The UK supermarket chain Tesco has confirmed that it is testing a controversial surveillance system that tracks customers in one of their stores in Cambridge. Anyone buying certain products will have their picture taken. Twice.
The system uses Radio Frequency Identifiers (RFIDs) to trigger CCTV cameras to take a picture of the customer. In the test RFIDs are embedded in Gillette razor blades. When the customer takes a package of Gillette from the shelf a RFID reader will trigger a camera to take a picture. At the checkout another RFID reader will trigger a second camera. The camera's are monitored by security personnel in the shop who will compare the two pictures. The system is supposedly designed to detect theft.
RFIDs are very small radio chips that transmit a unique serial code when a reader is placed in their proximity. Retailers hail the technology for its usefulness in logistics and supply chain management. Consumer groups and privacy advocates are campaigning for rules for the use of the chips to prevent the technology from becoming a covert surveillance tool to spy on consumers.
The use of RFIDs to track buyers in supermarkets is outlined in various presentation documents from the Auto-ID center, a platform of the RFID industry. The documents also outline ideas for theft prediction by tracking the movements and behavior of customers in a supermarket through the use of RFIDs.
Tesco tests spy chip technology (19.07.2003)
http://www.guardian.co.uk/uk_news/story/0%2c3604%2c1001211%2c00.html
The Next Information Revolution: The Networked Physical World (Auto-ID Center)
http://cryptome.org/rfid/fmi_2002.pdf
(Contribution by Maurice Wessling, EDRI-member Bits of Freedom)
On 17 July, Landwell, a Spanish legal firm related to Price-Waterhouse-Coopers, issued a press release stating that they were planning to present a lawsuit against 4.000 Spanish Kazaa users for illegally downloading copyrighted material such as movies, songs or software. They announced they had identified a total of 95.000 Spanish file-sharers, and were going to start with the prosecution of the 4.000 most serious ones.
In fact, this would be the biggest prosecution of internet users yet in Europe, mimicking the recent hunt down of users in the United States. Before, only Danish users were brought to court, when in December 2002, APG (Antipiracygroup) registered the IP numbers of potential copyright violators (i.e. people that offered files on Kazaa and eDonkey) and subsequently used the IP numbers to get a court order. With the court order in place, APG got the users names and addresses from the ISPs, and subsequently sent out app. 150 requests for financial compensation.
The announcement of the Spanish lawsuit was accompanied by a request to use unspecified software able to emulate p2p protocols in order to identify the users. Several cyberrights organization acted very fast, stating that users have a perfect right to share files as long as there is no profit behind it. The Asociacion de Internautas (a large internet user association) compared Landwell to the Gestapo and freely offered their lawyers to any Spanish citizen that would be accused under the announced lawsuit.
The cyberrights e-zine Kriptópolis made a special issue, including a text by Xavier Ribas, the main lawyer behind the lawsuit from Landwell, and a reply from Carlos Sánchez Almeida, a well-known expert in legal internet issues. Analyzing and comparing the arguments, it becomes quite clear that the lawsuit is nothing more than an attempt to create fear amongst Spanish users, as there seems to be nothing solid behind the lawsuit. First of all, it is not clear that sharing files is a crime, if it is done non-profit. More importantly, the system Landwell used to track the users (the Kazaa protocols) does not offer enough information to track the real identities of the users.
In fact, in a recent radio interview, Ribas admitted that the lawsuit had not been presented yet, giving further rise to the suspicion that it never would.
Ribas: Compartir copias no autorizadas a través de P2P es delito (26.07.2003)
http://www.kriptopolis.com/more.php?id=94_0_1_0_M
Almeida: Compartir no es delito (23.07.2003)
http://www.kriptopolis.com/more.php?id=91_0_1_0_M
Wired News: Spanish firm target file traders (23.07.2003)
http://www.wired.com/news/digiwood/0,1412,59720,00.html
(Contribution by David Casacuberta, CPSR Spain)
A Dutch member of the European Parliament is threatening to take the European Commission to court for failing to protect the digital privacy of its EU citizens. EU MP Johanna Boogerd is also vice-chairman of LIBE, the parliamentary committee on Citizens' Freedoms and Rights, Justice and Home Affairs. She opposes the agreement between the Commission and US Customs that allows for live access for an unlimited amount of US security officials to information about European air passengers, including sensitive personal data like travel history and food preferences.
As she explains in an interview with Radio Netherlands, providing such access to third parties breaks EU laws and directives designed to protect the privacy of the individual. Ms Boogerd says that although the European laws are under review for being too harsh, privacy cannot be altogether ignored.
Interview with Johanna Boogerd (24.07.2003)
http://www.rnw.nl/hotspots/html/eu030724.html
The EU parliament Committee on Legal Affairs and the Internal Market will vote on 11 September on the proposed EU Directive on the enforcement of intellectual property rights.
The Directive proposes to harmonize IP law in such a way that all enforcement measures available to IP owners in any EU member state must be available in all of them.
UK security researcher Ross Anderson has published an analysis of the proposed EU Directive. At present, copyright infringement is treated by most member states as a civil matter in general. The Directive would compel every member state to criminalize all violations of intellectual property that are deliberate and conducted in the course of a business.
The proposed Directive gives a 'Right of Information' to the music and film industry which is a quasi-automatic right to the personal data of alleged infringers, without filing a lawsuit. The proposal will have serious consequences for the privacy of P2P users and will give the entertainment industry direct access to names and addresses of users.
Anderson sums up the consequences for privacy, culture, universities, libraries and the disabled, software competition and the single market.
The Draft IP Enforcement Directive - A Threat to Competition and Liberty
http://www.cl.cam.ac.uk/~rja14/draftdir.html
Enforcement of intellectual property rights
http://europa.eu.int/comm/internal_market/en/indprop/piracy/index.htm
On 26 June a special copyright advisory board within the French Ministry of Culture published a report supporting government plans to increase surveillance of Internet users as part of a wider bid to stop the online copying of protected works.
The Superior Council for Artistic and Literary Intellectual Property (Conseil Supérieur de la Propriété Littéraire et Artistique, or CSPLA) advises to create a 3 year period of mandatory retention of traffic data by ISP's to help track down online copyright violations and counterfeiting. The legal regime for data retention is set by the law on daily safety (Loi sur la Sécurité Quotidienne - LSQ) from 15 November 2001, even though the application decrees have not been adopted yet. In an earlier response to that law, the French privacy authority CNIL demanded a maximum period of 3 months.
On top of that, in their advice on the implementation of the European Copyright Directive (2001/29/EC, to be transposed in the law on the digital economy) the CSPLA wants explicit legal permission to create databases with the IP-numbers of internet users that share music, films or computer programs. They call on parliament to 'find a solution to allow collecting societies and rightholders to create such files with the sole purpose of protecting their rights.'
That call seems hardly necessary anymore. Even though the CNIL explicitly rejected the creation of such a database in an advice from March 2001, recently the CNIL changed its mind. According to an amendment on the new privacy law drafted by CNIL vice-president and senator Alex Turk, companies that are victims of copyright infringements have the right to collect personal data when related to infringements, judgments and safety measures.
Finally, the commission recommends the future of Digital Rights Management as a system that won't just to be able to check whether files are authorized for legal exchange online, but also able to identify and block file exchanges in any server and router on its way.
The draft law on the digital economy, approved last February by the lower house of Parliament and late June by the Senate, is expected to be passed by the end of this year.
CSPLA report (26.06.2003, in French)
http://www.culture.gouv.fr/culture/cspla/raplibertesindiv.pdf
Article in e-zine Transfert (04.07.2003, in French)
http://www.transfert.net/a9082
On 22 July, the European Commission announced legal steps against the government of Greece for it's unjust anti-gaming law. The Commission questions the compatibility of the law in question (of 29 July 2002) with the provisions of the EC Treaty on the free movement of goods and services and the freedom of establishment.
The Greek law puts a general ban on computer games, without any distinction between slot machines and computer-games, thus making it totally impossible to provide and supply electronic games equipment and programs or to perform related activities (for example, the installation, repair and maintenance of such equipment and programs).
According to the Commission, the law "could be disproportionate, insofar as it tends to encompass, on the one hand, equipment (slot machines) and games of chance which might give rise to social concerns and, on the other, games of an entirely different nature which are not, in themselves, a source of particular disquiet with regard to public order or consumer protection."
Earlier, this same law was declared unconstitutional by a judge, and charges against three people were dismissed. All three of them were operating or working for internetcafe's.
Announcement European Commission (22.07.2003)
http://www.europa.eu.int/rapid/start/cgi/guesten.ksh?p_action.gettxt=g...
Greek gaming law defeated in court (11.09.2002)
http://news.com.com/2100-1040-957519.html
Between 15 and 18 July an inter-sessional meeting for the World Summit on the Information Society (WSIS) took place in Paris, with a special focus on human rights in the information society. In this Human Rights caucus, made up of 25 organizations, 2 EDRI-members participated, the French IRIS and the Danish Digital Rights. The HR group presented 2 oral statements to different plenary government meetings and an alternative to the first paragraph of the draft Declaration of Principles.
The first oral statement was entitled 'Back to the Basics, WSIS and Human Rights', and argued for stronger protection of privacy and security of cultural rights instead of the culture of security. The second statement was presented on behalf of the civil society plenary, to express the general feeling of the civil society organizations about the last draft of the Declaration of principles. In this statement, the importance of article 19 of the Human Rights Declaration was underlined, regretting the proposed "amputation of the section that guarantees that freedom of expression shall be exercised without interference of any kind, regardless of frontiers."
The alternative to the first paragraph of the draft Declaration of Principles was provided to many government delegates and to both the president of the inter-sessional and the WSIS preparatory process. The rewritten paragraph was immediately supported by the Swiss government and stands a good chance of being adopted as the official version.
The human rights caucus also helped the association CRIS (communication rights in the information society) to clarify their proposal of a "right to communicate", arguing that a new right cannot be claimed while existing rights dealing with information and communication are still being ignored. Existing rights (including economic, social and cultural rights) need to be reaffirmed and enforced and treated as indivisible rights. The revised statement from CRIS reaffirms freedom of expression as "the basis for individual and societal development", and "communication rightS" is now the preferred expression, rather that a "right to communicate".
First oral statement to governments plenary (16.07.203, in English)
http://www.iris.sgdg.org/actions/smsi/hr-wsis/hris-speech-160703.html
Second oral statement to governments plenary (18.07.2003, in English)
http://www.iris.sgdg.org/actions/smsi/hr-wsis/hris-cs-180703.html
Alternative first paragraph of the Declaration of Principles (17.07.2003,
in English)
http://www.iris.sgdg.org/actions/smsi/hr-wsis/hris-para1-170703.html
Revised CRIS statement (17.07.2003, in English)
http://www.crisinfo.org/live/index.php?section=2&subsection=3&...
(Contribution by Meryem Marzouki, IRIS)