============================================================ EDRI-gram biweekly newsletter about digital civil rights in Europe Number 6.16, 27 August 2008 ============================================================ Contents ============================================================ 1. Italian justice wants to "seize" a foreign website 2. Cloning e-passports 3. Problems with online FoI in the Georgia-Russia conflict 4. Copyright experts against the EU extension of the copyright term 5. Call for worldwide protests against surveillance 6. UK government goes on with its plan for data retention 7. Seminar on the Telecoms Package and Network Filtering 8. Dispute between UK government and EU over the use of PNR 9. Secret reports on new five year plan for "European Home Affairs" 10. ENDitorial: Wiretapping - the Swedish way 11. Recommended Action 12. Agenda 13. About ============================================================ 1. Italian justice wants to "seize" a foreign website ============================================================ In an investigation started by the Bergamo Prosecutors, an Order of the Justice for preliminary investigation of the Court of Bergamo was issued on 1 August 2008, asking for the "seizure" of the PirateBay website, hosted outside Italy, for displaying a collection of links to allegedly illegal duplicated material. The order was implemented by 10 August 2008 by forcing Italian Internet providers to block the access to that site, both to its domain, as well as to its associated IP number. The PirateBay owners quickly reacted and changed their IP address and set up a new website called labaia.org (La Baia means The Bay in Italian). They have also promoted measures to bypass the "blacklisting": "We have already changed IP for the website - that makes it work for half the ISPs again. And we want you all to inform your Italian friends to switch their DNS to OpenDNS so they can bypass their ISPs filters. This will also let them bypass the other filters installed by Italian ISPs, as a bonus." But the case is worse, as revealed by the EDRi-member ALCEI. The interpretation of the concept of "seizure", in an extremely extended and seriously questionable manner, triggers a serious threat for the rights of citizens and companies that are not, in any way, involved in this inquiry. ALCEI explains in a letter sent to the Italian Data Protection Authority (Garante per la protezione dei dati personali) that the "enforcement of the Court order, exceeded what the Justice said. Users attempting to connect to the "seized" site are redirected to the IP number 217.144.82.26, belonging to servers located in the United Kingdom and apparently registered by the pro-music.org domain, a music industry association protecting their brands and intellectual property rights. If the above is true, then a private association, outside the Italian jurisdiction, is collecting internet traffic data that, when matched with those retained by the ISPs, would allow the identification and possible criminal investigation of third parties absolutely not involved in the Bergamo's criminal case." But besides the case as such, ALCEI also underlines the fact that this case - per se "one among many" - is of the utmost importance when examined in a broad perspective because it falls into a wider and long lasting lobby to legislators, politicians, magistrates and law enforcement officers to share the (wrong) idea that "filtering is good for citizen security" and the ISPs must be liable for everything that happens on the net, whether under their direct control or not. Italy has already passed legislation, for some years now, that goes toward these directions (for a variety of alleged "reasons", such as the all-purposes "minor protection excuse" or to fight "illegal" online gambling etc. - and now, once again, for "copyright sake"). Italian politicians are pushing at the European Union level the idea of forcing search engine providers to filter "questionable" queries. The relevant question that the Italian EDRI members are asking is: "Is it the case that Italy is on the edge of a civil rights aggression? Maybe not. For a number of reasons (ignorance, disinterest, electoral convenience) Italy seems to be more prone to copyright lobbyists interests than other European countries." GIP Bergamo - Decree 1 August 2008 (only in Italian, 1.08.2008) http://www.ictlex.net/?p=934 10 August 2008, Italy blocks Pirate Bay (only in Italian,10.08.2008) http://punto-informatico.it/2381433/PI/Brevi/10-agosto-2008-italia-blocca-pi... Italian authorities attempt to take on Pirate Bay (11.08.2008) http://www.out-law.com/page-9336 Fascist state censors Pirate Bay (10.08.2008) http://thepiratebay.org/blog/123 A complaint to the Garante per i dati personali in the "piratebay" case (only in Italian, 16.08.2008) http://www.alcei.it/index.php/archives/129 EDRi-gram: ENDitorial: "Frattinising" isn't the only threat (26.09.2007) http://www.edri.org/edrigram/number5.18/frattinising ============================================================ 2. Cloning e-passports ============================================================ Jeroen van Beek, a computer researcher at the University of Amsterdam, has shown in some tests conducted for The Times that the new micro-chipped passports, introduced in UK to protect against terrorism and organised crime, can be easily cloned. The researcher has succeeded in cloning the chips of two British passports in which he introduced the pictures of Osama bin Laden and a suicide bomber and in passing the cloned chips as genuine through Golden Reader, which is the standard passport reader software used by the UN agency setting standards for e-passports and which is also recommended for use at airports. The cloning operation took less than an hour. Van Beek developed his cloning method based on previous researches made in UK, Germany and New Zealand. The micro-chipped passports contain a small radio frequency chip and an antenna attached to the back page of the passport. The chip responds to an encrypted signal sent by an electronic reader, by sending the holder's ID and the biometric details back to the reader. Therefore, a copied chip could be palmed at an unattended reader or a copy of a passport that hasn't even been stolen could be used if the bearer resembled the original holder. To any concerns expressed in relation to the safety of the data on the e-passports, the Home Office has always argued that faked chips can be discovered at border checkpoints because, when checked against an international database, they would not match the key. The e-passports are protected by a digital signature which, when altered, brings the rejection of the passport by the reader. The validation of the signatures on e-passports requires the exchange of PKI certificates between the authorities of the issuing countries or the use of ICAO's PKD (Public Key Directory) system. However, ICAO PKD system is not universally used and many countries, UK included, use the bilateral exchange of certificates with other countries. The Dutch researcher not only changed the data on the e-passports but succeeded in writing a new signature that will pass through the system, under certain circumstances. According to the reader performances, to the exchange of certificates between countries or to the use or not of PKD, the signature might not even be checked. "We're not claiming that terrorists are able to do this to all passports today or that they will be able to do it tomorrow (...) But it does raise concerns over security that need to be addressed in a more public and open way" said Mr van Beek. The flaws also contradict Home Office's claims that the 3 000 blank passports that were stolen last week were worthless and raise questions about the 4 billion pound ID scheme of the Government which uses the same biometric technology. Dominic Grieve, the Shadow Home Secretary, has asked the ministers to take urgent measures to solve the security flaws. "It is of deep concern that the technology underpinning a key part of the UK's security can be compromised so easily" said Grieve. Researcher gives Elvis and bin Laden fake e-passports (6.08.2008) http://www.theregister.co.uk/2008/08/06/epassport_alteration_demo/ 'Fakeproof' e-passport is cloned in minutes (6.08.2008) http://www.timesonline.co.uk/tol/news/uk/crime/article4467106.ece How to clone the copy-friendly biometric passport (4.08.2006) http://www.theregister.co.uk/2006/08/04/cloning_epassports/ How to clone a biometric passport while it's still in the bag (6.03.2007) http://www.theregister.co.uk/2007/03/06/daily_mail_passport_clone/ ============================================================ 3. Problems with online FoI in the Georgia-Russia conflict ============================================================ The conflict between Russia and Georgia over South Ossetia region has extended to Internet, both countries having launched cyber-attacks and blocking each other's broadcasting sites. Georgian authorities have blocked access to Russian news broadcasters and websites, the action being justified by Georgia's Interior Ministry with the argument that Russian broadcasts would "scare our population" which the government could not allow. Mamia Sanadiradze, founder and CEO of Caucasus Online, the biggest Georgian ISP, told Reuters: "People from the (Georgian) security agencies asked me to block Russian sites. There were threats from viruses, we faced disinformation and so on. (...) I hope that when war is over, we will unblock these sites." On the other hand, Georgian online news media and the Georgian government websites have been attacked by Russian hackers, including the President's site. In order to remain accessible, the foreign ministry website changed its URL address. Security researchers claim to have evidence showing a link between Russian state businesses and the cyber-attacks against Georgia. Denial of service attacks against Georgian websites started a day before the break out of the military conflict over South Ossetia. Don Jackson, a SecureWorks researcher said that logs showed that part of the attack was run from command and control servers located on the networks of Rostelecom and Comstar, two Russian state-run companies. "We know that the Russian government controls those servers theoretically, if they have not been 'pwned' by somebody else," Jackson told eWeek. The two companies made changes in routing tables that blocked internet traffic to Georgia. The same networks were used to launch denial of service attacks and cache poisoning attacks against Georgian networks, according to SecureWorks. Reporters Without Borders condemn the violation of online freedom of information. "The Internet has become a battleground in which information is the first victim. On the one side, the main Georgian ISPs severed access to Russian websites. On the other side, Georgian government websites were attacked by Russian hackers. With newspapers and radio and TV stations putting out very little independent news, the Internet is a vital tool for the public, so these attacks must stop at once." Russian and Georgian websites fall victim to a war being fought online as well as in the field (13.08.2008) http://www.rsf.org/article.php3?id_article=28167 Georgia cuts access to Russian websites, TV news (19.08.2008) http://www.reuters.com/article/internetNews/idUSLJ36223120080819 Georgia accuses Russia of coordinated cyberattack (11.08.2008) http://news.cnet.com/8301-1009_3-10014150-83.html?hhTest=1 Bear prints found on Georgian cyber-attacks (14.08.2008) http://www.theregister.co.uk/2008/08/14/russia_georgia_cyberwar_latest/ Russian cybercrooks turn on Georgia (11.08.2008) http://www.theregister.co.uk/2008/08/11/georgia_ddos_attack_reloaded/ ============================================================ 4. Copyright experts against the EU extension of the copyright term ============================================================ New voices from the major copyright experts in the European universities and research centers question the current EU proposals of extension of the copyright term for the performing artists and sound recordings. As previously covered in the past EDRi-gram, the first letter was addressed to EU Commission President Jose Manuel Barroso and sent on 18 July 2008 by the leading European centres for intellectual property research that explained that the new measures "will damage European creative endeavour and innovation beyond repair." Professor Bernt Hugenholtz, Director of the Institute for Information Law (IViR) that was commissioned by the EC to draft two major studies on the EU copyright and policy, questioned the Commission decision, calling its policies: "less the product of a rational decision-making process than of lobbying by stakeholders." Prof. Hugenholtz was very unhappy about the Commission decision that totally contradicts and ignores IViR's scientific findings: "As you are certainly aware, one of the aims of the 'Better Regulation' policy that is part of the Lisbon agenda is to increase the transparency of the EU legislative process. By wilfully ignoring scientific analysis and evidence that was made available to the Commission upon its own initiative, the Commission's recent Intellectual Property package does not live up to this ambition. Indeed, the Commission's obscuration of the IViR studies and its failure to confront the critical arguments made therein seem to reveal an intention to mislead the Council and the Parliament, as well as the citizens of the European Union. In doing so the Commission reinforces the suspicion, already widely held by the public at large, that its policies are less the product of a rational decision-making process than of lobbying by stakeholders. This is troublesome not only in the light of the current crisis of faith as regards the European lawmaking institutions, but also - and particularly so - in view of European citizens' increasingly critical attitudes towards intellectual property law." Further arguments against the decision come from a statement from another leading IP centre in European - Max Planck Institute for Intellectual Property, Competition and Tax Law. In an article that concerns the Commission's plans to prolong the protection period for performing artists and sound recordings, the authors emphasize that there is no specific reason for a term extension and argue that the proposal diverts the attention from the social problem that performing artists, in particular at the start of their career, often have a very bad negotiation position vs. publishers and record companies - which should be remedied by special copyright contract law. The document concludes in pointing out that: "no persuasive economic or social reason can be found in favour of a term extension since extending the term would neither increase the incentives to invest nor would it provide financial security and a sufficient livelihood for all ageing musicians, especially not for those who need it the most. It would rather have a negative impact upon future creators and musicians, since they would need to wait longer to build upon older works in order to create new ones. Besides, a term extension would also be to the detriment of consumers and the information society since sound recordings would be locked up for another 45 years." Open Letter concerning European Commission's `Intellectual Property Package' (18.08.2008) http://www.ivir.nl/news/Open_Letter_EC.pdf "Statement of the Max Planck Institute for Intellectual Property, Competition and Tax Law Concerning the Commission's Plans to Prolong the Protection Period for Performing Artists and Sound Recordings" by Nadine Klass, Josef Drexl, Reto M. Hilty, Annette Kur and Alexander Peukert", IIC 2008, p. 586-596. Commission adviser accuses Barroso of intentionally misleading European policy-makers and citizens on copyright (21.08.2008) http://www.openrightsgroup.org/2008/08/21/commission-adviser-accuses-barroso... EDRi-gram: Extension of the copyright term for performers and record producers (30.07.2008) http://www.edri.org/edrigram/number6.15/extension-copyright-performers ============================================================ 5. Call for worldwide protests against surveillance ============================================================ Civil rights organizations call for protests against the constant increase of surveillance conducted by governments and enterprises. A rally under the motto "Freedom not Fear" will be held in Berlin on 11 October 2008. The organizers agree that it is high time to take to the streets in order to defend basic constitutional rights in the light of an ongoing intensification of security and surveillance measures. The rally turns against the promotion of the Federal Criminal Police Office ("Bundeskriminalamt") to a central, executive police agency with the permission to secretively spy into citizens' home computers. After last year's demonstration for democracy and civil rights, which was the largest in Germany in 20 years with over 15 000 participants, protesters in several countries will, for the first time simultaneously, take to the streets to demonstrate for their freedom. Currently, 15 countries have announced their participation in the international action day on 11 October. Such unanimous protests are mainly due to the ongoing shift of politicians to push through negotiations on surveillance and control measures behind closed doors. Among others, the international protest criticizes the planned registration of all air travellers in the EU, the planned delivery of data to the USA, biometric data in EU identification documents, as well as the retention of telecommunication data such as phone connections or a caller's whereabouts for all 455 million Europeans. Against this political spiral of interior armament motivated by crime-related dangers, civil society places the call for "Freedom not Fear". A moratorium for all surveillance activities and the reduction of all mass scale surveillance, as well as an expansion of digital rights are demanded to protect and strengthen civil liberties. In addition, activists call for an independent review of every single planned or existing surveillance and control measure in terms of its effectiveness and undesired side-effects. In the run-up to this action day, the German Work Group on Data Retention ("Arbeitskreis Vorratsdatenspeicherung") calls for participation in the Munich demonstration "Freiheit Wei_-Blau - Stoppt den \berwachungswahn" on 20 September 2008, which targets the restrictions of the right to free assembly and other surveillance measures in the state of Bavaria. In addition, the OneWebDay on 22 September 2008, will serve as a means for further mobilisation for the "Freedom not Fear" action day. Action day "Freedom not Fear" on 11 October 2008 http://www.freedom-not-fear.eu Planned activities for 11 October 2008 http://wiki.vorratsdatenspeicherung.de/Freedom_Not_Fear_2008 (Contribution by Patrick Breyer - Working Group on Data Retention - Germany) ============================================================ 6. UK government goes on with its plan for data retention ============================================================ UK government intends to oblige ISPs and telephone companies to keep Internet personal data traffic for at least 12 months and local, health authorities and lots of other public bodies are to be given access to details of everyone's personal Internet information. On 15 August 2008, the Home Office published a consultation paper which makes clear that the personal data will now be available for crime and public order investigations and may even be used to prevent people self-harming. Furthermore, as the measure is the result of an EU directive, the data will be made available to public investigators across Europe. The measure will cover VOIP as well and access to personal Internet and text data will be available to all public bodies licensed under the 2000 Regulation of Investigatory Powers Act (RIPA), meaning that hundreds of public bodies including local councils, health authorities, the Health and Safety Commission, the Food Standards Agency or Ofsted (the education standards watchdog), may require telecom companies to hand them over the personal data. UK government intends to go further by introducing a draft communications bill this autumn which would require all the telecommunications companies to hand over this data to one central "super" database. The police and other public authorities will be able to access this database directly without having to make a request to the company which keeps the records. The database had been planned to be bundled with the EU Data Retention Directive that is to be legally implemented in UK by March 2009. The consultation paper published by the Home Office is meant to transpose the Directive as a standalone statutory instrument. Laws made by statutory instruments do not need a Parliament vote. Home Office civil servants are working on plans for the central database within the Interception Modernisation Programme (IMP). The IMP budget was part of the intelligence agencies' undisclosed funding bid to the Comprehensive Spending Review last year. Sources disclosed that secret briefings gave a cost for the database that could reach nine figures. The proposition faces opposition as many fear that a single database under Government's control would be vulnerable to attacks or errors that may lead to information leaks. Chris Huhne, the Liberal Democrats' home affairs spokesman, said the government could not be trusted with sensitive data. "We will be told it is for use in combating terrorism and organised crime but if Ripa powers are anything to go by, it will soon be used to spy on ordinary people's kids, pets and bins" he said. In the consultation paper, the Home Office also gave an estimation of a cost of over 60 million euro that the storage of such an amount of Internet data may be imposed on the Internet industry. Besides, the Home Office admitted that the companies might have to store "a billion incidents of data exchange a day". The Government has already paid about 23 million euro over five years to telecom companies for access to data about citizens' use of phones and the Internet. 'Snooper's charter' to check texts and emails (13.08.2008) http://www.guardian.co.uk/uk/2008/aug/13/privacy.civilliberties/print Home Office - A consultation paper - Final phase of the transposition of Directive 2006/24/EC (08.2008) http://www.statewatch.org/news/2008/aug/uk-ho-consult-mand-ret-internet.pdf Government pays telcos #18.5 million for records retention (7.08.2008) http://www.out-law.com/page-9333 UK.gov to spend hundreds of millions on snooping silo (19.08.2008) http://www.theregister.co.uk/2008/08/19/ukgov_uber_database/ EDRIgram: UK Government will store all phone, Internet traffic data (21.05.2008) http://www.edri.org/edrigram/number6.10/uk-isp-traffic-data EDRIgram: ICO worried about a UK Government-owned traffic data database (4.06.2008) http://www.edri.org/edrigram/number6.11/ico-uk-govt-database ============================================================ 7. Seminar on the Telecoms Package and Network Filtering ============================================================ The telecoms package seminar on the 27 August 2008 in the European Parliament arranged by Swedish MEP Christofer Fjellner had a remarkably large audience. Over 100 persons came to listen to the five speakers from both industry and civil society. Over all, the speakers called for better understanding of the so called "copyright amendments" to the package that allegedly have been introduced to the detriment of the 'completion of the internal market' for the telecoms industry. Netzpolitik.org was also streaming the event. After the introduction by MEP Fjellner, Monica Horten from Westminster University made clear the new technology "Deep Packet Inspection" potentially could be used to censor the Internet in Europe just as it does in China. Similar hardware is in place in both Chinese and European networks. The differences are law, automation and industrial rather than political programming. Eddan Katz from Electronic Frontier Foundation warned that public interest values and the hopes for a transforming participative web would be squashed if the language in the package is not being cleared up. Jeffery Lawrence from Intel's main point was that the conflict between rightsholders and technology industry is not new, but that the principle of policing consumers is new. Would Europe consider such policy, there is indeed a need for discussion and analysis beyond the traditional conflict mentioned. Nuria Rodriguez Murillo from BEUC urged the European parliament to ensure legal certainty for consumers, as well as standing up for the principle already voted on in the so called Bono report which states that people should not be cut of the Internet. The last speaker Francisco Mingorance from Business Software Alliance warned against the French model where technology mandates are introduced by the state or by courts. Such mandating could overrule copyright licences like the GPL. It is unclear whether the Members of the European Parliament will even agree on the existence of the "copyright amendments" in the upcoming plenary debate next week. Netizens, as well as citizens, of Europe should keep their fingers crossed that their legislators know what they are voting on in three weeks time. Hopefully, to quote Monica Horten, our MEPs will say "As policy-makers, we have a duty to promote the vibrant and open character of the Internet." Seminar on the Telecoms Package and Network Filtering http://www.european-agenda.com/events/22414.php Event stream by Netzpolitik http://netzpolitik.org/2008/live-aus-dem-ep-seminar-on-internet-filtering/ Deep Packet Inspection http://en.wikipedia.org/wiki/Deep_packet_inspection (Contribution by Erik Josefsson - Sweden) ============================================================ 8. Dispute between UK government and EU over the use of PNR ============================================================ UK Government fights EU proposals to restrict the way it uses passenger name record (PNR) information to monitor immigration, claiming that the data it collects is crucial to control cross-border movements. With the EU planning to make all European states share PNR data, UK government argues there is a "real risk" the action "would degrade e-Borders by prohibiting the use of PNR data for combating immigration offences". A spokeswoman for the Home Office stated: "The collection of passenger name records is a vital tool in Britain's fight against organised crime, terrorism and immigration offenders." UK wants to go further than EU and share data from internal EU flights, sea and rail travel. The House of Lords EU Select Committee warned in a report published in July that if the government made pressures for radical changes to the EU proposal, it might loose the co-operation of Europe. The report recommended that the PNR data be used for the purpose of fighting against terrorism and combating serious crime, stating at the same time that a clear definition should be given to what "serious crime" means. It recommended a comprehensive list that would cover the term. The Home Office responded on 6 August accepting the need for greater clarity about what crimes should be covered by "serious crime" but rejected the recommendation for a comprehensive list as being "overly prescriptive". It also said that its e-Borders programme gathering PNR data on 50 million passengers' movements, had been a "real success in strengthening the UK border" leading to 25 000 alerts and 2 100 arrests for offences ranging from murder and possession of firearms to drug-smuggling. It also stated that loosing Europe's support was not a possibility. "Negotiations are ongoing, there are outstanding issues but we will work closely with the EU to agree a text." Dominic Grieve, Shadow Home Secretary, said that if the government wanted to extend the purposes of using passengers' details, it should be precise about "what the objective is, why it is necessary and what safeguards it will put in place to protect the privacy of the innocent" and he added: "Given the government's proven and serial inability to protect personal data the public will not agree to this lightly." The Home Affairs Spokesman for the Liberal Democrats, Chris Huhne, also considered this was another example that the government was more and more invading people's personal lives. He also commented: "It is deeply worrying that ministers are prepared to forgo the possible co-operation of our European partners." Actually, even the EU Proposal for a Council Framework Decision on the use of Passenger Name Record (PNR) is far from perfect, facing large opposition from privacy rights advocates and associations. In a letter to the Council of the European Union, ECTAA, the European Travel Agents' and Tour Operators' Associations, makes several proposals for the Framework Decision. Among other things, the members of the association believe the decision should only cover data for passengers on flight into and out of the EU and that it should not be extended to intra-EU flights. Gov't battles EU over use of air-passenger data (11.08.2008) http://news.zdnet.co.uk/security/0,1000000189,39459924,00.htm Ministers' fears on EU data plan (6.08.2008) http://news.bbc.co.uk/2/hi/uk_news/politics/7544877.stm Clash erupts on use of airline data to fight crime (7.08.2008) http://www.ft.com/cms/s/0/14152182-6418-11dd-844f-0000779fd18c.html?nclick_c... European Travel Agents' and Tour Operators' Associations (ECTAA) letter to the Council of EU on Proposal for a Council Framework Decision on the use of Passenger Name Record (PNR) data for law enforcement purposes (1.08.2008) http://www.statewatch.org/news/2008/aug/eu-pnr-ectaa-comments.pdf EDRIgram - PNR Data infringes human rights (9.04.2008) http://www.edri.org/edrigram/number6.7/pnr-human-rights-ecj ============================================================ 9. Secret reports on new five year plan for "European Home Affairs" ============================================================ A new secret report, made available by Statewatch, drafted by the "Future Group" of Interior and Justice Ministers from six EU member states (Germany, France, Sweden, Portugal, Slovenia, and Czech Republic) suggests a series of proposals to boost EU integration in policing and intelligence-gathering, including the creation an EU-US Area of cooperation for "freedom, security and justice." The group's controversial proposals are certain to trigger major disputes, proposing that the EU members states should pool information in a central intelligence unit, creating a network of "anti-terrorist centres", standardising police surveillance techniques and extending the sharing of DNA and fingerprint databases to include CCTV video footage and material gathered by "spy drones". The report also includes a decision to expand the current European Gendarmerie Force (EGF), which currently only involves France, Italy, Spain, Portugal and the Netherlands, into an EU body, that could be used also for paramilitary intervention overseas. Claiming efficient fight against terrorism, the report suggests an Euro-Atlantic pact of cooperation with the United States. The document needs to be finalized by 2014 at the latest and would not just cover terrorism and passenger data but would cover the whole area of justice and home affairs - policing, immigration, sharing database data and biometrics. The difference in privacy regulation could be a problem in achieving this pact, but the US seems to push hard for this new pact: "All the evidence from dozens of high-level EU-USA meetings on justice and home affairs since 11 September 2001 shows that it is a one-way street with the EU trying to fend off USA demands. When the EU does not cave in the USA simply negotiates bilateral deals with individual member states. A permanent EU-USA pact would be disastrous for privacy and civil liberties." explains Tony Bunyan, Statewatch editor. Bruno Waterfield, Brussels correspondent for The Daily Telegraph has expressed the way in which security has been escalated to a level that he calls "securocracy". He believes it started at the national and EU level with "interoperability" that allowed a more wildly exchange of the information held on databases. This gave the idea of "availability", that meant "the exchange of any of this information, defined as important for security purposes, was required". And the latest stage is "convergence". "This concept heralds a new era by standardising European police surveillance techniques and creating "tool-pools" of common data gathering systems to be operated at the EU level" says Waterfield. Future Report: Freedom, Security, Privacy - European Home Affairs in an open world (06.2008) http://www.statewatch.org/news/2008/jul/eu-futures-jha-report.pdf Secret EU security draft risks uproar with call to pool policing and give US personal data (7.08.2008) http://www.guardian.co.uk/world/2008/aug/07/eu.uksecurity Secret EU report moots sharing personal data with US (7.08.2008) http://euobserver.com/22/26585 New European spying proposals 'threaten British security' (7.08.2008) http://www.telegraph.co.uk/news/worldnews/europe/2512219/New-European-spying... EU plan: The rise and rise of the securocrats (7.08.2008) http://blogs.telegraph.co.uk/bruno_waterfield/blog/2008/08/07/eu_plan_the_ri... ============================================================ 10. ENDitorial: Wiretapping - the Swedish way ============================================================ The Swedish Parliament, Riksdagen, adopted 18 June 2008 a law which obliges all telecom and Internet providers to transfer all communication that passes the Swedish border to Fvrsvarets radioanstalt (FRA), or the National Defence Radio Establishment as it is officially called in English. It is the Swedish national authority for signals intelligence. Even though domestic Internet communication is between two persons residing Sweden, the same information may cross national borders through Germany, Denmark and USA. That is how the Internet works. This means that all Swedes as well as people residing outside of Sweden may be subject to the surveillance of FRA. FRA may transfer information to other countries and the Guardian has recently reported (7 August 2008) of a Secret EU security draft which would give USA "Wholesale exchange of (personal) data". It is within a greater international perspective one should view the Swedish legislation. It is possible that Sweden has the most valuable information. 80 % of the Russian telecom and internet communication passes through Sweden. Thus, it is not an accident that FRA has one of the most powerful computers in the world, together with some computers in the USA and one computer in the UK which operates computations on nuclear weapons. There is an ongoing debate over the true motive for the adoption of the law. This is only one of the theories. Many countries and companies, including Finland, Norway, Google and TeliaSonera, use the Swedish cables and are very critical of the FRA wiretapping law. The FRA wiretapping law adopted in June 2008 consists of four statutes, including a newly adopted statute on signals intelligence and changes in three other statutes. The law will enter into force by 1 January 2009 and the actual operations will start later in the year. FRA has a mandate to search for "external threats", which involves everything from military threats, terrorism, IT-security, supply problems, ecological imbalances, ethnic and religious conflicts, migration to economic challenges in the form of currency and interest speculation. This very broad mandate has attracted a lot of criticism. There is no requirement that the FRA should have a reason to suspect crime or a court order before a Swedish citizen is to be under surveillance. This must be seen against the background that the police may ask FRA for support in its efforts of crime control. In contrast to what the law actually says, the Government denies that the police may use the FRA and say that FRA will only monitor "phenomena" and not individuals. The critics ask how it is possible to monitor phenomena without monitoring individuals. As one of the critics, I have accused the Government of "doublethink" and "newspeak" in their defence of the law. The Governments statements are full of contradictions, which they ignore. The main Government Party in a coalition of four parties even deny the core of the law, which obligates all telecom and Internet providers to transfer all communication that passes the Swedish border to FRA. In the eve of the vote of 18 June 2008 there were strong indications that more than the necessary four parliamentarians of the centre-right coalition would shift side and thus deny the adoption of the statutes. There was intense pressure on these parliamentarians and on the day before the vote, Fredrick Federley, a critic in the centre party, struck a deal with the Minister of Defence, Sten Tolgfors, which involved that additional protection would be added in the interest of privacy at a later point in time. This made the resistance in the coalition parties to crumble. In the end, only one parliamentarian shifted sides, Camilla Lindberg, of the liberal party who became a national hero while Fredrick Federley, in the eyes of many, lost a lot of credibility as a civil rights promoter. Another member of the liberal group, Birgitta Ohlsson, abstained. The two members of the liberal group had concerns that the additional protection would not change the fact that the law obliges all telecom and Internet providers to transfer all communication that passes the Swedish border to FRA. This did not quiet the critics. By 14 July 2008 the resistance in the liberal party had regrouped and they published an op-editorial in the daily Dagens Nyheter signed by the necessary four parliamentarians and three previous party leaders representing 25 years of leadership in the liberal party, all demanding the Government should recall the law. Later, two liberal parliamentarians joined the other four and stated live on TV that they were willing to support a motion to recall the law. The Government is making serious efforts to divide the group and make one or several of them return to the Government side. As of this date, the Government has not been successful. The six liberal parliamentarians must team up with the social democrats, the green party and the left before the end of September 2008. After that, it is impossible to table motions from the opposition which will enter into force during 2009 and recall the law. To conclude, the showdown for Swedish wiretapping by FRA is in September 2008. Government Proposal on Defence Intelligence (only in Swedish, 8.03.2007) http://www.regeringen.se/content/1/c6/07/83/67/2ee1ba0a.pdf Secret EU security draft risks uproar with call to pool policing and give US personal data (7.08.2008) http://www.guardian.co.uk/world/2008/aug/07/eu.uksecurity EDRi-gram: ENDitorial: Sweden is listening to all internet and phone conversations (2.07.2008) http://www.edri.org/edrigram/number6.13/sweden-fra-adoption EDRi-gram: ENDitorial: A new "NSA FRAnchise" set up in Sweden? (4.06.2008) http://www.edri.org/edrigram/number6.11/nsa-fra-sweden (contribution by Mark Klamberg - Doctoral candidate, Stockholm University - Department of Law) ============================================================ 11. Recommended Action ============================================================ EDRi member FoeBuD e.V. has set up a contest for finding a RFID warning sign to be passed on to the EU's process in RFID legislation. Since the industry came up with a similar contest but looking for a somewhat "friendly" design, FoeBuD is looking for a precise warning sign that would shows the dangers for citizens' rights when RFID technology is involved. There are two categories in FoeBuD's contest: strict and freestyle. In the strict category, a design for an official RFID warning sign is wanted. The winning design in this category shall be sent to the EU as a proposal for marking RFID tags and readers. It should follow the rules for warning and danger signs as e.g. DIN 4844-2 shows. The freestyle category is what its name says: be free to find a nice and striking sign that shows the problem. Everyone is free to participate until 12 September 2008. The designs are expected to be public domain. The contest papers are only in German, but, apart from explaining what RFID is and its dangers, the main message is: Send the design before the deadline to "FoeBuD e.V., Marktstrasse 18, 33602 Bielefeld, Germany". Questions and digital-only designs may be sent to "mail at foebud.org". Submissions are confirmed to have arrived via email. The winners will be announced in October 2008. The contest papers (only in German) http://www.foebud.org/rfid/rfid-warn-logo-wettbewerb-foebud-ausschreibung.pd... ============================================================ 12. Agenda ============================================================ 3-5 September 2008, Prague, Czech Republic The Third International Conference on Legal, Security and Privacy Issues in IT http://www.lspi.net/ 8-10 September 2008, Geneva, Switzerland The third annual Access to Knowledge Conference (A2K3) http://isp.law.yale.edu/ 19 September 2008, Brussels, Belgium High Level Expert Conference: Towards a European Policy on RFID http://www.rfid-in-action.eu/conference 20 September 2008, Munchen, Germany Demonstration Freiheit Weiss Blau http://wiki.vorratsdatenspeicherung.de/Freiheit_Weiss_Blau 22 September 2008, Istanbul, Turkey Workshop on Applications of Private and Anonymous Communications http://www.alpaca-workshop.org/ 22 September 2008, Worldwide OneWebDay - an Earth Day for the internet. http://onewebday.org/ 24-28 September 2008, Athens, Greece World Summit on the Knowledge Society http://www.open-knowledge-society.org/summit.htm 11 October 2008, Worldwide Action day "Freedom not fear" Protests, demonstrations and activities against the surveillance mania http://wiki.vorratsdatenspeicherung.de/Freedom_Not_Fear_2008 15-17 October 2008, Strasbourg, France 30th International Data Protection and Privacy Conference http://www.privacyconference2008.org/ 20-21 October 2008, Strasbourg, France European Dialogue on Internet Governance (EuroDIG) http://www.eurodig.org/ 3-6 December 2008, Hyderabad, India Third Internet Governance Forum http://www.intgovforum.org 10-11 December 2008: Tilburg, Netherlands Tilting perspectives on regulating technologies, Tilburg Institute for Law and Technology, and Society, Tilburg University http://www.tilburguniversity.nl/tilt/conference ============================================================ 13. About ============================================================ EDRI-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRI has 28 members based or with offices in 17 different countries in Europe. European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRI-grams. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and visibly on the EDRI website. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 2.0 License. See the full text at http://creativecommons.org/licenses/by/2.0/ Newsletter editor: Bogdan Manolea <edrigram@edri.org> Information about EDRI and its members: http://www.edri.org/ European Digital Rights needs your help in upholding digital rights in the EU. If you wish to help us promote digital rights, please consider making a private donation. http://www.edri.org/about/sponsoring - EDRI-gram subscription information subscribe by e-mail To: edri-news-request@edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. unsubscribe by e-mail To: edri-news-request@edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/edrigram-mk.php - EDRI-gram in German EDRI-gram is also available in German, with delay. Translations are provided Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users http://www.unwatched.org/ - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask <edrigram@edri.org> if you have any problems with subscribing or unsubscribing ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE