The Commission’s secret talks with U.S. authorities on the transmission of air passenger data have caused a heavy clash between EU institutions. The Security spokesperson of the EP conservative fraction, the Austrian Hubert Pirker, announced today his fraction will take the Commission to the European Court of Justice.
Since 5 March U.S. authorities have access to most European airlines’ passenger data bases. On 10 March, the European Parliament’s influential Citizen’s Rights and Freedoms, Justice and Home Affairs Committee (LIBE) adopted a resolution containing harsh criticism of the Commission’s proceedings. It “questions the legal base and the repercussions”, of the Joint Declaration with U.S. officials and “expresses concern that it could be interpreted as an indirect invitation to the national authorities to disregard Community law”. The original French-language draft of the resolution contained even more outspoken criticism, stating that the Joint Declaration “lacks any legal basis”. Immediately after the vote, amendments were drafted in order to broaden the criticism of the Commission in the EP resolution, which will be voted in Brussels on 26 or 27 March and is likely to be adopted by a vast majority.
While some of the MEPs' anger may be attributed to a true concern with the protection of privacy and personal data, one must be aware of the fact that partisan and inter-institutional rows do play an important role in this conflict. The rapporteur is Jorge Salvador Hernández Mollar, a Spanish Conservative, who’s Group is notoriously at war with the responsible Commissioner, Chris Patten, a Conservative “traitor” who was nominated by Blair’s New Labour government. Many MEPs will vote for anything that criticises the Commission for not respecting the Parliament.
As a first response, the Commission answered with a Press release on the outcome of another meeting with the U.S. side, held on 4 March, announcing that filtering software will be used to prevent U.S. services from accessing data no related to security issues.
Announcement of legal proceedings conservative MEP's (in German)
http://futurezone.orf.at/futurezone.orf?read=detail&id=149389&...
The resolution as voted on 10 March 2003 by the LIBE committee
http://www.europarl.eu.int/meetdocs/committees/libe/20030310/491564en....
EU press release
http://www.eurunion.org/news/press/2003/2003018.htm
U.S. press release
http://europa.eu.int/comm/external_relations/us/intro/pnradd.htm
(Contribution by Andreas Dietl, consultant on EU privacy issues)
Telecom providers in Switzerland must register user data for prepaid cards and keep the data available for a period of 2 years. Parliament decided today to add this obligation to a series of new anti-terrorism measures. None of the EU member states have a similar obligation. Telecom providers have always argued against mandatory identification, pointing at the high costs for the extensive network of resellers and the probability of people helping out criminals by buying prepaid cards for them.
The large support for the new measure seems to stem from the discovery that at least 1 Al Qaeda member used a Swiss prepaid card. Switzerland used to be one of the few countries worldwide to sell prepaid cards for international roaming. The new measure doesn't just require identification for those specific roaming-cards, but for all users of all prepaid cards. In her defence of the measure, the Swiss justice minister Ruth Metzler produced some statistics about telecommunications interception in Switzerland. Last year, law enforcement authorities made 80.000 requests for the identity of telephone users, resulting in 6.000 court-approved wiretaps. Of the 80.000 identity-requests, 30.000 were prepaid mobile phones.
Debate in Swiss parliament about anti-terrorism measures (12.03.2003)
http://www.parlament.ch/ab/frameset/d/n/4617/77205/d_n_4617_77205_7722...
The Justice ministers of the EU countries (by means of the Council of the European Union) have agreed on a decision to harmonize the criminal code in EU countries regarding attacks on information systems.
The ministers agree that "there is evidence of attacks against information systems, in particular as a result of the threat from organised crime, and increasing concern at the potential of terrorist attacks against information systems which form part of the critical infrastructure of the Member States." The proposal forces EU members states to make 'illegal access to information systems' and 'illegal system interference' a crime.
The proposal is widely criticized for being unbalanced. Especially regarding illegal system interference (denial of service attacks) it does not distinguish between a terrorist that intends to inflict harm or a non-violent protester that causes a system overload through email protests or virtual sit-ins. The proposal does not refer to freedom of expression or other fundamental rights and can have serious consequences for political protest and campaigning on the internet.
European parliament member Marco Cappato criticized the proposal. "It suits the national justice ministries to criminalize activities on an EU-wide level," Cappato said. "They seek greater coordination with regard to prosecuting, but there is very little effort made to coordinate legal defence."
Member states had difficulty to agree on the definition of hacking. Illegal access to information systems is defined as "intentional access without right." According to that very broad definition, accessing an unprotected and 'open' computer can be a crime. Countries with a stricter definition of hacking however, are allowed to only punish wilful infringements of security measures. An earlier proposal would have forced those member states into judicial cooperation, creating great legal uncertainty for internet users. Lawful behaviour in their own country could suddenly have landed them in a foreign jail.
Proposal for a Council Framework Decision on attacks against information systems
http://register.consilium.eu.int/pdf/en/03/st06/st06671en03.pdf
2489th Council meeting justice and home affairs (27.02.2003)
http://ue.eu.int/pressData/en/jha/74719.pdf
EU pact would 'criminalize' Net protesters (04.03.2003)
http://www.iht.com/articles/88499.htm
On 9 March the Italian Associazione Software Libero opened an on-line petition against the proposed implementation of the European Copyright Directive. The petition is an open letter to the Culture Committee of the Lower House, inviting them to reconsider their almost unanimous approval of the copyright law on 25 February 2003. Like in most other EU-countries, resistance against the implementation is focused on the very broad legal protection of anti-circumvention measures. Quoting from the open letter: 'It will be illegal to possess equipment and usable algorithms for the circumvention of technological measures. Under the new norm, it is totally irrelevant if the equipment is intended for lawful or illegal use; it will be prohibited per se, treated similar to narcotics.'
Petition
http://softwarelibero.it/progetti/eucd/firme/adesione.php
Description in English of the Italian EUCD-proposal
http://www.softwarelibero.org/progetti/eucd/eucd-in-italia.en.shtml
Anticipating the new EU Directive on Patents, the National Board of Patents and Registration of Finland (PRH) decided to accept patents on software. Before, the Fins were a lot stricter than the European Patent Office. The reason for the change in policy is mind-boggling. Because the European Parliament seems to propose much more unpermissive rules than the Council or Commission, the new Software Patent Directive will be delayed and therefore Finland felt it had to suddenly soften its line.
On 21 February, the EP Industry Committee (ITRE) voted against almost all proposals for software patentability. The leading Parliamentary Committee however, is JURI, and it seems a lot more in favour of extensive patents on software. JURI will discuss the proposed new Patent Directive on 17 March and vote on 23 April. The vote in plenary is now scheduled for the session of 12-15 May.
Commission proposal
http://europa.eu.int/eur-lex/en/com/pdf/2002/en_502PC0092.pdf
EP - JURI draft report by Arlene McCarthy
http://www.europarl.eu.int/meetdocs/committees/juri/20030219/488980en....
EP - CULT opinion by Michel Rocard (20.01.2003)
http://www.europarl.eu.int/meetdocs/committees/juri/20030219/487019en....
EP - ITRE opinion by Elly Plooy-van Gorsel (20.02.2003)
http://www.europarl.eu.int/meetdocs/committees/itre/20030319/481006en....
The European data commissioners (through the Article 29 working group) have pleaded for a maximum storage period of half a year for traffic data that telecommunication companies store for billing purposes. With the opinion paper the working group tries to limit the duration and scope of traffic data storage.
"Traffic data should be kept for as long as necessary to enable bills to be settled, and disputes resolved. Ordinarily this involves a maximum storage period of 3-6 months and no longer in cases where bills have been paid and do not appear to have been disputed or queried (having regard to the privacy right of individual subscribers)".
The working group also pleas for the stored traffic data to be limited to the necessary data. The opinion paper does not point out which data is necessary for billing purposes and which not. It is a fact that many GSM providers justify the storage of location data for the sole use of billing purposes.
In the EU a heated debate is continuing over the possibility to force telecommunication companies to store traffic data for the purpose of policing and national security. A debate about the desirability of such an obligation would be undermined when the telecommunication sector would already store the same data for billing purposes.
Privacy authorities recommendation on storage of billing data (29.01.2003)
http://europa.eu.int/comm/internal_market/privacy/docs/wpdocs/2003/wp6...
In the previous EDRI-gram 6 EU-countries were mentioned that already have a spam-ban, Denmark, Germany, Finland, Greece, Italy and Austria, plus Hungary and Norway in Europe-at-large. We can now add France, Romania and Poland to this list.
French E-Commerce Directive (approved 26.02.2003 in the Lower House)
http://www.assemblee-nationale.fr/12/ta/ta0089-2.pdf
Polish E-commerce Directive (effective 10.03.2003)
http://www.giodo.gov.pl/English/ust_podpis_el.htm
Romanian E-commerce Directive (effective 05.10.2002)
http://www.legi-internet.ro/en/e-commerce.htm
Since 22 January Romanians can report spam via 2 special email addresses provided by the Ministry of ICT. In Romania the Ombudsman functions as data protection authority. Either he or the Ministry can fine spammers between 10.000.000 and 500.000.000 million lei (approx 280 and 14.000 euro).
Website ministry of ICT in English (sections anti-fraud / .ro abuse)
http://www.mcti.ro/index.html?mlang=2
The European data protection commissioners, united in the Article 29 Working Party, invite the public to respond to a position paper about videosurveillance. The paper gives an interesting overview of the differences in legislation and measures adopted in the different member states since the transposition of the Privacy Directive (95/46/EC).
The Commissioners are specifically worried about 7 cases, resulting from experience or tests currently in progress:
Call for participation (closing date 31.05.2003)
http://europa.eu.int/comm/internal_market/en/dataprot/wpdocs/consultat...
'Turkey, showing the symptoms of a developing country, has not yet established the jurisprudence necessary for the Internet. The existing Turkish laws, especially the Press Law, are naively applied to alleged lawbreakers on the Internet, resulting in ludicrous outcomes.'
Paper about internet censorship in Turkey by Kemal Altintas, Tolga Aydin and Varol Akman published 10 May 2002 in First Monday, peer-reviewed journal
http://www.firstmonday.org/issues/issue7_6/altinta/
14 March 2003 Pre-registration deadline conference CCTV and Social Control
The Centre for criminological research of the University of Sheffield in conjunction with The Journal - Surveillance and Society will be organising a two day conference in Sheffield - UK on the politics and practice of videosurveillance. The conference will take place 8 and 9 January 2004, but everybody is kindly requested to express interest this week, either presenting a paper or just attending.
Pre-registration and announcement of papers email to
c.norris@sheffield.ac.uk
15 March 2003 Nomination deadline for the Stupid Security Award
http://www.privacyinternational.org/activities/stupidsecurity/
25 March 2003 London, UK - Big Brother Awards http://www.privacyinternational.org/bigbrother/uk2003/
1-4 April 2003 New York, USA - CFP 2003
http://www.cfp2003.org/cfp2003/program.html
22-24 April 2003 St Petersburg, Russia - Building the Information Commonwealth
http://www.communities.org.ru/conference/
6-7 May 2003 Padova, Italy - Information Society Visions and Governance
Contact for information: Claudia Padovani,
claudia.padovani@unipd.it
8 - 9 May 2003, Namur, Belgium - Collecting and Producing Electronic Evidence in Cybercrime Cases
2-day workshop organised by the University of Namur
http://www.ctose.org/workshop-8-9-may-2003.html