============================================================ EDRI-gram biweekly newsletter about digital civil rights in Europe Number 5.1, 17 January 2007 ============================================================ Contents ============================================================ 1. EDRI signs the Joint Statement for SCCR 1st Special Session 2. Copyright extension term rejected by EU commissioned report 3. EU knew about the US's system profiling all visitors 4. Is DRM fading out ? 5. New Italian law to block child pornography websites 6. Millions of credit cards scrutinized in Germany 7. Sony loses DRM case in France 8. Changes in the UK ID card scheme 9. Prison or fine for French p2p users ? 10. Recommanded Reading 11. Support EDRI-gram 12. Agenda 13. About ============================================================ 1. EDRI signs the Joint Statement for SCCR 1st Special Session ============================================================ Standing Committee on Copyright and Related Rights' (SCCR) Special Session is taking place right now at Geneva. The meeting (and another in June 2007) aims to fix the proposed Broadcast Treaty so that it could be ratified by the end of this year in a diplomatic conference. If no consensus is found on the content, there will be no conference and - most likely - no treaty at all. EDRI is participating to the meetings together with other NGOs (EFF, CPTech, IP-justice etc) as an observer. The organizations have prepared together a joint statement ", which is also endorsed by a large number of technology companies and which main message is that nobody has been able to argue why a treaty is needed at all. However, in the spirit of constructive engagement if the treaty is to be moved forward in any form, the statement provides with least minimum requirements, at both the principle and the practical language level, notwithstanding more comprehensive specific proposals by some of the signatories. Of major importance is the first of these requirements: "We believe that the current rights-based approach of the treaty must be abandoned entirely. We understand that some parties to these negotiations have equated 'signal protection' with granting 'rights to prohibit' certain uses of broadcasts. We believe that rights in any form are not signal protection, or signal-based protection, and we cannot support their inclusion in any potential new Instrument in connection with Broadcasting." EDRI is also particularly concerned with the possibility that the draft treaty proposal allows for control over Internet retransmissions of broadcasts and cablecasts. As demonstrated at previous occasions, the power of such statements lay in the coalition of diverse industry and NGOs that sign up, even though not optimal from each signatory, including EDRI, point of view. It remains that the core message EDRI wants to convey with its endorsement is that there should be no additional layer of rights for broadcasting organizations and that the statement opposes the treaty applications to the Internet, in case the text continues to take a rights-based approach rather than a signal theft or signal protection approach. The meeting will end at Friday and a more detailed report will be found from the next EDRI-gram. Joint Statement of Certain Civil Society, Private Sector and Rightsholders Representatives for the First Special Session of the SCCR http://www.edri.org/docs/joint_statement_sccr1.pdf Wipo Casting Treaty Blog http://www.cptech.org/blogs/wipocastingtreaty/ Meeting Documents - SCCR 1st Special Session http://www.wipo.int/meetings/en/details.jsp?meeting_id=12043 EDRI-gram: The broadcast treaty stalled by WIPO General Assembly (11.10.2006) http://www.edri.org/edrigram/number4.19/broadcast ( Thanks to Ville Oksanen - EDRI-member Electronic Frontier Finland ) ============================================================ 2. Copyright extension term rejected by EU commissioned report ============================================================ The Recasting of Copyright & Related Rights for the Knowledge Economy is a new study commissioned by the European Union and produced by the Institute for Information Law - University of Amsterdam. The report covers an extensive ground in the EU copyright domain taking into consideration the problems of harmonization in the copyright field, but also the new challenges and debates regarding the extension of the copyright term for sound recordings or consumer awareness and acceptance of copyright. The report is strongly rejecting the music industry's call for the extension of the term for neighbouring rights: "The authors of this study are not convinced by the arguments made in favour of a term extension. The term of protection currently laid down in the Term Directive (50 years) is already well above the minimum standard of the Rome Convention (20 years), and substantially longer than the terms that previously existed in many Member States.