The Dutch government is 'in principle positive' about the proposal to store the telecommunication traffic data of all 450 million EU citizens for a period of 12 to 36 months. This point of view is expressed in a letter to the Dutch parliament about the proposal. As president of the EU, the Netherlands wish to press ahead with the proposal: "The Netherlands have a vested interest that the proposal takes priority."
The proposal was made by the UK, Ireland, France and Sweden on 28 April 2004, and followed by a questionnaire to the 25 EU member states about their current and intended data retention laws. Answers to the questionnaire had to be given by 29 July 2004, but the results will probably only become available at or after the next meeting of the working party on co-operation in criminal matters on 27 and 28 September 2004.
The Netherlands wish further investigation into the needs of the police and intelligence services. "The needs of law enforcement need to be mapped nationally. This applies in particular to data related to internet." Also, the Dutch government questions the scope of the proposal, "if providers would be obliged on the basis of this draft framework decision to retain data that are not regularly kept for their own business purposes."
The plans from the city council of Munich, Germany, to migrate all civil servants to open source Linux software, are endangered by the proposed new EU software patents directive. The Greens in Munich have filed 2 motions on 30 July 2004 demanding more research into how the directive affects the project. A cursory search revealed that the Linux 'base client', which the city of Munich plans to install on the desktop computers of approximately 14,000 employees, is in conflict with more than 50 European software patents. The planned advertisement at the end of July for the client was immediately cancelled until more research is done.
According to a newsitem on linuxelectrons, the Green alderman who filed the motions is a fan of open source, and "expresses concern over the future ability of open source software to meet the needs of the city administration if software patents massively hinder its development. (...) A week earlier, the chief information officer of Munich, Wilhelm Hoegner, said it is "indispensable" to check on the consequences of the software patent directive to open source software. Any such oversight would be a 'catastrophe for Munich's Linux migration project, and for open source in general'."
After long debates between the European parliament, the Council and representatives from national governments on 18 May 2004 a so-called Council Common Position was adopted on the patentability of computer-implemented inventions. This common position will be presented to the European Parliament for second reading in September or October 2004. Many national parliaments tried to make their governments step back from their positive decision (in Denmark, Poland and Germany), but only the Dutch parliament took the unprecedented step of making the Minister of Economic Affairs change the Dutch yes vote into an abstention. However, the total amount of votes was not enough to change the common position. (see EDRI-gram 2.14)
Linuxelectrons 'EU Software Patents Jeopardise Munich's Linux Migration' (30.07.2004) http://www.linuxelectrons.com/article.php/20040730044556612
Muenchen legt Linux-Projekt wegen der Softwarepatente auf Eis (04.08.2004) http://www.heise.de/newsticker/meldung/49735
EDRI-gram 2.14 'Dutch parliament blocks patent vote' (15.07.2004)
The UK telephone and internetprovider BT is blocking the access for its customers to an unknown number of websites since 21 June 2004, allegedly containing images of child pornography. So far, BT has not disclosed any information about the banned sites and the precise technical way in which the filtering is deployed, raising serious questions about large scale private censorship on the internet.
The software BT has developed to filter out the unwanted websites is called Cleanfeed, and was developed in collaboration with the Internet Watch Foundation. Both the association of UK internetproviders and the European umbrella organisation of internetproviders (Euro ISPA) have demanded more information about the exact nature of the blocking. The Internet Watch Foundation does not provide any information on its website or its annual reports on Cleanfeed or on the block-list of websites that they have developed. As a hotline, the mission statement of the Internet Watch Foundation is not limited exclusively to the battle against child abuse, but also aims to minimise the availability of "adult material that potentially breaches the Obscene Publications Act in the UK."
Under this Obscene Publications Act (texts from 1959 and 1964) the term 'indecency' is introduced and understood by courts to mean something that "offends against the modesty of the average man, offending against recognised standards of propriety at the lower end of the scale". According to the UK digital rights organisation Liberty, this means the definition depends on circumstances and current, sometimes local standards. "This vagueness is dangerous. Posters for causes such as animal rights, which are deliberately intended to shock their audience, have sometimes had to contend with indecency prosecutions."
So far, BT only released a figure about the attempts to access those banned websites in the first 3 weeks of the trial. They allegedly blocked 230,000 intended visits (not visitors), but caused confusion by also saying on the radio the number was twice as high, namely 20,000 URL requests per day. The UK provider association immediately responded with a series of questions and a high level of concern. What exactly was BT registering, the unique visitors, hits or even hits per image on a website? Did BT take into account that there was no error-message, so people trying to access a banned site would probably retry at least once? And that maybe this would increase the statistics by a factor of at least 2?
According to Richard Nash from Euro ISPA it is irresponsible for providers to block websites for their users. In stead of trying to make child pornography invisible, the responsible thing would be to deal with the production of the content. In stead of private decisions about what is 'decent' and what is not, providers should develop a thorough and balanced notice and takedown procedure, and governments should collaborate more closely in chasing down the production sources internationally.
ISPA seeks analysis of BT's 'Cleanfeed' stats (21.07.2004) http://www.theregister.co.uk/2004/07/21/ispa_bt_cleanfeed/
Liberty guide to the Obscene Publications Act http://www.yourrights.org.uk/your-rights/chapters/the-right-of-free-ex...
On 28 July, Privacy International has presented the 6th annual UK Big Brother Awards ceremony. Privacy International took the unusual step of awarding a US initiative for the UK awards because of the almost total silence in the US over this programme. US VISIT will fingerprint all visitors to the US from September of this year. The scheme is offensive and invasive, and has been undertaken with little or no debate or scrutiny. Nor has the requirement taken any account of the 'special relationship' between the UK and the US. The UK government has been silent about the programme and has capitulated every step of the way.
Winner of 'Worst public servant' was Margaret Hodge, Minister of State for Children. According to the jury report, "Margaret Hodge has received numerous nominations because of her patronage of the controversial tracking provisions in the Children Bill and for her determination to develop a wide spectrum of intrusive databases and information systems. Winner of the 'Most invasive company award' was British Gas, for blaming the Data Protection Act for a series of events that led to the death of an elderly couple who's gas was cut off due to overdue payments. The company claimed that privacy law prevented the company from disclosing to social services that the gas supply had been cut off during the cold winter months.
Both the winners of the 'Most appalling project award' (the NHS national programme for IT) and the 'Most heinous government organisation award' (the office of national statistics) were accurately predicted by the shortlist of the 'dirty dozen', described in EDRI-gram 2.14.
US wins David Blunkett Lifetime Menace Award http://www.theregister.co.uk/2004/07/29/big_brother_awards/
Stepping on Big Brother's Toes
http://www.wired.com/news/privacy/0,1848,64379,00.html?tw=wn_tophead_4
The 2004 UK Big Brother Awards
http://www.privacyinternational.org/bba
Pictures from the ceremony (28.07.2004)
http://moblog.co.uk/view.php?id=17913
(Thanks to Gus Hosein, EDRI-member Privacy International)
On 8 June 2004, the European Court of Justice issued an opinion on four (similar) cases regarding the database directive 'sui generis' right. The opinion seems to grant perpetual protection to databases, and confirms grave public concerns about the impact of the directive on the use and re-use of online information. Though the opinion of the Advocate General is not binding on the court, it is persuasive and often mirrored in the final verdict.
The parties are the British Horseracing Board (BRB) versus William Hill and Fixtures Marketing Ltd (football fixture lists) versus football pools operators in Finland, Sweden and Greece. Advocate General Stix-Hackl found that the database rights of the plaintiffs (BRB and Fixtures Marketing) were infringed. "'Bookmakers' use of data constitutes a prohibited re-utilisation even if they do not obtain the data directly from the database but from other independent sources such as print media or the internet."
The opinion provides some interpretation on definitions.
1. The mere generation of data is not covered, but "where the creation of data coincides with its collection and screening, and is inseparable from it, the protection of the Directive kicks in."
2. The Directive prohibits the rearrangement of the contents of a database.
3. There is a general prohibition on the extraction and/or reutilisation of substantial parts i.e. more than half the database.
4. Extraction and/or reutilisation of insubstantial parts is prohibited if it is a repeated or systematic act and prevents the economic exploitation of the database by the owner.
5. Re-utilisation is prohibited even when the data is taken from an independent source e.g. print medium or the internet, as was the case here. It is important to note that the BRB did not give permission to sub-licence this material.
6. Substantial changes give rise to a new database and therefore a new term of protection. For 'dynamic databases', the whole database enjoys a new term of protection when changes are made.
7. The term 'database' should be interpreted widely.
8. It is up to the national court to assess whether there has been a 'substantial' investment.
European Court of Justice press release (08.06.2004) http://www.curia.eu.int/en/actu/communiques/cp04/aff/cp040046en.pdf
Case numbers C-46/02, C-203/02, C-338/02, C-444/02
http://www.curia.eu.int/
(Contribution by Teresa Hackett, Ireland)
On 29 July 2004 the French Constitutional Council decided that the proposed new data protection act is not unconstitutional, except for one provision (article 9.3), which has been suppressed from the law. The law is an adoption of the European privacy directive of 1995 (1995/46/EC), and was accepted by the French Senate on 15 July 2004.
The proposal to examine the law was submitted on 20 July by members of the French parliamentary opposition. They objected particularly against the powers granted in the new paragraph 9.4 to collecting societies and similar representatives of intellectual property rights to create files with telecommunication traffic data of supposed copyright infringers to 'mutualise the battle against the piracy of works'.
The Constitutional Council rejects this complaint explicitly, considering that existing safeguards established by other laws are sufficient, like the fact that the storage of traffic data should not exceed a one year period. Generally the Council 'confirms that the law does not damage in any legal way the constitutional requirement to respect private life'. However, the Council does object to the possibility to give all (business) victims of fraud the same powers in the analogue world, i.e. to create private police records without any rights of access and correction, because the definition of 'fraud' lacks precision. But at the same time the Council also remarks that this ban on databases with private infringements (the stricken article 9.3) should not harm the constitutional rights of every person, natural or legal, to defend their rights in court.
A broad coalition of French NGOs and trade-unions, including the French Human Rights League (LDH) and EDRI-member IRIS has objected against many provisions of the new law for a long time, since the first introduction of the pre-draft in September 2000. Amongst their concerns about the act is the fact that genetic and biometric data are not included in the list of sensitive data, and the possibility for companies to appoint a 'data correspondent' (privacy officer) in stead of filing a list of personal data with the data protection authority (the CNIL in France). The DELIS-coalition finds it unacceptable that these in-house privacy officers do not have a protected status, necessary to guarantee independence from their employers.
Earlier the DELIS-coalition announced they would file a complaint with the European Commission against France if the Council decision was not found satisfactory.
Constitutional Council full verdict (in French, 29.07.2004) http://www.conseil-constitutionnel.fr/decision/2004/2004499/2004499dc....
DELIS, LDH and IRIS press release (16.07.2004)
http://www.iris.sgdg.org/info-debat/comm-infolib0704-en.html
EDRI-gram 2.8 'France to implement 1995 Privacy Directive' (21.04.2004) http://www.edri.org/cgi-bin/index?id=000100000148
(Thanks to Meryem Marzouki, EDRI-member IRIS)
On 24 March 2004 the Danish Ministry of Justice released a draft Administrative Order and a set of guidelines for mandatory retention of telecommunication traffic data. It is a follow-up to the 'anti-terror package' from 6 June 2002 (Act no. 378), that extended the minimum time for data retention to a year and allowed police and intelligence agents to look at such material with court permission where serious crimes were involved and to install on ISP servers software similar to the US Carnivore system to intercept e-mail.
The Administrative Order and the guidelines aim to regulate in detail the obligations of the Danish telecommunication providers (minor private ISPs included), specify how they must assist the Danish police interfering with the secrecy of communication, what data should be retained, and how it should be done. For internet, this means an obligation for providers to keep an extended mail server logfile with precise information who has been e-mailing whom, an extensive IP-registration of all incoming and outgoing IP-requests and an obligation to log all IP-addresses from visitors to chatrooms. Mobile telephony providers are to store all data about incoming and outgoing calls, including SMS and MMS, and all localisation data they generate for each call, even if the call is not successful.
When circulated for comments in May 2004, the draft was heavily criticised by both Internet Service Providers, co-operative housing associations and non-governmental organisations for being disproportional and inconsistent, e.g. by letting private entities store huge amounts of personal information while at the same time leaving ample loopholes, since for example libraries and universities are not included. Everyone now awaits the next steps from the Ministry of Justice.
Danish Ministry of Justice
http://www.jum.dk
Danish Data Protection Agency
http://www.datatilsynet.dk
(Contribution by Rikke Frank Joergensen, EDRI-member Digital Rights Denmark)
The Swiss data protection authorities and several political parties have used a governmental consultation round to protest against a proposal to introduce a new sectoral ID number for persons, the SPIN law.
According to the privacy authorities, the proposed law violates both constitutional and data protection principles. The new personal identification number would be sectoral and based on a central server within the federal justice department. But the sectors are not clearly defined or even analysed, thus violating the principle of proportionality.
To make it worse, the responsibilities for access, for security, transmission and usage of the PIN are not sufficiently clear. "This results in a lack of transparency and absence of indispensable protection measures." The privacy authorities demand a serious public debate and find the schedule for parliamentary debate (in the winter of 2004) much too early.
In April 2003 the data protection authorities already objected against the planned introduction of a universal identification number. They will only accept a personal identification number (PIN) if used for statistical reasons, specifically aimed at solving the problems with the next population census planned for 2010.
Opinion of the Federal data protection authorities (in French and in German, 28.07.2004)
http://www.edsb.ch/f/themen/weitere/epid/stellungnahme_spin.pdf
http://www.edsb.ch/d/themen/weitere/epid/stellungnahme_spin.pdf
SIUG opinion on the SPIN-law (in German, 23.07.2004)
http://www.bigbrotherawards.ch/diverses/vernehmlassung.SPIN.20040723.p...
(Contribution by Daniel Boos, EDRI-member SIUG)
The European Commission is organising two interesting public consultation rounds, on nanotechnology and on digital rights management (DRM).
The consultation on nanotechnology invites public feedback on the communication 'Towards a European Strategy for Nanotechnology', in which the Commission proposes an integrated and responsible approach for developing nanosciences and nanotechnologies in Europe. All interested people are encouraged to take part by directly writing to the Commission rtd-nano-strategy@cec.eu.int by 30 September 2004.
Commission press release: How big is nanotechnology for Europe? (30.06.2004) http://europa.eu.int/rapid/pressReleasesAction.do?reference=IP/04/1005...
Online questionnaire about nanotechnology http://www.nanoforum.org
EDRI equally recommends participating in the consultation on DRM. After two sessions with industrial parties behind closed doors in the so-called 'High Level Group on DRM', on 8 July 2004 the group apparently decided they could no longer do without any representatives from civil society, and now invite 'all stakeholders' to reflect on what is already called 'The Final Report'. The group has identified 3 challenges for the future of DRM: interoperability; levies for private copies and 'encourage consumers to use legal services on the internet'. Comments must be sent to INFSO-G1@cec.eu.int by 15 September 2004, and will be published on the website unless a specific request is made not to do so. The consultation will be followed by a workshop in November 2004.
European Commission on Digital Rights Management
http://europa.eu.int/information_society/eeurope/2005/all_about/digita...
'Final report' from the High Level Group on DRM (08.07.2004)
http://europa.eu.int/information_society/eeurope/2005/all_about/broadb...
NEW DATE! 27-28 August 2004, Amsterdam, the Netherlands 'Guaranteeing Media Freedom on the Internet' Two day conference organised by the OSCE Representative on Freedom of the Media, Mr Miklos Haraszti, in the Amsterdam city hall. http://www.osce.org/events/conferences/fom/2004amsterdam/
31 August 2004, Deadline for submissions Council of Europe Public consultation on future Council of Europe activities in the media field, in preparation of the 7th European Ministerial Conference on Mass Media Policy (Kiev, 10-11 March 2005). The main topics of the Conference will be: freedom of expression and information in times of crisis; cultural diversity and media pluralism in times of globalisation and human rights and regulation of the media and new communication services in the information society.
The CDMM would like to invite non-governmental organisations working in the media field in Europe and other interested persons to submit their ideas and proposals as regards these future activities. The proposals should not exceed 2 pages and should be sent to the Media Division, in English or French, by 31 August 2004 (mailto:media@coe.int). They will be analysed at a meeting of the Bureau of the CDMM on 7-8 September 2004. The results will be subsequently reviewed by the CDMM on 2-5 November 2004.
Call for submissions:
http://www.coe.int/T/E/human_rights/media/7_Links/consultation_announc...
13-14 September 2004, Geneva, Switzerland
The TransAtlantic Consumer Dialogue (TACD) will host a two-day meeting in Geneva on the Future of WIPO. The meeting will bring together leading experts and stakeholders from academia, industry, NGOs, and governments, as well as members of the WIPO secretariat, to discuss the future of this United Nations Agency. To register for this event (no fee), contact: Ben Wallis, Transatlantic Consumer Dialogue Co-ordinator, Consumers International
mailto:bwallis@consint.org
14-16 September 2004, Wroclaw, Poland
The 26th International Conference on privacy and personal data protection: 'the Right to Privacy - the Right to Dignity'. This annual gathering of the world's data protection commissioners will be preceded on 13 June by a publicly accessible conference organised by EPIC, Privacy International and EDRI, called 'Privacy in a New Era: Challenges, Opportunities and Partnerships'
http://www.giodo.gov.pl/168/id_art/175/j/en/
http://www.thepublicvoice.org/events/wroclaw04/default.html
15-17 September 2004, Strasbourg, France The Council of Europe is planning a major international conference on "The Challenge of Cybercrime", which will bring together senior politicians, computer industry leaders and experts from around the world. No online information yet.
28 September 2004, Paris, France One day conference "Les reponses aux defis du peer to peer" (Answers to P2P challenges) at the French Senate, organised by the 'Forum des droits sur l'Internet' http://www.defis-p2p.org/
29-30 September 2004, Paris, France 5th Worldwide forum on electronic democracy, organised by Mr Andre Santini, French Member of Parliament and president of the Global Cities dialogue http://www.issy.com/statiques/e-democratie/index_EN.htm
30 September-3 October 2004, Berlin, Germany New EDRI-member FIfF is organising its 20th annual meeting on critical computer science in the Humboldt university. http://www.fiff.de/aktuelles/
16 October 2004, Lucerne, Switzerland
Swiss Big Brother Awards
http://www.bigbrotherawards.ch
26 October 2004, Vienna, Austria
Austrian Big Brother Awards
http://www.bigbrotherawards.at
29 October 2004, Bielefeld, Germany
German Big Brother Awards
http://www.bigbrotherawards.de