EDRI-gram newsletter - Number 6.14, 16 July 2008

EDRI-gram newsletter edrigram at edri.org
Wed Jul 16 12:18:58 PDT 2008


============================================================

           EDRI-gram

biweekly newsletter about digital civil rights in Europe

    Number 6.14, 16 July 2008


============================================================
Contents
============================================================

1. Vote in the EP committees on the Telecom Package
2. Dutch University sued to stop publishing research on chip technology
3. Russian blogger sentenced for comments on the blog
4. Copiepresse attacks EC for copyright infringement, but gets dismissed
5. Complaint against the French govt to annul the biometric passport decree
6. Irish Human Rights Commission added to data retention challenge
7. Privacy complaints related to Google's Street View
8. New threats for UK file-sharers
9. Liberty groups win long court battle against UK wiretapping
10. ENDitorial: Massive mobilization against EDVIGE, the new French database
11. Recommended Reading
12. Agenda
13. About

============================================================
1. Vote in the EP committees on the Telecom Package
============================================================

The IMCO (Internal Market Committee) and ITRE (Committee on Industry,
Research and Energy) committees of the European Parliament (EP) adopted on
the 7 July 2008 the Telecom package, including the amendments that were
considered by some NGOs as endangering the principle of the neutrality of
the Internet.

One of the MEPs supervising the Telecom package, including the amendments to
the five directives that should reform the EU legal framework on electronic
communications has explained that the vote on these amendments had nothing
to do with copyright enforcement: "There has been a great deal of dismay in
the committee at the interpretation being put on these amendments.(...) The
interpretation of them is alarmist and scare-mongering and deflects from the
intention which was to improve consumers' rights." declared MEP Malcolm
Harbou for BBC.

But the NGOs supported their initial comments that the present adopted texts
could open the way to the regulation of users via the Internet Service
Providers under the control of national regulators.  They also praised
the civic response to their campaign that has reached some MEPs, who
highlighted part of the problematic amendments in the Telecom Package during
the EP committees debates.

Other privacy issues related with the management of traffic data has created
problems within the IMCO committee that should have included the opinion
from the Civil Rights Committee (LIBE). But the Socialist and Green MEPs
from the IMCO committee did not back up the suggestion of the LIBE committee
to allow the processing of electronic traffic data by "any natural or legal
person".

Other discussions in the ITRE committee of the EP rejected the idea of a
unique EU telecom authority and suggested instead a new group called Body of
European Regulators in Telecoms (BERT), formed by the 27 national regulatory
authorities.

ITRE committe backed up the proposals to enhance the use of radio
frequencies, but demanded several safeguards on media pluralism, public
interest or emergency services.

The final vote on the Telecom package was initially planned on 2 September,
but since it is clear that there will be some debates on the above-mentioned
topics, the vote was delayed for the session starting on 22 September.

MEPs back contested telecoms plan (8.07.2008)
http://news.bbc.co.uk/2/hi/technology/7495085.stm

The "Telecoms Package": out of the shadows, into the light (10.07.2008)
http://www.laquadrature.net/en/the-%E2%80%9Ctelecoms-package%E2%80%9D-out-shadows-light

MEPs discard plan for single EU telecoms watchdog (9.07.2008)
http://www.euractiv.com/en/infosociety/meps-discard-plan-single-eu-telecoms-watchdog/article-174068

EU Parliament split over electronic data protection (10.07.2008)
http://www.euractiv.com/en/infosociety/eu-parliament-split-electronic-data-protection/article-174108?Ref=RSS

EDRi-gram: Control on Internet users pushed with the new telecom package
(2.08.2008)
http://www.edri.org/edrigram/number6.13/telecom-package-internet

============================================================
2. Dutch University sued to stop publishing research on chip technology
============================================================

Dutch chipmaker NXP Semiconductors has sued the Dutch Computer Security
Group of Radboud University in Nijmege in order to stop the publication of
research results showing security flaws in NXP's Mifare Classic wireless
smart cards used in transit and building entry systems around the world.

The technology is used for the transit system in The Netherlands, in the
subway systems in London, Hong Kong and Boston, as well as in cards for
accessing buildings and facilities, covering 80 percent of the market.

The security researchers of the Dutch university have checked the Mifare
system used with Oyster cards for transport in London and recently succeeded
in cracking the encryption on a card and clone it. They added credit to it
and moved freely around London's Underground network.

According to Dr. Bart Jacobs, professor of computer security at the
university, by using a computer and an RFID reader, in just a few seconds,
the Oyster card's encryption can be cracked. "We need to eavesdrop on the
communication between a card and a card reader. From that communication we
can deduce secret cryptographic keys that are used to protect the contents
of the card. Once we have the keys we 'own' the card and can manipulate it
as we like" said Jacobs.

The University issued a statement in March this year saying: "Because some
cards can be cloned, it is in principle possible to access buildings and
facilities with a stolen identity. This has been demonstrated on an actual
system." Jacobs demonstrated how the London transit system can be used for
free. He obtained the key used by the London transit system then he passed
by passengers carrying Oyster cards and was able to collect their card
information on his laptop and make a clone of it. The scientist has given
NXP the opportunity to fix the security problems waiting with the
publication and presentation of the results for some time but as NXP did not
solve the issue decided to go on with the university plans of publishing the
research.

The Dutch university's research builds upon Karsten Nohl's work, a graduate
student of the University of Virginia, and expert on the security for NXP.
"NXP has had half a year now to inform about the lack of security in their
product, but instead they have used the best part of that to dismiss our
research, dismiss the Dutch group's research, and to claim that everything
is purely theoretical. So, if anything, NXP has invoked this type of public
demonstration, since they have often claimed that 'yes in theory it may be
insecure but in practice it isn't'. So had they not kept up the
disinformation that (the Mifare could actually be secure) nobody would have
paid attention to the Dutch group actually hacking the Oyster card" stated
Nohl.

The Computer Security Group publication comes during a long and heated
public debate in the Dutch parliament and the media on the merits of large
scale computer systems, their quality and security standards and the
government's capacity to manage these kind of projects. The publication of
the University research may be essential for this debate.

The Dutch court decision is expected on 17 July 2008.

Censoring Dutch Academia: Computer Security Scholars taken to Court
(8.07.2008)
http://www.jorisvanhoboken.nl/?p=173

Dutch chipmaker sues to silence security researchers (9.07.2008)
http://news.cnet.com/8301-10784_3-9985886-7.html?hhTest=1

Has London's Oyster travelcard system been cracked? (26.06.2008)
http://www.guardian.co.uk/technology/2008/jun/26/hitechcrime.oystercards

Cryptoanalysis of Crypto-1
http://www.cs.virginia.edu/~kn5f/pdf/Mifare.Cryptanalysis.pdf

Security Flaw in Mifare Classic - press release Digital Security group,
Radboud University Nijmegen (12.03.2008)
http://www.ru.nl/english/general/radboud_university/vm/security_flaw_in/

London transit cards cracked and cloned (26.06.2008)
http://news.cnet.com/8301-10789_3-9978486-57.html?hhTest=1

NXP sues academic research team - what are they afraid of? (10.07.2008)
http://www.thetechherald.com/article.php/200828/1463/

============================================================
3. Russian blogger sentenced for comments on the blog
============================================================

On 7 July 2008, a Russian blogger was sentenced to one year suspended jail
after having been found guilty of "inciting hatred and enmity" for a comment
left on a LiveJournal weblog.

According to Kommersant newspaper, the young blogger Savva Terentiev was
saying on the blog that "Those who become cops are scum," and calling for
officers to be put on a bonfire. For his alleged offence, inciting hatred
and denigrating the human dignity of a social group, the prosecutors were
asking for a significant fine and two years behind bars, which seemed
excessive. During the trial, Terentyev referred to his statements on the
blog that corrupt cops should burned in Auschwitz-like ovens as "hyperbole
and exaggeration," and apologized to concentration camp victims and the
police officers he might have "involuntarily hurt with the contested
commentary." The final court decision was to sentence the blogger to one
suspended jail year.

