EDRi-gram newsletter - Number 7.5, 11 March 2009

Wed Mar 11 14:45:52 PDT 2009

============================================================

           EDRi-gram

biweekly newsletter about digital civil rights in Europe

    Number 7.5, 11 March 2009

============================================================
Contents
============================================================

1. Nokia Law approved
2. IRMA tries to block websites
3. No e-voting in Germany
4. EP wants a better balance between Internet security and privacy rights
5. At Large Structures in ICANN get together for the first time
6. Swedish Pirate Bay trial waiting now for the decision
7. Biometric passports law - upheld by the Romanian authorities
8. Yahoo penalised in Belgium for not disclosing personal data
9. UK Tribunal wants the Gateway reviews on ID scheme made public
10. Recommended Reading
11. Agenda
12. About

============================================================
1. Nokia Law approved
============================================================

The snooping law, also called Lex Nokia, was approved in the Finnish
Parliament two weeks ago. EDRi-member Electronic Frontier Finland has
appealed to Tarja Halonen, the President of Finland, to intervene:  before
signing it President Halonen should request the Supreme Court's opinion on
whether the amended Act on the Protection of Privacy in Electronic
Communications clashes with the constitution.

Member of Parliament, Jaakko Laakso (Left Alliance) suggested that the
Parliament should request a statement on the constitutionality of the law
from the Venice Commission. Some parliamentarians, for example Heli
Jdrvinen (Greens), also agreed with professor Tuomas Ojanen, who has advised
that some organizations should  take the matter up with the European Court
of Human Rights.

Other EDRi-members have confirmed that the situation can be worst in other
European countries. In Spain there is no specific law, but based on a
sentence from the Spanish Supreme Court, employers can inspect data and
communications at work under the condition that the employer previously
declares a policy for the use of computers and Internet at work, e.g. what
digital communications and files are going to be inspected. Therefore,
employers can establish the level of privacy at work, as for the Supreme
Court the usage of computers and Internet is not covered by the law on
worker's rights.

In France there is a decision from 9 July 2008 by the Cassation Court
concluding that "connections established by an employee to Internet
websites during his working time and thanks to the computer provided by his
employer to execute his work are presumed to have a professional character,
such that the employer may search them in order to identify them, in the
absence of the employee". In other words, the whole navigation history of an
employee can be searched by the employer.

Previously, a decision of 2006 by the same court in a different case,
established that all computer files of an employee are presumed
as professional, unless they are explicitely marked as "personal",
and can thus be searched in his absence.

For email messages, the same court ruled in a third case in 2001 that
email should obey the same regime (professional, unless marked as
"personal").

In summary, in France anything unmarked as "personal" is searchable by the
employer, in the absence of the employee.

Parliament Passes "Lex Nokia" Bill (4.03.2009)
http://www.yle.fi/uutiset/news/2009/03/parliament_passes_quotlex_nokiaquot_bill_589012.html

Finnish Parliament approves e-mail tracking law (5.03.2009)
http://www.google.com/hostednews/ap/article/ALeqM5jRG7d99c10vDp52Lh3KNxJKz83ugD96NBDJG0

EFFI urges Finnish president to intervene in Lex Nokia (5.03.2009)
http://newsroom.finland.fi/stt/showarticle.asp?intNWSAID=21122&group=Politics

Spanish Supreme Court Decision on snooping (only in Spanish, 26.09.2007)
http://www.habeasdata.org/Sentencia-TS-sobre-control-empresarial-del-correo-electronico

Cybersurveillance at work in France (only in French, 28.07.2008)
http://www.legalbiznext.com/droit/Cybersurveillance-du-salarie-dans

French DPA (CNIL) - Guide for employers and employees (only in French, 2008)
http://www.cnil.fr/fileadmin/documents/La_CNIL/publications/CNIL_GuideTravail.pdf

Venice Commission
http://www.venice.coe.int/site/main/Presentation_E.asp

EDRi-gram: Lex Nokia storms into the Finnish Parliament (25.02.2009)
http://www.edri.org/edri-gram/number7.4/lex-nokia-finland

============================================================
2. IRMA tries to block websites
============================================================

IRMA, the Irish Recorded Music Association, wants to block Irish Internet
users' access to certain websites. In February 2009, after having reached
the deal with Eircom, the association sent letters to Irish Internet
providers asking them to block the sites that it indicated, under threat of
legal action.

Eircom has already agreed to a "three strikes" approach and IRMA was to take
the same approach with all other Irish ISPs. In terms of the agreement, the
evidence of illegal downloads will be provided by IRMA and Eircom will take
action without a court hearing. Unfortunately, the agreement also means that
Eircom is not to oppose any application blocking file-sharing websites from
their network.

Apparently, IRMA will monitor peer-to-peer networks using DtecNet. Any
allegedly suspicious IP addresses will be passed on to IRMA which will
"present the evidence" to Eircom, without the necessity of a court hearing
and in the absence of the accused.

"While IrelandOffline doesn't condone illegal file-sharing, this move is not
a proper solution to the problem, and impedes on legal and legitimate
internet access in the process," said Eamonn Wallace, spokesperson for
broadband lobby group IrelandOffline.

According to Damien Mulley, former chairman of IrelandOffline, IRMA will
start by blocking The Pirate Bay, then Mininova, IsoHunt, YouTube and "I
don't think they'll stop there too, any site that links to The Pirate Bay
and the others on the hate list will probably be added to the list too. (..)
this is what it is in my view an attack on our freedom to read, our freedom
to write, our freedom to move around the web".

Those who will suffer most will the users, who will be cut off based on
allegations made by the association without any involvement of the court and
the websites which could be blocked, based on a court hearing where they
will have no say.

Blackout Ireland, a group of Irish Internet users, believes that this scheme
not only is inefficient in combating piracy but it is also a serious breach
of civil liberties. At the same time, blocking websites never works as
pirates can easily circumvent any blockage and only legitimate users will
actually suffer from it. "Censorship is not a solution. It is avoiding the
issue. It does not pay artists for their work," says Blackout Ireland.

Blackout Ireland is also organizing a blackout that started on 5 March and
will last for one week encouraging people to set their picture on sites like
Facebook, Bebo, Twitter, MSN, etc black and to take a stand on this issue by
blog posts, letters to newspapers or any form of communication.

Irish Blackout: Why Irish ISPs Should Stand with Their Customers (4.03.2009)
http://www.eff.org/deeplinks/2009/03/irish-blackout

Blackout Ireland - Some Questions (28.02.2009)
http://andyaz.ie/blackout-ireland-some-questions/

Lobby group calls for stop to censorship plans (26.02.2009)
http://www.siliconrepublic.com/news/article/12374/digital-life/lobby-group-calls-for-stop-to-censorship-plans

Music industry pushing for internet filtering as well as "three strikes" -
what can you do about it?(26.02.2009)
http://www.digitalrights.ie/2009/02/26/music-industry-pushing-for-internet-filtering-as-well-as-three-strikes-what-can-you-do-about-it/

Blackout Ireland
http://www.blackoutireland.com/

IRMA letter to ISPs (13.02.2009)
http://blog.blacknight.com/images/irmaletter.pdf

EDRI-gram: Irish ISP settled to introduce 3 strikes (11.02.2009)
http://www.edri.org/edri-gram/number7.3/3-strikes-ireland

============================================================
3. No e-voting in Germany
============================================================

The German Federal Constitutional Court decided on 3 March 2009 that
electronic voting used for the last 10 years, including for the 2005 general
elections, was unconstitutional and therefore not to be used for the next
elections in September 2009.

The court ruled that the use of the electronic machines contradicts the
public nature of elections and the equipment used in 2005 had some
shortcomings. However, as there has been no evidence of errors in the
past, the results of the previous elections remain valid.

The use of e-voting was challenged by political scientist Joachim Wiesner
and his son, physicist Ulrich Wiesner who complained that the system was not
transparent because the voter could not check what actually happened to his
vote, being actually asked to blindly trust the technology. The voting
machines which are manufactured by the Dutch firm Nedap, do not print out
receipts. In the plaintiffs' opinion, the results could be manipulated.

A petition signed by over 45 000 people in 2005, trying to ban e-voting, had
been rejected by the German Government. Now, the court ruled that the
Federal Voting Machines Ordinance having introduced e-voting was
unconstitutional because it did not "ensure that only such voting machines
are permitted and used which meet the constitutional requirements of the
principle of the public nature of elections."

Also the court considered that, differently from the traditional voting
system where manipulations and frauds are much more difficult involving a
high degree of effort and a high risk of detection, "programming errors in
the software or deliberate electoral fraud committed by manipulating the
software of electronic voting machines can be recognised only with
difficulty." Also, in the court's opinion, the electors should be able to
verify how their vote is recorded without having to possess detailed
computer knowledge. "If the election result is determined through
computer-controlled processing of the votes stored in an electronic memory,
it is not sufficient if merely the result of the calculation process carried
out in the voting machine can be taken note of by means of a summarising
printout or an electronic display."

A campaign against electronic voting has been initiated by EDRi member Chaos
Computer Club together with the Dutch foundation Wij vertrouwen
stemcomputers niet (We don't trust voting computers) because of the risk of
electronic errors and the potential for abuse.

After a group of hackers had succeeded in tampering with similar machines in
the Netherlands in 2006, the Dutch Government imposed a moratorium on the
use of electronic voting machines and Ireland also has banned electronic
voting.

German Court Rules E-Voting Unconstitutional (3.03.2009)
http://www.dw-world.de/dw/article/0,,4069101,00.html

Federal Constitutional Court - Press release on Use of voting computers in
2005 Bundestag election unconstitutional (3.03.2009)
http://www.bundesverfassungsgericht.de/en/press/bvg09-019en.html

Voting machines unconstitutional in Germany (3.03.2009)
http://able2know.org/topic/129942-1

EDRi-gram: Electronic voting machines eliminated in the Netherlands
(24.10.2007)
http://www.edri.org/edrigram/number5.20/e-voting-machines-netherlands

============================================================
4. EP wants a better balance between Internet security and privacy rights
============================================================

On 5 March 2009, during a hearing of the Civil Liberties and Home Affairs
(LIBE) Committee focused on the strengths and weaknesses of the current
framework on security and privacy on the Internet, Members of the European
Parliament (EP) and experts agreed on the necessity to create a better
balance between Internet security and the protection of online personal
data.

The participants, including the European Data Protection Supervisor,
academics, representatives of the Commission and of the Czech Presidency,
supported a report drafted by Stavros Lambridinis proposing recommendations
aimed at providing "adequate protection of fundamental freedoms while
delivering also an enhanced security."

The report calls on the Member States and the European Commission to draft
proposals defining global standards for data protection, security and
freedom of expression. The rapporteur believes the access to the internet
should be treated just like the access to education and should never be
blocked by governments or private companies. He also considers that the
user's consent to share data should be clearly defined to create a fairer
balance of powers between users and governments and private companies.

EDPS Peter Hustinx said that as the Internet has become an integral part of
our everyday life, "we must apply the same values as we do in our society
(...), fundamental rights must apply and that's that. (...) In the old world
it was fairly simple.  On the internet there is a system of layers,
responsibility is more complex and therefore tends to vanish.  This must be
clarified".

Hustinx emphasized the fact that the present European regulatory framework
applying to the Internet is a holistic one and that a horizontal approach
was needed. In his opinion, the Data Protection Directive applying to the
Internet does not give a very clear definition of personal data on the
Internet and that the current responsibility and control mechanisms should
be also clarified and improved. He believes a key issue is that of the
user's consent for data sharing. Presently, there is a large range of types
of online consents which leads to a complex regulatory environment. It is
also difficult now to reach transparency of the data processing. The EDPS
added that he did not want to see "an environment of permanent surveillance"
(making reference to three-strikes schemes), that international cooperation
and self-regulation should be promoted and children awareness-raising should
be increased.

During the hearing, Gus Hosein of Privacy International expressed his
concern related to the fact that the EU seems to have followed Bush
administration as regards data retention. "Is that what you want to export
to the rest of the world?  The EU should be a ray of light for human rights
but at the moment it's the opposite (...) we must change course and the
Lambrinidis report is the opportunity to turn things round," he said.

Jim Killock, executive director of the Open Rights Group, warned about
potential dangers of an uncontrolled use of personal data by
the governments and public institutions and asked the EU for a close
monitoring and the issue. In his opinion, transparency and user consent must
be clear rules and strict regulation should apply to protect personal data.
He believes it is important "to ensure that a charter of rights comes into
being very soon".

Professor Steve Peers from University of Essex, the author of "Strengthening
security and fundamental freedoms on the Internet - An EU Policy on the
fight against cybercrime" study commissioned by the EP, also made some
recommendations. He believes in the necessity of adopting a non-binding
Internet Bill of Rights, drawn up by the EP and supported by industry
players, NGOs, Member States, EU institutions and national public
authorities. He also recommended that the EU criminal law should be brought
in line with the provisions of the different Council of Europe Conventions
regarding offences related to data interception, breach of confidentiality
and data security, spam or child pornography.

As final remarks of the hearing, the Presidency representative, Mr Ondrej
Veselsk}, Head of International Law Department at the Ministry of Interior
of the Czech Republic, stated that a balance between privacy and security
should be achieved, that the rules of the "real world" should apply to the
Internet as well, that access to the Internet should be open and that a
larger cooperation is necessary in the fight against cybercrime. He stated
that one of the priorities of the Czech Presidency was the protection of
minors and the presidency intended to improve the cooperation between the
different police of the Member States.

Stavros Lambridinis's report will be put to the vote at the Strasbourg full
plenary session of the European Parliament on 23 March 2009.

Committee on Civil Liberties, Justice and Home Affairs - Streanghening
Fundamental Freedoms and Security on the Internet (5.03.2009)
http://www.europarl.europa.eu/meetdocs/2004_2009/documents/oj/770/770844/770844en.pdf

EP Press Release - Protecting citizens' rights on the internet (6.03.2009)
http://www.europarl.europa.eu/news/expert/infopress_page/019-50634-061-03-10-902-20090302IPR50633-02-03-2009-2009-false/default_en.htm

Europeans push for more online rights to privacy (6.03.2009)
http://www.macworld.com/article/139244/privacy.html

============================================================
5. At Large Structures in ICANN get together for the first time
============================================================

For the first time in ICANN history, at the 34th International ICANN meeting
in Mexico City the representatives of 88 At-Large Structures (ALS) from five
Regional At-Large Organizations representing ICANN's global At-Large
community came together to discuss the main ICANN policies and ALS's role in
ICANN institutions.

The first-ever gathering of the representatives of individual Internet users
(At Large Summit - ATLAS) participating in ICANN was an opportunity to
make direct recommendations in relation with ICANN policy, by developing a
public statement on 5 key-areas where five working groups with ALS members
have identified the major issues as brought up by the Internet user
representatives. Four EDRi-members (Netzwerk Neue Medien - Germany, FITUG-
Germany, ISOC Bulgaria and APTI Romania) part of the European At Large
Organization (EURALO) participated in the working groups.

The first working group focused on engagement in ICANN recommending the
consultation of regional ALSes for the most effective ways to reach
communities and end users and to use the multilingualism best practices of
other international organizations, such as the UN.

The second working group discussed the future structure and governance of
ICANN, as capture, internationalization and the continued funding of ICANN
are among the more important governance issues now facing the institution.
The group suggested a number of actions to provide safeguards against
capture. They have also underlined that "given the economic and social
importance globally of a safe and stable Internet, the process of
internationalization of ICANN must safeguard the global/worldwide role of
ICANN regarding domain names and numbers identifiers and promote larger
participation from all stakeholders globally."

The new gTLDS (generic Top Level Domains) and IDNs (internationalized domain
name) was the main focus of the third working group, highlighting that the
current fee schedule for the new gTLDs is a clear barrier to the entry of
potential applicants, especially those who have no interest in monetizing
the TLD and those initiated in the developing and least developed countries.
The group also suggested opening a third round of gTLD applications, with a
fixed deadline, that will be subject to the string contention dispute
mechanisms described in the current guide. The ALSes expressed their concern
that the proposed "Legal Rights" objection protocol exceeded the existing
territorial and class-of-goods limitations contained in the current
international trademark treaties. They suggested that ICANN should not
engage in any trademark protection regime which extends beyond existing
international treaties; doing so in effect turns ICANN into an unauthorized
treaty organization.

Working group four debated the hot topics of transparency and accountability
and issued reconsiderations regarding the development of a budget for each
ICANN entity (including At-Large) according to their mandates including
staff costs. The budgets should be made public with the annotation of
substantive ICANN documents under consultation to indicate the origin of
support or dissent for specific proposals.

The members of ALSes also envisaged "that in order to give ICANN a clearer
image of a multi-stakeholder organisation, including Civil Society, the
composition of the Board should be re-balanced to afford a greater
visibility and representation of the Civil Society as represented by the At
Large Community. ALAC proposes that the ICANN Board should include two
voting Directors nominated by the At Large Community."

New DNS security issues that fall within the ICANN's Mandate formed the core
of the debates in the fifth working group and urged ICANN to support the
industry efforts to accommodate DNSSEC and its provision in a more secure
environment and to proceed in the process of having the root signed in a way
that provides integrity and is globally accepted.

The ALSes also initiated a series of thematic sessions on the topics
interesting for its members, but also other ICANN constituencies. The
session on the Internet rights and principles noted that "ICANN still
lacks a coherent and systemic approach to evaluate the impact that its
policy decisions have on rights in general, be them human rights, consumer
rights or other founding principles, as internationally recognized and/or
defined in the major national legislations."

A hot topic was privacy and the Whois database, where the Internet users
representatives highlighted the ICANN's inability to progress and to make
policies compatible with the various national laws. It was suggested
that ICANN should cease aiming at a single global policy and accommodate
national differences instead, depending on the country of the registrar and
registrant, explaining the differences in privacy regulation between Europe
and US.

The sessions discussed the issue of respecting freedom of expression when
selecting new gTLDs. The ongoing policy provision that allows ICANN to
reject applications based on morality-based objections was criticized.

The participants supported the idea of a standardized statement of
registrant rights (Registrants Rights Charter) to be compulsorily shown by
registrars (and resellers as well) when a registrant buys a domain name.
Participants agreed to work further on a proposal for its substance as well
as means to include the charter into ICANN's policy body as a follow-up to
the meeting. The process is open and anyone can join.

Another Thematic Session highlighted the failure of ccTLDs as regards the
identity control of registrants and registrars. A second aspect was the
abuse of the weakness of registrars in the GTLD space giving the spammers
and other criminals, free way to do what they want.

At the end of this ICANN meeting, the announcement of Dr Paul
Twomey, the President and Chief Executive Officer of ICANN that he would not
seek renewal of his contract at the end of 2009, was acknowledged by
the ALSes as a starting point for further activities and challenges.

At Large Summit (Atlas) Declaration Mexico (4.03.2009)
http://www.atlarge.icann.org/files/atlarge/correspondence-05mar09-en.pdf

At-Large Summit Successfully Concluded (5.03.2009)
http://www.atlarge.icann.org/announcements/announcement-05mar09-en.htm

Registrants Rights Charter - draft
http://internetrightsandprinciples.org/node/74

ICANN's President and CEO Announces Departure (2.03.2009)
http://www.icann.org/en/announcements/announcement-02mar09-en.htm

Briefing Note - Overall Summary of the Mexico City Meeting (5.03.2009)
http://mex.icann.org/briefing-note

============================================================
6. Swedish Pirate Bay trial waiting now for the decision
============================================================

The Pirate Bay trial in Sweden continued until 3 March 2009 with the
hearings of the prosecution and defence witnesses. The earlier events of the
trial were covered in the previous EDRi-gram.

While a day before, the representatives of the music industry tried to
convince the jury that The Pirate Bay was responsible for half of the losses
the industry had suffered during the last years because of illegal
downloadings, the defence witnesses tried to show BitTorrent was not a bad
thing and file-sharing was actually beneficial.

One of the witnesses, Kristoffer Schollin from Gothenburg University, an IT
lecturer with interest in file sharing, made a special witness report for
the court and explained that torrent files were a more sophisticated type of
Internet link (such as an http hyperlink) and that The Pirate Bay was an
"open database" of torrent files, a type of Bulletin Board. He also stated
that there were other large companies using the same technology and besides.
He also admitted that while searching for torrents via Google, more results
could be found than with The Pirate Bay.

Regarding the issue of whose actual tracker is used when a torrent file is
activated, Schollin said that a torrent being available on The Pirate Bay,
doesn't automatically mean that the file uses The Pirate Bay's tracker. He
explained also how to make a torrent file which links to content. In the
creation stage, an Internet connection is not even necessary everything
being done on a user's PC with a torrent client, not on The Pirate Bay. The
torrent file thus created can be uploaded on the Internet and it is further
on indexed by Google, which then allows anyone to access the torrent via a
Google search.

One of the points he emphasized was that actually he believed the popularity
of The Pirate Bay was mostly due to the many discussions and mediatization

Contradicting the music industry representatives who declare that sales of
CDs have decreased due to illegal downloading, Roger Wallis, a media
professor, composer and Chairman of the Swedish Composers of Popular Music,
confirmed that downloading caused an increase in sales of live event tickets
and that there were also other reasons for the CD sales decrease, such as
the growth of computer games.

During the same day, a film was played to show how a torrent is created. and
how torrent files can be shared through MSN, Skype, through blogs like
Wordpress.

The last two days of the trial were dedicated to the closing arguments of
the prosecution and of the defence. Prosecutor Hekan Roswall said The Pirate
Bay should not be treated as a service provider to get a "common carrier"
status, and that the Supreme Court had already previously ruled that someone
running a BBS could be found guilty of assisting copyright infringement and
The Pirate Bay should be viewed as such. He said he was not asking the court
to rule on the legality of BitTorrent itself, but on what the defendants did
with the technology. Roswall called for the confiscation of The Pirate Bay
hardware and demanded for one year jail for all four defendants.

Peter Danowsky of the IFPI claimed that The Pirate Bay was a commercial
operation and that the defendants had contributed to copyright infringement.
Therefore the record labels had to be compensated for the losses caused by
the operation of The Pirate Bay.

Henrik Pontin from Antipiratbyren argued that the defendants clearly knew
that what they were doing was illegal, and The Pirate Bay clearly operated
as a business, making money from advertising revenue. He asked for damages
for the entertainment industry and for jail for the defendants so as to give
an example to others who wics to infringe copyright.

Monique Wadsted, representing the movie companies, also called for a "very
significant" prison sentence because the defendants were aware of their
criminal acts and made money from it. "They have made more than 10 million
Swedish crowns in revenue during one year. And they continue to run the
operation in spite of being convicted in other countries. Furthermore, they
spit on the rights holders and tell them to go to hell," she said.

During the last day of the trial, the four defence lawyers made their
closing statements arguing that the Pirate Bay site acted just as a search
engine. They considered the prosecution had failed in revealing any
uploaders or downloaders from The Pirate Bay, and in establishing that most
of the links on the Pirate Bay were to copyright material. Linking to
copyright material wasn't specific to The Pirate Bay, it was an Internet
problem. Carl Lundstrvm's lawyer, Per E Samuelson, argued that attacking The
Pirate Bay was like going against car manufacturers for the problems
experienced on the roads.

Regarding the financial issues of the matter, in the defence opinion, the
prosecution had exaggerated regarding the amount of money the site made.
Gottfrid Svartholm's lawyer Ola Salomonsson said there were only four
adverts on The Pirate Bay, not 64 as the prosecution had claimed. The
revenues therefore were less than the costs. The defence approach in the
court was that of "I am not Responsible".

The verdict is due on 17 April 2009.

The Pirate Bay Trial Day 9: BitTorrent Is Not Evil (26.02.2009)
http://torrentfreak.com/pirate-bay-trial-day-9-bittorrent-is-not-evil-090226/

A good day for the roses: Pirate Bay trial, day 9 (26.02.2009)
http://www.guardian.co.uk/technology/blog/2009/feb/26/pirate-bay-trial-roses

The Pirate Bay Trial Day 10: Calls for Jail Time (02.03.2009)
http://torrentfreak.com/the-pirate-bay-trial-day-10-calls-for-jail-time-090302/

Pirate Bay Day 11: trial ends, verdict awaited (3.03.2009)
http://www.guardian.co.uk/technology/blog/2009/mar/03/pirate-bay-last-day

EDRI-gram: The trial of The Pirate Bay in Sweden (25.02.2009)
http://www.edri.org/edri-gram/number7.4/pirate-bay-trial-sweden

============================================================
7. Biometric passports law - upheld by the Romanian authorities
============================================================

The Emergency Government Ordinance introducing biometric passports in
Romania remains applicable as the Legal Commission of the Senate advised it
favourably on 3 March 2009 and the Romanian Appeal Court rejected on 18
February the appeal made by several NGOs for its suspension.

The ordinance had been resent on the 28 February to the legal commission by
the Romanian Senate after heavy debates and concerns. Besides the very hot
debate around the "malefic figure 666" allegedly occurring in the chip of
the passports, the discussions in the Senate addressed also concerns related
to the lack of a proper security system for the data stored for biometric
passports.

"If a hacker with a laptop passes by you and captures the frequency of your
passport chip, he can change you, in a few hours, from a criminal record
free person into a drug or weapon dealer for example" stated Georgian Pop,
deputy in the defence commission.

The ordinance has been heavily contested, the opponents arguing that it
breaches the rights provided by the Constitution of Romania, the right to
private life and the right to religion. It was also argued that the
Government had not announced this act publicly, with the intention to meet
EU requirements without taking into consideration the public opinion.

A big debate turned around the religious aspect of the matter. A lawyer at
the case opened by the NGOs stated that "the introduction of chips into
passports affects the right to religion because it changes the name given by
God into a figure" and the procedure affects human freedom by surveillance
and control measures.

Recently, the Saint Synod, the Romanian Orthodox Church highest board has
agreed with the introduction of the biometric passports, but required the
implementation of an alternative for those who do not wish to have biometric
passports with chips.

"As some people are reluctant towards the biometric passports, an
intervention will be made to the institutions of the Romanian State
(Presidency, Parliament, Government) with the request to adopt the necessary
measures to modify and complete the legislation in force by extending the
provisions regarding the emergency cases (temporary passport) and for cases
when, due to conscience or religious reasons, the person does not want an
electronic passport including biometric data" says the press release of the
Romanian Patriarchy.

The head of the General Division of passports Aurel-Vasile Sime stated that
figure 666 did not occur anywhere and that the passports would not be
biometric but electronic, including two biometric elements: face image and
fingerprints. He also added that these new passports would not be mandatory,
the Romanian citizens being able to choose temporary passports valid for one
year that do not include biometric elements.

Since the end of 2008 many protests have taken places in several cities in
the country against the introduction of electronic passports in Romania and
they continued even after the favourable advice of the Legal Commission of
the Senate and the rejection by the Bucharest Appeal Court of the NGOs
appeal. About 300 members from several protested on 7 March in front of the
Romanian Patriarchy. The participants stated that the measure meant all
Romanians are considered potential criminals and that was an attack to their
identity. They also protested against the lack of firmness from the Orthodox
Church in this matter.

Romania is one of the first country to introduce biometric passports that
include fingerprints, while even in the EU countries a strategy for the
personal data protection in this respect is still unclear.

Favourable advice for the EGO introducing electronic passports with
biometric identification elements (only in Romanian, 3.03.2009)
http://www.hotnews.ro/stiri-ultima_ora-5464136-aviz-favorabil-pentru-oug-prin-care-introduc-pasapoarte-electronice-elemente-indentificare-biometrica.htm

The senators decided to resend the ordinance on the introduction of
biometric passports to the Legal Commission (only in Romanian, 25.02.2009)
http://www.hotnews.ro/stiri-politic-5448158-senatorii-decis-retrimiterea-comisia-juridica-ordonantei-privind-introducerea-pasapoartelor-biometrice.htm

The Ordinance on biometric passports goes forward (Video) (only in Romanian,
18.02.2009)
http://www.mediafax.ro/social/ordonanta-privind-pasapoartele-biometrice-merge-inainte-video.html?1688;3944786

The biometric passports advised by the defence commission of the Deputy
Chamber (only in Romanian, 10.02.2009)
http://www.mediafax.ro/social/pasapoartele-biometrice-avizate-de-comisia-de-aparare-din-camera.html?1688;3891638

Saint Synod requires an alternative to the biometric passports (only in
Romanian, 28.02.2009)
http://www.realitatea.net/sfantul-sinod-solicita-alternativa-la-pasapoartele-biometrice--cum-comentati_466017.html

The request regarding the suspension of the effects of the ordinance on the
introduction of biometric passports rejected by the court (only in Romanian,
18.02.2009)
http://www.hotnews.ro/stiri-esential-5428486-cererea-privind-suspendarea-efectelor-ordonantei-introducere-apasapoartelor-biometrice-respinsa-instanta.htm

EDRIgram: Romania: Protests against biometric passports (11.02.2009)
http://www.edri.org/edri-gram/number7.3/romania-biometric-passports-protests

============================================================
8. Yahoo penalised in Belgium for not disclosing personal data
============================================================

Yahoo was fined by a Belgian court on 2 March 2009 for refusing to hand over
to the Belgium authorities personal data of people involved in a cyber-crime
investigation.

The Belgium authorities had required Yahoo to disclose detailed account
information for a number of e-mail addresses used by alleged cons under
pseudonyms. Yahoo refused, arguing that such a request should have followed
the proper channels and should have been addressed to US authorities and not
to them as a commercial company. They would be willing to offer the
information at the request of the US authorities.

However, the prosecution claimed that the company should hand over the
required data as the company has operation services in Belgium and therefore
they should comply with the laws of the country.

The court ruled in favour of the prosecution and fined the American company
55 000 euro plus 10 000 euro for each day it keeps refusing to hand over the
requested users' data. The judge said that the procedure for requesting data
"poses absolutely no problem with Google and Microsoft".

The official statement of the company was that it strongly disagreed with
the court's ruling and that it would file an appeal. "Yahoo! Inc., a U.S.
corporation, does not have business operations in Belgium and does not
maintain the customer information at issue in Belgium. The United States and
Belgium have a formal international treaty which the prosecutor should have
followed to properly seek information from a U.S. company. Yahoo! is not
withholding information from the Belgium government. We have a legal and
policy basis for not disclosing information in this type of case until the
recognized international legal process is followed. We have raised this
issue with the U.S. Government," was the company statement.

Yahoo seems to be more cautious after fierce criticism as it happened in
2007 after having complied with the request of the Chinese authorities and
gave up personal account information which led to the imprisonment of a
political dissident back. Since then, the company has signed up for the
Global Network Initiative (GNI), an organisation aimed at preserving free
speech on the Internet. GNI members are bound to challenge requests for
disclosure of private data from governments in case these requests are
considered to be in breach of international human rights laws.

Belgium condemns Yahoo! for its refusal to communicate personal data (only
in French, 3.03.2009)
http://tempsreel.nouvelobs.com/actualites/medias/multimedia/20090303.OBS7047/la_belgique_condamne_yahoo_pour_son_refus_de_communique.html

Yahoo Fined By Belgian Court For Refusing To Give Up E-Mail Account Info
(2.03.2009)
http://www.techcrunch.com/2009/03/02/yahoo-fined-by-belgian-court-for-refusing-to-give-up-e-mail-account-info/

EDRIgram: Internet giants gather for freedom of speech - Global Network
Initiative (5.11.2008)
http://www.edri.org/edrigram/number6.21/global-network-initiative

============================================================
9. UK Tribunal wants the Gateway reviews on ID scheme made public
============================================================

On 19 February, the UK tribunal ordered the disclosure of two internal
reviews called the Gateway reviews regarding the national identity card
scheme of the government.

The Gateway reviews are independent and expert reviews carried out at key
decision points of significant programmes or programs of those deemed risky.

The reviews are performed by independent practitioners from outside the
programme/project by using a series of interviews, documentation reviews and
their expertise to provide valuable additional perspective on the respective
programmes/projects and on the external challenge of the processes.

The ID government programme was subjected to two "Gateway zero" reviews, in
2003 and 2004. The Treasury's Office of Government Commerce (OGC) operating
the Gateway system did not wish to disclose the reports stating that it was
in the public interest to maintain them out of the public eyes and argueing
that making the reports public would make them "bland and anodyne".

The tribunal refuted OGC argument considering OGC had to prove a "real and
weighty" causal relationship between disclosure and damage and as OGC failed
to do so, secrecy would be far from being in the public interest. The
tribunal concluded that "disclosure of the requested information would
clearly add to the public's knowledge in this respect and therefore to the
public interest which sought to ensure that schemes as complex albeit as
sensitive as the ID cards scheme were properly scrutinised and implemented."

OGC claimed that the disclosures of the report might have "adverse press
reactions ... if any form of criticism were contained in the report in
question" and that the reviews should be kept away from citizens because
they might seem "uninformative or hard to understand". It also argued that
the respective information did not bring any valuable addition to the debate
on the merits of identity cards as a whole.

The tribunal considered that none of the arguments presented was OGC's
problem. "It is not for the tribunal, let alone the OGC or the (information)
commissioner, to second-guess the scope and content of the possible public
debate."

In the UK, the Freedom of Information Act 2000 which came into force in 2005
requires 100 000 public authorities to respond promptly to requests for
information and provide that information, including emails, meeting minutes,
research and reports, with a series of exceptions. These exemptions range
from sensible data (personal data, national security) to materials deemed to
be commercially sensitive. An authority can deny requests considered
vexatious or too expensive to carry out.

The tribunal decision was promulgated on 19 February, giving the OGC 28 days
to comply.

Public interest is not served by secrecy (3.03.2009)
http://www.guardian.co.uk/commentisfree/libertycentral/2009/mar/03/identity-cards-freedom-of-information

What is an OGC Gateway Review? - OGC Gateway Review for Programmes &
Projects
http://www.ogc.gov.uk/what_is_ogc_gateway_review.asp

Explainer: Freedom of information (24.02.2009)
http://www.guardian.co.uk/commentisfree/libertycentral/2009/feb/24/freedomofinformation-civil-liberties

============================================================
10. Recommended Reading
============================================================

Article 29 Working Group - Opinion 2/2009 on the protection of children's
personal data  (General Guidelines and the special case of schools)
http://ec.europa.eu/justice_home/fsj/privacy/workinggroup/wpdocs/2009_en.htm
http://ec.europa.eu/justice_home/fsj/privacy/workinggroup/wpdocs/2009_de.htm
http://ec.europa.eu/justice_home/fsj/privacy/workinggroup/wpdocs/2009_fr.htm

Report of the Special Rapporteur on the promotion and protection of
human rights and fundamental freedoms while countering terrorism, Martin
Scheinin
http://www2.ohchr.org/english/issues/terrorism/rapporteur/docs/A.HRC.10.3.pdf

Report: Leading Jurists Call for Urgent Steps to Restore Human Rights in
efforts to counter terrorism
http://ejp.icj.org/hearing2.php3?id_article=167&lang=en

============================================================
11. Agenda
============================================================

17 March 2009,  Brussels, Belgium
Conference on the European patent system organised by the Science and
Technology Options Assessment (STOA) panel of the European Parliament
http://cordis.europa.eu/search/index.cfm?fuseaction=events.document&EV_LANG=EN&EV_RCN=30540

18-20 March 2009, Prague, Czech Republic
The Responsibilities of Content Providers and Users
http://www.media-conference.cz

18-20 March 2009, Athens, Greece
WebSci'09: Society On-Line
http://www.websci09.org/

23 March 2009, Berlin, Germany
German-French Experts Meeting on Technologies for
Electronic Identification
http://www.e-identify-df.de/

26-27 March 2009, London, UK
5th Communia Workshop: Accessing, Using, Reusing Public Sector Content and
Data
http://www.communia-project.eu/ws05

27-29 March 2009, Manchester, UK
Oekonux Conference: Free Software and Beyond The World of Peer Production
http://www.oekonux-conference.org/

28 March 2009, London, UK
Open Knowledge Conference (OKCon) 2009
http://www.okfn.org/okcon/

29-31 March 2009, Edinburgh, UK
Governance Of New Technologies: The Transformation Of Medicine, Information
Technology And Intellectual Property - An International Interdisciplinary
Conference
http://www.law.ed.ac.uk/ahrc/conference09/

1-3 April 2009, Berlin, Germany
re:publica 2009 "Shift happens"
http://www.re-publica.de/09/
Subconference: 2nd European Privacy Open Space
http://www.privacyos.eu/

4 April 2009, Paris, France
French 2009 Big Brother Awards
http://bigbrotherawards.eu.org/

21-23 April 2009, Winchester, UK
BILETA 2009 Annual Conference
http://www.winchester.ac.uk/?page=9871

23-24 April 2009, Brussels, Belgium
The future of intellectual property - Creativity and innovation in the
digital era
http://www.intellectualproperty-conference.eu

11 May 2009, Brussels, Belgium
GigaNet is organizing the 2nd international academic workshop on Global
Internet Governance: An Interdisciplinary Research Field in Construction.
Deadline for abstracts submissions is 20 March 2009.
http://giganet.igloogroups.org/publiclibr/giganetcos/2009brusse

13-14 May 2009 Uppsala, Sweden
Mashing-up Culture: The Rise of User-generated Content
http://www.counter2010.org/workshop_call

19-20 May 2009, Brussels, Belgium
European Commission organizes a personal data protection conference to look
at new challenges for privacy
http://ec.europa.eu/justice_home/fsj/privacy/news/docs/pr_03_03_09_en.pdf

24-28 May 2009, Venice, Italy
ICIMP 2009, The Fourth International Conference on Internet Monitoring
and Protection
http://www.iaria.org/conferences2009/ICIMP09.html

1-4 June 2009, Washington, DC, USA
Computers Freedom and Privacy 2009
http://www.cfp2009.org/

5 June 2009, London, UK
The Second Multidisciplinary Workshop on Identity in the Information
Society (IDIS 09): "Identity and the Impact of Technology"
Call for papers deadline: 13 March 2009
http://is2.lse.ac.uk/idis/2009/

28-30 June 2009, Torino, Italy
COMMUNIA Conference 2009: Global Science & Economics of Knowledge-Sharing
Institutions
http://www.communia-project.eu/conf2009

2-3 July 2009, Padova, Italy
3rd FLOSS International Workshop on Free/Libre Open Source Software
Paper submission by 31 March 2009
http://www.decon.unipd.it/personale/curri/manenti/floss/floss09.html

13-16 August 2009, Vierhouten, The Netherlands
Hacking at Random
http://www.har2009.org/

23-27 August 2009, Milan, Italy
World Library and Information Congress: 75th IFLA General Conference and
Council: "Libraries create futures: Building on cultural heritage"
http://www.ifla.org/IV/ifla75/index.htm

10-12 September 2009, Potsdam, Germany
5th ECPR General Conference, Potsdam
Section: Protest Politics
Panel: The Contentious Politics of Intellectual Property
http://www.ecpr.org.uk/potsdam/default.asp

16-18 September 2009, Crete, Greece
World Summit on the Knowledge Society WSKS 2009
http://www.open-knowledge-society.org/

October 2009,  Istanbul, Turkey
eChallenges 2009
http://www.echallenges.org/e2009/default.asp

16 October 2009, Bielefeld, Germany
10th German Big Brother Awards
Deadline for nominations: 15 July 2009
http://www.bigbrotherawards.de/

15-18 November 2009, Sharm El Sheikh, Egypt
UN Internet Governance Forum
http://www.intgovforum.org/

============================================================
12. About
============================================================

EDRI-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRI has 29 members based or with offices in 18 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge and
awareness through the EDRI-grams.

All contributions, suggestions for content, corrections or agenda-tips are
most welcome. Errors are corrected as soon as possible and visibly on the
EDRI website.

Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 3.0 License. See the full text at
http://creativecommons.org/licenses/by/3.0/

Newsletter editor: Bogdan Manolea <edrigram at edri.org>

Information about EDRI and its members:
http://www.edri.org/

European Digital Rights needs your help in upholding digital rights in the
EU. If you wish to help us promote digital rights, please consider making a
private donation.
http://www.edri.org/about/sponsoring

- EDRI-gram subscription information

subscribe by e-mail
To: edri-news-request at edri.org
Subject: subscribe

You will receive an automated e-mail asking to confirm your request.
unsubscribe by e-mail
To: edri-news-request at edri.org
Subject: unsubscribe

- EDRI-gram in Macedonian

EDRI-gram is also available partly in Macedonian, with delay. Translations
are provided by Metamorphosis
http://www.metamorphosis.org.mk/edrigram-mk.php

- EDRI-gram in German

EDRI-gram is also available in German, with delay. Translations are provided
Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for
Internet Users
http://www.unwatched.org/

- Newsletter archive

Back issues are available at:
http://www.edri.org/edrigram

- Help
Please ask <edrigram at edri.org> if you have any problems with subscribing or
unsubscribing.

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE