From: [log in to unmask] [mailto:[log in to unmask]]
Sent: 13 March 2003 06:38
To: [log in to unmask]
Subject: EDRi-news digest, Vol 1 #4 - 1 msg
Send EDRi-news mailing list submissions to
[log in to unmask]
To subscribe or unsubscribe via the World Wide Web, visit
http://www.edri.org/cgi-bin/mailman/listinfo/edri-news
or, via email, send a message with subject or body 'help' to
[log in to unmask]
You can reach the person managing the list at
[log in to unmask]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of EDRi-news digest..."
Today's Topics:
1. EDRI-gram - Number 4, 12 March 2003 (EDRI-gram newsletter)
--__--__--
Message: 1
Date: Wed, 12 Mar 2003 19:09:16 +0100
To: [log in to unmask]
From: EDRI-gram newsletter <[log in to unmask]>
Subject: EDRI-gram - Number 4, 12 March 2003
==================================================================
EDRI-gram
bi-weekly newsletter about digital civil rights in Europe
Number 4, 12 March 2003
==================================================================
Contents
==================================================================
1. EU row over airline passenger data transmission
2. User registration prepaid cards in Switzerland
3. Agreement on cyber-attacks harms freedom of expression
4. Petition against copyright law in Italy
5. Finland changes policy on software patents.
6. Limiting the storage of traffic data
7. Update on anti-spam legislation (France, Poland, Romania)
8. Call for public views on video-surveillance
9. Recommended reading: censorship in Turkey
10. Agenda
11. About
==================================================================
1. EU ROW OVER AIRLINE PASSENGER DATA TRANSMISSION
==================================================================
The Commission's secret talks with U.S. authorities on the transmission of
air passenger data have caused a heavy clash between EU institutions. The
Security spokesperson of the EP conservative fraction, the Austrian Hubert
Pirker, announced today his fraction will take the Commission to the
European Court of Justice.
Since 5 March U.S. authorities have access to most European airlines'
passenger data bases. On 10 March, the European Parliament's influential
Citizen's Rights and Freedoms, Justice and Home Affairs Committee (LIBE)
adopted a resolution containing harsh criticism of the Commission's
proceedings. It "questions the legal base and the repercussions", of the
Joint Declaration with U.S. officials and "expresses concern that it could
be interpreted as an indirect invitation to the national authorities to
disregard Community law". The original French-language draft of the
resolution contained even more outspoken criticism, stating that the Joint
Declaration "lacks any legal basis". Immediately after the vote, amendments
were drafted in order to broaden the criticism of the Commission in the EP
resolution, which will be voted in Brussels on 26 or 27 March and is likely
to be adopted by a vast majority.
While some of the MEPs' anger may be attributed to a true concern with the
protection of privacy and personal data, one must be aware of the fact that
partisan and inter-institutional rows do play an important role in this
conflict. The rapporteur is Jorge Salvador Hernández Mollar, a Spanish
Conservative, who's Group is notoriously at war with the responsible
Commissioner, Chris Patten, a Conservative "traitor" who was nominated by
Blair's New Labour government. Many MEPs will vote for anything that
criticises the Commission for not respecting the Parliament.
As a first response, the Commission answered with a Press release on the
outcome of another meeting with the U.S. side, held on 4 March, announcing
that filtering software will be used to prevent U.S. services from
accessing data no related to security issues.
Announcement of legal proceedings conservative MEP's (in German)
http://futurezone.orf.at/futurezone.orf?read=detail&id=149389&tmp=16699
The resolution as voted on March 10 by the LIBE committee
http://www.europarl.eu.int/meetdocs/committees/libe/20030310/491564en.pdf
EU press release
http://www.eurunion.org/news/press/2003/2003018.htm
U.S. press release
http://europa.eu.int/comm/external_relations/us/intro/pnradd.htm
(Contribution by Andreas Dietl, consultant on EU privacy issues)
==================================================================
2. USER REGISTRATION PREPAID CARDS IN SWITZERLAND
==================================================================
Telecom providers in Switzerland must register user data for prepaid cards
and keep the data available for a period of 2 years. Parliament decided
today to add this obligation to a series of new anti-terrorism measures.
None of the EU member states have a similar obligation. Telecom providers
have always argued against mandatory identification, pointing at the high
costs for the extensive network of resellers and the probability of people
helping out criminals by buying prepaid cards for them.
The large support for the new measure seems to stem from the discovery that
at least 1 Al Qaeda member used a Swiss prepaid card. Switzerland used to
be one of the few countries worldwide to sell prepaid cards for
international roaming. The new measure doesn't just require identification
for those specific roaming-cards, but for all users of all prepaid cards.
In her defence of the measure, the Swiss justice minister Ruth Metzler
produced some statistics about telecommunications interception in
Switzerland. Last year, law enforcement authorities made 80.000 requests
for the identity of telephone users, resulting in 6.000 court-approved
wiretaps. Of the 80.000 identity-requests, 30.000 were prepaid mobile
phones.
Debate in Swiss parliament about anti-terrorism measures (12.03.2003)
http://www.parlament.ch/ab/frameset/d/n/4617/77205/d_n_4617_77205_77220.htm
=================================================================
3. AGREEMENT AGAINST CYBER-ATTACKS HARMS FREEDOM OF EXPRESSION
=================================================================
The Justice ministers of the EU countries (by means of the Council of the
European Union) have agreed on a decision to harmonize the criminal code in
EU countries regarding attacks on information systems.
The ministers agree that "there is evidence of attacks against information
systems, in particular as a result of the threat from organised crime, and
increasing concern at the potential of terrorist attacks against
information systems which form part of the critical infrastructure of the
Member States." The proposal forces EU members states to make 'illegal
access to information systems' and 'illegal system interference' a crime.
The proposal is widely criticized for being unbalanced. Especially
regarding illegal system interference (denial of service attacks) it does
not distinguish between a terrorist that intends to inflict harm or a
non-violent protester that causes a system overload through email protests
or virtual sit-ins. The proposal does not refer to freedom of expression or
other fundamental rights and can have serious consequences for political
protest and campaigning on the internet.
European parliament member Marco Cappato criticized the proposal. "It suits
the national justice ministries to criminalize activities on an EU-wide
level," Cappato said. "They seek greater coordination with regard to
prosecuting, but there is very little effort made to coordinate legal
defence."
Member states had difficulty to agree on the definition of hacking. Illegal
access to information systems is defined as "intentional access without
right." According to that very broad definition, accessing an unprotected
and 'open' computer can be a crime. Countries with a stricter definition of
hacking however, are allowed to only punish wilful infringements of
security measures. An earlier proposal would have forced those member
states into judicial cooperation, creating great legal uncertainty for
internet users. Lawful behaviour in their own country could suddenly have
landed them in a foreign jail.
Proposal for a Council Framework Decision on attacks against information
systems
http://register.consilium.eu.int/pdf/en/03/st06/st06671en03.pdf
2489th Council meeting justice and home affairs (27.02.2003)
http://ue.eu.int/pressData/en/jha/74719.pdf
EU pact would 'criminalize' Net protesters (04.03.2003)
http://www.iht.com/articles/88499.htm
=================================================================
4. PETITION AGAINST COPYRIGHT LAW IN ITALY
=================================================================
On 9 March the Italian Associazione Software Libero opened an on-line
petition against the proposed implementation of the European Copyright
Directive. The petition is an open letter to the Culture Committee of the
Lower House, inviting them to reconsider their almost unanimous approval of
the copyright law on 25 February 2003. Like in most other EU-countries,
resistance against the implementation is focused on the very broad legal
protection of anti-circumvention measures. Quoting from the open letter:
'It will be illegal to possess equipment and usable algorithms for the
circumvention of technological measures. Under the new norm, it is totally
irrelevant if the equipment is intended for lawful or illegal use; it will
be prohibited per se, treated similar to narcotics.'
Petition
http://softwarelibero.it/progetti/eucd/firme/adesione.php
Description in English of the Italian EUCD-proposal
http://www.softwarelibero.org/progetti/eucd/eucd-in-italia.en.shtml
=================================================================
5. FINLAND CHANGES POLICY ON SOFTWARE PATENTS
=================================================================
Anticipating the new EU Directive on Patents, the National Board of Patents
and Registration of Finland (PRH) decided to accept patents on software.
Before, the Fins were a lot stricter than the European Patent Office. The
reason for the change in policy is mind-boggling. Because the European
Parliament seems to propose much more unpermissive rules than the Council
or Commission, the new Software Patent Directive will be delayed and
therefore Finland felt it had to suddenly soften its line.
On 21 February, the EP Industry Committee (ITRE) voted against almost all
proposals for software patentability. The leading Parliamentary Committee
however, is JURI, and it seems a lot more in favour of extensive patents on
software. JURI will discuss the proposed new Patent Directive on 17 March
and vote on 23 April. The vote in plenary is now scheduled for the session
of 12-15 May.
Commission proposal
http://europa.eu.int/eur-lex/en/com/pdf/2002/en_502PC0092.pdf
EP - JURI draft report by Arlene McCarthy
http://www.europarl.eu.int/meetdocs/committees/juri/20030219/488980en.pdf
EP - CULT opinion by Michel Rocard (20.01.2003)
http://www.europarl.eu.int/meetdocs/committees/juri/20030219/487019en.pdf
EP - ITRE opinion by Elly Plooy-van Gorsel (20.02.2003)
http://www.europarl.eu.int/meetdocs/committees/itre/20030319/481006en.pdf
=================================================================
6. LIMITING THE STORAGE OF TRAFFIC DATA
=================================================================
The European data commissioners (through the Article 29 working group) have
pleaded for a maximum storage period of half a year for traffic data that
telecommunication companies store for billing purposes. With the opinion
paper the working group tries to limit the duration and scope of traffic
data storage.
"Traffic data should be kept for as long as necessary to enable bills to be
settled, and disputes resolved. Ordinarily this involves a maximum storage
period of 3-6 months and no longer in cases where bills have been paid and
do not appear to have been disputed or queried (having regard to the
privacy right of individual subscribers)".
The working group also pleas for the stored traffic data to be limited to
the necessary data. The opinion paper does not point out which data is
necessary for billing purposes and which not. It is a fact that many GSM
providers justify the storage of location data for the sole use of billing
purposes.
In the EU a heated debate is continuing over the possibility to force
telecommunication companies to store traffic data for the purpose of
policing and national security. A debate about the desirability of such a
obligation would be undermined when the telecommunication sector would
already store the same data for billing purposes.
Privacy authorities recommendation on storage of billing data
http://europa.eu.int/comm/internal_market/en/dataprot/wpdocs/wp69_en.pdf
=================================================================
7. UPDATE ON ANTI-SPAM LEGISLATION
=================================================================
In the previous EDRI-gram 6 EU-countries were mentioned that already have a
spam-ban, Denmark, Germany, Finland, Greece, Italy and Austria, plus
Hungary and Norway in Europe-at-large. We can now add France, Romania and
Poland to this list.
French E-Commerce Directive (approved 26.02.2003 in the Lower House)
http://www.assemblee-nationale.fr/12/ta/ta0089-2.pdf
Polish E-commerce Directive (effective 10.03.2003):
http://www.giodo.gov.pl/English/ust_podpis_el.htm
Romanian E-commerce Directive (effective 05.10.2002)
http://www.legi-internet.ro/en/e-commerce.htm
Since 22 January Romanians can report spam via 2 special email addresses
provided by the Ministry of ICT. In Romania the Ombudsman functions as data
protection authority. Either he or the Ministry can fine spammers between
10.000.000 and 500.000.000 million lei (approx 280 and 14.000 euro).
Website ministry of ICT in English (sections anti-fraud / .ro abuse)
http://www.mcti.ro/index.html?mlang=2
=================================================================
8. CALL FOR PUBLIC VIEWS ON VIDEOSURVEILLANCE
=================================================================
The European data protection commissioners, united in the Article 29
Working Party, invite the public to respond to a position paper about
videosurveillance. The paper gives an interesting overview of the
differences in legislation and measures adopted in the different member
states since the transposition of the Privacy Directive (95/46/EC).
The Commissioners are specifically worried about 7 cases, resulting from
experience or tests currently in progress:
- permanent interconnection of video surveillance systems;
- association of image and biometric data such as fingerprints (banks);
- use of voice identification systems;
- implementation of indexing systems that can automatically retrieve images
;
- use of facial recognition systems that can automatically identify certain
individuals on the basis of templates and/or standard identity-kits (like
skin-colour);
- possibility to automatically trace routes and trails and/or reconstruct
or foresee a person's behaviour;
- taking of automated decisions based on individual profiles.
Call for participation (closing date 31.05.2003)
http://europa.eu.int/comm/internal_market/en/dataprot/wpdocs/consultation_en
.htm
=================================================================
9. CENSORING THE INTERNET: THE SITUATION IN TURKEY
=================================================================
'Turkey, showing the symptoms of a developing country, has not yet
established the jurisprudence necessary for the Internet. The existing
Turkish laws, especially the Press Law, are naively applied to alleged
lawbreakers on the Internet, resulting in ludicrous outcomes.'
Paper about internet censorship in Turkey by Kemal Altintas, Tolga Aydin
and Varol Akman published 10 May 2002 in First Monday, peer-reviewed journal
http://www.firstmonday.org/issues/issue7_6/altinta/
==================================================================
10. AGENDA
==================================================================
14 March 2003 Pre-registration deadline conference CCTV and Social Control
The Centre for criminological research of the University of Sheffield in
conjunction with The Journal - Surveillance and Society will be organising
a two day conference in Sheffield - UK on the politics and practice of
videosurveillance. The conference will take place 8 and 9 January 2004, but
everybody is kindly requested to express interest this week, either
presenting a paper or just attending.
Pre-registration and announcement of papers email to
[log in to unmask]
15 March 2003 Nomination deadline for the Stupid Security Award
http://www.privacyinternational.org/activities/stupidsecurity/
25 March 2003 London, UK - Big Brother Awards
http://www.privacyinternational.org/bigbrother/uk2003/
1-4 April 2003 New York, USA - CFP 2003
http://www.cfp2003.org/cfp2003/program.html
22-24 April 2003 St Petersburg, Russia - Building the Information
Commonwealth
http://www.communities.org.ru/conference/
6-7 May 2003 Padova, Italy - Information Society Visions and Governance
Contact for information: Claudia Padovani, [log in to unmask]
8 - 9 May 2003, Namur, Belgium - Collecting and Producing Electronic
Evidence in Cybercrime Cases
2-day workshop organised by the University of Namur
http://www.ctose.org/workshop-8-9-may-2003.html
==================================================================
11. ABOUT
==================================================================
EDRI-gram is a bi-weekly newsletter from European Digital Rights, an
association of privacy and civil rights organisations in Europe. Currently
EDRI has 10 members from 7 European countries. EDRI takes an active
interest in developments in the EU accession countries and wants to share
knowledge and awareness through the EDRI-grams. All contributions,
suggestions for content or agenda-tips are most welcome.
Newsletter editor:
Sjoera Nas, [log in to unmask]
Information about EDRI and its members:
http://www.edri.org/
- EDRI-gram subscription information
subscribe/unsubscribe web interface
http://www.edri.org/cgi-bin/mailman/listinfo/edri-news/
subscribe by email
To: [log in to unmask]
Subject: subscribe
You will receive an automated email asking to confirm your request.
- EDRI-gram in Spanish
EDRI-gram is also available in Spanish, usually 3 days after the English
edition. The contents are the same. Translations are provided by David
Casacuberta, secretary of the Spanish chapter of Computer Professionals for
Social Responsibility (CPSR).
To subscribe to the Spanish language EDRI-gram, please visit
http://www.edri.org/cgi-bin/mailman/listinfo/edri-grama/
or subscribe by email:
To: [log in to unmask]
Subject: subscribe
- Newsletter archive
Back issues are available at:
http://www.edri.org/cgi-bin/index?funktion=edrigram
- Help
Please ask [log in to unmask] if you have any problems with subscribing or
unsubscribing.
==================================================================
Publication of this newsletter is made possible by a grant from
the Open Society Institute (OSI).
==================================================================
End of EDRi-news Digest
************************************************************************************
Distributed through Cyber-Society-Live [CSL]: CSL is a moderated discussion
list made up of people who are interested in the interdisciplinary academic
study of Cyber Society in all its manifestations.To join the list please visit:
http://www.jiscmail.ac.uk/lists/cyber-society-live.html
*************************************************************************************
|