Free speech campaigners are concerned about the fact that the ruling might
create a dangerous precedent for free speech on the Internet, especially in
Russia where the mainstream traditional media is biased in favour of the
authority.

"This was an absolutely unjustified verdict. (...) Savva for sure wrote a
rude comment ... but this verdict means it will be impossible to make rude
comments about anybody" told Alexander Verkhovsky, director of the SOVA
centre in Moscow, a non-governmental group that monitors extremism, to
Reuters agency.

Recently, the Russian President Dmitry Medvedev has expressed his views on
the freedom of speech saying Russia should use a light touch when policing
the Internet."Thank God we live in a free society. (...) It's possible to go
on to the Internet and get basically anything you want. In that regard,
there are no problems of closed access to information in Russia today, there
weren't any yesterday and there won't be any tomorrow," he said last month
in an interview with Reuters.

Russian blogger sentenced for "extremist" post (7.07.2008)
http://uk.news.yahoo.com/rtrs/20080707/tot-uk-russia-blogger-566e283.html

Russian Blogger Sentenced Over LiveJournal Comment (7.07.2008)
http://www.theotherrussia.org/2008/07/07/russian-blogger-sentenced-over-livejournal-comment/

EDRi-gram: More control over the Internet wanted in Russia (7.05.2008)
http://www.edri.org/edrigram/number6.9/internet-control-russia

============================================================
4. Copiepresse attacks EC for copyright infringement, but gets dismissed
============================================================

The Belgium newspaper Association Copiepresse has initiated a legal
complaint against the European Commission (EC) arguing that it infringes its
copyright through the NewsBrief and NewsExplorer aggregation services.

Copiepresse became famous for its copyright suit against Google and other
search engines claiming copyright infringement over the aggregation services
done by the search engines. The association has initiated a new action in
the Belgian Court of Seizures considering that the European Commission is
counterfeiting its member's news articles by using small part of them in
order to prepare a news collation marketed as NewsBrief and NewsExplorer.

The Belgium Court rejected the Copiepresse claim, confirming the EC opinion
that the competent courts on the matter are the European Courts.

Copiepresse announced that they wouldn't appeal the decision, claiming
"startegic reasons" and explaining that they just wanted to get the EC out
in the open, since they didn't reply to any message on the topic. But at the
same time the Association announced that they would continue the case in the
Bruxelles civil court, where an action of cease&desist has already been
introduced.

The European Commission representatives claimed in court that its services
are just press reviews, that fall under the exemptions from the copyright
law protection.

The judge initially ordered a judicial expertise in order to gather more
technical information about how the site was built, but then he dismissed
this evidence and took his decisions only on jurisdictional grounds.

Copiepresse sues the European Commission to the civil court (only in French,
27.06.2008)
http://www.actu24.be/article/regions/regionbruxelles/infosbxl/copiepresse_poursuit_la_commission_europeenne_devant_le_trib_civil/162754.aspx

Belgian press beef with EU beaten in Belgian court (1.07.2008)
http://www.theinquirer.net/gb/inquirer/news/2008/07/01/copiepresse-slapped-eu-court

Belgian agency to sue European Commission again over news aggregator
(2.07.2008)
http://www.out-law.com/page-9227

EDRi-gram: Belgium newspaper group continues its actions against search
engines (25.10.2006)
http://www.edri.org/edrigram/number4.20/belgium

============================================================
5. Complaint against the French govt to annul the biometric passport decree
============================================================

Two French associations, EDRi-member Imaginons un riseau internet solidaire
(IRIS) and Ligue des droits de l'Homme (LDH), have filed a complaint
against the French government before the highest administrative Court. They
ask the French Conseil d'Itat to annul the decree issued on 30 April 2008 by
the French government on biometric passports.

The associations consider the decree had been issued under an irregular
procedure by  publishing the Opinion in the Official Journal 6 days after
the decree had been published, instead of presenting them at the same time,
as required by law.

The provisions of the decree stipulate the collection of eight fingerprints
for passport applicants starting with 6 years old children and the creation
of a central biometric database for retaining and processing the collected
data.

IRIS and LDH argue that the nature, the quantity and the retaining period of
these data in a central database are disproportionate with regards to the
decree's objectives, which remain the same as in the previous passport
decree of December 2005, where fingerprints were not required. Moreover,
they believe that the decree is violating the national as well as
international legislation regarding the protection of the personal data. It
also violates international legislation related to children.

The two associations link the requirements of this decree to the provisions
of the draft law on biometric ID cards currently being prepared. They state
that, if the decree is not annulled, the government would, under the pretext
of more easily issuing identity cards and passports, influence the debate in
the French Parliament on the biometric identity card project.
.
Biometric passport : IRIS and LDH ask the State Council to annul the decree
(only in French, 4.07.2008)
http://www.iris.sgdg.org/info-debat/comm-passeport0708.html

Common Press Release - IRIS and LDH (only in French, 4.07.2008)
http://www.iris.sgdg.org/info-debat/recours-passeport0708.pdf

Text of the legal complaint (only in French 4.07.2008)
http://www.iris.sgdg.org/info-debat/recours-passeport0708.pdf

EDRIgram: The French Government goes against CNIL in biometric passports
(21.05.2008)
http://www.edri.org/edrigram/number6.10/cnil-biometric-passports

============================================================
6. Irish Human Rights Commission added to data retention challenge
============================================================

The High Court in Dublin has allowed the Irish Human Rights Commission to
become a party to the data retention challenge being brought by Digital
Rights Ireland. The Human Rights Commission, which is a state body, will be
an amicus curiae (friend of the court) with the ability to make submissions
about the fundamental rights implications of data retention. The Chief
Executive of the Commission Iamonn Mac Aodha stated:

"This case raises important issues about the extent to which laws and
measures governing the monitoring of one's private life by the State in
pursuit of tackling crime possess sufficient human rights safeguards". Mr
MacAodha continued "one of the priorities of the IHRC is to address
potential threats to human rights that may emerge with developments in
communications technology such as in the present case where issues of
individual security and privacy are raised."

Irish Human Rights Commission given permission to appear in DRI action
(4.07.2008)
http://www.digitalrights.ie/2008/07/04/irish-human-rights-commission-given-permission-to-appear-in-dri-action/

IHRC granted leave to appear in Data Protection Case in the High Court
(1.07.2008)
http://www.ihrc.ie/home/wnarticle.asp?NID=200&T=N&Print

(Contribution by TJ McIntyre - EDRi-member Digital Rights Ireland)

============================================================
7. Privacy complaints related to Google's Street View
============================================================

Privacy International has complained to the Information Commissioner's
Office (ICO) against Google's Street View cars, which grab real photographs
of streets and people, that get loaded into Google Maps.

Street View distinctive cars have been recently spotted on London. The
system allows Google's users to view 360 degree photographs of streetscapes
in towns and cities that have been catalogued by Google cameras.

Privacy International has expressed its reservations towards Google's
practice in a letter sent to the company: "You may be aware that Privacy
International has stated, both privately to Google legal staff and to the
media, that we are concerned about a number of potential violations of
national law that this technology may create," said the letter signed by
director Simon Davies.

Google had stated the company had implemented a technology that would blur
faces and vehicle number plates allowing at the same time high quality
images. Google's senior privacy counsel Jane Horvath  had answered to Davies
explaining that the face and number plate blurring technology had been in
place since May. "As with all such systems operating at this scale our
blurring technology is not perfect - we occasionally miss a face or license
plate, for example if they are partially covered, or at a difficult angle.
(...) However, we tested the technology thoroughly before launch and I am
confident that it finds and blurs the vast majority of identifiable faces
and license plates. For the few that we miss, the tools within the product
make it easy for users to report a face or license plate for extra blurring.
As always, users can still ask for their image to be removed from the
product entirely" said Horvarth.

In its letter, Privacy International was asking from Google to provide,
within seven days, technical specifications of the blurring technology used,
otherwise it would have to make a complaint to ICO. Having not received the
required information, the privacy group placed the complaint which was
confirmed by a spokeswoman for ICO: "Yes, we have received a complaint about
this and we are looking into it. We are contacting Google to get more
details of the scheme" said the spokeswoman to The Register.

This comes at a time when ICO asks for changes to European data protection
laws to keep up with changing technology. "European data protection law is
increasingly seen as out of date, bureaucratic and excessively prescriptive.
It is showing its age and is failing to meet new challenges to privacy, such
as the transfer of personal details across international borders and the
huge growth in personal information online. (...)"It is high time the law is
reviewed and updated for the modern world." said Richard Thomas, UK ICO. The
ICO has hired RAND Corporation to review European data protection laws for
possible reforming.

Some recent rulings of the Court of Appeal might be to Google's advantage.
"If the photographs had been taken to show the scene in a street by a
passer-by and later published as street scenes, that would be one thing, but
they were not taken as street scenes but were taken deliberately, in secret
and with a view to their subsequent publication," said Lord Hope in one of
his ruling.

On the other hand, while reluctant for some time, giving in to privacy
advocates' pressure, Google has added a link to its privacy policy from its
front page. Google home page contains now the word 'privacy' near the
bottom, beside the copyright notice. The word is a link to a page containing
all Google's privacy information.

Google's spycar revs up UK privacy fears (7.07.2008)
http://www.theregister.co.uk/2008/07/07/google_spycar_slammed/

Privacy group protests about Street View, but Google says blurring protects
privacy (7.07.2008)
http://www.out-law.com/page-9239

Google's controversial Street View hits the UK (3.07.2008)
http://www.out-law.com/page-9233

Google bows to pressure, adds privacy link to home page (7.07.2008)
http://www.out-law.com/page-9237

Google, privacy and Street View (4.07.2008)
http://www.bbc.co.uk/blogs/technology/2008/07/google_privacy_and_street_view.html

EDRIgram - Google StreetView might breach EU laws (21.05.2008)
http://www.edri.org/edrigram/number6.10/google-streetview-eu

============================================================
8. New threats for UK file-sharers
============================================================

After the letters sent from Virgin Media to its customers on alleged
file-sharing activities, British Telecom (BT), the UK's largest broadband
provider, has started a similar activity.

The Register has received information from one of the BT subscribers that
has received such a letter from the Customer Security Team
stating: ""I have received a complaint regarding one of our customers
offering copyrighted material over the internet. On investigation, I have
found that your account was used to make this offer."

The letter contained evidence put forward by BPI, that was shared by BT with
its customer and consisted, in this case, of the P2P programme Ares user
agent, a time stamp, a file name and an IP address. The letter provided
information on how to secure their WiFi connection, but also threaten with
disconnection if similar activities continued: "Sorry, but we're obliged to
point out that further similar problems may have to lead to the termination
of your account, as such activity contravenes BT's Acceptable Use Policy."

More aggressive threats have been reported being sent by Virgin Media to
approx 800 subscribers with the following text on the envelope: "Important.
If you don't read this, your broadband could be disconnected". Virgin Media
spokeswoman claimed that the text was a mistake and explained that this was
part of an education campaign: ""We are not accusing our customers of doing
anything, we are alerting them to the fact that illegal file sharing has
been tracked to their account. This could have been someone else in the
house or an unsecured wireless network. This is an education campaign."

In sending these letters, the ISPs do not share confidential information
with BPI and do not monitor their users, but only receive from the BPI
investigators the collected IP addresses of the customers having
participated in alleged p2p copyrighted material sharing. The ISP identifies
the exact individual and sends him (her) the template letter.

Even though the BPI campaign has attracted two of the major British ISPs in
this "education campaign", other ISPs have promptly rejected such
collaboration. Carphone Warehouse make it clear that they just give access
to Internet:
"We are the conduit that gives users access to the internet. We do not
control the internet, nor do we control what our users do on the internet. I
cannot foresee any circumstances in which we would voluntarily disconnect a
customer's account on the basis of a third party alleging a wrongdoing",
said Charles Dunstone, the chief executive of Carphone Warehouse, to BBC.

Virgin admits disconnection threat mistake (3.07.2008)
http://www.out-law.com/page-9235

We won't cut off users, says Virgin (3.07.2008)
http://www.guardian.co.uk/technology/2008/jul/03/virgin.filesharers

Virgin warns 800 punters for file-sharing (3.07.2008)
http://www.theregister.co.uk/2008/07/03/virgin_letters_numbers/

BT starts threatening music downloaders with internet cut-off (26.06.2008)
http://www.theregister.co.uk/2008/06/26/bt_bpi_letter/

EDRi-gram: British ISPs warn Internet downloaders on the risk of being
prosecuted (18.06.2008)
http://www.edri.org/edrigram/number6.12/british-isp-virgin-letters

============================================================
9. Liberty groups win long court battle against UK wiretapping
============================================================

After nine years of legal battle by civil rights groups in London and
Dublin, the European Court of Human Rights ruled on 1 July 2008 that UK
Government had violated Human Rights by tapping their communications
between 1990 and 1997.

Liberty groups, along with British Irish Rights Watch and the Irish Council
for Civil Liberties, have claimed their communications were subject to
indiscriminate surveillance by MoD's Electronic Test Facility that had
eavesdropped on their phone, fax, email and data communications between 1990
and 1997.

After having first lodged complaints with the UK's Interception of
Communications Tribunal, the DPP and the Investigatory Powers Tribunal
without results because the local courts ruled "there was no contravention
to the Interception of Powers Act 1985". Finally, the groups obtained the
European Human Rights Court ruling that the UK had violated article 8 of the
European Convention on Human Rights providing the right to respect for
private and family life and correspondence.

The court found that the 1985 Act has given the UK government "virtually
unlimited" discretion to intercept communications between the UK and an
external receiver, as well as "wide discretion" to decide which
communications were listened to or read. The government had guidelines to
ensure a "safeguard against abuse of power", but the UK's 1985 interception
law "had not indicated with sufficient clarity... the scope or manner of the
exercise of the very wide discretion of the conferred on the State to
intercept and examine external communications" so as to guard against abuse
of power.

For 10 years now, the 1985 Act has been replaced by RIPA which has the same
objective to detect terrorism and serious crime but it is mostly applied by
local councils for minor infringements.

The court ruled that procedures regarding the use and storage of intercepted
material should be established so as to make these procedures more
transparent for the public. "While secret surveillance is a valuable tool,
the mechanisms for intercepting our telephone calls and emails should be as
open and accountable as possible, and should ensure proportionate use of
very wide powers" said Alex Gask, Liberty's legal officer.

The ruling will have strong implications for UK's present legislation on
phonetapping and interception of communications, and as Mark Kelly, Director
of the Irish Council for Civil Liberties believes, clear implications for
many other member states of the Council of Europe member states, such as
Ireland: "Our lax data interception regime will require a thorough overhaul
in order to ensure that it meets the standards required by the European
Court of Human Rights under Article 8."

Liberty called for an overhaul of RIPA. However, the Home Office stated on 2
July it did not think the ruling had any implications on RIPA and UK's
current legislation covering covert investigations.

Court rules 90s UK.gov wiretaps violated human rights (2.07.2008)
http://www.theregister.co.uk/2008/07/02/echr_ripa_judgement/

Security: UK phonetap laws breach privacy (2.07.2008)
http://www.guardian.co.uk/uk/2008/jul/02/privacy.humanrights

UK surveillance breaches human rights, rules ECHR (2.07.2008)
http://www.out-law.com/page-9228

============================================================
10. ENDitorial: Massive mobilization against EDVIGE, the new French database
============================================================

Remember the movie 'Das Leben der Anderen' (The Lives of Others), where a
Stasi agent was monitoring a playwriter's life? This doesn't translate
anymore in French into 'La vie des autres', but rather into EDVIGE, the name
of a newly created database to be used by French intelligence services and
the administrative police.

EDVIGE will file "individuals, groups, organisations and moral persons
which, due to their individual or collective activity, are likely to attempt
to public order". Not only these persons will be filed (without any offence
committed), but also "those who undertake or have undertaken direct and non
fortuitous relations with them." Filing starts at age 13.

This, clearly, means filing everyone, in view of "informing the government
and the representatives of the State" in any and all French town and region.
In other words, EDVIGE, which has been created by a decree issued on 27 June
2008 in the framework of the merging of two French intelligence services (RG
and DST), is the perfect instrument of a political police.

EDVIGE will contains data on "civil status and occupation; physical
addresses, phone numbers, email addresses; physical characteristics,
photographs and behaviour; identity papers; car plate numbers; fiscal and
patrimonial information; moves and legal history."

As highlighted by lesbians and gays associations, this will include data on
sexual orientation and health, in particular HIV seropositivity. This has
been confirmed by a representative of the Interior ministry, who declared
that "the mention of these data will only be authorised for incidental need
in relation with an activity. In the intelligence field, this mainly means
activism." Moreover, French EDRI member IRIS notes that the inclusion of
"identity papers" in these data is particularly significant in the context
of the newly created French biometric passport including 8 fingerprints and
of the draft law in preparation on biometric ID cards.

A large mobilization against EDVIGE immediately started, with a petition
calling for the withdrawal of this file. This petition is hosted and
maintained by RAS ('Riseau associatif et syndical'), an NGO acting as an ISP
for its members, almost 200 activist NGOs and trade unions, among them EDRI
member IRIS. The petition has already gathered since 10 July 2008 more than
16.000 individual signatures, and more than 170 signatures from
associations, trade unions and political parties from the opposition.
Signatories will organize into a global coordination against the EDVIGE
file, and are preparing various actions starting from next September. In the
mean time, some of these groups will file a complaint against the French
government, requesting the annulment of the EDVIGE decree.

But EDVIGE is not alone. Her twin sister, CRISTINA, has also been created on
the same day. CRISTINA aims at "Centralising inland intelligence for
homeland security and national interests." But that's all that we know about
CRISTINA: using the article 26.III provision of the French Data Protection
Act, the government decided not to publish the decree creating CRISTINA. As
a consequence, the CNIL's opinion on CRISTINA has not been published either,
except to attest that this opinion was "favourable, with reservations."
Actually, the same secret has been observed for 6 other newly created files,
related to inland and foreign intelligence, as well as military services.
Not a good sign for these "Sarkozy's babies."

Decree n0 2008-632 creating EDVIGE file (only in French, 27.06.2008)
http://www.legifrance.gouv.fr/WAspad/UnTexteDeJorf?numjo=IOCC0815681D

CNIL's opinion on EDVIGE (only in French, 16.06.2008)
http://www.legifrance.gouv.fr/WAspad/UnTexteDeJorf?numjo=CNIX0816023X

Tjtu: L'Intirieur reconnant qu'+Edvige; sera utilisi pour ficher les
militants (only in French, 12.07.2008)
http://www.tetu.com/rubrique/infos/infos_detail.php?id_news=13236

IRIS: Appel ` signatures : IRIS soutient l'appel pour l'abandon du fichier
EDVIGE (only in French, 11.07.2008)
http://www.iris.sgdg.org/info-debat/comm-edvige0708.html

'Non ` EDVIGE': Petition website, with press releases and press articles
(only in French, since 10.07.2008)
http://nonaedvige.ras.eu.org/

Decree n0 2007-914 of 15 May 2007, as modified by Decree n02008-631 of 27
June 2008 to create CRISTINA and other files (only in French, 01.07.2008
consolidated version)
http://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT000000649189&dateTexte=20080716

CNIL's opinion on CRISTINA (only in French, 16.06.2008)
http://www.legifrance.gouv.fr/WAspad/UnTexteDeJorf?numjo=CNIX0816024X

(Contribution by Meryem Marzouki, EDRI-member IRIS- France)

============================================================
11. Recommended Reading
============================================================

UK: Biometrics Assurance Group Annual Report 2007
A government expert group has warned of a 'large impact' on the National
Identity Scheme from those who cannot use fingerprinting, such as many
elderly people.
http://www.ips.gov.uk/passport/downloads/FINAL-BAG-annual-report-2007-v1_0.pdf

============================================================
12. Agenda
============================================================

19-20 July 2008, Stockholm, Sweden
International Association for Media and Communication Research
pre-conference - Civil Rights in Mediatized Societies: Which data privacy
against whom and how ?
http://www.iamcr.org/content/view/301/1/

23-25 July 2008, Leuven, Belgium
The 8th Privacy Enhancing Technologies Symposium (PETS 2008)
http://petsymposium.org/2008/

3-5 September 2008, Prague, Czech Republic
The Third International Conference on Legal, Security and Privacy Issues in
IT
http://www.lspi.net/

8-10 September 2008, Geneva, Switzerland
The third annual Access to Knowledge Conference (A2K3)
http://isp.law.yale.edu/

22 September 2008, Istanbul, Turkey
Workshop on Applications of Private and Anonymous Communications
http://www.alpaca-workshop.org/

24-28 September 2008, Athens, Greece
World Summit on the Knowledge Society
http://www.open-knowledge-society.org/summit.htm

11 October 2008: Europe-wide action day "Freedom not fear"
Protests, demonstrations and activities against the surveillance mania
http://wiki.vorratsdatenspeicherung.de/Freedom_Not_Fear_2008

15-17 October 2008, Strasbourg, France
30th International Data Protection and Privacy Conference
http://www.privacyconference2008.org/

20.-21 October 2008, Strasbourg, France
European Dialogue on Internet Governance (EuroDIG)
http://www.eurodig.org/

3-6 December 2008, Hyderabad, India
Third Internet Governance Forum
http://www.intgovforum.org

10-11 December 2008: Tilburg, Netherlands
Tilting perspectives on regulating technologies, Tilburg Institute for Law
and Technology, and Society, Tilburg University
http://www.tilburguniversity.nl/tilt/conference

============================================================
13. About
============================================================

EDRI-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRI has 28 members based or with offices in 17 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge and
awareness through the EDRI-grams.

All contributions, suggestions for content, corrections or agenda-tips are
most welcome. Errors are corrected as soon as possible and visibly on the
EDRI website.

Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 2.0 License. See the full text at
http://creativecommons.org/licenses/by/2.0/

Newsletter editor: Bogdan Manolea <edrigram at edri.org>

Information about EDRI and its members:
http://www.edri.org/

European Digital Rights needs your help in upholding digital rights in the
EU. If you wish to help us promote digital rights, please consider making a
private donation.
http://www.edri.org/about/sponsoring

- EDRI-gram subscription information

subscribe by e-mail
To: edri-news-request at edri.org
Subject: subscribe

You will receive an automated e-mail asking to confirm your request.
unsubscribe by e-mail
To: edri-news-request at edri.org
Subject: unsubscribe

- EDRI-gram in Macedonian

EDRI-gram is also available partly in Macedonian, with delay. Translations
are provided by Metamorphosis
http://www.metamorphosis.org.mk/edrigram-mk.php

- EDRI-gram in German

EDRI-gram is also available in German, with delay. Translations are provided
Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for
Internet Users
http://www.unwatched.org/

- Newsletter archive

Back issues are available at:
http://www.edri.org/edrigram

- Help
Please ask <edrigram at edri.org> if you have any problems with subscribing or
unsubscribing

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE





More information about the cypherpunks-legacy mailing list