[WSIS CS-Plenary] EDRI-gram newsletter - Number 3.5, 10 March 2005
Rikke Frank Joergensen
rfj at humanrights.dk
Fri Mar 11 12:23:47 GMT 2005
Hi all
Allow me to make a small ad for this really good bi-weekly newsletter on freedom of expression, privacy, access to knowledge etc. issues in Europe. Subscription details at the bottom.
The newsletter is also available in Russian, Ukrainian and Italian, a few days after the English edition.
Best
Rikke
============================================================
EDRI-gram
biweekly newsletter about digital civil rights in Europe
Number 3.5, 10 March 2005
============================================================
Contents
============================================================
1. European Council adopts software patents proposal
2. Ireland sneaks data retention into law
3. Europarl debate on PNR and data retention
4. Unesco NL recommendations on human rights and Internet
5. Search engines voluntarily block harmful content in Germany
6. XS4ALL sues Dutch State for investments in wiretapping
7. Italian agreement to fight copyright infringements
8. Dutch plan large-scale satellite snooping
9. French court decision on traffic data retention
10. Geneva meeting on access to knowledge
11. Europe crowned as Internet Villain
12. Council adopts decision on attacks against information systems
13. Recommended reading: CCTV
14. Agenda
15. About
============================================================
1. European Council adopts software patents proposal
============================================================
The European Competitiveness Council (the EU ministers of Economical
Affairs/Industry) has adopted the controversial common position on
software patents on 7 March 2005 as A-item. This classification means a
proposal is adopted without further debate. Spain voted against. Austria,
Belgium and Italy abstained, while Denmark, Cyprus, Latvia, Hungary, the
Netherlands and Poland added a written statement to the Council minutes.
Earlier, the European Commission had refused a request from the presidents
of all the major political parties in the European Parliament to withdraw
the proposal and start all over again.
In a first response, the EP committee on legal affairs (JURI) demanded to
see full documentation (including minutes, declarations and transcripts of
the recordings) of what happened in the Council. JURI decided to call for
this record because they doubt if there actually was a majority of member
states in favour of the Common Position.
Whatever happens, the European Parliament is now preparing for a
tumultuous second reading of the proposed directive. The MEPs can either
reject the directive completely with a two thirds majority or once more
adopt all the amendments they brought forward in the first reading. EU
Commissioner Charles McCreevy of the Internal Market explained in the
Strasbourg plenary session of 8 March that the Commission would not come
up with a new proposal if the parliament were to reject this one. If, on
the other hand, the parliament were to suggest amendments "the Commission
will give due consideration to those, but of course, the Commission cannot
speak on behalf of the Council." Since almost all of the parliamentary
amendments in the first reading were ignored by the Council, that was not
a very hopeful message for most MEPs.
The Danish minister of Economical Affairs, Bendt Bendtsen, was given the
explicit order by the Danish parliament to change the A-item into a
B-item, to be able to discuss the proposal in depth. But he found no clear
support from other member states for this attempt. The Luxembourg
President of the Council then proceeded to dismiss the Danish request on
his personal account as President, saying "It would undermine the whole
logic of the exercise as provided for in the procedures" if the Council
were to go back on its initial common position adopted in May 2004.
It is precisely this 'logic' that has escaped a majority of members of the
European Parliament and many members of national parliaments. The initial
common position on software patentability was reached in extreme haste,
just before the newly acceding EU countries would have a right to vote,
and with plenty of accusations from national parliaments in the original
15 member states that their ministers had wrongly agreed to this text.
The satisfaction of the advocates of software patents was perhaps best
expressed by a headline in the e-zine DM Europe "EU ministers give finger
to patent law refuseniks". But the soap story doesn't seem to end there.
In the Dutch parliament furious MPs have demanded explanations from their
minister. In the Netherlands, the minister was forced by parliament to
support any initiative to change the A-item into a B-item. Strangely
enough, his microphone malfunctioned when he was supposed to have
supported the Danish initiative, as can be clearly seen and heard in the
audio and video-archives of the public debate in the Council. According to
an explanation the Danish minister Bendtsen gave to the newspaper
Politiken only Portugal supported his effort to change it into a B-item.
On 10 March the Dutch parliament will have a plenary debate about this.
Audio- en video archives of the Council meeting (07.03.2005)
http://media.ffii.org/Council050307/
Council Presidency Adopts Software Patent Agreement Against Council's
Rules (07.03.2005)
http://wiki.ffii.org/Cons050307En
Bendt Bendtsen afviser kritik af patentafstemning (in Danish, 07.03.2005)
http://politiken.dk/VisArtikel.sasp?PageID=368256
EU ministers give finger to patent law refuseniks (08.03.2005)
http://www.dmeurope.com/default.asp?ArticleID=6547
============================================================
2. Ireland sneaks data retention into law
============================================================
After pushing a framework decision on data retention at the EU, Ireland's
Government has decided to focus on its national parliament and to pass a
law on data retention there. Data retention was snuck into the Criminal
Justice (Terrorist Offences) Act, first introduced in 2002, in the final
hours before the Bill became law in February 2005.
The law now calls for three years data retention at all phone companies
that provide fixed line and mobile services. The obligation does not
extend to more complex information such as location data.
In April 2002, the Minister for Public Enterprise issued directions at the
request of the Minister of Justice to oblige service providers to retain
data for at least three years. The Government argued that this was a
necessary temporary bridging of the gap between the transposition of the
EU Directive on privacy and electronic communications into Irish law. This
is misleading because the 2002 Directive did not require data retention.
The transposition into law was approved in March 2002, and providers were
not required to retain the data for the full three years. The legislation
was never published, however, as they were subject to a "gagging order"
requiring that the service providers not disclose the fact of the
directions were made. Eventually the details were leaked, and the
documentation accessed under the Freedom of Information.
In January 2005 the Irish Data Protection Commissioner, Joseph Meade,
issued an order to service providers to erase data that is more than six
months old, as of May of 2005. The Commissioner argued that the temporary
directions were in force for too long without legal mandate. The
Government interpreted this as a requirement to move forward with primary
legislation calling for retention. The Minister of Justice argued "Without
some contrary action being taken, the initiative by the Data Protection
Commissioner would, if the telecommunications companies accepted its
validity, seriously undermine the ability of the Garda Síochána to
investigate criminal activity, including terrorism and to protect the
security of the State."
The Government contends that service providers need this legislation
because of a current conflict of obligations. The Government believes
that service providers are compelled to retain data for 36 months under
section 110 of the Postal and Telecommunications Act 1983; but the Data
Protection Commissioner's notice required them to delete this data after
six months.
On 27 January 2005 the Minister of Justice announced his intent to comply
with 'international obligations' and to help fight terrorism through
introducing a policy on data retention. Such international obligations do
not exist, however, despite the great attempts by the Irish Government to
create these international obligations in the first instance.
The Government accepted that its strategy to launder this policy through
the EU was facing some challenges. As the Minister of Justice admitted, "I
had hoped to avail of the European basis for making rules in this area but
it did not materialise." When it held the presidency of the EU the
government pushed the 'framework decision' that would compel all service
providers of all types (telephone, mobile, internet, etc.) to retain data
for up to three years. This initiative was also pushed by the French,
Swedish, and British governments. In the summer of 2004, however, the
European Commission decided to intervene in this Council process arguing
that it was a first pillar issue, and thus internal market considerations
were required.
The Minister of Justice found this to be a frustrating situation, however.
"The framework decision ran into difficulties with the European
Commission. It is difficult to understand exactly what has happened to the
framework decision but it appears that the commissioner is of the strong
view that data retention should be dealt with in the first pillar of the
European Union treaties, that is the same pillar as data protection and
communications. While it is probably safe to assume that the framework
decision in its present form is moribund, we do not know what proposal
will take its place. The Commission has apparently promised a first pillar
on data retention but, whatever the outcome, it seems that any EU
initiative will not now take place in a time frame that would allow me to
meet the May deadline set by the Data Protection Commissioner. Faced with
that I must act now before 5 May. There is no EU cavalry coming down the
hill to help me. I must sort out this conflict."
The 'EU cavalry' is facing increased trouble, so having failed at the
strategy of policy laundering the Minister of Justice relied on obscuring
the policy to minimise debate.
Full article: Ireland begins communications data retention (15.02.2005)
http://www.privacyinternational.org/article.shtml?cmd[347]=x-347-140716
(Contribution by Gus Hosein, Privacy International)
============================================================
3. Europarl debate on PNR and data retention
============================================================
On 9 March the European Parliament debated in plenary in Strasbourg about
the transfer of passengerdata (PNR) to the US and asked the Commission
about the Council plans for mandatory data retention. EU Justice
Commissioner Frattini for the first time stated in public that the
Commission sees no legal basis for a framework decision from the Council
and he personally 'will try to convince' the Council of Justice and Home
Affairs to withdraw the proposal. "As a consequence, the Commission will
present an alternative proposal on data retention based on Article 95 of
the Treaty of the European Community by early spring 2005." Frattini also
announced that the Commission will carry out "an impact assessment to
determine to what extent the creation of obligations to retain data will
have economic implications."
The Parliament rapporteur on data retention, Alexander Alvaro (German
liberal, ELDR), asked Frattini to reflect on the necessity of data
retention, but received no answer. "We also have doubts on the necessity
and proportionality of European data retention provisions. That is why we
ask the Commission whether it supports the four Member States' initiative
also in terms of the content, and not only in terms of the legal basis."
Similar direct questions from the Dutch social-democrat (PSE) MEP
Mastenbroek and the German christian-democrat (PPE) MEP Reul - if the
Commission had any evidence of the necessity of data retention- remained
equally unanswered. The German MEP Kreissl-Dörfler (PSE) reminded Frattini
the German national parliament had called on their minister not to agree
with any mandatory data retention. He warned the Commissioner control is
good, but trust in control is better.
Both on the issue of data retention and on the issue of PNR all fractions
asked similarly critical questions, showing remarkable unity on the topic
of personal data protection. But Frattini wasn't inclined to answer beyond
the brief statements he had prepared. He said the Commission and US
Customs authorities would produce a joint evaluation of the transfer of
passenger data to the US within a month and a half, to stay within the
year the transfer was agreed upon (28 May 2004). According to Frattini the
MEPs should no longer worry about data-mining by US authorities, since the
controversial CAPS II program was replaced by 'Secure Flight' which
currently only covers PNR information about US domestic flights. As far as
he knew, no data had been transferred by the US to any third countries.
Overview of questions in the EP about both issues (09.03.2005)
http://www2.europarl.eu.int/omk/sipade2?PUBREF=-//EP//TEXT+AGENDA+20050309-LASTV+0+DOC+XML+V0//EN&LEVEL=2&NAV=S&LSTDOC=Y&L=EN
============================================================
4. Unesco NL recommendations on human rights and Internet
============================================================
The Netherlands National Commission for Unesco has published
Recommendations on human rights and Internet, following a conference held
on 4 and 5 February 2005. The recommendation focusses on privacy, the
right of freedom of expression and the right to communicate, including
access to the vast cultural, educational and scientific heritage of
mankind.
On privacy, the recommendation calls on States to "Acknowledge that
privacy is an indispensable prerequisite to the right of freedom of
expression and the right to communicate. Online as well as off-line,
readers, listeners and viewers have a right to the same high level of
privacy and anonymity. If online access to information is tracked and tied
to detailed personal profiles, self-censorship is imminent and - more
important still - the public debate and the rule of law are eroded."
The participants to the conference are also stressing that internet
service providers "should not act as judges on the legitimacy of
expressions." Furthermore they remark that in discussions on the Internet,
"harmful and illegal content are often named side by side, yet harmful
content is not illegal. Actions to ban harmful content can have a stifling
effect on the freedom of the public debate. There should be no mandatory
filtering or blocking of Internet access."
The Recommendations will be brought forward to the Council of Europe, in
its current process to formulate a new declaration on human rights and the
rule of law in the information society. In October 2004 the Council
decided to create a Multidisciplinary Ad-hoc Committee of Experts on the
Information Society (CAHSI). This group debated on 3 and 4 February 2005
about a first draft text and will have a second meeting on 6 and 7 April
2005. The result of this meeting will be a draft political statement that
will be used as a contribution from the Committee of Ministers in a
Council of Europe Summit in May 2005, and presented to the WSIS in Tunis
in November 2005.
The first draft, dating from 15 December 2004, outlines 13 general
principles, and gives a very short list of opportunities and very long
list of threats posed by the Information Society. According to the
minutes, during the meeting on 3 and 4 February some details were changed,
such as the order of the principles and renaming 'threats' into
'challenges'. The bullet points with recommendations for 'businesses' and
'civil society' remained empty. In fact, in CAHSI only governments and
transnational institutions such as the European Commission and different
Council of Europe committees have a right to vote. Civil Society is
allowed to send 4 observers; on behalf of the International Federation of
Human Rights Leagues; the International Helsinki Federation for Human
Rights; the International Commission of Jurists and Amnesty International.
The Unesco recommendations may hopefully contribute to a stronger wording
of essential digital rights, including a call on governments to protect
and actively promote the availability of works in the public domain. The
CAHSI draft could also benefit from a sharp distinction between harmful
and illegal content.
Unesco NL Recommendations on human rights and Internet (07.03.2005)
http://www.unesco.nl/main_6-2.php
Council of Europe archive of CAHSI terms of reference and meeting reports
http://www.coe.int/t/e/integrated_projects/democracy/02_Activities/00_CAHSI/
============================================================
5. Search engines voluntarily block harmful content in Germany
============================================================
According to a report in the German e-zine Heise all the major search
engines in Germany have voluntarily agreed to filter out harmful content
for their German audience. Google, Lycos Europe, MSN Germany, AOL Germany,
Yahoo, T-Online and t-info have founded a self-regulatory organisation
that will voluntarily block a list of URLs considered to be harmful for
the youth. The list is provided by a governmental media classification
organisation, 'Bundesprüfstelle für jugendgefährdende Medien (BPJM)'. The
new organisation is a subdivision of a larger self-regulatory initiative
of multimedia service providers, the FSM, founded in 1997.
The search engines will continuously check the central blacklist of
indexed URLs to prevent Germans from seeing any of the banned websites.
There will be a complaint mechanism to address possible gaps in the
filtering by the search engines, but no provisions have been made for
users to complain about wrongful blacklisting. A spokesperson from the new
organisation told Heise the majority of filtered sites was hosted outside
of Germany. It has not yet been decided what kind of message users will
get when they try to find a blacklisted website.
Since it is a completely voluntary business agreement, there seems to be
no legal recourse for adults who don't feel the need to be protected
against contents that might be harmful for minors. The BPJM gives the
following definition of harmful content: "Objects are considered harmful
or dangerous to minors if they tend to endanger their process of
developing a socially responsible and self-reliant personality. In
general, this applies to objects that contain indecent, extremely violent,
crime-inducing, anti-Semitic or otherwise racist material."
Heise: Selbstregulierung der Suchmaschinenanbieter (24.02.2005)
http://www.heise.de/newsticker/meldung/56770
Freiwilligen Selbstkontrolle Multimedia-Diensteanbieter
http://www.fsm.de/
Federal Department for Media Harmful to Young Persons (BJPM)
http://www.bundespruefstelle.de/Texte/General.htm
============================================================
6. XS4ALL sues Dutch State for investments in wiretapping
============================================================
The Dutch Internet provider XS4ALL has launched a court case against the
Dutch State to recuperate the investments it has done to comply with
wiretapping legislation. XS4ALL says it has invested half a million euro
since 2001 to enable law enforcement authorities to place a wiretap on a
specific customer. The Dutch State only reimburses the administrative
costs of executing a specific wiretapping order, but none of the costs of
purchasing and maintaining the necessary equipment.
In the 49 page subpoena XS4ALL states this cost shift is unfair from the
principle of equal discharge of public burdens, unjustified under the
European Authorisation Directive and an obstruction to the freedom of
speech. Besides, in many other countries providers do get a full
reimbursement for wiretapping, such as in Austria (after ISPs had launched
a procedure at the Constitutional Court), Italy, Finland, France and the
UK. Also in the United States providers are also fully reimbursed for
wiretapping costs, creating a serious competition problem for Dutch
providers.
A spokeswoman from the provider said thanks to the cost shift, the State
does not feel any need to do an analysis of profits and losses and does
not question if the results of wiretapping are worth the investments.
By instigating the court case, XS4ALL explicitly wants to set a precedent
to establish who pays for law enforcement - government or industry.
Justice minister Donner has already told the Dutch parliament that he is
not in favour of any cost reimbursement for providers if they will be
obliged to store all the traffic data about their customers for a period
of 1 to 3 years. The European Council of Justice and Home Affairs will
probably finalise the proposal for a framework decision on mandatory data
retention in their meeting of 14 April 2005.
Press release XS4ALL (07.03.2005)
http://www.xs4all.nl/nieuws/bericht.php?id=619&taal=en&msect=nieuws&year=2005
ISP sues Dutch gov for snooping costs (08.03.2005)
http://www.theregister.co.uk/2005/03/08/isp_sues_police/
=======================================================================================
7. Italian agreement to fight copyright infringements
=======================================================================================
The Italian government has closed an agreement with 50 organisations from
the music, video, publishing and IT industry to fight copyright
infringements by organising public 'sensibilisation' campaigns.
The agreement was launched on 3 March 2005 during the well-known Sanremo
pop music festival. Prepared by three ministers (of Technological
Innovation, Culture and Communications) the agreement was signed amongst
others by RAI (the state-owned TV and radio broadcasting corporation),
Microsoft, BSA, Philips, Mediaset (the largest private TV broadcasting
corporation in Italy), Sony, Tiscali, Telecom Italia, AIIP (the Italian
association of Internet Providers) as well as by two consumer
organisations (Adiconsum and UNC).
The agreement contains 5 actions points.
1. Promote the production of new digital content for different platforms
and digitise existing content;
2. Promote the development and distribution of 'public interest' digital
content, possibly with the help of government-sponsored websites;
3. Develop 'sensibilisation' (awareness raising) campaigns for consumers,
to reinforce 'the ethical and social conscience' of citizens and raise
awareness of existing legislation;
4. Develop campaigns aimed at the youth, in school-coordinated activities;
5. Develop campaigns aimed at employees and government officials.
The agreement is supposed to produce Codes of Conduct to which all
internet providers and other distribution platforms, rightsholders and the
audio-visual production industry will voluntarily adhere.
Minister Lucio Stanca of Technological Innovation explained that the
Sanremo pact was an answer to the digital dilemma caused by the rise in
Internet usage. On the one hand authors and content producers risk loosing
investments by the unauthorised copying and sharing of their works, but on
the other hand the opportunities offered by the digital revolution for
access to information and cultural growth should be preserved.
Notwithstanding the enthusiasm of the initiative promoters, however, the
Sanremo agreement is problematic in several ways. For example, the third
recital of the agreement guidelines binds the signatories to "favour the
development and the adoption of Digital Rights Management systems (....)
respecting principles of interoperability, technological neutrality and
ease of content use by end users." Nowhere in the Sanremo agreement are
any of the well-known problems mentioned DRM systems can present, such as
privacy issues, contractual and/or factual overturn of 'fair use'
provisions and user exceptions in copyright law, the stifling of research
activities and the over-favouring of rightsholders through legal
protection of TPMs (Technical Protection Measures).
The provisions for access providers will seriously enhance control over
internet users. Providers must "adopt [...] all the initiatives aimed at
fighting unauthorised digital dissemination of illegal content and at
creating a secure digital environment" (recital 7) and "create termination
or suspension clauses in their general contracts with users in case of
specific copyright violations" (recital 10).
The Sanremo agreement is rather one-sided in its definition of a market
defined by consumers and producers and paternalistic in its phrasing of
the need to 'sensibilise' the audience. In that way, it is similar to the
recent 'Copy or Love' project, initiated by a number of Italian collecting
societies with the support of the Ministry of Education. The website
provides a very peculiar rightsholders vision on copyright law and history
and provides no reference for example to Free Software or initiatives such
as Creative Commons.
Some observers see the agreement as an answer to the huge amount of
criticisms that followed the Urbani Law. This controversial law requires
official registration of all digital copies of any creative work,
something obviously difficult for works whose licensing terms explicitly
allow for free copying and redistribution.
Text of the Sanremo Agreement (in Italian, 03.03.2005)
http://www.innovazione.gov.it/ita/news/2005/cartellastampa/sanremo/Linee_Guida.pdf
List of signatories to the Sanremo Agreement (in Italian)
http://www.innovazione.gov.it/ita/news/2005/cartellastampa/sanremo/sottoscrittori.pdf
'Copy or Love' project
http://www.controlapirateria.org/
Urbani law (in Italian)
http://www.parlamento.it/parlam/leggi/04128l.htm
(Contribution by Andrea Glorioso, Italian consultant on digital policies)
============================================================
8. Dutch plan large-scale satellite snooping
============================================================
The Dutch ministry of defence is planning to build a large facility to
intercept civilian and military satellite communications. The Echelon-like
site at Burum, in the north of the Netherlands, will have 15 dishes and
listen to telephone, fax and internet telecommunications. The large
streams of intercepted information will be examined by a new intelligence
service, the National Sigint Organisation (NSO). This organisation will
become the third secret service in the Netherlands next to the already
existing military and the civilian intelligence service.
The Dutch government wants to drastically expand it signals intelligence
capabilities. Until now satellite snooping is done through a two dish
facility at Zoutkamp. The ministry of Defence first tried to expand the
existing location but was blocked in court by people living nearby. The
court ruled that provisions in the municipal land-use plan would conflict
with such a large military installation. The ministry also couldn't
counter safety concerns. The new site at Burum is actually a commercial
satellite ground station operated by Xantic, in which Dutch
telecommunication company KPN has a 65% share.
The Dutch government will buy part of the Xantic site to build the
satellite dishes that the NSO will use to snoop on communication
satellites. Details of the new site have become public after EDRI-member
Bits of Freedom obtained building maps of the site. The building maps show
on which part of the Xantic site the NSO will build its sigint
installation. The maps also mention which satellites the NSO dishes will
intercept: 7 for Intelsat and 8 for Inmarsat. The strange symbiosis
between Xantic and the NSO will result into the Xantic dishes handling
Intelsat and Inmarsat traffic and a few meters away the NSO dishes picking
up that same traffic. In other words Xantic is selling part of its
facility to have its own costumers bugged. Xantic has no legal obligation
to assist in this way.
In the Dutch parliament there has been little discussion about the
expansion of satellite snooping. According to the ministry of defence the
Netherlands need the extra dishes to combat terrorism and support Dutch
troops overseas. But in answers to questions from the parliament's defence
committee the minister of defence also acknowledged that the large
facility will give the Netherlands a very good position to trade
intelligence with allied intelligence services. This argument explains why
the Netherlands are expanding their modest snooping operation into one of
the biggest facilities in Europe.
Dutch intelligence services are allowed by law to intercept any wireless
communication without prior approval of a judge or minister (rules for
non-wireless communication are more strict; tapping a land-line telephone
will require permission from a minister). The intelligence services can
freely search the airwaves for interesting communications. A 'word-list'
to search certain words and names in wireless communication requires the
once-a-year approval of the entire list by the minister of Interior.
The interception of satellite communications was a hot topic in the
European and Dutch parliament in 2001. The European parliament had ordered
an investigation into the existence of the US/Anglo-Saxon Echelon network
in 1997 and 1999 through the so-called STOA reports. In 2001 a temporary
committee of the parliament delivered a report that concluded that Echelon
existed and was targeting private and commercial communications of
European citizens and companies.
The European parliament concluded that such a satellite interception
system would breach EC law if it was used to gather competitive
intelligence, which would be at odds with the concept of a common market
based on free competition. Parliament also concluded that such a system
would only function in accordance with Article 8 of the ECHR if it would
have effective oversight and control from national parliaments. "An
intelligence system which intercepted communications permanently and at
random would be in violation of the principle of proportionality and would
therefore not be compatible with the ECHR." In its recommendations the
report urged governments to stimulate the use of encryption technology in
order to protect citizens and companies against snooping practices.
Bits of Freedom: Dutch National Sigint Organisation building plans
http://www.bof.nl/nso_uk.html
Report on the existence of a global system for the interception of private
and commercial communications (ECHELON interception system) (11.07.2001)
http://www.europarl.eu.int/tempcom/echelon/pdf/rapport_echelon_en.pdf
(Contribution by Maurice Wessling, EDRI-member Bits of Freedom)
============================================================
9. French court decision on traffic data retention
============================================================
On 4 February 2005 the appeal court of Paris has extended the general
obligations for data retention to companies. According to the verdict,
like internet providers all companies are obliged to store traffic data
originating from their employees, to allow identification of e-mails with
illegal contents sent from company machines. The verdict is ominous since
France does not have a specific law decreeing data retention.
The court decision follows proceedings from the company World Press Online
(WPO) against the bank BNP Paribas. Two commercial partners from WPO
received an litigious e-mail about the company at the end of 2003, sent
from a Yahoo e-mail address. WPO tracked the IP-address back to a branch
from the bank in France and demanded to know which employee had used the
specific computer. BNP didn't reply at first. WPO instigated a case and
BNP was ordered on 12 October 2004 by the commercial court of Paris to
hand over the requested information. BNP appealed, but lost again and was
forced to hand-over data about their employees.
The court also said that the obligation to retain identification data and
provide these data upon judicial request does not imply that the company
has to do any investigations on the raw material to identify the possible
sender of the e-mail.
The Court has based this obligation on the law on liberty of communication
(adopted in 1986 but amended in 2000). This law defines certain legal
responsibilities for access providers that were superseded by the French
transposition of the E-commerce directive, the LEN, adopted in June 2004.
However, the case began before the LEN was adopted, so the Court had to go
back to these older provisions.
The general legal framework for data retention in France is provided by
the 'Loi sur la Sécurité Quotidienne', a controversial general
security-law adopted in the autumn of 2001. This law decrees that traffic
data can be retained for billing purposes or to comply with a judicial
request, but nobody knows which data should be retained for what period of
time, because no decree has yet been published defining mandatory data
retention.
Conservation des données(...) (in French, 02.03.2005)
http://www.zdnet.fr/actualites/internet/0,39020774,39209610,00.htm
Verdict of the Paris appeal court (in French, 04.02.2005)
http://www.foruminternet.org/telechargement/documents/ca-par20050204.pdf
(Thanks to Meryem Marzouki, EDRI-member IRIS)
============================================================
10. Geneva meeting on access to knowledge
============================================================
On 3-4 February 2005, more than 60 academics, researchers and scientists,
software developers, diplomats, librarians, consumers and representatives
of disability and other public interest groups from north and south
gathered in Geneva to discuss the WIPO Development Agenda and a draft
Treaty on Access to Knowledge (A2K). The meeting was organised by the
Consumer Project on Technology (CPTech), Third World Network (TWN) and the
International Federation of Library Associations and Institutions (IFLA).
The aim of the meeting was to find common ground amongst the diverse range
of interest groups who feel harmed by current intellectual property
regimes, to discuss proposals for a draft treaty on access to knowledge
and to start to build a global, social movement to advance the Access to
Knowledge agenda.
In October 2004 the WIPO General Assembly decided to establish a WIPO
Development Agenda. This far-reaching proposal, initiated by the
governments of Argentina and Brazil, received support from dozens of
developing countries. It asks for fundamental changes at WIPO. Some of the
proposals are directed at the special concerns of developing countries,
while others are aimed at institutional reform within WIPO to give more
weight to public and consumer interests.
Civil Society responded to the WIPO Development Agenda by proposing a
draft Treaty on Access to Knowledge. It emphasises freedoms rather than
restrictions and focuses on the cumulative effect on society and the
global economy in terms of access to information, education and learning
resources, scientific data and research, culture and entertainment.
Specific aspects of an A2K treaty were dealt with in Geneva in lively
discussions about a fascinating array of proposals, illustrating just how
far copyright and patent laws have reached into the realms of scientific
research and patterns of consumer behaviour. These included (in no
particular order):
-exceptions and limitations in copyright law and patent rights;
-needs of libraries, blind and visually impaired people, distance education;
-open access to research literature;
-ways to address abuse of rights such as control of anti-competitive
practices in contractual licences;
-digital rights management systems and anti-circumvention;
-patents and public goods databases;
-government procurement and free/open source software;
-open standards;
-deep linking policies.
As CPTech Director James Love said afterwards "Some proposals were new,
such as the patent and procurement mechanisms to protect open standards.
Others, like those concerning open access archives for publicly funded
research, are already part of the policy landscape in some countries,
including the US, but are not part of any multilateral instrument to
promote access to knowledge. This was a very good start, but there is much
work ahead."
The WIPO Development Agenda will be discussed by WIPO member states at a
special intergovernmental meeting and during the bi-annual meeting of the
Permanent Committee on Cooperation for Development Related to Intellectual
Property, both in April, followed by an inter-agency meeting for UN
agencies. The Standing Committee on Copyright and Related Rights (SCCRR),
from which the proposal for a Development Agenda originated, is due to
meet in June. The WIPO Secretariat will prepare a report by 30 July 2005
for the next General Assembly in September 2005. One of the problems civil
society organisations are facing is that the WIPO Secretariat have
interpreted the wording of the General Assembly decision to exclude 'ad
hoc accreditations' for the April meetings. In other words, only
organisations with permanent observer status may attend. Both European
Digital Rights and eIFL.net are currently trying very hard to be able to
attend.
Full version of this report (February 2005)
http://www.eifl.net/services/a2k_feb05.html
Geneva Declaration on the Future of WIPO
http://www.cptech.org/ip/wipo/futureofwipo.html
(Contribution by Teresa Hackett, eIFL-IP Project Manager)
============================================================
11. Europe crowned as Internet Villain
============================================================
Europe was crowned 'Internet Villain' of the year at the 7th Annual UK
Internet Industry Award Ceremony, for "threatening the Country of Origin
principle, which has encouraged e-commerce across the EU, and for the
Draft Framework on Data Retention." The awards are an initiative of the UK
Internet Service Providers' Association Council. Previous winners include
the UK Home Office (twice) and Verisign. The negative price is part of a
large commerce-celebrating ceremony with lots of positive prices for a.o.
best light, medium or heavy consumer or business broadband provider.
Europe crowned as Internet Villain (25.02.2005)
http://news.zdnet.co.uk/internet/0,39020369,39189185,00.htm
Press release ISPA (25.02.2005)
http://www.ispaawards.org.uk/categories/villain.htm
============================================================
12. Council adopts decision on attacks against information systems
============================================================
On 24 February 2005 the JHA Council finally adopted the framework decision
on attacks against information systems. The decision harmonises
legislation in the EU for any offence committed against a computer
infrastructure with the intention of destroying, modifying or altering the
information stored on computers or networks of computers. The two key
definitions in the decision are illegal access to information systems and
illegal interference with the system. In both cases, intent has to be
proven, to rule out gross negligence or recklessness. The decision covers
not only offences affecting the Member States but also offences committed
in their territory against systems located in the territory of third
countries.
The decision was debated for the first time in 1999, initiated by the
European Commission in 2001 and sent to the European Parliament for advice
in the spring of 2002. In October 2002 the EP gave its recommendations and
on 28 February 2003 the ministers of Justice had reached an agreement. It
is unclear why it took the Council 2 years to actually adopt the proposal.
At the time, parliamentary scrutiny reservations were made by the Irish,
French, Swedish, Danish and Netherlands delegations. Civil society raised
many objections to the proposal, most notably the broad scope of illegal
access and the fact there is no exemption for security experts to test the
security of systems.
Andy Mueller from the German user-group CCC commented to the e-zine Heise:
"Systems are not made secure by introducing prison sentences for hackers,
but by eliminating technical weaknesses."
The JHA Council adopted the proposal as an A-item. Member States have two
years to implement the decision in their national legislation.
Framework decision on attacks against information systems (adopted
24.02.2005)
http://register.consilium.eu.int/pdf/en/04/st15/st15010.en04.pdf
PRELEX overview of the chronology of the decision making process
http://europa.eu.int/prelex/detail_dossier_real.cfm?CL=en&DosId=173082
EDRI-gram: Agreement on cyber-attacks harms freedom of expression
(12.03.2003)
http://www.edri.org/edrigram/number4/expression
============================================================
13. Recommended reading: CCTV
============================================================
Publication by the Development and Statistics Directorate of the English
Home Office of the results of the first major research into the
application of CCTV in the UK. The general conclusion about the effects on
criminality is that camera surveillance is a powerful instrument, but it
must be acknowledged camera's are used in widely different contexts. It
looks like a simple fix, but is much more complicated in reality.
"All the systems had the broad objective of reducing crime. Out of the 13
systems evaluated six showed a relatively substantial reduction in crime
in the target area compared with the control area, but only two showed a
statistically significant reduction relative to the control, and in one of
these cases the change could be explained by the presence of confounding
variables. Crime increased in seven areas but this could not be attributed
to CCTV. The findings in these seven areas were inconclusive as a range of
variables could account for the changes in crime levels, including
fluctuations in crime rates caused by seasonal, divisional and national
trends and additional initiatives."
"Certain types of offence were affected more than others:
- Impulsive crimes (e.g. alcohol-related crimes) were less likely to be
reduced than premeditated crime (e.g. theft of motor vehicles).
- Violence against the person rose and theft of motor vehicles fell in the
target areas in accordance with national trends in recorded crime."
Assessing the impact of CCTV (February 2005)
Home Office Research, Development and Statistics Directorate
http://www.homeoffice.gov.uk/rds/pdfs05/hors292.pdf
============================================================
14. Agenda
============================================================
16 March 2005, London, UK, eCulture Workshop
Workshop hosted by the UK's Sixth Framework Central Information Point
(FP6UK) to network and refine proposals for EU funding opportunities under
IST call 5. This programme addresses the strategic objective 'Access to
and preservation of cultural and scientific resources'.
http://fp6uk.ost.gov.uk/page.aspx?SP=1121
17-18 March 2005, Amsterdam, The Netherlands
First European Creative Commons meeting
http://www.creativecapital.nl
17-18 March 2005, Budapest, Hungary
Workshop on open access issues 'The Future of the Scientific Information
Chain - The Role of Publishers and Learned Societies' organised by the
ALLEA Standing Committee on Intellectual Property Rights and STM, The
International Association of Scientific, Technical and Medical Publishers
http://www.allea.org/cfdata/output/news_detail.cfm?news__id=62
31 March 2005, deadline call for papers on DRM
Special session on Digital Rights Management during the 31st Euromicro
conference on Software Engineering and Advanced Applications (SEAA) 2005
in Porto, Portugal. This special session is open to discuss technical,
legal and business issues with DRM and the social aspects regarding users
understanding and fair use. Papers should be around 6-8 pages (not
exceeding 6000 words) and include an abstract.
http://www.idt.mdh.se/euromicro-2005/
6 April 2005, Brussels, Belgium
European Commission public workshop on DRM
6-8 April 2005, Belfast, Ireland, BILETA 2005
Over-Commoditised; Over-Centralised; Over-Observed: the New Digital Legal
World?
http://www.law.qub.ac.uk/bileta2005/callforpapers.html
12 April 2005, Deadline funding applications
Civil rights organisations and initiatives are invited to send funding
applications to the German foundation 'Bridge - Bürgerrechte in der
digitalen Gesellschaft'. A total of 15.000 euro is available for
applications that promote civil rights in the digitised society.
http://www.stiftung-bridge.de
12-15 April 2005, Seattle, USA, CFP 2005
The program committee of the annual Computer, Freedom, Privacy Conference
is accepting proposals for conference sessions and speakers for CFP2005.
The conference will be held in the Westin Hotel in Seattle, Washington.
http://www.cfp2005.org
14-16 April 2005, Padova, Italy, FLOSS 2005
http://www.floss2005.org/
27-28 May 2005, Florence, Italy, E-Privacy Conference 2005
This edition of the foremost Italian conference on privacy in the digital
age will focus on automatic data collection and retention. The organising
committee is inviting papers from possible speakers. The deadline for
submitting papers and presentations is 17 April, notification of
acceptance will be given on 24 April. During the conference the first
Italian Big Brother Award Ceremony will be held in the stunningly
beautiful Palazzo Vecchio.
http://e-privacy.firenze.linux.it/
6-11 June 2005, Benevento (Naples), Italy
Digital Communities 2005
http://www.ssc.msu.edu/~espace/DC2005.html
17-18 June 2005, Amsterdam, The Netherlands
3d Amsterdam Internet Conference organised by OSCE Representative on
Freedom of the Media
11-15 July 2005, Genova, Italy, OSS 2005
http://oss2005.case.unibz.it/index.html
28-31 July 2005, Den Bosch, The Netherlands
What The Hack, major open air hacker / internet lifestyle event
http://www.whatthehack.org/
8-9 September 2005, Brussels, Belgium
EuroSOCAP Workshop on confidentiality and privacy in healthcare
3 year programme to develop new ethical standards for privacy and patient
access to (electronical) files, started on 31 january 2003.
http://www.eurosocap.org
============================================================
15. About
============================================================
EDRI-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRI has 17 members from 11 European countries. European Digital
Rights takes an active interest in developments in the EU accession
countries and wants to share knowledge and awareness through the
EDRI-grams. All contributions, suggestions for content or agenda-tips are
most welcome.
Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 2.0 License. See the full text at
http://creativecommons.org/licenses/by/2.0/
Newsletter editor: Sjoera Nas <edrigram at edri.org>
Information about EDRI and its members:
http://www.edri.org/
- EDRI-gram subscription information
subscribe by e-mail
To: edri-news-request at edri.org
Subject: subscribe
You will receive an automated e-mail asking to confirm your request.
unsubscribe by e-mail
To: edri-news-request at edri.org
Subject: unsubscribe
- EDRI-gram in Russian, Ukrainian and Italian
EDRI-gram is also available in Russian, Ukrainian and Italian, a few days
after the English edition. The contents are the same.
Translations are provided by Sergei Smirnov, Human Rights Network, Russia;
Privacy Ukraine and autistici.org, Italy
The EDRI-gram in Russian can be read on-line via
http://www.hro.org/editions/edri/
The EDRI-gram in Ukrainian can be read on-line via
http://www.internetrights.org.ua/index.php?page=edri-gram
The EDRI-gram in Italian can be read on-line via
http://www.autistici.org/edrigram/
- Newsletter archive
Back issues are available at:
http://www.edri.org/edrigram
- Help
Please ask <admin at edri.org> if you have any problems with subscribing or
unsubscribing.
============================================================
Publication of this newsletter is made possible by a grant from
the Open Society Institute (OSI).
============================================================
More information about the Plenary
mailing list