============================================================ EDRi-gram biweekly newsletter about digital civil rights in Europe Number 7.3, 11 February 2009 ============================================================ Contents ============================================================ 1. Data retention directive has the correct legal basis 2. EU Commissioner: No to an Internet freedom law and Yes to net neutrality 3. Irish ISP settled to introduce 3 strikes 4. UK Government proposes increased data sharing 5. Romania: Protests against biometric passports 6. Data protection framework decision adopted 7. Protests against data retention in Bulgaria 8. An error margin of 2% in municipal elections ruled acceptable in Finland 9. Lack of coordination in European eID privacy features 10. Pirate Bay in legal battle with IFPI 11. House of Lords Constitution Committee report on surveillance and privacy 12. Big Brother Awards 2009 Ceremony in Bulgaria 13. Recommended Action 14. Recommended Reading 15. Agenda 16. About ============================================================ 1. Data retention directive has the correct legal basis ============================================================ On 10 February 2009 the European Court of Justice (ECJ) decided that the data retenion directive was correctly adopted on the basis of the EC Treaty as it relates predominantly to the functioning of the internal market. This was the conclusion of the court in the suit that Ireland, supported by Slovakia, started against the European Parliament asking the Court of Justice to annul the directive grounds of inappropriate legal basis. Ireland sustained that the directive could not be based on Article 95 EC since its "centre of gravity" does not concern the functioning of the internal market but rather the investigation, detection and prosecution of crime, and that measures of this kind ought therefore to have been adopted on the basis of the articles of the EU Treaty related to police and judicial cooperation in criminal matters. The Court decided that it was necessary to adopt the directive on the basis of Article 95 EC. It underlined that the data retention directive amended the provisions of the directive on the protection of privacy in the electronic communications sector, which is itself based on Article 95 EC. At the same time, the Court found that the provisions of the directive are essentially limited to the activities of service providers and do not govern access to data or the use thereof by the police or judicial authorities of the Member States. The measures provided for by the directive do not, in themselves, involve intervention by the police or law-enforcement authorities of the Member States. But the Court did not tackle the intriquate issue of the privacy because "the action brought by Ireland relates solely to the choice of legal basis and not to any possible infringement of fundamental rights arising from interference with the exercise of the right to privacy contained in Directive 2006/24." This also means that the Court could have a future case based on the privacy breach of the Data Retention Directive, reffered from a national court. Such a case could be the one started by EDRi-member Digital Rights Ireland or the German Constitutional case initiated by the German Working Group on Data Retention. The Working Group has already stated, after the ECJ decision, that they remain confident that future action on privacy grounds would be succesfull: "The ruling only concerns the formal matter of the correct legal basis and does not address the violation of human rights by the unwarranted registration of the entire population's telecommunications behaviour and movements", commented Werner H|lsmann of the Working Group. "The 34 000 plaintiffs in the German suit against data retention have applied to the German Constitutional Court to seek a separate ruling by the European Court of Justice on the compatibility of data retention with human rights." Case Ireland vs European Parliament (10.02.2009) http://curia.europa.eu/jurisp/cgi-bin/form.pl?lang=EN&Submit=rechercher&numaff=C-301/06 The data retention directive is founded on an appropriate legal basis (10.02.2009) http://curia.europa.eu/en/actu/communiques/cp09/aff/cp090011en.pdf After ruling on data retention: activists remain confident (10.02.2009) http://www.vorratsdatenspeicherung.de/content/view/298/1/lang,en/ ============================================================ 2. EU Commissioner: No to an Internet freedom law and Yes to net neutrality ============================================================ The intentions of some European Parliament members (MEPs) to introduce in EU a similar law with the Global Online Freedom Act proposed by the US Congress in January 2007, was considered unnecessary and a too "hard law" by Commissioner Viviane Reding. The US bill is meant to promote freedom of speech on the Internet and prevent US companies from being forced to act like "cyber police". Some MEPs are on the opinion that EU should follow US example and try to counterattack the actions of several states that have increased the control and censoring of the Internet thus violating citizens' human rights. However, Reding's opinion is that such a law, involving export controls, civil and criminal penalties and the creation of a specific EU body controlling European Internet companies with operations abroad, would be too hard and not really efficient. "Rather, our goal should be to find ways to allow operators and service providers to respect human rights without doing either," said Reding on a speech delivered on 2 February 2009 during an international conference on the future of the Internet. With a completely opposed position that she had last year when she supported the three-strike measures, Reding pleaded now for the openness of the Internet and for net neutrality. "(...) we will only be able to reap the full social and economic benefits of a fast moving technological landscape if we manage to safeguard the openness of the Internet. Openness is one of the key ingredients that made the Internet so successful as an innovation place, and we have to make sure that it is not compromised" she said. "Net Neutrality has to be guaranteed. New network management techniques allow traffic prioritisation. These tools may be used to guarantee good quality of service but could also be used for anti-competitive practices. The Commission has taken additional steps, through measures proposed to reform our telecom package, to better prevent such unfair abuse to the detriment of consumers" added Reding. Reding also talked in favour of open standards: "We need to take advantage of the win-win of open interfaces and standards such that the market can grow for all. Dominant players may try to use proprietary standards to lock consumers into their products or to extract very high royalties, ultimately stifling innovation and foreclosing market entry by new players." In the Commissioner's opinion, financial investments could be used for the research and development of anti-censorship software. "In these times of economic downturn, it is also our responsibility to invest in promising technologies that will give us the much needed competitive edge that will accelerate the economic recovery." EU media chief rules out Internet freedom law (3.02.2009) http://uk.reuters.com/article/technologyNewsMolt/idUKTRE5124SB20090203?sp=tr... Vivian Reding's Speech - Internet of the future: Europe must be a key player - Future of the Internet initiative of the Lisbon Council (2.02.2009) http://ec.europa.eu/commission_barroso/reding/docs/speeches/2009/brussels-20... ============================================================ 3. Irish ISP settled to introduce 3 strikes ============================================================ The case introduced by IRMA (Irish Recorded Music Industry) against Irish ISP Eircom through which Eircom was required to block P2P filesharing by applying a filtering system to its network, was settled outside the court room. The music industry decided to drop the action provided Eircom introduces a "three strikes" system where users accused of filesharing by the industry would be disconnected after two warning letters. Eircom is pleased with the settlement as it does not risk breaching privacy laws by providing to the music industry details about its subscribers and because it does not have to add software to its network that might interfere with its broadband service. Acording to the settlement, the record companies will provide Eircom with the IP addresses of persons they detect to illegally upload or download copyright works. Based on this information, basically, the three steps the ISP has to take are: 1) to inform its subscribers that their IP address has been detected infringing copyright; 2) to warn the respective subscriber that he (she) will be disconnected unless the infringement ceases and 3) in case of non-compliance by the above warned subscriber, the respective subscriber will be disconnected. According to EDRi-member Digital Rights Ireland, this agreement is wrong from many points of view: it is unreliable, secret, undemocratic and disproportionate. First of all, MediaSentry, the company used by the music industry until now to identify filesharers is a company which has been recently found as operating illegally in several US states and that has a track record of false accusations. Although the music industry has turned to Danish firm Dtecnet, the process is still unreliable. The settlement is also private to the parties and the music industry and Eircom will be the only ones to decide, judge and execute. It is also undemocratic because the 3-strikes model was not discussed like in other European countries with public input through public consultation and legislatures. And it is disproportionate as with the present extent of the Internet, third innocent parties may be affected in the process as Internet connections are not generally unique to an individual. The agreement is also bad news for Eircom's customers who will not be able to take action when accused of an infringement. Three accusations from a group of third parties will be enough to terminate an Internet connection. What it will also happen is that Eircom will have to modify its terms of service for all its current customers without providing a legal basis for a unilateral change of contract. The three strikes process in this case is procedurally unfair. The music industry has tried to gain some points realizing this may be its only hope as automatic filtering and suing customers would not work. The record companies represented in the case, EMI, Sony, Universal and Warner, have agreed to take "all necessary steps" to get similar agreements with all ISPs in Ireland. It remains to see whether other ISPs will defend better their users' rights. Internet users face shutdown over illegal music downloads (29.01.2009) http://www.irishtimes.com/newspaper/frontpage/2009/0129/1232923373331.html Three unproven accusations and you're out - why the Eircom / IRMA deal is bad for internet users (29.01.2009) http://www.digitalrights.ie/2009/01/29/three-unproven-allegations-and-youre-... Irish ISP Agrees to Three Strikes Against Its Customers (28.01.2009) http://www.eff.org/deeplinks/2009/01/irish-isp-agrees-three-strikes-against-... Ireland: Copyright Filtering Case Settles out of Court (29.01.2009) http://bendrath.blogspot.com/2009/01/ireland-copyright-filtering-case.html "Three strikes" for Ireland - Eircom, music industry settle filtering case (29.01.2009) http://www.tjmcintyre.com/2009/01/three-strikes-for-ireland-eircom-music.htm... EDRIgram: Ireland: Music industry sues ISP, demands filtering (12.03.2008) http://www.edri.org/edrigram/number6.5/ireland-isp-filtering ============================================================ 4. UK Government proposes increased data sharing ============================================================ The UK Minsitry of Justice introduced in January 2009, in the House of Commons the