============================================================ EDRI-gram biweekly newsletter about digital civil rights in Europe Number 6.13, 2 July 2008 ============================================================ Contents ============================================================ 1. Control on Internet users pushed through the new Telecom package 2. France promotes the three-strike scheme in Europe 3. The US-EU agreement on personal data exchange by law enforcement 4. ePrivacy Directive debated in the EP's Civil Liberties Committee 5. ECJ first hearing on data retention case 6. ICAAN supports custom domains and discusses whois privacy issues 7. German Protests in over 30 cities against surveillance 8. ENDitorial: Sweden is listening to all internet and phone conversations 9. Recommended Action 10. Recommended Reading 11. Agenda 12. About ============================================================ 1. Control on Internet users pushed with the new telecom package ============================================================ An appeal from three European NGOs - La Quadrature du Net, netzpolitik.org and EDRi-member Open Rights Group - reveal some disturbing MEPs amendments to the draft directives to reform the EU framework on electronic communications (telecom package). The review of the telecom package was merely focusing on telecom-related issues (except for discussions on the ePrivacy directive, which is the subject of another EDRi-gram article in the current issue), but some of the 800 amendments on the 5 directives that form the current package might go further than just establishing the rules for a functioning electronic communications market and could endanger the principle of the neutrality of the Internet. Some amendments will transform the ISPs from technical intermediaries that have no obligation to prior surveillance of contents into law enforcers. Therefore they might be asked to block their users from lawful activities in the interests of their security or to work with content producers and rights-holders' organizations, including sending intimidating messages, with no judicial approval. The amendment meant to support Intellectual Property Rights owners could open the door to censorship and might mean in practice the loss on privacy on the Internet. "The politicians who engage in these summer manoeuvres dishonour Europe and their mandate. They rely on the fact that nobody watches them few days before Parliamentary holiday, to divert the Telecom package from its primary objectives of consumer protection. They pave the way for the monitoring and filtering of the Internet by private companies, exceptional courts and Orwellian technical measures. It is inconceivable for freedom but also for European economic development. We call on all MEPs to oppose what they have already rejected." said Christophe Espern, co-founder of La Quadrature du Net (Squaring the Net). The appeal of the three organisations comes just before the 7 July vote in the ITRE and IMCO Committees of the European Parliament on the suggested amendments to the telecom package. The plenary discussion and vote for the whole package will take place in September, but the vote in the two committees could have a significant impact on the final result. Mobilization Package Telecom (in English, German and French) http://www.laquadrature.net/wiki/Mobilisation_Paquet-Telecom Telecom Package warning document for IMCO/ITRE vote (30.06.2008) http://www.laquadrature.net/files/note-IMCO-ITRE-quadrature-20080630.pdf The commented amendments in HTML format http://www.laquadrature.net/wiki/Telecom-Package_Compromise-Amendments_ITRE-... Participate: Europe-wide action against the telecom package (only in German, 1.07.2008) http://netzpolitik.org/2008/mitmachen-europaweite-aktion-gegen-das-telekom-p... Write to your MEP: say no to "3 strikes" through the backdoor (2.07.2008) http://www.openrightsgroup.org/2008/07/02/write-to-your-mep-say-no-to-3-stri... ============================================================ 2. France promotes the three-strike scheme in Europe ============================================================ With France taking over the presidency of the European Union on 1 July 2008, the French Minister of Culture, Christine Albanel, wants to get a consensus in the fight against p2p downloading by translating the French model to the entire Europe. Christine Albane presented on 19 June to the French Council of Ministers her proposal for the controversial Internet and Creation law, initiated first by Denis Olivennes, former CEO of Fnac, designed to fight online piracy, mainly through the implementation of the so-called "three-strikes" scheme. A newly-created independent authority, entitled HADOPI (Haute Autoriti pour la diffusion des oeuvres et la protection des droits sur Internet), is to be responsible with issuing warnings and potentially cutting Internet subscriptions in cases of infringements. At the request of rights holder, HADOPI will have the power to demand from ISPs the identity of copyright-infringing computer users, followed afterwards by a three-step process. A warning by email will be first sent, and in case the infringements persist, the warning will be sent by a registered letter. For the third infringement, HADOPI will be entitled to cut the Internet access of the user for three up to 12 months. This period may be shortened to one to three months if the infringer commits to stop the alleged illicit downloading. The law has been approved by the French Government and it will be debated in the two chambers of the Parliament. Despite Albanel's confidence in the draft law and her determination to make it pass, the law is facing a large range of opposition starting with the European Parliament, CNIL, ISOC, reservations from the State Council, ARCEP and ending with criticism from parliamentarians, public opinion, access suppliers and press. Having this in view, it seems SACEM (Sociiti des auteurs, compositeurs et iditeurs de musique) is already thinking of an alternative. As stated by Bernard Miyet, President of SACEM board of directors, the organisation is not thinking of a global licence but of a contribution from the ISPs. "When you are a cable distributor such as Numericable and you transport programmes, you pay royalties. When you are a satellite platform, it is the same. On the Internet side, the ISPs have succeeded in avoiding any legal or financial responsibility or, it is well known, that they created all their development on music" he said. There is no discussion however of balancing the fee for the ISPs with a new right for the Internet users as in the case of the global licence that would allow Internet users to download music and make it available free for everybody. The global licence would also increase the revenues of the music creators and artists but not those of the music distributors or recording companies who are afraid of loosing control and therefore part of the market. While in France the HADOPI law is under dispute and although the European Parliament has initially opposed the French model, it seems the European Commission has in view to adopt a recommendation that would approve the gradual type of reaction to illicit downloading. Gradual response: France proposes its model to the European homologues (only in French, 24.06.2008) http://www.zdnet.fr/actualites/internet/0,39020774,39381916,00.htm Hadopi project: return to the expectations and forces in presence (only in French, 23.06.2008) http://www.zdnet.fr/actualites/internet/0,39020774,39381902,00.htm Gradual response : Sacem already has a plan B (only in French, 30.06.2008) http://www.numerama.com/magazine/10119-Riposte-gradue-la-Sacem-a-dj-un-plan-... ============================================================ 3. The US-EU agreement on personal data exchange by law enforcement ============================================================ As stated by the New York Times on 26 June 2008, the United States and the European Union are close to conclude an agreement allowing the exchange of personal data of their citizens, including credit card information, travel history and Internet browsing information in order to be shared with the law enforcement and security agencies. According to an internal report revealed by the newspaper, the potential agreement that has been negotiated since February 2007 between the US Department of Homeland Security (DHS), the Justice and State departments and their European counterparts will make clear that it is lawful for European governments and companies to transfer personal information to the United States, and vice versa. One of the issues still to be solved is that of whether European citizens should be able to sue the United States government in case it violates data privacy rules or, on the basis of incorrect personal information, it takes an adverse action against them such as denying them entry into the country or placing them on a no-fly list. The European law generally gives citizens the possibility to file a case and ask for damages from the governments and so does US Privacy Act of 1974 which however does not extend to foreigners. The US officials are reluctant to accept it and try co convinces the EU that there are other possibilities to correct such cases like asking an agency to correct the misinformation through administrative procedures. The European Union still insists on its position that its citizens should have "the ability to bring suit in U.S. courts specifically under the Privacy Act for an agreement to be reached on redress". Such a concession would mean for the US administration to create new legislation which they are trying to avoid. Some privacy rights advocates in Europe have warned on certain issues of concerns. The two negotiating parties have agreed that information related to race, religion, political opinion, health or "sexual life" may not be used by a government "unless domestic law provides appropriate safeguards." However, the agreement does not specify what an appropriate safeguard should be, leaving the decision to each government. "I am very worried that once this will be adopted, it will serve as a pretext to freely share our personal data with anyone, so I want it to be very clear about exactly what it means and how it will work," said MEP Sophia in 't Veld. The negotiators are trying to agree on minimum standards for privacy rights protection. The European law establishes independent government agencies to check whether personal data is being used lawfully and to assist citizens concerned about invasions of their privacy. As the United States has no such independent agency the Europeans have agreed, as a concession, that the American government's internal oversight system should be able to account for the use of Europeans' data. US officials say they would like to resolve the problem before the end of Bush administration in January 2009. The European Parliament will have the power to ratify any agreements between US and Member States If the agreement does not require legislative action, Mr. Bush could complete it. It appears that the Europeans would like to wait until 2009 but the finalisation process might be delayed as Irish voters rejected it in a referendum this month. In March, the United States and Germany concluded a bilateral deal facilitating the automatic exchange of data on suspected terrorists, that might be taken as a model for similar accords between the US and other European countries, applied to a wide-ranging exchange of information, including the fingerprints and DNA of suspects. A similar deal was made between Hungary and US in June 2008, and it was considered as a big step in the Memorandum between the two countries that strives for the Hungarian membership in the Visa Waiver Program. The Hungarian-US agreement was published in the Hungarian Official Gazette on 20 June. U.S. and Europe Near Agreement on Private Data (28.06.2008) http://www.nytimes.com/2008/06/28/washington/28privacy.html US-EU private data sharing agreement at hand: report (29.06.2008) http://www.physorg.com/news133928961.html Report: US, EU Near Agreement on Personal Data Exchange (28.06.2008) http://www.dw-world.de/dw/article/0,2144,3445491,00.html FBI ready to demand detailed logs of Britons' internet and travel habits (29.06.2008) http://www.guardian.co.uk/technology/2008/jun/29/privacy.internet ============================================================ 4. ePrivacy Directive debated in the EP's Civil Liberties Committee ============================================================ On 25 June 2008, the European Parliament's Standing Committee on Civil Liberties, Justice and Home Affairs asked for measures to correct the European Commission's proposal to amend the Directive on Privacy and Electronic Communications (called ePrivacy Directive). "We have introduced a few points directed towards better consumer protection and manageability" in order to "improve data protection overall and bring it in line with the changed situation" stated Rapporteur for the project MEP Alexander Alvaro (FDP). Peter Hustinx, the European Data Protection Supervisor (EDPS), adopted, on 14 April, an Opinion on the European Commission's proposal amending, among others, the ePrivacy Directive. The EDPS basically supported the EC proposal giving a few recommendations such as the obligation to notify any breach of security not only from providers of public electronic communication services in public networks but also from providers of information society services which process sensitive personal data. What the MEPs are now asking for is a procedure to inform users, in case of security breaches at service providers and a better protection from surveillance. For the measures requiring providers of electronic services to inform users of breaches of data protection, the MEPs intend to involve an intermediary body. The companies will inform national telecommunications regulators or other "competent authorities" on "serious" security breaches of personal data and the regulatory bodies will decide if consumers need to be rapidly informed. The companies might also be asked to report the occurrence of security problems in their annual reports. One of the aspects that was largely debated within the Committee was related to the collection of personal data such as IP addresses, a compromise being reached in the end considering that an online identity should be specifically considered as an item of personal information needing special protection when it is related to an individual in combination with other information. The EP Committee asked the European Commission to submit, in consultation with EU data protection officials, within the next two years, specific draft legislation for treating IP addresses as personal data. Alvaro's proposal to apply the provision allowing member states to enact their own legislation to relax protection of connection and location data for public security and the prevention, detection and prosecution of criminal acts or illegal use of electronic communications systems, to cases when ownership rights are infringed, failed as concerns have been expressed by data protection officials, such as German data protection commissioner Peter Schaar. However Alvaro succeeded in passing several other proposals such as the future application of the directive to publicly accessible private telecommunications networks including university networks or social networks such as StudiVZ or Facebook. Companies offering applications attempting to access personal data on hard drives, or other IT systems, such as USB flash drives, will have to get the user's consent beforehand on the basis of the opt-in principle. Alvaro drew the attention that a user setting his browser to accept cookies would be considered to give consent to data collection. However, according to the directive, in the future, cookies for storing user data using the Flash multimedia application will require separate consent. According to Alvaro, the amendments proposed by the Standing Committee on Civil Liberties, Justice and Home Affairs will be incorporated into the report of the Internal Market and Consumer Protection committee, primarily responsible for the telecommunications package. The entire package for regulating telecommunications companies and ISPs will be voted in September after a first reading at a plenary session. The European Council will be then required to submit comments. During its 66th plenary session that took place in Brussels between 24-25 June, the Article 29 Working Party expressed its opinion on the review of the E-privacy Directive fully supporting "the proposed strengthening of Article 4 'Security' by requiring providers of publicly available communication services to notify security breaches, and underlines the importance of informing all persons concerned when their personal data have been compromised or are at risk of being compromised." However, the Working Party 29 considers there are issues that still need to be covered such as the need to extend the scope of the obligation to notify security breaches to the providers of information society services as well as the scope of the recipients of the notification to include all persons concerned rather than only the "subscribers". MEPs adopt draft "e-privacy directive" reforms (27.06.2008) http://www.heise.de/english/newsticker/news/110110 Press Release - Article 29 Working Party (26.06.2008) http://ec.europa.eu/justice_home/fsj/privacy/news/docs/pr_30_06_08_en.pdf EDRIgram - EDPS endorses data breach notification provision in ePrivacy Directive (23.04.2008) http://www.edri.org/edrigram/number6.8/edps-data-breach-notification ============================================================ 5. ECJ first hearing on data retention case ============================================================ On 1 June 2008, the first hearing by the European Court of Justice (ECJ) on Ireland's action for the annulment of the directive on data retention took place in Luxembourg. Ireland, later on joined by Slovakia, filed an action with ECJ against the European Council and Parliament in July 2006 for the annulment of Directive 2006/24/EC for data retention claiming an incorrect legal basis. The action has been largely supported by various bodies and private advocates ever since but despite the strong opposition, the European Parliament made a compromise and adopted the directive the 14 December 2007. Unfortunately, the legal basis of the data retention directive is supported not only by the European Parliament and Council, but also by the Commission, Spain, Netherlands and EDPS, Peter Hustinx. The latter argues that Art 95 EC Treaty, the legal base used, is appropriate as the retained data would not otherwise fall under the EU Privacy Directives. Also Hustinx did not mention any aspects regarding the data retention directive & infringement of the human rights. EDRi-member Joris van Hoboken commented on this situation: "These reasons are pragmatic and without doubt EDPS argued similarly when the Council was still pursuing a Framework Decision in the Third Pillar. The reasons why the European Parliament wanted to have data retention in the First Pillar was because they wanted to have a co-decision procedure, in which they have more powers." However Slovakia also questioned if the present directive does not breach the rights of the individuals in respect with their personal data. It is not clear if the court will took consideration the breach of privacy by the directive, since the subject was not brought up by the main plaintiff. Civil liberties campaigners: Communications Data Retention will be stopped (30.06.2008) http://www.vorratsdatenspeicherung.de/content/view/236/79/lang,en/ European Court of Justice in negotiations on retention of telecommunications data (only in German, 1.07.2008) http://www.heise.de/newsticker/Europaeischer-Gerichtshof-verhandelt-ueber-Vo... Hearing of European Court of Justice on Data Retention Directive (1.07.2008) http://www.jorisvanhoboken.nl/?p=167 EDRIgram - European parliament adopts data retention directive (18.01.2006) http://www.edri.org/edrigram/number4.1/dataretention ============================================================ 6. ICAAN supports custom domains and discusses whois privacy issues ============================================================ During its 32nd International Public Meeting in Paris of 22-26 June, the Internet Corporation for Assigned Names and Numbers (ICANN) approved the proposal to expand the world's Domain Name System. Dr Paul Twomey, ICANN's president and CEO, said in a statement: "The Board today accepted a recommendation from its global stakeholders that it is possible to implement many new names to the Internet, paving the way for an expansion of domain name choice and opportunity. (...) The potential here is huge. It represents a whole new way for people to express themselves on the Net. It's a massive increase in the 'real estate' of the Internet." "This was an extremely successful meeting that will be remembered as a milestone in the development of the Internet. (...) New generic Top Level Domains and Internationalized Domain Names (IDNs) will open up the Internet and make it look as diverse as the people who use it," said Peter Dengate Thrush, ICANN's Board Chairman. Presently, users have only a limited range of 21 top-level domains (TLDs) to choose from, such as .com, .org or .info. ICANN authorises the launch of every new TLD, the launch being made by an ICANN-approved registry and the domain names being sold by registrars. With the new proposal, applicants for new TLDs can select their domain name themselves and operate as a registry and they can use the names for their own purposes or offer them for sale to third parties through registrars. Applicants from anywhere in the world will have a "limited application period" and the applications will go through an evaluation process, expected to last nine months. Although trade marks will not be automatically reserved, owners will benefit of an objection-based mechanism to consider their arguments for protection. Offensive names will also be subject to an objection-based process "based on public morality and order" as stated by ICAAN. A final version of the implementation plan must be approved by the ICANN Board before the new process is launched. It is intended that the final version will be published in early 2009 and applications for new names are planned to be available in the second quarter of 2009. On the same occasion, at a meeting before the private network administration session, Suzanne Sene, a US government representative, said the Governmental Advisory Committee (GAC) wanted ICANN to organize new studies of the use and misuse of Whois data about the owners of Internet domains and pay for these studies. There is no common agreement yet on a Whois model, the debate between rights holders and the data-protection authorities having lasted long on providing more security for the Whois databases which list the owners of domains. Representatives of US crime-fighting authorities as well as some European counterparts have frequently expressed the opinion that access to Whois data should be granted to those having a "justified interest" claiming that online spammers or swindlers could be investigated properly only by a completely free access to the databases, without the knowledge of the parties involved and without a court order. As a result, many proxy servers, whose data are recorded in Whois instead of those of clients appeared in US. Following the introduction of some barriers to the publication of extensive information about domain owners, the British Nominet gives private users an opt-out to remove their personal data from the publicly accessible Whois database. And after many debates, EU registrars registering generic TLDs such as .info and .com benefit from derogation from the ICANN regulations by submitting a clear request on the part of their own authorities, which however, has not been achieved yet. Internet administrators in dispute over data protection for domain owners (24.06.2008) http://www.heise.de/english/newsticker/news/109882 ICANN backs custom domains, gives brand-owners nightmares (27.06.2008) http://www.out-law.com/page-9214 ICANN Concludes Successful 32nd Meeting in Paris (26.06.2008) http://www.icann.org/en/announcements/announcement-3-26jun08-en.htm Biggest Expansion in gTLDs Approved for Implementation (26.06.2008) http://www.icann.org/en/announcements/announcement-4-26jun08-en.htm ============================================================ 7. German Protests in over 30 cities against surveillance ============================================================ On 31 May 2008, privacy activists organized new rallies in more than 30 cities across Germany. Following the November 2007 protests under the motto "Freedom not Fear"("Freiheit statt Angst"), thousands of citizens participated in this year street actions. Numerous demonstrations, rallies, information events, as well as workshops and art performances sent clear signals to protect constitutional rights and limit the rampant proliferation of surveillance. The rallies had the goal of demonstrating to the ruling grand coalition, a decisive NO of citizens to the blanket collection and storage of data, as well as to the surveillance of all details of daily life. The activities were therefore supported by a multitude of notable organizations and allowed new alliances to be formed in many cities. This underlined the growing force developing behind the well connected movement, the work group stated. According to the German Work Group on Data Retention (Arbeitskreis Vorratsdatenspeicherung), the nationwide protests were a full success: "We were able to use the numerous smaller and larger activities to raise awareness in the population and win new supporters. The responses were positive throughout," explained Ricardo Cristof Remmert-Fontes, one of the organizers of the activities. In Hamburg, Frankfurt (Main), and Munich, peaceful conventional rallies were held which received a large turnout. In Munich, 2500 people additionally demonstrated against the draft of a new law restricting the right of free assembly. In order to depict the loss of privacy, activists in Nuremberg reacted with an art installation by erecting an entire living room in the city's pedestrian zone. In Bonn, the installation "Transition to surveillance" visualized current developments. In Jena, over-sized surveillance cameras were set up, while in Berlin, a host of talks, hands-on workshops and a preview of the art piece "Pigeon Project" were presented. The live-broadcast of events over radio, realized by a network of independent radio broadcasters, also premiered on the day. The recordings will be available for listening on the website of the German Work Group on Data Retention. In all cities where the work group is present with local dependencies signatures were collected against the planned "BKA law" (Federal Criminal Police Office law). The petition was signed online by more than 10 000 people by 1 July. The German Work Group on Data Retention is now preparing multiple Europe-wide campaigns which will culminate in mass protests in 11 October across all of Europe. "This is just the beginning - we will continue!" commented Michel Blumenstein during the Berlin activities of the work group. German Press Release from German Work Group on Data Retention (only in German, 1.06.2008) http://www.vorratsdatenspeicherung.de/content/view/227/1/lang,de/ The "Pigeon Project" - international artists of the Amsterdam Sandberg Institute http://www.pigeonproject.net Recordings of the independent radio station broadcasts (only in German, 31.05.2008) http://wiki.vorratsdatenspeicherung.de/Radio Petition against the BKA law (Federal Criminal Police Office law) (only in German) http://www.bka-petition.de/ (contribution by German Work Group on Data Retention - Germany) ============================================================ 8. ENDitorial: Sweden is listening to all internet and phone conversations ============================================================ In Denmark we already have Data Retention in place and the rest of Europe will follow soon. That means that our own countries demand that Internet companies and phone companies log who we phone, email with, chat with, which websites we visit, etc. This is something that the IT-Political Associations of Denmark (IT-Pol) fights against. Sweden has now taken one more step towards the complete surveillance of its citizens as well as citizens of the rest of the world. The Swedish Parliament (Riksdagen) passed a law that instructs all telephone and Internet operators to deliver a copy of all phone and Internet communication crossing Swedish borders to the Swedish intelligence service FRA. FRA will then use a big spying network and one of the most powerful supercomputers in the world to investigate the content of this communication. For a phone or Internet customer inside or outside Sweden, it is for all practical purposes impossible to know if a phone call or Internet connection crosses the Swedish border. For example, Denmark is located next to Sweden, several big Swedish phone and Internet companies operate in Denmark, and there are many high capacity sea cables between Denmark and Sweden. Much of the traffic from Russia also passes Sweden and that is probably one of the motivations for the law. It is not possible to know beforehand whether e.g. an email or web-page viewing will go through Sweden and after all you can never be sure that your traffic did not go through Sweden. However in some cases you can tell if your traffic did go through Sweden. IT-Pol has investigated various uses of the Internet and has discovered that for example Internet traffic to the Ministry of Ecclesiastical Affairs goes through Sweden. That means that the Swedish FRA intelligence will listen to every email from Danes to a Danish priest. Computerworld Denmark wrote that communication from the Danish intelligence also passes through Sweden. IT-Pol believes that Internet users should not be subjected to such a massive and systematic surveillance and bugging. There are probably many intelligence organizations around the world that try to tap Internet traffic. But in our part of the world it is exceptional that a government require all operators to deliver a copy of internet users' private data to the intelligence service. IT-Pol has twice contacted the Swedish Parliament. The letters (in Danish) are available at itpol.dk. This law has caused massive public opposition in Sweden and the vote barely got passed in the Parliament. It is important that citizens, politicians, and organizations outside of Sweden also speak out and make it clear that this monitoring madness is not acceptable. Internet providers outside of Sweden can alleviate the effects of the Swedish monitoring by not sending Internet traffic through Sweden unless the recipient is in Sweden. Alternatively, they can encrypt all traffic going through Sweden. Tolstrup from the Telecommunication Industries Association in Denmark said in a statement to the Internet magazine ComOn that FRA can require Danish operators to hand over encryption keys. This is not obvious from the text of the FRA-law and IT-Pol is still investigating if this is really true. We have asked some members of the Swedish Parliament about it, but received no answer. If it is true, it is an even more serious attack on the freedom of the users of the Internet. Content providers inside and outside of Sweden can encrypt their content. On most webservers a simple change in the configuration will enable SSL-encryption so that users of the website are protected against the Swedish snooping, even if the content passes the Swedish border. Users can also protect their privacy, even against FRA. They can use encrypted IP telephony, they can use the TOR network to surf the Web, they can send and receive their e-mail encrypted, etc. IT-Pol has taken the initiative of the Polippix project, which provides a live CD, enabling users to take advantage of these technologies. Polippix is now an international project, translated into several languages and used in many countries including Denmark, Germany, France, Thailand and Sweden. IT-Political Association of Denmark http://www.itpol.dk/presentation-of-it-pol TOR Project http://www.torproject.org Polippix http://www.polippix.org 'Yes' to surveillance law (18.06.2008) http://www.thelocal.se/12534/20080618/ EDRi-gram: ENDitorial: A new "NSA FRAnchise" set up in Sweden? (4.06.2008) http://www.edri.org/edrigram/number6.11/nsa-fra-sweden (Contribution by Niels Elgaard Larsen - Chairman, IT-Political Association of Denmark) ============================================================ 9. Recommended Action ============================================================ The Commission has opened a public consultation by 31 July 2008 on age verification, cross media rating & classification and online social networking The purpose of the public consultation is to gather the knowledge and views of all relevant stakeholders (including public bodies, child safety and consumer organisations, industry). The gathered information will be fed into this year's Safer Internet Forum 2008, which will be dedicated to the above mentioned topics. http://ec.europa.eu/information_society/activities/sip/public_consultation/i... ============================================================ 10. Recommended Reading ============================================================ Article 29 Working Party - Opinion 2/2007 on information to passengers about the transfer of PNR data to US authorities, Adopted on 15 February 2007 and revised and updated on 24 June 2008 http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2008/wp151_en.pdf Kieran Poynter's Review of information security at HM Revenue and Customs http://www.hm-treasury.gov.uk/media/0/1/poynter_review250608.pdf Independent Police Complaints Commission report into loss of data at HMRC http://www.ipcc.gov.uk/final_hmrc_report_25062008.pdf Sir Gus O'Donnell's report on Data Handling Procedures in government http://www.cabinetoffice.gov.uk/~/media/assets/www.cabinetoffice.gov.uk/csia... Sir Edmund Burton's report into the Loss of MOD Personal Data http://www.mod.uk/NR/rdonlyres/3E756D20-E762-4FC1-BAB0-08C68FDC2383/0/burton... ============================================================ 11. Agenda ============================================================ 7-8 July 2008, London, UK Developing New Models Of Content Delivery Online & Innovative Strategies For Effectively Tackling Copyright Infringement http://www.isp-content-regulation.com/conference.agenda.asp 7-9 July 2008, Cambridge, UK Privacy Laws & Business 21st Annual International Conference http://www.privacylaws.com/templates/AnnualConferences.aspx?id=641 19-20 July 2008, Stockholm, Sweden International Association for Media and Communication Research pre-conference - Civil Rights in Mediatized Societies: Which data privacy against whom and how ? http://www.iamcr.org/content/view/301/1/ 23-25 July 2008, Leuven, Belgium The 8th Privacy Enhancing Technologies Symposium (PETS 2008) http://petsymposium.org/2008/ 8-10 September 2008, Geneva, Switzerland The third annual Access to Knowledge Conference (A2K3) http://isp.law.yale.edu/ 22 September 2008, Istanbul, Turkey Workshop on Applications of Private and Anonymous Communications http://www.alpaca-workshop.org/ 24-28 September 2008, Athens, Greece World Summit on the Knowledge Society http://www.open-knowledge-society.org/summit.htm ============================================================ 12. About ============================================================ EDRI-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRI has 28 members based or with offices in 17 different countries in Europe. European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRI-grams. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and visibly on the EDRI website. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 2.0 License. See the full text at http://creativecommons.org/licenses/by/2.0/ Newsletter editor: Bogdan Manolea <edrigram@edri.org> Information about EDRI and its members: http://www.edri.org/ European Digital Rights needs your help in upholding digital rights in the EU. If you wish to help us promote digital rights, please consider making a private donation. http://www.edri.org/about/sponsoring - EDRI-gram subscription information subscribe by e-mail To: edri-news-request@edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. unsubscribe by e-mail To: edri-news-request@edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/edrigram-mk.php - EDRI-gram in German EDRI-gram is also available in German, with delay. Translations are provided Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users http://www.unwatched.org/ - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask <edrigram@edri.org> if you have any problems with subscribing or unsubscribing ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE