============================================================ EDRi-gram biweekly newsletter about digital civil rights in Europe Number 9.17, 7 September 2011 ============================================================ Contents ============================================================ 1. The EC tries to increase government control of the Internet 2. Sweden argues that transposing data retention directive is unnecessary 3. Diginotar breach leads to grave security concerns 4. EU privacy watchdog still displeased with online behavioural advertising 5. EP study on "Consumer Behaviour in a Digital Environment" 6. ECHR to analyse Azeri bloggers' complaint against unjust imprisonment 7. EP committee supports the introduction of body scanners in EU airports 8. ENDitorial: Abuse of Irish police databases 9. Recommended Reading 10. Agenda 11. About ============================================================ 1. The EC tries to increase government control of the Internet ============================================================ The European Commission (EC) Information Society and Media Directorate-General have recently drawn up a series of six policy papers intended to increase government control over the Internet. The policies have in view measures that include governmental control over the domain names that can be registered, the veto power of governments over new Internet domain names, significant structural changes at the level of ICANN (Internet Corporation for Assigned Names and Numbers), an obligation of the organisation to follow governments' advice (except for cases considered illegal or damaging to the Internet stability) and the creation of two bodies that would oversee ICANN decision-making and finances. The measures brought forth by the new policies would provide governments with de facto control over the Internet's naming systems and would end up the independent and autonomous approach of the Internet's domain name system. The new suggestion seems a logical consequence of the position of the head of European Comisson's Audiovisual, Media and Internet Directorate - Gerard de Graaf - at an ICANN meeting in Singapore in June 2011. The recent EC papers come to argue for increased government control and foresee the shift in power toward governments within the next 12 months. According to the new policies, the governments are notified about the applications received and are to indicate which TLDs might raise "public policy concerns." This actually means that governments can try to block or censor any content or applicant that they want, by using the "public policy concerns" argument. The Governmental Advisory Committee (GAC) will be able to raise formal objections later in the process. GAC, which presently has no legal authority, will soon become a legislator that can create a list of words that no Internet user in the world can register, as proposed by the EC papers. GAC members (should be able to) request the reservation or blocking of domain names at the second level under new gTLDs. It should do this by constructing a censorship list, which it calls a "reference list for all new gTLD operators to use and ICANN" say the EC documents. Milton Mueller from IGP (Internet Governance Project) explains that the fate of the new registries and new domain names should be determined by users and consumers, and not by a central planning authority dominated by governments and special interest groups. "The new TLD program is also important because domain names are a form of expression on the Internet. Any policy that regulates the creation or operation of new domains based on their meaning or the content underneath them is, de facto, a form of globalized content regulation. Thus, even people who think domain names are not that important need to pay attention to what happens in this space, especially now that domain take-downs are becoming an increasingly common form of state intervention." EC's second paper is damaging for the freedom of expression by introducing huge, unnecessary economic barriers to entry. What it proposes is to subordinate the Internet community's self-governance to a hierarchical control by the state, replacing ICANN's gTLD policy with a new one that will allow governments through GAC, to take complete control over what new top level domain names are allowed to exist. These EC papers were developed not under public consultancy, but secretly, thus lacking in democratic legitimacy. The plans are to formally raise or even implement the proposed measures by the end of this year, in particular at ICANN's meeting in Senegal in October. The second EC ICANN Paper: How low can they go? (4.09.2011) http://blog.internetgovernance.org/blog/_archives/2011/9/4/4893009.html European Commission calls for greater government control over Internet (31.08.2011) http://news.dot-nxt.com/2011/08/31/ec-greater-government-control Analysis: EC policy papers on ICANN (31.08.2011) http://news.dot-nxt.com/2011/08/31/ec-papers-analysis ICANN - informal background paper - New gTLD process (1.09.2011) http://blog.internetgovernance.org/pdf/EC-TLD-censorship.pdf Payback time: The European Commission papers on ICANN (2.09.2011) http://blog.internetgovernance.org/blog/_archives/2011/9/2/4891821.html ============================================================ 2. Sweden argues that transposing data retention directive is unnecessary ============================================================ On 5 September 2011, the Swedish government responded to the European Court of Justice after the Commission referred Sweden to the Court for failing to transpose the Directive on Data Retention (2006/24/EC). Sweden's main argument is that it is unnecessary to transpose the Data Retention Directive, considering the practical effects of existing Swedish legislation. This implicitly means that transposition would be contrary to the European Convention on Human Rights and the Charter of Fundamental Rights, both of which require restrictions on fundamental rights to be necessary and proportional. The Directive on Data Retention 2006/24/EC was adopted in 2006 and the Member States had until 15 September 2007 to transpose it into the national law, and until 15 March 2009 to implement the retention of communications data relating to Internet services. The Directive concerns the storage of traffic and location data resulting from electronic communications. Traffic and location data retained by Internet service providers and phone companies will be made available only to national law enforcement authorities in specific cases and in accordance with the national law. However, retention periods, purpose limitation and access requirement vary vastly across the EU. The European Court of Justice found that Sweden failed to fulfil its obligations to implement the Data Retention Directive in its national legislation on 4 February 2010. Despite this first ruling, Sweden still has not transposed the Directive 2006/24/EC. In the absence of a precise timetable for the transposition of the Directive, the Commission decided to send a letter of formal notice to Sweden in June last year. The Commission asked Sweden for details on the measures Sweden planned to implement the Directive and comply with the Court's decision. Sweden informed the Commission on 21 January 2011 that draft legislation had been submitted to its Parliament in order to transpose the Directive. The legislation was to be adopted in mid-March. However, the Parliament deferred the vote on the draft legislation implementing the Directive on Data Retention for a year, due to the opposition from a minority of parliamentarians. They used a constitutional rule allowing one-sixth of the MPs to suspend the adoption of a proposed legislation. Following this suspension of the legislative process, the European Commission swiftly referred Sweden for a second time to the European Court of Justice, requesting it to impose financial penalties (Case C-270/11). The Commission asked the Court to impose a daily penalty of 40 947 Euros/day after the second ruling and a lump sum of 9 597 Euros/day for each day between the first and the second ruling. The ECJ will have to determine the level of sanctions and if it will take the form of a penalty and/or a lump sum. In its response to the ECJ, Sweden argues that the penalties are disproportionate considering firstly the fact that Sweden does not often fail to fulfil its implementation obligations regarding European directives and secondly that some other Member States likewise fail to implement the Directive without being penalised by any financial penalties. The Swedish government also indicated that since the first ruling, it has taken all procedurally possible measures to implement the Directive. The delay is due to political and legal matters with regards to the sensitive subjects the Directive is dealing with, such as the right to privacy and those debates are delaying the legislative process. It further points out that this controversy is not limited to Sweden. Moreover, according to Sweden, the failure to implement the Directive does not create any barriers for the Single Market. Bearing in mind the Commission's own assertion of the low costs of implementing the Directive (as described in the implementation report), this seems to be difficult for the Commission to deny. According to Sweden, the harmonisation realised by the Directive on Data Retention is only minimal and does not appear to be crucial in achieving competition on the Single Market. In addition, the Directive does not say who finance data retention. It finally appears that the Swedish Government believes that Directive 2002/58/EC on Privacy and Electronic Communications gives the Member States the ability to adopt legislation covering the field of the Data Retention Directive when necessary and that the 2006 Directive's implementation in Sweden is