============================================================ EDRi-gram biweekly newsletter about digital civil rights in Europe Number 8.19, 6 October 2010 ============================================================ Contents ============================================================ 1. EDRi's answer to net neutrality consultation 2. Hearing on Internet Blocking in the European Parliament 3. First warning letters sent by French ISPs under the three-strikes system 4. Italy: Online editors are not liable as the printed press 5. EU concerns for US plans to increase the amount of bank transfer data 6. New EC Expert Group on the Internet of Things 7. Private data exposed on UK Law firm website 8. YouTube won a case against copyright infringement accusations in Spain 9. Phorm case sends the UK to the European Court of Justice 10. ENDitorial: Council of Europe: Bad news as it happens 11. Recommended Action 12. Recommended Reading 13. Agenda 14. About ============================================================ 1. EDRi's answer to net neutrality consultation ============================================================ Who gets to decide what you do on the internet: you or your internet service provider? Until recently, the answer was simple: you decide which services and websites you want to visit. This is changing rapidly, however. Most internet providers want to restrict your internet traffic. Unless the European Commission prohibits them from doing so. EDRi, in a common submission with its member Bits of Freedom, urged the European Commission to prohibit this. The submission was sent as an answer to a public consultation on net neutrality opened until 30 September 2010. In our submission, EDRi concludes that: - An open internet is crucial for fundamental freedoms, innovation, and competition. - Internet providers, however, have incentives of their own to stifle the open internet. - Furthermore, governments and private parties attempt to force internet providers to stifle the open internet for the benefit of narrow sectorial interests. - And, in practice, internet providers do indeed stifle the open internet for the above reasons. - Meanwhile, transparency obligations, competition and minimum guarantees cannot safeguard an open internet. - Waiting is not an option, as the examples of local loop unbundling and mobile roaming demonstrate. - Narrowly-tailored regulatory EU measures should therefore safeguard the open internet. Response of Bits of Freedom and EDRi to the public consultation of the European Commission on the open internet and net neutrality in Europe (30.09.2010) http://www.edri.org/docs/netneutralityreaction300910.pdf (thanks to Ot Van Daalen - EDRi-member Bits of Freedom) ============================================================ 2. Hearing on Internet Blocking in the European Parliament ============================================================ The European Parliament's Civil Liberties Committee held a hearing on the Child Exploitation Directive on 28 and 29 September, chaired by the Parliament's Rapporteur, Roberta Angelilli (EPP, Italy). The event was opened by the MEP responsible for the dossier, Ms Angelilli herself and the Rapporteurs from the two Committees providing an "Opinion" on the dossier - Culture (Petra Kammerevert, S+D, Germany) and Gender Equality (Marina Yannakoudakis, ECR, UK). Ms Kammerevert reflected on the detail of the proposal, on the need to ensure that the measure is well targeted and that we use proper evidence to produce effective strategy. On this basis, Ms Kammerevert argued strongly against the concept of web blocking as an effective strategy. Ms Yannakoudakis argued that free speech should not be a barrier when trying to protect children and blocking might be useful and therefore should be deployed. In the second session of the event, EU institutions and bodies gave their views on the dossier. The interventions from the Fundamental Rights Agency and the Deputy European Data Protection Supervisor were interesting insofar as both highlighted the costs of blocking in terms of fundamental rights and privacy but neither devoted a moment to question the supposed benefits. This was even stranger when we consider that the Fundamental Rights Agency pointed out the need to make a proper impact assessment. Ms Asenius, head of Cabinet of Commissioner Malmstrvm repeated the frequently myth that there were huge profits to be made in commercial exploitation of child abuse images. However, in the discussion period afterwards, German Green MEP Jan Albrecht pointed out that the Commission-funded "Financial Coalition against Child Pornography" published an up to date report in September which shows that this is simply not the case. Ms Asenius chose not to respond. A further valuable but answerless question was put by Vilija Blinkeviciute (S+D, Lithuania), who asked how the Parliament was supposed to legislate without the data needed to make an informed decision. The session with police organisations took place at the same time as the Civil Liberties Committee organised a vote elsewhere in the Parliament. As a result, there were no parliamentarians at all present for most of the speeches. Bjorn-Erik Ludvigsen accused opponents of blocking of being in favour of child abuse while Bjorn Sellstrvm made an odd argument that blocking would only be effective if everyone did it. From a law enforcement perspective, it would appear to make more sense to aim motivating all countries to prosecute crimes in their own country rather than creating systems to hide infringements abroad. In the final session