EDRI-gram newsletter - Number 5.22, 21 November 2007

EDRI-gram newsletter edrigram at edri.org
Wed Nov 21 11:20:18 PST 2007 

============================================================

           EDRI-gram

biweekly newsletter about digital civil rights in Europe

    Number 5.22, 21 November 2007


============================================================
Contents
============================================================

1. UK Government loses personal data on 25 million citizens
2. German Parliament adopted the data retention law
3. IGF 2007: still a long way to effective outcome
4. Lisbon Conference "On RFID - The next step to the Internet of Things"
5. EC announces a larger investigation of the Google-Doubleclick deal
6. Data Protection Act infringed by UK Foreign Office
7. DNA tests approved by French Constitutional council
8. Attack on Russian opposition media claiming copyright infringement
9. Big Brother Awards 2007 - Austria and Switzerland
10. UK govt asks Internet companies to assist in fighting online terrorism
11. PirateBay wants a new software standard to replace BitTorrent
12. ENDitorial: CoE - Content Regulation: Break On Through; IPR: It's Tricky
13. Recommended Reading
14. Agenda
15. About

============================================================
1. UK government loses personal data on 25 million citizens
============================================================

British Prime Minister Gordon Brown had had to apologise to Parliament after
two computer discs containing the personal data of 25 million citizens were
lost in the post.

The disks contained the database on child benefit - a welfare payment made
to the families of all children in Britain. The data include children's and
parents' names, addresses and dates of birth, together with parents'
national insurance numbers and bank account details. The disks were not
encrypted but merely "password protected". Britain's most senior tax
official, the head of HM Revenue and Customs, has resigned.

The story has spread to a number of other systems that the government is
building to make ever more information on citizens available to ever more
public-sector workers. For example, there's a plan to link up children's
databases so that a child's medical records, school records, police records
and social-work records can be available to workers who contact the child or
its parents; this was condemned as both unsafe and illegal by a November
2006 report by EDRI-member Foundation for Information Policy Research (FIPR)
for the Information Commissioner. There's also a plan to build several
national medical record databases that will contain the records of tens of
millions of patients; a parliamentary health committee report urged that
patients be given the right to opt out.

The government brushed aside such complaints and kept on with its "database
state" programme. However, the current scandal has put privacy and data
protection at the centre of the political agenda.

Government security failure (20.11.2007)
http://www.lightbluetouchpaper.org/2007/11/20/government-security-failure/

Brown apologises for data blunder (21.11.2007)
http://politics.guardian.co.uk/economics/story/0,,2214566,00.html

Government under pressure over taxman's giant blunder (21.11.2007)
http://www.timesonline.co.uk/tol/news/uk/article2912937.ece

Second-class and lost in the post (21.11.2007)
http://www.timesonline.co.uk/tol/comment/columnists/alice_miles/article2910272.ece

(contribution from Ross Anderson - EDRI-member FIPR - UK)

============================================================
2. German Parliament adopted the data retention law
============================================================

The German Federal Parliament adopted on 10 November 2007 the law that
implements the EU data retention directive in the German legislation by
amending the current wire tapping legislation. This has triggered a strong
reaction of the opposition and civil society, more than 13 000 citizens
signing to challenge of the law to the Constitutional Court.

The law passed in an open vote (on request by the Greens and the Liberal
Party) with 366 parliamentarians voting for the data retention regulations
and 156 against them. The members of the SPD (Social Democratic Party), CDU
(Christian Democratic Union) and CSU (Christian Social Union) voted for the
law pushed by the Federal Minister of Justice Brigitte Zypries and Federal
Minister of the Interior Wolfgang Schduble.

The new law will enter into force on 1 January 2008, when all the
telecommunication providers will be requested to keep the traffic data for
six months. For the Internet services, this obligation will start at the
beginning of 2009. The Internet traffic data will include storing the email
addresses, IPs and time stamps in the case of electronic mail. The providers
of anonymisation services are also obliged to respect the same provisions.

All these data will be accessible to the law enforcement authorities. But
while the police, court and state prosecutors will need a court order to
access the information, others - such as the intelligent services - will be
able to access the data without any restriction.

The adoption of the law by the Parliament led to a massive response from
the civil society, media associations and opposition. The number of the
signatories of the constitutional challenge of the law reached to 13 000 in
just a few days. The German working group on data retention that is leading
this action announced that the list is still open for signatories until 24
December. The action can be filed with the court in Karlsruhe only after the
law has been published in the Official Gazette.

Patrick Breyer from the working group explains: "According to our
constitution, parliament's powers are limited by the civil rights. It is
unheard of that some representatives seem to think that they are no longer
responsible for the up-holding of our civil rights."

Criticism of the law was made by the personal data protection authorities,
such as the Federal Commissioner for Data Protection Peter Schaar
complaining that the Federal Parliament "agreed to the data retention of
telecommunication data in absence of any suspicion irrespective of the grave
doubts as to its constitutionality" and explaining that the German law
exceeds the EU directive on data retention. The Commissioner for Data
Protection to the State of Saxony, Anhalt Harald von Bose, joined the harsh
comments: "To see this cut-back on personal liberty rights occur on the day
of the Fall of the Wall, November 9, is a bitter fact of life."

Media associations have also complained about the lack of special
requirements in the case of confidential relationships in professional
contexts. The board of the German Journalists' Union, part of the trade
union verdi.de, asked their members to support the constitutional challenge
promoted by the civil society. Other journalist associations, such as the
Federal Association of German Newspaper Publishers, the Association of
German Magazine Publishers and the German Association of Specialised
Journalists steeped up to show their concerns on the adopted law.

Even the former Federal Minister of Justice Leutheusser-Schnarrenberger has
renewed her criticism against the state mandated "retention-craze". There
would be "a real chance that this could lead to a surveillance society", she
said.

German Data Retention working group
http://www.vorratsdatenspeicherung.de/

Parliament voted in favour of revision of data retention law (10.11.2007)
http://bitkanone.ccc.de/news/parliament-voted-in-favour-of-revision-of-data

Federal Parliament passes data retention and wire tapping legislation
(17.11.2007)
http://www.heise.de/english/newsticker/news/99158/

Sharp response to rubber stamping of data retention legislation (17.11.2007)
http://www.heise.de/english/newsticker/news/99159/

13,000 determined to file suit against data retention legislation
(17.11.2007)
http://www.heise.de/english/newsticker/news/99161/

EDRI-gram: Largest anti-surveillance street protest in Germany for 20 years
(26.09.2007)
http://www.edri.org/edrigram/number5.18/liberty-instead-of-fear

============================================================
3. IGF 2007: still a long way to effective outcome
============================================================

The Internet Governance Forum (IGF) that took place this year in Rio de
Janeiro was attended by over1300 participants from 109 countries and focused
on the following main themes - critical Internet resources, access,
diversity, openness and security. In total there were 84 events in a 4-day
time frame (12-15 November 2007) where people could participate in any
plenary sessions, workshops, best practice sessions, dynamic coalition
meetings and other related meetings.

The UN Undersecretary-General Sha Zhukang explained in the opening session
the scope of the IGF: "The United Nations does not have a role in managing
the Internet. But we do embrace the opportunity to provide, through this
forum, a platform that helps to ensure the Internet's global reach."

However, the still-present subject of moving ICANN out of the US influence
was brought back to the table by some participants. Russian representative
Konstantin Novoderejhkin asked the UN to start a group for moving Internet
governance "under the control of the international community." He was backed
up by other states, including Brazilian officials who asked for an
independent ICANN.

The U.S. Representatives replied that the present arrangement prevents
"other countries from censoring Web sites by deleting entries out of domain
name directories." Another strong supporter of the status-quo was Vincent
Cerf that explained: "ICANN has existed for eight years and done a great job
with its plans for internationalisation.'' He also emphasised that the
government attempts to control the Internet will probably fail.

Other important topics were also on the agenda of the IGF. Network
neutrality was seen as an important proposal of the global public policy.
Japanese Vice Minister for Policy Coordination Kiyoshi Moric considered
network neutrality "as one of three key issues that had to be addressed."

Amnesty International used the opportunity to renew its call to governments
and companies to make human rights central to Internet governance. Nick
Dearden, part of Amnesty International's delegation to the IGF, explained:
"In the 12 months since the last IGF we've witnessed the crisis in Burma,
where the Internet was used to get images and information out of the country
and to mobilize people all over the world to take action. On the other hand
we have also monitored the increase in censorship, filtering and blocking of
websites."

IP Justice identified in their public report of the IGF 2007 three major
areas where this year Forum has proved to be useful: high
quality of the workshops and best practice sessions, world-class technical
capabilities and remote participation opportunities and offline interactions
& networking opportunities. But it has also highlighted other subjects that
could be improved in the next sessions such as: human rights and other
controversial topics avoided in main sessions, emphasizing lack of gender
balance and exclusion of young voices in main sessions that were dominated
by established players.

Would this be enough to make IGF more than a worldwide conference on
Internet governance? While there is still a long way to go for the
IGF making any recommendation, the Forum has been given a mandate
from the Tunis World Summit on the Information Society entailing a
number of functions that obviously cannot be effectively fulfilled by
an annual conference. This was precisely the issue discussed at a
workshop organized by the civil society Internet governance caucus on
"fulfilling the mandate of the IGF". One simple idea came out, inter
alia, from this workshop, which is to leverage proposals issued from
workshops and other dynamic coalitions meeting, by bringing them to
wider discussion in IGF plenary sessions.

Among such outcomes worth discussing at a broader level, one could be
the joint proposal from the Council of Europe (CoE) and the
Association for Progressive Communications (APC) to set up a
"mechanism to foster participation, access to information and
transparency in Internet governance". As explained by CoE and APC,
"the mechanism should ensure that all the institutions which play a
role in some aspect of governing the internet commit to transparency,
public participation, including participation of all stakeholders,
and access to information in their activities". CoE and APC propose
to consider, as a prototype to such a mechanism, the United Nations
Economic Commission for Europe's Aarhus Convention on Access to
Information, Public Participation in Decision-making and Access to
Justice in Environmental Matter.

The next year Internet Governance Forum will take place in New Delhi, India
and is scheduled for 8-11 December 2008.

Internet Governance Forum (IGF)
http://www.intgovforum.org/

Second Meeting of the Internet Governance Forum (IGF) - Chairman's Summary
(16.11.2007)
http://www.intgovforum.org/Rio_Meeting/Chairman%20Summary.FINAL.16.11.2007.pdf

IP Justice Report on 2007 Internet Governance Forum (IGF) (19.11.2007)
http://ipjustice.org/wp/2007/11/19/2007-igf-rio-wrap-up/

U.S. Control Of Internet Still A Concern (16.11.2007)
http://www.webpronews.com/topnews/2007/11/16/u-s-control-of-internet-still-a-concern

Internet Governance Forum: Test Of A New Global Governance Model
(14.11.2007)
http://www.ip-watch.org/weblog/index.php?p=822

Rio IGF 2008: Amnesty renews its call on governments and companies to make
human rights central to Internet governance (16.11.2007)
http://www.mediaforfreedom.com/ReadArticle.asp?ArticleID=6258

CoE-APC joint press release (13.11.2007)
http://www.apc.org/english/news/index.shtml?x=5310569=

EDRI-gram: ENDitorial : IGF - UN innovation or just another conference ?
(8.11.2006)
http://www.edri.org/edrigram/number4.21/enditorial

============================================================
4. Lisbon Conference "On RFID - The next step to the Internet of Things"
============================================================

Last week the conference "On RFID", organised by the Portuguese Presidency
with support of the European Commission DG Information Society, took place
in Lisbon. During the one and a half days of the conference a number of
topics were discussed, that could be crucial for the future development of
RFID technology.

Privacy and security were the topics of a panel discussion held during the
morning of the first day. The participants in this discussion,
representatives of industry, consumer, data protection and international
organisations, all shared the opinion that security and privacy by design is
the proper way for advancements of RFID technology. As Reinhard Posch,
representative of the European Network and Information Security Agency
(ENISA), stated, the assumption that cloning of RFID tags is too expensive
to constitute a risk, is not sustainable. Therefore, the utilisation of
strong cryptography will be necessary to technically ensure a proper level
of data protection.

With regards to data protection in the field of RFID, Peter Hustinx, the
European Data Protection Supervisor, stated in his intervention that first
it is necessary to properly implement the data protection rules that
already exist and that probably some clarifications of these rules (as the
one on the concept of personal data by the Article 29 working party) need to
be made to ensure that they are understood and implemented correctly. At the
end of this process it might well turn out that additional regulations are
needed to address new problems that might arise when implementing and
deploying RFID technology. According to Mr. Hustinx, a key issue that should
be addressed in RFID research is, that users get control over the technology
and that they are enabled to explicitly opt-in to the use of RFID, if they
so wish.

Among the participants of the conference was Humberto Moran, founder
and director of Friendly Technologies Ltd. His company claims to have
invented "a privacy-friendly system for the tracking and control of mobile
objects using RFID tags, which cannot be interrogated by unauthorised
readers" (patent pending). The main concept of this system is to protect the
data on every RFID tag with a password and to hand over the password with
the movement of the object from one RFID reader to another. Once the
ownership of a tagged object changes the owner also has to hand over the
password to the new owner and delete it from his own systems. While this
concept certainly has the potential to significantly strengthen the control
of individuals in RFID systems, its suitability for real world applications
has still to be proven. To this end, Friendly Technologies is currently
looking for adequate funding.

Not only privacy and security are limiting factors for the development of
RFID systems. While the size of the silicon chips can be further decreased
(more or less constantly following Moore's law), physical limits hinder a
further significant reduction of the size of the antennas of RFID Tags. A
way to overcome these limitations would be to use higher frequencies for the
communication between Tags and Readers, but this again would be subject to
limitations due to an increased sensitivity to interferences. Therefore, it
was said, a further decrease in the size of RFID Tags is not to be expected
in the near future.

With regards to RFID research in Europe, a RFID Reference Model developed by
the Cluster of European RFID Projects, was presented at the conference. This
Reference Model depicts eight main RFID application fields (from "Logistical
Tracking & Tracing of Goods" to "Public Services") and research topics
relevant to them.

In the morning session of the second conference day, RFID governance issues
were discussed. Problems here are similar to the situation with the Domain
Name Service (DNS) for Internet domain names, since EPCGlobal's Object Name
Service (ONS; which provides for tagged objects a service similar to the
DNS) is designed to have one central managing authority (like ICANN for
DNS). Given the dominant position of the US government with regards to ICANN
it is certainly very unlikely that a central component of a future Internet
of Things will remain undisputed amongst countries. Therefore a design
should be found that allows for a decentralised architecture.

As this conference showed, there are many problems  that have to be resolved
on the way to an Internet of Things. Privacy and security are now clearly
topics that have to be addressed and properly answered before a large scale
deployment of RFID technology is possible and acceptable. It will however
take a while until these answers are implemented and available in
technology. As Sanjay Sarma from MIT Auto-ID Labs mentioned in the closing
session of the conference, encryption on passive cheap RFID Tags is still
five years away.

On RFID - The next step to the Internet of Things
http://www.rfid-outlook.pt/

Article 29 Working Party: Opinion No. 4/2007 on the concept of personal data
http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2007/wp136_en.pdf

Patent application: Privacy-friendly RFID system prevents unauthorised
interrogation of RFID tags
http://v3.espacenet.com/origdoc?DB=EPODOC&IDX=GB2437347&F=0&QPN=GB2437347&RPN=WO2007122425&DOC=deb46d24db99510ac37e37f3bb731aea91

Moore's law
http://en.wikipedia.org/wiki/Moore's_law

RFID Reference Model
http://www.rfid-in-action.eu/public/rfid-reference-model

Cluster of European RFID Projects (CERP)
http://www.rfid-in-action.eu/cerp

MIT Auto-ID Lab
http://autoidlab.mit.edu/

(contribution by Andreas Krisch - EDRI-member VIBE!AT )

============================================================
5. EC announces a larger investigation of the Google-DoubleClick deal
============================================================

The European Commission (EC) announced on 13 November 2007 that its initial
investigation in the deal Google-DoubleClick "indicated that the proposed
merger would raise competition concerns in the markets for intermediation
and ad serving in online advertising."

Therefore the Commission decided to open an in-depth investigation in this
case in order to take a final decision on whether the proposed transaction
would significantly impede effective competition within the European market
or any substantial part of it.

The Commission also announced that it would investigate "whether without
this transaction, DoubleClick would have grown into an effective competitor
of Google in the market for online ad intermediation. It will also
investigate whether the merger, which combines the leading providers of
respectively, on the one hand, online advertising space and intermediation
services, and, on the other hand, ad serving technology, could lead to
anti-competitive restrictions for competitors operating in these markets and
thus harm consumers."

The announcement of the Commission comes after several consumer and data
protection groups asked for an detailed investigation on the matter. Privacy
International sent on 5 November 2007 a letter, supported by EDRI, to the
European Commission DG Competition, Commissioner Kroes, arguing that the
merger could have serious implications for privacy innovation in
advertising.

EC will deliver its opinion by 3 April 2008 and the decision to open this
in-depth enquiry does not prejudge the final result of the investigation.

Mergers: Commission opens in-depth investigation into Google's proposed take
over of DoubleClick (13.11.2007)
http://europa.eu/rapid/pressReleasesAction.do?reference=IP/07/1688&format=HTML&aged=0&language=EN&guiLanguage=en

European Union Investigates Google-DoubleClick Deal (14.11.2007)
http://www.pcworld.com/article/id,139595-c,google/article.html

EDRI-gram: EDRI supports PI's comments on Google-Doubleclick merger
(7.11.2007)
http://www.edri.org/edrigram/number5.21/google-doubleclick-pi-edri

============================================================
6. Data Protection Act infringed by UK Foreign Office
============================================================

Following an investigation into the online visa application system for UK,
the Information Commissioner's Office (ICO) ruled on 13 November 2007 that
the Foreign and Commonwealth Office (FCO) was in breach of the Data
Protection Act, having failed to properly protect visa applications made
over the Internet through its UK visas website.

The site is run by FCO together with the Home Office and is outsourced to an
Indian company called VFS. The problem was first signalled by a member of
the public who alerted VFS being concerned of the fact that he could read
details about other applicants. But only this year have VFS and FCO admitted
there was a problem after the issue was brought out by a Channel 4 News
investigation showing the visa applicant data was not secure.

The ICO investigation has shown that at least 50 000 applications to the
British High Commission in India were affected and found "inadequate
central control of the moves to outsourcing" stating that officials had a
"piecemeal" approach to privacy. The report concluded that: "The earlier
contracts paid insufficient attention to the requirements of the Data
Protection Act and to basic IT security."

FCO fully cooperated with ICO during the investigation also providing ICO
with an independent report into the breach. ICO asked FCO to sign a formal
undertaking to comply with the Data Protection Act which comprises the eight
basic principles of personal data protection.

"Organisations have a duty to keep our personal information secure (...) If
they fail to take this responsibility seriously, they not only leave
individuals vulnerable to identity theft, but risk losing confidence and
trust" said Mick Gorrill, assistant commissioner at the Information
Commissioner's Office.

Failure by FCO to meet the terms of the undertaking may lead to further
action by the ICO.

Foreign Office in breach of the Data Protection Act - ICO Press Release
(13.11.2007)
http://www.ico.gov.uk/upload/documents/pressreleases/2007/fco_undertaking_131107.pdf

Government broke data protection laws (14.11.2007)
http://www.guardian.co.uk/technology/2007/nov/14/data.protection.breach

============================================================
7. DNA tests approved by French Constitutional council
============================================================

In a decision published on 15 November 2007, the French Constitutional
council approved the introduction of DNA testing in the new immigration law
to prove family links for foreign candidates applying for a more than 3
months visa on family regrouping grounds. However, it has further restricted
their use, making two explicit reservations.

The first reservation makes this provision irrelevant when family links with
the mother can be proven by any other legal mean under the law of the
mother's country. The second reservation forbids any systematic application
of DNA testing, since the Council reminds that all other means to prove
family links should be used first by French consulates.

With these and previous restrictions made by the French Senate,
this provision will indeed be hardly applicable in practice. However,
this decision from the Constitutional council is a breach of the
French laws on bioethics of 1994 and 2004, which explicitly stipulate
that the identification by genetic prints can be done only for
medical or scientific research purposes. And, for the first time,
this breach is made for administrative purposes.

French Constitutional council Decision 2007-557 DC (in French only,
15.11.2007)
http://www.conseil-constitutionnel.fr/decision/2007/2007557/index.htm

EDRI-gram: Update On Dna And Biometrics In French Immigration Law (24.10.07)
http://www.edri.org/edrigram/number4.20/dna-french-immigration-law

EDRI-gram: DNA Tests Proposed In France For Family Visa Applicants
(26.09.2007)
http://www.edri.org/edrigram/number5.18/dna-test-france-visa

(Contribution by Meryem Marzouki, EDRI member IRIS - France)

============================================================
8. Attack on Russian opposition media claiming copyright infringement
============================================================

The local edition of Moscow-based independent newspaper Novaya Gazeta from
Samara was closed down on 8 November 2007 by the Russian authorities and its
editor Sergei Kurt-Adzhiyev was criminally indicted under the accusation of
having violated copyright provisions of the Russian Penal Code, by using
counterfeit software. Violations carry up to six years in prison.

The problems started on 11 May 2007 right before the so called March of
Dissent, led by Kasparov's Other Russia opposition coalition, as the paper
was one of the few media company having planned to cover the march. Several
officers from the Samara Main Internal Affairs Directorate came to the
newspaper offices and seized all of its computers under the accusation of
using counterfeit software. Later the same day, all the office papers,
including financial ones, were confiscated as well.

The case is part of a larger action of the Russian government against
independent news media, advocacy organisations and opposition political
activists, all police raids having the same pretext of investigating an
alleged use of counterfeit software. The actions are taking under the
coverage of the repeated concerns expressed by the Western world in relation
to the high level of piracy in Russia.

"Our law enforcement finally realized that computers are very important
tools for their opponents, and they have decided to take away these tools by
doing something close to the West's agenda," said Vladimir Pribylovsky, head
of the Panorama research institute in Moscow.

Novaya Gazeta says it believes its software is legal. According to Vitaly
Yaroshevsky, a deputy editor of the newspaper: "This is not a campaign
against piracy, it's a campaign against dissent. (...) The authorities want
to destroy an opposition newspaper. It doesn't matter if we send more
computers to Samara. It doesn't matter if we show we bought computers
legally. It will change nothing."

The shutting down of the newspaper is also criticised by the Committee to
Protect Journalists (CPJ). "The authorities in Samara have effectively
silenced an independent newspaper that dared to cover an opposition party
campaign in an election year. (...) We call on local prosecutors to drop all
charges against Sergei Kurt-Adzhiyev, return all seized equipment and
financial documents, and allow the paper to print without fear of
harassment." stated Joel Simon, CPJ Executive Director.

Samara's police made no comment on the issue stating they would make an
official statement at the completion of the investigation. In the mean time,
the activist groups in Russia are checking the legality of their software.
"Most people are trying to put things in order" said Tatyana Lokshina, head
of Demos, a human rights group.

Russia Casts A Selective Net in Piracy Crackdown (14.11.2007)
http://www.washingtonpost.com/wp-dyn/content/article/2007/11/13/AR2007111302070.html

Novaya Gazeta's work paralyzed due to counterfeit Windows (11.06.2007)
http://eng.cnews.ru/news/top/indexEn.shtml?2007/05/11/249382

Russia: Authorities shutter Novaya Gazeta's Samara edition (13.11.2007)
http://www.cpj.org/news/2007/europe/russia13nov07na.html

EDRI-gram: Putin wants control of Russian Internet (7.11.2007)
http://www.edri.org/edrigram/number5.21/putin-russia-internet

============================================================
9. Big Brother Awards 2007 - Austria and Switzerland
============================================================

The Big Brother Awards ceremonies in Austria and Switzerland took place in
the past weeks in Viena, on the 25 October 2007 and in St Gall, on the 9
November 2007, respectively.

The Swiss ceremony of the 8th edition of Big Brother Awards was organised by
the associations "droitsfondamentaux.ch" and EDRI-member Swiss Internet
UserGroup (SIUG).

The award for the State and for the entire work was received by the Federal
Councillor Christoph Blocher. In the Business category the insurance company
HELSANA of Zurich was the winner and CFF and OFT were awarded in the Work
place category.

The Austrian Big Brother Awards was organised in 2007 by Linux User Group
Austria and EDRI-members quintessenz and VIBE!AT .

For the Business and Finances category the award was received by Heinrich
Frey from the Cab guild for the video surveillance in cabs. The surveillance
of the Austrian cab drivers was escalated from radio data transmission
records of the personal data of each individual driver to GPS monitoring of
the vehicles and personal physical check by an infrared seat contact system,
crowned by the installation of "inconspicuous, easily and discretely to
install" video systems on cabs introduced by RTS and the cab guild of the
chamber of economics. The cab guild stated the data recorded were deleted
after 48 hours, but did not give any guarantees for that.

The Policy category award was initially won by Claudia Schmied the Minister
of Education, Arts and Culture for the still unsolved issues related to the
"education evidence" bill, a draft law for the collection of data on pupils,
including data on expels from school, social anomalies, attendance of
religious classes, remedial needs. The database is linked with the social
assurance number and is to be stored for 6 years. The latest draft law does
not include sufficient legal protection for pupils and is intended for a
large and vague term of "administrative purposes". Only a non-committing
right to complaint to the data protection commission is provided by the
draft instead of the information and rectification right as stipulated by
the data protection law. The award was not given as and is kept "in
evidence" for the time being, as a result of a recent amendment to the bill
proposed by the Minister that brings some improvements to the draft.

Peter van der Arend, of the royal Dutch Telecom KPN has received the award
for the Authorities and Administration category for data mining standards
for Telecom traffic data. He is the chairman of the Telecom "Lawful
Interception" (TC LI) committee in the European Telecom Standards Institute
which is in charge of the creation of a uniform system to monitor all fixed
line and mobile telephony networks. TC LI changes the requirements of the
police and judiciary into technical standards that will be compulsory for
all telecom equipment. As such, all telephony networks with carry inborn
surveillance from the start. "Lawful Interception" includes a set of rules
that goes against the present European laws, being therefore actually
illegal.

In Communication and Marketing section, the award was received by Anthony E.
Zuiker, author of the C.S.I series which present DNA Analysis, criminal
search and the "Aushebelung" (by-passing) of civil rights in a biased way,
presenting citizens' rights as hindering to an investigation and showing in
a positive light the way in which the investigators "smartly" by-pass civil
rights. The series are most dangerous as they were taken as examples by
other similar type of series, which try to manipulate the public opinion.

Hans Dichand, editor-in-chief of the "Kurier" (Courier Newspaper) in Vienna
and the power behind the "Kronenzeitung" (Crown Newspaper), which is the
most widely circulated daily newspaper in Austria, received the award for a
Life's work, as the manipulator of the republic by means of the media he
leads that support the strategic goals of their owner. People that are not
to the liking of the publisher are exposed in the Kurier with full address
and phone number.

The positive award Defensor Libertatis was won by Karl Korinek, President of
the Constitutional Court for having kept warning about the danger of the
fight against terrorism leading to a total surveillance state. He advised on
the risk that security may displace the fundamental rights such as the
privacy of correspondence, the secrecy of telecommunications and the data
security.

Big Brother Awards 2007 Switzerland (only in French, 9.11.2007)
http://www.bigbrotherawards.ch/2007/presse/pressemitteilungen/bba.pressemitteilung.20071109.6f

Big Brother Awards 2007 Switzerland - Winners (only in German, 9.11.2007)
http://www.bigbrotherawards.ch/2007

Austrian Big Brother Awards 2007 - Winners
http://www.bigbrotherawards.at/2007/English

============================================================
10. UK govt asks Internet companies to assist in fighting online terrorism
============================================================

Gordon Brown, British Prime Minister, made a statement on 14 November 2007
announcing, among other security measures, the intention to ask Internet
companies to assist the government in its fight against online terrorist
propaganda by finding ways to stop such content.

The Prime Minister stated the Home Secretary Jacqui Smith was "inviting the
largest global technology and Internet companies to work together to ensure
that our best technical expertise is galvanized to counter online incitement
to hatred". The proposal comes in line with the European Union efforts to
find ways to sanction Web sites that display terror material.

The Home Office said it was not yet clear if Brown's proposal would need new
legislation or only different means of enforcing the present one. According
to the British law, it is forbidden to publish statements encouraging
terrorism or to disseminate any material considered as terrorist, such as
bomb-making information. Based on the so-called "notice and take down"
procedures, Internet service providers can be required by companies,
authorities and even individuals to remove illegal content such as terrorist
material or child pornography.

One measure could be the shutting down of allegedly faulty sites including
sites hosted abroad. A list of banned sites could be drafted by the
government, similarly to the one created by Internet Watch Foundation
in 2004 which is up-dated twice a day blocking the access of Britons to
overseas child pornography.

Another method could be to ask search engines to filter out prohibited
content from their search results, or to find ways to stop key words such as
"bomb" from leading to terrorist-related sites.

According to EDRI-member Ian Brown, researcher at the Oxford Internet
Institute, the proposal is fundamentally a losing one and the proposed
measures would have very little effectiveness as terrorist content could
still be published through file-sharing networks, discussion forums, or
access material by means of sophisticated software programs and proxy
servers allowing users to anonymously browse the Internet.

UK Wants Net Companies to Fight Terror (14.11.2007)
http://ap.google.com/article/ALeqM5iUjUtJoE-EKmRVrc3la5fFUp_8SgD8STLKU00

PM statement on security measures (14.11.2007)
http://www.number10.gov.uk/output/Page13757.asp

============================================================
11. PirateBay wants a new software standard to replace BitTorrent
============================================================

The Pirate Bay, the famous torrent Swedish website, may affect BitTorrent
programme by developing a new software standard for Internet downloads.

According to Peter Sunde, Pirate Bay's co-founder, the site might have a
new, more open alternative of file-sharing software at the beginning of next
year. In his opinion, BitTorrent might develop in the future some features
discouraging the trade of  some "pirated materials" which might affect very
many users of the site. There are also fears that BitTorrent may gain total
control over P2P traffic which led to the creation of a working group that
will build an open protocol that could be further developed by anyone
without being controlled by anybody. The working group has also in view the
development of technical improvements to the current file-sharing methods
including the optimisation of upload bandwidth and the increasing of the
user privacy degree.

BitTorrent's deal with Brightcove, a web distributor of video for CBS, News
Corp's Fox Entertainment Group, Viacom, and New York Times can indeed be
seen as a threat as commented Eric Garland, chief executive of BigChampagne,
a company tracking file sharing. "Future development (of BitTorrent
software) will almost certainly be focused on things that do not benefit or
further the aims of the pirate" he said.

In its turn, BitTorrent does not feel threatened by Pirate Bay's intentions.
"We are not really disappointed here," declared Ashwin Navin, president and
co-founder of BitTorrent who added: "The pirate community has never paid us
a dime."

NetzpolitikTV - Interview with Peter from ThePirateBay.org. (29.10.2007)
http://netzpolitik.org/2007/netzpolitiktv-026-the-pirate-bay/

File-sharing pirates attempt new software standard (7.11.2007)
http://www.news.com/2100-1032_3-6217386.html

BitTorrent to be killed by Pirate Bay plans? (31.10.2007)
http://www.tech.co.uk/computing/internet-and-broadband/news/bittorrent-to-be-killed-by-pirate-bay-plans?articleid=1639074113

============================================================
12. ENDitorial: CoE - Content Regulation: Break On Through; IPR: It's Tricky
============================================================

The 8th meeting of the Council of Europe (CoE) group of specialists on Human
Rights in the Information Society (MC-S-IS) was held in Strasbourg on 29-30
October 2007. It was mainly dedicated to discussing draft documents on
technical measures and their impact on human rights and particularly freedom
of expression. Two areas were more specifically addressed: content
regulation and intellectual property.

In its position of independent NGO observer to the CoE MC-S-IS, EDRI voices
its concerns when needed, including loudly by running campaigns, like the
recent one against a new Recommendation failing to uphold online freedom of
expression (Rec(2007)11). In this campaign, EDRI statement was endorsed by
34 national and international NGOs, including major freedom of expression,
freedom of the press, and human rights groups. However, EDRI is also fully
playing its role when promoting CoE outcomes likely to become important
tools for online freedom of expression defenders.

This is likely to happen very soon, provided that the draft 'Recommendation
on measures to promote the respect for freedom of expression and information
as regards technical filtering measures' and its accompanying draft "Report
on the use and impact of technical filtering measures for various types of
content in the online environment, with particular regard to Article 10 of
the European Convention on Human Rights" are adopted without important
modifications by the Steering Committee on the Media and New Communication
Services (CDMC) during its next meeting, and then by the CoE Committee of
ministers.

Both draft documents have been adopted during this MC-S-IS meeting. Members
and observers of the MC-S-IS group discussed the documents prepared by
Austria (MC-S-IS group vice-chair) and Armenia representatives, with the
help of the MC-S-IS Secretariat as well as of EDRI as observer. EDRI had the
opportunity to suggest many changes to both documents before their
submission to the whole group, and almost all these changes were included.

As many members of the group acknowledged, this Recommendation would be the
first important document breaking off the usual national, European and
international rhetoric of "technical filtering panacea" to fight illegal or
harmful content, in that it reintroduces the need to respect
human rights standards, first and foremost freedom of expression, but also
the right to privacy and other provisions of the European Convention of
Human Rights, including the rule of law principle. One member, namely
Norway, insisted though on the "impression the documents gave that
governments wont be allowed to any content filtering of blocking" anymore,
but it was rather isolated in such position.

The final draft document recommends that CoE member States "take measures to
promote the respect for freedom of expression and information as regards
technical filtering measures in line with provided guidelines", as well as
"to bring these guidelines to the attention of all relevant private and
public sector stakeholders, in particular those who design, activate, use
and monitor technical filtering measures, and civil society, so that they
can contribute to their implementation."

The draft Recommendation sets out detailed guidelines on: (I) "Using and
controlling filters in order to fully exercise and enjoy the right to
freedom of expression and information", (II) "Appropriate filtering for
children and young people", and (III) "Use and application of filtering
systems by State actors and the private sector".

Another set of draft documents discussed at the same meeting was far from
receiving the same welcome, and it is not even likely to be adopted soon, if
at all. These documents are a draft "Recommendation on freedom of expression
and information and intellectual property rights in the new information and
communications environment" and its accompanying draft report on emerging
issues and trends in this context. The former was prepared by Switzerland
representative (MC-S-IS group chair) with the help of the Secretariat, and
the latter by the Secretariat and an informal working group made up of
representatives from France, Malta, Norway and INSAFE/European SchoolNet
observer representative.

While EDRI has not taken part in the preparation of these documents, it
found the drafts submitted for discussion a very positive achievement, and
expressed this position to the MC-S-IS group. However, the documents
generated an incredibly heated discussion, to the extent that some member
States showed a truly blocking attitude, even trying to claim that these
issues were out of the MC-S-IS group mandate, and, as if this was not
enough, to question the ability of its members and observers to discuss
issues dealing with intellectual property.

The strongest opponent to the documents was undoubtedly Norway, followed,
though less aggressively, by Finland, France and Portugal. ENPA (European
Newspaper Publishers' Association) joined this opponent group as observer.
In addition to Switzerland, Austria and Armenia advocated in favour of the
draft documents, joined by EDRI, INSAFE/European SchoolNet and EBU (European
Broadcasting Union) as observers.

As the MC-S-IS group chair and vice-chair clarified, these documents
specifically address the protection of freedom of expression when using
intellectual property digital rights management techniques, which is clearly
within the group mandate, especially since a former expert group on
copyright
issues does not exist anymore, its mandate having been transferred to the
MC-S-IS group. It was also reminded that it is the responsibility of the
MC-S-IS group to address and explore any issue within its mandate, even
controversial ones.

Main contentious points relate to guidelines in view of promoting access to
knowledge and education, of assisting IP right holders to self-determine how
their protected works can be accessed, and of promoting innovative systems
of remuneration for right holders who want to allow their protected works to
be used and/or reused.

The issue should be again on the agenda of next MC-S-IS meetings in 2008. In
the mean time, the MC-S-IS group will elaborate a synthesis of main points
of disagreement and report to the CDMC. One of the decisions to be made is
whether this activity would lead to a CoE Recommendation or to other, even
less normative, kind of document or action (some even suggested yet another
conference). In this latter case, EDRI and many other NGOs would likely have
to consider this as surrender to main lobbies.

In addition to these two main discussions, the MC-S-IS group had a quick
preliminary exchange of views regarding two possible future documents on
understanding the freedom of expression and information with regard to the
work of Internet service providers on the one hand, and of online game
providers on the other hand. A third document, not yet drafted, is also
foreseen on the work of social networking sites operators. A short
discussion was held on their relevance, even though these documents would be
a set of guidelines for concerned actors rather than normative documents
intended to State members. The group agreed that, more generally speaking,
web 2.0 services should be addressed in relation with the respect for human
rights and human dignity. An informal working group will start preparing
inputs on this issue, participants being Switzerland and France, with EDRI
as observer.

Moreover, the group considered the establishment of a "standard-setting
instrument which promotes a coherent pan-European level of protection for
children from harmful content when using new communication technologies and
services and the Internet, while ensuring freedom of expression and the free
flow of information". The general mood inclined towards the lack of
relevance of such activity, especially after Austria, Armenia, and EDRI as
observer strongly warned of the difficulty, if not the impossibility,
to agree on a general definition of harmful content, taking into account the
diversity of cultures, values and sensibilities at the pan-European level.

Finally, the group had to consider possible new work topics, in view of the
renewal of MC-S-IS terms of reference and of the suggestion of themes for
the 1st European Ministerial Conference on media and new communication
services, to be held in Reykjavik in May 2009 as decided by the CDMC 5th
meeting. In addition to the respect for human rights and human dignity in
web2.0 that was already decided, search engines as well as the respect for
privacy have been suggested by EDRI. Next regular MC-S-IS meeting is
scheduled in late March 2008.

CoE MC-S-IS public website
http://www.coe.int/t/e/human_rights/media/1_intergovernmental_co-operation/MC-S-IS

EDRI-gram: CoE to address the impact of technical measures on human rights
(12.04.2007)
http://www.edri.org/edrigram/number5.7/coe-human-rights

EDRI campaign on new CoE recommendation failing to uphold online freedom of
expression (10.10.2007)
http://www.edri.org/coerec200711-signatories

CDMC 5th meeting report (12.09.2007)
http://www.coe.int/t/e/human_rights/media/1_intergovernmental_co%2Doperation/CDMC

(Contribution by Meryem Marzouki, EDRI member IRIS - France)

============================================================
13. Recommended Reading
============================================================

Council of Europe Recommendation CM/Rec(2007)16 of the Committee of
Ministers to member states on measures to promote the public service value
of the Internet, adopted on 7 November 2007
https://wcd.coe.int/ViewDoc.jsp?Ref=CM/Rec(2007)16

Council of Europe Submission to the Internet Governance Forum, Rio de
Janeiro, Brazil, 12-15 November 2007, "Building a free and safe
Internet"
http://www.coe.int/t/dc/files/events/internet/

============================================================
14. Agenda
============================================================

29-30 November 2007, Skopje, Macedonia
The International Conference e-Society.Mk on inclusive e-Government
http://www.e-society.org.mk

3-4 December 2007, Bonn, Germany
Network Neutrality - Implications for Europe
http://www.wik.org/content/netneutrality_main.htm

4-5 December 2007, Rome, Italy
First QualiPSo Conference - Fostering trust and quality of Open Source
Software systems
http://www.qualipso.org/index.php?option=com_content&task=view&id=63&Itemid=64

5-7 December 2007, Pisa, Italy
Second DELOS Conference on Digital Libraries
http://www.delos.info/index.php?option=com_content&task=view&id=606&Itemid=337

27-30 December, Berlin, Germany
24th Chaos Communication Congress
http://events.ccc.de/congress/2007/Main_Page

17 January 2008, London, UK
Nanotechnology for security and the crime prevention III
http://www.nano.org.uk/events/ionevents.htm#security

============================================================
15. About
============================================================

EDRI-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRI has 28 members based or with offices in 17 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge and
awareness through the EDRI-grams.

All contributions, suggestions for content, corrections or agenda-tips are
most welcome. Errors are corrected as soon as possible and visibly on the
EDRI website.

Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 2.0 License. See the full text at
http://creativecommons.org/licenses/by/2.0/

Newsletter editor: Bogdan Manolea <edrigram at edri.org>

Information about EDRI and its members:
http://www.edri.org/

European Digital Rights needs your help in upholding digital rights in the
EU. If you wish to help us promote digital rights, please consider making a
private donation.
http://www.edri.org/about/sponsoring

- EDRI-gram subscription information

subscribe by e-mail
To: edri-news-request at edri.org
Subject: subscribe

You will receive an automated e-mail asking to confirm your request.
unsubscribe by e-mail
To: edri-news-request at edri.org
Subject: unsubscribe

- EDRI-gram in Macedonian

EDRI-gram is also available partly in Macedonian, with delay. Translations
are provided by Metamorphosis
http://www.metamorphosis.org.mk/edrigram-mk.php

- EDRI-gram in German

EDRI-gram is also available in German, with delay. Translations are provided
Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for
Internet Users
http://www.unwatched.org/

- Newsletter archive

Back issues are available at:
http://www.edri.org/edrigram

- Help
Please ask <edrigram at edri.org> if you have any problems with subscribing or
unsubscribing

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the cypherpunks-legacy mailing list