European Digital Rights today launches a new website, with a new logo and up-to-date information on campaigns and news items. The website is created with the open source content management system Drupal, and offers new features, such as an RSS-feed of the main news articles and press releases. The main advantage of the new site is the improved accessibility of the many different issues covered in EDRI-gram. In the months to come, all the articles from 2003 on the old website will be migrated to the new website. Until then, the old website remains accessible as an archive.
The webdesign and Drupal implementation were done by the Dutch design company Anderemedia, thanks to a small grant from OSI / Soros foundation.
European Digital Rights website
http://www.edri.org/
Archived former website
http://archive.edri.org
The Europarl Committee on Civil Liberties, Justice and Home Affairs (LIBE) today organised a hearing with experts on biometrics. In his opening remarks the MEP Carlos Coelho (Conservative, Portugal) said he generally agreed with the objective of securing people's identities, but has some doubts about adding biometric identifiers to travel documents. Coelho is the rapporteur on 3 different reports for the European Parliament involving the inclusion of biometric features in personal documents.
After listening to what the four experts had to tell him, Mr. Coelho's closing remarks sounded somewhat more critical: "Technological solutions seem handy sometimes, but may hide the new problems they may be causing.
While the contrary can also apply - technology being blocked because measures to work around the problem don't come to the surface - we must make sure that there is a fair balance between the values of security and of freedom. None of the two may be sacrificed for the other." In the two-and-a-half hours that lay between the two remarks, four experts had warned unanimously for the unforeseeable effects of what could be a premature introduction of a technology not yet ready for wide-spread application. Julian Ashbourn who acts as an adviser to the British, U.S. and Japanese governments on biometrics, warned that the focus was presently too much on technological aspects of biometrics, while societal impacts that would inevitably concern the present-day generation as well as our grandchildren were largely undiscussed. In the public discussion, assumptions on the values of biometrics were being made that were simply false - like believing that biometrics could prove that a person actually is who she or he claims to be. "History will show", Mr. Ashbourn said, "that certain assumptions involving biometrics will prove to be ill founded." If related biometric-related initiatives were poorly conceived, states risked the alienation of responsible citizens. Much more discussion, M. Ashbourn argued, was needed before biometrics had sufficient acceptance to be widely implemented - a 25 year time frame would be realistic.
Jonathan Cave, an economic scientist with the University of Warwick in Britain, supported much of Mr. Ashbourn's arguments. He said the possible benefits of biometrics were often regarded as a surplus value, even if indeed they weren't, because biometrics provided a degree of identification that is not needed for many services. When calculating these benefits, it was often ignored that biometrics - and in particular standardised interoperable ones - also created barriers for competitors who could not afford to buy the adequate equipment. Such a recipe for market failure would cause additional costs.
Paul de Hert of the Dutch University of Leiden warned that biometrics were part of a trend towards a more pro-active, intelligence-led form of policing that originated in the United States but became increasingly popular with police forces also inside the EU. He said this trend must be countered, among other things with a Directive on data Protection in the EU's Third Pillar, where no data protection exists until now. Mr. de Hert expressed his fear that storing the data in giant databases instead of a chip on a smart card could cause additional vulnerabilities, and he called for an option for people to opt out of a wide-spread biometrics regime.
Bernadette Dorizzi, a Professor at the Institut national des Télécommunications in Paris, discussed technological aspects of biometrics. While the technology itself was not new, Mrs. Dorizzi said, the possibilities of storing and processing it for milions of individuals added a new dimension. No biometric system could be expected to be one hundred percent accurate, and some, like face recognition, had enormous failure rates of 40 percent. DNA was the only identifier that could be considered unique to a person, but it would in the European context be neither acceptable nor practicable to introduce it as an identifier. Only China plans to include a DNA pattern as an identifier on national identity cards. Fingerprints and Iris scans provided more security, but it must be kept in mind that they are still under development.
Proposal for a Council Regulation on standards for security features and biometrics in EU citizens' passports (18.02.2004)
http://europa.eu.int/eur-lex/en/com/pdf/2004/com2004_0116en01.pdf
Avanti, the independent non-profit web resource for biometrics, run by Julian Ashbourn
http://www.avanti.1to1.org/
(Contribution by Andreas Dietl, EDRI EU Affairs director)
According to an article in the Frankfurter Allgemeine Zeitung Germany is changing its position on the proposal from the EU Council to oblige telecom and internet providers to store traffic data about all their customers for 12 to 36 months. The legislative chamber that represents Germany's 16 states on national issues (the Bundesrat) voted on 1 October to 'take notice of' rather than support the EU proposal. Previously this important legislative body unsuccessfully tried to introduce mandatory data retention for at least 6 months in the new Telecommunication law. The current data retention regime in Germany allows for 90 days storage of traffic data.
Meanwhile, the German government has published a new draft law for telecommunication and post interception on behalf of the Customs Office. 2 Paragraphs of the previous law were declared unconstitutional by the Constitutional Court on 3 March 2004, for violating the communications secrecy guaranteed in Article 10. The new proposal defines the surveillance powers of the Customs Office much more precisely, listing for example the crimes that interception can be called for, in stead of the previous, more general description of 'criminal offences of substantial importance'. Also, in case of a possible hand-over of personal data to other public institutions the materials must be marked as 'sensitive', to respect the communication secrecy.
The strong German constitutional protection of the communication secrecy might turn out to become crucial in the debate about general EU surveillance legislation, since a third pillar decision such as the data retention proposal can only be taken unanimously by all 25 member states.
FAZ English week edition 'Stand on data altered' (01.10.2004)
http://www.faz.com/IN/INtemplates/eFAZ/docmain.asp?rub=%7BB1311FCC-FBF...
Draft proposal preventive telecommunication and post interception by the Customs Office (DATE)
http://www.parlamentsspiegel.de/WWW/Webmaster/GB_I/I.4/Dokumentenarchi...
7 out of 10 internet providers in the Netherlands remove a text by the famous Dutch author Multatuli (who died in 1887), without even looking at the webpage, or verifying the identity of the plaintiff. These are the results of an experiment conducted this summer by the Dutch EDRI-member Bits of Freedom about complaint procedures at ISPs.
Bits of Freedom picked 10 internet providers for the test, 3 free and 3 paid (dial-up) access providers, 3 hosting providers dedicated to business customers and 1 cable internet provider. A text was uploaded from Multatuli (pseudonym of Eduard Douwes Dekker), dating from 1871. The text is about democracy, and begins with the story of the sheep. The sheep chase away a tyrant, only to find themselves in need of specialists to represent them, and they end up inviting the tyrant back, disguised as 'Specialist'. The text clearly states in the opening line that the work dates from 1871, and was reprinted in 1981. At the bottom of the text there is a line stating 'this works belongs to the public domain'. Since copyright expires 70 years after the death of the author, all works by Multatuli are in the public domain since 1957.
First the customer was invented, and given the name 'Johan de Ruyter'.
Secondly, a non-existent society was created to act as copyright holder, the E.D. Dekkers society. Representing this society was a 'legal advisor', Mr. Johan Droogleever. A few weeks after the text were brought online, Mr.
Droogleever started to send complaints to the providers from his Hotmail account, stating the society owned all the copyrights to any published materials of E.D. Dekkers, and now that the provider was notified, he expected the provider to act expeditiously and remove the text.
5 out of the 10 providers removed the text after the first or second e-mail from Mr. Droogleever, one business provider even within 3 hours after receiving the first e-mail. 3 providers replied with a paper questionnaire, in which the plaintiff was invited to specify the exact nature of the complaint. Droogleever just restated the same argument and in 2 cases the providers removed the webpage without ever looking at the webpage or verifying if the E.D. Dekkers society existed at all.
Only 1 provider sent a brief e-mail back to Droogleever explaining he as a legal advisor should also know copyrights had long ago expired. In another case, the provider responded that a Hotmail address was not credible at all, and the complaint would only be processed if Droogleever could provide several written proofs of the existence of the society and his ability to act on their behalf. Finally, the third provider that did not remove the text did not respond at all to any of the 4 e-mails Droogleever sent.
Under the European E-Commerce directive internet hosting providers risk liability for apparently illegal content from their customers. Once they are notified, and the unlawfulness is 'apparent', they should take immediate action to block or remove the content. According to Bits of Freedom, this experiment clearly demonstrates the need for a precise notice and takedown procedure and legal guarantees for freedom of speech legal. Currently, there is too much one-sided liability pressure on ISPs to immediately remove, without proper investigation.
Research paper Bits of Freedom (01.10.2004)
http://www.bof.nl/docs/researchpaperSANE.pdf
The district government of Dusseldorf, Germany is bringing the anti-censorship activist Alvar Freude to court. The hearing starts tomorrow, on 7 October 2004. Freude is accused of posting hyper-links to censored websites with radical right-wing content on his website and thus helping to promote the distribution of the materials. Freude on the other hand claims he only wants to make German censorship transparent.
The case dates back to a decision taken early in 2002 by the district government of Dusseldorf. They passed orders to more than 80 internet providers to block access from their users to 4 foreign websites.
Providers and civil rights groups united in protest against the directive, but lost 3 out of 4 court cases, confirming immediate enforceability of the orders. Meanwhile, 2 of the 4 websites have been dropped from the blocking-order (rotten.com, a distasteful but not radical right-wing website and front14.org).
The public prosecutor of Stuttgart now brought one of the most vocal critics of the orders to court. According to an article in the German e-zine Heise he said all hyper-links to radical right-wing websites are forbidden. But according to Freude's lawyer, linking to right-wing hate speech is permissible in the context of reporting current events.
The Court of Stuttgart now has to decide about the fate of the hyper-link; whether it should always be considered a publication or distribution in itself, and if it is illegal to mention the addresses of right-wing websites even in a documentary or satirical setting.
In a statement, EDRI member FITUG points out that it is very simplistic to assume that all hyperlinks imply an endorsement. Such a position denies the Web's potential for controversial debate, and threatens freedom of speech.
On his website, Freude documents many developments regarding filtering and blocking in Germany. With the satirical initiative FreedomFone, Freude enables people to have blocked websites read out loud to them.
Website Alvar Freude documenting censorship
http://www.odem.org/
Netzaktivist werden volksverhetzende Links vorgeworfen (22.07.2004)
http://www.heise.de/newsticker/meldung/38785
FITUG statement (06.10.2004)
http://www.fitug.de/news/pes/fitug-20041006_en.html
The RFID workshop organised during the FIfF anniversary conference (Berlin, 30 September - 3 October 2004) offered an excellent overview of the technical issues and privacy questions. Robert Gehring introduced the history of RFID, and explained passive chips were first used in World War II air-planes to detect the proximity of enemy planes. The chips were only adopted on a large scale in Europe in 1980s, as huge ear-labels on cows.
In 1999 the Auto-ID center was founded at the US MIT lab. The Center's research was focussed on robots, how they could move in a room with unknown objects. In stead of working on image recognition for the robot, the scientists decided to equip all the furniture with RFIDs and put the intelligence in the objects. After years of large financial support by the industry, on 31 October 2003 the Auto-ID Center closed down. Now several Auto-ID labs are collaborating with EPCglobal to create new standards for data storage and data retrieval.
Gehring also gave a technical overview of the different kinds of tags, their frequency range and the distance they can be read. He remarked that the dream of some supermarkets to have an entire grocery car scanned at once wasn't yet physically possible, because of frequency interference between the different tags. However, once the chips leave the area of logistics and just-in-time production, and enter the consumer world, he feared supermarkets and department stores would soon start to demand mandatory identification at the entrance, to be able to connect individual citizens to individual products.
Andreas Krisch from EDRI-member VIBE!AT explained what Verisign's role was in creating the Electronic Product Code. This new identification scheme is based on a 96 bit number, allowing for 238 million manufacturers to each create 16 million different product types. In total EPC makes it possible to create 1.152 billion different codes per manufacturer. In other words, this system would allow very precise tagging of individual products. The system proposed by Verisign involves 2 kinds of databases, operated by three different players. The EPC discovery service offers a product description on the Web per code, and the Object name service routes the question about a number to the right party (the manufacturer, the wholesale distributor and the retailer). Questions about authentication are not answered yet, Krisch added. Besides, the current proposal was heavily backed by large software companies such as Microsoft, Oracle, IBM and SAP, with a very clear business need to push for expensive large-scale databases and complicated network infrastructure. But the access to data could just as easily be organised by low cost peer2peer networks, according to Krisch.
Finally Sarah Spiekermann from the internet economy group of Berlin's Humboldt University spoke about the privacy issues surrounding RFID. She conducted a survey amongst 35 representative shoppers in Berlin what their major concerns were about the technology. She found the most poignant concern was the fear of being held responsible for objects, once RFIDs would establish a one-on-one link between a person and an object. She gave 2 examples of this fear. If you forget your sweater, and at this place later a murder is committed, the object will automatically identify you as as suspect. Or if you accidentally throw away a battery with the regular waste, you will automatically be fined by the trash depository. The second fear Spiekermann noted was the fear of technology paternalism. Many new cars for example are equipped with technology that detects whether you wear a belt, and will start to beep if you don't. "With RFIDs everything will start to beep!" she alarmed the audience, and automatically discipline us into the desired behaviour.
FIfF conference program (in German)
http://waste.informatik.hu-berlin.de/peter/fiff/2004/zeitplan.html
RFID: Furcht vor "technologischem Paternalismus" (03.10.2004)
http://www.heise.de/newsticker/meldung/51754
Representatives of the European Parliament's Social Democrat, Liberal, Green and Left Groups uttered harsh words after the Parliamentary hearing of Rocco Buttiglione (Italy), Commissioner-designate for Justice, Freedom and Security and designated Vice-President of the European Commission. He was interrogated a second time by the parliamentary Committee on Civil Liberties, Justice and Home Affairs (LIBE) on Wednesday 5 October.
"The groups representing the majority of the Members of the Parliamentary Committee estimate that the moral and political convictions of the Vice-president-designate do not offer in any manner the guarantee that he will engage against discrimination, in particular with regard to sexual orientation, as actively as the Parliament would wish. The standpoint of the vice-president-designate on the role of women in society and on the supposed immorality of homosexuality causes apprehensions with these groups that the Commission's capacity of legislative initiative be emptied of all or part of its reality." Mr. Buttiglione, a staunch right-wing Catholic, had angered the MEPs with his remarks on conservative family values.
They were more happy with his views on data protection. "The Groups representing a very vast majority of the Members of the Committee, on the other hand, appreciate (Mr. Buttiglione's) engagement in favour of data protection, even if the candidate did not show himself very explicit on measures he intends to take on this subject. The Parliamentary Committee remains very worried by the risks of softening the criteria presently in force within the Union by certain international negotiations like the ones being led within ICAO, as well as by certain agreements concluded with the United States." Mr. Buttiglione had indeed answered very vaguely on questions concerning the Commission's future policy on the transfer of airline passenger's data to the United States, which, admittedly, is not his field of competence.
He answered in a much more straightforward manner on his general views concerning data protection: "I am committed to strike the appropriate balance between legitimate law enforcement requirements and the protection of privacy, in conformity with the Treaties and the EU Charter of Fundamental Rights. High European standards for the protection of fundamental rights of individuals, in particular their right to privacy, already exist. The Commission must continue to ensure that these provisions are properly observed. But we cannot ignore the fact that threats from international terrorism and crime have become a major security challenge. The Council Declaration on Terrorism of 25 March 2004 called for action on the collection and facilitation of the exchange of information. Delivering on this means creating the conditions for making relevant and necessary data and information accessible to EU law enforcement authorities, based on common standards, including data protection provisions." MEPs were especially happy with Mr. Buttiglione's commitment to introducing data protection legislation for the EU's Third Pillar, which does not yet exist. "Protection of personal data in the third pillar is a priority. The preparation of a legislative proposal laying down relevant standards is in the Commission's legislative and work programme for 2004.
A general rule does not exist, as Directive 95/46/EC does not apply to the processing by public enforcement authorities of personal data for the purposes of Title VI of the EU. We have to build on the specific data protection rules for Schengen, Europol, Eurojust and the Customs Information System." Mr. Buttiglione will start on 1 November 2004. "Under these reservations, the Groups representing a vast majority of the Members of the Parliamentary Committee give a favourable opinion on the nomination of Mr. Buttiglione at the post of Vice-President, in charge of Freedom, Security and Justice." MEPs can vote only on all 25 Commissioners at once, not on any single one of them, and it would come as a big surprise if a majority of the Parliament would vote against Manuel Barroso's Commission.
European Parliament website on Commissioner hearings, including video streams
http://www.europarl.eu.int/press/audicom2004/index_en.htm
Buttiglione's answers to Parliamentarian's written questions
http://www.europarl.eu.int/hearings/commission/2004_comm/pdf/gen_butti...
(Contribution by Andreas Dietl, EDRI EU Affairs Director)
The organising committee of the Swiss Big Brother Awards today presented a selection of candidates for the Big Brother Award. A jury of 13 well known individuals will choose the winners out of this selection.
Half of the 52 public nominations were sent in for the 'State' category, including several police departments, the district council and the national assembly. The police of Graubunden was nominated for collecting and sharing data of at least 1.000 demonstrators during the World Economic Forum in Davos, and the police of St. Gallen and Zurich were nominated together for unlawfully collecting genetical data. A very original nomination was sent in for the Bern municipal council, for monitoring all the bicycle parking lots in the innercity.
In the 'business category' many public transport companies were nominated for video surveillance. The supermarket chain Migros was nominated for experimenting with RFIDs on individual products, while the national alliance of medical insurance companies risks getting a Big Brother Award for inventing a new tariff-system that displays extensive, very privacy-sensitive diagnostic information on doctors' bills.
Besides the category 'lifetime achievements' and the positive 'Winkelried Award', the Swiss BBA introduce the new category 'workplace'. In this section a regional public transport firm is mentioned for taking alcohol tests, and several supermarket chains for asking very inappropriate questions on job application forms.
The awards ceremony takes place on Saturday evening 16 October, in Emmenbrucke, near Luzern. Before the ceremony, there will be a camera surveillance walk in Luzern, followed by an international symposium on filtering, datamining and surveillance. From 15 to 17 October Pulp is organising many performances and events in the Hal where the ceremony takes place.
Nominations and ceremony Swiss Big Brother Awards
http://www.bigbrotherawards.ch/2004/event/
International conference, performances and installations
http://www.pulpnet.ch/
How does the work of WIPO - the World Intellectual Property Organisation - affect the daily lives of the world's six billion plus consumers? Is WIPO's mission and work inherently exclusive, benefiting only the richer countries and consumers and harming the poor? Does WIPO need a new mission to embrace new information technologies and to benefit poor countries and consumers? These were some of the questions asked at an international workshop organised by the TransAtlantic Consumer Dialogue (TACD) in Geneva on 13 and 14 September 2004. The workshop consisted of nine panels, each with five or six speakers, each dealing with a separate aspect. The speakers came from a wide range of backgrounds, there were many lawyers and academic researchers, with others drawn from areas of medicine, arts and civil society, including consumer organisations. There were also government officials from the US and EU countries, while developing country delegates to WIPO were invited as guests (none wished to be panellists). Very creditably, WIPO itself recognised the validity of the issues discussed and top WIPO officials took part in the workshops and sat on several panels.
The tone was set by an introduction by Jim Murray, Chairman of TACD and Director of BEUC (European Consumers Organisation), who quoted Thomas Drummond, 19th Scottish inventor and political administrator: 'Property has duties as well as rights'. Drummond was talking about absentee landlords in Ireland but his words could be equally well employed to describe the relationship between rich corporations and countries, with their control over innovations in science and technology, and developing countries, who not only have to pay high prices to gain benefits but are often denied benefits at all.
The first and last panels looked specifically at WIPO's mission and whether it should be changed. WIPO itself describes its mission as "promoting the use and protection of works of the human spirit". While no panellist disagreed with such a mission, many pointed out that WIPO's activities seemed to stifle innovation and creativity rather than promote it, through its emphasis on the rights of owners, especially corporations, rather than authors or users. Others felt that the mission was too vague and that there needed to be greater emphasis on the role of invention and innovation in supporting economic growth and development. Several speakers made the point that the term 'intellectual property' was itself suspect as it lumped together disparate notions of patents, copyrights, trademarks and other protective devices. Two panels looked at the broad area of WIPO and the information society.
There was general agreement among many panellists that digital technology, especially the spread of personal computers and the internet, had produced a different type of environment in which patents and restrictions were not always good or useful for society as a whole. Several speakers from the free/open software movement emphasised that computer software should not be subject to patent rules as this stifled the individual innovation which was so essential to driving the digital revolution forward. However, panellists also pointed out that there were still more areas where traditional patents were absolutely necessary to protect author and invention rights.
So what was the outcome? Does WIPO need a new mission? Most delegates at the meeting seemed to think it did. Most wanted to see more openness and flexibility, and more of a development agenda. They wanted to see less protection for corporations and more benefits for creators and consumers, especially when it came to providing essential goods and medicines for the poorest consumers.
Full conference report at the EDRI website
http://www.edri.org/issues/copyright/WIPO
(Contribution by Ben Wallis, Transatlantic Consumer Dialogue)
The European Commission and the Dutch EU presidency have distributed 2 new questionnaires on spam, "to assess progress in the EU on combating 'spam' following the Communication on this issue of January 2004 that identified relevant action for all interested parties." One questionnaire is addressed to industry, the second questionnaire to Member States and the competent regulatory authorities.
Based on the answers, the Commission will organise an open workshop, provisionally scheduled for 17 November 2004. By the end of 2004 the Commission will determine if additional or corrective action is needed. Answers must be provided by 20 October 2004.
Workshop information (05.10.2004)
http://europa.eu.int/information_society/topics/ecomm/useful_informati...
Questionnaire for industry (in MS Word, 05.10.2004)
http://europa.eu.int/information_society/topics/ecomm/doc/useful_infor...
A new book by the US Harvard professor William W. Fisher provides the first very detailed overview on the digital music distribution and related issues that have been going on in the Internet lately. The most valuable part in the book are three scenarios, on copyright as real property rights; on copyright as a heavily regulated industry; and thirdly on alternative compensation systems. This approach opens totally new perspectives to the options for the current situation. Especially the chapter on alternative compensation systems will inevitably shape the global discussion on the future of copyright.
William W. Fisher III: The Promises to Keep. Stanford University Press 2004.
2 chapters available online
http://www.tfisher.org/PTK.htm
10 October 2004, Cambridge, UK
EDRI member FIPR is organising a European workshop on the consultation currently being run by the European Commission on the EU legal framework in the field of copyright and related rights (whose deadline is at the end of October).
http://www.fipr.org/
16 October 2004, Emmenbrücke, Switzerland
Swiss Big Brother Awards, preceded by a public camera-walk and an international conference in the afternoon
http://www.bigbrotherawards.ch/%%%
http://www.pulp.ch/
24 October 2004, Amsterdam, The Netherlands
Dutch Big Brother Awards
http://www.bigbrotherawards.nl/
26 October 2004, Vienna, Austria
Austrian Big Brother Awards
http://www.bigbrotherawards.at/
29 October 2004, Bielefeld, Germany
German Big Brother Awards
http://www.bigbrotherawards.de/
17 November 2004, Brussels, Belgium
Tentative date EU Commission open workshop on spam
http://europa.eu.int/information_society/topics/ecomm/useful_informati...