Coroners and Justice Bill which, among other things, amends the Data Protection Act 1998 and enables increased personal data sharing among governmental bodies. The Bill empowers ministers to make orders that override data protection, allowing the use for other purposes of information collected for a specific purpose. Moreover, it gives the Secretary of State the right to remove "an existing legal barrier to data sharing". "Rather than protecting our personal information, as it should be, the government is cutting away safeguards for its own data-trafficking convenience. This is a Bill to smash the rule of law and build the database state in its place. Burying sweeping constitutional change in obscure Bills is an appalling approach. Having proved - and admitted - they cannot be trusted to look after our secrets, they are still determined to steal what privacy we have left. Parliament needs to wake up before it has no say any more," commented Phil Booth, National Coordinator of lobby group NO2ID. What basically the bill says regarding data sharing is that UK Government will have the right to decide if and to whom personal data can be provided. The Bill is a mix of several provisions, many unrelated, which will make things difficult for the debates in the Parliament. The risk is that serious issues may be passed without proper debate just because the Parliament may lack the necessary time. "This is the forty-eighth criminal justice bill under this Government and it already amends provisions not yet in force from the last Bill, enacted only eight months ago. Once again Ministers have produced a rag-bag of measures. While some are welcome others, including the resurrection of plans for secret inquests, we have serious concerns about," said Shadow Justice Secretary Dominic Grieve. The Bill was voted at the Second Reading on 26 January 2009 to be sent to a Public Bill Committee and is being now analyzed clause by clause. Coroners and Justice Bill 2008-09 http://services.parliament.uk/bills/2008-09/coronersandjustice.html Government grants itself even more data sharing power (5.12.2009) http://www.theregister.co.uk/2008/12/05/gov_grows_data_share/ Chaotic Coroners and Justice Bill reels into view (22.01.2009) http://www.theregister.co.uk/2009/01/22/coroners_and_justice_bill/ House of Commons Coroners and Justice Bill (14.01.2009) http://www.publications.parliament.uk/pa/cm200809/cmbills/009/09009.1-5.html Coroners and Justice Bill - destroying data protection (23.01.2009) http://www.liberalconspiracy.org/2009/01/23/coroners-and-justice-bill-data-p... ============================================================ 5. Romania: Protests against biometric passports ============================================================ A few hundred Romanians gathered on 1 February 2009 to protest against the introduction of the obligatory biometric passports starting with the beginning of 2009. The event comes after the first passports with biometric identifiers (including fingerprints) were issued at the end of January in the county of Ilfov, as a first implementation in the country. The decision was heavily contested by several prominent members of the Orthodox Church that consider it as the first step towards the introduction of biometric identifiers in all ID cards, which is a direct action against freedom of religion and freedom of expression or the right to a private life. A few civil society pro-orthodox groups, gathered under the name "Coalition against the Police State", started on online petition, with more than 15 000 signatures, calling for a stop to the biometric passports and biometric driving licences, until the situation has been properly explained by the authorities. The coalition also organized the event on 1 February in front of the Patriarchy Palace and announced that one lawyer started a civil action in court in order to stop the Government Decision that allows the issuing of the biometric passports. The people protesting presented banners stating: "Let us choose!" or "Support the Church ! Refuse the implant!". Several speakers expressed their concern that imposing obligatory biometric IDs is an attempt to make humans same as cattle as a first step to Total Control from the state. Others have considered that the new electronic chip contains the number 666, which, in their opinion, means the first step towards the Apocalypse. The extreme right-wing party Noua Dreapta has joined the demonstration with their specific flags. The Romanian Patriarchy Orthodox Church refused to publicly support the events, calling for calm and prayers, but at the same time asked the Romanian Government more information regarding the new biometric passports. An official opinion should be issued after their meeting in 27-28 February 2009. A similar event on 4 February organized by the Coalition against the Police State gathered more than 100 persons with images with politicians looking like sheep. The organizers protested about the fact that no public debate was intiated by the Government in order to asses the social, economical and religious impact of the decision to have obligatory biometric passports. In both events the participants also protested against the new law on data retention, explained as the law that will permit authorities to "record and keep all the electronic communications of the Romanian citizens." Another civil society organization - Civil Society Commissariat announced that it has sued its own telecom provider Orange to oblige it to respect the contractual obligations regarding the confidentiality of the communications.Thus, the provider should not implement the data retention law. The organization wants to use this opportunity to challenge the law to the Constitutional Court based on the right to privacy. Protest of several NGOs to the introduction of chips in IDs (only in Romanian, 1.02.2009) http://www.mediafax.ro/social/protest-al-mai-multor-ong-uri-fata-de-introduc... Government - accused by hundreds of christens that it has started the apocalypse of the