From: [log in to unmask]
To: [log in to unmask]
Sent: 02/02/2006 11:29
Subject: EDRi-news Digest, Vol 35, Issue 1

Send EDRi-news mailing list submissions to
[log in to unmask]

To subscribe or unsubscribe via the World Wide Web, visit
http://mailman.edri.org/cgi-bin/mailman/listinfo/edri-news
or, via email, send a message with subject or body 'help' to
[log in to unmask]

You can reach the person managing the list at
[log in to unmask]

When replying, please edit your Subject line so it is more specific
than "Re: Contents of EDRi-news digest..."


Today's Topics:

   1. EDRI-gram newsletter - Number 4.2, 2 February 2006
      (EDRI-gram newsletter)


----------------------------------------------------------------------

Message: 1
Date: Thu, 2 Feb 2006 13:23:38 +0200
From: "EDRI-gram newsletter" <[log in to unmask]>
Subject: EDRI-gram newsletter - Number 4.2, 2 February 2006
To: <[log in to unmask]>
Message-ID: <016701c627eb$44b6b420$aad4cc55@Bogdan1234>
Content-Type: text/plain; format=flowed; charset="iso-8859-1";
reply-type=original


============================================================

             EDRI-gram

  biweekly newsletter about digital civil rights in Europe

     Number 4.2, 2 February 2006

============================================================
Contents
============================================================

1. Commission refuses to do an impact assessment on the data retention
directive
2. OECD Conference on the Future Digital Economy
3. German Wikipedia back on the Internet
4. A CD should work on any device, says French court
5. Debates on draft directive on Television without Frontiers Directive
6. EU Visa Database under scrutiny of the European Data Protection
Supervisor
7. French anti-terrorism law not anti-constitutional
8. Combating Racism on Internet
9. Irish ISPs to give File-sharers details
10. Slovenian Intelligence Agency performed illegal eavesdropping
11. Big Brother Award for Dutch immigration minister
12. UK Passenger Travel Data in Advance
13. Recommended reading: Security Policies in Europe
14. Agenda
15. About

============================================================
1. Commission refuses to do an impact assessment on the data retention
directive
============================================================

In a public answer to a written question by Charlotte Cederschiöld
(PPE-DE)
on timeframe of the impact assessment of the Data Retention Directive,
the
European Commission has stated that such an assessment will not take
place
because " it will not provide any added value".

The European Parliament has adopted on 14 December 2005 a version of the
Data Retention Directive, including in the paragraph 2 of the Resolution
the
necessity of a prior impact study of the directive: "Calls on the
Commission
for an impact assessment study covering all internal market and consumer
protection issues"

The original text of the paragraph, as suggested on 28 November 2005 was
"
Calls on the Commission, prior to the entry into force of this
Directive, to
commission an impact assessment study from an independent body
representing
all stakeholders, covering all internal market and consumer protection
issues "

Right after decision of the Parliament, the MEP Charlotte Cederschiöld
(PPE-DE) asked the Commission already on 15 December when it intended to
begin and complete the impact assessment of the Directive.

The answer, received on 31 January, from the Commission considers that
"an
impact assessment cannot, at this stage, have an influence on the
content of
the legal instrument, given the fact that an agreement on the Directive
has
just been reached between the Council and the Parliament. This means
that
the legislative process at the European level is completed, and that an
additional assessment of the impact of the instrument at the European
level
will not provide new elements. This is of course without prejudice to
the
possibility of Member States to carry out an impact assessment with
respect
to the national implementation of the Directive, given the fact that the
Directive does leave some elements of choice to the Member States in the
national implementation process."

The answer also makes reference to the evaluation of the Directive, as
foreseen in the Article 12 of the adopted text that "will be made within
three years after its implementation period."

However, the Commission is considering the set-up of a working group on
this
matter. "The Directive also provides for an obligation for the
Commission to
examine all observations communicated by the Member States or the
Article 29
Data Protection Working Party. It is expected that further discussions
on
the issue will also have taken place within the group to be set up by
the
Commission and to be composed of law enforcement representatives,
associations of the electronic communications industry, Parliament
representatives and data protection authorities, including the European
Data
Protection Supervisor (see also Recital 14)."

European Parliament legislative resolution on the proposal for a
directive
of the European Parliament and of the Council on the retention of data
processed in connection with the provision of public electronic
communication services ( 14.12.2005)
http://www.europarl.eu.int/omk/sipade3?PUBREF=-//EP//TEXT+TA+P6-TA-2005-
0512+0+DOC+XML+V0//EN&L=EN&LEVEL=2&NAV=S&LSTDOC=Y&LSTDOC=N

Question from MEP Charlotte Cederschiöld (PPE-DE) on Data retention
directive ( 15 12 2005)
http://www.europarl.eu.int/omk/sipade3?PROG=QP&L=EN&SORT_ORDER=D&S_REF_Q
P=%25&LEG_ID=6&AUTHOR_ID=2110

Answer given by Mr Frattini on behalf of the Commission on Data
retention
Directive ( 31.01.2006)
http://www.europarl.eu.int/omk/sipade3?L=EN&OBJID=108637&LEVEL=3&SAME_LE
VEL=1&NAV=S&LSTDOC=Y

EDRI-gram : European parliament adopts data retention directive
(18.01.2006)
http://www.edri.org/edrigram/number4.1/dataretention

Extended Impact Assements - Annex to the Proposal for a Data Retention
Directive (21.09.2005)
http://europa.eu.int/comm/justice_home/doc_centre/police/doc/sec_2005_11
31_en.pdf

============================================================
2. OECD Conference on the Future Digital Economy
============================================================

The OECD held a two day conference ( 30-31 Juanuary 2006) in Rome on
"The
Future of Digital Economy - Digital Content Creation, Distribution and
Access" with over 350 participants from companies, lobby groups, NGOs
and
governments. These stakeholders debated the issue and discussed how
government policy should respond to the change in content production,
delivery and use.

The discussion focussed less on the infrastructure and more on the
debate about the production of "digital content", as broadband access
today is more widespread and so it was considered more important to talk
about possible new emerging business models for digital content creation
and how governments could contribute to a supportive environment for
broadband content.

The topic of Digital Rights Management (DRM) and the protection of
intellectual property were often brought up. While there were several
very imprecise calls for more protection, there were concerns about the
right balance between different interests as well. There was also an
acknowledgement about problems involving DRM, especially the concerns
about
interoperability, which basically means to have a DRM solution that
allows
moving content from one device to another. Growing consumer concerns
against
DRM were also brought up, including the question whether government
regulation should help to create interoperability and open standards.
Unfortunately, there was no real agreement on what to do.

Another topic often discussed was the growing amount of users who are
beginning to produce and share digital content online and where DRM is
not needed. The topic of new user habits and social attitudes was
brought up by several speakers and debated on the panel about new user
habits and social attitudes. John B. Horrigan, Associate Director of Pew
Internet and American Life Project gave insights to the results of some
of their studies on broadband access and online behaviour and mentioned
the growing usage of the Internet by broadband users for content
creation and entertainment. This was supported by a presentation form
David Sifry, President and CEO of Technorati, who talked about the
growing importance of blogs and the shift from a consumer economy to
what he calls a participatory economy and the BBC Creative Archive
project leader Paul Gerhardt, who pointed out the importance of building
a new public value by providing content that can be reused by the
public.

"Network neutrality" or what some called "business model neutrality" was
another hot debated issue, especially when it comes to the involvement
of governments as regulator. Michael J. Copps, US Federal Communication
Commissioner and others stated that it is not the role of government to
pick winners and losers. On the other hand it remains to be seen they
keep to these statements, especially in regard to several initiatives
like the broadcast flag and others.

Some organisations of artists, civil society and consumers were able to
present their opinion, but they should definitely be more integrated and
the topic should also be regarded from a broader perspective and not
only focused on "digital content" and economy.

The conference didn't end with a consensus, but it rather highlighted
some contested areas. Donald Johnston, general secretary of the
OECD, concluded that there is still a lot of work, until they are able
to write a recommendation on the topic.

Website of the OECD Conference on the Future Digital Economy: Digital
Content Creation, Distribution and Access
http://www.oecd.org/sti/digitalcontent/conference

( Contribution by Daniel Boos - EDRI member - Swiss Internet User
Group)

============================================================
3. German Wikipedia back on the Internet
============================================================

The German version of the worldwide encyclopaedia Wikipedia was offline
for three days, after a legal complaint filed by the parents of a
hacker who's real name was mentioned online.

Tron was a German hacker and phreaker who found a controversial death
in 1998. Amongst other things, Tron broke the security of the German
phonecard by producing working clones. He was also known for his
diploma thesis where he created the Cryptophon, which was one of the
first public implementations of a telephone with built-in voice
encryption.

The Berlin court issued a preliminary interdiction on 17 January against
access to the German domain www.wikipedia.de, as a redirect to the
German
Wikipedia version.

The preliminary interdiction did forbid the redirect as long as the
family
name was online in the article at de.wikipedia.org. However, the public
decision of German Wikipedia was to keep the name due the general policy
not
to interfere with the content of the Wikipedia Encyclopaedia at all.

For 3 days wikipedia.de was offline, but it was still
possible to access the German contents through the .org address, hosted
in
the United States. .

The supporters of Tron's parents tried to solve the matter in an
out-of-court settlement, but without success. They have raised questions
regarding the conflict of handling personal data in an "open content"
system
and the fact that Wikipedia does not have a privacy policy in place.

A first decision in this matter will probably be taken at the beginning
of
February 2006.

Berlin court issues provisional order against the Wikimedia Foundation
(19.01.2006)
http://en.wikinews.org/wiki/Berlin_court_issues_provisional_order_agains
t_the_Wikimedia_Foundation

German Wikipedia back up amid lawsuit (20.01.2006)
http://www.siliconvalley.com/mld/siliconvalley/business/technology/13671
242.htm

Tron (hacker) - page on wikipedia.org
http://en.wikipedia.org/wiki/Tron_%28hacker%29

Some background material about this case ( in German only )
http://www.ccc.de/~andy/CCC/TRON/wikipedia

============================================================
4. A CD should work on any device, says French court
============================================================

Two French companies, Warner Music France and the FNAC, were condemned
on 10
January by the Paris District Court to pay fines and damages of 5.000
and
59,50 euros respectively, to the consumer protection association UFC -
Que
Choisir and to a consumer complaining for not having been able to read a
Phil Collins CD on a Macintosh computer. The CD had a copy proof system
that
prevented the duplication but which also made it impossible to read the
CD
on certain devices.

The Paris court estimated that the respective CD "was affected by a
hidden
flaw which made it useless for the purpose it had been created", that is
"to
be read on all types of readers". The court considered the two companies
had
failed in meeting their obligation to provide information. As a result,
Warner Music is forbidden to use a copy-proof system; failing to comply
will
cost the company 150 euros per day.

UFC-Que Choisir has expressed its satisfaction in a press release that
the
court had again given priority to private copy exception over the
copy-prevention system - two previous similar cases occurred in 2005
judged
by Versailles and Paris courts.

According to the consumer protection association "a principle is
established
by now: the technical protection measures must not be an obstacle to
creating a private copy on any means".

FNAC declared that they would appeal the decision.

Warner Music and the FNAC condemned for a too protected CD (French only,
19.01 2006)
http://www.01net.com/editorial/302073/droit/warner-music-et-la-fnac-cond
amnees-pour-cd-trop-protege/

Private copy : no exception for computers ( French only, 19.01.2006)
http://www.quechoisir.org/Position.jsp;jsessionid=7AC3535FA8E4BE255B282F
03833F09C6.tomcat21?id=Ressources:Positions:19A346F250535DFAC12570FB0038
D6A2&catcss=IMA101

EDRI-gram : French court forbids DVD copy protection ( 4.05.2005)
http://www.edri.org/edrigram/number3.9/DVD


============================================================
5. Debates on draft directive on Television without Frontiers Directive
============================================================

During the Oxford Media Convention on 19 January 2006, Hon.Tessa Jowell,
the UK Secretary of State for Culture, Media and Sport expressed the
opinion
that a European Union plan to introduce Internet regulation was
unwelcome,
arguing that new media were best left to govern themselves.

The statement comes at a time when the European Union is trying to
overhaul
the 1989 Television Without Frontiers directive, which sets out a
baseline
for broadcast regulation across Europe. On 13 December 2005 the
Commission
presented its draft directive amending the Television without Frontiers
Directive (TWF). The proposed changes include amendments that refer to
the
transmission of the audio-visual content using mobile and internet
services.

Ms. Tessa Jowel described the current text of the European Commission
proposals for a revised Television Without Frontiers Directive "as a
whole
..still unacceptable", "highly bureaucratic", and contrary to the Lisbon
Agenda on de-regulation. "If we want further regulation," Ms Jowell
said,
"then I believe that the best approach is to rely as far as possible on
self-regulation."She also stated that the E-Commerce Directive already
covers the Internet and that the best solutions are self-regulatory.

On the same day, 19 January 2006, the findings of the study
"Co-Regulation
Measures in the Media Sector" issued by the European Commission,
Directorate
Information Society and Media and conducted by the Hans-Bredow-Institute
in
cooperation with the Institute of European Media Law in Saarbrücken were
discussed within a seminar that gathered more than 80 experts in
Brussels.

The purpose of the study was to provide an overview of the situation of
the
co-regulatory measures in the media sector in all 25 Member States and
in
three non-EU-countries, indicating the areas in which these measures
mainly
apply, their effects and their consistency with public interest
objectives.
The study covers different co-regulation measures, including protection
of
minors in Internet services in several countries.

The participants emphasised the importance of having a precise
definition of
co-regulation especially in the light of the new TWF proposal.
Interested parties are invited to comment on the draft report by the 5
February 2006.

Minister opposes EU plan to regulate Internet (20.01.2006)
http://business.timesonline.co.uk/article/0,,13130-2001048,00.html

Oxford Media Convention - another view (20.01.2006)
http://www.ofcomwatch.co.uk/2006/01/oxford-media-convention-another-view

Legislative proposal for the revision of the "Television without
Frontiers"
Directive (13.12.2005)
http://europa.eu.int/comm/avpolicy/regul/regul_en.htm#4

TV without Frontiers: Commission proposes modernised rules for digital
era
TV and TV-like services (13.12.2005)
http://europa.eu.int/rapid/pressReleasesAction.do?reference=IP/05/1573&f
ormat=HTML&aged=0&language=EN&guiLanguage=en

Presentation of the draft final report "Co-Regulation Measures in the
Media
Sector" (20.01.2006)
http://europa.eu.int/information_society/newsroom/cf/itemlongdetail.cfm?
item_id=2405

Report Co-Regulation Measures in the Media Sector ( 20.01.2006)
http://www.hans-bredow-institut.de/forschung/recht/co-reg/


============================================================
6. EU Visa Database under scrutiny of the European Data Protection
Supervisor
============================================================

In a public opinion from 20 January 2006, Mr. Peter Hustinx, the
European Data Protection Supervisor, was very critical about the wide
access possibilities the European Commission wanted to give to the new
Visa Information System. The Commission published its "Proposal for
a Council Decision concerning access for consultation of the Visa
Information System (VIS)" on 24 November 2005.

VIS will be a central database of all visa applications for most EU
countries. The database will be connected to national systems that can
be accessed by consulates and similar competent authorities within the
Member States.

Mr. Hustinx thinks the Commission pays considerable attention to data
protection, but he stresses that access must be granted only under
specific
circumstances, on a case-by-case basis and with strict safeguards.

In his opinion: "The VIS database will be the biggest cross border one
in
Europe. Some 20 million new entries per year, regarding people who apply
for
a Schengen visa, are foreseen. It is of utmost importance that data
protection is taken seriously for these, a priori, innocent people".

The suggested database will also keep biometric data for all applicants.
This would result in 70 million fingerprint data to be stored in the
system
for the five-year term set forth in the current VIS Regulation proposal.

Moreover, the EU is considering also introducing biometric data in all
ID
systems within European Union. During 2005, UK Presidency promised
to standardize identity card systems across the EU so that they also
include
fingerprints and a RFID chip.

Opinion of the European Data Protection Supervisor on the Proposal for a
Council Decision concerning access for consultation of the Visa
Information
System (VIS) ( 20.01.2006)
http://www.edps.eu.int/legislation/Opinions_A/06-01-20_Opinion_access_to
_VIS_EN.pdf

EU privacy chief wants tweaks to anti-terror database plan (24.01.2006)
http://www.out-law.com/page-6563

Proposal for a Council Decision concerning access for consultation of
the
Visa Information System (VIS) (24.11.2005)
http://europa.eu.int/eur-lex/lex/LexUriServ/site/en/com/2005/com2005_060
0en01.pdf

EDRI-gram : EU plans database of visa applicants' biometrics
(12.01.2005)
http://www.edri.org/edrigram/number3.1/biometrics

EU: Biometrics - from visas to passports to ID cards (12.05.2005)
http://www.statewatch.org/news/2005/jul/09eu-passports-id-cards.htm


============================================================
7. French anti-terrorism law not anti-constitutional
============================================================

The French constitutional council judged on 19 January 2006, that
the new national anti-terrorism law, submitted by the French Senators,
was
not anti-constitutional.

The Senators were particularly concerned with two provisions of this
law. The first one was the provision allowing the police to obtain
communication data without any judicial order, in order to "prevent and
punish" acts of terrorism (article 6). The constitutional council only
found necessary to remove the word "punish" from the article, otherwise
considering the article in compliance with constitution, arguing that
prevention is indeed the role of police forces, and finding that enough
safeguards were already provided by this article.

The second one was the provision allowing the police to automatically
monitor cars on French roads and highways, taking picture of licence
plates and people in the cars, with various purposes ranging from the
fight against terrorism to the identification of stolen cars (article
8). The same article also provides for the monitoring of street people
gathering during "big events". Again, the constitutional council has
not found any constitutional problem with this provision.

This new French anti-terrorism law also provides, in its article 7,
that the ministry of interior may process PNR (passenger name record)
data collected on any travel by air, sea or rail to or from non-EU
countries. The constitutionality of this provision has not been
challenged. This article has the claimed objective "to improve border
controls and to fight against illegal immigration". With this
anti-terror law, and under the alibi of the fight against terrorism,
France is then directly targeting immigrants and even foreigner
residents, especially those from North Africa, since they regularly
travel by sea to spend holidays at home. France is now the first EU
country to follow the example of the US unilateral decision imposing
the transfer of PNR data to US customs and border control authorities,
as analysed by French EDRI member IRIS.

French constitutional council decision (only French, 19.01.2006)
http://www.conseil-constitutionnel.fr/decision/2006/2005532/index.htm

IRIS press release (only French, 05.12.2006)
http://www.iris.sgdg.org/info-debat/comm-lettre-pe1205.html

EDRI-gram 4.1: France adopts anti-terrorism law (18.01.2006)
http://www.edri.org/edrigram/number4.1/frenchlaw

(Contribution by Meryem Marzouki, EDRI-member IRIS - France)

============================================================
8. Combating Racism on Internet
============================================================

A High Level Seminar on Racism and the Internet - the 4th Session of the
Intergovernmental Working Group on the Effective Implementation of the
Durban Declaration and Programme of Action took place in Geneva, during
16-17 January 2006.

Dr. Yaman Akdeniz, director and founder of Cyber-Rights &
Cyber-Liberties
prepared a background report for the seminar with the title "Stocktaking
on
efforts to combat racism on the Internet".

The report makes an attempt to evaluate the possibilities and challenges
an
Internet user faces in propagating and countering material with a racist
content. It tries to provide an overview of the issues under debate,
focusing on self-regulation and co-regulation initiatives to combat
racism
on the Internet.

The report finds that the States have yet to reach a political agreement
on
how to prevent the use of Internet for racist purposes and on how to
promote
its use to combat racism. It also finds the efforts in fighting racism
are
duplicated at the international level, fact which results in delaying
the
finalisation of policies to address the problems and therefore the
implementation of these policies at the national level.

In one of the presentations at the seminar, Ms. Meryem Marzouki,
President
IRIS (Imaginons un réseau Internet solidaire), expressed her concern
regarding the Internet self-regulation and co-regulation means. In her
opinion, such ways may result in possible violations of a large range of
substantive human rights and freedoms. "Moreover, these newly introduced
deliberative and legal procedures are challenging constitutive elements
of
the rule of law and of democracy." This trend in the control of illegal
content, including racist content weakens the role of the judiciary
power,
while extending the prerogatives of private parties, mainly that of
Internet
service providers.

In her opinion, the authors of the racist content on the Internet may be
punished by normal legal process in a country where such legislation
exists
and ISPs should help enforcing a court decision of content removal, but
should not take the decision of removing content.

The presentation included a few recommendations on the role of ISPs in
the
fight against racism on the Internet in situations when there is or not
specific legislation in force.

Stocktaking on efforts to combat racism on the Internet (16.01.2006)
http://www.cyber-rights.org/reports/ya_un_paper_int_06.pdf

Combating Racism on the Internet while Upholding International Human
Rights
Standards (20.01.2006)
http://www-polytic.lip6.fr/article.php3?id_article=127

============================================================
9. Irish ISPs to give File-sharers details
============================================================

On Tuesday 24 January the Irish High Court made an order requiring
three ISPs to hand over the personal details of 49 alleged file-sharers.
This decision follows a similar decision in July 2005, and was made by
the same judge (Kelly J.) in essentially identical terms, including an
undertaking that the information would only be used for the purpose of
litigation. The judge did, however, specify that the plaintiffs could,
if they wished, also pass this information to the authorities for
criminal prosecution, describing file sharing as "a modern form of
thieving".

Digital Rights Ireland wrote to the parties in advance seeking to have
two issues brought to the attention of the court: whether users should
be notified of the application and given a chance to respond, and
whether the use of the US-based MediaSentry was in breach of national
data protection laws (as was held in the Dutch decision in Brein).
However, not all of these issues were raised in court, and the decision
of the court does not address these points.

Full details of the hearing and the decision of the court (25.01.2006)
http://www.digitalrights.ie/2006/01/25/isps-ordered-to-hand-over-user-de
tails-to-record-labels/

ISPs ordered to disclose customer details (25.01.2006)
http://enn.ie/news.html?code=9665363

EDRI-gram : Two opposing court verdicts on file-sharers (14.07.2005)
http://www.edri.org/edrigram/number3.14/p2p

( Contribution by TJ McIntyre, Digital Rights Ireland )

============================================================
10. Slovenian Intelligence Agency performed illegal eavesdropping
============================================================

The Slovenian constitutional court issued a decision on 8 December 2005
ascertaining that, in 1996, SOVA (Slovenian intelligence agency)
illegally
performed eavesdropping to a suspected person later sentenced for
unjustified production and trading of drugs. The most aggravating
evidences
for the defendant were the telephone conversation recordings that SOVA
made
for the police.

The eavesdropping and recording of telephone conversations were
performed in
a way that did not exclude the possibility of abuses (montage, erasing,
later adding of recordings) and the defence could not examine the
transcriptions of the telephone conversations as the documents were
labelled
as confidential.

>From 1993 till 11 April 1997, on the basis of a confidential agreement,
SOVA
eavesdropped and recorded telephone conversations for the police, which
did
not have adequate equipment for that.

The Slovenian Constitutional Court wrote :
"With the eavesdropping and recording of telephone conversations that
was
performed by SOVA and not the police, the complainant's right to privacy
from article 35 and right to privacy of correspondence from article 37
were
violated."
[...]
"the problems the repressive bodies have with technical equipment
should
not be the reason for such intolerable violation of privacy and privacy
of
correspondence and other means of communication. Violations of human
rights
are not allowed in the criminal procedure, not even in the case of
"extreme
necessity"."

An intriguing fact is that there was no report about that decision of
the
constitutional court in the major Slovenian media.

The whole text of the decision (in Slovenian language only):
http://odlocitve.us-rs.si/usrs/us-odl.nsf/o/2B1FA4ECCB2DFEE5C12570D90040
374F

( Contribution by Aljaz Marn Privacyblog.net - Slovenia )

============================================================
11. Big Brother Award for Dutch immigration minister
============================================================

Dutch Minister Rita Verdonk for Integration and Immigration won a
negative
Big Brother Award during the Dutch awards ceremony on 28 January 2006 in
De
Melkweg in Amsterdam.

Minister Verdonk was awarded the price for having handed-over the status
of
asylum seeker of rejected applicants to their country of origin, for
having
denied it repeatedly in parliament and for having later minimised the
impact
of this information.

The jury considered that the gravity of the privacy violation was
underexposed. The information about the applicants' attempt to seek
asylum
might be life threatening for them in their country of origin.

The nominees beaten by minister Verdonk were Dutch minister of Finance
Mr.
Zalm and crime reporter Peter R. de Vries. Mr. Zalm was nominated for
his
recent proposal to give banks and other financial service providers
access
to the population register data behind the new 'citizen service number',
even before the law introducing this number is passed by both houses of
parliament. The crime reporter Peter R. de Vries was nominated for
having
proposed a database with DNA cell-material of all inhabitants of the
Netherlands.

Sony BMG won the award in the category Companies. The company installed
spyware on 2.6 million audio CDs, intended as copyright protection. When
the
rootkit was discovered, the company issued a patch. But that made
matters
even worse. People interested in the patch had to provide many personal
details and after the installation the patch secretly set up encrypted
communication with Sony BMG.

In the category government institutions, the Flevo hospital earned an
award
with very poor security of personal data about patients. The hospital
embarked on a project to disclose appointments with patients via the
Internet, but failed to put adequate access control into place.

In the category 'proposals', the winner was the government idea to put a
central database into place with biometric data that would be soon
required
from every Dutchman requiring a new passport. Starting with August 2006
a
picture will be included on the chip and later on fingerprints of both
index
fingers will be added. The jury was deeply concerned about the
surveillance
possibilities of such a central database.

For the first time in the 4 years that BBAs have been organised in the
Netherlands, the jury decided to present a positive award, the Winston
Award, named after the protagonist of Orwell's 1984. The award was given
to
Prof. Hans Franken, professor in Law and Information Science at the
University of Leiden and member of the Senate for the Christian-democrat
party for his consistent resistance in the Senate against mandatory data
retention.

The ceremony was organised by Bits of Freedom, a Dutch NGO devoted to
the
defence of digital civil rights. The Dutch ceremony is part of a large
international network that started with a ceremony in 1998 in the UK.

Big Brother Award for Dutch immigration minister (28.01.2006)
http://www.bigbrotherawards.nl/index_uk.html

( Contribution by Sjoera Nas, EDRi-member Bits of Freedom - Netherlands)

============================================================
12. UK Passenger Travel Data in Advance
============================================================

Security services and the police in UK will have a new power. According
to
the immigration bill going through the Parliament, airlines will have to
give them advanced access to personal online details of all passengers
travelling in and out Great Britain. The home secretary, Charles Clarke
announced the intention to extend the system to domestic flights as
well.

This comes after a three-year pilot system that has been used in Britain
for
international flights, allowing access to passenger data after the
flights
left. Home Office stated that access to such information before the
flights
would have had much better results in stopping any terrorist suspects
on
board flights in and out Britain.

Certain airlines expressed the fear that such a procedure would increase
the
check-in time. As an operator assessed, the check-in time might increase
by
an average of 40 seconds per passenger. This estimation however is made
by
including the necessary time to fill in the home address and birthplace,
information that might be soon available on a machine-readable strip on
passengers' identity documents.

The police claim the scheme will enable them to reduce the number of
cases
innocent passengers are stopped or other types of errors by a more
targeted
approach.

However, several groups like the NGO Privacy International or the
Liberal
Democrats expressed their concern regarding the surveillance of domestic
passengers. As Alistair Carmichael, the new Liberal Democrat home
affairs
spokesman, put it Great Britain was creating "a surveillance
infrastructure
unparalleled in the free world".

"I am extremely concerned at the suggestion that ordinary people could
be
put under routine surveillance on domestic flights. Tracking
cross-border
movements in and out of the UK is necessary for proper immigration
control.
But there will have to be some pretty compelling arguments before we
allow
that principle to be extended to every journey inside the UK." said
Alistair
Carmichael.

Security services and police to get UK air passenger details in advance
(24.01.2006)
http://www.guardian.co.uk/print/0%2C3858%2C5382063-108958%2C00.html

============================================================
13. Recommended reading: Security Policies in Europe
============================================================

Current trends in ICT-based public security policies in Europe show a
systematic, generalized and global use of control and surveillance
technologies. This leads to implementing irreversible technical
standards, to long term structuring of an economic sector, to durably
established social behaviours, as well as, more globally, to questioning
fundamental aspects of the rule of law.
The seminar "Role of ICTs in the Evolution of Security Policies in
Europe :
Implementation Tools or Deep Restructuration Foundations ?" that took
place
on 27 January 2006 explored how these global tendencies imply profound
changes in the social contract.

Presentations available at:
http://www-polytic.lip6.fr/rubrique.php3?id_rubrique=29

============================================================
14. Agenda
============================================================

7 February 2006
Safer Internet Day 2006
The Safer Internet Day will take place across Europe under the
patronage of Commissioner Viviane Reding.
European internet safety network INSAFE
http://www.saferinternet.org

15-17 February 2006, Málaga, Spain
Second Open Source World Conference
http://www.opensourceworldconference.com/malaga06/en/modules/wiwimod/

16-17 February 2006, Geneva, Switzerland
Consultation on convening Internet Governance Forum (IGF)
Please note that all participants to this meeting have to pre-register.
Registration forms should be sent by fax to the IGF Secretariat
preferably
by 4 February, but not later than 11 February.
http://www.intgovforum.org/index.htm

20-24 February 2006, Geneva, Switzerland
Provisional Committee on Proposals Related to a WIPO Development Agenda:
First Session
http://www.wipo.int/meetings/en/details.jsp?meeting_id=9643

21-22 February 2006, Copenhagen, Denmark
Where to go from Tunis? Implementation of and follow-up to the World
Summit
on the Information Society and the role of Civil Society in this process
http://www.una.dk/wsis

1-3 March 2006, Geneva, Switzerland
WIPO - Open Forum on the draft Substantive Patent Law Treaty (SPLT)
http://www.wipo.int/meetings/2006/scp_of_ge_06/en/

29-30 March, Brussels, Belgium
European Spectrum Management Conference 2006
http://www.epsilonevents.com/pdf/SPECTRUM%20BROCHURE.pdf

2-5 May 2006, Washington, USA, CFP2006
The Sixteenth Conference on Computers, Freedom & Privacy welcomes
papers and suggestions for tutorials and panels on all aspects of
computers, freedom, and privacy. Possible topics; intellectual property
and intellectual freedom; copyright versus technologies that make
copying cheap or free; global activism; technology and monopoly;
voting technology and democracy; technology and weapons; ICANN and
Internet governance; borders and censorship; digital divide; biometric
systems; consumer privacy; wireless privacy and security; hacktivism;
digital rights management and privacy; public records and private
lives. The deadline is set on 31 January 2006.
http://www.cfp2006.org

2-4 August 2006, Bregenz, Austria,
2nd International Workshop on Electronic Voting 2006
Co-organized by Council of Europe (CoE) ESF: European Science
Foundation (ESF) within the project TED: Towards Electronic Democracy
International Federation of Integrated Processing, Working Group 8.5
Information Systems in Public Administration, Vienna University of
Economics and Business Administration. The deadline for contributing
papers is set on 24 February 2006. Students may apply for funds to
attend the workshop until 30 June 2006.
http://www.e-voting.cc/stories/1246056/

===========================================================
15. About
===========================================================

EDRI-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRI has 21 members from 14 European countries and 5 observers
from 5 more countries (Italy, Ireland, Poland, Portugal and Slovenia).
European Digital Rights takes an active interest in developments in the
EU
accession countries and wants to share knowledge and awareness through
the
EDRI-grams. All contributions, suggestions for content, corrections or
agenda-tips are most welcome. Errors are corrected as soon as possible
and
visibly on the EDRI website.

Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 2.0 License. See the full text at
http://creativecommons.org/licenses/by/2.0/

Newsletter editor: Bogdan Manolea <[log in to unmask]>

Information about EDRI and its members:
http://www.edri.org/

- EDRI-gram subscription information

subscribe by e-mail
To: [log in to unmask]
Subject: subscribe

You will receive an automated e-mail asking to confirm your request.

unsubscribe by e-mail
To: [log in to unmask]
Subject: unsubscribe

- EDRI-gram in Ukrainian

EDRI-gram is also available in Ukrainian, with delay. Translations are
provided by Privacy Ukraine
http://www.internetrights.org.ua/index.php?page=edri-gram

- Newsletter archive

Back issues are available at:
http://www.edri.org/edrigram

- Help
Please ask <[log in to unmask]> if you have any problems with subscribing
or
unsubscribing.



_______________________________________________________________
Connex scaneaza automat toate mesajele impotriva virusilor folosind
Trend Micro VirusWall.
Connex automatically scans all messages for viruses using Trend Micro
VirusWall.
_______________________________________________________________
Nota: Este posibil ca produsul Trend Micro VirusWall sa nu detecteze
toti virusii noi sau toate variantele lor. Va rugam sa luati in
considerare ca exista un risc de fiecare data cind deschideti fisiere
atasate si ca MobiFon nu este responsabila pentru orice prejudiciu
cauzat de decizia dvs.
Disclaimer: It is possible that the Trend Micro VirusWall product may
not be able to detect all new viruses and variants. Please be aware that
there is a risk involved whenever opening e-mail attachments to your
computer and that MobiFon is not responsible for any damages caused by
your decision to do so.


End of EDRi-news Digest, Vol 35, Issue 1
****************************************

--
This message has been scanned for viruses and dangerous
content by the NorMAN MailScanner Service and is believed
to be clean.

The NorMAN MailScanner Service is operated by Information
Systems and Services, University of Newcastle upon Tyne.


====
This e-mail is intended solely for the addressee. It may contain private and
confidential information. If you are not the intended addressee, please take
no action based on it nor show a copy to anyone. Please reply to this e-mail
to highlight the error. You should also be aware that all electronic mail
from, to, or within Northumbria University may be the subject of a request
under the Freedom of Information Act 2000 and related legislation, and
therefore may be required to be disclosed to third parties.
This e-mail and attachments have been scanned for viruses prior to leaving
Northumbria University. Northumbria University will not be liable for any
losses as a result of any viruses being passed on.

************************************************************************************
Distributed through Cyber-Society-Live [CSL]: CSL is a moderated discussion
list made up of people who are interested in the interdisciplinary academic
study of Cyber Society in all its manifestations.To join the list please visit:
http://www.jiscmail.ac.uk/lists/cyber-society-live.html
*************************************************************************************