On 18 April WIPO hosted a seminar in Geneva on copyright and ISP liability. Dominated by representatives of the entertainment industry and international government officials, the highly politicised seminar ended with the conclusion that more legislation was indeed necessary. The main issue however remained unsolved; whether this legislation should provide stronger protection for the fundamental rights and freedoms of all internet users, or whether this legislation should further facilitate the entertainment industry in hunting down individual internet users.
The opening keynote speeches by Lilian Edwards and Charlotte Waelde from the AHRB Research Centre in Intellectual Property and Technology of the University of Edinburgh provided the audience with an excellent overview of all the issues related to provider liability for content provided or shared by their customers. Edwards started with the problematic definition of 'service provider', which now also includes online auctions, search engines, RSS feeds, blogs, chat-rooms and price comparison sites. In the period leading up to the year 2000 governments were hesitant to regulate liability, fearing it would disturb the nascent market. But after 2000 the market was mature enough and governments and the entertainment industry were dissatisfied about the lack of self-regulatory solutions. The EU E-commerce directive from 2000 then forced a compromise by distinguishing in possible liability for hosting third party content and no liability for mere conduit and temporary caching. Charlotte Waelde analysed the jurisprudence of the different court cases against producers of P2P software, both in the US and in the Netherlands. She concluded that it is crucial for the liability question in P2P cases to determine whether the ISP is somehow authorising the infringement, or whether an ISP is entitled to presume that facilities will be used in accordance with the law.
Jule Sigall from the US Copyright Office showed himself very content with the Digital Millennium Copyright Act of 1998 (DMCA) and stated that the actual rise of P2P usage was directly caused by the success of notice and takedown of websites. The possibility for a customer to file a counter notice was very effective, according to him, to prevent abuse. An entirely different view of the DMCA was given by Cory Doctorow, the European Affairs director of EFF. He gave an overview of the wrongful complaints collected by the Chilling Effects project and said many small providers receive up to a 100 complaints a month, many of them not even compliant with the minimum DMCA standards. Doctorow asked repeatedly 'What problem does notice and takedown solve?' since hotly contested information will always reappear in hundreds of other places, the procedure costs a lot and leads to the inefficient prosecution of John Does, while seriously threatening free speech and undermining due process rights.
In the afternoon the debate finally began to heat up, when attorney Christiaan Alberdingk Thijm, Verizon Vice President Sarah Deutsch en Universal Music Vice President Barney Wragg debated the pros and cons of peer to peer usage. Wragg said his company embraced P2P usage but only within systems that allow total control for artists, control the exact usage of the materials and provide compensation at agreed rates. Universal Music is signing up 10 new online download services a week, and even though the revenues still account for less than 1% of the total business, online sales are rising exponentially. Alberdingk Thijm, who successfully defended KaZaA at the Dutch Supreme Court, replied by pointing out how difficult the WIPO copyright treaty of 1996 had made life for people that wanted to do legal business with online music. While the rise of Internet made it possible to skip the intermediary from the exploitation, the copyright treaty had made it much more difficult to get international clearance from copyright owners. KaZaa for example tried very hard to get licenses, but was refused everywhere. This deadlock put consumers in an impossible position. The only solution Alberdingk Thijm saw is compulsory licensing or general levying.
Sarah Deutsch started from a moderate position, saying most service providers have evolved into content producers, with a joint interest in combating piracy. But after those reassuring words, she opened a frontal attack on the Motion Picture Association, specifically the wish-list circulated in advance of the conference, demanding a.o. that providers should immediately hand-over identifying details about their customers to right holders and terminate contracts with 'repeat' (alleged) infringers. This proposed 'ISP code of conduct' conflicts with all existing law in the US and Europe, and doesn't contain a single reciprocal obligation for right holders. She said Verizon received hundreds of thousands of invalid notices per year, based on automated search bots operated by commercial bounty hunters, leading to a barrage of complaints sent from invalid e-mail addresses. An ISP is not a policing service and privacy-rights of users should be respected. She also disqualified the demands from the industry to use 'available filtering or blocking technology' to stop users from file-sharing as 'a slippery slope that can easily lead to situation we know from China, where all traffic is filtered on the backbone.'
A spokeswoman from the IFPI (International Federation of the Phonographic Industry) stood up from the audience and explicitly denied any involvement with the MPA wish-list (See also EDRI-gram 3.7). Later on, panellist Ted Shapiro from the MPA said the wish-list was based on the success of general agreements with service providers in France, Spain and Italy and that the MPA had exchanged information with the IFPI. The denial of any IFPI interest is even stranger in the light of the speech by IFPI CEO John Kennedy to the European network operators on 3 March 2005, published on the IFPI website, with remarkably similar demands on the ISP industry.
In the closing debate the audience didn't get much chance to speak up; the 7 panellists used almost an hour of the dedicated 1,25 hour interaction time. In the few possible interventions the complete lack of consensus became extremely clear, with ISPs being bluntly accused of promoting thievery, while the entertainment industry was accused of only using a stick to change the behaviour of customers, in stead of also holding out carrots. When Ted Shapiro said it was impossible to compete with free, Lilian Edwards immediately pointed to the success of expensive mineral water, in spite of the abundant availability of free tapwater.
WIPO program with presentations of most speakers (18.04.2005)
http://www.wipo.int/meetings/2005/wipo_iis/en/program.html
Speech John Kennedy, CEO IFPI at ETNO conference (03.03.2005)
http://www.ifpi.org/site-content/press/inthemedia14.html
The Finnish Electronic Frontier Foundation is raising alarm about a proposed last-minute change in the new Finnish copyright law that would grant the entertainment industry the right to obtain identifying information about alleged infringers from service providers. The legislative committee of the Finnish parliament produced a statement on 17 April 2005 in which they agreed to change this wish from the right holders into law. On top of that, the committee also proposes that providers should disconnect customers if "the economic damage caused by the actions of the user becomes notable".
Similar to the voluntary agreement closed by the French providers with the entertainment industry, a copyright holder in Finland should be able to get a court order to force an ISP to disconnect a client and divulge his identity at even the slightest suspicion of copyright violation. According to EFFI such a clause constitutes a brute violation of basic rights.
EFFI feels that such wide-reaching breaches of an individual's rights should be considered by the constitutional committee. "The data should only be divulged during a police investigation in accordance with current legislation and even then it should never be given to involved parties", Kai Puolamäki, board member of EFFI, says. He adds: "Anyone could demand the disclosure of confidential telecommunication logs or even the disconnection of a client, if he were convincing enough. This law would make such an action possible. For example, the Church of Scientology has already demanded that ISPs divulge the identities of the cult's critics under similar legislation already in effect in the United States."
The proposed change in legislation was partially caused by the failed plea from the record companies at the Helsinki District Court last year to disconnect a user of KaZaA. The record industry was unable to show that the benefit from such a decision would be greater than the damage caused to the user.
EFFI press release (18.04.2005)
http://www.effi.org/julkaisut/tiedotteet/lehdistotiedote-2005-04-18.en...
On 6 and 7 April 2005 a committee of the Council of Europe debated on the merits of a new recommendation on human rights and Internet. On behalf of European Digital Rights Meryem Marzouki from the French digital rights organisation IRIS attended, in fact as the only NGO present. This second meeting of the Multidisciplinary Ad-hoc Committee of Experts on the Information Society (CAHSI) ended with a statement that will be presented to the CoE Committee of ministers, probably to be adopted by the CoE Summit of heads of states in mid May 2005.
The meeting was foremost an intergovernmental meeting, with EDRI in an observer role. Besides government representatives (of which the UK, the Netherlands and Norway were the most active), the secretariat of the group and the Culture and Media divisions of the CoE were present, as well as a delegate from the European Commission.
The objective was to finalise the document drafted during the first session on 3 and 4 February 2005. Thus most of the meeting was spent on amending the document, section by section, word by word. Marzouki was given the opportunity to introduce EDRI and outline three main reservations on the document. First of all, the document tended to over-stress the harmfulness of ICT. Secondly, there was too much focus on and promotion of self- and co-regulation and thirdly, EDRI saw no reason for the references to the Cybercrime Convention and specifically its controversial Additional Protocol (on xenophobic and racist speech).
The finalised (long) document was published on the CoE website on 13 April 2005. Though EDRI remains very concerned about the focus on self-regulation, for example with notice and takedown procedures, at least some distinction was made between harmful and illegal content. In stead of calling for a general combat against all illegal and harmful content, the recommendation now calls for the promotion of education and end user skills to critically assess the quality of information. In the section with suggestions for the private sector the dangers of private censorship and the need to distinguish between harmful and illegal content are explicitly addressed, but these points did not make it to the section where governments are invited to take action. The document states: "Private sector parties are "encouraged to address in a decisive manner (...) private censorship (hidden censorship) by Internet service providers, for example blocking or removing content, on their own initiative or upon the request of a third party; the difference between illegal content and harmful content."
A point in the draft statement EDRI is pleased to see is the call on member states to promote interoperable technical standards to allow for the widest possible access to content. Sadly, the attempt to create a time limit on measures curtailing human rights was limited to measures appealing to article 15 of the European Convention on Human Rights, the article that grants member states exceptional rights in case of war or public emergencies threatening the life of the nation. Most of the state surveillance and control measures EDRI is highly concerned about do not invoke this exception but are presented as regular extensions of law enforcement powers.
Another issue EDRI was concerned about was the section about Intellectual Property. Much weaker than the recommendations of the Unesco NL conference from February 2005 this draft statement at least calls for protection of access to information. "Intellectual property rights must be protected in a digital environment, in accordance with the provisions of international treaties in the area of intellectual property. At the same time, access to information in the public domain must be protected, and attempts to curtail access and usage rights prevented."
Draft political statement on the principles and guidelines for ensuring respect for human rights and the rule of law in the information society approved by the CAHSI (13.04.2005) http://www.coe.int/t/e/integrated_projects/democracy/02_Activities/00_...(2005)7enfinal.asp#TopOfPage
(Thanks to Meryem Marzouki, EDRI-member IRIS)
On 13 April 2005 EDRI-member Isoc Bulgaria organised its second Big Brother Award Ceremony. This years winner in the category of most heinous political institution was the Council of Ministers, for changing the Data Protection Act. Data protection was used as an excuse to block access to personal data of public figures, including politicians.
The individual Bulgarian who most excelled in violating privacy rights was the Chief Prosecutor, for starting an investigation against the journalists who created the BBC television report 'To Win The Games', about alleged bribery for the 2012 Olympic Games city selection. Two journalists posing as businessmen talked to the Bulgarian Member of the International Olympic Committee (Ivan Slavkov) and offered him money if he'd vote for London. The 'prize' also goes to the Appeal prosecution office of the city of Plovdiv for requesting the social security numbers of all cybercafe visitors in the city, and demanding detailed records about the time they accessed the Internet.
Finally the television producers of the program 'SIA Advertising' were put in the icecold spotlight for using the personal data of 15.000 people for advertising, without prior warning or consent. These people had applied for participation in the Big Brother show.
Press release ISOC Bulgaria (in Bulgarian, 14.05.2005)
http://bg.bigbrotherawards.org/ceremony2005.html
The music industry has launched a new wave of lawsuits against individual P2P users in Europe. For the first time individual users were targeted in Finland, Ireland, Iceland and the Netherlands. These countries join Austria, Denmark, France, Germany, Italy and the UK, where litigation started last year.
During a press conference in the Netherlands on 12 April 2005, in the presence of IFPI CEO John Kennedy, the local representative of the entertainment industry Brein announced it would start 32 court cases against individual alleged infringers. In order to obtain the identifying data of the users behind IP-addresses from which music was unlawfully uploaded, Brein will sue five Dutch internet providers (Planet Internet, Het Net, @Home, Wanadoo and Tiscali). These 5 providers had agreed earlier in April to forward complaints from the right holders to their customers. In total, Brein sent 50 intimidating cease and desist letters, demanding the recipient would identify him- or herself, agree to pay an average fine of 2.100 euro and sign a unlimited binding agreement to never ever "directly or indirectly be involved in any way or have an interest in unlawfully distributing materials on the internet". If ever again cought in such a very broadly defined act, the signee agrees to pay a fine of 5.000 euro per day.
Only 7 people were shocked into signing all their rights away. None of the providers handed over the identifying data voluntarily, claiming only a judge could define if such a privacy violation was legitimate. EDRI-member Bits of Freedom has an anonymised copy of one of these letters on its website (in Dutch only).
According to an international IFPI press release 248 people in Europe have faced sanctions or paid fines or compensation averaging more than 3,000 euro each. IFPI also seems extremely proud of prosecuting professionals: "Those who are paying the price of piracy include a German judge, a French cook and a British local councillor." With the 9.900 cases already dealt with or pending in the US, in total IFPI is now dealing with 11.552 lawsuits.
E-zine The Register reports that in the UK on 19 April a judge ordered 5 ISPs to hand over the identifying data of 33 filesharers. The case brings the number of people in the UK to face legal action for illegal file sharing up to 90.
IFPI press release (12.04.2005)
http://www.ifpi.org/site-content/press/20050412.html
Letter Brein (in Dutch, 31.03.2005)
http://www.bof.nl/docs/breinvordering.pdf
UK court orders ISPs to reveal IDs of 33 filesharers (19.04.2005)
http://www.theregister.co.uk/2005/04/19/bpi_p2p_lawsuits/
On Wednesday 13 April the Dutch news agency ANP broke the news that the European Council of Justice and Home Affairs had definitely withdrawn the data retention proposal from their schedule and would wait for a proper 1st pillar proposal from the European Commission, following devastating legal advice from both the Commission as well as the internal legal service. Thanks to the civil rights organisation Statewatch the two documents (in French only) had been leaked to the public on 10 April 2005. Both texts suggest that the Council is wrong in assuming it can create mandatory data retention in the third pillar (criminal law and policing). The proposal will have such a major impact on the internal market and the existing e-privacy directive of 2002 that only the Commission, with full co-decision rights of the European Parliament, is allowed to propose legislation.
ANP also suggested the Commission' proposal wouldn't be ready before September 2005, thus seriously delaying the Council scheme of introducing a framework decision on data retention by the 1st of June 2005. EDRI could not get any confirmation of this news. The day before ANP brought the news, during an intensive debate with the legal affairs committee of the Dutch Lower House about the draft framework decision, Justice Minister Donner completely denied the importance of the two documents. The Council would just continue its work, and if the Commission would come up with a proposal it would be early enough for the Council to take a position on the legalities. A majority of MPs wanted much more proof of the necessity and especially effectivity of data retention, before they could agree with any further steps in the JHA Council. Donner said he would send another letter to the Lower House explaining his position on the necessary data and required powers for international collaboration. He also promised that the results of a new investigation into the need and necessity of data retention would become publicly available and discussed in Parliament before the Netherlands would agree to any JHA vote on the issue. Donner commissioned the report in February 2005 to the criminal law faculty of the Erasmus University of Rotterdam. According to the minister, the discussion was removed from the JHA schedule of 14 April "because there was still too much difference in opinion on the kind of data to be retained."
On 15 April the German e-zine Heise got a similar quote from a spokesperson of the Council about the irrelevance of the legal advices. The Working Party on Cooperation in Criminal Matters (high level officials) would just continue to work on the details of the framework this week. To underline their determination, on 15 April the Council published a new proposal made by Lithuania on the content of communication data to the working group. The Lithuanians suggest that the police definitely needs access to massive databases with all imaginable telecommunication protocols, as well as username, password, PIN and PUK codes.
Heise also quotes a furious Alexander Alvaro, the EP rapporteur on the proposal (in a purely consultative role). Alvaro was outraged at a speech by the Luxembourg Justice minister Luc Frieden, who told the European Parliament that it was unnecessary to debate the legal approach if all parties agreed on the same goal. Apparently, the Council still expects a hardcore data retention proposal from the Commission to appear early in June 2005.
EU: Data Retention proposal partly illegal, say Council and Commission lawyers (10.04.2005)
http://www.statewatch.org/news/2005/apr/02eu-data-retention.htm
Heise: Weiter Zoff um EU-Pläne zur Speicherung von TK-Verbindungsdaten (15.04.2005)
http://www.heise.de/newsticker/meldung/58625
Lithuanian proposal on the content of communication data (published 15.04.2005)
http://register.consilium.eu.int/pdf/en/05/st08/st08004.en05.pdf
The French minister of the Interior Dominique de Villepin has announced plans to force every Frenchman to buy a new electronic ID card with a chip containing photograph and fingerprints. On 11 April the French government outlined its plan to introduce biometrics on passports by 2006 and on ID cards by 2007.
In an interview with the newspaper France-Soir a day later, De Villepin said ID cards should be made compulsory again in France, after the obligation was deleted in 1955.
IDG News reports that the current French obligation to show ID at request is relatively mild. Citizens may present a driving license or a passport, even an expired one, or call witnesses. A passport currently costs about 60 euro in France, while identity cards are free. "The price of the passport will be increased a little. And there'll be a fee for the identity card: that's the price of security," De Villepin told the newspaper.
The biometric information and other identifying information will be stored in a separate encrypted block on the chip, allowing access only to authorised officials. The chip will also contain some digitised authentication, to be able to file electronic tax declarations.
Because the information is stored on a contact-less chip, citizens may well be scanned secretly, a major concern of civil rights organisations. But according to the French newspaper Le Monde the architecture of the system consists of 4 separate central databases, and only authorised officials may link information about fingerprints or facial scans to the database with general identifying information. Access to the databases will be tracked, and there will be penalties for wrongful use.
Both IDG and Le Monde provide interesting lists of ID obligations in other European countries, following the decisions by the European Council of Justice and Home Affairs in December 2004 and the European Commission in February 2005 to include biometrics on contact-less chips on passports (see EDRI-gram 3.7). The decision does explicitly not cover ID cards, but many countries seem very happy to include the data on chips on these cards as well.
The resistance in the UK against mandatory ID has been covered extensively in EDRI-gram and has proven very effective so far. In Germany a paper ID card is compulsory, to be replaced by an electronic card containing fingerprints in the future. In Belgium an electronic ID card will be compulsory by the end of 2006, but there are no plans yet to introduce biometrics. In Italy, Estonia and Finland electronic ID cards are voluntary. Italians may choose to provide their fingerprints, while the Finnish card only contains only the holders name. In the Netherlands, which recently introduced compulsory identification, both passports and ID cards will contain a face scan before the deadline of August 2006, stored on a contact-less chip. Fingerprints will be added later.
French may have to buy compulsory biometric ID cards (12.04.2005)
http://www.pcadvisor.co.uk/index.cfm?go=news.view&news=4668
Le Monde: Feu vert pour la carte d'identité électronique (12.04.2005)
http://www.lemonde.fr/web/article/0,1-0@2-3244,36-638179@51-627772,0.h...
EDRI-gram 3.7: No delay for EU biometric passports (06.04.2005)
http://www.edri.org/edrigram/number3.7/biometrics
French government organised national debate about electronic ID cards (February-June 2005)
http://www.foruminternet.org/carte_identite/
European privacy developments and counter strategies from civil society was one of the topics at the annual US privacy conference, Computers, Freedoms and Privacy (CFP), last week in Seattle.
During the specific debate devoted to developments in Europe it became clear that while EU countries used to be known for their strong privacy legislation and oversight mechanisms, the last couple of years represent a serious set-back in human rights protection. Examples discussed included mandatory data retention, ID cards such as the recent French proposal, transfer of passenger data and biometric identifiers on passports. The mainly American audience was quite astonished about the amount of privacy invasive measures, which have been introduced in Europe as part of the 'war on terror'.
The panel also tried to analyse the differences in the civil society landscape in US and Europe, and panelist Ivan Szekely gave some visionary thoughts on how to strengthen and broaden the advocacy base in Europe, i.e. by mainstreaming privacy advocacy into community activities of art and sports. The panel also debated the trend of increased policy laundering between national states and EU, and between US and Europe, with the lack of democracy and transparency this implies.
In the panel was Meryem Marzouki from EDRI-member IRIS in France, Gus Hosein from Privacy International and Ivan Szekely from Open Archives Hungary.
Program CFP05
http://www.cfp2005.org/
(Contribution by Rikke Frank Jørgensen from EDRI-member digital rights in Denmark, moderator of the panel)
After signing an international petition urging the WIPO to open its doors to non-governmental organisations for the important debates on developing an alternative development agenda, European Digital Rights was awarded last-minute ad hoc accreditation on 11 April 2005. The German DRM-expert Volker Grassmuck was able to make a statement on behalf of EDRI during a special Inter-sessional Inter-governmental Meeting (IIM) from 11-15 April 2005.
Grassmuck concentrated on the conflict between the circumvention protection of DRM and copyright exceptions. Article 11 of the WIPO Copyright Treaty obligates Members to "provide adequate legal protection and effective legal remedies against the circumvention of effective technological measures." Many WIPO Members, including most European countries have therefore introduced anti-circumvention provisions into their national laws. While in Europe recently some interesting balances have been struck by governments, for example the unique agreement with German Publishers Association, the German Phonographic Industry and the German Library to enable the National Library to circumvent DRMs for preservation purposes, the situation for the developing nations is extremely bleak. Grassmuck said: "It therefore appears that while developing nations are getting the same - some would argue excessive - level of technologically implemented IP protection as developed nations, they are lacking the corresponding mechanisms that counterbalance IP protection with access to knowledge."
But North-South discrepancies are not the only concern of European Digital Rights: "Part of the next step towards re-establishing balance is defining a set of minimum unwaivable exceptions as has been suggested by the distinguished delegate from Chile at the last SCCR meeting. In particular, as the only mandatory exception under Berne, there must be a mechanism to protect the quotation exception against DRM, as pointed out by Sam Ricketson in a WIPO study on limitations and exceptions."
EDRI considers access for NGOs to these meetings crucial, since it offers one of the very few chances to try to tilt the current imbalance between right holders and consumers/civil society. On 4 October 2004 the WIPO member states adopted a proposal from Argentine and Brazil (supported by numerous developing nations) to work on a Development Agenda. At the adoption, member countries explicitly called upon WIPO to 'give greater weight to the interests of consumers and public interest at large.' But at the IIM meeting only NGO's with permanent member status before fall 2004 were allowed.
In the final statement of the IIM it was decided that EDRI and the other non-permanent NGOs will also get ad hoc accreditation at the two follow-up meetings on 20-22 June and in July.
Statement Volker Grassmuck on behalf of EDRI (12.04.2005)
http://lists.essential.org/pipermail/a2k/2005-April/000250.html
Group Request for Reconsideration of NGO Accreditation Policy for WIPO Development Agenda Meetings 11 –15 April 2005 (29.03.2005)
http://www.ipjustice.org/WIPO/group_request032905.shtml
Overview of other NGO and country statements at IIM
http://www.cptech.org/ip/wipo/iim1.html
21 May 2005, London, UK
Conference: Suspect Communities, the real 'war on terror' in Europe
http://www.londonmet.ac.uk/research-units/hrsj/events/events_home.cfm
27-28 May 2005, Florence, Italy, E-Privacy Conference 2005
This edition of the foremost Italian conference on privacy in the digital
age will focus on automatic data collection and retention. During the
conference the first Italian Big Brother Award Ceremony will be held in
the stunningly beautiful Palazzo Vecchio.
http://e-privacy.firenze.linux.it/
6-11 June 2005, Benevento (Naples), Italy
Digital Communities 2005
http://www.ssc.msu.edu/~espace/DC2005.html
13 June 2005, Brussels, Belgium
European Commission Information day on the Safer Internet Plus Program.
Further information and registration forms will be available at the end of
April 2005
http://europa.eu.int/saferinternet
17-18 June 2005, Amsterdam, The Netherlands
3d Amsterdam Internet Conference organised by OSCE Representative on
Freedom of the Media
30 June - 1 July 2005, Geneva, Switzerland
International Symposium on Intellectual Property (IP) Education and
Research, organised by WIPO
http://www.wipo.int/academy/en/meetings/iped_sym_05/
11-15 July 2005, Genova, Italy, OSS 2005
http://oss2005.case.unibz.it/index.html
28-31 July 2005, Den Bosch, The Netherlands
What The Hack, major open air hacker / internet lifestyle event. Reduced
early bird entrance fee available until 10 May 2005.
http://www.whatthehack.org/
8-9 September 2005, Brussels, Belgium
EuroSOCAP Workshop on confidentiality and privacy in healthcare
3 year programme to develop new ethical standards for privacy and patient
access to (electronical) files, started on 31 January 2003.
http://www.eurosocap.org