(...) An examination of the underpinnings of existing neighbouring rights regimes does not lend support to claims for term extension. Whereas copyright (author's right) protects creative authorship, the rights of phonogram producers are meant to protect economic investment in producing sound recordings. The market dominance of the 'majors' is an economic factor to be taken into consideration. A term extension would in all likelihood strengthen and prolong this market dominance to the detriment of free competition." The EU report is confirming what other national reports have already pointed out. During the similar UK debate, the report commissioned by the Gowers review on the economic evidence on copyright term extension showed that it was "very likely that a term extension of the type under consideration would cause a net welfare loss to society" and estimated the loss to 155 million pounds per year. The Minister for Science and Innovation, Malcolm Wicks, has announced that it will be leaving the question of copyright term extension in sound recordings to the European Commission. The same EU study finds that "An assessment of the acceptance of copyright by the general public is more difficult to make. For this purpose empirical data on p2p file sharing and software sharing were analysed as 'indicators by proxy'. These surveys make clear that unauthorised use and distribution is the norm for approximately 50 per cent of the populations concerned." Regarding the results of the harmonization process, the report states that it "has produced mixed results at great expense, and its beneficial effects on the Internal Market remain largely unproven and are limited at best" and also "advises the EC legislature not to undertake any new initiatives at harmonisation, except where a clear need for amendment of the existing acquis can be demonstrated." The Recasting of Copyright & Related Rights for the Knowledge Economy (11.2006) Executive Summary http://ec.europa.eu/internal_market/copyright/docs/studies/etd2005imd195reca... t_summary_2006.pdf Study http://ec.europa.eu/internal_market/copyright/docs/studies/etd2005imd195reca... t_report_2006.pdf UK will leave question of term extension to EU (11.01.2007) http://dooooooom.blogspot.com/2007/01/uk-will-leave-question-of-term.html ============================================================ 3. EU knew about the US's system profiling all visitors ============================================================ New controversial issues appear in the case of Passanger Name Record (PNR) deal with US that show the level of privacy from the US authorities is very far from the European standards. As Statewatch revealed, the EU Council Presidency admitted that the Council of the European Union and the European Commission had known about the US's "Automated Targeting System" (ATS) profiling all visitors. The issue has become critical after the Homeland Security Department (DHS) posted a Notice on the Federal Register in November 2006 showing that PNR data on travellers from the EU are included in the ATS used by DHS Customs and Border Protection (CBP) branch. ATS is a system that U.S. has used for some years to assess risks to transport. Until August 2006 the system was believed to target cargo shipments. However the DHS notice of November revealed the fact that CBP was using this system to target passengers as well, using, collecting and storing PNR data received from airlines databases. The system creates a risk assessment score and it is not limited to fighting terrorism and crime. Moreover the data is preserved for a 40 year period and can be shared with other US Government organizations and foreign governments or organizations. ATS system not only violates US Congressional prohibitions on passenger risk-assessment schemes ignoring the privacy rights of the US citizens but also the right of citizens all over the world. According to the agreement reached between EU and the US Government in 2004 the transfer of data was allowed with some safeguards, including 3.5 year period of retention and some rights of access by European citizens to correct their data. The US Government promised to use the data only to fight terrorism and organised crime and not to share these data with other agencies or for risk-assessment scoring. The concerns of data protection organisations and bodies come from the fact that US has shown to have constantly broken the agreement. As ATS uses PNR received from EU carriers, CBP uses the data for the profiling of risk assessments although the agreement was only for the verification of the data for people on a watch-list. The data are preserved for 40 years for risk assessment profiling purposes which obviously exceeds by far the 3.5 year period established in the agreement or the case-to-case provision for a person suspected of terrorism. The data is not only used to combat terrorism or organized crime as agreed but also for general law enforcement purposes and the safeguards imposed by the agreement, including the right to correct data by the European citizens, are not observed. Although the Finnish Presidency of EU claims to have made all the efforts in reaching a political consensus on the promotion of the Framework Decision on data protection and in increasing the safeguards for data protection, it has also come out that the Council of Europe and the European Commission had been aware of the existence of ATS since 2005. The Finnish Presidency stated it had sent an official enquiry to the US authorities to clarify the ATS relation to the PNR agreement but data protection advocates show strong reserves to whether the EU will be able to negotiate efficiently in this matter. "The EU Presidency statement that the Council and Commission have known about the ATS for over a year is quite extraordinary. During this period they renegotiated the EU-USA PNR agreement claiming it was on the same terms as that agreed in 2004 when they clearly knew it was not. The Council and the Commission knew about it but did nothing until the existence of the ATS was made public and now they have asked for clarification" stated Tony Bunyan, Statewatch editor. The past history on this issue has shown that the US Government has not observed the agreement and that EU has continuously weakened its demands related to data protection safeguards. Privacy International and the American Civil Liberties Union have called for the repeal of the EU-US agreement on PNR data transfers by appealing to the Council of the European Union, the European Commission, the European Parliament, and privacy commissioners in 31 countries across Europe. Address to the European Parliament by Minister for European Affairs Paula Lehtomaki on Data Protection (12.12.2006) http://www.statewatch.org/news/2006/dec/ats-eu-coun-statement-12-dec-06.pdf PI and ACLU call for repeal of EU-US agreement on data transfers (11.01.2007) http://www.privacyinternational.org/article.shtml?cmd%5b347%5d=x-347-548477 ============================================================ 4. Is DRM fading out? ============================================================ 2007 has started with news showing the fading away of the DRM systems that have created many problems with consumers and interoperability without having clear results in the actions against illegal copies. Thus, one of the biggest record companies, EMI, has announced at the beginning of the 2007 that it will no longer produce DRM protected CDs. EMI considered that the technology was not efficient enough for the CDs. However, the decision was limited to the classical CDs and was not related to the distribution of online music in an MP3 format. But the major record companies have started a serious discussion regarding also selling music online with DRMs. It is expected that in 2007 the music industry revenues from Internet downloads and mobile content stop their increase and possibly even decline. However, the number of Internet users is increasing and it is very possible for people in the industry to "have a very different conversation in January when the dust clears and they realize just how bad this year really was" as Eric Garland, CEO of peer-to-peer (P2P) tracking firm BigChampagne points out. Major brands in the Internet industry, such as Amazon or Myspace, are discussing with the record companies for new business models, where music could be sold without embedded DRM. In France the plans for selling music online without DRMs seem more advanced. VirginMusic has announced that in 2007 it will sell over 200 000 music files in an MP3 format with no copy-protection system, that could be played on any kind of music software. FnacMusic says it will start a similar system on 17 January 2007, when 150 000 music files will be offered to the public, with more files to be added in the next months. Other record companies have announced their intentions to have the same approach in the future months. EMI abandons CD DRM (8.01.2007) http://www.boingboing.net/2007/01/08/emi_abandons_cd_drm.html Ailing music biz set to relax digital restrictions (2.01.2007) http://news.yahoo.com/s/nm/20070102/wr_nm/digital_dc One major should announce abandoning the DRMs (only in French, 3.01.2007) http://www.ratiatum.com/news4113_Une_major_devrait_annoncer_qu_elle_abandonn... _les_DRM.html FnacMusic starts selling DRM free MP3s (only in French, 16.01.2007) http://akosh.pcinpact.com/actu/news/34051-fnacmusic-DRM-MP3.htm ============================================================ 5. New Italian law to block child pornography websites ============================================================ At the beginning of 2007 a ministerial decree was signed by Communications Minister Paolo Gentiloni that obliges Internet Service Providers to block child pornography sites within 6 hours from being announced to do so. The body that has the responsibility to notify the ISPs on the sites that must be blocked will be "Centro nazionale per il contrasto della pedopornografia" (The National Centre against Child Pornography), coordinated by the Post Police under the supervision of the Ministry of Communications. The Centre has to create and update a list of sites considered as containing child pornography and keep informed those responsible by notifying the ISPs. The notifying procedure will be established within the Ministry of Communications but the filtering systems that the ISPs are supposed to use in order to block the sites have not been determined. The decree will oblige ISPs to study and find the technical system to comply with the law starting with 1 March 2007, when it enters into force. Italy's penal code stipulates severe punishments for the distribution and publication of child pornography. According to minister Paolo Gentiloni. "The decree reinforces the fight against child pornography and the exploitation of minors through the Internet". The decree has been well received by many bodies including the Ministry of Family, the Osservatorio sui diritti dei Minori (Children Rights Observatory), Osservatorio sociale (Social Observatory) or Save the Children organisation. While appreciating the introduction of the law, some stated the measure is not enough to stop child abuse and argued on behalf of international measures. According to EDRI-member ALCEI this measure comes as a worsening of the censure situation in Italy, as such kind of legal provisions have not proven efficient in the past in protecting children and stopping child abuse or preventing any kind of violence for that matter. However this paves the way for more censorship that might be applied to other types of information that may be considered forbidden. Paolo Nuti, Vice-president of Association of Italian Internet Providers signalled certain problems that the application of the decree might cause. Blocking a certain IP address may lead to blocking not only the site in view but other related sites that might have nothing to do with child pornography. Italy enacts law to block child porn Web sites (only in Italian, 2.01.2006) http://punto-informatico.it/p.aspx?id=1832753&r=PI Italy will block many other sites (4.01.2006) http://news.com.com/Italy%20enacts%20law%20to%20block%20child%20porn%20Web%2... sites/2110-1028_3-6146574.html "Gentiloni Decree" opposes pedopornography - ALCEI release of 10 January 2007 (only in Italian, 10.01.2006) http://www.alcei.it/index.php/2007/01/10/decreto-gentiloni-e-contrasto-alla-... edopornografia-comunicato-alcei-del-10-gennaio-2007/ ============================================================ 6. Millions of credit cards scrutinized in Germany ============================================================ During an operation carried out by the German police, prosecuting authorities and State Office of Criminal Investigation (LKA) of the federal state of Saxony-Anhalt millions of credit card transactions were scrutinized in September 2006. A spokesman from LKA stated that indeed a large amount of credit cards were verified although he could not confirm the number of 22 millions for 2006. But he stated that approx. 22 million credit cards were scrutinized in 2005. According to Der Spiegel, an individual offered online information to the police directing the agents of Zentralstelle gegen Kinderpornografie (Central Office for Combating Child Pornography) in Halle to a suspicious Internet site offering child pornographic material. For a period of 20 days, the amount of about 60 euro payable by credit card was asked to customers for the access to the site. The credit cards companies were asked to give information on whom transferred that amount of money to a suspicious bank account abroad, over that period of time. It seems that all credit cards companies cooperated with the police. DAV (German Bar Association) has expressed its concern related to this action and decided to examine closely the legal ramifications of this new criminal investigation approach as Hartmut Kilger, DAV President told Reutlinger General-Anzeiger. "Voluntarily handing over such data to the authorities is dubious behavior, because what it amounts to is the outsourcing of profiling-type data trawling operations to private companies" he stated. Surprisingly, privacy watchdogs consider this type of approach is providing no grounds for legal objections. Thilo Weichert, the Data Protection Commissioner of the federal state of Schleswig-Holstein thinks that banks are entitled to make credit card information related to suspects available to the prosecuting authorities, under certain conditions, and remarked that: "The means applied here boil down to a classical method of criminal investigation, to which no legal objections can be raised." Child pornography operation occasions scrutiny of millions of credit card transactions (9.01.2007) http://www.heise.de/english/newsticker/news/83427 Lawyers' association criticizes scrutiny of credit card transactions (10.01.2007) http://www.heise.de/english/newsticker/news/83488 ============================================================ 7. Sony loses DRM case in France ============================================================ Sony UK and Sony France have lost a case has won a case against The French consumer protection association UFC Que Choisir because they did not inform the consumers about the lack of interoperability of their products and services to other devices. The decision taken by the Nanterre Tribunal has found Sony liable for misleading the consumers by "the fact that Sony did not explicitly and clearly informed the consumer that the music players sold could read only the music files downloaded on the only legal site Connect." The decision also considered that Sony UK had not explicitly stated in its contract that the music files downloaded from the Connect website could be read only by the music players dedicated for the Sony trademark. The tribunal found as well that Sony was responsible for tied selling (ventee liie) because the 2 separate contracts were closely inter-related: downloading of music files from the Connect website is subordinated to buying a dedicated product. Sony France was obliged by the court to pay 10 000 Euro damages to UFC Que Choisir and to show on its homepage the judge decision for 3 months. Until now the court ruling has not been made public by Sony France, that pays 1000 Euro per day for not complying with this part of the decision. Sony can appeal the decision, but this will not suspend the application of the present ruling. This could be just the first step for the French consumers rights organization, that has started a similar trial against Apple for its services iPod and iTunes. A decision could be taken by the court during 2007. The decision is one of the first taken after the DADVSI law entered into force in August 2006. However, the interoperability of the Sony system was not taken into consideration by the court since the DADVSI law foresees an Authority for DRMs that should look into this sort of problems. However, the Authority has not been created yet, because it is still waiting for the secondary legislation. Sony condemned for having linked music files to its player ( in French only, 4.01.2007) http://www.01net.com/editorial/337311/justice/sony-condamne-pour-avoir-lie-s... s-fichiers-musicaux-a-son-baladeur/ The DRM condemned for cheating and tied selling ( in French only, 5.01.2007) http://www.ratiatum.com/news4135_Les_DRM_condamnes_pour_tromperie_et_vente_l... ee.html Decision UFC vs Sony ( in French only, 15.12.2006) http://www.tntlex.com/public/jugement_ufc_sony.pdf ============================================================ 8. Changes in the UK ID card scheme ============================================================ The initial plan of the UK Government regarding the national ID scheme was meant to use photographs, fingerprints and iris scans in a National Identity Register. The Home Office's Strategic Action Plan for the National Identity Scheme considers now that the iris scans is just an option and only the ten fingerprints will be taken for each new applicant. According to Home Office officials, the iris scan was dropped due to the high costs of this process. They also claimed the decision was also related "with international obligations, most international countries are using facial and fingerprint recognition so it is to come in line with that." However, a return to iris scanning in the future could still be possible. The UK Government stated in December that the initial-planned single database National Identity Register would also be dropped. The information should have been split between 3 existing databases in the Department for Work and Pensions, Home Office and Identity & Passport Service. But it seems that the Information Commissioner Richard Thomas' last year warnings that Britain was "waking up to a surveillance society that is already all around us" were not enough. This week Tony Blair has announced again that a single database might be possible and has presented plans to make it easier for departments to share information. The reactions to this new announcement were quick to appear. Oliver Heald, the Conservative constitution affairs spokesman, accused the Government of "moving one step closer to a Big Brother state with a database from the cradle to the grave." Civil society group NO2ID accused the government of outright deception. Phil Booth, NO2ID's National Coordinator said: "NO2ID's warnings about the database state are coming true. Mr Blair doesn't trust us, but he expects us to put absolute trust in all government departments. By tearing down the fundamental safeguard of confidentiality, he intends to give them all the right to talk about us behind our backs, which means more power to intervene in our lives when it suits them". Government drops iris scan plan (8.01.2007) http://www.out-law.com/page-7624 Government now can't be trusted with personal details, says NO2ID (14.01.2007) http://www.no2id.net/news/pressRelease/release.php?name=Govt_cant_now Blair wants Whitehall to share your data (16.01.2007) http://www.telegraph.co.uk/news/main.jhtml?xml=/news/2007/01/16/ngov16.xml ============================================================ 9. Prison or fine for French p2p users ? ============================================================ The French Minister of Culture, Renaud Donnedieu de Vabres, considered in December 2006 that there should be no prison for those downloading only a few works from the Internet. However, just a couple of weeks after this statement an Internet user was condemned by a French court to imprisonment for having downloaded movies from the Internet. "Prison for Internet users is over" was the statement of the Minister of Culture. Howeve, on 11 January 2007 in Nantes, an Internet user was sentenced to two months of imprisonment and payment of damages - 10 euro/film to SEV (Video Editor Union) and the national film federation. As a clarification to the DADVSI law, a letter from the Ministry of Justice was to be issued to all prosecutors to adapt their judgements on the basis of the severity of the copyright infringement in order to avoid imprisonment for little P2P pirates and apply this punishment only to severe crimes. So far, this seems to be ignored by French prosecutors. The little pirates will not go to jail (only in French, 26.12.2006) http://www.01net.com/editorial/336549/droit/les-petits-pirates-ne-passeront-... as-par-la-case-prison/ Prison for Internet users is really not over ! (only in French, 12.01.2007) http://www.ratiatum.com/breve4163_La_prison_pour_les_internautes_c_est_vraim... nt_pas_fini.html ============================================================ 10. Recommanded Reading ============================================================ Study on the Economic impact of open source software on innovation and the competitiveness of the Information and Communication Technologies (ICT) sector in the EU. Final Report. (20.11.2006) http://ec.europa.eu/enterprise/ict/policy/doc/2006-11-20-flossimpact.pdf ============================================================ 11. Support EDRI-gram ============================================================ European Digital Rights needs your help in upholding digital rights in the EU. Thanks to your last years donations EDRi has been able to issue 24 editions of EDRi-gram in 2006. To continue with EDRi-gram we again ask for your support. If you wish to help us promote digital rights, please consider making a private donation, or interest your organisation in sponsorship. We will gladly send you a confirmation for any amount above 250 euro. KBC Bank Auderghem-Centre, Chaussee de Wavre 1662, 1160 Bruxelles, Belgium Name: European Digital Rights Asbl Bank account nr.: 733-0215021-02 IBAN: BE32 7330 2150 2102 BIC: KREDBEBB ============================================================ 12. Agenda ============================================================ 17-19 January 2007, Geneva, Switzerland Special Session of the Standing Committee on Copyright and Related Rights (SCCR): First Session http://www.wipo.int/meetings/en/details.jsp?meeting_id=12043 20 January 2007, Paris, France Big Brother Awards France http://bigbrotherawards.eu.org/ 24 January 2007, Brussels, Belgium Towards a new European Patent System http://www.eupaco.org. 28 January 2007, Europe-wide Data Protection Day: An initiative of the Council of Europe with the support of the European Commission http://www.coe.int/t/e/legal_affairs/legal_co%2Doperation/data_protect... 19-23 February 2007, Geneva, Switzerland Provisional Committee on Proposals Related to a WIPO Development Agenda: Third Session http://www.wipo.int/meetings/en/details.jsp?meeting_id=11926 1-4 May 2007, Montreal, Canada 7th Conference on Computers, Freedom, and Privacy (CFP2007). The deadline for proposals is 20 January 2006 http://www.cfp2007.org/live/ 18-19 May 2007, Brasov, Romania eLiberatica - The Benefits of Open and Free Technologies - Romanian IT Open Source and Free Software Conference http://www.eliberatica.ro/ ============================================================ 13. About ============================================================ EDRI-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRI has 25 members from 16 European countries. European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRI-grams. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and visibly on the EDRI website. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 2.0 License. See the full text at http://creativecommons.org/licenses/by/2.0/ Newsletter editor: Bogdan Manolea <edrigram@edri.org> Information about EDRI and its members: http://www.edri.org/ - EDRI-gram subscription information subscribe by e-mail To: edri-news-request@edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. unsubscribe by e-mail To: edri-news-request@edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/edrigram-mk.php - EDRI-gram in German EDRI-gram is also available in German, with delay. Translations are provided Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users http://www.unwatched.org/ - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask <edrigram@edri.org> if you have any problems with subscribing or unsubscribing. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]