Passport Chip (only in Romanian, 1.02.2009) http://www.gandul.info/actualitatea/guvernul-acuzat-de-sute-de-crestini-ca-a... Photos from the 1.02.2009 event (2.02.2009) http://victor-roncea.blogspot.com/2009/02/foto-info-demonstratia-anti-cip.ht... Romanian Petition against biometric passports http://www.petitiononline.com/NU666/petition.html The Civil Society Commisariat asks the annulment of the law on telephony data retention (only in Romanian, 4.02.2009) http://www.frontnews.ro/social-si-economic/eveniment/comisariatul-pentru-soc... EDRi-gram: Romania: Is really privacy a topic in the public debate? (28.01.2009) http://www.edri.org/edri-gram/number7.2/romania-privacy-in-public-debate ============================================================ 6. Data protection framework decision adopted ============================================================ After several years of discussions and debates with the EU bodies, the Framework Decision on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters was adopted by the Council and published in the Official Journal on 30 December 2008. The decision is the first horizontal data protection instrument in the field of personal data used by police and judicial authorities and its main purpose is the establish a common level of privacy protection and a high level of security when exchanging personal data. The European Parliament has already been consulted twice on data protection framework decision: once in September 2006 and a second time in June 2007. After a deadlock in the Council on this decision, a new version of the text was subject to a renewed consultation based on the political agreement reached by the Council on 11 December 2007. The European Parliament adopted, by 600 votes in favour, the new text with several amendments. Some of the changes made by the Parliament, such as references to Convention 108 (Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data), inclusion of the national data processing or creation of the Working Party on the Protection of Individuals with regard to the Processing of Personal Data, were not retained by the Council. The Council of the European Union adopted the framework decision in its meeting on 27-29 November 2008 and the final text was published on the Official Journal as the Council Framework Decision 2008/977/JHA. The Framework Decision is thus applicable to cross-border exchanges of personal data within the framework of police and judicial cooperation. The instrument contains rules applicable to onward transfers of personal data to third countries and to the transmission to private parties in Member States. The decision also allows the EU states to have higher-level safeguards for protecting personal data than those established in this act. The European Data Protection (EDPS) welcomed the adoption of this first general data protection instrument in the EU third pillar, though seeing it "only as a first step". He declared that "unfortunately, the level of data protection achieved in the final text is not fully satisfactory". Peter Hustinx regrets in particular that the Framework Decision does not apply to Member State domestic data. The Framework Decision indeed only covers police and judicial data exchanged between Member States, EU authorities and systems, which explicitely excludes such exchanges as the transfer of Passenger Name Records (PNR) data to US authorities. The Decision needs to be implemented by the EU member countries by 27 November 2010, by taking the necessary measures, including designating one or more public authorities that should be responsible for advising and monitoring the application within its territory. Council Framework Decision 2008/977/JHA of 27 November 2008 on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters (30.12.2008) http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2008:350:0060:01:... 2908th meeting of the Council - Justice and Home Affairs (27-28.11.2008) http://www.consilium.europa.eu/ueDocs/cms_Data/docs/pressData/en/jha/104584.... European Parliament - Legislative Observatory - Framework Decision on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters http://www.europarl.europa.eu/oeil/FindByProcnum.do?lang=2&procnum=CNS/2005/0202 EDPS Press release - "EDPS sees adoption of Data Protection Framework for police and judicial cooperation only as a first step" (28.11.2008) http://www.edps.europa.eu:80/EDPSWEB/webdav/site/mySite/shared/Documents/EDP... EDRi-gram: Update on a Council Framework Decision on the protection of personal data (20.06.2007) http://www.edri.org/edrigram/number5.12/framework-decision-data-protection ============================================================ 7. Protests against data retention in Bulgaria ============================================================ After the decision at the end of last year when the Bulgarian Supreme Administrative Court (SAC) annulled article 5 of the national legislation that implements the Data retention Directive, new initiatives by the Bulgarian authorities raise concerns in relation with data retention. Thus, in 2009, only a few days before the Parliamentary Transport and Communications Commission meeting, a proposal for changes in the Digital Messages Act was submitted by the Interior Ministry, copying the Data Retention Regulation, including the articles abolished by the SAC. Several civil society NGOs, including Electronic Frontier Bulgaria and the Association for Electronic Communications, alarmed the media and met Members of the Parliament just to explain what the situation was. At the meeting of the Commission it became clear that the Interior Ministry has submitted a new proposal with many other dangerous issues: - It is not clear if the information can be used and processed only in case of severe crimes; - Data from communications should be kept for 2 years; - There are no guarantees for the deletion of the data; - It is not possible for the citizens to see what kinds of data are being kept and who and for what purpose is using them; - There is no punishment whatsoever for misuse of these data. The text was approved by the Commission after an hour of senseless discussions with most of the "against" arguments disapproved. Now, the final decision remains will be taken by a plenary meeting of the Bulgarian Parliament. Electronic Frontier Bulgaria started a campaign against the new provisions, joining the protests in Sofia and Varna and participated in all media coverage for discusssions on the hot data retention topic and its problems. Fight for Rights and Differences - What is Going on with the Internet Bugging (3.02.2009) http://www.bogomil.info/int/fight-for-rights-and-differences-%E2%80%93-what-... Digital rights facts from Bulgaria 2008 (23.01.2009) http://bogomil.blogactiv.eu/2009/01/23/digital-rights-facts-from-bulgaria-20... Bogomil Shopov: Fighting for digital rights in Bulgaria and beyond (27.01.2009) http://www.internetsansfrontieres.com/2009/01/bogomil-shopov-fighting-for-di... EDRi-gram: Bulgarian Court annuls a vague article of the data retention law (17.12.2008) http://www.edri.org/edri-gram/number6.24/bulgarian-administrative-case-data-... (thanks to Bogomil Shopov - Electronic Frontier Bulgaria) ============================================================ 8. An error margin of 2% in municipal elections ruled acceptable in Finland ============================================================ Earlier last year, EDRi-member Electronic Frontier Finland (Effi) reported of the Finnish e-voting pilot which took place in three Finnish municipalities on 26 October 2008. 232 votes were lost due to various usability and apparent performance issues. Additionally, there is risk of a breach of the anonymity of the votes, because the electronic ballot box has been archived with information on who voted and how. The e-voting project had been strongly criticised by Effi from its inception for its lack of transparency both in the process and software. A report from the Council of Europe on 1 December 2008 stated that "[t]he Finnish electronic voting did not conclude in a way which satisfies the fundamental principles for democratic elections, in particular the principle of universal suffrage". The Ministry of Justice performed an internal audit, and reported on 10 December that the audit found deficiencies in project management. However, on 29 January 2009, the Helsinki administrative court ruled that the elections met the requirements of the Finnish election law, and therefore the municipal decisions to confirm the election results were not overturned. The court's main argument was that a failure rate of slightly over 2 percent does not, as such, indicate that the election authorities would have acted in error. As for the voter anonymity, the court rejected the complaint because a breach of voter secrecy could, in practice, happen only through "unlawful and at the same time, even criminal" activities. The original complainants will most likely appeal to the supreme administrative court. A final decision is to be expected around May 2009. Finnish e-voting fiasco: votes lost (28.10.2008) http://www.effi.org/blog/2008-10-28-finnish-evoting-votes-lost.html Electronic Frontier Finland report on the deficiencies of the system (1.09.2008) http://www.effi.org/blog/2008-09-01-evoting-report-in-english.html Council of Europe report on the Finnish e-voting pilot (2-3.12.2008) https://wcd.coe.int/ViewDoc.jsp?id=1380337&Site=Congress Ministry of Justice press release on the internal audit (only in Finnish, 10.12.2008) http://www.om.fi/Etusivu/Ajankohtaista/Uutiset/1224167084256 Original complaint to the administrative court (only in Finnish, 12.11.2008) http://www.effi.org/system/files?file=valitus_kauniainen_anon.pdf Effi press release on the Helsinki administrative court ruling (in Finnish) http://www.effi.org/julkaisut/tiedotteet/lehdistotiedote-2009-01-29.html Court ruling (only in Finnish, 29.01.2009) http://www.effi.org/blog/hhao-2009-01-29.html (contribution by EDRi-member Electronic Frontier Finland ) ============================================================ 9. Lack of coordination in European eID privacy features ============================================================ The EU funded European Network and Information Security Agency (ENISA) issued, on 27 January 2009, its Position Paper on security features in European eID schemes, showing a large disparity between the various systems which might affect their usefulness. The paper is an analysis of 10 ID card systems already used in EU and 13 under development. The eID cards are presently used mainly in relation to tax declarations and other e-Gov services with some applications in the commercial sector as well, but their application will largely extend in the future. The study shows that Europe has no coordinated strategy to protect the private data stored on the cards which leads to their lack of interoperability and to reluctance in accepting them by potential users. "Privacy features have been developed, implemented and tested at a national level and there is no co-ordinated strategy at a European level as to which features should be implemented and how they should be implemented. (...) The lack of co-ordination is an important obstacle to any possible cross-border interoperability of eID card schemes. (...) (This is) important in order to create the necessary trust in the users of such schemes - any cross-border scheme only offers as much protection as its weakest participating member: If just one participating country offers what is generally considered to be inadequate privacy protection, the citizens of the other countries are not likely to accept any cross-border interoperability scheme which puts their data at more risk than their national scheme." ENISA report shows that the lack of coordination in privacy controls all over these systems will affect the usefulness of the cards. "Privacy is an area where the member states' approaches differ a lot and European eID will not take off unless we get this right. Europe needs to reflect on eID privacy and its role in the interoperability puzzle. The fundamental human right to privacy must be guaranteed for all European eID card holders," said ENISA executive director Andrea Pirotti. The paper presents the implementation of privacy-enhancing technologies in existing and planned European eID card specifications, analyses in detail eleven risks to personal privacy resulting from the use of national schemes and lists eight practicable techniques available to address and solve these risks. The present situation of privacy features available for the existing cards is shown by means of eight comparison charts that can represent a good reference in the identification of best practices in the domain. "A lot of very practical techniques exist to protect the citizen's privacy and, from the survey of available techniques in this paper, it is possible to identify a set of best practice guidelines for the protection of personal data in national eID card schemes," says the report. ENISA report was designed to give policymakers the information necessary to improve the present situation, providing a first comprehensive overview of the status in Europe. Citizen data protection in focus - ENISA on privacy in national eID cards: Europe needs a strategy (3.02.2009) http://enisa.europa.eu/pages/02_01_press_2009_02_3_privacy_features_eID.html ENISA Position Paper: Privacy Features of Europen eID card specifications (27.01.2009) http://enisa.europa.eu/doc/pdf/deliverables/enisa_privacy_features_eID.pdf Disparate privacy features devalue ID cards, warns EU security agency (5.02.2009) http://www.out-law.com//default.aspx?page=9771 ============================================================ 10. Pirate Bay in legal battle with IFPI ============================================================ The war between IFPI and the Pirate Bay continues with a new banning of the site in Denmark ruled by a Danish court at the beginning of February this year. Exactly a year ago, in February 2008, following an IFPI action, a Danish court ruled that Tele2 had to block its users from accessing The Pirate Bay. Now, the court has issued a preliminary injunction against DMT meaning that all ISPs owned by DMT have to deny their users' access to The Pirate Bay. Also, in January 2009, TDC, the largest Danish ISP and owner of most of the cables, decided to block access to the Swedish site as a preventive measure. However, ISPs are not happy with the decision and three of them, TDC, Telia and Telenor have announced their intention to go with the matter to the Supreme Court arguing they should not be held responsible for the potential copyright infringement of their subscribers. "Accessing The Pirate Bay is not in itself a violation of copyright" said Jens Ottosen of Telia. He also added: "We make access possible for our subscribers, and they have to decide if it is illegal. It is not our task. If so, we also contribute to illegalities on YouTube, Myspace and Google." In case ISPs' action does not succeed in reversing the Danish court ruling, the Pirate Bay itself is now considering suing IFPI. "They have had a monopoly on distribution and we're breaking that monopoly, and in turn they sue people that allow access to our distribution method," told Peter Sunde, co-founder of The Pirate Bay to TorrentFreak. The Pirate Bay team considers IFPI's action is not only an inefficient attempt to censor Internet, but rather a personal vendetta against Pirate Bay. Until then, the Pirate Bay is facing the big trial that will take place in Sweden, at Stockholm's District Court, on 16 February where IFPI is one of the parts. The Pirate Bay is asking for a very open, public trial. Pirate Bay co-founder Fredrik Neij has asked for a much large trial room considering the case as one of the biggest political cases in recent times. "I NEED a room for at least 150 people, 20 reserved for the family and 80 to 100 reserved for the press and public. It need not be in the same room, but we need several rooms REQUIRING video too, not just sound," he asked. Also co-founder Peter Sunde said he wanted the case to be transmitted life on the web. "We want to show how it works. Cards on the table, everything should be transparent!" Danish ISPs to Fight the Pirate Bay Block (5.02.2009) http://torrentfreak.com/danish-isps-to-fight-the-pirate-bay-block-090205/ The Pirate Bay Plans to Sue IFPI (6.02.2009) http://torrentfreak.com/the-pirate-bay-plans-to-sue-ifpi-090206/ The Pirate Bay Demand Webcast of Trial (7.02.2009) http://torrentfreak.com/the-pirate-bay-demand-webcast-of-trial-090207/ EDRIgram: PirateBay - blocked in Denmark (13.02.2008) http://www.edri.org/edrigram/number6.3/piratebay-denmark ============================================================ 11. House of Lords Constitution Committee report on surveillance and privacy ============================================================ The report Surveillance: Citizens and the State recently issued by the House of Lords Constitution Committee supports privacy and considers executive and legal limits must be imposed to surveillance and data collection. The report is a positive step in the promotion of individual freedom and liberty and offers some recommendations in this direction. One of the recommendations, following a suggestion from the UK Computing Research Committee's, is that the encryption of personal data should be mandatory in some circumstances and that the Government should introduce appropriate regulations in this sense. "We believe that encryption has a vital role to play in ensuring the security of data, and that the Government should insist upon its use as appropriate throughout the public and private sectors," says the report. It also mentions that with the large majority of data loss cases occurred in UK there had been no reference to data encryption which would have diminished the potential impact of the losses. Even in cases when the data were encrypted, unfortunately the password was attached to the storage device or even lost. Encryption company PGP Corporation also believes "More needs to be done to educate staff on the importance of safeguarding information." According to a research conducted by privacy research firm the Ponemon Institute on behalf of PGP, the average cost of a single lost record is almost 70 euro. Phil Dunkelberger, chief executive of PGP stated that "organisations are taking desperate measures to preserve their reputation and retain customers; this study shows they simply cannot afford to lose out to competitors as a result of poor data security." The Constitution Committee also recommended in its report that the data controllers should be fined for "deliberately or recklessly breaching the data protection principles". A very important recommendation is that DNA profiles of non-convicted people should not be retained in the National DNA Database (NDNAD). "We expect the Government to comply fully, and as soon as possible, with the judgment of the European Court of Human Rights in the case of S. and Marper v. the United Kingdom, and to ensure that the DNA profiles of people arrested for, or charged with, a recordable offence but not subsequently convicted are not retained on the NDNAD for an unlimited period of time." The Committee believes that the Regulation of Investigatory Powers Act (RIPA) should be clarified recommending the Government to introduce "a system of judicial oversight for surveillance carried out by public authorities, and that individuals who have been made the subject of surveillance be informed of that surveillance, when completed, where no investigation might be prejudiced as a result. We recommend that compensation should be available to those subject to unlawful surveillance by the police, intelligence services, or other public bodies acting under the powers conferred by the Regulation of Investigatory Powers Act 2000." The report also recommends that the Government consultation on proposed changes for RIPA 2000 should "consider whether local authorities, rather than the police, are the appropriate bodies to exercise such powers" having in view that there have been cases when local authorities misused the surveillance powers granted in RIPA. "These cases demonstrate that the regulatory controls introduced at the time are insufficient." If the local authorities are found to be the right bodies to exercise the powers given by RIPA, the report recommends that these " Government take steps to ensure that these powers are only exercised where strictly necessary, and in an appropriate and proportionate manner." The report also acknowledges the necessity of an independent review of the CCTV benefits and effectiveness in stopping, detecting and investigating crime and calls for a legally binding code of practise in using CCTV by private and public bodies. "The government has been clear that where surveillance or data collection will impact on privacy they should only be used where it is necessary and proportionate. The key is to strike the right balance between privacy, protection and sharing of personal data," says the report. The general message of the report is that the UK society witnesses a very high level of surveillance affecting privacy and private life. "The expansion in the use of surveillance represents one of the most significant changes in the life of the nation since the end of the Second World War. Mass surveillance has the potential to erode privacy. As privacy is an essential pre-requisite to the exercise of individual freedom, its erosion weakens the constitutional foundations on which democracy and good governance have traditionally been based in this country." Following this report, the Government is to provide a written response within the next two months. Further on a debate will be scheduled in the House. Lords Constitution Committee report on surveillance and privacy (6.02.2009) http://www.openrightsgroup.org/2009/02/06/lords-constitution-committee-repor... Constitution Committee - Second Report Surveillance: Citizens and the State (21.01.2009) http://www.publications.parliament.uk/pa/ld200809/ldselect/ldconst/18/1802.h... Lords say surveillance society erodes foundations of UK (6.02.2009) http://www.theregister.co.uk/2009/02/06/lords_reject_government_dat Data breach costs rise to #60 per record, say researchers (5.02.2009) http://www.out-law.com//default.aspx?page=9773 ============================================================ 12. Big Brother Awards 2009 Ceremony in Bulgaria ============================================================ On 28 January 2009, Access to Information Programme and EDRi-member Internet Society - Bulgaria organized the fourth Big Brother Awards ceremony in Bulgaria. It was held at the National Press center of the Bulgarian News Agency and was also broadcasted live online. The awardees of the Big Brother Award were selected by a jury with the following members: * Alexander Kashumov - Head of AIP legal team * Gergana Jouleva, PhD - Executive Director of AIP * Georgi Lozanov - Ass. Professor at the Journalism Department at the Sofia University * Krasimir Dimitrov - Member of the the Data Protection Commission * Fany Davidova - Lawyer at AIP * Dessi Greve - Project Manager, Internet Society Bulgaria During 2008 several public and private institutions have become particularly notorious for violating privacy rights in Bulgaria: The Ministry of Interior, State Agency on Information Technologies and Communication, the State Agency for National Security, the Social Support Agency, Metro Cash and Carry Bulgaria, the Chain store 2be, M-tel mobile operator, the United Bulgarian Bank and CEZ Distrubution Bulgaria were among the nominations this year. The winner of the Big Brother Award 2009 became the Ministry of Internal affairs for a systematic violation of the privacy of life in 2008. Photos from the ceremony (28.01.2009) http://www.aip-bg.org/big_brother_2009_pics.htm BBA Bulgaria 2009 (only in Bulgarian) http://bg.bigbrotherawards.org/ Live broadcast BBA Bulgaria 2009 http://www.bta.bg/site/bg/html/03services.shtml (contribution by EDRi-member ISOC Bulgaria) ============================================================ 13. Recommended Action ============================================================ Reject the Term Extension Directive The European Parliament is being asked to nearly double the term of copyright afforded to sound recordings. Industry lobbyists suggest that extending copyright term will help increase the welfare of performers and session musicians. But the Term Extension Directive, which will be voted on by the Legal Affairs Committee in a few weeks' time, will do no such thing. Instead it will hand millions of euros over to the world's four major record labels, money that will come directly from the pockets of European consumers.The majority (80%) of recording artists will receive between 0.50 - 26 euro per year. http://www.edri.org/reject-term-extention-directive EU proposal puts confidential communications data at risk Civil liberties groups La Quadrature du Net, European Digital Rights (EDRi), AK Vorrat, and Netzpolitik.org are urging the European Parliament to heed advice given by the European Data Protection Supervisor Peter Hustinx and scrap plans dubbed "voluntary data retention". http://www.edri.org/campaigns/no-voluntary-data-retention ============================================================ 14. Recommended Reading ============================================================ Online consultation comments on the staff paper "Early Challenges to the Internet of Things". EDRi contributed to the discussion via the RFID Expert Group. The preparation of the final communication by the COM is still ongoing. http://ec.europa.eu/information_society/policy/rfid/library/index_en.htm#iot... ============================================================ 15. Agenda ============================================================ 18-20 March 2008, Prague, Czech Republic The Responsibilities of Content Providers and Users http://www.media-conference.cz 18-20 March 2009, Athens, Greece WebSci'09: Society On-Line http://www.websci09.org/ 23 March 2008, Berlin, Germany German-French Experts Meeting on Technologies for Electronic Identification http://www.e-identify-df.de/ 27-29 March 2009, Manchester, UK Oekonux Conference: Free Software and Beyond The World of Peer Production http://www.oekonux-conference.org/ 29-31 March 2009, Edinburgh, UK Governance Of New Technologies: The Transformation Of Medicine, Information Technology And Intellectual Property - An International Interdisciplinary Conference http://www.law.ed.ac.uk/ahrc/conference09/ 1-3 April 2009, Berlin, Germany re:publica 2009 "Shift happens" http://www.re-publica.de/09/ Subconference: 2nd European Privacy Open Space http://www.privacyos.eu/ 21-23 April 2009, Winchester, UK BILETA 2009 Annual Conference Call for Papers by 28 February 2009 http://www.winchester.ac.uk/?page=9871 13-14 May 2009 Uppsala, Sweden Mashing-up Culture: The Rise of User-generated Content http://www.counter2010.org/workshop_call 24-28 May 2009, Venice, Italy ICIMP 2009, The Fourth International Conference on Internet Monitoring and Protection http://www.iaria.org/conferences2009/ICIMP09.html 1-4 June 2009, Washington, DC, USA Computers Freedom and Privacy 2009 http://www.cfp2009.org/ 5 June 2009, London, UK The Second Multidisciplinary Workshop on Identity in the Information Society (IDIS 09): "Identity and the Impact of Technology" Call for papers, deadline 13 March 2009 http://is2.lse.ac.uk/idis/2009/ 2-3 July 2009, Padova, Italy 3rd FLOSS International Workshop on Free/Libre Open Source Software Paper submission by 31 March 2009 http://www.decon.unipd.it/personale/curri/manenti/floss/floss09.html 13-16 August 2009, Vierhouten, The Netherlands Hacking at Random http://www.har2009.org/ 23-27 August 2009, Milan, Italy World Library and Information Congress: 75th IFLA General Conference and Council: "Libraries create futures: Building on cultural heritage" http://www.ifla.org/IV/ifla75/index.htm 10-12 September 2009, Potsdam, Germany 5th ECPR General Conference, Potsdam Section: Protest Politics Panel: The Contentious Politics of Intellectual Property http://www.ecpr.org.uk/potsdam/default.asp 16-18 September 2009, Crete, Greece World Summit on the Knowledge Society WSKS 2009 http://www.open-knowledge-society.org/ October 2009, Istanbul, Turkey eChallenges 2009 Call for papers by 27 February 2009 http://www.echallenges.org/e2009/default.asp?page=c4p 15-18 November 2009, Sharm El Sheikh, Egypt UN Internet Governance Forum http://www.intgovforum.org/ ============================================================ 16. About ============================================================ EDRI-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRI has 29 members based or with offices in 18 different countries in Europe. European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRI-grams. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and visibly on the EDRI website. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 3.0 License. See the full text at http://creativecommons.org/licenses/by/3.0/ Newsletter editor: Bogdan Manolea <edrigram@edri.org> Information about EDRI and its members: http://www.edri.org/ European Digital Rights needs your help in upholding digital rights in the EU. If you wish to help us promote digital rights, please consider making a private donation. http://www.edri.org/about/sponsoring - EDRI-gram subscription information subscribe by e-mail To: edri-news-request@edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. unsubscribe by e-mail To: edri-news-request@edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/edrigram-mk.php - EDRI-gram in German EDRI-gram is also available in German, with delay. Translations are provided Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users http://www.unwatched.org/ - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask <edrigram@edri.org> if you have any problems with subscribing or unsubscribing. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE