EDRI-gram newsletter - Number 4.15, 2 August 2006

EDRI-gram newsletter edrigram at edri.org
Wed Aug 2 09:10:04 PDT 2006 

============================================================

            EDRI-gram

 biweekly newsletter about digital civil rights in Europe

     Number 4.15, 2 August 2006


============================================================
Contents
============================================================

EDRI-gram in German
1. Digital Rights Ireland Challenge to Data Retention
2. EU might fingerprint children even before 12 years old
3. End of activities Bits of Freedom
4. Telecom Italia wiretapping scandal
5. EU trying to push again biometrics on national ID cards
6. The French copyright law changed by the Constitutional Council
7. The Schengen Information System II delayed
8. Recommended reading
9. Agenda
10. About

============================================================
EDRI-gram in German
============================================================
Starting with July 2006, EDRI-gram will be available also in
German, a few days after the English edition. The translation is done by
Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for
Internet Users. Translations are available for all 2006 editions back to
issue 3.23 at :
http://www.unwatched.org/

============================================================
1.Digital Rights Ireland Challenge to Data Retention
============================================================
The Irish Government filed a challenge to the data retention directive on
6 July 2006. The challenge had been announced some time before by the
Minister for Justice but was filed just before the time limit for the action
had expired.

The case challenges the legal basis for the directive, alleging that this
was a matter relating to criminal justice and as such the appropriate
measure would have been a framework decision under the third pillar.
The challenge is purely procedural in nature, however, and does not
address privacy concerns about the directive. It appears that Slovakia,
which shared Ireland's concerns about the legal basis and also voted against
the directive, has decided not to bring a challenge of its own but will
support the Irish case.

Digital Rights Ireland (DRI) has written to the Irish Minister for Justice
and Law Reform, the Minister for Communications, Marine and Natural
Resources and to the Garda (Police) Commissioner. They have looked for
undertakings from them to cease breaching the Constitutional, statutory and
European rights of the citizens of Ireland by discontinuing data retention.
Failing a positive response, they have instructed their solicitors, McGarr
Solicitors, to prepare legal action.

The DRI challenge relates to both domestic data retention schemes (in place
since 2002) and the data retention directive. The challenge will seek to
have the domestic laws struck down as illegal, unconstitutional, and in
breach of the European Convention on Human Rights. The challenge will also
seek an injunction restraining implementation of the directive and a
referral to the European Court of Justice to test the legality of the
directive.

T.J. McIntyre, University College Dublin law lecturer and chairman of DRI
said: "This is a complete reversal of the assumption that people are
innocent until proven guilty. This legislation is the first time we have
seen any state impose mass surveillance on its population on the basis that
at some point in the future someone might commit a crime.

This mass surveillance by the state is a breach of our right to privacy, as
set out in our constitution and in the European Convention on Human Rights.

At the moment, the movements and telephone calls of every citizen are being
monitored. If we allow the EU directive to be implemented, this surveillance
will extend to the emails and web browsing of every citizen.

The undertakings we have sought from the Ministers for Justice and
Communications and the Garda Commissioner are urgently required if the
ongoing breach of citizens' rights is to stop. If they are not forthcoming
we have informed all the parties that our legal team have instructions to
commence legal proceedings."

Ireland in court challenge to terror directive (20.5.2006):
http://home.eircom.net/content/irelandcom/topstories/8095654?view=Eircomnet

Irish Government challenges Data Retention Directive - but ignores privacy
rights (7.07.2006)
http://www.digitalrights.ie/2006/07/07/irish-government-challenges-data-reten
tion-directive-but-ignores-privacy-rights/

DRI challenge to Data Retention (29.07.2006)
http://www.digitalrights.ie/2006/07/29/dri-challenge-to-data-retention/

State may face legal challenge over its access to phone data (29.07.2006)
http://www.ireland.com/newspaper/front/2006/0729/1154075749923.html

EDRI-gram : European parliament adopts data retention directive (18.01.2006)
http://www.edri.org/edrigram/number4.1/dataretention

(Contribution by TJ McIntyre, Digital Rights Ireland)

============================================================
2. EU might fingerprint children even before 12 years old
============================================================
The report from the EU Council Presidency meeting of 26 June 2006 proposes
that all children in the European Union should be mandatory fingerprinted if
they are over 12 years old. "If provided for by national legislation"  this
action could be extended to all children, even below 12 years of age.

The Council is putting under discussion fingerprints as compulsory for EU
passports in order to prevent passport fraud. The decision will be taken in
a secret  meeting of a committee made of representatives of the 25
governments and chaired by the European Commission.

The text proposed by the EU Council says that a member state can establish
the age limit as low as they want and after 12, this process is mandatory.
It will mean taking a biometric identifier from children at an "enrolment
centre".

The same document also proposes the "scanning of the facial image" from 0 to
12 of age with storage in a chip according to the national legislation and
compulsory after 12, for EU passports.

The scanning and storage on a "chip" means "digitising" the normal passport
picture sent by post, not requiring the presence of the child. Reports say
that small children are not suitable for "biometric face recognition by
means of a photograph".

The same issues are valid for fingerprints. The scientific studies have
shown that below the age of 6, fingerprints are not developed enough for
biometric capture.

The UK, meanwhile, stated that it had encountered no special problems in
collecting fingerprints from five-year-old asylum seekers. The tests were
carried out at 2 asylum centres in London and Liverpool and were meant to
prevent multiple registration for extra-benefits.

The different approaches of the member states on this matter was highlighted
also during the June meeting of the Visa Working Party. For instance,
Germany stated that the national legislation was stipulating the age of 14
for biometric data for German nationals but was in favour of a
differentiated approach and wished to go down to the age of 6 for visa
applicants. The UK delegation said that storing facial image "(at any age)"
was a security measure "even if it can not be used for facial recognition"
and stated that it could go down to 5 years old for fingerprinting, based on
the tests carried out in asylum centres. The Netherlands gave the age of 6
for taking fingerprints while Sweden also stated it could agree with the age
of 6 for passports.

According to Statewatch editor Tony Bunyan, the discussions in the EU
related to the minimum age for fingerprinting are just related to technical
possibilities and have nothing to do with whether this is right or wrong
from the moral or political standpoint. He stated these decisions are made
in secret meetings on the basis of secret documents, and do not take into
consideration the opinions of people and parliaments. Also, that with this
proposal, EU states will be given the freedom to fingerprint children from
the day they are born provided they have the necessary technology for that.

EU states will be free to fingerprint children from day one of their life as
soon as it is technologically possible (07.2006)
http://www.statewatch.org/news/2006/jul/08fingerprinting-children.htm

Report from the EU Council Presidency meeting ( 26.07.2006)
http://www.statewatch.org/news/2006/jul/9403-rev1-06.pdf

Report from the Visa Working Party/Mixed Committee(13-14.06.2006)
http://www.statewatch.org/news/2006/jul/10540-06.pdf

Millions of children to be fingerprinted (30.07.2006)
http://observer.guardian.co.uk/uk_news/story/0,,1833407,00.html

Asylum toddlers get fingerprinted (15.05.2006)
http://news.bbc.co.uk/1/hi/uk_politics/4773005.stm

EDRI-gram : EU governments want 2 biometric identifiers for every citizen
(3.11.2004)
http://www.edri.org/edrigram/number2.21/biometrics

============================================================
3. End of activities Bits of Freedom
============================================================
>From 1 September 2006 the Dutch NGO Bits of Freedom (BOF) will cease
its activities. Since its establishment in 2000, Bits of Freedom has
successfully defended digital civil rights, such as privacy on the
Internet and online freedom of speech in the Netherlands. The board
of Bits of Freedom doesn't see any possibilities to continue the
activities now that the two employees (Maurice Wessling and Sjoera
Nas) have both decided to leave. Another cause for the demise of the
organisation is the continuing uncertainty about the finances. The
foundation does not have any financial reserve and in spite of
generous company sponsors and private donations, it was increasingly
difficult to create a workable budget. The office in Amsterdam will
be closed on 1 September and the organisation will not have employees
any more. Legally, the foundation will not be dismantled, in order to
allow the board to continue the annual presentation of the Big Brother
Awards.

Since its establishment, Bits of Freedom has advocated the upkeep of
fundamental civil rights in the digital era. During the past 6 years
both governments and companies have initiated many measures and
activities that have endangered civil rights. Governments have
extended their powers in many ways. In stead of dedicated
investigations into the activities of people suspected of serious
crimes, law enforcement authorities silently but massively revert to
data-mining techniques to examine the daily behaviour of innocent
citizens. This sets unwarranted and unprecedented limits to personal
privacy. Necessity and effectiveness of many new legal measures have
- unjustly - been left out of the debate.

During the last six years, Bits of Freedom developed expertise on
many topics, from the legal interception of telephony and internet
communications to privacy & RFID. BOF also dedicated serious research
to other topics such as spam, copyrights and internet notice and
takedown. The organisation has fulfilled an important role as policy
watchdog and has alerted a large audience on many new threats to
civil rights. This was also made possible by collaborations with many
other academic and consumer organisations, individual experts and
sympathisers.

Fundamental rights, especially privacy, are of the utmost importance.
Bits of Freedom definitely does not cease its activities with a
satisfied feeling of having accomplished the most important goals. To
the contrary, a bottom-up civil rights movement in the Netherlands
seems more necessary than ever. Bits of Freedom was one of the
founders of European Digital Rights in 2002. The employees and board
of Bits of Freedom wish EDRI success in its important future work.

Bits of Freedom
http://www.bof.nl/

(Contribution by Maurice Wessling - EDRi-member Bits of Freedom Netherlands)

============================================================
4. Telecom Italia wiretapping scandal
============================================================
Telecom Italia, one of the major electronic communications providers in
Italy is in the middle of a huge scandal regarding the illegal wiretapping
and surveillance of the telephone networks.

The journalists from the weekly L'Espresso have proven that an entire system
called Radar was capable of recording sensitive information about millions
of Italians. The system was discovered by the internal audit, but also by
the Milan Prosecutors that have opened an investigation against Marco
Mancini, the deputy director and director of the first "foreign" or
counter-intelligence division SISMI (Military Intelligence and Security
Service) and his friends Giuliano Tavaroli former director of security in
Telecom Italia and Emanuele Cipriani, owner of the private investigation
company Polis d'Istinto.

Tavaroli, who occupied the key national position to which were passed all
authorized requests by magistrates to make wiretaps, has recently resigned
and is under investigation by the Milan Prosecutors for association in
violating privacy. In the computers of another central figure of the
scandal, Cipriani, the magistrates have found a huge archive of files
regarding magistrates, political persons, football players and referees -
all the major figures in the recent scandals in Italy. Apparently, wiretaps
that could have been used to blackmail them were also found during the
investigation.

According to Telecom Italia's own investigation, their procedure and
machines used for the legal wiretaps had a number of flaws and it was
technically possible to spy on the telephone conversations, without leaving
any trace. Moreover the interceptions were analysed with two special
software programs: Enterprise Miner and Analyst's Notebook.

An investigation was started also by the Italian Data Protection Commission
(Garante per la protezione dei dati personali) to check if the personal
data protection requirements have been observed.

The situation has become much more complicated after the recent death of
Adamo Bove, an investigation cop and a leading expert on electronic
surveillance who apparently committed suicide by jumping from the highway.
Bove had been hired by TIM to manage their Radar software
system and had discovered a flaw in the system allowing people to enter the
Telecom system without a trace. He announced the fact to the Milan
magistrates, that has lead to the above-mentioned top-secret investigation.

The telecom wiretapping scandal has shown that private companies and
reporters in connection with SISMI were able to access information regarding
Italian citizens, using the system in place for legal wiretapping.

The man from the case "Thus they were spying for Telecom" speaks (only in
Italian, 2.06.2006)
http://www.repubblica.it/2006/05/sezioni/cronaca/spionaggio-calcio/parla-007-
privato/parla-007-privato.html

The suicide thriller, poisons and a too slow investigation (only in Italian,
24.07.2006)
http://www.repubblica.it/2006/07/sezioni/cronaca/suicidio-bove/giallo-inchies
ta/giallo-inchiesta.html

Telecom case - The Data Protection Authority makes a move (only in Italian,
29.05.2006)
http://punto-informatico.it/p.aspx?id=1504309

Need for Enhanced Security Measures in Processing Telephone Traffic Data -
Decision of 1 June 2006 - Italian Data Protection Authority (1.06.2006)
http://www.garanteprivacy.it/garante/doc.jsp?ID=1303462

007 Operazione Corriere (only in Italian, 1.06.2006)
http://espresso.repubblica.it/dettaglio/007%20Operazione%20Corriere/1300368//
0

============================================================
5. EU trying to push again biometrics on national ID cards
============================================================
According to a EU document presented by Statewatch in July 2006, The Visa
Working Party on 13-14 June 2006 proposed another approach on the issue of
the biometrics to be introduced on national ID cards.

The issue had met resistance back in February when several members of the
European Council have expressed doubts especially as Belgium and the Czech
Republic opposed to the measures proposed by EU, without a public
debate.

In December 2005 the two governments gave a statement by which expressed
their view that the introduction of biometrics into the ID national cards
involved discussions of private life protection, financial and
organizational issues, besides the technical aspect.

The report of the meeting of the Visa Working party state that Council's
Legal Service "confirmed that as there is no legal basis in the Treaty
governing these issues that could, indeed, be the way to take this matter
forward!", meaning the Council has no legal powers to introduce the
biometrics for national ID cards and leaving this issue at the decision of
each member state.

The Conclusions of the Council, although non-binding, are however used to
give legitimacy to the national measures thus paving the way for a
"harmonized" approach when enough member states follow the standards.

Biometrics and national ID cards back on the table (07.2006)
http://www.statewatch.org/news/2006/jul/09eu-id-cards.htm

Report from the Visa Working Party/Mixed Committee(13-14.06.2006)
http://www.statewatch.org/news/2006/jul/10540-06.pdf

Commission to resurrect biometric ID cards? (02.02.2006)
http://www.statewatch.org/news/2006/feb/02com-Id-cards.htm

============================================================
6. The French copyright law changed by the Constitutional Council
============================================================
The French Constitutional Council ruled on the most controversial copyright
and related rights law, known as DADVSI law, concluding that some
provisions of the law "violated the constitutional protections of property".

The Council has considered as unconstitutional several provisions adopted by
the French Parliament that were meant to balance the initial text which was
too much in favour of the industry, thus making the law even stricter.

One of the aspects considered by the Council as against the equality
principle was the gradual system in the application of fines for making
works available on P2P networks, which was ranging from 38 to
150 euros. Under the circumstances, the penalties remain at the level of 3
years of imprisonment and 300,000 euros in fines.

"By eliminating the reduced penalties, the council put ordinary people
sharing music back in the same league as criminal counterfeiters," said
Jean-Baptist Soufron, legal director for the Association of Audionautes.

Probably the most severe decision of the Council is related to provisions
related to interoperability. Basically the Council considered the government
did not define interoperability properly and withdrew interoperability from
the DRM circumventions exceptions.

This definitely pleased Apple. Dominique Menard, partner at the Lovells law
firm and a specialist in intellectual property said: "The Constitutional
Council has highlighted fundamental protections for intellectual property in
such a way as to put iTunes a little further from risk of the French law."

The Council changed also some of the provisions adopted by the French
Parliament making the creators of file-sharing software and software that
could interact with DRM-protected content to be sued by copyright holders,
even if the "software is intended for non-copyrighted contents".

The law, which is now stricter than the initial text, will be either
promulgated and then published in the Official Journal after which it can
enter into force or it can be resubmitted to the Parliament for further
discussions.

DADVSI : The Constitutional Council makes the law tougher ! (27.07.2006)
http://www.ratiatum.com/news3414_DADVSI_Le_Conseil_Constitutionnel_aggrave_la
_loi.html

The DADVSI law validated and made stricter by the Constitutional Council
(27.07.2006)
http://www.pcinpact.com/actu/news/30385-La-loi-DADVSI-validee-en-partie-par-l
e-Conse.htm

EDRI-gram : New French copyright law gives Apple satisfaction (5.06.2006)
http://www.edri.org/edrigram/number4.13/frenchcopyright

Parts of French "iPod law" ruled unconstitutional (29.07.2006)
http://arstechnica.com/news.ars/post/20060729-7380.html

============================================================
7. The Schengen Information System II delayed
============================================================
Scheduled to start operating in June 2006, the Schengen Information System
II (SIS II) that would allow the competent authorities in the Member States
to obtain information regarding certain categories of persons and property,
will be delayed, as it resulted from a meeting of ministers of the interior
and ministers of justice from EU member states in Brussels.

The reasons given for the delay were related to legal and technical
problems. Several European data protection commissioners who are
supposed to approve of SIS II have shown resistance to the system
considering there is not enough information of the way in which the
collected data will be used by the police. The degree of access of the
police to the biometric data included in the new passports has not yet been
established.  From the technical standpoint, the database system, initially
to be set up in Strasbourg by Steria Mummert Consulting and HP Belgium, now
undertaken by Unisys and Microsoft has not yet been completed as the data
base is supposed to contain all exist and entry data, which is a very
difficult task.

The integration of the new EU members in the system in 2007 appeared as no
longer realistic and the discussions are now whether to speed up the system
or prepare it in stages.

In the opinion of Bernhard Marfurt, the Swiss Ambassador for EU, developing
SIS II in stages might make it technically obsolete. "SIS II must above all
keep pace with technical developments," he said.

At a first phase, this delay means that in 2007 travellers will still have
to show their passports at the borders of EU with the new member states but
effects are expected in the long run as well. Events like the European
Soccer Championship in 2008 could determine Switzerland and Austria to take
the same attitude Germany took during the latest Soccer World Cup meaning
reintroducing their border controls during the event. The reintroduction of
border controls at EU borders in Germany was mainly aimed at stopping
potential criminals, especially violent football fans, from entering the
country.

Schengen Information System II will experience a delay (26.07.2006)
http://www.heise.de/english/newsticker/news/75955

Germany to temporarily have checks at its borders for the Football World Cup
(25.04.2006)
http://www.heise.de/english/newsticker/news/72347

Schengen Information System
http://europa.eu/scadplus/leg/en/lvb/l33183.htm

EDRI-gram : EU Parliament Members want more privacy in SIS II (10.05.2006)
http://www.edri.org/edrigram/number4.9/sisII

============================================================
8.Recommended reading
============================================================
Report with a proposal for a European Parliament recommendation to the
Council on the negotiations for an agreement with the United States of
America on the use of passenger name records (PNR) data to prevent and
combat terrorism and transnational crime, including organised crime.
Prepared by Committee on Civil Liberties, Justice and Home Affairs
Rapporteur: Sophia in 't Veld
http://www.statewatch.org/news/2006/jul/ep-libe-eu-us-pnr-report.pdf

============================================================
9.Agenda
============================================================
2-4 August 2006, Bregenz, Austria
2nd International Workshop on Electronic Voting 2006
http://www.e-voting.cc/stories/1246056/

3 August 2006 , Prague, Czech Republic
Travellers privacy and EU - One day seminar organized by Iuridicum Remedium,
providing a space for privacy experts to meet Czech officials to discuss
passports, biometrics, RFID, PNR deal and other issues related to privacy
risks possibly encountered by travellers in the EU.
http://www.bigbrotherawards.cz/en/index.html

14 August 2006, London, UK
Scrambling for Safety 8
Discussions on the two current Home Office RIPA
consultations (on government access to decryption keys and the code of
practice for government access to phone/Internet usage data).
http://dooooooom.blogspot.com/2006/07/public-meeting-on-ripa-consultations.ht
ml

2-4 September 2006, Jerusalem, Israel
NATO Advanced Research Workshop on Identity, Security and Democracy; Social,
Ethical and Policy implications of Automated Systems for Human
Identification organised by the Centre for Science, Society and Citizenship
and the Israeli Center for the Study of Bioterrorism.
http://www.biteproject.org

7-8 September 2006, Munich, Germany
1st Conference on Policy, Law and Economics
of Intellectual Property - European Policy for Intellectual Property
http://www.epip.eu/activities_conferences.php

14-16 September 2006, Berlin, Germany
Wizards of OS 4 Information Freedom Rules
http://wizards-of-os.org/

14-15 September, Barcelona, Spain
A New Open Europe: Public access to documents and data protection
http://www.statewatch.org/news/2006/jul/open-europe.pdf

===========================================================
10. About
===========================================================
EDRI-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRI has 21 members from 14 European countries and 5 observers
from 5 more countries (Italy, Ireland, Poland, Portugal and Slovenia).
European Digital Rights takes an active interest in developments in the EU
accession countries and wants to share knowledge and awareness through the
EDRI-grams. All contributions, suggestions for content, corrections or
agenda-tips are most welcome. Errors are corrected as soon as possible and
visibly on the EDRI website.

Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 2.0 License. See the full text at
http://creativecommons.org/licenses/by/2.0/

Newsletter editor: Bogdan Manolea <edrigram at edri.org>

Information about EDRI and its members:
http://www.edri.org/

- EDRI-gram subscription information

subscribe by e-mail
To: edri-news-request at edri.org
Subject: subscribe

You will receive an automated e-mail asking to confirm your request.

unsubscribe by e-mail
To: edri-news-request at edri.org
Subject: unsubscribe

- EDRI-gram in Macedonian

EDRI-gram is also available partly in Macedonian, with delay. Translations
are provided by Metamorphosis
http://www.metamorphosis.org.mk/edrigram-mk.php

- EDRI-gram in German

EDRI-gram is also available in German, with delay. Translations are provided
Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for
Internet Users
http://www.unwatched.org/

- Newsletter archive

Back issues are available at:
http://www.edri.org/edrigram

- Help
Please ask <edrigram at edri.org> if you have any problems with subscribing or
unsubscribing.

----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

More information about the cypherpunks-legacy mailing list