EDRi-gram newsletter - Number 7.3, 11 February 2009
EDRI-gram newsletter
edrigram at edri.org
Wed Feb 11 10:39:14 PST 2009
============================================================
EDRi-gram
biweekly newsletter about digital civil rights in Europe
Number 7.3, 11 February 2009
============================================================
Contents
============================================================
1. Data retention directive has the correct legal basis
2. EU Commissioner: No to an Internet freedom law and Yes to net neutrality
3. Irish ISP settled to introduce 3 strikes
4. UK Government proposes increased data sharing
5. Romania: Protests against biometric passports
6. Data protection framework decision adopted
7. Protests against data retention in Bulgaria
8. An error margin of 2% in municipal elections ruled acceptable in Finland
9. Lack of coordination in European eID privacy features
10. Pirate Bay in legal battle with IFPI
11. House of Lords Constitution Committee report on surveillance and privacy
12. Big Brother Awards 2009 Ceremony in Bulgaria
13. Recommended Action
14. Recommended Reading
15. Agenda
16. About
============================================================
1. Data retention directive has the correct legal basis
============================================================
On 10 February 2009 the European Court of Justice (ECJ) decided that the
data retenion directive was correctly adopted on the basis of the EC Treaty
as it relates predominantly to the functioning of the internal market.
This was the conclusion of the court in the suit that Ireland, supported by
Slovakia, started against the European Parliament asking the Court of
Justice to annul the directive grounds of inappropriate legal basis. Ireland
sustained that the directive could not be based on Article 95 EC since its
"centre of gravity" does not concern the functioning of the internal market
but rather the investigation, detection and prosecution of crime, and that
measures of this kind ought therefore to have been adopted on the basis of
the articles of the EU Treaty related to police and judicial cooperation in
criminal matters.
The Court decided that it was necessary to adopt the directive on the basis
of Article 95 EC. It underlined that the data retention directive amended
the provisions of the directive on the protection of privacy in the
electronic communications sector, which is itself based on Article 95 EC. At
the same time, the Court found that the provisions of the directive are
essentially limited to the activities of service providers and do not govern
access to data or the use thereof by the police or judicial authorities of
the Member States. The measures provided for by the directive do not, in
themselves, involve intervention by the police or law-enforcement
authorities of the Member States.
But the Court did not tackle the intriquate issue of the privacy because
"the action brought by Ireland relates solely to the choice of legal basis
and not to any possible infringement of fundamental rights arising from
interference with the exercise of the right to privacy contained in
Directive 2006/24."
This also means that the Court could have a future case based on the privacy
breach of the Data Retention Directive, reffered from a national court. Such
a case could be the one started by EDRi-member Digital Rights Ireland or the
German Constitutional case initiated by the German Working Group on Data
Retention.
The Working Group has already stated, after the ECJ decision, that they
remain confident that future action on privacy grounds would be succesfull:
"The ruling only concerns the formal matter of the correct legal basis and
does not address the violation of human rights by the unwarranted
registration of the entire population's telecommunications behaviour and
movements", commented Werner H|lsmann of the Working Group. "The 34 000
plaintiffs in the German suit against data retention have applied to the
German Constitutional Court to seek a separate ruling by the European Court
of Justice on the compatibility of data retention with human rights."
Case Ireland vs European Parliament (10.02.2009)
http://curia.europa.eu/jurisp/cgi-bin/form.pl?lang=EN&Submit=rechercher&numaff=C-301/06
The data retention directive is founded on an appropriate legal basis
(10.02.2009)
http://curia.europa.eu/en/actu/communiques/cp09/aff/cp090011en.pdf
After ruling on data retention: activists remain confident (10.02.2009)
http://www.vorratsdatenspeicherung.de/content/view/298/1/lang,en/
============================================================
2. EU Commissioner: No to an Internet freedom law and Yes to net neutrality
============================================================
The intentions of some European Parliament members (MEPs) to introduce in EU
a similar law with the Global Online Freedom Act proposed by the US Congress
in January 2007, was considered unnecessary and a too "hard law" by
Commissioner Viviane Reding.
The US bill is meant to promote freedom of speech on the Internet and
prevent US companies from being forced to act like "cyber police". Some MEPs
are on the opinion that EU should follow US example and try to counterattack
the actions of several states that have increased the control and censoring
of the Internet thus violating citizens' human rights.
However, Reding's opinion is that such a law, involving export controls,
civil and criminal penalties and the creation of a specific EU body
controlling European Internet companies with operations abroad, would be too
hard and not really efficient.
"Rather, our goal should be to find ways to allow operators and service
providers to respect human rights without doing either," said Reding on a
speech delivered on 2 February 2009 during an international conference on
the future of the Internet.
With a completely opposed position that she had last year when she supported
the three-strike measures, Reding pleaded now for the openness of the
Internet and for net neutrality. "(...) we will only be able to reap the
full social and economic benefits of a fast moving technological landscape
if we manage to safeguard the openness of the Internet. Openness is one of
the key ingredients that made the Internet so successful as an innovation
place, and we have to make sure that it is not compromised" she said. "Net
Neutrality has to be guaranteed. New network management techniques allow
traffic prioritisation. These tools may be used to guarantee good quality of
service but could also be used for anti-competitive practices. The
Commission has taken additional steps, through measures proposed to reform
our telecom package, to better prevent such unfair abuse to the detriment of
consumers" added Reding.
Reding also talked in favour of open standards: "We need to take advantage
of the win-win of open interfaces and standards such that the market can
grow for all. Dominant players may try to use proprietary standards to lock
consumers into their products or to extract very high royalties, ultimately
stifling innovation and foreclosing market entry by new players."
In the Commissioner's opinion, financial investments could be used for the
research and development of anti-censorship software. "In these times of
economic downturn, it is also our responsibility to invest in promising
technologies that will give us the much needed competitive edge that will
accelerate the economic recovery."
EU media chief rules out Internet freedom law (3.02.2009)
http://uk.reuters.com/article/technologyNewsMolt/idUKTRE5124SB20090203?sp=true
Vivian Reding's Speech - Internet of the future: Europe must be a key
player - Future of the Internet initiative of the Lisbon Council (2.02.2009)
http://ec.europa.eu/commission_barroso/reding/docs/speeches/2009/brussels-20090202.pdf
============================================================
3. Irish ISP settled to introduce 3 strikes
============================================================
The case introduced by IRMA (Irish Recorded Music Industry) against Irish
ISP Eircom through which Eircom was required to block P2P filesharing by
applying a filtering system to its network, was settled outside the court
room. The music industry decided to drop the action provided Eircom
introduces a "three strikes" system where users accused of filesharing by
the industry would be disconnected after two warning letters.
Eircom is pleased with the settlement as it does not risk breaching privacy
laws by providing to the music industry details about its subscribers and
because it does not have to add software to its network that might
interfere with its broadband service. Acording to the settlement, the record
companies will provide Eircom with the IP addresses of persons they detect
to illegally upload or download copyright works. Based on this information,
basically, the three steps the ISP has to take are:
1) to inform its subscribers that their IP address has been detected
infringing copyright;
2) to warn the respective subscriber that he (she) will be disconnected
unless the infringement ceases and
3) in case of non-compliance by the above warned subscriber, the respective
subscriber will be disconnected.
According to EDRi-member Digital Rights Ireland, this agreement is wrong
from many points of view: it is unreliable, secret, undemocratic and
disproportionate. First of all, MediaSentry, the company used by the music
industry until now to identify filesharers is a company which has been
recently found as operating illegally in several US states and that has a
track record of false accusations. Although the music industry has turned to
Danish firm Dtecnet, the process is still unreliable. The settlement is also
private to the parties and the music industry and Eircom will be the only
ones to decide, judge and execute. It is also undemocratic because the
3-strikes model was not discussed like in other European countries with
public input through public consultation and legislatures. And it is
disproportionate as with the present extent of the Internet, third innocent
parties may be affected in the process as Internet connections are not
generally unique to an individual.
The agreement is also bad news for Eircom's customers who will not
be able to take action when accused of an infringement. Three accusations
from a group of third parties will be enough to terminate an Internet
connection. What it will also happen is that Eircom will have to modify its
terms of service for all its current customers without providing a legal
basis for a unilateral change of contract.
The three strikes process in this case is procedurally unfair. The music
industry has tried to gain some points realizing this may be its only hope
as automatic filtering and suing customers would not work.
The record companies represented in the case, EMI, Sony, Universal and
Warner, have agreed to take "all necessary steps" to get similar agreements
with all ISPs in Ireland. It remains to see whether other ISPs will defend
better their users' rights.
Internet users face shutdown over illegal music downloads (29.01.2009)
http://www.irishtimes.com/newspaper/frontpage/2009/0129/1232923373331.html
Three unproven accusations and you're out - why the Eircom / IRMA deal is
bad for internet users (29.01.2009)
http://www.digitalrights.ie/2009/01/29/three-unproven-allegations-and-youre-out/
Irish ISP Agrees to Three Strikes Against Its Customers (28.01.2009)
http://www.eff.org/deeplinks/2009/01/irish-isp-agrees-three-strikes-against-its-users
Ireland: Copyright Filtering Case Settles out of Court (29.01.2009)
http://bendrath.blogspot.com/2009/01/ireland-copyright-filtering-case.html
"Three strikes" for Ireland - Eircom, music industry settle filtering case
(29.01.2009)
http://www.tjmcintyre.com/2009/01/three-strikes-for-ireland-eircom-music.html
EDRIgram: Ireland: Music industry sues ISP, demands filtering (12.03.2008)
http://www.edri.org/edrigram/number6.5/ireland-isp-filtering
============================================================
4. UK Government proposes increased data sharing
============================================================
The UK Minsitry of Justice introduced in January 2009, in the House of
Commons the Coroners and Justice Bill which, among other things, amends the
Data Protection Act 1998 and enables increased personal data sharing among
governmental bodies.
The Bill empowers ministers to make orders that override data protection,
allowing the use for other purposes of information collected for a specific
purpose. Moreover, it gives the Secretary of State the right to remove "an
existing legal barrier to data sharing".
"Rather than protecting our personal information, as it should be, the
government is cutting away safeguards for its own data-trafficking
convenience. This is a Bill to smash the rule of law and build the database
state in its place. Burying sweeping constitutional change in obscure Bills
is an appalling approach. Having proved - and admitted - they cannot be
trusted to look after our secrets, they are still determined to steal what
privacy we have left. Parliament needs to wake up before it has no say any
more," commented Phil Booth, National Coordinator of lobby group NO2ID.
What basically the bill says regarding data sharing is that UK Government
will have the right to decide if and to whom personal data can be provided.
The Bill is a mix of several provisions, many unrelated, which will make
things difficult for the debates in the Parliament. The risk is that serious
issues may be passed without proper debate just because the Parliament may
lack the necessary time.
"This is the forty-eighth criminal justice bill under this Government and it
already amends provisions not yet in force from the last Bill, enacted only
eight months ago. Once again Ministers have produced a rag-bag of measures.
While some are welcome others, including the resurrection of plans for
secret inquests, we have serious concerns about," said Shadow Justice
Secretary Dominic Grieve.
The Bill was voted at the Second Reading on 26 January 2009 to be sent to a
Public Bill Committee and is being now analyzed clause by clause.
Coroners and Justice Bill 2008-09
http://services.parliament.uk/bills/2008-09/coronersandjustice.html
Government grants itself even more data sharing power (5.12.2009)
http://www.theregister.co.uk/2008/12/05/gov_grows_data_share/
Chaotic Coroners and Justice Bill reels into view (22.01.2009)
http://www.theregister.co.uk/2009/01/22/coroners_and_justice_bill/
House of Commons Coroners and Justice Bill (14.01.2009)
http://www.publications.parliament.uk/pa/cm200809/cmbills/009/09009.1-5.html
Coroners and Justice Bill - destroying data protection (23.01.2009)
http://www.liberalconspiracy.org/2009/01/23/coroners-and-justice-bill-data-protection/
============================================================
5. Romania: Protests against biometric passports
============================================================
A few hundred Romanians gathered on 1 February 2009 to protest against the
introduction of the obligatory biometric passports starting with the
beginning of 2009.
The event comes after the first passports with biometric identifiers
(including fingerprints) were issued at the end of January in the county of
Ilfov, as a first implementation in the country. The decision was heavily
contested by several prominent members of the Orthodox Church that consider
it as the first step towards the introduction of biometric identifiers in
all ID cards, which is a direct action against freedom of religion and
freedom of expression or the right to a private life.
A few civil society pro-orthodox groups, gathered under the name "Coalition
against the Police State", started on online petition, with more than 15 000
signatures, calling for a stop to the biometric passports and biometric
driving licences, until the situation has been properly explained by the
authorities. The coalition also organized the event on 1 February in front
of the Patriarchy Palace and announced that one lawyer started a civil
action in court in order to stop the Government Decision that allows the
issuing of the biometric passports.
The people protesting presented banners stating: "Let us choose!" or
"Support the Church ! Refuse the implant!". Several speakers expressed their
concern that imposing obligatory biometric IDs is an attempt to make humans
same as cattle as a first step to Total Control from the state. Others have
considered that the new electronic chip contains the number 666, which, in
their opinion, means the first step towards the Apocalypse. The extreme
right-wing party Noua Dreapta has joined the demonstration with their
specific flags.
The Romanian Patriarchy Orthodox Church refused to publicly support the
events, calling for calm and prayers, but at the same time asked the
Romanian Government more information regarding the new biometric
passports. An official opinion should be issued after their meeting in 27-28
February 2009.
A similar event on 4 February organized by the Coalition against the Police
State gathered more than 100 persons with images with politicians looking
like sheep. The organizers protested about the fact that no public debate
was intiated by the Government in order to asses the social, economical and
religious impact of the decision to have obligatory biometric passports.
In both events the participants also protested against the new law on data
retention, explained as the law that will permit authorities to "record and
keep all the electronic communications of the Romanian citizens."
Another civil society organization - Civil Society Commissariat announced
that it has sued its own telecom provider Orange to oblige it to respect
the contractual obligations regarding the confidentiality of the
communications.Thus, the provider should not implement the data retention
law. The organization wants to use this opportunity to challenge the law to
the Constitutional Court based on the right to privacy.
Protest of several NGOs to the introduction of chips in IDs (only in
Romanian, 1.02.2009)
http://www.mediafax.ro/social/protest-al-mai-multor-ong-uri-fata-de-introducerea-de-chip-uri-in-acte.html?1688;3846781
Government - accused by hundreds of christens that it has started the
apocalypse of the Passport Chip (only in Romanian, 1.02.2009)
http://www.gandul.info/actualitatea/guvernul-acuzat-de-sute-de-crestini-ca-a-dezlantuit-apocalipsa-cipului-din-pasaport.html?3927;3848284
Photos from the 1.02.2009 event (2.02.2009)
http://victor-roncea.blogspot.com/2009/02/foto-info-demonstratia-anti-cip.html
Romanian Petition against biometric passports
http://www.petitiononline.com/NU666/petition.html
The Civil Society Commisariat asks the annulment of the law on telephony
data retention (only in Romanian, 4.02.2009)
http://www.frontnews.ro/social-si-economic/eveniment/comisariatul-pentru-societatea-civila-cere-anularea-legii-privind-stocarea-datelor-telefonice-22299
EDRi-gram: Romania: Is really privacy a topic in the public debate?
(28.01.2009)
http://www.edri.org/edri-gram/number7.2/romania-privacy-in-public-debate
============================================================
6. Data protection framework decision adopted
============================================================
After several years of discussions and debates with the EU bodies, the
Framework Decision on the protection of personal data processed in the
framework of police and judicial cooperation in criminal matters was adopted
by the Council and published in the Official Journal on 30 December 2008.
The decision is the first horizontal data protection instrument in the field
of personal data used by police and judicial authorities and its main
purpose is the establish a common level of privacy protection and a high
level of security when exchanging personal data.
The European Parliament has already been consulted twice on data protection
framework decision: once in September 2006 and a second time in June 2007.
After a deadlock in the Council on this decision, a new version of the text
was subject to a renewed consultation based on the political agreement
reached by the Council on 11 December 2007. The European Parliament adopted,
by 600 votes in favour, the new text with several amendments.
Some of the changes made by the Parliament, such as references to
Convention 108 (Council of Europe Convention for the Protection of
Individuals with regard to Automatic Processing of Personal Data), inclusion
of the national data processing or creation of the Working Party on the
Protection of Individuals with regard to the Processing of Personal Data,
were not retained by the Council. The Council of the European Union adopted
the framework decision in its meeting on 27-29 November 2008 and the final
text was published on the Official Journal as the Council Framework Decision
2008/977/JHA.
The Framework Decision is thus applicable to cross-border exchanges of
personal data within the framework of police and judicial cooperation. The
instrument contains rules applicable to onward transfers of personal data to
third countries and to the transmission to private parties in Member States.
The decision also allows the EU states to have higher-level safeguards for
protecting personal data than those established in this act.
The European Data Protection (EDPS) welcomed the adoption of this
first general data protection instrument in the EU third pillar,
though seeing it "only as a first step". He declared that
"unfortunately, the level of data protection achieved in the final
text is not fully satisfactory". Peter Hustinx regrets in particular
that the Framework Decision does not apply to Member State domestic
data. The Framework Decision indeed only covers police and judicial
data exchanged between Member States, EU authorities and systems,
which explicitely excludes such exchanges as the transfer of
Passenger Name Records (PNR) data to US authorities.
The Decision needs to be implemented by the EU member countries by 27
November 2010, by taking the necessary measures, including designating one
or more public authorities that should be responsible for advising and
monitoring the application within its territory.
Council Framework Decision 2008/977/JHA of 27 November 2008 on the
protection of personal data processed in the framework of police and
judicial cooperation in criminal matters (30.12.2008)
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2008:350:0060:01:EN:HTML
2908th meeting of the Council - Justice and Home Affairs (27-28.11.2008)
http://www.consilium.europa.eu/ueDocs/cms_Data/docs/pressData/en/jha/104584.pdf
European Parliament - Legislative Observatory - Framework Decision on the
protection of personal data processed in the
framework of police and judicial cooperation in criminal matters
http://www.europarl.europa.eu/oeil/FindByProcnum.do?lang=2&procnum=CNS/2005/0202
EDPS Press release - "EDPS sees adoption of Data Protection Framework for
police and judicial cooperation only as a first step" (28.11.2008)
http://www.edps.europa.eu:80/EDPSWEB/webdav/site/mySite/shared/Documents/EDPS/PressNews/Press/2008/EDPS-2008-11_DPFD_EN.pdf
EDRi-gram: Update on a Council Framework Decision on the protection of
personal data (20.06.2007)
http://www.edri.org/edrigram/number5.12/framework-decision-data-protection
============================================================
7. Protests against data retention in Bulgaria
============================================================
After the decision at the end of last year when the Bulgarian Supreme
Administrative Court (SAC) annulled article 5 of the national legislation
that implements the Data retention Directive, new initiatives by the
Bulgarian authorities raise concerns in relation with data retention.
Thus, in 2009, only a few days before the Parliamentary Transport and
Communications Commission meeting, a proposal for changes in the Digital
Messages Act was submitted by the Interior Ministry, copying the Data
Retention Regulation, including the articles abolished by the SAC.
Several civil society NGOs, including Electronic Frontier Bulgaria and the
Association for Electronic Communications, alarmed the media and met Members
of the Parliament just to explain what the situation was.
At the meeting of the Commission it became clear that the Interior Ministry
has submitted a new proposal with many other dangerous issues:
- It is not clear if the information can be used and processed only in
case of severe crimes;
- Data from communications should be kept for 2 years;
- There are no guarantees for the deletion of the data;
- It is not possible for the citizens to see what kinds of data are being
kept and who and for what purpose is using them;
- There is no punishment whatsoever for misuse of these data.
The text was approved by the Commission after an hour of senseless
discussions with most of the "against" arguments disapproved. Now, the final
decision remains will be taken by a plenary meeting of the Bulgarian
Parliament.
Electronic Frontier Bulgaria started a campaign against the new provisions,
joining the protests in Sofia and Varna and participated in all media
coverage for discusssions on the hot data retention topic and its problems.
Fight for Rights and Differences - What is Going on with the Internet
Bugging (3.02.2009)
http://www.bogomil.info/int/fight-for-rights-and-differences-%E2%80%93-what-is-going-on-with-the-internet-bugging
Digital rights facts from Bulgaria 2008 (23.01.2009)
http://bogomil.blogactiv.eu/2009/01/23/digital-rights-facts-from-bulgaria-2008/
Bogomil Shopov: Fighting for digital rights in Bulgaria and beyond
(27.01.2009)
http://www.internetsansfrontieres.com/2009/01/bogomil-shopov-fighting-for-digital-rights-in-bulgaria-and-beyond-2/
EDRi-gram: Bulgarian Court annuls a vague article of the data retention law
(17.12.2008)
http://www.edri.org/edri-gram/number6.24/bulgarian-administrative-case-data-retention
(thanks to Bogomil Shopov - Electronic Frontier Bulgaria)
============================================================
8. An error margin of 2% in municipal elections ruled acceptable in Finland
============================================================
Earlier last year, EDRi-member Electronic Frontier Finland (Effi) reported
of the Finnish e-voting pilot which took place in three Finnish
municipalities on 26 October 2008. 232 votes were lost due to various
usability and apparent performance issues. Additionally, there is risk of a
breach of the anonymity of the votes, because the electronic ballot box has
been archived with information on who voted and how. The e-voting project
had been strongly criticised by Effi from its inception for its lack of
transparency both in the process and software.
A report from the Council of Europe on 1 December 2008 stated that "[t]he
Finnish electronic voting did not conclude in a way which satisfies the
fundamental principles for democratic elections, in particular the principle
of universal suffrage". The Ministry of Justice performed an internal audit,
and reported on 10 December that the audit found deficiencies in project
management.
However, on 29 January 2009, the Helsinki administrative court ruled
that the elections met the requirements of the Finnish election law,
and therefore the municipal decisions to confirm the election results were
not overturned. The court's main argument was that a failure rate of
slightly over 2 percent does not, as such, indicate that the election
authorities would have acted in error. As for the voter anonymity, the court
rejected the complaint because a breach of voter secrecy could, in practice,
happen only through "unlawful and at the same time, even criminal"
activities.
The original complainants will most likely appeal to the supreme
administrative court. A final decision is to be expected around May 2009.
Finnish e-voting fiasco: votes lost (28.10.2008)
http://www.effi.org/blog/2008-10-28-finnish-evoting-votes-lost.html
Electronic Frontier Finland report on the deficiencies of the system
(1.09.2008)
http://www.effi.org/blog/2008-09-01-evoting-report-in-english.html
Council of Europe report on the Finnish e-voting pilot (2-3.12.2008)
https://wcd.coe.int/ViewDoc.jsp?id=1380337&Site=Congress
Ministry of Justice press release on the internal audit (only in Finnish,
10.12.2008)
http://www.om.fi/Etusivu/Ajankohtaista/Uutiset/1224167084256
Original complaint to the administrative court (only in Finnish, 12.11.2008)
http://www.effi.org/system/files?file=valitus_kauniainen_anon.pdf
Effi press release on the Helsinki administrative court ruling (in Finnish)
http://www.effi.org/julkaisut/tiedotteet/lehdistotiedote-2009-01-29.html
Court ruling (only in Finnish, 29.01.2009)
http://www.effi.org/blog/hhao-2009-01-29.html
(contribution by EDRi-member Electronic Frontier Finland )
============================================================
9. Lack of coordination in European eID privacy features
============================================================
The EU funded European Network and Information Security Agency (ENISA)
issued, on 27 January 2009, its Position Paper on security features in
European eID schemes, showing a large disparity between the various systems
which might affect their usefulness.
The paper is an analysis of 10 ID card systems already used in EU and 13
under development. The eID cards are presently used mainly in relation to
tax declarations and other e-Gov services with some applications in the
commercial sector as well, but their application will largely extend in the
future. The study shows that Europe has no coordinated strategy to protect
the private data stored on the cards which leads to their lack of
interoperability and to reluctance in accepting them by potential users.
"Privacy features have been developed, implemented and tested at a national
level and there is no co-ordinated strategy at a European level as to which
features should be implemented and how they should be implemented. (...) The
lack of co-ordination is an important obstacle to any possible cross-border
interoperability of eID card schemes. (...) (This is) important in order to
create the necessary trust in the users of such schemes - any cross-border
scheme only offers as much protection as its weakest participating member:
If just one participating country offers what is generally considered to be
inadequate privacy protection, the citizens of the other countries are not
likely to accept any cross-border interoperability scheme which puts their
data at more risk than their national scheme."
ENISA report shows that the lack of coordination in privacy controls all
over these systems will affect the usefulness of the cards. "Privacy is an
area where the member states' approaches differ a lot and European eID will
not take off unless we get this right. Europe needs to reflect on eID
privacy and its role in the interoperability puzzle. The fundamental human
right to privacy must be guaranteed for all European eID card holders," said
ENISA executive director Andrea Pirotti.
The paper presents the implementation of privacy-enhancing technologies in
existing and planned European eID card specifications, analyses in detail
eleven risks to personal privacy resulting from the use of national schemes
and lists eight practicable techniques available to address and solve these
risks. The present situation of privacy features available for the existing
cards is shown by means of eight comparison charts that can represent a good
reference in the identification of best practices in the domain.
"A lot of very practical techniques exist to protect the citizen's privacy
and, from the survey of available techniques in this paper, it is possible
to identify a set of best practice guidelines for the protection of personal
data in national eID card schemes," says the report.
ENISA report was designed to give policymakers the information necessary to
improve the present situation, providing a first comprehensive overview of
the status in Europe.
Citizen data protection in focus - ENISA on privacy in national eID cards:
Europe needs a strategy (3.02.2009)
http://enisa.europa.eu/pages/02_01_press_2009_02_3_privacy_features_eID.html
ENISA Position Paper: Privacy Features of Europen eID card specifications
(27.01.2009)
http://enisa.europa.eu/doc/pdf/deliverables/enisa_privacy_features_eID.pdf
Disparate privacy features devalue ID cards, warns EU security agency
(5.02.2009)
http://www.out-law.com//default.aspx?page=9771
============================================================
10. Pirate Bay in legal battle with IFPI
============================================================
The war between IFPI and the Pirate Bay continues with a new banning of the
site in Denmark ruled by a Danish court at the beginning of February this
year.
Exactly a year ago, in February 2008, following an IFPI action, a Danish
court ruled that Tele2 had to block its users from accessing The Pirate Bay.
Now, the court has issued a preliminary injunction against DMT meaning that
all ISPs owned by DMT have to deny their users' access to The Pirate Bay.
Also, in January 2009, TDC, the largest Danish ISP and owner of most of the
cables, decided to block access to the Swedish site as a preventive measure.
However, ISPs are not happy with the decision and three of them, TDC, Telia
and Telenor have announced their intention to go with the matter to the
Supreme Court arguing they should not be held responsible for the potential
copyright infringement of their subscribers. "Accessing The Pirate Bay is
not in itself a violation of copyright" said Jens Ottosen of Telia. He also
added: "We make access possible for our subscribers, and they have to decide
if it is illegal. It is not our task. If so, we also contribute to
illegalities on YouTube, Myspace and Google."
In case ISPs' action does not succeed in reversing the Danish court ruling,
the Pirate Bay itself is now considering suing IFPI. "They have had a
monopoly on distribution and we're breaking that monopoly, and in turn they
sue people that allow access to our distribution method," told Peter Sunde,
co-founder of The Pirate Bay to TorrentFreak. The Pirate Bay team considers
IFPI's action is not only an inefficient attempt to censor Internet, but
rather a personal vendetta against Pirate Bay.
Until then, the Pirate Bay is facing the big trial that will take place in
Sweden, at Stockholm's District Court, on 16 February where IFPI is one of
the parts.
The Pirate Bay is asking for a very open, public trial. Pirate Bay
co-founder Fredrik Neij has asked for a much large trial room considering
the case as one of the biggest political cases in recent times. "I NEED
a room for at least 150 people, 20 reserved for the family and 80 to 100
reserved for the press and public. It need not be in the same room, but we
need several rooms REQUIRING video too, not just sound," he asked. Also
co-founder Peter Sunde said he wanted the case to be transmitted life on the
web. "We want to show how it works. Cards on the table, everything should be
transparent!"
Danish ISPs to Fight the Pirate Bay Block (5.02.2009)
http://torrentfreak.com/danish-isps-to-fight-the-pirate-bay-block-090205/
The Pirate Bay Plans to Sue IFPI (6.02.2009)
http://torrentfreak.com/the-pirate-bay-plans-to-sue-ifpi-090206/
The Pirate Bay Demand Webcast of Trial (7.02.2009)
http://torrentfreak.com/the-pirate-bay-demand-webcast-of-trial-090207/
EDRIgram: PirateBay - blocked in Denmark (13.02.2008)
http://www.edri.org/edrigram/number6.3/piratebay-denmark
============================================================
11. House of Lords Constitution Committee report on surveillance and privacy
============================================================
The report Surveillance: Citizens and the State recently issued by the House
of Lords Constitution Committee supports privacy and considers executive and
legal limits must be imposed to surveillance and data collection.
The report is a positive step in the promotion of individual freedom and
liberty and offers some recommendations in this direction.
One of the recommendations, following a suggestion from the UK Computing
Research Committee's, is that the encryption of personal data should be
mandatory in some circumstances and that the Government should introduce
appropriate regulations in this sense. "We believe that encryption has a
vital role to play in ensuring the security of data, and that the Government
should insist upon its use as appropriate throughout the public and private
sectors," says the report.
It also mentions that with the large majority of data loss cases occurred in
UK there had been no reference to data encryption which would have
diminished the potential impact of the losses. Even in cases when the data
were encrypted, unfortunately the password was attached to the storage
device or even lost.
Encryption company PGP Corporation also believes "More needs to be done to
educate staff on the importance of safeguarding information." According to a
research conducted by privacy research firm the Ponemon Institute on behalf
of PGP, the average cost of a single lost record is almost 70 euro. Phil
Dunkelberger, chief executive of PGP stated that "organisations are taking
desperate measures to preserve their reputation and retain customers; this
study shows they simply cannot afford to lose out to competitors as a result
of poor data security."
The Constitution Committee also recommended in its report that the data
controllers should be fined for "deliberately or recklessly breaching the
data protection principles".
A very important recommendation is that DNA profiles of non-convicted people
should not be retained in the National DNA Database (NDNAD). "We expect the
Government to comply fully, and as soon as possible, with the judgment of
the European Court of Human Rights in the case of S. and Marper v. the
United Kingdom, and to ensure that the DNA profiles of people arrested for,
or charged with, a recordable offence but not subsequently convicted are not
retained on the NDNAD for an unlimited period of time."
The Committee believes that the Regulation of Investigatory Powers Act
(RIPA) should be clarified recommending the Government to introduce "a
system of judicial oversight for surveillance carried out by public
authorities, and that individuals who have been made the subject of
surveillance be informed of that surveillance, when completed, where no
investigation might be prejudiced as a result. We recommend that
compensation should be available to those subject to unlawful surveillance
by the police, intelligence services, or other public bodies acting under
the powers conferred by the Regulation of Investigatory Powers Act 2000."
The report also recommends that the Government consultation on proposed
changes for RIPA 2000 should "consider whether local authorities, rather
than the police, are the appropriate bodies to exercise such powers" having
in view that there have been cases when local authorities misused the
surveillance powers granted in RIPA. "These cases demonstrate that the
regulatory controls introduced at the time are insufficient." If the local
authorities are found to be the right bodies to exercise the powers given by
RIPA, the report recommends that these " Government take steps to ensure
that these powers are only exercised where strictly necessary, and in an
appropriate and proportionate manner."
The report also acknowledges the necessity of an independent review of the
CCTV benefits and effectiveness in stopping, detecting and investigating
crime and calls for a legally binding code of practise in using CCTV by
private and public bodies. "The government has been clear that where
surveillance or data collection will impact on privacy they should only be
used where it is necessary and proportionate. The key is to strike the right
balance between privacy, protection and sharing of personal data," says the
report.
The general message of the report is that the UK society witnesses
a very high level of surveillance affecting privacy and private life. "The
expansion in the use of surveillance represents one of the most significant
changes in the life of the nation since the end of the Second World War.
Mass surveillance has the potential to erode privacy. As privacy is an
essential pre-requisite to the exercise of individual freedom, its erosion
weakens the constitutional foundations on which democracy and good
governance have traditionally been based in this country."
Following this report, the Government is to provide a written response
within the next two months. Further on a debate will be scheduled in the
House.
Lords Constitution Committee report on surveillance and privacy (6.02.2009)
http://www.openrightsgroup.org/2009/02/06/lords-constitution-committee-report-on-surveillance-and-privacy/
Constitution Committee - Second Report
Surveillance: Citizens and the State (21.01.2009)
http://www.publications.parliament.uk/pa/ld200809/ldselect/ldconst/18/1802.htm
Lords say surveillance society erodes foundations of UK (6.02.2009)
http://www.theregister.co.uk/2009/02/06/lords_reject_government_dat
Data breach costs rise to #60 per record, say researchers (5.02.2009)
http://www.out-law.com//default.aspx?page=9773
============================================================
12. Big Brother Awards 2009 Ceremony in Bulgaria
============================================================
On 28 January 2009, Access to Information Programme and EDRi-member Internet
Society - Bulgaria organized the fourth Big Brother Awards ceremony in
Bulgaria. It was held at the National Press center of the Bulgarian News
Agency and was also broadcasted live online.
The awardees of the Big Brother Award were selected by a jury with the
following members:
* Alexander Kashumov - Head of AIP legal team
* Gergana Jouleva, PhD - Executive Director of AIP
* Georgi Lozanov - Ass. Professor at the Journalism Department at the
Sofia University
* Krasimir Dimitrov - Member of the the Data Protection Commission
* Fany Davidova - Lawyer at AIP
* Dessi Greve - Project Manager, Internet Society Bulgaria
During 2008 several public and private institutions have become
particularly notorious for violating privacy rights in Bulgaria: The
Ministry of Interior, State Agency on Information Technologies and
Communication, the State Agency for National Security, the Social
Support Agency, Metro Cash and Carry Bulgaria, the Chain store 2be,
M-tel mobile operator, the United Bulgarian Bank and CEZ Distrubution
Bulgaria were among the nominations this year.
The winner of the Big Brother Award 2009 became the Ministry of Internal
affairs for a systematic violation of the privacy of life in 2008.
Photos from the ceremony (28.01.2009)
http://www.aip-bg.org/big_brother_2009_pics.htm
BBA Bulgaria 2009 (only in Bulgarian)
http://bg.bigbrotherawards.org/
Live broadcast BBA Bulgaria 2009
http://www.bta.bg/site/bg/html/03services.shtml
(contribution by EDRi-member ISOC Bulgaria)
============================================================
13. Recommended Action
============================================================
Reject the Term Extension Directive
The European Parliament is being asked to nearly double the term of
copyright afforded to sound recordings. Industry lobbyists suggest that
extending copyright term will help increase the welfare of performers and
session musicians. But the Term Extension Directive, which will be voted on
by the Legal Affairs Committee in a few weeks' time, will do no such thing.
Instead it will hand millions of euros over to the world's four major record
labels, money that will come directly from the pockets of European
consumers.The majority (80%) of recording artists will receive between
0.50 - 26 euro per year.
http://www.edri.org/reject-term-extention-directive
EU proposal puts confidential communications data at risk
Civil liberties groups La Quadrature du Net, European Digital Rights (EDRi),
AK Vorrat, and Netzpolitik.org are urging the European Parliament to heed
advice given by the European Data Protection Supervisor Peter Hustinx and
scrap plans dubbed "voluntary data retention".
http://www.edri.org/campaigns/no-voluntary-data-retention
============================================================
14. Recommended Reading
============================================================
Online consultation comments on the staff paper "Early Challenges to the
Internet of Things". EDRi contributed to the discussion via the RFID Expert
Group.
The preparation of the final communication by the COM is still ongoing.
http://ec.europa.eu/information_society/policy/rfid/library/index_en.htm#iotcons
============================================================
15. Agenda
============================================================
18-20 March 2008, Prague, Czech Republic
The Responsibilities of Content Providers and Users
http://www.media-conference.cz
18-20 March 2009, Athens, Greece
WebSci'09: Society On-Line
http://www.websci09.org/
23 March 2008, Berlin, Germany
German-French Experts Meeting on Technologies for
Electronic Identification
http://www.e-identify-df.de/
27-29 March 2009, Manchester, UK
Oekonux Conference: Free Software and Beyond The World of Peer Production
http://www.oekonux-conference.org/
29-31 March 2009, Edinburgh, UK
Governance Of New Technologies: The Transformation Of Medicine, Information
Technology And Intellectual Property - An International Interdisciplinary
Conference
http://www.law.ed.ac.uk/ahrc/conference09/
1-3 April 2009, Berlin, Germany
re:publica 2009 "Shift happens"
http://www.re-publica.de/09/
Subconference: 2nd European Privacy Open Space
http://www.privacyos.eu/
21-23 April 2009, Winchester, UK
BILETA 2009 Annual Conference
Call for Papers by 28 February 2009
http://www.winchester.ac.uk/?page=9871
13-14 May 2009 Uppsala, Sweden
Mashing-up Culture: The Rise of User-generated Content
http://www.counter2010.org/workshop_call
24-28 May 2009, Venice, Italy
ICIMP 2009, The Fourth International Conference on Internet Monitoring
and Protection
http://www.iaria.org/conferences2009/ICIMP09.html
1-4 June 2009, Washington, DC, USA
Computers Freedom and Privacy 2009
http://www.cfp2009.org/
5 June 2009, London, UK
The Second Multidisciplinary Workshop on Identity in the Information
Society (IDIS 09): "Identity and the Impact of Technology"
Call for papers, deadline 13 March 2009
http://is2.lse.ac.uk/idis/2009/
2-3 July 2009, Padova, Italy
3rd FLOSS International Workshop on Free/Libre Open Source Software
Paper submission by 31 March 2009
http://www.decon.unipd.it/personale/curri/manenti/floss/floss09.html
13-16 August 2009, Vierhouten, The Netherlands
Hacking at Random
http://www.har2009.org/
23-27 August 2009, Milan, Italy
World Library and Information Congress: 75th IFLA General Conference and
Council: "Libraries create futures: Building on cultural heritage"
http://www.ifla.org/IV/ifla75/index.htm
10-12 September 2009, Potsdam, Germany
5th ECPR General Conference, Potsdam
Section: Protest Politics
Panel: The Contentious Politics of Intellectual Property
http://www.ecpr.org.uk/potsdam/default.asp
16-18 September 2009, Crete, Greece
World Summit on the Knowledge Society WSKS 2009
http://www.open-knowledge-society.org/
October 2009, Istanbul, Turkey
eChallenges 2009
Call for papers by 27 February 2009
http://www.echallenges.org/e2009/default.asp?page=c4p
15-18 November 2009, Sharm El Sheikh, Egypt
UN Internet Governance Forum
http://www.intgovforum.org/
============================================================
16. About
============================================================
EDRI-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRI has 29 members based or with offices in 18 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge and
awareness through the EDRI-grams.
All contributions, suggestions for content, corrections or agenda-tips are
most welcome. Errors are corrected as soon as possible and visibly on the
EDRI website.
Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 3.0 License. See the full text at
http://creativecommons.org/licenses/by/3.0/
Newsletter editor: Bogdan Manolea <edrigram at edri.org>
Information about EDRI and its members:
http://www.edri.org/
European Digital Rights needs your help in upholding digital rights in the
EU. If you wish to help us promote digital rights, please consider making a
private donation.
http://www.edri.org/about/sponsoring
- EDRI-gram subscription information
subscribe by e-mail
To: edri-news-request at edri.org
Subject: subscribe
You will receive an automated e-mail asking to confirm your request.
unsubscribe by e-mail
To: edri-news-request at edri.org
Subject: unsubscribe
- EDRI-gram in Macedonian
EDRI-gram is also available partly in Macedonian, with delay. Translations
are provided by Metamorphosis
http://www.metamorphosis.org.mk/edrigram-mk.php
- EDRI-gram in German
EDRI-gram is also available in German, with delay. Translations are provided
Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for
Internet Users
http://www.unwatched.org/
- Newsletter archive
Back issues are available at:
http://www.edri.org/edrigram
- Help
Please ask <edrigram at edri.org> if you have any problems with subscribing or
unsubscribing.
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
More information about the cypherpunks-legacy
mailing list