The Council of European Ministers of Justice and Home Affairs (JHA council) seems set for a frontal collision with the European Commission with the proposal for a framework decision on mandatory data retention. On 14 April 2005 the Council will discuss the proposal, possibly including a functional list, in spite of the urgent request from EU Justice Commissioner Frattini to drop the proposal completely and wait for a proper democratic initiative from the Commission. For national members of parliament all over Europe the national preparatory debate about the agenda for this JHA Council will probably be the last chance to stop their ministers from agreeing and first demand a thorough investigation into the necessity and proportionality of data retention.
The last publicly available Council document dates from 24 February 2005. The proposal now demands a retention period of 12 months for all data generated or processed by telecom providers, with a maximum of 36 months. There is also a new minimum of 6 months for countries that wish to derogate from the proposal. Any such derogation has to be reviewed annually and reported to Commission and Council.
The footnotes show some countries have expressed reservations, but the names have been deleted from the document. At least one delegate has tried to remove failed caller attempts from the list of data to be retained, the lobbying focus from the powerful telecom companies, but apparently unsuccessful.
Meanwhile the European Parliament is left in its powerless role as consultant on the decision, without any right to amend or veto the proposal. The critical questions from Dutch social democrat MEP Edith Mastenbroek on 14 October and 12 December 2004 have finally been answered by the Council on 14 March 2005 in a very condescending manner, summing up the well-known factual history of the proposal without answering any of the questions about the proportionality and democratic content of the proposal. Why it has taken the Council this long to answer the questions will probably remain as mysterious as the precise contents of the proposal itself until after it has been adopted. The deadline for the (unanimous) adoption remains set at June 2005.
The united national and regional data protection authorities of Germany have strongly criticised the plans during their annual conference in Kiel on 10 and 11 March 2005. The German DPAs were relatively quiet the last few months about the subject after the German parliament had clearly ordered the minister of the interior not to agree with any kind of mandatory data retention for German companies. But surprisingly Schily, the minister of the Interior, used the opening of CeBIT 2005 (a mega IT exhibition in Hannover, Germany) on 13 March 2005 to speak out in favour of 12 months mandatory data retention. Law enforcement authorities should "use all possibilities to discover planned crime and terrorist actions" but negotiations with the telecom industry "were not closed yet". The next day Schily joined the informal meeting of the interior ministers in Granada of the 'big 5' (UK, France, Germany, Spain and Italy). The ministers discussed data retention measures amongst other proposals to "monitor and control the use of the Internet in international terrorism and organised crime."
According to the president of the DPA conference, Dr. Thilo Weichert, also chair of the Schleswig-Holstein DPA, "the systematic surveillance of the telecommunication behaviour of all innocent citizens can only provide minimal help in solving criminal cases, because internationally organised criminals and terrorists have the technical means to circumvent the tracking of their traffic data." Weichert also pointed at the costs for the telecom industry, raising the costs for individual subscribers and hurting competition and innovation.
The German DPAs note that the proposal is not only unconstitutional in Germany, but also in violation of the draft European Constitution in which privacy and telecommunications secrecy are enshrined as pillars of a free democratic society.
In Spain the Public Prosecutor's Office has allegedly produced a set of recommendations for the Ministry of Economical Affairs on the exact type of data that should be stored by telecom providers. In spite of several appeals by the Spanish Internet user association Internautas to the freedom of information act, drafts have not yet been made public. Spain was the first country in the EU to adopt general framework legislation demanding data retention in the summer of 2002, immediately after the EU privacy directive was adopted which allowed for national legislation on data retention. But like in all other EU countries except for Italy, the legislation never materialised in specific regulations. According to Internautas the Public Prosecutor demands a longer period for data retention than 12 months and also wishes to give regular police officers access to the data without any judicial order. Remarkably, the Prosecutor seems to defend general data retention without any reference to terrorism. He only refers to child pornography, which also makes it necessary to create mandatory identification by service providers of all IRC users (internet chat networks) and visitors of cybercafes.
Last (partially public) version of the draft framework decision on data retention (24.02.2005)
http://register.consilium.eu.int/pdf/en/05/st06/st06566.en05.pdf
UK and EU allies plan moves against terror websites (18.03.2005)
http://www.theregister.co.uk/2005/03/18/g5_granada_meet/
Deutschland prescht bei Speicherpflicht vor (German, 14.03.2005)
http://futurezone.orf.at/futurezone.orf?read=detail&id=262957
La retención de datos y el secreto de las comunicaciones (Spanish, 17.03.2005)
http://www.internautas.org/html/1/2790.html
The UK Government's plans for a national identity card have come under renewed criticism in a report published last week by the London School of Economics.
The report, "The Identity Project: An assessment of the UK Identity Cards Bill & its implications", featured contributions from experts across the LSE and from businesses that would be involved in building any ID system. The report concludes that the government's proposals are "too complex, technically unsafe, overly prescriptive and lack a foundation of public trust and confidence." It also finds that the risks involved in the government's proposals are such that "the scheme should be regarded as a potential danger to the public interest and to the legal rights of individuals".
The use of iris scans and fingerprints in the scheme is identified as a particular risk. "The technology envisioned for this scheme is, to a large extent, untested and unreliable. No scheme on this scale has been undertaken anywhere in the world... A fully integrated national system of this complexity and importance will be technologically precarious and could itself become a target for attacks by terrorists or others." Meanwhile however the EU Council of Ministers is pushing for the creation of an EU-wide biometric database.
The LSE report proved influential in this week's House of Lords debate on the government's ID plans. Peers from all political parties called on the government to abandon the legislation and to reconsider the issues raised by the report in the next Parliament. As there is now very little time left before the next election is expected to be called, it is likely that the government will have little choice but to take this advice.
The Identity Project: An assessment of the UK Identity Cards Bill & its implications (March 2005)
http://www.lse.ac.uk/collections/pressAndInformationOffice/PDF/IDrepor...
EDRI Open Letter to the European Parliament on Biometric Registration (26.11.2004)
http://www.edri.org/campaigns/biometrics/eu
House of Lords debate on the Identity Cards Bill (21.03.2005)
http://www.parliament.the-stationery-office.co.uk/pa/ld199900/ldhansrd...
(Contribution by Ian Brown, EDRI board member)
Search engine Google has lost an appeal on 10 March 2005 against a French court order to change its advertisement practices. The case about the advertisement practice was instigated by the travel companies Luteciel SARL and Viaticum SA. Competitors bought the search terms 'bourse des vols' and 'bourse des voyages' (flight exchange and trip exchange) so that their advertisements would show next to the search results. The two companies successfully claimed they had exclusive trademark rights on these terms, and accused Google of something akin to counterfeiting. Google was ordered to pay 75.000 euro in damages and legal costs in first instance. In February 2005 Google lost a similar case against the French luxury goods company Moët Hennessy - Louis Vuitton. Another search engine, Yahoo, lost a similar case in January 2005 as well, when the French hotel chain Accor complained about advertisements from competitors using its hotel names.
Google is also facing a lawsuit from the French news agency AFP about its news services. On 19 March AFP filed a complaint at a Washington court claiming Google violates their copyrights by quoting the headlines, pictures and opening lines of their articles and claims 13.1 million euro in damages. On 22 March 2005 Google started to remove all references to AFP from its news services. According to Steve Langdon, a Google spokesman, "we allow publishers to opt out of Google News. Most, however, want to be included in Google News because they believe it's a benefit to them and their readers." It is unclear if this means AFP will withdraw the case.
In another French ruling about Internet the court of Nanterre decided on 14 March 2005 that a seamstress in Southeast France must hand over the domain www.milka.fr to U.S. food company Kraft Foods, vendor of chocolate with the brand name Milka. The seamstress, Milka Budimir, was accused of cybersquatting and can no longer use her own first name on the Internet, since "the brand name existed long before she was born".
Google France loses appeal in AdWords trademark dispute (17.03.2005)
http://www.infoworld.com/article/05/03/17/HNgooglefranceadwords_1.html
Complaint filed against Google by AFP (in English, 19.03.2005)
http://www.resourceshelf.com/legaldocs/afpvgoogle1.pdf
L'affaire Milka.fr couronne le droit des marques (15.03.2005)
http://www.rfi.fr/actufr/articles/063/article_34790.asp
The European Commission has rejected Microsoft's proposal to comply with the EU anti-trust ruling. Microsoft needs to enable other software providers to interoperate with computers that run the Windows operating system. But the proposed Microsoft server interoperability licence contains a number of serious flaws including unjustifiably high royalty fees and the exclusion of open source vendors, according to the Commission.
In March 2004 Microsoft got a record fine of 497 million euro after a five-year investigation by the Competition Commissioner into Microsoft's business practice. According to the Commission's ruling Microsoft's illegal business practice has enabled it to acquire a dominant position in the market for work group server operating systems and has significantly weakened competition on the media player market. As a remedy the Commission ordered Microsoft to offer a version of Windows without bundled media player and to share more technical information with server rivals. Microsoft has paid the fine but is still negotiating with the Commission how to comply with the remedies after losing an attempt to suspend the sanctions at the EU Court of Justice.
Microsoft announced that it will offer a server interoperability licence that will give competitors access to server communication protocols. But the Commission has rejected the proposed license because open source vendors are excluded, the price of the license is too high and it requires competitors to take an all-in-one licence for different protocols.
The Free Software Foundation Europe (FSFE) filed the original complaint with the commission that Microsoft's proposed licensing terms made it impossible for companies that write open source software to compete on a level playing field. The Microsoft licence allows free software projects like Samba to use the software interface information, but bans it from publishing the software as free software. "Obviously, while paying royalties is not impossible .., with Free Software nobody knows exactly how many copies using a certain program are circulating, as free software is allowed to be copied as often as necessary, freely", says Stefano Maffulli, from the Italian FSFE.
The Commission is also critical of the quality of the stripped-down Windows version and has rejected Microsoft's proposal to limit the powers of a non-partisan trustee to monitor its compliance with EU-imposed sanctions.
Microsoft's draft licence, step by step (18.03.2005)
http://insight.zdnet.co.uk/software/0,39020463,39191959,00.htm
Free Software Foundation Europe press release (11.02.2005)
http://mail.fsfeurope.org/pipermail/press-release/2005q1/000092.html
EU Court confirms Commission's decision against Microsoft (29.12.2004)
http://www.edri.org/edrigram/number2.25/microsoft
The Dutch association of criminal defence lawyers (NVSA) has lost a court case (preliminary proceedings) demanding an immediate stop to the practice of wiretapping their confidential telephone conversations with clients. On 15 March 2005 the administrative Court of the Hague ruled that these conversations do not per definition fall under the professional secrecy. There is a specific decree in the Netherlands that allows for the wiretapping of lawyers. First a full report of the wiretap on a suspect is made and read by the specific prosecutor responsible for the case. If the prosecutor concludes that the report contains confidential conversations with a lawyer, he can decide to have those parts deleted en removed from the file.
The lawyers association, supported by a destructive report by the Dutch Data Protection Authority from 2003, claimed in practice these conversations are often not deleted and used by the prosecutor to help build a case. In their view, the police should immediately stop a wiretap as soon as it becomes clear that it is a confidential conversation, for example with the help of telephone number recognition.
The lawyers association is furious about the ongoing practice of wiretapping. "The essence of the pledge of professional secrecy is that a citizen should be able to freely consult a lawyer and communicate with him without any interference from the government." The fact that the State does not respect this, leads to a 'back room' atmosphere, where lawyers have to secretly make appointments with their clients, possibly even at secret locations. "This marginalises the contact between citizen and legal council, as if there were something wrong about it," said council Taru Spronken in her plea at the court.
The Dutch minister of Justice refuses to take any steps to protect the lawyers. He claims the telephone numbers of lawyers cannot be excepted, as they might become criminal refuges, or can be hacked via the Internet for use by criminals. The Court of the Hague doesn't address any of these objections, but finds the current practice in the Netherlands to be in line with the European Convention of Human Rights.
The NVSA will appeal and is also considering to start full civil proceedings to get a more balanced, in depth analysis. They have already shown their tenacity in 2001, when they first started preliminary proceedings against the State with the same demand; to have confidential conversations deleted from the files. In response, the State created an instruction for prosecutors. But the lawyers did not find these guidelines acceptable and 113 of them joined forces in a case at the European Court of Human Rights. The ECHR did not accept the case, roughly summarised because a wiretap can only be ordered by an investigating judge. For a practical and detailed examination of the practice, the ECHR referred the lawyers back to a Dutch court.
Verdict preliminary proceedings (in Dutch, 15.03.2005)
http://zoeken.rechtspraak.nl/zoeken/dtluitspraak.asp?searchtype=ljn&am...
Decision ECHR in Aalmoes and others v. The Netherlands (25.11.2004)
http://echr.coe.int
(no direct link possible, please search HUDOC for Aalmoes)
The Austrian regional power company TIWAG (based in Tirol) has claimed 500.000 euro in damages if an activist doesn't immediately take down a critical website. On 10 March they filed preliminary proceedings at the court of Innsbruck. On 23 March they sent another claim of 100.000 euro to the hosting provider of the site (based in Germany). TIWAG claims the information is confidential and the site a violation of their trademarks.
Austrian EDRI-member Quintessenz reports that two weeks ago, activist Markus Wilhelm published a list of 20 mainly American companies and banks with whom TIWAG allegedly closed cross-border leasing deals. The address of his website was www.dietiwag.at. But after a claim from TIWAG the national registrar of the Austrian top level domain deleted the domain name. Wilhelm then reopened his website at www.dietiwag.org. There is no national representative for the .org top level domain in Austria, since it is controlled by the international not-for-profit organisation PIR.org. On top of that, he hosted the site in Germany, not in Austria.
Austria has a history of power companies claiming reputation damage on the Internet. Earlier, the power company of Linz sued a group of radio broadcasting amateurs for publishing a critical document about the effects of the new 'Powerline Technology'. According to the radio amateurs, supported by all the leading broadcasting authorities and technicians in the country, introducing this outdated technology would make it impossible to receive important short wave transmissions from the BBC, Deutschlandfunk, Voice of Amerika, Radio Free Europe, the Red Cross and all kinds of amateur radio. The document was immediately mirrored worldwide and Linzstrom lost the case in court. Their claims however did lead to another fitting reward: the people's choice for the Austrian Big Brother Award 2004.
Zensur.at: 50 Hertz Mafia will 500·000 (in German, 25.03.2005)
http://www.quintessenz.at/cgi-bin/index?id=000100003194
Critical website
http://www.dietiwag.org
People's choice Austrian BBA 2004 (26.10.2004)
http://www.bigbrotherawards.at/2004/nominees/winners_en.php#publikum
The Dutch Attorney-General for the Supreme Court, Verkade, has once more righted internetprovider XS4ALL and author Karin Spaink in their decade long defence against legal attacks by Scientology. In his opinion for the Supreme Court Verkade argues "Although copyright resides under Article 1 of the First Protocol of ECHR and can therefore be regarded as a human right, this does not exempt copyright from being balanced against the right to freedom of information." In this specific case, in which Spaink quoted several critical paragraphs from a statement made in court by a former member of the organisation, freedom of speech clearly prevails above the claimed copyrights of Scientology.
The case started in September 1995, when XS4ALL servers were formally seized by a bailiff, assisted by a representative from Scientology, because a customer hosted the Fishman Affidavit. This court-testimony contained many quotes from documents that the church wanted to keep secret. Spaink first put the entire document on her XS4ALL homepage. When Scientology threatened to sue her and XS4ALL, many other people put mirrors on their homepages. Spaink then limited the information on her homepage to relevant quotes from the document. In interim injunction proceedings in 1996, the court of The Hague declared all Scientology's claims against XS4ALL, Karin Spaink and the other defendants to be unfounded. Scientology appealed, but lost once again in 1999. However, this 1999 decision included a separate declaratory judgement stating that providers could be held liable if three conditions are met; first, the provider is notified; secondly, the notification leaves no reasonable doubt about the infringement of (copy-)rights; and thirdly, the provider does not take down or block the material. The later E-Commerce Directive was clearly influenced by this verdict.
The Supreme Court will rule on 8 July 2005.
Press release XS4ALL (in English, 18.03.2005)
http://www.xs4all.nl/nieuws/bericht.php?id=625&taal=en
The European Group on Ethics in Science and New Technologies (EGE) has presented its opinion to the European Commission on ITC implants in the human body. The EGE is an independent, multidisciplinary and pluralist advisory group, composed of twelve members. Though some implants, such as cardial pacemakers, are ethically unproblematic, non-medical implants pose a potential threat to the human dignity and democratic society, finds EGE. The principles of data protection must be applied as soon as any data can be collected through the implants about human bodies. Furthermore, ICT implants (in wearable computing such as RFID tags but also directly implanted under the skin with for example the VeriChip) should only be allowed if there are no other less invasive means of achieving the same legitimate goals. Though it seems inevitable in certain circumstances for scientific research to experiment with implants, the freedom of research must be strongly limited by ethical principles.
The European Group aims to open up a broad political debate in all EU member states about the specific applications that can be accepted and regulated. They express concerns that non-medical applications are not yet covered by law, especially when it comes to data protection.
EGE Opinion 20 (16.03.2005)
http://europa.eu.int/comm/european_group_ethics/docs/issue4.pdf
31 March 2005, deadline call for papers on DRM
Special session on Digital Rights Management during the 31st Euromicro conference on Software Engineering and Advanced Applications (SEAA) 2005 in Porto, Portugal. This special session is open to discuss technical, legal and business issues with DRM and the social aspects regarding users understanding and fair use. Papers should be around 6-8 pages (not exceeding 6000 words) and include an abstract.
http://www.idt.mdh.se/euromicro-2005/
6 April 2005, Brussels, Belgium
European Commission public workshop on DRM
http://europa.eu.int/information_society/eeurope/2005/all_about/digita...
6-8 April 2005, Belfast, Ireland, BILETA 2005
Over-Commoditised; Over-Centralised; Over-Observed: the New Digital Legal World?
http://www.law.qub.ac.uk/bileta2005/callforpapers.html
12 April 2005, Deadline funding applications
Civil rights organisations and initiatives are invited to send funding applications to the German foundation 'Bridge - Bürgerrechte in der digitalen Gesellschaft'. A total of 15.000 euro is available for applications that promote civil rights in the digitised society.
http://www.stiftung-bridge.de
12-15 April 2005, Seattle, USA, CFP 2005
The 15th annual Computer, Freedom, Privacy Conference will be held in the
Westin Hotel in Seattle, Washington with the leading theme 'Panopticon'.
http://www.cfp2005.org
14-16 April 2005, Padova, Italy, FLOSS 2005
http://www.floss2005.org/
27-28 May 2005, Florence, Italy, E-Privacy Conference 2005
This edition of the foremost Italian conference on privacy in the digital age will focus on automatic data collection and retention. The organising committee is inviting papers from possible speakers. The deadline for submitting papers and presentations is 17 April, notification of acceptance will be given on 24 April. During the conference the first Italian Big Brother Award Ceremony will be held in the stunningly beautiful Palazzo Vecchio.
http://e-privacy.firenze.linux.it/
6-11 June 2005, Benevento (Naples), Italy
Digital Communities 2005
http://www.ssc.msu.edu/~espace/DC2005.html
13 June 2005, Brussels, Belgium
European Commission Information day on the Safer Internet Plus Program.
Further information and registration forms will be available at the
end of April 2005
http://europa.eu.int/saferinternet
17-18 June 2005, Amsterdam, The Netherlands
3d Amsterdam Internet Conference organised by OSCE Representative on Freedom of the Media
11-15 July 2005, Genova, Italy, OSS 2005
http://oss2005.case.unibz.it/index.html
28-31 July 2005, Den Bosch, The Netherlands
What The Hack, major open air hacker / internet lifestyle event. Reduced
early bird entrance fee available until 10 May 2005.
http://www.whatthehack.org/
8-9 September 2005, Brussels, Belgium
EuroSOCAP Workshop on confidentiality and privacy in healthcare. 3 year programme to develop new ethical standards for privacy and patient access to (electronical) files, started on 31 january 2003.
http://www.eurosocap.org