EDRi-gram newsletter - Number 9.16, 24 August 2011

EDRI-gram newsletter edrigram at edri.org
Wed Aug 24 12:18:02 PDT 2011


============================================================

       EDRi-gram

biweekly newsletter about digital civil rights in Europe

Number 9.16, 24 August 2011

============================================================
Contents
============================================================

1. EDRi responds to European Commission consultation on gambling
2. UK riots give birth to the idea of suspending social media services
3. German DPA asks for the removal of Facebook "like" button
4. Turkey postpones its Internet filtering plans
5.  No effective sanction for Police abuse of Irish data retention system
6. US Hotline reports vast improvements in removal of child abuse websites
7. Copyright industry obtains court injunction against BT to block website
8. Recommended Action
9. Recommended Reading
10. Agenda
11. About

============================================================
1. EDRi responds to European Commission consultation on gambling
============================================================

European Digital Rights responded to the European Commission consultation on
online gambling. As previously reported, an early draft of the consultation
document appeared to be in favour of blocking, in principle, but recognised
the failings of this approach, which it described as "challenging," "costly"
and "ineffective".

The final version of the consultation document was more neutral, simply
asking about existing schemes, effectiveness and ISP liability. The
Commission finds itself in a difficult position with regard to this
consultation because it is looking at the issue of online gambling with
regard to protectionism of domestic services by Member States, real and
perceived dangers with regard to gambling addiction and organised crime
(money laundering and fraud, in particular) - without any clear idea either
from the Commission or the Member States as regards the relative importance
of each issue.

The situation is made even more complicated by Member States that claim to
be in favour of blocking of foreign (including those legally registered in
other EU Member States and non-EU ) websites for consumer protection reasons
while their real motivation is simple, old-fashioned protectionism. Belgium
provides the best example of this - on the one hand, it allowed blatantly
fraudulent TV-based games to remain in operation for years (as shockingly
illustrated by the Basta documentary team) and, on the other, it will launch
a blocking system in January to "protect consumers." Rumours are that the
main target of the blocking system is a fully legal and registered British
website deemed to offer too much competition to Belgian services.
Similarly, blocking in France "protects" French consumers from services in
Britain which give significantly higher returns to gamblers compared with
French services.

A further layer of complexity is added by a lack of clarity as to how the
blocking would be done. The Commission only refers to DNS blocking and "IP
blocking" (it is not clear if this means IP address blocking by the
intermediary or geographic blocking by the sites themselves). Blocking via
deep packet inspection, as appears possible in France in the short-to
medium-term is not discussed.

In short, the Commission was consulting in order to address one or more of
the problems mentioned above, with no clear prioritisation, and
assessed one blocking solution (DNS blocking) and one unclear solution ("IP
blocking"), while ignoring another (deep packet inspection).

EDRi's response looks at the necessity and proportionality of blocking in
relation to each of the possible motivations that are mentioned by the
Commission and in relation to each of the technologies listed by the
Commission, as well as deep packet inspection. Our view is that blocking is
not the "least restrictive alternative" in any of the possible scenarios and
that blocking of gambling sites in order to protect domestic services from
competition is a blatant and unacceptable affront to the most basic
principles on which the European Union is based.

Consultation document - Green Paper: On on-line gambling in the Internal
Market (24.03.2011)
http://ec.europa.eu/internal_market/consultations/docs/2011/online_gambling/com2011_128_en.pdf

EDRi's consultation response (29.07.2011)
http://www.edri.org/files/110729_gamblingconsultation_EDRI.pdf

Basta documentary (only in Dutch)
http://www.een.be/programmas/basta/de-mol-in-het-belspel

EDRi-gram: EC's leak describes blocking as "challenging", "costly" and
ineffective (26.01.2011)
http://www.edri.org/edrigram/number9.2/blocking-commission-gambling

(Contribution by Joe McNamee - EDRi)

============================================================
2. UK riots give birth to the idea of suspending social media services
============================================================

The recent riots that have taken place in the UK have initiated a
wave of statements from officials on the necessity to shut down or suspend
access of UK citizens to certain social media services.

The Metropolitan Police Service confirmed that it considered shutting off
some social media sites: "The MPS did consider whether social media sites
could be closed during the disorder but police do not have the facilities or
the legislation to enable this."

David Lammy, the parliamentary representative for the London
district of Tottenham, went so far as to ask BlackBerry to consider
suspending its messaging service.

Even the prime minister David Cameron in his speech in the House of Commons
indicated that there was a need to find a way to stop people from
communicating via such services:
"Free flow of information can be used for good. But it can also be used for
ill. And when people are using social media for violence we need to stop
them. So we are working with the police, the intelligence services and
industry to look at whether it would be right to stop people communicating
via these websites and services when we know they are plotting violence,
disorder and criminality."

Privacy campaigners such as Open Rights Group (ORG) are concerned about the
precedent that might be created by this situation and the possible abuse of
powers by the authorities. "Events like the recent riots are frequently used
to attack civil liberties," said Jim Killock, executive director of ORG
who added: "Policing should be targeted at actual offenders, with the proper
protection of the courts. How do people 'know' when someone is planning to
riot? Who makes that judgement? The only realistic answer is the courts must
judge. If court procedures are not used, then we will quickly see abuses by
private companies and police. Citizens also have the right to secure
communications. Business, politics and free speech relies on security and
privacy. David Cameron must be careful not to attack these fundamental needs
because of concerns about the actions of a small minority".

Reporters Without Borders urged the British authorities "to rule out any
possibility of shutting down or drastically restricting the use of social
networks such as Facebook and Twitter". The NGO also expressed its concern
on the personal data provided by Research in Motion (RIM) - the Canadian
manufacturer of the popular BlackBerry smartphone - the validity of the data
as evidence and the legality of the way it was acquired.

Reporters Without Borders declared that "(it) is not minimizing the gravity
of the situation in the United Kingdom and the urgency of the need to
restore order, but it believes that the provision of personal data to the
police sets a disturbing precedent in a western country and could have
significant consequences as regards setting an example for others kinds of
government."

The tendency is even more concerning, as a study on the effects of
censorships published by AntonioCasilli from Telecom ParisTech and EHESS of
Paris, Paola Tubaro from Greenwich University, revealed that, actually,
censoring of the Internet and communication is a factor that increases the
violence of riots. The hypothesis is verified by the situation in Tunis
where the censoring of the Internet precipitated Ben Ali's fall and in Egypt
where the total cut off of the Internet led to the civil uprisings against
Hosni Mubarak.

Concern that social networks to be targeted as BlackBerry helps British
police identify rioters (12.08.2011)
http://en.rsf.org/united-kingdom-concern-that-social-networks-to-be-12-08-2011,40776.html

Social media information helped prevent some riot damage, police say
(17.08.2011)
http://out-law.com/page-12161

Rioters' access to social media could be stopped, Government says
(12.08.2011)
http://out-law.com/page-12148

Prime Minister's attack on social media unwarranted (11.08.2011)
http://www.openrightsgroup.org/blog/2011/david-cameron

A study reaches the conclusion that Internet censuring increases the riots
(only in French, 18.08.2011)
http://www.numerama.com/magazine/19585-une-etude-conclut-que-la-censure-du-net-accroit-les-emeutes.html

============================================================
3. German DPA asks for the removal of Facebook "like" button
============================================================

Thilo Weichert, the German data protection commissioner from the Independent
Center for Privacy Protection (ULD) - the Data Protection Authority (DPA)
from the state of Schleswig-Holstein, on 19 August 2011 called on website
owners in his north German state to remove Facebook "like" buttons by the
end of September 2011 or possibly face a fine.

Weichert stated that, according to a thorough legal and technical analysis
by ULD, when people use the "like" button on Facebook pages, traffic and
content data are transferred to Facebook's US-based servers.
"Whoever visits facebook.com or uses a plug-in must expect that he or she
will be tracked by the company for two years. Facebook builds a broad
individual - and for members even a personalized - profile," stated
Weichert. ULD considers that such a profiling infringes German and European
data protection law.

In this case, if the website owners in the respective German state do not
comply with the request, ULD, after performing the hearing and
administrative procedure, may place a formal complaint, a prohibition order
as well as a penalty fine that may reach 50 000 Euro.

"We firmly reject any assertion that Facebook is not compliant with EU
data-protection standards. The Facebook 'like' button is such a popular
feature because people have complete control over how their information is
shared through it," was Facebook spokesman Andrew Noyes's statement.
Facebook admitted the "Like" button could pass on information such as user
IP addresses, but said the data was deleted after 90 days according to the
industry standard.

Having strict online privacy policies, Germany has had several issues with
Facebook lately. German data protection authorities also said Facebook's new
facial recognition feature was illegal and asked the site to remove it and
delete all related information. They also demanded that network users get
more control over their e-mail address books in the "Friend Finder" tool.

ULD to website owners: "Deactivate Facebook web analytics" (19.08.2011)
https://www.datenschutzzentrum.de/presse/20110819-facebook-en.htm

Facebook 'like' button declared illegal (19.08.2011)
http://www.thelocal.de/sci-tech/20110819-37073.html

In his statement, Weichert German official: Ditch Facebook's 'like' buttons
(19.08.2011)
http://articles.cnn.com/2011-08-19/tech/facebook.germany.like_1_facebook-accounts-andrew-noyes-facebook-users?_s=PM:TECH

Germany vs. Facebook: Like Button Declared Illegal, Sites Threatened With
Fine (19.08.2011)
http://siliconfilter.com/germany-vs-facebook-like-button-declared-illegal-sites-threatened-with-fine/

EDRi-gram: Facebook's face recognition raises privacy complaints
(15.06.2011)
http://www.edri.org/edrigram/number9.12/facebook-face-recognition-privacy

============================================================
4. Turkey postpones its Internet filtering plans
============================================================

Having been fiercely criticized since May 2011 over its Internet filtering
system (Procedures and Principles regarding Safe Internet Use) planned to be
imposed on 22 August, the Information Technologies Board (BTK) has decided
to delay the introduction of the system till 22 November 2011 and to reduce
the number of filters that are now said to cover adult content.

The government's plan was to force Internet users to choose from among a
list of filtering packages meant to block certain unspecified websites.

Under the modified version, Turkish Internet users will no longer be obliged
to install the BTK filtering software on their computers and the number of
alternative versions of the software has been reduced from four to two
("family" and "child").

Also, under the new version, filtering is optional. A subscriber who does
not want to choose an Internet profile to be brought to the BTK will be able
to access the Internet without a profile or filtering system.

The BTK's changes follow recommendations from the Internet Council, which is
a part of the Transportation and Communications Ministry. Serhat Vzeren, the
head of the Internet Council stated for the Anatolia news agency that BTK
had paid attention to the opinions and proposals of civil society when
revising the regulation adding that the introduction of the regulations had
been postponed in order to give time for service providers to prepare their
infrastructure for the new system.

The criteria for the two optional Internet profiles would be determined soon
and would be periodically updated.

Turkey backtracks on controversial Internet filtering plans (5.08.2011)
http://www.todayszaman.com/news-252787-turkey-backtracks-on-controversial-internet-filtering-plans.html

In Turkey, Proposed Internet Filters Stir Protests (9.08.2011)
http://www.npr.org/2011/08/09/139239928/in-turkey-proposed-internet-filters-stir-protests

Internet agency retreats on filtering, but does not give up (10.08.2011)
http://en.rsf.org/turkey-government-agency-wants-to-install-06-05-2011,40238.html

EDRi-gram: Don't use "crispy" on the Turkish Internet! (4.05.2011)
http://www.edri.org/edrigram/number9.9/turkey-blocks-138-words-internet

============================================================
5. No effective sanction for Police abuse of Irish data retention system
============================================================

Recent media reports have confirmed that an Irish Garda (Police) detective
sergeant will not face criminal prosecution and will keep her job despite
abusing the data retention system to spy on an ex-boyfriend.

In November 2010 the annual report of the judge who oversees the Irish data
retention system confirmed media reports that the sergeant, who then worked
in the Garda intelligence division, had abused her position by accessing the
phone records of her former boyfriend, tracking details of his
communications. It appears that this came to light when the former boyfriend
became suspicious that she knew about calls which he had made since they
separated, and not as the result of any internal audit or other safeguards.
Following a Garda investigation, the Director of Public Prosecutions has
directed that no criminal charges will be brought against the sergeant, and
after an internal disciplinary process she will retain her job. Despite this
abuse of trust, the sergeant has been transferred to the Garda Special
Branch, an anti-terrorist division within the police force, where she will
continue to have access to sensitive information.

The matter was also referred to the independent Garda Siochana Ombudsman
Commission which decided not to investigate the matter further.

A number of significant questions are left unanswered. In relation to the
specific case: Why was no prosecution brought? Why was it considered
appropriate to leave a person found to have abused sensitive records in a
position of responsibility, much less the Special Branch? Why was this
person not dismissed?

More general questions are also raised: Was this part of a wider pattern of
abuse? Is there an adequate internal audit trail of data retention requests?
If so, who is responsible for reviewing that trail? Does the designated
judge access a sample of requests from the preceding year to ensure that the
surveillance was appropriate? If not, what other steps are taken to review
the approximately 15 000 data retention requests which are made every year?

Given the lack of adequate sanctions for this abuse and the failure of
either the designated judge or the Department of Justice to provide answers
to these questions it is hard to see how the Irish public can be expected to
have any confidence in the data retention system.

Report of the Designated Judge (26.01.2010)
http://www.scribd.com/doc/58099350/Interception-and-Data-Retention-Annual-Report-2009-10

Judge's report reveals allegations that Garda used phone records to spy on
her ex (20.02.2011)
http://www.tjmcintyre.com/2011/02/judges-report-reveals-allegations-that.html

Garda detective quizzed for 'spying on her ex', Mail on Sunday, (27.06.2011)
Garda accused of bugging her ex-boyfriend, The Sunday Times, (20.02.2011)
Garda who spied on her boyfriend will keep job, The Sunday Times,
(14.08.2011)

(Contribution by TJ McIntyre - EDRi-member Digital Rights Ireland)

============================================================
6. US Hotline reports vast improvements in removal of child abuse websites
============================================================

In the course of the past year the US National Centre for Missing and
Exploited Children (NCMEC) made huge improvements in its handling of both
domestic and international reports of web-based child abuse material. These
sudden and huge improvements come at a time when both the European
Commission and individual member states, Germany in particular, have
increased their international efforts to address child abuse crimes at
source, rather than relying on addressing the symptoms through measures such
as web blocking. These efforts are, in large part, the result of
anti-blocking campaigns on national and EU level.

Although still far from perfect (with regard to due press of law and
anonymous reporting, in particular), the US has moved from being widely
considered to being a "safe haven" for such material to introducing diligent
procedures that are significantly better than those in the EU on a number of
fronts. The raw data are impressive. In May 2010, it was taking an average
of 6.85 days to process complaints (94% of reports concerned legal material)
while in May 2011, this delay had been reduced to 0.91 days. The amount of
time to have the websites disabled was also impressively reduced, from 5.09
days to 1.99 days over the same period.

Both the EU and US systems suffer from the serious problem that sites are
removed without judicial order, thereby circumventing both due process of
law and also the automatic involvement of law enforcement authorities,
despite the seriousness of the crimes depicted on the websites. It is
inexplicable and sad that child abuse appears to be the only crime in
society where it is normal and accepted that evidence can be posted on the
Internet and not investigated and where due process of law is not an
automatic reaction to compelling evidence of the crime being found.

Ironically, the quicker the "takedown" happens, the greater the risk that
law enforcement authorities will feel able to devote their resources to
other priorities, leaving the criminals with an effective licence to commit
their crimes again. However, the US system "freezes" the site, storing all
of the data that could be used by law enforcement authorities whereas the
European approach is to simply delete the sites. The European approach
therefore often works on the assumption that there will not be an
investigation, that there will not be an effort to identify the victims, the
owner of the site and the users of the site and, crucially, removes any
pressure on law enforcement authorities to take action.

It is to be hoped that the US approach will lead to statistics being
produced to show how many times the disabling of the websites is not
followed up by law enforcement authorities - such statistics should help
focus politicians' minds on the crimes going uninvestigated and unpunished.

In the EU, European hotlines are contractually obliged by the European
Commission to produce statistics and, since last year, required to publish
public statistics. Despite this, there is very little information available
apart from the limited data provided by the Irish Internet Hotline and the
Internet Watch Foundation (UK) and the thorough and impressive data produced
by the ISPA Stopline in Austria. In the absence of such information,
policy-makers, as shown all too clearly in the blocking debate, are forced
to make policy without the data needed to make informed decisions.

NCMEC: URL reports to the CyberTipline and average # of days for staff to
process
http://www.edri.org/files/ncmec-1.pdf

NCMEC Notice Tracking System
http://www.edri.org/files/ncmec-2.pdf

NCMEC Notice Tracking Statistics
http://www.edri.org/files/ncmec-3.pdf

Irish Internet Hotline
http://www.hotline.ie

Internet Watch Foundation
http://www.iwf.org.uk

ISPA Austria Stopline
http://www.stopline.at

(Contribution by Joe McNamee - EDRi)

============================================================
7. Copyright industry obtains court injunction against BT to block website
============================================================

In a dangerous precedent, on 28 July 2011, an UK High Court judge ruled that
British Telecom (BT), the UK largest ISP, had to prevent its customers from
accessing Newzbin 2, a website searching Usenet and providing links to lots
of films, books and music - most of which infringe copyright.

The case was brought to court by six major film studios, including Warner
Brothers, Disney and Fox. BT will have to use in this case the technology
it has developed to block access to websites featuring images of child
abuse.

According to Section 97A of the Copyright, Designs and Patents Act, UK
courts have the power to grant an injunction against an ISP if it had actual
knowledge that someone had used its service to infringe copyright. The judge
in this case rejected Newzbin's argument that it was merely providing search
results. "In my judgement it follows that BT has actual knowledge of other
persons using its service to infringe copyright: it knows that the users and
operators of Newzbin 2 infringe copyright on a large scale, and in
particular infringe the copyrights of the Studios in large numbers of their
films and television programmes," he said.

As Article19 has pointed out, the judge ordered BT to block its subscribers
from using Newzbin.com even for legitimate purposes, and concluded that the
intellectual property rights of the rights holders "clearly outweighed" the
freedom of expression rights of the users of Newzbin.com, and "even more
clearly" those of the operators of Newzbin.com.

Also, Article19 underlined that the high court order is very likely in
breach of international standards for the protection of freedom of
expression, particularly of the proportionality principle and considers it
has set too low the threshold for ordering blocking, it does not properly
balance the right to property with the right to freedom of expression, and
shows no consideration for the chilling effect of the measure.

Ordering the blocking of an entire domain name, and not of specific
web-pages, is also considered to be in breach of the requirement for
necessity in international law. BT also argued against blocking an entire
website suggesting it would be more proportionate for the studios to provide
a list of specific web-pages to be blocked but the argument was rejected by
the court.

Other campaigners, such as EDRi-member ORG, consider the decision as
"pointless and dangerous". The worst part of this decision is that actually
the court does not really care if the technical blocking really works or
not. The judge wrote: "I agree with counsel for the Studios that the order
would be justified even if it only prevented access to Newzbin2 by a
minority of users".

ORG also raised the concern that this precedent might be a first step for
future blocking injunctions. It also tried to emphasized that "blocking
should not be seen as an easy fix for complex social problems."

Following this victory, the studios now intend to seek similar orders
against other large ISPs in the UK.
.
High Court forces BT to block links to pirate site (28.07.2011)
http://www.out-law.com/page-12117

Will Newzbin be blocked? (28.07.2011)
http://www.lightbluetouchpaper.org/2011/07/28/will-newzbin-be-blocked/

A big week for copyright in the courts (2.08.2011)
http://www.openrightsgroup.org/blog/2011/a-big-week-for-copyright-in-the-courts

England and Wales: blocking website sets bad international precedent
(1.08.2011)
http://www.article19.org/resources.php/resource/2508/en/england-and-wales:-blocking-website-sets-bad-international-precedent

============================================================
8. Recommended Action
============================================================

Survey that gathers the views of internet users from all EU countries
on the use of personal information, privacy, and giving consent
online. This survey is part of the CONSENT project - a collaborative project
co-funded by the European Commission under the FP7 programme.
http://bit.ly/Survey-CONSENT

============================================================
9. Recommended Reading
============================================================

UK: Protecting information privacy - Equality and Human Rights Commission  
Research report 69 (Summer 2011)
http://www.equalityhumanrights.com/uploaded_files/research/rr69.pdf

============================================================
10. Agenda
============================================================

7 September 2011, Berlin, Germany
Balancing the interests in the context of data retention
http://www.uni-kassel.de/einrichtungen/iteg/forschung/invodas/invodas-abschlusstagung.html

8-9 September 2011, Brussels, Belgium
6th Annual Conference of the European Policy for Intellectual Property
Fine-Tuning IPR debates
http://www.epip.eu/conferences/epip06/

10-17 September 2011
Freedom Not Fear - International Action Week
http://www.freedomnotfear.org

16-18 September 2011, Warsaw, Poland
Creative Commons Global Summit 2011
http://wiki.creativecommons.org/Global_Summit_2011

16 September 2011, Leeds, UK
Conference "Human Rights in the Digital Era"
http://digitalrights.leeds.ac.uk

27-30 September 2011, Nairobi, Kenya
Sixth Annual IGF Meeting: Internet as a catalyst for change: access,
development, freedoms and innovation
http://www.intgovforum.org/cms/nairobipreparatory

11 October 2011, Brussels, Belgium
ePractice Workshop: Addressing evolving needs for cross-border eGovernment
services
http://www.epractice.eu/en/events/epractice-workshop-cross-border-services

13-14 October 2011, Lisbon, Portugal
2nd International Graduate Conference in Communication and Culture: The
Culture of Remix
http://blogs.nyu.edu/projects/materialworld/2011/05/cfp_the_culture_of_remix.html

20-21 October 2011, Warsaw, Poland
Open Govrenment Data Camp
http://opengovernmentdata.org/camp2011/

27-30 October 2011, Barcelona, Spain
Free Culture Forum 2011
http://fcforum.net/

9 November 2011, Bucharest, Romania
Inet Conference: Access, Trust and Freedom: Coordinates for future Internet
http://www.isoc.org/isoc/conferences/inet/11/bucharest-agenda.shtml

11-13 November 2011, Gothenburg, Sweden
FSCONS is the Nordic countries' largest gathering for free culture, free
software and a free society.
http://fscons.org/

25-27 January 2012, Brussels, Belgium
Computers, Privacy and Data Protection 2012
http://www.cpdpconferences.org/

============================================================
11. About
============================================================

EDRi-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRi has 28 members based or with offices in 18 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge and
awareness through the EDRi-grams.

All contributions, suggestions for content, corrections or agenda-tips are
most welcome. Errors are corrected as soon as possible and are visible on
the EDRi website.

This EDRi-gram has been published with financial support from the EU's
Fundamental Rights and Citizenship Programme.

Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 3.0 License. See the full text at
http://creativecommons.org/licenses/by/3.0/

Newsletter editor: Bogdan Manolea <edrigram at edri.org>

Information about EDRI and its members:
http://www.edri.org/

European Digital Rights needs your help in upholding digital rights in the
EU. If you wish to help us promote digital rights, please consider making a
private donation.
http://www.edri.org/about/sponsoring

- EDRI-gram subscription information

subscribe by e-mail
To: edri-news-request at edri.org
Subject: subscribe

You will receive an automated e-mail asking to confirm your request.
Unsubscribe by e-mail
To: edri-news-request at edri.org
Subject: unsubscribe

- EDRI-gram in Macedonian

EDRI-gram is also available partly in Macedonian, with delay. Translations
are provided by Metamorphosis
http://www.metamorphosis.org.mk/edri/2.html

- EDRI-gram in German

EDRI-gram is also available in German, with delay. Translations are provided
Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for
Internet Users
http://www.unwatched.org/

- Newsletter archive

Back issues are available at:
http://www.edri.org/edrigram

- Help
Please ask <edrigram at edri.org> if you have any problems with subscribing or
unsubscribing. 

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE





More information about the cypherpunks-legacy mailing list