From: [log in to unmask] [mailto:[log in to unmask]] On Behalf Of EDRI-gram newsletter
Sent: 22 October 2008 21:01
To: [log in to unmask]
Subject: EDRi-gram - Number 6.20, 22 October 2008

============================================================

            EDRI-gram

 biweekly newsletter about digital civil rights in Europe

     Number 6.20, 22 October 2008


============================================================
Contents
============================================================

1. Some amendments of the EP voted Telecom package still worrying 2. The PNR scheme entirely changed by the European Council 3. International Action Day "Freedom not Fear" - 11.10.2008 4. Freedom not Fear Prague: Do It Yourself Carnival burst in the city center 5. New Dutch Notice-and-Take-Down Code Raises Questions 6. Protests in France against the Edvige file on St. Edwige day 7. German court says ISPs do not violate the law by storing IP addresses 8. British court: people are bound to reveal computer encryption key 9. ENDitorial: Seizures and other abuses - from bad to worse 10. Recommended Reading 11. Agenda 12. About

============================================================
1. Some amendments of the EP voted Telecom package still worrying ============================================================

Some of the amendments passed by the European Parliament (EP) on the Telecom package are still worrying the civil rights groups, both on data retention and IP issues. Also, the fact that some amendments of the EP do not appear in the new document of the European Council working party on Telecommunications and the Information Society creates more confusion.

According to information from Patrick Breyer from the German Working Group on Data Retention, amendment 181 passed by the European Parliament regarding directive 2002/58/EC could be read to legalise "voluntary" blanket data retention practices as currently practised in the US. The amendment would make the entire regulation of traffic data in Article 6 of the directive meaningless. It is not restricted to times when an actual network error occurs but would allow a general collection of traffic data on the grounds of them being useful for "security purposes". It does not set a time limit, either.

Amendment 181 added in the Article 6 the following text: " Without prejudice to compliance with the provisions other than Article 7 of Directive 95/46/EC and Article 5 of this Directive, traffic data may be processed  for the legitimate interest of the data controller for the purpose of implementing technical measures to ensure the network and information security, as defined by Article 4 (c) of Regulation (EC)
460/2004 of the European Parliament and of the Council of 10 March 2004 establishing the European Network and Information Security Agency, of a public electronic communication service, a public or private electronic communications network, an information society service or related terminal and electronic communication equipment, except where such interests are overridden by the interests for the fundamental rights and freedoms of the data subject. Such processing must be restricted to that which is strictly necessary for the purposes of such security activity."

It seems that a majority of the EU member states are already critical to this amendment.

But other amendments on the 3 strikes approach have come back on the agenda.
On 14 October 2008, the European Council Working Party on Telecommunications and the Information Society issued a document that eliminated, without any explanation or justification, the pro-Bono amendment 166 (Article 32a) of the Universal Access directive (Harbour report) in the Telecoms Package reiterating the European Parliament's opposition to the 3-strikes measures system.

The article in question that said: "Article 32a Access to content, services and applications Member States shall ensure that any restrictions to users'
rights to access content, services and applications, if they are necessary, shall be implemented by appropriate measures, in accordance with the principles of proportionality, effectiveness and dissuasiveness. These measures shall not have the effect of hindering the development of the information society, in compliance with Directive 2000/31/EC, and shall not conflict with citizens' fundamental rights, including the right to privacy and the right to due process" and which was voted by a clear majority in the Parliament, simply lacks from the recent European Council document without any explanation whatsoever.

The document includes some other amendments which pave the way for the 3-strike system, imposing costs on ISPs and removing the oversight by the European Commission and national Regulators meant to protect users from content filtering.

At the same time, the article designed to support the French graduated response measures, (the co-operation Amendment 112 - Article 33 (2a) is kept.

Some of the state members, such as UK, Ireland, Germany, Austria and Hungary have reserves concerning the European Council document but the French government is pushing to see its system imposed on all EU members.

In an attempt to influence the German government's position, a seminar, "on the development of Creative content online" was organized by the French embassy in Berlin with the title "Can the Olivennes agreement set the course for the digital future?". During the seminar, German MEP Ruth Hieronymi clearly stated that co-operation amendment 112 of the Harbour report in the Telecoms Package provided the basis for the graduated response in EU law. "I am absolutely convinced, that the legal framework is there, to fashion a model like Olivennes that is compatible with European law" she stated in relation to the Telecoms Package.

The MEP also claimed personal responsibility for the withdrawal of Amendment
132 in the Framework directive which opposed graduated response, and was in direct conflict with Amendment 112 and the other pro-Olivennes measures.

Hieronymi's comments show that the attempt to insert graduated response and copyright enforcement measures into the Harbour report was deliberate. Which means that a vote for the directive as it is now, will clearly be a vote for graduated response.  Unless there is no opposition form the governments having shown some reserves, the law imposing the graduated response will be passed to all EU countries by December, as the Council seems to have decided to negotiate the document and not send it back to the EP for a second reading.

European Council set to overturn Parliament on 3-strikes (15.10.2008)
http://www.iptegrity.com/index.php?option=com_content&task=view&id=181&Itemid=9

Working Party on Telecommunications and Information Society - Compromise Proposal for the consolidated version of the proposal amending directive 2002/22/EC (10.10.2008) http://www.iptegrity.com/pdf/European.Council.Universal.Service.Directive.pdf

"Co-operation" amendment WAS designed to support 3-strikes (17.10.2008)
http://www.iptegrity.com/index.php?option=com_content&task=view&id=183&Itemid=9

EDRIgram: EP votes Telecoms Package (8.10.2008) http://www.edri.org/edrigram/number6.19/ep-votes-telecom-package

============================================================
2. The PNR scheme entirely changed by the European Council ============================================================

The European Council has started re-writing from scratch the European Commission's proposal for an EU-PNR scheme as a result of several EU governments' intention to go further in this matter.

Some European governments, with the UK in the lead, want to extend the PNR scheme used now under the US-EU agreement to all types of travel (air, land and sea), not only in and out the EU borders but between EU countries and even within each country. They also want the data and information gathered to be used not just for entry-exit, but also for any law enforcement purpose.

The declared purpose of collecting the data is "the prevention, detection, investigation, prosecution and punishment of terrorism and a group of other serious offences, defined by reference to the list in the Framework Decision on the European Arrest Warrant." However, there is an additional statement which gives more freedom to control: "The instrument would of course cover the reporting and prosecution of other offences brought to light during controls." While the PIUs (Passenger Information Units) collect the data from airlines and assess the passengers, "competent national authorities"
(i.e. police, security agencies) would be allowed to use the data for other purposes than for assessing security risks for flights.

The list of data to be collected practically covers the same 19 sets of data under the US-EU PNR agreement. Also, there will be two transmissions of the data, one 48 hours before the flight take off and one when the flight is all boarded.

The procedure for analysing the "terrorist or criminal threat" will include a first analysis "based on risk indicators" (such as source country or
destination) "pre-established by the competent (national) authorities" and a second one based on "national, international and European files". However, the issue here is that the 27 EU countries have watch lists which are extremely different. Hence, the proposal suggests the necessity of developing "common methods and indicators".

As some of the State Members do not wish to extend the scheme to flights inside the EU space, the text proposes that the choice of individual states to take the measure at the national level should be "explicitly recognised".
This means that actually the PNR will be collected by all Member States on all flights in and out of the EU and if a Member State wants to survey intra-community flights as well, it can very well do it.

EU-PNR scheme being re-written by the Council (4.10.2008) http://www.statewatch.org/news/2008/oct/04eu-pnr-rewrite.htm

EDRIgram - Dispute between UK government and EU over the use of PNR
(27.08.2008)
http://www.edri.org/edrigram/number6.16/uk-eu-pnr

Observatory: EU surveillance of passengers (PNR) http://www.statewatch.org/eu-pnrobservatory.htm

============================================================
3. International Action Day "Freedom not Fear" - 11.10.2008 ============================================================

The first worldwide protests against surveillance measures such as the collection of all telecommunications data, the surveillance of air travellers and the biometric registration of citizens were held on 11 October 2008 under the motto "Freedom not Fear - Stop the surveillance mania!". In at least 15 countries citizens demanded a cutback on surveillance, a moratorium on new surveillance powers and an independent evaluation of existing surveillance powers. "A free and open society cannot exist without unconditionally private spaces and communications", explains an international memorandum.

The greatest protest march against surveillance in Germany's history took place in Berlin. Participants in the 2 km long peaceful protest march carried signs reading "You are Germany, you are a suspect", "No Stasi 2.0 - Constitution applicable here", "Fear of Freedom?" and "Glass citizens, brittle democracy". Apart from related music tracks, loud chants of "Belittle it today, be under surveillance tomorrow" or "We are here and we are loud because they are stealing our data" could be heard. During the protests, which were supported by more than 100 civil liberties groups, professional associations, unions, political parties and other organisations, artists played parodies on surveillance society.

In their final speeches in front of the Brandenburg Gate, the organisers called for political consequences: padeluun of civil liberties group FoeBuD said that in view of the mass protests politicians needed to react now and repeal the blanket retention of all telecommunications data introduced in 2006. Patrick Breyer of German Working Group on Data Retention (AK Vorrat) presented a five point plan according to which surveillance should be reduced, existing laws should be evaluated and plans for new surveillance measures should be halted. In the course of a "new, freedom-loving security policy"
specific preventive measures such as youth projects should be invested in and the "real problems" of people such as poverty and education should be focused on. Ricardo Cristof Remmert-Fontes of AK Vorrat announced further action and invited participants to join parties held in seven participating clubs in Berlin under the motto "The long night of surveillance".

In other countries, the following events took place in the course of yesterday's "Freedom not Fear" day: Protest event with music and several art performances in Den Haag, lectures in Rome, surveillance camera mapping in Madrid, art performances in front of Parliament in Vienna, protest rallies in Paris, Prague, Sofia and Stockholm, the distribution of privacy software in Copenhagen, informative events in Guatemala City and Buenos Aires as well as a projection of light onto Toronto's Town Hall. In London, the construction of a surveillance state was opposed by creating a massive collage of photos on Parliament Square showing the prime minister and the action day's motto "Freedom not Fear".

Before the action day, Arbeitskreis Vorratsdatenspeicherung had warned of a "surveillance avalanche in Germany": According to the group, the German Parliament has tightened surveillance and control over citizens at least 21 times in the past 10 years. At least 18 more surveillance proposals are presently on the political agenda, for example the blanket collection of air travellers' data and the transfer of personal data to the US.

In an opinion published on 14 October 2008, the competent Advocate General at the European Court of Justice considered that the EU directive on data retention was enacted on the correct legal basis. The German Working Group on Data Retention pointed out that the Advocate General's opinion only concerns the action brought by the Irish government which is limited to formal issues. It is not concerned with the fact that registering the telecommunications behaviour and movements of the entire EU population in the absence of any reasonable suspicion is clearly disproportionate and violates human rights.

If the Court follows the Advocate General's opinion and dismisses Ireland's suit, it will need to consider the compatibility with human rights in a second proceeding. This second proceeding is likely to be initiated by the German Federal Constitutional Court where a suit of more than 34 000 citizens against data retention is pending.

In another case, The German Federal Constitutional Court is expected to decide shortly on an application for a preliminary injunction against the German law on data retention. The application is directed mainly against the retention of Internet access, anonymizing services and e-mail data which is to become effective on 1 January 2009. The Constitutional Court's final judgement will probably be passed after the European Court of Justice has decided on the human rights issues.

International Action Day "Freedom not fear - Stop the surveillance mania!"
on 11 October 2008
http://www.vorratsdatenspeicherung.de/content/view/242/144/lang,en/

Freedom Not Fear: the Big Picture unveiled on Parliament Square (11.10.2008) http://www.openrightsgroup.org/2008/10/11/freedom-not-fear-the-big-picture-unveiled-on-parliament-square/

Advocate General Bot considets that the directive on data retention is founded on an appropriate legal basis  (14.10.2008) http://curia.europa.eu/en/actu/communiques/cp08/aff/cp080070en.pdf

Constitutional complaint filed against German Telecomms Data Retention Act http://www.vorratsdatenspeicherung.de/content/view/184/79/lang,en/

(contribution by German Working Group on Data Retention)

============================================================
4. Freedom not Fear Prague: Do It Yourself Carnival burst in the city center ============================================================

On 11 October 2008 Prague hosted the DIY Carnival which marched through the city centre in the name of the worldwide initiative "Freedom not Fear".

Starting with a concert of several music groups on the river island Stvanice, more than 1000 people wearing masks outnumbered crowds of tourists on the fancy streets of the Old Town and protested against increasing surveillance within the society. The colourful parade ended up at sunset, but some of the participants reunited later that night on the occasion of Big Brother Awards benefit concert which was organized by EDRi member Iuridicum Remedium.

"The recent level of restrictions which criminalize majority of our society is alarming. It is another step towards state where police is competent to arbitrary bully people on the streets," said Jan Nemec, the spokesman of the Freedom not Fear initiative in Prague, in his public speech. "Let your voices be heard and express your resolute protest against these oppressive measures," called Jan Nemec on the participants.

However, the organization of the DIY Carnival did not go that smoothly as might be observed from its results. The parade had to take an alternative route, because the municipal authorities banned the original one on the bases of their fear that the carnival could turn into a street party.

Subsequently, the organizers have lodged an appeal with the court that was later dismissed. The final decision is still pending, though. "The hearing on the ban took place on Friday, just one day after we received an email notification, while the rules of the administrative court grant at least ten days for preparation," commented the first instance decision Helena Svatosová, lawyer from the NGO Iuridicum Remedium, who initiated proceedings in this  matter before the Highest Administrative Court.

(contribution by Vaclav Mlynarik - EDRi-member Iuridicum Remedium)

============================================================
5. New Dutch Notice-and-Take-Down Code raises questions ============================================================

Dutch government and leading market participants have adopted a new Notice-and-Take-Down Code of Conduct. The Code seeks to clarify the responsibilities of internet intermediaries (hosting providers in
particular) when confronted with a notice that online information is punishable (under Dutch penal law) or unlawful. Reactions to the code are mixed. Many hosting providers have not signed the Code. Others have called it symbolic. In fact, the Code seems to obscure the current legal obligations of internet service providers with regard to punishable and unlawful material. Unfortunately, the Code does not even mention the right to freedom of expression and the issue of censorship.

Although the code has no legal status, it goes further than the Dutch law in a number of ways. The Code states that a notice of a public prosecutor that material is punishable cannot be questioned by a provider, because the public prosecutor has already established its illegal character.

However, a recent academic study of the Centre for Cybercrime Studies (Cycris), commissioned by the Dutch government, revealed the inadequacy of Dutch laws concerning Notice and Takedown. In particular, it found that the public prosecutor does not have an adequate legal instrument to order material to be taken down. The study concluded that "there are insufficient guarantees built into the process to protect the interests of Internet users and the information freedoms". The Dutch government has responded that it is reviewing the relevant laws, but it has completely ignored the problem in the context of this new Code.

In the case of notices of punishable and unlawful material from others than the public prosecutor the Code provides that an intermediary will remove the material if it is 'unequivocally' punishable or unlawful. If not, the party seeking removal can either seek involvement of law enforcement agencies or start a civil procedure. There is no explicit mention of a put-back procedure. The Code does state that intermediaries have to be careful not to remove more content than the notice points to.
The Code does not change the circumstances under which rights holders can retrieve identifying data of alleged infringers of copyright. For this reason, BREIN, the representative of the rights holders in the Netherlands, has made clear it sees the current Code as unsatisfactory.

To complicate matters, the Code introduces the concept of 'undesirable'
or 'harmful' material. It defines this as material that is not illegal or unlawful under Dutch law, but material that a provider itself does not want to host, because of its 'undesirable' or 'harmful' character.
The Code states that the provider is free to develop such criteria and treat notices of 'undesirable' or 'harmful' material the same way as notices of illegal material. Clearly, government involvement in this part of the Code of Practice is problematic from the perspective of freedom of expression. The Code does not clarify which categories of content can legitimately be considered as 'undesirable' or 'harmful' by an intermediary. And unfortunately, the Code does not explicitly forbid law enforcement agencies to send notices of 'undesirable' or 'harmful'
material, whereas such notices would seem to be illegal.

The Code was adopted in the context of the National Infrastructure Cybercrime, a public private partnership, which includes several branches of the Dutch Government, major broadband providers such as KPN, XS4all, and cable providers. There is no official list of participants in the Code.

Notice-And-Take-Down Code of Conduct (9.10.2008) http://www.samentegencybercrime.nl/UserFiles/File/NTD_Gedragscode_Opmaak_Engels.pdf

Dutch 'Notice-and-Take-Down' Code of Conduct issued (14.10.2008) http://www.saferinternet.org/ww/en/pub/insafe/news/articles/1108/notice_and_take_down.htm

Cycris Research on art. 54a of the Dutch Penal Code (13.05.2008)
http://www.cycris.nl/news/7/39

Hosters en Brein sluiten piraterij-compromis (In Dutch only) (9.10.2008) http://webwereld.nl/articles/53058/hosters-en-brein-sluiten-piraterij-compromis.html

(Contribution by Joris van Hoboken - EDRi-member Bits of Freedom -Netherlands)

============================================================
6. Protests in France against the Edvige file on St. Edwige day ============================================================

As previously announced in EDRi-gram, St. Edwige day in France was a day of protests against the file project called Edvige, a file that would gather information on any person, including minors, considered by the police as a "suspect" capable of disrupting the public order.

On 16 October, on St. Edwige day, demonstrations against the introduction of the Edvige file were organised in Paris, Agen, Bordeaux, Strasbourg, Saint-Etienne, Lyon and other big cities in France by the "Non à Edvige"
group that included La Ligue des Droits de L'Hommes (The League of Human Rights), FSU, CGT, CFDT, Aides and French EDRi-member IRIS.

The project had already been modified in September into the so called EDVIRSP file. However, even the new version was considered unacceptable by the opponents of the project especially because it involves gathering data on minors who are considered by the police a public threat.

The "Non à Edvige" petition is asking for the cancellation of the entire project. It remains to be seen if the demonstrations that took place on 16 October will find any echo with the French authorities.

On Saint Edwige, the anti-Edvige march on the streets (only in French,
16.10.2008)
http://www.lemonde.fr/web/son/0,54-0@2-3224,63-1107874@51-1090646,0.html

Saint Edwige: the anti-Edvige in the street (only in French,17.10.2008) http://www.top-logiciel.net/news-article.storyid-3044.htm

On Saint Edwidge: I don't want Edvige ! (only in French, 17.10.2008) http://www.youtube.com/watch?v=94hUZr6FxLc&feature=user

EDRIgram - French file EDVIGE revised after huge civil society mobilization (only in French, 24.09.2008) http://www.edri.org/edrigram/number6.18/edvige-revised

============================================================
7. German court says ISPs do not violate the law by storing IP addresses ============================================================

On 30 September 2008, the Munich District Court decided in a provisional ruling that website operators were not violating the data protection legislation when storing IP addresses of their visitors as IP addresses alone are not considered personal data.

The case was brought to the court by an individual who argued that storing IP addresses in log files by a web publisher represents a privacy violation because the information could be used to identify him and relate his identity to his web surfing activity. The court dismissed his arguments and ruled against his claim.

The court considers IP addresses are not personal data under the German Privacy Act because the information cannot be easily used to determine a person's identity and an ISP could not tell a third party who was using a particular IP address at a particular time without a legal basis. Such information is provided by ISPs only when ordered by a court.

The ruling also said that IP addresses lacked the necessary quality of "determinability" to be personal data, meaning the identity of the person behind the information cannot be established without a significant effort and by using "normally available knowledge and tools."

However, we should not over-estimate the relevance of this decision.It was taken by a local court with no IT experts and the judge did not discuss the dissenting decisions from higher level Berlin courts. The decision only applies to dynamic IP addresses.

Privacy activists have argued that IP addresses should count as personal data under data protection legislation. The Article 29 Working Party has also said that IP addresses should be treated as personal data by ISPs and search engines, even if they are not always personal data. "Unless the Internet Service Provider is in a position to distinguish with absolute certainty that the data correspond to users that cannot be identified, it will have to treat all IP information as personal data, to be on the safe side. These considerations will apply equally to search engine operators,"
said a report issued by the Article 29 Working Party in April.

Regarding the fact that IP addresses are not considered personal data by some, in an interview given to EurActiv on the data protection rules, the European Data Protection Supervisor Peter Hustinx explained : "As of today there is some uncertainty, and this is why we will probably see a study from the Commission to shed light on this. But the common view of the data protection specialists is that in many situations IP addresses are personal data. Therefore websites, Internet Service Providers and other parties should ensure data protection compliance. This is an important thing to emphasise." He also believes that The European Commission should clarify the application of existing data protection rules in relation to RFID in order to avoid "big social dangers".

German court says IP addresses in server logs are not personal data
(14.10.2008)
http://www.out-law.com/page-9505

Hustinx: Tracking people 'easier' with RFID (3.10.2008) http://www.euractiv.com/en/infosociety/hustinx-tracking-people-easier-rfid/article-176220

AG, Munich: IP addresses may be used by Web site operators are stored (only in German, 7.10.2008) http://www.kremer-legal.com/2008/10/07/ag-munchen-ip-adressen-durfen-von-website-betreibern-gespeichert-werden-volltext/

============================================================
8. British court: people are bound to reveal computer encryption key ============================================================

Two persons were denied by the court the right to silence in relation to the encryption key they were asked to reveal to the police.

The men had brought as argument to the court that handing over the encrypted key for the data in their computers would mean forcing them to incriminate themselves. Defendants have a right to silence and to refuse to divulge information that could be used as evidence against them.

The Court of Appeal however considered that an encryption password is not incriminating information in itself and that the key as well as the information in the computers existed independently from the men just like any key to a drawer and its content. Therefore, the men had no right to deny the police the encryption keys.

The two men had been arrested the police for having been involved with a person who was subject to a control order under anti-terrorism legislation and their computers had been seized. The police had sent notices ordering the men to disclose the passwords in the interest of national security and the prevention or detection of crime. The authorities can ask disclosure of such keys because, in terms of the law, the information on the computers is already in the possession of the police and an order for password disclosure can be made, if "no alternative, reasonable method of gaining access to it or making it intelligible is available" as expressed by Mr Justice Penry-Davey in the Court of Appeal.

According to the Regulation of Investigatory Powers Act (RIPA), the refusal to reveal a decryption key can be punished with imprisonment up to 5 years.
The clause covering this measure has been included in RIPA act since 2007 but has not been activated until 1 October 2008 because, last year, the Home Office considered that the encryption was not as popular as it had been predicted. Part III of RIPA was activated after a period of consultation.
People receiving notice from the police are bound to reveal the encryption keys or render the requested material intelligible by authorities.

The clause has been criticised by civil liberties activists and security experts who consider that the measure affects privacy and can lead to persons being forced to incriminate themselves. An argument against the action is also that passwords can be forgotten and people may pretend to have forgotten or really forget them.

According to the Home Office, the process will be overseen by the Interception of Communications Commissioner, the Intelligence Services Commissioner and the Chief Surveillance Commissioner and complaints about demands for information will be made by the Investigatory Powers Tribunal.
The Home Office considers that the actions are consistent with the European Convention on Human Rights and the UK Human Rights Act as long as the demand for decryption is "both necessary and proportionate". "The measures in Part III are intended to ensure that the ability of public authorities to protect the public and the effectiveness of their other statutory powers are not undermined by the use of technologies to protect electronic information,"
stated the Home Office.

But besides the concerns raised by civil liberties activists, there are also voices that warn the measure may even lead to hiding more material from the Police.

"I think putting the powers on the statute book will make it more, not less, likely that police will encounter encrypted material because people will become aware of dual key systems and see how easy they are to use,"
commented security expert Dr Richard Clayton.

Court of Appeal orders men to disclose encryption keys (16.10.2008)
http://www.out-law.com//default.aspx?page=9514

England and Wales Court of Appeal (Criminal Division) Decisions (9.10.2008) http://www.bailii.org/ew/cases/EWCA/Crim/2008/2177.html

RIPA could be challenged on human rights (24.01.2008)
http://www.out-law.com/page-8826

Law requiring disclosure of decryption keys in force (2.10.2007)
http://www.out-law.com/page-8515

============================================================
9. ENDitorial: Seizures and other abuses - from bad to worse ============================================================

Two recent episodes (that are not "isolated cases") show, again, how distortions in Italian laws and in their application can lead to all sorts of abuses - as discussed before. The problem is that these abuses are not only continuing, but getting worse.

One is explained in a recent article and is obviously (no matter how it's
disguised) a case of censorship.

The other case we are discussing here, if taken as a single episode, could be seen as a comedy of errors. A website for the exchange of music was "seized" - that is to say, access was blocked. It was soon moved to another address, and later the "seizure" was revoked. So it didn't suffer any serious damage and it may have gained some publicity as a result of the protest in Italy and elsewhere caused by the attempt to choke it. The instigators of the repression (as usual, the lobbies of music majors) were (in this case and so far) defeated and ridiculed. But the procedures in this grotesque affair reveal several alarming abuses.

Many problems, for many years, have been caused by an awkward peculiarity of the Italian legislation, that treats copyright infringement as a criminal offence. And it has always been an awful abuse to seize computers, servers etcetera with a brutal procedure that is useless for investigation purposes and dramatically harmful not only for suspects who are "innocent until proven guilty", but also for people and organizations who are not involved in the facts (or assumptions) being investigated.

In recent years this abuse has taken a new twist, that queerly extends the "seizure" concept to the suppression of a website or if, as in this case, the website isn't in Italy, to force Italian internet providers to block access (or even, as in this example, to arbitrarily re-route the "traffic"
to another foreign website, dedicated to persecuting people who are trying to access the blacklisted source).

It would be dangerous to underestimate the implications of these behaviors, too easily supported by internet providers, who care about their selfish interests above the rights of their customers. They go far beyond the consequences of individual episodes, suggesting criteria and procedures that can be extended to the repression of any unwelcome opinion or information, as well as of enterprises competing with "favored" interests.

To make things even worse, in this case the attack was on a site that doesn't offer file sharing, but information on where resources can be found.
This could lead to the absurdity of turning not only connection providers, but also search engines, into censors, spies and "sheriffs" of the net for inquiries and prohibitions originating in any country and extending beyond its borders.

In a "package of rules" recently approved (September 24, 2008) by the European Union Parliament "measures that would have allowed a control on internet users were rejected." Specifically, "the MEPs rejected the idea that ISPs should filter all downloads and punish the infringers of copyright rules, being thus transformed into a sort of online police."

Of course it remains to be seen if and how "good intentions" will be applied, but in the meantime Italian authorities, once again, appear to be peculiarly prone in obeying the whims and wishes of the "owners of ideas"
and not as careful as they should in ensuring freedom of opinion and civil rights.

An update on the Italian PirateBay case (8.10.2008) http://www.edri.org/edrigram/number6.19/update-piratebay-italy

The European Parliament voted the Telecoms Package (8.10.2008) http://www.edri.org/edrigram/number6.19/ep-votes-telecom-package

ENDitorial: A stupid law and a perverse "criminal" sentence (24.09.2008) http://www.edri.org/edrigram/number6.18/stupid-law-italy

(contribution by Giancarlo Livraghi - EDRi-member ALCEI - Italy)

============================================================
10. Recommended Reading
============================================================

The Council of Europe launched, in close cooperation with European online game designers and publishers and with Internet service providers, two sets of guidelines which aim to encourage respect and promote privacy, security and freedom of expression.

Human Right Guidelines for Online games providers http://www.coe.int/t/dghl/standardsetting/media/Doc/H-Inf(2008)008_en.pdf

Human Right Guidelines for Internet service providers http://www.coe.int/t/dghl/standardsetting/media/Doc/H-Inf(2008)009_en.pdf

============================================================
11. Agenda
============================================================

24 October 2008, Bielefeld, Germany
Big Brother Awards Germany 2008
http://www.BigBrotherAwards.de/

25 October 2008, Vienna, Austria
Big Brother Awards Austria 2008
http://www.BigBrotherAwards.at/

3-7 November 2008, Geneva, Switzerland
Standing Committee on Copyright and Related Rights : Seventeeth Session
http://www.wipo.int/meetings/en/details.jsp?meeting_id=16828

13-14 November 2008, Chisinau, Moldova
IFLA/EBLIDA/eIFL Conference on copyright and libraries
Copyright: Enabling Access or Creating Roadblocks for Libraries?
Registration by 1 November 2008
http://www.eblida.org/index.php?page=draft-programme-2

25-26 November 2008, Brussels, Belgium
World e-Parliament Conference 2008
http://www.ictparliament.org/worldeparliamentconference2008/

3-6 December 2008, Hyderabad, India
Third Internet Governance Forum
http://www.intgovforum.org

9-10 December 2008, Madrid, Spain
Future Internet Assembly
http://www.future-internet.eu/home/future-internet-assembly/madrid-dec-2008.html
http://www.fi-madrid.eu/

10-11 December 2008: Tilburg, Netherlands Tilting perspectives on regulating technologies, Tilburg Institute for Law and Technology and Society, Tilburg University http://www.tilburguniversity.nl/tilt/conference

27-30 December 2008 Berlin, Germany
25C3: Nothing to hide
The 25th Chaos Communication Congress
http://events.ccc.de/congress/2008/

18-20 March 2009, Athens, Greece
WebSci'09: Society On-Line
http://www.websci09.org/

1-4 June 2009, Washington, DC, USA
Computers Freedom and Privacy 2009
http://www.cfp2009.org/

============================================================
12. About
============================================================

EDRI-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRI has 28 members based or with offices in 17 different countries in Europe. European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRI-grams.

All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and visibly on the EDRI website.

Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 2.0 License. See the full text at http://creativecommons.org/licenses/by/2.0/

Newsletter editor: Bogdan Manolea <[log in to unmask]>

Information about EDRI and its members:
http://www.edri.org/

European Digital Rights needs your help in upholding digital rights in the EU. If you wish to help us promote digital rights, please consider making a private donation.
http://www.edri.org/about/sponsoring

- EDRI-gram subscription information

subscribe by e-mail
To: [log in to unmask]
Subject: subscribe

You will receive an automated e-mail asking to confirm your request.
unsubscribe by e-mail
To: [log in to unmask]
Subject: unsubscribe

- EDRI-gram in Macedonian

EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/edrigram-mk.php

- EDRI-gram in German

EDRI-gram is also available in German, with delay. Translations are provided Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users http://www.unwatched.org/

- Newsletter archive

Back issues are available at:
http://www.edri.org/edrigram

- Help
Please ask <[log in to unmask]> if you have any problems with subscribing or unsubscribing.

************************************************************************************
Distributed through Cyber-Society-Live [CSL]: CSL is a moderated discussion
list made up of people who are interested in the interdisciplinary academic
study of Cyber Society in all its manifestations.To join the list please visit:
http://www.jiscmail.ac.uk/lists/cyber-society-live.html
*************************************************************************************