============================================================ EDRi-gram biweekly newsletter about digital civil rights in Europe Number 9.16, 24 August 2011 ============================================================ Contents ============================================================ 1. EDRi responds to European Commission consultation on gambling 2. UK riots give birth to the idea of suspending social media services 3. German DPA asks for the removal of Facebook "like" button 4. Turkey postpones its Internet filtering plans 5. No effective sanction for Police abuse of Irish data retention system 6. US Hotline reports vast improvements in removal of child abuse websites 7. Copyright industry obtains court injunction against BT to block website 8. Recommended Action 9. Recommended Reading 10. Agenda 11. About ============================================================ 1. EDRi responds to European Commission consultation on gambling ============================================================ European Digital Rights responded to the European Commission consultation on online gambling. As previously reported, an early draft of the consultation document appeared to be in favour of blocking, in principle, but recognised the failings of this approach, which it described as "challenging," "costly" and "ineffective". The final version of the consultation document was more neutral, simply asking about existing schemes, effectiveness and ISP liability. The Commission finds itself in a difficult position with regard to this consultation because it is looking at the issue of online gambling with regard to protectionism of domestic services by Member States, real and perceived dangers with regard to gambling addiction and organised crime (money laundering and fraud, in particular) - without any clear idea either from the Commission or the Member States as regards the relative importance of each issue. The situation is made even more complicated by Member States that claim to be in favour of blocking of foreign (including those legally registered in other EU Member States and non-EU ) websites for consumer protection reasons while their real motivation is simple, old-fashioned protectionism. Belgium provides the best example of this - on the one hand, it allowed blatantly fraudulent TV-based games to remain in operation for years (as shockingly illustrated by the Basta documentary team) and, on the other, it will launch a blocking system in January to "protect consumers." Rumours are that the main target of the blocking system is a fully legal and registered British website deemed to offer too much competition to Belgian services. Similarly, blocking in France "protects" French consumers from services in Britain which give significantly higher returns to gamblers compared with French services. A further layer of complexity is added by a lack of clarity as to how the blocking would be done. The Commission only refers to DNS blocking and "IP blocking" (it is not clear if this means IP address blocking by the intermediary or geographic blocking by the sites themselves). Blocking via deep packet inspection, as appears possible in France in the short-to medium-term is not discussed. In short, the Commission was consulting in order to address one or more of the problems mentioned above, with no clear prioritisation, and assessed one blocking solution (DNS blocking) and one unclear solution ("IP blocking"), while ignoring another (deep packet inspection). EDRi's response looks at the necessity and proportionality of blocking in relation to each of the possible motivations that are mentioned by the Commission and in relation to each of the technologies listed by the Commission, as well as deep packet inspection. Our view is that blocking is not the "least restrictive alternative" in any of the possible scenarios and that blocking of gambling sites in order to protect domestic services from competition is a blatant and unacceptable affront to the most basic principles on which the European Union is based. Consultation document - Green Paper: On on-line gambling in the Internal Market (24.03.2011) http://ec.europa.eu/internal_market/consultations/docs/2011/online_gambling/... EDRi's consultation response (29.07.2011) http://www.edri.org/files/110729_gamblingconsultation_EDRI.pdf Basta documentary (only in Dutch) http://www.een.be/programmas/basta/de-mol-in-het-belspel EDRi-gram: EC's leak describes blocking as "challenging", "costly" and ineffective (26.01.2011) http://www.edri.org/edrigram/number9.2/blocking-commission-gambling (Contribution by Joe McNamee - EDRi) ============================================================ 2. UK riots give birth to the idea of suspending social media services ============================================================ The recent riots that have taken place in the UK have initiated a wave of statements from officials on the necessity to shut down or suspend access of UK citizens to certain social media services. The Metropolitan Police Service confirmed that it considered shutting off some social media sites: "The MPS did consider whether social media sites could be closed during the disorder but police do not have the facilities or the legislation to enable this." David Lammy, the parliamentary representative for the London district of Tottenham, went so far as to ask BlackBerry to consider suspending its messaging service. Even the prime minister David Cameron in his speech in the House of Commons indicated that there was a need to find a way to stop people from communicating via such services: "Free flow of information can be used for good. But it can also be used for ill. And when people are using social media for violence we need to stop them. So we are working with the police, the intelligence services and industry to look at whether it would be right to stop people communicating via these websites and services when we know they are plotting violence, disorder and criminality." Privacy campaigners such as Open Rights Group (ORG) are concerned about the precedent that might be created by this situation and the possible abuse of powers by the authorities. "Events like the recent riots are frequently used to attack civil liberties," said Jim Killock, executive director of ORG who added: "Policing should be targeted at actual offenders, with the proper protection of the courts. How do people 'know' when someone is planning to riot? Who makes that judgement? The only realistic answer is the courts must judge. If court procedures are not used, then we will quickly see abuses by private companies and police. Citizens also have the right to secure communications. Business, politics and free speech relies on security and privacy. David Cameron must be careful not to attack these fundamental needs because of concerns about the actions of a small minority". Reporters Without Borders urged the British authorities "to rule out any possibility of shutting down or drastically restricting the use of social networks such as Facebook and Twitter". The NGO also expressed its concern on the personal data provided by Research in Motion (RIM) - the Canadian manufacturer of the popular BlackBerry smartphone - the validity of the data as evidence and the legality of the way it was acquired. Reporters Without Borders declared that "(it) is not minimizing the gravity of the situation in the United Kingdom and the urgency of the need to restore order, but it believes that the provision of personal data to the police sets a disturbing precedent in a western country and could have significant consequences as regards setting an example for others kinds of government." The tendency is even more concerning, as a study on the effects of censorships published by AntonioCasilli from Telecom ParisTech and EHESS of Paris, Paola Tubaro from Greenwich University, revealed that, actually, censoring of the Internet and communication is a factor that increases the violence of riots. The hypothesis is verified by the situation in Tunis where the censoring of the Internet precipitated Ben Ali's fall and in Egypt where the total cut off of the Internet led to the civil uprisings against Hosni Mubarak. Concern that social networks to be targeted as BlackBerry helps British police identify rioters (12.08.2011) http://en.rsf.org/united-kingdom-concern-that-social-networks-to-be-12-08-20... Social media information helped prevent some riot damage, police say (17.08.2011) http://out-law.com/page-12161 Rioters' access to social media could be stopped, Government says (12.08.2011) http://out-law.com/page-12148 Prime Minister's attack on social media unwarranted (11.08.2011) http://www.openrightsgroup.org/blog/2011/david-cameron A study reaches the conclusion that Internet censuring increases the riots (only in French, 18.08.2011) http://www.numerama.com/magazine/19585-une-etude-conclut-que-la-censure-du-n... ============================================================ 3. German DPA asks for the removal of Facebook "like" button ============================================================ Thilo Weichert, the German data protection commissioner from the Independent Center for Privacy Protection (ULD) - the Data Protection Authority (DPA) from the state of Schleswig-Holstein, on 19 August 2011 called on website owners in his north German state to remove Facebook "like" buttons by the end of September 2011 or possibly face a fine. Weichert stated that, according to a thorough legal and technical analysis by ULD, when people use the "like" button on Facebook pages, traffic and content data are transferred to Facebook's US-based servers. "Whoever visits facebook.com or uses a plug-in must expect that he or she will be tracked by the company for two years. Facebook builds a broad individual - and for members even a personalized - profile," stated Weichert. ULD considers that such a profiling infringes German and European data protection law. In this case, if the website owners in the respective German state do not comply with the request, ULD, after performing the hearing and administrative procedure, may place a formal complaint, a prohibition order as well as a penalty fine that may reach 50 000 Euro. "We firmly reject any assertion that Facebook is not compliant with EU data-protection standards. The Facebook 'like' button is such a popular feature because people have complete control over how their information is shared through it," was Facebook spokesman Andrew Noyes's statement. Facebook admitted the "Like" button could pass on information such as user IP addresses, but said the data was deleted after 90 days according to the industry standard. Having strict online privacy policies, Germany has had several issues with Facebook lately. German data protection authorities also said Facebook's new facial recognition feature was illegal and asked the site to remove it and delete all related information. They also demanded that network users get more control over their e-mail address books in the "Friend Finder" tool. ULD to website owners: "Deactivate Facebook web analytics" (19.08.2011) https://www.datenschutzzentrum.de/presse/20110819-facebook-en.htm Facebook 'like' button declared illegal (19.08.2011) http://www.thelocal.de/sci-tech/20110819-37073.html In his statement, Weichert German official: Ditch Facebook's 'like' buttons (19.08.2011) http://articles.cnn.com/2011-08-19/tech/facebook.germany.like_1_facebook-acc... Germany vs. Facebook: Like Button Declared Illegal, Sites Threatened With Fine (19.08.2011) http://siliconfilter.com/germany-vs-facebook-like-button-declared-illegal-si... EDRi-gram: Facebook's face recognition raises privacy complaints (15.06.2011) http://www.edri.org/edrigram/number9.12/facebook-face-recognition-privacy ============================================================ 4. Turkey postpones its Internet filtering plans ============================================================ Having been fiercely criticized since May 2011 over its Internet filtering system (Procedures and Principles regarding Safe Internet Use) planned to be imposed on 22 August, the Information Technologies Board (BTK) has decided to delay the introduction of the system till 22 November 2011 and to reduce the number of filters that are now said to cover adult content. The government's plan was to force Internet users to choose from among a list of filtering packages meant to block certain unspecified websites. Under the modified version, Turkish Internet users will no longer be obliged to install the BTK filtering software on their computers and the number of alternative versions of the software has been reduced from four to two ("family" and "child"). Also, under the new version, filtering is optional. A subscriber who does not want to choose an Internet profile to be brought to the BTK will be able to access the Internet without a profile or filtering system. The BTK's changes follow recommendations from the Internet Council, which is a part of the Transportation and Communications Ministry. Serhat Vzeren, the head of the Internet Council stated for the Anatolia news agency that BTK had paid attention to the opinions and proposals of civil society when revising the regulation adding that the introduction of the regulations had been postponed in order to give time for service providers to prepare their infrastructure for the new system. The criteria for the two optional Internet profiles would be determined soon and would be periodically updated. Turkey backtracks on controversial Internet filtering plans (5.08.2011) http://www.todayszaman.com/news-252787-turkey-backtracks-on-controversial-in... In Turkey, Proposed Internet Filters Stir Protests (9.08.2011) http://www.npr.org/2011/08/09/139239928/in-turkey-proposed-internet-filters-... Internet agency retreats on filtering, but does not give up (10.08.2011) http://en.rsf.org/turkey-government-agency-wants-to-install-06-05-2011,40238... EDRi-gram: Don't use "crispy" on the Turkish Internet! (4.05.2011) http://www.edri.org/edrigram/number9.9/turkey-blocks-138-words-internet ============================================================ 5. No effective sanction for Police abuse of Irish data retention system ============================================================ Recent media reports have confirmed that an Irish Garda (Police) detective sergeant will not face criminal prosecution and will keep her job despite abusing the data retention system to spy on an ex-boyfriend. In November 2010 the annual report of the judge who oversees the Irish data retention system confirmed media reports that the sergeant, who then worked in the Garda intelligence division, had abused her position by accessing the phone records of her former boyfriend, tracking details of his communications. It appears that this came to light when the former boyfriend became suspicious that she knew about calls which he had made since they separated, and not as the result of any internal audit or other safeguards. Following a Garda investigation, the Director of Public Prosecutions has directed that no criminal charges will be brought against the sergeant, and after an internal disciplinary process she will retain her job. Despite this abuse of trust, the sergeant has been transferred to the Garda Special Branch, an anti-terrorist division within the police force, where she will continue to have access to sensitive information. The matter was also referred to the independent Garda Siochana Ombudsman Commission which decided not to investigate the matter further. A number of significant questions are left unanswered. In relation to the specific case: Why was no prosecution brought? Why was it considered appropriate to leave a person found to have abused sensitive records in a position of responsibility, much less the Special Branch? Why was this person not dismissed? More general questions are also raised: Was this part of a wider pattern of abuse? Is there an adequate internal audit trail of data retention requests? If so, who is responsible for reviewing that trail? Does the designated judge access a sample of requests from the preceding year to ensure that the surveillance was appropriate? If not, what other steps are taken to review the approximately 15 000 data retention requests which are made every year? Given the lack of adequate sanctions for this abuse and the failure of either the designated judge or the Department of Justice to provide answers to these questions it is hard to see how the Irish public can be expected to have any confidence in the data retention system. Report of the Designated Judge (26.01.2010) http://www.scribd.com/doc/58099350/Interception-and-Data-Retention-Annual-Re... Judge's report reveals allegations that Garda used phone records to spy on her ex (20.02.2011) http://www.tjmcintyre.com/2011/02/judges-report-reveals-allegations-that.htm... Garda detective quizzed for 'spying on her ex', Mail on Sunday, (27.06.2011) Garda accused of bugging her ex-boyfriend, The Sunday Times, (20.02.2011) Garda who spied on her boyfriend will keep job, The Sunday Times, (14.08.2011) (Contribution by TJ McIntyre - EDRi-member Digital Rights Ireland) ============================================================ 6. US Hotline reports vast improvements in removal of child abuse websites ============================================================ In the course of the past year the US National Centre for Missing and Exploited Children (NCMEC) made huge improvements in its handling of both domestic and international reports of web-based child abuse material. These sudden and huge improvements come at a time when both the European Commission and individual member states, Germany in particular, have increased their international efforts to address child abuse crimes at source, rather than relying on addressing the symptoms through measures such as web blocking. These efforts are, in large part, the result of anti-blocking campaigns on national and EU level. Although still far from perfect (with regard to due press of law and anonymous reporting, in particular), the US has moved from being widely considered to being a "safe haven" for such material to introducing diligent procedures that are significantly better than those in the EU on a number of fronts. The raw data are impressive. In May 2010, it was taking an average of 6.85 days to process complaints (94% of reports concerned legal material) while in May 2011, this delay had been reduced to 0.91 days. The amount of time to have the websites disabled was also impressively reduced, from 5.09 days to 1.99 days over the same period. Both the EU and US systems suffer from the serious problem that sites are removed without judicial order, thereby circumventing both due process of law and also the automatic involvement of law enforcement authorities, despite the seriousness of the crimes depicted on the websites. It is inexplicable and sad that child abuse appears to be the only crime in society where it is normal and accepted that evidence can be posted on the Internet and not investigated and where due process of law is not an automatic reaction to compelling evidence of the crime being found. Ironically, the quicker the "takedown" happens, the greater the risk that law enforcement authorities will feel able to devote their resources to other priorities, leaving the criminals with an effective licence to commit their crimes again. However, the US system "freezes" the site, storing all of the data that could be used by law enforcement authorities whereas the European approach is to simply delete the sites. The European approach therefore often works on the assumption that there will not be an investigation, that there will not be an effort to identify the victims, the owner of the site and the users of the site and, crucially, removes any pressure on law enforcement authorities to take action. It is to be hoped that the US approach will lead to statistics being produced to show how many times the disabling of the websites is not followed up by law enforcement authorities - such statistics should help focus politicians' minds on the crimes going uninvestigated and unpunished. In the EU, European hotlines are contractually obliged by the European Commission to produce statistics and, since last year, required to publish public statistics. Despite this, there is very little information available apart from the limited data provided by the Irish Internet Hotline and the Internet Watch Foundation (UK) and the thorough and impressive data produced by the ISPA Stopline in Austria. In the absence of such information, policy-makers, as shown all too clearly in the blocking debate, are forced to make policy without the data needed to make informed decisions. NCMEC: URL reports to the CyberTipline and average # of days for staff to process http://www.edri.org/files/ncmec-1.pdf NCMEC Notice Tracking System http://www.edri.org/files/ncmec-2.pdf NCMEC Notice Tracking Statistics http://www.edri.org/files/ncmec-3.pdf Irish Internet Hotline http://www.hotline.ie Internet Watch Foundation http://www.iwf.org.uk ISPA Austria Stopline http://www.stopline.at (Contribution by Joe McNamee - EDRi) ============================================================ 7. Copyright industry obtains court injunction against BT to block website ============================================================ In a dangerous precedent, on 28 July 2011, an UK High Court judge ruled that British Telecom (BT), the UK largest ISP, had to prevent its customers from accessing Newzbin 2, a website searching Usenet and providing links to lots of films, books and music - most of which infringe copyright. The case was brought to court by six major film studios, including Warner Brothers, Disney and Fox. BT will have to use in this case the technology it has developed to block access to websites featuring images of child abuse. According to Section 97A of the Copyright, Designs and Patents Act, UK courts have the power to grant an injunction against an ISP if it had actual knowledge that someone had used its service to infringe copyright. The judge in this case rejected Newzbin's argument that it was merely providing search results. "In my judgement it follows that BT has actual knowledge of other persons using its service to infringe copyright: it knows that the users and operators of Newzbin 2 infringe copyright on a large scale, and in particular infringe the copyrights of the Studios in large numbers of their films and television programmes," he said. As Article19 has pointed out, the judge ordered BT to block its subscribers from using Newzbin.com even for legitimate purposes, and concluded that the intellectual property rights of the rights holders "clearly outweighed" the freedom of expression rights of the users of Newzbin.com, and "even more clearly" those of the operators of Newzbin.com. Also, Article19 underlined that the high court order is very likely in breach of international standards for the protection of freedom of expression, particularly of the proportionality principle and considers it has set too low the threshold for ordering blocking, it does not properly balance the right to property with the right to freedom of expression, and shows no consideration for the chilling effect of the measure. Ordering the blocking of an entire domain name, and not of specific web-pages, is also considered to be in breach of the requirement for necessity in international law. BT also argued against blocking an entire website suggesting it would be more proportionate for the studios to provide a list of specific web-pages to be blocked but the argument was rejected by the court. Other campaigners, such as EDRi-member ORG, consider the decision as "pointless and dangerous". The worst part of this decision is that actually the court does not really care if the technical blocking really works or not. The judge wrote: "I agree with counsel for the Studios that the order would be justified even if it only prevented access to Newzbin2 by a minority of users". ORG also raised the concern that this precedent might be a first step for future blocking injunctions. It also tried to emphasized that "blocking should not be seen as an easy fix for complex social problems." Following this victory, the studios now intend to seek similar orders against other large ISPs in the UK. . High Court forces BT to block links to pirate site (28.07.2011) http://www.out-law.com/page-12117 Will Newzbin be blocked? (28.07.2011) http://www.lightbluetouchpaper.org/2011/07/28/will-newzbin-be-blocked/ A big week for copyright in the courts (2.08.2011) http://www.openrightsgroup.org/blog/2011/a-big-week-for-copyright-in-the-cou... England and Wales: blocking website sets bad international precedent (1.08.2011) http://www.article19.org/resources.php/resource/2508/en/england-and-wales:-b... ============================================================ 8. Recommended Action ============================================================ Survey that gathers the views of internet users from all EU countries on the use of personal information, privacy, and giving consent online. This survey is part of the CONSENT project - a collaborative project co-funded by the European Commission under the FP7 programme. http://bit.ly/Survey-CONSENT ============================================================ 9. Recommended Reading ============================================================ UK: Protecting information privacy - Equality and Human Rights Commission Research report 69 (Summer 2011) http://www.equalityhumanrights.com/uploaded_files/research/rr69.pdf ============================================================ 10. Agenda ============================================================ 7 September 2011, Berlin, Germany Balancing the interests in the context of data retention http://www.uni-kassel.de/einrichtungen/iteg/forschung/invodas/invodas-abschl... 8-9 September 2011, Brussels, Belgium 6th Annual Conference of the European Policy for Intellectual Property Fine-Tuning IPR debates http://www.epip.eu/conferences/epip06/ 10-17 September 2011 Freedom Not Fear - International Action Week http://www.freedomnotfear.org 16-18 September 2011, Warsaw, Poland Creative Commons Global Summit 2011 http://wiki.creativecommons.org/Global_Summit_2011 16 September 2011, Leeds, UK Conference "Human Rights in the Digital Era" http://digitalrights.leeds.ac.uk 27-30 September 2011, Nairobi, Kenya Sixth Annual IGF Meeting: Internet as a catalyst for change: access, development, freedoms and innovation http://www.intgovforum.org/cms/nairobipreparatory 11 October 2011, Brussels, Belgium ePractice Workshop: Addressing evolving needs for cross-border eGovernment services http://www.epractice.eu/en/events/epractice-workshop-cross-border-services 13-14 October 2011, Lisbon, Portugal 2nd International Graduate Conference in Communication and Culture: The Culture of Remix http://blogs.nyu.edu/projects/materialworld/2011/05/cfp_the_culture_of_remix... 20-21 October 2011, Warsaw, Poland Open Govrenment Data Camp http://opengovernmentdata.org/camp2011/ 27-30 October 2011, Barcelona, Spain Free Culture Forum 2011 http://fcforum.net/ 9 November 2011, Bucharest, Romania Inet Conference: Access, Trust and Freedom: Coordinates for future Internet http://www.isoc.org/isoc/conferences/inet/11/bucharest-agenda.shtml 11-13 November 2011, Gothenburg, Sweden FSCONS is the Nordic countries' largest gathering for free culture, free software and a free society. http://fscons.org/ 25-27 January 2012, Brussels, Belgium Computers, Privacy and Data Protection 2012 http://www.cpdpconferences.org/ ============================================================ 11. About ============================================================ EDRi-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRi has 28 members based or with offices in 18 different countries in Europe. European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRi-grams. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and are visible on the EDRi website. This EDRi-gram has been published with financial support from the EU's Fundamental Rights and Citizenship Programme. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 3.0 License. See the full text at http://creativecommons.org/licenses/by/3.0/ Newsletter editor: Bogdan Manolea <edrigram@edri.org> Information about EDRI and its members: http://www.edri.org/ European Digital Rights needs your help in upholding digital rights in the EU. If you wish to help us promote digital rights, please consider making a private donation. http://www.edri.org/about/sponsoring - EDRI-gram subscription information subscribe by e-mail To: edri-news-request@edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. Unsubscribe by e-mail To: edri-news-request@edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/edri/2.html - EDRI-gram in German EDRI-gram is also available in German, with delay. Translations are provided Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users http://www.unwatched.org/ - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask <edrigram@edri.org> if you have any problems with subscribing or unsubscribing. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE