The European Union's disputed Directive on the Enforcement of Intellectual Property Rights is scheduled for a fast-track procedure that may lead to it being adopted by the European Council in little more than two weeks. At present, it is still under discussion in the Brussels Parliament. The Rapporteur, French Conservative Janelly Fourtou, and the Council both wish to pass this Directive in First Reading, before the enlargement of the European Union. Trying to avoid delay by too much discussion, they have each chosen the fastest procedure possible in their respective institutions.
The final discussion about the report in the Parliament's Legal Affairs Committee took place on Monday 23 February. The item was scheduled at the very last minute, the Friday before, when most of the Members of Parliament were already gone. With many MEPs still on their way to Brussels on Monday, only 14 MEPs were present. The discussion only lasted 15 minutes after the Council and the Commission had ended their formal introductions.
The longest speeches were given by Arlene McCarthy MEP (Social Democrat, UK) and Malcolm Harbour MEP (Conservative, UK), who both claimed that this Directive was not mainly about the Digital world, but about counterfeiting of tangible goods. There is no proof for that in the text, however.
Technically, the debate was about the amendments that the Rapporteur had laid down, together with McCarthy and with Toine Manders (Liberal, Netherlands) and which reflect verbatim the Common Position of the Council. This position had been fine-tuned, behind closed doors, in five so-called trilogue meetings between the Parliament and the Council during the previous weeks. The Legal Affairs Committee did not vote on the amendments of Mrs. Fourtou: she chose to table them directly to the Plenary.
MEPs may now lay down additional amendments until 4 March. The vote will take place on 9 March in Strasbourg, preceded by a plenary debate the day before. Already on 10 March, the outcome of the vote will be considered by the Council's Committee of Permanent Representatives (COREPER). On 11 March, on the occasion of the meeting of the EU Competitiveness Council, ministers may sign it off if it has been agreed by the Permanent Representatives.
Though some of the concerns of civil society and internet providers have been taken into account in the drafting of the Common Position, the text remains problematic. The scope of the directive is extended to cover "any infringement of intellectual property rights as provided for by Community law and/or by the national law of the Member State concerned." At the same time, the Commission's initial limitation to infringements which are "committed for commercial purposes or cause significant harm to the right holder" has been deleted.
The term "intellectual property rights" is not defined, creating the possibility of a large range of abuses. Because the enforcement is not limited to large-scale infringements, kids downloading songs from the internet risk the same kind of treatment as large-scale counterfeiters of trademark designer clothes.
EDRI-member organisation FIPR has prepared a set of amendments to deal with the worst deficits in this Directive and is preparing, together with a range of other organisations, a rally in Strasbourg to promote these amendments and to encourage MEPs to vote against the Directive if some minimum requirements are not fulfilled.
The European Commission's initial proposal for a Directive
http://europa.eu.int/smartapi/cgi/sga_doc?smartapi!celexplus!prod!CELE...
Amendments proposed by FIPR and EDRI
http://www.ffii.org.uk/ip_enforce/andreas2.html
Campaign Info
http://www.ipjustice.org/CODE/
(Contribution by Andreas Dietl, EDRI EU affairs director)
The European Commission has adopted a proposal for a Council Regulation that will set legally binding minimum standards for harmonised security features, including biometric identifiers, in all EU passports.
The Commission chooses facial images as a mandatory biometric identifier for passports. Fingerprints can be added as an option at the discretion of Member States. The proposal sets out the minimum standards and will not stop Member States that wish to go further.
Inclusion of a facial image on a contact-less chip would allow EU Member States to meet the requirements of the US Visa Waiver programme in conformity with standards of the International Civil Aviation Organisation (ICAO). The US demands the inclusion of facial images in passports from EU countries in order to continue participation in its Visa Waiver programme after October 2004. Justice and Home Affairs Commissioner Antonio Vitorino will travel to the US in May to discuss the looming deadline with US officials. However, for the US to change the October deadline is almost impossible. It would have to go through Congress as it would require a change in the legislation.
The Commission additionally wants to set up a centralised, biometrics-based 'EU passport register', which would contain the fingerprint(s) of passport applicants together with the relevant passport number.
The Commission is optimistically searching for advantages of the proposal: "It would furthermore create a harmonised level of security in relation to European passports and thus not discard some EU citizens from benefits just because of their less secured national passports. A common effort could strengthen the European position towards the US."
Earlier, EDRI-gram reported about a proposal to include biometric identifiers in EU visa's and residence permits. The current follow-up proposal also stems from a decision by the European leaders made during the June 2003 EU summit in Greece to develop a 'coherent approach on biometric identifiers' and 'harmonised solutions for documents'.
Some EU countries such as the Netherlands and Denmark are already developing biometric identifiers in their passports.
The EU proposal is currently under discussion in the European Parliament's Civil Liberties and Internal Affairs Committee. The Rapporteur, Danish Liberal Ole Sorensen, is sceptical about the adequacy of the Commission proposal and is organising a public hearing on 2 March.
Proposal for a Council Regulation on standards for security features and biometrics in EU citizens' passports, COM 2004/116 (18.02.2004)
http://europa.eu.int/eur-lex/en/com/pdf/2004/com2004_0116en01.pdf
Statewatch: Everyone will have to have their fingerprints taken to get a passport (February 2004)
http://www.statewatch.org/news/2004/feb/26eu-biometric-passports.htm
The UK Government has given a guarded welcome to a review of its data retention powers. The review came from the Newton Committee, which was set up by the Anti-Terrorism, Crime and Security Act 2001 that created these powers.
The Committee, even though empowered to revoke some powers, supports the principle of data retention for up to a year. The review recommends some changes to the form of the legislation, widening the scope from fighting terrorism to the more general area of serious crime.
The Government has just published a response to this review, which agrees with the proposal to move retention from anti-terrorism to general legislation. It suggests that the most appropriate location for the powers would be in an addition to the Regulation of Investigatory Powers Act 2000, which already governs access by authorities to stored communications data. This would bring retention of data under the same oversight regime as access, which is controversially regulated by the Interception Commissioner. The Committee had suggested instead that the Information Commissioner be responsible for oversight.
However, the government disagrees that a limit of one year on retention should be put in primary legislation, arguing that the communications industry changes too quickly for such a limit to be fixed in this way. Nor do the authorities promise any concrete action on limiting government access to communications data under other pieces of legislation.
EDRI-members FIPR (Foundation for Information Policy Research) and Privacy International were disappointed by the Committee's support for data retention. FIPR and PI had argued that these powers were an unjustified invasion into UK citizens' private lives under the European Convention on Human Rights. Neither group was surprised that the government welcomed the Committee's support for retention whilst rejecting its calls for even the most minor limits on the powers.
The Government's response
http://www.homeoffice.gov.uk/docs3/CT_discussion_paper.pdf
(Contribution by Ian Brown, EDRI-member FIPR)
Antitrust regulators from the all EU member States will discuss a draft European Commission antitrust ruling against Microsoft in Brussels on 15 March. In a second meeting on 22 March the regulators will discuss the measures, including fines, that will be taken against Microsoft. It is expected that the final ruling will become public in the days after the meeting.
The EU Commission has drafted a ruling that finds Microsoft guilty of abusing the dominant position of its Windows operating system. The Commission has been investigating Microsoft practices since 2000, following a complaint by Sun Microsystems. Sun accused Microsoft of abusing its dominant position in the market by not releasing crucial information about the communication between computers and servers running MS Windows. The Commission is also investigating the tying of Windows media player into the Windows operating system. This makes competition for other media players very difficult.
Microsoft can be obliged to reveal interface information so that rival vendors of low-end servers are able to compete on a level playing-field. For Windows media player the Commission can force Microsoft to offer a version of Windows without Windows media player.
The Financial Times reported that internal market Commissioner Bolkestein has intervened to prevent harsh measures against Microsoft.
Microsoft statement
http://www.microsoft.com/presspass/press/2003/nov03/11-14eustatement.a...
EU Antitrust case against Microsoft
http://europa.eu.int/comm/competition/antitrust/cases/index/by_nr_75.h... 7_792
The European commercial interest in the development of spy-chips (RFIDs) is growing rapidly. Radio Frequency Identifiers are very small wireless chips that can be read without touching them.
Intel and Siemens have just announced they will open an 'RFID Technology Centre' in Germany in March, near Munich. The companies wish to present 'experience-able RFID-technology', to show the usability of the mini-chips in logistics, in supply-chain processes, and last but not least, in customer relationship management.
Earlier this month IBM and Philips also announced a partnership to develop and use RFID-tags. Within this collaboration, Philips will produce the chips, while IBM takes care of the computer-systems and services. They will start their collaboration in a Philips semiconductor factory in Taiwan, where they will put the spy-chips on cartons and packaging materials.
Currently the cost-price of the chips, between 10 and 20 eurocent, still makes it too expensive to put them on all consumer products, but the price is expected to drop rapidly as more applications appear. Privacy experts warn about the possible dangers, such as the tracking and tracing of everybody's behaviour and movement through the 'network of things'. Products with RFID-tags should be labelled, the tags should be switched off permanently after paying for the product, and the tags should be put on the packaging material if possible, instead of melted into the product.
Intel and Siemens partnership (article in the German e-zine Heise
http://www.heise.de/newsticker/meldung/44920
Press release Philips (26.01.2004)
http://www.semiconductors.philips.com/news/content/file_1030.html
RFIDwatch: critical website with news, in German and English
http://www.unwatched.org
The Dutch minister of Justice Donner has answered parliamentary questions about the introduction of a commercially available crypto-GSM.
The Cryptophone was developed in the Netherlands and is sold through a German company. The device is a combined GSM and organiser running Windows Pocket PC. The Cryptophone uses open-source software that encrypts the call when connecting to another device of its kind. The phone should make it impossible for any third-party, including the phone company and police, to listen in to the call.
The Dutch Christian-Democrat Member of Parliament Haersma-Buma asked government to forbid the phones, since they can make it impossible for police to use the information from a wiretapped mobile phone call. Dutch police relies heavily on phone interception with an estimated 12.000 phone taps per year. This number is higher then in any other European country or even the US (not counting the unknown number of taps by any intelligence service).
According to minister Donner it is legal to use the phone. The minister refuses a request to confront the makers of the phone with their responsibility not to harm police capabilities: "These products are being developed to facilitate secure communications and thereby to serve privacy interests and other justified legitimate interests, such as the protection of corporate secrets". Donner acknowledges that law enforcement capabilities to obtain the original voice communication are limited. Pending legislation that gives police the powers to demand decryption will also have little effect for the Cryptophone. The device uses unique session-keys for each phone call. After the call no one can be ordered to decrypt, since the keys are destroyed.
Donner did announce higher investments in crypto-analysis capabilities.
Answer to parliamentary questions 2003-2004, nr. 2030403480, House of Representatives (23.02.2004, in Dutch)
http://www.bof.nl/docs/Kamerantwoord_cryptophone.pdf
Cryptophone
http://www.cryptophone.nl/
According to a new Communication on the research into security, the European Commission plans to fund research on "tagging, tracking and tracing devices ... that improve the capability to locate, identify and follow the movement of mobile assets, goods and persons".
The Commission announces the launch of a new funding program entitled 'Enhancement of the European industrial potential in the field of Security research 2004 - 2006'.
The program is a so-called 'Preparatory Action'. It should set the agenda for advanced security research from 2007 onwards. The action is funded with 15 million Euro in 2004 and approx. 65 million Euro overall.
Among the goals of the research is the improvement of 'situation awareness'. Relevant issues for the different projects are identified as "(...) Demonstration of the appropriateness and acceptability of tagging, tracking and tracing devices by static and mobile multiple sensors that improve the capability to locate, identify and follow the movement of mobile assets, goods and persons, including smart documentation (e.g. biometrics, automatic chips with positioning) and data analysis techniques (remote control and access)."
A call for proposals will be published 'toward the end of March 2004'.
Commission Communication COM 2004/72 (03.02.2004)
http://www.europa.eu.int/eur-lex/en/com/cnc/2004/com2004_0072en01.pdf
Analysis Statewatch
http://www.statewatch.org/news/2004/feb/23Aeu-plan-security.htm
(Contribution by Andreas Krisch, EDRI-member VIBE!AT)
The Article 29 Working Party, the European collaboration of the Data Protection Authorities, has published a (brief!) 'Working Document on Trusted Computing Platforms and in particular on the work done by the Trusted Computing Group (TCG group).' It is a balanced description of 'work in progress', since there are not many end-user applications yet, besides some widely published tests with Digital Rights Management.
The document offers general observations derived from privacy principles, like the need to distinguish between usage in a corporate and in a private environment and the need to provide clear information to users, while always protecting the security of data.
"Both those who design technical specifications and those who actually build or implement applications or operating systems bear responsibility for the data protection aspects, although at different levels. Those who build, commercialise and use the applications bear responsibilities as well, especially organisations that process user data, as they will normally be the last one in the chain and the ones who interact with the user."
Working Document (23.01.2004)
http://europa.eu.int/comm/internal_market/privacy/docs/wpdocs/2004/wp8...
29 February 2004 - Deadline Call for Papers
The Programme Committee of the conference eChallenges 2004 is looking for papers or workshop proposals
The conference and exhibition take place in Vienna, Austria from 27 - 29 October. This will be the fourteenth in a series of annual conferences supported by the European Commission,
This year's conference themes include eBusiness, eGovernment, eWork, eEurope 2005 and ICT Take-up by SMEs, and International Collaboration.
http://www.echallenges.org/2004/default.asp?page=call-papers
2 March 2004, Brussels, Belgium
Hearing European Parliament "Biometrics, privacy and security: Striking the right balance". The hearing starts at 9.00 AM.
http://www.statewatch.org/news/2004/feb/public-hearing-biometrics.pdf
25 March 2004 - Deadline Call for Papers
The European Black Hat conference 2004 will take place in the Krasnapolsky Hotel in Amsterdam, the Netherlands, from 17 to 20 May 2004. Papers are invited especially about the European perspective on privacy, anonymity and DRM.
http://www.blackhat.com/html/bh-europe-04/bh-europe-04-cfp.html
26-27 March 2004, Warsaw, Poland
Pan-European Forum on safer internet-issues, organised by the Media division of the Council of Europe Human Rights Directorate. Deadline for funding applications is 20 February 2004.
http://www.safer-internet.net/pconference.asp
3-4 June 2004, Vienna, Austria - Free Bitflows conference
Conference and workshops about cultures of access and politics of dissemination, organised by Public Netbase (AT), in collaboration with Hull Time Based Arts (Hull, UK); V2_ (Rotterdam, NL); Bootlab (Berlin, DE); interSpace Media Art Center (Sofia, BG).
http://freebitflows.t0.or.at