EDRi-gram newsletter - Number 7.4, 25 February 2009
EDRI-gram newsletter
edrigram at edri.org
Wed Feb 25 12:42:48 PST 2009
============================================================
EDRi-gram
biweekly newsletter about digital civil rights in Europe
Number 7.4, 25 February 2009
============================================================
Contents
============================================================
1. Data protection authorities support civil society on the Telecom Package
2. The trial of The Pirate Bay in Sweden
3. Lex Nokia storms into the Finnish Parliament
4. Italy to enforce a global censorship legislation?
5. Norwegian group joins Sweden-based Justice Center against Swedish FRA law
6. European Commission disbanded data protection experts group
7. Romanian data retention law suspendend by the Government
8. HADOPI law close of creating a dangerous precedent
9. UK Government ignores the European Commission regarding Phorm
10. EDRi participates in European project on raising privacy awareness
11. ENDitorial: Privacy in the Czech Republic - nothing to celebrate
12. Recommended Action
13. Recommended Reading
14. Agenda
15. About
============================================================
1. Data protection authorities support civil society on the Telecom Package
============================================================
The Article 29 Working Group and the European Data Protection Supervisor
have issued public statement supporting some of the arguments of the civil
society, including EDRi, made in the recent open letter sent to the European
Parliament on 17 February 2009 and in the campaign against "voluntary data
retention".
The open letter underlines the signatories' concerns related to those
amendments of the Telecoms Package which might affect the Internet and
Internet users, by targeting the open and non-discriminatory access
features. Thus the fundamental users' rights such as privacy and freedom of
speech are put in jeopardy.
The Article 29 adopted on 10 February Opinion 1/2009 on the
proposals amending the e-Privacy Directive, acknowledging its concerns
regarding the present article 6 a) that "might lend legitimacy to large
scale deployment of deep packet inspection both in the network and in user
equipment such as ADSL boxes, while the current legal framework already
details the cases in which traffic data may be processed for security
purposes."
Considering that "the wording proposed by the Commission establishes beyond
all doubt that the processing of traffic data falls within the scope of the
Data Protection Directive", the working group decided that the Article 6(6a)
is unnecessary.
A similar opinion is supported by the European Data Protection Supervisor's
comments on some issues in the review of the Universal Service
Directive. According to the text "he is concerned about the implementation
of traffic management policies that require the monitoring of Internet usage
and interception without appropriate data protection safeguards," and
concludes that "Article 5 of the ePrivacy Directive applies whenever traffic
management policies entail interception or surveillance of Internet usage.
Therefore, to avoid confusion, it seems only just and reasonable to
recognise that pursuant to this article informed consent from users is
necessary."
In the same document, EDPS tackles the 3 strikes procedure and considers as
unfortunate its possible introduction in the Telecom package and notes that
"it would have been preferable if the European Parliament had not given up
to pressure by laying down the foundation for a three strikes approach and
if all these issues had been addressed separately in different legal
instruments, after careful analysis and debate."
The EDPS supports the civil society in calling upon decision makers to
re-introduce Amendment 138 and Article 32a of the Universal Service
Directive that would strengthen the safeguards towards ensuring the
protection of individuals' rights, including the right to data protection
and privacy and due process.
The Article 29's Opinion also tackles other aspects regarding the
e-Privacy directive. Thus the document strongly supports "an extension of
personal data breach notifications to Information Society Services (...)
given the ever increasing role these services play in the daily lives of
European citizens." This resonates with the initial Amendments of the
European Parliament or with Peter Hustinx's public comments, who explains
why the position of the Commission and the Council is not enough to protect
the citizens in the online world:
"That restriction means European citizens would only be alerted if their
internet access or telephone company suffers security breaches. If their
online bank is hacked or its security systems are cracked, enabling the
unauthorised access to bank account information, citizens might not be
notified.
So, unless the amendments proposed by the European Parliament are adopted by
the Council, online banks and other e-businesses would be off the hook."
The Article 29 Working Group has also re-emphasised its earlier opinion
"that unless the service provider is in a position to distinguish with
absolute certainty that the data correspond to users that cannot be
identified, it will have to treat all IP information as personal data, to be
on the safe side". Thus the WG agrees with the Commission that a substantive
provision of a directive is not the most suitable way of addressing this
issue, and that a reporting obligation referring to "purposes not covered by
this Directive" is not appropriate.
Open letter to the European Parliament - Telecom Package (17.02.2009)
http://www.edri.org/edrigram/campaigns/open-letter-telecom-package
EU proposal puts confidential communications data at risk (28.02.2009)
http://www.edri.org/campaigns/no-voluntary-data-retention
All data breaches must be made public (29.01.2009)
http://resources.zdnet.co.uk/articles/comment/0,1000002985,39603777,00.htm
Opinion 1/2009 on the proposals amending Directive 2002/58/EC on privacy and
electronic communications (e-Privacy Directive) (10.02.2009)
http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2009/wp159_en.pdf
EDPS comments on some issues in the review of the Directive 2002/22/EC
(Universal Service) (16.02.2009)
http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Comments/2009/09-02-16_Comments_ePrivacy_EN.pdf
EDRi-gram: Data breach notification - different opinions in EU bodies ?
(19.11.2008)
http://www.edri.org/edri-gram/number6.22/data-breach-ec
============================================================
2. The trial of The Pirate Bay in Sweden
============================================================
The big, long and extremely mediatized trial filed on 31 January 2008 by
Swedish prosecutors against the four Pirate Bay founders for "promoting
other people's infringements of copyright laws" started at Stockholm's
District Court, on 16 February 2009.
The first day of the trial was dedicated to the opening statements of
the prosecution and the defendants, the latter denying any criminal act.
Prosecutor Hekan Roswall presented the claims of the plaintiffs Warner Bros,
MGM, EMI, Colombia Pictures, 20th Century Fox, Sony BMG and Universal and
spent most of the morning trying to describe how the Pirate Bay works
suggesting it was a commercial organization with Carl Lundstrvm as a
shareholder and financier of the company. The prosecutor made a presentation
of a series of movie, music and game downloads "coordinated by The Pirate
Bay" before 2006. He continued trying to explain the change from a seed
status to that of a peer as part of the evidence previously gathered by the
plaintiffs.
The civil parties represented by IFPI and MPAA expressed the intention to
ask for 11 million euro damages.
The second day of the trial started with a big victory for The Pirate Bay
founders with the dropping out of most part of the accusations against them.
The prosecutor announced the defendants would not be accused of "assisting
copyright infringement" changing the accusation into "assisting making
available copyright material".
The prosecutor was unable to prove that the .torrent files introduced as
evidence were actually using The Pirate Bay's tracker. Furthermore, he has
shown to be technically unprepared and failed to explain the function of DHT
which allows for so called "trackerless" torrents. This means the
screenshots the prosecution provided as evidence did not necessarily
belong to The Pirate Bay's tracker. Pirate Bay claimed it did not break the
law because it did not host or disseminate copyright-infringing content but
only links to that content and reproached the prosecution, the police and
the music industry of not understanding the technology. According to Fredrik
Neij, the entire accusation was based on a technical misunderstanding.
On 18 February, the prosecution asked for about 11 million euro compensation
and damages on the basis that the defendants should have obtained worldwide
licences for the content it distributed. The defence rejected any discussion
related to damages considering there had been no damage. "EU directive
2000/31/EC says that he who provides an information service is not
responsible for the information that is being transferred. In order to be
responsible, the service provider must initiate the transfer. But the admins
of The Pirate Bay don't initiate transfers. It's the users that do and they
are physically identifiable people. They call themselves names like King
Kong," was defence lawyer Samuelsson's statement to the court.
"According to legal procedure, the accusations must be against an individual
and there must be a close tie between the perpetrators of a crime and those
who are assisting. This tie has not been shown. The prosecutor must show
that Carl Lundstrvm personally has interacted with the user King Kong, who
may very well be found in the jungles of Cambodia," the lawyer added.
The plaintiffs insited on The Pirate Bay's behaviour that refused to
withdraw the .torrent links from their index, except for the cases when the
content did not correspond with the one announced by the user placing the
torrent file. In the prosecution's opinion, this would make The Pirate Bay
more than a simple technical intermediary.
The defense argued that uploading a torrent does not imply that the
copyrighted files are actually 'available', as the torrent has to also be
seeded and that, on the other hand, torrent files are not linked exclusively
on The Pirate Bay and can be found through other search engines, including
Google.
Two of the defendents were heard on the fourth day, the technician Frederik
Neij and the administrator Gottfrid Svartholm Warg who were both pretty much
sticking to their initial position. The day did not bring very much change.
Neij proved that it was possible to create a torrent file and host it
somewhere else, like on TorrentSpy using the trackers opened by The Pirate
Bay to distribute the files, in which case The Pirate Bay cannot know what
is exchanged. In his opinion, the prosecusion had not succeeded in proving
that the incriminated files had been actually downloaded on The Pirate Bay.
The lawyer of the movie industry tried to show that The Pirate Bay had an
active role in the choice of the content presented by its users and asked
Gottfrid Svartholm Warg whether the site had withdrawn content related to
child pornography. The administrator replied that they had notified the
police on such torrent files and they had retired them at the request of the
police. "We can't do investigations of our own. And if the police say we
should remove a torrent, we will," he said.
Peter Sunde was interrogated on Friday morning. The strategy of the
prosecusion seemed to be clearer than during the first days being focused on
trying to prove that The Pirate Bay had been created with the purpose of
gaining money from "pirating". The prosecutor tried to show that The Pirate
Bay was actually managed by a hierarchical organization with a commercial
purpose. However no material evidence was brought to support this idea. When
asked what the purpose of The Pirate Bay was Sunde answered: "It is to
enable users to share their material with others." "Even though it is
copyrighted?" questioned Danowsky. "That can sometimes be the sad
consequences," Peter replied.
The defendant stated to the court that in his opinion the entire trial was a
political one and that the reason for which the plaintiffs brought the case
against The Pirate Bay was not the fight against illegal downloading of
their works but a a fight to preserve the monopoly on the distribution
means.
The trial started again on 24 February when the prosecutor also added to the
charges that the site allowed its users to upload torrents that it further
on stored. Magnus Mertensson, a lawyer for the IFPI testified during the
morning but the evidence brought by him consisted only of screenshots and
the witness also admitted having difficulties in answering some technical
questions.
Both him and policeman Magnus Nilsson of the Anti-Piracy Office who was the
next witness for the prosecution were unable to bring forth any real
evidence that the Pirate Bay trackers were actually used for the downloads
investigated.
Mertensson admited that he had no evidence of having any contact with The
Pirate Bay's tracker during the downloading he was claiming to have made
from the site. Nilsson was made to admit that the actual downloading of the
pirated files happened outside of The Pirate Bay.
The trial is supposed to last until the 4 March 2009. We will present the
conclusions of the trial in our next newsletter.
The Pirate Bay trial: 1st day under the sign of boredom (only in French,
16.02.2009)
http://www.numerama.com/magazine/12023-Proces-de-The-Pirate-Bay-1ere-journee-sous-le-signe-de-l-ennui.html
Half of Pirate Bay case dropped in courtroom drama (17.02.2009)
http://www.out-law.com//default.aspx?page=9803
The Pirate Bay cries victory after the dropping out of some charges ! (only
in French, 17.02.2009)
http://www.numerama.com/magazine/12041-The-Pirate-Bay-crie-victoire-apres-l-abandon-de-certaines-charges.html
The Pirate Bay (day 3): "We are winning on legal principles" (only in
French, 18.02.2009)
http://www.numerama.com/magazine/12066-The-Pirate-Bay-jour-3-Nous-gagnerons-sur-des-principes-juridiques.html
Day 3 - The Pirate Bay's 'King Kong' Defense (18.02.2009)
http://torrentfreak.com/g-defense-090218/
The Pirate Bay (day 4): "Are you a coward, Fredrik Neij ?" (only in French,
19.02.2009)
http://www.numerama.com/magazine/12087-The-Pirate-Bay-jour-4-Etes-vous-un-lache-Fredrik-Neij.html
Day 4 - Pirate Bay Defense Calls Foul Over Evidence (19.02.2009)
http://torrentfreak.com/day-4-pirate-bay-defense-calls-foul-over-evidence-090219/
The Pirate Bay (day 5): Peter Sunde counter-attacks (only in French,
20.02.2009)
http://www.numerama.com/magazine/12100-The-Pirate-Bay-jour-5-Peter-Sunde-contre-attaque.html
Pirate Bay Trial Day 5: Peter's "Political Trial" (20.02.2009)
http://torrentfreak.com/pirate-bay-trial-day-5-peters-political-trial-090220/
Pirate Bay Trial Day 7: Screenshots for Evidence (24.02.3009)
http://torrentfreak.com/pirate-bay-trial-day-7-screenshots-for-evidence-090224/
EDRI-gram: Pirate Bay in legal battle with IFPI (11.02.2009)
http://www.edri.org/edri-gram/number7.3/piratebay-ifpi-battle
============================================================
3. Lex Nokia storms into the Finnish Parliament
============================================================
Government bill dubbed as Lex Nokia, also known as the snooping law, entered
the Parliament for debate on 24 February 2009. The bill has been widely
criticized for heavy-handed treatment of fundamental rights, granting
companies more rights than the police, suspicion of undue corporate pressure
and vagueness and unclarity.
The proponents of the law have continued making embarrassing gaffes:
Communications Minister Suvi Lindin has said in an interview in Tampere
newspaper Aamulehti that an employer currently has the right to order a
strip-search of an employee if there is suspicion that the employee is
leaking company secrets. Furthermore, Finance Minister Jyrki Katainen, has
stated that he is not familiar with the contents of the bill, but supports
it firmly, regardless.
Yesterday's parliamentary debate consisted mainly of opponents of the law
raising various concerns regarding fundamental rights, usefulness of the
bill, increasing surveillance, bad drafting process etc. The defenders of
the law kept repeating how opponents of the bill are ill-informed of its
actual implications and how the bill improves the status of employee rights.
The Left Alliance and the Social Democrats were calling for rejecting the
bill and sending it back for a complete overhaul.
TV news on 24 February reported about the law, stating that it is meant to
prevent three things:
* leakage of trade secrets
* copying of copyrighted materials
* disruption of corporate networks with attachments and malware.
Unless this is some kind of mistake made by the news, this sheds a new light
on the purpose of the bill.
Government party lines seem to be holding, only the Greens (14 seats) are
split on the issue. If the lines are not broken any further, the bill will
pass even if all Greens vote against it, since the National Coalition (51
seats), the Centre (51) and the Swedish People's Party (10) have a majority
in the 200-member strong parliament.
The Greens have proposed limiting the bill so that the email log data is
allowed to be examined only in cases where a company is investigating
leakage of trade secrets. The content of the law is expected to be voted
upon today, 25 February. The final vote, whether to pass or reject the bill,
is expected next week.
Lex Nokia Debate Ignites Parliament (24.02.2009)
http://yle.fi/uutiset/news/2009/02/lex_nokia_debate_ignites_parliament__569512.html?origin=rss
Labour Ministry official confirms threat of Nokia leaving Finland over law
on electronic communications (24.02.2009)
http://www.hs.fi/english/article/Labour+Ministry+official+confirms+threat+of+Nokia+leaving+Finland+over+law+on+electronic+communications/1135243785748
Lex Nokia furore fuelled further by minister4s strip-search remark
(13.02.2009)
http://www.hs.fi/english/article/iLex+Nokiai+furore+fuelled+further+by+ministers+strip-search+remark/1135243506947
EDRi-gram: Snooping law, "Lex Nokia", proceeding slowly but surely in
Finland (17.12.2008)
http://www.edri.org/edri-gram/number6.24/nokia-law-finland-snooping
(Contribution by Leena Romppainen - EDRi-member Electronic Frontier Finland)
============================================================
4. Italy to enforce a global censorship legislation?
============================================================
The Italian Senate approved - and the Camera dei deputati (Italian "Low
Chamber") is ready to finally pass - draft law 733 named Pacchetto
sicurezza - "Security Package", a series of (supposely) coordinated
provisions aimed at improve, whatever that means, police bodies and public
prosecutor powers.
Of course, the law wouldn't have been complete without "taking care" of
the Internet, and legislators didn't loose the chance. Under sect. 50 bis
of this forthcoming law, a public prosecutor which is given "serious
circumstantial evidence" that an online activity of inciting crime has
been committed, is allowed to ask the Minister of Home Affair to order the
ISP's to shut down the "concerned" network resource. ISP refusal to comply
with Minister's order should be fined with a penalty up to 250 000 Euros.
The provision is clearly flawed from a constitutional standpoint. The
basis of every western democracy, indeed, is separation of power, thus is
not legally possible to have such a cross-jurisdiction mess between the
public prosecutor (the judiciary power) and a Ministership (the executive
power). Further more, there would be a double trial for the same fact, one
of which (the Home Affair Ministership one), done without the legal
guarantee of a criminal trial (fair process, etc.).
But this is only the tip of the iceberg. Crime-inciting wrongdoing is very
difficult to handle, since the border between free-speech and law
violation is often blurred (would a website supporting freedom rebel of a
country be - per se - inciting to commit crimes?). Further more, if ISP's
must prevent access to a network resource located outside their network
(abroad, for instance) this would mean that the result will be achieved
through deep-packet inspection, or similar, privacy threathning
techniques. Thus - with the excuse of "protecting" Italian citizens - the
D'Alia amendment (named after the MP that proposed it) is likely to be the
first step toward a global censorship system. A Cassinelli amendment
(again, from the MP name of its author) that followed the D'Alia one,
tried to circumvent the above mentioned problems, but with no real changes
in the substance of the matter and the political, net-phobic approach.
Italy had a "sound" tradition in trying to enforce citizen's global
surveillance systems through ISP's and telco operators, adopting every
sort of justifications (from copyright, to child pornography, to online
gambling and now to crime-inciting actions). Oddly enough, nevertheless,
these "good intentions" fell always on innocent citizens' shoulders, while
true criminals stay absolutely free. Or, to put it straight: to (maybe)
catch a few criminals, the whole nation network usage will be subjected to
"third parties" - namely, ISP's - systematic scrutiny. So long, human
rights.
(Contribution by Andrea Monti - EDRi-member ALCEI -Italy)
============================================================
5. Norwegian group joins Sweden-based Justice Center against Swedish FRA law
============================================================
The Norwegian organisation of the International Commission of Jurists (ICJ)
has filed a petition, known as a Third Party Intervention, in support of the
case brought to the European Court of Human Rights challenging the Sweden's
FRA law that authorizes the Sweden's National Defence Radio Establishment
(Fvrsvarets radioanstalt - FRA) to wiretap all telephone and Internet
traffic that crosses Sweden's borders.
The legislative package which was passed by the Parliament of Sweden on 18
June 2008 and took effect on 1 January 2009, was fiercely criticized and
opposed in Sweden by the public, opposition parties, the appeal courts for
Skene and Blekinge, Sweden's Customs Agency, the Data Inspection Board and
even politicians belonging to the alliance government.
A case was filed in July 2008 by the Sweden-based Justice Center (Centrum
fvr Rdttvisa - CFR), which argued FRA's expanded powers to monitor
cross-border communications traffic violated Article 8 and Article 13 of the
European Convention on Human Rights guaranteeing the citizens' right to
privacy and ensuring the citizens with the possibility to hold national
authorities to account for possible human rights violations.
According to Lawyer Robin Lvvf of the European University Institute in
Florence who reported the Swedish law to the European Commission in August
2008, the law is in clear breach of fundamental rights governing the
movement of goods and services in the European Union.
Clarence Crafoord, head attorney with CFR welcomed the Third Party
Intervention of the Norwegian group considering the initiative "offers
additional perspectives about the problems with the FRA-law and it's good
that it makes clear to the European Court of Human Rights that the law
affects both Swedes and citizens in other countries."
The Norwegian petition cites a report issued by the Norwegian Postal and
Telecoms Agency in November 2008 which showed that most electronic
communications traffic into and out of Norway as well as a large part of the
domestic traffic passes through Sweden, the Swedish law therefore affecting
the privacy rights of Norwegian citizens.
Although the Swedish government brought some changes to the law with an
amendment in September 2008, in ICJ-Norway's opinion the changes apply
only to Swedish citizens or people residing in Sweden. The group believes
that Norwegian citizens' communications are the "explicit target for the
secret monitoring by Swedish authorities".
"Norwegian citizens are still left lawless under the present
legislation.(...) They are faced with the constant risk that their private
communications which happen to pass Sweden's borders could be subject to
interception and be subsequently stored, distributed, and misused by and at
the absolute discretion of the Swedish authorities," writes ICJ-Norway in
its petition.
ICJ-Norway points out a series a deficiencies in the formulation of the law
which includes vague definitions of the targeted communications, the lack of
clear regulations on information storing, the lack of independent judicial
control and the lack of possibility of response for the citizens whose
communications are intercepted.
Norwegian group joins case against Sweden's wiretapping law (13.02.2009)
http://www.thelocal.se/17578/20090213/
Swedish surveillance law 'breaks EU rules' (13.08.2008)
http://www.thelocal.se/13664/20080813/
Goverment getting closer to surveillance law compromise (25.09.2008)
http://www.thelocal.se/14554/20080925/
Snoop law to be tried in European court (15.07.2008)
http://www.thelocal.se/13052/20080715/
EDRI-gram: ENDitorial: Wiretapping - the Swedish way (27.08.2008)
http://www.edri.org/edrigram/number6.16/wiretapping-swedish-way
============================================================
6. European Commission disbanded data protection experts group
============================================================
The European Commission has decided to dismantle a group of experts that
needed to review the European Data Protection Directive.
The group was formed after a tendering process and included: Peter
Fleischer, global privacy counsel for Google, David Hoffman, director of
security policy and global privacy officer for Intel; Henriette Tielemans a
privacy lawyer from a US law firm, Christopher Kuner, a privacy lawyer with
another US law firm; and Jacob Kohnstamm, chairman of the Dutch data
protection authority.
Alex T|rk, the French Data Protection Authority President and the Chairman
of Article 29 Working Party, has complained about the biased structure of
the group explaining to a French Senate committee that the group was
composed "four-fifths of personalities representing American interests." The
committee submitting a resolution stating it was "unacceptable" that four
members of the group "are either from American companies or law firms whose
principal establishment is in the U.S."
The group had just one meeting at the end of the last year and even though
they were gathered for a one-year mandate the Commissioner Barrot, who is
also a French, decided to disband the group and to broaden the consultation
on the review of the 1995 data protection directive.
In fact T|rk asked Barrot to look into the matter, and the latter
acknowledged that "the situation was abnormal". T|rk explained that part of
the problem was that there were major conceptual differences between the EU
and US data protection principles: "Europeans must note that the gap is big
between the American vision and the European vision."
Draft Resolution regarding the nomination by the European Commission of an
expert group on data protection. (6.02.2009)
http://www.senat.fr/leg/ppr08-203.html
European Commission Disbands Privacy Group (17.02.2009)
http://www.clickz.com/3632816
============================================================
7. Romanian data retention law suspendend by the Government
============================================================
In a sudden and unexpected move, the Romanian Government has decided on 25
February 2009 to suspend the application of the data retention law until the
end of the year - 31 December 2009.
The official reason from the press release of the Ministry of Communications
and Information Society are related to the:
- complications that the law brings to the penal cases, especially in the
initial phases of information gathering;
- the area of the crimes for which the retained data is accessible is
contested (by whom? -n.a.);
- not all of the communications providers may ensure the management of the
retained data;
- not all the providers are ready to respect the legal provisions regarding
the confidentiality of the accessed data.
Even though the law was in a public consultation (but dormant-type phase)
for almost 9 months, it seems that the Government is realizing that they
didn't get the "perfect text". The privacy concerns do not appear in the
press release, but a better "information campaign" on the law and its
consequences is mentioned somewhere in a work plan.
It is still unclear how the "suspension" will work. It seems that the
Government would like to issue a new emergency ordinance that will postpone
the application of the law. It remains to be seen if the new text of the law
supported by the Ministry will be better or worst than the present one.
Application of the data retention law - postponed until the end of 2009
(only in Romanian, 25.02.2009)
http://economie.hotnews.ro/stiri-telecom-5447913-aplicarea-legii-stocare-datelor-convorbirilor-telefonice-internet-suspendata-pana-sfarsitul-lui-2009.htm
Minsitry of Communications and Information Society (only in Romanian,
25.02.2009)
http://media.hotnews.ro/media_server1/document-2009-02-25-5447934-0-comunicat-mcsi.doc
============================================================
8. HADOPI law close of creating a dangerous precedent
============================================================
On 18 February 2009, Christine Albanel, French Minister of Culture,
presented to the Chamber of Deputies the controversial Criation et Internet
draft law (so called Hadopi law) calling for the creation of a
government agency to manage the graduated response (or three-strike)
process.
The law which was passed by the Senate in October 2008 was discussed by the
deputies in the legal commissions with amendments to be presented during the
debates starting on 4 March. As previously during the long discussions
having taken place for some years now, during the debates in the legal
commissions, any amendment proposed in the direction of a global license,
such as the "creative contribution" proposed by the socialist Patrick Bloche
was rejected. The proposed mechanism would have implied a fee paid by the
Internet subscribers to their ISP for legal downloading of copyrighted
material. The fees collected could be used to remunerate artists for their
work. "With a universal licence, the money recuperated will not uniquely go
into the pockets of the producers, which is definitely the case now. Today,
artists' royalty payments are significantly less, while the (media
companies') royalty payments are considerably more," said Bloche.
According to Nicolas Maubert, an attorney with law firm Gide Loyrette Nouel,
if voted in the present form, the law might still be challenged by France's
judicial body. Blocking Internet access as a sanction might breach
constitutional protections guaranteed by the French Constitutional body
(Conseil Constitutionnel) said Maubert, who added that a graduated response
initiative is not a necessarily a bad thing in itself:
"It still seems legitimate to question whether blocking the access to the
internet is indeed a 'proportionate measure.' Especially these days, just
imagine yourself without access to the internet, with no e-mails, no
information."
In the meantime, as a positive balance, according to reports from the
European Parliament, the also very controversial Medina report containing a
range of measures in support of copyright enforcement, including increased
liability for ISPs, secondary liability for peer-to-peer sites and graduated
response, has been postponed and apparently even removed from the European
Parliament's agenda.
Having in view the very strong opposition reaction from citizens all over
Europe, it appears the socialist group in the European Parliament blocked
the report for fear of losing votes at the next elections. If the Medina
report had been pushed to the plenary, it would have also created a problem
for the Telecoms Package.The Parliament miight not have passed it,
supporting Amendment 138 which is against graduate response.
"Thousands of emails and phone calls from concerned citizens reached the
parliament. The outcome proves that informed citizens can altogether become
stronger than a small obscurantist industry pressure group. We must
consolidate this victory by guaranteeing, through the second reading of the
Telecoms Package, that Internet remains the most fantastic advance for our
societies since the invention of the printing press."declared Jirimie
Zimmermann, co-founder of La Quadrature du Net.
Antipiracy Law: "the creative contribution" of the Socialist Party rejected
(only in French, 20.02.2009)
http://www.01net.com/editorial/403824/loi-antipiratage-la-contribution-creative-du-ps-ecartee/
French Legislature Puts Finishing Touches On Ambitious File-Sharing Law
(23.02.2009)
http://www.ip-watch.org/weblog/2009/02/23/french-legislature-puts-finishing-touches-on-ambitious-file-sharing-law/
Medina report indefinitely abandoned (22.02.2009)
http://www.iptegrity.com/index.php?option=com_content&task=view&id=259&Itemid=9
Copyright dogmatism temporarily kicked out of European Parliament
(19.02.2009)
http://www.laquadrature.net/en/copyright-dogmatism-temporarily-kicked-out-european-parliament
Christine Albanel defends the antipiracy law in front of the deputies (only
in French, 18.02.2009)
http://www.01net.com/editorial/403753/christine-albanel-defend-la-loi-antipiratage-face-aux-deputes/
EDRi-gram: One more step for France in adopting the graduated response
(5.11.2008)
http://www.edri.org/edrigram/number6.21/french-senate-adopts-3-strikes
============================================================
9. UK Government ignores the European Commission regarding Phorm
============================================================
On 12 February 2009, the European Commission warned it would take formal
action against the UK Government for not providing the requested information
on the past trials of the Phorm ad-serving technology.
The Commission has sent three letters until now requesting information on
the secret trials by BT of Phorm, the latest having been sent at the end of
January 2009. No satisfactory answers have been received so far, the
response having focused only on future deployments without addressing the
question of the past trials.
The trials, conducted in 2006 and 2007, tracking the browsing behaviour of
BT customers without their consent, resulted in complaints from privacy
campaigners, peers, and politicians who argued that the actions were in
breach of UK interception and data-protection laws. In July 2008, technology
campaigner Alexander Hanff made a complaint to the police force considering
the BT trials were not in compliance with RIPA and the Data Protection Act
as the customers' consent had not been required.
However, the City of London police informed Hanff in September 2008 that
they would not continue the investigation for "lack of criminal intent".
"One of the main reasons for this decision is the lack of criminal intent on
behalf of BT and Phorm in relation to the tests. It is also believed that
there would have been a level of implied consent from BT's customers in
relation to the tests, as the aim was to enhance their products," wrote
detective sergeant Barry Murray.
Although UK regulators have provided rules for the future deployments of
Phorm which require the company to not retain website history data, exclude
sensitive search topics and obtain the customer's agreement also providing
information of the respective technology, according to UK's EDRi-member Open
Rights Group, it is not yet clear whether the consent of both the users and
the visited websites is required.
"Unless the ISPs employing Phorm's technology to intercept the
communications between their customers and the owners of the websites their
customers are visiting have the explicit consent of both parties, they are
likely to be committing an offence under the Regulation of Investigatory
Powers Act (RIPA), the legislation that governs interception of
communications in the UK," stated the group.
In spite of the repeated questions and investigations and disregarding the
European Commission's warning, Phorm goes on. The company's CEO stated
during an interview on 9 February that the system would be active in the UK
by the end of 2009. The company has also signed deals with another two big
UK ISPs, Carphone Warehouse and Virgin Media.
EC warns gov't over Phorm foot-dragging (12.02.2009)
http://news.zdnet.co.uk/security/0,1000000189,39615480,00.htm
BT finishes trial, expects to use Phorm (15.12.2008)
http://news.zdnet.co.uk/communications/0,1000000085,39578006,00.htm
Police drop investigation into BT's Phorm trials (23.09.2008)
http://news.zdnet.co.uk/security/0,1000000189,39492793,00.htm
Phorm: damn the EU, full speed ahead! (11.02.2009)
http://arstechnica.com/tech-policy/news/2009/02/phorm-damn-the-eu-full-speed-ahead.ars
EU calls phoul over ad company Phorm's invasive snooping (15.08.2008)
http://arstechnica.com/old/content/2008/08/eu-calls-phoul-over-ad-company-phorms-invasive-snooping.ars
EDRIgram: UK: Phorm threat (28.01.2009)
http://www.edri.org/edri-gram/number7.2/phorm-uk
============================================================
10. EDRi participates in European project on raising privacy awareness
============================================================
EDRi is one of the partners in a new European project initiated by the
French Human Rights League (LDH), which aims to raise awareness on the
privacy aspects, especially among the young generation.
The project initiated by LDH and started on 1 January 2009 comprises,
besides EDRI, another European Human Rights Network - European Association
for the Defense of Human Rights (EAHR) and two national members - Pangea (in
Spain) and Iuridicum Remedium (in Czech Republic). The project is funded by
the European Commision within the framework of the Program on fundamental
rights and citizenship - transnational projects.
This project aims to help a large group of young people, teenagers and young
adults to become vigilant about the protection of their personal data, to
sensitise them on subjects which may seem trivial.
A first meeting was held on 13-14 February 2009 when all project members met
for the first time to better define the main two objectives:
a) The analysis and comparison of some privacy invasive technologies in the
selected countries, the identification of good and worst practices,
applicable legislation and its implementation, relevant awareness
campaigns.
b) The production of an awareness tool aimed at young adults dealing with
sensitive subjects in all countries, which are not sufficiently handled or
specifically aimed at this target population. In this case our objective is
to influence these practices and go against the tendency which professes "I
have nothing to hide therefore nothing to fear, so no problem" with an
accent upon "why should they care and how to do it".
Human Rights League France
http://www.ldh-france.org/
European Association for the Defense of Human Rights
http://www.aedh.eu/?lang=en
Pangea
http://www.pangea.org/
Iuridicum Remedium
http://www.iure.org
============================================================
11. ENDitorial: Privacy in the Czech Republic - nothing to celebrate
============================================================
For the third time the Council of Europe has proclaimed 28 January the
European Data Protection Day. EDRi-member Iuridicum Remedium (IuRe) reminds
that the safety of Czech citizens4 personal data is still seriously
endangered. Some of the most pressing issues are listed below.
RFID based Opencard (or Praguer4s Universal Card) is now being promoted as
an electronic travel card for public transportation. However, the
contactless chip card formerly used for parking payment and as a library ID
is not secure. The contactless chip can be read remotely and the data stored
on it can be linked with the central database containing personal data. The
system thus allows for movement tracking, especially at the electronic gates
which are going to be introduced in Prague metro.
In relation with the Opencard4s drawbacks, IuRe initiated a petition at the
beginning of September 2008, which demands the deletion of both Opencard
holder data and usage data from the central database after the card4s
expiration and an observance of database administrator4s duty to allow
user4s data deletion upon request. "We also demand an implementation of an
anonymous Opencard at the same price as an ordinary Opencard," reports Filip
Pospmsil from IuRe. The petition has already been signed by almost 700
people.
The Municipal authorities of Prague began to sell anonymous cards on
the 17 December 2008. However, there is an extra 8 EUR charge and since
only transferable season transport tickets can be purchased with such a
card, the price for the annual travel becomes significantly higher. The
Praguers effectively have to pay extra for their privacy protection and IuRe
will stand out for an implementation of non-discriminatory anonymous card,
i.e. the card allowing to use the service at the same price without
unnecessary disclosure of personal data. The Municipal Council of the city
of Prague received a Big Brother Award 2008 for the Opencard project in
"Worst Public Agency Privacy Intruder" category.
Visa Waiver
The term Visa Waiver refers to a set of agreements related to the abolition
of the visa requirement for Czech citizens traveling to the USA. These
agreements allow the American authorities access to personal data of the
Czech citizens in Czech state authorities4 databases, including biometric
data. The access is given as a compensation for the abolition of visa
requirements, but in fact the paper visa have been merely replaced by the
virtual visa - a system of detailed electronic questionnaires based on which
the applicant can still be refused entry to the USA.
"In the case of the Czech Republic the agreements where not negotiated
properly with Czech Data Protection Agency and their comments were not
respected," points out Filip Pospmsil from IuRe.
The complementary Agreement on strengthening the cooperation for the
prevention and fight against serious crime was approved by the government on
the 4 December 2008. However, the Government disregarded the comments of the
Czech Data Protection Agency and other state authorities. At the beginning
of 2009, IuRe urged the MEPs and senators to not approve the proposed
agreement.
IuRe has made an attempt to find out the scale of personal data which had
been promised by the Czech authorities to be handed over to the American
authorities as well as the conditions of the data protection. The official
request for information has been submitted to the Ministry of Internal
Affairs by the end of 2008. "The request was concerning another visa waiver
related memorandum on establishing of the Combating Terorism Center and the
Electronic System of Travelling Registration (ESTA)," specifies Filip
Pospmsil from IuRe. However, the memorandum is classified as secret and thus
neither IuRe nor any other ordinary citizens know which of their personal
data is being handed over.
Privacy and bank sector
The new Police Law was negotiated and approved in 2008. IuRe together with
the bank sector and the Czech Bank Association have been criticizing the new
power of the Czech Police to request data about the location and time of
electronic card payments from banks, and particularly, the ability to access
bank information systems. "We have been submitting comments during the
negotiation of this law, but while some others have been accepted, our
objection against this competence was not" reports Helena Svatosova, a
lawyer from IuRe.
According to IuRe, the government document named "The enhancement of the
communication system between financial institutions and state authorities"
introduces since the fall of 2008 the intention to create a central evidence
of financial institutions4 clients and their operations. The evidence would
then be available to an unspecified range of public administration
authorities. "In our opinion, it's very disturbing that despite the list of
related agencies being rather long, there is no mention of the involvement
of the Data Protection Office," interprets Helena Svatosova from IuRe who
plans to keep an eye on this issue in the future. IuRe has notified both the
Czech Data Protection Office and the Bank Association about the issue and
asked them for their opinion.
Data retention
EU directive 2006/24/EC on the retention of data generated or processed in
connection with the provision of publicly available electronic communication
services has been implemented into the national legislation since the
beginning of 2006. In November 2007, Minister of Industry and Trade Martin
Rmman proposed an amendment which would allow the secret service and the
military intelligence a direct access to those data. Although he has
abandoned the idea under the pressure from the media and politicians,
intelligence services gained access through the "backdoor" in the new Police
Law.
There is a legal proceeding submitted by Ireland (suported by Slovakia)
going on against the directive at the European Court of Justice, as well as
at both Hungarian and German constitutional courts. IuRe has also been
preparing the trial of the "data retention" provision of a law in respect of
its constitutionality and compliance with human-right obligations of the
Czech Republic; the plan is to approach lawmakers with the proposal for an
annulment of a part of the law, and gather enough support to submit the
proposal to the Czech Constitutional Court.
Video surveillance
The volume of CCTVs has been on a sharp increase in recent years. However,
the Czech legislation has not reflected this development in any way. In
December last year the Government Council for Human Rights accepted a
proposal of a Committee for Civil and Political Rights. The proposal has
been initiated by IuRe and aims at introducing a conceptual regulation of
CCTV4s usage in public. IuRe has emphasised the necessity of such an
adjustment for several years. "Thus, the resolution of Council of Government
is a significant achievement of our campaign, which leads to a more
transparent usage of CCTV systems regulated by strict rules," declared Filip
Pospmsil from IuRe.
The proposal should allow private persons to use CCTV only in order to
protect their own property and family; public authorities should be allowed
to make a record only in the public interest and only for purposes defined
by the law. The proposal should also prevent the excessive personal data
processing and stipulate a duty of the CCTV owner to inform about the CCTV
surveillance within its range. The aim of the proposal is also to strictly
regulate the retention of records, as well as the duty to clearly state and
document the exact purpose of each CCTV installation by the police or
another security agency.
IuRe has already tried to pursue the legal regulation of CCTV through the
Police law approved in June 2008 with the help of MP Katerina Jacques.
Minister of Interior Ivan Langer has rejected the proposal, but has promised
that his ministry will, in cooperation with the MP and Czech Data Protection
Office, prepare amendments of the Act on Personal Data Protection containing
proposed amendments. Negotiations are still ongoing with IuRe participating.
Passengers Name Records (PNR)
Passengers Name Records (PNR), the database of information about airline
passengers has originally been used only by the aviation companies. But
after the 9/11, the American Security Authorities have started making
pressure on aviation companies to provide the detailed data of their
passengers.
This practice did not have a legal ground in most countries and the
agreement between EU and the USA was found illegal by the European Court of
Justice. The provisional agreement, built on the same illegal base in summer
2007, was called back from negotiations in the Czech Parliament by Foreign
Affairs Minister after IuRe had sent a letter to MPs raising concerns
against the approval of the agreement.
After difficult negotiations, the EU came up with a new agreement on PNR
data exchange with the USA in June 2007. In the Czech Republic the proposal
of the agreement has not gone through an ordinary legislative process and
only the Data Protection Office expressed its opinion: the proposal brings
a deterioration of personal data protection level against previous
agreements, as US authorities will acquire access to personal data of people
without guaranteeing basic rights.( for example the right of correcting of
false statements, etc.)
IuRe has also approached a number of parliamentarians expressing concerns
about the agreement and this resulted in the fact that the agreement did not
obtain the support of the Foreign Affairs committee of the Czech Parliament.
Also the Senate Standing Commission for Privacy Protection expressed its
negative position.
IuRe believes that the Parliament will demonstrate its sovereign role and
will not approve this agreement at the forthcoming session.
This article has been written as a part of the "Reclaim Your Rights in the
Digital Age" project supported by the Trust for Civil Society in Central and
Eastern Europe Foundation.
(contribution by EDRi-member Iuridicum Remedium- Czech Republic)
============================================================
12. Recommended Action
============================================================
Announcement of the second Privacy Open Space Conference in Berlin, 1-3
April 2009.
After the successful finish of the first year of the EU-funded project
Privacy Open Space (PrivacyOS) the project starts the New Year with the
announcement of the Second PrivacyOS Conference.
As the first PrivacyOS Conference in October 2008 in the European Parliament
in Strasbourg was co-located with the International Conference of Privacy
and Data Protection Commissioners, also the second PrivacyOS Conference will
be held alongside with "re:publica", a conference to establish collective
interfaces with other EU projects as well as national and international
networks.
After the positive feedback on the first conference, the second PrivacyOS
Conference will also follow the Open Space approach and therefore invites
all participants to bring topics to the agenda. "It leaves room for
spontaneous creation of new workshops during the conference which reflects
the dynamics of the discussion among participants" says Jan Schallabvck, the
project Manager of PrivacyOS. "Only a set of timeslots is predefined. The
topics for each of the slots are introduced and moderated by the
participants themselves." This approach ensures that all topics relevant to
the participants are included and that fields of common interest can be
detected and worked on, while taking into account different perspectives
across Europe and beyond.
The second PrivacyOS Conference will focus on "Enabling Privacy on the Web".
Visitors of the "re:publica" are invited to partly join the Open Space slots
and to discuss with the PrivacyOS Project Partners about privacy issues or
their experiences on this field. Thereby, an opportunity to articulate and
exchange best practices, challenges and solutions is given.
The conference primarily addresses legal and technical IT experts,
interested manufacturers of IT products or services as well as data
protection authorities. All persons interested in privacy or data protection
aspects are welcome to register for the event.
Project website
http://www.privacyos.eu/ .
Invitation PrivacyOS - Berlin
https://www.privacyos.eu/images/111_PrivacyOS_Invitation_Berlin.pdf
============================================================
13. Recommended Reading
============================================================
Report: The Abolition of Freedom Act 2009
This UCL SHRP research report, edited by the Guardian's Liberty Central
columnist Henry Porter, was complied for The Convention on Modern Liberty on
28 February and marks the beginning of a research project that seeks to
reflect on legislation since the Human Rights Act 1998 and the unintended
consequences it has had on rights and liberties in the UK.
http://www.uclshrp.com/exchange/report_the_abolition_of_freedom_act_2009/
http://www.uclshrp.com/images/uploads/pdf/Abolition_of_Freedom_Act_2009.pdf
The Article 29 Working Party - 69th plenary session - Search Engines
(10-11.02.2009)
http://ec.europa.eu/justice_home/fsj/privacy/news/docs/pr_12_02_09_en.pdf
The Article 29 Working Party - 69th plenary session - Press Release
(11.02.2009)
http://ec.europa.eu/justice_home/fsj/privacy/news/docs/pr_11_02_09_final_en.pdf
============================================================
14. Agenda
============================================================
18-20 March 2009, Prague, Czech Republic
The Responsibilities of Content Providers and Users
http://www.media-conference.cz
18-20 March 2009, Athens, Greece
WebSci'09: Society On-Line
http://www.websci09.org/
23 March 2009, Berlin, Germany
German-French Experts Meeting on Technologies for
Electronic Identification
http://www.e-identify-df.de/
26-27 March 2009, London, UK
5th Communia Workshop: Accessing, Using, Reusing Public Sector Content and
Data
http://www.communia-project.eu/ws05
27-29 March 2009, Manchester, UK
Oekonux Conference: Free Software and Beyond The World of Peer Production
http://www.oekonux-conference.org/
28 March 2009, London, UK
Open Knowledge Conference (OKCon) 2009
http://www.okfn.org/okcon/
29-31 March 2009, Edinburgh, UK
Governance Of New Technologies: The Transformation Of Medicine, Information
Technology And Intellectual Property - An International Interdisciplinary
Conference
http://www.law.ed.ac.uk/ahrc/conference09/
1-3 April 2009, Berlin, Germany
re:publica 2009 "Shift happens"
http://www.re-publica.de/09/
Subconference: 2nd European Privacy Open Space
http://www.privacyos.eu/
4 April 2009, Paris, France
French 2009 Big Brother Awards
http://bigbrotherawards.eu.org/
21-23 April 2009, Winchester, UK
BILETA 2009 Annual Conference
Call for Papers by 28 February 2009
http://www.winchester.ac.uk/?page=9871
11 May 2009, Brussels, Belgium
GigaNet is organizing the 2nd international academic workshop on Global
Internet Governance: An Interdisciplinary Research Field in Construction.
Deadline for abstracts submissions is 20 March 2009.
http://giganet.igloogroups.org/publiclibr/giganetcos/2009brusse
13-14 May 2009 Uppsala, Sweden
Mashing-up Culture: The Rise of User-generated Content
http://www.counter2010.org/workshop_call
24-28 May 2009, Venice, Italy
ICIMP 2009, The Fourth International Conference on Internet Monitoring
and Protection
http://www.iaria.org/conferences2009/ICIMP09.html
1-4 June 2009, Washington, DC, USA
Computers Freedom and Privacy 2009
http://www.cfp2009.org/
5 June 2009, London, UK
The Second Multidisciplinary Workshop on Identity in the Information
Society (IDIS 09): "Identity and the Impact of Technology"
Call for papers deadline: 13 March 2009
http://is2.lse.ac.uk/idis/2009/
28-30 June 2009, Torino, Italy
COMMUNIA Conference 2009: Global Science & Economics of Knowledge-Sharing
Institutions
Call for papers deadline: 1 March 2009
http://www.communia-project.eu/conf2009
2-3 July 2009, Padova, Italy
3rd FLOSS International Workshop on Free/Libre Open Source Software
Paper submission by 31 March 2009
http://www.decon.unipd.it/personale/curri/manenti/floss/floss09.html
13-16 August 2009, Vierhouten, The Netherlands
Hacking at Random
http://www.har2009.org/
23-27 August 2009, Milan, Italy
World Library and Information Congress: 75th IFLA General Conference and
Council: "Libraries create futures: Building on cultural heritage"
http://www.ifla.org/IV/ifla75/index.htm
10-12 September 2009, Potsdam, Germany
5th ECPR General Conference, Potsdam
Section: Protest Politics
Panel: The Contentious Politics of Intellectual Property
http://www.ecpr.org.uk/potsdam/default.asp
16-18 September 2009, Crete, Greece
World Summit on the Knowledge Society WSKS 2009
http://www.open-knowledge-society.org/
October 2009, Istanbul, Turkey
eChallenges 2009
Call for papers by 27 February 2009
http://www.echallenges.org/e2009/default.asp?page=c4p
16 October 2009, Bielefeld, Germany
10th German Big Brother Awards
Deadlinea for nominations: 15 July 2009
http://www.bigbrotherawards.de/
15-18 November 2009, Sharm El Sheikh, Egypt
UN Internet Governance Forum
http://www.intgovforum.org/
============================================================
15. About
============================================================
EDRI-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRI has 29 members based or with offices in 18 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge and
awareness through the EDRI-grams.
All contributions, suggestions for content, corrections or agenda-tips are
most welcome. Errors are corrected as soon as possible and visibly on the
EDRI website.
Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 3.0 License. See the full text at
http://creativecommons.org/licenses/by/3.0/
Newsletter editor: Bogdan Manolea <edrigram at edri.org>
Information about EDRI and its members:
http://www.edri.org/
European Digital Rights needs your help in upholding digital rights in the
EU. If you wish to help us promote digital rights, please consider making a
private donation.
http://www.edri.org/about/sponsoring
- EDRI-gram subscription information
subscribe by e-mail
To: edri-news-request at edri.org
Subject: subscribe
You will receive an automated e-mail asking to confirm your request.
unsubscribe by e-mail
To: edri-news-request at edri.org
Subject: unsubscribe
- EDRI-gram in Macedonian
EDRI-gram is also available partly in Macedonian, with delay. Translations
are provided by Metamorphosis
http://www.metamorphosis.org.mk/edrigram-mk.php
- EDRI-gram in German
EDRI-gram is also available in German, with delay. Translations are provided
Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for
Internet Users
http://www.unwatched.org/
- Newsletter archive
Back issues are available at:
http://www.edri.org/edrigram
- Help
Please ask <edrigram at edri.org> if you have any problems with subscribing or
unsubscribing.
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
More information about the cypherpunks-legacy
mailing list