From a European perspective, the discussion about Thick Whois may definitely interest privacy advocacy organization and also people interested in data protection. ICANN is getting pressure from LEAs with support of some governments (US,UK etc), members of GAC (Governmental Advisory Committee) to implement Thick Whois without real privacy safeguards or a privacy impact assessment and pushing to include those

======================================================================= EDRi-gram biweekly newsletter about digital civil rights in Europe Number 10.12, 20 June 2012 ======================================================================= Contents ======================================================================= 1. The rise of the European upload filter 2. Austria: Data retention petition ignored by the Parliament 3. Google Transparency report: increasing trend of government censorship 4. German news article removed from search results after DMCA complaint 5. Article 29 WPbs opinion on the cookie exemptions 6. UK websites might have to identify b trollsb 7. Spanish Supreme Court says Google is not breaching copyright 8. Googlebs Street View privacy breach again in the public eye 9. Prague ICANN meeting to discuss Whois data 10. Culture: Global changes in production and consumption 11. ENDitorial: Data retention - faint heart never won fair lady 12. Recommended Reading 13. Agenda 14. About ======================================================================= 1. The rise of the European upload filter ======================================================================= In 2011, the European Union decided against the introduction of mandatory filtering in Europe, because a democratic analysis of the evidence showed that this was not necessary. In 2012, the European Union is working on a variety of projects to introduce b voluntaryb upload filters and, because they would be introduced on a so-called b voluntaryb basis, there will be no democratic analysis. There are at least three different initiatives currently underway with this target. Firstly, Commissioner Kroes' b CEO Coalitionb. As previously mentioned in the EDRi-gram, this initiative involves the Commission inviting big business to propose measures that will make the Internet a b safer place for childrenb. The fact that Facebook is in charge of privacy settings and Microsoft is in charge of b notice and takedownb appears to raise no concerns about the process being instrumentalised for business purposes. Microsoft's history in b notice and takedownb is hardly exemplary. Recent cases showing that Microsoft, using Google's global application of US copyright law, has repeatedly demanded that Google removes links from its search results b links which remain available on Microsoft's own search engine. Microsoft, on the other hand, has also developed a product called b photoDNA,b used by Facebook UK as an upload filter to prevent known child abuse material being added to their site. What happens when somebody tries to do this? Nobody knows. What happens if a criminal tries to upload innocent parts of images as a way of filtering his/her own collection of illegal images to identify images unknown to the police? We don't know. How big is the risk that this could lead to incentives to creating new illegal images and new abuse? We don't know. In the same vein, the b Safer Internet Programme 2012b announced that one of its strategies was to b develop a pilot test for trusted hash code / fingerprint series for preventing re-uploading of identified child sexual abuse materialb. Remarkably, the Commission's proposal includes an explicit reference to PhotoDNA, Microsoft's product. The plan is also to extend beyond photographic material and cover videos. Finally, the European Parliament is currently working on a non-legislative resolution on b the protection of minors in the digital world,b with Silvia Costa (S&D, Italy) as MEP in charge. Neither her draft report nor any of the amendments make a reference to filtering of any kind. However, the text, largely (as it seems reasonable to assume) donated by the child protection industry, is replete with references to b preventingb various online activities, without any discussions in the Parliament about filtering uploads to the Internet. The draft report also masterfully confuses illegal content with unspecified b unsuitableb content arguing that b measures to prevent illegal online content lead to differing approaches to the prevention of unsuitable conduct". But one can't really oppose the use of such a far-reaching strategy for child protection. If it protects children, why ask questions about whether there will be unforeseen or even counter-productive consequences? Why ask questions about whether this is the most effective use of resources? Why ask for democratic oversight or evidence of usefulness? And, of course, nobody would be so cynical as to re-use the technology for any other purpose, would they? Well, apart from terrorism, of course. The EU-funded b Clean ITb (not to be confused with the Iranian b clean Internetb) project is proposing the creation of a database of content b consideredb illegal. b Why not try and create a database where internet companies can check it to see if it's known illegal materialb asks the project manager? And if it protects society, why ask questions about whether there will be unforeseen or even counter-productive consequences? And all of the questions that are not asked about upload filters for child abuse material are not asked again in relation to terrorism. Well, apart from copyright, of course. The European Commission's report from 2010 on the application of the IPR Enforcement Directive argues that, b given intermediaries' favourable position to contribute to the prevention and termination of online infringements, the Commission could explore how to involve them more closely.b Safer Internet Programme http://ec.europa.eu/information_society/activities/sip/docs/call_2012/work_p... IPR Enforcement Directive http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2010:0779:FIN:EN:P... Draft European Parliament report on protection of minors (2.04.2012) http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE486.198 Clean IT project considers terrorist content database (6.06.2012) http://www.itnews.com.au/News/303729,clean-it-project-considers-terrorist-co... Busted: Microsoft Harbors BitTorrent Pirates (27.05.2012) http://torrentfreak.com/busted-microsoft-harbors-bittorrent-pirates-120527/ Facebook & PhotoDNA (19.05.2011) http://blogs.technet.com/b/microsoft_on_the_issues/archive/2011/05/19/facebo... (Contribution by Joe McNamee - EDRi) ======================================================================= 2. Austria: Data retention petition ignored by the Parliament ======================================================================= The Austrian Working Group on Data Retention counters the lack of responsiveness to citizens' political participation with even more participation. Albeit gaining support of over 100 000 citizens, the Austrian citizens' petition against data retention has been deferred to the Parliament Justice Committee by the Petition Committee. The Austrian working group on data retention (AKVorrat.at) has decided to change pace in the campaign and asks its supporters to contact the representatives in the justice committee, to ensure that their concerns are taken seriously. In October 2011, the Austrian working group on data retention (AKVorrat.at) started a petition, called citizens' initiative, asking the Austrian government to oppose the EU data retention directive and to evaluate all laws created with the aim to fight terrorism. In December, the initiative was passed to the Parliament with more than 4400 supporters. Since mid-December the initiative could be signed online and reached a total of 106 067 supporters until 30 May 2012. The Petition Committee of the Austrian Parliament dealt with the issue twice: in March and on 30 May 2012. Both times their schedule allowed only less than 5 minutes to deal with the initiative and its consequences. In March 2012, the Committee decided to ask three ministries (Justice, Interior and Infrastructure) as well as the Chancellor's office for statements. All ministries' statements clearly missed the point by stating that Austria had to implement data retention because of the Data Retention Directive of the European Parliament and of the Council. These statements are quite surprising as one of the key demands of the initiative is that the Austrian government should act within the European Union to abolish the Data Retention Directive. The other main demand - the evaluation of laws designed to fight terrorism - was completely ignored. In the second meeting, there was no reaction to the statements and the initiative was passed on to the Justice Committee. AKVorrat.at reacted quickly: "After being astonished initially by the brief treatment in the petition committee a new campaign was kicked off. Since the citizens' initiative can no longer be signed the new campaign asks all the supporters to contact the representatives in the justice committee to ensure proper treatment of the demands supported by more than 100,000 citizens. To date it is unclear how and when the initiative will be discussed in the committee. Nevertheless, the activists of AKVorrat.at are determined to maintain data retention as one of the hot topics in Austrian politics." Austrian Parliament - Citizens' initiative - Stop Data retention (only in German) http://www.parlament.gv.at/PAKT/VHG/XXIV/BI/BI_00037/index.shtml AK Vorrat Austria campaign against data retention (only in German) https://zeichnemit.at (Contribution by AK Vorrat - Austria) ======================================================================= 3. Google Transparency report: increasing trend of government censorship ======================================================================= According to Googlebs latest bi-annual transparency report covering the July-December 2011 period, the number of governmental requests for usersb private data and content taking down has continued to grow. The report shows the situation for each country separately and refers to the requests received from judiciary and executive power authorities, the request for content removal related to copyright infringements being dealt with separately. Thus, the total number of requests has reached 11 936 in the second half of 2011 as compared with 9 600 in the same period in 2010 and 8 959 in the second half of 2009. The Spanish Data Protection Agency, for instance, has made 14 requests for content removal, most of them related to results leading to blogs or websites that referred to political or public people. The agency has also requested the elimination of three blogs hosted by Blogger and 3 video clips from YouTube. Google has however refused to comply with the requests which had no court support, considering them as governmental censorship. In Poland the Agency for Development of Businesses had demanded the search engine to delete a search result that was not favourable to the Agency and 8 other links that were pointing to this result. In France, the state demanded the deletion of 61 content pieces by 31 requests, most of them for defamatory content or pornography on YouTube. Googlebs report is giving the number of requests the company complied with or rejected making a distinction between the judicial requests and the administrative ones. b There are several reasons why we do not comply with certain requests. Some of them may be specific enough so that we may know what the government wants us to suppressb. Google policy analyst Dorothy Chou has stated for Forbes that Google requires certain criteria for the requests. These must be submitted in a written form, have to come from an appropriate agency, must cite a criminal case and have to be narrow enough regarding the number of users that they affect and the time frame of data that is requested. bWe want to show that webre advocating on your behalf. But we also want to do right by the spirit and letter of the law,b says Chou. Google considers as alarming the fact that even countries considered democratic, such as Spain, France, Poland, UK, US or Canada have increased their requests related to political expressions. b We noticed that government agencies from different countries would sometimes ask us to remove political content that our users had posted on our services. We hoped this was an aberration. But now we know itbs not. Just like every other time before, webve been asked to take down political speech. Itbs alarming not only because free expression is at risk, but because some of these requests come from countries you might not suspectbWestern democracies not typically associated with censorship,b stated Chou. Google Transparency Report for July-December 2011 http://www.google.com/transparencyreport/removals/government/ Google denounces an alarming level of governmental censorship (only in French, 18.06.2012) http://www.numerama.com/magazine/22912-google-denonce-un-niveau-alarmant-de-... Google refuses the removal of the links that the Protection of Data requires (only in Spanish, 18.06.2012) http://tecnologia.elpais.com/tecnologia/2012/06/18/actualidad/1339999915_714... U.S. Government Requests For Google Users' Private Data Jump 37% In One Year (17.06.2012) http://www.forbes.com/sites/andygreenberg/2012/06/17/u-s-government- requests-for-google-users-private-data-spike-37-in-one-year/ ======================================================================= 4. German news article removed from search results after DMCA complaint ======================================================================= European procedures for the removal of online content that is judged or accused of being illegal currently depend on the interpretation of the e-Commerce Directive by Member States and private companies. This means that whenever sites, blog posts, images or comments on the internet are accused of being illegal, procedures implementing this Directive are not clear, not harmonised and lead to legal uncertainty. Internet service and hosting providers risk liability for the content of their customers once they have b actual knowledgeb of its illegality or, possibly, just its existence, and do not remove the content 'expeditiously'. It is however very foggy what b actual knowledgeb or b expeditiousb means and what the requirements for a valid notice can be. Any lack of clarity leads almost automatically to the undermining of fundamental freedoms and the due process of law, because online companies will seek to defend themselves by deleting any content that creates a legal risk for them. In the US, service and hosting providers can maintain their immunity via the so-called Digital Millennium Copyright Act (DMCA). Under these safe harbour protections, they cannot be held responsible for material that has been posted in breach of copyright. However, as soon as they receive a notification meeting certain conditions, they need to remove it from their services. Even though it can be argued that the structured US system is more predictable than the current European approach, it also has major flaws. Google's latest transparency report, which focuses on the takedowns for search links, has revealed how absurd some requests are. Microsoft for instance has requested the removal of over 2.5 million URLs. The sheer volume means that the complaints procedure is mainly or fully automatic, with Google and other recipients of the "notices" automatically deleting the information in question. On the basis of DMCA complaints, Google also deletes sites from global search results b with no concern for whether the content is legal outside the U S. For example, on 6 June 2012, Microsoft sent a DMCA takedown notice to Google regarding an article about Windows 8 published by the German IT-news platform Heise. The link to the article was removed without questioning the validity of the complaint. It was removed without even asking if the content would be legal in Germany. And it was removed without any consultation with the author of the article. Heise staff noticed accidentally that the link was removed only after finding the DMCA report on their Webmaster Tools service. The German publisher immediately sent a counter-notice which however implied that the counter-notifier gives its consent that the legal competent authority is the District Court of Santa Clara County in California b despite the fact that the affected company, blog, news platform or website owner is based in Europe. The initial notifying party then has 10 working days to react to the counter-notice. During this period, the website will still not appear in search results. According to Google's DMCA report received by Heise, it can take up to 11 hours to remove links from its search result upon receipt of a DMCA takedown request. However, it can take several weeks until a takedown is reported by the collaborative archive Chilling Effects Clearinghouse (chillingeffects.org). This recent example shows that the DMCA is, despite being more predictable than the European system, a process in which a website is first shut down and only then questions are being asked with regards to the legality of the content. In the US and elsewhere, the application of the DMCA has led to the deletion of speech content without warning in numerous cases. In Europe, it is now essential to establish a differentiated approach, procedures that are transparent and allow for due process to avoid void, accidental and deliberate abuse leading to the take down of legitimate, non-infringing content and to ensure the functioning of the Digital Single Market. With the aim to establish a framework and to provide guidance on European notice and takedown procedures, the EU Commission has just launched a public consultation in order to clarify the implementation of the e-Commerce Directive by the end of this year. All stakeholders and interested individuals are invited to reply to the public consultation and to provide the Commission with input before 5 September. Microsoft asked to delete Heise article from Google search results (only in German, 8.06.2012) http://www.heise.de/newsticker/meldung/Microsoft-liess-Heise-Meldung-aus-Goo... Google's Transparency Report on takedown requests http://www.google.com/transparencyreport/removals/copyright/ RIAA Demands Unlimited DMCA Power From Google (2.06.2012) http://torrentfreak.com/riaa-demands-unlimited-dmca-power-from-google-120502... European Commission consultation questionnaire - A clean and open Internet: Public consultation on procedures for notifying and acting on illegal content hosted by online intermediaries Deadline: 5 September 2012 http://ec.europa.eu/yourvoice/ipm/forms/dispatch?form=noticeandaction (Contribution by Kirsten Fiedler - EDRi) ======================================================================= 5. Article 29 WPbs opinion on the cookie exemptions ======================================================================= On 12 June 2012, the Article 29 Working Party (WP 29) published an opinion on the issue, focusing on two exemption criteria established by the new cookie-related provisions in the ePrivacy Directive: A- the use of the cookie b for the sole purpose of carrying out the transmission of a communication over an electronic communications networkb and B - the use of a cookie if b strictly necessary in order for the provider of an information society service explicitly requested by the subscriber or user to provide the serviceb. WP 29 established in its opinion the circumstances when the exemption criteria do not apply such as forcing controllers, processors, and third party actors to obtain informed consent before using a cookie. As regarding criterion A, the WP 29 considers this exemption can be used only when the cookies are pivotal to the transmission of the communication and when the transmission is not be possible without the use of the cookies. "Simply using a cookie to assist, speed up or regulate the transmission of a communication over an electronic communications network is not sufficient," says the opinion. Regarding criterion B, the opinion says: "There has to be a clear link between the strict necessity of a cookie and the delivery of the service explicitly requested by the user for the exemption to apply." Cookies served for the purposes of providing a specific functionality within websites will not be considered b strictly necessaryb unless "the functionality will not be available" without the cookie and the user has "explicitly requested" the functionality from the website. According to the opinion, some cookies can be exempted from informed consent under certain conditions if they are not used for additional purposes - these cookies include for example b user-inputb cookies (used to keep track of the userbs input when filling online forms or as a shopping cart, also known as session-id cookies), multimedia player session cookies and user interface customization cookies (for example language preference cookies to remember the language selected by a user). The cookies that should not be covered by the exemption include social plug-in tracking cookies; third party advertising cookies, third party and first party analytics cookies. Regarding third party and first party analytics cookies, WP 29 remarks however that they carry low privacy risks when they are limited to first party aggregated statistical purposes and when used by websites which also provide adequate privacy safeguards. WP 29 also believes e-Privacy Directive should be amended in order to introduce a new exemption to consent "for cookies that are strictly limited to first party anonymized and aggregated statistical purposes." Opinion 04/2012 on Cookie Consent Exemption (7.06.2012) http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion... Article 29 Press Release on cookie consent exemption (12.06.2012) http://www.statewatch.org/news/2012/jun/eu-wp-29-dp-cookies.pdf Websites may only place cookies without user consent if services would not work without them, say regulators (13.06.2012) http://www.out-law.com/en/articles/2012/june/websites-may-only-place-cookies... ======================================================================= 6. UK websites might have to identify b trollsb ======================================================================= According to the new UK government proposals, website operators might soon have to identify users who have posted defamatory messages online, so that the victims of the respective messages may take legal action against the "trolls". Presently in UK, a website operator is liable for everything that appears on its site and therefore it can be taken to court by anybody who claims something defamatory has been posted about him/her on the respective website. The websites are now removing content as soon as a defamation claim is made, irrespective of whether it is right or wrong. "As the law stands, individuals can be the subject of scurrilous rumour and allegation on the web with little meaningful remedy against the person responsible. Website operators are in principle liable as publishers for everything that appears on their sites, even though the content is often determined by users,b says Justice Secretary Ken Clarke. The UK Ministry of Justice is now proposing a Defamation Bill, which is under debate in the House of Commons, that will force operators to identify the creator of a defamatory message and to give that information to the victim so that he (she) may take action directly against the person having posted the defamatory content. The government states that there will also be measures to strengthen freedom of speech and prevent false claims meant to get material removed. "It will be very important to ensure that these measures do not inadvertently expose genuine whistleblowers, and we are committed to getting the detail right to minimise this risk," said Clarke. The present rule that currently counts each separate viewing of a controversial web page as a separate defamatory offence will be removed and a one-year time limit will be introduced to online defamation claims in order to stop people complaining about old articles. However, privacy advocates are concerned about the possible abuse that the new bill might bring forth. Privacy International believes that a large part of the content posted by online trolls is not actually defamatory being rather b harassment, invasion of privacy or simply unpleasant but lawfully-expressed opinionb and is concerned that "gun-shy website operators will start automatically divulging user details the moment someone alleges defamation in order to shield themselves from libel actions". b If the choice is between protecting users' anonymity and avoiding a potentially costly lawsuit, many small operators are not going to be overly concerned about whether or not a user has genuinely defamed the complainant," said Emma Draper, head of communications at Privacy International to BBC News. For the time being, ISPs seem critical to the proposal as they will be forced to store more information about Internet usage and emails. The proposal will also force them to block all access to pornography websites unless customers specifically state otherwise. Websites to be forced to identify trolls under new measures (12.06.2012) http://www.bbc.co.uk/news/technology-18404621 Victims of internet abuse to get new power to identify 'trolls' (12.06.2012) http://www.telegraph.co.uk/technology/news/9324956/Victims-of-internet-abuse... Q&A: Who are internet trolls - and how is the law changing? (12.06.2012) http://www.bbc.co.uk/news/technology-18408457 ======================================================================= 7. Spanish Supreme Court says Google is not breaching copyright ======================================================================= The Spanish Supreme Court ruled on 3 April 2012 that Google was not in breach of copyright with its browser and cache services. The ruling was given in a case filed in 2006 by the owner of a web page (Megakini.com) for having reproduced and made available its contents, by means of the Google search engine and the Google Cache service, without authorisation. The Supreme Court comes to confirm the previous decision given by the lower court in Barcelona, on 30 March 2007, and the ruling on the appeal of the Provincial Audience of Barcelona, on 17 Sept. 2008, which both concluded the same, although on different grounds. Regarding the reproduction and making available of parts of the webpage contents, all three courts agreed this was not an infringement of the copyright law as it had a temporary, incidental and minimal character. The Supreme Court also rejected the infringement claim in relation to Google cache service. The reason that laid at the basis of the decision was the three-step-test guiding the interpretation of the statutory limitations to the exclusive copyrights. Google Cache service is a b socially toleratedb use which was not prejudicial to the interests of the claimant. The claimant had asked for 2000 Euro in damages and for the shut down the whole operation of the search engine which the court considered a b maximalist petitum". According to the court the copyright laws "do not authorize abusive claims nor absurd hypotheses meant to prejudice another without own benefit". However, the court made it clear that the ruling only extended to the specific circumstances of the case and that b courts do not solve doctrinal polemics.b Court decision (only in Spanish, 3.04.2012) http://pdfs.wke.es/8/6/1/5/pd0000078615.pdf The Supreme Court agrees with Google and considers that its activity does not breach copyright (only in Spanish, 13.06.12) http://www.elmundo.es/elmundo/2012/06/13/navegante/1339570444.html The Supreme Court makes clear that the ruling only extends to the specific circumstances of this case and Spanish Supreme Court rules in favour of Google search engine (15.06.2012) http://kluwercopyrightblog.com/2012/06/15/spanish-supreme-court-rules-in-fav... ======================================================================= 8. Googlebs Street View privacy breach again in the public eye ======================================================================= Recently, the UK Data Protection Authority - Information Commissioner's Office (ICO) has decided to reopen its investigation on Google over the collection of personal information by Google Street View project from May 2010. As a reaction to the US Federal Communications Commission (FCC)bs report issued earlier this year into the Street View data collection, ICO has now sent a written request to the search engine asking for more details regarding its knowledge of, and reaction to, the data collection. FCCbs report concluded that an engineer working for the company, with the approval of a manager of the company, had written a software code allowing the Street View cars to collect "payload" data from unencrypted Wi-Fi networks in the area covered by the cars "for possible use in other Google projects." The software allowed for the gathering of entire emails, usernames and passwords. "The ICO have reviewed the findings of the FCC report and we understand that a wide range of personal data together with some sensitive data was present in the payloads including, IP addresses, full user names, telephone numbers, complete email messages, email headings, instant messages and their content, logging in credentials, medical listing's and legal infractions, information in relation to online dating and visits to pornographic sites and data contained in video and audio files," says Steve Eckersley, the ICO's head of enforcement, in the letter addressed to Google. Having in view that in 2010 Google admitted to have gathered personal data but stated this had been done by mistake and that now the situation reported by FCC shows that it is likely that such information was deliberately captured, the ICO asks now more information regarding what personal and sensitive personal data was captured in the UK. It also wants details regarding the time when Google managers first became aware that personal information was being gathered and about the technological or organisational measures taken by the company to limit any further data collection. Google is also asked to provide a b substantial explanation" of the sample data sent during the initial assessment of the issue as well as copies of the design documents and associated logs containing "managerial decisions and rationale". Google stands in a better position in Switzerland however where the Federal Tribunal has recently ruled that Google did not have to guarantee absolute anonymity for people pictured in its Street View service. "It must be accepted that up to a maximum of 1 percent of the images uploaded are insufficiently anonymized," ruled the Supreme Court on 8 June 2012. However, the Court also stated that Google had to make it easy for people to have their images manually blurred, and ensure total anonymity in sensitive areas such as schools, hospitals, women's shelters and courts. ICO reinvestigates Google's Street View data collection (13.06.2012) http://www.out-law.com/en/articles/2012/june/ico-reinvestigates-googles-stre... Google wins partial repeal of Swiss privacy ruling (8.06.2012) http://www.google.com/hostednews/ap/article/ALeqM5jqamDsi-XekvVlZOrHULCU9Hm6... EDRi-gram: Google admits it was gathering passwords and emails via StreetView (3.11.2010) http://www.edri.org/edrigram/number8.21/street-view-collects-emails ======================================================================= 9. Prague ICANN meeting to discuss Whois data ======================================================================= An ICANN meeting will be held in Prague between 24-29 June 2012, where issues and topics impacting users, consumers and registrants, like whois access and the extension of domain space with ongoing new gTLD program, will be discussed. As a reminder, ICANN is an Internet governing body managing mainly IP addressing and domain names and which is implementing a multi-stakeholder model, bottom-up and consensus-based policy-making process . ICANN as an organization still needs important improvements on accountability, transparency and public interest aspects and also in the involvement of the civil society, activists and academics. It is also developing more complex structure and processes advantaging insiders. The debates are dominated by business and trademark perspective and privacy, human rights, freedom of expression are still marginalized and not systematically included or assessed in the policy making process. One of the rare open spaces in ICANN for the participation of the civil society remains the Non-commercial Stakeholder Group (which includes for example NCUC - the historical non-commercial users constituency). It is one of the stakeholders forming the GNSO (the structure responsible for policy making for gTLD). Prague meeting is an opportunity for NGOs in Europe to follow ICANN activities more closely and to participate in the process since there are several public sessions and in particular the traditional public forum on Thursdays where they can express their concerns. provisions in the registrar's agreements or RAA (Registrar Accreditation Agreement) which is currently under negotiations as well as in the expected new gTLDs to be launched in next years. The ongoing new gTLD program also represents new challenges, benefits and risks for consumers and users. The list of applications for new gTLD was revealed on the 13 June 2012. The process will continue and will include a period for community comments and also possible objections against some TLDs, which may raise a Freedom of Expression issue, in particular, with giving governments, via GAC, the possibility to send "early warnings". Finally, European NGOs are strongly advised to attend the ICANN meeting to be more familiar with those topics and to see how they can be involved in the process to influence it although domain names issues seem narrow as compared to Internet policy topics in general. The development of policies in ICANN and its own model are setting a precedent in the Internet governance context that we need to care about. Website with practical information about ICANN Prague meeting (24-29 June 2012) http://prague44.icann.org Explanation of the process to object an applied gTLD http://newgtlds.icann.org/en/program-status/objection-dispute-resolution Whois recommendations from the review team (5.12.2011) http://www.icann.org/en/news/public-comment/whois-rt-draft-final-report-05de... Homepage of Non-commercial Stakeholder Group http://gnso.icann.org/en/about/non-commercial.htm (Contribution by Rafik Dammak - Non-Commercial Users Constituency/Non-commercial Stakeholder Group) ======================================================================= 10. Culture: Global changes in production and consumption ======================================================================= The Green MEPs Eva Lichtenberger, Sandrine BC)lier and Helga TrC<pel hosted an event on 7 June 2012 in the European Parliament on the global changes in production and consumption of cultural goods. The first speaker at the event was FrC)dC)ric Martel, writer, journalist, researcher and book critic who worked at the French Embassy in Boston as head of the French cultural and academic services. The mutation is due to two different phenomena: globalisation and digitalisation. The novelty is that the developing countries are taking part in those phenomena and they have to adapt to both globalisation and digitalisation at the same time. The approach to digitalisation is different in Europe from that in the developing countries. In Europe the content industries are adopting a defensive behaviour against digitalisation, while in the developing countries they see it as an opportunity. The creative industry is changing, but one should not forget that the big American studios also finance small independent studios. A new debate on diversity is appearing because even though there is globalisation, the cultural issues stay national. Countries like Brazil do not have the capacity to function by the US and European system of copyright. The second panellist was Philippe Aigrain, co-funder of la Quadrature du Net. He introduced his speech by defending the legalisation of file sharing and the necessity to find a new financing system b such as a global license. But he focused his speech on looking at the reality of the cultural production and the example of creative writing as a new production opportunity. Today, the non-market practices of individuals are playing an important role even more than the selling and licensing of content, he said. Internet should not be seen as a distribution channel but a a place of cultural, creative and expressive activities. Internet is a creation tool. There is a huge textual production with blogs, microblogs and so on, that allow fair trade publishing favouring both authors and readers. It is however true that this cannot apply to all media. The last speaker was Lucy Montgomery, from Queensland University of Technology (Australia). She spoke about the Chinese market. New models are emerging in China. She took the examples of music, film and fashion in which even though there is piracy and counterfeit, the market is booming and people consume a lot, but differently. Getting completely rid of copyright is a crazy idea, but there is a necessity to understand the co-evolution of innovation and copyright which creates a complex eco-system. Webpage of the event (7.06.2012) http://www.greens-efa.eu/global-changes-in-the-production-and-consumption-of... Recorded stream of the event (7.06.2012) http://greenmediabox.eu/archive/2012/06/07/culture/ (Contribution by Elena Cantello - EDRi intern) ======================================================================= 11. ENDitorial: Data retention - faint heart never won fair lady ======================================================================= Six years ago, as a result of pressure from the UK, the European Union adopted the Data Retention Directive. The measure was intended to harmonise the EU single market for telecommunications, requiring all EU operators to retain data for the purposes of b investigation, detection and prosecution of serious crime,b including terrorism. Member States were placed under an obligation to produce statistical information about the use of such data, with an evaluation report planned for September 2010. None of the elements of that plan has been achieved: The evaluation report which the Commission was legally obliged to produce by September 2010 was finally released in March 2011. Despite the fact that the legal basis of the Directive is the creation of a b Single Marketb, the report produced a long list of examples of how the Directive has failed to harmonise the single market b to the point of probably having created new barriers. The report also shows that several EU Member States have no definition of b serious crimeb, meaning that the core safeguard against disproportionate use of the data has no agreed meaning. Finally, the report illustrates that the Member States have, with very few exceptions, failed to live up to their obligation under the Directive to provide statistical information. In the context of the lamentable failure of the Directive, Commissioner Cecilia MalmstrC6m has taken the only decision available to her. She has decided to review the legislation and her services have recently completed an b impact assessmentb which details the various policy options available to her. In order for a new proposal to become law, it would need to be approved by a majority of Member States (based on a complicated weighted voting system) and a majority in the European Parliament. It is the mathematics of this process which makes the Commissioner's choice a very difficult political one. Whatever solution is found also needs to deal realistically with the fact that the b e-privacy Directiveb (Article 15) recognises a right for Member States to introduce data retention with very vague, unclear safeguards. The uncertainty and confusion created by that provision (also a UK initiative) was illustrated in the recent Bonnier Audio case in the European Court of Justice (Case C-461/10). Even a full repeal of the Data Retention Directive would not stop Member States from exploiting that loophole to impose retention measures and maintaining their confused, disproportionate and counterproductive domestic legislation. The repeal of Article 15 of the E-Privacy Directive is therefore the only logical policy b and internal Commission politics (the e-Privacy Directive is not administered by Commissioner MalmstrC6m's services) should not stop this from happening. Once that essential step has been taken, the Commission has four options: it can do nothing, it can propose minor reforms that it knows the Council will accept, it can propose major reforms or it can repeal the Directive. Option 1: Do nothing On 3 May 2009, Commissioner MalmstrC6m took a personal oath to uphold the European Charter of Fundamental Rights. The Charter includes Article 52, which says that restrictions on fundamental rights are only permissible if they b necessary and genuinely meet objectives of general interest recognised by the Union.b It is impossible to read the Commission's implementation report of the Directive and conclude that there is any possibility that this requirement is currently being met. Doing nothing also does not solve the problem that the Data Retention Directive is a b single market Directiveb that has not harmonised the single market and cannot do so in its current form. Option 2: Minor reforms Similarly, proposing minor amendments would be expedient and is definitely a politically attractive option. The Commission could propose measures that it knows the Member States would accept, such as a small reduction in the maximum retention period and some others, like cost-reimbursement for operators, which the Member States would not accept. The Commission would then have b clean handsb and could blame the Member States for not accepting all of its b reformsb. This approach also comes with considerable risks. In particular, the European Parliament is somewhat unpredictable on this dossier. On the other hand, the UK, which single-handedly pushed through the initial Directive, is now proposing even more extreme measures, such as the creation of vast silos of communications data b a 1.8 million pound set of databases of essentially every online interaction of every citizen. As a Liberal, Commissioner MalmstrC6m would hardly like to be remembered as the Commissioner whose legislative proposal has led to EU-wide surveillance of a scale that would have shocked Orwell. Option 3: Major reforms While keeping data retention, the Commission could propose big reductions in retention periods, to bring them approximately in line with technically necessary retention of data (for billing and network security purposes). The problem with this approach is that it would generate huge opposition among the Member States in the Council. One of the unwritten rules in the Council is that, if two large Member States are opposed to a proposal, it is not even put to a vote. Currently, three large Member States (UK, France, Italy) are vehemently opposed to any significant reform. Despite the difficulty of the task, overturning a big majority would however show leadership, show that the Commission does respect the Charter of Fundamental Rights and show due deference to the legal framework of the European Union more broadly. A strong leadership from the Commission supporting fundamental rights stands a good chance of support from the European Parliament, which would help put pressure on the Member States. Option 4: Repeal All other things being equal (Ceteris paribus), getting enough political support from the Council and the Parliament for a repeal of the Directive faces as many barriers as a major reform. However, there is now a referral of data retention to the European Court. The court has already expressed concern about the legality of data retention. In the Telefonica/Promusicae case, the Advocate General questioned whether b the storage of traffic data of all users without any concrete suspicions b laying in a stock, as it were b is compatible with fundamental rightsb. With the background of the ECJ referral, the failures of the Directive to achieve its goals and the European Parliament's long-standing antipathy to the principle of Data Retention, existing doubts in the European Court about the legality of data retention, a repeal is not as extreme as it sounds. Solving the single market and predictability problems created by a repeal of the Directive will be less challenging than solving the single market and predictability problems created by the continuing existence of the Directive. In any event, one thing is clear, the easiest solutions for Commissioner MalmstrC6m are the least defensible. Courage is needed. (Contribution by Joe McNamee - EDRi) ======================================================================= 12. Recommended Reading ======================================================================= EDPS opinion on smart metering (8.06.2012) http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consul... Letter from the Article 29 Working Party addressed to Mr. Juan Fernando LC3pez Aguilar, Chairman of the LIBE Committee, regarding the negotiations on the Proposal for a Directive on EU PNR (12.06.2012) http://ec.europa.eu/justice/data-protection/article-29/documentation/other-d... Letter from the Article 29 Working Party addressed to Ms. Cecilia MalmstrC6m, Commissioner for Home Affairs, regarding Smart Borders (12.06.2012) http://ec.europa.eu/justice/data-protection/article-29/documentation/other-d... ======================================================================= 13. Agenda ======================================================================= 24-29 June 2012, Prague, Czech Republic ICANN 44 meeting http://prague44.icann.org/ 27 June 2012, Brussels, Belgium Pan-European Forum on Media Pluralism and New Media http://www.mediapluralism.eu/ 2-6 July 2012, Budapest, Hungary Policies and Practices in Access to Digital Archives: Towards a New Research and Policy Agenda http://www.summer.ceu.hu/sites/default/files/course_files/Policies-and-Pract... 9-10 July 2012, Barcelona, Spain 8th International Conference on Internet Law & Politics: Challenges and Opportunities of Online Entertainment http://edcp.uoc.edu/symposia/idp2012/cfp/?lang=en 11-13 July 2012, Vigo, Spain The 12th Privacy Enhancing Technologies Symposium (PETS 2012) http://petsymposium.org/2012/ 25-26 August 2012, Bonn, Germany Free and Open Source software conference (FrOSCon) http://www.froscon.de/en/program/call-for-papers/ 6-7 September 2012, Cluj-Napoca, Romania CONSENT policy conference: Perceptions, Privacy and Permissions: the role of consent in on-line services Call for papers by 30 June 2012 http://conference.ubbcluj.ro/consent/ 8-9 September 2012, Vienna, Austria Daten, Netz & Politik 2012 Call for Contributions Deadline: 22 July 2012 https://dnp12.unwatched.org/ 12-14 September 2012, Louvain-la-Neuve, Belgium Building Institutions for Sustainable Scientific, Cultural and Genetic Resources Commons. http://biogov.uclouvain.be/iasc/index.php 7-10 October 2012, Amsterdam, Netherlands 2012 Amsterdam Privacy Conference http://www.ivir.nl/news/CallforPapersAPC2012.pdf 25-28 October 2012, Barcelona, Spain Free Culture Forum 2012 http://fcforum.net/ 6-9 November 2012, Baku, Azerbaijan Seventh Annual IGF Meeting: "Internet Governance for Sustainable Human, Economic and Social Development" http://www.intgovforum.org/cms/ 9-11 November 2012, Fulda, Germany Digitalisierte Gesellschaft - Wege und Irrwege FIfF Annual Conference in cooperation with Fuldaer Informatik Kollquium http://www.fiff.de/2012 ============================================================ 14. About ============================================================ EDRi-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRi has 31 members based or with offices in 19 different countries in Europe. European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRi-grams. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and are visible on the EDRi website. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 3.0 License. See the full text at http://creativecommons.org/licenses/by/3.0/ Newsletter editor: Bogdan Manolea <edrigram@edri.org> Information about EDRI and its members: http://www.edri.org/ European Digital Rights needs your help in upholding digital rights in the EU. If you wish to help us promote digital rights, please consider making a private donation. http://www.edri.org/about/sponsoring http://flattr.com/thing/417077/edri-on-Flattr - EDRI-gram subscription information subscribe by e-mail To: edri-news-request@edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. Unsubscribe by e-mail To: edri-news-request@edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/mk/vesti/edri - EDRI-gram in German EDRI-gram is also available in German, with delay. Translations are provided by Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users http://www.unwatched.org/ - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask <edrigram@edri.org> if you have any problems with subscribing or unsubscribing. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE