Print

Print


[CSL] EDRi-gram newsletter - Number 8.19, 6 October 2010

From: [log in to unmask] on behalf of EDRI-gram newsletter
Sent: Wed 06/10/2010 18:34
To: edri-news
Subject: EDRi-gram newsletter - Number 8.19, 6 October 2010

============================================================

            EDRi-gram

 biweekly newsletter about digital civil rights in Europe

     Number 8.19, 6 October 2010


============================================================
Contents
============================================================

1. EDRi's answer to net neutrality consultation
2. Hearing on Internet Blocking in the European Parliament
3. First warning letters sent by French ISPs under the three-strikes system
4. Italy: Online editors are not liable as the printed press
5. EU concerns for US plans to increase the amount of bank transfer data
6. New EC Expert Group on the Internet of Things
7. Private data exposed on UK Law firm website
8. YouTube won a case against copyright infringement accusations in Spain
9. Phorm case sends the UK to the European Court of Justice
10. ENDitorial: Council of Europe: Bad news as it happens
11. Recommended Action
12. Recommended Reading
13. Agenda
14. About

============================================================
1. EDRi's answer to net neutrality consultation
============================================================

Who gets to decide what you do on the internet: you or your internet service
provider? Until recently, the answer was simple: you decide which services
and websites you want to visit. This is changing rapidly, however. Most
internet providers want to restrict your internet traffic. Unless the
European Commission prohibits them from doing so.

EDRi, in a common submission with its member Bits of Freedom, urged the
European Commission to prohibit this. The submission was sent as an answer
to a public consultation on net neutrality opened until 30 September 2010.

In our submission, EDRi concludes that:
- An open internet is crucial for fundamental freedoms, innovation,
and competition.
- Internet providers, however, have incentives of their own to stifle
the open internet.
- Furthermore, governments and private parties attempt to force
internet providers to stifle the open internet for the benefit of narrow
sectorial interests.
- And, in practice, internet providers do indeed stifle the open
internet for the above reasons.
- Meanwhile, transparency obligations, competition and minimum
guarantees cannot safeguard an open internet.
- Waiting is not an option, as the examples of local loop unbundling
and mobile roaming demonstrate.
- Narrowly-tailored regulatory EU measures should therefore safeguard
the open internet.

Response of Bits of Freedom and EDRi to the public consultation of the
European Commission on the open internet and net neutrality in Europe
(30.09.2010)
http://www.edri.org/docs/netneutralityreaction300910.pdf

(thanks to Ot Van Daalen - EDRi-member Bits of Freedom)

============================================================
2. Hearing on Internet Blocking in the European Parliament
============================================================

The European Parliament's Civil Liberties Committee held a hearing on the
Child Exploitation Directive on 28 and 29 September, chaired by the
Parliament's Rapporteur, Roberta Angelilli (EPP, Italy).

The event was opened by the MEP responsible for the dossier, Ms Angelilli
herself and the Rapporteurs from the two Committees providing an "Opinion"
on the dossier - Culture (Petra Kammerevert, S+D, Germany) and Gender
Equality (Marina Yannakoudakis, ECR, UK). Ms Kammerevert reflected on the
detail of the proposal, on the need to ensure that the measure is well
targeted and that we use proper evidence to produce effective strategy. On
this basis, Ms Kammerevert argued strongly against the concept of web
blocking as an effective strategy. Ms Yannakoudakis argued that free speech
should not be a barrier when trying to protect children and blocking might
be useful and therefore should be deployed.

In the second session of the event, EU institutions and bodies gave their
views on the dossier. The interventions from the Fundamental Rights Agency
and the Deputy European Data Protection Supervisor were interesting insofar
as both highlighted the costs of blocking in terms of fundamental rights and
privacy but neither devoted a moment to question the supposed benefits. This
was even stranger when we consider that the Fundamental Rights Agency
pointed out the need to make a proper impact assessment. Ms Asenius, head of
Cabinet of Commissioner Malmström  repeated the frequently myth that there
were huge profits to be made in commercial exploitation of child abuse
images. However, in the discussion period afterwards, German Green MEP Jan
Albrecht pointed out that the Commission-funded "Financial Coalition against
Child Pornography" published an up to date report in September which shows
that this is simply not the case. Ms Asenius chose not to respond. A further
valuable but answerless question was put by Vilija Blinkeviciute (S+D,
Lithuania), who asked how the Parliament was supposed to legislate without
the data needed to make an informed decision.

The session with police organisations took place at the same time as the
Civil Liberties Committee organised a vote elsewhere in the Parliament.
As a result, there were no parliamentarians at all present for most of the
speeches. Bjorn-Erik Ludvigsen accused opponents of blocking of being in
favour of child abuse while Bjorn Sellström made an odd argument that
blocking would only be effective if everyone did it. From a law enforcement
perspective, it would appear to make more sense to aim motivating all
countries to prosecute crimes in their own country rather than creating
systems to hide infringements abroad.

In the final session devoted to NGOs, the UK hotline (the Internet Watch
Foundation) described the statistics produced by that organisation,
including the huge and rapid growth in the hosting of abuse material on free
hosting services (without mentioning that it is easier to have such sites
deleted than to block them), the growth in the abuse of free image hosting
sites (without mentioning that it is easier to have such images deleted than
to block them) and the growth in the proportion of websites that move very
quickly (without mentioning that these move too quickly to be blocked).

EDRi's presentation highlighted the technical inadequacies of blocking, the
risks associated with blocking and the poor preparatory work of the European
Commission. John Carr from the Commission-funded group eNACSO explained that
big companies had implemented blocking, so it couldn't be inadequate. He
added that guns could be used for good and bad purposes, so the fact that
blocking could be used for good and bad purposes did not mean that blocking
was inherently bad.

During the final discussion, Christian Bahls from MOgIS (the association of
abuse victims against blocking) argued that blocking risked damaging the
integrity of the Internet, that the issue with re-victimisation was not the
possible existence of images on the Internet but the very existence of the
images and also that it was necessary to do properly research the problem
and then produce solutions rather than the other way around.

EDRi's blocking booklet in English, German, Czech and Romanian
http://www.edri.org/issues/freedom

Text of EDRi presentation to the hearing (29.09.2010)
http://www.edri.org/files/libe_hearing_100929.pdf

Video of EDRi presentation at the hearing (29.09.2010)
http://www.youtube.com/watch?v=fxq--FqccGE

Commission official explains (again) the Commission's research
http://www.youtube.com/watch?v=KNKHMazHCuw

European Financial Coalition against commercial sexual exploitation of
children online - Report (2010)
http://www.ceop.police.uk/Documents/EFC%20Strat%20Asses2010_080910b%20FINAL.pdf

MOgIS YouTube channel
https://www.youtube.com/user/MOGiSVerein

EDRi-gram: ENDitorial: Internet blocking in ten weeks and counting
(22.09.2010)
http://www.edri.org/edrigram/number8.18/10-weeks-until-internet-blocking

(Contribution by Joe McNamee - EDRi)

============================================================
3. First warning letters sent by French ISPs under the three strikes system
============================================================

On 1 October 2010, Bouygues Telecom and Numéricable were the
first French ISPs to send warning emails to suspected illegal file-sharers,
on behalf of Hadopi authority. According the media reports several hunderds
warning emails have been send in these first days.

After this first message, the Internet user deemed to have allegedly
continued to illegally download copyrighted content in the following six
months, will receive a second warning by a registered letter. The third
alleged infringement may be penalised by a fine and the suspension of the
user's subscription up to a year without the possibility to make another
subscription during that period.

This is how the warning letter begins: "Attention, your Internet connection
has been used to commit acts that could constitute a breach of the law,"
adding that piracy "is a serious threat to the economy of the cultural
sector."

Orange and SFR were supposed to send their first e-mails on 4 October but
there has been no communication from them until now, while Free has already
stated it would not send the e-mails, pending an answer from the Ministry of
Culture and Hadopi on its alternative method for dealing with customers,
taking the privacy concerns of the French Data Protection Authority - CNIL
into account.

The French authority on implementing the three strikes law also launched on
1 October 2010 its official website, Hadopi.fr, which includes news, a
presentation of the authority, information on "responsible usage", a forum
for questions and other types of information such as the action to take in
case of receiving a warning message from the authority.

During a press conference that took place on 5 October 2010, Hadopi
representatives did not want to comment on the launch of the warning
messages. The only comment that Hadopi president Marie-Françoise Marais made
was that the three-strikes process was going on.

She also added that while the dialogue with the ISP Free was in progress,
Free's lack of cooperation would reflect on its users because they would not
receive an initial email warning in the event of copyright infringement but
they would receive a registered letter (the second stage) in case of
repeated infringement.

While the Hadopi.fr site has brought about a lot of sarcastic comments,
Numerama launched Hadopi-Data.fr site, a tool that will should allow the
supervision of Hadopi's activity considering that transparency is not a
strong point of the regulator.

Internet users having received a warning message may anonymously place
information on Hadopi-Data.fr regarding the date they received the warning,
the date of the alleged infringement act, the type of works in question and
their postal code. This last piece of information can be used to check out
whether there is any geographic targeting by Hadopi.

Based on the data input, Numerama intends to create graphs on the ISPs that
send the e-mails to their subscribers, on categories of works that generate
the most numerous warnings and on Hadopi's activity in time. The ammount of
data will therefore be vital in order to have a clear overview of the
situation.

La Quadrature du Net has also launched a citizen initiative trying to find
the first French Internet user to receive an e-mail initiated by Hadopi.

Threatened by attacks, Hadopi.fr opens its doors (only in French, 1.10.2010)
http://www.01net.com/editorial/521611/menace-dattaques-hadopi-fr-ouvre-ses-portes/

Hadopi-Data.fr :let's check together Hadopi's activity (only in French,
4.10.2010)
http://www.numerama.com/magazine/16921-hadopi-datafr-controlons-ensemble-l-activite-de-l-hadopi.html

Hadopi : the first e-mails at Bouygues, SFR, Orange and Numericable? (only
in French, 4.10.2010)
http://www.numerama.com/magazine/16963-hadopi-1ers-e-mails-chez-bouygues-sfr-orange-et-numericable.html

Hadopi. The first warnings sent (only in French, 5.10.2010)
http://www.letelegramme.com/ig/generales/france-monde/france/hadopi-premiers-avertissements-envoyes-05-10-2010-1071739.php

First Anti-Piracy Warnings Issued In France (5.10.2010)
http://www.billboard.biz/bbbiz/content_display/industry/e3i7b035dcf5d2c2ea7938f2863d0a5c27d

============================================================
4. Italy: Online editors are not liable as the printed press
============================================================

The Italian Court of Cassation ruled in a decision taken on16 July 2010 and
published on 1 October 2010 that online editors are not directly liable for
the content published on their websites. In this case, it was considered
that art.57 of the Italian Criminal Code which requires control of newspaper
editors over the published content covers exclusively the hard copy written
works.

The ruling overturned a previous decision of the Appeal Court of Milan
having convicted the editor of Merate Online portal for not having checked
the content of a letter that proved defamatory for Justice Minister Roberto
Castelli.

The Court of Cassation stated that Article 57 "refers specifically to
information disseminated through the 'press'. The letter of the law is
unequivocal and that conclusion also bears a historical interpretation of
the rule."

Law 47 from 1948 defines the 'press' as "any typographical or other
reproductions obtained by mechanical or physical-chemical way of
publication". In the court's opinion, a web publication does not fall into
the definition of the 1948 law and hence is not covered by art.57 of the
Criminal Law.

The ruling also relied on decree 70/2003 which explicitly rules out the
online service's responsibility for the content of their users in case they
are unaware of the illegal character of the respective content.

The director of a web newspaper is not liable for failing control (only in
Italian, 1.10.2010)
http://www.repubblica.it/cronaca/2010/10/01/news/cassazione_per_le_testate_web_non_vale_la_responsabilit_del_direttore-7622080/

Cassation: The Online Editor is not "responsible" (only in Italian,
2.10.2010)
http://www.mcreporter.info/stampa/cass35511.htm

Cassation Court - Decision no. 35511 (only in Italian, 16.07. 2010)
http://www.mcreporter.info/giurisprudenza/cass10_35511.htm

============================================================
5. EU concerns for US plans to increase the amount of bank transfer data
============================================================

The EU Commission and MEPs have requested clarifications from US
Administration regarding the plans to extend existing anti-terrorism
programs targeting bank transfers which would make the EU-US so-called Swift
agreement invalid.

The Washington Post announced on 27 September 2010 that the Obama
administration wanted to require U.S. banks to report all electronic money
transfers into and out of the country thus helping the authorities in
spotting transfers that might finance terrorist attacks. The expanded
financial data would allow anti-terrorist agencies to better understand
normal money-flow patterns in order to track down abnormal activities.

According to the Financial Crimes Enforcement Network's (FinCEN) rulemaking
proposal, the US Financial institutions will be required to report to the
Treasury Department the smallest transfers. Presently, only transactions in
excess of 10 000 USD and others transactions considered as suspicious are
reported.

US authorities plan to gather information about 750 million transfers per
year into a database that will be used by law enforcement and regulatory
agencies. The data attached to such transfers usually include the name,
address and account number of the sender and recipient and for money-service
businesses, a driver's license or passport number. The proposal also
requires the banks to provide the Social Security numbers for all
wire-transfer senders and recipients on an annual basis.

"By establishing a centralized database, this regulatory plan will greatly
assist law enforcement in detecting and ferreting out transnational
organized crime, multinational drug cartels, terrorist financing and
international tax evasion," was the explanation given by James H. Freis Jr.,
director of FinCEN.

FinCEN's proposal comes as a result of the requirements of the Intelligence
Reform and Terrorism Prevention Act of 2004 which asked the Secretary of the
Treasury to study the feasibility of requiring such financial institutions
as the Secretary determines to be appropriate to report to the Financial
Crimes Enforcement Network on certain cross-border electronic transmissions
of funds, if the Secretary determines that reporting of such transmissions
is reasonably necessary to assist the efforts of the Secretary against money
laundering and terrorist financing.

This move has created great concern in the EU. "We urgently seek
clarifications from the US if these plans are an infringement of the Swift
agreement and the EU commission promised to demand further information on
it," stated MEP Sophie in't Veld after a closed-door meeting with Commission
officials on 27 September.

Under the present Swift agreement that came into force on 1 August 2010, US
officials can request European data relevant to a specific terrorist
investigation from Swift but the request must be approved by the Europol,
EU's police co-operation unit, and has to meet certain requirements.
However, in view of the new US plans, the transactions between the European
and USA banks would be captured even if there is no substantiated need.

"We see so many data transfers - passenger name records, Swift data,
credit card information connected to the travel fee - that we are wondering
where all this ends," stated Sophie in't Veld who added "We are all getting
a bit tired of being taken by surprise all the time. The US is our friend
and ally, so we shouldn't be treated this way."

The plans are criticised in the USA as well. "This regulation is outrageous.
(....) I believe you need to show some evidence of criminality before you
are granted unfettered access to the private financial affairs of every
individual and company that dares to conduct financial transactions
overseas," said lawyer Peter Djinis, former FinCEN executive assistant
director for regulatory policy.

Money transfers could face anti-terrorism scrutiny (27.09.2010)
http://www.washingtonpost.com/wp-dyn/content/article/2010/09/26/AR2010092603941_pf.html

FinCEN Proposes Regulatory Requirement for Financial Institutions to Report
Cross-Border Electronic Transmittals of Funds (27.09.2010)
http://www.fincen.gov/news_room/nr/html/20100927.html

MEPs demand explanation on US plan to monitor all money transfers
(28.09.2010)
http://euobserver.com/9/30905/?rk=1

============================================================
6. New EC Expert Group on the Internet of Things
============================================================

On 22 and 23 September 2010 the kick-off meeting of a new European
Commission (EC) High Level Expert Group on the Internet of Things was held
in Brussels. The group is made up of about 50 members representing
organisations from industry, standardisation, research, civil society and
other sectors. Representatives from member states, the European Data
Protection Supervisor and the Article 29 Working Party participate in the
group as observers.

The group will operate until December 2012. According to the action plan
described in the Communication of the European Commission "Internet of
Things - An action plan for Europe" the group will work on governance,
privacy and data protection, standards and interoperability, health and
environment and other topics related to the development of an Internet of
Things.

With regard to privacy and data protection the concept of the right to the
"silence of the chips", which defines that everybody should have the right
to disconnect oneself from information technology, will be among the topics
to be discussed in the group.

Besides the Commission Communication, the report of the European Parliament,
the Opinion of the European Economic and Social Committee, the Opinion of
the Committee of the Regions on the Internet of Things and the Opinion of
the European Data Protection Supervisor on Promoting Trust in the
Information Society by Fostering Data Protection and Privacy will be
important documents guiding the work of the group.

EDRi has been invited by the European Commission to participate in the
Expert Group and is looking forward to working with the Commission, the
members and observers of the group on the framework for an Internet of
Things being an Internet for the people.

Commission Communication "Internet of Things - An action plan for Europe"
http://ec.europa.eu/information_society/policy/rfid/documents/commiot2009.pdf

European Parliament resolution of 15 June 2010 on the Internet of Things
(2009/2224(INI)) (15.06.2010)
http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//TEXT+TA+P7-TA-2010-0207+0+DOC+XML+V0//EN

EDRi-gram: EP calls for a clear legal framework for the Internet of Things
(30.06.2010)
http://www.edri.org/edrigram/number8.13/european-parliament-on-internet-of-things

Opinion of the European Economic and Social Committee on "The Internet of
Things"
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:C:2009:077:0060:0063:EN:PDF

Opinion of the Committee of the Regions on the Internet of Things and re-use
of Public Sector Information
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:C:2010:175:0035:0039:EN:PDF

Opinion of the European Data Protection Supervisor on Promoting Trust in the
Information Society by Fostering Data Protection and Privacy (19.03.2010)
http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2010/10-03-19_Trust_Information_Society_EN.pdf

(Contribution by Andreas Krisch - EDRi)

============================================================
7. Private data exposed on UK Law firm website
============================================================

On 24 September 2010, the website of the UK Law Firm ACS:Law suffered a
massive breach of security apparently under a Denial of Service attack
initiated by a group entitled Anonymous within the Operation Payback, which
led to the exposure of what seemed to be part of the internal email database
of the website.

Although the ISP hosting ACS:Law's website suspended the account right after
the attack, the site became active again, without any apparent reason,
pointing to the root directory of the web and revealing a folder containing
an archived backup of the company's mailboxes. The content of the folder was
downloaded and posted on Pirate Bay.

ACS:Law has been well known lately for the threatening letters sent to
alleged file sharers suspected of breaching copyright asking them to pay
money in order to avoid going to court. The company was already referred by
privacy groups to the Solicitors Disciplinary Group for "bullying and
excessive conduct" at the beginning of September 2010.

The data exposed by the attack appear to include among other things, an
excel file attached to an e-mail sent by Andrew Crossly, head of ACS:Law, to
his colleagues, including the names and addresses of apparently more than
10 000 broadband subscribers with the names of the movies allegedly
downloaded by them in breach of copyright.

As a result of the event, Privacy International (PI) has announced that it
was blaming ACS:Law for the indicent and that it was planning to bring a
legal action against the company for breaching the privacy of internet
users. PI has also notified the UK Data protection authority - Information
Commissioner's Office (ICO) on the matter.

"... there is no evidence to suggest that the web server was compromised; it
would seem that this data breach was purely down to poor server
administration and a lack of suitable data protection and security
technologies. there is no evidence to suggest that the web server was
compromised; it would seem that this data breach was purely down to poor
server administration and a lack of suitable data protection and security
technologies," says PI in a press release issued on 27 September.

Information Commissioner Christopher Graham took the matter seriously and
told the BBC that he would investigate the matter which might be a chance
for him to use the extra powers he has been recently granted. ACS:Law might
face a very significant fine.

"The Information Commissioner has significant power to take action and I can
levy fine of up to half a million pounds on companies that flout the Data
Protection Act," said the Commissioner.

The ICO will investigate on the security of the information stored by
ACS:Law and on how easy it was to access it. "We'll be asking about the
adequacy of encryption, the firewall, the training of staff and why that
information was so public facing," said the Commissioner.

ACS:Law Email Database Leaked onto The Pirate Bay (24.09.2010)
http://www.slyck.com/story2058_ACSLaw_Email_Database_Leaked_onto_The_Pirate_Bay

Law firm could face first £500,000 data leak fine (29.09.2010)
http://www.out-law.com//default.aspx?page=11404

Privacy International Plans Legal Action Against ACS:Law (27.09.2010)
http://www.slyck.com/news.php?story=2061

PI aims to pursue UK law firm for data breach (27.09.2010)
http://www.privacyinternational.org/article.shtml?cmd%5B347%5D=x-347-566663

EDRi-gram: UK: Harassing innocent users for copyright infringement
(8.09.2010)
http://www.edri.org/edrigram/number8.17/acs-law-harassing-copyright-infringement

============================================================
8. YouTube won a case against copyright infringement accusations in Spain
============================================================

Google has won a battle against Spanish broadcaster Telecinco which brought
the company to court in June 2008 claiming that the company's service
YouTube was liable for the copyrighted material posted by its users.

Spanish Commercial Court no.7 of Madrid ruled against Telecino, following
the EU E-commerce directive which says that a website is responsible for the
content uploaded by its users only if a notification of allegedly copyright
infringing content is made. Once the notification is received, the website
has to remove the respective content.

Telecino claimed that Youtube already had procedures in place for copyright
owners to identify and notify the website of any videos that allegedly
breach copyright but Google argued that screening material before it was
made available would be an impossible action.

"This decision demonstrates the wisdom of European laws. More than 24 hours
of video are loaded on to YouTube every minute. If internet sites had to
screen all videos, photos and text before allowing them on a website, many
popular sites - not just YouTube, but Facebook, Twitter, MySpace and
others - would grind to a halt," was Aaron Ferstman's comment on Google;s
European public policy blog.

Google has also been careful to reaffirm that it respects copyright laws:
"We are very pleased with today's ruling. The win today confirms what we
have said throughout this process: YouTube complies with the law. The ruling
recognises that YouTube is merely an intermediary content-hosting service
and therefore cannot be obliged to pre-screen videos before they are
uploaded."

Telecino, which was bound to pay for the trial expenses, stated that the
judge's decision was only trying to avoid "taking a decision that would have
placed in checkmate the national and international trade of YouTube and its
owner Google" and that it intended to defend itself from the attacks against
its rights and to appeal to superior legal courts.

Spanish court throws out copyright infringement claims against Youtube
(23.09.2010)
http://www.theinquirer.net/inquirer/news/1735045/spanish-court-throws-copyright-infringement-claims-youtube

YouTube wins against Telecinco in the tribunal(only in Spanish, 23.09.2010)
http://www.elmundo.es/elmundo/2010/09/23/comunicacion/1285234927.html

Google wins YouTube case in Spain (23.09.2010)
http://www.guardian.co.uk/technology/2010/sep/23/google-wins-youtube-case-spain

A big win for the Internet (23.09.2010)
http://googlepolicyeurope.blogspot.com/2010/09/big-win-for-internet.html

============================================================
9. Phorm case sends the UK to the European Court of Justice
============================================================

The European Commission announced that it has referred the UK to the
European Court of Justice for an improper implementation of EU data
protection rules, following several complaints in the Phorm case.

The Commission received complaints from the UK citizens about Phorm that
worked by checking out the web traffic between an ISP client and the sites
it visits.

This form of behavioural advertising by ISPs (targeted advertising based on
prior analysis of users' internet traffic) was reported by
EDRi-member Open Rights Group and others NGOs to the UK Data Protection
Authority - Information Commissioner's Office.

British Telecom ran in 2006 and 2007 two secret trials of deep-packet
inspection technology on its broadband customers, without informing them.

The European Commission started the legal action against the UK in April
2009 and sent another warning in October 2009 asking the British authorities
to properly implement the Data Protection Directive and the ePrivacy
Directive.

Now, the Commission has referred UK to the European Court of Justice for
failing to "ensure the confidentiality of the communications and related
traffic data by prohibiting unlawful interception and surveillance" and to
implement in the UK law the definition of consent as the "freely given,
specific and informed indication of a person's wishes".

Digital Agenda: Commission refers UK to Court over privacy and personal data
protection (30.09.2010)
http://europa.eu/rapid/pressReleasesAction.do?reference=IP/10/1215&format=HTML&aged=0&language=EN&guiLanguage=en

EU takes Britain to court over online data protection (30.09.2010)
http://euobserver.com/22/30935

EU taking UK to court for privacy deficiencies highlighted by Phorm
(30.09.2010)
http://www.openrightsgroup.org/blog/2010/eu-taking-uk-to-court-for-privacy-deficiencies

EDRi-gram: UK: Phorm threat (28.01.2009)
http://www.edri.org/edri-gram/number7.2/phorm-uk

============================================================
10. ENDitorial: Council of Europe: Bad news as it happens
============================================================

The third Council of Europe (CoE) Committee of experts on new media (MC-NM),
held on 27-28 September 2010 in Strasbourg, is likely to dampen enthusiasm.

To start with, the current vice-chair Michael Truppe is leaving the group
to hold another position on the Austrian scene. With his knowledge of the
group issues and his vision of an Internet upholding Human Rights, Michael
Truppe has been instrumental to many achievements of the MC-S-IS group
(MC-NM predecessor), especially with regards to the 'Recommendation on
measures to promote the respect for freedom of expression and information
with regard to Internet filters', adopted by the CoE Committee of Ministers
in 2008. During MC-NM works, he also brought a major contribution to the
draft Declaration on Network Neutrality.

However, and this is the second bad news, such draft texts may see important
modifications before they became adopted, since they first go through the
parent body, the Steering Committee on Media and New Communication Services
(CDMC) and only then are submitted to the CoE Committee of Ministers for
adoption. This is what regrettably happened to the CoE Declaration on
Network Neutrality (NN), adopted on 29 September 2010. While the draft,
though being simply a Declaration, was an encouraging political stand from
the CoE on NN, the adopted text looks like a spineless document that,
actually, doesn't bring much to the issue.

Where the draft called for "unobstructed" access for users to internet-based
content, applications and services of their choice, the adopted text
contents itself with "greatest possible access". One might wonder what this
could ever mean, when such access possibilities are confronted to both the
greediness of network operators, ISPs and online service providers and the
breaches of human rights and fundamental freedoms by governments!
Furthermore, the CDMC added a provision in reference to the EU Telecom
Package adopted in 2009, following a request from one of the EU Member
States. The document was finalised some days before the end of the Spanish
presidency. In summary, this dilution makes the Declaration on Net
Neutrality a squandered opportunity for the CoE, as well as for all those
who see the democratic issues at stake with NN, rather than simply a need to
ensure transparency for consumers and fair competition in a market being, in
any event, dominated by few companies.

The third bad news derives from management decisions by the CDMC leading to
fewer human resources for its subordinated groups, at least the MC-NM.
Concretely, this means that the MC-NM work on draft Recommendations
regarding both search engines and social networks, in view of ensuring the
respect for privacy and freedom of expression in these sectors, is now in
stand-by mode, while the priority is given to the least advanced work, that
is the draft Recommendation on a new notion of media.

This decision to postpone the completion of the almost finished work on
search engines and social networks is very unfortunate, given that both
issues are very timely and involve major stakes in terms of fundamental
rights and freedoms, although it is granted that discussing the extension of
the notion of media - and, as a corollary, of the application of the media
laws - to new media and the web2.0 services is of utmost importance.

This is indeed a democratic issue, as the discussion during last MC-NM
meeting has highlighted: if YouTube was considered a media, could it be
blocked for more than 2 years now by a CoE Member State, namely Turkey,
which has to comply with freedom of the media? If so-called 'citizen
journalism' platforms were considered as media, shouldn't they operate under
principles such as that of the protection of sources and the right to reply
and a the same time be subject to some professional standards? Should
bloggers be granted the status of journalists and under which conditions?
When Google is found liable by French courts for the third time, because of
its 'Google Suggest' service, on the basis that Google does indeed add a
human intervention in some cases, does it exert an editorial interference or
does it simply take action to protect its own interests? Should the online
service market domination by a handful of vertically integrated
multinational companies be considered as dangerous media concentration or as
a dominant market position? In one word, should these services be regulated
by media laws or by e-commerce laws?

One can easily understand that the issue is complex, should be approached
with particular caution, and needs very rigorous definition of criteria to
identify under which conditions web2.0 services should be considered as
media. The third MC-NM meeting dedicated almost its two days to this
discussion, as the necessary prerequisite to come up with any Recommendation
on the status of new media. Obviously, by no mean this could be reasonably
completed by the end of the year or even earlier as requested by CDMC: such
haste could only be harmful when human rights, democracy and freedom of the
media are at stake.

Last but unfortunately not least of the bad news series is related to the
developments of the Cross-border Internet group (MC-S-CI). This group is
also subordinated to the CDMC, but, contrarily to the case of MC-NM, is
formed by, literally, a handful of individual experts (5 persons!) picked up
by CDMC members, in view of nothing less than drafting a Convention, i.e. a
Treaty... EDRi was granted the observer status to this group. However, an
observer can only observe formal (i.e. announced and open) meetings, while
the individual experts seem to have opted for "informal meetings", whatever
this could mean.

As a matter of fact, after a single formal meeting on 1-2 March 2010, which
EDRi unfortunately missed, the MC-S-CI apparently led to prolific
achievements: two draft CoE Declarations on, respectively, the Digital
Agenda for Europe (indicating some extensive interpretation of MC-S-CI terms
of reference) and the management of the Internet protocol address resources
in the public interest (both adopted by the Committee of Ministers on 29
September) and even a draft standard-setting instrument. Regarding the
latter, a conceptual framework document was ready for presentation and
discussion at a workshop during the 2010 EuroDIG meeting in Madrid on 28-29
April and the draft instrument itself was circulated at a 2010 IGF workshop
in Vilnius on 14-17 September (where the approach and provisions faced a lot
of criticism). One would certainly bow before such intense productivity, if
the situation were not raising important democratic concerns in terms of
transparency and accountability.

When considering, on top of this, the fact that most of the experts are
ICANN insiders, the concerns can only grow, especially since the only human
rights expert from the group has now resigned. As a matter of fact, the
MC-S-CI group also has, in the mean time, prepared another draft Declaration
on "enhanced participation in Internet governance matters - Governmental
Advisory Committee (GAC) of the Internet Corporation for Assigned Names and
Numbers (ICANN)" (adopted by the Committee of Ministers on 26 May 2010), and
has been instrumental in having the CoE secretariat participating to the
GAC's activities, first as observer and later if possible by contributing to
GAC Secretariat. The diffusion of CoE values of human rights, democracy and
the rule of law to IGF and ICANN would certainly improve the latter two in
terms of process and substance. However, if MC-S-CI developments continue
behind the scene as they currently show, there is a high risk that the
contrary might happen, with the CoE being contaminated by the numerous flaws
IGF and ICANN have demonstrated so far, as widely analysed in the academic
and grey literature, as well as by various NGOs inside and outside these
circles.

In conclusion of this list of deep concerns, the only good news is probably
the fact that the MC-S-NR group (Group Protection of Neighbouring Rights of
Broadcasting Organisations) has not yet started its work, waiting for the
European Commission to be mandated to negotiate, within the CoE framework, a
Convention on the protection of neighbouring rights of broadcasting
organisations (a.k.a. the resurrection of the broadcasting Treaty, formerly
killed at WIPO).

CDMC and subordinated subgroups public websites
http://www.coe.int/t/dghl/standardsetting/media

Recommendation CM/Rec(2008)6 of the Committee of Ministers to member states
on measures to promote the respect for freedom of expression and information
with regard to Internet filters, (26.03.2008)
https://wcd.coe.int/ViewDoc.jsp?Ref=CM/Rec(2008)6

EDRi-gram: ENDitorial: CoE - The Good, The Bad And The Ugly (09.04.2008)
http://www.EDRi.org/EDRigram/number6.7/coe-good-bad-ugly

CoE Declaration of the Committee of Ministers on network neutrality
(29.09.2010)
https://wcd.coe.int/ViewDoc.jsp?Ref=Decl(29.09.2010_2)

EDRi-gram: New Media, Search Engines And Network Neutrality On 2010 CoE
Agenda (07.04.2010)
http://www.EDRi.org/EDRigram/number8.7/coe-new-media-working-group

CoE Declaration of the Committee of Ministers on the Digital Agenda for
Europe (29.09.2010)
https://wcd.coe.int/ViewDoc.jsp?Ref=Decl(29.09.2010_1)

CoE Declaration of the Committee of Ministers on the management of the
Internet protocol address resources in the public interest (29.09.2010)
https://wcd.coe.int/ViewDoc.jsp?Ref=Decl(29.09.2010_3)

EURODIG workshop on "Sovereignty of states and the role and obligations of
governments in the global multi-stakeholder Internet environment"
(30.04.2010)
http://www.eurodig.org/eurodig-2010/programme/workshops/workshop-6

IGF workshop on "a proposal for setting a standard of care in international
law for cross-border Internet" (14.09.2010)
http://www.intgovforum.org/cms/component/chronocontact/?chronoformname=WSProposals2010View&wspid=60
(description)
http://www.intgovforum.org/cms/component/content/article/102-transcripts2010/641-60
(transcript)

CoE Declaration of the Committee of Ministers on enhanced participation in
Internet governance matters - Governmental Advisory Committee (GAC) of the
Internet Corporation for Assigned Names and Numbers (ICANN) (26.05.2010)
https://wcd.coe.int/ViewDoc.jsp?Ref=Decl(26.05.2010_1)

EDRi-gram: ENDitorial: Undead Wipo Treaty Resurrected In Council Of Europe
(10.02.2010)
http://www.EDRi.org/EDRigram/number8.3/broadcasting-treaty-council-of-europe

(Contribution by Meryem Marzouki, French EDRi-member IRIS)

============================================================
11. Recommended Action
============================================================

I call on Commissioner Malmström to withdraw on her initiative of
website blocking.
Instead of employing the same techniques as China and other totalitarian
regimes, I call on the European Commission to improve law enforcement
cooperation both inside the European Union and with outside partners, to
ensure swift deletion of child porn websites as well as an effective and
determined prosecution of the perpetrators.
http://www.deletion-not-blocking.eu/sign.html

============================================================
12. Recommended Reading
============================================================

Ian Brown: Communications Data Retention in an Evolving Internet
(27.09.2010)
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1683284

French Telecom regulator (ARCEP) has published ten proposals and
recommendations for promoting a neutral and high quality Internet.
(30.09.2010)
http://bit.ly/dp5klS

============================================================
13. Agenda
============================================================

8-9 October 2010, Berlin, Germany
The 3rd Free Culture Research Conference
http://wikis.fu-berlin.de/display/fcrc/Home

25-26 October 2010, Jerusalem, Israel
OECD Conference on "Privacy, Technology and Global Data Flows", celebrating
the 30th anniversary of the OECD Guidelines on the Protection of Privacy and
Transborder Flows of Personal Data
http://www.oecd.org/sti/privacyanniversary

27-29 October 2010, Jerusalem, Israel
The 32nd Annual International Conference of Data Protection and Privacy
Commissioners
http://www.privacyconference2010.org/

28-31 October 2010, Barcelona, Spain
oXcars and Free Culture Forum 2010, the biggest free culture event of all
time
http://exgae.net/oxcars10
http://fcforum.net/10

3-5 November 2010, Barcelona, Spain
The Fifth International Conference on Legal, Security and Privacy Issues in
IT Law.
http://www.lspi.net/

5-7 November 2010, Cologne, Germany
Transparency, Work, Surveillance
Joint Annual Meeting of FIfF and DVD
http://fiff.de/veranstaltungen/fiff-jahrestagungen/JT2010/jt2010_uebersicht

5-7 November 2010, Gothenburg, Sweden
Free Society Conference and Nordic Summit
http://www.fscons.org/

17 November 2010, Gent, Belgium
Big Brother Awards 2010 Belgium
http://www.winuwprivacy.be/kandidaten

25-28 January 2011, Brussels, Belgium
The annual Conference Computers, Privacy & Data Protection CPDP 2011
European Data Protection: In Good Health?
Submission deadline for Full Papers and Position Papers: 16 November 2010
http://www.cpdpconferences.org/

============================================================
14. About
============================================================

EDRI-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRI has 27 members based or with offices in 17 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge and
awareness through the EDRI-grams.

All contributions, suggestions for content, corrections or agenda-tips are
most welcome. Errors are corrected as soon as possible and visibly on the
EDRI website.

Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 3.0 License. See the full text at
http://creativecommons.org/licenses/by/3.0/

Newsletter editor: Bogdan Manolea <[log in to unmask]>

Information about EDRI and its members:
http://www.edri.org/

European Digital Rights needs your help in upholding digital rights in the
EU. If you wish to help us promote digital rights, please consider making a
private donation.
http://www.edri.org/about/sponsoring

- EDRI-gram subscription information

subscribe by e-mail
To: [log in to unmask]
Subject: subscribe

You will receive an automated e-mail asking to confirm your request.
unsubscribe by e-mail
To: [log in to unmask]
Subject: unsubscribe

- EDRI-gram in Macedonian

EDRI-gram is also available partly in Macedonian, with delay. Translations
are provided by Metamorphosis
http://www.metamorphosis.org.mk/edri/2.html

- EDRI-gram in German

EDRI-gram is also available in German, with delay. Translations are provided
Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for
Internet Users
http://www.unwatched.org/

- Newsletter archive

Back issues are available at:
http://www.edri.org/edrigram

- Help
Please ask <[log in to unmask]> if you have any problems with subscribing or
unsubscribing.


************************************************************************************ Distributed through Cyber-Society-Live [CSL]: CSL is a moderated discussion list made up of people who are interested in the interdisciplinary academic study of Cyber Society in all its manifestations.To join the list please visit: http://www.jiscmail.ac.uk/lists/cyber-society-live.html *************************************************************************************