====================================================================== EDRi-gram biweekly newsletter about digital civil rights in Europe Number 11.2, 30 January 2013 ======================================================================= Contents ======================================================================= 1. An introduction to Data Protection 2. EU governments keep increasing requests to Google for private data 3.Finnish copyright law might be changed following crowdsourcing support 4. German government intends to use FinFisher Spyware 5. Slovenia has a net neutrality law 6. Greater transparency and accountability of surveillance systems 7. Kroes ignoring the problems on net neutrality? 8. Recommended Action 9. Recommended Reading 10. Agenda 11. About ======================================================================= 1. An introduction to Data Protection ======================================================================= EDRi launched the booklet "An introduction to Data Protection" on 28 January 2013, the European Data Protection day. The booklet is intended to provide an overview of some of the key issues and jargon surrounding data protection in the digital environment: from "what is personal data" to anonymisation, profiling, big data and cloud computing. At its core, data protection is about preserving a fundamental right that is reflected in the Charter of Fundamental Rights of the European Union, Council of Europe Convention 108, as well as other international agreements and national constitutions. The processing and re-use of citizensb data has become increasingly important from an economic perspective. It has lead to pressure to weaken this fundamental right and also to change the legislative framework to make legal protections less predictable. EDRi hopes that this document will be a positive contribution to the debate, and that the outcome of the review process will ensure predictable and proportionate protection of privacy in the digital age b reinforcing the European Unionbs global leadership on this topic. The booklet is available under Creative Commons BY-SA 3.0 licence, allowing thus furthers translations and free dissemination. An introduction to Data Protection (01.2013) http://www.edri.org/files/paper06_datap.pdf ===================================================================== 2. EU governments keep increasing requests to Google for private data ===================================================================== According to Google's latest Transparency Report released on 24 January 2013, EU governmentsb requests for usersb IP addresses, Internet browsing history, email communications or documents have dramatically increased during the last three years. Only between July and December 2012, the average number of such requests was over 1200/month, more than a third of all requests made by governments worldwide, and a 100% increase in the last three years. b The information we hand over to companies like Google paints a detailed picture of who we are - from our political and religious views to our friendships, associations and locations. This information therefore merits the highest degree of privacy and security, and should only be accessed by third parties under exceptional circumstances. Governments must stop treating the user data held by corporations as a treasure trove of information they can mine whenever they please, with little or no judicial authorisation,b said Carly Nyst, Privacy International's Head of International Advocacy. Googlebs report also reveals that a large amount of requests was denied by Google for being too broad in scope, unlawful or incorrectly submitted. In their major part, the requests involve criminal investigations. Google states that a request is sometimes made for several types of data and, in some cases, the company notifies the user in advance that a government police agency intends to get information from their accounts. "The alarming statistics in this latest Transparency Report serve as a reminder of the need for stronger national and regional privacy protections in relation to online communications. To this end, Privacy International, together with a coalition of organisations including the Electronic Frontier Foundation, will soon be publishing a set of International Principles on Communications Surveillance and Human Rights. We hope these principles will offer guidance to governments about the standards and safeguards that must be put in place to safeguard the right to privacy online," stated Carly Nyst. Google Transparency Report http://www.google.com/transparencyreport/removals/government/ Google Transparency Report for second half of 2012 shows European government attempts to access private data at an all-time high (24.01.2013) https://www.privacyinternational.org/press-releases/google-transparency-repo... Estonian President: EU citizens should trust the state on data rights (24.01.2013) http://euobserver.com/justice/118825 Google Transparency Report shows rise in data requests (23.01.2013) http://www.bbc.co.uk/news/technology-21169162 EDRi-gram: Google Transparency report: increasing trend of government censorship (20.06.2012) http://www.edri.org/edrigram/number10.12/google-transparency-report-increase... ====================================================================== 3.Finnish copyright law might be changed following crowdsourcing support ====================================================================== People may be able to influence the fate of the copyright legislation in Finland due to a recent modification of the national Constitution allowing citizens to make legislative proposals for the Parliament. The Finnish Constitution says that a private legislative proposal can be sent to the Parliament for vote if it gets 50 000 supporters within 6 months. Differently from other countries, where a certain number of signatures makes a private proposal be considered and eventually discussed by the government, the Finnish constitutional amendment forces the Finnish government to examine the law, make clarifications if appropriate, and put it to a vote. A private non-profit initiative called Open Ministry was formed to ensure the good quality of the proposals, facilitate the discussion and collect the signatures for private legislative proposals. On 23 January 2013, a new proposal called b To Make Sense of the Copyright Actb was promoted in Open Ministry aiming at bringing changes to the copyright law especially regarding Lex Karpela, a 2006 amendment to the Finnish copyright law that firmly criminalizes digital piracy. According to Open Ministry chair Joonas Pekkanen, on the basis of Lex Karpela, "countless youngsters have been found guilty of copyright crimes and sentenced to pay thousands, in some cases hundreds of thousands of Euros in punitive damages to the copyright organizations." The proposal, which is now one of the most commented and signed proposals in the Open Ministry, having already reached more than 12 500 signatures, includes the reduction of criminal penalties, defining personal cloud-services and class education as private use and removal of enforcement rights like "one strike" from the law. In addition, the individual uploading of copyright-protected material to the Internet should be reduced to b a misdemeanor". Also, the proposal would allow the parody and satire of the works and very extensive use of works for research purposes. According to the 49 999 group that organises a campaign for the bill, "To Make Sense of the Copyright Act" has the simple aim of having b a fair and just copyright law in Finland and "is not a pro-piracy law proposal.b The proposal thus includes also a section, which would require fair compensation for artists and authors in the publishing agreements similarly as the German copyright law already does. It is possible that the initiative reaches its goal of getting 50 000 signatures by the 23 July 2013 and although there is no guarantee that the Government will actually approve it as such, at least it needs to give proper attention to it. Finnish campaigners seek crowdsourced change to copyright legislation (24.01.2013) http://www.wired.co.uk/news/archive/2013-01/24/finland-copyright-law-crowdso... Finlandbs Crowdsourced Copyright Law Proposal (23.01.2013) http://torrentfreak.com/finlands-crowdsourced-copyright-law-proposal-130124/ Finland is crowdsourcing its new copyright law (23.01.2013) http://www.dailydot.com/news/finland-crowdsourcing-new-copyright-law/ Lex Karpela http://en.wikipedia.org/wiki/Lex_Karpela The 49 999 Campaign page: http://49999.org/ Signature count (only in Finnish) https://www.kansalaisaloite.fi/fi/aloite/70 Open Ministry - Crowdsourcing Legislation (English blog page for Open Ministry) http://openministry.info/ ======================================================================= 4. German government intends to use FinFisher Spyware ======================================================================= A classified document of the German Ministry of Interior, revealed by netzpolitik.org, shows that the German Federal Police office has purchased the commercial Spyware toolkit FinFisher of Eleman/Gamma Group, for telecommunication surveillance. Commercial software meant to survey telecommunications has been used by the German police before. In October 2011, German organization Chaos Computer Club (CCC) revealed and analysed the use of a malware created by DigiTask and used by German government authorities. CCC showed that DigiTask software was badly programmed, lacked elementary security protection and allowed remote updating and adding of new features, being therefore in breach of the German law. DigiTask spyware has been largely dropped and many German authorities started to create their own state malware. A Center of Competence for Information Technology Surveillance (CC ITC ) was established for this purpose. According to the leaked classified document dated 7 December, the Federal Criminal Police Office plans to have its own surveillance malware by the end of 2014. But until then, the police will continue to use commercial software and therefore, has acquired such a product from company Eleman/Gamma. The software in question, FinFisher/FinSpy IT, a very complex programme that can take over several types of devices such as Windows, OS X, Linux, iOS, Android, Symbian or Blackberry, is known to have been used by authoritarian regimes in the world to spy on political activists. Although the software is kept secret, it appears that it consists of a trojan that can also remotely load additional feature modules, such as a module for recording Skype conversations. In any case, the Federal Commissioner for Data Protection and Freedom of Information and the Federal Office for Information Security, as it comes out from the leaked document from the Ministry of Interior, were unable to audit the source code of the program to verify whether it complies with the German law. b With the purchase of Gamma FinFisher, the Federal Criminal Police Office has chosen a vendor that has become a symbol for the use of surveillance technology in oppressive regimes worldwide. FinFisher also consists of various components, which can be loaded when needed, thereby allowing the installation of spying capabilities that go far beyond the already questionable bwiretapping at the source,bb stated CCC spokesperson Frank Rieger. In UK, the Secretary of State put FinSpy software under export restrictions, requiring Gamma company to acquire a licence to export these tools. Secret Government Document Reveals: German Federal Police Plans To Use Gamma FinFisher Spyware (16.01.2013) https://netzpolitik.org/2013/secret-government-document-reveals-german-feder... Chaos Computer Club analyzes government malware (8.11.2011) http://ccc.de/en/updates/2011/staatstrojaner German Federal Cops Buy Notorious FinFisher Surveillance Software (26.01.2013) http://www.spamfighter.com/News-18165-German-Federal-Cops-Buy-Notorious-FinF... British government admits it has already started controlling exports of Gamma International's FinSpy (10.09.2012) https://www.privacyinternational.org/press-releases/british-government-admit... EDRi-gram: Details on German State Trojan programme (24.10.2012) http://www.edri.org/edrigram/number10.20/details-german--state-spyware-Staat... ======================================================================= 5. Slovenia has a net neutrality law ======================================================================= On 20 December 2012, the Slovenian Parliament approved a legislative framework (the Economic Communications Bill) that includes net neutrality, confirming the open and neutral character of the Internet and forbidding the discrimination of Internet traffic on the basis of the services provided. Although the text of the law is not entirely clear, it seems that ISPs will not be allowed to restrict or delay Internet traffic, unless the purpose is to solve congestions, preserve security or address spam, and they will not be allowed to charge their subscribers with different prices for connectivity, on the basis on the services provided over the Internet. A similar law was passed in the Netherlands and is under debate in Belgium. Incumbent companies might strongly criticise this direction as it affects their attempts to apply high fees for connectivity to major online services providers such as Google. The fight for real Internet neutrality could be affected by such type of legislation, especially if more EU member states decide to pass similar laws. Slovenia reinforces net neutrality principles (3.01.2013) http://radiobruxelleslibera.wordpress.com/2013/01/03/slovenia-reinforces-net... ======================================================================= 6. Greater transparency and accountability of surveillance systems ======================================================================= A report called "Surveillance, Fighting Crime and Violence" was produced by the IRISS (Increasing Resilience in Surveillance Societies) project funded by the European Commission under the 7th Framework Programme. The report analyses the factors underpinning the development and use of surveillance systems and technologies by both public authorities and private actors, their implications in fighting crime and terrorism, social and economic costs, protection and infringement of civil liberties, fundamental rights and ethical aspects. The project has identified the following trends: (1) a substantial growth of public sector demand for surveillance bolstered by the adoption of identity schemes and terrorist detection technologies and markets, (2) an increase in the demand for civil and commercial surveillance, (3) the development of a global industry in surveillance, (4) an increase in integrated surveillance solutions, and (5) a rise in the government use of cross-border surveillance solutions. b The role of surveillance in law enforcement is expanding,b says IRISS project co-ordinator Reinhard Kreissl. b There has been a shift in its use in identifying offenders before they have committed a crime. This has affected the presumption of innocence in a way that citizens are now considered suspects (a shift to a presumption of guilt).b With the growth of encompassing preventive surveillance, the presumption of innocence as an important legal safeguard is gradually hollowed out. b There are numerous open questions about the usefulness and effectiveness of surveillance technologies and their possible rebound effects, specifically in relation to surveillance measures introduced to fight terrorism and organised crime without knowledge of their effectiveness and consideration of their negative side effects.b Among the reportbs other findings and recommendations, two of them should be mention in the current context: 1. Important social costs of surveillance include the social damage caused by false positives of suspects of criminal and terrorist activities, the categorical suspicion and discrimination of members of certain social or ethnic groups, the marginalising effects and social inequalities caused by invasive monitoring of those of lower social status, the inhibitory effects of surveillance which can undermine social and democratic activities, and the erosion of trust in society. 2. Data protection authorities as external overseers and regulators typically focus upon the privacy-related implications of surveillance and find it difficult to embrace a wider perspective of values in their regulatory exhortations and enforcement practice. The laws within which they operate do not normally give them a licence to roam across the range of values to invoke when they seek to limit surveillance. The report was produced by a consortium of 16 partners from universities, research institutes and companies from Austria, Belgium, Germany, Hungary, Italy, Norway, Slovakia, Spain and the United Kingdom. IRISS report: "Surveillance, Fighting Crime and Violence" (17.12.2012) http://irissproject.eu/wp-content/uploads/2012/02/IRISS_D1_MASTER_DOCUMENT_1... IRSS project http://irissproject.eu/ ======================================================================= 7. Kroes ignoring the problems on net neutrality? ======================================================================= Neelie Kroes, the European Commissioner for Internet-related policies, recently published an article in the French newspaper Liberation stating that while she was in favour of an open Internet and maximum choice that must be protected, and she believed that "consumers should be free to make their own choices about their Internet subscriptionsb, this "does not preclude consumers from subscribing to more differentiated, limited Internet offers, possibly for a lower price." The entire discussion occurred after Free, one of the largest ISPs in France, decided to block Web ads by default on its FreeBox router thus placing several ISPs which depend on advertising in a very bad position. This kind of practice can be avoided by making net neutrality mandatory through EU legislation which will ensure a fair competition on the market and will promote innovation. In her opinion, Kroes drew the attention that consumers b should not forget that choice has consequences. Opting for blocking ads or requesting privacy (bdo not trackb) may mean you donbt get access to content for free. The internet does not run on its own. The network, content and internet access all have to be paid for by someone. Many smaller web operators exist on the basis of innovative advertising models. There are various ways consumers pay for content, including by viewing advertisements before or during their access to content. Businesses should accept that different consumers will have different preferences, and design services accordingly.b However, less than one year ago, in May 2012 Kroes stated: b We have recently seen how many thousands of people are willing to protest against rules which they see as constraining the openness and innovation of the Internet. This is a strong new political voice. And as a force for openness, I welcome it, even if I do not always agree with everything it says on every subject. We are now likely to be in a world without SOPA and without ACTA. Now we need to find solutions to make the Internet a place of freedom, openness, and innovation fit for all citizens, not just for the techno avant-garde.b But now, the commissioner brings in the b free marketb argument in favour of differentiated offers which will actually restrict the open market for online services. b On net neutrality, consumers need effective choice on the type of internet subscription they sign up to. That means real clarity, in non-technical language. About effective speeds in normal conditions, and about any restrictions imposed on traffic b and a realistic option to switch to a b fullb service, without such restrictions, offered by their own provider or another. Ensuring consumer choice can mean constraints on others b in this case, an obligation for all internet service providers to offer an accessible b fullb option to their customers. But such choice should also drive innovation and investment by internet providers, with benefits for all. I am preparing a Commission initiative to secure this effective consumer choice in Europe.b La Quatrature du Net has been quick in reacting and qualified Kroesb opinion as a b shameless defence of operatorsb. b Net neutrality is not a question of market but, before anything else, a question of fundamental freedoms", stated Benjamin Sonntag, co-founder of La Quadrature du Net. Net Neutrality: Neelie Kroes Yields to Operator Pressure (17.01.2013) https://www.laquadrature.net/en/net-neutrality-neelie-kroes-yields-to-operat... Internet and filtering applications: a question of choice and recipes (in French, 16.01.2013) http://www.liberation.fr/medias/2013/01/16/internet-et-applications-de-filtr... Internet and filtering applications: a tale of choice and revenues (17.01.2013) http://blogs.ec.europa.eu/neelie-kroes/adgate/ Will Neelie Kroes Defend or Destroy EU Net Neutrality? (21.01.2013) http://blogs.computerworlduk.com/open-enterprise/2013/01/will-neelie-kroes-d... EU Commissioner Kroes won't be bullied on net neutrality, says spokesman (18.01.2013) http://www.pcadvisor.co.uk/news/internet/3421385/eu-commissioner-kroes-wont-... EDRi-gram: French Minister asks US company to uphold France's values (16.01.2013) http://edri.org/edrigram/number11.1/french-minister-net-neutrality ======================================================================= 8. Recommended Action ======================================================================= Sign The Brussels Privacy Declaration! On 24 January 2013, EDRi, Privacy International, EPIC and Bits of Freedom launched The Brussels Privacy Declaration during the Computers, Privacy and Data Protection Conference (CPDP) in Brussels. The declaration describes the concerns of civil society organizations as well as of academics and citizens about the data protection law reform and calls upon the European Parliament as and national governments to safeguards citizens' privacy rights. The declaration has been sent to MEPs and the European Commission on 28 January 2013 (Data Protection Day). The Brussels Privacy Declaration http://brusselsdeclaration.net/ ======================================================================= 9. Recommended Reading ======================================================================= RIP CleanIT (29.01.2013) http://www.edri.org/rip-cleanit Fear, uncertainty and doubt b the key threats to the fundamental right to privacy http://www.europeanprivacyday.org/fear-uncertainty-and-doubt-%E2%80%93-key-t... Copyright vs Freedom of Expression ECHR Judgment - Ashby Donald and others vs France (22.01.2013) http://echrblog.blogspot.co.uk/2013/01/copyright-vs-freedom-of-expression.ht... US free to grab EU data on American clouds (28.01.2013) http://euobserver.com/justice/118857 Study Maps the Emerging Ethics of File Sharing and Copyright Enforcement (15.01.2013) http://torrentfreak.com/study-maps-the-emerging-ethics-of-file-sharing-and-e... Letter to Skype about confidentiality concerns (24.01.2013) http://en.rsf.org/letter-to-skype-about-24-01-2013,43949.html Identity Project tells UN Human Rights Committee that US violates the right to travel (8.01.2013) http://papersplease.org/wp/2013/01/08/identity-project-tells-un-human-rights... ======================================================================= 10. Agenda ======================================================================= 2-3 February 2013, Brussels, Belgium FOSDEM https://fosdem.org/2013/ 14-15 February 2013, Vienna, Austria Internet 2013 - Shaping policies to advance media freedom http://www.osce.org/event/internet2013 21-22 February 2013, Washington DC, USA Intellectual Property and Human Rights Conference and Roundtable Discussion Webcasted live and archived http://www.wcl.american.edu/pijip/go/blog-post/intellectual-property-and-hum... 22 February 2013, Warsaw, Poland ePSIplatform Conference: "Gotcha! Getting everyone on board" http://epsiplatform.eu/content/save-date-22-february-2013-epsiplatform-confe... 21-22 March 2013, Malta Online Privacy: Consenting to your Future http://www.onlineprivacyconference.eu/ 6-8 May 2013, Berlin, Germany re:publica 2013 CfP by 31 January 2013 http://re-publica.de/en/ 20-21 June 2013, Lisbon, Portugal EuroDIG 2013 http://www.eurodig.org/ 25-26 June 2013, Barcelona, Spain 9th International Conference on Internet Law & Politics: Big Data: Challenges and Opportunities. http://edcp.uoc.edu/symposia/idp2013/?lang=en 25-26 June 2013, Washington, DC, USA 23rd Computers, Freedom and Privacy Conference (CFP) CfP by 1 March 2013 http://www.cfp.org/2013 31 July b 4 August 2013, Geestmerambacht, Netherlands Observe. Hack. Make. - OHM2013 https://ohm2013.org/ 23-26 September 2013, Warsaw, Poland Public Voice Conference 2013 35th International Data Protection and Privacy Commissioners conference http://www.giodo.gov.pl/259/id_art/762/j/en/ ============================================================ 11. About ============================================================ EDRi-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRi has 32 members based or with offices in 20 different countries in Europe. European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRi-gram. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and are visible on the EDRi website. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 3.0 License. See the full text at http://creativecommons.org/licenses/by/3.0/ Newsletter editor: Bogdan Manolea <edrigram@edri.org> Information about EDRi and its members: http://www.edri.org/ European Digital Rights needs your help in upholding digital rights in the EU. If you wish to help us promote digital rights, please consider making a private donation. http://www.edri.org/about/sponsoring http://flattr.com/thing/417077/edri-on-Flattr - EDRI-gram subscription information subscribe by e-mail To: edri-news-request@edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. Unsubscribe by e-mail To: edri-news-request@edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/mk/vesti/edri - EDRI-gram in German EDRI-gram is also available in German, with delay. Translations are provided by Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users http://www.unwatched.org/ - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask <edrigram@edri.org> if you have any problems with subscribing or unsubscribing. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE