EDRI-gram newsletter - Number 6.16, 27 August 2008

Wed Aug 27 13:01:55 PDT 2008

============================================================

           EDRI-gram

biweekly newsletter about digital civil rights in Europe

    Number 6.16, 27 August 2008

============================================================
Contents
============================================================

1. Italian justice wants to "seize" a foreign website
2. Cloning e-passports
3. Problems with online FoI in the Georgia-Russia conflict
4. Copyright experts against the EU extension of the copyright term
5. Call for worldwide protests against surveillance
6. UK government goes on with its plan for data retention
7. Seminar on the Telecoms Package and Network Filtering
8. Dispute between UK government and EU over the use of PNR
9. Secret reports on new five year plan for "European Home Affairs"
10. ENDitorial: Wiretapping - the Swedish way
11. Recommended Action
12. Agenda
13. About

============================================================
1. Italian justice wants to "seize" a foreign website
============================================================

In an investigation started by the Bergamo Prosecutors, an Order of the
Justice for preliminary investigation of the Court of Bergamo was issued on
1 August 2008, asking for the "seizure" of the PirateBay website, hosted
outside Italy, for displaying a collection of links to allegedly illegal
duplicated material. The order was implemented by 10 August 2008 by forcing
Italian Internet providers to block the access to that site, both to its
domain, as well as to its associated IP number.

The PirateBay owners quickly reacted and changed their IP address and set up
a new website called labaia.org (La Baia means The Bay in Italian). They
have also promoted measures to bypass the "blacklisting": "We have already
changed IP for the website - that makes it work for half the ISPs again. And
we want you all to inform your Italian friends to switch their DNS to
OpenDNS so they can bypass their ISPs filters. This will also let them
bypass the other filters installed by Italian ISPs, as a bonus."

But the case is worse, as revealed by the EDRi-member ALCEI. The
interpretation of the concept of "seizure", in an extremely extended and
seriously questionable manner, triggers a serious threat for the rights
of citizens and companies that are not, in any way, involved in this
inquiry.

ALCEI explains in a letter sent to the Italian Data Protection Authority
(Garante per la protezione dei dati personali) that the "enforcement of
the Court order, exceeded what the Justice said. Users attempting to connect
to the "seized" site are redirected to the IP number 217.144.82.26,
belonging to servers located in the United Kingdom and apparently registered
by the pro-music.org domain, a music industry association protecting their
brands and intellectual property rights. If the above is true, then a
private association, outside the Italian jurisdiction, is collecting
internet traffic data that, when matched with those retained by the ISPs,
would allow the identification and possible criminal investigation of third
parties absolutely not involved in the Bergamo's criminal case."

But besides the case as such, ALCEI also underlines the fact that this
case - per se "one among many" - is of the utmost importance when
examined in a broad perspective because it falls into a wider and long
lasting  lobby to legislators, politicians, magistrates and law
enforcement officers to share the (wrong) idea that "filtering is good
for citizen security" and the ISPs must be liable for everything that
happens on the net, whether under their direct control or not.

Italy has already passed legislation, for some years now, that goes
toward these directions (for a variety of alleged "reasons", such as the
all-purposes "minor protection excuse" or to fight "illegal" online
gambling etc. - and now, once again, for "copyright sake").
Italian politicians are pushing at the European Union level the idea of
forcing search engine providers to filter "questionable" queries.

The relevant question that the Italian EDRI members are asking is: "Is
it the case that Italy is on the edge of a civil rights aggression? Maybe
not. For a number of reasons (ignorance, disinterest, electoral
convenience) Italy seems to be more prone to copyright lobbyists
interests than other European countries."

GIP Bergamo - Decree 1 August 2008 (only in Italian, 1.08.2008)
http://www.ictlex.net/?p=934

10 August 2008, Italy blocks Pirate Bay (only in Italian,10.08.2008)
http://punto-informatico.it/2381433/PI/Brevi/10-agosto-2008-italia-blocca-pirate-bay.aspx

Italian authorities attempt to take on Pirate Bay (11.08.2008)
http://www.out-law.com/page-9336

Fascist state censors Pirate Bay (10.08.2008)
http://thepiratebay.org/blog/123

A complaint to the Garante per i dati personali in the "piratebay" case
(only in Italian, 16.08.2008)
http://www.alcei.it/index.php/archives/129

EDRi-gram: ENDitorial: "Frattinising" isn't the only threat (26.09.2007)
http://www.edri.org/edrigram/number5.18/frattinising

============================================================
2. Cloning e-passports
============================================================

Jeroen van Beek, a computer researcher at the University of Amsterdam, has
shown in some tests conducted for The Times that the new micro-chipped
passports, introduced in UK to protect against terrorism and organised
crime, can be easily cloned.

The researcher has succeeded in cloning the chips of two British passports
in which he introduced the pictures of Osama bin Laden and a suicide bomber
and in passing the cloned chips as genuine through Golden Reader, which is
the standard passport reader software used by the UN agency setting
standards for e-passports and which is also recommended for use at airports.
The cloning operation took less than an hour. Van Beek developed his cloning
method based on previous researches made in UK, Germany and New Zealand.

The micro-chipped passports contain a small radio frequency chip and an
antenna attached to the back page of the passport. The chip responds to an
encrypted signal sent by an electronic reader, by sending the holder's ID
and the biometric details back to the reader. Therefore, a copied chip could
be palmed at an unattended reader or a copy of a passport that hasn't even
been stolen could be used if the bearer resembled the original holder.

To any concerns expressed in relation to the safety of the data on the
e-passports, the Home Office has always argued that faked chips can be
discovered at border checkpoints because, when checked against an
international database, they would not match the key. The e-passports are
protected by a digital signature which, when altered, brings the rejection
of the passport by the reader. The validation of the signatures on
e-passports requires the exchange of PKI certificates between the
authorities of the issuing countries or the use of ICAO's PKD (Public Key
Directory) system. However, ICAO PKD system is not universally used and many
countries, UK included, use the bilateral exchange of certificates with
other countries.

The Dutch researcher not only changed the data on the e-passports but
succeeded in writing a new signature that will pass through the system,
under certain circumstances. According to the reader performances, to the
exchange of certificates between countries or to the use or not of PKD, the
signature might not even be checked.

"We're not claiming that terrorists are able to do this to all passports
today or that they will be able to do it tomorrow (...) But it does raise
concerns over security that need to be addressed in a more public and open
way" said Mr van Beek.

The flaws also contradict Home Office's claims that the 3 000 blank
passports that were stolen last week were worthless and raise questions
about the 4 billion pound ID scheme of the Government which uses the same
biometric technology. Dominic Grieve, the Shadow Home Secretary, has asked
the ministers to take urgent measures to solve the security flaws. "It is of
deep concern that the technology underpinning a key part of the UK's
security can be compromised so easily" said Grieve.

Researcher gives Elvis and bin Laden fake e-passports (6.08.2008)
http://www.theregister.co.uk/2008/08/06/epassport_alteration_demo/

'Fakeproof' e-passport is cloned in minutes (6.08.2008)
http://www.timesonline.co.uk/tol/news/uk/crime/article4467106.ece

How to clone the copy-friendly biometric passport (4.08.2006)
http://www.theregister.co.uk/2006/08/04/cloning_epassports/

How to clone a biometric passport while it's still in the bag (6.03.2007)
http://www.theregister.co.uk/2007/03/06/daily_mail_passport_clone/

============================================================
3. Problems with online FoI in the Georgia-Russia conflict
============================================================

The conflict between Russia and Georgia over South Ossetia region has
extended to Internet, both countries having launched cyber-attacks and
blocking each other's broadcasting sites.

Georgian authorities have blocked access to Russian news broadcasters and
websites, the action being justified by Georgia's Interior Ministry with the
argument that Russian broadcasts would "scare our population" which the
government could not allow.

Mamia Sanadiradze, founder and CEO of Caucasus Online, the biggest Georgian
ISP, told Reuters: "People from the (Georgian) security agencies asked me to
block Russian sites. There were threats from viruses, we faced
disinformation and so on. (...) I hope that when war is over, we will
unblock these sites."

On the other hand, Georgian online news media and the Georgian government
websites have been attacked by Russian hackers,
including the President's site. In order to remain accessible, the foreign
ministry website changed its URL address.

Security researchers claim to have evidence showing a link between Russian
state businesses and the cyber-attacks against Georgia. Denial of service
attacks against Georgian websites started a day before the break out of the
military conflict over South Ossetia.

Don Jackson, a SecureWorks researcher said that logs showed that part of the
attack was run from command and control servers located on the networks of
Rostelecom and Comstar, two Russian state-run companies. "We know that the
Russian government controls those servers theoretically, if they have not
been 'pwned' by somebody else," Jackson told eWeek. The two companies made
changes in routing tables that blocked internet traffic to Georgia. The same
networks were used to launch denial of service attacks and cache poisoning
attacks against Georgian networks, according to SecureWorks.

Reporters Without Borders condemn the violation of online freedom of
information. "The Internet has become a battleground in which information is
the first victim. On the one side, the main Georgian ISPs severed access to
Russian websites. On the other side, Georgian government websites were
attacked by Russian hackers. With newspapers and radio and TV stations
putting out very little independent news, the Internet is a vital tool for
the public, so these attacks must stop at once."

Russian and Georgian websites fall victim to a war being fought online as
well as in the field (13.08.2008)
http://www.rsf.org/article.php3?id_article=28167

Georgia cuts access to Russian websites, TV news (19.08.2008)
http://www.reuters.com/article/internetNews/idUSLJ36223120080819

Georgia accuses Russia of coordinated cyberattack (11.08.2008)
http://news.cnet.com/8301-1009_3-10014150-83.html?hhTest=1

Bear prints found on Georgian cyber-attacks (14.08.2008)
http://www.theregister.co.uk/2008/08/14/russia_georgia_cyberwar_latest/

Russian cybercrooks turn on Georgia (11.08.2008)
http://www.theregister.co.uk/2008/08/11/georgia_ddos_attack_reloaded/

============================================================
4. Copyright experts against the EU extension of the copyright term
============================================================

New voices from the major copyright experts in the European universities and
research centers question the current EU proposals of extension of the
copyright term for the performing artists and sound recordings.

As previously covered in the past EDRi-gram, the first letter was addressed
to EU Commission President Jose Manuel Barroso and sent on 18 July 2008 by
the leading European centres for intellectual property research that
explained that the new measures "will damage European creative endeavour and
innovation beyond repair."

Professor Bernt Hugenholtz, Director of the Institute for Information Law
(IViR) that was commissioned by the EC to draft two major studies on the EU
copyright and policy, questioned the Commission decision, calling its
policies: "less the product of a rational decision-making process than of
lobbying by stakeholders." Prof. Hugenholtz was very unhappy about the
Commission decision that totally contradicts and ignores IViR's scientific
findings:

"As you are certainly aware, one of the aims of the 'Better Regulation'
policy that is part of the Lisbon agenda is to increase the transparency of
the EU legislative process. By wilfully ignoring scientific analysis and
evidence that was made available to the Commission upon its own initiative,
the Commission's recent Intellectual Property package does not live up to
this ambition. Indeed, the Commission's obscuration of the IViR studies and
its failure to confront the critical arguments made therein seem to reveal
an intention to mislead the Council and the Parliament, as well as the
citizens of the European Union.

In doing so the Commission reinforces the suspicion, already widely held
by the public at large, that its policies are less the product of a rational
decision-making process than of lobbying by stakeholders. This is
troublesome not only in the light of the current crisis of faith as regards
the European lawmaking institutions, but also - and particularly so - in
view of European citizens' increasingly critical attitudes towards
intellectual property law."

Further arguments against the decision come from a statement from another
leading IP centre in European - Max Planck Institute for Intellectual
Property, Competition and Tax Law. In an article that concerns the
Commission's plans to prolong the protection period for performing artists
and sound recordings, the authors emphasize that there is no specific reason
for a term extension and argue that the proposal diverts the attention from
the social problem that performing artists, in particular at
the start of their career, often have a very bad negotiation position
vs. publishers and record companies - which should be remedied by special
copyright contract law.

The document concludes in pointing out that: "no persuasive economic or
social reason can be found in favour of a term extension since extending the
term would neither increase the incentives to invest nor would it provide
financial security and a sufficient livelihood for all ageing musicians,
especially not for those who need it the most. It would rather have a
negative impact upon future creators and musicians, since they would need to
wait longer to build upon older works in order to create new ones. Besides,
a term extension would also be to the detriment of consumers and the
information society since sound recordings would be locked up for another 45
years."

Open Letter concerning European Commission's `Intellectual Property Package'
(18.08.2008)
http://www.ivir.nl/news/Open_Letter_EC.pdf

"Statement of the Max Planck Institute for Intellectual Property,
Competition and Tax Law Concerning the Commission's Plans to Prolong the
Protection Period for Performing Artists and Sound Recordings"
by Nadine Klass, Josef Drexl, Reto M. Hilty, Annette Kur and Alexander
Peukert", IIC 2008, p. 586-596.

Commission adviser accuses Barroso of intentionally misleading European
policy-makers and citizens on copyright (21.08.2008)
http://www.openrightsgroup.org/2008/08/21/commission-adviser-accuses-barroso-of-intentionally-misleading-european-policy-makers-and-citizens-on-copyright/

EDRi-gram: Extension of the copyright term for performers and record
producers (30.07.2008)
http://www.edri.org/edrigram/number6.15/extension-copyright-performers

============================================================
5. Call for worldwide protests against surveillance
============================================================

Civil rights organizations call for protests against the constant increase
of surveillance conducted by governments and enterprises. A rally under the
motto "Freedom not Fear" will be held in Berlin on 11 October 2008. The
organizers agree that it is high time to take to the streets in order to
defend basic constitutional rights in the light of an ongoing
intensification of security and surveillance measures. The rally turns
against the promotion of the Federal Criminal Police Office
("Bundeskriminalamt") to a central, executive police agency with the
permission to secretively spy into citizens' home computers.

After last year's demonstration for democracy and civil rights, which was
the largest in Germany in 20 years with over 15 000 participants, protesters
in several countries will, for the first time simultaneously, take to the
streets to demonstrate for their freedom. Currently, 15 countries have
announced their participation in the international action day on 11 October.
Such unanimous protests are mainly due to the ongoing shift of
politicians to push through negotiations on surveillance and control
measures behind closed doors. Among others, the international protest
criticizes the planned registration of all air travellers in the EU,
the planned delivery of data to the USA, biometric data in EU identification
documents, as well as the retention of telecommunication data such as phone
connections or a caller's whereabouts for all 455 million Europeans.

Against this political spiral of interior armament motivated by
crime-related dangers, civil society places the call for "Freedom not Fear".
A moratorium for all surveillance activities and the reduction of all mass
scale surveillance, as well as an expansion of digital rights are demanded
to protect and strengthen civil liberties. In addition, activists call for
an independent review of every single planned or existing surveillance and
control measure in terms of its effectiveness and undesired side-effects.

In the run-up to this action day, the German Work Group on Data Retention
("Arbeitskreis Vorratsdatenspeicherung") calls for participation in the
Munich demonstration "Freiheit Wei_-Blau - Stoppt den \berwachungswahn" on
20 September 2008, which targets the restrictions of the right to free
assembly and other surveillance measures in the state of Bavaria. In
addition, the OneWebDay on 22 September 2008, will serve as a means for
further mobilisation for the "Freedom not Fear" action day.

Action day "Freedom not Fear" on 11 October 2008
http://www.freedom-not-fear.eu

Planned activities for 11 October 2008
http://wiki.vorratsdatenspeicherung.de/Freedom_Not_Fear_2008

(Contribution by Patrick Breyer - Working Group on Data Retention - Germany)

============================================================
6. UK government goes on with its plan for data retention
============================================================

UK government intends to oblige ISPs and telephone companies to keep
Internet personal data traffic for at least 12 months and local, health
authorities and lots of other public bodies are to be given access to
details of everyone's personal Internet information.

On 15 August 2008, the Home Office published a consultation paper which
makes clear that the personal data will now be available for crime and
public order investigations and may even be used to prevent people
self-harming. Furthermore, as the measure is the result of an EU directive,
the data will be made available to public investigators across Europe.

The measure will cover VOIP as well and access to personal Internet and text
data will be available to all public bodies licensed under the 2000
Regulation of Investigatory Powers Act (RIPA), meaning that hundreds of
public bodies including local councils, health authorities, the Health and
Safety Commission, the Food Standards Agency or Ofsted (the education
standards watchdog), may require telecom companies to hand them over the
personal data.

UK government intends to go further by introducing a draft communications
bill this autumn which would require all the telecommunications companies to
hand over this data to one central "super" database. The police and other
public authorities will be able to access this database directly without
having to make a request to the company which keeps the records.

The database had been planned to be bundled with the EU Data Retention
Directive that is to be legally implemented in UK by March 2009. The
consultation paper published by the Home Office is meant to transpose the
Directive as a standalone statutory instrument. Laws made by statutory
instruments do not need a Parliament vote.

Home Office civil servants are working on plans for the central database
within the Interception Modernisation Programme (IMP). The IMP budget was
part of the intelligence agencies' undisclosed funding bid to the
Comprehensive Spending Review last year. Sources disclosed that secret
briefings gave a cost for the database that could reach nine figures.

The proposition faces opposition as many fear that a single database under
Government's control would be vulnerable to attacks or errors that may lead
to information leaks.

Chris Huhne, the Liberal Democrats' home affairs spokesman, said the
government could not be trusted with sensitive data. "We will be told it is
for use in combating terrorism and organised crime but if Ripa powers are
anything to go by, it will soon be used to spy on ordinary people's kids,
pets and bins" he said.

In the consultation paper, the Home Office also gave an estimation of a cost
of over 60 million euro that the storage of such an amount of Internet data
may be imposed on the Internet industry. Besides, the Home Office admitted
that the companies might have to store "a billion incidents of data exchange
a day". The Government has already paid about 23 million euro over five
years to telecom companies for access to data about citizens' use of phones
and the Internet.

'Snooper's charter' to check texts and emails (13.08.2008)
http://www.guardian.co.uk/uk/2008/aug/13/privacy.civilliberties/print

Home Office - A consultation paper - Final phase of the transposition of
Directive 2006/24/EC (08.2008)
http://www.statewatch.org/news/2008/aug/uk-ho-consult-mand-ret-internet.pdf

Government pays telcos #18.5 million for records retention (7.08.2008)
http://www.out-law.com/page-9333

UK.gov to spend hundreds of millions on snooping silo (19.08.2008)
http://www.theregister.co.uk/2008/08/19/ukgov_uber_database/

EDRIgram: UK Government will store all phone, Internet traffic data
(21.05.2008)
http://www.edri.org/edrigram/number6.10/uk-isp-traffic-data

EDRIgram: ICO worried about a UK Government-owned traffic data database
(4.06.2008)
http://www.edri.org/edrigram/number6.11/ico-uk-govt-database

============================================================
7. Seminar on the Telecoms Package and Network Filtering
============================================================

The telecoms package seminar on the 27 August 2008 in the European
Parliament arranged by Swedish MEP Christofer Fjellner had a remarkably
large audience. Over 100 persons came to listen to the five speakers from
both industry and civil society.

Over all, the speakers called for better understanding of the so
called "copyright amendments" to the package that allegedly have been
introduced to the detriment of the 'completion of the internal market'
for the telecoms industry. Netzpolitik.org was also streaming the event.

After the introduction by MEP Fjellner, Monica Horten from Westminster
University made clear the new technology "Deep Packet Inspection"
potentially could be used to censor the Internet in Europe just as it
does in China. Similar hardware is in place in both Chinese and
European networks. The differences are law, automation and industrial
rather than political programming.

Eddan Katz from Electronic Frontier Foundation warned that public
interest values and the hopes for a transforming participative web
would be squashed if the language in the package is not being cleared
up.

Jeffery Lawrence from Intel's main point was that the conflict between
rightsholders and technology industry is not new, but that the
principle of policing consumers is new. Would Europe consider such
policy, there is indeed a need for discussion and analysis beyond the
traditional conflict mentioned.

Nuria Rodriguez Murillo from BEUC urged the European parliament to
ensure legal certainty for consumers, as well as standing up for the
principle already voted on in the so called Bono report which states
that people should not be cut of the Internet.

The last speaker Francisco Mingorance from Business Software Alliance
warned against the French model where technology mandates are
introduced by the state or by courts. Such mandating could overrule
copyright licences like the GPL.

It is unclear whether the Members of the European Parliament will even
agree on the existence of the "copyright amendments" in the upcoming
plenary debate next week. Netizens, as well as citizens, of Europe
should keep their fingers crossed that their legislators know what
they are voting on in three weeks time. Hopefully, to quote Monica
Horten, our MEPs will say "As policy-makers, we have a duty to promote
the vibrant and open character of the Internet."

Seminar on the Telecoms Package and Network Filtering
http://www.european-agenda.com/events/22414.php

Event stream by Netzpolitik
http://netzpolitik.org/2008/live-aus-dem-ep-seminar-on-internet-filtering/

Deep Packet Inspection
http://en.wikipedia.org/wiki/Deep_packet_inspection

(Contribution by Erik Josefsson - Sweden)

============================================================
8. Dispute between UK government and EU over the use of PNR
============================================================

UK Government fights EU proposals to restrict the way it uses passenger name
record (PNR) information to monitor immigration, claiming that the data it
collects is crucial to control cross-border movements.

With the EU planning to make all European states share PNR data, UK
government argues there is a "real risk" the action "would degrade e-Borders
by prohibiting the use of PNR data for combating immigration offences". A
spokeswoman for the Home Office stated: "The collection of passenger name
records is a vital tool in Britain's fight against organised crime,
terrorism and immigration offenders."

UK wants to go further than EU and share data from internal EU flights, sea
and rail travel. The House of Lords EU Select Committee warned in a report
published in July that if the government made pressures for radical changes
to the EU proposal, it might loose the co-operation of Europe. The report
recommended that the PNR data be used for the purpose of fighting against
terrorism and combating serious crime, stating at the same time that a clear
definition should be given to what "serious crime" means. It recommended a
comprehensive list that would cover the term.

The Home Office responded on 6 August accepting the need for greater clarity
about what crimes should be covered by "serious crime" but rejected the
recommendation for a comprehensive list as being "overly prescriptive". It
also said that its e-Borders programme gathering PNR data on 50
million passengers' movements, had been a "real success in strengthening the
UK border" leading to 25 000 alerts and 2 100 arrests for offences ranging
from murder and possession of firearms to drug-smuggling. It also stated
that loosing Europe's support was not a possibility. "Negotiations are
ongoing, there are outstanding issues but we will work closely with the EU
to agree a text."

Dominic Grieve, Shadow Home Secretary, said that if the government wanted to
extend the purposes of using passengers' details, it should be precise about
"what the objective is, why it is necessary and what safeguards it will put
in place to protect the privacy of the innocent" and he added: "Given the
government's proven and serial inability to protect personal data the public
will not agree to this lightly."

The Home Affairs Spokesman for the Liberal Democrats, Chris Huhne, also
considered this was another example that the government was more and more
invading people's personal lives. He also commented: "It is deeply worrying
that ministers are prepared to forgo the possible co-operation of our
European partners."

Actually, even the EU Proposal for a Council Framework Decision on the
use of Passenger Name Record (PNR) is far from perfect, facing large
opposition from privacy rights advocates and associations.

In a letter to the Council of the European Union, ECTAA, the European Travel
Agents' and Tour Operators' Associations, makes several proposals for the
Framework Decision. Among other things, the members of the association
believe the decision should only cover data for passengers on flight into
and out of the EU and that it should not be extended to intra-EU flights.

Gov't battles EU over use of air-passenger data (11.08.2008)
http://news.zdnet.co.uk/security/0,1000000189,39459924,00.htm

Ministers' fears on EU data plan (6.08.2008)
http://news.bbc.co.uk/2/hi/uk_news/politics/7544877.stm

Clash erupts on use of airline data to fight crime (7.08.2008)
http://www.ft.com/cms/s/0/14152182-6418-11dd-844f-0000779fd18c.html?nclick_check=1

European Travel Agents' and Tour Operators' Associations (ECTAA) letter to
the Council of EU on Proposal for a Council Framework Decision on the use of
Passenger Name Record (PNR) data for law enforcement purposes (1.08.2008)
http://www.statewatch.org/news/2008/aug/eu-pnr-ectaa-comments.pdf

EDRIgram - PNR Data infringes human rights (9.04.2008)
http://www.edri.org/edrigram/number6.7/pnr-human-rights-ecj

============================================================
9. Secret reports on new five year plan for "European Home Affairs"
============================================================

A new secret report, made available by Statewatch, drafted by the "Future
Group" of Interior and Justice Ministers from six EU member states (Germany,
France, Sweden, Portugal, Slovenia, and Czech Republic) suggests a series of
proposals to boost EU integration in policing and intelligence-gathering,
including the creation an EU-US Area of cooperation for "freedom, security
and justice."

The group's controversial proposals are certain to trigger major disputes,
proposing that the EU members states should pool information in a central
intelligence unit, creating a network of "anti-terrorist centres",
standardising police surveillance techniques and extending the sharing of
DNA and fingerprint databases to include CCTV video footage and material
gathered by "spy drones".

The report also includes a decision to expand the current European
Gendarmerie Force (EGF), which currently only involves France, Italy, Spain,
Portugal and the Netherlands, into an EU body, that could be used also for
paramilitary intervention overseas.

Claiming efficient fight against terrorism, the report suggests an
Euro-Atlantic pact of cooperation with the United States. The document needs
to be finalized by 2014 at the latest and would not just cover terrorism and
passenger data but would cover the whole area of justice and home affairs -
policing, immigration, sharing database data and biometrics. The difference
in privacy regulation could be a problem in achieving
this pact, but the US seems to push hard for this new pact:

"All the evidence from dozens of high-level EU-USA meetings on justice and
home affairs since 11 September 2001 shows that it is a one-way street with
the EU trying to fend off USA demands. When the EU does not cave in the USA
simply negotiates bilateral deals with individual member states. A permanent
EU-USA pact would be disastrous for privacy and civil liberties." explains
Tony Bunyan, Statewatch editor.

Bruno Waterfield, Brussels correspondent for The Daily Telegraph has
expressed the way in which security has been escalated to a level that he
calls "securocracy". He believes it started at the national and EU level
with "interoperability" that allowed a more wildly exchange of the
information held on databases. This gave the idea of "availability", that
meant "the exchange of any of this information, defined as important for
security purposes, was required". And the latest stage is "convergence".
"This concept heralds a new era by standardising European police
surveillance techniques and creating "tool-pools" of common data gathering
systems to be operated at the EU level" says Waterfield.

Future Report: Freedom, Security, Privacy - European Home Affairs in an open
world (06.2008)
http://www.statewatch.org/news/2008/jul/eu-futures-jha-report.pdf

Secret EU security draft risks uproar with call to pool policing and give US
personal data (7.08.2008)
http://www.guardian.co.uk/world/2008/aug/07/eu.uksecurity

Secret EU report moots sharing personal data with US (7.08.2008)
http://euobserver.com/22/26585

New European spying proposals 'threaten British security' (7.08.2008)
http://www.telegraph.co.uk/news/worldnews/europe/2512219/New-European-spying-proposals-threaten-British-security.html

EU plan: The rise and rise of the securocrats (7.08.2008)
http://blogs.telegraph.co.uk/bruno_waterfield/blog/2008/08/07/eu_plan_the_rise_and_rise_of_the_securocrats

============================================================
10. ENDitorial: Wiretapping - the Swedish way
============================================================

The Swedish Parliament, Riksdagen, adopted 18 June 2008 a law which
obliges all telecom and Internet providers to transfer all communication
that passes the Swedish border to Fvrsvarets radioanstalt (FRA), or the
National Defence Radio Establishment as it is officially called in
English. It is the Swedish national authority for signals intelligence.

Even though domestic Internet communication is between two persons residing
Sweden, the same information may cross national borders through Germany,
Denmark and USA. That is how the Internet works. This means that all Swedes
as well as people residing outside of Sweden may be subject to the
surveillance of FRA. FRA may transfer information to other countries and the
Guardian has recently reported (7 August 2008) of a Secret EU security draft
which would give USA "Wholesale exchange of (personal) data". It is within a
greater international perspective one should view the Swedish legislation.

It is possible that Sweden has the most valuable information. 80 % of the
Russian telecom and internet communication passes through Sweden. Thus, it
is not an accident that FRA has one of the most powerful computers in the
world, together with some computers in the USA and one computer in the UK
which operates computations on nuclear weapons. There is an ongoing debate
over the true motive for the adoption of the law. This is only one of the
theories. Many countries and companies, including Finland, Norway, Google
and TeliaSonera, use the Swedish cables and are very critical of the FRA
wiretapping law.

The FRA wiretapping law adopted in June 2008 consists of four statutes,
including a newly adopted statute on signals intelligence and changes in
three other statutes.

The law will enter into force by 1 January 2009 and the actual operations
will start later in the year. FRA has a mandate to search for "external
threats", which involves everything from military threats, terrorism,
IT-security, supply problems, ecological imbalances, ethnic and religious
conflicts, migration to economic challenges in the form of currency and
interest speculation. This very broad mandate has attracted a lot of
criticism. There is no requirement that the FRA should have a reason to
suspect crime or a court order before a Swedish citizen is to be under
surveillance. This must be seen against the background that the police may
ask FRA for support in its efforts of crime control.

In contrast to what the law actually says, the Government denies that the
police may use the FRA and say that FRA will only monitor "phenomena" and
not individuals. The critics ask how it is possible to monitor phenomena
without monitoring individuals.

As one of the critics, I have accused the Government of "doublethink" and
"newspeak" in their defence of the law. The Governments statements are full
of contradictions, which they ignore. The main Government Party in a
coalition of four parties even deny the core of the law, which obligates all
telecom and Internet providers to transfer all communication that passes the
Swedish border to FRA.

In the eve of the vote of 18 June 2008 there were strong indications that
more than the necessary four parliamentarians of the centre-right coalition
would shift side and thus deny the adoption of the statutes. There was
intense pressure on these parliamentarians and on the day before the vote,
Fredrick Federley, a critic in the centre party, struck a deal with the
Minister of Defence, Sten Tolgfors, which involved that additional
protection would be added in the interest of privacy at a later point in
time. This made the resistance in the coalition parties to crumble.

In the end, only one parliamentarian shifted sides, Camilla Lindberg, of
the liberal party who became a national hero while Fredrick Federley, in the
eyes of many, lost a lot of credibility as a civil rights promoter. Another
member of the liberal group, Birgitta Ohlsson, abstained. The two members of
the liberal group had concerns that the additional protection would not
change the fact that the law obliges all telecom and Internet providers to
transfer all communication that passes the Swedish border to FRA.

This did not quiet the critics. By 14 July 2008 the resistance in the
liberal party had regrouped and they published an op-editorial in the daily
Dagens Nyheter signed by the necessary four parliamentarians and three
previous party leaders representing 25 years of leadership in the liberal
party, all demanding the Government should recall the law. Later, two
liberal parliamentarians joined the other four and stated live on TV that
they were willing to support a motion to recall the law. The Government is
making serious efforts to divide the group and make one or several of them
return to the Government side.

As of this date, the Government has not been successful. The six liberal
parliamentarians must team up with the social democrats, the green party and
the left before the end of September 2008. After that, it is impossible to
table motions from the opposition which will enter into force during 2009
and recall the law.

To conclude, the showdown for Swedish wiretapping by FRA is in September
2008.

Government Proposal on Defence Intelligence (only in Swedish, 8.03.2007)
http://www.regeringen.se/content/1/c6/07/83/67/2ee1ba0a.pdf

Secret EU security draft risks uproar with call to pool policing
and give US personal data (7.08.2008)
http://www.guardian.co.uk/world/2008/aug/07/eu.uksecurity

EDRi-gram: ENDitorial: Sweden is listening to all internet and phone
conversations (2.07.2008)
http://www.edri.org/edrigram/number6.13/sweden-fra-adoption

EDRi-gram: ENDitorial: A new "NSA FRAnchise" set up in Sweden? (4.06.2008)
http://www.edri.org/edrigram/number6.11/nsa-fra-sweden

(contribution by Mark Klamberg - Doctoral candidate, Stockholm University -
Department of Law)

============================================================
11. Recommended Action
============================================================

EDRi member FoeBuD e.V. has set up a contest for finding a RFID warning sign
to be passed on to the EU's process in RFID legislation. Since the industry
came up with a similar contest but looking for a somewhat "friendly" design,
FoeBuD is looking for a precise warning sign that would shows the dangers
for citizens' rights when RFID technology is involved.

There are two categories in FoeBuD's contest: strict and freestyle. In the
strict category, a design for an official RFID warning sign is wanted. The
winning design in this category shall be sent to the EU as a proposal for
marking RFID tags and readers. It should follow the rules for warning and
danger signs as e.g. DIN 4844-2 shows. The freestyle category is what its
name says: be free to find a nice and striking sign that shows the problem.

Everyone is free to participate until 12 September 2008. The designs are
expected to be public domain. The contest papers are only in German, but,
apart from explaining what RFID is and its dangers, the main message is:
Send the design before the deadline to "FoeBuD e.V., Marktstrasse 18, 33602
Bielefeld, Germany". Questions and digital-only designs may be sent to
"mail at foebud.org". Submissions are confirmed to have arrived via email.
The winners will be announced in October 2008.

The contest papers (only in German)
http://www.foebud.org/rfid/rfid-warn-logo-wettbewerb-foebud-ausschreibung.pdf

============================================================
12. Agenda
============================================================

3-5 September 2008, Prague, Czech Republic
The Third International Conference on Legal, Security and Privacy Issues in
IT
http://www.lspi.net/

8-10 September 2008, Geneva, Switzerland
The third annual Access to Knowledge Conference (A2K3)
http://isp.law.yale.edu/

19 September 2008, Brussels, Belgium
High Level Expert Conference: Towards a European Policy on RFID
http://www.rfid-in-action.eu/conference

20 September 2008, Munchen, Germany
Demonstration Freiheit Weiss Blau
http://wiki.vorratsdatenspeicherung.de/Freiheit_Weiss_Blau

22 September 2008, Istanbul, Turkey
Workshop on Applications of Private and Anonymous Communications
http://www.alpaca-workshop.org/

22 September 2008, Worldwide
OneWebDay - an Earth Day for the internet.
http://onewebday.org/

24-28 September 2008, Athens, Greece
World Summit on the Knowledge Society
http://www.open-knowledge-society.org/summit.htm

11 October 2008, Worldwide
Action day "Freedom not fear"
Protests, demonstrations and activities against the surveillance mania
http://wiki.vorratsdatenspeicherung.de/Freedom_Not_Fear_2008

15-17 October 2008, Strasbourg, France
30th International Data Protection and Privacy Conference
http://www.privacyconference2008.org/

20-21 October 2008, Strasbourg, France
European Dialogue on Internet Governance (EuroDIG)
http://www.eurodig.org/

3-6 December 2008, Hyderabad, India
Third Internet Governance Forum
http://www.intgovforum.org

10-11 December 2008: Tilburg, Netherlands
Tilting perspectives on regulating technologies, Tilburg Institute for Law
and Technology, and Society, Tilburg University
http://www.tilburguniversity.nl/tilt/conference

============================================================
13. About
============================================================

EDRI-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRI has 28 members based or with offices in 17 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge and
awareness through the EDRI-grams.

All contributions, suggestions for content, corrections or agenda-tips are
most welcome. Errors are corrected as soon as possible and visibly on the
EDRI website.

Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 2.0 License. See the full text at
http://creativecommons.org/licenses/by/2.0/

Newsletter editor: Bogdan Manolea <edrigram at edri.org>

Information about EDRI and its members:
http://www.edri.org/

European Digital Rights needs your help in upholding digital rights in the
EU. If you wish to help us promote digital rights, please consider making a
private donation.
http://www.edri.org/about/sponsoring

- EDRI-gram subscription information

subscribe by e-mail
To: edri-news-request at edri.org
Subject: subscribe

You will receive an automated e-mail asking to confirm your request.
unsubscribe by e-mail
To: edri-news-request at edri.org
Subject: unsubscribe

- EDRI-gram in Macedonian

EDRI-gram is also available partly in Macedonian, with delay. Translations
are provided by Metamorphosis
http://www.metamorphosis.org.mk/edrigram-mk.php

- EDRI-gram in German

EDRI-gram is also available in German, with delay. Translations are provided
Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for
Internet Users
http://www.unwatched.org/

- Newsletter archive

Back issues are available at:
http://www.edri.org/edrigram

- Help
Please ask <edrigram at edri.org> if you have any problems with subscribing or
unsubscribing

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE