============================================================ EDRI-gram biweekly newsletter about digital civil rights in Europe Number 4.15, 2 August 2006 ============================================================ Contents ============================================================ EDRI-gram in German 1. Digital Rights Ireland Challenge to Data Retention 2. EU might fingerprint children even before 12 years old 3. End of activities Bits of Freedom 4. Telecom Italia wiretapping scandal 5. EU trying to push again biometrics on national ID cards 6. The French copyright law changed by the Constitutional Council 7. The Schengen Information System II delayed 8. Recommended reading 9. Agenda 10. About ============================================================ EDRI-gram in German ============================================================ Starting with July 2006, EDRI-gram will be available also in German, a few days after the English edition. The translation is done by Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users. Translations are available for all 2006 editions back to issue 3.23 at : http://www.unwatched.org/ ============================================================ 1.Digital Rights Ireland Challenge to Data Retention ============================================================ The Irish Government filed a challenge to the data retention directive on 6 July 2006. The challenge had been announced some time before by the Minister for Justice but was filed just before the time limit for the action had expired. The case challenges the legal basis for the directive, alleging that this was a matter relating to criminal justice and as such the appropriate measure would have been a framework decision under the third pillar. The challenge is purely procedural in nature, however, and does not address privacy concerns about the directive. It appears that Slovakia, which shared Ireland's concerns about the legal basis and also voted against the directive, has decided not to bring a challenge of its own but will support the Irish case. Digital Rights Ireland (DRI) has written to the Irish Minister for Justice and Law Reform, the Minister for Communications, Marine and Natural Resources and to the Garda (Police) Commissioner. They have looked for undertakings from them to cease breaching the Constitutional, statutory and European rights of the citizens of Ireland by discontinuing data retention. Failing a positive response, they have instructed their solicitors, McGarr Solicitors, to prepare legal action. The DRI challenge relates to both domestic data retention schemes (in place since 2002) and the data retention directive. The challenge will seek to have the domestic laws struck down as illegal, unconstitutional, and in breach of the European Convention on Human Rights. The challenge will also seek an injunction restraining implementation of the directive and a referral to the European Court of Justice to test the legality of the directive. T.J. McIntyre, University College Dublin law lecturer and chairman of DRI said: "This is a complete reversal of the assumption that people are innocent until proven guilty. This legislation is the first time we have seen any state impose mass surveillance on its population on the basis that at some point in the future someone might commit a crime. This mass surveillance by the state is a breach of our right to privacy, as set out in our constitution and in the European Convention on Human Rights. At the moment, the movements and telephone calls of every citizen are being monitored. If we allow the EU directive to be implemented, this surveillance will extend to the emails and web browsing of every citizen. The undertakings we have sought from the Ministers for Justice and Communications and the Garda Commissioner are urgently required if the ongoing breach of citizens' rights is to stop. If they are not forthcoming we have informed all the parties that our legal team have instructions to commence legal proceedings." Ireland in court challenge to terror directive (20.5.2006): http://home.eircom.net/content/irelandcom/topstories/8095654?view=Eircomnet Irish Government challenges Data Retention Directive - but ignores privacy rights (7.07.2006) http://www.digitalrights.ie/2006/07/07/irish-government-challenges-data-rete... tion-directive-but-ignores-privacy-rights/ DRI challenge to Data Retention (29.07.2006) http://www.digitalrights.ie/2006/07/29/dri-challenge-to-data-retention/ State may face legal challenge over its access to phone data (29.07.2006) http://www.ireland.com/newspaper/front/2006/0729/1154075749923.html EDRI-gram : European parliament adopts data retention directive (18.01.2006) http://www.edri.org/edrigram/number4.1/dataretention (Contribution by TJ McIntyre, Digital Rights Ireland) ============================================================ 2. EU might fingerprint children even before 12 years old ============================================================ The report from the EU Council Presidency meeting of 26 June 2006 proposes that all children in the European Union should be mandatory fingerprinted if they are over 12 years old. "If provided for by national legislation" this action could be extended to all children, even below 12 years of age. The Council is putting under discussion fingerprints as compulsory for EU passports in order to prevent passport fraud. The decision will be taken in a secret meeting of a committee made of representatives of the 25 governments and chaired by the European Commission. The text proposed by the EU Council says that a member state can establish the age limit as low as they want and after 12, this process is mandatory. It will mean taking a biometric identifier from children at an "enrolment centre". The same document also proposes the "scanning of the facial image" from 0 to 12 of age with storage in a chip according to the national legislation and compulsory after 12, for EU passports. The scanning and storage on a "chip" means "digitising" the normal passport picture sent by post, not requiring the presence of the child. Reports say that small children are not suitable for "biometric face recognition by means of a photograph". The same issues are valid for fingerprints. The scientific studies have shown that below the age of 6, fingerprints are not developed enough for biometric capture. The UK, meanwhile, stated that it had encountered no special problems in collecting fingerprints from five-year-old asylum seekers. The tests were carried out at 2 asylum centres in London and Liverpool and were meant to prevent multiple registration for extra-benefits. The different approaches of the member states on this matter was highlighted also during the June meeting of the Visa Working Party. For instance, Germany stated that the national legislation was stipulating the age of 14 for biometric data for German nationals but was in favour of a differentiated approach and wished to go down to the age of 6 for visa applicants. The UK delegation said that storing facial image "(at any age)" was a security measure "even if it can not be used for facial recognition" and stated that it could go down to 5 years old for fingerprinting, based on the tests carried out in asylum centres. The Netherlands gave the age of 6 for taking fingerprints while Sweden also stated it could agree with the age of 6 for passports. According to Statewatch editor Tony Bunyan, the discussions in the EU related to the minimum age for fingerprinting are just related to technical possibilities and have nothing to do with whether this is right or wrong from the moral or political standpoint. He stated these decisions are made in secret meetings on the basis of secret documents, and do not take into consideration the opinions of people and parliaments. Also, that with this proposal, EU states will be given the freedom to fingerprint children from the day they are born provided they have the necessary technology for that. EU states will be free to fingerprint children from day one of their life as soon as it is technologically possible (07.2006) http://www.statewatch.org/news/2006/jul/08fingerprinting-children.htm Report from the EU Council Presidency meeting ( 26.07.2006) http://www.statewatch.org/news/2006/jul/9403-rev1-06.pdf Report from the Visa Working Party/Mixed Committee(13-14.06.2006) http://www.statewatch.org/news/2006/jul/10540-06.pdf Millions of children to be fingerprinted (30.07.2006) http://observer.guardian.co.uk/uk_news/story/0,,1833407,00.html Asylum toddlers get fingerprinted (15.05.2006) http://news.bbc.co.uk/1/hi/uk_politics/4773005.stm EDRI-gram : EU governments want 2 biometric identifiers for every citizen (3.11.2004) http://www.edri.org/edrigram/number2.21/biometrics ============================================================ 3. End of activities Bits of Freedom ============================================================

From 1 September 2006 the Dutch NGO Bits of Freedom (BOF) will cease its activities. Since its establishment in 2000, Bits of Freedom has successfully defended digital civil rights, such as privacy on the Internet and online freedom of speech in the Netherlands. The board of Bits of Freedom doesn't see any possibilities to continue the activities now that the two employees (Maurice Wessling and Sjoera Nas) have both decided to leave. Another cause for the demise of the organisation is the continuing uncertainty about the finances. The foundation does not have any financial reserve and in spite of generous company sponsors and private donations, it was increasingly difficult to create a workable budget. The office in Amsterdam will be closed on 1 September and the organisation will not have employees any more. Legally, the foundation will not be dismantled, in order to allow the board to continue the annual presentation of the Big Brother Awards.

Since its establishment, Bits of Freedom has advocated the upkeep of fundamental civil rights in the digital era. During the past 6 years both governments and companies have initiated many measures and activities that have endangered civil rights. Governments have extended their powers in many ways. In stead of dedicated investigations into the activities of people suspected of serious crimes, law enforcement authorities silently but massively revert to data-mining techniques to examine the daily behaviour of innocent citizens. This sets unwarranted and unprecedented limits to personal privacy. Necessity and effectiveness of many new legal measures have - unjustly - been left out of the debate. During the last six years, Bits of Freedom developed expertise on many topics, from the legal interception of telephony and internet communications to privacy & RFID. BOF also dedicated serious research to other topics such as spam, copyrights and internet notice and takedown. The organisation has fulfilled an important role as policy watchdog and has alerted a large audience on many new threats to civil rights. This was also made possible by collaborations with many other academic and consumer organisations, individual experts and sympathisers. Fundamental rights, especially privacy, are of the utmost importance. Bits of Freedom definitely does not cease its activities with a satisfied feeling of having accomplished the most important goals. To the contrary, a bottom-up civil rights movement in the Netherlands seems more necessary than ever. Bits of Freedom was one of the founders of European Digital Rights in 2002. The employees and board of Bits of Freedom wish EDRI success in its important future work. Bits of Freedom http://www.bof.nl/ (Contribution by Maurice Wessling - EDRi-member Bits of Freedom Netherlands) ============================================================ 4. Telecom Italia wiretapping scandal ============================================================ Telecom Italia, one of the major electronic communications providers in Italy is in the middle of a huge scandal regarding the illegal wiretapping and surveillance of the telephone networks. The journalists from the weekly L'Espresso have proven that an entire system called Radar was capable of recording sensitive information about millions of Italians. The system was discovered by the internal audit, but also by the Milan Prosecutors that have opened an investigation against Marco Mancini, the deputy director and director of the first "foreign" or counter-intelligence division SISMI (Military Intelligence and Security Service) and his friends Giuliano Tavaroli former director of security in Telecom Italia and Emanuele Cipriani, owner of the private investigation company Polis d'Istinto. Tavaroli, who occupied the key national position to which were passed all authorized requests by magistrates to make wiretaps, has recently resigned and is under investigation by the Milan Prosecutors for association in violating privacy. In the computers of another central figure of the scandal, Cipriani, the magistrates have found a huge archive of files regarding magistrates, political persons, football players and referees - all the major figures in the recent scandals in Italy. Apparently, wiretaps that could have been used to blackmail them were also found during the investigation. According to Telecom Italia's own investigation, their procedure and machines used for the legal wiretaps had a number of flaws and it was technically possible to spy on the telephone conversations, without leaving any trace. Moreover the interceptions were analysed with two special software programs: Enterprise Miner and Analyst's Notebook. An investigation was started also by the Italian Data Protection Commission (Garante per la protezione dei dati personali) to check if the personal data protection requirements have been observed. The situation has become much more complicated after the recent death of Adamo Bove, an investigation cop and a leading expert on electronic surveillance who apparently committed suicide by jumping from the highway. Bove had been hired by TIM to manage their Radar software system and had discovered a flaw in the system allowing people to enter the Telecom system without a trace. He announced the fact to the Milan magistrates, that has lead to the above-mentioned top-secret investigation. The telecom wiretapping scandal has shown that private companies and reporters in connection with SISMI were able to access information regarding Italian citizens, using the system in place for legal wiretapping. The man from the case "Thus they were spying for Telecom" speaks (only in Italian, 2.06.2006) http://www.repubblica.it/2006/05/sezioni/cronaca/spionaggio-calcio/parla-007... privato/parla-007-privato.html The suicide thriller, poisons and a too slow investigation (only in Italian, 24.07.2006) http://www.repubblica.it/2006/07/sezioni/cronaca/suicidio-bove/giallo-inchie... ta/giallo-inchiesta.html Telecom case - The Data Protection Authority makes a move (only in Italian, 29.05.2006) http://punto-informatico.it/p.aspx?id=1504309 Need for Enhanced Security Measures in Processing Telephone Traffic Data - Decision of 1 June 2006 - Italian Data Protection Authority (1.06.2006) http://www.garanteprivacy.it/garante/doc.jsp?ID=1303462 007 Operazione Corriere (only in Italian, 1.06.2006) http://espresso.repubblica.it/dettaglio/007%20Operazione%20Corriere/1300368/... 0 ============================================================ 5. EU trying to push again biometrics on national ID cards ============================================================ According to a EU document presented by Statewatch in July 2006, The Visa Working Party on 13-14 June 2006 proposed another approach on the issue of the biometrics to be introduced on national ID cards. The issue had met resistance back in February when several members of the European Council have expressed doubts especially as Belgium and the Czech Republic opposed to the measures proposed by EU, without a public debate. In December 2005 the two governments gave a statement by which expressed their view that the introduction of biometrics into the ID national cards involved discussions of private life protection, financial and organizational issues, besides the technical aspect. The report of the meeting of the Visa Working party state that Council's Legal Service "confirmed that as there is no legal basis in the Treaty governing these issues that could, indeed, be the way to take this matter forward!", meaning the Council has no legal powers to introduce the biometrics for national ID cards and leaving this issue at the decision of each member state. The Conclusions of the Council, although non-binding, are however used to give legitimacy to the national measures thus paving the way for a "harmonized" approach when enough member states follow the standards. Biometrics and national ID cards back on the table (07.2006) http://www.statewatch.org/news/2006/jul/09eu-id-cards.htm Report from the Visa Working Party/Mixed Committee(13-14.06.2006) http://www.statewatch.org/news/2006/jul/10540-06.pdf Commission to resurrect biometric ID cards? (02.02.2006) http://www.statewatch.org/news/2006/feb/02com-Id-cards.htm ============================================================ 6. The French copyright law changed by the Constitutional Council ============================================================ The French Constitutional Council ruled on the most controversial copyright and related rights law, known as DADVSI law, concluding that some provisions of the law "violated the constitutional protections of property". The Council has considered as unconstitutional several provisions adopted by the French Parliament that were meant to balance the initial text which was too much in favour of the industry, thus making the law even stricter. One of the aspects considered by the Council as against the equality principle was the gradual system in the application of fines for making works available on P2P networks, which was ranging from 38 to 150 euros. Under the circumstances, the penalties remain at the level of 3 years of imprisonment and 300,000 euros in fines. "By eliminating the reduced penalties, the council put ordinary people sharing music back in the same league as criminal counterfeiters," said Jean-Baptist Soufron, legal director for the Association of Audionautes. Probably the most severe decision of the Council is related to provisions related to interoperability. Basically the Council considered the government did not define interoperability properly and withdrew interoperability from the DRM circumventions exceptions. This definitely pleased Apple. Dominique Menard, partner at the Lovells law firm and a specialist in intellectual property said: "The Constitutional Council has highlighted fundamental protections for intellectual property in such a way as to put iTunes a little further from risk of the French law." The Council changed also some of the provisions adopted by the French Parliament making the creators of file-sharing software and software that could interact with DRM-protected content to be sued by copyright holders, even if the "software is intended for non-copyrighted contents". The law, which is now stricter than the initial text, will be either promulgated and then published in the Official Journal after which it can enter into force or it can be resubmitted to the Parliament for further discussions. DADVSI : The Constitutional Council makes the law tougher ! (27.07.2006) http://www.ratiatum.com/news3414_DADVSI_Le_Conseil_Constitutionnel_aggrave_l... _loi.html The DADVSI law validated and made stricter by the Constitutional Council (27.07.2006) http://www.pcinpact.com/actu/news/30385-La-loi-DADVSI-validee-en-partie-par-... e-Conse.htm EDRI-gram : New French copyright law gives Apple satisfaction (5.06.2006) http://www.edri.org/edrigram/number4.13/frenchcopyright Parts of French "iPod law" ruled unconstitutional (29.07.2006) http://arstechnica.com/news.ars/post/20060729-7380.html ============================================================ 7. The Schengen Information System II delayed ============================================================ Scheduled to start operating in June 2006, the Schengen Information System II (SIS II) that would allow the competent authorities in the Member States to obtain information regarding certain categories of persons and property, will be delayed, as it resulted from a meeting of ministers of the interior and ministers of justice from EU member states in Brussels. The reasons given for the delay were related to legal and technical problems. Several European data protection commissioners who are supposed to approve of SIS II have shown resistance to the system considering there is not enough information of the way in which the collected data will be used by the police. The degree of access of the police to the biometric data included in the new passports has not yet been established. From the technical standpoint, the database system, initially to be set up in Strasbourg by Steria Mummert Consulting and HP Belgium, now undertaken by Unisys and Microsoft has not yet been completed as the data base is supposed to contain all exist and entry data, which is a very difficult task. The integration of the new EU members in the system in 2007 appeared as no longer realistic and the discussions are now whether to speed up the system or prepare it in stages. In the opinion of Bernhard Marfurt, the Swiss Ambassador for EU, developing SIS II in stages might make it technically obsolete. "SIS II must above all keep pace with technical developments," he said. At a first phase, this delay means that in 2007 travellers will still have to show their passports at the borders of EU with the new member states but effects are expected in the long run as well. Events like the European Soccer Championship in 2008 could determine Switzerland and Austria to take the same attitude Germany took during the latest Soccer World Cup meaning reintroducing their border controls during the event. The reintroduction of border controls at EU borders in Germany was mainly aimed at stopping potential criminals, especially violent football fans, from entering the country. Schengen Information System II will experience a delay (26.07.2006) http://www.heise.de/english/newsticker/news/75955 Germany to temporarily have checks at its borders for the Football World Cup (25.04.2006) http://www.heise.de/english/newsticker/news/72347 Schengen Information System http://europa.eu/scadplus/leg/en/lvb/l33183.htm EDRI-gram : EU Parliament Members want more privacy in SIS II (10.05.2006) http://www.edri.org/edrigram/number4.9/sisII ============================================================ 8.Recommended reading ============================================================ Report with a proposal for a European Parliament recommendation to the Council on the negotiations for an agreement with the United States of America on the use of passenger name records (PNR) data to prevent and combat terrorism and transnational crime, including organised crime. Prepared by Committee on Civil Liberties, Justice and Home Affairs Rapporteur: Sophia in 't Veld http://www.statewatch.org/news/2006/jul/ep-libe-eu-us-pnr-report.pdf ============================================================ 9.Agenda ============================================================ 2-4 August 2006, Bregenz, Austria 2nd International Workshop on Electronic Voting 2006 http://www.e-voting.cc/stories/1246056/ 3 August 2006 , Prague, Czech Republic Travellers privacy and EU - One day seminar organized by Iuridicum Remedium, providing a space for privacy experts to meet Czech officials to discuss passports, biometrics, RFID, PNR deal and other issues related to privacy risks possibly encountered by travellers in the EU. http://www.bigbrotherawards.cz/en/index.html 14 August 2006, London, UK Scrambling for Safety 8 Discussions on the two current Home Office RIPA consultations (on government access to decryption keys and the code of practice for government access to phone/Internet usage data). http://dooooooom.blogspot.com/2006/07/public-meeting-on-ripa-consultations.h... ml 2-4 September 2006, Jerusalem, Israel NATO Advanced Research Workshop on Identity, Security and Democracy; Social, Ethical and Policy implications of Automated Systems for Human Identification organised by the Centre for Science, Society and Citizenship and the Israeli Center for the Study of Bioterrorism. http://www.biteproject.org 7-8 September 2006, Munich, Germany 1st Conference on Policy, Law and Economics of Intellectual Property - European Policy for Intellectual Property http://www.epip.eu/activities_conferences.php 14-16 September 2006, Berlin, Germany Wizards of OS 4 Information Freedom Rules http://wizards-of-os.org/ 14-15 September, Barcelona, Spain A New Open Europe: Public access to documents and data protection http://www.statewatch.org/news/2006/jul/open-europe.pdf =========================================================== 10. About =========================================================== EDRI-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRI has 21 members from 14 European countries and 5 observers from 5 more countries (Italy, Ireland, Poland, Portugal and Slovenia). European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRI-grams. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and visibly on the EDRI website. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 2.0 License. See the full text at http://creativecommons.org/licenses/by/2.0/ Newsletter editor: Bogdan Manolea <edrigram@edri.org> Information about EDRI and its members: http://www.edri.org/ - EDRI-gram subscription information subscribe by e-mail To: edri-news-request@edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. unsubscribe by e-mail To: edri-news-request@edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/edrigram-mk.php - EDRI-gram in German EDRI-gram is also available in German, with delay. Translations are provided Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users http://www.unwatched.org/ - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask <edrigram@edri.org> if you have any problems with subscribing or unsubscribing. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]