EDRI-gram newsletter - Number 6.10, 21 May 2008

EDRI-gram newsletter edrigram at edri.org
Wed May 21 11:42:15 PDT 2008 

============================================================

           EDRI-gram

biweekly newsletter about digital civil rights in Europe

    Number 6.10, 21 May 2008


============================================================
Contents
============================================================

1. New open doors for software patents in EU
2. Updates on Visa Information System Regulation
3. The French Government goes against CNIL in biometric passports
4. BBA Awards Italy 2008
5. UK Government will store all phone, Internet traffic data
6. Google StreetView might breach EU laws
7. Microsoft appeals the EC fine but faces even more complaints
8. Recommended Reading
9. Agenda
10. About

============================================================
1. New open doors for software patents in EU
============================================================

Even though the European Parliament voted against the software patents in
Europe in 2005, new measures that could make software patents enforceable
are still being discussed with the US counterparts or within the framework
of the Community Patent.

The Foundation for a Free Information Infrastructure (FFII) reports
that a bilateral patent treaty could be agreed and signed with the United
States by the end of the year. The treaty could contain provisions on
software patents that will make them legal in both states.

Benjamin Henrion, a Brussels based patent policy specialist, explained for
FFII: "Talks in the Transatlantic Economic Council (TEC) are the current
push for software patents. The US want to eliminate the higher standards of
the European Patent Convention. The bilateral agenda is dictated by
multinationals gathered in the Transatlantic Economic Business Dialogue
(TABD). When you have a look who is in the Executive Board of the TABD, you
find not a single European SME in there."

The substantive harmonisation of patent laws was one of the topics during
the Transatlantic Economic Council (TEC) on 13 May 2008 between high level
representatives from EU and US. TEC is a closed trade process and it is not
the first time free trade agreements are being used by the US counterparts
to promote their IP requirement - such as the TRIPS treaty.

Also it is worth noting that after the failure of the Substantive Patent Law
Treaty, the US has switched to TEC, a closed forum, to discuss the software
patents issues with EU.

FFII President, Alberto Barrionuevo, explains why the current approach is
wrong: "The European Union does not have a Community Patent, neither a
substantive patent law in its acquis, except the biotech directive. As long
as there is no substantive patent law in the EU, it is quite silly to
discuss about a bilateral patent treaty with the United States. Its like a
blind showing the way for a deaf. If the USA really wanted to fix their
patent practice they should first switch to first-to-file and join the
European Patent Convention."

But this is not the only open door for software patents. The European
Community Patent, a  patent draft law that would allow individuals and
companies to obtain a unitary patent throughout the European Union, is still
being discussed. Acording to a member representing FSFE, part of the CEA-PME
SME Federation, that participated in a Working breakfast on Community
Patent, a Director of the European Commission considered the possible
adoption of the Community Patent proposal as the final attempt. Right now
only Spain is openly against the project.

Apparently,  most countries were now satisfied with the proposal to have
patents only in English, French, and German. Unofficial automated
translations would be provided in the other languages of the EU, even though
the EC representative acknowledged the general low quality of automated
translations but said that the EPO had now developed some amazing new
software for automated translations.

The FFII representative also highlighted the EC software patents policy:
"When talking about software patents, she constantly called them "wrongly
granted" patents or "disguised software patents". This is consistent with
the European Commission's position that software patents are not valid, but
"computer implemented inventions" are valid. In reality, the latter is just
a vague term which includes software patents. The European Commission's use
of these funny terms and definitions makes meaningful dialogue difficult."

McCreevy wants to legalise Software Patents via a US-EU patent treaty
(13.05.2008)
http://press.ffii.org/Press_releases/McCreevy_wants_to_legalise_Software_Patents_via_a_US-EU_patent_treaty

Working breakfast on Community Patent (15.05.2008)
http://fsfe.org/en/fellows/ciaran/ciaran_s_free_software_notes/working_breakfast_on_community_patent

Transatlantic Economic Council: objectives for Spring 2008 meeting
http://ec.europa.eu/enterprise/enterprise_policy/inter_rel/tec/doc/tec_objectives.pdf

EDRI-gram: ENDitorial - Regulating the Patent Industry (25.10.2006)
http://www.edri.org/edrigram/number4.20/patents

============================================================
2. Updates on Visa Information System Regulation
============================================================

An updated version of the Regulation on the Visa Information System (VIS)
published by Statewatch reveals that only random checks might be carried
out, if there are too many people waiting.

As already presented in EDRi-gram, the legislative package on the Visa
Information System that included the VIS Regulation has been adopted by the
European Parliament. The system will allow fingerprinting and checking
security of all visitors to EU that apply for a visa in their home country.
All the details, including fingerprints are held on the central VIS database
so that on entry to and exit from the EU identity checks can be carried out.
The VIS Regulation will allow consulates and other competent authorities to
start using the system when processing visa applications and to check visas.

The European Data Protection Supervisor has insisted on the importance of
data protection in these situation: "The VIS database will be the biggest
cross border one in Europe. Some 20 million new entries per year, regarding
people who apply for a Schengen visa, are foreseen. It is of utmost
importance that data protection is taken seriously for these, a priori,
innocent people".

After the last meeting of the Working Party on Frontiers /Mixed Committee,
the new proposal from the Council Presidency says that if there are too
many people to be checked and "all resources have been exhausted" then only
random checks will be carried out. This implies amending article 7(3) which
is making the verification of the visa holder identity and the authenticity
of the visa compulsory, by consulting the Visa Information System (VIS):

"By way of derogation, where traffic of such intensity arises that the
waiting time at the border crossing point becomes excessive and all
resources have been exhausted as regards staff, facilities and organisation
and where, on the basis of an assessment of the risk related to internal
security and illegal immigration, it is established that the consultation in
the Visa Information System need not be systematic, such consultation may be
carried out on a random basis for as long as these conditions are met."

Another issue with the VIS database is the possible access of the US
authorities to its content. The idea was rejected in a debate at the
European Parliament where the MEP Sarah Ludford, rapporteur on the EU Visa
Information System, asked for clear assurances that the US would not acquire
access to the databases:
"At a time of warnings about the frightening spread of the Mafia as well as
terrorist conspiracies, why is the EU going down this blind alley of mass
surveillance of the 99.9 percent of the public which is innocent, when the
real need is to target the 0.1 percent of travelers who might be dangerous
or criminal through intelligence- led policing and effective cross-border
cooperation between law enforcement agencies?"

Draft Regulation of the European Parliament and of the Council of amending
Regulation (EC) No 562/2006 as regards the use of the Visa Information
System (VIS) under the Schengen Borders Code (25.04.2008)
http://www.statewatch.org/news/2008/may/eu-vis-border-checks-8674-08.pdf

An EU push for US visa waivers to protect privacy (28.04.2008)
http://www.neurope.eu/articles/85783.php

EDRi-gram: European Visa Information System accepted by the EU bodies
(20.06.2007)
http://www.edri.org/edrigram/number5.12/VIS-EU-adoption

EDRi-gram: EU Visa Database under scrutiny of the European Data Protection
(2.02.2006)
http://www.edri.org/edrigram/number4.2/visadatabase

============================================================
3. The French Government goes against CNIL in biometric passports
============================================================

Ignoring the opinion of the French Data Protection Authority - the National
Commission for Information and Liberties (CNIL), on 4 May 2008, the French
Government passed  a decree on the basis of which the French citizens will
have biometric passports that will include eight fingerprints and a digital
picture. The data will be introduced in a large national database.

Although symbolical, CNIL's opinion should have been published alongside
with such a decree in the Official Journal. The Government's decree went
against CNIL's unfavourable opinion given on 11 December 2007 which was
published a week after the decree. Alex T|rk, president of CNIL reinforced
the commission's position on 16 May 2008, on the occasion of the
presentation of the annual report of the commission.

"We haven't been heard on two issues: first, we believe such an important
subject should go to the Parliament and the, we have not obtained the
elements allowing the justification of creating this database" said Alex
T|rk.

The commission considers that the biometric passport does not seem to be a
useful tool in fighting document fraud and that the targets proposed by the
government of issuing, replacing or withdrawing passports as well as
detecting and preventing document falsification "do not justify the
retention, at the national level, of biometric data such as fingerprints"
and, therefore, the creation of such a database is a disproportionate
measure.

CNIL also draws the attention on the fact that the decree goes even beyond
the European regulation which has in view only two fingerprints and says
nothing about preserving the information into a central database. The system
involves "risks of serious damages to private life and individual liberties"
in the commission's opinion.

CNIL reinforces its opposition to the biometric passport (only in French,
17.05.2008)
http://www.lemonde.fr/archives/article/2008/05/17/la-cnil-reitere-son-opposition-au-passeport-biometrique_1046279_0.html

Biometric passports: unfavourbale opinion from CNIL (only in French,
13.05.2008)
http://www.lemonde.fr/societe/article/2008/05/13/passeports-biometriques-avis-defavorable-de-la-cnil_1044267_3224.html#ens_id=1041034

Biometric passports: CNIL against central database (only in French,
10.05.2008)
http://fr.news.yahoo.com/afp/20080510/tfr-passeport-gouvernement-cnil-lead-a8f5b30.html

CNIL Opinion on biometric passports (only in French, 11.12.2007)
http://www.cnil.fr/?id=2427

============================================================
4. BBA Awards Italy 2008
============================================================

The Italian Big Brother Awards for 2008 were presented on 10 May 2008 during
an e-privacy convention in Florence. The Italian jury is formed by 6 jurors
who have to vote over 26 nominations, out of which 5 are for the positive
award.

The public institution award was received by the Ministry of Economics for
its very ample checking instruments. The institution is not the one to prove
the citizens are breaking the law, instead it requires the tax payers to
prove they are on the right side of the law. With the excuse of fighting tax
evasion, the institution has been recently empowered to create mass personal
(bank, health etc.) data filing, an obvious and useless violation of the
citizens' privacy.

The award for the worst private company was received by Yahoo for the
intensive monitoring of its users. Yahoo has provided the Italian Government
with data of its users. In the case of the Chinese journalist Shi Tao,
during a hearing in front of a US Congress commission on 11 November 2007,
Yahoo CEO Jerry Yang has admitted and apologized for the action and for
having previously denying the fact.

The most invasive technology was considered to be the DNA Bank of the RIS
(the Scientific Investigation Division of the "carabinieri") of Parma which
was created "quietly" without any specific normative act. No details are
known about the genetic database and there is an obvious risk of abusing the
respective data.

TV journalist Bruno Vespa was awarded the "Boot in the Mouth" price for
having dealt superficially and therefore misinforming people about the
Internet and new technologies. During a broadcast on 21 February 2008, as in
other previous occasions, he expressed alarming ideas on the impact on
privacy and the education of young people of the Internet in general and of
the new technologies.

The life time award was received by Franco Frattini, the former EU
Commissioner for Justice and Internal Affairs and since 8 May 2008 the
Italian Minister of Foreign Affairs, for having spread an idea of security
that involves "monitoring and censuring dangerous words".

"Winston Smith - Privacy hero" positive awarded was given to
Autistici/Inventati team for its entire activity and for having provided,
voluntarily and free-of-charge, for years, communication services that have
observed privacy more than the commercial or institutional organisations.

Autistici/Inventati is the hero of privacy (only in Italian, 12.05.2008)
http://punto-informatico.it/2281258/PI/News/Autistici-Inventati--egrave--l-eroe-della-privacy/p.aspx

Big Brother Award Italy 2008 (only in Italian, 10.05.2008)
http://bba.winstonsmith.info/

EDRi-gram: ENDitorial: "Frattinising" isn't the only threat (26.09.2007)
http://www.edri.org/edrigram/number5.18/frattinising

============================================================
5. UK Government will store all phone, Internet traffic data
============================================================

An announcement on 19 May 2008 by the UK government may herald the next
step in governmental attempts to grab hold of traffic data. Despite
the strongly negative reactions against the EU data retention
directive, which governments must transpose into national law by 15
March 2009, the UK government (which has been a key driver of data
retention) now demands even more.

Gordon Brown wants all traffic data - itemised phone bills, mobile
phone records and Internet traffic logs - to be collected and stored
in a central government database. The plan, which appeared in Monday's
Times, has been criticised by the opposition as `more of a threat to
our security than a support' while the privacy regulator said that
`We are not aware of any justification for the State to hold every UK
citizen's phone and internet records' and opined that the proposal
`may well be a step too far'.

The UK Regulation of Investigatory Powers Act already enables public
officials to obtain traffic data from service providers, and has come
in for recent criticism as the scope of its use has become clear.
When it was passed in 2000, only nine organisations were allowed to
use it but that number has risen to 792. For example, a local council
has used it to check whether a child lived within a school's catchment
area.

In private briefings to ISP and telco staff, government officials have
said they want to trace criminals' contact networks faster and more
cheaply, and having all traffic data on one database will be much more
convenient than having to make repeated enquiries of multiple phone
companies, ISPs and other service providers. They also want to make
global enquiries such as `show me everyone in the UK who sent emails
at 21:07, 21:22 and 21:55 last Tuesday'. The ISPs for their part have
complained that harvesting large quantities of data that they do not
at present keep for business purposes will require massively expensive
network re-engineering. There are also serious doubts about the UK
government's ability to build a system capable enough to cope with
billions of emails, texts and phone messages, given its long history
of failed software projects.

One argument behind the data retention directive was that a purely
national system of data retention could not be very effective, as ISPs
would simply move their operations to other Member States to save the
cost of compliance. It remains to be seen whether the same arguments
will once again be used to argue for centralised data retention on a
European scale.  It is also quite unclear whether a government
database of all citizens' phone and Internet records is consistent
with European law.

`Big Brother' database for phones and e-mails (20.05.2008)
http://business.timesonline.co.uk/tol/business/industry_sectors/telecoms/article3965033.ece

Anti-terror law used to snoop on fishermen (14.05.2008)
http://www.telegraph.co.uk/news/uknews/1952551/Anti-terror-law-used-to-snoop-on-fishermen.html

Government orders data retention by ISPs (15.05.2008)
http://www.out-law.com//default.aspx?page=9121

EDRI gram: Data retention for one year for UK telecom companies (1.08.2007)
http://www.edri.org/edrigram/number5.15/data-retention-UK

(Contribution by Ross Anderson - EDRi-member FIPR -UK)

============================================================
6. Google StreetView might breach EU laws
============================================================

The European Data Protection Supervisor warned that the StreetView feature
of the Google Maps service could breach the EU data protection laws, if they
show the pictures taken from the European cities.

The StreetView service makes it possible for users of GoogleMaps to see
several photos that show a 360-degree look on how the city streets or
crossings are seen at a street level. But they also get in these pictures
the pedestrians that are passing by or anyone in the area. The service is
available right now only for some US cities, but Google has started the
activities in order to get pictures from some European cities. Their fleet
of vans with cameras has been spotted in London, Rome or Paris.

The European Data Protection Supervisor, Peter Hustinx, declared during the
press presentation of his annual data protection report:

"I would encourage Google to think about how to do this. Making pictures on
the street is in many cases not a problem, but making pictures everywhere is
certainly going to create some problems. I'm quite sure they are aware of
this."

Google didn't announced when the StreetView feature will be available for
the European cities, but the service is expected to be launched next year.

Hustinx warned the company that "Complying with European data protection
law is going to be part of their business success or failure. If they would
ignore it, it is likely to lead to (court) cases, and I think they would be
hit hard."

But Google was already taking into consideration the privacy concerns and
announced that they developed a new face-blurring technology that would be
perfected in the future. In a blog post on Google Earth and Maps teams, they
presented the new change:

"We're also taking this opportunity to test our new face-blurring technology
on the busy streets of Manhattan. This effort has been a year in the
making -- working at Street View-scale is a tough challenge that required us
to advance state-of-the-art automatic face detection, and we continue
working hard to improve it as we roll it out for our existing and future
imagery."

Google also announced that they would delete the images from StreetView if
someone complained and they think that these two actions should respond to
some of the privacy problems already highlighted.

Street View revisits Manhattan (12.05.2008)
http://google-latlong.blogspot.com/2008/05/street-view-revisits-manhattan.html

Google blurs the privacy issue (13.05.2008)
http://www.guardian.co.uk/business/2008/may/13/google.digitalmedia

Google map service could face EU lawsuits (16.05.2008)
http://euobserver.com/9/26154/?rk=1

============================================================
7. Microsoft appeals the EC fine but faces even more complaints
============================================================

While new accusations have been brought to Microsoft, the giant company
announced on 9 May 2008 that it has appealed, at the Court of First Instance
in Luxembourg, the 899 million euro fine imposed in February 2008 by the
European Commission (EC) for having abused its dominant position on the
market.

"We are filing this appeal in a constructive effort to seek clarity from the
court," was the company's statement. The basic question of the dispute is
the way in which patents and interoperability protocols are licensed by
Microsoft to competitors. In February, Microsoft announced a series of
interoperability initiatives that would provide more interoperability
between Microsoft's products and those of competitors, including publishing
all details of application programming interfaces for its most widely used
products. EC argues that the terms of the licensing are unusable for open
source software projects, as they are still subject to royalty payments. In
its turn, Microsoft considers that the terms requested by the EC violate its
intellectual property rights.

On 13 May 2008, the British Educational Communications and Technology Agency
(BECTA) also filed a complaint to the EC against Microsoft's
"anti-competitive licensing practices" after having previously made the same
complaint in UK with the Office of Fair Trading (OFT), the British
competition regulator.

BECTA considered that the lack of compatibility between Microsoft's
OOXML document standard and alternative codes, such as ODF, were deliberate
as the giant "refuse to offer equivalent support for the ISO-approved Open
Document Format (ODF)". Stephen Lucey, executive director of strategic
technologies for BECTA, also stated: "It is not just the interests of
competitors and the wider marketplace that are damaged when barriers to
effective interoperability are created. (...) Such barriers can also damage
the interests of education and training organisations, learners, teachers
and parents".

In its complaint to OFT, BECTA has argued that Microsoft supported its own
technical protocols far better than it supported the industry standard ones.
"This decision had the effect of requiring users to download and install a
range of converters to enable them to interoperate with those competitor
products" also said the agency statement.

As a response to BECTA's complaint, CompTIA, an industrial association of
which Microsoft is a member, published on 14 May a statement where it
emphasized that "the working ICT marketplace fosters immense choice and
solutions, which boost the overall interoperability and widespread use of
competing ICT products and services".

Although OFT has agreed on BECTA's filing the complaint with the EC as well,
it has not yet given its decision on the matter.

Microsoft appeals record EC fine (13.05.2008)
http://www.heise.de/english/newsticker/news/107780

Microsoft's EU legal troubles continue (14.05.2008)
http://www.euractiv.com/en/infosociety/microsoft-eu-legal-troubles-continue/article-172347

Education agency complains to Brussels about Microsoft (15.05.2008)
http://www.out-law.com//default.aspx?page=9119

Microsoft challenges 899 million fine (12.05.2008)
http://www.out-law.com/page-9108

EDRI-gram: Opera complains to the EC on Microsoft's Internet Explorer
(19.12.2007)
http://www.edri.org/edrigram/number5.24/opera-commission-microsoft

============================================================
8. Recommended Reading
============================================================

European Data Protection Supervisor 2007 Annual report
http://edps.europa.eu/EDPSWEB/Jahia/EDPSWEB/edps/lang/en/pid/22

============================================================
9. Agenda
============================================================

27 May 2008, London, UK
Surveillance, the Database State, Online Crime ... What Next?
(10th Birthday Party of the Foundation for Information Policy Research)
http://www.fipr.org/birthday10.html

31 May 2008, Germany
Freedom rather than fear - Nation-wide action day against surveillance
http://www.freiheitstattangst.de/

30-31 May 2008, Bucharest, Romania
eLiberatica 2008 - The benefits of Open and Free Technologies
http://www.eliberatica.ro/2008/

6-7 June 2008, Bremen, Germany
IdentityCamp - a barcamp around identity 2.0 and privacy 2.0
http://barcamp.org/IdentityCampBremen

17-18 June 2008, Seoul, Korea
The Future of the Internet Economy - OECD Ministerial Meeting
http://www.oecd.org/FutureInternet

23 June 2008, Paris, France
GigaNet is organizing an international academic workshop on "Global Internet
Governance: An Interdisciplinary Research Field in Construction"
http://tinyurl.com/3y9ld8

26-27 June 2008, London, UK
International Conference on Digital Evidence
http://www.mistieurope.com/default.asp?Page=65&Return=70&ProductID=8914&LS=DigitalEvidence

30 June - 1 July 2008, Louvain-la-Neuve, Belgium
First COMMUNIA Conference - Assessment of economic and social impact of
digital public domain throughout Europe
http://www.communia-project.eu/conf2008

7-8 July 2008, London, UK
Developing New Models Of Content Delivery Online & Innovative Strategies For
Effectively Tackling Copyright Infringement
http://www.isp-content-regulation.com/conference.agenda.asp

7-9 July 2008, Cambridge, UK
Privacy Laws & Business 21st Annual International Conference
http://www.privacylaws.com/templates/AnnualConferences.aspx?id=641

19-20 July 2008, Stockholm, Sweden
International Association for Media and Communication Research
pre-conference - Civil Rights in Mediatized Societies: Which data privacy
against whom and how ?
http://www.iamcr.org/content/view/301/1/

23-25 July 2008, Leuven, Belgium
The 8th Privacy Enhancing Technologies Symposium (PETS 2008)
http://petsymposium.org/2008/

8-10 September 2008, Geneva, Switzerland
The third annual Access to Knowledge Conference (A2K3)
http://isp.law.yale.edu/

22 September 2008, Istanbul, Turkey
Workshop on Applications of Private and Anonymous Communications
http://www.alpaca-workshop.org/

24-28 September 2008, Athens, Greece
World Summit on the Knowledge Society
http://www.open-knowledge-society.org/summit.htm

============================================================
10. About
============================================================

EDRI-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRI has 28 members based or with offices in 17 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge and
awareness through the EDRI-grams.

All contributions, suggestions for content, corrections or agenda-tips are
most welcome. Errors are corrected as soon as possible and visibly on the
EDRI website.

Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 2.0 License. See the full text at
http://creativecommons.org/licenses/by/2.0/

Newsletter editor: Bogdan Manolea <edrigram at edri.org>

Information about EDRI and its members:
http://www.edri.org/

European Digital Rights needs your help in upholding digital rights in the
EU. If you wish to help us promote digital rights, please consider making a
private donation.
http://www.edri.org/about/sponsoring

- EDRI-gram subscription information

subscribe by e-mail
To: edri-news-request at edri.org
Subject: subscribe

You will receive an automated e-mail asking to confirm your request.
unsubscribe by e-mail
To: edri-news-request at edri.org
Subject: unsubscribe

- EDRI-gram in Macedonian

EDRI-gram is also available partly in Macedonian, with delay. Translations
are provided by Metamorphosis
http://www.metamorphosis.org.mk/edrigram-mk.php

- EDRI-gram in German

EDRI-gram is also available in German, with delay. Translations are provided
Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for
Internet Users
http://www.unwatched.org/

- Newsletter archive

Back issues are available at:
http://www.edri.org/edrigram

- Help
Please ask <edrigram at edri.org> if you have any problems with subscribing or
unsubscribing

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the cypherpunks-legacy mailing list