============================================================ EDRI-gram biweekly newsletter about digital civil rights in Europe Number 4.19, 11 October 2006 ============================================================ Contents ============================================================ 1. New EU-US interim deal on Passenger Name Record 2. The European Parliament ready to vote on EPLA 3. The broadcast treaty stalled by WIPO General Assembly 4. Filesharing and digital evidence case in Sweden 5. SWIFT found in breach of Belgian laws 6. European e-voting machines cracked by Dutch group 7. Open Letter against the revision of the Swiss copyright law 8. Digital Restriction Management - drm.info 9. ENDitorial : PNR & Institutional Mechanisms of Privacy Protection 10. Recommended reading 11. Agenda 12. About ============================================================ 1. New EU-US interim deal on Passenger Name Record ============================================================ The previous agreement adopted in 2004 on EU-US personal data sharing was annulled by the European Court of Justice in Luxembourg in May 2006, invoking the wrong legal basis. After a series of negotiations between UE and US a new interim agreement was concluded on 6 October 2006. The old agreement was kept in force by the Court decision until 30 September. This explains the rush of the EU and US officials in agreeing on a new decision. From the privacy point of view, the new agreement is worse than the previous act. According with the new deal, 34 types of passenger data - including names, telephone numbers, addresses, credit card information, bank account numbers, email addresses, type of meals served on board and other details of their reservation for US - will be send to the US authorities. The agreement foresees that the US officials will not "pull" the information from airlines computers, but the data will be "pushed", so the data will be much more easily accessible. The data should be sent by the airlines to the US authorities databases within 15 minutes after of a plane takes off from an EU country to US. It appears that the new "push" system would be tested before the end of the year. Following the pressure from the US authorities, the PNR data will be available also to several US counter-terrorism agencies, if they have "comparable standards of data protection " with EU as the Commissioner Frattini underlined. The carriers who do not provide the right information are liable for fines up to 5 000 EUR/passenger or even the withdrawal of the landing rights. The new deal will be formally approved by the Justice Ministers across EU that should meet later this week. This agreement will be in force until the end of July 2007, but new negotiations for a permanent deal will probably begin in November. A lot of criticism to the PNR interim deal occurred soon from the civil rights groups, but also from members of the European Parliament. Cem Ozdemir (DE-Greens) considered : "It is disturbing that the EU capitulated to US demands to allow more agencies access the data." Sophie In't Veld (NL, ALDE group), the EP rapporteur on PNR issues, has planned a public debate on the matter for 11 October during the plenary session of the Parliament. Ms. Veld has also sent a letter to Commissioner Frattini asking him to clarify a series of issues of the PNR deal for this debate. Passenger information row settled (6.10.2006) http://www.guardian.co.uk/uklatest/story/0,,-6129789,00.html EU and US strike deal on air passenger data (6.10.2006) http://euobserver.com/9/22590 Passenger data deal for US and EU (6.10.2006) http://news.bbc.co.uk/1/hi/world/europe/5412092.stm EU-USA Agreement on PNR : EU put in danger the saftey of European citizens and residents (only in French, 6.10.2006) http://www.iris.sgdg.org/info-debat/comm-pnr1006.html Letter from Sophie In't Veld to Commissioner Frattini asking a series of questions on the agreement (10.06.2006) http://www.statewatch.org/news/2006/oct/eu-us-pnr-letter-to-commission.pdf Transfer of passenger name records (PNR) : the new agreement between the EU and the USA is an unacceptable infringement of the respect for human rights and data protection (9.10.06) English version http://www.aedh.net/eng/index.php?cat=com_ex&com=last&com_id=92 French Version http://www.aedh.net/index.php?cat=com_ex&com=last&com_id=91 EDRI-gram : EU-US agreement on passenger data transfer annulled (7.06.2006) http://www.edri.org/edrigram/number4.11/pnr ============================================================ 2. The European Parliament ready to vote on EPLA ============================================================ The European Patent Litigation Agreement (EPLA) will be the subject of a motion for a resolution in the European Parliament, after a compromise was made and filed by the three big groups of MEPs (EPP-ED, PES and ALDE). The three groups drafted a motion that " urges the Commission to explore all possible ways of improving the patent and patent litigation systems in the EU, including participation in further discussions on the EPLA and acceding to the Munich Convention as well as revising the Community Patent proposals; as regards the EPLA, considers that the proposed text needs significant improvements and a satisfactory proposal for the Rules of Procedure of the EPLA Court". Florian Mueller, anti-software patent campaigner referred to the proposal made by the three groups as a "pretty reasonable compromise", and a "defensive victory" for the anti-EPLA partisans. The Foundation for a Free Information Infrastructure (FFII) has described the same resolution proposal as "a compromised compromise" but expects the EP to adopt an improved version. FFII staff works to gain substantial improvements. The European Patent Office is pushing hard towards the creation of an "enhanced patent culture" in Europe, as expressed by its President, Alain Pompidou during the EPO online services conference in Lisbon on 9 October. The critics of the proposal believe that EPO will be given too much power, that it would result in an increase of costs for enforcing and challenging a patent. This would also lead to legitimising software patents and undermine the judiciary systems. EP will vote on 12 October 2006 on a motion for a resolution concerning the EPLA. The Greens, GUE/NGL and a group of EPP/PES/ALDE MEPs lead by Zverina MEP have each tabled their own amendments which could improve the motion. Jonas Maebe from FFII commented on this : " They want to remove a request for the EU to accede to the European Patent Convention, since that would transfer many EU patent-related competences to the mostly unaccountable European Patent Organisation. And rather than merely asking to improve the EPLA, they mention the actual problems with this draft agreement: the lack of accountability, cost and judicial independence concerns. Finally, they also ask for an opinion of the European Court of Justice regarding treaty-related concerns and once more stress the quality problems that plague the European Patent Office's output. We hope that these modest yet important amendments will receive significant support from MEPs. Not amended, the compromise motion would only call for removing democratic control and independent judicial oversight from as many EU patent competences as possible. We do not believe this is something most Members really want." FFII France - Patents and Innovation in danger at the European Parliament (only in French, 11.10.2006) http://www.ffii.fr/epla-vote-amendements Patentmeister weighs in on Euro IP system (9.10.06) http://www.theregister.co.uk/2006/10/09/epo_supports_epla/ A compromise in European patenting debate? (5.10.06) http://www.theregister.co.uk/2006/10/05/compromise/ Commissioner says EU patent doubts 'legitimate' (29.09.06) http://www.theregister.co.uk/2006/09/29/legitimate_doucts/ Commission statement - Future action in the field of patents European Parliament Plenary Session, Strasbourg, (28.09.2006) http://europa.eu.int/rapid/pressReleasesAction.do?reference=SPEECH/06/546&for mat=HTML&aged=0&language=EN&guiLanguage=en EDRI-gram: Europe faces software patents threat again (27.09.2006) http://www.edri.org/edrigram/number4.18/patsoft ============================================================ 3. The broadcast treaty stalled by WIPO General Assembly ============================================================ The General Assembly of the World Intellectual Property Organisation (WIPO) has decided that the very controversial proposed treaty on the protection of broadcasting organizations, including cablecasting organizations, must be approved by two more meetings before being put for discussion in a diplomatic conference established to take place from 19 November to 7 December 2007. The General Assembly considered these two meetings as necessary to achieve enough consensus among member states, as India, US and Brazil had objected to introducing the treaty immediately to a conference. Addressing the General Assembly, Robin Gross, executive director of IP Justice, said: "A diplomatic conference is now contingent upon member states reaching consensus where there are currently great differences such as the inclusion of anti-circumvention measures in the treaty and outlawing Internet retransmissions of programs." Discussions will continue in the January 2007 meeting at WIPO and in June 2007 at a meeting held along with a preparatory meeting for the Diplomatic Conference. The proposed treaty creates a new right for broadcasters on the content of broadcasts, even if the creator of the content is a third party. However this might lead to the situation when the creators no longer have permanent control over the content for which they have copyright. The 2007 conference will define the scope of a future treaty, as well as the duration of any protection granted. This decision of the General Assembly is encouraging, showing that WIPO is not a simple tool in the hands of the industries. Broadcast treaty needs sounding out, says WIPO (4.10.06) http://www.out-law.com/page-7357 General Assembly approves convening of diplomatic conference on the protection of broadcasting organizations (2.10.06) http://www.wipo.int/edocs/prdocs/en/2006/wipo_pr_2006_460.html U.N. convenes broadcasting treaty talks in 2007 (2.10.06) http://today.reuters.com/news/articlenews.aspx?type=industryNews&storyID=2006 -10-02T175644Z_01_L02127263_RTRIDST_0_INDUSTRY-TELECOM-WIPO-DC.XML WIPO broadcast treaty abandons rights-based approach (3.10.06) http://arstechnica.com/news.ars/post/20061003-7891.html WIPO General Assembly Puts Brakes on Broadcast Treaty, Overrules Chairman (2.10.06) http://ipjustice.org/wp/2006/10/02/wipo-general-assembly-decision-on-broadca... t-treaty-2/ EDRI-gram : Opposition to draft WIPO Broadcast Treaty (13.09.06) http://www.edri.org/edrigram/number4.17/wipobroadcast ============================================================ 4. Filesharing and digital evidence case in Sweden ============================================================ Andreas Bawer was accused in 2005 of sharing a film, called Hip Hip Hora, breaching the Swedish Penal Code. He was found guilty in the Swedish Court of First Instance, (Vdstmanlands Tingrdtt) in December 2005. However, in a recent decision on 2 October 2006 of the Swedish Appeal Court (Svea Hovrdtt) he was acquitted, the court identifying several faults in the digital evidences presented. Bawer, having allegedly shared film files, could, in accordance with the Swedish penal code, be sentenced for criminal liability on condition it was proven beyond reasonable doubt that the IP address used for file sharing was assigned to the computer Bawer owned or used, and that the court could not rule out others had used the said computer at the time of the alleged file sharing. The legal question in issue was whether there was sufficient evidence of probability that Bawer had shared a film file Hip Hip Hora. In Swedish law, the prosecuting authority has the burden of proof both for the subjective and objective conditions for criminal liability, and only evidence proven before the court make up the basis for the court4s assessment and judgement. In the Bawer-case the prosecuting authority contended the IP address was connected to Bawer4s computer. The evidence was a record made by the Swedish Antipiratbyren (Swedish Antipiracybureau) of Bawer4s file sharing. Antipiratbyren had access to a file sharing service named Walhall through which it made a search for the film Hip Hip Hora which allegedly was made available by Bawer. Antipiratbyren requested to download the film from Bawer using the file-sharing service Walhall, through which a download was performed. With the control program CommView, the Antipiratbyren recorded the traffic data between the computer of Antipiratbyren and Bawer's computer. Expert witnesses proved several faults with the record of the traffic data carried out by the Antipiratbyren through its use of the control program CommView. First, the recorded IP address could have belonged to a router or a firewall, which in turn, could have assigned the IP address to the culprit to use for filesharing. Second, the control program CommView monitored simultaneously file sharing carried out with different IPaddresses, whereas only one filesharing was recorded without any description of how the evidence was secured. Third, the record of the file sharing did not show a transcript of the time zone used for the record. Fourth, the record of the file sharing did not show a transcript of the date and time for the file sharing allegedly committed by Bawer. Fifth, the programs used to define the time of the record on the CD/DVD made by the Antipiratbyren showed discrepancies. Hence, the Swedish Appeal Court could not prove beyond reasonable doubt that the film file was shared from Bawer's computer. Consequently, Bawer was acquitted. The judgement shows the difficulties in proving with sufficient probability who acted, from where and at what time. The problems of digital evidence are complex and of a heterogeneous character. Electronic evidence, such as traffic, location and time data, can originate, be scattered and end on different formats and different coordinates in time and space, and may easily be manipulated and hard to identify, due to services offering anonymity or pseudonymity. Court citation- Judgement - Svea Hovrdtt (Swedish Appeal Court)(in Swedish only, 2.10.2006) http://www.domstol.se/default____966.aspx File Sharer acquitted (in Swedish only, 3.10.2006) http://www.aftonbladet.se/vss/rss/story/0,2789,898480,00.html Freedom of actions for file sharers ? ( in Norvegian only, 5.10.2006) http://forbruker.no/digital/nyheter/data/article1480842.ece (Contribution by Georg Philip Krog, doctoral researcher in Private International Law, University of Oslo - Norway) =========================================================== 5. SWIFT found in breach of Belgian laws =========================================================== A report issued by the Belgian Government on the very discussed SWIFT case of transfer of financial transaction data to the U.S. Government, concluded that SWIFT breached the Belgian law. The Belgian Commission responsible with the first report on the case stated: "The Commission is of the opinion that SWIFT finds itself in a conflict situation between American and European law and that SWIFT at the least committed a number of errors of judgement when dealing with the American subpoenas." The report says: "SWIFT should have complied with its obligations under the Belgian privacy law, amongst which the notification of the processing, the information, and the obligation to comply with the rules concerning personal data transfer to countries outside the EU." The report also states that SWIFT, in transferring data to the US Treasury should have observed the fundamental principles of European law such as "the principle of proportionality, the limited retention period, the principle of traprotection level." The commission reckoned SWIFT had tried to provide certain guarantees through its negotiations with the U.S. Treasury, but considered these attempts were inappropriate. It also stated that SWIFT should have notified Privacy Commissioners and not only G-10 banks. The European Data Protection Supervisor (EDPS) has also criticised the European Central Bank (ECB) as a SWIFT customer, for not stopping the Belgian banking company from sending European transaction details to US authorities. EDPS stated: "As to the role of the ECB as a SWIFT customer, the EDPS could not avoid feeling that it had accepted an inappropriate risk by continuing to transfer financial data through SWIFT after becoming aware of the arrangement with the US authorities. As to the role of the ECB as financial overseer, the EDPS would have expected more initiative to bring this arrangement - of which it was made aware in February 2002 - to the notice of relevant authorities and responsible governments". According to a set of recent non-answers provided by SWIFT to the questions from EDRi-member quintessenz, SWIFT confirmed is still confronted with ongoing subpoenas by US treasury and they still hand over large datasets . Belgian Prime Minister condemns SWIFT data transfers to U.S. as 'illegal' (28.09.06) http://www.privacyinternational.org/article.shtml?cmd[347]=x-347-543789 EU privacy chief slams central bank over SWIFT claims (4.10.06) http://www.out-law.com/page-7359 SWIFT answers to quintessenz Questions (2.10.2006) http://quintessenz.org/doqs/000100003696/2006_10_02,SWIFT_Questions.pdf EDRi-gram: European bodies discuss the SWIFT case (30.08.2006) http://www.edri.org/edrigram/number4.16/swift =========================================================== 6. European e-voting machines cracked by Dutch group =========================================================== The voting computers used to cast 90% of the votes in Netherlands were cracked by a Dutch Group called "Wij vertrouwen stemcomputers niet" (We do not trust voting computers). In a live public show on 4 October 2006 on the Dutch television channel Nederland 1, the group proved how the control program of such a voting machine - called Nedap/Groenendaal ES3B - could be replaced by exchanging 2 EPROMS on the board. The entire demonstration lasted less than 5 minutes. The demonstration was followed by a public report released on 6 October that explains how the program works, how the software was created and how they can gain complete control over the election results. It is almost impossible for election monitors or voters to detect any change. Moreover, it also shows how the group discovered that radio emanations from an unmodified ES3B can be received at several meters distance and be used to tell who votes what. The report comes at a delicate moment, with just one month and a half before the Parliamentary elections in Netherlands where the e-voting machines should be extensively used. The same computer voting is also being used in parts of Germany and France, with minor modifications. Use of this machine in Ireland is now on hold after significant doubts were raised. Colm MacCarthaigh from Irish Citizens for Trustworthy E-voting, after looking at the compromised Nedap machines, said that : "The attack presented by the Dutch group would not need significant modification to run on the Irish systems". Maurice Wessling, of Wij vertrouwen stemcomputers niet, underlined: "Compromising the system requires replacing only a single component, roughly the size of a stamp, and is impossible to detect just by looking at the machine". After the Irish reaction, the German NGO Computer Chaos Club has also asked for a ban on this e-voting machine, considering that it does not meet the basic standard of the German law. The Dutch report showed flaws similar to those discovered in Diebold Election Systems Inc.'s touch-screen voting machine, by Edward Felten, director of Princeton University's Center for Information Technology Policy. The flaws were presented in a public report released in September 2006 - Security Analysis of the Diebold AccuVote-TS Voting Machine. "We do not trust voting computers" Foundation http://www.wijvertrouwenstemcomputersniet.nl/Nedap-en Nedap/Groenendaal ES3B - voting computer a security analysis (6.10.2006) http://www.wijvertrouwenstemcomputersniet.nl/images/9/91/Es3b-en.pdf Dutch citizens group cracks Nedap's voting computer (7.10.2006) http://www.webwereld.nl/articles/43217/flaws-found-in-european-voting-machin... s.html E-voting machines successfully hacked (5.10.2006) http://www.siliconrepublic.com/news/news.nv?storyid=single7158 Dutch citizens group cracks Nedap's voting computer (6.10.2006) http://www.heise.de/english/newsticker/news/79106 Computer Chaos Club demands prohibition of voting computers in Germany (5.10.2006) http://www.ccc.de/updates/2006/wahlcomputer Security Analysis of the Diebold AccuVote-TS Voting Machine(13.09.2006) http://itpolicy.princeton.edu/voting/ =========================================================== 7. Open Letter against the revision of the Swiss copyright law =========================================================== At the end of September 2006, a new initiative, called kunstfreiheit.ch (freedom of art) was launched in Switzerland. It is basically an open letter to the Swiss Minister of Justice and the Swiss parliamentarians calling attention to the fact that the reform/expansion of copyright, which is currently being debated, is not in the interest of artists. After 40 prominent Swiss artists, curators and professors have signed it in advance, now the open letter is available to the public for further support from Internet users. Switzerland is one of the last European countries to revise its copyright law following the 1996 WIPO treaties. The main aim of the open letter is to make public the differing interests between artists and industry, helping to undermine the myth, which is still politically powerful, that the industry represents the interests of artists. The letter is drafted around three main principles that should be reflected in the new copyright law: a. Protection of artistic works should be in the heart of the copyright rather than having a higher control them b. Legal certainty in the usage of the present copyrighted works c. New artistic creativity should not be undermined by the DRMs The response from the visitors have been positive in the first week, with 400 artists and art professionals having signed the open letter. Kunstfreiheit (Freedom of Art) (in German only) http://www.kunstfreiheit.ch Open letter on copyright - Kunstfreiheit (29.09.2006) In German http://www.kunstfreiheit.ch/serendipity/uploads/Kunstfreiheit-brief.pdf In French http://www.kunstfreiheit.ch/serendipity/uploads/Kunstfreiheit-brief_f.pdf In Italian http://www.kunstfreiheit.ch/serendipity/uploads/Kunstfreiheit-brief_i.pdf Initiative Freedom of Art crticises the Swiss copyright plans (2.10.2006) http://www.heise.de/newsticker/meldung/78932 Succesful initiative again copyright revision (3.10.2006) http://www.kleinreport.ch/print_meld.phtml?id=36931 (Contribution by Felix Stalder - Department of New Media, HGK Zurich - Switzerland) =========================================================== 8. Digital Restriction Management - drm.info =========================================================== On 3 October 2006, the first Anti-DRM, a new collaborative information platform about the potential dangers of Digital Restriction Management (DRM) was launched. The DRM.info was initiated by the Free Software Foundation Europe (FSFE) and is supported by a group of organisations and authors. The main message of the new website is 'Your devices don't trust you!' as Joachim Jakobs, FSFE's media coordinator explains: "In fact they trust you so little that they will not even tell you that they put you under surveillance." DRM.info wants to inform and involve people in decisions that will affect them on a very personal level. All the contributors to the new platform have a shared concern about the lack of a social debate on issues surrounding DRM technologies. Georg Greve, FSFE's president underlined one of the dangers of DRM: "DRM technologies are based on the principle that a third party has more influence over your devices than you, and that their interests will override yours when they come in conflict. That is even true where your interest is perfectly legitimate and legal, and possibly also for your own data." DRM.info - Digital Restriction Management http://drm.info/ FSF Europe launches anti-DRM site (5.10.2006) http://www.heise.de/english/newsticker/news/79049 Digital Rights Management (only in German, 3.10.2006) http://netzpolitik.org/2006/digital-rights-management/ The European anti-DRM campaign has started (only in Italian, 4.10.2006) http://punto-informatico.it/p.aspx?id=1678123&r=PI =========================================================== 9. ENDitorial : PNR & Institutional Mechanisms of Privacy Protection =========================================================== A small detail on the EU-US agreement over the transfer of air passenger name records (PNR), and a non-related statement by US president George W. Bush, taken together give a nice highlight on the institutional mechanisms of privacy protection. EU Commissioner Frattini told the press on 6 October 2006 that under the new PNR agreement, the passenger data will be accessible to other US agencies involved in counter-terrorism and law enforcement "on the condition that these have a comparable level of data protection". This formulation of course is absurd if you allow the basically unlimited transfer of data, as the core idea of data protection consists in the protection against further transfer. It is also interesting, because under the 1995 EU data protection directive, data transfers to third countries are only allowed if there is an "adequate" level of protection. But let us accept it for the moment. What could be a comparable level of protection? Institutionally, the EU has adopted the German idea of a special privacy and data protection commissioner within government agencies or companies. This officer has to be independent from executive orders, because his or her job is exactly to provide control over the way the agency or company handles personal data of citizens, customers, or employees. The public data protection commissioners in Europe are also independent because they are elected by the national parliaments. The model has become quite popular in the last ten years. Many US-based corporations now also have their chief privacy officers (CPOs) basically fulfilling the same task. The Department of Homeland Security was the first government agency in the US that ever got a chief privacy officer. The position was institutionalized with the Homeland Security Act of 2002 (section 222) which established the department. By doing this, the Bush government tried to attenuate the harsh criticism from privacy advocates against the surveillance and data-mining programs concentrated in the DHS. But the DHS chief privacy officer is not independent. He (currently Hugo Teufel, III) is nominated by the Secretary for Homeland Security and is reporting to the executive branch it is supposed to control, not to Congress. At the annual international conferences of privacy and data protection commissioners, the DHS privacy officer therefore was never really recognized as "one of them", and was not allowed to participate as a peer in the internal meetings of national commissioners. Congress has repeatedly tried to increase the independence of the DHS CPO. This was done again in the 2007 spending bill for the Homeland Security Department. Section 522 states that: "None of the funds made available in this Act may be used by any person other than the Privacy Officer appointed under section 222 of the Homeland Security Act of 2002 (6 U.S.C. 142) to alter, direct that changes be made to, delay, or prohibit the transmission to Congress of any report prepared under paragraph (6) of such section." This is a complicated way (because it's a spending bill) of saying that only the privacy officer can edit the reports about how the department obeys privacy rules. Now, President Bush, when he signed the bill, attached a signing statement to it, which gives himself the authority to make changes to the agency's privacy office annual and other reports. Bush directs that: "the executive branch shall construe section 522 of the Act, relating to privacy officer reports, in a manner consistent with the President's constitutional authority to supervise the unitary executive branch." Do not assume that the DHS privacy officer has been a sharp watchdog yet. For example, the report on privacy protection of passenger name record information, published by his office in September 2005, basically says "everything is great and data is protected perfectly". So Bush is just insisting on his last word as the commander-in-chief. It becomes clearer if you look at the big picture: The EU allows the DHS to transfer passenger data to other agencies if they have a comparable level of data protection. The other departments and agencies do not have privacy officers who could ensure that this level of protection is really enforced. The DHS privacy officer does not have a level of independence comparable to his European colleagues. But even if he wants to report breaches of the weak privacy protection levels in US government agencies, President Bush and the White House can do the final editing of the reports and tell the privacy officer to shut up. So, the EU is giving its citizens' data away, and what it gets in return is no more than a "trust us" from the US Government. It reminds me of a recent statement by the German Ministry of Finances in the SWIFT affair. When asked by a conservative (!) member of the Parliament about the possibility of the US using the finacial data for economic espionage, the spokesman replied: Yes, they had discussed this with their American counterpart, but the US Government would not see this danger. The idea of having an independent privacy commissioner was one way of substituting this "trust me" model with institutionalized checks and balances. This is what democracy is all about, compared to authoritarian systems: Not having to trust the government, but instead controlling it. http://bendrath.blogspot.com/2006/10/passenger-records-and-institutional.htm... (Contribution by Ralf Bendrath, EDRi member Netzwerk Neue Medien e.V., Germany) =========================================================== 10. Recommended Reading =========================================================== EU data protection in police and judicial cooperation matters: Rights of suspects and defendants under attack by law enforcement demands http://www.statewatch.org/news/2006/oct/eu-dp.pdf Statewatch's Observatory on data protection in the EU http://www.statewatch.org/eu-dp.htm =========================================================== 11. Agenda =========================================================== 16 October 2006, Brussels, Belgium The European Commission will organise in Brussels on Monday 16 October a final conference on Radio Frequency Identification (RFID). http://www.rfidconsultation.eu/ 16-18 October 2006, Paris, France UNESCO Consultation meetings on WSIS Action Lines - Access to information and knowledge (C3), E-learning (C7), Ethical dimensions of the Information Society (C10) http://portal.unesco.org/ci/en/ev.php-URL_ID=17637&URL_DO=DO_TOPIC&URL_SECTIO N=201.html 19-20 October 2006 Kirchberg, Luxembourg Hack.lu 2006 Hack.lu is an open convention /conference where people can discuss about computer security, privacy, information technology and its cultural/technical implication on society. http://www.hack.lu/index.php/Main_Page 19-20 October 2006, Tallinn, Estonia The Digital Future of Cultural and Scientific Heritage http://telmemor.net/conference/ 20 October 2006, Bielefeld, Germany Big Brother Awards Germany http://www.bigbrotherawards.de/ 20 October 2006 , Bielefeld, Germany Demonstration "Freedom instead of Fear" (Freiheit statt Angst), against Security and Surveillance Delusion http://www.freiheitstattangst.de/ http://www.vorratsdatenspeicherung.de/ 23-24 October 2006, Brussels, Belgium Conference on International Transfers of Personal Data, organized by the European Commission jointly with the Article 29 Data Protection Working Party and the United States Department of Commerce's International Trade Administration. http://ec.europa.eu/justice_home/news/events/news_events_en.htm 25 October 2006, Vienna, Austria Big Brother Awards Austria http://www.bigbrotherawards.at 27-28 October 2006, Sofia, Bulgaria Cyber Terrorism as a new security threat http://www.crime-research.org/cyberterrorism07 29 October 2006, Athens, Greece First annual conference -Global Internet Governance Academic Network (GigaNet) http://www.internetgovernance.org/pdf/GigaNet.Athens.CFP.8.Sept.2006__2_.pdf 30 October - 2 November 2006, Athens, Greece Internet Governance Forum http://www.intgovforum.org/ 30 October 2006, Prague, Czech Republic Czech Big Brother Awards http://www.bigbrotherawards.cz 31 October 2006 - deadline for nominations Stupid Security Awards - Privacy International. The awards aim to highlight the absurdities of the security industry. The competition is open to anyone from any country. http://www.privacyinternational.org/stupidsecurity 1 November 2006, London, United Kingdom The database state? This workshop will feature expert speakers on two major UK databases: the Children's Information Sharing Index and the NHS Care Records Service. http://dooooooom.blogspot.com/2006/10/database-state.html 2-3 November 2006, London, United Kingdom 28th International Data Protection and Privacy Commissioners' Conference http://www.privacyconference2006.co.uk/ 15-16 November 2006, Skopje, Macedonia International Conference "e-Society.Mk" http://www.e-society.org.mk/ 30 November - 1 December 2006, Berlin, Germany The New Surveillance - A critical analysis of research and methods in Surveillance Studies. A two day international Conference hosted at the Centre for Technology and Society of the Technical University Berlin. http://www.ztg.tu-berlin.de/surveillance 14 December 2006, Madrid, Spain Conference on the Admissibility of Electronic Evidence in Court in Europe. The final event of the project Admissibility of the Electronic Evidence in Court in Europe (A.E.E.C.) funded by the European Commission and led by the Spanish company Cybex. http://www.cybex.es/AGIS2005/ =========================================================== 12. About =========================================================== EDRI-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRI has 21 members from 14 European countries and 5 observers from 5 more countries (Italy, Ireland, Poland, Portugal and Slovenia). European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRI-grams. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and visibly on the EDRI website. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 2.0 License. See the full text at http://creativecommons.org/licenses/by/2.0/ Newsletter editor: Bogdan Manolea <edrigram@edri.org> Information about EDRI and its members: http://www.edri.org/ - EDRI-gram subscription information subscribe by e-mail To: edri-news-request@edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. unsubscribe by e-mail To: edri-news-request@edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/edrigram-mk.php - EDRI-gram in German EDRI-gram is also available in German, with delay. Translations are provided Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users http://www.unwatched.org/ - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask <edrigram@edri.org> if you have any problems with subscribing or unsubscribing. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]