therefore meaningless. The Swedish government especially underlines that the Swedish crime prevention authorities already have sufficient access to data even without full the implementation of the Directive. Furthermore, the differenceasthe implementations across the EU show the limits of the Data Retention directive and create a lack of harmonisation. According to Sweden, further implementation of the Data Retention Directive is superfluous and unnecessary. The question remaining now is whether the European Court of Justice will follow the Swedish defence on the "necessity" of implementing the Data Retention Directive and the Directive's failure to achieve the task on which its legal base is built - harmonisation. The Commission now faces an unenviable task - it either forces a sovereign Member State to impose unnecessary (and therefore illegal) restrictions on fundamental rights or it accepts the challenge of finally acknowledges the failure of the Directive and the inevitable battle with the Council that will result from any serious effort to fix the broken legislation. Data Retention Directive 2006/24/EC (15.03.2006) http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2006:105:0054:006... Judgement of the Court Case C-185/09 (4.02.2010) http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:C:2010:080:0006:000... Commission refers Sweden back to Court to transpose EU legislation (6.04.2011) http://europa.eu/rapid/pressReleasesAction.do?reference=IP/11/409&format=HTML&aged=0&language=EN&guiLanguage=en European Commission Application (31.05.2011) http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:C:2011:226:0017:001... Sweden's response to the ECJ - Case C-270/11 - (5.09.2011) (available only in Swedish) http://www.edri.org/files/sw_C-270-11_slutligt.pdf (Contribution by Marie Humeau - EDRi) ============================================================ 3. DigiNotar breach leads to grave security concerns ============================================================ A breach in the computer systems of Dutch certificate company Diginotar led to grave concerns regarding the security of internet users in Iran and Dutch government communications. On 2 September 2011, the Dutch government denounced their trust in certificates issued by DigiNotar after the discovery of fraudulent certificates. It advised Dutch citizens not to log in on websites using these certificates, until the certificates are replaced. Meanwhile, there is credible evidence that the confidential communication of hundreds of thousands of Iranians with Gmail has been intercepted. In June 2011, the servers of DigiNotar were intruded and certificates were fraudulently issued in the weeks after. Although some of these certificates were revoked, DigiNotar kept the breach secret. Only weeks later, following a message posted on a forum by someone from Iran who tried to log in to Gmail and received a warning about a non-authentic DigiNotar certificate for Google, did DigiNotar acknowledge the breach. On 29 August 2011, the Dutch government was notified about the incident. DigiNotar revoked the rogue Google certificate and asked a Dutch security firm to perform an investigation into the breach. The report of the investigation showed that DigiNotar did not observe basic security measures and hundreds of false certificates were issued on its systems. The rogue Google certificate proved to be in use since 27 July 2011. Active abuse was observed between 4 and 29 August 2011. It is likely that hundreds of thousands of sessions with Google from Iran were intercepted using this certificate. DigiNotar issues several types of certificates, including PKI-Overheid certificates - typically used by the Dutch government for its websites - and 'simple' certificates. As it could not be excluded that false government certificates were also issued, the Dutch government decided to switch to certificates from other authorities. The incident with DigiNotar also raises questions about the safety and trustworthiness of the certificate system in general. Worldwide, there are hundreds of companies providing these certificates. Supervision on these companies is limited. They can sell certificates as long as they meet the conditions of the browser manufacturers. There is no guarantee that all of them take adequate measures to prevent and detect breaches. This should be a wake-up call for governments and organisations all over the world to actively start working on better, more robust certification systems. Message about rogue certificate (28.08.2011) https://www.google.com/support/forum/p/gmail/thread?tid=2da6158b094b225a&hl=en Letter from the Dutch government about the intrusion at DigiNotar (only in Dutch, 5.09.2011) http://www.rijksoverheid.nl/documenten-en-publicaties/kamerstukken/2011/09/0... Interim report from Fox-IT about the DigiNotar Certificate Authority breach (5.09.2011) http://www.rijksoverheid.nl/documenten-en-publicaties/rapporten/2011/09/05/d... (Contributed by Marjolein van der Heide - EDRi-member Bits of Freedom - Netherlands) ============================================================ 4. EU privacy watchdog still displeased with online behavioural advertising ============================================================ In a letter sent to IAB Europe and European Advertising Standards Alliance (EASA), Article 29 Working Party (WP) made some observations regarding the self-regulatory framework for online behavioural advertising. The WP considers that the companies having signed the self-regulatory code may still be in breach of the EU laws in the use of cookies to track users' online behaviour for targeted advertising. The self-regulatory code, established in April 2011 by IAB Europe and EASA, imposes the display of an icon on the companies' websites that tells users that the adverts track their online activity. By using the icon, users may manage information preferences or stop receiving behavioural advertising. The code also says that operators must give users access to an easy method to turn off cookies and must inform users that they collect data on them for behavioural advertising and give details on the advertisers they provide the respective data. They also have to publish details of how they collect and use the data, including whether personal or sensitive personal data is involved. However, Article 29 WP has shown in its letter that it did not consider these measures enough to comply with the EU's e-Privacy Directive which provides in its new form that storing and accessing information on users' computers is only lawful "on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information about the purposes of the processing". The Directive establishes an exception where the cookie is "strictly necessary" for the provision of a service "explicitly requested" by the user. "The mechanisms proposed by the EASA/IAB Code enable people to object to being tracked for the purposes of serving behavioural advertising. However, tracking and serving ads takes place unless people exercise the objection," said Jacob Kohnstamm, chairman of the Working Party, in the letter. The WP believes the advertising icon used by companies that signed up to the online behavioural advertising code did not actually provide users with "the legally required information allowing them to make informed choices about cookie tracking." In Article 29 WP's opinion, the text of the code is rather confusing and insufficiently clear which could lead to some users thinking "tracking has no privacy implications for them". Kohnstamm says in the letter that the information made available through clicking the icon should be more accessible and be directly visible. Ad network providers should "provide the necessary information before the cookie is sent and rely on users' actions ... to signify their agreement to receive the cookie and to be tracked". Valid consent can be received by the provider by asking users to click a box to "accept" cookie tracking. Each advertising network must also obtain consent from users even when websites work with multiple ad network providers. By obtaining prior, informed consent from the users, the ad provider no longer needs to ask the user for subsequent access and transmissions of cookies for the same purpose. However, the "opt out" ability should still be available. Kohnstamm also says that browser settings will not be enough to meet the cookie consent requirements until they automatically reject third-party cookies as default and allow users to take "affirmative action to accept cookies from specific websites for a specific purpose." Browsers must also advise users that the cookies tracking their data are being used by ad network providers, in addition to informing them of what network providers do with the cookies. In June 2011, EU Commissioner Neelie Kroes told EU companies that they had a year to find methods that achieve the legal standard for gaining consent, as failure to do so would result in the Commission's action toward non-compliant businesses. Letter from the Article 29 Working Party addressed to Online Behavioural Advertising (OBA) Industry regarding the self-regulatory Framework (23.08.2011) http://ec.europa.eu/justice/data-protection/article-29/documentation/other-d... Advertising code not cookie law compliant, data protection watchdogs say (29.08.2011) http://www.out-law.com/en/articles/2011/august/advertising-code-not-cookie-l... EDRi-gram: Article 29 WP issues opinion on cookies in the new ePrivacy Directive (30.06.2010) http://www.edri.org/edrigram/number8.13/article-29-cookie-eprivacy ============================================================ 5. EP study on "Consumer Behaviour in a Digital Environment" ============================================================ The European Parliament (EP) has published a study on "Consumer Behaviour in a Digital environment" that it commissioned from London School of Economics (LSE). The study involved a limited stakeholder consultation, which included an extensive exchange of views with EDRi and also looked at existing literature and market developments. The study is part of an ongoing reflection in the EU institutions on how to better achieve an effective single market, particularly in the digital space. The study identifies the following factors affecting the demand and supply for illegal content: 1.the price; 2.the rise of the "prosumer" (users as both producers and consumers); 3.the exchange of products and files online between consumers; and 4.large economic incentives for providing what the authors of the study refer to as"illegal content". The conclusions of the study focus entirely on a positive agenda, seeking to address the source of problems rather than looking at ways of dealing with symptoms. For example, regarding unauthorised use of copyright-protected content, the study proposes the development of innovative pricing and payment systems as well as reforming copyright in a way that would eliminate the inefficiencies that come from the fragmentation of the single market. The authors of the research clearly prioritise positive measures to minimise the causes of the unauthorised activity, rather than negative and defensive measures that would punish consumers without addressing underlying causes. Similarly, the report conclusions support efforts at improving awareness of consumer protection legislation, enhanced dispute resolution and removal of practical barriers to cross-border trade. The study also discusses the rise of "prosumers", concluding that this development "potentially leads to innovation, creativity and consumer empowerment. However, prosumers cannot fully develop under current legal framework. The copyright exceptions regime and cross-border licensing problems are singled out as current challenges". While generally being a very positive and well-thought out piece of research, the main negative point in the report is the repeated conflation of "illegal content" with "illegal use of content," which, legally, practically and societally are entirely different problems. Finally, the research team identifies the following challenges faced by copyright law with regard to illegal access to content ("illegal content" in the vocabulary of the report): a) the exceptions to copyright still differ significantly from Member State to Member State; b) licensing arrangements through collecting societies have not been harmonised; c) some Member States have introduced laws allowing restrictions on internet access for connections where illegal file-sharing has been conducted (or suspected), which may lead to market distortions and raises the question of whether the right to Internet access introduced by the Framework Directive is infringed; d) the issue of who is responsible for clearing copyright on social media such as YouTube is not clearly defined in the E-Commerce Directive because peer-to-peer services were much less prevalent when the Directive was written. (This final point is somewhat odd because the E-Commerce Directive does not cover rights clearance and YouTube is a hosting service which therefore renders the question of peer-to-peer somewhat irrelevant.) Consumer Behaviour in a Digital Environment (2011) http://www.europarl.europa.eu/meetdocs/2009_2014/documents/imco/dv/consumer_... Framework Directive - Directiev 2002/21/EC as amended by Directive 2009/140/EC and Regulation 544/2009 http://ec.europa.eu/information_society/policy/ecomm/doc/140framework.pdf (Contribution by Daniel Dimov - intern at EDRi) ============================================================ 6. ECHR to analyse Azeri bloggers' complaint against unjust imprisonment ============================================================ The Azeri bloggers that have been imprisoned for one year and a half under alleged hooliganism accusations, have filed a complaint to the European Court of Human Rights which will decide whether their detention was in breach of the European Convention on Human Rights. Emin Milli and Adnan Hajizade were arrested in Baku in July 2009, being accused of hooliganism, after having reported to the police that they had been physically attacked in a restaurant. Under pressure from the international community, the two bloggers, detained in reality for attacks, on their blogs, against the Government and the fact that they had disseminated a video making fun of corrupt politicians, were finally released in November 2010. Their release is however conditional and their convictions have not been overturned. Consequently, the two bloggers are now seeking official recognition that the Azerbaijani authorities violated their rights. The fact that despite with injuries they were not treated medically in prison, breaches article 3 of the European Convention. The Azeri government was also in breach of article 5 that protects the right to freedom and security and says that a person may only be detained when suspected of a crime or when sentenced to imprisonment. According to the Convention, the bloggers should have been informed of the reasons for their arrest and they had a right to be tried within a reasonable time or to be released pending trial. Milli and Hajizade were held for the two months before the start of their trial and were still in prison after than four months after their arrest. The complaint also says that article 6, on the right to a fair trial, was violated because the two people were allowed only belated access to their lawyers because the court took no account of what their lawyers said. Article 8 on respect for private and family life was also violated as the two bloggers were denied family visits while held and certain family members were not allowed to testify at the trial. The Azeri government violated Article 10 as well which protects the right to freedom of expression, including the "freedom to hold opinions and to receive and impart information and ideas without interference by public authority and regardless of frontiers." The two people were jailed for criticizing the authorities. Hajizade and Milli filed a complaint before a Baku court on 8 July 2009 which was rejected on 23 July 2009. On 10 August 2009, a separate complaint against the interior ministry, Baku police and prosecutor's office of failing to respect the right to be presumed innocent was also rejected. A confidential cable from the US embassy in Baku on 9 July 2009, posted on the WikiLeaks website on 26 August, confirmed the fact that the two bloggers did not receive medical treatment for their injuries during their first night in detention and revealed that embassy officers' requests to visit the two bloggers in prison were denied. The cable also drew attention over the fact that on 10 July 2009 Milli was to work as the interpreter for the PACE Special Rapporteur for Political Prisoners which seems a rather strange coincidence. European Court to examine case of two bloggers who were unjustly jailed (2.09.2011) http://en.rsf.org/azerbaijan-european-court-to-examine-case-of-02-09-2011,40... US embassy thought two bloggers' arrest was suspicious (1.09.2011) http://en.rsf.org/us-embassy-thought-two-bloggers-01-09-2011,40902.html EDRi-gram: Azeri bloggers released from prison (1.12.2010) http://www.edri.org/edrigram/number8.23/azeri-bloggers-released-prison ============================================================ 7. EP committee supports the introduction of body scanners in EU airports ============================================================ To the dismay of liberal groups, the European Parliament's Transport Committee decided on 31 August 2011 to back up the European Commission in the introduction of body scanners in EU airports. Although imposing certain conditions such as excluding x-ray technology, the EP committee did not oppose the EC rules which do not specifically rule out the use of naked imagery. "The rules do exclude the use of x-ray technology, which is something we wanted. But it doesn't oblige producers to use stick figures instead of the actual body image," stated Benjamin Krieger, a spokesperson for the German Liberals in the European Parliament. This decision comes when some European countries have reached the conclusion that body scanners are not performing properly. The German interior ministry has recently decided to postpone the introduction of body scanners at airports for security reasons, after the devices used for trial failed to do their job, giving false alerts at a 49% rate. The errors included confusing sweaty armpits with concealed bomb chemicals while body scanners are supposed to detect plastic or ceramic elements concealed under clothing. The technology has been strongly opposed by human rights groups, religious organizations and even the European Parliament because it shows a real outline of one's bodily features, which raises serious privacy concerns. The devices are also expensive, reaching up to 130 000 euro/piece. In 2010, Italy also fell back on the plan to implement the technology in airports after experiencing the same results during the trial period. Germany ditches body scanners after repeat false alerts (1.09.2011) http://euobserver.com/22/113479 Meeting minutes TRAN Committee (30-31.08.2011) http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//NONSGML+COMPARL+PE-470.049+01+DOC+PDF+V0//EN&language=EN EP transport committee votes in favour of body scanners (31.08.2011) http://euobserver.com/1016/113478 Welcome to body scanners at EU airports (6.07.2011) http://www.europolitics.info/sectoral-policies/welcome-to-body-scanners-at-e... Parliament sets conditions for airport body scanners (6.07.2011) http://www.eubusiness.com/news-eu/security-aviation.b5r EDRi-gram: MEPs approve body scanners on airports on a voluntarily basis (1.06.2011) http://www.edri.org/edrigram/number9.11/body-scanners-airports-ep ============================================================ 8. ENDitorial: Abuse of Irish police databases ============================================================ In 2003, the then Minister for Justice, Michael McDowell, stated that he "knew that journalists were bribing gardam (police)". This was said in the context of proposed legislation which would create a crime of leaking information. Unfortunately, the intervening years seem to have confirmed the continued existence of police abuse of confidential information, resulting in a recent announcement by the Data Protection Commissioner of a national audit into garda compliance with data protection law. The audit will focus on access to the main police database system, known as PULSE, which was introduced in 1999. While that system has a read/write audit trail, this has not acted as a deterrent to abuse - some police have sought to evade the audit trail by requesting others to carry out searches on their behalf, and login sharing has also been a problem. Consequently, in his 2010 Annual Report the Data Protection Commissioner stated that: "In 2007 we agreed a data protection Code of Practice with the Gardam which included undertakings to monitor access to the Garda PULSE system. It is disappointing to report that, despite our repeated engagements on this issue, the monitoring of access by members of An Garda Smochana to PULSE falls short of the standards we expect. We wish to see significant progress by the Gardam in pro-actively monitoring PULSE access in 2011 and will be carrying out an audit to satisfy ourselves of this progress." The most recent allegations generally concern personal use of the system, for example by using it to check on daughters' boyfriends or to check the history of cars which they are buying. However, allegations of more serious abuses are also common, including the sale of information to insurance companies and even criminals. Unfortunately, it is difficult to provide a full assessment of abuses which have taken place. While many allegations have been published by the media and some internal garda investigations carried out, the results of these investigations have not been published, disciplinary sanctions (if any) are seldom made public and there is no comprehensive official report. This secrecy is a failing in itself and makes it impossible for the public to have confidence in the system. Nevertheless, there have been a number of cases in which abuses have been clearly established and some significant examples from recent years include a court award of 70 000 Euros damages to a family who were harmed by a garda leak (2007), the dismissal of a garda for leaking information to a drug dealer (2010) and most recently the finding that a detective sergeant abused her position to monitor an ex-boyfriend through his phone records (2011). A particularly telling example in 2007 followed the high profile death of a person struck by a car driven by an off-duty garda. In that case, 187 individual gardai accessed that person's PULSE record following his death, without apparent justification. An investigation into that incident recommended that: "supervisory ranks should regularly monitor the use of PULSE to ensure that members adhere to their legal and disciplinary obligations in regard to its proper use [and] suitable measures [should] be put in place by the Garda authorities to ensure that audit-trails of the usage of PULSE and any other official information systems can always be accurate and verifiable." Unfortunately, it seems that several years later this has yet to be done. GRA's concern about bribery claim, RTI News (04.08.2003) http://www.rte.ie/news/2003/0904/justice.html Family awarded 70,000 Euros over garda leak, RTI News (17.01.2007) http://www.rte.ie/news/2007/0117/gray.html Report by the Commission following the death of Mr. Derek O'Toole on March 4th 2007 and subsequent complaints and investigation under Section 98, Garda Smochana Act, 2005 (10.2008) http://www.gardaombudsman.ie/GSOC/Report_October2008.pdf Garda Data Protection Code of Practice (12.11.2007) http://www.garda.ie/Controller.aspx?Page=136&Lang=1 Gardam line up 17 officers for quizzing over leaks to 'Don', Evening Herald (16.10.2009) http://www.herald.ie/news/gardai-line-up-17-officers-for-quizzing-over-leaks... Walsh, Human Rights and Policing in Ireland (Dublin: Clarus Press, 2009), Ch. 32 Garda sacked for leaked secrets to Don's crime gang, Evening Herald (18.06.2010) http://www.herald.ie/news/garda-sacked-for-leaking-secrets-to-dons-crime-gan... 2010 Annual Report of the Data Protection Commissioner (03.2010) http://www.dataprotection.ie/documents/annualreports/2010AR.pdf EDRi-gram: No effective sanction for Police abuse of Irish data retention system (24.08.2011) http://www.edri.org/edrigram/number9.16/abuse-data-retention-ireland (Contribution by TJ McIntyre - EDRi-member Digital Rights Ireland) ============================================================ 9. Recommended Reading ============================================================ Statewatch Analysis: UK: Internet censorhip looms as government finds alternatives to flawed Digital Economy Act by Max Rowlands: The routine blocking of websites believed to facilitate copyright infringement has moved a step closer - despite concerns about the proportionality and effectiveness of the practice - following a landmark High Court ruling on the application of the Copyright, Designs and Patents Act. Meanwhile, the much criticised Digital Economy Act continues to flounder, with the introduction of its controversial copyright protection scheme - which would allow the government to suspend the internet connections of individuals accused of persistent copyright infringement - now delayed until 2012 at the earliest. http://www.statewatch.org/analyses/no-147-internet-censorship.pdf Europe's Odd Anti-Piracy Stance: Send Money to the US! (4.09.2011) http://torrentfreak.com/europes-odd-anti-piracy-stance-send-money-to-the-us-... Naming Names on the Internet (4.09.2011) http://www.nytimes.com/2011/09/05/technology/naming-names-on-the-internet.ht... Open Data: Emerging trends, issues and best practices - a research project about openness of public data in EU local administration (2011) http://www.lem.sssup.it/WPLem/odos/odos_report_2.pdf ============================================================ 10. Agenda ============================================================ 8-9 September 2011, Brussels, Belgium 6th Annual Conference of the European Policy for Intellectual Property Fine-Tuning IPR debates http://www.epip.eu/conferences/epip06/ 10-17 September 2011 Freedom Not Fear - International Action Week http://www.freedomnotfear.org 16-18 September 2011, Warsaw, Poland Creative Commons Global Summit 2011 http://wiki.creativecommons.org/Global_Summit_2011 16 September 2011, Leeds, UK Conference "Human Rights in the Digital Era" http://digitalrights.leeds.ac.uk 17 September 2011, Worldwide Software Freedom Day 2011 http://softwarefreedomday.org/ 27-30 September 2011, Nairobi, Kenya Sixth Annual IGF Meeting: Internet as a catalyst for change: access, development, freedoms and innovation http://www.intgovforum.org/cms/nairobipreparatory 11 October 2011, Brussels, Belgium ePractice Workshop: Addressing evolving needs for cross-border eGovernment services http://www.epractice.eu/en/events/epractice-workshop-cross-border-services 13-14 October 2011, Lisbon, Portugal 2nd International Graduate Conference in Communication and Culture: The Culture of Remix http://blogs.nyu.edu/projects/materialworld/2011/05/cfp_the_culture_of_remix... 20-21 October 2011, Warsaw, Poland Open Govrenment Data Camp http://opengovernmentdata.org/camp2011/ 27-30 October 2011, Barcelona, Spain Free Culture Forum 2011 http://fcforum.net/ 9 November 2011, Bucharest, Romania Inet Conference: Access, Trust and Freedom: Coordinates for future Internet http://www.isoc.org/isoc/conferences/inet/11/bucharest-agenda.shtml 11-13 November 2011, Gothenburg, Sweden FSCONS is the Nordic countries' largest gathering for free culture, free software and a free society. http://fscons.org/ 25-27 January 2012, Brussels, Belgium Computers, Privacy and Data Protection 2012 http://www.cpdpconferences.org/ ============================================================ 11. About ============================================================ EDRi-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRi has 28 members based or with offices in 18 different countries in Europe. European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRi-grams. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and are visible on the EDRi website. This EDRi-gram has been published with financial support from the EU's Fundamental Rights and Citizenship Programme. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 3.0 License. See the full text at http://creativecommons.org/licenses/by/3.0/ Newsletter editor: Bogdan Manolea <edrigram@edri.org> Information about EDRI and its members: http://www.edri.org/ European Digital Rights needs your help in upholding digital rights in the EU. If you wish to help us promote digital rights, please consider making a private donation. http://www.edri.org/about/sponsoring - EDRI-gram subscription information subscribe by e-mail To: edri-news-request@edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. Unsubscribe by e-mail To: edri-news-request@edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/edri/2.html - EDRI-gram in German EDRI-gram is also available in German, with delay. Translations are provided Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users http://www.unwatched.org/ - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask <edrigram@edri.org> if you have any problems with subscribing or unsubscribing. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE