JiscMail Logo
Email discussion lists for the UK Education and Research communities

Help for CYBER-SOCIETY-LIVE Archives


CYBER-SOCIETY-LIVE Archives

CYBER-SOCIETY-LIVE Archives


CYBER-SOCIETY-LIVE@JISCMAIL.AC.UK


View:

Message:

[

First

|

Previous

|

Next

|

Last

]

By Topic:

[

First

|

Previous

|

Next

|

Last

]

By Author:

[

First

|

Previous

|

Next

|

Last

]

Font:

Proportional Font

LISTSERV Archives

LISTSERV Archives

CYBER-SOCIETY-LIVE Home

CYBER-SOCIETY-LIVE Home

CYBER-SOCIETY-LIVE  February 2010

CYBER-SOCIETY-LIVE February 2010

Options

Subscribe or Unsubscribe

Subscribe or Unsubscribe

Log In

Log In

Get Password

Get Password

Subject:

[CSL]: EDRi-gram newsletter - Number 8.4, 24 February 2010

From:

Joanne Roberts <[log in to unmask]>

Reply-To:

Interdisciplinary academic study of Cyber Society <[log in to unmask]>

Date:

Thu, 25 Feb 2010 09:51:19 +0000

Content-Type:

text/plain

Parts/Attachments:

Parts/Attachments

text/plain (521 lines)

From: [log in to unmask] [mailto:[log in to unmask]] On Behalf Of EDRI-gram newsletter
Sent: 24 February 2010 20:01
To: [log in to unmask]
Subject: EDRi-gram newsletter - Number 8.4, 24 February 2010

============================================================

            EDRi-gram

 biweekly newsletter about digital civil rights in Europe

     Number 8.4, 24 February 2010


============================================================
Contents
============================================================

1. Leaked ACTA text confirms suspicions
2. First decision in the Italian criminal case against Google executives 3. France's Parliament pursues its goal to censor the Internet 4. Germany's President signs an Internet bill against his own government 5. Spanish Fiscal Council criticizes the new draft law on IPR enforcement 6. EP: Draft reports on IPR enforcement published 7. French Court says an IP address is not enough for a user's identification 8. Chip and PIN system proven to be flawed 9. New Google's service raises privacy concerns 10. Romania: Moral damages for publishing personal data online 11. Germany DPAs to discuss the EU-US Safe Harbour Agreement 12. ENDitorial: Richard Stallman on "Copyright versus Public" in Berne 13. Recommended Action 14. Recommended Reading 15. Agenda 16. About

============================================================
1. Leaked ACTA text confirms suspicions
============================================================

The text of the digital chapter of the Anti-Counterfeiting Trade Agreement was published on 21 February 2010, following news articles from IDG News Service issued a few days before.

The text of the draft digital chapter confirms that there are several problems with the draft agreement and many of the assurances given on the topic were somewhat "economical with the truth".

These "economies" were on display again during a discussion between the Commission Head of Unit responsible for the dossier, Luc Devigne and the International Trade Committee of the Parliament. Mr Devigne explained that:
- there is no ACTA text, so there is nothing that the Commission could share with the Parliament
- ACTA is about enforcement and not about changing substantive law

Mr Devigne was also quite economical with answers. He failed to answer questions on:
- the failure to implement the relevant provisions of the Lisbon Treaty with regard to transparency
- the fact that US lobbyists had access to the ACTA documents but not the European Parliament
- if ACTA would require ordinary citizens to be excluded from the scope of certain border measures or would simply allow for this to be the case
- if ACTA would lead to criminal sanctions, including prison, for people that recorded films in cinemas
- if ACTA would criminalise an individual who, for example, created an open source programme to open all documents on all formats, thereby (without commercial interest) circumventing technical protection measures.

He also repeated the meaningless statement that "ACTA is not meant to undermine civil liberties", which simply means that this was not the original intent of the negotiations and does not, quiet obviously, exclude this possibility.

Unsurprisingly, the unclear, ambiguous and "economical" answers lead to an angry reaction from Parliamentarians. The little information that MEP Carl Schlyter (Greens, Sweden) was able to glean from Mr Devigne's answers was, he said, contrary to information that had previously been provided by Commissioner De Gucht. Consequently, he requested that the Commissioner attend future discussions instead of Devigne.

EDRi has prepared a public FAQ on ACTA in order to better explain why the agreement is endangering human rights in Information Society.

EDRi explains that the treaty is not just about counterfeiting, because it also covers a far greater range of issues, including mandated penalties for non-commercial copyright infringement, worldwide Internet regulation and world trade in generic medicines.

The leaked document talks mostly about copyright infringement. Although the document is vague on whether non-commercial infringements are included, provisions from the Border Measures section previously made public indicate that the definition of counterfeiting will change current international norms and expand the scope beyond catching organised criminal networks smuggling goods that this agreement is purported to target.

The leaked ACTA chapter includes a "three-strikes" Internet disconnection approach for alleged repeating copyright infringers. The document makes clear that the US negotiators intend that ISPs would be required to adopt threes strikes Internet disconnection policies in order to get the benefit of "safe harbours" or limitations on lSPs' liability for copyright infringement.

The proposal would require countries to adopt criminal measures, which are outside the body of the harmonised EU legislation. When read alongside the criminal measures provisions made public earlier in the ACTA negotiations, many concerns arise about the increased criminalisation of activities online. Without robust proportionality principles and with insufficient consideration of civil liberties and human rights protections, ACTA is a threat to ordinary behaviour on the Internet. The ineffective strategy of deterrence without balance undermines the legitimacy of the law.

After the new chapter of ACTA has leaked, an Opinion from the European Data Protection Supervisor (EDPS) explained that the current three strikes proposals may be incompatible with the current data protection requirements.

The EDPS complained that he was not involved by the European Commission in the debates on this treaty and declared: "Whereas intellectual property is important to society and must be protected, it should not be placed above individuals' fundamental rights to privacy and data protection. A right balance between protection of intellectual property rights and the right to privacy and data protection should be ensured. It is also particularly crucial that data protection requirements are taken into account from the very beginning of the negotiations so as not later on having to find alternative privacy compliant solutions."

The next round of negotiations will take place in New Zealand on 12-16 April 2010. Parties agreed tentatively to a 5 day round, covering a detailed discussion on Internet, civil, customs and penal measures.

Leaked ACTA draft reveals plans for internet clampdown (19.02.2010) http://computerworld.co.nz/news.nsf/news/leaked-acta-draft-treaty-reveals-pl
ans-for-internet-clampdown

Leaked ACTA chapter on Internet
http://sites.google.com/site/actadigitalchapter/acta_digital_chapter.pdf

EDRi FAQ on ACTA (22.02.2010)
http://www.edri.org/files/acta_FAQ_100222.pdf

Opinion of the European Data Protection Supervisor on the current negotiations by the European Union of an Anti-Counterfeiting Trade Agreement
(ACTA) (22.02.2010)
http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2010/10-02-22_ACTA_EN.pdf

Anti-Counterfeiting Trade Agreement: EDPS warns about its potential incompatibility with EU data protection regime (22.02.2010) http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/EDPS/PressNews/Press/2010/EDPS-2010-03_ACTA_EN.pdf

(contribution by Joe McNamee - EDRi)

============================================================
2. First decision in the Italian criminal case against Google executives ============================================================

Today, 24 February 2010, the Court of Milan made public the decision in the criminal trial against four Google executives, charged of defamation and illegal personal data handling in relationship to the publication on the video sharing platform  of a video containing act of bullyism against a person affected by the Down Syndrome.

The legal basis for the charges, following the prosecutor's theory of the case, was that those executives failed to exercise a pre-emptive control over the contents published by Google final users', thus allowing the infringement of the reputation of the concerned person and of an NGO representing Down-Syndrome-affected persons.

The Court acquitted all the defendant from the charges of defamation, while found them liable of the illegal personal data handling charge. The whole sentence (including the legal technicalities that support the decision) will be public within the next 30 days.

The legal oddity of the prosecutor strategy is this:
1 - there is a rule of law that says: to not stop a fact means to cause it,
2 - data protection law requires a prior authorization to be obtained before handling personal data,
3 - a video to be posted online is personal data,
4 - therefore Google executives had to check whether the user who posted the video got the preemptive authorisation from the people of the video, and
5 - by failing to do so, they infringed the data protection law
6 - furthermore, by not controlling in advance they let the video to libel the victim of the violence (this charge has been dismissed.)

The consequence is that under this (odd) interpretation of data protection law, every Internet Service Provider is requested to infringe its user privacy, to do a prior check on the legitimacy of the action performed by the users themselves.

A nice Catch 22, and a goodbye to network neutrality and online privacy !

Google execs convicted for Italy autism video (24.02.2010)
http://www.reuters.com/article/idUSTRE61N2G520100224

Case Vividown, the intermediary is responsible (only in Italian, 24.02.2010) http://punto-informatico.it/2819031/PI/News/caso-vividown-intermediario-responsabile.aspx

Intermediaries or controllers ? (only in Italian, 24.02.2010) http://punto-informatico.it/2819668/PI/Commenti/intermediari-controllori.aspx

Serious threat to the web in Italy (24.02.2010) http://googleblog.blogspot.com/2010/02/serious-threat-to-web-in-italy.html

(contribution by Andrea Monti - EDRi-member ALCEI Italy)

============================================================
3. France's Parliament pursues its goal to censor the Internet ============================================================

On 16 February, the National Assembly, the lower house of the French Parliament, passed the first draft of the so-called Loppsi 2 bill allowing the authorities to control the Internet under the pretext of improving the citizens' security.

The new legislation deals not only with child pornography sites, but has in view a long blacklist of other types of websites that ISPs will have to block. The list of banned Web sites would be provided by the Interior Ministry and it would be "the responsibility of each Internet service provider to ensure that users don't have access to unsuitable content."
According to article 4 of the draft law, the ISPs contacted by the authorities must block without delay the designated sites under the threat of being fined up to 75 000 euro and one year of imprisonment for their administrators in case of non-compliance.

The new legislation also allows the French police and security forces to enter a suspect's house and clandestinely install software to spy on private computers, following a judge decision.

Loppsi 2 contains other provisions as well, including improved interoperability between police files and personal data kept by institutions such as banks and a tripling of surveillance cameras in France under the pretext of "video protection."

MEP Sandrine Béllier believes the bill represents "a serious threat" to the neutrality of the Internet. "The filtering and blocking of the Web has become a standard weapon in the legislative arsenal of a government which has been shameless in its handling of personal freedoms," she said in an interview.

"Protection of childhood is shamelessly exploited by Nicolas Sarkozy to implement a measure that will lead to collateral censorship and very dangerous drifts. After the HADOPI comes the LOPPSI: the securitarian machinery of the government is being deployed in an attempt to control the Internet at the expense of freedoms", stated Jérémie Zimmermann from La Quadrature du Net.

The draft law will go for a second reading in the Senate and, if approved, it could come into force this summer.

The French Senate also started on 23 February 2010 the discussions on the draft legislation for the opening of the online gambling market that would require the ISPs to block any unauthorised gambling websites.

France Moves Closer to Unprecedented Internet Regulation (17.02.2010) http://www.spiegel.de/international/europe/0,1518,678508,00.html

French Parliament approves Net censorship (11.02.2010) http://www.laquadrature.net/en/french-parliament-approves-net-censorship

Loppsi was adopted by the National Assembly (only in French, 16.02.2010) http://www.numerama.com/magazine/15100-la-loppsi-a-ete-adoptee-par-l-assemblee-nationale.html

Loppsi: the installation of software spies to suspects is adopted (only in French, 11.02.2010) http://www.numerama.com/magazine/15076-loppsi-l-installation-de-mouchards-chez-les-suspects-est-adoptee.html

Filtering of web sites: ISPs simple executants (only in French, 9.02.2010) http://www.journaldunet.com/ebusiness/le-net/loppsi-et-internet/filtrage-des-sites-web.shtml

Online gambling filtering examined this Tuesday in the Senate (only in French, 23.02.2010) http://www.numerama.com/magazine/15127-le-filtrage-des-jeux-en-ligne-examine-ce-mardi-au-senat.html,

EDRi-gram: LOPPSI 2 French law - to block or not to block websites
(27.01.2010)
http://www.edri.org/edrigram/number8.2/loppsi-2-france-blocking-websites

============================================================
4. Germany's President signs an Internet bill against his own government ============================================================

Despite the fact that the German Government had decided not to apply the internet censorship law (Zugangserschwerungsgesetz) proposed by the former Government in April 2009, the new bill was signed on 17 February 2010 by German President Horst Köhler.

The president decided that the Access Impediment Law did not raise any significant concerns related to the compatibility with the German Constitution and that it was meant to fight online child pornography allowing the blocking of offensive web sites.

This is a delicate situation for the government which will need the opposition's support to repeal the legislation. Following the strong and massive opposition to the bill by Internet users and civil rights groups, the government coalition elected in September 2009 decided to put the law on hold, focusing rather on removing Internet offensive content, based on existing laws.

The government was hoping to have more time to draw up another anti-child pornography law that would repeal the Access Impediment Law. "New regulations will quickly be introduced that correspond to the principle of deleting rather than blocking access," said Justice Minister Sabine Leutheusser-Schnarrenberger on 17 February, adding that the government was decided not to apply the law. Her statement was backed up by the Interior Ministry.

The Working Group on Internet blocking and censorship (Censorship AK) asked for the repeal of the bill in a press release and called for a spontaneous demonstration of the Internet activists for the same goal. The demonstration took place on 17 February in front of the Bellevue Palace.

The Bitkom association, which represents the German IT industry, called on the government to clarify the situation and to quickly repeal the new law. A spokesman from the German Pirate Party said it was "unbelievable" that President Köhler had signed the law into force.

The opposition parties will introduce a bill on 25 February before the Bundestag, the lower house of the German Parliament, repealing the new law.

New Internet Legislation Embarrasses German Government (18.02.2010) http://www.spiegel.de/international/germany/0,1518,678782,00.html

The Working Group on Internet blocking and censorship calls for immediate lifting of Internet blocking law (only in German, 17.02.2010) http://ak-zensur.de/2010/02/unterzeichnung.html

Spontaneous demonstration in front of Schloss Bellevue (only in German,
18.02.2010)
http://www.netzpolitik.org/2010/dokumentation-der-spontan-demo-vor-schloss-bellevue

New law to censor internet child pornography (17.02.2010) http://www.dw-world.de/dw/article/0,,5259255,00.html

No internet censorship in Germany for the next year (18.10.2009) http://ak-zensur.de/2009/10/access-blocking-germany.html

ZugErschwG signed (only in German, 18.02.2010) http://blog.windfluechter.net/archives/919-ZugErschwG-unterzeichnet.html

EDRi-gram: Web blocking gets a reality check (21.10.2010) http://www.edri.org/edrigram/number7.20/web-blocking-germany-uk

============================================================
5. Spanish Fiscal Council criticizes the new draft law on IPR enforcement ============================================================

In a non-binding report issued on 12 February 2010, the Spanish Fiscal Council criticised the draft law proposed by the Government known as the Sustainable Economy Law (la Ley de Economía Sostenible - LES) that foresees new Intellectual Property Rights (IPR) enforcement measures on the Internet.

The Council shows concern related to the LES draft text which places the intellectual property rights at the same level with the fundamental rights such the freedom of expression, public security, national defence, public health or non-discrimination on grounds of race, sex or religion. In the Council's opinion, the intellectual property rights should be treated as property rights and not as fundamental rights.

The report also raises concerns over the fact that the draft law gives the Intellectual Property Commission (Comisión de Propiedad Intelectual - CPI) the power to propose the closing down of web sites offering download links to alleged unauthorized copyright content. According to the Fiscal Council this "has an enormous potential to invade the sphere of fundamental rights."

The report also emphasizes the fact that the proposed law "is limited to cases where the service provider is established in Spain or in a State of the European Union," which makes it inefficient. If sites with a Spanish domain are closed, other identical sites may occur in countries that are outside the EU.

Peaople's Party (PP) culture spokesman José María Lassalle stated that the Fiscal Council's report supports PP's position in the matter and there are many other voices that have expressed opposition to the proposed legislation. "This is not a law against violations of intellectual property, it is a law against civil rights," said Fernando Berlin, one of the promoters of RedSOStenible.net, consisting of bloggers, businessmen, and Internet user activist groups.

The Public Ministry also warned over the fact that the new draft allows CPI to ask ISPs data that would help in identifying alleged copyright infringers that sometimes will not be limited to information on the owner of a web page, but other data as well that would need previous court authorisation.

Therefore, the Fiscal Council proposes a modification of the draft text so that judicial authorisation should not refer only to data that are protected by the secret of communications fundamental right but also for data covered by the right to privacy. "Anyway, what in no case can CPI claim and cannot be provided by ISPs are data regarding private communications that may affect the fundamental right of the communication secret that mandatorily require judicial authorisation" says the report.

On 16 February 2010, the Ministry of Justice Francisco Caamaño defended the LES and the modification introducing a regulation that would be to the benefit of the right to freedom of expression and access to information and not so much to the benefit of intellectual property. He stated that the new law stipulated a judicial guarantee that would prevent an Administration institution to block access to a web page without court order.

In the meantime, the Spain EU presidency is pushing its Declaration of Granada for more IP enforcement actions. The present text suggest to the European Commission "to analyse the possibility to present a modified proposition of the Directive on the penal measures meant to guarantee the respect of the intellectual property rights, in order to complete EU legislative framework for the application of IPR" and invites "the member states and the Commission to act for the promotion of a high level of protection of the intellectual property in the bilateral and international agreements".

The Fiscal Council criticises the draft law allowing the Culture to close down web sites, (only in Spanish, updated 16.02.2010) http://www.elmundo.es/elmundo/2010/02/15/navegante/1266250340.html

Fiscal Council's Report - Draft project of the Sustainable Economy Law - Draft project of the organic law complementary to the Sustainable Economy Law (only in Spanish, 12.02.2010) http://www.elmundo.es/documentos/2010/02/15/informe.pdf

The Spanish Presidency proposes more repression on the Internet in its Declaration of Granada (only in Spanish, 12.02.2010) http://www.internautas.org/html/6016.html

The Minister of Justice defends the Sustainable Economy Law (only in Spanish, updated 16.02.2010) http://www.abc.es/20100216/cultura-/ministro-justicia-defiende-economia-201002161452.html

The Fiscal Council's non-binding report on Feb. 16 said the proposal Spanish Societies Reject Concerns Over Anti-Piracy Law (17.02.2010)
http://www.billboard.biz/bbbiz/content_display/industry/e3i47f0e86cdb78f21b75b6d36d1b457616

PP says the Fiscal Council supports its thesis on the downloading and criticises that the Government "continues without doing its homework" (only in Spanish, 16.02.2010) http://www.finanzas.com/noticias/formacion/2010-02-16/247579_dice-consejo-fiscal-avala-tesis.html

EDRi-gram: Spanish Government proposes new legislation against file-sharing
(13.01.2010)
http://www.edri.org/edrigram/number8.1/spain-law-file-sharing

============================================================
6. EP: Draft reports on IPR enforcement published ============================================================

The European Parliament (EP) is working on a position in regards with the European Commission's Green Paper on enhancing the enforcement of intellectual property rights on the internal market.

Three EP committees are involved in this process: the Legal Affairs Committee (MEP Mareille Gallo, EPP, France) in charge of this report, "Opinions" provided by the Industry, Research and Energy Committee (MEP Paul Rübig, EPP, Austria) and the Internal Market and Consumer Protection Committee (MEP Zusana Roithova, EPP, Czech Republic).

MEP Rübig's report calls for EU-wide licensing, interoperability and supports the "mere conduit" status of ISPs. However, he also calls for "effective" sanctions against copyright infringement.

MEP Roithova's report is quite balanced and avoids confusing copyright and piracy. It calls for transparency on ACTA and "calls for proportionate measures to be proposed for effectively and successfully combating the negative impact of infringement of intellectual property rights in the digital environment ("piracy") on the internal market and calls on the Observatory to analyse the impact of alternative systems of equitable compensation (for example, flat-rate licences)"

Unfortunately, MEP Gallo's report still confuses piracy and counterfeiting and paints a doom-laden picture of what piracy and counterfeiting mean for the EU ("threatens our economies and societies"). The report also demands reports on the implementation of existing IPR legislation, but notes already that it is inadequate. The draft document also calls for "cooperation" with and "warning messages" from ISPs.

The next steps planned for this IPR report are the discussion on amendments and the vote on 17 March 2010, with the final vote in the plenary estimated for April 2010.

EU Green Paper on enhancing the enforcement of intellectual property rights in the internal market (11.09.2009) http://ec.europa.eu/internal_market/iprenforcement/docs/ip-09-1313/communication_en.pdf

Draft Report on enhancing the enforcement of intellectual property rights in the internal market - MEP Mareille Gallo (15.02.2010) http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//NONSGML+COMPARL+PE-438.164+01+DOC+PDF+V0//EN&language=EN

Draft Opinion of the Committee on Industry, Research and Energy for the Committee on Legal Affairs on enforcement of intellectual property rights in the internal market - MEP Paul Rübig (29.01.2010) http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//NONSGML+COMPARL+PE-438.391+01+DOC+PDF+V0//EN&language=EN

Draft Opinion of the Committee on the Internal Market and Consumer Protection for the Committee on Legal Affairs on enhancing the enforcement of intellectual property rights in the internal market - MEP Zusana Roithova
(5.02.2010)
http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//NONSGML+COMPARL+PE-438.494+01+DOC+PDF+V0//EN&language=EN

(contribution by Joe McNamee - EDRi)

============================================================
7. French Court says an IP address is not enough for a user's identification ============================================================

The Paris Appeal Court has recently ruled that an IP address does not allow the identification of an Internet user and therefore needs no prior authorization from CNIL (National Commission for Information Technologies and Civil Liberties) to be collected.

The decision comes to support the ruling of the Cassation Court of 13 January 2009 stating that the collection of an IP address by the collective society SACEM agents was not to be considered as automatic treatment of personal data, thus reversing a previous decision of the Rennes Appeal Court of May 2009 which had considered the IP address as nominal data for the collection of which the prior authorization of the CNIL was needed.

According to the French Data Protection Act, sworn agents may process data related to offences, convictions, and safety measures on behalf of rights holders of victims of copyright infringements in order to ensure the defense of these rights but such processing, automatic or not, has to be previously authorized by the CNIL.

However, the Court of Cassation considered that such a sworn agent does not need a prior CNIL authorization if he accesses manually a person's list of files uploaded onto a peer-to-peer network in violation of copyrights. In the court's opinion, the collection of an IP address in order to find the user's identity through his ISP does not constitute data processing.

While the Court of Cassation did not express a view as to whether an IP address qualifies as personal data, the Appeal Court considers the IP address as the material evidence of the infringement and cannot be considered personal data because it does not identify the user.

The court also rejected the private copy exception by considering it "is not applicable to downloading, the purpose of using p2p software being exactly that of sharing and exchanging files between users (...)."

Justice: the IP address is not enough to identify a pirate (only in French,
18.02.2010)
http://www.numerama.com/magazine/15105-justice-l-adresse-ip-n-est-pas-suffisante-pour-identifier-un-pirate.html

French Court of Cassation Rules on Data Protection and Online Copyright Infringement (11.02.2010) http://www.huntonprivacyblog.com/2009/02/articles/french-court-of-cassation-rules-on-data-protection-and-online-copyright-infringement/

============================================================
8. Chip and PIN system proven to be flawed ============================================================

According to a research performed by a group of experts from the Computer Laboratory, of Cambridge University, the Chip and PIN system is flawed, allowing criminals to use stolen credit and debit cards, without knowing the correct PIN.

The thieves can easily create a device to modify and intercept communications between a card and a point-of-sale terminal, and making the terminal believe the PIN was correctly verified when actually any PIN could be introduced and the transaction would be accepted.

"The flaw is that when you put a card into a terminal, a negotiation takes place about how the cardholder should be authenticated: using a PIN, using a signature or not at all. This particular subprotocol is not authenticated, so you can trick the card into thinking it's doing a chip-and-signature transaction while the terminal thinks it's chip-and-PIN. The upshot is that you can buy stuff using a stolen card and a PIN of 0000 (or anything you want). We did so, on camera, using various journalists' cards. The transactions went through fine and the receipts say "Verified by PIN," said Professor Ross Anderson, one of the researchers.

The attacks can be successful for cards used online (a merchant POS contacting the bank) and offline, for any amounts of money and to bank schemes based on EMV (Europay, MasterCard, Visa). They would not work on ATMs and with cards that have already been cancelled by the bank.

The research conclusion is that the attacks are possible due to "a lack of authentication on the PIN verification response, coupled with an ambiguity in the encoding of the result of cardholder verification as included in the TVR (Terminal Verification Results)".

The main problem is that banks refuse to refund victims of this type of attacks because they state that a card cannot be used without the correct PIN which, as the paper shows is not true.

"This is not just a failure of bank technology. It's a failure of bank regulation. The ombudsman supported the banks and the regulators have refused to do anything. They were just too eager to believe the banks,"
stated Anderson.

Chip and PIN is broken (11.02.2010)
http://www.lightbluetouchpaper.org/2010/02/11/chip-and-pin-is-broken/

Chip and PIN is Broken (draft for the 2010 IEEE Symposium on Security and Privacy (draft) http://www.cl.cam.ac.uk/research/security/banking/nopin/oakland10chipbroken.pdf

Cambridge researchers show that the Chip and PIN system is vulnerable to fraud (11.02.2010) http://www.cl.cam.ac.uk/research/security/banking/nopin/press-release.html

Chip and pin card readers fundamentally flawed (11.02.2010) http://www.telegraph.co.uk/science/science-news/7215920/Chip-and-pin-card-readers-fundamentally-flawed.html

Chip and PIN is broken, say researchers (11.02.2010) http://news.zdnet.co.uk/security/0,1000000189,40022674,00.htm

============================================================
9. New Google's service raises privacy concerns ============================================================

The new networking service issued by Google company called Google Buzz has met criticism and confusion from its users who complained that a list of people they frequently email or chat with has appeared on their profile.

The problem occurred due to the default options when creating one's profile which automatically post the respective list from Gmail and Google chat. In order to avoid posting the respective list on the profile, the user has to use the opt-out variant or edit the list himself.

"Google attempted to jump start Buzz with lists drawn from its successful Gmail and Gchat services. While this may help Buzz grow and save users the time to type in all their contacts, it also has an inherent danger of inadvertent disclosure of private information," has commented EFF lawyer Kurt Opsah.

Google chief executive Eric Schmidt reacted to the users' criticism by stating that the issue had been caused by confusion and miscommunication.
"I would say that we did not understand how to communicate Google Buzz and its privacy. There was a lot of confusion when it came out on Tuesday, and people thought that somehow we were publishing their email addresses and private information, which was not true (...) I think it was our fault that we did not communicate that fact very well, but the important thing is that no really bad stuff happens in the sense that nobody's personal information was disclosed."

This statement is contradicted not only by users but even by Buzz product manager Todd Jackson's statement on 16 February who told BBC that the company was "very, very sorry" and that users were "rightfully upset".

Schmidt admitted however that the company made some changes in order to cope with the situation. "Since Tuesday we have made a series of changes to the product which make some very fundamental changes in the way that you initially experience it, in particular instead of automatically following everybody it now gives you a list of who you want to follow and it makes it incredibly explicit that it has not been giving them information without you giving it to them."

Protect Your Privacy on Google Buzz (12.02.2010) http://www.eff.org/deeplinks/2010/02/protect-your-privacy-google-buzz

What's the Buzz about? Studying user reactions (12.02.2010) http://www.lightbluetouchpaper.org/2010/02/12/whats-the-buzz-about-studying-user-reactions/

Google boss says 'nobody was harmed' by Buzz debacle (17.02.2010) http://www.guardian.co.uk/technology/2010/feb/17/google-buzz-schmidt

============================================================
10. Romania: Moral damages for publishing personal data online ============================================================

A Romanian local court has decided to award 10 000 Euro as moral damages to a private person, after his full details were published on the website of the City Hall, including his HIV-related problems.

In June 2008, Bucharest District 1 City Hall published on its website some decisions of the Local Council on the beneficiaries of free public transport by subway for persons with severe handicap. The decisions were published together with the annexes that contain all the personal data of the respective persons (name and surname, address, ID card number, Unique Personal Code Number and description of its respective disability).

The citizen who was on that list and initiated the action claimed moral damages, considering that the data should not have been made public, but just sent to the subway administration. He also claimed that he and his parents suffered several moral prejudices after this event by the deterioration of his relations with friends and neighbours. He actually was forced to move from that respective location due to this disclosure.

The City Hall argued that they did not intend to discriminate anyone and the publication of the Annexes was "a technical mistake".

The Bucharest District 1 Local Court of considered that the conditions required by the Romanian law on tort had been met , and the City Hall had breached the complainant's right to privacy as expressed in Article 8 of the European Convention of Human Rights, law 677/2001 (Romanian transposition of the data protection directive) and other specific legislation in the medical field that oblige the public servants to keep the confidentiality on patients with HIV positive or having AIDS. Therefore the Court has awarded damages of 10 000 Euro to the complainant.

The court's decision was appealed by the City Hall to the Bucharest Tribunal that rejected the appeal in February 2010. Thus, the initial decision of the Bucharest District 1 Local Court remains definitive and applicable.

It is probably the first case publicly known in Romania when a person receives moral damages from a national court on grounds of privacy breach, after a series of cases at the European Court of Human Rights where Romania was condemned for breaching Article 8. The decision of the court is also surprising in regards with the amount awarded, the Romanian courts being generally very defensive in awarding any moral damages.

Romania: record damages for publishing personal data on a website - contains also the full court decision (only in Romanian, 18.02.2010) http://legi-internet.ro/blogs/index.php/2010/02/18/daune-publicare-date-personale-site

ECHR case: Rotaru vs. Romania (4.05.2000) http://www.echr.coe.int/Eng/press/2000/May/Rotaru.eng.htm

============================================================
11. Germany DPAs to discuss the EU-US Safe Harbour Agreement ============================================================

The German data protection authorities want to have a meeting on the EU-US data protection Safe Harbour agreement and to agree on a resolution on this matter.

Heise reports that some of the German Lander Data Protection Authorities
(DPAs) that will meet in Düsseldorf in April are unhappy about the practical application of the Safe Harbour agreement, especially when a high number of servers from companies such as Google and Facebook is located there, including EU citizens personal data.

The concern of the German DPAs is motivated by report published by Galexia, a US consulting company, which found that more than 200 companies claimed to have joined the Safe Harbour Agreement without having done so. It also showed that only about 350 companies complied with the minimal requirements and that, by December 2008, in 10 years of application of the agreement, there has been only a court case for not fulfilling the requirements, without any sanctions for the infringing company.

The first case when a US company was charged by the US Federal Trade Commission on falsely claiming compliance with the Safe Harbour Privacy Principles took place only in 2009. The charged company - the Californian Internet retailer Balls of Kryptonite - had led consumers to believe it was located in the UK and had falsely claimed that they had self-certified their compliance with the Safe Harbour.

Safe Harbor Agreements: wild card for American privacy infringers? (only in German, 17.02.2010) http://www.heise.de/newsticker/meldung/Safe-Harbor-Abkommen-Freibrief-fuer-amerikanische-Datenschutz-Suender-933700.html

The US Safe Harbor - Fact or Fiction? (12.2008) http://www.galexia.com/public/research/articles/research_articles-pa08.html

US Prosecution for false web claim of Safe Harbor status (11.09.2009) http://www.galexia.com/public/research/articles/research_articles-byte08.html

Court Halts U.S. Internet Seller Deceptively Posing as U.K. Home Electronics Site (8.06.2009) http://www.ftc.gov/opa/2009/08/bestpriced.shtm

============================================================
12. ENDitorial: Richard Stallman on "Copyright versus Public" in Berne ============================================================

On 11 February 2010 the auditorium at the University of Berne was packed for a talk by Richard Stallman on copyright issues. Stallman is better known as the founder of the GNU free software system which, together with the operating system kernel named Linux, is very popular as GNU/Linux.

His talk was to be on software patents, but then he decided that when in Berne, he wanted to protest against aspects of the Berne Convention which constitutes the primary instrument of international law with regard to copyright. So, he adjusted the topic of his talk accordingly.

Stallman explained how copyright had been introduced as a way of protecting investments in printing. He described this as a win-win situation originally, as consumers didn't lose anything by not being allowed to reproduce paper books, but gained something, as without the printing industry there wouldn't be any cheap books at all. However, modern digital methods have changed this, as the reproduction costs of digital files are very low, whether for one or for many copies. Like the music and video industries, the book industry would like to maximize its economic power by controlling its customers with DRM, digital restrictions management. In extreme cases, the license to read a digital book might even be only temporary.

Stallman described the worst practices, from video-content-scrambling, the Sony rootkit, music on defective non-standard CDs, the "Amazon Swindle", right up to Apple's "iBad", all designed to move control from the customer to the seller.

He went on to refute the industry's claims of protecting the authors and artists, explaining that the existing system is in fact very unfair to everyone except a small number of best-sellers and stars.

Stallman also criticised the role of governments which serve not public but rather industrial interests, e.g. by continuousely lengthening the terms of copyright and criminalising people even for private copying. In effect, the content industry is stealing works which legitimately belong to the public after an initial period. The main problem is the length of this period extending long after the death of the authors or artists.

Stallman proposed that the duration of copyright should be about ten years from the date of publication, and that the copyright law should distinguish three categories of creative works, as follows:
"Functional works" which have a practical use for getting a job done, such as computer software, must be free in the sense of users having the freedom to modify the work and redistribute them in an original or modified form. Then, there are essays of opinion and scientific papers. For these, noncommercial sharing must be allowed. Finally, there are works of arts and entertainment. According to Stallman, with regard to this latter category, there are legitimate arguments on both sides with regard to whether non-commercial sharing should be allowed while they're in copyright. He insists that in any case, making a "remix" must be legal. Borderline cases should fall into the category which allows the public more freedom; this rule would be necessary to prevent abuse by intentional creation of borderline cases.

After the talk, Stallman auctioned a stuffed toy GNU with proceeds going to the Free Software Foundation, of which he is president. Bidding was brisk and went up to 500 CHF. Then it was question time, but most of the questioners didn't get the answers they wanted or were expecting!

After a brief lunch break, it was time for the demonstration with three
demands:
- Copyright lasts far too long;
- Works should only be covered by copyright if published with copyright notices;
- The "three step test" for exceptions to copyright places the copyright holders above the public, and interferes with liberties that the Internet-using public must have.

There were far fewer people, in fact only a couple dozen people at the demonstration being one of Berne's smallest ones. Although members of most political parties were present, it was visually completely taken over by the Pirate Party waving large orange flags. (Demands for freedoms in the context of the digital revolution belong to party's main agenda.) Led by Richard Stallman, the demonstrators marched from the University to the Waisenhausplatz, handing out leaflets and chanting "Sharing is good!" Here the demo officially ended under the watchful eye of the police, but reassembled briefly in front of the Federal House of Parliament for a couple of photos. In spite of the many cameras, none of the pictures, nor any mention of the event made it into the mainstream media.

It was a strange feeling to have a VIP like Stallman attract so many with words and so few with action, and then be so totally ignored by the mainstream media. It appears that while western democracies guarantee freedom of speech, the hurdle for getting the public's attention for ideas which are not yet in the mainstream is unreasonably high.

Free Software Foundation
http://www.fsf.org

Audio recording of Richard Stallman's talk (11.02.2010) http://www.digitale-nachhaltigkeit.ch/wp-content/uploads/2010/02/RichardStallman_2010-02-11_CopyrightVSPublic_Bern.ogg

Online reactions and pictures from the event (12.02.2010) http://www.digitale-nachhaltigkeit.ch/2010/02/richard-stallman/

(Contribution by Theo Schmidt and Norbert Bollow - Switzerland)

============================================================
13. Recommended Action
============================================================

Fundamental Rights Agency (FRA) International Video Competition
Topic: EU fundamental rights
Deadline for submission: 2.04.2010
Participants: EU citizens 18-30 years old http://fra.europa.eu/fraWebsite/attachments/Flyer-video-comp.pdf

============================================================
14. Recommended Reading
============================================================

Measuring the Perpetrators and Funders of Typosquatting At least 938,000 typosquatting domains target the top 3,264 .com sites.
http://www.benedelman.org/typosquatting/typosquatting.pdf
http://www.lightbluetouchpaper.org/2010/02/17/measuring-typosquattings-perpetrators-and-funders/

European Parliament - Culture Committee - Draft Report on "Europeana - next steps"
http://www.europarl.europa.eu/meetdocs/2009_2014/documents/cult/pr/793/793669/793669en.pdf
Amendments to the draft report
http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//NONSGML+COMPARL+PE-430.897+02+DOC+PDF+V0//EN&language=EN
EU online library needs 'more and better' content (23.02.2010)
http://www.euractiv.com/en/culture/eu-online-library-needs-more-and-better-content-news-279202

============================================================
15. Agenda
============================================================

5 March 2010, Brussels, Belgium
Colloquium 2010: What's left of your privacy in 2010.
Protecting privacy against government and employer
http://www.progresslaw.net/index.php?&lns=2

12-13 April 2010, Oxford, UK
4th PrivacyOS Conference
https://www.privacyos.eu/archives/98-Invitation-4th-PrivacyOS-Conference-Oxford.html

14-16 April 2010, Berlin, Germany
re:publica'10 - Conference about blogs, social media and the digital society http://www.re-publica.de/10

24 April 2010, London, United Kingdom
Open Knowledge Conference (OKCon) 2010
http://www.okfn.org/okcon/

29-30 April 2010, Madrid, Spain
EuroDIG 2010
http://www.eurodig.org/

6-7 May 2010, Krems, Austria
4th International Conference on eDemocracy 2010 Submission of papers: 1 March 2010 http://www.donau-uni.ac.at/en/department/gpa/telematik/veranstaltungen/id/13823/index.php

26-28 May 2010, Amsterdam, Netherlands
World Congress on Information Technology http://www.wcit2010.com/

30-31 May 2010, Montreal, Canada
Third International Workshop on Global Internet Governance: An Interdisciplinary Research Field in Construction Submissions for thematic presentations: 20 March 2010 http://giga-net.org/page/2010-international-workshop

8-9 June 2010 - Funchal, Portugal
4th International Workshop on RFID Technology - Concepts, Applications, Challenges - IWRT 2010 Paper Submission: 8 March 2010 http://www.iceis.org/Workshops/iwrt/iwrt2010-cfp.htm.

25-27 June 2010, Cluj, Romania
Networking Democracy?
New Media Innovations in Participatory Politics http://www.brisc.info/NetDem/

9-11 July 2010, Gdansk, Poland
Wikimedia 2010 - the 6th annual Wikimedia Conference http://wikimania2010.wikimedia.org/wiki/Main_Page

29-31 July 2010, Freiburg, Germany
IADIS - International Conference ICT, Society and Human Beings 2010 Paper submissions: 15 March 2010 http://www.ict-conf.org/

13-17 September 2010, Crete, Greece
Privacy and Security in the Future Internet 3rd Network and Information Security (NIS'10) Summer School http://www.nis-summer-school.eu

============================================================
16. About
============================================================

EDRI-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRI has 27 members based or with offices in 17 different countries in Europe. European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRI-grams.

All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and visibly on the EDRI website.

Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 3.0 License. See the full text at http://creativecommons.org/licenses/by/3.0/

Newsletter editor: Bogdan Manolea <[log in to unmask]>

Information about EDRI and its members:
http://www.edri.org/

European Digital Rights needs your help in upholding digital rights in the EU. If you wish to help us promote digital rights, please consider making a private donation.
http://www.edri.org/about/sponsoring

- EDRI-gram subscription information

subscribe by e-mail
To: [log in to unmask]
Subject: subscribe

You will receive an automated e-mail asking to confirm your request.
unsubscribe by e-mail
To: [log in to unmask]
Subject: unsubscribe

- EDRI-gram in Macedonian

EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/edrigram-mk.php

- EDRI-gram in German

EDRI-gram is also available in German, with delay. Translations are provided Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users http://www.unwatched.org/

- Newsletter archive

Back issues are available at:
http://www.edri.org/edrigram

- Help
Please ask <[log in to unmask]> if you have any problems with subscribing or unsubscribing.

************************************************************************************
Distributed through Cyber-Society-Live [CSL]: CSL is a moderated discussion
list made up of people who are interested in the interdisciplinary academic
study of Cyber Society in all its manifestations.To join the list please visit:
http://www.jiscmail.ac.uk/lists/cyber-society-live.html
*************************************************************************************

Top of Message | Previous Page | Permalink

JiscMail Tools


RSS Feeds and Sharing


Advanced Options


Archives

March 2024
February 2024
January 2024
December 2023
November 2023
October 2023
September 2023
August 2023
July 2023
June 2023
May 2023
April 2023
March 2023
February 2023
January 2023
December 2022
November 2022
October 2022
September 2022
August 2022
June 2022
May 2022
March 2022
February 2022
October 2021
July 2021
June 2021
April 2021
March 2021
February 2021
January 2021
December 2020
November 2020
October 2020
September 2020
July 2020
June 2020
May 2020
April 2020
February 2020
January 2020
December 2019
November 2019
October 2019
September 2019
August 2019
July 2019
June 2019
May 2019
March 2019
February 2019
January 2019
December 2018
November 2018
October 2018
September 2018
August 2018
July 2018
June 2018
May 2018
April 2018
March 2018
February 2018
January 2018
December 2017
November 2017
October 2017
September 2017
August 2017
July 2017
June 2017
May 2017
April 2017
March 2017
January 2017
December 2016
November 2016
October 2016
September 2016
August 2016
June 2016
May 2016
April 2016
March 2016
February 2016
January 2016
December 2015
November 2015
October 2015
September 2015
August 2015
July 2015
June 2015
May 2015
April 2015
March 2015
February 2015
January 2015
December 2014
November 2014
October 2014
September 2014
August 2014
June 2014
May 2014
April 2014
March 2014
February 2014
January 2014
December 2013
November 2013
October 2013
September 2013
August 2013
July 2013
June 2013
May 2013
April 2013
March 2013
February 2013
January 2013
December 2012
November 2012
October 2012
September 2012
August 2012
July 2012
June 2012
May 2012
April 2012
March 2012
February 2012
January 2012
December 2011
November 2011
October 2011
September 2011
July 2011
June 2011
May 2011
April 2011
March 2011
February 2011
January 2011
December 2010
November 2010
October 2010
September 2010
August 2010
July 2010
June 2010
May 2010
April 2010
March 2010
February 2010
January 2010
December 2009
November 2009
October 2009
September 2009
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
2006
2005
2004
2003
2002
2001
2000


JiscMail is a Jisc service.

View our service policies at https://www.jiscmail.ac.uk/policyandsecurity/ and Jisc's privacy policy at https://www.jisc.ac.uk/website/privacy-notice

For help and support help@jisc.ac.uk

Secured by F-Secure Anti-Virus CataList Email List Search Powered by the LISTSERV Email List Manager