Privacy International and European Digital Rights have published their joint answer to the consultation on mandatory data retention. The Directorate Generals on Information Society and on Justice and Home Affairs from the European Commission asked for public comments on a proposed retention regime across Europe between 12 and 36 months for all traffic data generated by using telephony (fixed and mobile) and internet.
The retention of personal data resulting from communications, or of traffic data, is necessarily an invasive act. With the introduction of new technology like mobile telephony and internet, the extent of invasiveness has progressed enormously. It is no longer possible to distinguish clearly between the 'simple' traffic data generated by fixed telephony networks and the contents of the communication itself revealed by location data from mobile phones and communication data from internet usage. Traffic data now reveal extensive maps of social networks (who mailed whom), the most intimate human activity (what websites you have read) and even intention (queries in search engines).
PI and EDRI not only object to this invasiveness, but also argue that general and systematical retention is illegal. Article 8 of the European Convention on Human Rights protects the right to a private life. According to legal advice from the international law-firm Covington & Burling that is included in the response, "the indiscriminate collection of traffic data offends a core principle of the rule of law: that citizens should have notice of the circumstances in which the State may conduct surveillance, so that they can regulate their behaviour to avoid unwanted intrusions. (...) Laws that offer citizens no reasonable means of avoiding surveillance of their private affairs by the State are the hallmark of the police state."
Blanket data retention also fails the meet the requirement to be necessary in a democratic society. The European Court on Human Rights has explained this requirement in terms of the need for any interference in Article 8 rights to correspond to a pressing social need and to be proportionate to the legitimate aim pursued. "Mandatory data retention laws fail on this score. The distinguishing feature of a blanket data retention requirement is the absence of any reasonable relationship between the intrusion on individual privacy rights and the law enforcement objectives served."
Finally PI and EDRI argue that retention is illegitimate, because of the ever-expanding list of possible purposes, both in national law and in international co-operation. While the EU on the one hand forces member states to harmonise the retention of data, on the other hand it leaves the regulation of access to these data to national law. "If the EU insists on creating this massive regime for surveillance, it has to devise ways to curtail the monster's powers at the same time," say PI and EDRI. According to the proposal from the UK, Ireland, Sweden and Spain, even if a member state were to reject the mandatory data retention 'following national procedural or consultative processes', member states must revisit this rejection every year, thus gravely insulting democratic procedure.
The deadline for comments expires on 15 September 2004. Privacy International and the 15 member organisations of European Digital Rights call on all organisations to sign on to this answer, or to use it however they wish in order to voice an individual comment.
PI/EDRI answer to consultation on data retention (09.09.2004)
http://www.privacyinternational.org/issues/terrorism/rpt/responsetoret...
General background information
http://www.privacyinternational.org/retention
Sign-on to the answer (deadline 15.09.2004. 10.00 AM) send e-mail to edrigram@edri.org and the name of your organisation will be added to the list published on the EDRI website.
Today, 9 September 2004, the German minister of Justice presented a cornerstone-paper on the so called 'second basket' of copyright regulations, implementing the European Copyright Directive (2001/29/EC).
The cornerstone-paper defines a clear right to make private copies, even when ordered by a third party, and does not require the original to be legal, though 'downloading works that are apparently unlawfully distributed', is not allowed. Also, in spite of rumours before the release, there are no plans to give rights-holders the power to demand name-address data from p2p-users from internet providers.
As generous as that might seem, the German digital rights organisation NMN has issued a brief statement complaining about the fact that the regulation will not allow people to make a private copy if the material is protected with technological measures.
"It is kind of absurd to talk about a right to make private copies in the cornerstone-paper, if there is no chance to exercise that right in reality. Since CDs come with anti-copying measures, a written down law doesn't help the user, if the disabling of copyright protection of these CDs is outlawed at the same time", says Markus Beckedahl, Chairman of the Network New Media. "Here, in our opinion, we need corrections to maintain and extend the right to private copies for consumers in the digital world ." Beckedahl continued.
Another hotly debated issue in Germany was the proposed expansion of copyright levies to include hard disks. The ministry of Justice has now decided that "each device will be charged with a levy, if it is actually used for a considerable extent to make copies." CT quotes the Minister, Brigitte Zypries, that this means a CD-burner will be charged, but a digital photo camera probably not. The phrasing is very flexible, and leaves it to equipment manufacturers and copyright holders to determine exact pricing schemes in a self-regulatory setting. The Ministry of Justice has now given them 6 months time to work out an acceptable solution for hard disks, after that a court is appointed to mediate.
Brief statement NNM (in German, 09.09.2004)
http://www.nnm-ev.de
Long explanation in CT (in German, 09.09.2004)
http://www.heise.de/ct/aktuell/meldung/50805
(Thanks to Markus Beckedahl, EDRI-member NMN)
For its 6th edition, the Werkleitz Biennale changed location, from Tornitz/Werkleitz to the city of Halle (near Leipzig) in east Germany. The theme 'common property' brought together many artists and activists working in copyright-critical environments. The location, a former workers-building from 1907 in very rich Jugendstil overlooking an idyllical park, offered an excellent meetingplace for both the invited guests and visitors from the city of Halle. Besides interesting debates about copyright and the post-heroic future of civil society activism, the Biennale excelled in concise film and video-screenings on biogenetics, on city-planning and on strategies of dissent.
The preview screening of the film 'The Yes Men' no doubt caused the biggest applause and the loudest laughs. In this film, the Yes Men (Andy and Mike) register what happened after they open up a parody-site on the World Trade Organisation (WTO). The site, www.gatt.org, seems official enough, in spite of many critical sentences, to make people take it serious. The Yes Men are invited to several conferences as official representatives of the WTO. Invited to a conference in Finland, they decide to give a talk about the world economic advantages of managerial leisure. After 10 minutes of semi-serious slides, the presenter tears off his business suit and and suddenly shows a ridiculous golden outfit with a gigantic phallus popping out that supposedly gives the manager full control over all his workers. In stead of being arrested, the audience doesn't even respond surprised and seems to agree with every terrible idea the two come up with.
In the end, the Yes Men decide to give a press conference in Australia and announce the end of the World Trade Organisation. Dozens of very serious journalists agree with the statement that the WTO has indeed caused poverty to grow, and instead of promoting fair trade, have indeed been deepening the divide between rich and poor.
Werkleitz Biennale festival program (English and German)
http://www.werkleitz.de/events/biennale2004/index.html
Movietrailer from The Yes Men (directed by Dan Olman, Sarah Price and Chris Smith), to be released on 24 September 2004.
http://www.theonionavclub.com/yesmen/
On 24 September 2004, the European Council will probably meet to rubber-stamp the 'political agreement' achieved on 18 May 2004 on the highly controversial software patents directive (2002/0047 COM-COD)
The Foundation for a Free Information Infrastructure (FFII) is appealing to the ministers of economical affairs and on national parliaments to undo their previous approval. They argue that the compromise suggested by the Council removes all limits on patentability of "computer-implemented" algorithms and business methods, and thereby radically overturns the legislative proposals of the European Parliament as well as the consultative organs of the EU.
According to the FFII the text was designed to mislead ministers about its real effects. "It consists of many sentences of the form or "software is ... unpatentable, unless ... condition, which, upon closer scrutiny, turns to be always true"." And, states FFII, "It can be said with certainty that only a minority of governments really agrees with what was negotiated, but several governments were misrepresented by their negotiators, who broke intra-ministerial agreements or even violated instructions from their superiors."
Now the FFII is calling on all supporters to send this call to their representatives, be it the text of the urgent call with the signatories, or just a simple postcard from any nice holiday destination.
The Free Software Foundation Europe is calling on the Dutch EU presidency, in an open letter from 6 September 2004. While the 'Lisbon'-Process to make Europe the 'most competitive knowledge-based economy by 2010' is a "reasonable aim which is worthy of support by European citizens", the proposed legislation "will have adverse effects on the software market."
And, Georg Greve, FSFE President continues: "30,000 software patents already exist in the EU; this contradicts the spirit of the present patent law in the EU. Three quarters of software patents are held by non-European companies. To give software patents a legal basis may be a decision which would make the EU far less competitive. That is why we would like to ask the European Council to revise its agreement on software patents of May 18th."
FFII Urgent call to National Governments and Parliaments (04.06.2004)
http://swpat.ffii.org/letters/cons0406/index.en.html
FFII call for action against software patents (07.09.2004)
http://kwiki.ffii.org/index.cgi?FfiiMail0408En
FSF Europe open letter to EU presidency (06.09.2004)
http://fsfeurope.org/projects/swpat/letter-20040906.en.html
"We are currently renegotiating the open society", Gus Hosein from Privacy International stated at a conference on E-government and the protection of personal data in the Danish Parliament on Tuesday 7 September.
The vision of the Danish e-government initiative is one in which personal data are increasingly floating across traditional institutional borders, without paying much attention to the privacy challenges this raises. The conference addressed a number of data protection challenges related to e-government such as re-use of data, data retention, rights of access, and technical solutions such as digital signatures and PET. Considering the large amount of data already being stored about citizens in Denmark, and the proposed mandatory one year data retention scheme (not yet in force), several interventions stated it is crucial that privacy safeguards are enforced and that citizens become more privacy conscious.
The debate at the conference showed some concern for the current development, and several of the debaters were sceptical towards the official optimism about the wonders of digital administration. The Danish Human Rights Institute proposed that the whole e-government thinking be turned up-side down, to give the individual control of his or her own data, and to have the legal architecture depart from human rights principles such as proportionality, dignity and self-autonomy.
The Conference was organised by Prosa (Danish union for IT workers), The Association of Legal Affairs, The Danish Institute for Human Rights, and the Danish Board of Technology.
(Contribution by Rikke Frank Joergensen, EDRI-member Digital Rights Denmark)
The Article 29 Working Party (all the EU Data Protection Authorities) has released an opinion on the inclusion of biometrics in visa and residence permits for third country nationals. The EU is planning to introduce biometric identifiers in visa and residence permits and to establish a information system on visas (VIS).
The visa and permits will have a contact-less chip which will contain a full-face digital photograph of the holder together with two digital fingerprints.
The Working Party expresses great reservations towards the plans, especially with regard to proportionality issues. The Working Party considers the use of biometrics to establish a more reliable link between visas or residence permits and their holders as legitimate. But a plan to store the biometric identifiers not only in the chip but also in a central database causes major difficulties.
The Working party is setting out some principles for the use of biometric identifiers. Persons should have access to the data in their chip, there should be guarantees for people without fingers and persons should be informed of the reason for rejection at border checks. The opinion also stresses the need for access control by means of encryption, to prevent unauthorised bodies to read biometric data (similar to bank card skimming). Authorised but unnoticed access to the biometric data should also be prevented.
The Working Party also stresses that non-EU member states, such as the USA, can not have access to the EU visa information system.
Opinion No 7/2004 on the inclusion of biometric elements in residence permits and visas taking account of the establishment of the European information system on visas (VIS) (11.08.2004)
http://europa.eu.int/comm/internal_market/privacy/docs/wpdocs/2004/wp9...
On 27 and 28 August 2004, the OSCE Representative on Freedom of the Media, Mr Miklos Haraszti, organised a conference on 'freedom of the media online' in the Amsterdam city hall.
Two panels focussed on the problematic definition of harmful content and self-regulation. Yaman Akdeniz (director of the UK NGO Cyberrights), Sandy Starr (editor of the e-zine Spiked) and Matthew Berry, senior counsel at the U.S. Department of Justice all gave strong arguments against global regulation of hatespeech, as suggested by the additional protocol to the Cybercrime Convention (signed by 23 countries, amongst which 15 EU member states, and only just ratified by Slovenia on 8 September 2004).
Akdeniz concentrated on the different cultural and legal definitions of what is harmful and what is considered illegal, while Starr gave a passionate plea that free speech is not divisible. "You cannot uphold free speech as a historic achievement of the enlightenment and simultaneously call for suppression of hate speech." According to Starr, politicians are overly keen on creating 'big angst over hatespeech'. This results in a very negative argument to vote, namely to keep the extreme right-wing parties out, in stead of a positive incentive to participate. This kind of electoral black-mail happened both during the French presidential elections and during the vote for the European Parliament in 2004. Starr ended his talk with 4 recommendations, not to confuse action with words, not to confuse emotions with ideas, not to panic, and finally, not to patronise the public.
Berry added the US fiercely oppose the protocol on hatespeech. "Once you entrust government with censorship, history teaches us the free speech rights of all individuals are endangered, including the political left and all sorts of minorities."
Though none of the panels was devoted to post 9/11 censorship and surveillance, the theme often recurred in discussions with the speakers. A representative from the OSCE Bureau on Terrorism suggested that civil rights may be important, but security is even more important, and we shouldn't object to measures infringing on privacy and freedom of communication. Many participants answered in outrage, varying from a representative of the European provider association to a representative from Article 19, the global campaign for free expression. They all pointed to the difference between systematic surveillance of all citizens and specific investigations, and said the whole purpose of fundamental rights is they cannot be set aside in times of turmoil.
Conference website with papers from speakers (27/28-08-2004)
http://www.osce.org/events/conferences/fom/2004amsterdam/
Cybercrime convention additional protocol - chart of signatures
http://conventions.coe.int/Treaty/Commun/ChercheSig.asp?NT=189&CM=...
The Center for Strategic and International Studies (CSIS) in Washington DC put together a rather large chart providing information on the number and type of Open Source (OS) software policies and legislation considered by national, regional or local governments around the world. It looks at whether the policy or legislation mandated the use of OS, expressed a preference for OS software, encouraged its use or commissioned research into OS software.
Open Source Chart (last updated 08.09.2004)
http://www.csis.org/tech/OpenSource/0408_ospolicies.pdf
13-14 September 2004, Geneva, Switzerland
The TransAtlantic Consumer Dialogue (TACD) will host a two-day meeting in Geneva on the Future of WIPO. The meeting will bring together leading experts and stakeholders from academia, industry, NGOs, and governments, as well as members of the WIPO secretariat, to discuss the future of this United Nations Agency. To register for this event (no fee), contact: Ben Wallis, Transatlantic Consumer Dialogue Co-ordinator, Consumers International mailto:bwallis@consint.org
14-16 September 2004, Wroclaw, Poland
The 26th International Conference on privacy and personal data protection: 'the Right to Privacy - the Right to Dignity'.
This annual gathering of the world's data protection commissioners will be preceded on 13 June by a publicly accessible conference organised by EPIC, Privacy International and EDRI, called 'Privacy in a New Era: Challenges, Opportunities and Partnerships'
http://www.giodo.gov.pl/168/id_art/175/j/en/
http://www.thepublicvoice.org/events/wroclaw04/default.html
15-17 September 2004, Strasbourg, France
The Council of Europe is planning a major international conference on "The Challenge of Cybercrime", which will bring together senior politicians, computer industry leaders and experts from around the world. No online information yet. Civil society or members of the European parliament explicitly not invited.
28 September 2004, Paris, France
One day conference "Les reponses aux defis du peer to peer" (Answers to P2P challenges) at the French Senate, organised by the 'Forum des droits sur l'Internet'.
http://www.defis-p2p.org/
29-30 September 2004, Paris, France
5th Worldwide forum on electronic democracy, organised by Mr Andre Santini, French Member of Parliament and president of the Global Cities dialogue.
http://www.issy.com/statiques/e-democratie/index_EN.htm
30 September-3 October 2004, Berlin, Germany
New EDRI-member FIfF is organising a conference '20 Years of FIfF - ReVisions of Critical Informatics'.The bilingual (German, English) conference will take place at the Humboldt University in Berlin.
http://www.fiff.de/2004/
16 October 2004, Emmen, Switzerland
Swiss Big Brother Awards
http://www.bigbrotherawards.ch
26 October 2004, Vienna, Austria
Austrian Big Brother Awards
http://www.bigbrotherawards.at
29 October 2004, Bielefeld, Germany
German Big Brother Awards
http://www.bigbrotherawards.de