EDRi-gram newsletter - Number 7.23, 2 December 2009

Wed Dec 2 12:57:09 PST 2009

============================================================

           EDRi-gram

biweekly newsletter about digital civil rights in Europe

    Number 7.23, 2 December 2009

============================================================
Contents
============================================================

1. Civil liberties groups ask EU to repeal data retention directive
2. Romanian Constitutional Court decision against data retention
3. Spain warned by Commissioner Reding for cutting off Internet access
4. Austria: BIM delivers draft act on implementing Data Retention Directive
5. Stockholm programme adopted by the European Parliament
6. Legal Complaints and Petition Against Second French "Horror Database"
7. Czech Big Brother Awards 2009
8. EC changes the openess concept in the draft eGov EIF
9. Spanish court revokes its decision to shut down P2P-related sites
10. ENDitorial: IGF 2009: the Forum is the Message (and the Massage as well)
11. ENDitorial: Keeping the "self" in self-regulation
12. Recommended Reading
13. Agenda
14. About

============================================================
1. Civil liberties groups ask EU to repeal data retention directive
============================================================

Civil liberties groups European Digital Rights (EDRi) and the German
Working Group on Data Retention (AK Vorrat) are calling on the European
Union to repeal the 2006 directive on the data retention of electronic
communications. In the event that the directive is not repealed, they
demand that it is amended to introduce an opt-out right allowing Member
States to decide whether or not to require the retention of
communications data.

In a statement to the European Commission published today, AK Vorrat
points out that the directive has resulted in less liberty for citizens,
in a constant threat that information on personal contacts, mobile phone
movements and Internet use may be sold, lost or otherwise cause harm, as
well as in higher prices for telecommunications services and in less
competition.

In a legal complaint regarding the directive filed with the European
Court of Justice in 2006 and disclosed today on the Internet, Ireland
pointed out that initially, many countries had not imposed any data
retention requirements and that "no issue relating to the internal
market could justify the imposition upon a Member State of an obligation
to require telecommunications operators to retain data (...) where no
such obligations previously existed under the law of that State".

In several Member States, courts examined and are examining complaints
filed by citizens and telecommunications operators, alleging that the
indiscriminate collection of communications data violates the human
right to privacy. Constitutional Courts in Romania and Bulgaria
have already ruled data retention legislation unconstitutional. The
German Federal Constitutional Court will hear complaints filed by over
34 000 citizens in December. Another action is pending in Ireland,
while an application to the Constitutional Court of the Czech Republic
is currently being prepared.

"In a landmark decision taken last year, the European Court of Human
Rights declared illegal a British DNA and fingerprints database, stating
that 'the blanket and indiscriminate nature of the powers of retention
(...) constitutes a disproportionate interference' with privacy and
'cannot be regarded as necessary in a democratic society.' The same
is the case with the blanket and indiscriminate collection of
information on personal contacts, mobile phone movements and Internet
use", comments legal expert Patrick Breyer (AK Vorrat). "Anonymity is
indispensable for a multitude of activities in a democratic state.
Subjecting all citizens to a constant recording of whom they are in
touch with is threatening to undermine or even destroy democracy while
ostensibly defending it. The Commission must put an end to this Big
Brother law now."

"EDRi and its members have been campaigning against this directive for
years, arguing that such data retention is necessarily a hazardously
invasive act. Communication data is well beyond being simple logs of who
we've called and when we called them. Traffic data are now used to
create a map of human associations and more importantly, a map of human
activity and intention," reminds Meryem Marzouki (EDRi). "With the
growing use of massive national databases, and the current plans towards
their interoperability at EU-level and full access for police purposes,
the data retention directive paves the way to further extensions of
purposes, where data once collected strictly for the requirements of a
given service delivery become used for citizens surveillance and social
control, when not for intelligence purposes. This is not acceptable in a
democratic society, and should be ended now."

This press release is supported by:
- Dutch speaking League for Human Rights (Liga voor Mensenrechten) - Belgium
- French speaking League for Human Rights (Ligue des droits de
l'Homme) - Belgium
- Flemish Bar Association (Orde van Vlaamse Balies) - Belgium
- French and German speaking Bars of Belgium (Ordre des Barreaux
Francophones et Germanophone) - Belgium
- General Association of Professional Journalists in Belgium (AGJPB
- Association generale des Journalistes Professionnels de Belgique -
AVBB : Algemene Vereniging van Beroepsjournalisten in Belgie) - Belgium
- Statewatch - UK
- Werebuild.eu - Sweden

This press release in French - EDRI et AK Vorrat demandent ` l'Union
europienne d'abroger la directive "ritention de donnies" (1.12.2009)
http://www.iris.sgdg.org/info-debat/comm-retention1209.html

In German - B|rgerrechtsvereinigungen fordern EU zur Aufhebung der
Richtlinie zur Vorratsdatenspeicherung auf (1.12.2009)
http://www.vorratsdatenspeicherung.de/content/view/343/79/lang,de/

Statment from AK Vorrat on Data retention (only in German, 1.12.2009)
http://www.vorratsdatenspeicherung.de/images/antworten_kommission_vds_2009-11-13.pdf

Summary of AK Vorrat Recommendations in English (1.12.2009)
http://www.vorratsdatenspeicherung.de/images/reply_commission_data-retention_english-summary_2009-11-13.pdf

Irish Submission to the European Court of Justice (11.07.2006)
http://www.vorratsdatenspeicherung.de/images/ireland_2006-07-11.pdf

Romanian Constitutional Court decision against data retention (25.11.2009)
http://www.legi-internet.ro/english/jurisprudenta-it-romania/decizii-it/romanian-constitutional-court-decision-regarding-data-retention.html

Bulgarian case against data retention (17.12.2008)
http://www.edri.org/edri-gram/number6.24/bulgarian-administrative-case-data-retention

Germany: Class-action law suit against data retention
http://www.vorratsdatenspeicherung.de/content/view/51/70/lang,en/

Action against data retention in Ireland (14.09.2006)
http://www.digitalrights.ie/2006/09/14/dri-brings-legal-action-over-mass-surveillance/

EDRi' campaign against the data retention
http://www.edri.org/campaigns/dataretention

============================================================
2. Romanian Constitutional Court decision against data retention
============================================================

The decision of the Romanian Constitutional Court (CCR) against the data
retention law was finally published in the Official Monitor on 23 November
2009.

The motivation of the court, which was made public only with a few days
before its publication in the Official Monitor, shows an interesting
argument from a Court with no prior jurisprudence in the field of privacy
protection. Thus, the court not only criticizes several aspects of the text
of the law, but declares the whole law as unconstitutional because it
breaches the right to corespondence and to privacy.

Even though only several articles were mentioned in the motion of
unconstitutionality, the Court went further and examined art 20 of the law
that could have been interpreted as an open door for the secret services to
access the retain data under any circumstances and without a judicial
approval, an issue that was raised by EDRi-member APTI starting with the
public consultations in 2007.

CCR notes that the principle of limited collection of personal data is
emptied through this new regulation that obliges a continuos retention of
traffic data for 6 month."The legal obligation that foresees the continuous
retention of personal data transforms though the exception from the
principle of effective protection of privacy right and freedom of
expression, into an absolute rule. The right appears as being regulated in a
negative manner, its positive role losing its prevailing character."

CCR also makes a comparison with article 91^1 of the Penal Procedure
Court (CPP) dealing with audio and video interceptions in crime cases, that
was considered constitutional in an earlier ruling. The text of the CPP
allows the video interception only in a specific case and person, only with
judicial supervision, only for the future and for a period that may not
exceed 120 days under any circumstances . The Court concludes that
basically, this data retention law deletes the right to privacy in terms of
electronic communications: "Therefore, the regulation of a positive
obligation that foresees the continuous limitation of the privacy right and
secrecy of correspondence makes the essence of the right disappear by
removing the safeguards regarding its execution."

The court is underlining the fact, already pointed out by European
civil organizations even during the adoption of the data retention
directive, that the law considers all citizens as potential criminals: "This
(data retention) equally addresses all the law subjects, regardless of
whether they have committed penal crimes or not or whether they are the
subject of a penal investigation or not, which is likely to overturn the
presumption of innocence and to transform a priori all users of electronic
communication services or public communication networks into people
susceptible of committing terrorism crimes or other serious crimes."

Finally, the court quotes the ECHR case of Klass and others vs Germany
(1978) considering that "taking surveillance measures without adequate and
sufficient safeguards can lead to 'destroying democracy on the ground of
defending it .'"

According to art 147 of the Romanian Constitution, the legal provisions on
data retention are now suspended. The Government and Parliament have 45 days
to "fix" the unconstitutional provisions. But taking into consideration the
CCR reasoning, there are little chances that any text that would ask for a
six month blanket data retention would be considered as constitutional in
Romania. Moreover, there is currently only an interim government and a new
one is unlikely to appear in the next weeks (at least not until the second
round of presidential election, which is scheduled for 6 December).

Constitutional Court Decision no 1258 of 8 October 2009 (unofficial
English translation, 23.11.2009)
http://www.legi-internet.ro/english/jurisprudenta-it-romania/decizii-it/romanian-constitutional-court-decision-regarding-data-retention.html

Constitutional Court Decision no 1258 of 8 October 2009 (only in Romanian,
23.11.2009)
http://www.ccr.ro/decisions/pdf/ro/2009/D1258_09.pdf

APTI's comments on draft data retention law (only in Romanian, 9.05.2007)
http://www.apti.ro/webfm_send/24

Romania: Data retention law declared unconstitutional (21.10.2009)
http://www.edri.org/edrigram/number7.20/romania-data-retention-law-unconstitutional

Art 147 of the Romanian Constitution
http://www.cdep.ro/pls/dic/site.page?den=act2_2&par1=5#t5c0s0a147

============================================================
3. Spain warned by Commissioner Reding for cutting off Internet access
============================================================

On 23 November 2009, at the Spanish Telecom Regulatory Authority (CMT)
international meeting, Viviane Reding warned that the European Commission
could take action against Spain if the government decided to cut the
Internet access of file-sharers.

"Repression alone will certainly not solve the problem of Internet piracy;
it may in many ways even run counter to the rights and freedoms which are
part of Europe's values since the French Revolution," said the Commissioner
who reminded Spain that the new telecom package agreed upon in November by
the European Parliament and the Council of Ministers included a provision
considering as illegal the internet access cut-off without an official
procedure. "The new internet freedom provision now provides that any
measures taken regarding access to and use of services and applications must
always respect the fundamental rights and freedoms of citizens," and
"Effective and timely judicial review is as much guaranteed as a prior, fair
and impartial procedure, the presumption of innocence and the right to
privacy," said Reding.

As she has said on several other occasions, the Commissioner believes that
new business models and modern, efficient ways must be found to protect
intellectual property and artistic creation.

On this occasion, she also criticised France's Hadopi three strikes law,
argued that the development of a single European market for online content
was a better way to act against Internet piracy and regretted the
fragmentation of copyright law across the EU. "The lifting of impediments to
the cross-border online distribution of creative works will improve the
supply of attractive and affordable services that are legal. In turn, this
will reduce the temptation for consumers to indulge in the illicit
consumption of copyright-protected material."

Reinaldo Rodrmguez, the President of the CMT considers Reding's statements
are based on a misunderstanding and is confident that there will be no
conflicts between the Spanish legislation and that of the EU. The Spanish
Minister of Culture Angeles Gonzalez-Sinde has several times expressed her
position against the French model being in favour of prosecuting illegal
downloading sites but not users.

The Spanish association of operators REDTEL is also opposed to the
disconnection of the allegedly illegal downloaders, believing that
sectioning measures are only doomed to fail and that raising awareness would
be a much more efficient solution. The operators believe that while the
citizens ask cultural materials more and more on new channels, the culture
industry refrains from directing its offer through the Internet, in a legal
form and with attractive deals.

On 10 December 2009, a proposition will be presented to the Government by
the coalition of content creators. The proposition will be centered on
blocking P2P websites downloading contents from the Internet and not on
cutting access of users.

Reding warns Spain against internet cut-off (24.11.2009)
http://euobserver.com/19/29041

Commissioner warns Spain that cutting-off Internet enters into conflict with
EU (only in Spanish, 23.11.2009)
http://www.hoytecnologia.com/noticias/Comisaria-advierte-Espana-cortar/141891

The European Commissioner warns Spain over regulating P2P (only in Spanish,
23.11.2009)
http://www.adslzone.net/article3469-la-comisaria-europea-advierte-a-espana-sobre-la-regulacion-del-p2p.html

The Coallition will ask the Government for the blocking of P2P websites, but
never for the disconnection  (only in Spanish, 2.11.2009)
http://www.adslzone.net/article3403-la-coalicion-pedira-al-gobierno-el-bloqueo-y-desalojo-de-webs-p2p-y-nunca-la-desconexion.html

Spanish activists issue manifesto on the rights of Internet users
(2.12.2009)
http://www.boingboing.net/2009/12/02/spanish-activists-is.html

============================================================
4. Austria: BIM delivers draft act on implementing Data Retention Directive
============================================================

In April 2009 - after the EU Commission decided to bring an action against
Austria because of non-transposition of the Data Retention Directive
2006/24/EC (DRD) - the Ludwig Boltzmann Institute of Human Rights (BIM) was
assigned by the Austrian Federal Ministry for Transport, Innovation and
Technology to elaborate a draft act on the amendment to the
Telecommunications Act 2003, in order to find a way of transposition that
interferes least with fundamental rights of users. Although Austria had
supported the Directive in 2006, the newly elected government has delayed
the transposition not least because of serious doubts about its conformity
with Art. 8 European Convention on Human Rights (ECHR), which provides a
right to respect for one's "private and family life, his home and his
correspondence".

After we had been invited by the Ministry to elaborate such a draft act, we
thought very seriously for a while, if we should accept and what the
consequences would be. In the past years the BIM had criticised the DRD
fundamentally in public and we had published studies on the Directive in the
light of the ECHR which brought the result, that Data Retention is
incompatible with the Human Rights provisions. So the main problem was (and
still is), if a Human Rights Institute of high reputation writes the draft
for transposing the directive, the act likely will get the "fundamental
rights proofed"- stamp, what would clearly undermine the criticism on the
issue in public perception. On the other hand the Austrian Government left
no doubt that it is going to transpose the Data Retention, in order to avoid
a conviction through the European Court of Justice (ECJ) and the assignment
could be the chance to find a version of transposition which provides as
much safety elements as possible. But this would not have been enough to
decide for this job. The aim was to show in a accompanying scientific
analyse, that it is not possible to "repair" the DRD by creating safeguards
and transposing just the minimum necessary under Community Law - which of
course we did. Even so the Data Retention causes a violation of Art 8 and 10
ECHR, so the BIM recommends, that those parts of the draft act, which
stipulate the retention of data, should never enter into force - otherwise
their mere existence would violate Human Rights!

The BIM organised continuous round table discussions with concerned service
providers, non-profit organisations, employee and consumer representations,
as well as representatives of concerned ministries and other public
authorities. In addition, meetings in small technical groups were held in
order to assure clarity of the norm and to take into consideration all
technical possibilities, especially concerning data security matters. On 11
September 2009 - almost ironic - the Ludwig Boltzmann Institute of Human
Rights delivered the draft act on the amendment to the Telecommunications
Act 2003. Presently it is announced for an official public examination. This
hopefully perpetuates a public discussion about the non existing necessity
of this instrument.

Ceterum censeo data-retentionem esse delendam!

Draft Law on data retention suggested by the BIM (only in German)
http://bim.lbg.ac.at/de/informationsgesellschaft/bimentwurf-zur-vorratsdatenspeicherung-begutachtung

Data retention opponents making their move (only in German, 26.11.2009)
http://futurezone.orf.at/stories/1632818/

AK Vorrat Austria
http://www.akvorrat.at/

Resistance against Data Retention in Austria (only in German, 1.12.2009)
http://futurezone.orf.at/stories/1633168/

(Contribution by Christof Tschohl - Legal Researcher at the BIM and the main
author of the BIM-contribution to the Austrian DR draft law)

============================================================
5. Stockholm programme adopted by the European Parliament
============================================================

After six months of preparation, the European Union has almost reached
agreement (somewhat behind schedule) on its 5-year plan for policy in the
area of "freedom, security and justice", better known as the "Stockholm
Programme". Discussions on this proposal took place in parallel, with the
European Parliament preparing its opinion on the dossier at the same time as
Member States were working towards finalising the "real" text. While the
European Parliament's views have had a limited direct impact on the
Stockholm Programme itself, they will have an influence on the practical
projects that are subsequently set up by this new plan.

The text adopted by the Parliament, in great haste and some chaos,
is a mix of some very positive statements and some less helpful ones. On the
plus side, an attempt was made to reshape the post-9/11 "balance" metaphor
with regard to freedoms and justice: "(...) the EU is rooted in the
principle of freedom; points out that, in support of that freedom, security
must be pursued in accordance with the rule of law and subject to
fundamental rights obligations; states that the balance between security and
freedom must be seen from this perspective". There is also a stress on
reviewing the impact of measures adopted under the programme and improving
the evaluation systems already in place. On the negative side, opportunities
were missed with regard to minimum levels of diligence to be required of the
European Commission with regard to the issues to be addressed in impact
assessments and with regard to the dangers inherent in the use of databases,
particularly when these are interlinked.

The Council, meanwhile, hit some problems in last minute discussions on the
Programme, although at the time of writing, these problems do not appear
fatal for the initiative as a whole. Bearing in mind the wish of one Member
State Minister expressed during the debate between ministers, that the
Stockholm Programme will lead to the "eradication of terrorism" and the wish
of another that the programme would deal effectively with petty crime, it
appears that some Member States have somewhat unrealistic expectations of
the initiative. On the plus side, the text deleted some of the more
destructive and populist (blocking of websites) and downright dangerous
("revoking" of the IP addresses of foreign ISPs considered criminal by the
police) measures in the European Commission's Communication of June of this
year, which was meant to form the basis of the Programme. On the negative
side, the Council appears to be slipping into the misconception that
IT-based automated policing will somehow produce systems that will be both
cheaper and more efficient while also not endangering citizens' rights. This
trend is demonstrated by its proposal (albeit neatly framed with words about
protection of personal data) on "interoperability of IT systems ensuring
full conformity with data protection and data security principles when
developing such systems." Within the context, and keeping to this worrying
theme, Swedish Minister Beatrice Ask (at the beginning of discussions in the
Council) expressed her hope for the creation of "more cost-effective data
exchange".

As mentioned above, disagreements and delays have significantly slowed the
final adoption of the text. While Ministers all agreed that citizens should
be happy to trust any government (including foreign governments, following
the SWIFT agreement on exchange of banking data) with their personal data,
they did not trust each other to be responsible for mutually recognised
asylum procedures. As a result, this aspect of the Programme has delayed its
adoption.

The next stage in this process will be the preparation of concrete projects
to be proposed within the context of the adopted text. This will be done by
the European Commission, ostensibly with the support of the Spanish
Presidency of the Council.

Commission Communication (10.06.2009)
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2009:0262:FIN:EN:PDF

Last available consolidated text:
http://register.consilium.europa.eu/pdf/en/09/st16/st16484-re01.en09.pdf

Second-last set of amendments to the Programme (27.11.2009)
http://register.consilium.europa.eu/pdf/en/09/st16/st16484-re01ad01.en09.pdf

EDRi-gram: Stockholm Programme moves quickly towards adoption (9.09.2009)
http://www.edri.org/edri-gram/number7.17/stockholm-programme-european-parliament

============================================================
6. Legal Complaints and Petition Against Second French "Horror Database"
============================================================

The French coalition of groups, associations, trade unions and political
parties from the opposition is making it clear after its first successful
'No to EDVIGE' in 2008 led to the withdrawal of the EDVIGE intelligence
database by the French government, after a massive citizen mobilization
(more than 220.000 signatures of a first petition, including almost 1200
signatures from organizations, legal complaints, demonstrations, and all
possible democratic forms of protest). It now says 'Hell no!' to EDVIGE,
after the same government reintroduced almost the same database with two new
decrees published on 18 October 2009.

The coalition has launched a new petition on 30 November 2009, calling on
citizens to sign again against the new surveillance database. As things have
developed so far, the French civil society firmness against EDVIGE remains
intact: over only less than 3 days, more than 6100 individuals and 80
organizations have already signed, including main national associations,
trade unions, and political parties from the opposition. Main members of the
coalition, including French EDRI member IRIS, have filed legal complaints on
the same day against the French government, asking the highest
administrative Court (Conseil d'Etat) to annul the two new decrees. Other
coalition members are preparing to join this legal action.

The French anger is first due to the government contempt of the democratic
process: for the second time, Sarkozy's government by-passed the Parliament
to introduce a surveillance database, despite its own commitment in 2008 to
have the creation of any new police file decided by the Parliament. Even
worse, Members of Parliaments belonging to the President's majority voted on
24 November 2009 amendments to a draft law on 'the simplification of the
legislation', explicitly allowing such a creation by simple regulation.

Regarding the provisions of the decrees, the petition acknowledges the fact
that the previous mobilization has allowed to avoid in the new EDVIGE
database the collection of sensitive data related to sexual life and health.
This doesn't prevent, however, the LGBT movement and organizations fighting
AIDS to take again part in the mobilization against all other EDVIGE
features remaining in the new database: it is an intelligence file, and no
infraction needs to be committed before being filed to 'prevent violations
of public security'; children start being filed at 13; On top of the many
and, for some of them, sensitive data as defined by the French data
protection Act in accordance with the 1995 directive, that are collected
(identity, political, religious, philosophical activities as well as
activities related to trade-unions; public activities, behaviours and
movements; phone numbers and email addresses, vehicle registration, capital
assets, and others that were already in EDVIGE N01), a mysterious
'geographical origin' has been added to the categories of collected data.
This latter category, which doesn't correspond to any legal definition, has
been qualified as a masked way of gathering information related to the
ethnic origin, and anti-racist organizations have soon joined the second 'No
to EDVIGE' campaign.

EDRI previously reported that, during the Madrid Civil Society Conference on
Global privacy Standards held last November, Peter Schaar, the German
Federal Data Protection Commissioner, rightly underlined that "EDVIGE is a
horror database for us, because it includes many persons that did not breach
any laws - they are just 'risky persons'". It is very unfortunate that his
French counterpart, Alex T|rk, does not share this point of view. In a
communiqui published on 22 October 2009, the CNIL has found that "the new
decrees will allow relevant police services to use (the created databases)
under conditions guaranteeing citizens rights and freedoms thanks to the
CNIL control powers". One might wonder how and against which evidence the
CNIL would be able to control the 'risk assessment' having led to file one
person in the EDVIGE database, given the fact that no single infraction
needs to be committed first.

"No to EDVIGE" coalition website (including petition with automatic update
of signatures)
http://nonaedvige.sgdg.org

EDRi-gram: French Edvige Decree Withdrawn (3.12.2008)
http://www.edri.org/edri-gram/number6.23/edvige-retired

EDRi-gram: France Pushes The Introduction Of Edvige Project Through The Back
Door (21.10.2009)
http://www.edri.org/edrigram/number7.20/new-two-edvige-files

"No to EDVIGE" against police file creation by simple regulation (in French
only, 26.11.2009)
http://nonaedvige.sgdg.org/spip.php?article1115

EDRi-gram: Declaration On Global Privacy Standards (5.11.2009)
http://www.edri.org/edrigram/number7.21/privacy-standards-global

CNIL: From "Edvige I' to 'Edvige III": intelligence databases from now on
better supervised and better controlled (only in French, 22.10.2009)
http://www.cnil.fr/la-cnil/actu-cnil/article/article//de-edvige-i-a-edvige-iii-des-fichiers-de-renseignement-desormais-mieux-encadre/

(Contribution by Meryem Marzouki, EDRI-member IRIS - France)

============================================================
7. Czech Big Brother Awards 2009
============================================================

The results of the fifth annual Big Brother Awards were announced at a
festive evening in Prague's Theatre Na Pradle on 12 November 2009. A jury of
experts chose from almost 80 nominations entered by the public.

Among those awarded are the Czech Ministry of Schools, Youth and Sports for
gathering information about pupils and students, Nokia company for its
efforts to legalize snooping in its employees' email communication, the
social networking site Facebook for its inconsistent approach to user
privacy protection, the Czech Ministry of Health, the State Institute for
Drug Control and National Health Registries, or the French "HADOPI law",
nicknamed the "electronic guillotine".

The "Statement of the year" went to the General Manager of the state-owned
lottery operator Sazka, for demanding that slot-machines be equipped with ID
scanners. He thinks this would prevent people who receive social benefits
from gambling. "It is a question of a greater control or an increase in
gambling," says Mr. Ales Husak. The positive prize was awarded to the
citizens of Iran for boycotting telephones manufactured by Nokia Siemens,
because a telecommunication surveillance system was sold by this company to
the Government of Iran.

The first ceremony in the Czech Republic took place in 2005. Similarly to
previous years there are eight categories - Longterm Violation of Human
Privacy (for companies and public organizations), Biggest Corporate Snoop
(for companies), Biggest Government Agency Snoop (for government
organizations), Dangerous New Technology, Big Brother Law, Snoop Among
Nations, Statement of a Big Brother and finally the positive award for
Achievements in Protecting Privacy. The Czech Awards are held by the
EDRi-member Iuridicum Remedium.

Big Brother Awards 2009 (only in Czech)
http://www.bigbrotherawards.cz/

Czech Big Brother awards press release in English (12.11.2009)
http://www.edri.org/files/Czech_BBA09_EN.pdf

(Contribution by Katerina Hlatka - EDRi-member IURE)

============================================================
8. EC changes the openess concept in the draft eGov EIF
============================================================

A second draft of the European Interoperability Framework (EIF) was recently
leaked to the press showing that the European Commission (EC) has decided to
take the side of Business Software Alliance (BSA), a lobby group for
proprietary software vendors.

The first draft of EIF is a document produced in 2004 by the "Interoperable
delivery of pan-European eGovernment services to public administrations,
businesses and citizens" (IDABC) for the European Union.

According to EIF I, open standards are the key in obtaining interoperability
in pan-European eGovernment services. The document defines the open standard
as being a standard that is adopted and maintained by a non-profit
organization the development of which "occurs on the basis of an open
decision-making procedure available to all interested parties (consensus or
majority decision etc.)." An open standard needs also to be published with a
standard specification document that "is available either freely or at a
nominal charge. It must be permissible to all to copy, distribute and use it
for no fee or at a nominal fee." The intellectual property of an open
standard (or part of it) "is made irrevocably available on a royalty-free
basis" and "there are no constraints on the re-use of the standard."

The EC produced a consultation document and launched a public consultation
between June and September 2008 for a second version of the EIF. The
consultation received 53 comments. The Free Software Foundation Europe
(FSFE) has analysed the new version of the text, showing that the Commission
has based its result practicaly only on the input of BSA ignoring other
opinions from companies, groups and individuals in favour of Open Standards
and Free Software.

"The European Commission must not make itself the tool of particular
interests. The current draft is unacceptable, and so is the total lack of
transparency in the process that has led to this text," says Karsten
Gerloff, FSFE's President.

While the first version of EIF considers open standards as key tools for
interoperability, thus strongly supporting Free Software and Open Standards
in the public sector, EIF2 contains only a description of a so called
"openness continuum", which also includes proprietary specifications.

The new text no longer considers that openness is a key factor for
interoperability in eGoverment services. "While there is a correlation
between openness and interoperability, it is true that interoperability can
be obtained without openness, for example via homogeneity of the ICT
systems, which implies that all partners use, or agree to use, the same
solution to implement a European Public Service" says the new draft.

FSFE has sent a letter to the people in charge of eGovernment in EU member
states that says: "The current text is not a viable successor to version 1
of the EIF. Instead of leading Europe forward into an interoperable future,
it will promote vendor lock-in, block interoperability of eGovernment
services, and damage the European software economy. If adopted, it will be a
testament to the power which is exerted outside democratic and transparent
processes, and will give rise to Euro-scepticism." The letter includes a set
of 10 recommendations for the improvement of the draft.

A press officer with the Delegation to the European Commission in Washington
stated on 6 November that the document being circulated as "EIF 2.0" could
not be attributed as an official European Commission document." It seems the
EC indicated that the text was a document only intended to test public
opinion.

However, the second draft of the EIF document was discussed in a meeting
between the EC and representatives of the EU Member States on 12 November in
Brussels. According to the German Ministry of the Interior, most member
states at the meeting considered the document a good starting point, "but
there are some points that have to be discussed again, including the
definition of interoperability and open source."

A spokesman from the Dutch Ministry of Economic Affairs stated the revision
was a major step back from the first version. "We informally said we were
unhappy with it. The government will respond officially once the document is
ready."

FSFE: EC caves in to proprietary lobbyists on interoperability (27.11.2009)
http://www.fsfe.org/news/2009/news-20091127-01.en.html

European Interoperability Framework for European Public Services (EIF) -
Version 2.0 - (work document in progress) (11.2009)
http://www.bigwobber.nl/wp-content/uploads/2009/11/European-Interoperability-Framework-for-European-Public-Services-draft.pdf

U Wants to Re-define "Closed" as "Nearly Open" (2.11.2009)
http://www.computerworlduk.com/community/blogs/index.cfm?entryid=2620&blogid=14

If Not EIF 2.0, Then What? (6.11.2009)
http://www.computerworlduk.com/community/blogs/index.cfm?entryid=2629&blogid=14

============================================================
9. Spanish court revokes its decision to shut down P2P-related sites
============================================================

A preliminary shut down decision against two P2P file-sharing link sites has
been recently overturned by a Spanish court which also fined the anti-piracy
group involved in the case.

Two eD2K file-sharing link sites known as Elitelmula and Etmusica were shut
down by court order in April 2009 on the basis of an action of by
anti-piracy group SGAE. Shortly after, Juan Jose Carrasco Colonel, who ran
the two sites, received a visit from a lawyer and a computer expert of SGAE
who, under false pretences of coming from the court with a warrant, entered
his home and inspected his computers and hard drives to find proofs of music
downloads through the two sites between September and December 2007.

The two lawyers of the sites succeeded in convincing the court that the hard
drive evidence collected during the controversial raid was worthless and
therefore the evidence was dismissed and both sites can now be reopened.

"The reason for reopening the websites is that a hyperlink, per se, does not
violate intellectual property law," said Javier de la Cueva, one of the
lawyers, who explained that the dismissal of the hard drive evidence was due
to having proved that it was impossible for the site's users' sharing
statistics to be stored in it.

He also pointed out that SGAE requested injunctions against Etmusic and
Elitemula without summoning their client. "When this happens and injunctions
are adopted, the defendant should have the opportunity of opposition, and
this is what we have won," he said.

Furthermore, the court fined SGEA with 500 euros for bad faith ("mala
fides") concluding the group had acted on the intention to avoid the right
to a defence of the defendants and for having failed to tell the court that
earlier criminal proceedings brought by Promusicae to achieve preliminary
injunctions against both sites, had already been dismissed.

P2P Sites' Injunctions Overturned, Anti-Piracy Group Fined (24.11.2009)
http://torrentfreak.com/p2p-sites-injunctions-overturned-anti-piracy-group-fined-091124/

Spain: the judges fining an anti-piracy group guided by SGAE. (only in
Spanish, 25.11.2009)
http://www.onep2p.it/tag/juan-jose-carrasco-colonel/

The Judge orders the reopening of the two p2p sites and fines SGAE for mala
fides in its request for closing down (only in Spanish, 22.11.2009)
http://derecho-internet.org/node/497

============================================================
10. ENDitorial: IGF 2009: the Forum is the Message (and the Massage as well)
============================================================

Internet Governance Forum or Internet Governance Fair? One might still
wonder what the IGF acronym stands for, after the closing of its fourth
annual meeting in Sharm El Sheikh, Egypt, on 18 November 2009. As usual, the
IGF featured a number (111 over 4 days!) of so-called multi-stakeholder
panels and workshops, exhibition booths, launching events and other
happenings. One might still equally wonder what 'Internet Governance' means
in the IGF context: apparently, any and all Internet issues, roughly
categorized under 7 headings: Access, Diversity, Openness, Security,
Critical Internet Resources, Development and Capacity Building.

The new comer finds it hard to understand the difference between discussion
formats: main session (though run in parallel with up to 9 other events),
workshop, open forum, best practice forum, dynamic coalition meeting: what's
the exact difference in the end? The veteran is still waiting for the
'round-table' format, that is, a more output-oriented format for issues that
have reached a certain level of maturity, that one would have expected as a
result of the February and May 2009 IGF consultation meetings. But 'outcome'
seems a banned concept, if not a jinx, at IGF. Marshall McLuhan would
probably have liked it: the Forum is indeed the message and the massage
altogether. However, some participants have a precise agenda to advance for
better or worse.

The Association for Progressive Communication (APC) took further steps on
its joint initiative with the Council of Europe and UNECE towards a "Code of
Good Practice on Transparency, Information and Participation in Internet
governance", which builds on the principles of WSIS and the Aarhus
Convention on Access to Information, Public Participation in Decision-Making
and Access to Justice in Environmental Matters. The Electronic Privacy
Information Center (EPIC) and the international Public Voice Coalition were
instrumental in making privacy a key and crosscutting issue at this year
IGF, most notably by moderating the main session on "security, openness, and
privacy" and by convening high quality informative workshops to put privacy
in focus in emerging contexts such as cloud computing, behavioural targeting
and social networks. IGF was indeed the perfect opportunity for the Public
Voice Coalition, of which EDRI is a main actor, to campaign on and collect
more signatures to the recently adopted "Madrid Civil Society Declaration on
Global Privacy Standards in a Global World".

On the worrying side, no less than 3 workshops were explicitly dedicated to
the promotion of the Council of Europe (CoE) Convention on Cybercrime
through CoE (privately co-funded) projects. While these projects claim to
include data protection and privacy in their objectives, this would
certainly be better achieved if the CoE (as well as private companies) were
dedicating comparable resources to the promotion of the CoE Convention 108
for the Protection of Individuals with regard to Automatic Processing of
Personal Data, together with its 2001 additional Protocol regarding
supervisory authorities and transborder data flows. Another preoccupying
issue is the promotion by many governments, but also by other stakeholders
including some NGOs, of regulations and public-private initiatives to fight
the "dangers" of the Internet through content regulation measures that have
shown, till now, more harm to human rights and especially the rights to
freedom of expression, to privacy and to access to knowledge, than effective
protection of vulnerable groups.

Human rights are not simply a discussion topic: they form a set of
international state binding standards. Active campaigning and uncompromising
on the softening and dilution of basic universal principles seems to be
still required from the civil society side. While APC and some other
participants seem to consider that human rights are gaining prominence at
the IGF, it remains to be proven that, beyond endless discussions, the
realization of human rights in the digital environment is making effective
progress thanks to the IGF... or even AT the IGF one should rather say:
during an event organized by the Open Net Initiative (ONI) to launch the
book entitled "Access controlled", a promotion poster was taken down by
security personnel on the grounds that it showed the following sentence:
'China's famous "Great Firewall of China" is one of the first national
Internet filtering systems', a display which was claimed to violate UN
policy.

Should the IGF continue, then? Almost all stakeholders, including civil
society ones, advocated in favour of the continuation of the IGF in the
written comments they submitted as well as at the main session dedicated to
the desirability of the Forum continuation after the expiration of its first
5-years mandate in 2010. Particularly and unanimously praised were the
capacity building feature of the IGF and its ability to facilitate open
dialogue among different stakeholders and different viewpoints. Governments
are divided, though, on whether the IGF should lead to negotiated and/or
binding outcomes: Canada, USA, and the EU presidency strongly stood against
such idea, rather favouring IGF continuation in its current form. Others,
like Brazil, Kenya and Switzerland, advocated for more concrete but not
negotiated outcomes. China was the most clear and direct: "without reform to
the present IGF, it is not necessary to give the IGF a five-year extension",
advocating for a more classical UN style discussion. All developing
countries highlighted the need for better inclusion and involvement of
participants from the Global South. Since the IGF will probably be
continued, the fact that the IGF 2011 will be held in Kenya might bring some
improvement on this last issue. Next year's IGF meeting will be in Vilnius,
Lithuania, on 14-17 September 2010.

Internet Governance Forum, with workshops list and main sessions transcript
(15-18.11.2009)
http://www.intgovforum.org

APC's project for a code of good practice in Internet governance
http://www.apc.org/fr/projects/code-good-practice-internet-governance

EPIC and The Public Voice workshops on Privacy (15-18.11.2009)
http://thepublicvoice.org/events/egypt09/

The Madrid Privacy Declaration (3.11.2009)
http://thepublicvoice.org/madrid-declaration/

Council of Europe Projects on Cybercrime
http://www.coe.int/cybercrime

EDRi-gram: The 2001 Coe Cybercrime Conv. More Dangerous Than Ever
(20.07.2007)
http://www.edri.org/edrigram/number5.12/cybercrime-convention-dangerous

APC's assessment of IGF 2009 (26.11.2009)
http://www.apc.org/en/system/files/APCIGF4Assessment_EN.pdf

ONI's poster taken down and related videos, including UN Statement on the
incident (15.11.2009)
http://www.youtube.com/watch?v=d-kxYt2LwKc

(Contribution by Meryem Marzouki, EDRI-member IRIS - France)

============================================================
11. ENDitorial: Keeping the "self" in self-regulation
============================================================

Businesses, particularly in the Internet environment, fear (and often have
good reason to fear) government regulation. Traditionally, therefore,
Internet Service Providers have pushed for "self-regulatory" solutions to
issues surrounding the management and operation of their own networks - as
in the case of spam, for example. Self-regulation often seems to be, and
often is, the most effective solution.

There is, however, a growing and insidious trend in self-regulation, where
increasing pressure is being put on Internet access and service providers to
treat their own customers as potential criminals and to take on, usually
unwillingly, policing roles. It is clear that this development has serious
risks both to online freedoms and to the democratic controls that citizens
would normally be able to rely on to protect them.

Already, with the notable exception of Germany, when ISPs were asked (often
under the threat of being portrayed as supporters of child abuse) to
introduce "self-regulatory" web blocking, they felt obliged to do so. This
activity clearly has little in common with the dictionary definition of
"self-regulation". In Germany, the public debate that was provoked by the
ISPs' brave and honourable decision not to cave in to moral blackmail lead
to the country not taking the first crucial first step towards widespread
censorship and an increasingly controlled Internet. Unfortunately, that
democratic decision now risks being overturned by the European Commission's
populist but profoundly flawed proposal to introduce "blocking" at an EU
level.

Last week, the telecoms package was approved by the European Parliament.
This contains a new right for Member States to require that providers of
e-communications networks and services include obligations in their consumer
contracts regarding "unlawful activities" and undefined (and indefinable)
"harmful content". Only a few weeks ago, we saw a leaked document related to
ACTA explaining the United States' view that "ISPs need to put in place
policies to deter unauthorised storage and transmission of IP infringing
content (ex: clauses in customers' contracts allowing, inter alia, a
graduated response)."

Therefore, on the one hand, we see the telecoms package creating the power
for governments to push private companies into using their contracts to
restrict their consumers' use of the Internet. This not alone covers
"illegal" activities but also legal activities that government or the ISP or
a third party might find useful to restrict under the vague heading of
the content being "harmful". This trend is neatly encapsulated in the Dutch
"Notice and Takedown Code of Conduct" which explains that the "parties
involved are also free to decide for themselves which information is
considered as 'undesirable', irrespective of the question of it being in
conflict with the law. They can deal with this undesirable information in
the same way as information that is in conflict with the law". On the other
hand, we see the USA proposing, within the context of ACTA, the introduction
of "graduated response" via consumer contracts and therefore outside the
scope of democratic oversight.

Self-regulatory initiatives are often to promote/protect the interests of
ISPs' customers, so self-regulation is neither automatically unwelcome nor
negative. However, ISPs and providers of online services are there to do
business, so when the cost of defending their users is higher than the cost
of fighting pressure from third parties, it is hardly surprising when they
take the decision most appropriate to the survival of their business. These
activities are, however, outside their normal business practices and,
therefore, the trend towards defending third parties and restricting users'
rights is also harmful and unwelcome for them. "Self-regulation" risks
becoming a way of tipping the cost/benefit balance definitively in favour of
third parties and against citizens. The research carried out in 2004 by
Dutch NGO Bits of Freedom which assessed the ease with which wholly invalid
"notices" of illegal content could cause websites to be taken offline
eloquently demonstrates what this trend means for free speech and justice on
the Internet.

As a result, we have ISPs being subject to a flurry of invitations to have
discussions with international organisations from the European Commission to
the Council of Europe to the United Nations with regard to "self-regulation"
or "public-private partnership" in the field of intellectual property
rights, terrorism, identity theft and various other forms of online activity
where private companies are asked to duplicate or participate in policing
activities. As long as society continues to be mislead by use of words like
"self-regulation" or "partnership", the democratic impact and dangers of
this trend will not be understood and freedoms will be undermined.

Bits of Freedom research - The Multatuli Project ISP Notice & take down
(1.10.2004)
http://www.bof.nl/docs/researchpaperSANE.pdf

Dutch Code of Conduct (in Dutch, 10.2008)
http://www.samentegencybercrime.nl/UserFiles/File/,DanaInfo=ex01tp+NTD_Gedragscode_Opmaak.pdf

Dutch Notice and Take down Code of Conduct (10.2008)
http://www.samentegencybercrime.nl/UserFiles/File/NTD_Gedragscode_Opmaak_Engels.pdf

ACTA leak (30.09.2009)
http://www.wikileaks.com/wiki/European_Commission_"advance_warning"_summary_on_ACTA_Internet_Chapter%2C_30_Sep_2009

(contribution by Joe McNamee - EDRi)

============================================================
12. Recommended Reading
============================================================

ENISA, supported by a group of subject matter experts comprising
representatives from Industries, Academia and Governmental Organizations,
has conducted, in the context of the Emerging and Future Risk Framework
project, a risks assessment on cloud computing business model and
technologies. The result is an in-depth and independent analysis that
outlines some of the information security benefits and key security risks of
cloud computing. The report provide also a set of practical recommendations.
(20.11.2009)
http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment/

UK: Report published by the Human Genetics Commission (HGC), the
Government's independent advisers on developments in human genetics
(24.11.2009)
http://www.hgc.gov.uk/Client/document.asp?DocId=226&CAtegoryId=8

============================================================
13. Agenda
============================================================

4 December 2009, Brussels, Belgium
Are you ready for the Internet of Things?
Lift Workshop @ Brussels, Council and Tinker.it!
http://liftconference.com/lift-at-home/events/2009/12/04/lift-brussel-council-and-tinkerit-present-are-you-ready-i

9 December 2009, Brussels, Belgium
The European OpenSource & Free Software Law Event - EOLE 2009
http://www.eolevent.eu/

27-30 December 2009, Berlin, Germany
26th Chaos Communication Congress
http://events.ccc.de/congress/2009/

20-22 January 2010, Namur, Belgium
The Conference for the 30th Anniversary of the CRID - An Information Society
for All : A Legal Challenge
http://www.crid.be/30years/

29-30 January 2009, Turin, Italy
"Cultural Commons" - First International Workshop
http://www.css-ebla.it/css/

29-30 January 2009, Brussels, Belgium
Third edition of the Computers, Privacy and Data Protection -
CPDP 2010 - An Element of Choice
http://www.cpdpconferences.org/

6-7 February 2010, Brussels, Belgium
FOSDEM 2010
http://www.fosdem.org/2010/

26-28 May 2010, Amsterdam, Netherlands
World Congress on Information Technology
http://www.wcit2010.com/

9-11 July 2010, Gdansk, Poland
Wikimedia 2010 - the 6th annual Wikimedia Conference
http://meta.wikimedia.org/wiki/Wikimania_2010

============================================================
14. About
============================================================

EDRI-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRI has 27 members based or with offices in 17 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge and
awareness through the EDRI-grams.

All contributions, suggestions for content, corrections or agenda-tips are
most welcome. Errors are corrected as soon as possible and visibly on the
EDRI website.

Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 3.0 License. See the full text at
http://creativecommons.org/licenses/by/3.0/

Newsletter editor: Bogdan Manolea <edrigram at edri.org>

Information about EDRI and its members:
http://www.edri.org/

European Digital Rights needs your help in upholding digital rights in the
EU. If you wish to help us promote digital rights, please consider making a
private donation.
http://www.edri.org/about/sponsoring

- EDRI-gram subscription information

subscribe by e-mail
To: edri-news-request at edri.org
Subject: subscribe

You will receive an automated e-mail asking to confirm your request.
unsubscribe by e-mail
To: edri-news-request at edri.org
Subject: unsubscribe

- EDRI-gram in Macedonian

EDRI-gram is also available partly in Macedonian, with delay. Translations
are provided by Metamorphosis
http://www.metamorphosis.org.mk/edrigram-mk.php

- EDRI-gram in German

EDRI-gram is also available in German, with delay. Translations are provided
Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for
Internet Users
http://www.unwatched.org/

- Newsletter archive

Back issues are available at:
http://www.edri.org/edrigram

- Help
Please ask <edrigram at edri.org> if you have any problems with subscribing or
unsubscribing.

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE