This article is also available in:
Deutsch: Vorratsdaten: Offener Brief von EDRi und 37 NGOs an EU-Kommission
On 26 September 2011, European Digital Rights and 37 other NGOs from 14 countries sent a letter to Commissioners Malmström, Kroes and Reding on the review of the Data Retention Directive. The purpose of the letter is to provide input into the Commission's ongoing work on a review of the legislation.
Earlier this year, EDRi published a "shadow" Implementation Report in order to address the shortcomings of the official Implementation Report from the European Commission. Rather than waiting for the Commission to finish the next stage in the process, the Impact Assessment, EDRi felt that it would be constructive to provide analysis now on what we and related NGOs consider to be the minimum range of issues to be covered in such a document. To avoid any confusion, the letter starts by saying that any proper assessment can only come to the conclusion that the Directive is unnecessary and illegal.
The letter draws attention to the fact that the Commission has already produced a methodology for the analysis of the fundamental rights compatibility of its proposals - the "fundamental rights checklist" which is part of its "Strategy for the effective implementation of the Charter of Fundamental Rights by the European Union."
Much of the analysis is based on the shortcomings of the Implementation Report. The central mistake which we would like not to see repeated is the fallacy that all uses of retained data can be used to argue that the Directive is valuable. In reality, recently generated data is more likely to be used in investigations and such data would have been available anyway even if the Directive had never existed.
The letter also draws attention to some of the core problems with the Directive, such as the lack of a harmonised definition of "serious crime" and the lack of a harmonised approach to access and security. The lack of clarity on these points makes it impossible for citizens, to know how their data is being stored, how it is being accessed and for what purpose.
Ironically, the Directive was proposed as a measure to harmonise the approach to this policy in the European Union - even though few countries had such a policy to begin with. It managed to disharmonise the single market, by forcing the policy onto 27 countries, with vastly varying retention periods, rules for cost reimbursement etc.
The next step in the process for the Commission will be the preparation of an "Impact Assessment", listing a number of different policy options and coming to the conclusion (as has already been politically decided) that the Directive is useful but offering some small concessions, such as a small reduction in the maximum retention period, which will be sold as major improvements in the deeply flawed legislation.
Joint letter on data retention (26.09.2011)
http://www.edri.org/files/dr_letter_260911.pdf
Fundamental rights checklist
http://ec.europa.eu/justice/news/intro/doc/com_2010_573_4_en.pdf
Commission implementation report (18.04.2011)
http://ec.europa.eu/commission_2010-2014/malmstrom/archive/20110418_da...
EDRi Shadow implementation report (17.04.2011)
http://www.edri.org/files/shadow_drd_report_110417.pdf
Commissioner Malmström's speech December 2010 (3.12.2010)
http://europa.eu/rapid/pressReleasesAction.do?reference=SPEECH/10/723
(Contribution by Joe McNamee - EDRi)
This article is also available in:
Deutsch: Computerkriminalität: EDRi referiert im Innenausschuss des EP
On 4 October 2011, European Digital Rights, as well as EDRi Member Chaos Computer Club (Germany), made presentations to the Civil Liberties Committee (LIBE) of the European Parliament on the new draft Directive on Attacks Against Computer Systems. The hearing was organised by German parliamentarians Monika Hohlmeier (EPP), who is in charge of the Directive in the Civil Liberties Committee and Christian Ehler (EPP), who is responsible for the Opinion of the Industry, Research and Energy Committee.
The draft Directive is essentially a pasting together of elements of the 2001 Council of Europe Cybercrime Convention and the 2005 EU Council Framework Decision on attacks against computer systems. There is a limited number of additions, such as criminal penalties and the introduction of "aggravating circumstances".
The speech from CCC's Florian "Scusi" Walther was concentrated on the limited positive impact that one can expect from the new Directive - arguing that the main problem is faulty software and bad security practices and this is where efforts at improving security should be focussed.
EDRi's presentation welcomed the diligence with which the Parliament, Commission and Council are working on the dossier, pointing out the main points of the current draft that would need to be eliminated in order to avoid a negative impact from the Directive. The bulk of our presentation was dedicated to the fact that there is a major contradiction in the approach of the European Commission to attacks against computer systems. On the one hand, it is calling for the criminalisation of the "rendering inaccessible without right" of computer data. On the other, it has done absolutely nothing to protest against the increasing activity of the United States to undertake extra-territorial - and even privatised - attacks against computer data in Europe, through the revocation of domain names.
The two best-known examples of attacks against European computer data were against a travel agency based in Spain and, more recently, the revocation of the domain name of Roja Directa, also a Spanish enterprise. As the US has nolegal authority over Spanish citizens (and the respective companies didn't breake the Spanish law), the disabling of access to the websites would be a criminal act under the definitions in the draft Directive. The European Commission, instead of protesting against these attacks, has supported the United States. It has even started discussions in an EU/US project on revoking not just domain names, but also IP addresses. The EU General Affairs Council adopted a political position last year that the EU should give itself the power to revoke IP addresses "in third countries". The only way that this policy could be implemented is by using the Netherlands-based regional Internet registry (RIPE) to remove IP addresses from ISPs and companies in the countries like Russia or Georgia - rendering them inaccessible... without right.
Does the EU support cyber-attacks or does it oppose them?
Draft Directive
http://ec.europa.eu/home-affairs/policies/crime/1_EN_ACT_part1_v101.pd...
Council of Europe Cybercrime Convention
http://conventions.coe.int/Treaty/en/Treaties/Html/185.htm
2005 Framework Decision
http://register.consilium.eu.int/pdf/en/04/st15/st15010.en04.pdf
Hearing programme (4.10.2011)
http://register.consilium.eu.int/pdf/en/04/st15/st15010.en04.pdf
Travel agency domain name revocation (4.03.2008)
http://www.nytimes.com/2008/03/04/us/04bar.html
EDRi-gram: Spanish sports streaming domain seized by US authorities without
warning (9.02.2011)
http://www.edri.org/edrigram/number9.3/rojadirecta-domain-name-seized-...
Council Conclusions on revoking domain names and IP addresses (26.04.2010)
http://www.consilium.europa.eu/uedocs/cms_data/docs/pressdata/en/jha/1...
EDRi's presentation (4.10.2011)
http://www.edri.org/files/Libe_041011_final.pdf
(Contribution by Joe McNamee - EDRi)
This article is also available in:
Deutsch: Belgien: Zwei Provider müssen Zugang zu The Pirate Bay sperren
In the case introduced in 2010 by the Belgian Anti-Piracy Foundation (BAF) against two ISPs, Belgacom and Telenet, the Belgian Court of Appeal of Antwerp decided on 26 September 2011 the two providers had to block access of their users to the Pirate Bay.
This decision comes to overturn a previous decision given by the Antwerp Commercial Court which, in July 2010, rejected the claim made by the BAF, considering the demand as disproportionate and unnecessary.
Telenet and Belgacom are now obliged to set up DNS blocking for 11 URLs of the Pirate Bay within the next 14 days. Yet, the Court has not decided in favour of an obligation for Telenet/Belgacom to monitor if their customers circumvent the block of The Pirate Bay.
Anyway, the present decision sets a dangerous precedent and as André Loconte, spokesperson for NURPA says, the court's decision "is incompatible with two aspects of the proportionality doctrine defended by the European Court of Human Rights : at first, by imposing blockage to The Pirate Bay, the court legitimatizes precisely the censorship of all content under open license distributed through this site; then, according to the Art. 52.1 of the Charter of Fundamental Rights of the EU, in order to respect proportionality principle, limitations may be made only if they are necessary (...) or meet the need to protect the rights and freedoms of others, two criteria that are not satisfied by the nature of the complaint filed in court by the BAF"
According to M. Cruz Villalón, advocate general at the EU Court of Justice "a measure obliging the internet access provider to place a filtering and blocking system to electronic communications in order to protect intellectual property rights, affects in principle the fundamental rights", as he pointed out in his arguments in the Scarlet vs SABAM case.
Decision of the Appeal Court (26.09.2011)
http://www.edri.org/files/piratebay-decision-belgium-2011.pdf
BAF against Telenet / Belgacom, the operateurs will have to block The Pirate
Bay (only in French, 4.10.2011)
http://nurpa.be/actualites/2011/10/BAF-belgacom-telenet-blocage-dns
Belgian ISPs Ordered To Block The Pirate Bay (4.10.2011)
http://torrentfreak.com/belgian-isps-ordered-to-block-the-pirate-bay-1...
TPB censored, again and again and again...(4.10.2011)
https://thepiratebay.org/blog/195
EDRi-gram: Belgium ISPs are not obliged to block The Pirate Bay (14.07.2010)
http://www.edri.org/edrigram/number8.14/belgium-isps-pirate-bay
This article is also available in:
Deutsch: Deutscher Politiker tappt in eigene 2-Strikes-Falle
Siegfried Kauder, Chairman of the Legal Committee of the German Parliament, who has recently announced a plan to introduce a two strike model for persistent allegedly illegal downloaders, was found himself to infringe copyright.
The system proposed by Kauder includes two warnings to Internet users considered to repeatedly download copyrighted works without permission after which, the respective users might lose their Internet access.
Soon after having announced its plan, Kauder was found to infringe copyright by posting on his blog at least two copyrighted photos from a photo sharing site without the agreement of the author.
In an attempt to correct the situation, the politician removed the photos and even tried to turn the odds into his favour by showing how efficient his plans might be. "I'm grateful that I got the opportunity to show how the warning model works. The use of the two copyright-protected photographs was brought to my attention. The photos were then removed, so the warning model works," he stated for Der Spiegel. Only that he continued to infringe the law by not removing the respective photos from his server.
However, the case might not end up here as one blogger, Tobias Raff , has already initiated a criminal complaint against Kauder for infringing article 108 of the German copyright law asking the Berlin Prosecutors to look into this case. In the meantime more than 1500 people the website Abgeordnetenwatch (German MPs monitoring site) are supporting a question asking Kauder to explain why he breached the copyright law and why he shouldn't have his Internet connection cut off. So far, the deputy hasn't answered these questions.
Politician Violates His Own Two-Strikes Anti-Piracy Plan (1.10.2011)
http://torrentfreak.com/politician-violates-his-own-two-strikes-anti-p...
Copyright fighter Kauder has violated copyright (only in German, 29.09.2011)
http://www.spiegel.de/netzwelt/netzpolitik/0,1518,789073,00.html
Criminal charges to Siegfried Kauder for copyright infringement (only in
German, 30.09.2011)
http://tobias-raff.org/2011/09/30/strafanzeige-gg-siegfried-kauder-mdb...
Abgeordnetenwatch - Questions to Kauder (only in German, 28.09.2011)
http://www.abgeordnetenwatch.de/siegfried_kauder-575-37692--f312709.ht...
This article is also available in:
Deutsch: Ungarische Polizei leitet Untersuchungen gegen investigativen Journali...
The Hungarian police has put under investigation Tamás Bodoky, editor-in-chief of the recently launched Atlatszo.hu, a watchdog NGO and online magazine for investigative journalism. The justification of the police investigation was that Bodoky hadn't revealed its informants, which was considered perjury "or even aiding or abetting in the crime of blackmailing".
Atlatszo.hu is a watchdog website that was launched in July 2011 by Tamás Bodoky with other journalists, lawyers, IT specialists and academics in an attempt to fight corruption, to promote transparency (atlatszo is the Hungarian word for transparency) and to develop and promote tools (called "MagyarLeaks") supporting anonymous whistle blowing.
The publication of a leaked document about an alleged hacker attack in 2010 on the database of Brokernet, Hungary's leading independent financial advisory group, resulted in a police witness hearing based upon the Hungarian media law that came into effect on 1 January 2011 which says that journalists are obliged to reveal the identity of their sources.
The hearing was also followed by the seizure of Bodoky' hard drive. The NGO believes that the Hungarian law, the European Convention on Human Rights as well as the practice of the European Court of Human Rights protect the right of journalists to keep their sources secret.
"If a source cannot be sure that his or her identity will not be revealed, he or she will not inform the press about matters, which indeed belongs to the public. This is a restriction of the freedom of the press, which should be treated exceptionally carefully in a democratic society. Hungarian police made no attempt to determine why is it "exceptionally justified" to force the journalist to reveal its sources, although it is their legal obligation according to Hungarian law" states atlatszo.hu
Atlatszo.hu filed a complaint against the investigation and the seizure but, in August 2011, the Public Prosecution dismissed it. The motion is being now processed by the Pest Central District Court of Justice and if the result is unfavourable, Atlatszo.hu is planning to take the case to Strasbourg.
MagyarLeaks: This Is A Test of the Hungarian Media Law (19.09.2011)
http://advocacy.globalvoicesonline.org/2011/09/19/magyarleaks-this-is-...
We did not reveal our sources - a hard disk was seized by Hungarian police
(12.07.2011)
http://atlatszo.hu/2011/07/12/we-did-not-reveal-our-sources-a-hard-dis...
EDRi-gram: New media law in Hungary allows Internet censorship (12.01.2011)
http://www.edri.org/edrigram/number9.1/media-law-hungary-blocks-intern...
This article is also available in:
Deutsch: Französischen Internet-Usern drohen Netzsperren
The French authority in charge with fighting copyright infringement, Hadopi, presented on 29 September 2011 its first activity report covering 18 months, beginning of 2010 until June 2011.
According to the report, since the beginning of its activity, the first warning stage of the graduated response system covered 650 000 cases. Out of these 44 000 second-stage warnings were sent to Internet users that allegedly continued to reproduce or distribute works online.
According to Mireille Imbert-Quaretta, president of the Commission for the Protection of Rights within Hadopi, about sixty cases of Internet users are now under examination for the third phase. Following the analysis, some of these cases could be sent to the prosecutors and the respective users may face a 1500 euro fine and the disconnection of their Internet access.
The system however has proven to be rather unreliable. As Trident Media Guard, the traffic analyst provider chosen to trace IPs of illegal downloaders, has been proven faulty being hacked in May 2011, Hadopi has nominated an expert to audit TMG's system of tracing addresses.
The report reveals Hadopi's interest in studying streaming and direct downloading and quantifying the legal/illegal content proportion on certain platforms which could, in time, lead to the blocking of these platforms by ISPs.
According to Hadopi President Marie-Françoise Marais and its Secretary General Eric Walter, Hadopi intends to identify sites that are clearly meant for illegal downloading and would like to extend its powers to go beyond simple exchanges on P2P networks.
"Hadopi has engaged into research works that would allow a quantitative approach of these phenomena (streaming, direct downloading), and hopes to be able to publish its first results before its second activity report" states Eric Walter.
So, not only will Hadopi continue to chase downloaders but it will push for an extension of its powers, all the time stating its main role is a pedagogical one, a "think tank of the Internet."
Hadopi: about sixty Internet users subject to disconnection (only in
French, 29.09.2011)
http://www.01net.com/editorial/542872/hadopi-une-soixantaine-dinternau...
Hadopi reviews eighteen months of eventful activity (only in French,
29.09.2011)
http://www.01net.com/editorial/542590/la-hadopi-revient-sur-18-mois-d-...
Hadopi wants to identify the sites "obviously destined" to pirating (only in
French, 29.09.2011)
http://www.numerama.com/magazine/19995-l-hadopi-veut-identifier-les-si...
Hadopi establishing a meeting in June 2012 (only in French, 29.09.2011)
http://www.numerama.com/magazine/19991-l-hadopi-donne-rendez-vous-en-j...
French "three strikes" anti-piracy software riddled with flaws (25.05.2011)
http://arstechnica.com/tech-policy/news/2011/05/french-three-strikes-a...
This article is also available in:
Deutsch: ENDitorial: Partner unterzeichnen ACTA, zahlreiche Dokumente noch imme...
Last weekend, some of the EU's ACTA "partners" started the process of acceding to the Agreement (US, Canada, Singapore, Australia, South Korea, Japan and Morocco). Due to the controversial nature of the Agreement, this is happening in different legal processes and at different speeds in different countries. The United States finds itself in a particularly bizarre situation - on the one hand, it claims that the Agreement is fully in line with domestic law while, on the other, it is reportedly not prepared to be bound by the Agreement and is treating the text as a non-binding "Executive Agreement." The USA does, however, expect the other signatories of the Agreement to consider themselves legally bound. The European Commission has so far failed to explain why it believes that it is strategically wise to bind itself legally while the United States, a major trading partner and competitor, leaves itself the flexibility to breach the Agreement if it wishes.
One of the many controversial aspects of the Agreement is the fact that much of the text is very unclear. In such circumstances, it is standard practice, codified by the 1969 Vienna Convention on the Law of Treaties, to refer to the documents that were produced during the drafting process. For example, the ACTA text refers to copyright law being enforced by "cooperation" between Internet intermediaries and rightsholders. This could theoretically mean anything from distribution of information about copyright law to monitoring, surveillance and punishment of citizens by private companies. Indeed, a leak of one draft suggests that the latter explanation is what was meant. However, that leak was never recognised by the negotiating partners and, for all anybody knows, there may be other documents suggesting the opposite.
Many of these issues are assessed in a new study undertaken by Professor Douwe Korff (London Metropolitan University) and Dr Ian Brown (Oxford University). At a press conference launching the study this week, Professor Korff raised a range of ways in which ACTA is incompatible with the EU Treaties and singled out the privatisation of law enforcement as a particularly egregious example.
In an effort to try to create some transparency in the ACTA dossier, European Digital Rights sent a letter in May 2011 to the International Trade Committee of the European Parliament asking for it to release all ACTA preparatory documents. The Parliament finally responded this week, giving access to some documents, but not to documents that cast any light on the most nebulous parts of the current text. In particular, the Parliament chose not to release the draft of the Internet chapter of 30 September 2009 (containing the disconnection proposal). "For obvious reasons of credibility" the Parliament cannot "unilaterally" release documents. The fact that these documents will form the basis of legal obligations for European citizens appears irrelevant. The fact that the 2009 draft of the Internet chapter proves that ACTA is almost certainly contrary to key provisions of the Treaty on European Union with regard to support for democracy and the rule of law also appears immaterial for the Parliament.
Douwe Korff's press conference (4.10.2011)
http://greenmediabox.eu/archive/2011/10/04/pressconference/index.html
ACTA's Constitutional Problem: The Treaty That Is Not a Treaty (Or An
Executive Agreement) (3.01.2011)
http://digitalcommons.wcl.american.edu/cgi/viewcontent.cgi?article=102...
Parliament response to EDRi document request (3.10.2011)
http://www.edri.org/ACTA_transparency
Digital chapter leak
http://www.edri.org/files/acta_digital_chapter.pdf
(Contribution by Joe McNamee - EDRi)
This article is also available in:
Deutsch: Mitmachen!
Respect My Net
Name and shame operators restricting access to the Internet
http://respectmynet.eu/
Berec has launched a public consultation on draft Guidelines on Net
Neutrality and Transparency.
Stakeholders are invited to send their answers by the 2.11.2011 to
berec@ec.europa.eu
http://erg.ec.europa.eu/doc/berec/consult_info.pdf
http://erg.ec.europa.eu/doc/berec/consultation_draft_guidelines.pdf
This article is also available in:
Deutsch: Lesestoff
The Digital Public Domain: Relevance and Regulation (10.2011)
http://bit.ly/pI94u1
Comparative test of Internet Anonymizers (28.09.2011)
http://www.daten-speicherung.de/index.php/comparative-test-of-internet...
Conference "Statewatching Europe" Civil Liberties, the State and the EU
Speeches videos (25.06.2011)
http://www.statewatch.org/conference/videos/index.html
Article 29 Data Protection Working Party Press Release: Data Protection
Authorities not convinced on necessity and proportionality of the proposal
for European Terrorist Finance Tracking System (3.10.2011)
http://ec.europa.eu/justice/data-protection/article-29/press-material/...
This article is also available in:
Deutsch: Agenda
11 October 2011, Brussels, Belgium
ePractice Workshop: Addressing evolving needs for cross-border eGovernment
services
http://www.epractice.eu/en/events/epractice-workshop-cross-border-serv...
13-14 October 2011, Lisbon, Portugal
2nd International Graduate Conference in Communication and Culture: The
Culture of Remix
http://blogs.nyu.edu/projects/materialworld/2011/05/cfp_the_culture_of...
17 October 2011, Brussels, Belgium PNR workshop - organized by EDRi and NoPNR http://www.nopnr.org/pnr-workshop-brussels-17-oct-7-p-m/
18-19 October 2011, Helsinki Finland
The Finnish Internet Forum 2011
http://internetforum.fi/
20-21 October 2011, Warsaw, Poland
Open Government Data Camp
http://opengovernmentdata.org/camp2011/
25-28 October 2011, Berlin, Germany
1st Berlin Symposium on Internet and Society: Exploring the Digital Future
http://berlinsymposium.org/
27-29 October 2011, Barcelona, Spain
Oxcars and FreeCultureForum 2011
Networks for a R-evolution
http://www.2011.fcforum.net/en
31 October 2011, Mexico City, Mexico
2011 The Public Voice Civil Society Meeting
http://thepublicvoice.org/events/mexicocity11/
2-3 November 2011, Mexico City, Mexico
33rd International Conference of Data Protection and Privacy Commissioners
Privacy: The Global Age
http://www.privacyconference2011.org/index.php?lang=Eng
8-9 November 2011, Brussels, Belgium
Hack4Transparency
http://www.euhackathon.eu/
9 November 2011, Bucharest, Romania
Inet Conference: Access, Trust and Freedom: Coordinates for future Internet
http://www.isoc.org/isoc/conferences/inet/11/bucharest-agenda.shtml
11-13 November 2011, Munich, Germany
FIfF annual congress: Dialectics in Information Security:
Colliding Interests of Anonymity, Integrity and Confidentiality
http://fiff.de/2011
11-13 November 2011, Gothenburg, Sweden
FSCONS is the Nordic countries' largest gathering for free culture, free
software and a free society.
http://fscons.org/
24-25 November 2011, Vienna, Austria
"Our Internet - Our Rights, Our Freedoms"
Towards the Council of Europe Strategy on Internet Governance 2012 - 2015
http://www.coe.int/t/informationsociety/conf2011/
25-27 January 2012, Brussels, Belgium
Computers, Privacy and Data Protection 2012
http://www.cpdpconferences.org/