============================================================ EDRI-gram biweekly newsletter about digital civil rights in Europe Number 6.10, 21 May 2008 ============================================================ Contents ============================================================ 1. New open doors for software patents in EU 2. Updates on Visa Information System Regulation 3. The French Government goes against CNIL in biometric passports 4. BBA Awards Italy 2008 5. UK Government will store all phone, Internet traffic data 6. Google StreetView might breach EU laws 7. Microsoft appeals the EC fine but faces even more complaints 8. Recommended Reading 9. Agenda 10. About ============================================================ 1. New open doors for software patents in EU ============================================================ Even though the European Parliament voted against the software patents in Europe in 2005, new measures that could make software patents enforceable are still being discussed with the US counterparts or within the framework of the Community Patent. The Foundation for a Free Information Infrastructure (FFII) reports that a bilateral patent treaty could be agreed and signed with the United States by the end of the year. The treaty could contain provisions on software patents that will make them legal in both states. Benjamin Henrion, a Brussels based patent policy specialist, explained for FFII: "Talks in the Transatlantic Economic Council (TEC) are the current push for software patents. The US want to eliminate the higher standards of the European Patent Convention. The bilateral agenda is dictated by multinationals gathered in the Transatlantic Economic Business Dialogue (TABD). When you have a look who is in the Executive Board of the TABD, you find not a single European SME in there." The substantive harmonisation of patent laws was one of the topics during the Transatlantic Economic Council (TEC) on 13 May 2008 between high level representatives from EU and US. TEC is a closed trade process and it is not the first time free trade agreements are being used by the US counterparts to promote their IP requirement - such as the TRIPS treaty. Also it is worth noting that after the failure of the Substantive Patent Law Treaty, the US has switched to TEC, a closed forum, to discuss the software patents issues with EU. FFII President, Alberto Barrionuevo, explains why the current approach is wrong: "The European Union does not have a Community Patent, neither a substantive patent law in its acquis, except the biotech directive. As long as there is no substantive patent law in the EU, it is quite silly to discuss about a bilateral patent treaty with the United States. Its like a blind showing the way for a deaf. If the USA really wanted to fix their patent practice they should first switch to first-to-file and join the European Patent Convention." But this is not the only open door for software patents. The European Community Patent, a patent draft law that would allow individuals and companies to obtain a unitary patent throughout the European Union, is still being discussed. Acording to a member representing FSFE, part of the CEA-PME SME Federation, that participated in a Working breakfast on Community Patent, a Director of the European Commission considered the possible adoption of the Community Patent proposal as the final attempt. Right now only Spain is openly against the project. Apparently, most countries were now satisfied with the proposal to have patents only in English, French, and German. Unofficial automated translations would be provided in the other languages of the EU, even though the EC representative acknowledged the general low quality of automated translations but said that the EPO had now developed some amazing new software for automated translations. The FFII representative also highlighted the EC software patents policy: "When talking about software patents, she constantly called them "wrongly granted" patents or "disguised software patents". This is consistent with the European Commission's position that software patents are not valid, but "computer implemented inventions" are valid. In reality, the latter is just a vague term which includes software patents. The European Commission's use of these funny terms and definitions makes meaningful dialogue difficult." McCreevy wants to legalise Software Patents via a US-EU patent treaty (13.05.2008) http://press.ffii.org/Press_releases/McCreevy_wants_to_legalise_Software_Pat... Working breakfast on Community Patent (15.05.2008) http://fsfe.org/en/fellows/ciaran/ciaran_s_free_software_notes/working_break... Transatlantic Economic Council: objectives for Spring 2008 meeting http://ec.europa.eu/enterprise/enterprise_policy/inter_rel/tec/doc/tec_objec... EDRI-gram: ENDitorial - Regulating the Patent Industry (25.10.2006) http://www.edri.org/edrigram/number4.20/patents ============================================================ 2. Updates on Visa Information System Regulation ============================================================ An updated version of the Regulation on the Visa Information System (VIS) published by Statewatch reveals that only random checks might be carried out, if there are too many people waiting. As already presented in EDRi-gram, the legislative package on the Visa Information System that included the VIS Regulation has been adopted by the European Parliament. The system will allow fingerprinting and checking security of all visitors to EU that apply for a visa in their home country. All the