============================================================ EDRI-gram biweekly newsletter about digital civil rights in Europe Number 6.14, 16 July 2008 ============================================================ Contents ============================================================ 1. Vote in the EP committees on the Telecom Package 2. Dutch University sued to stop publishing research on chip technology 3. Russian blogger sentenced for comments on the blog 4. Copiepresse attacks EC for copyright infringement, but gets dismissed 5. Complaint against the French govt to annul the biometric passport decree 6. Irish Human Rights Commission added to data retention challenge 7. Privacy complaints related to Google's Street View 8. New threats for UK file-sharers 9. Liberty groups win long court battle against UK wiretapping 10. ENDitorial: Massive mobilization against EDVIGE, the new French database 11. Recommended Reading 12. Agenda 13. About ============================================================ 1. Vote in the EP committees on the Telecom Package ============================================================ The IMCO (Internal Market Committee) and ITRE (Committee on Industry, Research and Energy) committees of the European Parliament (EP) adopted on the 7 July 2008 the Telecom package, including the amendments that were considered by some NGOs as endangering the principle of the neutrality of the Internet. One of the MEPs supervising the Telecom package, including the amendments to the five directives that should reform the EU legal framework on electronic communications has explained that the vote on these amendments had nothing to do with copyright enforcement: "There has been a great deal of dismay in the committee at the interpretation being put on these amendments.(...) The interpretation of them is alarmist and scare-mongering and deflects from the intention which was to improve consumers' rights." declared MEP Malcolm Harbou for BBC. But the NGOs supported their initial comments that the present adopted texts could open the way to the regulation of users via the Internet Service Providers under the control of national regulators. They also praised the civic response to their campaign that has reached some MEPs, who highlighted part of the problematic amendments in the Telecom Package during the EP committees debates. Other privacy issues related with the management of traffic data has created problems within the IMCO committee that should have included the opinion from the Civil Rights Committee (LIBE). But the Socialist and Green MEPs from the IMCO committee did not back up the suggestion of the LIBE committee to allow the processing of electronic traffic data by "any natural or legal person". Other discussions in the ITRE committee of the EP rejected the idea of a unique EU telecom authority and suggested instead a new group called Body of European Regulators in Telecoms (BERT), formed by the 27 national regulatory authorities. ITRE committe backed up the proposals to enhance the use of radio frequencies, but demanded several safeguards on media pluralism, public interest or emergency services. The final vote on the Telecom package was initially planned on 2 September, but since it is clear that there will be some debates on the above-mentioned topics, the vote was delayed for the session starting on 22 September. MEPs back contested telecoms plan (8.07.2008) http://news.bbc.co.uk/2/hi/technology/7495085.stm The "Telecoms Package": out of the shadows, into the light (10.07.2008) http://www.laquadrature.net/en/the-%E2%80%9Ctelecoms-package%E2%80%9D-out-sh... MEPs discard plan for single EU telecoms watchdog (9.07.2008) http://www.euractiv.com/en/infosociety/meps-discard-plan-single-eu-telecoms-... EU Parliament split over electronic data protection (10.07.2008) http://www.euractiv.com/en/infosociety/eu-parliament-split-electronic-data-p... EDRi-gram: Control on Internet users pushed with the new telecom package (2.08.2008) http://www.edri.org/edrigram/number6.13/telecom-package-internet ============================================================ 2. Dutch University sued to stop publishing research on chip technology ============================================================ Dutch chipmaker NXP Semiconductors has sued the Dutch Computer Security Group of Radboud University in Nijmege in order to stop the publication of research results showing security flaws in NXP's Mifare Classic wireless smart cards used in transit and building entry systems around the world. The technology is used for the transit system in The Netherlands, in the subway systems in London, Hong Kong and Boston, as well as in cards for accessing buildings and facilities, covering 80 percent of the market. The security researchers of the Dutch university have checked the Mifare system used with Oyster cards for transport in London and recently succeeded in cracking the encryption on a card and clone it. They added credit to it and moved freely around London's Underground network. According to Dr. Bart Jacobs, professor of computer security at the university, by using a computer and an RFID reader, in just a few seconds, the Oyster card's encryption can be cracked. "We need to eavesdrop on the communication between a card and a card reader. From that communication we can deduce secret cryptographic keys that are used to protect the contents of the card. Once we have the keys we 'own' the card and can manipulate it as we like" said Jacobs. The University issued a statement in March this year saying: "Because some cards can be cloned, it is in principle possible to access buildings and facilities with a stolen identity. This has been demonstrated on an actual system." Jacobs demonstrated how the London transit system can be used for free. He obtained the key used by the London transit system then he passed by passengers carrying Oyster cards and was able to collect their card information on his laptop and make a clone of it. The scientist has given NXP the opportunity to fix the security problems waiting with the publication and presentation of the results for some time but as NXP did not solve the issue decided to go on with the university plans of publishing the research. The Dutch university's research builds upon Karsten Nohl's work, a graduate student of the University of Virginia, and expert on the security for NXP. "NXP has had half a year now to inform about the lack of security in their product, but instead they have used the best part of that to dismiss our research, dismiss the Dutch group's research, and to claim that everything is purely theoretical. So, if anything, NXP has invoked this type of public demonstration, since they have often claimed that 'yes in theory it may be insecure but in practice it isn't'. So had they not kept up the disinformation that (the Mifare could actually be secure) nobody would have paid attention to the Dutch group actually hacking the Oyster card" stated Nohl. The Computer Security Group publication comes during a long and heated public debate in the Dutch parliament and the media on the merits of large scale computer systems, their quality and security standards and the government's capacity to manage these kind of projects. The publication of the University research may be essential for this debate. The Dutch court decision is expected on 17 July 2008. Censoring Dutch Academia: Computer Security Scholars taken to Court (8.07.2008) http://www.jorisvanhoboken.nl/?p=173 Dutch chipmaker sues to silence security researchers (9.07.2008) http://news.cnet.com/8301-10784_3-9985886-7.html?hhTest=1 Has London's Oyster travelcard system been cracked? (26.06.2008) http://www.guardian.co.uk/technology/2008/jun/26/hitechcrime.oystercards Cryptoanalysis of Crypto-1 http://www.cs.virginia.edu/~kn5f/pdf/Mifare.Cryptanalysis.pdf Security Flaw in Mifare Classic - press release Digital Security group, Radboud University Nijmegen (12.03.2008) http://www.ru.nl/english/general/radboud_university/vm/security_flaw_in/ London transit cards cracked and cloned (26.06.2008) http://news.cnet.com/8301-10789_3-9978486-57.html?hhTest=1 NXP sues academic research team - what are they afraid of? (10.07.2008) http://www.thetechherald.com/article.php/200828/1463/ ============================================================ 3. Russian blogger sentenced for comments on the blog ============================================================ On 7 July 2008, a Russian blogger was sentenced to one year suspended jail after having been found guilty of "inciting hatred and enmity" for a comment left on a LiveJournal weblog. According to Kommersant newspaper, the young blogger Savva Terentiev was saying on the blog that "Those who become cops are scum," and calling for officers to be put on a bonfire. For his alleged offence, inciting hatred and denigrating the human dignity of a social group, the prosecutors were asking for a significant fine and two years behind bars, which seemed excessive. During the trial, Terentyev referred to his statements on the blog that corrupt cops should burned in Auschwitz-like ovens as "hyperbole and exaggeration," and apologized to concentration camp victims and the police officers he might have "involuntarily hurt with the contested commentary." The final court decision was to sentence the blogger to one suspended jail year. Free speech campaigners are concerned about the fact that the ruling might create a dangerous precedent for free speech on the Internet, especially in Russia where the mainstream traditional media is biased in favour of the authority. "This was an absolutely unjustified verdict. (...) Savva for sure wrote a rude comment ... but this verdict means it will be impossible to make rude comments about anybody" told Alexander Verkhovsky, director of the SOVA centre in Moscow, a non-governmental group that monitors extremism, to Reuters agency. Recently, the Russian President Dmitry Medvedev has expressed his views on the freedom of speech saying Russia should use a light touch when policing the Internet."Thank God we live in a free society. (...) It's possible to go on to the Internet and get basically anything you want. In that regard, there are no problems of closed access to information in Russia today, there weren't any yesterday and there won't be any tomorrow," he said last month in an interview with Reuters. Russian blogger sentenced for "extremist" post (7.07.2008) http://uk.news.yahoo.com/rtrs/20080707/tot-uk-russia-blogger-566e283.html Russian Blogger Sentenced Over LiveJournal Comment (7.07.2008) http://www.theotherrussia.org/2008/07/07/russian-blogger-sentenced-over-live... EDRi-gram: More control over the Internet wanted in Russia (7.05.2008) http://www.edri.org/edrigram/number6.9/internet-control-russia ============================================================ 4. Copiepresse attacks EC for copyright infringement, but gets dismissed ============================================================ The Belgium newspaper Association Copiepresse has initiated a legal complaint against the European Commission (EC) arguing that it infringes its copyright through the NewsBrief and NewsExplorer aggregation services. Copiepresse became famous for its copyright suit against Google and other search engines claiming copyright infringement over the aggregation services done by the search engines. The association has initiated a new action in the Belgian Court of Seizures considering that the European Commission is counterfeiting its member's news articles by using small part of them in order to prepare a news collation marketed as NewsBrief and NewsExplorer. The Belgium Court rejected the Copiepresse claim, confirming the EC opinion that the competent courts on the matter are the European Courts. Copiepresse announced that they wouldn't appeal the decision, claiming "startegic reasons" and explaining that they just wanted to get the EC out in the open, since they didn't reply to any message on the topic. But at the same time the Association announced that they would continue the case in the Bruxelles civil court, where an action of cease&desist has already been introduced. The European Commission representatives claimed in court that its services are just press reviews, that fall under the exemptions from the copyright law protection. The judge initially ordered a judicial expertise in order to gather more technical information about how the site was built, but then he dismissed this evidence and took his decisions only on jurisdictional grounds. Copiepresse sues the European Commission to the civil court (only in French, 27.06.2008) http://www.actu24.be/article/regions/regionbruxelles/infosbxl/copiepresse_po... Belgian press beef with EU beaten in Belgian court (1.07.2008) http://www.theinquirer.net/gb/inquirer/news/2008/07/01/copiepresse-slapped-e... Belgian agency to sue European Commission again over news aggregator (2.07.2008) http://www.out-law.com/page-9227 EDRi-gram: Belgium newspaper group continues its actions against search engines (25.10.2006) http://www.edri.org/edrigram/number4.20/belgium ============================================================ 5. Complaint against the French govt to annul the biometric passport decree ============================================================ Two French associations, EDRi-member Imaginons un riseau internet solidaire (IRIS) and Ligue des droits de l'Homme (LDH), have filed a complaint against the French government before the highest administrative Court. They ask the French Conseil d'Itat to annul the decree issued on 30 April 2008 by the French government on biometric passports. The associations consider the decree had been issued under an irregular procedure by publishing the Opinion in the Official Journal 6 days after the decree had been published, instead of presenting them at the same time, as required by law. The provisions of the decree stipulate the collection of eight fingerprints for passport applicants starting with 6 years old children and the creation of a central biometric database for retaining and processing the collected data. IRIS and LDH argue that the nature, the quantity and the retaining period of these data in a central database are disproportionate with regards to the decree's objectives, which remain the same as in the previous passport decree of December 2005, where fingerprints were not required. Moreover, they believe that the decree is violating the national as well as international legislation regarding the protection of the personal data. It also violates international legislation related to children. The two associations link the requirements of this decree to the provisions of the draft law on biometric ID cards currently being prepared. They state that, if the decree is not annulled, the government would, under the pretext of more easily issuing identity cards and passports, influence the debate in the French Parliament on the biometric identity card project. . Biometric passport : IRIS and LDH ask the State Council to annul the decree (only in French, 4.07.2008) http://www.iris.sgdg.org/info-debat/comm-passeport0708.html Common Press Release - IRIS and LDH (only in French, 4.07.2008) http://www.iris.sgdg.org/info-debat/recours-passeport0708.pdf Text of the legal complaint (only in French 4.07.2008) http://www.iris.sgdg.org/info-debat/recours-passeport0708.pdf EDRIgram: The French Government goes against CNIL in biometric passports (21.05.2008) http://www.edri.org/edrigram/number6.10/cnil-biometric-passports ============================================================ 6. Irish Human Rights Commission added to data retention challenge ============================================================ The High Court in Dublin has allowed the Irish Human Rights Commission to become a party to the data retention challenge being brought by Digital Rights Ireland. The Human Rights Commission, which is a state body, will be an amicus curiae (friend of the court) with the ability to make submissions about the fundamental rights implications of data retention. The Chief Executive of the Commission Iamonn Mac Aodha stated: "This case raises important issues about the extent to which laws and measures governing the monitoring of one's private life by the State in pursuit of tackling crime possess sufficient human rights safeguards". Mr MacAodha continued "one of the priorities of the IHRC is to address potential threats to human rights that may emerge with developments in communications technology such as in the present case where issues of individual security and privacy are raised." Irish Human Rights Commission given permission to appear in DRI action (4.07.2008) http://www.digitalrights.ie/2008/07/04/irish-human-rights-commission-given-p... IHRC granted leave to appear in Data Protection Case in the High Court (1.07.2008) http://www.ihrc.ie/home/wnarticle.asp?NID=200&T=N&Print (Contribution by TJ McIntyre - EDRi-member Digital Rights Ireland) ============================================================ 7. Privacy complaints related to Google's Street View ============================================================ Privacy International has complained to the Information Commissioner's Office (ICO) against Google's Street View cars, which grab real photographs of streets and people, that get loaded into Google Maps. Street View distinctive cars have been recently spotted on London. The system allows Google's users to view 360 degree photographs of streetscapes in towns and cities that have been catalogued by Google cameras. Privacy International has expressed its reservations towards Google's practice in a letter sent to the company: "You may be aware that Privacy International has stated, both privately to Google legal staff and to the media, that we are concerned about a number of potential violations of national law that this technology may create," said the letter signed by director Simon Davies. Google had stated the company had implemented a technology that would blur faces and vehicle number plates allowing at the same time high quality images. Google's senior privacy counsel Jane Horvath had answered to Davies explaining that the face and number plate blurring technology had been in place since May. "As with all such systems operating at this scale our blurring technology is not perfect - we occasionally miss a face or license plate, for example if they are partially covered, or at a difficult angle. (...) However, we tested the technology thoroughly before launch and I am confident that it finds and blurs the vast majority of identifiable faces and license plates. For the few that we miss, the tools within the product make it easy for users to report a face or license plate for extra blurring. As always, users can still ask for their image to be removed from the product entirely" said Horvarth. In its letter, Privacy International was asking from Google to provide, within seven days, technical specifications of the blurring technology used, otherwise it would have to make a complaint to ICO. Having not received the required information, the privacy group placed the complaint which was confirmed by a spokeswoman for ICO: "Yes, we have received a complaint about this and we are looking into it. We are contacting Google to get more details of the scheme" said the spokeswoman to The Register. This comes at a time when ICO asks for changes to European data protection laws to keep up with changing technology. "European data protection law is increasingly seen as out of date, bureaucratic and excessively prescriptive. It is showing its age and is failing to meet new challenges to privacy, such as the transfer of personal details across international borders and the huge growth in personal information online. (...)"It is high time the law is reviewed and updated for the modern world." said Richard Thomas, UK ICO. The ICO has hired RAND Corporation to review European data protection laws for possible reforming. Some recent rulings of the Court of Appeal might be to Google's advantage. "If the photographs had been taken to show the scene in a street by a passer-by and later published as street scenes, that would be one thing, but they were not taken as street scenes but were taken deliberately, in secret and with a view to their subsequent publication," said Lord Hope in one of his ruling. On the other hand, while reluctant for some time, giving in to privacy advocates' pressure, Google has added a link to its privacy policy from its front page. Google home page contains now the word 'privacy' near the bottom, beside the copyright notice. The word is a link to a page containing all Google's privacy information. Google's spycar revs up UK privacy fears (7.07.2008) http://www.theregister.co.uk/2008/07/07/google_spycar_slammed/ Privacy group protests about Street View, but Google says blurring protects privacy (7.07.2008) http://www.out-law.com/page-9239 Google's controversial Street View hits the UK (3.07.2008) http://www.out-law.com/page-9233 Google bows to pressure, adds privacy link to home page (7.07.2008) http://www.out-law.com/page-9237 Google, privacy and Street View (4.07.2008) http://www.bbc.co.uk/blogs/technology/2008/07/google_privacy_and_street_view... EDRIgram - Google StreetView might breach EU laws (21.05.2008) http://www.edri.org/edrigram/number6.10/google-streetview-eu ============================================================ 8. New threats for UK file-sharers ============================================================ After the letters sent from Virgin Media to its customers on alleged file-sharing activities, British Telecom (BT), the UK's largest broadband provider, has started a similar activity. The Register has received information from one of the BT subscribers that has received such a letter from the Customer Security Team stating: ""I have received a complaint regarding one of our customers offering copyrighted material over the internet. On investigation, I have found that your account was used to make this offer." The letter contained evidence put forward by BPI, that was shared by BT with its customer and consisted, in this case, of the P2P programme Ares user agent, a time stamp, a file name and an IP address. The letter provided information on how to secure their WiFi connection, but also threaten with disconnection if similar activities continued: "Sorry, but we're obliged to point out that further similar problems may have to lead to the termination of your account, as such activity contravenes BT's Acceptable Use Policy." More aggressive threats have been reported being sent by Virgin Media to approx 800 subscribers with the following text on the envelope: "Important. If you don't read this, your broadband could be disconnected". Virgin Media spokeswoman claimed that the text was a mistake and explained that this was part of an education campaign: ""We are not accusing our customers of doing anything, we are alerting them to the fact that illegal file sharing has been tracked to their account. This could have been someone else in the house or an unsecured wireless network. This is an education campaign." In sending these letters, the ISPs do not share confidential information with BPI and do not monitor their users, but only receive from the BPI investigators the collected IP addresses of the customers having participated in alleged p2p copyrighted material sharing. The ISP identifies the exact individual and sends him (her) the template letter. Even though the BPI campaign has attracted two of the major British ISPs in this "education campaign", other ISPs have promptly rejected such collaboration. Carphone Warehouse make it clear that they just give access to Internet: "We are the conduit that gives users access to the internet. We do not control the internet, nor do we control what our users do on the internet. I cannot foresee any circumstances in which we would voluntarily disconnect a customer's account on the basis of a third party alleging a wrongdoing", said Charles Dunstone, the chief executive of Carphone Warehouse, to BBC. Virgin admits disconnection threat mistake (3.07.2008) http://www.out-law.com/page-9235 We won't cut off users, says Virgin (3.07.2008) http://www.guardian.co.uk/technology/2008/jul/03/virgin.filesharers Virgin warns 800 punters for file-sharing (3.07.2008) http://www.theregister.co.uk/2008/07/03/virgin_letters_numbers/ BT starts threatening music downloaders with internet cut-off (26.06.2008) http://www.theregister.co.uk/2008/06/26/bt_bpi_letter/ EDRi-gram: British ISPs warn Internet downloaders on the risk of being prosecuted (18.06.2008) http://www.edri.org/edrigram/number6.12/british-isp-virgin-letters ============================================================ 9. Liberty groups win long court battle against UK wiretapping ============================================================ After nine years of legal battle by civil rights groups in London and Dublin, the European Court of Human Rights ruled on 1 July 2008 that UK Government had violated Human Rights by tapping their communications between 1990 and 1997. Liberty groups, along with British Irish Rights Watch and the Irish Council for Civil Liberties, have claimed their communications were subject to indiscriminate surveillance by MoD's Electronic Test Facility that had eavesdropped on their phone, fax, email and data communications between 1990 and 1997. After having first lodged complaints with the UK's Interception of Communications Tribunal, the DPP and the Investigatory Powers Tribunal without results because the local courts ruled "there was no contravention to the Interception of Powers Act 1985". Finally, the groups obtained the European Human Rights Court ruling that the UK had violated article 8 of the European Convention on Human Rights providing the right to respect for private and family life and correspondence. The court found that the 1985 Act has given the UK government "virtually unlimited" discretion to intercept communications between the UK and an external receiver, as well as "wide discretion" to decide which communications were listened to or read. The government had guidelines to ensure a "safeguard against abuse of power", but the UK's 1985 interception law "had not indicated with sufficient clarity... the scope or manner of the exercise of the very wide discretion of the conferred on the State to intercept and examine external communications" so as to guard against abuse of power. For 10 years now, the 1985 Act has been replaced by RIPA which has the same objective to detect terrorism and serious crime but it is mostly applied by local councils for minor infringements. The court ruled that procedures regarding the use and storage of intercepted material should be established so as to make these procedures more transparent for the public. "While secret surveillance is a valuable tool, the mechanisms for intercepting our telephone calls and emails should be as open and accountable as possible, and should ensure proportionate use of very wide powers" said Alex Gask, Liberty's legal officer. The ruling will have strong implications for UK's present legislation on phonetapping and interception of communications, and as Mark Kelly, Director of the Irish Council for Civil Liberties believes, clear implications for many other member states of the Council of Europe member states, such as Ireland: "Our lax data interception regime will require a thorough overhaul in order to ensure that it meets the standards required by the European Court of Human Rights under Article 8." Liberty called for an overhaul of RIPA. However, the Home Office stated on 2 July it did not think the ruling had any implications on RIPA and UK's current legislation covering covert investigations. Court rules 90s UK.gov wiretaps violated human rights (2.07.2008) http://www.theregister.co.uk/2008/07/02/echr_ripa_judgement/ Security: UK phonetap laws breach privacy (2.07.2008) http://www.guardian.co.uk/uk/2008/jul/02/privacy.humanrights UK surveillance breaches human rights, rules ECHR (2.07.2008) http://www.out-law.com/page-9228 ============================================================ 10. ENDitorial: Massive mobilization against EDVIGE, the new French database ============================================================ Remember the movie 'Das Leben der Anderen' (The Lives of Others), where a Stasi agent was monitoring a playwriter's life? This doesn't translate anymore in French into 'La vie des autres', but rather into EDVIGE, the name of a newly created database to be used by French intelligence services and the administrative police. EDVIGE will file "individuals, groups, organisations and moral persons which, due to their individual or collective activity, are likely to attempt to public order". Not only these persons will be filed (without any offence committed), but also "those who undertake or have undertaken direct and non fortuitous relations with them." Filing starts at age 13. This, clearly, means filing everyone, in view of "informing the government and the representatives of the State" in any and all French town and region. In other words, EDVIGE, which has been created by a decree issued on 27 June 2008 in the framework of the merging of two French intelligence services (RG and DST), is the perfect instrument of a political police. EDVIGE will contains data on "civil status and occupation; physical addresses, phone numbers, email addresses; physical characteristics, photographs and behaviour; identity papers; car plate numbers; fiscal and patrimonial information; moves and legal history." As highlighted by lesbians and gays associations, this will include data on sexual orientation and health, in particular HIV seropositivity. This has been confirmed by a representative of the Interior ministry, who declared that "the mention of these data will only be authorised for incidental need in relation with an activity. In the intelligence field, this mainly means activism." Moreover, French EDRI member IRIS notes that the inclusion of "identity papers" in these data is particularly significant in the context of the newly created French biometric passport including 8 fingerprints and of the draft law in preparation on biometric ID cards. A large mobilization against EDVIGE immediately started, with a petition calling for the withdrawal of this file. This petition is hosted and maintained by RAS ('Riseau associatif et syndical'), an NGO acting as an ISP for its members, almost 200 activist NGOs and trade unions, among them EDRI member IRIS. The petition has already gathered since 10 July 2008 more than 16.000 individual signatures, and more than 170 signatures from associations, trade unions and political parties from the opposition. Signatories will organize into a global coordination against the EDVIGE file, and are preparing various actions starting from next September. In the mean time, some of these groups will file a complaint against the French government, requesting the annulment of the EDVIGE decree. But EDVIGE is not alone. Her twin sister, CRISTINA, has also been created on the same day. CRISTINA aims at "Centralising inland intelligence for homeland security and national interests." But that's all that we know about CRISTINA: using the article 26.III provision of the French Data Protection Act, the government decided not to publish the decree creating CRISTINA. As a consequence, the CNIL's opinion on CRISTINA has not been published either, except to attest that this opinion was "favourable, with reservations." Actually, the same secret has been observed for 6 other newly created files, related to inland and foreign intelligence, as well as military services. Not a good sign for these "Sarkozy's babies." Decree n0 2008-632 creating EDVIGE file (only in French, 27.06.2008) http://www.legifrance.gouv.fr/WAspad/UnTexteDeJorf?numjo=IOCC0815681D CNIL's opinion on EDVIGE (only in French, 16.06.2008) http://www.legifrance.gouv.fr/WAspad/UnTexteDeJorf?numjo=CNIX0816023X Tjtu: L'Intirieur reconnant qu'+Edvige; sera utilisi pour ficher les militants (only in French, 12.07.2008) http://www.tetu.com/rubrique/infos/infos_detail.php?id_news=13236 IRIS: Appel ` signatures : IRIS soutient l'appel pour l'abandon du fichier EDVIGE (only in French, 11.07.2008) http://www.iris.sgdg.org/info-debat/comm-edvige0708.html 'Non ` EDVIGE': Petition website, with press releases and press articles (only in French, since 10.07.2008) http://nonaedvige.ras.eu.org/ Decree n0 2007-914 of 15 May 2007, as modified by Decree n02008-631 of 27 June 2008 to create CRISTINA and other files (only in French, 01.07.2008 consolidated version) http://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT000000649189&dateTexte=20080716 CNIL's opinion on CRISTINA (only in French, 16.06.2008) http://www.legifrance.gouv.fr/WAspad/UnTexteDeJorf?numjo=CNIX0816024X (Contribution by Meryem Marzouki, EDRI-member IRIS- France) ============================================================ 11. Recommended Reading ============================================================ UK: Biometrics Assurance Group Annual Report 2007 A government expert group has warned of a 'large impact' on the National Identity Scheme from those who cannot use fingerprinting, such as many elderly people. http://www.ips.gov.uk/passport/downloads/FINAL-BAG-annual-report-2007-v1_0.p... ============================================================ 12. Agenda ============================================================ 19-20 July 2008, Stockholm, Sweden International Association for Media and Communication Research pre-conference - Civil Rights in Mediatized Societies: Which data privacy against whom and how ? http://www.iamcr.org/content/view/301/1/ 23-25 July 2008, Leuven, Belgium The 8th Privacy Enhancing Technologies Symposium (PETS 2008) http://petsymposium.org/2008/ 3-5 September 2008, Prague, Czech Republic The Third International Conference on Legal, Security and Privacy Issues in IT http://www.lspi.net/ 8-10 September 2008, Geneva, Switzerland The third annual Access to Knowledge Conference (A2K3) http://isp.law.yale.edu/ 22 September 2008, Istanbul, Turkey Workshop on Applications of Private and Anonymous Communications http://www.alpaca-workshop.org/ 24-28 September 2008, Athens, Greece World Summit on the Knowledge Society http://www.open-knowledge-society.org/summit.htm 11 October 2008: Europe-wide action day "Freedom not fear" Protests, demonstrations and activities against the surveillance mania http://wiki.vorratsdatenspeicherung.de/Freedom_Not_Fear_2008 15-17 October 2008, Strasbourg, France 30th International Data Protection and Privacy Conference http://www.privacyconference2008.org/ 20.-21 October 2008, Strasbourg, France European Dialogue on Internet Governance (EuroDIG) http://www.eurodig.org/ 3-6 December 2008, Hyderabad, India Third Internet Governance Forum http://www.intgovforum.org 10-11 December 2008: Tilburg, Netherlands Tilting perspectives on regulating technologies, Tilburg Institute for Law and Technology, and Society, Tilburg University http://www.tilburguniversity.nl/tilt/conference ============================================================ 13. About ============================================================ EDRI-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRI has 28 members based or with offices in 17 different countries in Europe. European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRI-grams. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and visibly on the EDRI website. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 2.0 License. See the full text at http://creativecommons.org/licenses/by/2.0/ Newsletter editor: Bogdan Manolea <edrigram@edri.org> Information about EDRI and its members: http://www.edri.org/ European Digital Rights needs your help in upholding digital rights in the EU. If you wish to help us promote digital rights, please consider making a private donation. http://www.edri.org/about/sponsoring - EDRI-gram subscription information subscribe by e-mail To: edri-news-request@edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. unsubscribe by e-mail To: edri-news-request@edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/edrigram-mk.php - EDRI-gram in German EDRI-gram is also available in German, with delay. Translations are provided Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users http://www.unwatched.org/ - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask <edrigram@edri.org> if you have any problems with subscribing or unsubscribing ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE