======================================================================= EDRi-gram biweekly newsletter about digital civil rights in Europe Number 10.15, 1 August 2012 ======================================================================= Contents ======================================================================= 1. A new Net Neutrality EC consultation delays possible regulations 2. Czech Republic: Data retention - almost back in business 3. Stravos Lambrinidis: EU First Special Representative for Human Rights 4. ETSI standard for lawful interception triggers privacy questions 5. Belarusian journalist detained for showing subway security flaws 6. Google still holds data unlawfully obtained by StreetView 7. France: Update on website blocking without a judicial decision 8. Reporters Sans FrontiC(res follows on the Wikileaks footsteps 9. Recommended Action 10. Recommended Reading 11. Agenda 12. About ======================================================================= 1. A new Net Neutrality EC consultation delays possible regulations ======================================================================= Following BERECbs report in May 2012 on Net Neutrality, the European Commission launched on 23 July 2012 another consultation, open by 15 October 2012, to investigate on whether ISPs are manipulating online traffic management, thus postponing new regulatory laws on Net Neutrality. But this consultation follows a similar one from BEREC that ended just yesterday, 31 July 2012. As BERECb report was revealing, 20-50% of the European ISPs use measures to block or restrict access to web sites and/or products run by their competitors. Although the EU communications rules say that users should be able to choose the applications and services they want without restrictions, the report has shown that a large number of European users are under contracts with their ISPs that limit their access to services such as Voip (Voice over Internet Protocol) or file-sharing sites. Other practices such as bandwidth throttling (deliberate slowing down of the services to certain websites) have been revealed. Digital Agenda Commissioner Neelie Kroes stated that the consultation would be used b to help prepare recommendations that will generate more real choices and end the net neutrality waiting game in Europe. There is a lack of effective consumer choice when it comes to Internet offers," she said. Yet, although Kroes mentioned the introduction of new EU guidelines in 2012 considering b regulatory intervention in competitive markets as inappropriateb, the new consultation opened by the Commission pushes back any possible decision. La Quadrature du Net has published a non-answer to the new consultation considering there is no time for another consultation on the subject. b The only way to protect a free Internet as well as freedoms and innovation online is to clearly enact and protect Net Neutrality in EU law.b It is already clear that European ISPs are applying restrictions to their usersb access and that national regulators cannot investigate and sanction. In UK, for instance, several ISPs such as BT, BSkyB, O2 and TalkTalk have already signed an Open Internet Code of Practice that generally requires them to ensure that they are offering their customers "full and open internet access". The code allows them to restrict open use of the internet through "traffic management" of their services provided they do not use it "in a manner that targets and degrades the content or application(s) of specific providers" and they ensure that a best effort Internet access is a "viable choice" to consumers even where other "managed services" are available. They signatories must also use "clear and transparent traffic management policies". Yet, the code has not been signed by large ISPs such as Virgin Media, Vodafone or T-Mobile and Orange operator Everything Everywhere who consider the text of the code may lead to b misinterpretation and potential exploitation" or have reservations regarding the restrictions on the use of the b internet accessb term. On-line public consultation on "specific aspects of transparency, traffic management and switching in an Open Internet" Deadline for reply: 15 October 2012 http://ec.europa.eu/information_society/digital-agenda/actions/oit-consultat... Public consultation on 'net neutrality' to delay EU rules on ISPs (24.07.2012) http://euobserver.com/871/117055 Non-answer to BEREC's Consultation: We need Net Neutrality Law! (25.07.2012) https://www.laquadrature.net/en/non-answer-to-berecs-consultation-we-need-ne... Net Neutrality: Brussels opens an umpteenth public consultation (only in French, 23.07.2012) http://www.numerama.com/magazine/23245-neutralite-du-net-bruxelles-ouvre-une... Ten UK ISPs commit to new 'open internet' code (25.07.2012) http://www.out-law.com/en/articles/2012/july/ten-uk-isps-commit-to-new-open-... EDRi-gram 10.11: BERECbs findings on net neutrality (6.06.2012) http://www.edri.org/edrigram/number10.11/berec-net-neutrality ======================================================================= 2. Czech Republic: Data retention - almost back in business ======================================================================= Nationwide preventive monitoring of electronic communication finds its way back into the Czech legal system. The original act was repealed in 2011 by the Constitutional Court b however, a new one is waiting only for the President's signature. Privacy campaigners fear possible data abuse given the insufficient regulation provided by the current Police Act as well as monitoring of contents of Internet communications which could potentially be made possible by the implementing decree to the new Act. Not only the Chamber of Deputies, but now also the Senate approved the government draft of the amended Electronic Communication Act, as well as amendments to several other laws reintroducing the obligation of telephone or Internet services providers to monitor the communications of their clients and provide them, upon request, to the police, intelligence services or the Czech National Bank. After the previous legal regulation was repealed by two decisions of the Constitutional Court in March and December 2011, nationwide monitoring of citizensb communications thus finds its way back into the Czech legal system. The government proposal of the Act that was passed in the Senate on 18 July 2012, reacts to the Constitutional Court decision and implements the European Directive which prescribes storing of traffic and localization data on electronic communications. According to EDRi-member Iuridicum Remedium (IuRe), which initiated the March decision of the Constitutional Court and also filed its comments during the preparation phase of the new legal regulation, the new Act is better than the repealed regulation b however it still contains a number of errors that will lead to unconstitutional interference with the privacy of citizens. The major problem, according to IuRe, is the very existence of the obligation of operators to generally monitor the communications of all citizens without any specific suspicion. Thus, a revision of the European Directive which introduced this obligation, and an assessment of its constitutionality by the European Court of Justice is seen by Iure as the key issues in this respect. "As for the Czech implementation of the Directive, when submitting comments during the preparatory phase, we tried to push for maximum limits in terms of monitoring of citizens and possible abuse of such data," says Jan Voboril, lawyer at IuRe. "The original proposal introduced by the Ministry of Interior in the summer of last year was from our perspective entirely unacceptable. During the legislative process, we have stepwise prepared comments for the Ministry of Interior, Members of Parliament as well as Senators. We are pleased that during subsequent discussions with representatives of the Ministry of Interior and other key institutions, we managed to get acceptance for stricter rules regarding the use of such data. For example, what we consider important is the introduction of the obligation to inform the respective persons that their data have been requested under the Criminal Code, highlighting the subsidiarity when using such data in criminal investigation, or the necessity of court permission when the data is requested by intelligence services or the Czech National Bank," adds Voboril. Many crucial issues still remain unresolved, which will, in IuReB4s opinion, lead to further unconstitutional use of such data in the future. "What we consider to be the most serious issue of the new legislation is that it ignores the current situation where the Police Act authorizes the police to use the data outside of criminal proceedings. Under the current Police Act, police officers may require data more or less without any limits, without court supervision and without any clearly defined and controlled processes. It is striking that although the police themselves wanted to define stricter rules for such use of the data during the preparatory phase of the new Act, this was refused by the Ministry of Interior. Not even Deputies or Senators paid attention to this huge gap opening up possibilities for information abuse by individual police officers b and this despite of repeated warnings from our side," explains Voboril. "We also have our concerns regarding the awaited implementing decree of the Act, which will among other things determine which data will be generally stored. This decree can put the new Act into entirely new light, both in respect of the invasion into citizensB4 privacy as well as technical and personnel details necessary - which will be reimbursed by the state. Crucial is the particular question of whether data on the recipientB4s side of Internet communication will be stored as well. Such provisions would mean not only de facto monitoring of the content of what we are surfing through on the Internet, but also a tremendous increase in public expenditures related to such monitoring. It is surprising that such a significant issue which can change the entire meaning of the Act and should be provisioned for directly in the Act, has gone entirely unnoticed by," concludes Voboril. The Act is currently still to be signed by the President. LetB4s wait and see whether, during his decision making, Vaclav Klaus will also think of the fact that, apart from dozens of other persons - not excluding the chairman of the Constitutional Court - also some people from his immediate surrounding appeared among the victims of data abuse resulting from the police authorization to require such data. (Contribution by EDRi-member Iuridicum remedium - Czech Republic) ======================================================================= 3. Stravos Lambrinidis: EU First Special Representative for Human Rights ======================================================================= On 25 July 2012, on a proposal by Catherine Ashton, EU High Representative for Foreign Affairs and Security Policy, the Council of the European Union appointed Mr Stravos Lambridinis, former MEP, as EU Special Representative for Human Rights. This appointment is the result of repeated demands from the European Parliament and a recommendation of the Foreign Affairs Committee. On 24 May 2012, indeed, the Foreign Affairs Committee called on the Council to appoint a EU's high-level human rights envoy with an international reputation. The creation of the human rights envoy follows the EU's Strategic Framework and Action Plan on Human Rights and Democracy that was adopted on 25 June 2012. As requested by the European Parliament, Mr. Lambridinis has a long-standing experience in human rights and international relations. In his earlier carrier, he was indeed nominated Chairman of the Committee for Human Rights at the Washington D.C.'s bar association. He also worked at the Greek Ministry of Foreign Affairs and became the Ambassador at Large of the Hellenic Republic. He was elected Member of the European Parliament in 2006, where he was Vice-Chairman of the Civil Liberties Committee. In 2009, he was elected Vice-President of the European Parliament. He served as Minister of Foreign Affairs for Greece from June to November 2011. The task of the EU Special Representative for Human Rights is to ensure the promotion of EU human rights policy worldwide. The mandate will be broad and flexible in order to give Mr Lambridinis the ability to adapt to different situations. He will work closely with the European External Action Service. He will in particular represent the EU at the international level, be responsible for the interactions with the UN and chair human rights dialogues with third countries. Mr Lambridinis' initial mandate will run until 30 June 2014. The goal is to enhance the effectiveness and consistency of EU policy. The news was broadly appreciated by the MEPs, and b warmlyb welcomed by the President of the European Parliament Martin Schulz (Germany, S&D), and by the chairwoman of the EP human rights subcommittee Barbara Lochbihler (Germany, Groups of the Greens). This appointment shows the willingness of the European Union to make human rights one of its strategic priorities and to give the EU a united voice on human rights issues. Mr Lambridinis said that he would b ensure the Human Rights gets integrated into all EU external policyb. Stavros Lambrinidis appointed first EU Special Representative for Human Rights (25.07.2012) http://www.consilium.europa.eu/uedocs/cms_data/docs/pressdata/EN/foraff/1320... Stavros Lambrinidis appointed EU Special Representative for Human Rights (26.07.2012) http://www.europarl.europa.eu/the-president/en/press/press_release_speeches/... MEPs congratulate new EU human rights envoy, Stavros Lambrinidis (25.07.2012) http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//TEXT+IM-PRESS+20... EC press briefing (25.07.2012) http://ec.europa.eu/avservices/audio/audioDetails.cfm?ref=87254&sitelang=fr (Contribution by Marie Humeau - EDRi) ======================================================================= 4. ETSI standard for lawful interception triggers privacy questions ======================================================================= The draft UK Communication Bill raises new privacy concerns after it has been revealed that the UK has also been driving the development of a European Telecommunications Standards Institute (ETSI) standard framework that allows interception of the content of communication as well. The Bill will allow the government to compel service companies like Google and Facebook to provide information to the police and intelligence services, while the framework sets out the technical standards for this. The draft Communication Bill is supposed to deal only with traffic data, according with the Government position: b The changes we are making only relate to the who, where and when of communications data. The interception of the content of any communications is a completely separate matter and continues to be strictly controlled by the Regulation of Investigatory Powers Act, requiring a warrant signed by the secretary of state" said a Home Office spokesman. But an April 2012 draft report from ETSI on Lawful Interception (LI) and Cloud/Virtual Services explains that an electronic communication provider that offers cloud services must maintain its obligation to LI. This means that "the cloud service provider must implement a Cloud Lawful Interception Function (CLIF). This can be by way of Applications Programming Interface (API) or more likely ensuring presentation of information in a format recognisable to interception mechanisms." The Guardian explains it as being measures to monitor "nomadic access", which means surveillance of an individual whether they go online from their home computer, mobile or an Internet cafC). "They are saying this is only about communications data, but in fact it is not. If you build the infrastructure that ETSI have agreed, it can be used for interception. The documents show that there is a clear and continuing intention to use it for interceptionb, explains Prof. Ross Anderson, from the University of Cambridge Computer Laboratory, "We're seeing moves at an international level to make it easier for the content of communications to be intercepted. For Home Office officials behind the communications data bill, spying on who we are emailing or Skyping is not their final objective. Officials from Britain are working internationally to force service providers to ensure that their systems are easy to tap into," concluded Nick Pickles, from Big Brother Watch. Security services to get more access to monitor emails and social media (28.07.2012) http://www.guardian.co.uk/technology/2012/jul/28/isecurity-services-emails-s... Draft ETSI DTR 101 567 V0.0.5 (2012-04) - Lawful Interception (LI); Cloud/Virtual Services (CLI) http://www.3gpp.org/ftp/tsg_sa/WG3_Security/TSGS3_LI/2012_45_Bratislava/SA3L... EDRi-gram 10.10: Concerns over the proposed Communication Bill in UK (23.05.2012) http://edri.org/edrigram/number10.10/draft-communications-bill-uk ======================================================================= 5. Belarusian journalist detained for showing subway security flaws ======================================================================= Several Belarusian journalists have been lately arrested for having shown flows in the security system of Belarus. The latest arrest, on 25 July 2012, was that of Vital Ruhayn on charges of hooliganism and obscene language in public. In fact, he became infamous for publishing a video online showing a lack of security on the Minsk subway although it was the target of a deadly bombing in April 2011. The video was clearly showing the journalist carrying a large bag into the Minsk metro and following the same route as the 2011 bomber - the police did not react in any way. Although the court released Ruhayn, he is still under prosecution and the hearing was only postponed for five days in order to allow the police to correct the inconsistencies in their testimonies and written reports. b Vital Ruhaynbs arrest is indicative of the regimebs sensitivities about matters related b closely or otherwise b to the Minsk bombing and national security. A journalist should not be arrested for highlighting police violations of security regulations. We call for the withdrawal of the trumped-up charges brought against him,b was the reaction of Reporters Without Borders. Also, in June, ERB reporter Pavel Svyardlow was arrested on similar obscene language charges, and was given a 15-day jail sentence and on 13 July journalist Anton Surapin was arrested for having posting on the Internet photos of the action of a Swedish advertising agency of 4 July - the agency people flew a light aircraft into the Belarusian airspace dropping hundreds of teddy-bears with messages supporting free speech in Belarus. Surapin is still held by the Committee for State Security on the charge of helping foreigners to cross the border illegally and is facing a three to seven years prison sentence. Journalist facing jail sentence for exposing Minsk metro security flaws (27.07.2012) http://en.rsf.org/belarus-journalist-facing-jail-sentence-28-07-2012,43120.h... Ruhain's case to be revised due to witnesses' confusion (26.07.2012) http://euroradio.fm/en/report/ruhains-case-be-revised-due-witnesses-confusio... Euroradio journalist Vital Ruhain is released (26.07.2012) http://euroradio.fm/en/report/euroradio-journalist-vital-ruhain-spend-night-... ======================================================================= 6. Google still holds data unlawfully obtained by StreetView ======================================================================= Google admitted, in a letter addressed on 27 July 2012 to UK Information Commissioner's Office (ICO) as well as to the Irish Data Protection Commission office that it had not yet deleted all the data unlawfully obtained in UK by its Street View cars. After the discovery in May 2010 that Google had scanned, by means of its Street View cars, the airwaves to identify and map WiFi thus unlawfully obtaining private data, the company was instructed to delete all data thus gathered. According to the present Googlebs letter, a b small portionb of the respective data is still in the companybs possession. Google also asked in its letter for instruction on how to proceed in deleting the rest of the data. "In recent months, Google has been reviewing its handling of Street View disks and undertaking a comprehensive manual review of our Street View disk inventory. That review involves the physical inspection and re-scanning of thousands of disks. In conducting that review, we have determined that we continue to have payload data from the UK and other countries. We are in the process of notifying the relevant authorities in those countries," said Google's privacy counsel Peter Fleischer. ICO answered the letter on 28 July saying Google should promptly supply the remaining data to the ICO which would "examine the contents" warning at the same time the company that it might be in breach of the terms previously agreed following the investigation into the issue in 2010. Billy Hawkes, the Irish Data Protection Commissioner, said Google was supposed to have deleted all the data and considered the situation "clearly unacceptable". ICO stated that it would coordinate its further actions in the matter with other data protection authorities through the Article 29 Working Party and the GPEN network. Google admits not all unlawfully-collected Street View data has been deleted (27.07.2012) http://www.out-law.com/en/articles/2012/july/google-admits-not-all-unlawfull... Google warned on data deletion delay (28.07.2012) http://www.independent.ie/national-news/google-warned-on-data-deletion-delay... EDRi-gram 10.12: Googlebs Street View privacy breach again in the public eye (20.06.2012) http://www.edri.org/edrigram/number10.12/google-steet-view-identification-ag... ======================================================================= 7. France: Update on website blocking without a judicial decision ======================================================================= Fleur Pellerin, the French State Secretary for Digital Economy announced on 24 July 2012 the intention of the French Government to give up the Decree on the application of a very controversial Article of LOPPSI 2 law which allowed online filtering of websites with child pornographic content without a court decision. Article 4 was stipulating that when b the necessities of the fight against broadcasting of images representing minors as per article 227-23 of the Criminal Code justify it, the administrative authority notifies (the ISPs) the electronic addresses of public electronic online communication services which contravene the provisions of this article that these must block or delay access to them.b One of the main concerns regarding this article is that the blocking could be done without the intervention of a court order. The draft decree for the entering into force of Article 4 from LOPPSI 2 (6 months after its publication) was to be published on 15 March 2012, after a consultation with CNN (Conseil National Numerique b National Digital Council) which never happened. However, the text of article 4 is still in the text of the law, so in order to solve the problem, it is necessary to change the law itself. Loppsi: the decree on site blocking without judge is abandoned (only in French, 25.07.2012) http://www.numerama.com/magazine/23260-loppsi-le-decret-sur-le-blocage-des-s... Loppsi: the government abandons blocking without judge (only in French, 25.07.2012) http://www.pcinpact.com/news/72658-loppsi-gouvernement-abandonne-blocage-sit... EDRi-gram 9.4: France: Loppsi 2 adopted - Internet filtering without court order (23.02.2011) http://www.edri.org/edrigram/number9.4/web-blocking-adopted-france-loppsi-2 ======================================================================= 8. Reporters Sans FrontiC(res follows on the Wikileaks footsteps ======================================================================= Reporters Sans FrontiC(res (RSF) is looking to take the Wikileaks path and will start accepting the publication of censured documents in October 2012 on a new dedicated platform. Called b We Fight Censorshipb, the RSF platform will distribute censored documents received from journalists, bloggers or political dissidents in order to offer a b digital shelterb for those who, by revealing such documents, might be persecuted, condemned, imprisoned or even assassinated. b Thanks to a digital ultra-secured safe, the Internet users will be able to provide the organisation, anonymously, with documents affected by censorship or interdicted for publicationb stated RSF who also added that the documents will not be published as such but put into context and the contents included will be verified to ensure the accuracy and correctness of the shared information. RSF already organised in 2010 an b anti-censure shelterb space for the protection of political dissidents, journalists and bloggers threatened by authorities, which allows them to surf and communicate rather safely by using various ciphering and anonymization tools. On 21 July 2012, the association organised a hackathon in order to test the reliability of the platform and the security of the document transmission system. RSF wants to fight censorship by publishing banned documents (only in French, 25.07.2012) http://www.numerama.com/magazine/23261-rsf-veut-combattre-la-censure-en-publ... We fight censorship http://wefightcensorship.org/en.html Hackathon "We fight censorship" on 21 July (20.07.2012) http://fr.rsf.org/france-hackathon-we-fight-censorship-05-07-2012,42964.html ======================================================================= 9. Recommended Action ======================================================================= Call for Papers for a special edition of IEEE Internet Computing on Internet Censorship and Control. The editors are looking for short (up to 5,000 words) articles on the technical, social, and political mechanisms and impacts of Internet censorship and control.They are soliciting both technical and social science articles, and especially encourage those that combine the two. Deadline for a brief description of the article: 15 August 2012 http://www.computer.org/portal/web/computingnow/iccfp3 Commission consults on a future EU Network and Information Security legislative initiative (27.07.2012) Deadline: 15 October 2012 http://europa.eu/rapid/pressReleasesAction.do?reference=IP/12/818&format=HTML&aged=0&language=EN&guiLanguage=en ======================================================================= 10. Recommended Reading ======================================================================= Online traceability: Who did that? (27.07.2012) http://www.lightbluetouchpaper.org/2012/07/27/online-traceability/ http://www.consumerfocus.org.uk/files/2012/07/Online-traceability-Who-did-th... Big data at your service http://ec.europa.eu/information_society/newsroom/cf/dae/itemdetail.cfm?item_... Linked Open Government Data http://www.computer.org/portal/web/csdl/doi/10.1109/MIS.2012.56 European Telco Proposal to ITU: A Threat to the Open Web? (27.07.2012) http://advocacy.globalvoicesonline.org/2012/07/27/european-telco-proposal-to... ======================================================================= 11. Agenda ======================================================================= 25-26 August 2012, Bonn, Germany Free and Open Source software conference (FrOSCon) http://www.froscon.de/en/program/call-for-papers/ 6-7 September 2012, Cluj-Napoca, Romania CONSENT policy conference: Perceptions, Privacy and Permissions: the role of consent in on-line services http://conference.ubbcluj.ro/consent/ 8-9 September 2012, Vienna, Austria Daten, Netz & Politik 2012 https://dnp12.unwatched.org/ 12-14 September 2012, Louvain-la-Neuve, Belgium Building Institutions for Sustainable Scientific, Cultural and Genetic Resources Commons. http://biogov.uclouvain.be/iasc/index.php 14-17 September 2012, Brussels, Belgium Freedom not Fear 2012 http://www.freedomnotfear.org/ http://www.freedom-not-fear.eu 7-10 October 2012, Amsterdam, Netherlands 2012 Amsterdam Privacy Conference http://www.apc2012.org/ 25-28 October 2012, Barcelona, Spain Free Culture Forum 2012 http://fcforum.net/ 6-9 November 2012, Baku, Azerbaijan Seventh Annual IGF Meeting: "Internet Governance for Sustainable Human, Economic and Social Development" http://www.intgovforum.org/cms/ 9-11 November 2012, Fulda, Germany Digitalisierte Gesellschaft - Wege und Irrwege FIfF Annual Conference in cooperation with Fuldaer Informatik Kollquium http://www.fiff.de/2012 ============================================================ 12. About ============================================================ EDRi-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRi has 32 members based or with offices in 20 different countries in Europe. European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRi-grams. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and are visible on the EDRi website. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 3.0 License. See the full text at http://creativecommons.org/licenses/by/3.0/ Newsletter editor: Bogdan Manolea <edrigram@edri.org> Information about EDRI and its members: http://www.edri.org/ European Digital Rights needs your help in upholding digital rights in the EU. If you wish to help us promote digital rights, please consider making a private donation. http://www.edri.org/about/sponsoring http://flattr.com/thing/417077/edri-on-Flattr - EDRI-gram subscription information subscribe by e-mail To: edri-news-request@edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. Unsubscribe by e-mail To: edri-news-request@edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/mk/vesti/edri - EDRI-gram in German EDRI-gram is also available in German, with delay. Translations are provided by Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users http://www.unwatched.org/ - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask <edrigram@edri.org> if you have any problems with subscribing or unsubscribing. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE