From: [log in to unmask] [mailto:[log in to unmask]] On Behalf Of EDRI-gram newsletter
Sent: 05 November 2009 00:34
To: [log in to unmask]
Subject: EDRi-gram newsletter - Number 7.21, 4 November 2009

============================================================

            EDRi-gram

 biweekly newsletter about digital civil rights in Europe

     Number 7.21, 4 November 2009


============================================================
Contents
============================================================

We're on Twitter !
1. Compromise on Amendment 138. Telecom Package finalised
2. Free as in Free Culture
3. Declaration on Global Privacy Standards
4. Petition against data retention in Belgium
5. ISPs Meeting sparks debate over Dutch Data Retention obligations
6. Internet blocking gets a red card !
7. Third PrivacyOS: More Privacy, Increased awareness
8. France: Second version of the three strikes law is in place
9. Three strikes plans in UK
10. EU-US common set of principles on data protection and sharing
11. ENDitorial:  ACTA revealed, European ISPs might have a big problem
12. Recommended Action
13. Recommended Reading
14. Agenda
15. About

============================================================
We're on Twitter !
============================================================

If 2 weeks is too much for you to wait to the fresh info, we have good
news: EDRi is on Twitter !
Just follow @edri_org and expect news & updates on European Internet policy
and civil liberties. And the random odd link. ;-)

EDRi twitter account
http://twitter.com/edri_org

============================================================
1. Compromise on Amendment 138. Telecom Package finalised
============================================================

The European Parliament (EP) and the Council were set in reaching an
agreement when they started the negotiation activities on 4 November 2009 at
7 PM. After hot debates, an agreement was reached on the 5 November, a
little while after 00:30.

The adopted text on the Amendment 138 topic, now point 3a of article 1 is,
according with our sources in Brussels, this one:

"3a. Measures taken by Member States regarding end-users' access to or use
of services and applications through electronic communications networks
shall respect the fundamental rights and freedoms of natural persons, as
guaranteed by the European Convention for the Protection of Human Rights and
Fundamental Freedoms and general principles of Community law.

Any of these measures regarding end-users' access to or use of service and
applications through electronic communications networks liable to restrict
those fundamental rights or freedoms may only be imposed if they are
appropriate, proportionate and necessary within a democratic society, and
their implementation shall be subject to adequate procedural safeguards in
conformity with the European Convention for the Protection of Human Rights
and Fundamental Freedoms and with general principles of Community law,
including effective judicial protection and due process. Accordingly, these
measures may only be taken with due respect for the principle of presumption
of innocence and the right to privacy. A prior fair and impartial procedure
shall be guaranteed, including the right to be heard of the person of
persons concerned, subject to the need for appropriate conditions and
procedural arrangements in duly substantiated cases of urgency in conformity
with European Convention for the Protection of Human Rights and Fundamental
Freedoms. The right to an effective and timely judicial review shall be
guaranteed."

It was clear that the original Amendment 138 has no chance, when the EP's
delegation went into the negotiations with a slightly changed text of the
Council's last proposal from 28 October 2009. The new text explained the
measures "Any of these measures regarding end-user's access to or use of
services and applications through electronic communications networks".

The key text from the original Amendment 138 "without a prior ruling by the
judicial authorities" was turned by the EP delegation  into the "shall
respect the requirements of a prior fair and impartial procedure including
the right to be heard of the person or persons concerned and the right to an
effective and timely judicial review."

The last paragraph from the Council's proposal was also deleted. (This shall
not affect the competence of a Member State, in conformity with its own
constitutional order and with fundamental rights, to establish, inter alia,
a requirement of a judicial decision authorising the measures to be taken.)

Thus at least two of the concerns of the Internet users did not make it to
the final text, if our sources are correct. The text doesn't concern private
actors restrictions, thus allowing ISPs to be dragged in "voluntary
agreements" with the recording industry.

Moreover the text does not guarantee explicitely "the prior judicial
review", thus leaving alone the Three Strikes Law in France and an open door
for other 3 strikes measures in other countries. It would have been
extremely nice to see the initial wording in the final text, especially
after the recent updates on ACTA (see ENDitorial: ACTA revealed, European
ISPs might have a big problem).

Telecom conciliation: Parliament's new proposal (4.11.2009)
http://christianengstrom.wordpress.com/2009/11/04/telecom-conciliation-parliaments-new-proposal/

Telecom package meetings on Wednesday (2.11.2009)
http://christianengstrom.wordpress.com/2009/11/02/telecom-package-meetings-on-wednesday/

An evolution of "amendment 138"
http://www.laquadrature.net/en/an-evolution-of-amendment-138

EDRi-gram: EDRI Open Letter to the EP on Amendment 138 (21.10.2009)
http://www.edri.org/edrigram/number7.20/edri-open-letter-amendment-138

============================================================
2. Free as in Free Culture
============================================================

Free Culture Forum (FCF), organized by the Spanish NGO Exgae together with
Networked Politics and the Free Knowledge Institute turned Barcelona in the
capital of free culture for 3 days. Of course, Free as in Free Speech.

The official Introduction of the 3 day event was a dazzling show, called the
Oxcars, where "free" music and video where blended with a showcase of
awards for the ones that changed the current situation of the digital
culture through their actions

This Free Culture Awards Festival, organized for the second time this year,
gathered more than 1000 people in Sala Apollo in Barcelona to see the parody
of the SGAE (Spanish music collective society) actions. The festival awarded
several people or events that were considered crucial in defending the free
flow of information and culture on the Internet.

One of the awardees, writer Alberto Vazquez-Figueroa, said in a public
statement "I prefer to be read for no money than not to be read". The author
published his latest book "Por Mil millones de dólares" not only on a paper
format, but also gave it free on his blog.

Remi Gaillard, a French comedian, also won a prize for his extremely funny
videos distributed freely on the Internet. Among the winners there was also
the Electronic Frontier Foundation for the parodies after "bunker scene"
from the 2004 film "Downfall." In the version presented at the OXcars,
Hitler is ranting about troubles with DRM and the failure of DMCA takedowns
to prevent fair uses. And the Spanish Campaign "Molina Pirate" received a
public ovation for the Grand Twitter Contest that encouraged Internet users
to express their creativity in 140 characters or less and to demand the
resignation of the Spanish Minister for Culture Cesar Molina who seemed set
on taking the rights to access information away from individuals and give
them to multinationals and private companies for free.

The fiesta was ended by a "Symphonic illegality" a free karaoke exercise
with the Original Jazz Orchestra of Barcelona (Original Jazz Orquestra del
Taller de Músics de Barcelona).

The next day was dedicated to a public event hosted by the Barcelona
University, with speakers from all mediums, from Felix Stalder who talked
about "The political implications of free culture" to the collective
identity Isaac Hacksimov or from US Students for Free Culture to Consumers
International. The subjects ranged also on a large scale starting with
Education and Access to Knowledge and ending up with the immediate threats:
TRIPS Plus, Anti-Counterfeiting Trade Agreement (ACTA) or the Telecom
package. The entire event was broadcasted live, with live microblogging on
identi.ca in Catalan, Spanish and English.

In the next days over 100 high-profile specialists from 20 countries
participated in the Forum of Free Culture with the declared purpose of
starting a civil society offensive in the defense of fundamental rights in
the digital era. This includes rights of freedom of expression or access to
culture and knowledge.

The experts were divided, in the next days, into 5 different thematic
working groups:
- Legal Perspectives and User Access
- Economies, New P2P Models and Sustainable Distribution
- Education and Access to Knowledge
- Free Software and Open Standards
- Knowledge Sharing Hacker Philosophy and Action Technical Ware

After open discussions and explanations on sometimes different positions and
nuances, a "Charter for a free culture" has been agreed upon. The document
that will be finalized in the next 10 days will be dedicated to influence
the Spanish Presidency of the European Union, by defining the basic
principles for a 21st century society that makes use of new Technologies
Information for a free and fair supportive and fair digital environment,.
The document aims to have an international impact with a lot of participants
from US and with official observers from the Ministry of Culture of Brazil
assisting at the event, with just a few weeks before the Brazilian Digital
Culture Forum where the Culture Ministry will launch a new strategy on
copyright.

Draft charter
http://wiki.fcforum.net/index.php?title=Final_Document/Charter_%28Long_version%29

Working documents from the 5 working groups
http://fcforum.net/topics

Live microblogging on Free Culture Forum
http://identi.ca/fcforum

The free distribution of content has its rewards in oXcars (only in Spanish,
28.10.2009)
http://www.publico.es/ciencias/264532/foro/barcelona/futuro/red/free/culture/forum/oxcars

FCForum, the rebel alliance (only in Spanish, 29.10.2009)
http://www.rebelion.org/noticia.php?id=94153

P2p escapes from Internet (only in Spanish, 30.10.2009)
http://www.publico.es/ciencias/265602/p/2/p/escapa/internet/oxcars/angeles/gonzalez/sinde/ministerio/cultura/sgae

AntiSGAE Gala in Barcelona: P2P or death (30.10.2009)
http://www.elmundo.es/elmundo/2009/10/30/navegante/1256917941.html

Press release
http://wiki.fcforum.net/index.php?title=Final_Document/Press_announce

============================================================
3. Declaration on Global Privacy Standards
============================================================

The public voice coalition, where EDRi is also a member, gathered almost two
hundred privacy experts, advocates, and governments officials from around
the world for a civil society event in Madrid with the title "Global privacy
standards for a Global world".

Held in conjunction with the annual meeting of the Privacy and Data
Protection Commissioners, the event was cybercasted, live blogged and tweted
in order to be available to any Internet user interested in the privacy
topics.

The conference had 5 different sessions, with two keynote speakers - Mr.
Stavros Lambrinidis, Vice President, European Parliament and Mr. Peter
Hustinx, European Data Protection Supervisor (Netherlands).

The first session Privacy and Human Rights: The Year in Review presented
several privacy issues from 2009 from different parts of the globe. The
European status was presented by Meryem Merzouki from EDRi-member IRIS,
France that highlighted the new threats brought by the Stockholm programme
or the different police databases with high-level privacy intrusion. There
was a specific interest from the audience on the status of EDVIGE 2.0.
Meryem confirmed that the civil society will react to the new police file,
while Peter Schaar has underlined that "Edvige is a horror database for us,
because it includes many persons that did not breach any laws - they are
just 'risky persons'."

The latest Privacy and Human Rights Report that covers 80 states was
launched with this occasion by Ms. Katitza Rodriguez, Electronic Privacy
Information Center.

The second session - Privacy Activism: Major Campaigns - was kicked off by a
lively presentation by EDRi-member Mr. Ralf Bendrath who explained what is
Privacy Activism 2.0. Mixing open structures, viral marketing, pop culture,
privacy issues with a healthy dose of fun was the perfect recipe for the
biggest demonstration ever against surveillance in Germany known in the
entire world as Freedom not Fear. Ms. Willemiem Bax from Consumer
Organization BEUC highlighted the consumers actions for the protection of
their digital rights, while David Rodríguez presented a creative local
campaign against CCTVs in the neighbourhood of Lavapies, Madrid.

"Your Data in the Cloud: What if it Rains? " was the inspired title of the
third session. EDRi's President Andreas Krisch pointed out with images from
NASA and German Federal Archive from 1962 and 1970 respectively that the new
technological developments do not change that much and we should address
more seriously the security aspects of cloud computing. He suggested as
ideas to be included in global privacy standards in cloud computing: data
breach notification, data minimisation as well as responsibility for IT
infrastructures introduce in the market (see RFID).

Moving even more in depth on the global privacy issues, there were
discussions on the transborder data flows. Eddan Katz from EFF showed the
real problems of the Safer Harbour privacy agreement between US and EU,
including the fact that it doesn't cover non-profits, because FTC oversight
on US side is only for companies. Gus Hossein from Privacy International
bluntly declared that we should stop using transborder data flows as a
Trojan horse in asking for data protection legislation in developing
countries. He insisted that just having a data protection act is not enough
and we should all focus on capacity building for this countries.

The last session presented the Civil society declaration: Global Privacy
Standards for a Global World, with the all representatives at the final
panel (Ms. Jennifer Stoddart, Privacy Commissioner, Canada, Mr. Jacob
Kohnstamm, EU Article 29 Group Vice-Chairman and Mr. Rafael García Gozalo
from the Spanish DPA) openly supporting the Declaration.

Live blogging from the event
http://edri.blogactiv.eu/

Madrid anti-CCTV campaign (only on Spanish)
http://unbarriofeliz.wordpress.com/

Global Privacy Standards for a Global World -The Civil Society Madrid
Declaration (3.11.2009)
http://bit.ly/IVO1m

Event's programme (3.11.2009)
http://thepublicvoice.org/events/madrid09/

Tweeting on the event
http://twitter.com/#search?q=%23globalprivacy

Stavros Lambrinidis speech - video (3.11.2009)
http://bitacora.palomallaneza.com/2009/11/03/stravos-lambrinis-en-tpv/

Andreas Krisch - Data protection in the cloud (3.11.2009)
http://www.edri.org/files/akrisch_TPV_CloudPrivacy_20091103.pdf

Meryem Merzouki - Privacy issues with EU Law Enforcement Cooperation
Developments (3.11.2009)
http://www.edri.org/files/Presentation_Meryem_EDRi_civil_society.pdf

============================================================
4. Petition against data retention in Belgium
============================================================

A number of Belgian NGOs representing Internet users, lawyers,
journalists, human rights activists and others on 26 October 2009
started a petition against the Belgian transposition of the EU Data
Retention directive.

In August 2009, the Minister of Justice presented a draft asking for a
2-year data retention. This period was considered excessive by the
Belgian Data Protection Authority, which suggested a one year period.
Considering even this period not to be acceptable, the NGOs took the
initiative to start a petition against the implementation of the
European directive in Belgium, convinced that the retention of traffic
and location data is not a solution to security problems.

Like in other countries fighting the data retention law, the supporting
organizations consider that the law would be in violation of the right to
privacy and that it would interfere "with the professional confidentiality
of doctors, lawyers and clerics, as well as (...) with the protection of
informants from journalists".

Also, although traffic and location data retention may sometimes be
necessary, the general preservation of data is considered too a drastic
measure, which has not been proven effective in fighting terrorism.

"After all, a general and preventive obligation to retain traffic and
location data represents a serious violation of the right to privacy
and implies that each citizen is potentially dangerous," says the
press release launching the petition.

Concern is also expressed related to the risks and costs resulting
from a general obligation to retain data. "It will be the citizen that
has to pay for the surveillance that is directed towards him; this
might be through higher subscription prices with service providers, or
it might be through higher taxes with which the government will
compensate the service providers."

PRESS RELEASE - Launching the website "retain your privacy": Campaign
against the Belgian transposition of the European directive on the
retention of data (26.10.2009)
http://www.statewatch.org/news/2009/oct/belgium-civil-society-against%20data-retention.pdf

Petition - Retain your privacy petition
(French version)
http://www.preservetavieprivee.be
(Dutch version)
http://www.bewaarjeprivacy.be

EDRI-gram: Belgium: Minister of Justice wants 2 years of data
retention (26.08.2009)
http://www.edri.org/edri-gram/number7.16/belgium-data-retention

============================================================
5. ISPs Meeting sparks debate over Dutch Data Retention obligations
============================================================

Dutch government agencies held a meeting on 14 October 2009 with internet
service providers, looking for ways to clarify the data retention
obligations under the country's new Data Retention Act. After the meeting,
ISPs still face uncertainty over how long to store data, who falls within
the scope of the Act and how the authorities want the data to be stored or
disclosed. Dutch civil rights movement Bits of Freedom released a critical
report of the meeting, warning for the controversial possibility for
centralized storage of the data and its negative impact on the right to
privacy.

The new act, which took effect 1 September, obligates telecom providers
and ISPs to retain identification, traffic and location data for 12 months
for intelligence agencies and the investigation of serious crimes. Whereas
most mobile and fixed telephony operators know what to expect of the new
law, all ISPs were puzzled after the quite chaotic meeting and most of them
concerned over the privacy interests of their customers.

First of all, it is still not sure if the retention period for ISPs will be
reduced to six months. As of now, both telecoms companies and ISPs need to
store the data for twelve months. But in the heat of the First Chamber
(Senate) hearings in July, the Minister of Justice proposed a new
"reparation law" reducing this term to six months for ISPs. This rather
unique manoeuvre of the Minister was needed to get a majority in the Senate
to pass the law. It remains to be seen, however, if the Second Chamber
(Parliament) agrees with this shorter term. The Second Chamber opted for a
twelve month period in May 2008.

Furthermore, uncertainty remained whether some specific services fall within
the scope of the data retention obligations. Some ISPs pointed out that it
was hard for them to determine if they had to comply or not, for instance
when primarily offering webhosting services with limited e-mail
functionality. Telecoms agency Agentschap Telecom (AT), responsible for
supervising and enforcing the data retention laws, could not answer some of
these questions, but promised to address the problem soon. In the meantime,
AT announced IPSs can count on mild supervision during one year, and will
only be punished for not complying to the obligations if they seem unwilling
to do so.

Thirdly, and most controversially, the government introduced plans about how
to store identification, traffic and location data. The officials did not
exclude the possibility of creating a centralized system that automatically
retrieves data from the roughly 300 ISPs in the Netherlands, a concept with
far-reaching privacy implications. Bits of Freedom criticized this option:
in stead of storing the data at 300 different databases, centralized storage
makes access to these data even more easy than it is today. In 2008,
identification data was already requested over 3 million times by the police
(on a population of 16,5 million in the Netherlands). There is no
information available to the public on traffic and location data requests by
both police and intelligence agencies, since this information is regarded a
"state secret." Unauthorized and more widespread access become serious risks
for privacy, when the data is stored at one national database.

Major ISPs oppose centralization since they must also protect the privacy
interests of consumers. Gert Wabeke - a spokesperson at telecoms provider
KPN and a member of a European Commission expert group on data retention -
said the proposal has led to "a lot of rumors. It has a privacy impact; it
has (impact on) everything." Nonetheless, small ISPs may see this option as
a way to cut the substantial costs involved with complying to the data
retention obligations.

Ministry of Economic Affairs spokesperson Edwin Van Scherrenburg commented
that "it is still very unsure if these (proposals) will lead to an
electronic system to collect data from ISPs." Bits of Freedom will continue
to watch the (technical) implementation of the data retention obligations in
the Netherlands closely.

Detailed explanation of the Data Retention Act by Telecoms Agency AT (2009)
http://www.agentschap-telecom.nl/english/companies/retentionobligationact/Documents/Publieksversie%20TA%20dataretentie_English.pdf

Data Retention Act (only in Dutch, 21.10.2009)
http://wetten.overheid.nl/BWBR0026191/geldigheidsdatum_21-10-2009

The Bits of Freedom report of the meeting with ISPs on 14 October (only in
Dutch, 15.10.2009)
http://www.bof.nl/verslag151009.pdf

Earlier this year, Bits of Freedom argued that the Dutch Data Retention Act
interferes with the fundamental right to privacy (only in Dutch, 20.10.2009)
http://sargasso.nl/archief/2009/09/20/wet-bewaarplicht-strijd-met-grondrechten-verdedigbaar-vanwege-miskenning-samenhang-opslag-en-opvraging/

(Contribution by Axel Arnbak - EDRi-member Bits of Freedom - Netherlands)

This report was partly based on an article in the Privacy & Security Law
Report, 8 PVLR 1535 (26 October 2009). Copyright 2009 by The Bureau of
National Affairs, Inc. (800-372-1033) http://www.bna.com

============================================================
6. Internet blocking gets a red card !
============================================================

Government attempts to block access to the Internet are mounting throughout
Europe - but look set to backfire, a new study published on 22 October 2009
concludes.

The Open Society Institute funded the report which is titled "Internet
Blocking: Balancing Cybercrime Responses in Democratic Societies." Four
experienced professionals, Cormac Callanan of Ireland, Marco Gercke of
Germany, Estelle De Marco of France, and Hein Dries-Ziekenheiner of the
Netherlands, collaborated on the research. Callanan, who is also a member of
the Irish Internet Safety Advisory Council, presented the report at a press
conference in Brussels.

We all know about efforts to censor the Internet in undemocratic countries
such as China. But the study shows how efforts to block Internet content are
spreading throughout democratic Europe. In Germany, Britain, Italy and
Scandinavia, the measures are intended to block pages containing child
pornography. In France, the proposed "three strikes" law would cut access to
users who upload allegedly copyrighted content. In Turkey, the
Telecommunications ministry has blocked more than 6,000 websites, including
YouTube, Geocities, DailyMotion, and WordPress.

Though some of the motivations behind Internet blocking are understandable -
everyone wants to crack down on child pornography, for example - the new
study concludes that the measures are ineffective. Many technical ways exist
to get around blocking technologies. More importantly, the blocking measures
are intrusive and often abuse fundamental freedoms. These systems either
over-block or under-block content and do not prevent the serious offender
from gaining access.

"Attempts to block offensive content all too often backfire," Callanan says.
"Technically, it is difficult. Legally, it is problematic. Above all, it
represents a real threat to the free transfer of information and conflicts
with basic democratic principles."

Graham Watson MEP, former President of the Civil Liberties Committee of the
European Parliament commented on the report: "It is remarkable that this
kind of research was not published by the Commission before it launched its
proposal for EU-wide blocking of websites. Protection of children is a
matter of the utmost importance, but this does not mean that the Commission
can propose measures that may well be entirely ineffectual but which
will have long-term consequences for the right of freedom of communication
in Europe."

Press release in English (22.10.2009)
http://www.aconite.com/sites/default/files/Press%20Release%20EN.pdf

French version (22.10.2009)
http://www.aconite.com/sites/default/files/Press%20Release%20FR.pdf

Executive Summary - Internet blocking - balancing cybercrime responses in
democratic societies
http://www.aconite.com/sites/default/files/Internet_Blocking_and_Democracy_Exec_Summary.pdf

Complete report - Internet blocking - balancing cybercrime responses in
democratic societies
http://www.aconite.com/sites/default/files/Internet_blocking_and_Democracy.pdf

============================================================
7. Third PrivacyOS: More Privacy, Increased awareness
============================================================

Continuing the privacy events after the huge success of the 11th Austrian
Big Brother Awards that took place in the evening of 25 October 2009, the
Third PrivacyOS Conference took place in Vienna on 26-27 October 2009,
focusing on sharing information and best practices among experts in the
field, but also on raising awareness in privacy. .

There was a large variety of presentations in an Open Space format from
participants arriving from 10 countries and representing diverse sectors:
industry, SMEs, government, academia or civil society.

The event is part of a European project where EDRi is a partner, led by the
Schleswig-Holstein Data Protection Authority (Independent Centre for Privacy
Protection), within the ICT Policy Support Programme under the
Competitiveness and Innovation Framework Programme (CIP).

This PrivacyOS meeting was held under the patronage of the Chairman of the
ARGE DATEN - Privacy Austria Hans G. Zeger, who opened up the event pointing
out that "Freedom, fundamental rights and privacy are central terms for the
organisation of our information-society - not the other way round - we must
not subordinate our fundamental rights and our private life to an
omnipresent security-paranoia."

With most of the presentations already available on the Project wiki, anyone
can follow the topics, balanced between from the first presentation on The
Role of DPAs in Raising Awareness about Data Protection, highlighting the
positive examples from Slovenia and Madrid DPAs, to the last presentation of
the second day when Eddan Katz from EDRi-member Electronic Frontier
Foundation (EFF) pointed out the lack of privacy ethics in some EU funded
Research projects. Eddan presented the example of the INDECT project which
aims to research on "Intelligent information system supporting observation,
searching and detection for security of citizens in urban environment". The
project video on Youtube seems to support the privacy concerns if anyone
sees the comments.

Another highly concerning subject was presented by Filip Pospisil from
EDRi-member Iuridicum Remedium, that focused on the disturbing
implementation of the data protection principals in a number of Czech
medical databases.

With a title that could sound like one for a sports article "The Battle
between "MP3 Pirates and Privacy Buccaneers", Cedric Laurant raised the
question on How to protect the privacy of DRM system users while protecting
copyright holders' interests? By discussing another feature of the delicate
conflict between privacy and copyright, Cedric pointed to the not well known
DRMs' threats for individual privacy, including of massive dissemination of
digital traces, loss of anonymity because of payment information disclosure
or data mining that opens the possibility of behavioural targeting. He also
suggested possible solutions, based on the change of the paradigm: Let DRMS
be based on authentication, not identification.

A practical example on solutions of Privacy on the Internet was given by
Andreas Lehner from EDRi member CCC Germany who made an easy to understand
introduction to Onion Routers & Overlay Networks, highlighting the JAP
project and especially the TOR Network.

The PrivacyOS event was also the place where the first EuroPrise Seal was
awarded to an Austrian company that developed an innovative solution to deal
with the CCTV's privacy concerns by blurring the images of any human beings
appearing in the CCTV images.

PrivacyOS project
https://www.privacyos.eu/

Wiki PrivacyOS project
https://www.privacyos.eu/wiki/index.php/Main_Page

Hans G. Zeger - Arge Daten - On the Way to Scoring Society
https://www.privacyos.eu/images/164_arc-677240-priva.pdf

Video presentation of Indect project
http://www.youtube.com/watch?v=dl5g93m-SbA

European Privacy Seal for KiwiVision Privacy Protector
https://www.european-privacy-seal.eu/awarded-seals/de-090017

============================================================
8. France: Second version of the three strikes law is in place
============================================================

In a disappointing decision in comparison with its initial assessment on the
first three strikes law (called HADOPI 1), on 22 October 2009, The French
Constitutional Court validated the three strikes law with only one minor
change.

The so-called Hadopi 2 law that was recently passed through both French
chambers was referred to the Constitutional Council by the opponents of the
law in the hope that the Court will once again find the text as
unconstitutional as it did in June 2009.

This time, the Court failed to acknowledge the infringement of several
liberties rights such as the right to due process and the presumption of
innocence and validated the text with just one amendment stating that the
judges will not be able to decide on civil damages during the same trial.
This means that in order to claim damages, the copyright holders will have
to bring a separate action to court.

"It is a sad day for liberties in France. The fact that a text such as
HADOPI 2 can be validated is very revealing of the state of our
institutions. The government will now have to face the consequences of the
unavoidable failure of the law, once it is implemented. What is ahead now is
a big price tag for taxpayers, unfair penalties, and resistance to these
repressive measures. French citizens can now rent IP addresses in countries
that do better at safeguarding rights and freedoms", stated Jérémie
Zimmermann, spokesperson for La Quadrature du Net.

While deploring the Court's decision, La Quadrature du Net considers the law
is anyway doomed from many points of view. Although it did not reject the
text, the Constitutional Court emphasized the role of the judge who is the
one to decide on the evidences brought by Hadopi authority and who can
refuse to impose any punitive actions. Therefore the application of massive
sanctions is illusory. And as many have already proven and reassessed
several times, it is technologically easy to bypass the measures imposed and
therefore entirely inefficient.

However, La Quadrature du Net believes that although the court may never
decide on cutting off the Internet access based on Hadopi authority
accusations and that probably nobody will be condemned for "characterized
negligence", the validation of the law is a defeat of the Rule of Law, a
step back for civilization.

As expected the law has been signed by President Sarkozy and was published
in the Official Monitor on 29 October 2009.

Press Release of the French Constitutional Court (22.10.2009)
http://www.conseil-constitutionnel.fr/conseil-constitutionnel/francais/les-decisions/2009/decisions-par-date/2009/2009-590-dc/communique-de-presse.46023.html

French Constitutional Court Decision Décision n° 2009-590 DC on the law
regarding the protection of the literary and artistic property on the
Internet (22.10.2009)
http://www.conseil-constitutionnel.fr/conseil-constitutionnel/francais/les-decisions/2009/decisions-par-date/2009/2009-590-dc/decision-n-2009-590-dc-du-22-octobre-2009.45986.html

Who has won Hadopi battle? (only in French, 24.10.2009)
http://www.laquadrature.net/fr/qui-a-gagne-la-bataille-hadopi

HADOPI 2 validated, a defeat for the rule of Law (24.10.2009)
http://www.laquadrature.net/en/hadopi-2-validated-a-defeat-for-the-rule-of-law

Hadopi 2 validated, Nicolas Sarkozy is pleased (only in French, 22.10.2009)
http://www.clubic.com/actualite-307002-hadopi-validee-nicolas-sarkozy-rejouit.html

Law 2009-1311 from 28 October 2009 - Law Hadopi 2 (only in French)
http://www.legifrance.gouv.fr/affichTexte.do;jsessionid=A30626F1BC51E9C801BF8E4999391F35.tpdjo07v_1?cidTexte=JORFTEXT000021208046&dateTexte=&oldAction=rechJO&categorieLien=id

EDRI-gram: Deja-vu: France's three-strikes law referred to Constitutional
Council (7.10.2009)
http://www.edri.org/edrigram/number7.19/three-strikes-law-constitutional-council

============================================================
9. Three strikes plans in UK
============================================================

Europe seems to take no notice of the strong opposition against measures to
cut down Internet access. After the adoption of the three strikes law in
France, UK's politicians found a good background turn to push ahead their
three strikes plans.

Business, Innovation & Skills Minister Lord Peter Mandelson confirmed on 25
October 2009 the intention of the UK government to go on with the planned
legislation to cut off allegedly illegal Internet downloaders, that was
already announced in August 2009.

"What we will be putting before parliament is a proportionate measure that
will give people ample awareness (of their wrongdoing) and opportunity to
stop breaking the rules. It will be clear to them that they have been
detected, that they are breaking the law and risk prosecution. (...) It will
also make clear that we will go further and make technical measures
available, including account suspension. In this case, there will be a
proper route of appeal. But it must become clear that the days of
consequence-free, widespread online infringement are over," said Lord
Mandelson at the Cabinet Forum talking shop.

He also stated that the suspension measures will only be used as a last
resort and that "I have no expectation of mass suspensions resulting. If we
reach the point of suspension for an individual, they will be informed in
advance, having previously received two notifications, and will have the
opportunity to appeal ... the threat for persistent infringers has to be
real."

It seems that the UK regulator Ofcom was asked to monitor the file-sharing
levels as it was already proposed by the initial Digital Britain report in
June 2009.

UK ISPs have long argued that they should not be treated as an Internet
police and that they should not bear the costs for the respective measures.
Lord Mandelson said in his speech that the costs implied by the application
of the legislation should be "shared between ISPs and content providers"
while the Internet Service Providers' Association believes that the bearers
of the costs should rightfully be the rightsholders according to the
principle that the beneficiary pays.

Several ISPs including BT Group and Talk Talk are opposed to the measure
considering it inefficient, disproportional and costly. "What is being
proposed is wrong in principle and won't work in practice," stated TalkTalk.
The company also stated that in case it was imposed to apply extra judicial
technical measures, it would "challenge the instruction in the courts," and
that it would "continue to resist any attempts to make it impose technical
measures on its customers".

Even the counter-intelligence MI5 unit believe that the proposed legislation
may have an opposite result and that instead of protecting artists and
discouraging illegal downloading, it may encourage "an encrypted and
unpoliceable darknet that would affect the artists.

A study published on 2 November 2009 by the London-based think-tank Demos
shows that those who illegally download music from he Internet are also
those who spend the most money on official records. The survey revealed that
a large percentage of people downloading music illegally stated they did it
in order to "try before you buy" and about 60% of file sharers stated they
would be encouraged to stop illegal downloading if they had the option of
new and cheaper music services.

Jim Killock, executive director of the Open Rights Group, has expressed his
disappointment related to the government's actions. "Yet Mandelson seems
determined to push forward with his plans for 'three strikes' - threatening
to punish people extremely harshly, threatening their education, businesses
and livelihoods for a relatively minor financial misdemeanour," he said.

The full proposals for the graduated response scheme will be detailed in the
Digital Economy Bill later on this year and according to the Business,
Innovation & Skills Department, it will come into force in April 2010. The
tougher disconnection policy will be introduced in the spring of 2011 if
necessary.

In parallel, also on 25 October 2009, an Intellectual Property Office report
called © The Way Ahead, was issued, focusing on the liberalisation of
copyright. Basically what the report says is that it wants to "move toward a
pan-European approach for copyright exceptions in the digital age" which
means allowing more use of copyrighted works.

The report states that the rights holders should broader the terms of use
for the works they offer and also advocates for the distinction between
commercial and non-commercial copying of copyrighted works. According to the
report, the government intends to introduce collective licensing and to open
orphan works for copying by cultural bodies and businesses.

"We must now work within the international and European framework to ensure
copyright keeps up with technology and consumer behaviour. We have to make
it simpler, and make it address the concerns of all those who have an
interest in the copyright system: business, consumers, creators and
copyright owners," says © The Way Ahead report.

Net pirates to be 'disconnected' (28.10.2009)
http://news.bbc.co.uk/2/hi/technology/8328820.stm

UK Confirms Plans To Warn, Throttle, Kick Illegal Downloaders (28.10.2009)
http://paidcontent.co.uk/article/419-uk-confirms-plans-to-warn-throttle-kick-illegal-downloaders/

Mandelson confident filesharing rules will work as well as French policy
(28.10.2009)
http://www.guardian.co.uk/media/2009/oct/28/peter-mandelson-confident-filesharing-rules

Illegal downloaders spend MORE on music than those who obey the law
(1.11.2009)
http://www.dailymail.co.uk/news/article-1224460/Illegal-downloaders-spend-MORE-music-obey-law.html

Book pirates advance in £5bn war of the internet (1.11.2009)
http://www.dailymail.co.uk/money/article-1224411/Book-pirates-5bn-war-internet.html

ISP Threatens Legal Action Against UK Over Anti-Piracy Plans(29.10.2009)
http://torrentfreak.com/isp-threatens-legal-action-against-uk-over-anti-piracy-plans-091029/

UK Will Urge EC To Legalise Mashups, Format-Shifting, Content Sharing
(28.10.2009)
http://paidcontent.co.uk/article/419-uk-will-urge-ec-to-legalise-mashups-format-shifting-content-sharing/

© the way ahead: A copyright strategy for the digital age (10.2009)
http://www.ipo.gov.uk/c-strategy-digitalage.pdf

EDRI-gram: UK music industry shows divided opinions on cutting off p2p users
(23.09.2009)
http://www.edri.org/edri-gram/number7.18/uk-three-strikes-music-industry

============================================================
10. EU-US common set of principles on data protection and sharing
============================================================

After three years of working together, the Departments of Homeland Security,
Justice and State and the experts from the EU Presidency and Commission have
recently issued a statement establishing a set of common principles to
protect the personal data exchanged for law enforcement and security
purposes.

Based on these common principles, a binding international EU-U.S. agreement
will be negotiated based on these common principles "to facilitate further
cooperation while ensuring the availability of full protection for our
citizens," as expressed by the Department of Homeland Security.

U.S. and EU Agree on Data Protection Principles (3.11.2009)
http://www.dhs.gov/journal/leadership/2009/11/us-and-eu-agree-on-data-protection.html

============================================================
11. ENDitorial:  ACTA revealed, European ISPs might have a big problem
============================================================

Negotiations on the highly controversial Anti-Counterfeiting Trade Agreement
have started in Seoul, South Korea. This week's closed negotiations will
focus on "enforcement in the digital environment." Negotiators will be
discussing the Internet provisions drafted by the US government. No text has
been officially released but as Professor Michael Geist and IDG are
reporting, leaks have surfaced. The leaks confirm everything that we feared
about the secret ACTA negotiations. The Internet provisions have nothing to
do with addressing counterfeit products, but are all about imposing a set of
copyright industry demands on the global Internet, including obligations on
ISPs to adopt Three Strikes Internet disconnection policies, and a global
expansion of DMCA-style TPM laws.

As expected, the Internet provisions will go beyond existing international
treaty obligations . We see three points of concern.

First, according to the leaks, ACTA member countries will be required to
provide for third-party (Internet Intermediary) liability. This is not
required by any of the major international IP treaties - not by the 1994
Trade Related Aspects of IP agreement, nor the WIPO Copyright and WIPO
Performances and Phonograms Treaty. However, US copyright owners have long
sought this.

Second and more importantly, ACTA will include some limitations on Internet
Intermediary liability. Many ACTA negotiating countries already have these
regimes in place: the US, EU, Australia, Japan, South Korea. To get the
benefit of the ACTA safe harbors, Internet intermediaries will need to
follow notice and takedown regimes, and put in place policies to deter
unauthorized storage and transmission of allegedly copyright infringing
content.

IDG reports that: "The U.S. wants ACTA to force ISPs to "put in place
policies to deter unauthorized storage and transmission of IP infringing
content (for example clauses in customers' contracts allowing a graduated
response)," according to the (leaked European) Commission memo." The US
government appears to be pushing for Three Strikes to be part of the new
global IP enforcement regime which ACTA is intended to create - despite the
fact that it has been categorically rejected by the European Parliament and
by national policymakers in several ACTA negotiating countries, and has
never been proposed by US legislators.

European citizens should be concerned and indignant. As reported, the ACTA
Internet provisions would also appear to be inconsistent with the EU
eCommerce Directive and existing national law, as Joe McNamee, the European
Affairs Coordinator of EDRi notes:

"The Commission appears to be opening up ISPs to third party liability, even
though the European Parliament has expressly said this mustn't happen,"
McNamee said, adding that ACTA looks likely to erode European citizens'
civil liberties."

Last, but by no means least. ACTA signatories will be required to adopt both
civil and criminal legal sanctions for copyright owners' technological
protection measures, in line with the US-Korea (and previous) FTA
obligations. They will also be required to include a ban on the act of
circumvention of technological protection measures, and a ban on the
manufacture, import and distribution of circumvention tools.

Original article: Leaked ACTA Internet Provisions: Three Strikes and a
Global DMCA (3.11.2009)
http://www.eff.org/deeplinks/2009/11/leaked-acta-internet-provisions-three-strikes-and-

Trade Talks Hone in on Internet Abuse and ISP Liability (3.11.2009)
http://www.pcworld.com/article/181312/trade_talks_hone_in_on_internet_abuse_and_isp_liability.html

The ACTA Internet Chapter: Putting the Pieces Together (3.11.2009)
http://www.michaelgeist.ca/content/view/4510/125/#copycon

EDRi-gram: European Parliament wants more transparency on ACTA (26.03.2009)
http://www.edri.org/edri-gram/number7.6/acta-transparency-european-parliament

(Contribution by Gwen Hinze - EDRi-member Electronic Frontier Foundation
USA)

============================================================
12. Recommended Action
============================================================

Sign the Madrid Civil Society Declaration- Global Privacy Standards for a
Global World
http://thepublicvoice.org/madrid-declaration/

French Version - Standards mondiaux de respect de la vie privée dans un
monde globalisé
http://thepublicvoice.org/madrid-declaration/fr/

Spanish Version - Estándares de Privacidad en un Mundo Global
http://thepublicvoice.org/madrid-declaration/es/

============================================================
13. Recommended Reading
============================================================

Ian Brown: Can creative industries survive digital onslaught? (2.11.2009)
http://www.ft.com/cms/s/0/4f35215e-c745-11de-bb6f-00144feab49a.html

============================================================
14. Agenda
============================================================

4-6 November 2009, Madrid, Spain
31st International Conference of Data Protection and Privacy
http://www.privacyconference2009.org

10-11 November 2009, Cambridge, UK
Public Domain Calculators Meeting
http://wiki.okfn.org/PublicDomainCalculators/Meeting

12 November 2009, Brussels, Belgium
Workshop on Economic Benefits of PETS
http://ec.europa.eu/justice_home/fsj/privacy/news/index_en.htm

13-15 November 2009, Gothenburg, Sweden
Free Society Conference and Nordic Summit
http://www.fscons.org/

15-18 November 2009, Sharm El Sheikh, Egypt
UN Internet Governance Forum
http://www.intgovforum.org/

19-20 November 2009, Malmö, Sweden
First popular European e-government conference
http://malmo09.org/

27-30 December 2009, Berlin, Germany
26th Chaos Communication Congress
http://events.ccc.de/congress/2009/

4 December 2009, Brussels, Belgium
Are you ready for the Internet of Things?
Lift Workshop @ Brussels, Council and Tinker.it!
http://liftconference.com/lift-at-home/events/2009/12/04/lift-brussel-council-and-tinkerit-present-are-you-ready-i

26-28 May 2010, Amsterdam, Netherlands
World Congress on Information Technology
http://www.wcit2010.com/

9-11 July 2010, Gdansk, Poland
Wikimedia 2010 - the 6th annual Wikimedia Conference
http://meta.wikimedia.org/wiki/Wikimania_2010

============================================================
15. About
============================================================

EDRI-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRI has 27 members based or with offices in 17 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge and
awareness through the EDRI-grams.

All contributions, suggestions for content, corrections or agenda-tips are
most welcome. Errors are corrected as soon as possible and visibly on the
EDRI website.

Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 3.0 License. See the full text at
http://creativecommons.org/licenses/by/3.0/

Newsletter editor: Bogdan Manolea <[log in to unmask]>

Information about EDRI and its members:
http://www.edri.org/

European Digital Rights needs your help in upholding digital rights in the
EU. If you wish to help us promote digital rights, please consider making a
private donation.
http://www.edri.org/about/sponsoring

- EDRI-gram subscription information

subscribe by e-mail
To: [log in to unmask]
Subject: subscribe

You will receive an automated e-mail asking to confirm your request.
unsubscribe by e-mail
To: [log in to unmask]
Subject: unsubscribe

- EDRI-gram in Macedonian

EDRI-gram is also available partly in Macedonian, with delay. Translations
are provided by Metamorphosis
http://www.metamorphosis.org.mk/edrigram-mk.php

- EDRI-gram in German

EDRI-gram is also available in German, with delay. Translations are provided
Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for
Internet Users
http://www.unwatched.org/

- Newsletter archive

Back issues are available at:
http://www.edri.org/edrigram

- Help
Please ask <[log in to unmask]> if you have any problems with subscribing or
unsubscribing.

************************************************************************************
Distributed through Cyber-Society-Live [CSL]: CSL is a moderated discussion
list made up of people who are interested in the interdisciplinary academic
study of Cyber Society in all its manifestations.To join the list please visit:
http://www.jiscmail.ac.uk/lists/cyber-society-live.html
*************************************************************************************