EDRi-gram newsletter - Number 11.2, 30 January 2013

EDRi-gram edrigram at edri.org
Wed Jan 30 12:22:13 PST 2013


======================================================================

EDRi-gram

biweekly newsletter about digital civil rights in Europe

Number 11.2, 30 January 2013

=======================================================================
Contents
=======================================================================

1. An introduction to Data Protection
2. EU governments keep increasing requests to Google for private data
3.Finnish copyright law might be changed following crowdsourcing support
4. German government intends to use FinFisher Spyware
5. Slovenia has a net neutrality law
6. Greater transparency and accountability of surveillance systems
7. Kroes ignoring the problems on net neutrality?
8. Recommended Action
9. Recommended Reading
10. Agenda
11. About

=======================================================================
1. An introduction to Data Protection
=======================================================================

EDRi launched the booklet "An introduction to Data Protection" on 28
January 2013, the European Data Protection day.

The booklet is intended to provide an overview of some of the key issues
and jargon surrounding data protection in the digital environment: from
"what is personal data" to anonymisation, profiling, big data and cloud
computing.

At its core, data protection is about preserving a fundamental right
that is reflected in the Charter of Fundamental Rights of the European
Union, Council of Europe Convention 108, as well as other international
agreements and national constitutions.

The processing and re-use of citizensb data has become increasingly
important from an economic perspective. It has lead to pressure to
weaken this fundamental right and also to change the legislative
framework to make legal protections less predictable.

EDRi hopes that this document will be a positive contribution to the
debate, and that the outcome of the review process will ensure
predictable and proportionate protection of privacy in the digital age b
reinforcing the European Unionbs global leadership on this topic.

The booklet is available under Creative Commons BY-SA 3.0 licence,
allowing thus furthers translations and free dissemination.

An introduction to Data Protection (01.2013)
http://www.edri.org/files/paper06_datap.pdf

=====================================================================
2. EU governments keep increasing requests to Google for private data
=====================================================================

According to Google's latest Transparency Report released on 24 January
2013, EU governmentsb requests for usersb IP addresses, Internet
browsing history, email communications or documents have dramatically
increased during the last three years. Only between July and December
2012, the average number of such requests was over 1200/month, more than
a third of all requests made by governments worldwide, and a 100%
increase in the last three years.

bThe information we hand over to companies like Google paints a detailed
picture of who we are - from our political and religious views to our
friendships, associations and locations. This information therefore
merits the highest degree of privacy and security, and should only be
accessed by third parties under exceptional circumstances. Governments
must stop treating the user data held by corporations as a treasure
trove of information they can mine whenever they please, with little or
no judicial authorisation,b said Carly Nyst, Privacy International's
Head of International Advocacy.

Googlebs report also reveals that a large amount of requests was denied
by Google for being too broad in scope, unlawful or incorrectly
submitted. In their major part, the requests involve criminal
investigations. Google states that a request is sometimes made for
several types of data and, in some cases, the company notifies the user
in advance that a government police agency intends to get information
from their accounts.

"The alarming statistics in this latest Transparency Report serve as a
reminder of the need for stronger national and regional privacy
protections in relation to online communications. To this end, Privacy
International, together with a coalition of organisations including the
Electronic Frontier Foundation, will soon be publishing a set of
International Principles on Communications Surveillance and Human
Rights. We hope these principles will offer guidance to governments
about the standards and safeguards that must be put in place to
safeguard the right to privacy online," stated Carly Nyst.

Google Transparency Report
http://www.google.com/transparencyreport/removals/government/

Google Transparency Report for second half of 2012 shows European
government attempts to access private data at an all-time high (24.01.2013)
https://www.privacyinternational.org/press-releases/google-transparency-report-for-second-half-of-2012-shows-european-government-attempts

Estonian President: EU citizens should trust the state on data rights
(24.01.2013)
http://euobserver.com/justice/118825

Google Transparency Report shows rise in data requests (23.01.2013)
http://www.bbc.co.uk/news/technology-21169162

EDRi-gram: Google Transparency report: increasing trend of government
censorship (20.06.2012)
http://www.edri.org/edrigram/number10.12/google-transparency-report-increased-govt-surveillance

======================================================================
3.Finnish copyright law might be changed following crowdsourcing support
======================================================================

People may be able to influence the fate of the copyright legislation in
Finland due to a recent modification of the national Constitution
allowing citizens to make legislative proposals for the Parliament.

The Finnish Constitution says that a private legislative proposal can be
sent to the Parliament for vote if it gets 50 000 supporters within 6
months. Differently from other countries, where a certain number of
signatures makes a private proposal be considered and eventually
discussed by the government, the Finnish constitutional amendment forces
the Finnish government to examine the law, make clarifications if
appropriate, and put it to a vote.

A private non-profit initiative called Open Ministry was formed to
ensure the good quality of the proposals, facilitate the discussion and
collect the signatures for private legislative proposals.

On 23 January 2013, a new proposal called bTo Make Sense of the
Copyright Actb was promoted in Open Ministry aiming at bringing changes
to the copyright law especially regarding Lex Karpela, a 2006 amendment
to the Finnish copyright law that firmly criminalizes digital piracy.

According to Open Ministry chair Joonas Pekkanen, on the basis of Lex
Karpela, "countless youngsters have been found guilty of copyright
crimes and sentenced to pay thousands, in some cases hundreds of
thousands of Euros in punitive damages to the copyright organizations."

The proposal, which is now one of the most commented and signed
proposals in the Open Ministry, having already reached more than 12 500
signatures, includes the reduction of criminal penalties, defining
personal cloud-services and class education as private use and removal
of enforcement rights like "one strike" from the law. In addition, the
individual uploading of copyright-protected material to the Internet
should be reduced to ba misdemeanor". Also, the proposal would allow the
parody and satire of the works and very extensive use of works for
research purposes.

According to the 49 999 group that organises a campaign for the bill,
"To Make Sense of the Copyright Act" has the simple aim of having ba
fair and just copyright law in Finland and "is not a pro-piracy law
proposal.b The proposal thus includes also a section, which would
require fair compensation for artists and authors in the publishing
agreements similarly as the German copyright law already does.

It is possible that the initiative reaches its goal of getting 50 000
signatures by the 23 July 2013 and although there is no guarantee that
the Government will actually approve it as such, at least it needs to
give proper attention to it.

Finnish campaigners seek crowdsourced change to copyright legislation
(24.01.2013)
http://www.wired.co.uk/news/archive/2013-01/24/finland-copyright-law-crowdsource

Finlandbs Crowdsourced Copyright Law Proposal (23.01.2013)
http://torrentfreak.com/finlands-crowdsourced-copyright-law-proposal-130124/

Finland is crowdsourcing its new copyright law (23.01.2013)
http://www.dailydot.com/news/finland-crowdsourcing-new-copyright-law/

Lex Karpela
http://en.wikipedia.org/wiki/Lex_Karpela

The 49 999 Campaign page:
http://49999.org/

Signature count (only in Finnish)
https://www.kansalaisaloite.fi/fi/aloite/70

Open Ministry - Crowdsourcing Legislation (English blog page for Open
Ministry)
http://openministry.info/

=======================================================================
4. German government intends to use FinFisher Spyware
=======================================================================

A classified document of the German Ministry of Interior, revealed by
netzpolitik.org, shows that the German Federal Police office has
purchased the commercial Spyware toolkit FinFisher of Eleman/Gamma
Group, for telecommunication surveillance.

Commercial software meant to survey telecommunications has been used by
the German police before. In October 2011, German organization Chaos
Computer Club (CCC) revealed and analysed the use of a malware created
by DigiTask and used by German government authorities. CCC showed that
DigiTask software was badly programmed, lacked elementary security
protection and allowed remote updating and adding of new features, being
therefore in breach of the German law.

DigiTask spyware has been largely dropped and many German authorities
started to create their own state malware. A Center of Competence for
Information Technology Surveillance (CC ITC) was established for this
purpose. According to the leaked classified document dated 7 December,
the Federal Criminal Police Office plans to have its own surveillance
malware by the end of 2014. But until then, the police will continue to
use commercial software and therefore, has acquired such a product from
company Eleman/Gamma.

The software in question, FinFisher/FinSpy IT, a very complex programme
that can take over several types of devices such as Windows, OS X,
Linux, iOS, Android, Symbian or Blackberry, is known to have been used
by authoritarian regimes in the world to spy on political activists.

Although the software is kept secret, it appears that it consists of a
trojan that can also remotely load additional feature modules, such as a
module for recording Skype conversations. In any case, the Federal
Commissioner for Data Protection and Freedom of Information and the
Federal Office for Information Security, as it comes out from the leaked
document from the Ministry of Interior, were unable to audit the source
code of the program to verify whether it complies with the German law.

bWith the purchase of Gamma FinFisher, the Federal Criminal Police
Office has chosen a vendor that has become a symbol for the use of
surveillance technology in oppressive regimes worldwide. FinFisher also
consists of various components, which can be loaded when needed, thereby
allowing the installation of spying capabilities that go far beyond the
already questionable bwiretapping at the source,bb stated CCC
spokesperson Frank Rieger.

In UK, the Secretary of State put FinSpy software under export
restrictions, requiring Gamma company to acquire a licence to export
these tools.

Secret Government Document Reveals: German Federal Police Plans To Use
Gamma FinFisher Spyware (16.01.2013)
https://netzpolitik.org/2013/secret-government-document-reveals-german-federal-police-plans-to-use-gamma-finfisher-spyware/

Chaos Computer Club analyzes government malware (8.11.2011)
http://ccc.de/en/updates/2011/staatstrojaner

German Federal Cops Buy Notorious FinFisher Surveillance Software
(26.01.2013)
http://www.spamfighter.com/News-18165-German-Federal-Cops-Buy-Notorious-FinFisher-Surveillance-Software.htm

British government admits it has already started controlling exports of
Gamma International's FinSpy (10.09.2012)
https://www.privacyinternational.org/press-releases/british-government-admits-it-has-already-started-controlling-exports-of-gamma

EDRi-gram: Details on German State Trojan programme (24.10.2012)
http://www.edri.org/edrigram/number10.20/details-german--state-spyware-Staatstrojaner

=======================================================================
5. Slovenia has a net neutrality law
=======================================================================

On 20 December 2012, the Slovenian Parliament approved a legislative
framework (the Economic Communications Bill) that includes net
neutrality, confirming the open and neutral character of the Internet
and forbidding the discrimination of Internet traffic on the basis of
the services provided.

Although the text of the law is not entirely clear, it seems that ISPs
will not be allowed to restrict or delay Internet traffic, unless the
purpose is to solve congestions, preserve security or address spam, and
they will not be allowed to charge their subscribers with different
prices for connectivity, on the basis on the services provided over the
Internet.

A similar law was passed in the Netherlands and is under debate in
Belgium. Incumbent companies might strongly criticise this direction as
it affects their attempts to apply high fees for connectivity to major
online services providers such as Google.

The fight for real Internet neutrality could be affected by such type
of legislation, especially if more EU member states decide to pass
similar laws.

Slovenia reinforces net neutrality principles (3.01.2013)
http://radiobruxelleslibera.wordpress.com/2013/01/03/slovenia-reinforces-net-neutrality-principles/

=======================================================================
6. Greater transparency and accountability of surveillance systems
=======================================================================

A report called "Surveillance, Fighting Crime and Violence" was produced
by the IRISS (Increasing Resilience in Surveillance Societies) project
funded by the European Commission under the 7th Framework Programme.

The report analyses the factors underpinning the development and use of
surveillance systems and technologies by both public authorities and
private actors, their implications in fighting crime and terrorism,
social and economic costs, protection and infringement of civil
liberties, fundamental rights and ethical aspects.

The project has identified the following trends: (1) a substantial
growth of public sector demand for surveillance bolstered by the
adoption of identity schemes and terrorist detection technologies and
markets, (2) an increase in the demand for civil and commercial
surveillance, (3) the development of a global industry in surveillance,
(4) an increase in integrated surveillance solutions, and (5) a rise in
the government use of cross-border surveillance solutions.

bThe role of surveillance in law enforcement is expanding,b says IRISS
project co-ordinator Reinhard Kreissl. bThere has been a shift in its
use in identifying offenders before they have committed a crime. This
has affected the presumption of innocence in a way that citizens are now
considered suspects (a shift to a presumption of guilt).b With the
growth of encompassing preventive surveillance, the presumption of
innocence as an important legal safeguard is gradually hollowed out.

bThere are numerous open questions about the usefulness and
effectiveness of surveillance technologies and their possible rebound
effects, specifically in relation to surveillance measures introduced to
fight terrorism and organised crime without knowledge of their
effectiveness and consideration of their negative side effects.b

Among the reportbs other findings and recommendations, two of them
should be mention in the current context:

1. Important social costs of surveillance include the social damage
caused by false positives of suspects of criminal and terrorist
activities, the categorical suspicion and discrimination of members of
certain social or ethnic groups, the marginalising effects and social
inequalities caused by invasive monitoring of those of lower social
status, the inhibitory effects of surveillance which can undermine
social and democratic activities, and the erosion of trust in society.

2. Data protection authorities as external overseers and regulators
typically focus upon the privacy-related implications of surveillance
and find it difficult to embrace a wider perspective of values in their
regulatory exhortations and enforcement practice. The laws within which
they operate do not normally give them a licence to roam across the
range of values to invoke when they seek to limit surveillance.

The report was produced by a consortium of 16 partners from
universities, research institutes and companies from Austria, Belgium,
Germany, Hungary, Italy, Norway, Slovakia, Spain and the United Kingdom.

IRISS report: "Surveillance, Fighting Crime and Violence" (17.12.2012)
http://irissproject.eu/wp-content/uploads/2012/02/IRISS_D1_MASTER_DOCUMENT_17Dec20121.pdf

IRSS project
http://irissproject.eu/

=======================================================================
7. Kroes ignoring the problems on net neutrality?
=======================================================================

Neelie Kroes, the European Commissioner for Internet-related policies,
recently published an article in the French newspaper Liberation stating
that while she was in favour of an open Internet and maximum choice that
must be protected, and she believed that "consumers should be free to
make their own choices about their Internet subscriptionsb, this "does
not preclude consumers from subscribing to more differentiated, limited
Internet offers, possibly for a lower price."

The entire discussion occurred after Free, one of the largest ISPs in
France, decided to block Web ads by default on its FreeBox router thus
placing several ISPs which depend on advertising in a very bad position.
This kind of practice can be avoided by making net neutrality mandatory
through EU legislation which will ensure a fair competition on the
market and will promote innovation.

In her opinion, Kroes drew the attention that consumers bshould not
forget that choice has consequences. Opting for blocking ads or
requesting privacy (bdo not trackb) may mean you donbt get access to
content for free. The internet does not run on its own. The network,
content and internet access all have to be paid for by someone. Many
smaller web operators exist on the basis of innovative advertising
models. There are various ways consumers pay for content, including by
viewing advertisements before or during their access to content.
Businesses should accept that different consumers will have different
preferences, and design services accordingly.b

However, less than one year ago, in May 2012 Kroes stated: bWe have
recently seen how many thousands of people are willing to protest
against rules which they see as constraining the openness and innovation
of the Internet. This is a strong new political voice. And as a force
for openness, I welcome it, even if I do not always agree with
everything it says on every subject. We are now likely to be in a world
without SOPA and without ACTA. Now we need to find solutions to make the
Internet a place of freedom, openness, and innovation fit for all
citizens, not just for the techno avant-garde.b

But now, the commissioner brings in the bfree marketb argument in favour
of differentiated offers which will actually restrict the open market
for online services.

bOn net neutrality, consumers need effective choice on the type of
internet subscription they sign up to. That means real clarity, in
non-technical language. About effective speeds in normal conditions, and
about any restrictions imposed on traffic b and a realistic option to
switch to a bfullb service, without such restrictions, offered by their
own provider or another. Ensuring consumer choice can mean constraints
on others b in this case, an obligation for all internet service
providers to offer an accessible bfullb option to their customers. But
such choice should also drive innovation and investment by internet
providers, with benefits for all. I am preparing a Commission initiative
to secure this effective consumer choice in Europe.b

La Quatrature du Net has been quick in reacting and qualified Kroesb
opinion as a bshameless defence of operatorsb. bNet neutrality is not a
question of market but, before anything else, a question of fundamental
freedoms", stated Benjamin Sonntag, co-founder of La Quadrature du Net.

Net Neutrality: Neelie Kroes Yields to Operator Pressure (17.01.2013)
https://www.laquadrature.net/en/net-neutrality-neelie-kroes-yields-to-operator-pressure

Internet and filtering applications: a question of choice and recipes
(in French, 16.01.2013)
http://www.liberation.fr/medias/2013/01/16/internet-et-applications-de-filtrage-une-histoire-de-choix-et-de-recettes_874443

Internet and filtering applications: a tale of choice and revenues
(17.01.2013)
http://blogs.ec.europa.eu/neelie-kroes/adgate/

Will Neelie Kroes Defend or Destroy EU Net Neutrality? (21.01.2013)
http://blogs.computerworlduk.com/open-enterprise/2013/01/will-neelie-kroes-defend-or-destroy-eu-net-neutrality/index.htm

EU Commissioner Kroes won't be bullied on net neutrality, says spokesman
(18.01.2013)
http://www.pcadvisor.co.uk/news/internet/3421385/eu-commissioner-kroes-wont-be-bullied-on-net-neutrality-says-spokesman/

EDRi-gram: French Minister asks US company to uphold France's values
(16.01.2013)
http://edri.org/edrigram/number11.1/french-minister-net-neutrality

=======================================================================
8. Recommended Action
=======================================================================

Sign The Brussels Privacy Declaration!

On 24 January 2013, EDRi, Privacy International, EPIC and Bits of
Freedom launched The Brussels Privacy Declaration during the Computers,
Privacy and Data Protection Conference (CPDP) in Brussels.

The declaration describes the concerns of civil society organizations as
well as of academics and citizens about the data protection law reform
and calls upon the European Parliament as and national governments to
safeguards citizens' privacy rights.

The declaration has been sent to MEPs and the European Commission on 28
January 2013 (Data Protection Day).

The Brussels Privacy Declaration
http://brusselsdeclaration.net/

=======================================================================
9. Recommended Reading
=======================================================================

RIP CleanIT (29.01.2013)
http://www.edri.org/rip-cleanit

Fear, uncertainty and doubt b the key threats to the fundamental right
to privacy
http://www.europeanprivacyday.org/fear-uncertainty-and-doubt-%E2%80%93-key-threats-fundamental-right-privacy

Copyright vs Freedom of Expression ECHR Judgment -  Ashby Donald and
others vs France (22.01.2013)
http://echrblog.blogspot.co.uk/2013/01/copyright-vs-freedom-of-expression.html

US free to grab EU data on American clouds (28.01.2013)
http://euobserver.com/justice/118857

Study Maps the Emerging Ethics of File Sharing and Copyright Enforcement
(15.01.2013)
http://torrentfreak.com/study-maps-the-emerging-ethics-of-file-sharing-and-enforcement-130115/

Letter to Skype about confidentiality concerns (24.01.2013)
http://en.rsf.org/letter-to-skype-about-24-01-2013,43949.html

Identity Project tells UN Human Rights Committee that US violates the
right to travel (8.01.2013)
http://papersplease.org/wp/2013/01/08/identity-project-tells-un-human-rights-committee-that-us-violates-the-right-to-travel/

=======================================================================
10. Agenda
=======================================================================

2-3 February 2013, Brussels, Belgium
FOSDEM
https://fosdem.org/2013/

14-15 February 2013, Vienna, Austria
Internet 2013 - Shaping policies to advance media freedom
http://www.osce.org/event/internet2013

21-22 February 2013, Washington DC, USA
Intellectual Property and Human Rights Conference and Roundtable Discussion
Webcasted live and archived
http://www.wcl.american.edu/pijip/go/blog-post/intellectual-property-and-human-rights-conference-and-roundtable-discussion

22 February 2013, Warsaw, Poland
ePSIplatform Conference: "Gotcha! Getting everyone on board"
http://epsiplatform.eu/content/save-date-22-february-2013-epsiplatform-conference

21-22 March 2013, Malta
Online Privacy: Consenting to your Future
http://www.onlineprivacyconference.eu/

6-8 May 2013, Berlin, Germany
re:publica 2013
CfP by 31 January 2013
http://re-publica.de/en/

20-21 June 2013, Lisbon, Portugal
EuroDIG 2013
http://www.eurodig.org/

25-26 June 2013, Barcelona, Spain
9th International Conference on Internet Law & Politics: Big Data:
Challenges and Opportunities.
http://edcp.uoc.edu/symposia/idp2013/?lang=en

25-26 June 2013, Washington, DC, USA
23rd Computers, Freedom and Privacy Conference (CFP)
CfP by 1 March 2013
http://www.cfp.org/2013

31 July b 4 August 2013, Geestmerambacht, Netherlands
Observe. Hack. Make. - OHM2013
https://ohm2013.org/

23-26 September 2013, Warsaw, Poland
Public Voice Conference 2013
35th International Data Protection and Privacy Commissioners conference
http://www.giodo.gov.pl/259/id_art/762/j/en/

============================================================
11. About
============================================================

EDRi-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRi has 32 members based or with offices in 20 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge
and awareness through the EDRi-gram.

All contributions, suggestions for content, corrections or agenda-tips
are most welcome. Errors are corrected as soon as possible and are
visible on the EDRi website.

Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 3.0 License. See the full text at
http://creativecommons.org/licenses/by/3.0/

Newsletter editor: Bogdan Manolea <edrigram at edri.org>

Information about EDRi and its members:
http://www.edri.org/

European Digital Rights needs your help in upholding digital rights in
the EU. If you wish to help us promote digital rights, please consider
making a private donation.
http://www.edri.org/about/sponsoring
http://flattr.com/thing/417077/edri-on-Flattr

- EDRI-gram subscription information

subscribe by e-mail
To: edri-news-request at edri.org
Subject: subscribe

You will receive an automated e-mail asking to confirm your request.
Unsubscribe by e-mail
To: edri-news-request at edri.org
Subject: unsubscribe

- EDRI-gram in Macedonian

EDRI-gram is also available partly in Macedonian, with delay.
Translations are provided by Metamorphosis
http://www.metamorphosis.org.mk/mk/vesti/edri

- EDRI-gram in German

EDRI-gram is also available in German, with delay. Translations are
provided by Andreas Krisch from the EDRI-member VIBE!AT - Austrian
Association for Internet Users
http://www.unwatched.org/

- Newsletter archive

Back issues are available at:
http://www.edri.org/edrigram

- Help
Please ask <edrigram at edri.org> if you have any problems with subscribing
or unsubscribing.

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE





More information about the cypherpunks-legacy mailing list