EDRi-gram - Number 6.20, 22 October 2008
EDRI-gram newsletter
edrigram at edri.org
Wed Oct 22 13:01:00 PDT 2008
============================================================
EDRI-gram
biweekly newsletter about digital civil rights in Europe
Number 6.20, 22 October 2008
============================================================
Contents
============================================================
1. Some amendments of the EP voted Telecom package still worrying
2. The PNR scheme entirely changed by the European Council
3. International Action Day "Freedom not Fear" - 11.10.2008
4. Freedom not Fear Prague: Do It Yourself Carnival burst in the city center
5. New Dutch Notice-and-Take-Down Code Raises Questions
6. Protests in France against the Edvige file on St. Edwige day
7. German court says ISPs do not violate the law by storing IP addresses
8. British court: people are bound to reveal computer encryption key
9. ENDitorial: Seizures and other abuses - from bad to worse
10. Recommended Reading
11. Agenda
12. About
============================================================
1. Some amendments of the EP voted Telecom package still worrying
============================================================
Some of the amendments passed by the European Parliament (EP) on the Telecom
package are still worrying the civil rights groups, both on data retention
and IP issues. Also, the fact that some amendments of the EP do not appear
in the new document of the European Council working party on
Telecommunications and the Information Society creates more confusion.
According to information from Patrick Breyer from the German Working Group
on Data Retention, amendment 181 passed by the European Parliament
regarding directive 2002/58/EC could be read to legalise "voluntary" blanket
data retention practices as currently practised in the US. The amendment
would make the entire regulation of traffic data in Article 6 of the
directive meaningless. It is not restricted to times when an actual network
error occurs but would allow a general collection of traffic data on the
grounds of them being useful for "security purposes". It does not set a time
limit, either.
Amendment 181 added in the Article 6 the following text: " Without
prejudice to compliance with the provisions other than Article 7 of
Directive 95/46/EC and Article 5 of this Directive, traffic data may be
processed for the legitimate interest of the data controller for the
purpose of implementing technical measures to ensure the network and
information security, as defined by Article 4 (c) of Regulation (EC)
460/2004 of the European Parliament and of the Council of 10 March 2004
establishing the European Network and Information Security Agency, of a
public electronic communication service, a public or private electronic
communications network, an information society service or related terminal
and electronic communication equipment, except where such interests are
overridden by the interests for the fundamental rights and freedoms of the
data subject. Such processing must be restricted to that which is strictly
necessary for the purposes of such security activity."
It seems that a majority of the EU member states are already critical to
this amendment.
But other amendments on the 3 strikes approach have come back on the agenda.
On 14 October 2008, the European Council Working Party on Telecommunications
and the Information Society issued a document that eliminated, without any
explanation or justification, the pro-Bono amendment 166 (Article 32a) of
the Universal Access directive (Harbour report) in the Telecoms Package
reiterating the European Parliament's opposition to the 3-strikes measures
system.
The article in question that said: "Article 32a Access to content, services
and applications Member States shall ensure that any restrictions to users'
rights to access content, services and applications, if they are necessary,
shall be implemented by appropriate measures, in accordance with the
principles of proportionality, effectiveness and dissuasiveness. These
measures shall not have the effect of hindering the development of the
information society, in compliance with Directive 2000/31/EC, and shall not
conflict with citizens' fundamental rights, including the right to privacy
and the right to due process" and which was voted by a clear majority in the
Parliament, simply lacks from the recent European Council document without
any explanation whatsoever.
The document includes some other amendments which pave the way for the
3-strike system, imposing costs on ISPs and removing the oversight by the
European Commission and national Regulators meant to protect users from
content filtering.
At the same time, the article designed to support the French graduated
response measures, (the co-operation Amendment 112 - Article 33 (2a) is
kept.
Some of the state members, such as UK, Ireland, Germany, Austria and Hungary
have reserves concerning the European Council document but the French
government is pushing to see its system imposed on all EU members.
In an attempt to influence the German government's position, a seminar, "on
the development of Creative content online" was organized by the French
embassy in Berlin with the title "Can the Olivennes agreement set the course
for the digital future?". During the seminar, German MEP Ruth Hieronymi
clearly stated that co-operation amendment 112 of the Harbour report in the
Telecoms Package provided the basis for the graduated response in EU law. "I
am absolutely convinced, that the legal framework is there, to fashion a
model like Olivennes that is compatible with European law" she stated in
relation to the Telecoms Package.
The MEP also claimed personal responsibility for the withdrawal of Amendment
132 in the Framework directive which opposed graduated response, and was in
direct conflict with Amendment 112 and the other pro-Olivennes measures.
Hieronymi's comments show that the attempt to insert graduated response and
copyright enforcement measures into the Harbour report was deliberate. Which
means that a vote for the directive as it is now, will clearly be a vote for
graduated response. Unless there is no opposition form the governments
having shown some reserves, the law imposing the graduated response will be
passed to all EU countries by December, as the Council seems to have decided
to negotiate the document and not send it back to the EP for a second
reading.
European Council set to overturn Parliament on 3-strikes (15.10.2008)
http://www.iptegrity.com/index.php?option=com_content&task=view&id=181&Itemid=9
Working Party on Telecommunications and Information Society - Compromise
Proposal for the consolidated version of the proposal amending directive
2002/22/EC (10.10.2008)
http://www.iptegrity.com/pdf/European.Council.Universal.Service.Directive.pdf
"Co-operation" amendment WAS designed to support 3-strikes (17.10.2008)
http://www.iptegrity.com/index.php?option=com_content&task=view&id=183&Itemid=9
EDRIgram: EP votes Telecoms Package (8.10.2008)
http://www.edri.org/edrigram/number6.19/ep-votes-telecom-package
============================================================
2. The PNR scheme entirely changed by the European Council
============================================================
The European Council has started re-writing from scratch the European
Commission's proposal for an EU-PNR scheme as a result of several EU
governments' intention to go further in this matter.
Some European governments, with the UK in the lead, want to extend the PNR
scheme used now under the US-EU agreement to all types of travel (air, land
and sea), not only in and out the EU borders but between EU countries and
even within each country. They also want the data and information gathered
to be used not just for entry-exit, but also for any law enforcement
purpose.
The declared purpose of collecting the data is "the prevention, detection,
investigation, prosecution and punishment of terrorism and a group of other
serious offences, defined by reference to the list in the Framework Decision
on the European Arrest Warrant." However, there is an additional statement
which gives more freedom to control: "The instrument would of course cover
the reporting and prosecution of other offences brought to light during
controls." While the PIUs (Passenger Information Units) collect the data
from airlines and assess the passengers, "competent national authorities"
(i.e. police, security agencies) would be allowed to use the data for other
purposes than for assessing security risks for flights.
The list of data to be collected practically covers the same 19 sets of data
under the US-EU PNR agreement. Also, there will be two transmissions of the
data, one 48 hours before the flight take off and one when the flight is all
boarded.
The procedure for analysing the "terrorist or criminal threat" will include
a first analysis "based on risk indicators" (such as source country or
destination) "pre-established by the competent (national) authorities" and a
second one based on "national, international and European files". However,
the issue here is that the 27 EU countries have watch lists which are
extremely different. Hence, the proposal suggests the necessity of
developing "common methods and indicators".
As some of the State Members do not wish to extend the scheme to flights
inside the EU space, the text proposes that the choice of individual states
to take the measure at the national level should be "explicitly recognised".
This means that actually the PNR will be collected by all Member States on
all flights in and out of the EU and if a Member State wants to survey
intra-community flights as well, it can very well do it.
EU-PNR scheme being re-written by the Council (4.10.2008)
http://www.statewatch.org/news/2008/oct/04eu-pnr-rewrite.htm
EDRIgram - Dispute between UK government and EU over the use of PNR
(27.08.2008)
http://www.edri.org/edrigram/number6.16/uk-eu-pnr
Observatory: EU surveillance of passengers (PNR)
http://www.statewatch.org/eu-pnrobservatory.htm
============================================================
3. International Action Day "Freedom not Fear" - 11.10.2008
============================================================
The first worldwide protests against surveillance measures such as the
collection of all telecommunications data, the surveillance of air
travellers and the biometric registration of citizens were held on 11
October 2008 under the motto "Freedom not Fear - Stop the surveillance
mania!". In at least 15 countries citizens demanded a cutback on
surveillance, a moratorium on new surveillance powers and an independent
evaluation of existing surveillance powers. "A free and open society cannot
exist without unconditionally private spaces and communications", explains
an international memorandum.
The greatest protest march against surveillance in Germany's history took
place in Berlin. Participants in the 2 km long peaceful protest march
carried signs reading "You are Germany, you are a suspect", "No Stasi 2.0 -
Constitution applicable here", "Fear of Freedom?" and "Glass citizens,
brittle democracy". Apart from related music tracks, loud chants of
"Belittle it today, be under surveillance tomorrow" or "We are here and we
are loud because they are stealing our data" could be heard. During the
protests, which were supported by more than 100 civil liberties groups,
professional associations, unions, political parties and other
organisations, artists played parodies on surveillance society.
In their final speeches in front of the Brandenburg Gate, the
organisers called for political consequences: padeluun of civil
liberties group FoeBuD said that in view of the mass protests
politicians needed to react now and repeal the blanket retention of
all telecommunications data introduced in 2006. Patrick Breyer of German
Working Group on Data Retention (AK Vorrat) presented a five point plan
according to which surveillance should be reduced, existing laws should be
evaluated and plans for new surveillance measures should
be halted. In the course of a "new, freedom-loving security policy"
specific preventive measures such as youth projects should be
invested in and the "real problems" of people such as poverty and
education should be focused on. Ricardo Cristof Remmert-Fontes of AK Vorrat
announced further action and invited participants to join parties held in
seven participating clubs in Berlin under the motto "The long night of
surveillance".
In other countries, the following events took place in the course of
yesterday's "Freedom not Fear" day: Protest event with music and
several art performances in Den Haag, lectures in Rome, surveillance
camera mapping in Madrid, art performances in front of Parliament in
Vienna, protest rallies in Paris, Prague, Sofia and Stockholm, the
distribution of privacy software in Copenhagen, informative events
in Guatemala City and Buenos Aires as well as a projection of light
onto Toronto's Town Hall. In London, the construction of a surveillance
state was opposed by creating a massive collage of photos on Parliament
Square showing the prime minister and the action day's motto "Freedom not
Fear".
Before the action day, Arbeitskreis Vorratsdatenspeicherung had
warned of a "surveillance avalanche in Germany": According to the
group, the German Parliament has tightened surveillance and control
over citizens at least 21 times in the past 10 years. At least 18
more surveillance proposals are presently on the political agenda,
for example the blanket collection of air travellers' data and the
transfer of personal data to the US.
In an opinion published on 14 October 2008, the competent Advocate General
at the European Court of Justice considered that the EU directive on data
retention was enacted on the correct legal basis. The German Working Group
on Data Retention pointed out that the Advocate General's opinion only
concerns the action brought by the Irish government which is
limited to formal issues. It is not concerned with the fact that registering
the telecommunications behaviour and movements of the entire EU population
in the absence of any reasonable suspicion is clearly disproportionate and
violates human rights.
If the Court follows the Advocate General's opinion and dismisses Ireland's
suit, it will need to consider the compatibility with human rights in a
second proceeding. This second proceeding is likely to be initiated by the
German Federal Constitutional Court where a suit of more than 34 000
citizens against data retention is pending.
In another case, The German Federal Constitutional Court is expected to
decide shortly on an application for a preliminary injunction against the
German law on data retention. The application is directed mainly against the
retention of Internet access, anonymizing services and e-mail data which is
to become effective on 1 January 2009. The Constitutional Court's final
judgement will probably be passed after the European Court of Justice has
decided on the human rights issues.
International Action Day "Freedom not fear - Stop the surveillance mania!"
on 11 October 2008
http://www.vorratsdatenspeicherung.de/content/view/242/144/lang,en/
Freedom Not Fear: the Big Picture unveiled on Parliament Square (11.10.2008)
http://www.openrightsgroup.org/2008/10/11/freedom-not-fear-the-big-picture-unveiled-on-parliament-square/
Advocate General Bot considets that the directive on data retention is
founded on an appropriate legal basis (14.10.2008)
http://curia.europa.eu/en/actu/communiques/cp08/aff/cp080070en.pdf
Constitutional complaint filed against German Telecomms Data Retention Act
http://www.vorratsdatenspeicherung.de/content/view/184/79/lang,en/
(contribution by German Working Group on Data Retention)
============================================================
4. Freedom not Fear Prague: Do It Yourself Carnival burst in the city center
============================================================
On 11 October 2008 Prague hosted the DIY Carnival which marched through the
city centre in the name of the worldwide initiative "Freedom not Fear".
Starting with a concert of several music groups on the river island
Stvanice, more than 1000 people wearing masks outnumbered crowds of tourists
on the fancy streets of the Old Town and protested against increasing
surveillance within the society. The colourful parade ended up at sunset,
but some of the participants reunited later that night on the occasion of
Big Brother Awards benefit concert which was organized by EDRi member
Iuridicum Remedium.
"The recent level of restrictions which criminalize majority of our society
is alarming. It is another step towards state where police is competent to
arbitrary bully people on the streets," said Jan Nemec, the spokesman of the
Freedom not Fear initiative in Prague, in his public speech. "Let your
voices be heard and express your resolute protest against these oppressive
measures," called Jan Nemec on the participants.
However, the organization of the DIY Carnival did not go that smoothly as
might be observed from its results. The parade had to take an alternative
route, because the municipal authorities banned the original one on the
bases of their fear that the carnival could turn into a street party.
Subsequently, the organizers have lodged an appeal with the court that was
later dismissed. The final decision is still pending, though. "The hearing
on the ban took place on Friday, just one day after we received an email
notification, while the rules of the administrative court grant at least ten
days for preparation," commented the first instance decision Helena
Svatosova, lawyer from the NGO Iuridicum Remedium, who initiated proceedings
in this matter before the Highest Administrative Court.
(contribution by Vaclav Mlynarik - EDRi-member Iuridicum Remedium)
============================================================
5. New Dutch Notice-and-Take-Down Code raises questions
============================================================
Dutch government and leading market participants have adopted a new
Notice-and-Take-Down Code of Conduct. The Code seeks to clarify the
responsibilities of internet intermediaries (hosting providers in
particular) when confronted with a notice that online information is
punishable (under Dutch penal law) or unlawful. Reactions to the code
are mixed. Many hosting providers have not signed the Code. Others have
called it symbolic. In fact, the Code seems to obscure the current legal
obligations of internet service providers with regard to punishable and
unlawful material. Unfortunately, the Code does not even mention the
right to freedom of expression and the issue of censorship.
Although the code has no legal status, it goes further than the Dutch law in
a number of ways. The Code states that a notice of a public prosecutor
that material is punishable cannot be questioned by a provider, because
the public prosecutor has already established its illegal character.
However, a recent academic study of the Centre for Cybercrime Studies
(Cycris), commissioned by the Dutch government, revealed the inadequacy
of Dutch laws concerning Notice and Takedown. In particular, it found
that the public prosecutor does not have an adequate legal instrument to
order material to be taken down. The study concluded that "there are
insufficient guarantees built into the process to protect the interests
of Internet users and the information freedoms". The Dutch government
has responded that it is reviewing the relevant laws, but it has
completely ignored the problem in the context of this new Code.
In the case of notices of punishable and unlawful material from others
than the public prosecutor the Code provides that an intermediary will
remove the material if it is 'unequivocally' punishable or unlawful. If
not, the party seeking removal can either seek involvement of law
enforcement agencies or start a civil procedure. There is no explicit
mention of a put-back procedure. The Code does state that intermediaries
have to be careful not to remove more content than the notice points to.
The Code does not change the circumstances under which rights holders
can retrieve identifying data of alleged infringers of copyright. For
this reason, BREIN, the representative of the rights holders in the
Netherlands, has made clear it sees the current Code as unsatisfactory.
To complicate matters, the Code introduces the concept of 'undesirable'
or 'harmful' material. It defines this as material that is not illegal
or unlawful under Dutch law, but material that a provider itself does
not want to host, because of its 'undesirable' or 'harmful' character.
The Code states that the provider is free to develop such criteria and
treat notices of 'undesirable' or 'harmful' material the same way as
notices of illegal material. Clearly, government involvement in this
part of the Code of Practice is problematic from the perspective of
freedom of expression. The Code does not clarify which categories of
content can legitimately be considered as 'undesirable' or 'harmful' by
an intermediary. And unfortunately, the Code does not explicitly forbid
law enforcement agencies to send notices of 'undesirable' or 'harmful'
material, whereas such notices would seem to be illegal.
The Code was adopted in the context of the National Infrastructure
Cybercrime, a public private partnership, which includes several branches of
the Dutch Government, major broadband providers such as KPN, XS4all, and
cable providers. There is no official list of participants in the Code.
Notice-And-Take-Down Code of Conduct (9.10.2008)
http://www.samentegencybercrime.nl/UserFiles/File/NTD_Gedragscode_Opmaak_Engels.pdf
Dutch 'Notice-and-Take-Down' Code of Conduct issued (14.10.2008)
http://www.saferinternet.org/ww/en/pub/insafe/news/articles/1108/notice_and_take_down.htm
Cycris Research on art. 54a of the Dutch Penal Code (13.05.2008)
http://www.cycris.nl/news/7/39
Hosters en Brein sluiten piraterij-compromis (In Dutch only) (9.10.2008)
http://webwereld.nl/articles/53058/hosters-en-brein-sluiten-piraterij-compromis.html
(Contribution by Joris van Hoboken - EDRi-member Bits of
Freedom -Netherlands)
============================================================
6. Protests in France against the Edvige file on St. Edwige day
============================================================
As previously announced in EDRi-gram, St. Edwige day in France was a day of
protests against the file project called Edvige, a file that would gather
information on any person, including minors, considered by the police as a
"suspect" capable of disrupting the public order.
On 16 October, on St. Edwige day, demonstrations against the introduction of
the Edvige file were organised in Paris, Agen, Bordeaux, Strasbourg,
Saint-Etienne, Lyon and other big cities in France by the "Non ` Edvige"
group that included La Ligue des Droits de L'Hommes (The League of Human
Rights), FSU, CGT, CFDT, Aides and French EDRi-member IRIS.
The project had already been modified in September into the so called
EDVIRSP file. However, even the new version was considered unacceptable by
the opponents of the project especially because it involves gathering data
on minors who are considered by the police a public threat.
The "Non ` Edvige" petition is asking for the cancellation of the entire
project. It remains to be seen if the demonstrations that took place on 16
October will find any echo with the French authorities.
On Saint Edwige, the anti-Edvige march on the streets (only in French,
16.10.2008)
http://www.lemonde.fr/web/son/0,54-0@2-3224,63-1107874@51-1090646,0.html
Saint Edwige: the anti-Edvige in the street (only in French,17.10.2008)
http://www.top-logiciel.net/news-article.storyid-3044.htm
On Saint Edwidge: I don't want Edvige ! (only in French, 17.10.2008)
http://www.youtube.com/watch?v=94hUZr6FxLc&feature=user
EDRIgram - French file EDVIGE revised after huge civil society mobilization
(only in French, 24.09.2008)
http://www.edri.org/edrigram/number6.18/edvige-revised
============================================================
7. German court says ISPs do not violate the law by storing IP addresses
============================================================
On 30 September 2008, the Munich District Court decided in a provisional
ruling that website operators were not violating the data protection
legislation when storing IP addresses of their visitors as IP addresses
alone are not considered personal data.
The case was brought to the court by an individual who argued that storing
IP addresses in log files by a web publisher represents a privacy violation
because the information could be used to identify him and relate his
identity to his web surfing activity. The court dismissed his arguments and
ruled against his claim.
The court considers IP addresses are not personal data under the German
Privacy Act because the information cannot be easily used to determine a
person's identity and an ISP could not tell a third party who was using a
particular IP address at a particular time without a legal basis. Such
information is provided by ISPs only when ordered by a court.
The ruling also said that IP addresses lacked the necessary quality of
"determinability" to be personal data, meaning the identity of the person
behind the information cannot be established without a significant effort
and by using "normally available knowledge and tools."
However, we should not over-estimate the relevance of this decision.It was
taken by a local court with no IT experts and the judge did not discuss the
dissenting decisions from higher level Berlin courts. The decision only
applies to dynamic IP addresses.
Privacy activists have argued that IP addresses should count as personal
data under data protection legislation. The Article 29 Working Party has
also said that IP addresses should be treated as personal data by ISPs and
search engines, even if they are not always personal data. "Unless the
Internet Service Provider is in a position to distinguish with absolute
certainty that the data correspond to users that cannot be identified, it
will have to treat all IP information as personal data, to be on the safe
side. These considerations will apply equally to search engine operators,"
said a report issued by the Article 29 Working Party in April.
Regarding the fact that IP addresses are not considered personal data by
some, in an interview given to EurActiv on the data protection rules, the
European Data Protection Supervisor Peter Hustinx explained : "As of today
there is some uncertainty, and this is why we will probably see a study from
the Commission to shed light on this. But the common view of the data
protection specialists is that in many situations IP addresses are personal
data. Therefore websites, Internet Service Providers and other parties
should ensure data protection compliance. This is an important thing to
emphasise." He also believes that The European Commission
should clarify the application of existing data protection rules in relation
to RFID in order to avoid "big social dangers".
German court says IP addresses in server logs are not personal data
(14.10.2008)
http://www.out-law.com/page-9505
Hustinx: Tracking people 'easier' with RFID (3.10.2008)
http://www.euractiv.com/en/infosociety/hustinx-tracking-people-easier-rfid/article-176220
AG, Munich: IP addresses may be used by Web site operators are stored (only
in German, 7.10.2008)
http://www.kremer-legal.com/2008/10/07/ag-munchen-ip-adressen-durfen-von-website-betreibern-gespeichert-werden-volltext/
============================================================
8. British court: people are bound to reveal computer encryption key
============================================================
Two persons were denied by the court the right to silence in relation to the
encryption key they were asked to reveal to the police.
The men had brought as argument to the court that handing over the encrypted
key for the data in their computers would mean forcing them to incriminate
themselves. Defendants have a right to silence and to refuse to divulge
information that could be used as evidence against them.
The Court of Appeal however considered that an encryption password is not
incriminating information in itself and that the key as well as the
information in the computers existed independently from the men just like
any key to a drawer and its content. Therefore, the men had no right to deny
the police the encryption keys.
The two men had been arrested the police for having been involved with a
person who was subject to a control order under anti-terrorism legislation
and their computers had been seized. The police had sent notices ordering
the men to disclose the passwords in the interest of national security and
the prevention or detection of crime. The authorities can ask disclosure of
such keys because, in terms of the law, the information on the computers is
already in the possession of the police and an order for password disclosure
can be made, if "no alternative, reasonable method of gaining access to it
or making it intelligible is available" as expressed by Mr Justice
Penry-Davey in the Court of Appeal.
According to the Regulation of Investigatory Powers Act (RIPA), the refusal
to reveal a decryption key can be punished with imprisonment up to 5 years.
The clause covering this measure has been included in RIPA act since 2007
but has not been activated until 1 October 2008 because, last year, the Home
Office considered that the encryption was not as popular as it had been
predicted. Part III of RIPA was activated after a period of consultation.
People receiving notice from the police are bound to reveal the encryption
keys or render the requested material intelligible by authorities.
The clause has been criticised by civil liberties activists and security
experts who consider that the measure affects privacy and can lead to
persons being forced to incriminate themselves. An argument against the
action is also that passwords can be forgotten and people may pretend to
have forgotten or really forget them.
According to the Home Office, the process will be overseen by the
Interception of Communications Commissioner, the Intelligence Services
Commissioner and the Chief Surveillance Commissioner and complaints about
demands for information will be made by the Investigatory Powers Tribunal.
The Home Office considers that the actions are consistent with the European
Convention on Human Rights and the UK Human Rights Act as long as the demand
for decryption is "both necessary and proportionate". "The measures in Part
III are intended to ensure that the ability of public authorities to protect
the public and the effectiveness of their other statutory powers are not
undermined by the use of technologies to protect electronic information,"
stated the Home Office.
But besides the concerns raised by civil liberties activists, there are also
voices that warn the measure may even lead to hiding more material from the
Police.
"I think putting the powers on the statute book will make it more, not less,
likely that police will encounter encrypted material because people will
become aware of dual key systems and see how easy they are to use,"
commented security expert Dr Richard Clayton.
Court of Appeal orders men to disclose encryption keys (16.10.2008)
http://www.out-law.com//default.aspx?page=9514
England and Wales Court of Appeal (Criminal Division) Decisions (9.10.2008)
http://www.bailii.org/ew/cases/EWCA/Crim/2008/2177.html
RIPA could be challenged on human rights (24.01.2008)
http://www.out-law.com/page-8826
Law requiring disclosure of decryption keys in force (2.10.2007)
http://www.out-law.com/page-8515
============================================================
9. ENDitorial: Seizures and other abuses - from bad to worse
============================================================
Two recent episodes (that are not "isolated cases") show, again, how
distortions in Italian laws and in their application can lead to all sorts
of abuses - as discussed before. The problem is that these abuses are not
only continuing, but getting worse.
One is explained in a recent article and is obviously (no matter how it's
disguised) a case of censorship.
The other case we are discussing here, if taken as a single episode, could
be seen as a comedy of errors. A website for the exchange of music was
"seized" - that is to say, access was blocked. It was soon moved to another
address, and later the "seizure" was revoked. So it didn't suffer any
serious damage and it may have gained some publicity as a result of the
protest in Italy and elsewhere caused by the attempt to choke it. The
instigators of the repression (as usual, the lobbies of music majors) were
(in this case and so far) defeated and ridiculed. But the procedures in this
grotesque affair reveal several alarming abuses.
Many problems, for many years, have been caused by an awkward peculiarity of
the Italian legislation, that treats copyright infringement as a criminal
offence. And it has always been an awful abuse to seize computers, servers
etcetera with a brutal procedure that is useless for investigation purposes
and dramatically harmful not only for suspects who are "innocent until
proven guilty", but also for people and organizations who are not involved
in the facts (or assumptions) being investigated.
In recent years this abuse has taken a new twist, that queerly extends the
"seizure" concept to the suppression of a website or if, as in this case,
the website isn't in Italy, to force Italian internet providers to block
access (or even, as in this example, to arbitrarily re-route the "traffic"
to another foreign website, dedicated to persecuting people who are trying
to access the blacklisted source).
It would be dangerous to underestimate the implications of these behaviors,
too easily supported by internet providers, who care about their selfish
interests above the rights of their customers. They go far beyond the
consequences of individual episodes, suggesting criteria and procedures that
can be extended to the repression of any unwelcome opinion or information,
as well as of enterprises competing with "favored" interests.
To make things even worse, in this case the attack was on a site that
doesn't offer file sharing, but information on where resources can be found.
This could lead to the absurdity of turning not only connection providers,
but also search engines, into censors, spies and "sheriffs" of the net for
inquiries and prohibitions originating in any country and extending beyond
its borders.
In a "package of rules" recently approved (September 24, 2008) by the
European Union Parliament "measures that would have allowed a control on
internet users were rejected." Specifically, "the MEPs rejected the idea
that ISPs should filter all downloads and punish the infringers of copyright
rules, being thus transformed into a sort of online police."
Of course it remains to be seen if and how "good intentions" will be
applied, but in the meantime Italian authorities, once again, appear to be
peculiarly prone in obeying the whims and wishes of the "owners of ideas"
and not as careful as they should in ensuring freedom of opinion and civil
rights.
An update on the Italian PirateBay case (8.10.2008)
http://www.edri.org/edrigram/number6.19/update-piratebay-italy
The European Parliament voted the Telecoms Package (8.10.2008)
http://www.edri.org/edrigram/number6.19/ep-votes-telecom-package
ENDitorial: A stupid law and a perverse "criminal" sentence (24.09.2008)
http://www.edri.org/edrigram/number6.18/stupid-law-italy
(contribution by Giancarlo Livraghi - EDRi-member ALCEI - Italy)
============================================================
10. Recommended Reading
============================================================
The Council of Europe launched, in close cooperation with European online
game designers and publishers and with Internet service providers, two sets
of guidelines which aim to encourage respect and promote privacy, security
and freedom of expression.
Human Right Guidelines for Online games providers
http://www.coe.int/t/dghl/standardsetting/media/Doc/H-Inf(2008)008_en.pdf
Human Right Guidelines for Internet service providers
http://www.coe.int/t/dghl/standardsetting/media/Doc/H-Inf(2008)009_en.pdf
============================================================
11. Agenda
============================================================
24 October 2008, Bielefeld, Germany
Big Brother Awards Germany 2008
http://www.BigBrotherAwards.de/
25 October 2008, Vienna, Austria
Big Brother Awards Austria 2008
http://www.BigBrotherAwards.at/
3-7 November 2008, Geneva, Switzerland
Standing Committee on Copyright and Related Rights : Seventeeth Session
http://www.wipo.int/meetings/en/details.jsp?meeting_id=16828
13-14 November 2008, Chisinau, Moldova
IFLA/EBLIDA/eIFL Conference on copyright and libraries
Copyright: Enabling Access or Creating Roadblocks for Libraries?
Registration by 1 November 2008
http://www.eblida.org/index.php?page=draft-programme-2
25-26 November 2008, Brussels, Belgium
World e-Parliament Conference 2008
http://www.ictparliament.org/worldeparliamentconference2008/
3-6 December 2008, Hyderabad, India
Third Internet Governance Forum
http://www.intgovforum.org
9-10 December 2008, Madrid, Spain
Future Internet Assembly
http://www.future-internet.eu/home/future-internet-assembly/madrid-dec-2008.html
http://www.fi-madrid.eu/
10-11 December 2008: Tilburg, Netherlands
Tilting perspectives on regulating technologies, Tilburg Institute for Law
and Technology and Society, Tilburg University
http://www.tilburguniversity.nl/tilt/conference
27-30 December 2008 Berlin, Germany
25C3: Nothing to hide
The 25th Chaos Communication Congress
http://events.ccc.de/congress/2008/
18-20 March 2009, Athens, Greece
WebSci'09: Society On-Line
http://www.websci09.org/
1-4 June 2009, Washington, DC, USA
Computers Freedom and Privacy 2009
http://www.cfp2009.org/
============================================================
12. About
============================================================
EDRI-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRI has 28 members based or with offices in 17 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge and
awareness through the EDRI-grams.
All contributions, suggestions for content, corrections or agenda-tips are
most welcome. Errors are corrected as soon as possible and visibly on the
EDRI website.
Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 2.0 License. See the full text at
http://creativecommons.org/licenses/by/2.0/
Newsletter editor: Bogdan Manolea <edrigram at edri.org>
Information about EDRI and its members:
http://www.edri.org/
European Digital Rights needs your help in upholding digital rights in the
EU. If you wish to help us promote digital rights, please consider making a
private donation.
http://www.edri.org/about/sponsoring
- EDRI-gram subscription information
subscribe by e-mail
To: edri-news-request at edri.org
Subject: subscribe
You will receive an automated e-mail asking to confirm your request.
unsubscribe by e-mail
To: edri-news-request at edri.org
Subject: unsubscribe
- EDRI-gram in Macedonian
EDRI-gram is also available partly in Macedonian, with delay. Translations
are provided by Metamorphosis
http://www.metamorphosis.org.mk/edrigram-mk.php
- EDRI-gram in German
EDRI-gram is also available in German, with delay. Translations are provided
Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for
Internet Users
http://www.unwatched.org/
- Newsletter archive
Back issues are available at:
http://www.edri.org/edrigram
- Help
Please ask <edrigram at edri.org> if you have any problems with subscribing or
unsubscribing.
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
More information about the cypherpunks-legacy
mailing list