement series D: Anatomy of a self-regulation proposal 11. ENDitorial: Defending the Open Internet 12. Recommended Action 13. Recommended Reading 14. Agenda 15. About ============================================================ 1. The "Virtual Schengen Border" or "Great Firewall of Europe" ============================================================ During a meeting in February 2011 of the Council of the European Union's Law Enforcement Work Party (LEWP), a forum for cooperation on issues such as counter terrorism, customs and fraud, a disturbing proposal was tabled to create a "Great Firewall of Europe" by blocking "illicit" web material at the borders of the bloc with the intention to "to propose concrete measures towards creating a single secure European cyberspace." According to the proposal, the secure European cyberspace would have a "virtual Schengen border" and "virtual access points" whereby "the Internet Service Providers would block illicit contents on the basis of the EU blacklist". Some of the concerns raised by civil liberty groups are that there is no clarification as to what this "illicit content" means and that innocent sites are routinely included on such blacklists. Broadband providers are very concerned by this proposal which would actually impose Europe-wide censorship and believe that illegal content should be removed at the source by the cooperation between the police and web hosting firms and not by network blocking which, being easy to circumvent, is no real solution. "Most absurd of all, despite all of the costs in terms of democracy, freedom of speech and even the economy, there is no analysis of any benefit or expected benefit that, even mistakenly, the architects of this madness expect to outweigh the cost", stated EDRi Advocacy Coordinator Joe McNamee. Alarm over EU 'Great Firewall' proposal (29.04.2011) http://www.telegraph.co.uk/technology/news/8481330/Alarm-over-EU-Great-Firew... Europe's 'single secure cyberspace' plan under attack (2.05.2011) http://www.computerworld.com/s/article/9216321/Europe_s_single_secure_cybers... Outcome of proceedings of Joint meeting of the Law Enforcement Working Party and the Customs Cooperation Working Party on 17 February 2011- Summary of discussions (3.03.2011) http://register.consilium.europa.eu/pdf/en/11/st07/st07181.en11.pdf ============================================================ 2. European Commission stumbles in ACTA opinion rebuttal ============================================================ Last week, the European Commission posted a rebuttal to a widely cited opinion document by prominent European academics on the Anti- Counterfeiting Trade Agreement (ACTA). The Commission however made several factual errors in its rebuttal, according to an analysis by Ante Wessels of the Foundation for a Free Information Infrastructures (FFII). In some cases, the Commission even appears to have forgotten its own prior statements on ACTA. In their opinion document, the European academics noted several incompatibilities between ACTA and the EU acquis, in addition to serious concerns on fundamental rights, data protection and a lack of balance of interests. They called upon the European Parliament and on national legislators and governments to withhold consent of ACTA until these concerns were addressed. The Commission has now published a point-by-point rebuttal of this opinion document. In general, it claims that most concerns of the academics do not apply because a number of ACTA provisions are optional, or because EU legislation already contains similar measures. Ante Wessels of the FFII disagrees with the Commission. Stating that it "is too much work to address all the flaws in the Commission's notes", he limits his remarks to three topics. 1. His first comments are related to the awarded damages. The EU directive 2004/48, also known as IPRED, both in general and in detail, specifies that awarded damages can only be based on unfair profits by the infringer and on actual losses incurred by the rightholder. ACTA concurs in general, but goes further by stating that judicial authorities must also be able to consider additional elements such as the suggested retail price. In other words, under IPRED, a judge would be hard-pressed to award Microsoft 130 Euro in damages for patent infringement per copy of Linux downloaded. After all, not every such download replaced the sale of a Windows copy. On the other hand, ACTA does mandate the possibility of such a decision. It thereby forces the reasoning by the music sector that every infringement corresponds to a lost sale to be codified in law for all industries. The Commission however sees no conflict between ACTA and IPRED, because it considers both ways to arrive at awarded damages as "fair". Let this reasoning henceforth be known as "the European fairness doctrine of legal equivalence". Furthermore, the Commission claims that considering the retail price and the value of infringed goods or services is optional in ACTA. As Mr Wessels notes, it seems to have missed that ACTA does require providing for these possibilities in law. They are only optional in the sense that nobody will hold a gun to the rightholders' heads forcing them to ask the judicial authorities to take these additional elements into account. 2. The second discussion point centres around border measures. The academics noted that ACTA requires border measures for a broad category of trademark infringements, while present EU legislation only does so in case of "counterfeit goods". The Commission denies this point by stating that it actually insisted on the much broader ACTA definition, in order to give the EU more flexibility when reviewing the applicable EU legislation. Mr Wessels does not understand this reasoning, given that ACTA lays down minimum requirements rather than maxima. As a result, the EU will have to broaden the scope of its relevant legislation to comply with ACTA, and the Commission takes explicit credit for this achievement in its attempted rebuttal of that exact same statement. The Commission also argues that illegitimate claims of trademark infringements do not pose problems for the generic medicines industry, even though the Dutch Minister of Economic Affairs has stated the opposite in the past. Finally, the Commission also tries to calm fears over patent-based border seizures, by noting that civil remedies to patent-related issues are optional in ACTA. Mr Wessels remarks that it is possible to opt out of civil remedies to patent-related issues, but that the Commission has already publicly confirmed that, unlike the US, they will not take advantage of this option. 3. The final observations are about the criminal measures in ACTA. The Commission says that it can consent without any problems to the ACTA criminal measures, because they will not require changes to EU legislation. It compares the ACTA situation to the TRIPS agreement, but Mr Wessels notes that the Community never signed on to the TRIPS criminal measures exactly because it was not competent to do so. Instead, only the individual member states ratified the TRIPS criminal measures. In case of ACTA, the Community is not competent either as far as criminal measures are concerned, but the Commission nevertheless did agree to them rather than leaving it solely to the member states. In summary, even though the Commission has had over three months to analyse the opinion by the academics and formulate a reply, it appears that the said reply was hastily written and poorly vetted before it was published. The Commission's comments ignore prior statements made by the Commission itself, focus on misreadings of the ACTA text and suggest a lack of awareness concerning EU competency. The European Parliament however still has to decide on whether or not to give its assent to the proposed agreement before it can be ratified. The EU Commission lacks basic reading skills (1.05.2011) http://acta.ffii.org/wordpress/?p=598 Comments on the "Opinion of European Academics on Anti-Counterfeiting Trade Agreement" (27.04.2011) http://trade.ec.europa.eu/doclib/docs/2011/april/tradoc_147853.pdf Opinion of European Academics on ACTA (20.01.2011) http://acta.ffii.org/?p=373 (contribution by Jonas Maebe - volunteer with the EDRi-member Liga voor Mensenrechten, Belgium) ============================================================ 3. Facebook takes down activist groups' profiles ============================================================ Facebook has just deleted about 50 UK activist groups' profiles and users' accounts without any notification to the owners of the accounts. While the reasons are not very clear, a possible explanation being that the respective groups have technically breached their terms and conditions by using a "profile" rather than a "page", there are suspicions that Facebook might have acted after a law enforcement complaint and the purge could be linked to the wider crackdown on protest by authorities in Britain. In any case, Facebook's action is questionable especially as the platform performed the takedowns without any notification. Facebook exercises a significant power over political activity and speech. EDRi-member Open Rights Group asks Facebook to responsibly correct the situation by contacting the users of the deleted accounts and working with them to transfer their contacts and other information to the format that Facebook considers appropriate to reinstate the suspended pages (with the technical changes such as addition of organisation URLs), to create a notification system rather than directly deleting accounts and to put in place a process to migrate from a "profile" to a "page". Facebook did react and has lately notified a number of profile owners about migrating their profile to a page, as it does have such a process. But the idea is that we should be able to understand the risks of using such powerful platforms as Facebook and that the lack of alternatives will only lead to increasing their power and to a gradual limitation of our autonomy and power. A solution would be to use self-hosted, open source platforms in order to avoid reliance upon corporate power structures. A number of people from the groups that had their accounts deleted have just signed up to the experimental Diaspora, through independent co-operating "pods" like My Seed. Diaspora, just like other open source social platforms, is intended as a network of independent servers, each hosting some users, who can move between them, and talk to people using other servers. Although only at its beginnings, this approach may lead to decentralised, privacy-friendly and censorship resistant platforms. Corporations may not protect your free speech and privacy (1.05.2011) http://www.openrightsgroup.org/blog/2011/corporations-may-not-protect-your-f... FaceBook Takedowns http://wiki.openrightsgroup.org/wiki/FB_takedowns Facebook political takedowns: Burying bad news? (29.04.2011) http://www.openrightsgroup.org/blog/2011/facebook-takedowns:-burying-bad-new... Over 50 political accounts deleted in Facebook purge (29.04.2011) http://blog.ucloccupation.com/2011/04/29/over-50-political-accounts-deleted-... ============================================================ 4. Don't use "crispy" on the Turkish Internet! ============================================================ The Turkish Telecommunication Communication Presidency (TIB) has reached an unprecedented level of censorship by recently banning 138 words and terms from the Internet, many of which being simple, every-day words. On 28 April 2011, TIB sent a notification to all service providers and hosting companies in Turkey with the list of banned words and terms that included words like "animal", "sister-in-law", "crispy", "confession", "breath", "hot", "adult" or "local", placing thus sites of supermarkets, restaurants, food home delivery, football supporters' clubs and others in difficulty. "Providing a list and urging companies to take action to ban sites that contain the words and threatening to punish them if they don't has no legal grounds," stated Yaman Akdeniz, a cyber-rights activist and a law professor at Istanbul Bilgi University, in a phone interview for the H|rriyet Daily News & Economic Review. Akdeniz required information and documents from TIB on several issues in relation to the list, arguing that such documents were of public interest according to Article 1 of Law No. 4982 that stipulates "the right to information according to the principles of equality, impartiality and openness that are the necessities of a democratic and transparent government". Based on Article 5 of the law, "the hosting company is not responsible for controlling the content of the websites it provides domains to or researching/exploring on whether there is any illegal activity or not. They are responsible for removing illegal content when they are informed and there is the technical possibility of doing so", said the expert. Following the strong reaction against TIB's action, the authority said the list had been sent to hosting firms for informatory purposes. However, the notification letter said the authority would punish companies for not following its directions to ban domains containing "forbidden words," without specifying what kind of punishment it meant. Devrim Demirel, founder and chief executive officer of BerilTech, said he had received TIB's letter via an email, which, in his opinion, was neither ethical nor secure. "Requests with such important implications should be sent officially to each company's office address, with the respective seal and signatures," said Demirel who also believes that "banning access to websites is in itself a censoring service." Moreover, Demirel warned about the negative technical implications and expressed his opinion that "the TIB personnel who worked on the issues related to banning access are not endowed with the necessary technical knowledge and skills." The financial implications should be considered as well. Banning access to certain domains that include the black-listed terms might lead to financial losses. "There is no guarantee in the existing related legislation that I will not be asked to compensate the company in such a case," said Demirel. Pushing things even further, the list does not include only Turkish terms but also English words because of their meanings in Turkish, such as "pic," short for picture, which is banned because it means "bastard" in Turkish or the past tense of the verb "get" because "got" means "butt" in Turkish. 138 Words Banned from the Internet (29.04.2011) http://www.bianet.org/english/freedom-of-expression/129626-138-words-banned-... TIB's 'forbidden words list' inconsistent with law, say Turkish web providers (29.04.2011) http://www.hurriyetdailynews.com/n.php?n=tibs-forbidden-words-list-inconsist... EDRi-gram: Turkey adds popular blogging platform to blocking list (9.03.2011) http://www.edri.org/edrigram/number9.5/turkey-blocks-blogger ============================================================ 5. Data Retention has arrived in Austria ============================================================ While the Czech Constitutional Court has recently declared the national data retention legislation unconstitutional, the Legal Services of the German Bundestag has found it impossible to ensure the legality of the Data Retention Directive and the European Commission itself still struggles to prove the necessity and proportionality of the Directive, the Austrian Parliament adopted on 28 April 2011 the pending regulations necessary for the implementation of the EU Data Retention Directive in Austria. In the respective parliamentary session, the Coalition Government primarily planned to celebrate some new ministers following a government reshuffle within the conservative party (VVP). However, the debate on the data retention legislation was set on the agenda later in the evening when the live TV coverage had already ended. This plan to hide the issue from the public was evaded by the opposition by raising a so-called objection debate, i.e. a MP asked for the deletion of the topic from the agenda - an issue that has to be discussed first. This means that interested citizens got the chance to follow the hot debate live on their TV screens: While the opposition again raised concerns about the compatibility with fundamental rights and accused the ruling parties (SPV - social democrats and VVP - conservatives) of spying on the citizens, the government dug their heels in and refused any compromise. Minister of infrastructure Doris Bures (SPV) - in charge of the necessary amendment of the telecoms regulations - argued that she was just executing EU provisions and the implementation was necessary to avoid EU sanctions. Furthermore, she claimed the implementation of the EU directive would cover the absolute necessary minimum only. This is true as it regards the retention period of the collected data which will be limited to six months. Unfortunately, this is not true at all as it regards the access to the retained data which is not subject to a judicial decree in all cases. On the contrary, the amendments of the Austrian Security Police Act and the Code of Criminal Procedures foresee a wide range of possibilities for the public prosecution and the Police to access the data pre-emptively e.g. "in case of an general danger". This broad exemptions have been introduced by the minister of interior and the minister of justice - both led by members of the conservative party VVP - and after the public consultation for the draft law on the telecom-part has been closed. Simultaneously, the safeguards foreseen are relatively weak and the remedy provisions are not well established. A fact which was even stated in an expertise from the legal services of the Austrian Chancellery just a few weeks ago. Despite this, the implementation of the Data Retention in Austria was adopted later the day with the consent of the delegates of the coalition partners SPV and VVP. The opposition formed by the green party and the two right wing parties FPV and BZV voted unanimously against the "dishonourable law". The Austrian Journalists Association was shocked when they realised that, seemingly, no exemptions are foreseen for "sensitive professions" such as journalists, lawyers, hot lines for pastoral or social care, medical care and the-like. Something the government has promised all the time and used for the reassurance of the respective interest groups. By return, the opposition announced to bring the data retention provisions to the Constitutional Court. Provided three quite diverse proponents from the green and the right wing side find a consensus in this matter, they would form at least one third of the delegates. This is the minimum number that enables MPs to file a constitutional complaint right after the respective law has passed the parliament and yet before the law enters into force on 1 April 2012. If the opposition cannot find an agreement, the civil society is already raring to go. The Privacy Groups 'Arge Daten', 'AKVorrat' and others have already signaled that they are willing to file a complaint on the very first date possible. Unlike to the members of the parliament, citizens have the possibility to file a complaint against a law only when this law is already in force and in case they are personally affected by the provisions in question. Data Retention passes the Austrian Parliament - Opposition criticises infringement of fundamental rights (Parlamentskorrespondenz Nr. 408, 28.04.2011, only in German) http://www.parlament.gv.at/PAKT/PR/JAHR_2011/PK0408/index.shtml?utm_source=twitterfeed&utm_medium=twitter Austrian Telecom Act - TKG 2003 (only in German) http://www.parlament.gv.at/PAKT/VHG/XXIV/I/I_01074/index.shtml Code of Criminal Procedures 1975 and Austrian Security Police Act http://www.parlament.gv.at/PAKT/VHG/XXIV/I/I_01075/index.shtml Parliamentary Debate on the implementation of the Data Retention Directive in Austria (only in German, 28.04.2011) http://www.youtube.com/watch?v=n7_MS6Bho7Y (1/3) http://www.youtube.com/watch?v=TkDB-Z039Kk&feature=related (2/3) http://www.youtube.com/watch?v=AprycbCW-ew&feature=related (3/3) Expertise from the legal services of the Austrian Chancellery on the Austrian provisions to implement the EU data retention directive (only in German, 3.03.2011) http://www.unwatched.org/files/docs/kritikdatenschutzrat_DiePresse_20110303.... Austria: Data retention adopted, opposition plans to file complaint http://www.unwatched.org/20110429_VDS_in_Oesterreich_beschlossen Defending press freedom starts in one's home country - Press release from the Austrian Journalists Association (only in German, 2.05.2011) http://www.ots.at/presseaussendung/OTS_20110502_OTS0055/verteidigung-der-pre... Parliament's decision on data retention not easy to comprehend - Press release from the Interne Service Providers Austria (only in German, 2.05.2011) http://www.ots.at/presseaussendung/OTS_20110428_OTS0334/ispa-parlamentsbesch... EDRi's Shadow evaluation report on the Data Retention Directive (2006/24/EC) (17.04.2011) http://www.edri.org/files/shadow_drd_report_110417.pdf (Contribution by Alice Sedmidubsky - unwatched.org) ============================================================ 6. Copyright complaint leads to public domain music library takedown ============================================================ International Music Score Library Project (IMSLP), the largest public domain music library on the Internet, has been recently taken offline following a complaint from the UK's Music Publishers Association which convinced registrar GoDaddy to takedown their website. The action was brought over a single 90 year-old classical piece by Rachmaninoff. The UK's Music Publishers Association (MPA) issued a DMCA (Digital Millenium Copyright Act) takedown notice, not to the IMSLP site, but to their domain registrar, GoDaddy: "We understand that Godaddy are the sponsoring registrar for the website IMSLP.org which makes available unlicensed copyright protected sheet music notation which is an infringement of copyright. By assisting this website, Godaddy are liable to pay damages for secondary copyright infringement once notice of the infringement has been given," said the MPA's notice. GoDaddy complied right away, seizing IMSLP's domain name and thus taking them completely offline. IMSLP reacted immediately, stating that GoDaddy did not first notify the owner before seizing the domain and explaining why MPA's request was unsubstantiated. Additionally, its assertion that the work under question was under US copyright was a lie. IMSLP explained that Rachmaninoff's work The Bells, Op.35 was a work which "is definitely NOT under copyright in the USA. It was published in 1920 in full score, parts and vocal score by A. Gutheil, by then a division of Serge Koussevitzky's Edition Russe de Musique, headquarted at the time in Berlin, with branch offices in Moscow and Paris. As both the composer and the author of the Russian-language translation of Edgar Allan Poe's public domain text were Russian nationals (who had fled the Revolutionary government), the work was quite ineligible for protection under US law and was actually public domain there the minute the first copy was either sold, rented or offered for sale or rent under the author's authority." "There are approximately 180 different laws in force worldwide at present. It is simply not possible for anyone - not even a major commercial concern like Amazon - to keep daily track of 180 or more different copyright laws, each with different exemptions for fair use and other purposes, etc. - many of which are also frequently subject to changes, from either legislative amendments or judicial interpretations", explained the site. Following IMSLP's reaction and threat to sue, MPA withdrew their complaint from GoDaddy. "While IMSLP encourages open discussion of copyright issues, we have zero tolerance for underhanded tactics. To MPA's credit, they have voluntarily retracted their claim. IMSLP will also be working on technical measures to prevent any future attacks," stated IMSLP representatives. This time the conflict was solved quite rapidly. In 2007, Universal Edition, an Austrian music publisher, forced a shut down of the site and it took IMSPL 9 months of reorganization to recover. Publishers Force Domain Seizure of Public Domain Music Resource (22.04.2011) http://torrentfreak.com/publishers-force-domain-seizure-of-public-domain-mus... IMSLP, Copyright & the MPA (UK)(23.04.2011) http://imslpjournal.org/imslp-copyright-the-mpa-uk/ Public Domain Website Forced Offline Over Copyright Complaint (21.04.2011) http://www.zeropaid.com/news/93191/public-domain-website-forced-offline-over... ============================================================ 7. The curious case of Internet filtering in Ireland ============================================================ One of the most important developments for freedom of expression online has been the growth of internet filtering systems, which have rapidly been adopted by national governments as the "solution" to various forms of internet wrongdoing. Ireland is no exception to this trend, and last month it was revealed that the Garda Smochana (the national police force) is now attempting to introduce a system whereby ISPs would block access to websites alleged to host child abuse images. It is somewhat ironic that this news becomes public just as both Germany and the Netherlands have decided to abandon similar systems, having found that they are ineffective as a means of tackling child abuse images. Even leaving aside considerations of effectiveness, however, the proposed Irish system still presents a number of significant concerns. A fundamental principle under Article 10 of the European Convention on Human Rights is that measures which have the effect of restricting freedom of expression must be "prescribed by law". In this case, however, the Irish system would not have any legal basis whatsoever, much less any judicial oversight or control. Instead, it would involve the police in telling ISPs what domains to block on a "self-regulatory" basis. Consequently, it would seem on the face of it that the proposed system would violate Article 10. The European Commission recently reached the same conclusion about self-regulatory blocking systems (p.30) as did a government study which was decisive in causing the Dutch blocking system to be abandoned. A further problem relates to the secret manner in which the government and the police have attempted to introduce this system. There has been no public consultation or debate of any kind regarding blocking - instead, information has only dripped out in response to freedom of information requests and leaks from ISPs. This is particularly worrying given that (as Lessig points out) internet filtering is an inherently opaque process, which is prone to operating in an unaccountable way and to being extended beyond its original purposes. In the Irish context, the secrecy surrounding the introduction of filtering doesn't bode well for the future. The nature of the proposed blocking is also worrying. What Irish police have suggested is based on the CIRCAMP model, which attempts to block material by using DNS tampering. In short, the police would notify ISPs to block example.com or subdomain.example.com and the ISP would then configure their DNS servers to redirect all attempts to visit any material hosted on those (sub)domains. The effect would be massive overblocking, where users would be unable to visit any page hosted on a particular domain, irrespective of whether it had any connection whatsoever with the blocked material. Last February, a similar approach in the United States saw over 84,000 innocent websites being wrongfully blocked, and there is no reason to think that the Irish approach would be any more precise. Finally, one particularly unusual aspect of the proposals is the way in which the police seek to introduce monitoring of users. According to the proposals, where a user attempts to view a blocked domain name, police would "obtain details of other websites visited by the user, along with other technical details, in order that [they] can identify any new websites that require blocking". This, in effect, seeks the full browsing history of users - whether or not there has been any attempt on their part to view child pornography! (Bearing in mind that DNS tampering results in massive overblocking, it is quite likely that a user may have their browsing history disclosed due to an attempt to visit example.com/innocent_content when the entirety of example.com has been blocked due to a single image or page elsewhere in the site.) This raises fundamental privacy and data protection concerns, particularly given that a user can often be identified by viewing their browsing history, and has therefore been referred to the Data Protection Commissioner for investigation. Given these problems, it must be hoped that these proposals are abandoned. But quite apart from these particular proposals, it is now also time to look at the other systems of internet filtering in Ireland that have developed on an ad hoc basis. In particular, Irish mobile phone companies have been engaged in self-regulatory blocking for some time, in a manner which often affects innocent users due to crude DNS systems. Similarly, the largest Irish broadband provider Eircom recently settled an action brought by the music industry by (amongst other things) agreeing to block access to The Pirate Bay and "related domain names". These systems have developed without any real public scrutiny or oversight and it is time to consider the effect which they have on users, whether they are subject to adequate transparency and oversight mechanisms and whether or not they are effective at achieving their goals. Garda plans to introduce web blocking in Ireland (29.03.2011) http://www.digitalrights.ie/2011/03/29/garda-plans-to-introduce-web-blocking... Governmental filtering of websites: The Dutch case (2009) http://cli.vu/pubdirectory/363/manuscript.pdf Garda plans for web blocking referred to Data Protection Commissioner (29.03.2011) http://www.digitalrights.ie/2011/03/29/garda-plans-for-web-blocking-referred... An Object Lesson in Overblocking (17.02.2011) http://www.cdt.org/blogs/andrew-mcdiarmid/object-lesson-overblocking Original article: The curious case of internet filtering in Ireland (11.04.2011) http://www.tjmcintyre.com/2011/04/curious-case-of-internet-filtering-in.html (contribution by TJ McIntyre - EDRi-member Digital Rights Ireland) ============================================================ 8. French Digital Council with no representative from Internet users ============================================================ On 27 April 2011, French President Nicolas Sarkozy officially installed the National Digital Council (Conseil national du numirique - CNN) which is to advise the French government on digital issues. Among the 18 personalities belonging to the newly established body, there is no representative of Internet users but only of private companies. On the occasion of the establishment of the council, Sarkozy seemed to want to reconcile the Internet by recognizing some errors related to the most criticised Hadopi and Loppsi laws. However, this impression was soon after clarified as Sarkozy's statements were meant to justify the creation of CNN "useful at the time of the elaboration of the two laws having instituted (...) to formalize even more the dialogue between the economy actors and the Internet." The president had no intention of amending these laws which, in his opinion, are the best tools to defend copyright. Furthermore, while CNN was created to advise and give recommendations to the government for "the development of the Internet in France" and in order "to avoid past errors", it has come up that, actually, the decree on the creation of CNN, which deviates from the original recommendations drafted by Pierre Kosciusko-Morizet, shows a significant decrease of its powers. The government has decided to limit the role of the body by refusing to systematically consult it in all draft texts in the digital area. The decree says that "the National Digital Council has the mission to enlighten the government and to participate in the public debate in the digital domain" and therefore, it can be "consulted by the government in any legislative and regulation draft measures susceptible of having an impact on the digital economy". The council will however be able to make its recommendations and will draft an annual activity report that will be submitted to the President of the Republic, the Prime Minister and the minister in charge of the digital economy. The report will not be seen by the Parliament, as it was recommended in Pierre Kosciusko-Morizet's report. The decree has raised serious criticism particularly as the council members include no representation from civil society. Jirimie Zimmermann, co-founder and spokesperson of La Quadrature du Net considers CNN, "one more machine where the citizens are not even represented" and which "will never be legitimate". The Council officially gathered on 27 April 2011 when its 18 members elected Gilles Babinet, founder of Musiwave, as its president. Sarkozy answered the critics arguing that the consumers have their own authorities and gave assurances as to CNN's independence. On this occasion, the opposition has again reacted and asked once more for the abrogation of the infamous Hadopi laws. Meanwhile, Hadopi authority continues its graduated response activities passing to the second phase of the operation. The National Digital Council forgets about the Internet users (only in French, 27.04.2011) http://www.01net.com/www.01net.com/editorial/532070/le-conseil-national-du-n... Nicolas Sarkozy comforts Hadopi but recognises errors (update) (only in French, 28.04.2011) http://www.01net.com/editorial/532061/nicolas-sarkozy-conforte-hadopi-mais-r... CNN will not be systematically consulted by the government (only in French, 30.04.2011) http://www.numerama.com/magazine/18664-le-cnn-ne-sera-pas-consulte-systemati... No representative of the public at the National Digital Council (update only in French, 27.05.2011) http://www.numerama.com/magazine/18605-aucun-representant-du-public-au-conse... ============================================================ 9. BitTorrent site blocked by Italian court ============================================================ On 21 April 2011, an Italian court ordered all Italian ISPs to block the BitTorrent search website BTjunkie considered by the public prosecutor as one of the most prominent havens for pirated media. BTjunkie IP addresses and its domain name were to be made inaccessible by all Italian ISPs by blocking users' access to the site. The court order follows an investigation by the Guardia di Finanza (GdF), the Italian police body responsible for cybercrime. The authorities claim that BTjunkie was one of the most frequently visited BitTorrent sites in the country and blame the BitTorrent site for the failure of the Italian pay-per-view TV-station Dahlia TV, which had to close down in March 2010 due to financial problems. This comes after the permanent blocking of The Pirate Bay in 2010 after a long legal action started in 2008. Although The Pirate Bay won an appeal with the Court of Bergamo which ruled that no foreign website could be censored for alleged copyright infringement, the Supreme Court reviewed the case and ruled that ISPs could be forced to block BitTorrent sites, even if they were not hosted in Italy or operated by Italian citizens. Therefore, according to the decision by the Supreme Court, sites offering torrent files linking to copyrighted material are considered as being engaged in criminal activity . "I'm disappointed with the Italian judicial system. We will do our best to fight for Italian people's right to communicate. At the moment I can suggest to try any of the other popular torrent sites and checking TorrentFreak later for an update on alternative methods for accessing BTjunkie from Italy", stated BTjunkie's owner to TorrentFreak who also stated he did not intend to appeal the decision. Yet, very soon after the court decision has been made public, a new and ad-free proxy site, proxyitalia.com, was launched allowing Italians to browse an uncensored web and access BTjunkie, as well as The Pirate Bay. This only shows the futility of blocking actions. Hundreds of thousands of Italian BitTorrent users still use The Pirate Bay website against the national blocking order and there are dozens of other options. Italian Court Orders All ISPs to Block BTjunkie (21.04.2011) http://torrentfreak.com/italian-court-orders-all-isps-to-block-btjunkie-1104... BTJunkie - access blocked (only in Italian, 22.04.2011) http://punto-informatico.it/3140477/PI/News/btjunkie-accesso-inibito.aspx Internet: operation of the Financial Guard against piracy (only in Italian, 21.04.2011) http://www.ansa.it/web/notizie/regioni/sardegna/2011/04/21/visualizza_new.ht... BTjunkie Starts Proxy to Bypass Italian Blockade (25.04.2011) http://torrentfreak.com/btjunkie-starts-proxy-to-bypass-italian-blockade-110... ============================================================ 10. Privatised enforcement series D: Anatomy of a self-regulation proposal ============================================================ How does it happen that an industry or a sector of industry signs up "voluntarily" to arbitrarily punish their consumers and to restrict freedom of speech? One of the most interesting and telling examples is the ongoing "public/private dialogue to fight online illegal activities". In November 2009, the European Commission Directorate General for Justice Liberty and Security (the relevant units are now part of DG Home Affairs) invited a variety of Internet companies (but no civil society representatives) to a meeting to discuss, in very vague terms, the issue of illegal content online - concentrating on child abuse, terrorism and racism/xenophobia. In that meeting, no particular problem was identified that needed to be solved and various existing approaches were presented to fight such content. At that meeting, the European Commission offered to prepare draft recommendations to form the basis of future discussions. This text would formally be the Commission's "understanding" of industry's views and not, legally speaking, a proposal from the Commission. As a result, the Commission's proposals would not need to go through either any internal approval systems in the Commission or, being a non-legislative proposal, through the Council of the EU or European Parliament. This loophole permits the Commission to make proposals to industry informally, but with the threat of legislation permanently in the background. The Commission subsequently produced the set of recommendations (see link below), which listed a variety of circumstances where "Internet providers" could "remove or disable access" to content, without any judicial oversight and without any clear obligations for public authorities to act against the criminally illegal content - a public/private dialogue where the public has to do nothing and the private does everything, outside the democratic process and the rule of law. The Commission then organised another meeting in May 2010, at which EDRi asked to participate. During that meeting, EDRi repeatedly asked for information on what specific problems with illegal content hosted in Europe had been identified that this project sought to address. No response was forthcoming. Industry participants echoed this call and asked why, if the Commission is only talking about hosting providers, it did not make reference to hosting providers rather than "internet providers" in its proposed text. No answer was forthcoming. At the end of that event, the Commission promised to take the concerns into account and to produce a revised set of recommendations. Meanwhile, EDRi and the European ISP Association (EuroISPA) prepared a joint letter explaining the minimum requirements to be respected. In December 2010, another draft recommendation set was put forward by the Commission, which was virtually identical to the one in May. A day-long meeting was organised where the same questions were asked by EDRi and by industry, with the Commission again failing to provide any information regarding the nature of the problem that the process was supposed to solve. After the meeting, EDRi joined with both EuroISPA and the European Telecoms Networks Operators Association (ETNO) to again put the concerns and demands of both civil society and industry in writing. Six months later, the only response that the letter has received is that it would not be answered before June. This whole process has been a solution in search of a problem, exploiting a loophole where individual services in the Commission can make proposals of major importance to freedom of communication without any bureaucratic or democratic oversight using the pretence that they are not Commission proposals at all. EDRi/EuroISPA letter (07.09.2010) http://www.edri.org/files/090710_dialogue_NTD_illegal_content_EuroISPA-EDRI.... Commission recommendations (last 4 pages are relevant) http://www.edri.org/files/Draft_Recommendations.pdf (contribution by Joe McNamee - EDRi) ============================================================ 11. ENDitorial: Defending the Open Internet ============================================================ At an event organised by Brussels think-tank Security and Defence Agenda, EDRi's advocacy coordinator debated freedom and security online with: - Robert Madelin, Director General of DG Information Society of the European Commission, - Erika Mann, Member of the Board of ICANN and Vice President of the Computer and Communications Industry Association, -Suleyman Anil, Head of the Cyber Defence Section of NATO. This is EDRi's opening speech: Thank you for the invitation to speak this evening on a topic that is of major importance to free speech, innovation and the economy. The topic for discussion this evening is vast - so I will restrict myself to just six words from the programme - "cooperation between public and private actors". The security of our fundamental rights is at risk when our activities are regulated by commercial whims. The security of the Internet as an asset for the global economy is at risk by the creation of virtual borders as disproportionate responses to new problems. Ultimately, faced with unwanted behaviour online, there are only three options: accommodate it, address the unwanted activity itself or break the Internet. Or rather, break what gives the Internet its value. The Internet is of such value for the fundamental rights and the economy because of its openness - a true single market without border guards and iron curtains. This maximises the potential for communication and allows anyone to invent the next big thing. We cannot and must not destroy this openness simply because it is exploited by criminals. Every effort at regulation creates borders. Every move to devolve policing activities to internet providers, domain name registrars, IP address registries or whoever drops another rotten apple into the barrel of free and open networks. DG HOME of the European Commission and the FBI are working globally and domestically to recruit private internet operators like Wild West vigilantes - literally every single intermediary in the value chain of the Internet is being pressed into extra-judicial service. It is only the very core of the internet itself that has not yet been press ganged into service. Only yesterday we discovered that the Council of Ministers is discussing the creation of a cyber "Chinese Wall" around Europe. This is far removed from the insightful statement in the recent European Commission Communication on net neutrality that "the internet owes much of its success to the fact that it is open and easily accessible." Sadly, therefore, the Egyptian "kill switch" is nothing more than the end of the continuum that Europe and US are already rushing along. We are not there yet, but this is the path and this is the danger. And much of this regulation is in response to complaints from industries that are out of step with the digital world. They are out of step with the digital world and, instead of adapting, they demand that the world move to their beat. What few people realise is that this whole scenario has already happened. In the early nineties, some countries banned Internet telephony and filtered it out of their networks. The result was a dream scenario for criminals, who exploited the high prices of the monopolies, smuggling voice calls over unlicenced dedicated lines and unlawfully hooking them into the national telephone network. Then, along came Skype, with automatic encryption, the regulation became pointless and was repealed and all of the efforts to stop time to the benefit of fat old monopolies had failed. Business had lost out due to lack of competition. Citizens had lost out to high prices. Monopolies lost out by not being challenged to adapt to technological reality. Only the criminals won - bad regulation is oxygen for criminals and poison for fundamental rights. Nowadays, it would be absurd to suggest a ban on Internet telephony - although some mobile operators would disagree. All fixed operators now accommodate Skype. They now make money from receiving calls generated on Skype. They have innovated, finally moved with the times and now exploit rather than seek to destroy the core value of the Internet. If the same issues arose today, there would be demands for Skype.com to be blocked, deep packet inspection to search for Skype data packets. And Europol would be asking for public education campaigns to warn consumers about the links of internet telephony to organized crime. After all, there was organised crime involvement in internet telephony, which means that all countermeasures are justified. A vicious circle of bad regulation leading to criminality leading to the excuse to maintain and re-enforce the bad legislation. Now the outdated industry is the content industry. And we are faced with ever-more damaging enforcement measures for laws which are so utterly illegitimate in the eyes of citizens that infringements are, in the words of the European Commission, "ubiquitous". Not that the content industry is alone - the same phenomenon is repeated to protect national gambling monopolies and tax receipts from national gambling operators. And all too often online child abuse is abused to push through policies that, while being useless for fighting child abuse, are subsequently recycled for commercial purposes. Because of this, policing the edge of the network has become more difficult. Slowly but surely, the enforcement measures are moving deeper into the network, first pushing Internet providers to police their own consumers and now, increasingly, using the structure of the Internet itself to vainly try to fight infringements created by illegitimate law. And again we are faced with filtering, again we are faced with blocking of websites and again regulators seek to accommodate rusty old industries. The good news is that it is possible to have a public electronic communications network that has no copyright infringements - We had it with AOL, whose closed walled garden approach was unable to compete with the openness, flexibility and innovation of the Internet - We had it with CompuServe, whose closed walled garden approach also could not survive the Internet's openness, - We had it with Minitel, which proved that a network where the telecoms company has full control of access to its customers is uncompetitive and can only fail. Excessive, badly targeted and counter-productive regulation is the biggest security threat that the citizens and the online economy faces. We must work together to defend the open internet. We must work together to support legislation that demands innovation rather than facilitating stagnation. We must work together to defend the rule of law, faced with efforts to put our freedoms in the unwilling hands of internet intermediaries. (contribution by Joe McNamee - EDRi) ============================================================ 12. Recommended Action ============================================================ Europeana will organise a series of hackathons to showcase the potential of the API usage for data providers, partners and end-users. The hackathons are informal workshops bringing together competent and enthusiastic software developers to build cool projects within a day or two (sketches, prototypes, even working applications). Europeana and partner institutions are organising simultaneous hackathons in 4 European countries (UK, Sweden, Poland, Spain) in the week 6 - 11 June 2011 http://version1.europeana.eu/web/api/hackathons ============================================================ 13. Recommended Reading ============================================================ English translation of the Czech Constitutional Court data retention decision http://www.edri.org/files/DataRetention_Judgment_ConstitutionalCourt_CzechRe... Impossible to Ensure Legality of EU Communications Data Retention Directive Says German Parliament (26.04.2011) http://www.vorratsdatenspeicherung.de/content/view/446/79/lang,en/ ============================================================ 14. Agenda ============================================================ 5-6 May 2011, Milan, Italy The European Thematic Network on Legal Aspects of Public Sector Information - public conference http://www.lapsi-project.eu/milan 17-18 May 2011, Berlin Germany European Data Protection Reform & International Data Protection Compliance http://www.edpd-conference.com 30-31 May 2011, Belgrade, Serbia Pan-European dialogue on Internet governance (EuroDIG) http://www.eurodig.org/ 2-3 June 2011, Krakow, Poland 4th International Conference on Multimedia, Communication, Services and Security organized by AGH in the scope of and under the auspices of INDECT project http://mcss2011.indect-project.eu/ 3 June 2011, Florence, Italy E-privacy 2011 and Big Brother Awards 2011 http://e-privacy.winstonsmith.org/ 4-5 June 2011, Bonn, Germany PolitCamp 2011 http://11.politcamp.org 12-15 June 2011, Bled, Slovenia 24th Bled eConference, eFuture: Creating Solutions for the Individual, Organisations and Society http://www.bledconference.org/index.php/eConference/2011 14-16 June 2011, Washington DC, USA CFP 2011 - Computers, Freedom & Privacy "The Future is Now" http://www.cfp.org/2011/wiki/index.php/Main_Page 11-12 July 2011, Barcelona, Spain 7th International Conference on Internet, Law & Politics (IDP 2011): Net Neutrality and other challenges for the future of the Internet http://edcp.uoc.edu/symposia/lang/en/idp2011/?lang=en 24-30 July 2011, Meissen, Germany European Summer School on Internet Governance 2011 Applications open until 15 May 2011 http://www.euro-ssig.eu/ ============================================================ 15. About ============================================================ EDRi-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRi has 28 members based or with offices in 18 different countries in Europe. European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRi-grams. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and are visible on the EDRi website. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 3.0 License. See the full text at http://creativecommons.org/licenses/by/3.0/ Newsletter editor: Bogdan Manolea <edrigram@edri.org> Information about EDRI and its members: http://www.edri.org/ European Digital Rights needs your help in upholding digital rights in the EU. If you wish to help us promote digital rights, please consider making a private donation. http://www.edri.org/about/sponsoring - EDRI-gram subscription information subscribe by e-mail To: edri-news-request@edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. Unsubscribe by e-mail To: edri-news-request@edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/edri/2.html - EDRI-gram in German EDRI-gram is also available in German, with delay. Translations are provided Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users http://www.unwatched.org/ - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask <edrigram@edri.org> if you have any problems with subscribing or unsubscribing. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE