EDRI-gram newsletter - Number 5.4, 28 February 2007

EDRI-gram newsletter edrigram at edri.org
Wed Feb 28 09:13:25 PST 2007



biweekly newsletter about digital civil rights in Europe

    Number 5.4, 28 February 2007


1. From Schengen to Pr|m: Data Protection under 3rd pillar a prerequisite
2. Censorship in Belarusian Internet cafes
3. EPLA found illegal by the EP Legal Service
4. Russian court dismisses piracy case as "trivial"
5. 24 proposals approved by the WIPO PCDA
6. DRM debate continues in Europe
7. Increased Europol powers need increased data protection policies
8. E-voting in Estonia for parliamentary elections
9. ENDitorial : EU nations scolded by IIPA
10. Recommended reading
11. Agenda
12. About

1. From Schengen to Pr|m: Data Protection under 3rd pillar a prerequisite

One of the main priorities of the current German presidency, the
inclusion of the Pr|m's Treaty into the EU legal framework, is likely
to be achieved before its end in 30 June 2007. During its last
meeting on 15 February the EU JHA Council agreed on incorporating
into EU legislation most of the Treaty provisions falling into the
third pillar.

This decision will create the largest pan-European network of police
database, including DNA profiles, fingerprints and other personal and
non personal data. Originally signed in May 2005 by seven EU
countries (Austria, Belgium, France, Germany, Luxembourg, The
Netherlands and Spain), later joined by nine others member States
(Bulgaria, Finland, Greece, Italy, Portugal, Romania, Slovakia,
Slovenia, and Sweden have announced their intention to adhere), the
Treaty has been designed under the lead of French-German cooperation
in view of "combating terrorism, cross-border crime, and illegal
immigration". The Treaty has been ratified up to now by Austria,
Germany, Luxembourg, Spain, while the French Senate adopted on 21 February a
draft ratification law.

The Treaty provisions have already been used by Germany and Austria
to check their national DNA databases against each other. Although
the Treaty future incorporation into the EU legal framework would, at
least partly, answer the main criticism of creating a hierarchy
within the EU and of circumventing the Parliament, major concerns
remain, like the assimilation of illegal migrants to terrorists,
which - to say the least - questions the principle of proportionality.

Another major concern is obviously privacy and data protection. While
mutual access to databases and exchange of information to better
fight crime and terrorism is not, in principle, illegitimate in a
regional space like the EU, making this space a true area of
"Justice, Freedom and Security" needs solid prerequisites both at the
national and at the EU level.

At the national level, police databases are endlessly growing in
member States, containing more and more very sensitive information,
especially biometric data. They are no more restricted to identifying
criminals, but are now extended to the average citizen, allowing the mapping
of their daily activities, communications and movements. They are also
characterized by high error rates, due to both fault rates intrinsic to the
used technologies and to the lack of police database updates, inter alia in
accordance with judicial outcomes of the recorded cases. Sharing such files
among 27 countries would certainly increase not only massive surveillance
but also the risk of flaws endangering innocents.

At the EU level, current legislation protecting privacy and personal
data protection has little, if any, application at the third pillar
level, while EU-level information systems in this field are
broadening. Discussions have started on a Commission proposal of a
Council Framework Decision on the protection of personal data
processed in the framework of police and judicial co-operation in
criminal matters (DPFD). However the numerous reports of the
Council's Multidisciplinary Group on Organised Crime have seriously
lowered the originally proposed level of protection, taking no
account of the Parliament and the European Data Protection Supervisor
opinions. The DPFD good proceedings have in addition been greatly
hampered by the lack of agreement between member States, to the
extent that the German presidency asked the Commission to prepare a
revised proposal. While the resulting level of protection of European
citizens' personal data is subject to future DPFD developments, a
bottom line should reasonably be that the DPFD be adopted prior to
any further development in cross-border data exchange, most notably
before the incorporation of the Pr|m's Treaty provisions into the EU

EU JHA Council Press Release (15.02.2007)

Text of the Pr|m's Treaty (27.05.2005)

Center for European Policy Studies. "Security and the Two-Level Game:
The Treaty of Pr|m, the EU and the Management of Threats" (2006)

Statewatch updated observatory of DPFD proceedings

(Contribution by Meryem Marzouki, EDRI-member IRIS)

2. Censorship in Belarusian Internet cafes

The Belarusian Council of Ministers adopted on 10 February 2007 a new act on
the Regulations on Functioning of the Computer Clubs and Internet Cafes that
will impose new censorship rules on all the persons that use the public
Internet access points.

According to the new regulations, Internet cafe owners or their authorized
agents must keep an electronic registry of the domain names of the sites
accessed by users. The electronic log should contain at least a 12-month
history of all connections. State Security agents, police or state control
inspectors are authorized to review the log in the cases listed by the

In cases of suspicion of infringement of this law, the Internet cafe
management should inform the law enforcement bodies about such events.

The computer clubs and Internet cafes are not allowed to use programs
propagating the cult of violence, cruelty and pornography, or disseminate
banned information.

The Belarusian Government has very easy ways to regulate the Internet
activity within the country, since the only Internet provider is the
governmental Beltelecom organization, according to Reporters Without

Belarusian government adopts regulations on computer clubs and internet
cafes (15.02.2007)

Byelorussia tightens control over internet (15.02.2007)

(Thanks to Mikhail Doroshevich - e-belarus.org)

3. EPLA found illegal by the EP Legal Service

The Legal Service which advises the European Parliament (EP) on legal issues
and acts as its representative in court, found the Patent Litigation
Agreement  (EPLA) as illegal being in direct contradictions with the
European law and several EU treaties.

The very controversial EPLA, if adopted, would bind the signatory states to
a common legal system for patent disputes, including procedural rules and a
European Patent Court that would supersede national courts.

The critics of the proposal have expressed concern that such a system would
make the patent awarding more expensive and less accountable.

In October 2006, MEPs voted to postpone any decision on approving EPLA, and
called for "significant improvements" to the text. EP has also asked from
its Legal Service to give its advice on the possible overlap between the
EPLA and the acquis communautaire.

The EP Legal Service concluded that EPLA provisions are in direct conflict
with the EC Treaty which says that: "member states undertake not to
submit a dispute concerning the interpretation or application of this Treaty
to any method of settlement other than those provided for therein," meaning
that disputes between EU member states on matters of EU law should be
resolved exclusively by the European Court of Justice.

In contradiction to this provision, Article 98 of the proposed EPLA says:
"any dispute between Contracting States concerning the interpretation or
application of this Agreement which is not settled by negotiation shall be
submitted, at the request of one of the States concerned, to the
Administrative Committee, which shall endeavour to bring about agreements
between the states concerned"

The Legal Service opinion says that member states are not allowed to make an
agreement between themselves concerning issues covered by EU laws and
treaties, especially when such agreements could affect relations with
countries outside the EU.
"Where common rules have been adopted, the member states of the European
Community no longer have the right, acting individually or even
collectively, to undertake obligations with non-member countries which
affect those rules".

According to the Legal Service, the EPLA is also in contradiction with IPRED
Directive (Directive 2004/48/EC) already dealing with intellectual property.
"Not only would EPLA govern matters already dealt with by this Directive,
but there are also contradictions between the two instruments on a number of

The conclusion of the EP Legal Service is that EPLA is not valid: "The
Community's competence is exclusive for the matters governed by EPLA and
Member States therefore are not entitled on their own to conclude that

European Parliament blocks patent agreement (15.02.2007)

European Parliament's Legal Service Says EPLA Is Illegal (21.02.07)

Rough Weather Ahead For EPLA (11.02.2007)

EDRI-gram: The European Parliament ready to vote on EPLA (11.10.2006)

EDRI-gram: ENDitorial - Regulating the Patent Industry (25.10.2006)

4. Russian court dismisses piracy case as "trivial"

A Russian court has dismissed a penal case against a Russian teacher,
Alexander Ponosov, that bought computers for its school with unauthorized
Microsoft programs. The case become well-known when the former Soviet
president Gorbachev made a public appeal to Bill Gates, asking to intervene
in this case.

Ponosov was charged in a penal case by the Russian prosecutors of copyright
law violations, considering that it had caused damages of 7 600 euros. The
maximum sentence forseen by the Russian copyright law for this major
violation is five-year inprisonment. The Russian teacher (but also
principal) of a small town in the Ural Mountains was found to have bought 12
computers with unauthorized Microsoft Windows and Microsoft Office.

The case become notorious in Russia and worldwide when Gorbachev's
foundation made a open letter to Bill Gates asking him to intervene in this
case :
"A teacher, who has dedicated his life to the education of children and who
receives a modest salary that does not bear comparison with the salaries of
even regular staff in your company, is threatened with detention in Siberian
prison camps."

The case was condemned also by Vladimir Putin, president of Russia, that
said : "To grab someone for buying a computer somewhere and start
threatening him with prison is complete nonsense, simply ridiculous. The law
recognizes the concept of someone who purchased the product in good faith."

However, Microsoft refused to intervene in this case and stated that they
were sure that the Russian courts would "make a fair decision. Mr Ponosov's
case is a criminal case and as such was initiated and investigated by the
public prosecutor's office."

The Vereshchaginsky District Court dismissed the case on 15 February
2007 due to the "insignificant degree of the damage" caused to Microsoft,
considering it as "trivial". However, the state prosecutors said they might
appeal the decision since the term "insignificant degree of damage" does not
exist in the Russian Criminal Code. Also, Posonov wanted an appeal since he
was not found not guilty.

Russia is still listed by BSA in the top 10 of worst offending countries for
counterfeit software. The Russian authorities admit they have
a problem, but also put part of the blame on the large software vendors for
their restrictive and expensive licensing policies. The Russian deputy IT
minister, Dmitry Milovantsev, pointed to the Microsoft policy of not
allowing partners to sell computers without copies of Windows pre-installed
in Russia.

Court smack down for Russian piracy epic (15.02.2007)

Russia attacks Microsoft licensing costs (19.02.2007)

Ponosov case to be reopened ? (26.02.2007)

5. 24 proposals approved by the WIPO PCDA

During a special session between 19-23 February 2007, the Provisional
Committee on Proposals Related to a World Intellectual Property Organization
(WIPO) Development Agenda (PCDA) approved some proposals meant to improve
the development of the organization.

The proposal for a WIPO Development Agenda started in 2004 with Argentina
and Brazil which has been formally supported by 13 other Friends of
Development since then.

Forty proposals of a total of 111 produced during the last two years,
gathered on subject matter groupings referred to as "clusters," were
negotiated, resulting at the end of the session in 24 agreed proposals.

The agreed proposals include technical assistance approaches and
assessments, evaluation and impact studies. They support participatory
rulemaking within WIPO and a mild reform of WIPO's mandate and governance.
Some refer to the expansion of WIPO's involvement in IT&C technologies and
access to knowledge and some to the preservation and study of the public
domain, one of the most controversial subjects of the session.

One of the proposal approved was the approach by WIPO of "intellectual
property enforcement in the context of broader societal interests and
especially development-oriented concerns", with a view that "the protection
and enforcement of intellectual property rights should contribute to the
promotion of technological innovation and to the transfer and dissemination
of technology, to the mutual advantage of producers and users of
technological knowledge and in a manner conducive to social and economic
welfare, and to a balance of rights and obligations".

The next and final PCDA meeting for this year will be held in June 2007 when
the rest of 71 proposals will be discussed. Participants consider it will be
more difficult to reach an agreement on the remaining proposals as they
involve bigger reform issues such as the one related to WIPO's legislative
advice to developing and least-developed countries. The outcomes from both
sessions will be correlated and passed on to the WIPO General Assembly which
will decide on how to proceed at its annual meeting in September 2007.

Text-Based Negotiations On A WIPO Development Agenda Pick Up Pace

Provisional Committee on Proposals Related to a WIPO Development Agenda
Third Session, February 19-23, 2007, Geneva, Switzerland

WIPO Committee Approves Proposals For Development Agenda (23.02.2007)

Member States make significant headway in work on a WIPO Development Agenda

6. DRM debate continues in Europe

On 19 February 2007, the UK Government rejected an online petition initiated
by blogger Neil Holmes and signed by 1,414 people asking for the
interdiction of DRM (Digital Rights Management), arguing DRM systems deprive
the consumers of their freedom of choice between competing products for CDs
or digital download.

The UK government rejected the petition answering that DRM could bring value
to consumers as it did not only act as a protection system but "also enables
content companies to offer the consumer unprecedented choice in terms of how
they consume content, and the corresponding price they wish to pay".

As regarding the rights of the consumers, the UK government considers that
"It is reasonable for consumers to be informed what is actually being
offered for sale, for example, and how and where the purchaser will be able
to use the product, and any restrictions applied".

The DRM question continues to be a hot debate in Europe. Becky Hogge,
executive director at the UK Open Rights Group, thinks "DRM had been seen in
the past as a niche technology issue, but there is now rising consumer
awareness about it". She also stated that some DRM technologies place
restrictions that infringe the users' rights according to the U.K. copyright
law. "DRM attempts to enforce copyright, but it does it badly," said Hogge.

Germany's Federal Ministry of Food, Agriculture and Consumer Protection,
together with consumer organizations have drawn up a "Charter for Consumer
Sovereignty in the Digital World," calling on operators of Web music shops
such as Apple to open up their closed systems. The charter draft is said to
be presented in March 2007 at a conference of European consumer protection

The earlier plans of some music labels to provide music without DRM could be
with no real consequences since recently EMI broken off talks about offering
DRM-free music via the downloading services. One of the reasons was
apparently the large upfront payments requested by EMO from the online

U.K. government rejects calls for DRM ban (20.02.2007)

Apple & Co. threatened with opening clauses for online music shop DRM

EMI: DRM stays (26.02.2007)

EDRI-gram: iTunes under continuous attack in Europe (31.01.2007)

EDRI-gram : Is DRM fading out ? (17.01.2007)

7. Increased Europol powers need increased data protection policies

Peter Hustinx, the European Data Protection Supervisor (EDPS) considers that
the changes on the legal basis of Europe's police (Europol) proposed by the
European Parliament meant to increase its powers have to be accompanied by
proper data protection rules.

The European Parliament has proposed changes that would increase Europol
powers in order to fight radical Islamic terrorism, considered as the
highest threat to the security in Europe.

The EDPS thinks that, before increasing these powers, Europol data
protection policies and data exchange rules should be more consistent and

"We have to make sure that exchange with other EU bodies, such as OLAF (the
European Anti Fraud Agency), will be based on a consistent level of data
protection and good co-operation in supervision," said Hustinx.

Some of his recommendations were that specific conditions and limitations
should be included in the decision regarding information obtained from
private parties, to ensure the accuracy of these data. Strict conditions and
guarantees should be applied in cases of interoperability with other
processing systems.

He also recommended that data processing should be limited to the relevance
assessment for personal data for which the relevance has not been assessed
and that safeguards should be provided for the access to data of people with
no criminal records.

"Computerised access and retrieval of data from other national and
international information systems should be allowed only on a case by case
basis, under strict conditions." Hustinx advised.

He also believes that if Europol gets involved in pan-European data sharing,
guarantees must be provided on the independence of its data protection
officer who is responsible for Europol's lawful data processing.

The EDPS ended his statement by stating he would himself "oversee any
information transfer to Europol from European Commission institutions".

New Europol powers need new protection, says watchdog (22.02.2007)

Opinion of the European Data Protection Supervisor on the Proposal for a
Council Decision establishing the European Police Office (16.02.2007)

8. E-voting in Estonia for parliamentary elections

Estonia is the first nation in the world that will allow voting via the
Internet during its elections for the Parliament (Riigikogu). The voting
will take place on 4 March 2007, but the electronic vote will be cast from
26 February at 9 AM until 28 February 8 PM.

The system was tested first in the limited local elections in October 2005,
when almost 10 000 people voted via the Internet. The number of Internet
voters for these elections is estimated to increase to 20-40 000 voters, out
of the 940 000.

The system for Internet voting is based on the mandatory state-issued ID
card, that includes an electronic chip. The ID card can be used by
introducing it in a reader attached to a computer and using 2 passwords. The
reader is commercially available for prices from 6.37 to 12.73 euros.

The Estonian people already use their ID cards to sign electronic
documents or access online banking solutions. It is estimated that almost
one million ID cards with electronic chips are in use, in a country with 1.3
million inhabitants.

The ballot will be scrutinized by an OSCE election assessment mission, that
includes several Internet voting experts that will follow the e-voting

Surprisingly, the OSCE mission includes an expert from the Netherlands that
might have links with SDU, the e-voting system of which was banned from the
last Dutch election.

Estonians will be first to allow Internet votes in national election

Assessment of parliamentary elections in Estonia

Estonian National Electoral Committee

Page for Electronic Voting for Estonian Parliamentary elections

Electronic voting in Estonia

EDRI-gram: European e-voting machines cracked by Dutch group (11.10.2006)

9. ENDitorial : EU nations scolded by IIPA

The International Intellectual Property Alliance (IIPA), a lobby
group representing the American publishing, software, recording and
movie industries, has been busy. On 12 February IIPA published its
recommendations to the US Trade Representative's 2007 review of
global copyright laws. This "Special 301" procedure can lead to
significant trade sanctions against countries that are judged to be
uncooperative in the US drive for ever stronger intellectual property
rights. It has been used over the last two decades to bully
developing nations into signing quite inappropriate IP agreements
such as the World Trade Organisation's TRIPS and "TRIPS plus" Free
Trade Agreements with the US.

IIPA identifies a long list of nations that it considers to be
placing social goals such as fighting major crime, improving
education and protecting privacy above the profits of its members. As
Michael Geist points out, they include 23 of the world's 30 most
populous nations. Embarrassingly, while the list includes many
leading economies such as Canada and Japan, it leaves out EU nations
including the UK, France and Germany.

To their credit, ten EU nations are included in IIPA's hit list,
which makes some extraordinary demands.  Greece is told that
immigrant street vendors involved in copyright infringement should be
deported and that tax authorities should audit software licences for
all firms. Bulgaria, Hungary and Romania are scolded for
concentrating police, prosecutor and judicial attention on their
societies' most pressing problems rather than on cases of copyright
infringement, while Latvia is warned that it must fully staff its new
IPR enforcement police division.  Lithuania and Poland are also
instructed to increase Customs operations against the import of
infringing goods. Italy, Greece, Poland and Sweden are criticised for
privacy laws that prevent ISPs disclosing the identity of their
customers to right holders based upon an Internet Protocol address.
Sweden is admonished for "society's high acceptance of filesharing"
and its "notoriety as a piracy safe haven" - and yet right holders
are "deeply concerned" about discussion of a compulsory licence to
provide artists with compensation for filesharing.  Poland's
universities and lecturers are instructed to "cultivate a climate of
respect for copyright" amongst their students, and Hungary told to
"closely monitor" its high-speed academic network for copyright
infringement. Spain's prosecutors, judges and law students apparently
need some re-education in the value of intellectual property rights,
while the Spanish government is ordered to reverse the "stunning"
decision of the General Public Prosecutor that his staff have more
pressing concerns than the criminal prosecution of peer-to-peer

One of IIPA's most consistent complaints is about the protection
given by European countries to anti-copying Digital Rights Management
technology. IIPA wrongly claims that the World Intellectual Property
Organisation's Internet treaties require countries to implement US-
style rigid protection of DRM . They criticise countries including
Italy, Romania, Sweden and Poland for implementing the EU Copyright
Directive in a way that gives their citizens some flexibility over
breaking these locks when copyright law allows. Canada, Hong Kong,
India, Israel, Japan, Mexico, New Zealand, Switzerland and South
Korea are also criticised for their DRM laws.

It is not surprising that US companies lobby to change global laws
that would increase their profits. On past performance, the US
government is likely to take careful note of their recommendations.
But European nations should robustly defend their right to shape
copyright policy to meet the needs of their own citizens, and not
just those of large copyright holders.

IIPA - Recommendations on 60 countries to USTR in the 2007 Special 301
review on copyright piracy and market access problems (12.02.2007)

Peter Drahos and John Braithwaite, "Information Feudalism" -New York: W. W.
Norton & Co., 2002.

Michael Geist - "In Good Company'" (14.02.2007)

Ian Brown - "The evolution of anti-circumvention law" - International Review
of Law, Computers and Technology 20(3), 239-260.

Urs Gasser and Silke Ernst, "Best Practice Guide: Implementing the EU
Copyright Directive in the Digital Age"  (12.2006)

(contribution by Ian Brown - EDRI-member Open Rights Group)

10. Recommended reading

Ross Anderson -  "The Economics of Information Security: A Survey and Open

Statewatch analysis: The dream of total data collection - status quo and
future plans for EU information systems

11. Agenda

13-14 March 2007 Brussels, Belgium
The EU RFID Forum 2007

16 March 2007, Hannover, Germany
European Commission conference on Mobile TV at CeBIT

1-4 May 2007, Montreal, Canada
7th Conference on Computers, Freedom, and Privacy (CFP2007)

18-19 May 2007, Brasov, Romania
eLiberatica - The Benefits of Open and Free Technologies - Romanian IT Open
Source and Free Software Conference

12. About
EDRI-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRI has 25 members from 16 European countries.
European Digital Rights takes an active interest in developments in the EU
accession countries and wants to share knowledge and awareness through the
EDRI-grams. All contributions, suggestions for content, corrections or
agenda-tips are most welcome. Errors are corrected as soon as possible and
visibly on the EDRI website.

Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 2.0 License. See the full text at

Newsletter editor: Bogdan Manolea <edrigram at edri.org>

Information about EDRI and its members:

- EDRI-gram subscription information

subscribe by e-mail
To: edri-news-request at edri.org
Subject: subscribe

You will receive an automated e-mail asking to confirm your request.

unsubscribe by e-mail
To: edri-news-request at edri.org
Subject: unsubscribe

- EDRI-gram in Macedonian

EDRI-gram is also available partly in Macedonian, with delay. Translations
are provided by Metamorphosis

- EDRI-gram in German

EDRI-gram is also available in German, with delay. Translations are provided
Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for
Internet Users

- Newsletter archive

Back issues are available at:

- Help
Please ask <edrigram at edri.org> if you have any problems with subscribing or

----- End forwarded message -----
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

More information about the cypherpunks-legacy mailing list