EDRi-gram newsletter - Number 10.18, 26 September 2012

Wed Sep 26 09:42:31 PDT 2012

======================================================================

EDRi-gram

biweekly newsletter about digital civil rights in Europe

Number 10.18, 26 September 2012

=======================================================================
Contents
=======================================================================

1. Facebook gives up its face recognition feature in EU
2. European Parliament steps back from promoting ISP liability
3. Ancillary copyright madness in Germany and France
4. EDRi responds to Commission bself-regulationb consultation
5. EU Parliament approves directive on orphan works
6. Data protection package: a proposed timetable in the EP
7. The Netherlands against ACTA in all its forms
8. Mapping Net Neutrality worldwide
9. Freedom Not Fear 2012
10. First victim of French 3 strikes law is found guilty for negligence
11. ENDitorial: Clean IT is just a symptom of the pinata politics of
privatised online enforcement
12. Recommended Reading
13. Agenda
14. About

=======================================================================
1. Facebook gives up its face recognition feature in EU
=======================================================================

Following pressure from Data Protection offices in EU, Facebook has
decided to give up the controversial face recognition feature in EU.
The feature used by Facebook was taking information given by users when
tagging friends' faces in photo, with the declared purpose to make
suggestions on tags for future images, thus making the process simpler
and faster.

This comes as a result of the work of the Irish Data Protection
Authority (Office of the Data Protection Commissioner of Ireland - DPCI)
which, in December 2011, performed an audit assessing Facebook Irelandbs
(FB-I) compliance with the Irish Data protection law as well as the EU
law and made a series of recommendations to Facebook.

On 21 September 2012, DPCI issued the outcomes of its Review
Implementation of Audit Recommendations finding that most
recommendations by the Audit had been met by the company, most notably
the turning off of the face recognition feature.

At the same time, DPCI gave Facebook four weeks to solve the remaining
issues that are still to be met. Among other things, Facebook has been
asked to provide more detailed information about the use of the "fr"
cookie and to explain the consent collected for this cookie. It has also
been asked to introduce a "robust process" to "irrevocably delete user
accounts and data upon request within 40 days" of being notified and to
address the concerns regarding the possibility of targeted advertising
utilising sensitive data on the network.

bI am satisfied that the Review has demonstrated a clear and ongoing
commitment on the part of FB-I to comply with its data protection
responsibilities by way of implementation or progress towards
implementation of the recommendations in the Audit Report. I am
particularly encouraged in relation to the approach it has decided to
adopt on the tag suggest/facial recognition feature by in fact agreeing
to go beyond our initial recommendations, in light of developments since
then, in order to achieve best practice.  This feature has already been
turned off for new users in the EU and templates for existing users will
be deleted by 15 October, pending agreement with my Office on the most
appropriate means of collecting user consent. By doing so it is sending
a clear signal of its wish to demonstrate its commitment to best
practice in data protection compliance,b said Billy Hawkes, the Irish
Data Protection Commissioner.

Facebook declared it intends to re-introduce the tag feature in the
future, but it would do that under new guidelines and, according to
Billy Hawkes, the tool would only return if Facebook agreed on the bmost
appropriate means of collecting user consentb.

Report of Review of Facebook Irelandbs Implementation of Audit
Recommendations Published b Facebook turns off Tag Suggest in the EU
(21.09.2012)
http://dataprotection.ie/viewdoc.asp?DocID=1233&m=f

Facebook Ireland Ltd b Report of Re-Audit (21.09.2012)
http://dataprotection.ie/documents/press/Facebook_Ireland_Audit_Review_Report_21_Sept_2012.pdf

Facebook given 4 weeks to FULLY SATISFY Irish data commissioner -
Review mainly leads to whiskey doubles all round (21.09.2012)
http://www.theregister.co.uk/2012/09/21/irish_data_protection_commissioner_facebook_review_following_2011_audit/

Facebook abandons face recognition within the EU (only in French,
updated 24.09.2012)
http://www.01net.com/editorial/573553/facebook-abandonne-la-reconnaissance-faciale-au-sein-de-lue/

Facebook to switch off controversial facial recognition feature
following data protection concerns (22.09.2012)
http://www.dailymail.co.uk/news/article-2207098/Facebook-switch-controversial-facial-recognition-feature-following-data-protection-concerns.html

=======================================================================
2. European Parliament steps back from promoting ISP liability
=======================================================================

On 11 September 2012, the European Parliament voted on an own-initiative
report of Mr Jean-Marie Cavada (EPP, France) on the online distribution
of audiovisual works.

As we reported in the EDRi-gram after the vote in the leading Committee,
the Culture and Education Committee, last July, the report was
containing some surprising and potentially very problematic terms on the
liability of networks operators. The text was calling for bways to
encourage network operators to standardise their technical toolsb for
copyright enforcement and arguing that the current trend was towards a
removal of liability of networks operators. This is factually wrong,
could lead to privatisation of censorship and would encourage
enforcement outside the rule of law. Finally, this is in no way pursuing
the goal of the report, which is to promote and develop access to
cultural content.

This problematic part of the report (point 59 of the final report) was
thankfully rejected in the final vote of the European Parliament on the
dossier following a lot of behind the scenes activity by
EDRi.

This vote is important for three reasons.

Firstly, the European Parliament would have faced difficulties
convincing the other institutions of its credibility on the dossier. A
report containing (obviously) inaccurate statements will not be
particularly credible.

Secondly, encouraging network operators to standardise their btechnical
toolsb means encouraging Internet service providers to monitor, filter
and possibly block access to content. This call was going against recent
decisions of the Court of Justice of the European Union that protecting
intellectual property could not override other fundamental rights such
as the right to privacy, the freedom of information and the freedom to
conduct business. (C-70/10 Scarlet/SABAM and C-360/10 SABAM/Netlog). The
mix of btechnical toolsb creates the motive, means and opportunity for
Internet companies to appoint themselves as the judge, jury and
executioner of online law enforcement.

Finally, and most importantly, it shows the willingness of the European
Parliament to move away from concentrating all intellectual property
related issues on enforcement b particularly privatised enforcement by
Internet companies. It is a clear reversal of the Parliament's previous
approach in the so-called bGallo reportb adopted by the European
Parliament in 2010 that demanded bappropriate solutionsb from
Internet Service Providers in bdialogueb with stakeholders. One such
bdialogueb was the one convened by the European Commission, which
suggested the bvoluntaryb implementation of exactly the kinds of
filtering systems that the European Court of Justice subsequently ruled
to be in breach of citizens' fundamental rights.

This vote is in tune with the recently adopted Opinion of the Industry
Committee of the European Parliament on Completing Digital Single
Market, led by Italian Conservative Parliamentarian Aldo Patriciello. In
that report, Parliamentarians focussed on eliminating the many barriers
to online services in Europe, demanding in particular ba harmonised
approach to copyright exceptions and limitationsb. This reflects a
growing awareness that it is time to move away from trying to use
disproportionate tools to enforce a copyright system that is devoid of
credibility and towards building a more credible approach.

The road will still be long to adapt the current framework to the
digital revolution and to overcome the barriers that prevent consumers
to access, use and enjoy cultural content but the European Parliament
has made it clear that it was the direction it wanted to take.

EDRi-gram: EP: Surprises in the online distribution of audiovisual
works' report (18.07.2012)
http://www.edri.org/edrigram/number10.14/online-distribution-works

Patriciello Opinion
Not yet published by Parliament

Cavada Report (25.07.2012)
http://www.europarl.europa.eu/sides/getDoc.do?type=REPORT&reference=A7-2012-0262&language=EN

Gallo Report (22.10.2012)
http://www.europarl.europa.eu/sides/getDoc.do?type=TA&language=EN&reference=P7-TA-2010-340

(Contribution by Marie Humeau - EDRi)

=======================================================================
3. Ancillary copyright madness in Germany and France
=======================================================================

On 29 August 2012, the German government decided to pass a draft
legislative proposal for ancillary copyright (so-called
"Leistungsschutzrecht") aimed at bprotectingb publishing houses' online
content from being quoted in news aggregation sites and on search engines.

This draft law would give publishers the right to limit or forbid any
publication or reproduction by third parties of snippets of their
content. Services (Google in particular) which publish (or "steal") even
very small parts or snippets as a means of helping end-users find
interesting information would have to obtain a license and pay a tax in
order to do so. The law would have an extensive impact since any
website, aggregator or blog could be affected by this.

A couple of years ago, German publishers suddenly realised that there
were companies on the internet which make billions of Euro from
advertising. Advertising has traditionally been the publishers' business
model and they have failed to adapt this part of their business to the
online environment. They therefore argue that companies that are able to
make money in the digital environment should subsidise their
pre-existing business model. Ironically, though, those companies are
still able to make significant profits. For example, Germany's biggest
publisher Axel Springer recently announced an increase in 55% for its
online products in the first half of 2012.

Just a few days ago, French magazine TC)lC)rama.fr revealed a draft
proposal written by the press association IPG and inspired by the
developments in Germany, in order to tax Google and cream off its
billion euro profits in France. The draft blex Googleb wants to give
publishers the exclusive right to reproduce snippets from articles,
under penalty of a fine of 30 000 euro and 3 years imprisonment for
offenders.

The somewhat incomprehensive German and French provisions create a
disincentive for online companies to help people find the publishers'
online content and bcompensateb the publishers when their content is
found. Following the same logic, concert venues could ban taxi drivers
to take people to their concerts, unless they pay bcompensationb to the
venue for bringing customers to their doors. In an environment where
expensive, disjointed and out-of-date copyright law is already causing
significant damage to the European economy, this approach may be a joke,
but it certainly is not funny.

Civil society groups as well as the German association of internet
economy eco have highlighted the absurdities and negative consequences
of ancillary copyright provisions repeatedly. They have pointed out that
the current terms of the law are more than unclear, that it is difficult
to establish what makes a website "commercial" and therefore leads to
legal uncertainty. In addition, the current German draft would restrict
the diversity of information on the internet. Civil society groups have
also pointed out the complete superfluousness of such provisions -
publishers are already protected by copyright provisions and are given
extensive rights by journalists through contracts or general terms and
conditions.

Due to the vague definition of a "press product", search engines would
need to conclude thousands of individual contracts. Smaller publishers
and bloggers do not have the capacity to do the same. It is thus likely
to result in adverse effects: a creation of exceptions for monopolies,
leading to an uncompetitive market situation. Ultimately, this will also
limit the freedom of communication and freedom to do business.

3rd revision of the German draft proposal (only in German)
http://irights.info/userfiles/3_%20Referentenentwurf-LSR-Kabinettsfassung_Scan.pdf

Axel Springer online profit (only in German, 8.08.2012)
http://www.welt.de/wirtschaft/article108532273/Axel-Springer-steigert-Gewinn-dank-Online-Geschaeft.html

eco Comments on Planned Ancillary Copyright (10.07.2012)
http://international.eco.de/2012/news/eco-comments-on-planned-ancillary-copyright.html

TC)lC)rama reveals press publishers' project (only in French, 21.09.2012)
http://www.telerama.fr/medias/taxe-google-telerama-devoile-le-projet-des-editeurs-de-presse,87027.php

Common declaration of French and German publishers (only in German,
19.09.2012)
http://www.bdzv.de/fileadmin/bdzv_hauptseite/aktuell/bdzv_branchendienste/bdzv_intern/2012/14_2012/images/Erklaerung_Deutsche_und_Franz_Verleger_zum_LSR_Deutsche_Version.pdf

(Contribution by Kirsten Fiedler - EDRi)

=======================================================================
4. EDRi responds to Commission bself-regulationb consultation
=======================================================================

The Commission is asking for feedback on a draft bcodeb for what it
describes as bmultistakeholder actionsb. The intention is to use the
final text as a blueprint for future self- and co-regulatory actions, in
order to ensure that certain best practices are respected. The deadline
is at the end of this week (30 September 2012) and EDRi has already
submitted its response.

We have been (sometimes very!) critical of the Commission's approach to
self-regulation b most particularly when it is not self-regulation at
all but privatised law enforcement, as we see in the now infamous Clean
IT project and as was also proposed in ACTA. If the Commission were
currently following the draft code, many of the excesses that we see
today would not be happening. For example, the chaotic and expensive
two-year bbrainstormingb of Clean IT would never have happened because
the code stipulates the establishment, from the outset, of bclear and
unambiguousb objectives, bstarting from a well-defined baseline.b
Indeed, the confusion regarding the specific aims of the project is one
of the main reasons that EDRi felt that it was inappropriate to
participate in that group.

While the draft proposed by the European Commission would represent a
solid step forward, there are still valuable improvements that would
need to be made. For example, contrary to the process followed by Clean
IT, there should be an bup frontb understanding that any outcome cannot
legally result in restrictions of fundamental rights.

Secondly, it is very important that any involvement from public
authorities in self-regulatory measures result in those authorities
agreeing to take a formal position to either endorse or reject the
outcome of the project. The alternative is power without responsibility
b a public authority can convene industry discussions, push for a
particular outcome and then claim that the entire process was
bindustry's idea.b We also suggest that the involvement of the public
authority be under constant review and only allowed to continue when a
majority of stakeholders are in favour. Power without responsibility is
a corrosive and corrupting factor for any administration. Our response
therefore highlights this point as being one of critical importance.

The third major point of our response refers to the actions that should
be taken if a stakeholder group resigns from a multi-stakeholder
process. In the Commission's draft code, representativeness is given a
high degree of priority, but the guarantees to ensure this is actually
respected are somewhat weak. For example, there is no clarity as to what
should be done if a stakeholder group loses faith in the process and
resigns. Our suggestion is that the group should have the right to
produce a statement of objections and for this to be appended to the
final, published agreement. We also suggest that the resignation of key
stakeholder groups or an agreed proportion of participants would
automatically trigger the ending of the project. In the same vein, we
propose that a level of non-compliance should be agreed which, if
attained, would also lead to the ending of the project.

The Commission consultation comes in two parts b a short questionnaire
and a PDF/DOC of the draft code, which should be submitted with btracked
changesb after being edited in line with the respondent's views. We
encourage other civil society groups and also individuals to respond b
and we will not complain if any of our analysis is plagiarised.

On-line public consultation on Code for Effective Open Voluntarism:
Good design principles for self- and co-regulation and other
multistakeholder actions
Deadline: 30 September 2012
http://ec.europa.eu/information_society/digital-agenda/actions/consultation/

EDRi's tracked changes document
http://edri.org/files/EC_code_final.pdf

(Contribution by Joe McNamee - EDRi)

=======================================================================
5. EU Parliament approves directive on orphan works
=======================================================================

On 13 September 2012, the EU Parliament approved the draft legislation
on orphan works proposed in 2011, completed by the EU Parliament and
Council compromise in June 2012.

The European Commission issued an Impact Assessment in 2011 accompanying
the proposal for a directive on certain permitted used of orphan works,
considering there was an urgent need of a legislative initiative on
orphan works, as a result of the situation created by the US Google
Books Settlement (in its original formulation orphan works were to be
automatically included in the scope of the Google Books Settlement), the
need to obtain prior copyright permissions for the use of orphan works
in Europe and the risk of a knowledge gap in case orphan works could not
become part of European Digital Library projects.

The Commission also considered a key action of the Digital Agenda for
Europe was the creation of a legal framework to facilitate the
digitisation and dissemination of orphan works (works for which no
author is identified or located). The proposed directive was intended to
make it "safer and easier for public institutions such as museums and
libraries to search for and use orphan works (...)."

The directive defines what works that can be considered orphan works and
it stipulates that the public institutions would be required to carry
out a prior bdiligent searchb, in terms with the proposed directive
requirements, in the Member State where the work was first published.
When the diligent search establishes the orphan status of a work, it
would be considered an orphan work all over the EU. Thus, orphan works
can be made available online for cultural and educational purposes
without prior authorisation, unless (or until) the owner of the work
puts an end to such status.

Following certain concerns and criticism, in June 2012, the draft
proposal was completed with two points which established that in case
the right holder showed up, he would be entitled to claim compensation
for the use of his own work and that public institutions should be
allowed to generate some revenue from the use of an orphan work to be
used to pay for the search and the digitisation process.

The approved text by the European Parliament also includes some other
additions such as that the diligent search will not be necessary for
each work but "in good faith" and "prior to the use of the work."

A new article was also added - the new Directive bshall be without
prejudice to the Member Statesb arrangements concerning mass-scale
digitisation of works, such as those relating to out-of-commerce works."

Although considered a good idea, the proposed directive does not impress
everybody. MEP Christian EngstrC6m, of the Swedish Pirate Party, believes
the directive is not bold enough and bis not going to help to make the
European common cultural heritage available the way it is drafted so I
would urge everyone to reconsider because at the moment it simply isn't
useful.b Another difficulty is that when dealing with musical works, a
cultural heritage institution will have to consider the future rules
that will result from the proposed directive on collective rights
management and multi-territorial licensing of rights in musical works
for online uses.

Commission's Vice-President Neelie Kroes has recently pointed out that
although the proposals on orphan works, as well as the proposal on
collective rights management, were good steps in the way to improve EU
copyright, there were also other problems beyond licensing or orphan
works and that "we need to focus also on substantive copyright reform."

Orphan works directive approved by EU Parliament (14.09.2012)
http://ipkitten.blogspot.nl/2012/09/orphan-works-directive-approved-by-eu.html

Are European orphans about to be freed? (21.09.2012)
http://kluwercopyrightblog.com/2012/09/21/are-european-orphans-about-to-be-freed/

Finding a good home for orphan works online (12.09.2012)
http://www.europarl.europa.eu/news/en/headlines/content/20120706STO48456/html/Finding-a-good-home-for-orphan-works-online

"Orphan" works: informal deal done between MEPs and Council (6.06.2012)
http://www.europarl.europa.eu/news/en/pressroom/content/20120606IPR46383/html/Orphan-works-informal-deal-done-between-MEPs-and-Council

European Parliament legislative resolution of 13 September 2012 on the
proposal for a directive of the European Parliament and of the Council
on certain permitted uses of orphan works (COM(2011)0289 b C7-0138/2011
b 2011/0136(COD) (13.09.2012)
http://www.europarl.europa.eu/sides/getDoc.do?type=TA&reference=P7-TA-2012-0349&language=EN&ring=A7-2012-0055

=======================================================================
6. Data protection package: a proposed timetable in the EP
=======================================================================

Last week, on 19 September 2012, the Civil Liberties, Justice and Home
Affairs (LIBE) Committee discussed the data protection package, in
particular the planned timetable.

LIBE is the Committee leading the dossier in the European Parliament and
will issue two reports, one on the proposal for a General Data
Protection Regulation ( bthe Regulationb) and one on the proposal for a
Directive bon the protection of individuals with regard to the
processing of personal data by competent authorities for the purposes of
prevention, investigation, detection or prosecution of criminal offences
or the execution of criminal penalties, and the free movement of such
datab (bthe Directiveb).

The two Rapporteurs, Mr Jan-Philipp Albrecht (Greens, Germany) for the
Regulation and Mr Droutsas (S&D, Greece) for the Directive, decided to
follow a package approach because of the important links between the two
proposed legislative measures. However, Mr Droutsas underlined the
difficulties that the Council seems to encounter on the Directive with
the position of certain Member States. The joint parliamentary meeting
taking place on 9 and 10 October is going to be crucial in solving this
issue, he added. Because of the problems in the Council, the feasibility
of the package approach was questioned by Mr Alvaro (ALDE, Germany) b
even though he recognised the benefit of such an approach - and Mr
Kirkhope (ECR, United Kingdom).

The cooperative approach of the dossier, desired by the Rapporteurs, was
warmly welcomed by the other members of the European Parliament from all
political groups. Important issues were underlined several times during
the debate such as the importance of a good implementation and of a
strong enforcement of data protection, the need for clarity, the
necessity of protecting fundamental rights and finally the issue of data
flow to third countries. Even if no final agreement on those issues was
found during the debate, the debate was very helpful to understand the
forthcoming steps in the process.

Mr Albrecht indeed presented his forecasted timetable for the
Regulation. The current plan is to have the Regulation definitely voted
before the end of this legislature, i.e. in 2014. To achieve this goal,
he would like to provide a second working paper for the joint
parliamentary meeting taking place beginning of October. At that time,
the paper will be available only in English and will subsequently be
translated for a debate in the Committee that will take place on 5 or 6
November 2012. The Rapporteur intends to have a draft report ready by
December of this year, so the vote can take place between February and
April 2013, to enable negotiation with the Council later on.

The envisaged timeframe is very important as it gives a great
perspective on the forthcoming steps.

However, this timetable is foreseen as being very ambitious by Mr
Alvaro, Mr Kirkhope and Mr Voss (EPP, Germany), the bShadow
Rapporteursb. During the debate, they expressed the necessity to favour
quality over speed. It is a very important issue and the process should
not be rushed.

Mr Albrecht concluded by underlining the importance of a coherent and
harmonised framework and the necessity of consolidating the current
system of data protection. Good legislation needs good implementation
and a strong enforcement system. EU citizens have to be protected when
their data are processed, he said. Therefore, he agreed that if more
time was needed to make a good and strong legislation, then this time
will be taken.

More information on the procedure being followed and a glossary of the
key terminology is available in EDRibs bActivist Guide to the Brussels
Mazeb (2012)
http://www.edri.org/files/2012EDRiPapers/activist_guide_to_the_EU.pdf

The entire debate is available on the Parliament website (19.09.2012)
http://www.europarl.europa.eu/ep-live/en/committees/video?event=20120919-0900-COMMITTEE-LIBE

(Contribution by Marie Humeau - EDRi)

=======================================================================
7. The Netherlands against ACTA in all its forms
=======================================================================

In response to an open letter sent by EDRi-member Bits of Freedom (BoF),
the Dutch government has confirmed that it opposes any controversial
ACTA-provisions in whatever form.

This confirmation was provoked by the news, only six days after ACTA was
rejected by the European Parliament, that a draft text of the Canada b
EU Trade Agreement contained provisions that were virtually identical to
provisions from ACTA. As the Netherlands set an important example by
rejecting ACTA long before the vote in the European Parliament, Bits of
Freedom requested the government to do the same with CETA or any
agreement alike. And it did.

More specifically in its letter of 17 September 2012, the government b
upon BoF request b confirmed that it would not agree to the
ACTA-provisions in CETA or any other treaty in which such provisions may
appear. It stated:

"The European Commission rightly agreed to respect the vote of the
European Parliament against ACTA and to observe this vote concerning
CETA. ACTA-provisions 27(3) and 27(4) regarding the liability of
Internet Service Providers are no longer part of the current draft of
CETA. Other provisions relating to the enforcement of intellectual
property rights are currently being studied with the aforementioned vote
in mind. If provisions do not correspond thereto, they will be changed
or deleted."

and:

"In light of resolution 288 of the House of Representatives [2], this
government will not agree b in whatever agreement this may be b to any
ACTA-provisions it voted against. Examples are provisions on the strict
enforcement of intellectual property on the internet and provisions that
stand in the way of future intellectual property reforms."

The government further noted that currently there were no other treaties
similar to ACTA being negotiated.

This confirmation by the Dutch government is of course very good news.
However, due to recent elections, a note of caution is in place: the new
government that is currently being formed may decide differently. Seeing
the latest positions of the two major parties there is not too much
reason for concern: in their election campaign, the liberal party (VVD)
took a position against ACTA and similar treaties; the labour party
(PvdA) took position only against ACTA but did support resolution 288
(also mentioned above) by which the government was requested to vote
against treaties similar to ACTA.

Bits of Freedom hopes that the formal position of the Dutch government
against controversial ACTA-provisions in whatever form serves as an
example to policymakers in other countries to do the same. This will
hopefully help the European Commission accept its loss and realize that
the only constructive way forward is to start looking for acceptable
alternatives in an open and transparent way.

Translation open letter: Dutch government must reject CETA (1.08.2012)
https://www.bof.nl/2012/08/01/translation-open-letter-dutch-government-must-reject-ceta

Translations of Dutch parliamentary resolutions against ACTA (29.05.2012)
https://www.bof.nl/2012/05/29/translations-of-dutch-parliamentary-resolutions-against-acta

(Contribution by Simone Halink - EDRi-member Bits of Freedom, Netherlands)

=======================================================================
8. Mapping Net Neutrality worldwide
=======================================================================

When questioned about Net Neutrality the European Commission previously
claimed that only little data existed to show that net neutrality
violations had occurred. A new project: netneutralitymap.org shows net
neutrality violations worldwide based on tests for shaping. It documents
the need for net neutrality legislation.

Although Net Neutrality is currently discussed throughout Europe, very
little actual data is used for campaigning. A new project tries to
change this by mapping data from Measurement Lab's global "Glasnost"
tests. The map uses the same metric previously used by the researchers
of Measurement Lab to detect violations of Net Neutrality along one year
and display them on a map. The map clearly shows: violations of Net
Neutrality are commonplace throughout Europe.

Especially the Bittorrent protocol is frequently shaped. While data from
small countries are sparse - data from larger countries confirm that net
neutrality violations are indeed common.

The map was created by activists around the Austrian EDRi member VIBE.at
and "Initiative fuer Netzfreiheit" which recently started a campaign to
promote Net Neutrality in Austria. "I did not perceive Net Neutrality
violations as a problem until I first looked at the map we created" says
Michael Bauer of VIBE.at. "It is striking how common shaping is in
todaybs internet".

The European Commission previously claimed a lack of data on Net
Neutrality violations as the main reason for not punishing them.
Measurement lab had this data since 2009. With this new way of
presenting the data it is clear that the lack of data is not a reason
for delaying net neutrality regulation any longer.

The Net Neutrality map
http://netneutralitymap.org

Austrian campaign on Net Neutrality (only in German)
http://unsernetz.at

Measurement Lab -  open platform for researchers to deploy Internet
measurement tools
http://measurementlab.net

Initiative fur Netzfreiheit (only in German)
http://netzfreiheit.org

(contribution by Michael Bauer - EDRi-member VIBE.AT - Austria)

=======================================================================
9. Freedom Not Fear 2012
=======================================================================

The 4-day "Freedom Not Fear 2012" (FNF 2012) event came to a successful  
end on Monday, 17 September 2012. Organisations and individuals from 11  
EU-member states participated to raise their voice for better privacy  
safeguards, to protest against emerging surveillance measures and to  
exchange views on digital rights issues

The Brussels action in which several EDRi members participated (FoeBuD,
Digitale Gesellschaft, IuRe, Panoptykon, Bits of Freedom, VibeAt and the
Liga voor Mensenrechten) was accompanied by protest events in the US,
Argentina, Luxembourg and Australia.

Bits of Freedom (Netherlands) attended the FNF weekend in Brussels
focusing mainly on the events around the review of the data protection
framework. They consider it great to meet many activists working on
different topics of which many are related to the activities of the
Dutch organisation. Also, BoF found it inspiring to see which important
issues exist outside the scope of their work.

FoeBuD (Germany) said that several excellent results were produced at
FNF 2012. FoeBuD members really enjoyed the internationality this year -
and will continue working to bring even more organisations to next
year's event. One topic that FoeBuD has recently focused on is the
European Data Protection Regulation, and some good work on this was done
during the FNF activists' weekend and the meetings with European
officials. Another focus is the project to investigate and hopefully
start a European Citizens' Initiative (ECI) against data retention, on
which some valuable exchanges took place during FNF. The next step on
this will be to organise an international conference in Amsterdam to
talk about the ECI.

Three Digitale Gesellschaft (Germany) members were able to participate
in this year's FNF12. This was a perfect occasion for them to put their
energy into pan-European networking between activists and to explain
their position to European policy makers. During the conference, the
members gave a short introduction and overview of the German national
campaign on net neutrality.

The FNF 2012 started on Friday afternoon with a discussion about the
consultations of the EU Commission about a European notice-and-takedown
system of content on the Internet. Mr. Werner Stengg, Head of the EC
Unit "Online Services" presented the Commission's point of view on this
sensitive topic. The talk was followed by two hours of discussions with
Mr. Peter Hustinx, European Data Protection Supervisor, about the
upcoming EU Data Protection Reform. He started with a detailed
explanation of his interpretation of the Freedom Not Fear motto: "Fear
is always a bad adviser." He emphasized the need to keep on striving for
positive developments on privacy issues. Mentioning the whole range of
various kinds of activism, from single person engagement up to
professional privacy activism: "Keep on going - we need you!"

Three more days of the barcamp-like conference filled with meetings,
lectures and discussions followed, also including a colorful
demonstration within the city of Brussels and one more outside action
named the "Camspotting Game". One of the results of bFreedom Not Fearb
was the establishment of the International Working Group on Video
Surveillance, which announced a campaign targeting the latest
developments in privacy-intrusive technology such as "Facewatch" in the UK.

Freedom Not Fear 2012
http://wiki.vorratsdatenspeicherung.de/Freedom_Not_Fear_2012

Walk of Protest FNF 2012
http://wiki.vorratsdatenspeicherung.de/Freedom_Not_Fear_2012/Walk-of-protest

=======================================================================
10. First victim of French 3 strikes law is found guilty for negligence
=======================================================================

After almost two years since the 3-strikes law has entered into force in
France, the first Internet user was sentenced by the court to a 150 euro
fine for negligence for not using the Internet access security measures
and because the user has innocently confessed it.

Since October 2010, about 3 million French IP addresses have been
identified by rightholders of being possible infringers. Out of these,
Hadopi considered 1.15 million worthy of a bfirst strikeb notice, about
102 000 of a second warning, and only 340 of a third warning. Only 14
cases were sent to court, so far.

This is the first fine applied for the Hadopi law because the
infringement must be proven and this is not easy to do. In order to be
punished for negligence, one has to have failed to apply security means
to his Internet connection or to have not used accordingly these means,
both being rather difficult to prove.

However, this particular Internet user gave himself up by admitting that
he had not used any security means to prevent access to his Internet
account.

By trying to defend himself, the Internet user summoned by the court for
repeated infringements, gave the court the motives to condemn him for
negligence. He argued he was himself unable to download material from
the Internet and blamed his wife (with whom he is under divorce
procedures) for having illegally downloaded material from the Internet.

The woman confirmed she had downloaded Rhianna songs. bBy saying he knew
she was downloading infringing content, but didnbt prevent her from
doing so, he self-incriminated,b explained Guillaume Champeau of Numerama.

So, although actually innocent, the man is now to pay for being
responsible for the downloading, because he did not prevent it.

Hadopi: one first condemned person, by ingenuity (only in French,
13.09.2012)
http://www.numerama.com/magazine/23715-hadopi-un-premier-condamne-par-naiumlvete.html

Hadopi confirms that the first condemned betrayed himself (only in
French, 13.09.2012)
http://www.numerama.com/magazine/23718-la-hadopi-confirme-que-son-1er-condamne-s-est-lui-meme-trahi.html

French 3 Strikes: Court Fines First File-Sharer, Even Though Hebs
Innocent (13.09.2012)
http://torrentfreak.com/french-3-strikes-court-fines-first-file-sharer-even-though-hes-innocent-120813/

=======================================================================
11. ENDitorial: Clean IT is just a symptom of the pinata politics of
privatised online enforcement
=======================================================================

There has been a lot of attention to the bClean ITb project since EDRi
published a leaked draft document last week, on 21 September 2011. Since
then, the project organisers have said that the statement on the front
page saying that bthis document contains detailed recommendationsb was
incorrect and that it also contained (unidentified) other mistakes.

Project coordinator But Klaasen explained on Twitter that the leak was
little more than a bdiscussion document.b According to the Clean IT
website, this is the output of two day meetings in Amsterdam (October
2011), Madrid (January 2012), Brussels (March 2012) Berlin (June
2012) and Utrecht(September 2012). According to the website of Clean IT,
which has produced 23 pages of bullet points of policy suggestions,
there will be just one more meeting (Vienna, November 2012) before a
final presentation is made in February 2013. Mr Klaasen also explained
on Twitter that all suggestions received thus far are only bfood for
discussionb, because they do not censor the ideas they receive.

Clean IT is therefore part of a wider problem b a conveyor-belt of
ill-defined projects whereby industry is expected to do bsomethingb to
solve ill - or even undefined problems on the Internet. For example, it
takes an almost impressive amount of fragmentation for the European
Commission to be simultaneously funding two different and uncoordinated
projects (Clean IT and CEO Coalition on a Safer Internet for Kids)
developing bvoluntaryb industry standards on bnotice and takedownb, on
bupload filtersb, on breporting buttonsb and all with little or no
analysis of the specific problems that need to be solved.

Worse still, Clean IT was born out of a failed bvoluntaryb project
organised directly by the European Commission on billegal online
contentb. That project failed because it did not have a problem
definition. Without knowing what problems it was trying to solve, it
ended up going round in ever smaller circles before finally disappearing
down the proverbial drain. Sadly, no lessons were learned before the
Commission committed to funding Clean IT, which is currently making the
same mistakes all over again.

Even bigger mistakes have not been learned from in this approach. In the
Commission-organised bdialogue on illegal uploading and downloadingb, a
proposal was made for widespread bvoluntaryb filtering of peer-to-peer
networks. This was resisted by the Internet access provider industry and
ultimately ruled by the European Court of Justice (Scarlet/Sabam case
C70/10) to be in breach of fundamental rights.

All of this experience meant that EDRi could not possibly participate in
Clean IT without seeking to ensure that the project did not make the
same mistakes that we have seen over and over again. In 2011, as a
precondition of participation, we therefore set very reasonable demands:

1. Identify the specific problems to be solved. (At different moments,
Clean IT was meant to address bAl Quaida influencedb networks,
bterrorist and extremist 'use' of the Internetb and
bdiscriminationb/billegal softwareb.)
2. Identify the scope of the industry involvement. Listing every single
type of online intermediary is neither credible nor effective.
3. Actively seek to identify and avoid possibilities for unintended
consequences for both fundamental rights and addressing illegal content.

The project leader rejected all of these preconditions, regrettably
leaving us no option but to stay outside the process. As a result, we
have a project that seeks to use unspecified industry participants to
solve unidentified problems in ways which may or may not be in breach of
the Union and international law. It would be unconscionable for EDRi to
participate in these circumstances.

We have also been contacted via Twitter by Commissioner Kroes'
spokesperson. Mr Heath's comments suggest that CleanIT is only a
bbrainstormingb session and the Commission has spent hundreds of
thousands of Euro just for lists of possible policies.

It is very important to stress that absolutely nothing in the document
that we released last week has been officially approved as European
Commission policy. The recommendations, insofar as they are
recommendations, are the sole responsibility of the CleanIT project.
Commissioner MalmstrC6m has acted to distance herself from the project
and has made this very clear via Twitter messages. There are, however,
serious questions that are still to be asked regarding the budget
approval processes that lead to such projects being approved for public
funding.

The law is quite clear b the Charter of Fundamental Rights, the
Convention on Human Rights and the International Covenant on Civil and
Political Rights are quite clear b restrictions on fundamental rights
must be foreseen by law and not introduced as unpredictable, ad hoc
projects by industry. The rule of law cannot be defended by abandoning
the rule of law and EDRi will continue to defend this principle.

EDRi: Clean IT b Leak shows plans for large-scale, undemocratic
surveillance of all communications (21.09.2012)
http://edri.org/cleanIT

Clean IT rebuttal of our comments
http://www.cleanitproject.eu/edri-publishes-clean-it-discussion-document/

Mr Heath's comments
https://twitter.com/EDRi_org/status/250524464499023872

Mr Klaasen's tweet
https://twitter.com/ButKlaasen/status
/249145735453487105

Commissioner MalmstrC6m's tweets
https://twitter.com/MalmstromEU/status/250573911471845376
https://twitter.com/MalmstromEU/status/250574119991660545
https://twitter.com/MalmstromEU/status/250641266038173696

(Contribution by Joe McNamee - EDRi)

=======================================================================
12. Recommended Reading
=======================================================================

Islands of Resilience
Comparative Model for Energy, Connectivity and Jurisdiction
Realizing European ICT possibilities through a case study of Iceland
http://islandsofresilience.eu/
http://icg.greens-efa.org/pipermail/hub/attachments/20120925/83bf78da/attachment-0001.pdf

JoaquC-n Almunia Vice President of the European Commission responsible
for Competition Policy -  Competition enforcement in the knowledge
economy Fordham University/ New York City (20.09.2012)
http://europa.eu/rapid/pressReleasesAction.do?reference=SPEECH/12/629&format=HTML&aged=0&language=EN&guiLanguage=en

EDPS issues comments on DG MARKT's public consultation on procedures for
notifying and acting on illegal content hosted by online intermediaries  
(13.09.2012)
http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Comments/2012/12-09-13_Comments_DG_MARKT_EN.pdf

The internet in pieces
Harried by cyberattacks, Iran is making good on a vow to build its own
web. Others could follow (23.09.2012)
http://www.guardian.co.uk/commentisfree/2012/sep/23/iran-us-cyber-espionage-intranet

=======================================================================
13. Agenda
=======================================================================

27 September 2012, Paris, France
Open Data - La ConfC)rence
http://www.opendata-laconference.com/agenda.html

7-10 October 2012, Amsterdam, Netherlands
2012 Amsterdam Privacy Conference
http://www.apc2012.org/

11-12 October 2012, Amsterdam, Netherlands
Economies of the commons 3 - Sustainable Futures for Digital Archives
http://ecommons.eu/

25-28 October 2012, Barcelona, Spain
Free Culture Forum 2012
http://fcforum.net/

3-4 November 2012, Baku, Azerbaijan
Best Bits b a strategic gathering of NGOs around Internet governance and
Internet principles
http://igf-online.net/bestbits.pdf

6-9 November 2012, Baku, Azerbaijan
Seventh Annual IGF Meeting: "Internet Governance for Sustainable Human,
Economic and Social Development"
http://www.intgovforum.org/cms/

9-11 November 2012, Fulda, Germany
Digitalisierte Gesellschaft - Wege und Irrwege
FIfF Annual Conference in cooperation with Fuldaer Informatik Kollquium
http://www.fiff.de/2012

29-30 November 2012, Brussels, Belgium
For Your Eyes Only: Privacy, Empowerment and Technology in the context
of Social Networks
http://www.foryoureyesonly.be

4 December 2012, Brussels, Belgium
3rd Annual European Data Protection and Privacy Conference
http://www.eu-ems.com/summary.asp?event_id=123&page_id=983

23-25 January 2013, Brussels, Belgium
CPDP 2013 Conference - Reloading data protection
CfP by 19 October 2012
http://www.cpdpconferences.org/callforpapers.html

6-8 May 2013, Berlin, Germany
re:publica 2013
http://re-publica.de/12/2012/08/28/der-termin-steht-vom-06-08-mai-2013-geht-die-republica-in-die-siebte-runde/

31 July b 4 August 2013, Geestmerambacht, Netherlands
Observe. Hack. Make. - OHM2013
https://ohm2013.org/

============================================================
14. About
============================================================

EDRi-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRi has 32 members based or with offices in 20 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge
and awareness through the EDRi-grams.

All contributions, suggestions for content, corrections or agenda-tips
are most welcome. Errors are corrected as soon as possible and are
visible on the EDRi website.

Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 3.0 License. See the full text at
http://creativecommons.org/licenses/by/3.0/

Newsletter editor: Bogdan Manolea <edrigram at edri.org>

Information about EDRI and its members:
http://www.edri.org/

European Digital Rights needs your help in upholding digital rights in
the EU. If you wish to help us promote digital rights, please consider
making a private donation.
http://www.edri.org/about/sponsoring
http://flattr.com/thing/417077/edri-on-Flattr

- EDRI-gram subscription information

subscribe by e-mail
To: edri-news-request at edri.org
Subject: subscribe

You will receive an automated e-mail asking to confirm your request.
Unsubscribe by e-mail
To: edri-news-request at edri.org
Subject: unsubscribe

- EDRI-gram in Macedonian

EDRI-gram is also available partly in Macedonian, with delay.
Translations are provided by Metamorphosis
http://www.metamorphosis.org.mk/mk/vesti/edri

- EDRI-gram in German

EDRI-gram is also available in German, with delay. Translations are
provided by Andreas Krisch from the EDRI-member VIBE!AT - Austrian
Association for Internet Users
http://www.unwatched.org/

- Newsletter archive

Back issues are available at:
http://www.edri.org/edrigram

- Help
Please ask <edrigram at edri.org> if you have any problems with subscribing
or unsubscribing.

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE