European Digital Rights condemns action taken by the international phonographic industry association (IFPI) against European users of file-sharing networks. On 30 March IFPI announced legal actions against a total of 247 file-sharers in Denmark, Germany, Italy and Canada. Similar actions were announced by the French and Swiss music industry shortly after. Following previous actions in the United States, European internet users will be charged with illegally making available hundreds of music tracks for copying, transmission and distribution via file-sharing services.
In Italy 30 file-sharers are accused, mostly users of 'Opennap'. At the request of FIMI, the Italian music industry federation, financial police has raided the houses of these file-sharers and seized their computers, hard disks and CD's to secure evidence. The German section of IFPI has announced lawsuits against 68 users. In response, the German Chaos Computer Club (by far the largest usergroup in Europe), announced a campaign to boycott the music industry. IFPI argues there are enough legitimate download services in Europe, with 300.000 titles available for download in Europe from 50 different websites. According to EDRI these services do not live up to consumers' expectations because of the limited choice, the high cost, and DRM-features that prevent format-shifting.
Limited choice: The 300,000 songs available for legal download are only a small fraction of the millions of songs peer-to-peer networks offer. Non-mainstream music is often only available from these file-sharing networks.
High cost: when each downloaded song costs around 1 Euro, a whole CD will cost about the price of the CD itself in a store. If consumers want to burn the downloaded songs to a CD, they have to pay the price for the raw CD in addition, which in many countries contains a levy that goes to the music industry as well. The prices for CDs containing music are very high already, and are one of the reasons for the reduced sales of the music industry.
A scan of the CD-sector by the Dutch Competition Authority in April 2003 indicates for example that CD-prices in the Netherlands are among the highest in Europe, but no proof was ever given to correlate dropping CD-sales to file-sharing. An empirical analysis of the download behaviour of internet users in the USA also demonstrates that the decline in record sales over 2000-2002 is not primarily due to file sharing. According to the survey, file trading led the average user to purchase an additional 8 albums.
Incompatible formats: with a few exceptions, the industry's download services offer songs in the Windows Media Player, Real Media and Quicktime formats. These files have so-called Digital Rights Management (DRM) features, with numerous limitations. Very often, it is not possible to burn the songs to a CD, to play them on MP3 players or to shift them to a different format in order to be able to play them on a program other than the one foreseen by the rights holder.
European Digital Rights calls upon the media industry to develop services that are attractive to users of the Internet. Only then will the industry succeed in getting rid of the P2P problem. If it should continue with its current strategy of backing unattractive services with legal threats, the result will be further alienation in particular of young users.
EDRI press release (31.03.2004)
http://www.edri.org/cgi-bin/index?id=000100000146
IFPI press release (30.03.2004)
http://www.ifpi.com/site-content/press/20040330.html
CCC campaign 'Boycott the music industry'
http://www.ccc.de/campaigns/boycott-musicindustry
Empirical analysis: the effect of file sharing on record sales (March 2004)
http://www.unc.edu/~cigar/papers/FileSharing_March2004.pdf
French music industry announces similar actions (in French, 30.03.2004)
http://fr.news.yahoo.com/040330/85/3q2cg.html
Swiss music industry announces similar actions (in German, 30.03.2004)
http://www.blick.ch/PB2G/PB2GA/pb2ga.htm?snr=68462
The European Parliament has rejected the existing 'agreement' between the USA and the EU on the transfer of airline passenger data. During a plenary session on 31 March Parliament adopted a resolution prepared by MEP Johanna Boogerd-Quaak.
The resolution calls upon EU Member States to require airlines and travel agencies to obtain passengers' consent for the transfer of data and asks the EU commission to withdraw the draft decision which is the current 'legal' basis for the transfer of data. Parliament criticizes the Commission's decision because it goes 'against the principles of proportionality and of data quality' and 'does not grant all passengers the protection which is afforded to US citizens'. In the resolution the Parliament reserves the right to appeal to the Court of Justice when the European Commission finalizes its agreement with the USA.
Just a week later, on 6 April, the European Parliament Committee on Citizens' Freedoms and Rights, Justice and Home Affairs (LIBE) rejected the Council's proposed 'light international agreement' on the transfer of passenger data between the EU and the USA. The LIBE Committee recommends that Parliament will vote against the agreement on the grounds "that Parliament is only consulted on the international agreement, while it could rightfully be argued that Parliament should have full assent".
"To conclude, the rapporteur believes that there is a very clear and simple logic: If Parliament does not believe that the US offers adequate protection of passenger data, it cannot and should not accept the international agreement, which would oblige airlines to transfer (or give access to) the PNR data to the US administration."
The double rejection is the result of the Commission's decision to follow a two-tier approach: First, to adopt a draft decision declaring that PNR data are adequately protected in the USA and second, to propose a 'light international agreement', which will oblige the airlines to give access to the data and authorise the US administration to pull the data from the EU territory.
To make things even more complicated, Parliament also rejected a Spanish proposal that would require airlines operating within the EU to provide passenger data to governments in the EU country of arrival. With this decision the Parliament applies the same standard of data protection as it has used to reject an EU-USA agreement.
European Parliament resolution about the level of protection (25.03.2004)
http://www.statewatch.org/news/2004/mar/ep-pnr-report.pdf
LIBE draft report on the proposal for a Council decision on transfer of PNR-data to the US (30.03.2004)
http://www.europarl.eu.int/meetdocs/committees/libe/20040405/530949en....
Proposal for a Council decision on transfer of PNR-data to the US (17.03.2004)
http://www.statewatch.org/news/2004/mar/eu-us-pnr.pdf
Draft Council Directive on inner-EU communication of passenger data (23.03.2004)
http://www.statewatch.org/news/2004/mar/eu-pnr-Directive.pdf
Over forty non-governmental organisations from around the world signed an open letter to the International Civil Aviation Organization (ICAO) on 30 March 2004.
Privacy International (an EDRI member) and the American Civil Liberties Union wrote the letter calling on the ICAO to reconsider its standards-setting on biometric travel documents.
The ICAO proposes that all passports worldwide implement RFID chips to support face-scanning, and possibly other forms of biometric data, including fingerprinting and iris scanning. This information would be collected at the national level, but then compared to and possibly stored in international databases. Already the EU has proposed to build on the idea in order to create a central register of fingerprints of all EU passport and visa holders.
The letter says that the ICAO is mandating national identification systems, requiring governments to collect citizens' biometrics, without any regard to national politics and laws. A number of governments have noted the challenges to privacy and data protection, but such concerns would be rendered powerless in the face of this international standard and requirement.
Amidst claims of efficiency and security, the ICAO argues that its mandate is merely to set standards for biometric passports, as called for by its member states and U.S. border requirements. This is even as the technology of choice, face-scanning and facial recognition, is questionable in its accuracy. The letter reminds the ICAO that:
The signatories of the letter wish for the ICAO to impose restraints on the undue collection, processing, retention, and transfers of data. In particular, they ask that the ICAO Follow through on earlier promises to review privacy implications of biometrics and trans-border personal information transfers; - Release clear and binding privacy requirements; - Prevent, by design or biometric selection, the development of biometric databases;
Open Letter to ICAO (30.03.2004)
http://www.privacyinternational.org/issues/terrorism/rpt/icaoletter.pd...
Privacy International policy library
http://www.privacyinternational.org/issues/terrorism/rpt/icaobackgroun...
(Contribution by Gus Hosein, Privacy International)
On 26 and 27 March 2004 a conference was held on safe internet in Warsaw, Poland. The conference was organised by the Council of Europe in collaboration with Safeborders, a consortium funded by the European Commission. Focussed on children, the event was meant to 'step up efforts to create a pan-European safer Internet network.' Some 150 participants met in workshops, with many delegates from East Europe and republics of the former Soviet Union.
In his keynote speech, Hanno Hartig from the Council of Europe stressed the need to make a difference between illegal and harmful content and respect the cultural and legal differences between countries. He underlined the difficulty of anonymity online, both as a danger and an essential tool to protect the privacy of children. He also warned that encouraging self-regulation should not force ISPs to curb the freedom of expression. Unfortunately, these nuances were sometimes lost during the workshops and plenary sessions, with speakers denying any difference between for example child pornography and websites about drug use.
Tor Eigil Hodne from the European Commission's DG Information Society explained the newly adopted extension of the Internet Action Plan for another 4 years. The first action plan ran between 1999 and 2002 and was funded with 25 million euro. The plan was extended in 2003 and 2004 with another 13.3 million euro. The new Safer Internet Plus plan will run from 2005 to 2008, with a budget of 50 million euro. The plans wants to promote safe use of internet and online technologies, particularly for children, and encourage the fight against 'all illegal, harmful and unwanted content, including spam.'
The main actions covered by the program (hotlines, filtering/blocking, self-regulation and awareness raising) have not changed, but the priorities have shifted. Previously the Commission focussed on filtering solutions, but now awareness is seen as the most important goal. Hodne summarised the evaluation of the first 4 years as 'too many actions with too much duplication and too many tips to parents', while at the same time suffering from reduced (public) visibility.
The invisibility of the hotlines was also demonstrated in a presentation by Rachel O'Connel of a recent Eurobarometer survey about illegal and harmful content on the Internet. Only 5 percent of the surveyed 16.014 parents mentioned a hotline, when asked where they would report seemingly illegal or harmful content.
The survey shows that Europe can be divided in 3 groups; high-band (countries where children access internet quite frequently such as Denmark, the Netherlands, the UK, Sweden and Finland), middle-band and low band (Greece and Portugal, where only 15 and 31 percent of children have access to the Internet). In 9 countries a majority of parents feel they need more information about how to protect their children from illegal or harmful content and contact on the Internet. The highest scores are found in low and middle-band countries, while parents in the high-band countries, with more experience, are much more confident. A large majority of people in Denmark, Austria, Germany, the Netherlands and Sweden indicates they do not want such information. In total, 47% of Europeans said 'no thank you' to more awareness campaigns. Coupled with the conclusion that investing in a website to inform parents about safe use of internet is the least preferred way of receiving information, the Action Plan might want to reschedule some more priorities in the nearby future.
Safe internet conference website
http://www.safernet.info/pconference.asp
EU Internet Action Plan, with links to Eurobarometer survey and evaluations
http://europa.eu.int/information_society/programmes/iap/text_en.htm
The proposed e-voting system in Ireland is under scrutiny due to concerns about fraud. An independent committee of 5 experts is commissioned to look into the alleged flaws of the system. The report is due out on 1 May.
The Irish government plans to introduce electronic voting machines from the Dutch company Nedap for the next European and regional elections in June. The system contains software by the Dutch firm Groenendaal and voting hardware made by Nedap. The same system has been used in the Netherlands for many years.
Civil liberty groups and the Labour Party have severely criticised the lack of an audit trail for the voter. After voting, the voter can not check if his or her vote is recorded correctly. The system does not provide a paper trail for possible recounts.
The debate about e-voting in Ireland gained intensity in March 2003, when a negative security assessment was obtained under the Freedom of Information Act. The assessment was carried out by the security company Zerflow at the request of the Department of the Environment and Local Government. The Irish government tried to keep the report secret, with adverse effects.
Several researchers have concluded that the Groenendaal software is not open source and even the Irish and Dutch governments do not have a copy of the source code.
Irish Citizens for Trustworthy Evoting
http://www.evoting.cs.may.ie/
Electronic voting in Ireland: a threat to democracy? (November 2003)
http://www.labour.ie/policy/download/evoting.pdf
Electronic Voting: A Safety Critical System (March 2003)
http://www.evoting.cs.may.ie/Project/report.pdf
The Dutch spammer Martijn Bevelander has to pay 25.000 US Dollar to the US Federal Trade Commission, for unfair and deceptive acts of commerce. Bevelander and his company Maps Holding BV were accused by the FTC for misrepresenting the subject line, 'spoofing' (faking) the sender) and creating untrue opt-out possibilities in large amounts of unsolicited commercial mail. Both Bevelander and his US business partner Brian Westby have agreed to settle out of court. Westby pays 87.500 US dollar to the FTC.
According to the complaint, Westby sent large amounts of adult e-mails with misleading subject lines, like 'Did you hear the news?' en 'New movie info'.
For a period of three years, they both have to notify the Commission of any change in their private address and telephone number, any change in their employment status, and make all their current and future personnel sign a statement that they have read the FTC-order.
The FTC can bring enforcement actions against any deceptive acts of commerce, including false or misleading headers and subject headings. The US claims jurisdiction over foreigners in these cases because the spam was addressed to US citizens. The US Can-Spam Act, entered into force on 1 January 2004, does not ban spam. It only creates the right to opt-out from future mailings.
Meanwhile in the EU, the Commission has issued a second warning to 8 member states for not implementing the span-ban in time. Belgium, Germany, Greece, France, Luxembourg, the Netherlands, Portugal and Finland have not yet transposed the Directive on Privacy and Electronic Communications (2002/58/EC). They now have two months to respond or face action before the European Court of Justice.
Stipulated final judgement and order for permanent injunction (04.03.2004)
http://www.bof.nl/docs/westbyfinalorder.pdf
FTC Complaint (16.09.2003)
http://www.ftc.gov/os/2003/09/marriedcomp.pdf
Commission warns 8 countries to implement spam-ban (01.04.2004)
http://europa.eu.int/rapid/start/cgi/guesten.ksh?p_action.gettxt=gt&am...
On 8 April the French Senate will vote about a controversial new law to translate the E-Commerce Directive (2000/31/EC). The law known as LEN ('Loi sur la confiance dans l'economie numerique'), has been heavily opposed by EDRI-member IRIS, Reporters without Borders, several trade unions, internet user groups and the association of internet providers for undermining the rights of internet users and introducing private justice by internet providers.
On 8 January the National Assembly adopted the draft-law, introducing a notice and take down procedure for internet content and a general obligation on hosting providers to monitor the content of their customers. Such a measure is explicitly forbidden by the E-Commerce Directive. Currently, hosting providers can only be held liable for illegal content they host if they don't comply with a judicial injunction to remove the content.
If the Senate doesn't change the LEN, internet users will be able to demand the immediate withdrawal of content they consider unlawful. Website hosts will be forced to censor any content likely to be deemed unlawful for fear of being found criminally liable, with penalties of up to a year in prison and a fine of 75,000 euros for the manager of a service provider.
The LEN's advocates argue that website hosts would be protected by a clause in the bill making improper accusations of illegality punishable by a year in prison and a fine of 15,000 euro.
Many actions have already been undertaken by LEN opponents. EDRI-member IRIS launched a petition that has been signed by 13.461 individuals and 266 organisations.
IRIS petition
http://www.iris.sgdg.org/actions/len/petition.html
French draft law obliges providers to monitor content (15.01.2004)
http://www.edri.org/edrigram/number2.1/LEN
An international coalition of privacy and civil liberty organisations have signed an open letter to Google urging the company to suspend its Gmail service until the privacy issues are adequately addressed. EDRI-members Privacy International, FIPR and Bits of Freedom have signed the letter.
Gmail is a free web-mail service that will scan the contents of e-mail in order to present targeted advertisements based on keywords in the e-mail text.
The international coalition is concerned about the unlimited period for data retention that Gmail proposes and the lack of clear policies about its data sharing between business units. Gmail sets potentially dangerous precedents and establishes reduced expectations of privacy in email communications that may be adopted by other companies and governments for many years after Google is gone.
An Open Letter to Google Regarding Its Proposed Gmail Service (06.04.2004)
http://www.worldprivacyforum.org/gmailrelease.pdf
On 1 March 2004 the EU launched a new 4-year project on privacy and identity management. Its objective is the research and development of solutions to empower individuals in managing their privacy in cyberspace. The Commission contributes a budget of 10 million euro.
Following a longtime focus on privacy enhancing technologies, the Commission feels that privacy management should be built into information systems by design rather than as an afterthought. Under the new program, technical solutions should be developed to minimise disclosure of personal data and enforce end-users' privacy preferences. The scope of digital identities is very broad, from border controls to future electronic services that might deal with sensitive data such as patient health data, employee data, and credit card data.
PRIME project
http://www.prime-project.eu.org/
The Article 29 Data Protection Working Party has adopted a working document on genetic data. The technical progress which science has made over recent years in the field of genetic research has given rise to new data protection questions and concerns in relation to the significance and impact of genetic tests and the processing of genetic data.
The document states that any use of genetic data for purposes other than directly safeguarding the data subject's health and pursuing scientific research should require national rules to be implemented, in accordance with the data protection principles. The application of these principles render the blanket implementation of mass genetic screening unlawful.
In addition, the ease with which genetic material can be obtained without the knowledge of the data subject and the relevant information can be subsequently extracted from such material, requires strict regulations in order to prevent the dangers related to new forms of identity theft.
Working Document on Genetic Data (17.03.2004)
http://europa.eu.int/comm/internal_market/privacy/docs/wpdocs/2004/wp9...
15 April 2004, Brussels, Belgium
Open source meeting and demonstration Conferences and LUG in Brussels European Parliament. Chaired by Daniel Cohn-Bendit MEP
19 April 2004, London, England
One day conference on ubiquitous computing and it's possible impact on privacy, democracy, and terrorism.
http://www.uclic.ucl.ac.uk/ubiconf/programme.html
15 May 2004
Deadline Call for Papers The Data Protection Authorities support a new award for privacy-papers, named in honour of the US privacy expert Barbara Wellbery (1948-2003). The award is granted annually by the Morrison & Foerster Foundation. The winning paper will receive a $3,000 cash award. In addition, the winner is invited to present his or her paper in Poland at the 26th International Conference of Data Protection and Privacy Commissioners (14-16 September 2004).
http://www.cbpweb.nl/downloads_overig/med_barbara_wellberry_2.pdf
3-4 June 2004, Vienna, Austria
Free Bitflows conference Conference and workshops about cultures of access and politics of dissemination, organised by Public Netbase (AT), in collaboration with Hull Time Based Arts (Hull, UK); V2_ (Rotterdam, NL); Bootlab (Berlin, DE); interSpace Media Art Center (Sofia, BG).
http://freebitflows.t0.or.at
10-12 June 2004, Berlin, Germany
Wizards of Os
http://wizards-of-os.org/
13 June 2004, Berlin, Germany
WSIS panel
Details to be announced at the wizards of os conference
http://waste.informatik.hu-berlin.de/Grassmuck/wos3-schedule.html
15-17 September 2004, Strasbourg, France
The Council of Europe is planning a major international conference on "The Challenge of Cybercrime", which will bring together senior politicians, computer industry leaders and experts from around the world. No online information yet.