EDRi-gram newsletter - Number 10.12, 20 June 2012
EDRi-gram
edrigram at edri.org
Wed Jun 20 11:48:00 PDT 2012
=======================================================================
EDRi-gram
biweekly newsletter about digital civil rights in Europe
Number 10.12, 20 June 2012
=======================================================================
Contents
=======================================================================
1. The rise of the European upload filter
2. Austria: Data retention petition ignored by the Parliament
3. Google Transparency report: increasing trend of government censorship
4. German news article removed from search results after DMCA complaint
5. Article 29 WPb�s opinion on the cookie exemptions
6. UK websites might have to identify b�trollsb�
7. Spanish Supreme Court says Google is not breaching copyright
8. Googleb�s Street View privacy breach again in the public eye
9. Prague ICANN meeting to discuss Whois data
10. Culture: Global changes in production and consumption
11. ENDitorial: Data retention - faint heart never won fair lady
12. Recommended Reading
13. Agenda
14. About
=======================================================================
1. The rise of the European upload filter
=======================================================================
In 2011, the European Union decided against the introduction of
mandatory filtering in Europe, because a democratic analysis of the
evidence showed that this was not necessary. In 2012, the European Union
is working on a variety of projects to introduce b�voluntaryb� upload
filters and, because they would be introduced on a so-called b�voluntaryb�
basis, there will be no democratic analysis.
There are at least three different initiatives currently underway with
this target. Firstly, Commissioner Kroes' b�CEO Coalitionb�. As previously
mentioned in the EDRi-gram, this initiative involves the Commission
inviting big business to propose measures that will make the Internet a
b�safer place for childrenb�. The fact that Facebook is in charge of
privacy settings and Microsoft is in charge of b�notice and takedownb�
appears to raise no concerns about the process being instrumentalised
for business purposes.
Microsoft's history in b�notice and takedownb� is hardly exemplary. Recent
cases showing that Microsoft, using Google's global application of US
copyright law, has repeatedly demanded that Google removes links from
its search results b� links which remain available on Microsoft's own
search engine. Microsoft, on the other hand, has also developed a
product called b�photoDNA,b� used by Facebook UK as an upload filter to
prevent known child abuse material being added to their site. What
happens when somebody tries to do this? Nobody knows. What happens if a
criminal tries to upload innocent parts of images as a way of filtering
his/her own collection of illegal images to identify images unknown to
the police? We don't know. How big is the risk that this could lead to
incentives to creating new illegal images and new abuse? We don't know.
In the same vein, the b�Safer Internet Programme 2012b� announced that one
of its strategies was to b�develop a pilot test for trusted hash code /
fingerprint series for preventing re-uploading of identified child
sexual abuse materialb�. Remarkably, the Commission's proposal includes
an explicit reference to PhotoDNA, Microsoft's product. The plan is also
to extend beyond photographic material and cover videos.
Finally, the European Parliament is currently working on a
non-legislative resolution on b�the protection of minors in the digital
world,b� with Silvia Costa (S&D, Italy) as MEP in charge. Neither her
draft report nor any of the amendments make a reference to filtering of
any kind. However, the text, largely (as it seems reasonable to assume)
donated by the child protection industry, is replete with references to
b�preventingb� various online activities, without any discussions in the
Parliament about filtering uploads to the Internet. The draft report
also masterfully confuses illegal content with unspecified b�unsuitableb�
content arguing that b�measures to prevent illegal online content lead to
differing approaches to the prevention of unsuitable conduct".
But one can't really oppose the use of such a far-reaching strategy for
child protection. If it protects children, why ask questions about
whether there will be unforeseen or even counter-productive
consequences? Why ask questions about whether this is the most effective
use of resources? Why ask for democratic oversight or evidence of
usefulness? And, of course, nobody would be so cynical as to re-use the
technology for any other purpose, would they?
Well, apart from terrorism, of course. The EU-funded b�Clean ITb� (not to
be confused with the Iranian b�clean Internetb�) project is proposing the
creation of a database of content b�consideredb� illegal. b�Why not try and
create a database where internet companies can check it to see if it's
known illegal materialb� asks the project manager? And if it protects
society, why ask questions about whether there will be unforeseen or
even counter-productive consequences? And all of the questions that are
not asked about upload filters for child abuse material are not asked
again in relation to terrorism.
Well, apart from copyright, of course. The European Commission's report
from 2010 on the application of the IPR Enforcement Directive argues
that, b�given intermediaries' favourable position to contribute to the
prevention and termination of online infringements, the Commission could
explore how to involve them more closely.b�
Safer Internet Programme
http://ec.europa.eu/information_society/activities/sip/docs/call_2012/work_programme_final.pdf
IPR Enforcement Directive
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2010:0779:FIN:EN:PDF
Draft European Parliament report on protection of minors (2.04.2012)
http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE486.198
Clean IT project considers terrorist content database (6.06.2012)
http://www.itnews.com.au/News/303729,clean-it-project-considers-terrorist-content-database.aspx
Busted: Microsoft Harbors BitTorrent Pirates (27.05.2012)
http://torrentfreak.com/busted-microsoft-harbors-bittorrent-pirates-120527/
Facebook & PhotoDNA (19.05.2011)
http://blogs.technet.com/b/microsoft_on_the_issues/archive/2011/05/19/facebook-to-use-microsoft-s-photodna-technology-to-combat-child-exploitation.aspx
(Contribution by Joe McNamee - EDRi)
=======================================================================
2. Austria: Data retention petition ignored by the Parliament
=======================================================================
The Austrian Working Group on Data Retention counters the lack of
responsiveness to citizens' political participation with even more
participation.
Albeit gaining support of over 100 000 citizens, the Austrian citizens'
petition against data retention has been deferred to the Parliament
Justice Committee by the Petition Committee. The Austrian working group
on data retention (AKVorrat.at) has decided to change pace in the
campaign and asks its supporters to contact the representatives in the
justice committee, to ensure that their concerns are taken seriously.
In October 2011, the Austrian working group on data retention
(AKVorrat.at) started a petition, called citizens' initiative, asking
the Austrian government to oppose the EU data retention directive and to
evaluate all laws created with the aim to fight terrorism. In December,
the initiative was passed to the Parliament with more than 4400
supporters. Since mid-December the initiative could be signed online and
reached a total of 106 067 supporters until 30 May 2012.
The Petition Committee of the Austrian Parliament dealt with the issue
twice: in March and on 30 May 2012. Both times their schedule allowed
only less than 5 minutes to deal with the initiative and its consequences.
In March 2012, the Committee decided to ask three ministries (Justice,
Interior and Infrastructure) as well as the Chancellor's office for
statements. All ministries' statements clearly missed the point by
stating that Austria had to implement data retention because of the Data
Retention Directive of the European Parliament and of the Council. These
statements are quite surprising as one of the key demands of the
initiative is that the Austrian government should act within the
European Union to abolish the Data Retention Directive. The other main
demand - the evaluation of laws designed to fight terrorism - was
completely ignored.
In the second meeting, there was no reaction to the statements and the
initiative was passed on to the Justice Committee.
AKVorrat.at reacted quickly: "After being astonished initially by the
brief treatment in the petition committee a new campaign was kicked off.
Since the citizens' initiative can no longer be signed the new campaign
asks all the supporters to contact the representatives in the justice
committee to ensure proper treatment of the demands supported by more
than 100,000 citizens. To date it is unclear how and when the initiative
will be discussed in the committee. Nevertheless, the activists of
AKVorrat.at are determined to maintain data retention as one of the hot
topics in Austrian politics."
Austrian Parliament - Citizens' initiative - Stop Data retention (only
in German)
http://www.parlament.gv.at/PAKT/VHG/XXIV/BI/BI_00037/index.shtml
AK Vorrat Austria campaign against data retention (only in German)
https://zeichnemit.at
(Contribution by AK Vorrat - Austria)
=======================================================================
3. Google Transparency report: increasing trend of government censorship
=======================================================================
According to Googleb�s latest bi-annual transparency report covering the
July-December 2011 period, the number of governmental requests for
usersb� private data and content taking down has continued to grow.
The report shows the situation for each country separately and refers to
the requests received from judiciary and executive power authorities,
the request for content removal related to copyright infringements being
dealt with separately.
Thus, the total number of requests has reached 11 936 in the second half
of 2011 as compared with 9 600 in the same period in 2010 and 8 959 in
the second half of 2009.
The Spanish Data Protection Agency, for instance, has made 14 requests
for content removal, most of them related to results leading to blogs or
websites that referred to political or public people. The agency has
also requested the elimination of three blogs hosted by Blogger and 3
video clips from YouTube. Google has however refused to comply with
the requests which had no court support, considering them as
governmental censorship.
In Poland the Agency for Development of Businesses had demanded the
search engine to delete a search result that was not favourable to the
Agency and 8 other links that were pointing to this result.
In France, the state demanded the deletion of 61 content pieces by 31
requests, most of them for defamatory content or pornography on YouTube.
Googleb�s report is giving the number of requests the company complied
with or rejected making a distinction between the judicial requests and
the administrative ones. b�There are several reasons why we do not comply
with certain requests. Some of them may be specific enough so that we
may know what the government wants us to suppressb�.
Google policy analyst Dorothy Chou has stated for Forbes that Google
requires certain criteria for the requests. These must be submitted in a
written form, have to come from an appropriate agency, must cite a
criminal case and have to be narrow enough regarding the number of users
that they affect and the time frame of data that is requested. b�We want
to show that web�re advocating on your behalf. But we also want to do
right by the spirit and letter of the law,b� says Chou.
Google considers as alarming the fact that even countries considered
democratic, such as Spain, France, Poland, UK, US or Canada have
increased their requests related to political expressions.
b�We noticed that government agencies from different countries would
sometimes ask us to remove political content that our users had posted
on our services. We hoped this was an aberration. But now we know itb�s
not. Just like every other time before, web�ve been asked to take down
political speech. Itb�s alarming not only because free expression is at
risk, but because some of these requests come from countries you might
not suspectb�Western democracies not typically associated with
censorship,b� stated Chou.
Google Transparency Report for July-December 2011
http://www.google.com/transparencyreport/removals/government/
Google denounces an alarming level of governmental censorship (only in
French, 18.06.2012)
http://www.numerama.com/magazine/22912-google-denonce-un-niveau-alarmant-de-censure-gouvernementale.html
Google refuses the removal of the links that the Protection of Data
requires (only in Spanish, 18.06.2012)
http://tecnologia.elpais.com/tecnologia/2012/06/18/actualidad/1339999915_714909.html
U.S. Government Requests For Google Users' Private Data Jump 37% In One
Year (17.06.2012)
http://www.forbes.com/sites/andygreenberg/2012/06/17/u-s-government-
requests-for-google-users-private-data-spike-37-in-one-year/
=======================================================================
4. German news article removed from search results after DMCA complaint
=======================================================================
European procedures for the removal of online content that is judged or
accused of being illegal currently depend on the interpretation of the
e-Commerce Directive by Member States and private companies. This means
that whenever sites, blog posts, images or comments on the internet are
accused of being illegal, procedures implementing this Directive are not
clear, not harmonised and lead to legal uncertainty. Internet service
and hosting providers risk liability for the content of their customers
once they have b�actual knowledgeb� of its illegality or, possibly, just
its existence, and do not remove the content 'expeditiously'. It is
however very foggy what b�actual knowledgeb� or b�expeditiousb� means and
what the requirements for a valid notice can be. Any lack of clarity
leads almost automatically to the undermining of fundamental freedoms
and the due process of law, because online companies will seek to defend
themselves by deleting any content that creates a legal risk for them.
In the US, service and hosting providers can maintain their immunity via
the so-called Digital Millennium Copyright Act (DMCA). Under these safe
harbour protections, they cannot be held responsible for material that
has been posted in breach of copyright. However, as soon as they receive
a notification meeting certain conditions, they need to remove it from
their services. Even though it can be argued that the structured US
system is more predictable than the current European approach, it also
has major flaws.
Google's latest transparency report, which focuses on the takedowns for
search links, has revealed how absurd some requests are. Microsoft for
instance has requested the removal of over 2.5 million URLs. The sheer
volume means that the complaints procedure is mainly or fully automatic,
with Google and other recipients of the "notices" automatically deleting
the information in question. On the basis of DMCA complaints, Google
also deletes sites from global search results b� with no concern for
whether the content is legal outside the U S.
For example, on 6 June 2012, Microsoft sent a DMCA takedown notice to
Google regarding an article about Windows 8 published by the German
IT-news platform Heise. The link to the article was removed without
questioning the validity of the complaint. It was removed without even
asking if the content would be legal in Germany. And it was removed
without any consultation with the author of the article.
Heise staff noticed accidentally that the link was removed only after
finding the DMCA report on their Webmaster Tools service. The German
publisher immediately sent a counter-notice which however implied that
the counter-notifier gives its consent that the legal competent
authority is the District Court of Santa Clara County in California b�
despite the fact that the affected company, blog, news platform or
website owner is based in Europe. The initial notifying party then has
10 working days to react to the counter-notice. During this period, the
website will still not appear in search results. According to Google's
DMCA report received by Heise, it can take up to 11 hours to remove
links from its search result upon receipt of a DMCA takedown request.
However, it can take several weeks until a takedown is reported by the
collaborative archive Chilling Effects Clearinghouse (chillingeffects.org).
This recent example shows that the DMCA is, despite being more
predictable than the European system, a process in which a website is
first shut down and only then questions are being asked with regards to
the legality of the content. In the US and elsewhere, the application of
the DMCA has led to the deletion of speech content without warning in
numerous cases.
In Europe, it is now essential to establish a differentiated approach,
procedures that are transparent and allow for due process to avoid void,
accidental and deliberate abuse leading to the take down of legitimate,
non-infringing content and to ensure the functioning of the Digital
Single Market.
With the aim to establish a framework and to provide guidance on
European notice and takedown procedures, the EU Commission has just
launched a public consultation in order to clarify the implementation of
the e-Commerce Directive by the end of this year. All stakeholders and
interested individuals are invited to reply to the public consultation
and to provide the Commission with input before 5 September.
Microsoft asked to delete Heise article from Google search results (only
in German, 8.06.2012)
http://www.heise.de/newsticker/meldung/Microsoft-liess-Heise-Meldung-aus-Google-Suchergebnissen-loeschen-1614082.html
Google's Transparency Report on takedown requests
http://www.google.com/transparencyreport/removals/copyright/
RIAA Demands Unlimited DMCA Power From Google (2.06.2012)
http://torrentfreak.com/riaa-demands-unlimited-dmca-power-from-google-120502/
European Commission consultation questionnaire - A clean and open
Internet: Public consultation on procedures for notifying and acting on
illegal content hosted by online intermediaries
Deadline: 5 September 2012
http://ec.europa.eu/yourvoice/ipm/forms/dispatch?form=noticeandaction
(Contribution by Kirsten Fiedler - EDRi)
=======================================================================
5. Article 29 WPb�s opinion on the cookie exemptions
=======================================================================
On 12 June 2012, the Article 29 Working Party (WP 29) published an
opinion on the issue, focusing on two exemption criteria established by
the new cookie-related provisions in the ePrivacy Directive:
A- the use of the cookie b�for the sole purpose of carrying out the
transmission of a communication over an electronic communications
networkb� and
B - the use of a cookie if b�strictly necessary in order for the provider
of an information society service explicitly requested by the subscriber
or user to provide the serviceb�.
WP 29 established in its opinion the circumstances when the exemption
criteria do not apply such as forcing controllers, processors, and third
party actors to obtain informed consent before using a cookie.
As regarding criterion A, the WP 29 considers this exemption can be used
only when the cookies are pivotal to the transmission of the
communication and when the transmission is not be possible without the
use of the cookies. "Simply using a cookie to assist, speed up or
regulate the transmission of a communication over an electronic
communications network is not sufficient," says the opinion.
Regarding criterion B, the opinion says: "There has to be a clear link
between the strict necessity of a cookie and the delivery of the service
explicitly requested by the user for the exemption to apply."
Cookies served for the purposes of providing a specific functionality
within websites will not be considered b�strictly necessaryb� unless "the
functionality will not be available" without the cookie and the user has
"explicitly requested" the functionality from the website.
According to the opinion, some cookies can be exempted from informed
consent under certain conditions if they are not used for additional
purposes - these cookies include for example b�user-inputb� cookies (used
to keep track of the userb�s input when filling online forms or as a
shopping cart, also known as session-id cookies), multimedia player
session cookies and user interface customization cookies (for example
language preference cookies to remember the language selected by a user).
The cookies that should not be covered by the exemption include social
plug-in tracking cookies; third party advertising cookies, third party
and first party analytics cookies.
Regarding third party and first party analytics cookies, WP 29 remarks
however that they carry low privacy risks when they are limited to first
party aggregated statistical purposes and when used by websites which
also provide adequate privacy safeguards.
WP 29 also believes e-Privacy Directive should be amended in order to
introduce a new exemption to consent "for cookies that are strictly
limited to first party anonymized and aggregated statistical purposes."
Opinion 04/2012 on Cookie Consent Exemption (7.06.2012)
http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2012/wp194_en.pdf
Article 29 Press Release on cookie consent exemption (12.06.2012)
http://www.statewatch.org/news/2012/jun/eu-wp-29-dp-cookies.pdf
Websites may only place cookies without user consent if services would
not work without them, say regulators (13.06.2012)
http://www.out-law.com/en/articles/2012/june/websites-may-only-place-cookies-without-user-consent-if-services-would-not-work-without-them-say-regulators/
=======================================================================
6. UK websites might have to identify b�trollsb�
=======================================================================
According to the new UK government proposals, website operators might
soon have to identify users who have posted defamatory messages online,
so that the victims of the respective messages may take legal action
against the "trolls".
Presently in UK, a website operator is liable for everything that
appears on its site and therefore it can be taken to court by anybody
who claims something defamatory has been posted about him/her on the
respective website. The websites are now removing content as soon as a
defamation claim is made, irrespective of whether it is right or wrong.
"As the law stands, individuals can be the subject of scurrilous rumour
and allegation on the web with little meaningful remedy against the
person responsible. Website operators are in principle liable as
publishers for everything that appears on their sites, even though the
content is often determined by users,b� says Justice Secretary Ken Clarke.
The UK Ministry of Justice is now proposing a Defamation Bill, which is
under debate in the House of Commons, that will force operators to
identify the creator of a defamatory message and to give that
information to the victim so that he (she) may take action directly
against the person having posted the defamatory content.
The government states that there will also be measures to strengthen
freedom of speech and prevent false claims meant to get material
removed. "It will be very important to ensure that these measures do not
inadvertently expose genuine whistleblowers, and we are committed to
getting the detail right to minimise this risk," said Clarke.
The present rule that currently counts each separate viewing of a
controversial web page as a separate defamatory offence will be removed
and a one-year time limit will be introduced to online defamation claims
in order to stop people complaining about old articles.
However, privacy advocates are concerned about the possible abuse that
the new bill might bring forth. Privacy International believes that a
large part of the content posted by online trolls is not actually
defamatory being rather b�harassment, invasion of privacy or simply
unpleasant but lawfully-expressed opinionb� and is concerned that
"gun-shy website operators will start automatically divulging user
details the moment someone alleges defamation in order to shield
themselves from libel actions".
b�If the choice is between protecting users' anonymity and avoiding a
potentially costly lawsuit, many small operators are not going to be
overly concerned about whether or not a user has genuinely defamed the
complainant," said Emma Draper, head of communications at Privacy
International to BBC News.
For the time being, ISPs seem critical to the proposal as they will be
forced to store more information about Internet usage and emails. The
proposal will also force them to block all access to pornography
websites unless customers specifically state otherwise.
Websites to be forced to identify trolls under new measures (12.06.2012)
http://www.bbc.co.uk/news/technology-18404621
Victims of internet abuse to get new power to identify 'trolls' (12.06.2012)
http://www.telegraph.co.uk/technology/news/9324956/Victims-of-internet-abuse-to-get-new-power-to-identify-trolls.html
Q&A: Who are internet trolls - and how is the law changing? (12.06.2012)
http://www.bbc.co.uk/news/technology-18408457
=======================================================================
7. Spanish Supreme Court says Google is not breaching copyright
=======================================================================
The Spanish Supreme Court ruled on 3 April 2012 that Google was not in
breach of copyright with its browser and cache services. The ruling was
given in a case filed in 2006 by the owner of a web page
(Megakini.com) for having reproduced and made available its
contents, by means of the Google search engine and the Google Cache
service, without authorisation.
The Supreme Court comes to confirm the previous decision given by the
lower court in Barcelona, on 30 March 2007, and the ruling on the appeal
of the Provincial Audience of Barcelona, on 17 Sept. 2008, which both
concluded the same, although on different grounds.
Regarding the reproduction and making available of parts of the webpage
contents, all three courts agreed this was not an infringement of the
copyright law as it had a temporary, incidental and minimal character.
The Supreme Court also rejected the infringement claim in relation to
Google cache service. The reason that laid at the basis of the decision
was the three-step-test guiding the interpretation of the statutory
limitations to the exclusive copyrights. Google Cache service is a
b�socially toleratedb� use which was not prejudicial to the interests of
the claimant.
The claimant had asked for 2000 Euro in damages and for the shut down
the whole operation of the search engine which the court considered a
b�maximalist petitum". According to the court the copyright laws "do not
authorize abusive claims nor absurd hypotheses meant to prejudice
another without own benefit".
However, the court made it clear that the ruling only extended to the
specific circumstances of the case and that b�courts do not solve
doctrinal polemics.b�
Court decision (only in Spanish, 3.04.2012)
http://pdfs.wke.es/8/6/1/5/pd0000078615.pdf
The Supreme Court agrees with Google and considers that its activity
does not breach copyright (only in Spanish, 13.06.12)
http://www.elmundo.es/elmundo/2012/06/13/navegante/1339570444.html
The Supreme Court makes clear that the ruling only extends to the
specific circumstances of this case and Spanish Supreme Court rules in
favour of Google search engine (15.06.2012)
http://kluwercopyrightblog.com/2012/06/15/spanish-supreme-court-rules-in-favor-of-google-search-engine/
=======================================================================
8. Googleb�s Street View privacy breach again in the public eye
=======================================================================
Recently, the UK Data Protection Authority - Information Commissioner's
Office (ICO) has decided to reopen its investigation on Google over the
collection of personal information by Google Street View project from
May 2010.
As a reaction to the US Federal Communications Commission (FCC)b�s report
issued earlier this year into the Street View data collection, ICO has
now sent a written request to the search engine asking for more details
regarding its knowledge of, and reaction to, the data collection. FCCb�s
report concluded that an engineer working for the company, with the
approval of a manager of the company, had written a software code
allowing the Street View cars to collect "payload" data from
unencrypted Wi-Fi networks in the area covered by the cars "for possible
use in other Google projects." The software allowed for the gathering of
entire emails, usernames and passwords.
"The ICO have reviewed the findings of the FCC report and we understand
that a wide range of personal data together with some sensitive data was
present in the payloads including, IP addresses, full user names,
telephone numbers, complete email messages, email headings, instant
messages and their content, logging in credentials, medical listing's
and legal infractions, information in relation to online dating and
visits to pornographic sites and data contained in video and audio
files," says Steve Eckersley, the ICO's head of enforcement, in the
letter addressed to Google.
Having in view that in 2010 Google admitted to have gathered personal
data but stated this had been done by mistake and that now the situation
reported by FCC shows that it is likely that such information was
deliberately captured, the ICO asks now more information regarding what
personal and sensitive personal data was captured in the UK. It also
wants details regarding the time when Google managers first became aware
that personal information was being gathered and about the technological
or organisational measures taken by the company to limit any further
data collection.
Google is also asked to provide a b�substantial explanation" of the
sample data sent during the initial assessment of the issue as
well as copies of the design documents and associated logs containing
"managerial decisions and rationale".
Google stands in a better position in Switzerland however where the
Federal Tribunal has recently ruled that Google did not have to
guarantee absolute anonymity for people pictured in its Street View
service. "It must be accepted that up to a maximum of 1 percent of the
images uploaded are insufficiently anonymized," ruled the Supreme Court
on 8 June 2012.
However, the Court also stated that Google had to make it easy for
people to have their images manually blurred, and ensure total anonymity
in sensitive areas such as schools, hospitals, women's shelters and courts.
ICO reinvestigates Google's Street View data collection (13.06.2012)
http://www.out-law.com/en/articles/2012/june/ico-reinvestigates-googles-street-view-data-collection/
Google wins partial repeal of Swiss privacy ruling (8.06.2012)
http://www.google.com/hostednews/ap/article/ALeqM5jqamDsi-XekvVlZOrHULCU9Hm6EA?docId=568d7691903a470a91a5730ab7b41ca8
EDRi-gram: Google admits it was gathering passwords and emails via
StreetView (3.11.2010)
http://www.edri.org/edrigram/number8.21/street-view-collects-emails
=======================================================================
9. Prague ICANN meeting to discuss Whois data
=======================================================================
An ICANN meeting will be held in Prague between 24-29 June 2012,
where issues and topics impacting users, consumers and registrants, like
whois access and the extension of domain space with ongoing new gTLD
program, will be discussed. As a reminder, ICANN is an Internet
governing body managing mainly IP addressing and domain names and which
is implementing a multi-stakeholder model, bottom-up and consensus-based
policy-making process .
ICANN as an organization still needs important improvements on
accountability, transparency and public interest aspects and also in the
involvement of the civil society, activists and academics. It is also
developing more complex structure and processes advantaging insiders.
The debates are dominated by business and trademark perspective and
privacy, human rights, freedom of expression are still marginalized and
not systematically included or assessed in the policy making process.
One of the rare open spaces in ICANN for the participation of the civil
society remains the Non-commercial Stakeholder Group (which includes for
example NCUC - the historical non-commercial users constituency). It is
one of the stakeholders forming the GNSO (the structure responsible for
policy making for gTLD).
Prague meeting is an opportunity for NGOs in Europe to follow ICANN
activities more closely and to participate in the process since there
are several public sessions and in particular the traditional public
forum on Thursdays where they can express their concerns.
>From a European perspective, the discussion about Thick Whois may
definitely interest privacy advocacy organization and also people
interested in data protection. ICANN is getting pressure from LEAs with
support of some governments (US,UK etc), members of GAC (Governmental
Advisory Committee) to implement Thick Whois without real privacy
safeguards or a privacy impact assessment and pushing to include those
provisions in the registrar's agreements or RAA (Registrar Accreditation
Agreement) which is currently under negotiations as well as in the
expected new gTLDs to be launched in next years.
The ongoing new gTLD program also represents new challenges, benefits
and risks for consumers and users. The list of applications for new gTLD
was revealed on the 13 June 2012. The process will continue and will
include a period for community comments and also possible objections
against some TLDs, which may raise a Freedom of Expression issue, in
particular, with giving governments, via GAC, the possibility to send
"early warnings".
Finally, European NGOs are strongly advised to attend the ICANN meeting
to be more familiar with those topics and to see how they can be
involved in the process to influence it although domain names issues
seem narrow as compared to Internet policy topics in general. The
development of policies in ICANN and its own model are setting a
precedent in the Internet governance context that we need to care about.
Website with practical information about ICANN Prague meeting (24-29
June 2012)
http://prague44.icann.org
Explanation of the process to object an applied gTLD
http://newgtlds.icann.org/en/program-status/objection-dispute-resolution
Whois recommendations from the review team (5.12.2011)
http://www.icann.org/en/news/public-comment/whois-rt-draft-final-report-05dec11-en.htm
Homepage of Non-commercial Stakeholder Group
http://gnso.icann.org/en/about/non-commercial.htm
(Contribution by Rafik Dammak - Non-Commercial Users
Constituency/Non-commercial Stakeholder Group)
=======================================================================
10. Culture: Global changes in production and consumption
=======================================================================
The Green MEPs Eva Lichtenberger, Sandrine BC)lier and Helga TrC<pel
hosted an event on 7 June 2012 in the European Parliament on the global
changes in production and consumption of cultural goods.
The first speaker at the event was FrC)dC)ric Martel, writer, journalist,
researcher and book critic who worked at the French Embassy in Boston as
head of the French cultural and academic services. The mutation is due
to two different phenomena: globalisation and digitalisation. The
novelty is that the developing countries are taking part in those
phenomena and they have to adapt to both globalisation and
digitalisation at the same time. The approach to digitalisation is
different in Europe from that in the developing countries. In Europe the
content industries are adopting a defensive behaviour against
digitalisation, while in the developing countries they see it as an
opportunity. The creative industry is changing, but one should not
forget that the big American studios also finance small independent
studios. A new debate on diversity is appearing because even though
there is globalisation, the cultural issues stay national. Countries
like Brazil do not have the capacity to function by the US and European
system of copyright.
The second panellist was Philippe Aigrain, co-funder of la Quadrature du
Net. He introduced his speech by defending the legalisation of file
sharing and the necessity to find a new financing system b� such as a
global license. But he focused his speech on looking at the reality of
the cultural production and the example of creative writing as a new
production opportunity. Today, the non-market practices of individuals
are playing an important role even more than the selling and licensing
of content, he said. Internet should not be seen as a distribution
channel but a a place of cultural, creative and expressive activities.
Internet is a creation tool. There is a huge textual production with
blogs, microblogs and so on, that allow fair trade publishing favouring
both authors and readers. It is however true that this cannot apply to
all media.
The last speaker was Lucy Montgomery, from Queensland University of
Technology (Australia). She spoke about the Chinese market. New models
are emerging in China. She took the examples of music, film and fashion
in which even though there is piracy and counterfeit, the market is
booming and people consume a lot, but differently. Getting completely
rid of copyright is a crazy idea, but there is a necessity to understand
the co-evolution of innovation and copyright which creates a complex
eco-system.
Webpage of the event (7.06.2012)
http://www.greens-efa.eu/global-changes-in-the-production-and-consumption-of-culture-7184.html
Recorded stream of the event (7.06.2012)
http://greenmediabox.eu/archive/2012/06/07/culture/
(Contribution by Elena Cantello - EDRi intern)
=======================================================================
11. ENDitorial: Data retention - faint heart never won fair lady
=======================================================================
Six years ago, as a result of pressure from the UK, the European Union
adopted the Data Retention Directive. The measure was intended to
harmonise the EU single market for telecommunications, requiring all EU
operators to retain data for the purposes of b�investigation, detection
and prosecution of serious crime,b� including terrorism. Member States
were placed under an obligation to produce statistical information about
the use of such data, with an evaluation report planned for September 2010.
None of the elements of that plan has been achieved: The evaluation
report which the Commission was legally obliged to produce by September
2010 was finally released in March 2011. Despite the fact that the legal
basis of the Directive is the creation of a b�Single Marketb�, the report
produced a long list of examples of how the Directive has failed to
harmonise the single market b� to the point of probably having created
new barriers. The report also shows that several EU Member States have
no definition of b�serious crimeb�, meaning that the core safeguard
against disproportionate use of the data has no agreed meaning. Finally,
the report illustrates that the Member States have, with very few
exceptions, failed to live up to their obligation under the Directive to
provide statistical information.
In the context of the lamentable failure of the Directive, Commissioner
Cecilia MalmstrC6m has taken the only decision available to her. She has
decided to review the legislation and her services have recently
completed an b�impact assessmentb� which details the various policy
options available to her. In order for a new proposal to become law, it
would need to be approved by a majority of Member States (based on a
complicated weighted voting system) and a majority in the European
Parliament. It is the mathematics of this process which makes the
Commissioner's choice a very difficult political one.
Whatever solution is found also needs to deal realistically with the
fact that the b�e-privacy Directiveb� (Article 15) recognises a right for
Member States to introduce data retention with very vague, unclear
safeguards. The uncertainty and confusion created by that provision
(also a UK initiative) was illustrated in the recent Bonnier Audio case
in the European Court of Justice (Case C-461/10). Even a full repeal of
the Data Retention Directive would not stop Member States from
exploiting that loophole to impose retention measures and maintaining
their confused, disproportionate and counterproductive domestic
legislation. The repeal of Article 15 of the E-Privacy Directive is
therefore the only logical policy b� and internal Commission politics
(the e-Privacy Directive is not administered by Commissioner MalmstrC6m's
services) should not stop this from happening.
Once that essential step has been taken, the Commission has four
options: it can do nothing, it can propose minor reforms that it knows
the Council will accept, it can propose major reforms or it can repeal
the Directive.
Option 1: Do nothing
On 3 May 2009, Commissioner MalmstrC6m took a personal oath to uphold the
European Charter of Fundamental Rights. The Charter includes Article 52,
which says that restrictions on fundamental rights are only permissible
if they b�necessary and genuinely meet objectives of general interest
recognised by the Union.b� It is impossible to read the Commission's
implementation report of the Directive and conclude that there is any
possibility that this requirement is currently being met. Doing nothing
also does not solve the problem that the Data Retention Directive is a
b�single market Directiveb� that has not harmonised the single market and
cannot do so in its current form.
Option 2: Minor reforms
Similarly, proposing minor amendments would be expedient and is
definitely a politically attractive option. The Commission could propose
measures that it knows the Member States would accept, such as a small
reduction in the maximum retention period and some others, like
cost-reimbursement for operators, which the Member States would not
accept. The Commission would then have b�clean handsb� and could blame the
Member States for not accepting all of its b�reformsb�. This approach also
comes with considerable risks. In particular, the European Parliament is
somewhat unpredictable on this dossier. On the other hand, the UK, which
single-handedly pushed through the initial Directive, is now proposing
even more extreme measures, such as the creation of vast silos of
communications data b� a 1.8 million pound set of databases of
essentially every online interaction of every citizen. As a Liberal,
Commissioner MalmstrC6m would hardly like to be remembered as the
Commissioner whose legislative proposal has led to EU-wide surveillance
of a scale that would have shocked Orwell.
Option 3: Major reforms
While keeping data retention, the Commission could propose big
reductions in retention periods, to bring them approximately in line
with technically necessary retention of data (for billing and network
security purposes). The problem with this approach is that it would
generate huge opposition among the Member States in the Council. One of
the unwritten rules in the Council is that, if two large Member States
are opposed to a proposal, it is not even put to a vote. Currently,
three large Member States (UK, France, Italy) are vehemently opposed to
any significant reform. Despite the difficulty of the task, overturning
a big majority would however show leadership, show that the Commission
does respect the Charter of Fundamental Rights and show due deference to
the legal framework of the European Union more broadly. A strong
leadership from the Commission supporting fundamental rights stands a
good chance of support from the European Parliament, which would help
put pressure on the Member States.
Option 4: Repeal
All other things being equal (Ceteris paribus), getting enough political
support from the Council and the Parliament for a repeal of the
Directive faces as many barriers as a major reform. However, there is
now a referral of data retention to the European Court. The court has
already expressed concern about the legality of data retention. In the
Telefonica/Promusicae case, the Advocate General questioned whether b�the
storage of traffic data of all users without any concrete suspicions b�
laying in a stock, as it were b� is compatible with fundamental rightsb�.
With the background of the ECJ referral, the failures of the Directive
to achieve its goals and the European Parliament's long-standing
antipathy to the principle of Data Retention, existing doubts in the
European Court about the legality of data retention, a repeal is not as
extreme as it sounds. Solving the single market and predictability
problems created by a repeal of the Directive will be less challenging
than solving the single market and predictability problems created by
the continuing existence of the Directive.
In any event, one thing is clear, the easiest solutions for Commissioner
MalmstrC6m are the least defensible. Courage is needed.
(Contribution by Joe McNamee - EDRi)
=======================================================================
12. Recommended Reading
=======================================================================
EDPS opinion on smart metering (8.06.2012)
http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2012/12-06-08_Smart_metering_EN.pdf
Letter from the Article 29 Working Party addressed to Mr. Juan Fernando
LC3pez Aguilar, Chairman of the LIBE Committee, regarding the
negotiations on the Proposal for a Directive on EU PNR (12.06.2012)
http://ec.europa.eu/justice/data-protection/article-29/documentation/other-document/files/2012/20120612_letter_to_libe_eu-pnr_en.pdf
Letter from the Article 29 Working Party addressed to Ms. Cecilia
MalmstrC6m, Commissioner for Home Affairs, regarding Smart Borders
(12.06.2012)
http://ec.europa.eu/justice/data-protection/article-29/documentation/other-document/files/2012/20120612_letter_to_malmstrom_smart-borders_en.pdf
=======================================================================
13. Agenda
=======================================================================
24-29 June 2012, Prague, Czech Republic
ICANN 44 meeting
http://prague44.icann.org/
27 June 2012, Brussels, Belgium
Pan-European Forum on Media Pluralism and New Media
http://www.mediapluralism.eu/
2-6 July 2012, Budapest, Hungary
Policies and Practices in Access to Digital Archives: Towards a New
Research and Policy Agenda
http://www.summer.ceu.hu/sites/default/files/course_files/Policies-and-Practices-flyer%202012_0.pdf
9-10 July 2012, Barcelona, Spain
8th International Conference on Internet Law & Politics: Challenges and
Opportunities of Online Entertainment
http://edcp.uoc.edu/symposia/idp2012/cfp/?lang=en
11-13 July 2012, Vigo, Spain
The 12th Privacy Enhancing Technologies Symposium
(PETS 2012)
http://petsymposium.org/2012/
25-26 August 2012, Bonn, Germany
Free and Open Source software conference (FrOSCon)
http://www.froscon.de/en/program/call-for-papers/
6-7 September 2012, Cluj-Napoca, Romania
CONSENT policy conference:
Perceptions, Privacy and Permissions: the role of consent in on-line
services
Call for papers by 30 June 2012
http://conference.ubbcluj.ro/consent/
8-9 September 2012, Vienna, Austria
Daten, Netz & Politik 2012
Call for Contributions Deadline: 22 July 2012
https://dnp12.unwatched.org/
12-14 September 2012, Louvain-la-Neuve, Belgium
Building Institutions for Sustainable Scientific, Cultural and Genetic
Resources Commons.
http://biogov.uclouvain.be/iasc/index.php
7-10 October 2012, Amsterdam, Netherlands
2012 Amsterdam Privacy Conference
http://www.ivir.nl/news/CallforPapersAPC2012.pdf
25-28 October 2012, Barcelona, Spain
Free Culture Forum 2012
http://fcforum.net/
6-9 November 2012, Baku, Azerbaijan
Seventh Annual IGF Meeting: "Internet Governance for Sustainable Human,
Economic and Social Development"
http://www.intgovforum.org/cms/
9-11 November 2012, Fulda, Germany
Digitalisierte Gesellschaft - Wege und Irrwege
FIfF Annual Conference in cooperation with Fuldaer Informatik Kollquium
http://www.fiff.de/2012
============================================================
14. About
============================================================
EDRi-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRi has 31 members based or with offices in 19 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge
and awareness through the EDRi-grams.
All contributions, suggestions for content, corrections or agenda-tips
are most welcome. Errors are corrected as soon as possible and are
visible on the EDRi website.
Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 3.0 License. See the full text at
http://creativecommons.org/licenses/by/3.0/
Newsletter editor: Bogdan Manolea <edrigram at edri.org>
Information about EDRI and its members:
http://www.edri.org/
European Digital Rights needs your help in upholding digital rights in
the EU. If you wish to help us promote digital rights, please consider
making a private donation.
http://www.edri.org/about/sponsoring
http://flattr.com/thing/417077/edri-on-Flattr
- EDRI-gram subscription information
subscribe by e-mail
To: edri-news-request at edri.org
Subject: subscribe
You will receive an automated e-mail asking to confirm your request.
Unsubscribe by e-mail
To: edri-news-request at edri.org
Subject: unsubscribe
- EDRI-gram in Macedonian
EDRI-gram is also available partly in Macedonian, with delay.
Translations are provided by Metamorphosis
http://www.metamorphosis.org.mk/mk/vesti/edri
- EDRI-gram in German
EDRI-gram is also available in German, with delay. Translations are
provided by Andreas Krisch from the EDRI-member VIBE!AT - Austrian
Association for Internet Users
http://www.unwatched.org/
- Newsletter archive
Back issues are available at:
http://www.edri.org/edrigram
- Help
Please ask <edrigram at edri.org> if you have any problems with subscribing
or unsubscribing.
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
More information about the cypherpunks-legacy
mailing list