EDRI-gram newsletter - Number 6.13, 2 July 2008

Wed Jul 2 13:08:25 PDT 2008

============================================================

           EDRI-gram

biweekly newsletter about digital civil rights in Europe

    Number 6.13, 2 July 2008

============================================================
Contents
============================================================

1. Control on Internet users pushed through the new Telecom package
2. France promotes the three-strike scheme in Europe
3. The US-EU agreement on personal data exchange by law enforcement
4. ePrivacy Directive debated in the EP's Civil Liberties Committee
5. ECJ first hearing on data retention case
6. ICAAN supports custom domains and discusses whois privacy issues
7. German Protests in over 30 cities against surveillance
8. ENDitorial: Sweden is listening to all internet and phone conversations
9. Recommended Action
10. Recommended Reading
11. Agenda
12. About

============================================================
1. Control on Internet users pushed with the new telecom package
============================================================

An appeal from three European NGOs - La Quadrature du Net, netzpolitik.org
and EDRi-member Open Rights Group - reveal some disturbing MEPs amendments
to the draft directives to reform the EU framework on electronic
communications (telecom package).

The review of the telecom package was merely focusing on telecom-related
issues (except for discussions on the ePrivacy directive, which is the
subject of another EDRi-gram article in the current issue), but some of
the 800 amendments on the 5 directives that form the current package might
go further than just establishing the rules for a functioning electronic
communications market and could endanger the principle of the neutrality of
the Internet.

Some amendments will transform the ISPs from technical intermediaries that
have no obligation to prior surveillance of contents into law enforcers.
Therefore they might be asked to block their users from lawful activities in
the interests of their security or to work with content producers and
rights-holders' organizations, including sending intimidating messages, with
no judicial approval. The amendment meant to support Intellectual Property
Rights owners could open the door to censorship and might mean in practice
the loss on privacy on the Internet.

"The politicians who engage in these summer manoeuvres dishonour Europe and
their mandate. They rely on the fact that nobody watches them few days
before Parliamentary holiday, to divert the Telecom package from its primary
objectives of consumer protection. They pave the way for the monitoring and
filtering of the Internet by private companies, exceptional courts and
Orwellian technical measures. It is inconceivable for freedom but also for
European economic development. We call on all MEPs to oppose what they have
already rejected." said Christophe Espern, co-founder of La Quadrature du
Net (Squaring the Net).

The appeal of the three organisations comes just before the 7 July vote in
the ITRE and IMCO Committees of the European Parliament on the suggested
amendments to the telecom package. The plenary discussion and vote for the
whole package will take place in September, but the vote in the two
committees could have a significant impact on the final result.

Mobilization Package Telecom (in English, German and French)
http://www.laquadrature.net/wiki/Mobilisation_Paquet-Telecom

Telecom Package warning document for IMCO/ITRE vote (30.06.2008)
http://www.laquadrature.net/files/note-IMCO-ITRE-quadrature-20080630.pdf

The commented amendments in HTML format
http://www.laquadrature.net/wiki/Telecom-Package_Compromise-Amendments_ITRE-IMCO_7th-July

Participate: Europe-wide action against the telecom package (only in German,
1.07.2008)
http://netzpolitik.org/2008/mitmachen-europaweite-aktion-gegen-das-telekom-paket/

Write to your MEP: say no to "3 strikes" through the backdoor (2.07.2008)
http://www.openrightsgroup.org/2008/07/02/write-to-your-mep-say-no-to-3-strikes-through-the-backdoor/

============================================================
2. France promotes the three-strike scheme in Europe
============================================================

With France taking over the presidency of the European Union on 1 July 2008,
the French Minister of Culture, Christine Albanel, wants to get a consensus
in the fight against p2p downloading by translating the French model to the
entire Europe.

Christine Albane presented on 19 June to the French Council of Ministers her
proposal for the controversial Internet and Creation law, initiated first by
Denis Olivennes, former CEO of Fnac, designed to fight online piracy, mainly
through the implementation of the so-called "three-strikes" scheme. A
newly-created independent authority, entitled HADOPI (Haute Autoriti pour la
diffusion des oeuvres et la protection des droits sur Internet), is to be
responsible with issuing warnings and potentially cutting Internet
subscriptions in cases of infringements.

At the request of rights holder, HADOPI will have the power to demand from
ISPs the identity of copyright-infringing computer users, followed
afterwards by a three-step process. A warning by email will be first sent,
and in case the infringements persist, the warning will be sent by a 
registered letter. For the third infringement, HADOPI will be entitled to 
cut the Internet access of the user for three up to 12 months. This period 
may be shortened to one to three months if the infringer commits to stop the 
alleged illicit downloading.

The law has been approved by the French Government and it will be debated in
the two chambers of the Parliament. Despite Albanel's confidence in the
draft law and her determination to make it pass, the law is facing a large
range of opposition starting with the European Parliament, CNIL, ISOC,
reservations from the State Council, ARCEP and ending with criticism from
parliamentarians, public opinion, access suppliers and press.

Having this in view, it seems SACEM (Sociiti des auteurs, compositeurs et
iditeurs de musique) is already thinking of an alternative. As stated by
Bernard Miyet, President of SACEM board of directors, the organisation is
not thinking of a global licence but of a contribution from the ISPs. "When
you are a cable distributor such as Numericable and you transport
programmes, you pay royalties. When you are a satellite platform, it is the
same. On the Internet side, the ISPs have succeeded in avoiding any legal or
financial responsibility or, it is well known, that they created all their
development on music" he said.

There is no discussion however of balancing the fee for the ISPs with a new
right for the Internet users as in the case of the global licence that would
allow Internet users to download music and make it available free for
everybody. The global licence would also increase the revenues of the music
creators and artists but not those of the music distributors or recording
companies who are afraid of loosing control and therefore part of the
market.

While in France the HADOPI law is under dispute and although the European
Parliament has initially opposed the French model, it seems the European
Commission has in view to adopt a recommendation that would approve the
gradual type of reaction to illicit downloading.

Gradual response: France proposes its model to the European homologues (only
in French, 24.06.2008)
http://www.zdnet.fr/actualites/internet/0,39020774,39381916,00.htm

Hadopi project: return to the expectations and forces in presence (only in
French, 23.06.2008)
http://www.zdnet.fr/actualites/internet/0,39020774,39381902,00.htm

Gradual response : Sacem already has a plan B (only in French, 30.06.2008)
http://www.numerama.com/magazine/10119-Riposte-gradue-la-Sacem-a-dj-un-plan-B.html

============================================================
3. The US-EU agreement on personal data exchange by law enforcement
============================================================

As stated by the New York Times on 26 June 2008, the United States and the
European Union are close to conclude an agreement allowing the exchange of
personal data of their citizens, including credit card information, travel
history and Internet browsing information in order to be shared with the law
enforcement and security agencies.

According to an internal report revealed by the newspaper, the potential
agreement that has been negotiated since February 2007 between the US
Department of Homeland Security (DHS), the Justice and State departments and
their European counterparts will make clear that it is lawful for European
governments and companies to transfer personal information to the United
States, and vice versa.

One of the issues still to be solved is that of whether European citizens
should be able to sue the United States government in case it violates data
privacy rules or, on the basis of incorrect personal information, it takes
an adverse action against them such as denying them entry into the country
or placing them on a no-fly list. The European law generally gives citizens
the possibility to file a case and ask for damages from the governments and
so does US Privacy Act of 1974 which however does not extend to foreigners.

The US officials are reluctant to accept it and try co convinces the EU that
there are other possibilities to correct such cases like asking an agency to
correct the misinformation through administrative procedures. The European
Union still insists on its position that its citizens should have "the
ability to bring suit in U.S. courts specifically under the Privacy Act for
an agreement to be reached on redress". Such a concession would mean for the
US administration to create new legislation which they are trying to avoid.

Some privacy rights advocates in Europe have warned on certain issues of
concerns. The two negotiating parties have agreed that information related
to race, religion, political opinion, health or "sexual life" may not be
used by a government "unless domestic law provides appropriate safeguards."
However, the agreement does not specify what an appropriate safeguard should
be, leaving the decision to each government.

"I am very worried that once this will be adopted, it will serve as a
pretext to freely share our personal data with anyone, so I want it to be
very clear about exactly what it means and how it will work," said MEP
Sophia in 't Veld.

The negotiators are trying to agree on minimum standards for privacy rights
protection. The European law establishes independent government agencies to
check whether personal data is being used lawfully and to assist citizens
concerned about invasions of their privacy. As the United States has no such
independent agency the Europeans have agreed, as a concession, that the
American government's internal oversight system should be able to account
for the use of Europeans' data.

US officials say they would like to resolve the problem before the end of
Bush administration in January 2009. The European Parliament will have the
power to ratify any agreements between US and Member States If the agreement
does not require legislative action, Mr. Bush could complete it. It appears
that the Europeans would like to wait until 2009 but the finalisation
process might be delayed as Irish voters rejected it in a referendum this
month.

In March, the United States and Germany concluded a bilateral deal
facilitating the automatic exchange of data on suspected terrorists, that
might be taken as a model for similar accords between the US and other
European countries, applied to a wide-ranging exchange of information,
including the fingerprints and DNA of suspects. A similar deal was made
between Hungary and US in June 2008, and it was considered as a big step in
the Memorandum between the two countries that strives for the Hungarian
membership in the Visa Waiver Program. The Hungarian-US agreement was
published in the Hungarian Official Gazette on 20 June.

U.S. and Europe Near Agreement on Private Data (28.06.2008)
http://www.nytimes.com/2008/06/28/washington/28privacy.html

US-EU private data sharing agreement at hand: report (29.06.2008)
http://www.physorg.com/news133928961.html

Report: US, EU Near Agreement on Personal Data Exchange (28.06.2008)
http://www.dw-world.de/dw/article/0,2144,3445491,00.html

FBI ready to demand detailed logs of Britons' internet and travel habits
(29.06.2008)
http://www.guardian.co.uk/technology/2008/jun/29/privacy.internet

============================================================
4. ePrivacy Directive debated in the EP's Civil Liberties Committee
============================================================

On 25 June 2008, the European Parliament's Standing Committee on Civil
Liberties, Justice and Home Affairs asked for measures to correct the
European Commission's proposal to amend the Directive on Privacy and
Electronic Communications (called ePrivacy Directive).

"We have introduced a few points directed towards better consumer protection
and manageability" in order to "improve data protection overall and bring it
in line with the changed situation" stated Rapporteur for the project MEP
Alexander Alvaro (FDP).

Peter Hustinx, the European Data Protection Supervisor (EDPS), adopted, on
14 April, an Opinion on the European Commission's proposal amending, among
others, the ePrivacy Directive. The EDPS basically supported the EC proposal
giving a few recommendations such as the obligation to notify any breach of
security not only from providers of public electronic communication services
in public networks but also from providers of information society services
which process sensitive personal data.

What the MEPs are now asking for is a procedure to inform users, in case of
security breaches at service providers and a better protection from
surveillance. For the measures requiring providers of electronic services to
inform users of breaches of data protection, the MEPs intend to involve an
intermediary body. The companies will inform national telecommunications
regulators or other "competent authorities" on "serious" security breaches
of personal data and the regulatory bodies will decide if consumers need to
be rapidly informed. The companies might also be asked to report the
occurrence of security problems in their annual reports.

One of the aspects that was largely debated within the Committee was
related to the collection of personal data such as IP addresses, a
compromise being reached in the end considering that an online identity
should be specifically considered as an item of personal information needing
special protection when it is related to an individual in combination with
other information. The EP Committee asked the European Commission to submit,
in consultation with EU data protection officials, within the next two
years, specific draft legislation for treating IP addresses as personal
data.

Alvaro's proposal to apply the provision allowing member states to enact
their own legislation to relax protection of connection and location data
for public security and the prevention, detection and prosecution of
criminal acts or illegal use of electronic communications systems, to cases
when ownership rights are infringed, failed as concerns have been expressed
by data protection officials, such as German data protection commissioner
Peter Schaar.

However Alvaro succeeded in passing several other proposals such as the
future application of the directive to publicly accessible private
telecommunications networks including university networks or social networks
such as StudiVZ or Facebook. Companies offering applications attempting to
access personal data on hard drives, or other IT systems, such as USB flash
drives, will have to get the user's consent beforehand on the basis of the
opt-in principle. Alvaro drew the attention that a user setting his browser
to accept cookies would be considered to give consent to data collection.
However, according to the directive, in the future, cookies for storing user
data using the Flash multimedia application will require separate consent.

According to Alvaro, the amendments proposed by the Standing Committee on
Civil Liberties, Justice and Home Affairs will be incorporated into the
report of the Internal Market and Consumer Protection committee, primarily
responsible for the telecommunications package. The entire package for
regulating telecommunications companies and ISPs will be voted in
September after a first reading at a plenary session. The European Council
will be then required to submit comments.

During its 66th plenary session that took place in Brussels between 24-25
June, the Article 29 Working Party expressed its opinion on the review of
the E-privacy Directive fully supporting "the proposed strengthening of
Article 4 'Security' by requiring providers of publicly available
communication services to notify security breaches, and underlines the
importance of informing all persons concerned when their personal data have
been compromised or are at risk of being compromised."

However, the Working Party 29 considers there are issues that still need to
be covered such as the need to extend the scope of the obligation to notify
security breaches to the providers of information society services as well
as the scope of the recipients of the notification to include all persons
concerned rather than only the "subscribers".

MEPs adopt draft "e-privacy directive" reforms (27.06.2008)
http://www.heise.de/english/newsticker/news/110110

Press Release - Article 29 Working Party (26.06.2008)
http://ec.europa.eu/justice_home/fsj/privacy/news/docs/pr_30_06_08_en.pdf

EDRIgram - EDPS endorses data breach notification provision in ePrivacy
Directive (23.04.2008)
http://www.edri.org/edrigram/number6.8/edps-data-breach-notification

============================================================
5. ECJ first hearing on data retention case
============================================================

On 1 June 2008, the first hearing by the European Court of Justice (ECJ) on
Ireland's action for the annulment of the directive on data retention took
place in Luxembourg.

Ireland, later on joined by Slovakia, filed an action with ECJ against the
European Council and Parliament in July 2006 for the annulment of Directive
2006/24/EC for data retention claiming an incorrect legal basis. The action
has been largely supported by various bodies and private advocates ever
since but despite the strong opposition, the European Parliament made a
compromise and adopted the directive the 14 December 2007.

Unfortunately, the legal basis of the data retention directive is supported
not only by the European Parliament and Council, but also by the Commission,
Spain, Netherlands and EDPS, Peter Hustinx. The latter argues that Art 95 EC
Treaty, the legal base used, is appropriate as the retained data would not
otherwise fall under the EU Privacy Directives. Also Hustinx did not mention
any aspects regarding the data retention directive & infringement of the
human rights.

EDRi-member Joris van Hoboken commented on this situation: "These reasons 
are pragmatic and without doubt EDPS argued similarly when the Council was 
still
pursuing a Framework Decision in the Third Pillar. The reasons why the 
European Parliament wanted to have data retention in the First Pillar was 
because they wanted to have a co-decision procedure, in which they have more 
powers."

However Slovakia also questioned if the present directive does not breach
the rights of the individuals in respect with their personal data. It is not
clear if the court will took consideration the breach of privacy by the
directive, since the subject was not brought up by the main plaintiff.

Civil liberties campaigners: Communications Data Retention will be stopped
(30.06.2008)
http://www.vorratsdatenspeicherung.de/content/view/236/79/lang,en/

European Court of Justice in negotiations on retention of telecommunications
data (only in German, 1.07.2008)
http://www.heise.de/newsticker/Europaeischer-Gerichtshof-verhandelt-ueber-Vorratsspeicherung-von-TK-Daten--/meldung/110270

Hearing of European Court of Justice on Data Retention Directive (1.07.2008)
http://www.jorisvanhoboken.nl/?p=167

EDRIgram - European parliament adopts data retention directive (18.01.2006)
http://www.edri.org/edrigram/number4.1/dataretention

============================================================
6. ICAAN supports custom domains and discusses whois privacy issues
============================================================

During its 32nd International Public Meeting in Paris of 22-26 June, the
Internet Corporation for Assigned Names and Numbers (ICANN) approved the
proposal to expand the world's Domain Name System.

Dr Paul Twomey, ICANN's president and CEO, said in a statement: "The Board
today accepted a recommendation from its global stakeholders that it is
possible to implement many new names to the Internet, paving the way for an
expansion of domain name choice and opportunity. (...) The potential here is
huge. It represents a whole new way for people to express themselves on the
Net. It's a massive increase in the 'real estate' of the Internet."

"This was an extremely successful meeting that will be remembered as a
milestone in the development of the Internet. (...) New generic Top Level
Domains and Internationalized Domain Names (IDNs) will open up the Internet
and make it look as diverse as the people who use it," said Peter Dengate
Thrush, ICANN's Board Chairman.

Presently, users have only a limited range of 21 top-level domains (TLDs) to
choose from, such as .com, .org or .info. ICANN authorises the launch of
every new TLD, the launch being made by an ICANN-approved registry and the
domain names being sold by registrars. With the new proposal, applicants for
new TLDs can select their domain name themselves and operate as a registry
and they can use the names for their own purposes or offer them for sale to
third parties through registrars. Applicants from anywhere in the world will
have a "limited application period" and the applications will go through an
evaluation process, expected to last nine months. Although trade marks will
not be automatically reserved, owners will benefit of an objection-based
mechanism to consider their arguments for protection. Offensive names will
also be subject to an objection-based process "based on public morality and
order" as stated by ICAAN.

A final version of the implementation plan must be approved by the ICANN
Board before the new process is launched. It is intended that the final
version will be published in early 2009 and applications for new names are
planned to be available in the second quarter of 2009.

On the same occasion, at a meeting before the private network administration
session, Suzanne Sene, a US government representative, said the Governmental
Advisory Committee (GAC) wanted ICANN to organize new studies of the use and
misuse of Whois data about the owners of Internet domains and pay for these
studies. There is no common agreement yet on a Whois model, the debate
between rights holders and the data-protection authorities having lasted
long on providing more security for the Whois databases which list the
owners of domains.

Representatives of US crime-fighting authorities as well as some European
counterparts have frequently expressed the opinion that access to Whois
data should be granted to those having a "justified interest" claiming that
online spammers or swindlers could be investigated properly only by a
completely free access to the databases, without the knowledge of the
parties involved and without a court order. As a result, many proxy servers,
whose data are recorded in Whois instead of those of clients appeared in US.

Following the introduction of some barriers to the publication of extensive
information about domain owners, the British Nominet gives private users an
opt-out to remove their personal data from the publicly accessible Whois
database. And after many debates, EU registrars registering generic TLDs
such as .info and .com benefit from derogation from the ICANN regulations by
submitting a clear request on the part of their own authorities, which
however, has not been achieved yet.

Internet administrators in dispute over data protection for domain owners
(24.06.2008)
http://www.heise.de/english/newsticker/news/109882

ICANN backs custom domains, gives brand-owners nightmares (27.06.2008)
http://www.out-law.com/page-9214

ICANN Concludes Successful 32nd Meeting in Paris (26.06.2008)
http://www.icann.org/en/announcements/announcement-3-26jun08-en.htm

Biggest Expansion in gTLDs Approved for Implementation (26.06.2008)
http://www.icann.org/en/announcements/announcement-4-26jun08-en.htm

============================================================
7. German Protests in over 30 cities against surveillance
============================================================

On 31 May 2008, privacy activists organized new rallies in more than 30
cities across Germany.

Following the November 2007 protests under the motto "Freedom not
Fear"("Freiheit statt Angst"), thousands of citizens participated in this
year street actions.

Numerous demonstrations, rallies, information events, as well as workshops
and art performances sent clear signals to protect constitutional rights and
limit the rampant proliferation of surveillance.

The rallies had the goal of demonstrating to the ruling grand coalition, a
decisive NO of citizens to the blanket collection and storage of data, as
well
as to the surveillance of all details of daily life. The activities were
therefore supported by a multitude of notable organizations and allowed new
alliances to be formed in many cities. This underlined the growing force
developing behind the well connected movement, the work group stated.

According to the German Work Group on Data Retention (Arbeitskreis
Vorratsdatenspeicherung), the nationwide protests were a full success: "We
were able to use the numerous smaller and larger activities to raise
awareness in the population and win new supporters. The responses were
positive throughout," explained Ricardo Cristof Remmert-Fontes, one of the
organizers of the activities.

In Hamburg, Frankfurt (Main), and Munich, peaceful conventional rallies were
held which received a large turnout. In Munich, 2500 people additionally
demonstrated against the draft of a new law restricting the right of free
assembly.

In order to depict the loss of privacy, activists in Nuremberg reacted with
an art installation by erecting an entire living room in the city's
pedestrian zone. In Bonn, the installation "Transition to surveillance"
visualized current developments.

In Jena, over-sized surveillance cameras were set up, while in Berlin, a
host of talks, hands-on workshops and a preview of the art piece "Pigeon
Project" were presented.

The live-broadcast of events over radio, realized by a network of
independent radio broadcasters, also premiered on the day. The recordings
will be available for listening on the website of the German Work Group on
Data Retention.

In all cities where the work group is present with local dependencies
signatures were collected against the planned "BKA law" (Federal Criminal
Police Office law). The petition was signed online by more than 10 000
people by 1 July.

The German Work Group on Data Retention is now preparing multiple
Europe-wide campaigns which will culminate in mass protests in 11 October
across all of Europe. "This is just the beginning - we will continue!"
commented Michel Blumenstein during the Berlin activities of the work
group.

German Press Release from German Work Group on Data Retention (only in
German, 1.06.2008)
http://www.vorratsdatenspeicherung.de/content/view/227/1/lang,de/

The "Pigeon Project" - international artists of the Amsterdam Sandberg
Institute
http://www.pigeonproject.net

Recordings of the independent radio station broadcasts (only in German,
31.05.2008)
http://wiki.vorratsdatenspeicherung.de/Radio

Petition against the BKA law (Federal Criminal Police Office law) (only in
German)
http://www.bka-petition.de/

(contribution by German Work Group on Data Retention - Germany)

============================================================
8. ENDitorial: Sweden is listening to all internet and phone conversations
============================================================

In Denmark we already have Data Retention in place and the rest of
Europe will follow soon. That means that our own countries demand that
Internet companies and phone companies log who we phone, email with,
chat with, which websites we visit, etc. This is something that the
IT-Political Associations of Denmark (IT-Pol) fights against.

Sweden has now taken one more step towards the complete surveillance of
its citizens as well as citizens of the rest of the world.

The Swedish Parliament (Riksdagen) passed a law that instructs all
telephone and Internet operators to deliver a copy of all phone and
Internet communication crossing Swedish borders to the Swedish
intelligence service FRA. FRA will then use a big spying network and one
of the most powerful supercomputers in the world to investigate the
content of this communication.

For a phone or Internet customer inside or outside Sweden, it is for all
practical purposes impossible to know if a phone call or Internet
connection crosses the Swedish border. For example, Denmark is located
next to Sweden, several big Swedish phone and Internet companies operate
in Denmark, and there are many high capacity sea cables between Denmark
and Sweden. Much of the traffic from Russia also passes Sweden and that
is probably one of the motivations for the law.

It is not possible to know beforehand whether e.g. an email or web-page
viewing will go through Sweden and after all you can never be sure that your
traffic did not go through Sweden. However in some cases you can tell
if your traffic did go through Sweden. IT-Pol has investigated various
uses of the Internet and has discovered that for example Internet
traffic to the Ministry of Ecclesiastical Affairs goes through
Sweden. That means that the Swedish FRA intelligence will listen to
every email from Danes to a Danish priest. Computerworld Denmark wrote that
communication from the Danish intelligence also passes through Sweden.

IT-Pol believes that Internet users should not be subjected to such a
massive and systematic surveillance and bugging. There are probably many
intelligence organizations around the world that try to tap Internet
traffic. But in our part of the world it is exceptional that a
government require all operators to deliver a copy of internet users'
private data to the intelligence service.

IT-Pol has twice contacted the Swedish Parliament. The letters (in
Danish) are available at itpol.dk.

This law has caused massive public opposition in Sweden and the vote
barely got passed in the Parliament.

It is important that citizens, politicians, and organizations outside of
Sweden also speak out and make it clear that this monitoring madness is
not acceptable.

Internet providers outside of Sweden can alleviate the effects of the
Swedish monitoring by not sending Internet traffic through Sweden unless
the recipient is in Sweden. Alternatively, they can encrypt all traffic
going through Sweden. Tolstrup from the Telecommunication Industries
Association in Denmark said in a statement to the Internet magazine
ComOn that FRA can require Danish operators to hand over encryption
keys. This is not obvious from the text of the FRA-law and IT-Pol is
still investigating if this is really true. We have asked some members
of the Swedish Parliament about it, but received no answer. If it is
true, it is an even more serious attack on the freedom of the users of
the Internet.

Content providers inside and outside of Sweden can encrypt their
content. On most webservers a simple change in the configuration will
enable SSL-encryption so that users of the website are protected against
the Swedish snooping, even if the content passes the Swedish border.

Users can also protect their privacy, even against FRA. They can use
encrypted IP telephony, they can use the TOR network to surf the Web, they
can send and receive their e-mail encrypted, etc.

IT-Pol has taken the initiative of the Polippix project, which provides a
live CD, enabling users to take advantage of these technologies. Polippix is
now an international project, translated into several languages and used in
many countries including Denmark, Germany, France, Thailand and Sweden.

IT-Political Association of Denmark
http://www.itpol.dk/presentation-of-it-pol

TOR Project
http://www.torproject.org

Polippix
http://www.polippix.org

'Yes' to surveillance law (18.06.2008)
http://www.thelocal.se/12534/20080618/

EDRi-gram: ENDitorial: A new "NSA FRAnchise" set up in Sweden? (4.06.2008)
http://www.edri.org/edrigram/number6.11/nsa-fra-sweden

(Contribution by Niels Elgaard Larsen - Chairman, IT-Political Association
of Denmark)

============================================================
9. Recommended Action
============================================================

The Commission has opened a public consultation by 31 July 2008 on age
verification, cross media rating & classification and online social
networking

The purpose of the public consultation is to gather the knowledge and views
of all relevant stakeholders (including public bodies, child safety and
consumer organisations, industry). The gathered information will be fed into
this year's Safer Internet Forum 2008, which will be dedicated to the above
mentioned topics.
http://ec.europa.eu/information_society/activities/sip/public_consultation/index_en.htm

============================================================
10. Recommended Reading
============================================================

Article 29 Working Party - Opinion 2/2007 on information to passengers about
the transfer of PNR data to US authorities, Adopted on 15 February 2007 and
revised and updated on 24 June 2008
http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2008/wp151_en.pdf

Kieran Poynter's Review of information security at HM Revenue and Customs
http://www.hm-treasury.gov.uk/media/0/1/poynter_review250608.pdf

Independent Police Complaints Commission report into loss of data at HMRC
http://www.ipcc.gov.uk/final_hmrc_report_25062008.pdf

Sir Gus O'Donnell's report on Data Handling Procedures in government
http://www.cabinetoffice.gov.uk/~/media/assets/www.cabinetoffice.gov.uk/csia/dhr/dhr080625%20pdf.ashx

Sir Edmund Burton's report into the Loss of MOD Personal Data
http://www.mod.uk/NR/rdonlyres/3E756D20-E762-4FC1-BAB0-08C68FDC2383/0/burton_review_rpt20080430.pdf

============================================================
11. Agenda
============================================================

7-8 July 2008, London, UK
Developing New Models Of Content Delivery Online & Innovative Strategies For
Effectively Tackling Copyright Infringement
http://www.isp-content-regulation.com/conference.agenda.asp

7-9 July 2008, Cambridge, UK
Privacy Laws & Business 21st Annual International Conference
http://www.privacylaws.com/templates/AnnualConferences.aspx?id=641

19-20 July 2008, Stockholm, Sweden
International Association for Media and Communication Research
pre-conference - Civil Rights in Mediatized Societies: Which data privacy
against whom and how ?
http://www.iamcr.org/content/view/301/1/

23-25 July 2008, Leuven, Belgium
The 8th Privacy Enhancing Technologies Symposium (PETS 2008)
http://petsymposium.org/2008/

8-10 September 2008, Geneva, Switzerland
The third annual Access to Knowledge Conference (A2K3)
http://isp.law.yale.edu/

22 September 2008, Istanbul, Turkey
Workshop on Applications of Private and Anonymous Communications
http://www.alpaca-workshop.org/

24-28 September 2008, Athens, Greece
World Summit on the Knowledge Society
http://www.open-knowledge-society.org/summit.htm

============================================================
12. About
============================================================

EDRI-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRI has 28 members based or with offices in 17 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge and
awareness through the EDRI-grams.

All contributions, suggestions for content, corrections or agenda-tips are
most welcome. Errors are corrected as soon as possible and visibly on the
EDRI website.

Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 2.0 License. See the full text at
http://creativecommons.org/licenses/by/2.0/

Newsletter editor: Bogdan Manolea <edrigram at edri.org>

Information about EDRI and its members:
http://www.edri.org/

European Digital Rights needs your help in upholding digital rights in the
EU. If you wish to help us promote digital rights, please consider making a
private donation.
http://www.edri.org/about/sponsoring

- EDRI-gram subscription information

subscribe by e-mail
To: edri-news-request at edri.org
Subject: subscribe

You will receive an automated e-mail asking to confirm your request.
unsubscribe by e-mail
To: edri-news-request at edri.org
Subject: unsubscribe

- EDRI-gram in Macedonian

EDRI-gram is also available partly in Macedonian, with delay. Translations
are provided by Metamorphosis
http://www.metamorphosis.org.mk/edrigram-mk.php

- EDRI-gram in German

EDRI-gram is also available in German, with delay. Translations are provided
Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for
Internet Users
http://www.unwatched.org/

- Newsletter archive

Back issues are available at:
http://www.edri.org/edrigram

- Help
Please ask <edrigram at edri.org> if you have any problems with subscribing or
unsubscribing 

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE