EDRi-gram newsletter - Number 7.1, 14 January 2009

EDRI-gram newsletter edrigram at edri.org
Wed Jan 14 10:08:04 PST 2009



biweekly newsletter about digital civil rights in Europe

    Number 7.1, 14 January 2009


1. DHS Report shows lack of compliance with the EU-US PNR agreement
2. Lists of allegedly illegal websites always leak
3. France: ARMT was useless
4. UK Culture Secretary wants film-style ratings to individual websites
5. Open Access to High Energy Physics Literature
6. No e-voting in Azerbaijan and Macedonia
7. Big Brother Awards UK 2008
8. Montenegro blocks Facebook and Youtube for civil servants
9. ENDitorial:  Everyone can eavesdrop in Macedonia
10. Recommended Reading
11. Agenda
12. About

1. DHS Report shows lack of compliance with the EU-US PNR agreement

The Privacy Office of the U.S. Department of Homeland Security (DHS)
released in the second part of December 2008 a report regarding the
Passenger Name Record (PNR) information from the EU-US flights.

Even though the official conclusion of the authors is that DHS handling of
PNR data "is in compliance with both US law and the DHS-EU agreement on USA
access to, and use of, PNR data related to flights between the EU and the
USA." In reality the report shows a number of major disfunctionalities that
proves the DHS did not comply with the EU agreement or with the US
legislation in its use of PNR, that includes data from Europeans that travel
to US.

According with the second PNR agreement between US and EU, there should have
been periodic joint US-EU reviews of compliance. But the present report is
just an unilateral internal review conducted within the DHS, which did not
include EU representatives or any outside experts in PNR data.

A detailed analysis by the Identity Project in the US shows the specific DHS
compliance failings resulted from the report:

- Requests for PNR data have typically taken more than a year to
answer - many times longer than the legal time limits in the Privacy Act and
Freedom of Information Act;

- When individuals have requested "all data" about them held by the DHS,
often they have not been given any of their PNR data;

- Because of this, the vast majority of requesters who should have
received PNR data did not;

- PNR data has been inconsistently censored before it was released;

- A large backlog from the initial requests for PNR data remains
unanswered, more than a year later.

The results of the report are in line with the findings of the earlier
reports of the Identity Project that revealed the practical problems in
accessing your PNR data with the DHS. These problems are the same that the
European citizens might face in getting access to their data from DHS

A clear example is the last year request from MEP Sophia In 't Veld to get
her PNR information - a request which received a first false claim from DHS
that they didn't have any record of her trip.The MEP finally received her
PNR data after EFF lawyers filed a Federal lawsuit on her behalf, but the
data was late, clearly incomplete, and inconsistently and inappropriately
redacted, according with a well-known PNR expert, Edward Hasbrouck .

A report concerning Passenger Name Record Information derived from flights
between the US and the European Union (18.12.2008)

DHS admits problems in disclosing travel surveillance records (24.12.2008)

Can you really see what records are kept about your travel? (30.12.2008)

European Lawmaker Sues U.S. Agencies to Obtain Travel-Related and Other
Personal Information (1.07.2008)

EDRi-gram: Final agreements between EU and USA on PNR and SWIFT (4.07.2007)

2. Lists of allegedly illegal websites always leak

While some European countries block the illegal content (mostly child
pornography websites), other are considering implementing a similar measure
through a hidden list. However the past month has shown, one more time if
necessary, that usually the list of any blocked content will leak and thus
the allegedly blocked content will become widely available.

Belgium is one of the new countries considering such a list. The Minister of
Enterprise and Administrative Reform, Vincent Van Quickenborne, want to ban
child pornography on the Internet through a protocol between ISPs and the
Government. The protocol might extend to other illegal sites, such as hate
and racism websites or Internet fraud.

The federal police special division Federal Computer Crime Unit (FCCU)
confirms that it detects yearly 800 - 1000 child pornography websites hosted
in foreign countries and the court procedure to block those sites is rarely
used since it is too burdensome.

The Flemish League for Human Rights (Liga voor Mensenrechten) has criticized
the project underlining that " the decision to block websites must remain
under exclusive authority of the judicial branch. It is unacceptable that
the police gets a wild card to block certain websites at will."

The legal framework already exists in Belgium, but Minister Van
Quickenborne wants a more flexible mechanism that can be used more quickly
to effectively block websites. It seems that the police will get the
authority to compose the blacklists of to be blocked websites, without any
legal safeguards or external oversight mechanisms. The fact that FCCU
admits right away that this practice should also be applicable in other
cases, makes the whole practice very worrisome.

The practice of the hidden lists of illegal websites is not new. But in the
past month, we've seen at least 3 major blacklists become public, thus
becoming irrelevant.

The blacklist operated by the Danish child pornography filtering system
(3863 blocked URLs) leaked on 23 December 2008 and is available in full

Only a few days before the Thailand's blacklist made by the Ministry of
Information and Communication Technology that block access to websites
deemed unsuitable for the Thai people become available on the Internet.
(1203 websites). The list included hundreds of YouTube videos (including
Hillary Clinton's campaign videos) as well as blogs, cartoons, Charlie
Chaplin videos and an article in the Economist magazine banned for
criticising the Thai king.

In the same period Wikileaks published the Finnish Internet censorship list.
The Finnish National Bureau of Investigation has requested executive
assistance from United States, but it is not known what precisely has been
requested - whether the concern is only removing the list or whether they
are trying to find out who leaked it. The list still includes the critical
Finnish anti-censorship site lapisporno.info.

Government wants to eliminate sites with child pornography (only in Flemish,

The government wants to block paedophiliac websites (only in French,

Flemish Human Rights League - Minister Van Quickenborne want flexible system
for blocking websites.A form of censorship? (12.01.2008)

List of banned websites in Thailand and Denmark leaked online (23.12.2008)

List of Child Porn Sites Leaked to Public (13.01.2009)

EDRi-gram: ENDitorial: Finnish web censorship (27.02.2008)

3. France: ARMT was useless

At the end of December 2008 it was publicly presented the first yearly
report of the French Authority for Regulations of the DRMs (Autoriti de
rigulation des mesures techniques - ARMT) that should have ensured the
interoperability of the DRM systems and allow the private copies.

This could be very well the last report, since the new law on Internet
and Creation, could create a new authority (HADOPI - Haute Autoriti pour la
diffusion des oeuvres et la protection des droits sur Internet) that will
take the place of the old one and will have a different scope: to issue
warnings and potentially cutting Internet subscriptions in cases of
copyright infringement.

ARMT report admitted that, in 20 months of activity, it didn't take any
decision on interoperability or on copyright exceptions. The authority
claimed that the main problem was that nobody send them a specific request.
It also acknowledged the fact that the DRM issues have decrease in
importance, especially in the music sector, with the new DRM-free music
available on the market.

The authority has accepted that the DRMs have been an obstacle " to the
legal music offers" that were in direct competition with the p2p networks,
where the same content is available without DRM.

However, the Authority does not want to admit that DRM is dead and it
explains that this might be case only in the musical sector. It also claims
that the DRM play a "major role" in the movie industry and considers that
giving up DRMs on the online video services is not an option today.

The ARMT's report also observes that the penal measures to protect the DRMs
were never used in the French courts in the past 2 years, since the DADVSI
law is in force.

As expected, the ARMT considers that its life was very useful, contributing
in preparing "the field for a more ambitious strategy for public powers",
namely the 3-strikes procedure.

If remains to be seen if the new Hadopi law will be voted by the second
chamber of the French Parliament and if the new Authority, estimated to have
budget close to 7 million Euro, will have better results.

ARMT finds its futility before becoming HADOPI (only in French, 18.12.2008)

ARMT annual report 2008 (only in French, 18.12.2008)

Albanel views that DRM withdrawal must lead to the graduated response
(only in French, 9.01.2009)

EDRi-gram: France establishes the DRM-regulation authority (12.04.2007)

EDRi-gram: One more step for France in adopting the graduated response

4. UK Culture Secretary wants film-style ratings to individual websites

The UK Culture Secretary Andy Burnham has presented, in an interview with
The Daily Telegraph at the end of the last year, some new plans in adopting
to the web "new standards of decency".

The Cabinet minister is planing to give film-style ratings to individual
websites and wants ISPs to offer parents "child-safe" web services. Because
Internet is a global nature, he plans to negotiate with Obama Administration
in order to drew up "international rules for English language websites."

Burnham explained the present situation: "If you look back at the people who
created the internet they talked very deliberately about creating a space
that Governments couldn't reach. I think we are having to revisit that stuff
seriously now. It's true across the board in terms of content, harmful
content, and copyright. Libel is an emerging issue."

He also added in a statement for BBC: "The internet is becoming a more and
more pervasive entity in all our lives and yet the content standards online
are not as clear as we've all been used in traditional media. I think we do
need to have a debate now about clearer signposting and labelling online
because it can be quite a confusing world, particularly for parents who are
trying to ensure their children are only accessing appropriate stuff."

Richard Clayton from the EDRi-member FIPR has dismissed the UK Culture
Secretary plans and considered that as "a childlike hope that merely
wishing for something will make it come true." He explains that all the
solutions have been discussed and dismissed in the past.

"ISPs have tried 'child-safe' services in the past and even those who still
keep their systems working hardly mention them in their adverts any more. I
thought that it was no longer a part of modern politics to force an industry
to make products that nobody actually wants to buy."

Clayton also pointed the fact that online defamation was already considered
twice by the Law Commission and their main concerns centred around making
it harder for ISPs to be sued and addressing the issues of archives.

As regards the web labelling, he points the 10 years history of failure and
explains with the website of Mr Burnham's own department:

"They have labelled their main website with the ICRA scheme. To their
credit, they have used more than just a blanket "innocuous" setting, albeit
they have clearly overdone it since a description of the minutiae of the
Gambling Act 2005 is still marked up as "gambling", which may disappoint
anyone who was hoping to have a flutter.

Although the DCMS proudly displays the ICRA logo on their front page, they
haven't been bothered to label any of their subsites, such as the Government
Art Collection, which contains images that some people might consider
indecent - such as this full frontal nude of a young boy."

Despite all these problems, the European Union seems to support also in the
future these type of projects. Encouraging and assisting providers to
develop labelling is one of the actions funded under the new EU Safer
Internet programme 2009 - 2013.

A recent report of the Internet Safety Technical Task Force, a working group
established by the 49 state attorneys general from US, to
look into the problem of sexual solicitation of children online has reached
some interesting conclusion. The report challenges some of the earlier
beliefs concluding that: "Social network sites are not the most common space
for solicitation and unwanted exposure to problematic content, but are
frequently used in peer-to-peer harassment, most likely because they are
broadly adopted by minors and are used primarily to reinforce pre-existing
social relations."

The report also claims that "Minors are not equally at risk online. Those
who are most at risk often engage in risky behaviors and have difficulties
in other parts of their lives. The psychosocial makeup of and family
dynamics surrounding particular minors are better predictors of risk than
the use of specific media or technologies."

Internet sites could be given 'cinema-style age ratings', Culture Secretary
says (27.12.2008)

Website age ratings 'an option' (27.12.2008)

Andy Burnham and the decline of standards (29.12.2008)

Web content labelling (17.09.2007)

EU Safer Internet programme 2009 - 2013

Final Report of the Internet Safety Technical Task Force to the Multi-State
Working Group on Social Networking of State Attorneys General of the United
States (31.12.2008)

5. Open Access to High Energy Physics Literature

An interesting alternative model for open access publishing for the High
Energy Physics journals has emerged in the past years in a project led by
CERN (European Organization for Nuclear Research) that attempts to make the
current research openly accessible in this field.

CERN was the leader since the 50s, when the first pre-print repository was
established at the headquarters of the European organisation. The
repository gathered working papers and reports submitted to CERN by authors
from institutions across the world.

Now, a new project, called SCOAP3 (Sponsoring Consortium for Open Access
Publishing in Particle Physics) is trying to come up with a new model for
the entire High Energy Physics (HEP) literature to open access. The model
might be easier to implement taking into consideration that basically just
six peer-reviewed journals publish the majority of HEP articles. In this new
model the publisher's subscription income from multiple institutions would
be replaced by income from a single financial partner the SCOAP3 . Each
SCOAP partner will finance its contribution by cancelling journal
subscriptions and each country will contribute according to its share of HEP

SCOAP3 is a consortium composed of high-energy physics funding agencies,
high-energy physics laboratories and leading national and international
libraries and library consortia. In the beginning of 2009 SCOAP3 announced
that the major part of the European countries have agreed to participate, so
did 44 US partners, Turkey, Israel and Australia. In less than one year and
a half, SCOAP3 has received pledges for 49.5% of its budget.

Formal discussion with the publishers have not officially started, but all
major publishers show a pro-active attitude of great support to Open Access
in HEP.

Project Underway To Convert High Energy Physics Literature To Open Access

SCOAP3 Funding status report (12.12.2008)

SCOAP3: Funding status report for ICOLC Munich (11.2008)

About SCOAP3

Towards Open Access Publishing in High Energy Physics (3.06.2007)

6. No e-voting in Azerbaijan and Macedonia

After the major problems with the e-voting system tested in Western Europe,
some Eastern European countries has expressed their reservation in
implementing such as system.

The Central Election Commission from Azerbaijan considered that e-voting is
not required in the 2009 referendum or in the 2009 local elections and 2010
parliamentary vote.

Even though Azerbaijan is part of the Council of Europe's Electronic Voting
Committee that has recommended the introduction of Internet-based voting,
the Central Election Commission Secretary, Natiq Mammadov, explained online
newspaper Trend News that there is no chance to implement this for the next

"We must have a reason to apply innovation as opposed to simply wanting to.
We do not need e-voting to increase the voter turnout in Azerbaijan."

He also claimed that "there is no need to make hasty decisions about

A similar decision was made in Macedonia in the beginning of 2009, the
leaders of the major parties deciding that no electronic voting will be
necessary for the next presidential elections and more time is needed
before the system can be set up. However, Macedonian politicians supported
to use such a system might be used in the next electoral cycles.

No need for e-voting: Azerbaijani Central Election Commission (12.01.2009)

No e-voting in next elections (9.01.2009)

EDRi-gram: Finnish e-voting fiasco: votes lost (5.11.2008)

7. Big Brother Awards UK 2008

Big Brother Awards (BBA) are back in UK with more positive awards to
celebrate the people that have been involved in protecting privacy in the
past years.

The event, held in December 2008 at the London School of Economics, was
organized by the EDRi-member Privacy International and gave only one Big
Brother 2008 award - the statue of a boot stamping upon a human head - to
the New Labour.

Other six positive prices, called Roll of Honour, were received by:

- Baroness Sarah Ludford MEP - one of the Liberal Democrat Members of
the European Parliament, member of the Human Rights Committee;

- Phil Booth, the National Coordinator of the NO2ID Campaign against the
Database State;

- Helen Wallace, Executive Director of GeneWatch UK, that has provided
expert evidence on behalf of S. and Marper to the European Court of Human

- Gareth Crossman - retiring Director of Policy at Liberty Human Rights;

- Becky Hogge - retiring Executive Director of the Open Rights Group;

- Rt. Hon. David Davis MP, the former Conservative Shadow Home Affairs

UK Big Brother Awards - boos for NuLabour, hurrahs for Sarah Ludford, Phil
Booth, Helen Wallace, Gareth Crossman, Becky Hogge and David Davis

The Big Brother awards are back (12.12.2008)

EDRi-gram: ECHR decided against the UK DNA Database (17.12.2008)

8. Montenegro blocks Facebook and Youtube for civil servants

Montenegro's office in charge with the government Internet infrastructure
decided to ban access to several social networking or video sharing
websites, such as YouTube or Facebook. The public servants were announced by
a statement sent at the end of December 2008 by the office to all civil

Now, the civil servants trying to access those website will receive an
access denied message. Even though this is not a spectacular measure at
workplace, it is interesting that the reason behind the blockage was not to
allow an increase of the productivity for all government employees, but to "
avoid a meltdown of its system from excess traffic".

The official statement explained: "Therefore, during working hours, access
to certain potentially malicious and huge traffic generating websites is
disabled," and accepted not to block the websites off the working hours.

Montenegro, the newest European country with 650 000 inhabitants has an
Internet penetration rate of almost 40% and more than 14 000 Facebook users.

Montenegro bans Facebook access in government offices (18.12.2008)

Social Media's Popularity Too Much For Montenegro Gov't (18.12.2008)

9. ENDitorial:  Everyone can eavesdrop in Macedonia

Eavesdropping devices that are being sold through adverts are mostly used by
pupils for cheating at their school exams, and by men who doubt their wives'

"Hey, let's meet, we should not discuss this over the phone." This sentence
has long been used among friends, colleagues and relatives, but today, if
something important is to be discussed, the sentence would rather be "Let me
whisper something to you, but check your ear first".

Today, the technologies for communications monitoring and recording
conversations are so advanced, practically unnoticeable, and easily
available - they can be bought through an advert for only 250 denars! This
equipment surely cannot help you hear about the next mischief Greece is
planning to do, but you can at least hear the crying baby in another room,
catch your wife with the neighbour or cheat at most of the exams at the
faculty or in high school.

An electronics technician from Skopje who is selling these devices has had a
very unpleasant experience with the victims of his clients. He insisted that
we do not publish his name.

I'm only making these devices, and I am not responsible for how people are
using them. My "bug" has a range of 50 meters, and the recording can also be
heard on a mobile phone. It is recording excellent on an FM-radiofrequency,
except when waves from the radio stations in Skopje are causing
interference - he says, while showing us the small transmitter.

For commercial purposes, the name of his firm is on the package of the
transmitter. This is how the problems started for the technician.

"A teacher from a school in Skopje called me. I could feel the anger in
his voice. He caught his students cheating during an exam by using my "bug".
What can I say; I am not encouraging children to do this. I also explained
to him that there are also other young electronics technicians, who are
manufacturing transmitters" he said.

Let me be clear, I am not selling these devices so that they could be
abused. Some people are using my "bugs" to discover marital infidelities.
Sometimes people are calling me, as if I had placed the device. I want these
devices to be used for noble purposes, so that mothers could hear their
babies crying, for instance. I am even prepared to give one of my bugs to
each mother with twins, he added.

The devices of the Macedonian electronics technician are just part of the
technological array of devices that can be used for eavesdropping. Almost
all of the mobile phones have voice recorders. The new voice recorders are
so small that they can be hidden in one's sleeve. eBay and other websites
are selling mobile phones worth up to 1,000 euros that can be used to
eavesdrop on other mobile phones. Hacker websites on the internet are
offering small programs for free, that can be sent via e-mail, that are
afterwards sending back usernames and passwords of the email's user to the
original sender. The list is quite long. There are even so called "spy
shops" in the USA.

With the amendments of the Law on communications monitoring it is projected
that private companies would also be able to purchase, sell and use
communications monitoring equipment, having obtained prior authorization
from the Ministry of Interior. This mostly applies for the security agencies
and detectives.

We don't have any communications monitoring equipment. To be honest, some of
our clients have required this from us but we have not done it - say the
employees of the security agency "Branitel" from Skopje. Other security
agencies gave us the same answer.

The people from the Ministry of Interior say that, so far, nobody has
submitted a request for purchase, since the commission responsible for
reviewing such requests is still being formed.

There is still no commission or body with the role of controlling the usage
of this equipment, neither in the state institutions, nor in the private

So far, a more efficient system for controlling these eavesdropping devices
has not been established. Someone from the authorities should explain how
these devices are being controlled. Nobody informed us how much money has
been spent for purchasing communications monitoring equipment. This is an
opportunity for any kind of abuse. Now, by providing private companies with
the opportunity to use such equipment, the abuse will not only be political.
The ones that adopted this law will eventually become its victims as well -
says professor Slagjana Taseva.

Officials from the Directorate for Personal Data Protection emphasize that
it is necessary to take into consideration the method of usage of the
personal data collected in the process of eavesdropping.

The citizens must know that according to the Law on communications, a court
warrant is required for such an activity. As for the ones that are selling
various devices through advertisements, they should know that this is
illegal - says Marijana Marushik, director of the DPDP.

Nevertheless, it seems that nothing can stop mass eavesdropping on

Original article - newspaper Nova Makedonija (only in Macedonian,

(contribution by Aleksandar Bozhinovski - Nova Makedonija)

10. Recommended Reading

EDPS - Second opinion on ePrivacy Directive review and security breach

The European Ombudsman - Public Access to Information in EU Databases

ICANN Annual Report 2008

Pdivikki Karhula: A cattle hotshot - citizens on a shadow of the ubiquitous

11. Agenda

16-17 January 2009, Brussels, Belgium
Computers, Privacy & Data Protection conference
CPDP 2009: Data Protection in A Profiled World?

28 January 2009, Europe-wide
3rd Data Protection Day

28 January 2009, Helsinki, Finland
Data Protection Day seminar in Finland
Raising Awareness

28 January 2009, Sofia, Bulgaria
Bulgarian Big Brother Awards

3-4 February 2009, Victoria, British Columbia, Canada
10th Annual Privacy and Security Conference "Life in a Digital Fishbowl: A
Struggle for Survival or a Sea of Opportunity?"

7-8 February 2009, Brussels, Belgium
Free and Open source Software Developers' European Meeting (FOSDEM)

18-20 March 2009, Athens, Greece
WebSci'09: Society On-Line

27-29 March 2009, Manchaster, UK
Oekonux Conference: Free Software and Beyond The World of Peer Production

29-31 March 2009, Edinburgh, UK
Governance Of New Technologies: The Transformation Of Medicine, Information
Technology And Intellectual Property" An International Interdisciplinary

1-3 April 2009, Berlin, Germany
re:publica 2009 "Shift happens"
Subconference: 2nd European Privacy Open Space

13-14 May 2009 Uppsala, Sweden
Mashing-up Culture: The Rise of User-generated Content

24-28 May 2009, Venice, Italy
ICIMP 2009, The Fourth International Conference on Internet Monitoring
and Protection

1-4 June 2009, Washington, DC, USA
Computers Freedom and Privacy 2009
Proposal Submissions by 23 January 2009

5 June 2009, London, UK
The Second Multidisciplinary Workshop on Identity in the Information
Society (IDIS 09): "Identity and the Impact of Technology"
Call for papers, deadline 13 March 2009

2-3 July 2009, Padova, Italy
3rd FLOSS International Workshop on Free/Libre Open Source Software
Paper submission by 31 March 2009

13-16 August 2009, Vierhouten, The Netherlands
Hacking at Random

23-27 August 2009, Milan, Italy
World Library and Information Congress: 75th IFLA General Conference and
Council: "Libraries create futures: Building on cultural heritage"
Call for papers by 15 January 2009

10-12 September 2009, Potsdam, Germany
5th ECPR General Conference, Potsdam
Section: Protest Politics
Panel: The Contentious Politics of Intellectual Property
First proposals to be submitted by 1 February 2009

16-18 September 2009, Crete, Greece
World Summit on the Knowledge Society WSKS 2009

October 2009,  Istanbul, Turkey
eChallenges 2009
Call for papers by 27 February 2009

15-18 November 2009, Sharm El Sheikh, Egypt
UN Internet Governance Forum

12. About

EDRI-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRI has 29 members based or with offices in 18 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge and
awareness through the EDRI-grams.

All contributions, suggestions for content, corrections or agenda-tips are
most welcome. Errors are corrected as soon as possible and visibly on the
EDRI website.

Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 3.0 License. See the full text at

Newsletter editor: Bogdan Manolea <edrigram at edri.org>

Information about EDRI and its members:

European Digital Rights needs your help in upholding digital rights in the
EU. If you wish to help us promote digital rights, please consider making a
private donation.

- EDRI-gram subscription information

subscribe by e-mail
To: edri-news-request at edri.org
Subject: subscribe

You will receive an automated e-mail asking to confirm your request.
unsubscribe by e-mail
To: edri-news-request at edri.org
Subject: unsubscribe

- EDRI-gram in Macedonian

EDRI-gram is also available partly in Macedonian, with delay. Translations
are provided by Metamorphosis

- EDRI-gram in German

EDRI-gram is also available in German, with delay. Translations are provided
Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for
Internet Users

- Newsletter archive

Back issues are available at:

- Help
Please ask <edrigram at edri.org> if you have any problems with subscribing or

----- End forwarded message -----
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the cypherpunks-legacy mailing list