Tuesday 18 May the Council of the European Union adopted by a qualified majority in its Competitiveness meeting a Common position for the Second Reading of the Software Patent Directive. The text is described by the Foundation for a free Information Infrastructure as 'the most uncompromisingly pro-patent text yet'. The Common Position, which was agreed upon by the 25 Member States' ministers in charge of Internal Market, Industry and Research, largely ignores a vote in the European Parliament last September to restrict patentability in a way that would have been in line with the European patent Convention and effectively rejected patentability of actual software.
The text that the Council has voted for is regarded by many experts as being even worse than the initial Commission proposal, to which it adds direct patentability of computer programs, data structures and process descriptions. This extension of the focus seems to be the result of a shift in the internal balance of powers within the European Commission. The DG Internal Market, led by Dutch Frits Bolkestein and strongly in favour of software patents, increasingly prevails over DG Information Society, led by Erki Liikanen from Finland and mostly sceptical about software patents.
In Tuesday's Council meeting, only Spain voted against the Draft Common Position; Austria, Italy and Belgium abstained. Before the decision, there had been rumours that more big member states such as Germany or France might vote against the proposal. That would have threatened the qualified majority who now adopted the position. The rumours about Germany were based on the words of Elmar Hucko, Ministerial Director in the Federal Department of Justice. A week ago, he told a demonstration of anti software patent activists in Berlin that the German government felt 'in substance closest to you' and that it wanted "under no circumstances American conditions in Europe... A patent must be a fair reward for a bona fide invention and not abused as a strategy to bludgeon competitors." However, the German Minister for the Environment, Juergen Trittin (Green Party), who represented his government, voted in favour of the Common Position.
The European Parliament is expected to debate the proposition in Second Reading, starting in September in the Legal Affairs Committee. The rapporteur will most likely again be Arlene McCarthy (PSE, UK), who took a pro-software patent position already in First Reading. The Council Common Position is neither binding nor the basis for amendments, but approximating their vote to the Council's would increase MEPs' chances to avoid a Third Reading, which would possibly be followed by a Conciliation Procedure.
FFII: EU Council Plans to Scrap Parliamentary Vote without Discussion (07.05.2004)
http://swpat.ffii.org/news/04/cons0507/index.en.html
Provisional minutes of Competitiveness Council (18.05.2004)
http://ue.eu.int/ueDocs/cms_Data/docs/pressData/en/intm/80522.pdf
Groklaw: German Politician Says Germany Will Vote Against Software Patents (13.05.2005)
http://www.groklaw.net/article.php?story=20040513125154288
(Contribution by Andreas Dietl, EDRI EU affairs director)
With the approval on 17 May 2004 of the transfer of airline passenger's personal data to the U.S., the Commission and the Council of the European Union have bluntly bypassed the European Parliament and Court of Justice.
Daniel Cohn-Bendit, head of the Green/EFA Group in the European Parliament, said the decision was "ignoring the declared will of the Parliament in an unprecedented way". Commission and Council agreed on Monday to hand over up to 34 personal data items from the Passenger Name Record (PNR) for every passenger flying to the United States from an EU country. The Council, composed of the EU's 25 Foreign Affairs ministers, adopted the agreement without debate, only a few hours after the Commission had officially passed a so-called adequacy finding, claiming that the data would find sufficient protection once it has been transferred to the U.S. The agreement will be signed next week in Washington.
"A negotiated solution is never perfect," said Commissioner Frits Bolkestein, in charge of Data Protection within the European Union. Bolkestein claims that, even though the United States had applied 'strong political pressure', the end result is 'balanced'. Resisting the US demands would according to Bolkestein have resulted in "chaos for EU passengers and airlines." Bolkestein's satisfaction is not surprising, since he already tolerated an even more extensive data transfer taking place on an illegal basis and without any guarantees since March 2003.
The data to be transferred include contact details such as addresses, phone numbers and also e-mail addresses, travel companions and credit card details. Other data considered even more sensitive such as meal preferences, allowing conclusions on a person's ethical and religious background, must be filtered out by the United States.
It is unclear how the filtering will be controlled. In what way the agreed data storing period of 3 years shall be controlled or who should monitor that data are not passed on to any other agencies besides the Department of Homeland Security - in particular to the United States' influential Secret Service community, remains equally unsolved.
In addition, the U.S. Administration reserves the right to store certain data longer than the three-year period and to pass the data on to third countries, who are not bound by any agreement with the EU and where inspections by independent data protection authorities are even less likely to happen than in the United States. Within the Department of Homeland Security, treatment of data originating from the EU will be subject to annual inspections by EU data protection authorities. The inspections will be announced in advance. If any abuse of the data should take place, it will thus be very simple for the U.S. side to erase the traces in time before the inspection team arrives.
The decision on the agreement creates new facts, which bypass the EU Parliament's earlier decision to ask an opinion from the European Court of Justice. The Parliament must therefore decide to go to Court again, in order to challenge the already existing agreement with the U.S. The date for the decision was very strategically chosen by Commission and Council: the Parliament is virtually inexistent before the elections to be held in mid-June, and it is not scheduled to meet again before July 19 - two days after the deadline expires for introducing a demand with the Court of Justice. This may be the reason why the Commission's adequacy finding, which was technically agreed upon on 12 May, was officially signed off five days later. If the adequacy finding had been given right away, it would have been easier for Parliament to go to the Court of Justice in time.
"This is really a cheap trick from the Council and the Commission," said Johanna Boogerd-Quaak, the Rapporteur on the PNR issue in the European Parliament. However, she took the precaution two weeks ago of asking the President of the European Parliament and of the Parliament's Legal Affairs Committee to call the Parliament back from the recession for a special sitting if the agreement should be signed. Both Presidents (of the Committee and of the Parliament) reacted positively. "One way or another, this issue will end up before the European Court of Justice," said Mrs. Boogerd.
Privacy International: Transferring Privacy and Inadequate Adequacy (17.05.2004)
http://www.privacyinternational.org/issues/terrorism/rpt/inadequateade...
Statewatch: EU agree US PNR deal (17.05.2004)
http://www.poptel.org.uk/statewatch/news/2004/may/10eu-us-pnr-deal.htm
Secretary Ridge statement on European Commission decision (17.05.2004)
http://www.whitehouse.gov/news/releases/2004/05/20040517-9.html
Article by Johanna Boogerd (in Dutch, 17.05.2004)
http://www.johannaboogerd.nl/artikel.asp?artikelID=193
(Contribution by Andreas Dietl, EDRI EU affairs director)
On Wednesday 5 May, the Mediation Committee, a common organ of the two German legislative bodies, adopted a compromise regarding the new German Telecommunications Act. It brought back a number of privacy restrictions that were already contained in the Government's draft act (See EDRI-gram nr. 21), but had been rejected by the Deutsche Bundestag, the German parliament (See EDRI-gram nr. 2.5).
The exemption from the mandatory identification of customers that was granted with regard to pre-paid phone cards has been abolished. This means everybody who's selling prepaid cards, will probably have to ask for ID, to collect name, address and date of birth of each customer.
The Mediation Committee also removed the provision granting reimbursement for providers that hand over data to the law enforcement authorities through an automatic information procedure. Providers will now have to hand-over data without any reimbursement. In the context of the manual information procedure, it has been stressed that service providers have to hand over, upon request, passwords, PINs and similar data necessary to access terminal equipment or storage media used in terminal or network equipment (which includes, inter alia, hard-drives of servers and similar equipment). And, finally, the exception that providers with less than 1.000 subscribers do not have to allow the interception of telecommunications has also been abolished (again).
Furthermore, the accompanying Telecommunications Surveillance Ordinance, that will be revised as well, will need the approval of the Bundesrat, the legislative body representing the German states ('Laender'). This is in contrast to the current legal situation and even goes beyond the Government's draft. It is critical with regard to privacy issues because the states are primarily responsible for matters relating to public security and thus tend to advocate far-reaching powers for law enforcement authorities. However, mandatory traffic data retention for a minimum period of six months was not introduced by the Mediation Committee, although it was requested by advocates of far-reaching powers for law enforcement.
The Bundestag immediately adopted the compromise of the Mediation Committee on 6 May; the Bundesrat adopted it on 14 May. The act will now be sent to the Federal President to be signed, and, after this will have happened, it will be promulgated in the Federal Law Gazette. The act is expected to enter into force on 1 July 2004.
Overview of the legislative process (in German)
http://www.tkrecht.de/index.php4?direktmodus=novelle-genese
Complete text of the Mediation Committee's compromise (in German)
http://www1.bundesrat.de/coremedia/generator/Inhalt/DE/2_20Bundesrat/2...
(Contribution by Andreas Neumann, Research Associate at the Centre for European Integration Studies and one of the editors of tkrecht.de)
The Dutch MP3 search engine zoekmp3.nl has won a clear victory in an full civil proceedings case they instigated against Brein, a Dutch representative body of both the recording industry and the music rights collecting societies. Zoekmp3 asked and got a clear confirmation that their activities as a search engine do not constitute a copyright infringement.
The website only provides information to its users where they can find mp3-files, the court said, and the users do not infringe on any third party rights. The court also explicitly refers to a recent debate in the Lower House about the new Copyright Act. The Dutch minister of Justice confirmed in this debate that downloading music for private use is perfectly legal, even if the source might be illegal. Different from a P2P-application like Kazaa, the users of the search engine do not make any files available to others. Just downloading files with the facilities of the search engine 'is therefore in principle nor infringing nor unlawful'.
The lawyer of the search engine, Christiaan Alberdingk Thijm, in 2002 successfully defended Kazaa in an appeal procedure against Brein's demands to prevent the exchange of unauthorised music files. Thijm comments: "We are very excited about the verdict. If Brein wishes to do something against unlawful music on the internet, they should go after the distributors."
MP3 search engine
http://www.zoekmp3.nl/
Verdict Haarlem court (in Dutch, 12.05.2004)
http://www.rechtspraak.nl/uitspraak/show_detail.asp?ui_id=60435
Translation into English
http://www.solv.nl/index.php?blz=6&lang=en
On 11 May 2004 the Ukrainian Parliament (Verkhovna Rada) adopted the new wording of a draft law amending several legislative acts concerning the protection of state secrets. This draft law was initially approved in July 2003, but was subsequently vetoed by the President due to several technical inaccuracies (incorrect numeration of articles, repeating several similar provisions, etc.).
The right of printed media journalists to freely receive, use, disseminate and store information will be limited to information which has 'open access mode' (amendments to Article 2(1) and Article 26(2) of the Law 'On Printed Mass Media'). This 'mode' is not defined in any law. This seems to be a violation of Article 34 of the Ukrainian Constitution, that does not limit freedom of information to any kinds or modes of information.
The law introduces the term 'confidential information owned by state'. This includes all information which is owned by state and used by state bodies, bodies of local self government and organisations and companies with mixed ownership. Access to these data is restricted. The authority to establish rules for storing and using documents containing confidential information owned by the state is given to the government (amendments to Article 30 of the Law 'On Information').
After the law had been adopted in July 2003, it was strongly opposed by EU representatives, OSCE, IFJ, domestic NGOs, and the Parliamentary Committee on freedom of speech and information. In an open address, a number of NGO representatives and politicians appealed to the President not to promulgate the law as far as its provisions contradict the Constitution of Ukraine and global freedom of information standards.
The new law was adopted with only minor changes compared to the previous version (mentioned inaccuracies are corrected, and 'confidential information owned by the state' is defined). All suggestions put forward by the President to the previously vetoed law are included. After the president of the Ukraine signs, the law will become effective from the day of law's official publication.
In spite of criticism of not including a general 'public interest' evaluation, Andriy Payzuk from Privacy Ukraine thinks the statute could improve the freedom of information in the Ukraine. Bringing the state-owned confidential information into a legal classification framework and establishing accessibility rules, "will probably reduce the practice of voluntarily over-classification by public officials."
Furthermore, Payzuk notes that "According to the Statute it is not allowed to classify as confidential environmental information, information on disasters, statistical data, information on violations of human rights, on breaches of law as well as information that should be publicly accessible according to domestic and international laws."
On 15 June 2004, Privacy Ukraine and Internews-Ukraine are jointly organising a conference in Kyiv on the topic of Freedom of Information.
Conference on the Freedom of Information (in Ukrainian and Russian)
http://e-uriadnik.org.ua/modules.php?name=Conferences
(Thanks to Olesya Arkhypska, Information Programs Director of the International Renaissance Foundation, Kyiv)
In a study about notice and take down procedures, researchers from the Oxford university centre for socio-legal studies were shocked to find how easily internet providers take down perfectly legal content. As mystery-shoppers they opened up 2 websites in July and November 2003, one in the United States and one in the United Kingdom with a section of John Stuart Mills 'On Liberty', published in 1869 and hence freely useable in the public domain.
Their website opened with the words: "The text is freely available throughout the web." The first sentence from the essay was: "The time, it is to be hoped, is gone by when any defence would be necessary of the "liberty of the press" as one of the securities against corrupt or tyrannical government (…)."
The researchers sent a complaint about copyright infringement to both the ISPs, posing as the John Stuart Mill Heritage Foundation (which does not exist as research on the web suggests). The complaint was sent via a free email service, without providing a detailed address or other proof of identity.
After the third e-mail, the U.S. provider answered that the webpage would only be taken down if the complainant would provide accurate information 'under penalty of perjury' (language required by the Digital Millennium Copyright Act). At this point the researchers discontinued the project, "even though no signature was required and somebody with some 'criminal energy' could have easily continued and used the required phrases."
In the UK though, the ISP removed the website just one day after receiving the complaint letter. The researchers conclude: "We learnt that with relative ease – sending one email – an ISP could be prompted to remove a piece of public domain content from their servers. Whilst in our symbolic case of the JS Mill extract, this may be of little import given that JS Mill’s work is replicated and downloadable in hundreds of other websites, there is no reason to believe that unique content should not be just as easily removable. We might think for example about the difficult area of defamation. It is at least theoretically possible that a powerful individual might use the apparent lack of due diligence on the part of ISPs to use the threat of liability for defamatory material to persuade ISPs to remove material."
The study provides good insight in the differences between liability legislation for providers in the U.S. and in Europe. Roughly summarised, the European E-commerce directive of 2000 just leaves too much space for providers to avoid risks and take down any material, without having to comply to a put-back procedure. The report recommends further clarification on the legal framework and an obligation for ISPs to record and publish details about complaints and procedure.
Simultaneously, the researchers published a broader study about codes of conduct in all digital content-related industries: from gaming to mobile services and from broadcasting and the film industry to the more traditional press councils for printed media.
Analysing internet codes of conduct, the study underlines the troubles with notice and take-down in Europe once more: "In the absence of any basic transparency of ISPs with regard to this issue it is impossible to evaluate the effectiveness of this procedure or its likely outcomes. The irony of the current situation is that its apparent defectiveness renders notice and takedown tolerable: if it were more effective in removing content, and more transparent about removal and blocking, it is likely that there would be loud calls for reform." (p.46)
How ‘Liberty’ disappeared from Cyberspace (by Christian Ahlert, Chris Marsden and Chester Yung )
http://pcmlp.socleg.ox.ac.uk/liberty.pdf
Self-regulation of digital media converging on the Internet - Industry codes of conduct in sectoral analysis (30.04.2004)
http://pcmlp.socleg.ox.ac.uk/IAPCODEfinal.pdf
On 18 May 2004, the Italian Senate turned a highly controversial new decree into law that puts heavy fines and even prison sentences on the download of movies, music or other copyrighted works even when done without any commercial purpose. Though the law speaks of penalties when 'making a profit', jurisprudence in Italy has already shown that this wording does not protect purely personal use.
Downloaders and file-sharers also risk the seizure of their equipment and a humiliating publication of the verdict in the national press. See EDRI-gram 2.8. The obligation on internet access providers to spy on their customers and proactively report to the police, was deleted by a parliamentary amendment. Hosting providers have to respond to a judicial request to hand-over customer data and take down or block access to infringing materials. The law will enter into force in a few days, one day after publication in the Official Journal.
The Italian legal website Interlex has a special dossier to commemorate the sad anniversary of 10 years of IP-related internet prosecution in Italy. On 12 May 1994 the homes of many Fidonet-users were raided by the Financial Guard, and many were prosecuted for software piracy. This large scale prosecution of users of the precursor of internet was unprecedented in the world. Nobody was ever convicted, but in spite of that the Italian government has successfully pushed through the Urbani law that gives unprecedented powers of protection to the IP-industry.
In his contribution titled '1994,2004. 1984: the continuing story' Giancarlo Livraghi, founder of the digital rights group Alcei, quotes the writer Bruce Sterling: "In Italy, in May 1994, Italian police launched an attack on Italian bulletin board systems that was at least twice the size of Operation Sundevil and may have been five times as large. This was the largest police seizure of bulletin board systems in world history. Italian police may not have been the first to carry out large-scale attacks on bulletin board systems, but they have done it with more gusto than anyone else in the world." Comparing those acts to current developments, Livraghi writes: "The absurd formulation of the Italian law that deals with unregistered software usage as if it were a crime according to criminal code, is one of the pillars on which today, like ten years ago, persecutions and abuse of law are based."
Roma vara la Legge Urbani (19.05.2004)
http://punto-informatico.it/p.asp?i=48267
Interlex dossier 'Dieci anni di perquisizioni e sequestri' (12.05.2004)
http://www.interlex.it/
Text of the Urbani law (18.05.2004)
http://www.senato.it/bgt/ShowDoc.asp?leg=14&id=00100895&tipodo...
The OECD working party on information security and privacy have published a very informative but dry report about biometrics. The report analyses theory and practice of the following major biometric-based technologies: finger-scanning, hand geometry, facial recognition, iris scanning, retinal scanning, finger geometry, voice recognition and dynamic signature verification. A brief description of other, more obscure biometric-based technologies such as ear geometry, body odour measurement, keystroke dynamics and 'gait' recognition (specific perambulatory movement) is also provided.
Avoiding any grand statements about the desirability of some of these techniques, the report concludes: "The extent to which we are willing to incorporate statutory and policy and technological controls into these systems and technologies will determine the extent to which they will improve our quality of life; providing convenience and security or conversely, the extent to which they threaten our liberty and freedom via actual or potential surveillance and control."
OECD Working Party on information security and privacy: Biometric-based technologies (28.04.2004)
http://appli1.oecd.org/olis/2003doc.nsf/43bb6130e5e86e5fc12569fa005d00...
21 May 2004, London, UK
Richard Stallman talks on software patents
http://www.fipr.org/press/040517softpat.html
3-4 June 2004, Vienna, Austria
Free Bitflows conference Conference and workshops about cultures of access and politics of dissemination, organised by Public Netbase (AT), in collaboration with Hull Time Based Arts (Hull, UK); V2_ (Rotterdam, NL); Bootlab (Berlin, DE); interSpace Media Art Center (Sofia, BG).
http://freebitflows.t0.or.at
10-12 June 2004, Berlin, Germany
Wizards of OS
http://wizards-of-os.org/index.php?id=835&L=3
13 June 2004, Berlin, Germany
Where next for copyright in Europe? A workshop featuring speakers from around Europe and the US.
http://wizards-of-os.org/index.php?id=921
13 June 2004, Berlin, Germany
WSIS panel Objective: To discuss and strategize for the involvement of European and North American NGOs in WSIS phase two. The meeting will be used to prepare for PrepCom 1 of phase two that will take place ten days later. Moderator Ralf Bendrath, bendrath(at)zedat.fu-berlin.de
15 June 2004, Kyiv, Ukraine
Conference on Freedom of Information Conference "Freedom of Information, Transparency and E-governance: The view of civil society" organised by Privacy Ukraine jointly with Internews-Ukraine, supported by OSI and the local Soros Foundation. As a part of the event the results of a competition among local authorities for best practices of e-openness will be announced.
http://e-uriadnik.org.ua/modules.php?name=Conferences (in Ukrainian and Russian).
15-17 September 2004, Strasbourg, France
The Council of Europe is planning a major international conference on "The Challenge of Cybercrime", which will bring together senior politicians, computer industry leaders and experts from around the world. No online information yet.