details, including fingerprints are held on the central VIS database so that on entry to and exit from the EU identity checks can be carried out. The VIS Regulation will allow consulates and other competent authorities to start using the system when processing visa applications and to check visas. The European Data Protection Supervisor has insisted on the importance of data protection in these situation: "The VIS database will be the biggest cross border one in Europe. Some 20 million new entries per year, regarding people who apply for a Schengen visa, are foreseen. It is of utmost importance that data protection is taken seriously for these, a priori, innocent people". After the last meeting of the Working Party on Frontiers /Mixed Committee, the new proposal from the Council Presidency says that if there are too many people to be checked and "all resources have been exhausted" then only random checks will be carried out. This implies amending article 7(3) which is making the verification of the visa holder identity and the authenticity of the visa compulsory, by consulting the Visa Information System (VIS): "By way of derogation, where traffic of such intensity arises that the waiting time at the border crossing point becomes excessive and all resources have been exhausted as regards staff, facilities and organisation and where, on the basis of an assessment of the risk related to internal security and illegal immigration, it is established that the consultation in the Visa Information System need not be systematic, such consultation may be carried out on a random basis for as long as these conditions are met." Another issue with the VIS database is the possible access of the US authorities to its content. The idea was rejected in a debate at the European Parliament where the MEP Sarah Ludford, rapporteur on the EU Visa Information System, asked for clear assurances that the US would not acquire access to the databases: "At a time of warnings about the frightening spread of the Mafia as well as terrorist conspiracies, why is the EU going down this blind alley of mass surveillance of the 99.9 percent of the public which is innocent, when the real need is to target the 0.1 percent of travelers who might be dangerous or criminal through intelligence- led policing and effective cross-border cooperation between law enforcement agencies?" Draft Regulation of the European Parliament and of the Council of amending Regulation (EC) No 562/2006 as regards the use of the Visa Information System (VIS) under the Schengen Borders Code (25.04.2008) http://www.statewatch.org/news/2008/may/eu-vis-border-checks-8674-08.pdf An EU push for US visa waivers to protect privacy (28.04.2008) http://www.neurope.eu/articles/85783.php EDRi-gram: European Visa Information System accepted by the EU bodies (20.06.2007) http://www.edri.org/edrigram/number5.12/VIS-EU-adoption EDRi-gram: EU Visa Database under scrutiny of the European Data Protection (2.02.2006) http://www.edri.org/edrigram/number4.2/visadatabase ============================================================ 3. The French Government goes against CNIL in biometric passports ============================================================ Ignoring the opinion of the French Data Protection Authority - the National Commission for Information and Liberties (CNIL), on 4 May 2008, the French Government passed a decree on the basis of which the French citizens will have biometric passports that will include eight fingerprints and a digital picture. The data will be introduced in a large national database. Although symbolical, CNIL's opinion should have been published alongside with such a decree in the Official Journal. The Government's decree went against CNIL's unfavourable opinion given on 11 December 2007 which was published a week after the decree. Alex T|rk, president of CNIL reinforced the commission's position on 16 May 2008, on the occasion of the presentation of the annual report of the commission. "We haven't been heard on two issues: first, we believe such an important subject should go to the Parliament and the, we have not obtained the elements allowing the justification of creating this database" said Alex T|rk. The commission considers that the biometric passport does not seem to be a useful tool in fighting document fraud and that the targets proposed by the government of issuing, replacing or withdrawing passports as well as detecting and preventing document falsification "do not justify the retention, at the national level, of biometric data such as fingerprints" and, therefore, the creation of such a database is a disproportionate measure. CNIL also draws the attention on the fact that the decree goes even beyond the European regulation which has in view only two fingerprints and says nothing about preserving the information into a central database. The system involves "risks of serious damages to private life and individual liberties" in the commission's opinion. CNIL reinforces its opposition to the biometric passport (only in French, 17.05.2008) http://www.lemonde.fr/archives/article/2008/05/17/la-cnil-reitere-son-opposi... Biometric passports: unfavourbale opinion from CNIL (only in French, 13.05.2008) http://www.lemonde.fr/societe/article/2008/05/13/passeports-biometriques-avi... Biometric passports: CNIL against central database (only in French, 10.05.2008) http://fr.news.yahoo.com/afp/20080510/tfr-passeport-gouvernement-cnil-lead-a... CNIL Opinion on biometric passports (only in French, 11.12.2007) http://www.cnil.fr/?id=2427 ============================================================ 4. BBA Awards Italy 2008 ============================================================ The Italian Big Brother Awards for 2008 were presented on 10 May 2008 during an e-privacy convention in Florence. The Italian jury is formed by 6 jurors who have to vote over 26 nominations, out of which 5 are for the positive award. The public institution award was received by the Ministry of Economics for its very ample checking instruments. The institution is not the one to prove the citizens are breaking the law, instead it requires the tax payers to prove they are on the right side of the law. With the excuse of fighting tax evasion, the institution has been recently empowered to create mass personal (bank, health etc.) data filing, an obvious and useless violation of the citizens' privacy. The award for the worst private company was received by Yahoo for the intensive monitoring of its users. Yahoo has provided the Italian Government with data of its users. In the case of the Chinese journalist Shi Tao, during a hearing in front of a US Congress commission on 11 November 2007, Yahoo CEO Jerry Yang has admitted and apologized for the action and for having previously denying the fact. The most invasive technology was considered to be the DNA Bank of the RIS (the Scientific Investigation Division of the "carabinieri") of Parma which was created "quietly" without any specific normative act. No details are known about the genetic database and there is an obvious risk of abusing the respective data. TV journalist Bruno Vespa was awarded the "Boot in the Mouth" price for having dealt superficially and therefore misinforming people about the Internet and new technologies. During a broadcast on 21 February 2008, as in other previous occasions, he expressed alarming ideas on the impact on privacy and the education of young people of the Internet in general and of the new technologies. The life time award was received by Franco Frattini, the former EU Commissioner for Justice and Internal Affairs and since 8 May 2008 the Italian Minister of Foreign Affairs, for having spread an idea of security that involves "monitoring and censuring dangerous words". "Winston Smith - Privacy hero" positive awarded was given to Autistici/Inventati team for its entire activity and for having provided, voluntarily and free-of-charge, for years, communication services that have observed privacy more than the commercial or institutional organisations. Autistici/Inventati is the hero of privacy (only in Italian, 12.05.2008) http://punto-informatico.it/2281258/PI/News/Autistici-Inventati--egrave--l-e... Big Brother Award Italy 2008 (only in Italian, 10.05.2008) http://bba.winstonsmith.info/ EDRi-gram: ENDitorial: "Frattinising" isn't the only threat (26.09.2007) http://www.edri.org/edrigram/number5.18/frattinising ============================================================ 5. UK Government will store all phone, Internet traffic data ============================================================ An announcement on 19 May 2008 by the UK government may herald the next step in governmental attempts to grab hold of traffic data. Despite the strongly negative reactions against the EU data retention directive, which governments must transpose into national law by 15 March 2009, the UK government (which has been a key driver of data retention) now demands even more. Gordon Brown wants all traffic data - itemised phone bills, mobile phone records and Internet traffic logs - to be collected and stored in a central government database. The plan, which appeared in Monday's Times, has been criticised by the opposition as `more of a threat to our security than a support' while the privacy regulator said that `We are not aware of any justification for the State to hold every UK citizen's phone and internet records' and opined that the proposal `may well be a step too far'. The UK Regulation of Investigatory Powers Act already enables public officials to obtain traffic data from service providers, and has come in for recent criticism as the scope of its use has become clear. When it was passed in 2000, only nine organisations were allowed to use it but that number has risen to 792. For example, a local council has used it to check whether a child lived within a school's catchment area. In private briefings to ISP and telco staff, government officials have said they want to trace criminals' contact networks faster and more cheaply, and having all traffic data on one database will be much more convenient than having to make repeated enquiries of multiple phone companies, ISPs and other service providers. They also want to make global enquiries such as `show me everyone in the UK who sent emails at 21:07, 21:22 and 21:55 last Tuesday'. The ISPs for their part have complained that harvesting large quantities of data that they do not at present keep for business purposes will require massively expensive network re-engineering. There are also serious doubts about the UK government's ability to build a system capable enough to cope with billions of emails, texts and phone messages, given its long history of failed software projects. One argument behind the data retention directive was that a purely national system of data retention could not be very effective, as ISPs would simply move their operations to other Member States to save the cost of compliance. It remains to be seen whether the same arguments will once again be used to argue for centralised data retention on a European scale. It is also quite unclear whether a government database of all citizens' phone and Internet records is consistent with European law. `Big Brother' database for phones and e-mails (20.05.2008) http://business.timesonline.co.uk/tol/business/industry_sectors/telecoms/art... Anti-terror law used to snoop on fishermen (14.05.2008) http://www.telegraph.co.uk/news/uknews/1952551/Anti-terror-law-used-to-snoop... Government orders data retention by ISPs (15.05.2008) http://www.out-law.com//default.aspx?page=9121 EDRI gram: Data retention for one year for UK telecom companies (1.08.2007) http://www.edri.org/edrigram/number5.15/data-retention-UK (Contribution by Ross Anderson - EDRi-member FIPR -UK) ============================================================ 6. Google StreetView might breach EU laws ============================================================ The European Data Protection Supervisor warned that the StreetView feature of the Google Maps service could breach the EU data protection laws, if they show the pictures taken from the European cities. The StreetView service makes it possible for users of GoogleMaps to see several photos that show a 360-degree look on how the city streets or crossings are seen at a street level. But they also get in these pictures the pedestrians that are passing by or anyone in the area. The service is available right now only for some US cities, but Google has started the activities in order to get pictures from some European cities. Their fleet of vans with cameras has been spotted in London, Rome or Paris. The European Data Protection Supervisor, Peter Hustinx, declared during the press presentation of his annual data protection report: "I would encourage Google to think about how to do this. Making pictures on the street is in many cases not a problem, but making pictures everywhere is certainly going to create some problems. I'm quite sure they are aware of this." Google didn't announced when the StreetView feature will be available for the European cities, but the service is expected to be launched next year. Hustinx warned the company that "Complying with European data protection law is going to be part of their business success or failure. If they would ignore it, it is likely to lead to (court) cases, and I think they would be hit hard." But Google was already taking into consideration the privacy concerns and announced that they developed a new face-blurring technology that would be perfected in the future. In a blog post on Google Earth and Maps teams, they presented the new change: "We're also taking this opportunity to test our new face-blurring technology on the busy streets of Manhattan. This effort has been a year in the making -- working at Street View-scale is a tough challenge that required us to advance state-of-the-art automatic face detection, and we continue working hard to improve it as we roll it out for our existing and future imagery." Google also announced that they would delete the images from StreetView if someone complained and they think that these two actions should respond to some of the privacy problems already highlighted. Street View revisits Manhattan (12.05.2008) http://google-latlong.blogspot.com/2008/05/street-view-revisits-manhattan.ht... Google blurs the privacy issue (13.05.2008) http://www.guardian.co.uk/business/2008/may/13/google.digitalmedia Google map service could face EU lawsuits (16.05.2008) http://euobserver.com/9/26154/?rk=1 ============================================================ 7. Microsoft appeals the EC fine but faces even more complaints ============================================================ While new accusations have been brought to Microsoft, the giant company announced on 9 May 2008 that it has appealed, at the Court of First Instance in Luxembourg, the 899 million euro fine imposed in February 2008 by the European Commission (EC) for having abused its dominant position on the market. "We are filing this appeal in a constructive effort to seek clarity from the court," was the company's statement. The basic question of the dispute is the way in which patents and interoperability protocols are licensed by Microsoft to competitors. In February, Microsoft announced a series of interoperability initiatives that would provide more interoperability between Microsoft's products and those of competitors, including publishing all details of application programming interfaces for its most widely used products. EC argues that the terms of the licensing are unusable for open source software projects, as they are still subject to royalty payments. In its turn, Microsoft considers that the terms requested by the EC violate its intellectual property rights. On 13 May 2008, the British Educational Communications and Technology Agency (BECTA) also filed a complaint to the EC against Microsoft's "anti-competitive licensing practices" after having previously made the same complaint in UK with the Office of Fair Trading (OFT), the British competition regulator. BECTA considered that the lack of compatibility between Microsoft's OOXML document standard and alternative codes, such as ODF, were deliberate as the giant "refuse to offer equivalent support for the ISO-approved Open Document Format (ODF)". Stephen Lucey, executive director of strategic technologies for BECTA, also stated: "It is not just the interests of competitors and the wider marketplace that are damaged when barriers to effective interoperability are created. (...) Such barriers can also damage the interests of education and training organisations, learners, teachers and parents". In its complaint to OFT, BECTA has argued that Microsoft supported its own technical protocols far better than it supported the industry standard ones. "This decision had the effect of requiring users to download and install a range of converters to enable them to interoperate with those competitor products" also said the agency statement. As a response to BECTA's complaint, CompTIA, an industrial association of which Microsoft is a member, published on 14 May a statement where it emphasized that "the working ICT marketplace fosters immense choice and solutions, which boost the overall interoperability and widespread use of competing ICT products and services". Although OFT has agreed on BECTA's filing the complaint with the EC as well, it has not yet given its decision on the matter. Microsoft appeals record EC fine (13.05.2008) http://www.heise.de/english/newsticker/news/107780 Microsoft's EU legal troubles continue (14.05.2008) http://www.euractiv.com/en/infosociety/microsoft-eu-legal-troubles-continue/... Education agency complains to Brussels about Microsoft (15.05.2008) http://www.out-law.com//default.aspx?page=9119 Microsoft challenges 899 million fine (12.05.2008) http://www.out-law.com/page-9108 EDRI-gram: Opera complains to the EC on Microsoft's Internet Explorer (19.12.2007) http://www.edri.org/edrigram/number5.24/opera-commission-microsoft ============================================================ 8. Recommended Reading ============================================================ European Data Protection Supervisor 2007 Annual report http://edps.europa.eu/EDPSWEB/Jahia/EDPSWEB/edps/lang/en/pid/22 ============================================================ 9. Agenda ============================================================ 27 May 2008, London, UK Surveillance, the Database State, Online Crime ... What Next? (10th Birthday Party of the Foundation for Information Policy Research) http://www.fipr.org/birthday10.html 31 May 2008, Germany Freedom rather than fear - Nation-wide action day against surveillance http://www.freiheitstattangst.de/ 30-31 May 2008, Bucharest, Romania eLiberatica 2008 - The benefits of Open and Free Technologies http://www.eliberatica.ro/2008/ 6-7 June 2008, Bremen, Germany IdentityCamp - a barcamp around identity 2.0 and privacy 2.0 http://barcamp.org/IdentityCampBremen 17-18 June 2008, Seoul, Korea The Future of the Internet Economy - OECD Ministerial Meeting http://www.oecd.org/FutureInternet 23 June 2008, Paris, France GigaNet is organizing an international academic workshop on "Global Internet Governance: An Interdisciplinary Research Field in Construction" http://tinyurl.com/3y9ld8 26-27 June 2008, London, UK International Conference on Digital Evidence http://www.mistieurope.com/default.asp?Page=65&Return=70&ProductID=8914&LS=DigitalEvidence 30 June - 1 July 2008, Louvain-la-Neuve, Belgium First COMMUNIA Conference - Assessment of economic and social impact of digital public domain throughout Europe http://www.communia-project.eu/conf2008 7-8 July 2008, London, UK Developing New Models Of Content Delivery Online & Innovative Strategies For Effectively Tackling Copyright Infringement http://www.isp-content-regulation.com/conference.agenda.asp 7-9 July 2008, Cambridge, UK Privacy Laws & Business 21st Annual International Conference http://www.privacylaws.com/templates/AnnualConferences.aspx?id=641 19-20 July 2008, Stockholm, Sweden International Association for Media and Communication Research pre-conference - Civil Rights in Mediatized Societies: Which data privacy against whom and how ? http://www.iamcr.org/content/view/301/1/ 23-25 July 2008, Leuven, Belgium The 8th Privacy Enhancing Technologies Symposium (PETS 2008) http://petsymposium.org/2008/ 8-10 September 2008, Geneva, Switzerland The third annual Access to Knowledge Conference (A2K3) http://isp.law.yale.edu/ 22 September 2008, Istanbul, Turkey Workshop on Applications of Private and Anonymous Communications http://www.alpaca-workshop.org/ 24-28 September 2008, Athens, Greece World Summit on the Knowledge Society http://www.open-knowledge-society.org/summit.htm ============================================================ 10. About ============================================================ EDRI-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRI has 28 members based or with offices in 17 different countries in Europe. European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRI-grams. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and visibly on the EDRI website. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 2.0 License. See the full text at http://creativecommons.org/licenses/by/2.0/ Newsletter editor: Bogdan Manolea <edrigram@edri.org> Information about EDRI and its members: http://www.edri.org/ European Digital Rights needs your help in upholding digital rights in the EU. If you wish to help us promote digital rights, please consider making a private donation. http://www.edri.org/about/sponsoring - EDRI-gram subscription information subscribe by e-mail To: edri-news-request@edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. unsubscribe by e-mail To: edri-news-request@edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/edrigram-mk.php - EDRI-gram in German EDRI-gram is also available in German, with delay. Translations are provided Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users http://www.unwatched.org/ - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask <edrigram@edri.org> if you have any problems with subscribing or unsubscribing ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE