61 Members of the European Parliament from 13 countries have signed a motion for a resolution calling for a new first reading of the software patent directive. According to the motion, the situation has changed substantially (with risks for public administration) and the European Parliament itself has changed, two formal reasons to be able to call for a renewal of the procedure.
The motion was initiated Jerzy Buzek (Christian Democrats, former prime minister of Poland) and Adam Gierek (Socialists, Poland). Amongst the signatories are many Polish MEPs, but also veteran MEPs that welcome the initiative as a way out of the political deadlock between Council and Parliament.
The motion is a great success for the anti software patent movement, especially the Foundation for a Free Information Infrastructure (FFII). Their relentless lobbying last year against the patentability of pure software has caused many MEPs to remain strongly opposed to Council attempts to introduce a very broad and vague patentability of computer-implemented inventions.
On 24 September 2003 the European Parliament voted in first reading against all proposals that would make software patentable and added additional safeguards, such as freedom of publication and interoperation. So far, the Council has not adopted any of these amendments. A last-minute attempt by the Dutch presidency to get the proposal approved by the Agriculture Council on 21 December 2004 also met with strong Polish resistance. Since the 10 new EU member states weren't able to vote when the Council adopted its position in May 2004, with the motion they might achieve an opportunity to regain political influence.
Euractiv reports there is no indication that the motion will be voted on by Parliament any time soon. "Under article 55 of the Parliament's rules of procedures, the initiative would need to come from the committee in charge of the dossier." Besides, the group failed to secure the approval of the Green MEPs, who strongly opposed the directive so far, but don't agree with this strategy. In addition, even if adopted by the lead committee, a resolution is in no way binding.
Motion for a resolution (08.12.2004) http://www.ffii.org/~jmaebe/reso/resolution_55_4.pdf
61 MEPs urge return to 1st reading (05.01.2005) http://swpat.ffii.org/log/05/restart01/index.en.html
According to a recent Dutch study into the costs of mandatory data retention, internet providers will face investments of millions of Euro. The Dutch study is the only governmental study in Europe made public so far about the costs of data retention. The EU proposal from April 2004 is very vague about the specific data internet providers will have to store, but has a very broad scope, including all kinds of new protocols and communication technologies. In November 2004, the Council of Ministers of Justice and Home Affairs (JHA) announced they would even expand that scope, and oblige providers to collect data they normally do not process. The Dutch research company KPMG has just assumed the obligation will be about e-mail log-files and about all connection data to all internet services. How providers, especially large ones, should actually deduct these kinds of data from their data streams remains a mystery.
The study estimates the total Dutch internet traffic at 25 Gb/s, and calculates that the initial investment to retain and store traffic data in the Netherlands would be 15 to 20 million euro if the internet providers would do it themselves, and 7 to 10 million euro if the government were to store the data and handle all requests themselves. As high as those costs might seem, they were already outdated when the report was finalised, in November 2004, because they were based on statistics from 2003. The traffic at the Amsterdam Internet Exchange (AMSIX) has more than doubled in volume since 2003, mainly because of the success of broadband internet.
In December 2004, the AMSIX signed a protest letter from 250 Dutch ISPs, calling on members of the Dutch Parliament to prevent Minister of Justice Donner from agreeing in the JHA Council. The London Internet Exchange has added its powerful voice to the massive international protest from citizens and companies against mandatory data retention. They started the new year by issuing a warning that the plans will add to costs for Internet users. Unaware of the Dutch estimate, they think the costs will be exceptionally high, and the only way to cover them would be for ISPs to introduce a special user charge for data collection and retention.
LINX currently has 170 member ISPs. Malcolm Hutty, the regulation officer of LINX, explains "we are currently carrying about 70 Gb/s peering traffic over our infrastructure. This makes us the world's largest neutral Internet exchange." Hutty also told EDRI-gram that the London Internet Exchange has experienced a similar fast growth in traffic volume as AMSIX did, growing from a little under 24Gb/s in December 2002.
The total traffic volume in the Netherlands and the UK is even higher, because internet exchanges do not see inner-provider traffic, such as file-sharing amongst customers of the same ISP, or downloading from provider archives. All these numbers mean the costs of retaining communication traffic data will keep on rising sharply in the years to come, from maybe 40 million euro for all the Dutch ISPs today, to over a hundred million in a few years from now.
Dutch report on the costs of data retention (with summary in English, released 21.12.2004)
http://www.bof.nl/docs/bewaarplicht_KPMG.pdf
Government web snooping to add costs for Internet users (06.01.2005)
http://www.net4nowt.com/isp_news/news_article.asp?News_ID=2592
LINX realtime graphics
http://www.linx.net/statistics/
AMSIX cumulative graphics
http://www.ams-ix.nl/technical/stats/CUMU.html
On 1 January 2005, a new law went into force in the Netherlands obliging everybody above the age of 14 to always show ID when asked. Dutch police has immediately started to use the new power by fining dozens of citizens for not being able to present a valid passport, drivers license or ID card. Most citizens were given double fines, for example for riding on a bicycle without proper illlumination, or hanging out in groups and thus presenting a possible threat to the 'public order'. In the city of Rotterdam alone, 20 fines were issued within the first 24 hours of the new obligation. Two of the first fines that became public have raised serious concerns about the actual intentions of the police with their new power.
A young man attended the new-year's reception of the municipality of Nijmegen, and held up a banner protesting against the policy to evict asylum seekers. He was arrested and asked to show ID. When he refused to do so, the police took him to the local police station and held him for several hours. In the end he was sent home without a fine, but his right to demonstrate was undermined completely.
A second incident was covered in the eight o' clock national TV news on 8 January 2005. A 14-year old girl in the municipality of Wijk en Aalburg was arrested in the very early hours of 1 January 2005 for not being able to show ID, together with 20 other kids. She spent 5 and a half hours in a police cell, without any indication of any possible misdemeanour other than being in the wrong place at the wrong time.
Before 1 January 2005 a large majority of Dutch people supported the new law, in support for any measure that could help increase security. After 1 January, many people start to realise they have to bear the costs themselves, starting at 30 euro for an ID card, but amounting up to 100 euro in case of losing a card or passport. The owner of the website 'gelijkoversteken' (hand over simultaneously), calls on all citizens to demand to see the ID of any supervisor or police officer in return for showing theirs. He reports numerous incidents of coloured people being asked for their ID without any other apparent reason than the colour of their skin.
The Council of State, the highest legal advisory body in the Netherlands, strongly criticised the proposed law for the lack of any substantive evidence that it would help in the battle against terrorism. This criticism was bluntly ignored by Cabinet and Parliament. In a bold new year's speech the mayor of Wageningen, Mr Pechtold, spoke out against the new law and called it an example of The Hague idiocy to lure the general public into a false sense of security.
NOS news item (in Dutch, 08.01.2005)
http://cgi.omroep.nl/cgi-bin/streams?/nos/nieuws/2005/januari/video/07...
Website Gelijk Oversteken (in Dutch)
http://www.gelijkoversteken.org
Members of the European Parliament have voted in favour of the EU's constitution today (12 January 2005), with a 500 to 137 majority (40 abstentions), setting the EU on a path toward more integration and a little bit more democracy. In the afternoon, the Constitution was celebrated with concerts, balloons and a festive debate involving Parliament President Josep Borrell and author Jeremy Rifkin. While the general tendency of the Constitution, as compared to present practice, is widely welcomed, critics say democratic standards in the Constitution are still far from being satisfactory and there is an inherent risk that the Constitution will freeze this situation for a long time. The vote is seen as being a blow to Constitution opponents in such countries as the UK and France, where the prognosed "no" vote in EU Constitution referenda is steadily rising.
Luxembourg PM Jean-Claude Juncker, in his first speech as the president of the EU Council, warned the referenda could 'bog down' the EU, due to the tempation to delay 'sensitive decisions' until after the votes have taken place.
Part II of the Constitution is the Charter of Fundamental Rights of the European Union, which contains many of the fundamental freedoms that EDRI fights for, including the protection of personal data, the freedom of expression, access to services of general interest, right of access to documents, and so on. This will be the first time that these rights will become actionable at an EU level. Nevertheless, in the European Parliament it was opposed by the left-wing GUE Group on accusations that it did not contain sufficient social safeguards, by far-right groups, by the euro-sceptic ID group, the UK conservatives and the Czech ODS party, who in unison claimed it gave too much power to Brussels.
In order to become effective, the Constitution needs to be ratified in all 25 member states. This process has already started in Lithuania and Hungary, where the Constitution found majorities, and is expected to last until the end of 2006. Referenda will start this February in Spain; difficulties are expected in Denmark, France, Britain, Poland, the Netherlands and the Czech Republic.
EU Official Journal: Treaty establishing a Constitution for Europe
(16.12.2004)
http://europa.eu.int/eur-lex/lex/JOHtml.do?uri=OJ:C:2004:310:SOM:EN:HT...
(Contribution by Andreas Dietl, EDRI EU Affairs Director)
The European Commission has approved of a new set of standard contractual clauses for international data transfers proposed by seven international business associations. The contracts are said to offer an adequate level of data protection under the EU's data protection laws. Companies can use the clauses to provide a legal basis for transfers to data controllers outside of Europe as from 1 April 2005. The new clauses will be added to those already available under the Commission's June 2001 decision (IP/01/851).
Companies believe that some of the new clauses, such as those on litigation, allocation of responsibilities or auditing requirements, are more business-friendly. According to the Commission the new clauses provide for a similar level of data protection as those of 2001 and prevent abuses, the data protection authorities are given more powers to intervene and impose sanctions where necessary. The implementation of this new set of clauses will be reviewed in 2008.
A big coalition of business associations led by the International Chamber of Commerce (ICC) negotiated these new standard contractual clauses with the Commission and the Article 29 Working Party over the last three years. It marks the first time the Commission has officially approved a mechanism for data transfers proposed by the private sector.
According to the ICC the clauses provide a number of advantages for companies over the Commission's previous clauses. For instance, the clauses do not require the data exporter and data importer to be liable for each other's misuse of the data. The ICC call the new clauses more "flexible and realistic" for businesses.
The new clauses limit the right of access for data subjects. Access can be denied for requests "which are obviously abusive based on unreasonable intervals or their number or repetitive or systematic nature, or for which access need not be granted under the law of the country of the Data Exporter".
European Union approves clauses for international data transfers (07.01.2005)
http://www.iccwbo.org/home/news_archives/2005/data_transfers.asp
Commission: Model Contracts for the transfer of personal data to third countries
http://europa.eu.int/comm/internal_market/privacy/modelcontracts_en.ht...
Article 29 opinion on draft clauses (17.12.2003)
http://europa.eu.int/comm/internal_market/privacy/docs/wpdocs/2003/wp8...
The Italian data protection authority (Garante della Privacy) has opened a consultation on privacy issues related to RFID tags, loyalty cards, digital TV (pay per view etc.) and video-telephoning. The Italian Winston Smith project (defending e-privacy since 1999) has responded with a specific legal proposal to control the use of RFID-tags. These mini-chips are becoming smaller and cheaper everyday, and can be read out at a distance. The main privacy-concern about the tags is that individual consumption-patterns can be tracked and traced by any outsider with a reader, especially when the individual purchaser is identified via a loyalty-card.
The Winston Smith Project wants legal rules that oblige manufacturers to make RFID tags easily identifiable and removable. Secondly, the presence, type and position of RFID tags must be clearly advertised on the packaging of an article and/or on the article itself. Thirdly they demand permanent deactivation of RFID tags when buying the product or when usage of the RFID tag has ended. Finally, they claim all data collected by RFID readers should be treated as personal data, to which all regular privacy-principles apply. Collection, storage and further processing may only happen within the boundaries of a strict and publicly known goal.
The Winston Smith Project states: "Data mining techniques in sales and RFID databases can transform us in 'RFID Christmas trees', making us identifiable and traceable for successive readings, and permanently tying us to our buying activities. The fact that currently most RFID tags can only be read by very nearby terminals (tens of centimetres) is not very reassuring; already specialised terminals have been developed that can read RFID data in the range of tens of meters."
The Italian group sees a possible solution in a maximum term for conservation of these data. In case of additional processing or conservation for a longer time, companies should notify the Data Protection Authority. Furthermore, these rules should not only apply to RFID related data, but to all kinds of new electronic databases, such as GSM location data, web log-files and data generated by wireless networks.
Consultation Italian DPA (closes 15.01.2005)
http://www.garanteprivacy.it/garante/doc.jsp?ID=1078227
Legal proposal from the Winston Smith Project (03.01.2005)
http://www.winstonsmith.info/proposta_di_legge_rdp_v5.rtf
International RFID Position Statement, endorsed by EDRI (20.11.2003)
http://www.privacyrights.org/ar/RFIDposition.htm
(Thanks to Andrea Glorioso, Italian consultant on digital policies)
The EU Commission plans to store biometric data taken from visa applicants in the planned Visa Information System (VIS). This was decided as part of a proposed regulation, which was already due in late 2004, but was delayed until 7 January 2005. The delay seems to be due to technical problems with stacking multiple RFIDs on documents. The upcoming Luxembourg Presidency of the Council wrote a note on these technical difficulties on 22 December 2004.
The note mentions in particular collision problems arising when several RFID tags would be included in one passport. As a possible solution concerning visas, the note proposes to store the biometric data only in the VIS and not on an RFID sticker, and says a majority of EU member states delegations seems to be in favour of this second solution. Concerning residence permits, the Luxembourg Presidency proposes to issue separate cards, with the biometric data on an RFID chip, as is currently planned also for EU citizens' travel documents. This solution is, however, opposed by Germany, where residence permits are already being issued in the form of stickers.
According to current planning, the VIS is foreseen only for visa and asylum applications, not for residence permits. It will be closely linked to the Schengen Information System (SIS), which already holds a vast amount of data on would-be immigrants denied access to the EU.
EU Reporter: EU's Big Brother Strikes Again! (10.1.2005)
http://www.eureporter.co.uk/articles/article.cfm?id=1694
Statewatch: EU: Biometric visa policy unworkable (05.1.2005)
http://www.statewatch.org/news/2005/jan/02update-visas-biometrics.htm
Council of the European Union: Technical feasibility of the integration of biometric identifiers into the uniform format for visa and residence permits for third country nationals, passports and other travel documents issued by Member States, Document Nr. 14534/04 (11.11.2004)
http://www.statewatch.org/news/2004/dec/bio-visas.pdf
Luxembourg Presidency of the EU Council: Integration of biometric identifiers into the uniform format for visa stickers and residence permits for third country nationals, Document Nr. 16257/04 (22.12.2004)
http://www.statewatch.org/news/2005/jan/bio-visas-16257.pdf
European Commission: Proposed Visa Information System (VIS) enhances security and facilitates travelling in EU (07.01.2005)
http://europa.eu.int/rapid/pressReleasesAction.do?reference=IP/05/10
(Contribution by Andreas Dietl, EDRI EU Affairs Director)
INDICARE has issued a report on consumer concerns with respect to DRM. INDICARE (the Informed Dialogue about Consumer Acceptability of DRM Solutions in Europe) is a consortium of 3 academic institutions and a company from Germany, Hungary and the Netherlands, funded with EU money under the E-Content Programme. The report was written by eight different experts.
The report demonstrates that interests and concerns of consumers are insufficiently considered in the context of DRM-protected digital content. One conclusion is "While some developments of applied business models seem to head slightly into the direction of consumers expectations (e.g. increased number of burns or copies of DRM-protected products), the observed statements point to many other consumer concerns that are still insufficiently taken into account, in particular issues of privacy, transparency and contractual fairness, interoperability, security and hardware issues, flexible business models, product diversity and pricing concerns.(page 42)"
After outlining the European Commission's initiatives and European research projects on DRM, the report looks into the concerns of customers with disabilities and institutional customers such as libraries, science, and education. The fourth chapter is devoted to the legal aspects of DRM, especially the balance between the exceptions in article 5 and the circumvention ban in article 6.1 of the European Copyright Directive. While the private copying exemption in the EUCD in theory tries to balance the interests of users and copyright owners, in practice the legal standing is dubious. "In recent French and Belgium court cases relating to DRM and private copying, it was stressed that consumers have no right to private copying. This is expressly noted in a French court case, in which the private copying of a DVD was deemed a privilege and not a right under French law. In the Belgium case it was decided that private copying was not considered a right, but a 'legally granted immunity against prosecution.' The author concludes: "while it used to be the rightsholder that had to enforce its rights against infringers, under a DRM scheme it has become the consumer who has to secure his interests through an often costly procedure.(page 48-49)" He also examines general consumer protection law as a solution to protect user rights, but finds "the scope of this protection may not always be clear. Moreover, the enforcement of applicable provisions in the judiciary may not be so easy for individual consumers in practice."
Chapter 5 describes the technical aspects and development. Here the author seem to focus on right description languages (ODRL/XrML), in stead of looking at the control-components. From a privacy-perspective and looking at standards and interoperability these components are much more crucial. The attention paid to privacy-issues is minimal, especially when discussing Trusted Computing. Maybe this can be explored in the two promised updates of the report.
Digital Rights Management and Consumer Acceptability. A Multi-Disciplinary Discussion of Consumer Concerns and Expectations (15.12.2004)
http://www.indicare.org/soareport
The OSCE Representative on Freedom of the Media, Miklos Haraszti, has published a 270 page cookbook with recipes on how to preserve the freedom of the Net. The Media Freedom Internet Cookbook aims to help users and governments fight "bad content", for example hate speech, without jeopardising freedom.
According to Haraszti "Regulatory activism can lead to suppression of freedom regardless of whether this censorship was intended or came as a consequence of ignorance. I intend to warn about the dangers over the Internet just as I do in the case of 'classic' censorship in the print press or the broadcast media."
The book is a result of major findings of the Second Internet Conference which was organized by the OSCE Media Representative in August 2004 in Amsterdam. The outcomes will be evaluated during the Third Amsterdam Internet Conference in 2005.
Media Freedom Internet Cookbook (16.12.2004)
http://www.osce.org/documents/rfm/2004/12/3989_en.pdf
13-14 January 2005, Berlin, Germany
3rd DRM Conference
Registration Deadline: 20th December 2004
http://digital-rights-management.org/
14 January 2005, Athens, Greece
ePSINet Policy Conference on re-use of Public Sector Information in Europe. The aim of the conference is to provide a forum for policy makers, public content providers, re-users and international experts to discuss the prospects for adding value through commercial exploitation of public sector information. The conference will also act as a progress check on the early implementation of the European Directive on PSI re-use, published late in 2003, and discuss the future agenda. Registration is free for the first 150 participants.
http://www.epsigate.org/conf.htm
16 January 2005, Deadline EC consultation
Public consultation on the new action plan eEurope 2005-2010
http://europa.eu.int/information_society/eeurope/2005/all_about/2010_c...
21 January 2005, Paris, France, Big Brother Awards
The organising committee of the French Big Brother Awards is inviting the public to nominate people, institutions and governments that have excelled in violating privacy and enhancing control. The French have opened a new category, for nominations in the 'Novlang/Newspeak Award', dedicated to public manipulation of the masses aimed at making people docile to control, surveillance, tagging and tracing their private lives.
Public nominations French Big Brother Awards
http://candidats.bigbrotherawards.eu.org/
25 January 2005, Brussels, Belgium
Open workshop on the foundation of an EU Human Rights Agency
Workshop registration form (in MS Word only)
http://europa.eu.int/comm/justice_home/news/consulting_public/fundamen...
3-4 February 2005, Paris, France - Unesco conference
4-5 February 2005, Oegstgeest, Netherlands - Unesco conference
Two conferences about online freedom of speech, access to information and privacy. Open to invited participants only.
http://portal.unesco.org/ci/en/ev.php-URL_ID=17907&URL_DO=DO_TOPIC...
14-16 February 2005, Geneva, Switzerland
WSIS Working Group on Internet Governance meeting
http://www.wgig.org, http://www.worldsummit2005.org
17-25 February 2005, Geneva, Switzerland - WSIS PrepCom 2
http://www.wsis.org, http://www.worldsummit2005.org
31 March 2005, deadline call for papers on DRM
Special session on Digital Rights Management during the 31st Euromicro conference on Software Engineering and Advanced Applications (SEAA) 2005 in Porto, Portugal. This special session is open to discuss technical, legal and business issues with DRM and the social aspects regarding users understanding and fair use. Papers should be around 6-8 pages (not exceeding 6000 words) and include an abstract.
http://www.idt.mdh.se/euromicro-2005/
12-15 April 2005, Seattle, USA, CFP 2005
The program committee of the annual Computer, Freedom, Privacy Conference is accepting proposals for conference sessions and speakers for CFP2005. The deadline for submissions is 31 December 2004. The conference will be held in the Westin Hotel in Seattle, Washington.
http://www.cfp2005.org