EDRI-gram newsletter - Number 4.19, 11 October 2006

EDRI-gram newsletter edrigram at edri.org
Wed Oct 11 10:35:39 PDT 2006 

============================================================

            EDRI-gram

 biweekly newsletter about digital civil rights in Europe

     Number 4.19, 11 October 2006


============================================================
Contents
============================================================

1. New EU-US interim deal on Passenger Name Record
2. The European Parliament ready to vote on EPLA
3. The broadcast treaty stalled by WIPO General Assembly
4. Filesharing and digital evidence case in Sweden
5. SWIFT found in breach of Belgian laws
6. European e-voting machines cracked by Dutch group
7. Open Letter against the revision of the Swiss copyright law
8. Digital Restriction Management - drm.info
9. ENDitorial : PNR & Institutional Mechanisms of Privacy Protection
10. Recommended reading
11. Agenda
12. About

============================================================
1. New EU-US interim deal on Passenger Name Record
============================================================
The previous agreement adopted in 2004 on EU-US personal data sharing was
annulled by the European Court of Justice in Luxembourg in May 2006,
invoking the wrong legal basis. After a series of negotiations between UE
and US a new interim agreement was concluded on 6 October 2006.

The old agreement was kept in force by the Court decision until 30
September. This explains the rush of the EU and US officials in agreeing on
a new decision. From the privacy point of view, the new agreement is worse
than the previous act.

According with the new deal, 34 types of passenger data - including names,
telephone numbers, addresses, credit card information, bank account numbers,
email addresses, type of meals served on board and other details of their
reservation for US - will be send to the US authorities.

The agreement foresees that the US officials will not "pull" the information
from airlines computers, but the data will be "pushed", so the data will be
much more easily accessible. The data should be sent by the airlines to the
US authorities databases within 15 minutes after of a plane takes off from
an EU country to US. It appears that the new "push" system would be tested
before the end of the year.

Following the pressure from the US authorities, the PNR data will be
available also to several US counter-terrorism agencies, if they have
"comparable standards of data protection " with EU as the Commissioner
Frattini underlined. The carriers who do not provide the right information
are liable for fines up to 5 000 EUR/passenger or even the withdrawal of
the landing rights.

The new deal will be formally approved by the Justice Ministers across EU
that should meet later this week. This agreement will be in force until the
end of July 2007, but new negotiations for a permanent deal will
probably begin in November.

A lot of criticism to the PNR interim deal occurred soon from the civil
rights groups, but also from members of the European Parliament. Cem Ozdemir
(DE-Greens) considered : "It is disturbing that the EU capitulated to US
demands to allow more agencies access the data."

Sophie In't Veld (NL, ALDE group), the EP rapporteur on PNR issues, has
planned a public debate on the matter for 11 October during the plenary
session of the Parliament. Ms. Veld has also sent a letter to Commissioner
Frattini asking him to clarify a series of issues of the PNR deal for this
debate.

Passenger information row settled (6.10.2006)
http://www.guardian.co.uk/uklatest/story/0,,-6129789,00.html

EU and US strike deal on air passenger data (6.10.2006)
http://euobserver.com/9/22590

Passenger data deal for US and EU (6.10.2006)
http://news.bbc.co.uk/1/hi/world/europe/5412092.stm

EU-USA Agreement on PNR : EU put in danger the saftey of European citizens
and residents (only in French, 6.10.2006)
http://www.iris.sgdg.org/info-debat/comm-pnr1006.html

Letter from Sophie In't Veld to Commissioner Frattini asking a series of
questions on the agreement (10.06.2006)
http://www.statewatch.org/news/2006/oct/eu-us-pnr-letter-to-commission.pdf

Transfer of passenger name records (PNR) : the new agreement between
the EU and the USA is an unacceptable infringement of the respect for
human rights and data protection (9.10.06)
English version
http://www.aedh.net/eng/index.php?cat=com_ex&com=last&com_id=92
French Version
http://www.aedh.net/index.php?cat=com_ex&com=last&com_id=91

EDRI-gram : EU-US agreement on passenger data transfer annulled (7.06.2006)
http://www.edri.org/edrigram/number4.11/pnr

============================================================
2. The European Parliament ready to vote on EPLA
============================================================
The European Patent Litigation Agreement (EPLA) will be the subject of a
motion for a resolution  in the European Parliament, after a compromise was
made and filed by the three big groups of MEPs (EPP-ED, PES and ALDE).

The three groups drafted a motion that " urges the Commission to explore all
possible ways of improving the patent and patent litigation systems in the
EU, including participation in further discussions on the EPLA and acceding
to the Munich Convention as well as revising the Community Patent proposals;
as regards the EPLA, considers that the proposed text needs significant
improvements and a satisfactory proposal for the Rules of Procedure of the
EPLA Court".

Florian Mueller, anti-software patent campaigner referred to the proposal
made by the three groups as a "pretty reasonable compromise", and a
"defensive victory" for the anti-EPLA partisans.

The Foundation for a Free Information Infrastructure (FFII) has described
the same resolution proposal as "a compromised compromise" but expects the
EP to adopt an improved version. FFII staff works to gain substantial
improvements.

The European Patent Office is pushing hard towards the creation of an
"enhanced patent culture" in Europe, as expressed by its President, Alain
Pompidou during the EPO online services conference in Lisbon on 9 October.

The critics of the proposal believe that EPO will be given too much power,
that it would result in an increase of costs for enforcing and challenging a
patent. This would also lead to legitimising software patents and undermine
the judiciary systems.

EP will vote on 12 October 2006 on a motion for a resolution concerning the
EPLA. The Greens, GUE/NGL and a group of EPP/PES/ALDE MEPs lead by Zverina
MEP have each tabled their own amendments which could improve the motion.

Jonas Maebe from FFII commented on this :
" They want to remove a request for the EU to accede to the European
Patent Convention, since that would transfer many EU patent-related
competences to the mostly unaccountable European Patent Organisation.
And rather than merely asking to improve the EPLA, they mention the
actual problems with this draft agreement: the lack of
accountability, cost and judicial independence concerns. Finally,
they also ask for an opinion of the European Court of Justice
regarding treaty-related concerns and once more stress the quality
problems that plague the European Patent Office's output.

We hope that these modest yet important amendments will receive
significant support from MEPs. Not amended, the compromise motion
would only call for removing democratic control and independent
judicial oversight from as many EU patent competences as possible. We
do not believe this is something most Members really want."

FFII France - Patents and Innovation in danger at the European Parliament
(only in French, 11.10.2006)
http://www.ffii.fr/epla-vote-amendements

Patentmeister weighs in on Euro IP system (9.10.06)
http://www.theregister.co.uk/2006/10/09/epo_supports_epla/

A compromise in European patenting debate? (5.10.06)
http://www.theregister.co.uk/2006/10/05/compromise/

Commissioner says EU patent doubts 'legitimate'
(29.09.06)
http://www.theregister.co.uk/2006/09/29/legitimate_doucts/

Commission statement - Future action in the field of patents
European Parliament Plenary Session, Strasbourg, (28.09.2006)
http://europa.eu.int/rapid/pressReleasesAction.do?reference=SPEECH/06/546&for
mat=HTML&aged=0&language=EN&guiLanguage=en

EDRI-gram: Europe faces software patents threat again (27.09.2006)
http://www.edri.org/edrigram/number4.18/patsoft

============================================================
3. The broadcast treaty stalled by WIPO General Assembly
============================================================
The General Assembly of the World Intellectual Property Organisation (WIPO)
has decided that the very controversial proposed treaty on the protection of
broadcasting organizations, including cablecasting organizations, must be
approved by two more meetings before being put for discussion in a
diplomatic conference established to take place from 19 November to 7
December 2007.

The General Assembly considered these two meetings as necessary to achieve
enough consensus among member states, as India, US and Brazil had
objected to introducing the treaty immediately to a conference.

Addressing the General Assembly, Robin Gross, executive director of IP
Justice, said: "A diplomatic conference is now contingent upon member states
reaching consensus where there are currently great differences such as the
inclusion of anti-circumvention measures in the treaty and outlawing
Internet retransmissions of programs."

Discussions will continue in the  January 2007 meeting at WIPO and in June
2007 at a meeting held along with a preparatory meeting for the Diplomatic
Conference.

The proposed treaty creates a new right for broadcasters on the content of
broadcasts, even if the creator of the content is a third party. However
this might lead to the situation when the creators no longer have permanent
control over the content for which they have copyright.

The 2007 conference will define the scope of a future treaty, as well as the
duration of any protection granted.

This decision of the General Assembly is encouraging, showing that WIPO is
not a simple tool in the hands of the industries.

Broadcast treaty needs sounding out, says WIPO (4.10.06)
http://www.out-law.com/page-7357

General Assembly approves convening of diplomatic conference on the
protection of broadcasting organizations (2.10.06)
http://www.wipo.int/edocs/prdocs/en/2006/wipo_pr_2006_460.html

U.N. convenes broadcasting treaty talks in 2007 (2.10.06)
http://today.reuters.com/news/articlenews.aspx?type=industryNews&storyID=2006
-10-02T175644Z_01_L02127263_RTRIDST_0_INDUSTRY-TELECOM-WIPO-DC.XML

WIPO broadcast treaty abandons rights-based approach (3.10.06)
http://arstechnica.com/news.ars/post/20061003-7891.html

WIPO General Assembly Puts Brakes on Broadcast Treaty, Overrules Chairman
(2.10.06)
http://ipjustice.org/wp/2006/10/02/wipo-general-assembly-decision-on-broadcas
t-treaty-2/

EDRI-gram : Opposition to draft WIPO Broadcast Treaty (13.09.06)
http://www.edri.org/edrigram/number4.17/wipobroadcast

============================================================
4. Filesharing and digital evidence case in Sweden
============================================================
Andreas Bawer was accused in 2005 of sharing a film, called Hip Hip Hora,
breaching the Swedish Penal Code. He was found guilty in the Swedish Court
of First Instance, (Vdstmanlands Tingrdtt) in December 2005. However, in a
recent decision on 2 October 2006 of the Swedish Appeal Court (Svea Hovrdtt)
he was acquitted, the court identifying several faults in the digital
evidences presented.

Bawer, having allegedly shared film files, could, in accordance with the
Swedish penal code, be sentenced for criminal liability on condition it was
proven beyond reasonable doubt that the IP address used for file
sharing was assigned to the computer Bawer owned or used, and  that
the court could not rule out others had used the said computer at the time
of the alleged file sharing. The legal question in issue was whether there
was sufficient evidence of probability that Bawer had shared a film file Hip
Hip Hora.

In Swedish law, the prosecuting authority has the burden of proof both for
the subjective and objective conditions for criminal liability, and only
evidence proven before the court make up the basis for the court4s
assessment and judgement. In the Bawer-case the prosecuting authority
contended the IP address was connected to Bawer4s computer. The evidence was
a record made by the Swedish Antipiratbyren (Swedish Antipiracybureau) of
Bawer4s file sharing. Antipiratbyren had access to a file sharing service
named Walhall through which it made a search for the film Hip Hip Hora which
allegedly was made available by Bawer. Antipiratbyren requested to
download the film from Bawer using the file-sharing service Walhall, through
which a download was performed. With the control program CommView, the
Antipiratbyren recorded the traffic data between the computer of
Antipiratbyren and Bawer's computer.

Expert witnesses proved several faults with the record of the traffic data
carried out by the Antipiratbyren through its use of the control program
CommView. First, the recorded IP address could have belonged to a router or
a firewall, which in turn, could have assigned the IP address to the culprit
to use for filesharing. Second, the control program CommView monitored
simultaneously file sharing carried out with different IPaddresses, whereas
only one filesharing was recorded without any description of how the
evidence was secured. Third, the record of the file sharing did not show a
transcript of the time zone used for the record. Fourth, the record of the
file sharing did not show a transcript of the date and time for the file
sharing allegedly committed by Bawer. Fifth, the programs used to define the
time of the record on the CD/DVD made by the Antipiratbyren showed
discrepancies. Hence, the Swedish Appeal Court could not prove beyond
reasonable doubt that the film file was shared from Bawer's computer.
Consequently, Bawer was acquitted.

The judgement shows the difficulties in proving with sufficient probability
who acted, from where and at what time. The problems of digital evidence are
complex and of a heterogeneous character. Electronic evidence, such as
traffic, location and time data, can originate, be scattered and end on
different formats and different coordinates in time and space, and may
easily be manipulated and hard to identify, due to services offering
anonymity or pseudonymity.

Court citation- Judgement - Svea Hovrdtt (Swedish Appeal Court)(in Swedish
only, 2.10.2006)
http://www.domstol.se/default____966.aspx

File Sharer acquitted (in Swedish only, 3.10.2006)
http://www.aftonbladet.se/vss/rss/story/0,2789,898480,00.html

Freedom of actions for file sharers ? ( in Norvegian only, 5.10.2006)
http://forbruker.no/digital/nyheter/data/article1480842.ece

(Contribution by Georg Philip Krog, doctoral researcher in Private
International Law, University of Oslo - Norway)

===========================================================
5. SWIFT found in breach of Belgian laws
===========================================================
A report issued by the Belgian Government on the very discussed SWIFT case
of transfer of financial transaction data to the U.S. Government, concluded
that SWIFT breached the Belgian law.

The Belgian Commission responsible with the first report on the case stated:
"The Commission is of the opinion that SWIFT finds itself in a conflict
situation between American and European law and that SWIFT at the least
committed a number of errors of judgement when dealing with the American
subpoenas."

The report says: "SWIFT should have complied with its obligations under the
Belgian privacy law, amongst which the notification of the processing, the
information, and the obligation to comply with the rules concerning personal
data transfer to countries outside the EU."

The report also states that SWIFT, in transferring data to the US Treasury
should have observed the fundamental principles of European law such as
"the principle of proportionality, the limited retention period, the
principle of traprotection level."

The commission reckoned SWIFT had tried to provide certain guarantees
through its negotiations with the U.S. Treasury, but considered these
attempts were inappropriate. It also stated that SWIFT should have notified
Privacy Commissioners and not only G-10 banks.

The European Data Protection Supervisor (EDPS) has also criticised the
European Central Bank (ECB) as a SWIFT customer, for not stopping the
Belgian banking company from sending European transaction details to US
authorities.

EDPS stated: "As to the role of the ECB as a SWIFT customer, the EDPS could
not avoid feeling that it had accepted an inappropriate risk by continuing
to transfer financial data through SWIFT after becoming aware of the
arrangement with the US authorities. As to the role of the ECB as financial
overseer, the EDPS would have expected more initiative to bring this
arrangement - of which it was made aware in February 2002 - to the notice of
relevant authorities and responsible governments".

According to a set of recent non-answers provided by SWIFT to the questions
from EDRi-member quintessenz, SWIFT confirmed is still confronted with
ongoing subpoenas by US treasury and they still hand over large datasets .

Belgian Prime Minister condemns SWIFT data transfers to U.S. as 'illegal'
(28.09.06)
http://www.privacyinternational.org/article.shtml?cmd[347]=x-347-543789

EU privacy chief slams central bank over SWIFT claims (4.10.06)
http://www.out-law.com/page-7359

SWIFT answers to quintessenz Questions (2.10.2006)
http://quintessenz.org/doqs/000100003696/2006_10_02,SWIFT_Questions.pdf

EDRi-gram: European bodies discuss the SWIFT case (30.08.2006)
http://www.edri.org/edrigram/number4.16/swift

===========================================================
6. European e-voting machines cracked by Dutch group
===========================================================
The voting computers used to cast 90% of the votes in Netherlands were
cracked by a Dutch Group called "Wij vertrouwen stemcomputers niet" (We do
not trust voting computers).

In a live public show on 4 October 2006 on the Dutch television channel
Nederland 1, the group proved how the control program of such a voting
machine - called Nedap/Groenendaal ES3B - could be replaced by exchanging 2
EPROMS on the board. The entire demonstration lasted less than 5 minutes.

The demonstration was followed by a public report released on 6 October that
explains how the program works, how the software was created and how they
can gain complete control over the election results. It is almost impossible
for election monitors or voters to detect any change. Moreover, it also
shows how the group discovered that radio emanations from an unmodified ES3B
can be received at several meters distance and be used to tell who votes
what.

The report comes at a delicate moment, with just one month and a half before
the Parliamentary elections in Netherlands where the e-voting machines
should be extensively used. The same computer voting is also being used in
parts of Germany and France, with minor modifications.

Use of this machine in Ireland is now on hold after significant doubts were
raised. Colm MacCarthaigh from Irish Citizens for Trustworthy E-voting,
after looking at the compromised Nedap machines, said that :  "The attack
presented by the Dutch group would not need significant modification to run
on the Irish systems".

Maurice Wessling, of Wij vertrouwen stemcomputers niet, underlined:
"Compromising the system requires replacing only a single component,
roughly the size of a stamp, and is impossible to detect just by looking at
the machine".

After the Irish reaction, the German NGO Computer Chaos Club has also asked
for a ban on this e-voting machine, considering that it does not meet the
basic standard of the German law.

The Dutch report showed flaws similar to those discovered in Diebold
Election Systems Inc.'s touch-screen voting machine, by Edward Felten,
director of Princeton University's Center for Information Technology Policy.
The flaws were presented in a public report released in September 2006 -
Security Analysis of the Diebold AccuVote-TS Voting Machine.

"We do not trust voting computers" Foundation
http://www.wijvertrouwenstemcomputersniet.nl/Nedap-en

Nedap/Groenendaal ES3B - voting computer a security analysis (6.10.2006)
http://www.wijvertrouwenstemcomputersniet.nl/images/9/91/Es3b-en.pdf

Dutch citizens group cracks Nedap's voting computer (7.10.2006)
http://www.webwereld.nl/articles/43217/flaws-found-in-european-voting-machine
s.html

E-voting machines successfully hacked (5.10.2006)
http://www.siliconrepublic.com/news/news.nv?storyid=single7158

Dutch citizens group cracks Nedap's voting computer (6.10.2006)
http://www.heise.de/english/newsticker/news/79106

Computer Chaos Club demands prohibition of voting computers in Germany
(5.10.2006)
http://www.ccc.de/updates/2006/wahlcomputer

Security Analysis of the Diebold AccuVote-TS Voting Machine(13.09.2006)
http://itpolicy.princeton.edu/voting/

===========================================================
7. Open Letter against the revision of the Swiss copyright law
===========================================================
At the end of September 2006, a new initiative, called kunstfreiheit.ch
(freedom of art) was launched in Switzerland. It is basically an open letter
to the Swiss Minister of Justice and the Swiss parliamentarians calling
attention to the fact that the reform/expansion of copyright, which is
currently being debated, is not in the interest of artists. After 40
prominent Swiss artists, curators and professors have signed it in advance,
now the open letter is available to the public for further support from
Internet users.

Switzerland is one of the last European countries to revise its copyright
law following the 1996 WIPO treaties.

The main aim of the open letter is to make public the differing interests
between artists and industry, helping to undermine the myth, which is still
politically powerful, that the industry represents the interests of artists.

The letter is drafted around three main principles that should be reflected
in the new copyright law:
a. Protection of artistic works should be in the heart of the copyright
rather than having a higher control them
b. Legal certainty in the usage of the present copyrighted works
c. New artistic creativity should not be undermined by the DRMs

The response from the visitors have been positive in the first week, with
400 artists and art professionals having signed the open letter.

Kunstfreiheit (Freedom of Art) (in German only)
http://www.kunstfreiheit.ch

Open letter on copyright - Kunstfreiheit (29.09.2006)
In German
http://www.kunstfreiheit.ch/serendipity/uploads/Kunstfreiheit-brief.pdf
In French
http://www.kunstfreiheit.ch/serendipity/uploads/Kunstfreiheit-brief_f.pdf
In Italian
http://www.kunstfreiheit.ch/serendipity/uploads/Kunstfreiheit-brief_i.pdf

Initiative Freedom of Art crticises the Swiss copyright plans (2.10.2006)
http://www.heise.de/newsticker/meldung/78932

Succesful initiative again copyright revision (3.10.2006)
http://www.kleinreport.ch/print_meld.phtml?id=36931

(Contribution by Felix Stalder - Department of New Media, HGK Zurich -
Switzerland)

===========================================================
8. Digital Restriction Management - drm.info
===========================================================
On 3 October 2006, the first Anti-DRM, a new collaborative information
platform about the potential dangers of Digital Restriction Management (DRM)
was launched. The DRM.info was initiated by the Free Software Foundation
Europe (FSFE) and is supported by a group of organisations and authors.

The main message of the new website is 'Your devices don't trust you!' as
Joachim Jakobs, FSFE's media coordinator explains: "In fact they trust you
so little that they will not even tell you that they put you under
surveillance." DRM.info wants to inform and involve people in decisions that
will affect them on a very personal level. All the contributors to the new
platform have a shared concern about the lack of a social debate on issues
surrounding DRM technologies.

Georg Greve, FSFE's president underlined one of the dangers of DRM:
"DRM technologies are based on the principle that a third party has
more influence over your devices than you, and that their interests
will override yours when they come in conflict. That is even true
where your interest is perfectly legitimate and legal, and possibly
also for your own data."

DRM.info - Digital Restriction Management
http://drm.info/

FSF Europe launches anti-DRM site (5.10.2006)
http://www.heise.de/english/newsticker/news/79049

Digital Rights Management (only in German, 3.10.2006)
http://netzpolitik.org/2006/digital-rights-management/

The European anti-DRM campaign has started (only in Italian, 4.10.2006)
http://punto-informatico.it/p.aspx?id=1678123&r=PI

===========================================================
9. ENDitorial : PNR & Institutional Mechanisms of Privacy Protection
===========================================================
A small detail on the EU-US agreement over the transfer of air passenger
name records (PNR), and a non-related statement by US president George W.
Bush, taken together give a nice highlight on the institutional mechanisms
of privacy protection.

EU Commissioner Frattini told the press on 6 October 2006 that under the new
PNR agreement, the passenger data will be accessible to other US agencies
involved in counter-terrorism and law enforcement "on the condition that
these have a comparable level of data protection". This formulation of
course is absurd if you allow the basically unlimited transfer of data, as
the core idea of data protection consists in the protection against further
transfer. It is also interesting, because under the 1995 EU data protection
directive, data transfers to third countries are only allowed if there is an
"adequate" level of protection. But let us accept it for the moment. What
could be a comparable level of protection?

Institutionally, the EU has adopted the German idea of a special privacy and
data protection commissioner within government agencies or companies. This
officer has to be independent from executive orders, because his or her job
is exactly to provide control over the way the agency or company handles
personal data of citizens, customers, or employees. The public data
protection commissioners in Europe are also independent because they are
elected by the national parliaments. The model has become quite popular in
the last ten years. Many US-based corporations now also have their chief
privacy officers (CPOs) basically fulfilling the same task.

The Department of Homeland Security was the first government agency in the
US that ever got a chief privacy officer. The position was institutionalized
with the Homeland Security Act of 2002 (section 222) which established the
department. By doing this, the Bush government tried to attenuate the harsh
criticism from privacy advocates against the surveillance and data-mining
programs concentrated in the DHS. But the DHS chief privacy officer is not
independent. He (currently Hugo Teufel, III) is nominated by the Secretary
for Homeland Security and is reporting to the executive branch it is
supposed to control, not to Congress. At the annual international
conferences of privacy and data protection commissioners, the DHS privacy
officer therefore was never really recognized as "one of them", and was not
allowed to participate as a peer in the internal meetings of national
commissioners.

Congress has repeatedly tried to increase the independence of the DHS CPO.
This was done again in the 2007 spending bill for the Homeland Security
Department. Section 522 states that:
"None of the funds made available in this Act may be used by any person
other than the Privacy Officer appointed under section 222 of the Homeland
Security Act of 2002 (6 U.S.C. 142) to alter, direct that changes be made
to, delay, or prohibit the transmission to Congress of any report prepared
under paragraph (6) of such section."

This is a complicated way (because it's a spending bill) of saying that only
the privacy officer can edit the reports about how the department obeys
privacy rules. Now, President Bush, when he signed the bill,
attached a signing statement to it, which gives himself the authority to
make changes to the agency's privacy office annual and other reports. Bush
directs that:  "the executive branch shall construe section 522 of the Act,
relating to privacy officer reports, in a manner consistent with the
President's constitutional authority to supervise the unitary executive
branch."

Do not assume that the DHS privacy officer has been a sharp watchdog yet.
For example, the report on privacy protection of passenger name record
information, published by his office in September 2005, basically says
"everything is great and data is protected perfectly". So Bush is just
insisting on his last word as the commander-in-chief.

It becomes clearer if you look at the big picture: The EU allows the DHS to
transfer passenger data to other agencies if they have a comparable level of
data protection. The other departments and agencies do not have privacy
officers who could ensure that this level of protection is really enforced.
The DHS privacy officer does not have a level of independence comparable to
his European colleagues. But even if he wants to report breaches of the weak
privacy protection levels in US government agencies, President Bush and the
White House can do the final editing of the reports and tell the privacy
officer to shut up. So, the EU is giving its citizens' data away, and what
it gets in return is no more than a "trust us" from the US Government. It
reminds me of a recent statement by the German Ministry of Finances in the
SWIFT affair. When asked by a conservative (!) member of the Parliament
about the possibility of the US using the finacial data for economic
espionage, the spokesman replied: Yes, they had discussed this with their
American counterpart, but the US Government would not see this danger.

The idea of having an independent privacy commissioner was one way of
substituting this "trust me" model with institutionalized checks and
balances. This is what democracy is all about, compared to authoritarian
systems: Not having to trust the government, but instead controlling it.

http://bendrath.blogspot.com/2006/10/passenger-records-and-institutional.html

(Contribution by Ralf Bendrath, EDRi member Netzwerk Neue Medien e.V.,
Germany)

===========================================================
10. Recommended Reading
===========================================================
EU data protection in police and judicial cooperation matters: Rights of
suspects and defendants under attack by law enforcement demands
http://www.statewatch.org/news/2006/oct/eu-dp.pdf

Statewatch's Observatory on data protection in the EU
http://www.statewatch.org/eu-dp.htm

===========================================================
11. Agenda
===========================================================
16 October 2006, Brussels, Belgium
The European Commission will organise in Brussels on Monday 16 October a
final conference on Radio Frequency Identification (RFID).
http://www.rfidconsultation.eu/

16-18 October 2006, Paris, France
UNESCO Consultation meetings on WSIS Action Lines - Access to information
and knowledge (C3), E-learning (C7), Ethical dimensions of the
Information Society (C10)
http://portal.unesco.org/ci/en/ev.php-URL_ID=17637&URL_DO=DO_TOPIC&URL_SECTIO
N=201.html

19-20 October 2006 Kirchberg, Luxembourg
Hack.lu 2006
Hack.lu is an open convention /conference where people can discuss about
computer security, privacy, information technology and its
cultural/technical implication on society.
http://www.hack.lu/index.php/Main_Page

19-20 October 2006, Tallinn, Estonia
The Digital Future of Cultural and Scientific Heritage
http://telmemor.net/conference/

20 October 2006, Bielefeld, Germany
Big Brother Awards Germany
http://www.bigbrotherawards.de/

20 October 2006 , Bielefeld, Germany
Demonstration "Freedom instead of Fear" (Freiheit statt Angst), against
Security and Surveillance Delusion
http://www.freiheitstattangst.de/
http://www.vorratsdatenspeicherung.de/

23-24 October 2006, Brussels, Belgium
Conference on International Transfers of Personal Data, organized by the
European Commission jointly with the Article 29 Data Protection Working
Party and the United States Department of Commerce's International Trade
Administration.
http://ec.europa.eu/justice_home/news/events/news_events_en.htm

25 October 2006, Vienna, Austria
Big Brother Awards Austria
http://www.bigbrotherawards.at

27-28 October 2006, Sofia, Bulgaria
Cyber Terrorism as a new security threat
http://www.crime-research.org/cyberterrorism07

29 October 2006, Athens, Greece
First annual conference -Global Internet Governance Academic Network
(GigaNet)
http://www.internetgovernance.org/pdf/GigaNet.Athens.CFP.8.Sept.2006__2_.pdf

30 October - 2 November 2006, Athens, Greece
Internet Governance Forum
http://www.intgovforum.org/

30 October 2006, Prague, Czech Republic
Czech Big Brother Awards
http://www.bigbrotherawards.cz

31 October 2006 - deadline for nominations
Stupid Security Awards - Privacy International. The awards aim to highlight
the absurdities of the security industry. The competition is open to anyone
from any country.
http://www.privacyinternational.org/stupidsecurity

1 November 2006, London, United Kingdom
The database state?
This workshop will feature expert speakers on two major UK databases: the
Children's Information Sharing Index  and the NHS Care Records Service.
http://dooooooom.blogspot.com/2006/10/database-state.html

2-3 November 2006, London, United Kingdom
28th International Data Protection and Privacy Commissioners'
Conference
http://www.privacyconference2006.co.uk/

15-16 November 2006, Skopje, Macedonia
International Conference "e-Society.Mk"
http://www.e-society.org.mk/

30 November - 1 December 2006, Berlin, Germany
The New Surveillance - A critical analysis of research and methods in
Surveillance Studies. A two day international Conference hosted at the
Centre for Technology and Society of the Technical University Berlin.
http://www.ztg.tu-berlin.de/surveillance

14 December 2006, Madrid, Spain
Conference on the Admissibility of Electronic Evidence in Court in Europe.
The final event of the  project Admissibility of the Electronic Evidence in
Court in Europe (A.E.E.C.) funded by the European Commission and led by the
Spanish company Cybex.
http://www.cybex.es/AGIS2005/

===========================================================
12. About
===========================================================
EDRI-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRI has 21 members from 14 European countries and 5 observers
from 5 more countries (Italy, Ireland, Poland, Portugal and Slovenia).
European Digital Rights takes an active interest in developments in the EU
accession countries and wants to share knowledge and awareness through the
EDRI-grams. All contributions, suggestions for content, corrections or
agenda-tips are most welcome. Errors are corrected as soon as possible and
visibly on the EDRI website.

Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 2.0 License. See the full text at
http://creativecommons.org/licenses/by/2.0/

Newsletter editor: Bogdan Manolea <edrigram at edri.org>

Information about EDRI and its members:
http://www.edri.org/

- EDRI-gram subscription information

subscribe by e-mail
To: edri-news-request at edri.org
Subject: subscribe

You will receive an automated e-mail asking to confirm your request.

unsubscribe by e-mail
To: edri-news-request at edri.org
Subject: unsubscribe

- EDRI-gram in Macedonian

EDRI-gram is also available partly in Macedonian, with delay. Translations
are provided by Metamorphosis
http://www.metamorphosis.org.mk/edrigram-mk.php

- EDRI-gram in German

EDRI-gram is also available in German, with delay. Translations are provided
Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for
Internet Users
http://www.unwatched.org/

- Newsletter archive

Back issues are available at:
http://www.edri.org/edrigram

- Help
Please ask <edrigram at edri.org> if you have any problems with subscribing or
unsubscribing.


----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

More information about the cypherpunks-legacy mailing list