EDRi-gram newsletter - Number 9.6, 23 March 2011

EDRI-gram newsletter edrigram at edri.org
Wed Mar 23 13:12:02 PDT 2011 

============================================================

       EDRi-gram

biweekly newsletter about digital civil rights in Europe

Number 9.6, 23 March 2011

============================================================
Contents
============================================================

1. French DPA fines Google for its Street View case with 100k Euro
2. The Privacy Platform Meeting: Reding outlines the way forward
3. French ISPs explain why blocking is wrong
4. Belgian political parties suspend plans for IPR enforcement measures
5. Net Neutrality debate kicks off in UK as ISPs propose transparency code
6. Ireland: Police seek internet blocking from ISPs
7. Using new Internet tools to identify dissidents in Azerbaijan
8. Romania: draft legislation proposing website blocking
9. Loppsi 2 bill passes the French Constitutional Council test
10. Dutch court rules that WiFi hacking is legal
11. Privatised online enforcement series: A. Abandonment of the rule of law
12. Recommended Reading
13. Agenda
14. About

============================================================
1. French DPA fines Google for its Street View case with 100k Euro
============================================================

CNIL (the French DPA - Data Protection Authority) has recently performed a
series of inspections related to the conformity with the French legislation
of Google's gathering data from Wi-Fi networks for its Google Maps, Street
View and Latitude services on France's territory.

The inspections have revealed several infringements of the law, including
the collection, through Google's Street View service cars, of WiFi data
without the knowledge of the data subjects and of content-related data such
as IDs, login details, emails and passwords.

In May 2010, CNIL formally notified Google of the infringements and,
as the company had not officially replied, on 17 March 2011, issued a
100 000 Euro fine on the company, the highest fine CNIL has applied since it
received, in 2004, the power to impose financial sanctions.

According to Google, the collection of the respective data was involuntary
and a mistake. "As soon as we realised what was going on, we have
immediately stopped our Street View cars" said Peter Fleischer,
Google's Global Privacy Counsel, who added that all the collected
data can now be deleted.

CNIL confirmed that Google stopped collecting Wi-Fi data through its "Google
cars" and deleted the collected data. However, the DPA believes that
the company has not refrained from using the data without the knowledge of
the data subjects and, moreover, has continued to gather such kind of data,
without informing the data subjects, through users' mobile terminals
connecting to the geo-location service, Latitude (smartphones, etc.).

"They were not always willing to co-operate with us, they didn't give us
all the information we asked for, like the source code of all devices in the
Google cars," said Yann Padova, CNIL's executive director who added: "They
were not always very transparent."

Google may appeal the fine in two months time.

Google Street View: CNIL pronounces a fine of 100,000 Euros (21.03.2011)
http://www.cnil.fr/english/news-and-events/news/article/google-street-view-cnil-pronounces-a-fine-of-100000-euros/

Cnil sanctions the blunder of +Google cars; (only in French, 21.03.2011)
http://www.lefigaro.fr/hightech/2011/03/21/01007-20110321ARTFIG00601-la-cnil-sanctionne-le-derapage-des-google-cars.php

France fines Google over Street View data blunder (21.03.2011)
http://www.bbc.co.uk/news/technology-12809076

EDRi-gram: Google admits it was gathering passwords and emails via
StreetView (3.09.2010)
http://www.edri.org/edrigram/number8.21/street-view-collects-emails

============================================================
2. The Privacy Platform Meeting: Reding outlines the way forward
============================================================

On 16 March 2011, Sophie In't Veld's Privacy Platform met in the European
Parliament to discuss the state of play for the review of the data
protection directive.

The cross-party meeting was co-chaired by EU Parliament members from the
EPP, S&D, ALDE, the Greens and GUE. Speakers at the event included
Vice-President of the Commission responsible for justice, fundamental rights
and citizenship Viviane Reding and Axel Voss, German EPP member responsible
for the Communication on a comprehensive approach to data protection in the
EU in the European Parliament.

Like most meetings which aim to tackle this massive Directive, it was
difficult to narrow discussions and focus on concrete problems or possible
solutions. However, there was an emphasis on fundamental rights from many
speakers.

In her keynote speech, Ms. Reding said that data protection was her "top
legislative priority", while still hinting at the idea that a Regulation
could replace the existing Directive, at least in part. She plans to enhance
control and build individual rights in four pillars:

1. The right to be forgotten. Individuals have the right to withdraw consent
to data processing, and it will be up to the data controllers to prove
the need to collect or retain personal data.

2. Greater transparency. For data subjects, the use, collection and
retention of personal data must be made clear, intelligible, easy to
understand and easy to find. She made particular reference to social
networking services and children.

3. Privacy by default. The term is different from the vaguely defined but
often cited Privacy by Design, which Reding says is more of a technical
solution. "Privacy settings often require considerable operational effort in
order to be put in place," she said, so these settings are not a
reliable indication of true consent, adding that "this needs to be changed".

4. Data protection regardless of data location. The data subject will enjoy
protection, independent of the geographical region where the data is being
collected and processed, without exception for third-party providers.

On enforcement, she cautioned that the EU would not hesitate to take action
against non-EU companies that broke EU rules on the collection and retention
of data. She proposed the establishment of national privacy watchdogs to
investigate non-EU data controllers. She declared that "a US-based social
network company that has millions of active users in Europe needs to comply
with EU rules".

Mr. Voss and Commissioner Reding seemed to have divergent views on data
protection. Where Commissioner Reding understands these rights as
fundamental principles each human being is granted under all circumstances,
Voss often questions how far data protection laws should stretch. This was
particularly apparent when discussing data protection for criminals and
anonymity and pseudonymity on the web.

Ms. In't Veld brought up the "rubber stamping" of consent, urging that the
revised Directive should address this adequately. Commissioner Reding agreed
that consent without choice cannot be considered "consent". Ensuring true
transparency and choice, she explained, is one of the components of Privacy
by Default.

A Dutch Pirate from the audience asked the panel how it planed to
realistically protect the data of EU citizens regardless of geographical
location, citing the request by the US authorities to access the Twitter
data of individuals who may be linked to Julian Assange, the founder of
WikiLeaks. Ms. In't Veld said there would soon be a meeting in the LIBE
Committee to address this issue explicitly.

Mr. Voss' working document will be published and presented in the committee
on 11 April. The vote in the committee will follow on 24 or 25 May, and the
plenary vote on 22 June 2011. In advance of this, the EPP Group in the
European Parliament will hold a hearing on 31 March - the invitation
explains that "nowadays, the debate seems to be narrowly focussed on the
perspective of consumer protection and the safeguarding of a free internet.
We think there is more to discuss!"

As for the finalised version of the Data Protection Directive, the
Commission plans to deliver it sometime in summer of 2011.

EU privacy law will extend to US social networks, vows Commissioner
(17.03.2011)
http://www.out-law.com//default.aspx?page=11824

Commissioner Reding's keynote speech, Your data, your rights: safeguarding
your rights in a
connected world (16.03.2011)
http://europa.eu/rapid/pressReleasesAction.do?reference=SPEECH/11/183&format=HTML&aged=0&language=EN&guiLanguage=en

EPP Hearing invitation
http://www.edri.org/files/epp_hearing.pdf

(contribution by Raegan MacDonald - EDRi)

============================================================
3. French ISPs explain why blocking is wrong
============================================================

The French ISPs are being brought to court by ARJEL (the French online
gambling regulation authority) in its attempt to obtain the blocking of
access to the foreign online betting site 5Dimes.

On 17 March 2011, the court heard seven French ISPs - Orange, SFR,
Numericable, Free, Bouygues Telecom, Darty Telecom and Auchan Telecom - who
resisted Arjel's request to block the online gambling site.

Arjel was created in 2010 and given the authority to require ISPs to
block access to online betting sites alleged infringements of various
regulatory and fiscal obligations. However, ISPs are reluctant to answer
the authority's request to block 5Dimes, arguing that blocking measures are
inefficient. Furthermore, ISPs do not wish to create a dangerous precedent
by blocking a site only at the request of Arjel without a judge's decision.

5Dimes, as well as its hosting company, Costa-Rica based Instituto
Costarricense de Electricidad y Telecom (ICE), have only recently
answered the requests of the authority to apply technical measures to
block access to French users.

During the hearing at the High Court, the operators criticised Arjel's
system and pointed out the inefficiency of the measures by giving the
example of Aaargh site which, "continues to be accessible under 12 or 13
addresses", although in 2005, the High Court of Paris ordered its blocking,
a ruling supported in appeal by the decision of the Cassation Court.

The ISPs also complained about the extremely high penalty requested by Arjel
for non-compliance to its requests - 100 000 Euro/day. In their opinion, the
authority should first act against the ICE that hosts 5Dimes. For Arjel
however, website blocking at the level of ISPs is the easier solution in the
case of a site hosted outside the country.

Indeed, the ICE announced a day before the ISPs hearing, that, in order to
block access to 5Dimes for French users, it would need a decision from a
French court.

ISPs criticize the efficiency of the blocking of online betting sites (only
in French, 18.03.2011)
http://www.numerama.com/magazine/18324-les-fai-critiquent-l-efficacite-du-blocage-des-sites-de-paris-en-ligne.html

Online betting: the operators resists the blocking requests (only in French,
18.03.2011)
http://www.freenews.fr/spip.php?article9977

The Telecom operators rearing against the filtering of the illegal sports
betting sites (only in French, 17.03.2011)
http://www.latribune.fr/technos-medias/medias/20110317trib000608945/les-operateurs-telecoms-arc-boutes-contre-le-filtrage-des-sites-de-paris-sportifs-illegaux.html

============================================================
4. Belgian political parties suspend plans for IPR enforcement measures
============================================================

Following a reported flood of calls and e-mails to the parliamentarians
involved, a campaign by the digital rights group Belgian Net Users' Rights
Protection Association (NURPA) and a series of meetings between the Belgian
political parties and ISPA Belgium, the two main parties supporting
restrictive solutions for intellectual property enforcement for Belgium have
decided to suspend their efforts.

Both the Mouvement Reformateur (MR) and Socialist Party (PS) have decided -
albeit for an unspecified period - to remove their initiatives from the
parliamentary calendar. The MR is proposing Hadopi-like measures while the
PS strategy has been to abandon the rule of law and force Internet service
providers to block internet websites.

The MR and PS now appear to have reached the conclusion that a more
defensible methodology will be to organise a comprehensive review of all of
the issues at stake, including the issue of lack of access to legal content
in the right format and price. This is now seen as preferable to focus
solely on repression, in an environment where large sections of the
population see the legal framework as illegitimate.

The increasing reticence of Belgian politicians on this point may not be
hugely surprising. The initial push came from the outlandish promises made
for HADOPI in France which seduced politicians into believing that this
blunt approach might actually work. In January the Union of Independent
French Phonographic Producers issued a statement that HADOPI had no
perceptible impact on the French market - with market figures exactly in
line with comparable European economies where draconian, repressive measures
were not imposed. It is hardly surprising, therefore, that Belgian
politicians are increasingly reticent to launch a policy which has no
perceptible advantages for anyone and which causes such damage to both
fundamental rights and to the perceived legitimacy of the legal framework
for intellectual property.

The next stages of the process are not yet clear, as it will be heavily
influenced by political developments in the world-record breaking attempts
to form a government. The entire political process in Belgium is struggling
to cope with ongoing political impasse, with two failed elections already
and a third one likely to strike the country any time over the next few
months.

Music: Independant producers want to debate the support measures (only in
French, 18.01.2011)
http://www.leparisien.fr/flash-actualite-culture/musique-les-producteurs-independants-veulent-debattre-de-mesures-de-soutien-18-01-2011-1232806.php

Belgian Net Users' Rights Protection Association
http://www.nurpa.be

ISPA Belgium
http://www.ispa.be

EDRi-gram: Four strikes law returns to Belgium (9.03.2011)
http://www.edri.org/edrigram/number9.5/belgium-four-strikes-law-returns

(Contribution by Joe McNamee - EDRi)

============================================================
5. Net Neutrality debate kicks off in UK as ISPs propose transparency code
============================================================

Minister Ed Vaizey met with Internet service providers, Internet platforms
and citizen groups including the EDRi-member Open Rights Group on 16 March
2011 to discuss network discrimination.

The positive outcome is that Tim Berners-Lee, who was at the meeting, will
work with the ISPs "Broadband Stakeholders Group" on their new code. The
ISPs themselves however did not feel any need to limit their ability to
engage in network discrimination, arguing that market forces would prevent
any serious problems from emerging. Others emphasised the difficulty in
switching services which would limit the ability of the market to correct
itself, and that mobile broadband suffered severe problems with little sign
that anti-competitive behaviour was about to change.

Ed Vaizey's Net neutrality roundtable with Tim Berners Lee (16.03.2011)
http://www.openrightsgroup.org/blog/2011/ed-vaizey%E2%80%99s-net-neutrality-roundtable

(Contribution by Jim Killock -EDRi member Open Rights Group - UK)

============================================================
6. Ireland: Police seek internet blocking from ISPs
============================================================

A leaked letter from the Irish police force to ISPs has revealed demands
that Irish ISPs should implement internet blocking. The letter - dated
December 2010 but made publicly available only now - shows that Irish police
have requested ISPs to implement a system of blocking with no legislative
basis or judicial oversight, in which sites alleged to contain child
pornography will be designated by the police.

In a particularly worrying development, the letter also reveals police
demands that the proposed system should be used as a surveillance tool, so
that the police "would obtain details of other sites visited by the user,
along with other technical details, in order that [they] can identify any
new websites that require blocking".

Irish ISPs have been critical of this initiative and see it as an attempt to
bypass industry bodies such as the ISPAI by putting pressure directly on
individual ISPs:

"ISPs are concerned that this is a unilateral action by Garda with no
legislative basis. At least one ISP has told the Garda that negotiation
about the system should be done with a representative body such as telecoms
group Alternative Operators in the Communications Market (Alto) or the
Internet Service Providers Association of Ireland rather than dealing with
individual service providers."

Digital Rights Ireland has also criticised the move as promoting a failed
model of blocking which has been shown by experience elsewhere to be
ineffective, while at the same time acting as a distraction from attempts to
remove material at source. It has also argued that any attempt to introduce
such a model in Ireland would require - at a minimum - primary legislation
and judicial oversight.

Garda bid to block sites raises concerns (18.03.2011)
http://www.irishtimes.com/newspaper/finance/2011/0318/1224292505133.html

Leaked letter from Gardai (police) to Irish ISPs (28.12.2010)
http://www.scribd.com/doc/51018185/Garda-Letter-to-ISPs-Requesting-Blocking

EDRi-gram: Internet blocking plans in Ireland (21.04.2010)
http://www.edri.org/edrigram/number8.8/internet-blocking-ireland-plans

(Contribution by TJ McIntyre EDRi-member Digital Rights Ireland)

============================================================
7. Using new Internet tools to identify dissidents in Azerbaijan
============================================================

As freedom activists have increased their activity on Facebook, the Azeri
government has also increased its attention and surveillance of social
networks. According to Azadliq newspaper, for instance, in June 2010,
pro-government youth were encouraged to join Facebook with the purpose to
expose those with online links to contacts in "enemy" nations.

According to the international hacking group Anonymous, Virginia-based
consulting company Booz Allen Hamilton is developing software that is used
against dissidents in several countries, including Azerbaijan. The group,
which claims it holds documents and e-mails to prove its allegations, states
the respective software, which has led to the arrest of pro-democracy
dissidents in Azerbaijan, creates "armies of fake people" through social
networks like Facebook, identifying dissidents with anonymous profiles.

"We know the U.S. Air Force and the Pentagon asked for it, we do know that
Booz Allen and Aaron Barr (of HBGary) bid for the contract, we've got
confirmation from Booz Allen themselves that the software exists" stated one
member of Anonymous.

The software has at its basis a proposal from the Office of Air Mobility
Command of the U.S. Air Force, asking for 50 user licenses for software that
would allow 10 personas per user. The US Central Command (Centcom),
which oversees US armed operations in the Middle East and Central Asia, has
contracted such software. The contract stipulates that each fake online
persona must have a convincing background, history and supporting details,
and that the 50 US-based controllers should be able to operate false
identities from their workstations "without fear of being discovered by
sophisticated adversaries".

"The technology supports classified blogging activities on foreign-language
websites to enable Centcom to counter violent extremist and enemy propaganda
outside the US," stated Centcom spokesman Commander Bill Speaks who added
that the interventions would not be in English but in Arabic, Farsi, Urdu
and Pashto. Further, the project was not targeting any US-based web sites,
in English or any other language, and most specifically, was not targeting
Facebook or Twitter.

Whether Anonymous' allegations related to software used to track down
dissidents in various countries is true or not, the fact that the US
military is developing false online personalities is extremely disturbing
and could create a dangerous precedent. Other governments, private companies
and non-government organisations might wish to do the same. And, while in
the US persona management is illegal, there are other countries where such
procedures might not be forbidden by the law.

Azerbaijan: Anonymous says Big Brother might be watching you (19.03.2011)
http://advocacy.globalvoicesonline.org/2011/03/19/azerbaijan-anonymous-says-big-brother-might-be-watching-you/

Anonymous To Release Documents Showing 'Virtual Armies' Used To Identify
Dissidents (16.03.2011)
http://blogs.forbes.com/parmyolson/2011/03/16/anonymous-to-release-documents-showing-virtual-armies-used-to-identify-dissidents/

Revealed: US spy operation that manipulates social media (17.03.2011)
http://www.guardian.co.uk/technology/2011/mar/17/us-spy-operation-social-networks

============================================================
8. Romania: draft legislation proposing website blocking
============================================================

Some ministries in the Romanian government seem to ignore or not even
consider the arguments against Internet blocking, as they are proposing new
legislation meant to allow enforcement authorities to impose blocking
obligations on Internet service providers.

One draft law initiated by the Government and currently debated within the
Parliament is aimed at reviewing the existing legislation on pornography.
While the law in force stipulates that the persons creating pornographic
websites may allow access to these websites only after users pay "a tax per
minute of usage" (while in reality there is no such a tax foreseen by
fiscal authorities), the draft law introduces new obligations: a warning
regarding the content must be placed on the website's home page or
a verification of the age of the potential users.

The draft law gives the competent authority (the Ministry of Communications
and Information Society) the mandate to control the enforcement of the
obligations imposed by law, and, in case of non-compliance, to require
service providers to block access to the websites or content for a
period of up to 30 days. Providers would have to implement the blocking
measure within two days following the request of the authority. The Ministry
that initiated the project did not reply to any comments on the draft law
and refused to take into consideration the only implementation of the law in
force, when in December 2008, ISPs were asked to block 40 allegedly illegal
websites. The blocking order was sent to only 5-6 ISPs out of the almost
1000 on the market, where the authority implementing the law by claiming
that they had already covered 90% of the
Internet access market.

Besides the fact that the idea of a tax per minute of usage is practically
irrelevant for any Internet service, the draft law contains many other
flaws. Firstly, it is not clear to what type of service providers the
blocking obligation would apply to, since there are many similar terms used
in the law: "service providers as defined by the Romanian law on electronic
commerce" (i.e. information society service providers), "providers of
services for Internet", "service provider". Secondly, although the competent
authority is able to request providers to block access to websites or to
content, sanctions would be imposed only if they do not comply with the
request to block access to websites. Thirdly, there is a provision according
to which service providers would be held responsible if they offer links to
pornographic websites. This provision is not only confusing, since it does
not specify the type of service providers it refers to, but also redundant
since a similar provision already exists in the E-commerce law.

The "web blocking solution" is also included in another draft law, a
Governmental decision regarding the organisation and operation of gambling
websites. According to this draft decision, the competent bodies would be
able to require Internet providers to block websites identified as
being used to provide access to unlicensed gambling sites or to market
activities regarding gambling sites or related activities and services that
are not authorized under Romanian law. However the law does not provide any
obligation (or sanction) for the ISPs to comply with that decision. This
draft decision, which was never discussed with the ISPs, is only a secondary
legislation that should only implement a law (OUG 77/2009), which, again,
does not foresee blocking as a possible measure or any obligations for ISPs.

What the two draft legal acts have in common is a misunderstanding while
the Internet industry and human rights organisations were never consulted on
the matter- that website blocking is either the only, or the most
efficient solution for dealing with problems related to the illegal
activities undertaken via websites.

The measure to block websites is even more ludicrous when Romania has no
legal or practical system in place for blocking illegal content (i.e. child
pornography) and the Ministry of Justice representatives rejected this
measure in the European Council. However the measure could be adopted for
legal, but harmful content (such as pornography).

Websites blocking measures to be adopted in Romania (only in
Romanian,18.03.2011)
http://www.apti.ro/blocare-site-uri-web

EDRi-gram: Romanian Authority asks ISPs to block 40 pornographic websites
(17.12.2008)
http://www.edri.org/edri-gram/number6.24/anc-blocks-isp-pornography-romania

Stop(ped) web blocking (14.02.2011)
http://www.edri.org/stop_web_blocking

(Contribution by Sorina Teleanu - EDRi-member ApTI - Romania)

============================================================
9. Loppsi 2 bill passes the French Constitutional Council test
============================================================

On 10 March 2011, the French Constitutional Council issued its decision on
the LOPPSI 2 law considering 13 of its articles as unconstitutional but
ruling that the controversial article 4, allowing the censoring of the
Internet under the pretext of fighting child pornography, was not in
contradiction with the Constitution.

The court failed to protect freedom of expression by not striking out
the infamous article 4 presented in the noble light of the fight against
online child pornography: "This decision about article 4 is a great
disappointment. It is obvious that Internet censorship will not help solve
the child pornography problem in any way, as experiments in other countries
have shown. After HADOPI's Internet access suspension measures, calls to
ban WikiLeaks hosting and recent talks against Net Neutrality, France is
siding ever more within the group of countries hostile to a free Internet by
adopting administrative filtering of the Internet", stated Jirimie
Zimmermann, co-founder and spokesperson for La Quadrature du Net.

According to Filix Triguer, policy and legal analyst of La Quadrature du
Net, the hope now lies in the hands of the European institutions. "The EU
Parliament is currently trying to supervise blocking measures adopted at the
national level, which could impede their implementation in France. Moreover,
administrative Net filtering seems contrary to the European Convention on
Human Rights, and one can expect an appeal before European judges"

Having in view the censoring legislation it has lately adopted, such as
Hadopi and Loppsi 2 laws which introduce Internet blocking and excessive
surveillance measures, France has found its place on the list of countries
with a high level of surveillance, as determined by Reporters without
Borders.

The Loppsi 2 law was promulgated by the French President and published in
the Official Journal on 15 March 2011.

Loppsi 2 promulgated (only in French, 15.03.2011)
http://www.lefigaro.fr/flash-actu/2011/03/15/97001-20110315FILWWW00311-loisecurite-interieure-promulgation.php

Decision no. 2011-625 DC of the Constitutional Council on the Law of
orientation and programming for the interior security performance (only in
French, 10.03.2011)
http://www.conseil-constitutionnel.fr/conseil-constitutionnel/francais/les-decisions/acces-par-date/decisions-depuis-1959/2011/2011-625-dc/decision-n-2011-625-dc-du-10-mars-2011.94924.html

Text of the Loppsi 2 (only in French, 15.03.2011)
http://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT000023707312&fastPos=1&fastReqId=1447818568&categorieLien=id&oldAction=rechTexte

French Constitutional Council Validates Internet Censorship (11.03.2011)
http://www.laquadrature.net/en/french-constitutional-council-validates-internet-censorship

France the enemy of the Internet? No, but a country to survey according to
RSF (only in France, 14.03.2011)
http://www.zdnet.fr/actualites/la-france-ennemie-d-internet-non-mais-pays-a-surveiller-selon-rsf-39758987.htm

World day against cyber-censorship (12.03.2011)
http://march12.rsf.org/en/

France: Loppsi 2 adopted - Internet filtering without court order
(23.02.2011)
http://www.edri.org/edrigram/number9.4/web-blocking-adopted-france-loppsi-2

============================================================
10. Dutch court rules that WiFi hacking is legal
============================================================

A Dutch court in The Hague has recently ruled that by-passing an
encrypted router and using its WiFi connection does not infringe Dutch
law.

The decision of the court comes in relation to the case of a young man
having posted a threat on an Internet message board by using a WiFi
connection he had hacked into. Although the student was convicted for
posting the threatening message and sentenced to 20 hours of community
service, he was acquitted of the WiFi hacking charges.

The court considered that the student had not obtained access to the
computer connected to the router, but only used the router which, in the
terms of Dutch legislation, is legal as only breaking into a computer is
forbidden.

In The Netherlands, a computer is defined as a machine that is used for data
storage, processing and transmission. Therefore, a router cannot be
considered a computer because it is only used for data transferring or
processing and not storing. Hence, hacking a device that is not a computer
is legal and cannot be prosecuted in the court of law..

Therefore, actions such as piggybacking on open Wi-Fi networks in places
such as bars and hotels, which in some countries is considered illegal and
can be fined, cannot, according to the Dutch court decision, be prosecuted
in The Netherlands.

The Dutch Attorney General has appealed the verdict and the High Court
of The Netherlands will review the case within two years to
rule on whether a router can be defined as a computer under Dutch law.
It is also possible that the law might be updated in the meantime.

Dutch Court Rules WiFi Hacking Is Now Legal (19.03.2011)
http://www.pcworld.com/article/222589/dutch_court_rules_wifi_hacking_is_now_legal.html

Judge: wifi hacking network of neighbors may be done (only in Dutch,
14.03.2011)
http://webwereld.nl/nieuws/106024/rechter--wifi-netwerk-van-de-buren-hacken-mag.html

============================================================
11. Privatised online enforcement series: A. Abandonment of the rule of law
============================================================

This is the first in a series of articles looking at the development of
processes for cajoling, obliging or coercing online economic operators to
police the Internet. This first article examines the scale of this trend.

Most western democracies either actively or passively recognise that they
are based on the "rule of law" and protection of fundamental rights is
normally provided within this framework.

In the EU, for example, the rule of law is affirmed four times in the Treaty
on European Union. It is "confirmed" in the preamble of the Treaty and
restated in Article 6. The EU also places an obligation on itself to
contribute to the objective of consolidating "democracy and the rule of law"
in its development policy (Article 177) and common foreign and security
policy (Article 11). Furthermore, the European Convention on Fundamental
Rights and the Charter of Fundamental Rights place obligations on EU Member
States and on the Commission (ratification of the ECHR is pending) that
restrictions to freedoms must be based on law. The 2003 Interinstitutional
Agreement on better lawmaking which was agreed between the Commission,
Parliament and Council further requires in Article 17 that self-regulation
must respect criteria of representativeness of the parties involved and
"will not be applicable where fundamental rights or important political
options are at stake".

All of these obligations have not prevented the European Commission from:

- Launching a "dialogue" with industry on filesharing, which included
proposals from the European Commission on "voluntary" mass filtering of
networks by ISPs;

- Launching a "dialogue" with industry on "voluntary" deletion of websites
accused of containing unlawful material (unless the Internet provider is
convinced the site is legal);

- Launching a dialogue on punishments to be meted out by online trading
platforms against traders accused of counterfeiting;

- Launching a funding proposal for "self-regulatory" blocking of websites
accused of containing illegal content;

- Agreeing on a text promoting online policing of copyright by Internet
providers in the Anti-Counterfeiting Trade Agreement;

- Launching a dialogue with the US Federal Bureau of Investigations on
"voluntary" deletion of websites and removal of IP address from ISPs abroad;

- Promoting a reduction in privacy in favour of intellectual property rights
in the Commission Communication on enforcement of intellectual property
rights;

- Agreeing on a global filtering of mobile Internet access with European GSM
Operators, in the absence of an identified problem and, in the three years
since the agreement was reached, any assessment of its impact;

- Agreeing on a text in the EU/Korea Free Trade Agreement which risks
removing core aspects of ISP liability safe harbours, increasing the
liklihood of ISPs feeling the need to take pre-emptive punitive measures
against consumers suspected of illegal activity;

- Financially supporting an initiative to block funding to websites accused
of illegal activity (the model used by Mastercard to block funding to
Wikileaks and by Visa to block funding to websites accused of facilitating
copyright infringement).

In addition, there are other projects elsewhere in the world and globally,
such as the US-led "trans-pacific partnership" and the OECD project on the
role of ISPs in achieving public policy objectives.

In the next instalment of this series, we will look at some case studies of
existing privatised enforcement measures to assess the dangers of these
projects.

2003 Interinstitutional Agreement:
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:C:2003:321:0001:0005:EN:PDF

Treaty on European Union:
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:C:2006:321E:0001:0331:EN:PDF

European Convention on Human Rights:
http://www.hri.org/docs/ECHR50.html

Charter of Fundamental Rights:
http://www.hri.org/docs/ECHR50.html

Dialogue on dissemination of illegal online content:
http://www.edri.org/edrigram/number8.15/edri-euroispa-notice-takedown-comission

Filesharing project:
http://www.euractiv.com/en/infosociety/eu-secret-talks-illegal-downloads-news-501715

ACTA consolidated text:
http://www.mofa.go.jp/policy/economy/i_property/acta_consolidated_text_101006.pdf

Commission funding proposal:
http://ec.europa.eu/home-affairs/funding/isec/call_10132/tc2_call_2010_en.pdf

IPR Enforcement Directive Communication:
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:52010DC0779:EN:NOT

Mobile blocking of allegedly illegal content:
http://ec.europa.eu/information_society/activities/sip/events/forum/forum_june_2006/index_en.htm

OECD project on ISPs and public policy objectives:
http://www.oecd.org/dataoecd/8/59/45997042.pdf

Charter of fundamental rights:
http://www.europarl.europa.eu/charter/pdf/text_en.pdf

EDRi study on "self-regulation":
http://www.edri.org/files/EDRI_selfreg_final_20110124.pdf

Trans-pacific partnership:
http://arstechnica.com/tech-policy/news/2011/03/son-of-acta-meet-the-next-secret-copyright-treaty.ars

OECD project:
http://www.oecd.org/dataoecd/8/59/45997042.pdf

Blocking of payments:
http://europa.eu/rapid/pressReleasesAction.do?reference=IP/09/342

EU/Korea Free Trade Agreement:
http://trade.ec.europa.eu/doclib/press/index.cfm?id=443

(Contributon by Joe McNamee - EDRi)

============================================================
12. Recommended Reading
============================================================

Media Piracy in Emerging Economies is the first independent, large-scale
study of music, film and software piracy in emerging economies, with a focus
on Brazil, India, Russia, South Africa, Mexico and Bolivia.
http://piracy.ssrc.org/about-the-report/

German statistics prove telecommunications data retention superfluous
(21.03.2011)
http://www.vorratsdatenspeicherung.de/content/view/435/79/lang,en/

============================================================
13. Agenda
============================================================

27-29 March 2011, Ghent, Belgium
Online content: policy and regulation for a global market
http://www.eurocpr.org/

28 March 2011, Paris, France
5th European eAccessbility Forum: Benefits and costs of e-accessibility
http://inova.snv.jussieu.fr/evenements/colloques/colloques/70_index_en.html

1 April 2011, Bielefeld, Germany
Big Brother Awards Germany
http://www.bigbrotherawards.de/index_html-en

7-8 April 2011, Amsterdam, Netherlands
European Legal Network Conference "Free Software law for the next ten years"
http://fsfe.org/projects/ftf/legal-conference.en.html

15-17 April 2011, Berlin, Germany
Re:publica XI: Conference about blogs, social media and the digital society
http://re-publica.de/11/en/

5-6 May 2011, Milano, Italy
The European Thematic Network on Legal Aspects of Public Sector
Information - public conference
http://www.lapsi-project.eu/milan

17-18 May 2011, Berlin Germany
European Data Protection Reform & International Data Protection Compliance
http://www.edpd-conference.com

30-31 May 2011, Belgrade, Serbia
Pan-European dialogue on Internet governance (EuroDIG)
http://www.eurodig.org/

2-3 June 2011, Krakow, Poland
4th International Conference on Multimedia, Communication, Services and
Security organized by AGH in the scope of and under the auspices of INDECT
project
http://mcss2011.indect-project.eu/

12-15 June 2011, Bled, Slovenia
24th Bled eConference, eFuture: Creating Solutions for the Individual,
Organisations and Society
http://www.bledconference.org/index.php/eConference/2011

14-16 June 2011, Washington DC, USA
CFP 2011 - Computers, Freedom & Privacy
"The Future is Now"
http://www.cfp.org/2011/wiki/index.php/Main_Page

11-12 July 2011, Barcelona, Spain
7th International Conference on Internet, Law & Politics (IDP 2011): Net
Neutrality and other challenges for the future of the Internet
http://edcp.uoc.edu/symposia/lang/en/idp2011/?lang=en

============================================================
14. About
============================================================

EDRi-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRi has 29 members based or with offices in 18 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge and
awareness through the EDRi-grams.

All contributions, suggestions for content, corrections or agenda-tips are
most welcome. Errors are corrected as soon as possible and are visible on
the EDRi website.

Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 3.0 License. See the full text at
http://creativecommons.org/licenses/by/3.0/

Newsletter editor: Bogdan Manolea <edrigram at edri.org>

Information about EDRI and its members:
http://www.edri.org/

European Digital Rights needs your help in upholding digital rights in the
EU. If you wish to help us promote digital rights, please consider making a
private donation.
http://www.edri.org/about/sponsoring

- EDRI-gram subscription information

subscribe by e-mail
To: edri-news-request at edri.org
Subject: subscribe

You will receive an automated e-mail asking to confirm your request.
Unsubscribe by e-mail
To: edri-news-request at edri.org
Subject: unsubscribe

- EDRI-gram in Macedonian

EDRI-gram is also available partly in Macedonian, with delay. Translations
are provided by Metamorphosis
http://www.metamorphosis.org.mk/edri/2.html

- EDRI-gram in German

EDRI-gram is also available in German, with delay. Translations are provided
Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for
Internet Users
http://www.unwatched.org/

- Newsletter archive

Back issues are available at:
http://www.edri.org/edrigram

- Help
Please ask <edrigram at edri.org> if you have any problems with subscribing or
unsubscribing.

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the cypherpunks-legacy mailing list