EDRI has obtained secret documents in preparation of a Declaration against Terrorism that will be published during the Spring Summit of EU heads of state. The draft from the Irish presidency specifically mentions the need to prioritise mandatory data retention for GSM and internet providers. The Commission input for the Summit, issued a few days earlier, does not mention data retention, but proposes many other measures that will have a chilling effect on the daily lives of European citizens and their freedom to travel and communicate.
The desire for mandatory data retention was already expressed last week, on 19 March, during an emergency meeting of the EU's Justice and Home Affairs ministers in Brussels. Following a German initiative, the ministers discussed a catalogue of measures in the fight against terrorism. It does not come as a surprise that the hardcore law enforcement faction in the Council of Europe used the occasion to put several long-term projects in the spotlight.
Some of the bombs used in Madrid two weeks ago were detonated with modified mobile phones. This gave UK Home Secretary David Blunkett (the Minister of Internal Affairs) the opportunity to declare that it was necessary for providers to retain all traffic data from cell phones as well as from other forms of electronic communication. The UK delegation to the European Union and other surveillance hard-liners have been pushing this project for more than five years.
Anti-terrorism measures will be on top of the agenda of the EU Spring Summit, which will be held in Brussels on 25 and 26 March. EDRI has obtained confidential documents preparing a draft declaration on fighting terrorism for that meeting. The document from the Irish Presidency to the Council says: "The European Council, with a view to the further development of the legislative framework set out above, instructs the Council to examine measures in the following areas: proposals for establishing rules on the retention of communications traffic data by service providers; (...)", and: "Priority should be given to the proposals under the retention of communication traffic data (...) with a view to adoption by June 2005."
It is an open secret that law enforcement hawks started to draft a Framework Decision that would introduce mandatory retention of telecommunication data immediately after the directive on privacy and electronic communications (2002/58/EC) was passed in May 2002. The Directive contains a paragraph (Article 13) that explicitly allows retention of traffic data "when such restriction constitutes a necessary, appropriate and proportionate measure within a democratic society to safeguard national security (i.e. State security), defence, public security, and the prevention, investigation, detection and prosecution of criminal offences or of unauthorised use of the electronic communication system."
Like the Council, the Commission calls for a number of understandable anti-terrorism measures, such as a database of terrorists, better tracing of weapons and explosives and new procedures for banning organisations. Member states also want to establish an EU co-ordinator for the fight against terrorism, and link secret services up with each other and police forces. Some countries are in favour even of what has been referred to as an 'EU CIA', but at the moment, this idea doesn't seem to have any suppport from the large EU members such as the UK and France.
But the proposal from the Commission goes way beyond the immediate threat of terrorism and reads more like a general call for heavy electronic surveillance of all European citizens.
The Commission paper mentions the need to enhance the exchange of data in general, "including through enhanced access to data not produced for law enforcement purposes." The document does not specify the kind of databases that this measure refers to.
Another remarkable proposal from the Commission is to publish a proposal 'by the middle of 2004' to allow the use of European passenger data (PNR) for 'other law enforcement purposes'. The wording is identical to the very broad use the United States wish to make of PNR-data, in direct violation of EU privacy-legislation and as such strongly opposed by the European Parliament.
The Commission also suggests "(...) upgrading existing databases such as SIS II with new functionalities, as well as making full use of advanced technologies such as satellite enhanced (GALILEO) RFID (Radio Frequency Identification Device) tracking."
On the issue of biometric data in new EU passports, the Commission now wishes to add the fingerprint to the mandatory requirements. In previous plans this was just an option, on top of the requirement of an electronical facial image. The documents says: "(...)the possibility to adjust the pending Commission proposal on EU passports by making fingerprints mandatory and to extend it to Identity Cards and other travel documents."
Finally the Commission suggests a specific measure for mobile phones. Reprogramming should be criminalised and "measures should be taken so that the sale of replacement SIM cards does not impede the efficient actions of law enforcement authorities."
Documents Commission and Presidency preparing a draft Declaration (19-22.03.2004)
http://www.edri.org/?id=000100000141
Irish presidency press release JHA-council (19.03.2004)
http://www.ue2004.ie/templates/news.asp?sNavlocator=66&list_id=438
Statewatch on EU Emergency Justice and Home Affairs Council (March 2004)
http://www.statewatch.org/news/2004/mar/16jha-prel-19March.htm
Agenda EU Spring Summit 25-26 March 2004
http://europa.eu.int/comm/councils/bx20040325/index_en.htm
Press release European Commission on counter terrorism efforts (12.03.2004)
http://europa.eu.int/rapid/start/cgi/guesten.ksh?p_action.gettxt=gt&am...
(Contribution by Andreas Dietl, EDRI EU affairs director)
After a five-year investigation into Microsoft's business practise the EU Commission has decided that the company has violated the EU competition rules by abusing its near monopoly in the PC operating system. Microsoft will have to pay a 497 million euro fine.
The Commission has been investigating Microsoft practices since 1998 following a complaint by Sun Microsystems. The Commission has ruled that Microsoft abused its market power by deliberately restricting interoperability between Windows PCs and non-Microsoft work group servers, and by tying its media player with its operating system.
Microsoft's illegal conduct has enabled it to acquire a dominant position in the market for work group server operating systems and has significantly weakened competition on the media player market. The dominant position has grave consequences for consumers according to EU competition Commissioner Mario Monti: "The ongoing abuses act as a brake on innovation and harm the competitive process and consumers, who ultimately end up with less choice and facing higher prices".
The Commission is also imposing a few remedies. Microsoft is required, within 120 days, to disclose complete and accurate interface documentation to allow non-Microsoft work group servers to achieve full interoperability with Windows PCs and servers. Microsoft will not have to reveal source code.
Microsoft will also have to offer, within 90 days, to PC manufacturers a version of Windows without media player. "As a result of the Commission's remedy, the configuration of such bundles will reflect what consumers want, and not what Microsoft imposes", according to the Commission.
Commissioner Monti does not only want to restore the conditions for fair competition by the ruling but also "establish clear principles for the future conduct of a company with such a strong dominant position." The Commission wants to prevent Microsoft from controlling the digital media market, be it with encoding technology, software for broadcasting music over the internet and digital rights management.
The decision will only effect the European market and has no global impact. The Commission does not want to jeopardise existing co-operation with US anti-trust regulators.
Press release European Commission (24.03.2004)
http://europa.eu.int/rapid/start/cgi/guesten.ksh?p_action.gettxt=gt&am...
Questions and Answers on Commission Decision (24.03.2004)
http://europa.eu.int/rapid/start/cgi/guestfr.ksh?p_action.gettxt=gt&am...
The Council of Europe's Convention on Cybercrime will enter into force on 1 July 2004, following its ratification by Lithuania. The convention requires at least 5 CoE members to ratify. Previously Albania, Croatia, Estonia and Hungary have done so.
The convention's aim is to develop a common criminal policy on cybercrime by promoting international co-operation and the adoption of appropriate legislation. Signatories will have to implement into their national law criminal code concerning computer crime and will also have to give their police new powers to conduct investigations regarding computers and the internet.
Besides computer hacking and viruses, the convention covers (virtual) child pornography and computer-related fraud. Police forces in the ratifying countries will get new powers to seize data, intercept communications and request cross-border assistance.
Many provisions in the convention do not have to be implemented to the full extent. For example countries may require that computer hacking is committed by infringing security measures. But it is also possible to make hacking a crime if it is done without breaking any security (for example if the computer involved has no security protection).
The convention has been criticised by civil liberty groups and the European data commissioners for the secretive process by which it was created and for not requiring countries to protect civil rights while extending police powers.
The Council of Europe has 45 members of which 33 countries have signed the convention. Non-member countries such as the USA, Canada, South-Africa and Japan also joined. As a follow-up, the Council is planning a major international conference on 'The Challenge of Cybercrime', which will bring together senior politicians, computer industry leaders and experts from around the world in Strasbourg from 15 to 17 September 2004.
The convention on cybercrime
http://conventions.coe.int/Treaty/Commun/QueVoulezVous.asp?NT=185&...
The Italian government has issued a decree on Friday 12 March that puts a fine of 1.500 euro on the internet file-sharing of feature movies.
On top of the fine, computers and digital storage media can be seized. To complete the humiliation for the file-sharer, the sentence has to be published in 1 national daily newspaper and 1 specialised entertainment magazine. The Ministry of Culture Giuliano Urbani has mockingly declared this sanction 'symbolic'. Adding to that, in reference to peer-to-peer file sharing, Urbani said that 'multimedia piracy is a theft, and must be handled as such'.
Since its first draft, this legislative measure was strongly protested against by citizens, ISPs (forced to violate the privacy laws by spying and filing complaints against their customers), columnists and politicians. Service providers that have knowledge of a copyright violation but do not file an official complaint with the judicial authorities, risk a fine of between 25.000 and 250.000 euro.
A petition against the conversion of the decree into a regular law collected more than 22.350 signatures, and more than 2.000 comments were posted in the forum hosted by the popular technology e-zine Punto-Informatico.
According to user-group ALCEI the decree is part of a long list of laws and decree's in Italy that violate the spirit of internet, the liberty and fundamental rights of citizens. In its attempt to outlaw a broad and socially accepted behaviour it outdoes the recently approved European Directive on the Enforcement of Intellectual Property. The decree is formulated in such broad terms, that the Italian chapter of the Internet Society worries that the distribution of file-sharing software, and even the presentation of a hyperlink might be considered as promotions of crime, and therefore punished severely.
In fact, the decree makes it possible to punish intentions, rather than actual committed violations of copyright. "Even if such a breach of fundamental rights might be considered admissible in extreme cases like terrorism", ALCEI writes, "it is unacceptable in situations where there is no risk at all for the life and safety of people and institutions."
The decree has been approved only by the Ministers. It was published in the official State Journal on 23 March. It must be converted in a law by the Parliament within 60 days after publication, or will lose its effectiveness. The text now only refers to cinematographic works, but Minister Urbani has already announced that he will extend the scope of the decree to include music and software before it will become law.
The Internet Society adds that freedom of choice for Italian movie-fans is limited and prices are kept high. 70% of the movie-distribution market is in the hands of 5 major companies, only one of which is Italian.
The decree text (24.03.2004)
http://www.gazzettaufficiale.it/guri/atto_fs.jsp?sommario=true&ser...
Signatures against the decree
http://no-urbani.plugs.it/index.php
Comments Internet Society Italy (in Italian, March 2004)
http://www.isoc.it/documenti/com_urbani.php
ALCEI press release (in Italian, 15.03.2004)
http://www.alcei.it/news/cs040315.htm
(Contribution by Pinna, autistici.org/inventati.org - Italy)
The German newspaper Frankfurter Allgemeine reports about plans from the governing Social-Democrats (SPD) to make spamming an offence in Germany. According to the SPD, merely introducing fines is not enough, and spamming should become an offence, with penalties or a prison sentence. The working group on Telecommunication and Mail of the SPD did not yet decide on the length of the desired sentences. Germany will implement the anti-spam legislation in a specific law against unfair competition that also forbids unsolicited faxing, not in the simultaneous pending revision of the Telecommunication Law.
According to SPD-representative Ulrich Kelber prison sentences are necessary to be able to stop the biggest spammers, that send out millions of unsolicited commercial mails. 2 or 3 of the biggest spammers from the TOP-50 are suspected to stem from Germany. The opposing Christian-Democrat and Conservative parties (CDU/CSU) do not wish to introduce penal sanctions, but stick to (administrative) fines.
Like many other EU-countries, Germany has not implemented the new European anti-spam legislation in time. The deadline for implementing the directive on privacy and electronic communications (200/58/EC) passed on 31 October 2004. Only 8 countries were successful. On 17 December 2003, the European Commission took the second step in infringement procedures, sending 'reasoned opinions' to Germany and Belgium, France, Greece, Luxembourg, the Netherlands and Portugal. Spain was only just-in-time to escape the infringement-procedure. On 17 February 2004, the deadline for responding passed, but the Commission has not yet announced which countries will be referred to the European Court of Justice.
FAZ, 'Gefangnisstrafen fur Mail-Mull' (22.03.2004)
http://www.faz.net/s/Rub21DD40806F8345FAA42A456821D3EDFF/Doc~E79697E48...
European Commission announces infringement procedures (17.12.2003)
http://europa.eu.int/information_society/topics/ecomm/doc/all_about/im...
The Dutch Supreme Court has ruled that the Dutch internet provider XS4ALL is permitted to refuse spam on its network. It is the first time that a supreme court in Europe has ruled on the rights of spammers.
In the view of the Supreme Court, the fact "that XS4ALL has exclusive rights to its computer capacity, transmission capacity and customer base (its computer system)" outweighs the appeal made by AbFab for freedom of speech. Providers in the Netherlands have no conveyance obligation, not even if the spammer offers specific payment for the costs of relaying the spam (a spam-stamp). Based on this judgement, all providers in the Netherlands can impose an a priori ban on the sending of spam, even when addressed to their business customers. This judgement therefore goes further than the new spam legislation planned for the Netherlands (expected to enter into force in April 2004). The latter only forbids the spamming of private e-mail addresses but leaves business e-mail addresses unprotected.
XS4ALL says it is delighted about the extensive new possibilities to refuse spammers in advance, but is also concerned about the categorical way in which the Supreme Court allows proprietary rights to prevail over freedom of speech. XS4ALL, known for it's long-term legal battle against Scientology, attaches great importance to the freedom of communication. The advice of the Advocate-General was more in line with this position, that providers do fulfill an important role in society and must put forward sufficiently weighty grounds in order to refuse/prevent the use of their facilities by third parties.
The ruling of the Supreme Court is far more absolute: "Anyone who without authorisation makes use of property to which another party has an exclusive right, and who thereby infringes that exclusive right, is acting unlawfully vis-à-vis the beneficiary of the right, unless there is justification. The right to freedom of speech does not constitute such justification. This fundamental right cannot serve in principle to justify transgressive use of property to which another party has exclusive rights."
The appeal court judgement of 18 July 2002 has been set aside and the judgement in the preliminary relief proceedings (7 March 2002) has been upheld. The case is not referred to another court, and AbFab is ordered to pay XS4ALL approximately EUR 4,500 in formal legal costs.
The ruling:
http://www.xs4all.nl/uk/news/overview/abfab120304fv.html
The AbFab dossier
http://www.xs4all.nl/uk/news/overview/abfab.html
On 22 March, the European Union has signed the Council of Europe's Convention on information and legal co-operation concerning 'Information Society Services', without reservation as to ratification.
The aim of this Convention, which was prepared in close co-operation between the Council of Europe and the European Commission, is to improve the exchange of information between all 45 countries in Europe about pending new legislation for the information society. The Council of Europe will act as a clearing-house for draft legislation and provide a harmonised approach to the regulation of on-line services at the pan-European level. Member states of the European Union were already familiar with this obligation, under the 'Transparency' directive (98/48/EC), that allows the Commission to assess draft national legislation affecting the information society as to its compatibility with Community law. The evaluation of this directive in February 2003, was highly positive, like the evaluation of it's mother-directive, nor 98/34/EC, that requires member states to give prior notification about any technical regulation on products. Between 1999 and 2001, the Commission received 1800 of these notifications, all published on a special Commission website aimed at enterprises.
Article 4 of the Convention says: "Each Party shall transmit, where practicable by electronic means, to the Secretary General of the Council of Europe the texts of draft domestic regulations which are aimed specifically at 'Information Society Services' and which are at a stage of preparation in which it is still possible for them to be substantially amended, as well as a short summary of these texts in English or French. The Parties shall communicate the draft again under the above conditions if they make changes to the draft that have the effect of significantly altering its scope, shortening the timetable originally envisaged for implementation, adding specifications or requirements, or making the latter more restrictive."
Council of Europe Convention on information exchange (22.03.2004)
http://conventions.coe.int/Treaty/Commun/QueVoulezVous.asp?NT=180&...
Commission evaluation report 'transparency' directive, COM(2003)69 (13.02.2003)
http://europa.eu.int/cgi-bin/eur-lex/udl.pl?REQUEST=Service-Search&...
Commission website with notified drafts
http://europa.eu.int/comm/enterprise/tris/
If you send an e-mail to a Member of the Romanian Parliament (MP), you have less than 10 percent chance to get a reply. That is, if the MP you are trying to reach has a public e-mail address to start with. Only a quarter of the representatives offers an electronic contact address. The conclusion from an e-mail response study by the e-democracy forum gives government a transparency-rating of only 0.29 (on a scale from 0 to 5).
The results are based on an complex analysis performed over the Internet, between 1 October and 30 November 2003. Two rounds of e-mails were sent to MP's to analyse their responsiveness. The e-mails contained questions about hot topics of the moment: the referendum for the New Constitution and the conclusions of the European Commission Country Report for Romania.
The poll group was composed from the list of e-mail addresses published on the official websites of the two chambers of the Romanian Parliament (www.cdep.ro and www.senat.ro). The full list contained 123 public addresses of Members of the Parliament, out of a total of 485 active MP's. For the 123 e-mails sent each time, the researchers have received 10 replies (8.1 percent) regarding the New Constitution and 12 replies regarding the Country Report (9.7 percent).
The results are in sharp contrast with recent data from the European SIBIS project (Statistical Indicators Benchmarking the Information Society) that show that of all Europeans, Romanian citizens are the most willing to interact online with public institutions. The researchers recommend standards for electronic communication with citizens, starting with the obligation for every MP to publish a contact address, activate an auto-reply and stick to an agreed maximum reply period.
Results @Parliament study (in English, 19.02.2004)
http://www.edemocratie.ro/editoriale/eng/replyreaction.pdf
(Contribution by Bogdan Manolea, Romanian legal expert)
The Belgian government has announced plans to give every inhabitant of Belgium a free e-mail address. That is, every Belgian can ask for a free e-mail alias that can only be used to communicate with the different governmental authorities. This address will be included in the national population database, alongside with everybodies street address, city and date of birth.
The deputy-minister for 'Government computerisation', Mr Vanvelthoven, wishes to promote government communications with this plan, while at the same time cutting costs and saving the environment.
"We will take care of course that all e-mail addresses will be protected 100 percent", VanVelthoven said. "The protection of privacy is most important. Citizens that wish to be contacted by government, have to communicate an existing e-mail address. We will attach an encrypted alias to this address, so that we are sure that our addresses can not be abused by third parties."
Een e-mail adres voor elke Belg (in Dutch, 13.02.2004)
http://mineco.fgov.be/information_society/administrations/e-government...
Une adresse e-mail pour chaque Belge (French, 17.02.2004)
http://www.belgium.be/eportal/application?origin=newsFPSList.jsp&e...
25 March 2004 - Deadline Call for Papers
The European Black Hat conference 2004 will take place in the Krasnapolsky
Hotel in Amsterdam, the Netherlands, from 17 to 20 May 2004. Papers are
invited especially about the European perspective on privacy, anonymity
and DRM.
http://www.blackhat.com/html/bh-europe-04/bh-europe-04-cfp.html
26-27 March 2004, Warsaw, Poland
Pan-European Forum on safer internet-issues, organised by the Media
division of the Council of Europe Human Rights Directorate. Deadline for
funding applications is 20 February 2004.
http://www.safer-internet.net/pconference.asp
19 April 2004, London, UK
One day conference on ubiquitous computing and it's possible impact on
privacy, democracy, and terrorism.
http://www.uclic.ucl.ac.uk/ubiconf/programme.html
15 May 2004 - Deadline Call for
The Data Protection Authorities support a new award for privacy-papers,
named in honour of the US privacy expert Barbara Wellbery (1948-2003). The
award is granted annually by the Morrison & Foerster Foundation. The
winning paper will receive a USD 3,000 cash award. In addition, the winner
is invited to present his or her paper in Poland at the 26th International
Conference of Data Protection and Privacy Commissioners (14-16 September
2004).
http://www.cbpweb.nl/downloads_overig/med_barbara_wellberry_2.pdf
3-4 June 2004, Vienna, Austria - Free Bitflows conference
Conference and workshops about cultures of access and politics of
dissemination, organised by Public Netbase (AT), in collaboration with
Hull Time Based Arts (Hull, UK); V2_ (Rotterdam, NL); Bootlab (Berlin,
DE); interSpace Media Art Center (Sofia, BG).
http://freebitflows.t0.or.at
15-17 September 2004, Strasbourg, France
The Council of Europe is planning a major international conference on "The
Challenge of Cybercrime", which will bring together senior politicians,
computer industry leaders and experts from around the world. No online
information yet.