devoted to NGOs, the UK hotline (the Internet Watch Foundation) described the statistics produced by that organisation, including the huge and rapid growth in the hosting of abuse material on free hosting services (without mentioning that it is easier to have such sites deleted than to block them), the growth in the abuse of free image hosting sites (without mentioning that it is easier to have such images deleted than to block them) and the growth in the proportion of websites that move very quickly (without mentioning that these move too quickly to be blocked). EDRi's presentation highlighted the technical inadequacies of blocking, the risks associated with blocking and the poor preparatory work of the European Commission. John Carr from the Commission-funded group eNACSO explained that big companies had implemented blocking, so it couldn't be inadequate. He added that guns could be used for good and bad purposes, so the fact that blocking could be used for good and bad purposes did not mean that blocking was inherently bad. During the final discussion, Christian Bahls from MOgIS (the association of abuse victims against blocking) argued that blocking risked damaging the integrity of the Internet, that the issue with re-victimisation was not the possible existence of images on the Internet but the very existence of the images and also that it was necessary to do properly research the problem and then produce solutions rather than the other way around. EDRi's blocking booklet in English, German, Czech and Romanian http://www.edri.org/issues/freedom Text of EDRi presentation to the hearing (29.09.2010) http://www.edri.org/files/libe_hearing_100929.pdf Video of EDRi presentation at the hearing (29.09.2010) http://www.youtube.com/watch?v=fxq--FqccGE Commission official explains (again) the Commission's research http://www.youtube.com/watch?v=KNKHMazHCuw European Financial Coalition against commercial sexual exploitation of children online - Report (2010) http://www.ceop.police.uk/Documents/EFC%20Strat%20Asses2010_080910b%20FINAL.... MOgIS YouTube channel https://www.youtube.com/user/MOGiSVerein EDRi-gram: ENDitorial: Internet blocking in ten weeks and counting (22.09.2010) http://www.edri.org/edrigram/number8.18/10-weeks-until-internet-blocking (Contribution by Joe McNamee - EDRi) ============================================================ 3. First warning letters sent by French ISPs under the three strikes system ============================================================ On 1 October 2010, Bouygues Telecom and Numiricable were the first French ISPs to send warning emails to suspected illegal file-sharers, on behalf of Hadopi authority. According the media reports several hunderds warning emails have been send in these first days. After this first message, the Internet user deemed to have allegedly continued to illegally download copyrighted content in the following six months, will receive a second warning by a registered letter. The third alleged infringement may be penalised by a fine and the suspension of the user's subscription up to a year without the possibility to make another subscription during that period. This is how the warning letter begins: "Attention, your Internet connection has been used to commit acts that could constitute a breach of the law," adding that piracy "is a serious threat to the economy of the cultural sector." Orange and SFR were supposed to send their first e-mails on 4 October but there has been no communication from them until now, while Free has already stated it would not send the e-mails, pending an answer from the Ministry of Culture and Hadopi on its alternative method for dealing with customers, taking the privacy concerns of the French Data Protection Authority - CNIL into account. The French authority on implementing the three strikes law also launched on 1 October 2010 its official website, Hadopi.fr, which includes news, a presentation of the authority, information on "responsible usage", a forum for questions and other types of information such as the action to take in case of receiving a warning message from the authority. During a press conference that took place on 5 October 2010, Hadopi representatives did not want to comment on the launch of the warning messages. The only comment that Hadopi president Marie-Frangoise Marais made was that the three-strikes process was going on. She also added that while the dialogue with the ISP Free was in progress, Free's lack of cooperation would reflect on its users because they would not receive an initial email warning in the event of copyright infringement but they would receive a registered letter (the second stage) in case of repeated infringement. While the Hadopi.fr site has brought about a lot of sarcastic comments, Numerama launched Hadopi-Data.fr site, a tool that will should allow the supervision of Hadopi's activity considering that transparency is not a strong point of the regulator. Internet users having received a warning message may anonymously place information on Hadopi-Data.fr regarding the date they received the warning, the date of the alleged infringement act, the type of works in question and their postal code. This last piece of information can be used to check out whether there is any geographic targeting by Hadopi. Based on the data input, Numerama intends to create graphs on the ISPs that send the e-mails to their subscribers, on categories of works that generate the most numerous warnings and on Hadopi's activity in time. The ammount of data will therefore be vital in order to have a clear overview of the situation. La Quadrature du Net has also launched a citizen initiative trying to find the first French Internet user to receive an e-mail initiated by Hadopi. Threatened by attacks, Hadopi.fr opens its doors (only in French, 1.10.2010) http://www.01net.com/editorial/521611/menace-dattaques-hadopi-fr-ouvre-ses-p... Hadopi-Data.fr :let's check together Hadopi's activity (only in French, 4.10.2010) http://www.numerama.com/magazine/16921-hadopi-datafr-controlons-ensemble-l-a... Hadopi : the first e-mails at Bouygues, SFR, Orange and Numericable? (only in French, 4.10.2010) http://www.numerama.com/magazine/16963-hadopi-1ers-e-mails-chez-bouygues-sfr... Hadopi. The first warnings sent (only in French, 5.10.2010) http://www.letelegramme.com/ig/generales/france-monde/france/hadopi-premiers... First Anti-Piracy Warnings Issued In France (5.10.2010) http://www.billboard.biz/bbbiz/content_display/industry/e3i7b035dcf5d2c2ea79... ============================================================ 4. Italy: Online editors are not liable as the printed press ============================================================ The Italian Court of Cassation ruled in a decision taken on16 July 2010 and published on 1 October 2010 that online editors are not directly liable for the content published on their websites. In this case, it was considered that art.57 of the Italian Criminal Code which requires control of newspaper editors over the published content covers exclusively the hard copy written works. The ruling overturned a previous decision of the Appeal Court of Milan having convicted the editor of Merate Online portal for not having checked the content of a letter that proved defamatory for Justice Minister Roberto Castelli. The Court of Cassation stated that Article 57 "refers specifically to information disseminated through the 'press'. The letter of the law is unequivocal and that conclusion also bears a historical interpretation of the rule." Law 47 from 1948 defines the 'press' as "any typographical or other reproductions obtained by mechanical or physical-chemical way of publication". In the court's opinion, a web publication does not fall into the definition of the 1948 law and hence is not covered by art.57 of the Criminal Law. The ruling also relied on decree 70/2003 which explicitly rules out the online service's responsibility for the content of their users in case they are unaware of the illegal character of the respective content. The director of a web newspaper is not liable for failing control (only in Italian, 1.10.2010) http://www.repubblica.it/cronaca/2010/10/01/news/cassazione_per_le_testate_w... Cassation: The Online Editor is not "responsible" (only in Italian, 2.10.2010) http://www.mcreporter.info/stampa/cass35511.htm Cassation Court - Decision no. 35511 (only in Italian, 16.07. 2010) http://www.mcreporter.info/giurisprudenza/cass10_35511.htm ============================================================ 5. EU concerns for US plans to increase the amount of bank transfer data ============================================================ The EU Commission and MEPs have requested clarifications from US Administration regarding the plans to extend existing anti-terrorism programs targeting bank transfers which would make the EU-US so-called Swift agreement invalid. The Washington Post announced on 27 September 2010 that the Obama administration wanted to require U.S. banks to report all electronic money transfers into and out of the country thus helping the authorities in spotting transfers that might finance terrorist attacks. The expanded financial data would allow anti-terrorist agencies to better understand normal money-flow patterns in order to track down abnormal activities. According to the Financial Crimes Enforcement Network's (FinCEN) rulemaking proposal, the US Financial institutions will be required to report to the Treasury Department the smallest transfers. Presently, only transactions in excess of 10 000 USD and others transactions considered as suspicious are reported. US authorities plan to gather information about 750 million transfers per year into a database that will be used by law enforcement and regulatory agencies. The data attached to such transfers usually include the name, address and account number of the sender and recipient and for money-service businesses, a driver's license or passport number. The proposal also requires the banks to provide the Social Security numbers for all wire-transfer senders and recipients on an annual basis. "By establishing a centralized database, this regulatory plan will greatly assist law enforcement in detecting and ferreting out transnational organized crime, multinational drug cartels, terrorist financing and international tax evasion," was the explanation given by James H. Freis Jr., director of FinCEN. FinCEN's proposal comes as a result of the requirements of the Intelligence Reform and Terrorism Prevention Act of 2004 which asked the Secretary of the Treasury to study the feasibility of requiring such financial institutions as the Secretary determines to be appropriate to report to the Financial Crimes Enforcement Network on certain cross-border electronic transmissions of funds, if the Secretary determines that reporting of such transmissions is reasonably necessary to assist the efforts of the Secretary against money laundering and terrorist financing. This move has created great concern in the EU. "We urgently seek clarifications from the US if these plans are an infringement of the Swift agreement and the EU commission promised to demand further information on it," stated MEP Sophie in't Veld after a closed-door meeting with Commission officials on 27 September. Under the present Swift agreement that came into force on 1 August 2010, US officials can request European data relevant to a specific terrorist investigation from Swift but the request must be approved by the Europol, EU's police co-operation unit, and has to meet certain requirements. However, in view of the new US plans, the transactions between the European and USA banks would be captured even if there is no substantiated need. "We see so many data transfers - passenger name records, Swift data, credit card information connected to the travel fee - that we are wondering where all this ends," stated Sophie in't Veld who added "We are all getting a bit tired of being taken by surprise all the time. The US is our friend and ally, so we shouldn't be treated this way." The plans are criticised in the USA as well. "This regulation is outrageous. (....) I believe you need to show some evidence of criminality before you are granted unfettered access to the private financial affairs of every individual and company that dares to conduct financial transactions overseas," said lawyer Peter Djinis, former FinCEN executive assistant director for regulatory policy. Money transfers could face anti-terrorism scrutiny (27.09.2010) http://www.washingtonpost.com/wp-dyn/content/article/2010/09/26/AR2010092603... FinCEN Proposes Regulatory Requirement for Financial Institutions to Report Cross-Border Electronic Transmittals of Funds (27.09.2010) http://www.fincen.gov/news_room/nr/html/20100927.html MEPs demand explanation on US plan to monitor all money transfers (28.09.2010) http://euobserver.com/9/30905/?rk=1 ============================================================ 6. New EC Expert Group on the Internet of Things ============================================================ On 22 and 23 September 2010 the kick-off meeting of a new European Commission (EC) High Level Expert Group on the Internet of Things was held in Brussels. The group is made up of about 50 members representing organisations from industry, standardisation, research, civil society and other sectors. Representatives from member states, the European Data Protection Supervisor and the Article 29 Working Party participate in the group as observers. The group will operate until December 2012. According to the action plan described in the Communication of the European Commission "Internet of Things - An action plan for Europe" the group will work on governance, privacy and data protection, standards and interoperability, health and environment and other topics related to the development of an Internet of Things. With regard to privacy and data protection the concept of the right to the "silence of the chips", which defines that everybody should have the right to disconnect oneself from information technology, will be among the topics to be discussed in the group. Besides the Commission Communication, the report of the European Parliament, the Opinion of the European Economic and Social Committee, the Opinion of the Committee of the Regions on the Internet of Things and the Opinion of the European Data Protection Supervisor on Promoting Trust in the Information Society by Fostering Data Protection and Privacy will be important documents guiding the work of the group. EDRi has been invited by the European Commission to participate in the Expert Group and is looking forward to working with the Commission, the members and observers of the group on the framework for an Internet of Things being an Internet for the people. Commission Communication "Internet of Things - An action plan for Europe" http://ec.europa.eu/information_society/policy/rfid/documents/commiot2009.pd... European Parliament resolution of 15 June 2010 on the Internet of Things (2009/2224(INI)) (15.06.2010) http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//TEXT+TA+P7-TA-20... EDRi-gram: EP calls for a clear legal framework for the Internet of Things (30.06.2010) http://www.edri.org/edrigram/number8.13/european-parliament-on-internet-of-t... Opinion of the European Economic and Social Committee on "The Internet of Things" http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:C:2009:077:0060:006... Opinion of the Committee of the Regions on the Internet of Things and re-use of Public Sector Information http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:C:2010:175:0035:003... Opinion of the European Data Protection Supervisor on Promoting Trust in the Information Society by Fostering Data Protection and Privacy (19.03.2010) http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consul... (Contribution by Andreas Krisch - EDRi) ============================================================ 7. Private data exposed on UK Law firm website ============================================================ On 24 September 2010, the website of the UK Law Firm ACS:Law suffered a massive breach of security apparently under a Denial of Service attack initiated by a group entitled Anonymous within the Operation Payback, which led to the exposure of what seemed to be part of the internal email database of the website. Although the ISP hosting ACS:Law's website suspended the account right after the attack, the site became active again, without any apparent reason, pointing to the root directory of the web and revealing a folder containing an archived backup of the company's mailboxes. The content of the folder was downloaded and posted on Pirate Bay. ACS:Law has been well known lately for the threatening letters sent to alleged file sharers suspected of breaching copyright asking them to pay money in order to avoid going to court. The company was already referred by privacy groups to the Solicitors Disciplinary Group for "bullying and excessive conduct" at the beginning of September 2010. The data exposed by the attack appear to include among other things, an excel file attached to an e-mail sent by Andrew Crossly, head of ACS:Law, to his colleagues, including the names and addresses of apparently more than 10 000 broadband subscribers with the names of the movies allegedly downloaded by them in breach of copyright. As a result of the event, Privacy International (PI) has announced that it was blaming ACS:Law for the indicent and that it was planning to bring a legal action against the company for breaching the privacy of internet users. PI has also notified the UK Data protection authority - Information Commissioner's Office (ICO) on the matter. "... there is no evidence to suggest that the web server was compromised; it would seem that this data breach was purely down to poor server administration and a lack of suitable data protection and security technologies. there is no evidence to suggest that the web server was compromised; it would seem that this data breach was purely down to poor server administration and a lack of suitable data protection and security technologies," says PI in a press release issued on 27 September. Information Commissioner Christopher Graham took the matter seriously and told the BBC that he would investigate the matter which might be a chance for him to use the extra powers he has been recently granted. ACS:Law might face a very significant fine. "The Information Commissioner has significant power to take action and I can levy fine of up to half a million pounds on companies that flout the Data Protection Act," said the Commissioner. The ICO will investigate on the security of the information stored by ACS:Law and on how easy it was to access it. "We'll be asking about the adequacy of encryption, the firewall, the training of staff and why that information was so public facing," said the Commissioner. ACS:Law Email Database Leaked onto The Pirate Bay (24.09.2010) http://www.slyck.com/story2058_ACSLaw_Email_Database_Leaked_onto_The_Pirate_... Law firm could face first #500,000 data leak fine (29.09.2010) http://www.out-law.com//default.aspx?page=11404 Privacy International Plans Legal Action Against ACS:Law (27.09.2010) http://www.slyck.com/news.php?story=2061 PI aims to pursue UK law firm for data breach (27.09.2010) http://www.privacyinternational.org/article.shtml?cmd%5B347%5D=x-347-566663 EDRi-gram: UK: Harassing innocent users for copyright infringement (8.09.2010) http://www.edri.org/edrigram/number8.17/acs-law-harassing-copyright-infringe... ============================================================ 8. YouTube won a case against copyright infringement accusations in Spain ============================================================ Google has won a battle against Spanish broadcaster Telecinco which brought the company to court in June 2008 claiming that the company's service YouTube was liable for the copyrighted material posted by its users. Spanish Commercial Court no.7 of Madrid ruled against Telecino, following the EU E-commerce directive which says that a website is responsible for the content uploaded by its users only if a notification of allegedly copyright infringing content is made. Once the notification is received, the website has to remove the respective content. Telecino claimed that Youtube already had procedures in place for copyright owners to identify and notify the website of any videos that allegedly breach copyright but Google argued that screening material before it was made available would be an impossible action. "This decision demonstrates the wisdom of European laws. More than 24 hours of video are loaded on to YouTube every minute. If internet sites had to screen all videos, photos and text before allowing them on a website, many popular sites - not just YouTube, but Facebook, Twitter, MySpace and others - would grind to a halt," was Aaron Ferstman's comment on Google;s European public policy blog. Google has also been careful to reaffirm that it respects copyright laws: "We are very pleased with today's ruling. The win today confirms what we have said throughout this process: YouTube complies with the law. The ruling recognises that YouTube is merely an intermediary content-hosting service and therefore cannot be obliged to pre-screen videos before they are uploaded." Telecino, which was bound to pay for the trial expenses, stated that the judge's decision was only trying to avoid "taking a decision that would have placed in checkmate the national and international trade of YouTube and its owner Google" and that it intended to defend itself from the attacks against its rights and to appeal to superior legal courts. Spanish court throws out copyright infringement claims against Youtube (23.09.2010) http://www.theinquirer.net/inquirer/news/1735045/spanish-court-throws-copyri... YouTube wins against Telecinco in the tribunal(only in Spanish, 23.09.2010) http://www.elmundo.es/elmundo/2010/09/23/comunicacion/1285234927.html Google wins YouTube case in Spain (23.09.2010) http://www.guardian.co.uk/technology/2010/sep/23/google-wins-youtube-case-sp... A big win for the Internet (23.09.2010) http://googlepolicyeurope.blogspot.com/2010/09/big-win-for-internet.html ============================================================ 9. Phorm case sends the UK to the European Court of Justice ============================================================ The European Commission announced that it has referred the UK to the European Court of Justice for an improper implementation of EU data protection rules, following several complaints in the Phorm case. The Commission received complaints from the UK citizens about Phorm that worked by checking out the web traffic between an ISP client and the sites it visits. This form of behavioural advertising by ISPs (targeted advertising based on prior analysis of users' internet traffic) was reported by EDRi-member Open Rights Group and others NGOs to the UK Data Protection Authority - Information Commissioner's Office. British Telecom ran in 2006 and 2007 two secret trials of deep-packet inspection technology on its broadband customers, without informing them. The European Commission started the legal action against the UK in April 2009 and sent another warning in October 2009 asking the British authorities to properly implement the Data Protection Directive and the ePrivacy Directive. Now, the Commission has referred UK to the European Court of Justice for failing to "ensure the confidentiality of the communications and related traffic data by prohibiting unlawful interception and surveillance" and to implement in the UK law the definition of consent as the "freely given, specific and informed indication of a person's wishes". Digital Agenda: Commission refers UK to Court over privacy and personal data protection (30.09.2010) http://europa.eu/rapid/pressReleasesAction.do?reference=IP/10/1215&format=HTML&aged=0&language=EN&guiLanguage=en EU takes Britain to court over online data protection (30.09.2010) http://euobserver.com/22/30935 EU taking UK to court for privacy deficiencies highlighted by Phorm (30.09.2010) http://www.openrightsgroup.org/blog/2010/eu-taking-uk-to-court-for-privacy-d... EDRi-gram: UK: Phorm threat (28.01.2009) http://www.edri.org/edri-gram/number7.2/phorm-uk ============================================================ 10. ENDitorial: Council of Europe: Bad news as it happens ============================================================ The third Council of Europe (CoE) Committee of experts on new media (MC-NM), held on 27-28 September 2010 in Strasbourg, is likely to dampen enthusiasm. To start with, the current vice-chair Michael Truppe is leaving the group to hold another position on the Austrian scene. With his knowledge of the group issues and his vision of an Internet upholding Human Rights, Michael Truppe has been instrumental to many achievements of the MC-S-IS group (MC-NM predecessor), especially with regards to the 'Recommendation on measures to promote the respect for freedom of expression and information with regard to Internet filters', adopted by the CoE Committee of Ministers in 2008. During MC-NM works, he also brought a major contribution to the draft Declaration on Network Neutrality. However, and this is the second bad news, such draft texts may see important modifications before they became adopted, since they first go through the parent body, the Steering Committee on Media and New Communication Services (CDMC) and only then are submitted to the CoE Committee of Ministers for adoption. This is what regrettably happened to the CoE Declaration on Network Neutrality (NN), adopted on 29 September 2010. While the draft, though being simply a Declaration, was an encouraging political stand from the CoE on NN, the adopted text looks like a spineless document that, actually, doesn't bring much to the issue. Where the draft called for "unobstructed" access for users to internet-based content, applications and services of their choice, the adopted text contents itself with "greatest possible access". One might wonder what this could ever mean, when such access possibilities are confronted to both the greediness of network operators, ISPs and online service providers and the breaches of human rights and fundamental freedoms by governments! Furthermore, the CDMC added a provision in reference to the EU Telecom Package adopted in 2009, following a request from one of the EU Member States. The document was finalised some days before the end of the Spanish presidency. In summary, this dilution makes the Declaration on Net Neutrality a squandered opportunity for the CoE, as well as for all those who see the democratic issues at stake with NN, rather than simply a need to ensure transparency for consumers and fair competition in a market being, in any event, dominated by few companies. The third bad news derives from management decisions by the CDMC leading to fewer human resources for its subordinated groups, at least the MC-NM. Concretely, this means that the MC-NM work on draft Recommendations regarding both search engines and social networks, in view of ensuring the respect for privacy and freedom of expression in these sectors, is now in stand-by mode, while the priority is given to the least advanced work, that is the draft Recommendation on a new notion of media. This decision to postpone the completion of the almost finished work on search engines and social networks is very unfortunate, given that both issues are very timely and involve major stakes in terms of fundamental rights and freedoms, although it is granted that discussing the extension of the notion of media - and, as a corollary, of the application of the media laws - to new media and the web2.0 services is of utmost importance. This is indeed a democratic issue, as the discussion during last MC-NM meeting has highlighted: if YouTube was considered a media, could it be blocked for more than 2 years now by a CoE Member State, namely Turkey, which has to comply with freedom of the media? If so-called 'citizen journalism' platforms were considered as media, shouldn't they operate under principles such as that of the protection of sources and the right to reply and a the same time be subject to some professional standards? Should bloggers be granted the status of journalists and under which conditions? When Google is found liable by French courts for the third time, because of its 'Google Suggest' service, on the basis that Google does indeed add a human intervention in some cases, does it exert an editorial interference or does it simply take action to protect its own interests? Should the online service market domination by a handful of vertically integrated multinational companies be considered as dangerous media concentration or as a dominant market position? In one word, should these services be regulated by media laws or by e-commerce laws? One can easily understand that the issue is complex, should be approached with particular caution, and needs very rigorous definition of criteria to identify under which conditions web2.0 services should be considered as media. The third MC-NM meeting dedicated almost its two days to this discussion, as the necessary prerequisite to come up with any Recommendation on the status of new media. Obviously, by no mean this could be reasonably completed by the end of the year or even earlier as requested by CDMC: such haste could only be harmful when human rights, democracy and freedom of the media are at stake. Last but unfortunately not least of the bad news series is related to the developments of the Cross-border Internet group (MC-S-CI). This group is also subordinated to the CDMC, but, contrarily to the case of MC-NM, is formed by, literally, a handful of individual experts (5 persons!) picked up by CDMC members, in view of nothing less than drafting a Convention, i.e. a Treaty... EDRi was granted the observer status to this group. However, an observer can only observe formal (i.e. announced and open) meetings, while the individual experts seem to have opted for "informal meetings", whatever this could mean. As a matter of fact, after a single formal meeting on 1-2 March 2010, which EDRi unfortunately missed, the MC-S-CI apparently led to prolific achievements: two draft CoE Declarations on, respectively, the Digital Agenda for Europe (indicating some extensive interpretation of MC-S-CI terms of reference) and the management of the Internet protocol address resources in the public interest (both adopted by the Committee of Ministers on 29 September) and even a draft standard-setting instrument. Regarding the latter, a conceptual framework document was ready for presentation and discussion at a workshop during the 2010 EuroDIG meeting in Madrid on 28-29 April and the draft instrument itself was circulated at a 2010 IGF workshop in Vilnius on 14-17 September (where the approach and provisions faced a lot of criticism). One would certainly bow before such intense productivity, if the situation were not raising important democratic concerns in terms of transparency and accountability. When considering, on top of this, the fact that most of the experts are ICANN insiders, the concerns can only grow, especially since the only human rights expert from the group has now resigned. As a matter of fact, the MC-S-CI group also has, in the mean time, prepared another draft Declaration on "enhanced participation in Internet governance matters - Governmental Advisory Committee (GAC) of the Internet Corporation for Assigned Names and Numbers (ICANN)" (adopted by the Committee of Ministers on 26 May 2010), and has been instrumental in having the CoE secretariat participating to the GAC's activities, first as observer and later if possible by contributing to GAC Secretariat. The diffusion of CoE values of human rights, democracy and the rule of law to IGF and ICANN would certainly improve the latter two in terms of process and substance. However, if MC-S-CI developments continue behind the scene as they currently show, there is a high risk that the contrary might happen, with the CoE being contaminated by the numerous flaws IGF and ICANN have demonstrated so far, as widely analysed in the academic and grey literature, as well as by various NGOs inside and outside these circles. In conclusion of this list of deep concerns, the only good news is probably the fact that the MC-S-NR group (Group Protection of Neighbouring Rights of Broadcasting Organisations) has not yet started its work, waiting for the European Commission to be mandated to negotiate, within the CoE framework, a Convention on the protection of neighbouring rights of broadcasting organisations (a.k.a. the resurrection of the broadcasting Treaty, formerly killed at WIPO). CDMC and subordinated subgroups public websites http://www.coe.int/t/dghl/standardsetting/media Recommendation CM/Rec(2008)6 of the Committee of Ministers to member states on measures to promote the respect for freedom of expression and information with regard to Internet filters, (26.03.2008) https://wcd.coe.int/ViewDoc.jsp?Ref=CM/Rec(2008)6 EDRi-gram: ENDitorial: CoE - The Good, The Bad And The Ugly (09.04.2008) http://www.EDRi.org/EDRigram/number6.7/coe-good-bad-ugly CoE Declaration of the Committee of Ministers on network neutrality (29.09.2010) https://wcd.coe.int/ViewDoc.jsp?Ref=Decl(29.09.2010_2) EDRi-gram: New Media, Search Engines And Network Neutrality On 2010 CoE Agenda (07.04.2010) http://www.EDRi.org/EDRigram/number8.7/coe-new-media-working-group CoE Declaration of the Committee of Ministers on the Digital Agenda for Europe (29.09.2010) https://wcd.coe.int/ViewDoc.jsp?Ref=Decl(29.09.2010_1) CoE Declaration of the Committee of Ministers on the management of the Internet protocol address resources in the public interest (29.09.2010) https://wcd.coe.int/ViewDoc.jsp?Ref=Decl(29.09.2010_3) EURODIG workshop on "Sovereignty of states and the role and obligations of governments in the global multi-stakeholder Internet environment" (30.04.2010) http://www.eurodig.org/eurodig-2010/programme/workshops/workshop-6 IGF workshop on "a proposal for setting a standard of care in international law for cross-border Internet" (14.09.2010) http://www.intgovforum.org/cms/component/chronocontact/?chronoformname=WSProposals2010View&wspid=60 (description) http://www.intgovforum.org/cms/component/content/article/102-transcripts2010... (transcript) CoE Declaration of the Committee of Ministers on enhanced participation in Internet governance matters - Governmental Advisory Committee (GAC) of the Internet Corporation for Assigned Names and Numbers (ICANN) (26.05.2010) https://wcd.coe.int/ViewDoc.jsp?Ref=Decl(26.05.2010_1) EDRi-gram: ENDitorial: Undead Wipo Treaty Resurrected In Council Of Europe (10.02.2010) http://www.EDRi.org/EDRigram/number8.3/broadcasting-treaty-council-of-europe (Contribution by Meryem Marzouki, French EDRi-member IRIS) ============================================================ 11. Recommended Action ============================================================ I call on Commissioner Malmstrvm to withdraw on her initiative of website blocking. Instead of employing the same techniques as China and other totalitarian regimes, I call on the European Commission to improve law enforcement cooperation both inside the European Union and with outside partners, to ensure swift deletion of child porn websites as well as an effective and determined prosecution of the perpetrators. http://www.deletion-not-blocking.eu/sign.html ============================================================ 12. Recommended Reading ============================================================ Ian Brown: Communications Data Retention in an Evolving Internet (27.09.2010) http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1683284 French Telecom regulator (ARCEP) has published ten proposals and recommendations for promoting a neutral and high quality Internet. (30.09.2010) http://bit.ly/dp5klS ============================================================ 13. Agenda ============================================================ 8-9 October 2010, Berlin, Germany The 3rd Free Culture Research Conference http://wikis.fu-berlin.de/display/fcrc/Home 25-26 October 2010, Jerusalem, Israel OECD Conference on "Privacy, Technology and Global Data Flows", celebrating the 30th anniversary of the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data http://www.oecd.org/sti/privacyanniversary 27-29 October 2010, Jerusalem, Israel The 32nd Annual International Conference of Data Protection and Privacy Commissioners http://www.privacyconference2010.org/ 28-31 October 2010, Barcelona, Spain oXcars and Free Culture Forum 2010, the biggest free culture event of all time http://exgae.net/oxcars10 http://fcforum.net/10 3-5 November 2010, Barcelona, Spain The Fifth International Conference on Legal, Security and Privacy Issues in IT Law. http://www.lspi.net/ 5-7 November 2010, Cologne, Germany Transparency, Work, Surveillance Joint Annual Meeting of FIfF and DVD http://fiff.de/veranstaltungen/fiff-jahrestagungen/JT2010/jt2010_uebersicht 5-7 November 2010, Gothenburg, Sweden Free Society Conference and Nordic Summit http://www.fscons.org/ 17 November 2010, Gent, Belgium Big Brother Awards 2010 Belgium http://www.winuwprivacy.be/kandidaten 25-28 January 2011, Brussels, Belgium The annual Conference Computers, Privacy & Data Protection CPDP 2011 European Data Protection: In Good Health? Submission deadline for Full Papers and Position Papers: 16 November 2010 http://www.cpdpconferences.org/ ============================================================ 14. About ============================================================ EDRI-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRI has 27 members based or with offices in 17 different countries in Europe. European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRI-grams. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and visibly on the EDRI website. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 3.0 License. See the full text at http://creativecommons.org/licenses/by/3.0/ Newsletter editor: Bogdan Manolea <edrigram@edri.org> Information about EDRI and its members: http://www.edri.org/ European Digital Rights needs your help in upholding digital rights in the EU. If you wish to help us promote digital rights, please consider making a private donation. http://www.edri.org/about/sponsoring - EDRI-gram subscription information subscribe by e-mail To: edri-news-request@edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. unsubscribe by e-mail To: edri-news-request@edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/edri/2.html - EDRI-gram in German EDRI-gram is also available in German, with delay. Translations are provided Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users http://www.unwatched.org/ - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask <edrigram@edri.org> if you have any problems with subscribing or unsubscribing. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE