EDRi-gram newsletter - Number 9.13, 29 June 2011

EDRI-gram newsletter edrigram at edri.org
Wed Jun 29 10:23:54 PDT 2011


============================================================

       EDRi-gram

biweekly newsletter about digital civil rights in Europe

Number 9.13, 29 June 2011

============================================================
Contents
============================================================

1. CSISAC decision not to endorse draft OECD Internet Communiqui
2. The Netherlands - first EU country to launch net neutrality
3. Negotiations end in confused text on Internet blocking
4. EU-US PNR agreement found incompatible with human rights
5. High level discussions on online tracking
6. New draft law for data retention in Romania
7. UK: Copyright holders ask for website blocking
8. No anonymous Internet usage in Denmark?
9. Traffic data fraudulently obtained by the Czech police
10. Low level of protection for minor's privacy on social networks
11. Recommended Action.
12. Recommended Reading
13. Agenda
14. About

============================================================
1. CSISAC decision not to endorse draft OECD Internet Communiqui
============================================================

As a founding member and Steering Committee member of CSISAC (The Civil
Society Information Society Advisory Council to the OECD), European Digital
Rights (EDRi) strongly supports CSISAC's decision not to endorse the draft
Communiqui currently under discussion by the OECD. EDRi was directly
involved in the discussions that led to this decision.

Having participated constructively in the OECD Internet policy development
process over many months, together with other CSISAC members, EDRI and
CSISAC support many of the proposed principles, in particular, policies that
support the open, interoperable Internet, and multi-stakeholder policy
development processes, but regret that other provisions of the draft OECD
Communiqui do not meet civil society expectations.

The final draft Communiqui threatens established human rights principles and
the rule of law. It places excessive emphasis on enforcement of intellectual
property, without taking due consideration of fundamental rights and the
damage that such measures could have for openness and innovation on the
Internet. Similarly, in the context of cybersecurity, it places undue weight
on security without giving adequate consideration to proportionality.

Most seriously of all, the implication of much of the text is to abandon the
rule of law and hand over both enforcement and policing of cyberspace to
online intermediaries. The text's repeated references to access to "lawful
content" implies that intermediaries should decide what is legal and
accessible and what is not - although they lack both the capacity and
credibility to take over such a role. Similarly, much of the text appears to
imply that Internet providers should also be responsible for punishing
alleged infringements, possibly through measures such as disconnection of
consumers ("graduated response").

More generally, EDRi has profound concerns regarding the tone of the draft
text as a whole - which appears to already be regressing from the principles
established in 2008 by the OECD's "Seoul Declaration".

EDRi's opposition to the draft Communiqui is not a matter of drafting, it is
an indication of a profound concern that the principles that it espouses are
contrary to core values of society as a whole. These are the values that
civil society exists to protect.

The development process for the Communiqui has been far more open and
inclusive than many exist in many other international forums. This should be
applauded and has made the decision not to support the current draft outcome
of the process very difficult. It was a decision that was not taken lightly.

Civil Society Seoul Declaration
http://csisac.org/seoul.php

OECD Seoul Declaration
http://www.oecd.org/dataoecd/49/28/40839436.pdf

CSISAC
http://csisac.org

CSISAC Press Release - Civil Society Coalition Declines to Endorse OECD
Communiqui on Principles for Internet Policy-Making; Urges OECD to Reject
"Voluntary" Steps For Filtering and Blocking of Online Content(28.06.2011)
http://www.edri.org/files/CSISAC_Press_Release_0628011_FINAL.pdf

CSISAC Statement on OECD Communiqui on Principles for Internet Policy-Making
(28.06.2011)
http://www.edri.org/files/CSISAC_Statement_on_OECD_Communique%2006282011_FINAL_COMMENTS.pdf

============================================================
2. The Netherlands - first EU country to launch net neutrality
============================================================

A broad majority in the Dutch Parliament voted on 22 June 2011 for a
legislative proposal to safeguard an open Internet in The Netherlands.
The proposal prohibits Internet access providers from restricting or
charging end-users for specific services. In addition, provisions were
launched protecting users against disconnection and wiretapping by
providers. The Netherlands is the first country in Europe to launch net
neutrality provisions in parliament. Dutch digital rights movement and
member of EDRi Bits of Freedom calls upon other countries to follow the
Dutch example.

Net neutrality means that Internet service providers may not hinder or
block different kinds of applications and content online. Dutch telecom
incumbent KPN recently received world-wide media-attention because of it
plans to charge Internet users for the use of innovative and competitive
services such as Internet telephony. The legislative proposal aims to
prevent this, while still allowing for measures in case of congestion
and for network security, as long as these measures serve end-user
interests.

Another proposal regarding internet connection ensures that
internet providers can only disconnect their users in a very limited set
of circumstances. A third proposal restricts internet providers from
using invasive wiretapping technologies, such as deep packet inspection
(DPI).

The proposals are introduced by the Dutch parliament in the course of
the implementation of the European telecommunications package. The
proposals will also have to be adopted by the Dutch Senate (Eerste
Kamer) before entering into force. English translations of the
amendments can be found on the website of Bits of Freedom.

Press release regarding net neutrality of Bits of Freedom (22.06.2011)
https://www.bof.nl/2011/06/22/press-release-%e2%80%93-the-netherlands-first-country-in-europe-to-launch-net-neutrality/

Description of Dutch internet freedom proposals (22.06.2011)
https://www.bof.nl/2011/06/22/netherlands-launches-internet-freedom-legislation/

English translation of Dutch internet freedom proposals (27.06.2011)
https://www.bof.nl/2011/06/27/translations-of-key-dutch-internet-freedom-provisions/

(Contribution by Ot van Daalen - EDRi-member Bits of Freedom Netherlands)

============================================================
3. Negotiations end in confused text on Internet blocking
============================================================

After months of negotiation, the Council, Parliament and Commission finally
agreed a text on Internet blocking where everyone appears to have got what
they wanted, except the European Commission. The agreed text now needs to be
signed off by the political groups, before being put to a vote in the Civil
Liberties Committee on 12-13 July 2011. A full vote of the European
Parliament's plenary in September will definitively end the process in that
institution.

The provisional text removes the proposed obligation on EU Member States to
introduce web blocking and also removes the wording which proposed
encouragement and "stimulation" (sic) of Internet providers to introduce
blocking outside the rule of law.

The explanatory "recital" that is meant to provide clarification of the
meaning of the main article is entirely schizophrenic. For those who wish to
ignore the European Charter and European Convention on Human Rights, the
explanation says that these provisions "are without prejudice to
(unspecified) voluntary action taken by the internet industry."
Neither"voluntary" or indeed what "action" is referred to is explained.

For those who wish to see provisions of Article 52 of the Charter and
Articles 8 and 10 of the Convention respected, particularly with regard to
the need for restrictions to be based on law, the text explains that "Member
States should ensure that it provides an adequate level of legal security
and predictability to users and service providers." This wording echoes
rulings from the European Court of Human Rights interpreting the concept of
"in accordance with the law" in various existing rulings.

The final compromise text allows blocking, doesn't require blocking, allows
"voluntary" actions but does not explain what this might be, prohibits
voluntary blocking, but possibly not in an enforceable way and suggests
Member States should take action to remove the material at source, but uses
wording so weak that it is practically unenforceable.

The European Commission's Communication "Towards an EU Strategy on the
Rights of the Child" adopted in 2006 established a set of specific
objectives for the Union. - item 6 was "communicating more effectively on
children's rights". It is to be hoped that the chaotic mess that was adopted
does not effectively communicate the coherence, quality and priorities of
the European Union in this policy area.

EU Child Rights Communication
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2006:0367:FIN:EN:PDF

EDRi's blocking booklet
http://www.edri.org/files/blocking_booklet.pdf

Compromise text and analysis
http://www.edri.org/blocking_negotiations

Proposal for a Directive on combating the sexual abuse, sexual exploitation
of children and child pornography, repealing Framework Decision 2004/68/JHA
(29.03.2010)
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2010:0094:FIN:EN:PDF

Impact assessment (25.03.2009)
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=SEC:2009:0355:FIN:EN:PDF

Commissioner Malmstrvm's blog (in Swedish and English) on this issue
(29.03.2010)
http://ceciliamalmstrom.wordpress.com/2010/03/29/ett-slag-for-barnens-rattigheter/

MOGiS (abuse survivors against internet blocking): Remove, don't block! -
Act, and don't look away!
http://mogis-verein.de/eu/

(Contribution by Joe McNamee - EDRi)

============================================================
4. EU-US PNR agreement found incompatible with human rights
============================================================

In a note sent on 16 May 2011 to the Director-General of DG Home Affairs,
the Legal Service of the European Commission warns that the draft EU-US
agreement on the exchange of PNR data is not compatible with fundamental
rights.

The EC's lawyers found several areas of concern related to the planned
agreement. Significant issues are the proportionality of the agreement which
covers minor crimes as well, its extension to US border security "which is
not linked to the purpose of preventing terrorism or serious crime", a far
too long (15 years) data retention period for the data collected for the
agreement purpose, the lack of judicial redress for the data subjects, the
lack of "guarantee of independent oversight".

After having reviewed the present draft, the Legal Service draws the
attention over the fact that its earlier comments had not been considered in
drafting the present variant of the agreement: "all (these) comments were
already transmitted to your services in the course of the negotiations."

The Legal Service concludes that "despite certain presentational
improvements, the draft agreement does not constitute a sufficiently
substantial improvement of the agreement currently applied on a provisional
basis, the conclusion of which was refused on data protection grounds by the
European Parliament." Moreover, the use of the PNR data for US
border security is considered a step back from the point of view of data
protection. The conclusion therefore related to the agreement is that "the
Legal Service does not consider the agreement in its present form as
compatible with fundamental rights."

Hopefully this opinion may weigh in the decision of the European Parliament
which, according to the Lisbon Treaty, has the power to refuse it.
"This Agreement does not meet EU data protection standards of
proportionality or purpose limitation, nor does it provide judicial redress
to data subjects or any guarantee of independent oversight" says Tony
Bunyan, Statewatch Director who believes that it's high time EU takes
a firmer stand in the matter. "Secret Minutes of EU-US meetings since 2001
show that they have always been a one-way channel with the US setting the
agenda by making demands on the EU. When the EU does make rare requests like
on data protection, because US law only offers protection and redress to US
citizens, they are bluntly told that the US is not going to change its data
protection system".

MEP Jan Philipp Albrecht, member of the European parliament's civil
liberties committee, believes that by pushing forward this agreement, EU is
acting against its own legal advice. "The commission cannot simply continue
to stick its fingers in its ears, and it is high time that it dropped its
obsession with PNR. This means going back to the drawing board and
renegotiating the draft agreements with the US, Australia and Canada on
passenger record retention, ensuring these agreements are in line with EU
data protection law. It also means dropping the proposed legislation on the
retention of passenger data within the EU."

As regards the EU PNR proposal, this has been slammed also by the European
Union Agency for Fundamental Rights (FRA). The Agency has issued an opinion
on the Proposal for a Directive on the use of PNR data, identifying a series
of issues regarding the compliance of the proposal with the Charter of
Fundamental Rights of the European Union.

FRA is concerned by the risk of direct discrimination related to PNR data
transmitted by air carriers, which may include sensitive or special data.
"It would therefore be useful to introduce a prohibition on the transmission
of such data by air carriers."

Regarding the limitation of fundamental rights covered by the proposal, FRA
is concerned by the vagueness of several formulations and believes the
explanatory memorandum of the proposal "does not sufficiently substantiate
the necessity of the limitation for all crimes covered," and that "the
necessity and proportionality of the PNR system would need to be
demonstrated."

For the compliance with the right to protection of personal data, FRA
suggests the control should be provided by fully independent supervisory
authorities that "can take action on their own initiative to protect
proactively and effectively the interests of data subjects and have
sufficient resources to do so in practice."

European Commission's Legal Service says EU-USA PNR agreement is "not
compatible with fundamental rights" (03.06.2011)
http://www.statewatch.org/news/2011/jun/03eu-us-pnr-com-ls.htm

Observatory on the exchange of data on passengers (PNR) with USA
http://www.statewatch.org/pnrobservatory.htm

Air passenger data plans in US-EU agreement are illegal, say lawyers
(20.06.2011)
http://www.guardian.co.uk/world/2011/jun/20/air-passenger-data-plans-illegal

Opinion of the European Union Agency for Fundamental Rights (FRA) on the
Proposal for a Directive on the use of Passenger Name Record (PNR) data for
the prevention, detection, investigation and prosecution of terrorist
offences and serious crime (COM(2011) 32 final) (14.06.2011)
http://www.statewatch.org/news/2011/jun/eu-pnr-fra-opinion.pdf

============================================================
5. High level discussions on online tracking
============================================================

A meeting organised jointly by the University of Berkeley and the Institute
for Information Law of the University of Amsterdam drew together an
outstanding collection of international experts, NGOs and industry
representatives to discuss online tracking protection and browsers.

Information Society Commissioner Neelie Kroes opened the event where she
brandished the "stick" of strict enforcement of the e-Privacy Directive if
industry did not accept the "carrot" of self-regulation to achieve
compliance. She described as "encouraging" the EASA and IAB Best Practice
Recommendation, which uses a tiny icon to alert users to the fact that they
are being tracked and profiled and being delivered advertising designed to
match that profile - using a cookie as an opt-out mechanism.

She pointed out that tracking is far more than cookies and can be done via
browser fingerprinting and add-ons. She therefore called on the advertising
industry to come up with a "do not track" (DNT) standard that "must be rich
enough for users to know exactly what compliant companies do with their
information and for me to be able to say to industry: if you implement this,
then I can assume you comply with your legal obligations under the ePrivacy
Directive." She challenged the industry to come up with such a standard
within twelve months.

Commissioner Kroes' speech was followed by one from Federal Trade
Commissioner Julie Brill. She provided an overview of the current US
thinking and policy development. She said that her thinking was driven by
three key concepts - the need for privacy by design, the need for simplified
choice and the need for increased transparency. Regarding a DNT standard,
she said it needed to be easy to use, effective, universal, had to cover
collection as well as use of data and had to represent a persistent choice.
The final point was clearly an issue due to at least one case in the US
where an "opt-out" offered by an online company only lasted several days.

Commissioner Brill expressed particular concern about the situation in the
mobile market. She said that, of the top 30 mobile apps, 22 did not have a
privacy policy and those that did have a policy, did not make them
particularly easy to find.

The third policy-maker to speak was Robert Madelin, Director General of DG
Information Society of the European Commission. He acknowledged and welcomed
the G8 approach that Internet regulation needed to be convergent and
interoperable. He described his minimum criteria for the creation of
self-regulatory systems, the basis of which comes from a document produced
when Mr Madelin was Director General of the Health and Consumer Protection
Directorate General of the Commission. Key points which he stresses are
clear goals from the outset, involvement of all relevant stakeholders from
the outset and clear metrics for the measurement of results.

The remainder of the meeting consisted mainly of very high-level panel
discussions and a fascinating insight into the extent of online tracking,
the technologies used and the main companies involved by Ashkan Soltani.

Self-regulation principles
http://ec.europa.eu/consumers/overview/report_advertising_en.pdf

Ashkan Soltani
http://ashkansoltani.org/

Event website
http://www.law.berkeley.edu/11166.htm

IAB/EASA Best practice guideline
http://www.easa-alliance.org/binarydata.aspx?type=doc/EASA_BPR_OBA_12_APRIL_2011.pdf/download

Do Not Track: The Regulators' Challenge
http://www.w3.org/QA/2011/06/do_not_track_the_regulators_ch.html

(Contribution by Joe McNamee - EDRi)

============================================================
6. New draft law for data retention in Romania
============================================================

The Romanian Ministry of Information Society and Communication (MCSI)
submitted, for public comments, on 23 June 2011, a new draft law for the
implemention of the EU data retention directive, after the Romanian
Constitutional Court decided on 7 October 2009 that the Romanian law was
unconstitutional.

The explanation for the new text is merely a copy&paste from former
documents. The new text just adds that this law was necessary because the
European Commission has initiated a new action of infringement (letter
C(2011) 4111 dated 16 June 2011) in the case 2011/2089 for not implementing
the data retention directive.

Although the explanation of the Ministry is that the new text is compliant
with the decision of the Constitutional Court and the ECHR jurisprudence,
the text of the draft law is nothing else than a copycat of the former law
298/2008, that has been already declared unconstitutional. The only addition
that is supposed to solve this problem is the new article 13 that says the
data retention activity must fulfil the principles of same quality and
security than other data used by electronic communication providers, and of
"appropriate technical and organisational measures" for not losing or
abusing the data (without making any reference to what that might mean in
practice).

Instead, the present text is in fact vaguer than the initial law that
was declared unconstitutional. The procedure to access the data has been
deleted, just saying that the data might be accessed under the conditions of
the "Penal procedure code and other special laws". Only that the current
Penal procedure code does not foresee any procedure in this respect and, at
least this moment, there are no special laws on the subject.

Also the right to access the data can now be exerted by any "judicial
authorities" and "authorities with attributions for national security and
safety", which was a vagueness of the text already criticized by the
Constitutional Court.

Ionut Negrescu, the deputy general secretary in the MCSI claims that the
Romanian authorities have been working for 1 year and a half in a working
group led by the Ministry of Justice together with the MCSI, Ministry of
Internal Affairs and Department of European Affairs. However, MCSI refused
to admit even the existence of such a group, despite several questions
publicly addressed by the civil society since 2010. Also, there was no
public statement on this matter during all this period.

At the same time, Negrescu admits that MCSI is in a deadlock: "The
Constitutional Court says you may not retain for 6 months the traffic data
of a person that is not under penal investigation and we were retaining all
citizens' data. On the other hand, this is against the EU directive, which
asks to retain this data for a minimum of 6 months. Here, we are in a
deadlock".

Basically, between respecting human rights and the Constitutional Court
decision and following the opinions of the European Commission, the Romanian
Government choose the latter.

Five civil society NGOs, including EDRi-member ApTI, have asked for a public
debate on the subject organized by MCSI, claiming that the current text is
still unconstitutional. So far, no official reaction from MCSI has been
received.

Draft law on data retention (only in Romanian, 23.06.2011)
http://www.mcsi.ro/Transparenta-decizionala/24/ProiectRetinereaDatelor

Reasoing for the draft law on data retention (only in Romanian, 23.06.2011)
http://www.mcsi.ro/Transparenta-decizionala/24/ExpunereMotive

5 NGOs warn that the new Big Brother draft law is still unconstitutional
(only in Romanian, 28.06.2011)
http://economie.hotnews.ro/stiri-telecom-9185463-cinci-ong-uri-avertizeaza-noul-proiect-pentru-asa-numita-lege-big-brother-are-continuare-prevederi-neconstitutionale.htm

Romania: Data retention law declared unconstitutional (21.10.2008)
http://www.edri.org/edrigram/number7.20/romania-data-retention-law-unconstitutional

Decision of the Romanian Constitutional Court (8.10.2009)
http://www.legi-internet.ro/english/jurisprudenta-it-romania/decizii-it/romanian-constitutional-court-decision-regarding-data-retention.html

============================================================
7. UK: Copyright holders ask for website blocking
============================================================

According to some leaked reports, copyright holders seem to have proposed
during a roundtable with UK Government representatives, ISPs
and others on 15 June 2011, plans that could lead to the blocking of
websites that allegedly host copyright infringing material.

Apparently, the Rightsholder Group' plans include a voluntary website
blocking scheme that would involve "expedited court procedures" letting an
"expert body" decide if websites that host copyright-infringing material
should be blocked, meaning that lobby groups might decide on website
content.

The leaked document would make reference to a "balance" between evidence and
speed of action, no analysis seems to exist on how the blocking will be done
or on the effect of such measures, no clear or comprehensive definitions of
what content will be considered blockable seem to be mentioned.

"The objective is to establish a system that protects a copyright owner's
property rights by substantially inhibiting infringement while protecting
the legitimate interests of consumers, site operators and service
providers, including (where relevant) access to services and information and
freedom of expression," says the leaked document.

The meeting where the document was presented was closed to copyrights group
and only Consumer Focus attended it, as the official "consumer" watchdog.
Consumer Focus's opinion is that blocking is no solution: "Consumers'
willingness to, or preference for, watching football games online and on
mobile devices will not diminish because access to unlicensed websites is
blocked."

According to Consumer Focus, the copyright holders propose that, after the
"expert body" has decided that copyright infringement evidence submitted  by
copyright holders is valid and that website blocking is appropriate, the
Applications Court of the High Court issues permanent injunctions against
the respective websites. "These proposals are a significant regulatory
intervention and require at the very least significant changes to the Civil
Procedure Rules. As such they should be publicly consulted on and evidence
based," says Consumer Focus.

EDRi-member Open Rights Group (ORG) also believes that discussions over how
to enforce online copyright infringement measures should be held in public.
"It is critical that policy making happens through a broad and open public
debate, especially on matters that so tangibly affect rights such as access
to information and freedom of expression," stated Peter Bradwell from ORG.

Rights holders' proposed voluntary website blocking scheme (22.06.2011)
http://www.openrightsgroup.org/blog/2011/rights-holders-propose-voluntary-website-blocking-scheme

Secret website blocking proposals presented to Ed Vaizey (21.06.2011)
http://www.openrightsgroup.org/blog/2011/secret-website-blocking-proposals

Leaked proposals detail copyright holders' website blocking code plans
(27.06.2011)
http://www.out-law.com/default.aspx?page=12030

Ed Vaizey website blocking roundtable (15.06.2011)
http://www.consumerfocus.org.uk/files/2010/10/Consumer-Focus-response-to-website-blocking-working-paper.pdf

BT wary of rights holders' site-blocking proposal (23.06.2011)
http://www.theregister.co.uk/2011/06/23/site_blocking_vaizey/

============================================================
8. No anonymous Internet usage in Denmark?
============================================================

A working group at the Danish Ministry of Justice is debating on a
recommendation to the Parliament. The current text suggests that people
using open wireless internet connections, e.g. at libraries, cafes, and
private companies identify themselves with a personal code. It is not yet
determined how people should be identified, but the working group considers
social security numbers, electronic digital signatures, and SMS-es.

The existing Danish implementation of the Data Retention Directive does not
require that users identify themselves, only that data such as payment
information, hardware addresses etc. are stored.

EDRi-member IT-POL see the recommendations as an attack to anonymity on the
Internet. The recommendations are not made public but they are described in
the printed edition of newspaper Politiken of 23-24 June 2011.

The recommendations were criticized by several civil society members,
including Rikke Frank Jxrgensen (Danish Institute for Human Rights), Jacob
Mchangama(think tank CEPOS) Niels Elgaard Larsen (IT-Pol), Pernille Drost
(Danish Union of Librarians) or Jon Lund (Danish Online News Association).

Spokesmen for the two government parties are also critical of the
recommendations and do not think that fighting international terrorism
mandates that Danes should be surveyed 24/7.

So there is some hope that this will not be passed by the Parliament. Last
year the Tax Authorities introduced a bill that would allow them to mirror
the hard disks of private companies. After criticism in the media, an
excellent brief by Mchangama and lack of support from the two governing
parties, the Minister of Taxation decided to postpone that bill, pending
investigations by a new committee.

You can no longer surf the web anonymously (only in Danish, 23.06.2011)
http://www.computerworld.dk/art/117279

Will PET curb our freedom on the net? (only in Danish, 28.06.2011)
http://politiken.dk/debat/ECE1319843/vil-pet-toejle-vores-frihed-paa-nettet/

Criticism: New Danish monitoring plan similar to DDR (only in Danish,
27.06.2011)
http://www.computerworld.dk/art/117284

No. of persons logging on public networks (only in Danish, 24.06.2011)
http://www.version2.dk/artikel/logning-af-internetbrugere-maaske-i-fare-29275

(Contribution by Niels Elgaard Larsen - EDRi-member IT-Pol - Denmark)

============================================================
9. Traffic data fraudulently obtained by the Czech police
============================================================

An inspection of the Czech Interior Ministry has revealed that police
detective Marian Hudec from Varnsdorf was gaining phone call statements
including those of President Vaclav Klaus4s closest aides as well as those
of Constitutional Court Chairman Pavel Rychetsky.

According to MfD paper, Hudec obtained the numbers of some prominent people
and wrote to the judge that he did not know the owners of the mobile
numbers, but that he was working on order and the numbers obtained were
linked to the investigation into white slave trade in his region. The judge,
however, sanctioned access to the statements.

Czech Prime Minister considered this was a serious abuse of the police and
showed failure of courts that sign whatever police submits to them. These
were traffic and location data retained under the national data retention
legislation and a procedure according to the Criminal Procedure Code was
used for the access to the respective data. Therefore this might not be an
individual mistake but rather a faulty system.

Irrespective of who's to be blamed for that, the procedure is worrying as a
private person or a firm could thus easily get hold of sensitive data on
whom and how often the high-placed people call.

Czech police was gaining phone statements of Klaus4s aides- press
(20.06.2011)
http://www.ceskenoviny.cz/zpravy/policista-nelegalne-ziskal-i-vypisy-telefonu-klausovych-lidi/653375?id=653376

============================================================
10. Low level of protection for minor's privacy on social networks
============================================================

Most social networks fail to provide an appropriate level of protection for
minors' privacy says a report recently published by the European Commission
on the implementation of "Safer Social Networking Principles for the EU", a
self-regulatory agreement brokered by the Commission in 2009 to keep
children safe online.

After several social networks have been tested on behalf of the European
Commission during December 2010 and January 2011, the conclusion is that
only two social networking sites (Bebo and MySpace) have default settings to
make minors' profiles accessible only to their approved list of contacts and
only 4 sites (Bebo, MySpace, Netlog and SchuelerVZ) make sure that minors
can be contacted by default by friends only.

Appropriate safety information for minors is however provided by a majority
of the 14 social networks tested, which also respond to requests for help
and prevent minors' profiles from being searched via external search
engines.

Neelie Kroes, Vice President of the European Commission for the Digital
Agenda, has shown her concern and disappointment in this matter and said she
would discuss with the companies and encourage them to use settings that
better protect the teenagers using these sites. "I am disappointed that most
social networking sites are failing to ensure that minors' profiles are
accessible only to their approved contacts by default. I will be urging them
to make a clear commitment to remedy this in a revised version of the
self-regulatory framework we are currently discussing. This is not only to
protect minors from unwanted contacts but also to protect their online
reputation. Youngsters do not fully understand the consequences of
disclosing too much of their personal lives online. Education and parental
guidance are necessary, but we need to back these up with protection until
youngsters can make decisions based on full awareness of the consequences,"
said Kroes.

A worrying fact is that even grown-ups are not very aware of how they should
protect their privacy on the online social networks. According to a recent
survey carried out by Harris Interactive on more than 2000 US adult
subjects, almost 70% of users of social networking websites say they're
concerned about security but most of them don't do much to protect
themselves.

Digital Agenda: only two social networking sites protect privacy of minors'
profiles by default (21.06.2011)
http://europa.eu/rapid/pressReleasesAction.do?reference=IP/11/762&format=HTML&aged=0&language=EN&guiLanguage=en

Social network sites fail to protect minors: EU report (21.06.2011)
http://www.reuters.com/article/2011/06/21/us-eu-privacy-socialnetworking-idUSTRE75K42H20110621

Social Networking: Survey finds gaps between user security concerns and
behavior (23.06.2011)
http://www.signonsandiego.com/news/2011/jun/23/social-networking-survey-finds-gaps-between-user-s/

============================================================
11. Recommended Action
============================================================

Norway: Open source code for e-voting system on the Internet (10.06.2011)
http://www.regjeringen.no/en/dep/krd/press/press-releases/2011/open-source-code-for-e-voting-system-on-.html?id=646599
http://www.regjeringen.no/en/dep/krd/prosjekter/e-vote-2011-project/source-code.html?id=645239

============================================================
12. Recommended Reading
============================================================

Proposals for EU Council Decision on signing & conclusion of ACTA
http://bit.ly/me5oh8
http://bit.ly/kDnxjC

Sex, Lies and Cyber-crime Surveys (06.2011)
http://research.microsoft.com/apps/pubs/default.aspx?id=149886

The Entire Internet Under Governmental Censorship In France? (15.06.2011)
http://www.laquadrature.net/en/the-entire-internet-under-governmental-censorship-in-france

Anonymous Blogging with WordPress and Tor guide in Spanish (21.06.2011)
http://advocacy.globalvoicesonline.org/2011/06/21/anonymous-blogging-with-wordpress-and-tor-guide-in-spanish/

Security and Human Behaviour 2011 Workshop 2011 (17-18.06.2011)
http://www.lightbluetouchpaper.org/2011/06/17/security-and-human-behaviour-2011/
http://www.heinz.cmu.edu/~acquisti/shb/participants.htm

CfP 2011 (14-16.06.2011)
http://www.cfp.org/2011/wiki/index.php/Media

============================================================
13. Agenda
============================================================

30 June - 1 July 2011, Berlin, Germany
OKCon 2011 - annual open knowledge conference of the Open Knowledge
Foundation
http://okcon.org/2011

1 July 2011, London, UK
The Power of Open
http://thepowerofopenlondon.eventbrite.com/

5-6 July 2011, Gvttingen, Germany
International Social Networking Summit
Organized by CONSENT consortium
http://consent.law.muni.cz/view.php?cisloclanku=2011050001

11-12 July 2011, Barcelona, Spain
7th International Conference on Internet, Law & Politics (IDP 2011): Net
Neutrality and other challenges for the future of the Internet
http://edcp.uoc.edu/symposia/lang/en/idp2011/?lang=en

24-30 July 2011, Meissen, Germany
European Summer School on Internet Governance 2011
http://www.euro-ssig.eu/

11 October 2011, Brussels, Belgium
ePractice Workshop: Addressing evolving needs for cross-border eGovernment
services
http://www.epractice.eu/en/events/epractice-workshop-cross-border-services

27 - 30 October 2011, Barcelona, Spain
Free Culture Forum 2011
http://fcforum.net/

============================================================
14. About
============================================================

EDRi-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRi has 28 members based or with offices in 18 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge and
awareness through the EDRi-grams.

All contributions, suggestions for content, corrections or agenda-tips are
most welcome. Errors are corrected as soon as possible and are visible on
the EDRi website.

Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 3.0 License. See the full text at
http://creativecommons.org/licenses/by/3.0/

Newsletter editor: Bogdan Manolea <edrigram at edri.org>

Information about EDRI and its members:
http://www.edri.org/

European Digital Rights needs your help in upholding digital rights in the
EU. If you wish to help us promote digital rights, please consider making a
private donation.
http://www.edri.org/about/sponsoring

- EDRI-gram subscription information

subscribe by e-mail
To: edri-news-request at edri.org
Subject: subscribe

You will receive an automated e-mail asking to confirm your request.
Unsubscribe by e-mail
To: edri-news-request at edri.org
Subject: unsubscribe

- EDRI-gram in Macedonian

EDRI-gram is also available partly in Macedonian, with delay. Translations
are provided by Metamorphosis
http://www.metamorphosis.org.mk/edri/2.html

- EDRI-gram in German

EDRI-gram is also available in German, with delay. Translations are provided
Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for
Internet Users
http://www.unwatched.org/

- Newsletter archive

Back issues are available at:
http://www.edri.org/edrigram

- Help
Please ask <edrigram at edri.org> if you have any problems with subscribing or
unsubscribing.

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE





More information about the cypherpunks-legacy mailing list