At the EDRI general assembly of 7 August 2005 in Berlin, Germany, EDRI has welcomed 5 new members. FoeBuD from Germany organises the Big Brother Awards in Germany and is well-known for its expertise in RFID. Greennet, an independent ISP in the UK, is part of the APC network and has built up a reputation as campaigner for privacy and human rights on the Internet. The Association for Technology and Internet (APTI) from Romania is a newly founded group of internet experts, who wish to promote human rights in the digital environment and support digital civil rights in the Romanian society." The Prague-based NGO Iuridicum Remedium offers free legal help to disadvantaged or discriminated people, and has developed a special program on technology and human rights. This year they will organise the first Big Brother Award ceremony in the Czech Republic. Last but not least, the NGO Metamorphosis in Macedonia was founded with a focus on software issues, but they are developing into a networking node for digital rights in Macedonia.
EDRI now has 21 members in 14 European countries, all within the territory of the Council of Europe. The members of EDRI agreed during the meeting to focus on a few topics in the upcoming parliamentary year: data retention, biometrics and the new Commission proposal for penal enforcement of intellectual property rights. In addition, EDRI-members will closely follow developments with regards to RFID and e-voting and many will be present at WSIS in Tunisia in November.
APTI, Romania
http://www.apti.ro/
FoeBuD, Germany
http://www.foebud.org/
Greennet, UK
http://www.gn.apc.org/
Iuridicum Remedium, Czech Republic
http://www.iure.org/
Metamorphosis, Macedonia
http://www.metamorphosis.org.mk
Over 21.000 people have already signed the new EDRI and XS4ALL petition against mandatory data retention. The petition is now available in 13 languages, including Bulgarian, Polish, Czech and Hungarian and will remain open for signatures until October 2005.
Divided per country, the Netherlands keep their number 1 position, with over 7.300 signatures. But relatively, the amount of signatures from Finland (almost 4.500) is actually much higher, when compared to the number of inhabitants (5 million). Germany is taking a third position with almost 3.500 signatures, followed by Austria and Italy with almost a 1.000 signatures each. France, Belgium and Sweden all have contributed over 500 signatures. The petition is also supported by 45 organisations and companies.
To engage more supporters to contribute to the campaign against data retention, EDRI has opened a special WIKI, based on the technology used by the online encyclopaedia Wikipedia. Everybody is invited to contribute background information and localised banners. The WIKI also contains a link-back list, to allow people to indicate they have put a banner to the petition on their homepage. Everybody interested in joining the fight against data retention may also subscribe to the open EDRI mailinglist on data retention.
With the campaign, EDRI hopes to support the members of both the national parliaments and the European Parliament that systematic data retention is not the right way to protect our open society against crime and terrorism. Without any evidence for the necessity and benefits for law enforcement, the proposal undermines fundamental human rights values, such as the right to be held innocent until proven guilty. Given the very broad scope of the Commission proposal, which includes the prevention of criminal offences, the proposal inevitably allows for large-scale data-mining on the communication behaviour and GSM location data of innocent citizens. This concern is aggravated by the fact that both the ministers of Justice and Home Affairs and the Commission wish to create an open-ended list of data, to be updated continuously in back-doors procedures without any thorough democratic consultation. Now that web-surfing data and location data of GSMs in standby-mode are excluded from the initial Commission proposal, the European Parliament might be tempted to agree to the directive. In that case, law enforcement could easily add all their other long-standing wishes within a few months after adoption, without every having to meet the strict proportionality and subsidiarity criteria of human rights law. And those wish-lists are just too long and too widely distributed to be ignored.
EDRI campaign WIKI with hourly signature count per country
http://quintessenz.at/drcampaign/
Subscribe to the open EDRI data retention mailinglist
http://mailman.edri.org/cgi-bin/mailman/listinfo/edri-dr
EDRI and XS4ALL petition against data retention
http://www.dataretentionisnosolution.com
Overview of law enforcement wish-lists
http://www.quintessenz.at/drcampaign/index.php/Law_enforcement_wishlis...
On 27 July 2005 the Italian government published a decree 'with urgent measures to fight international terrorism'. Under Article 6 all telephony providers are obliged to store traffic data until 31 December 2007. The measure was converted into law on 31 July 2005. The data retention period for information about mobile and fixed telephony in Italy thus minimally is 2 years and 5 months, but the decree also obliges providers not to destroy any traffic data they already have of their customers, at least two years for telephony providers. Internet providers must retain all data for at least 6 months, with a possibility for extension to another 6 months. The access barrier to the data is lowered to the (deputy) public prosecutor, in case the investigation requires the data urgently. However, any such order has to be approved within 48 hours by an investigative judge.
Besides, the decree introduces compulsory identification for mobile telephony users, "before the service is actually activated, at the moment of the order or the SIM is handed-over." Resellers of mobile subscriptions or pre-paid cards must take all measures to guarantee the identity of purchaser and keep a photocopy of each presented identity card. Article 7 decrees that all internetcafes and public telephone shops with at least 3 terminals must seek a license permit within 30 days from a 'questore', a local representative of the Ministry of Home Affairs. They have to store all traffic data of their customers as well. The length of this storage will be decided upon in a separate, yet to be issued, administrative decree. WIFI-points and locations that do not store traffic data will have to preventively demand ID from their users. This actually already is common practice in Italy; hotspots at several airports for example will only allow internet usage after the user has entered the serial number of his ID card or drivers license.
Literally, Article 6 decrees that all providers of public internet and telephony communication services and networks must store all data related to "the traceability of access and -if available- services", without the content of such communications. Legally, the article enables traffic data retention by outlawing all the relevant data protection provisions until 31 December 2007. Under these provisions, service providers are obliged to anonymise or delete traffic data when they no longer need it to process the communication or to send bills (with a maximum of 6 months). The new surplus of stored traffic data can be accessed for anti-terrorism purposes and for general penal enforcement of criminal offences.
The decree does not contain any specific instructions for internet traffic data. With regards to telephony, the providers have to store all the unsuccesful dial attempts as well. This demand has been the topic of heated debate within the Council of Ministers of Justice and Home Affairs (JHA Council), since many operators protested fiercely to their governments about extremely high costs to implement those measures. The decree says the ministers will have a further debate on the registration of unsuccesful call attempts, with respect to a cost calculation and "allocation of relative costs, while excluding any financial reimbursement by the State."
When Italy adopted the EU e-privacy directive of 2002, they immediately created an exception to the obligation to erase traffic data, in Article 132 of decree law n. 196 of 30 June 2003. This already specifies mandatory retention of telephony traffic data for 48 months, but without the location data. Data about the earliest 24 months are only accessible, according to a reference to the Penal Code, for investigations into cybercrime and into crimes committed within an organisational (mafia) structure or for services delivered by a citizen to a hostile state.
Law n.155 (in Italian, 31.07.2005)
http://www.edri.org/docs/dataretentionlawitaly.pdf
Data protection law n. 196 (in Italian, 30.06.2003)
http://www.garanteprivacy.it/garante/doc.jsp?ID=1105372
(Thanks Andrea Glorioso, Italian consultant on digital policies)
In a similar move both the UK and Dutch governments have revealed plans against the justification and glorification of terrorist and other offences.
The UK proposal would authorise the Home secretary to deport any foreigner involved in extremist bookshops, centres, organisations and websites. The UK government plans to draw up a list of specific extremist websites, bookshops, centres, networks and particular organisations of concern. Active engagement with any of these will be a trigger for the home secretary to consider deportation. The UK proposal also makes justifying or glorifying terrorism anywhere an offence. It is unclear if the list with extremist sites and bookshops would be made public or kept secret.
In a consultation document the active involvement in a website is described as "running a website". The document states that the UK government considers as extreme views: to foment terrorism or seek to provoke others to terrorist acts; justify or glorify terrorism; foment other serious criminal activity or seek to provoke others to serious criminal acts; foster hatred which may lead to inter-community violence in the UK and advocate violence in furtherance of particular beliefs.
The UK civil liberties organisation Liberty is concerned with the proposals. In a statement Liberty says it is "alarmed by the intention to return individuals to countries where they may face torture. Torturing, or sending people to face torture, can never be justified". Liberty goes on saying "that the criminal offence of condoning, glorifying, or justifying terrorism is broad enough to catch moderate as well as ranting politicians and religious spokespeople".
On 28 July the Dutch minister of Justice presented a draft law which makes it possible to prosecute individuals who glorify, trivialise or deny war crimes, genocide or terrorist attacks. Not all acts of glorification would be banned, according to a ministry of justice statement only "if they seriously disturb or could disturb the public order".
The Dutch law is not directly presented as an anti-terrorism measure. According to the Dutch minister of Justice Donner it "is the task of the government to raise the social debate to acceptable standards". "The current shape of the public debate in the Netherlands is of great concern", the Minister wrote as clarification. "Offensive remarks can cause tension between sections of the population and promote radicalisation." The minister also believes that glorification "can hurt the general public to the core and generate intense social concerns". "The Minister is of the opinion that the public debate in the Netherlands should be maintained at a proper level and ought to be a matter of concern to all Dutch citizens".
The explanatory report that accompanies the draft law does not limit prosecution to the glorification of past terrorist acts; "the glorification of a future terrorist crime is also possible and could have a similar grave impact". The internet is not mentioned in the Dutch texts but glorification of a terrorist crime on websites could be prosecuted under the draft law.
Exclusion or deportation from the UK on non-conducive grounds: consultation document (05.08.2005)
http://www.statewatch.org/news/2005/aug/uk-deportation.pdf
Prime Minister threatens fundamental human rights (05.08.2005)
http://www.liberty-human-rights.org.uk/press/2005/pm-threatens-human-r...
New Bill would make glorification of very serious offences a crime (28.07.2005)
http://www.justitie.nl/english/press/press_releases/archive/archive_20...
(Contribution by Maurice Wessling, Bits of Freedom)
The long running legal fight between the German software company Nutzwerk (Leipzig) and the Foundation for a Free Information Infrastructure (FFII, best known for its extensive lobby against software patents) has culminated in the takedown of the FFII.org website on 1 August 2005. Technically, the website itself wasn't removed, but in a far more radical move, the German company Teamware removed the DNS-registration of the website, making it invisible to the rest of the world. Nutzwerk justified the takedown claim to Teamware by referring to an intermediate Hamburg court injunction that ordered FFII to remove some specific phrases and an insultory headline about Nutzwerk. The line was: 'Nutzwerk: Zuck und Nepp mit Softwarepatenten' (which roughly translates as 'gamble and fake with software patents').
Teamware was afraid it might be sued if it didn't take action, but also hesitantly admitted to the Dutch e-zine Webwereld that there could also be costs if Nutzwerk's claim was false and FFII would sue for damages. A spokesperson told Webwereld: "We did offer FFII the possibility to host their dns domain at another party," and even the reporter was offered to administer the domain. The DNS-provider of the almost identical website at www.ffii.de has not yet succumbed to the legal threats, nor has the hosting company of this website, www.united-domains.de.
FFII has covered extensive reporting about 6 patent claims of the company, following a public patent software row between Nutzwerk and the company Cobion. One of these patents expired, two were declared invalid and two were withdrawn. One patent has not been granted yet. When Google in 2003 showed a high page rank for these files about Nutzwerk, the company started litigation. Later, FFII dug up news about confronting and/or misleading search terms bought by Nutzwerk, including the term 'Scheiss Juden' to advertise an anonymous surfing service. Currently the FFII website contains some documented comments about a link-farm operated by Nutzwerk, to confuse searchbots with many metatags. After publication of this practice, Nutzwerk silently but immediately removed all the misleading referrals.
The legal case started in October 2004, when Nutzwerk simultaneously launched civil proceedings at courts in the cities Halle, Leipzig and Hamburg, making it extremely expensive for FFII to defend itself. When the reputable e-zine Heise reported about the case, on 28 October 2004, Nutzwerk also started to litigate the publisher and the editor-in-chief. In a recent article on the case, Heise writes they have already won in 10 different court proceedings.
While Nutzwerk claimed damage to personality rights, the FFII defence attorney claimed freedom of speech rights, within the context of educating a large audience about the problems arising from software patents. Since the entire FFII website consists of links and commentaries to developments with regards to software patents, the Nutzwerk file is nothing exceptional. Besides, the attorney pointed out, Nutzwerk didn't succeed in criminal proceedings against Cobion and also lost at the German patent court.
The Hamburg court ordered FFII to remove 8 critical sentences, in Halle Nutzwerk "lost 80% of the case" FFII says and in Leipzig Nutzwerk even withdrew the case completely. According to EFFI, since May 2005 Nutzwerk has successfully intimidated several web portal operators to remove links to the documentation and succeeded in taking several entire websites down. On 26 July 2005, the Internet service provider of the FFII, BayCIX, received a similar takedown request:
"In accordance with the regulations of the telecommunication service act (/Teledienstgesetz/) you are obliged, after getting knowledge of illegal contents, to remove them (in comparison to the ruling of the Federal Court (/Bundesgerichtshof/) from September 23rd, 2003, about reference number VI ZR 335/02). We hereby demand you to de-connect the IP address 212.72.72.97 immediately, but no later than on 28 July 2005, at 18:00 (6pm)."
BayCIX wasn't intimidated. FFII claims the reference to the Federal Court ruling is erroneous, since the case wasn't about takedown, but about a specific claim transfer from a website author to an internet service provider. In general, German jurisprudence rather excludes liability if the author is only citing external sources. The express ruling of the local court in Hamburg did not affect the nutzwerk.ffii.org documentation as a whole nor the FFII server as a whole, but only 8 specific phrases. These phrases were removed by FFII by mid-July 2005. But Nutzwerk continues to send takedown letters, as if reporting about the court decision is also forbidden.
Self-censored FFII case file on the legal battle against Nutzwerk (in German)
http://nutzwerk.ffii.org/index.de.html
FFII overview in English of press articles about the case
http://wiki.ffii.org/NutzwerkEn
Webwereld article, by Brenno de Winter (in English)
http://dewinter.com/modules.php?name=News&file=article&sid=194
Heise article (02.08.2005)
http://www.heise.de/newsticker/meldung/62354
Counter file on the proceedings against Heise by Nutzwerk (in German)
http://www.nutzwerk-heise.de/
On 27 January 2005 the Norwegian Supreme Court ruled on old case; the existence of the website napster.no, which Norwegian internet users could use in 2001 to find music files (not more than 170 in practice) on the Napster file-sharing system. The owner of the site is found guilty of accessory copyright infringement, for having contributed to make the copyright protected music files available to the public.
The Court states that it is beyond doubt that making a web-address known on a website does not constitute a 'making available to the public', regardless of whether or not the link refers to a web-address containing legally or illegally published material. Whether a web-address is expressed on the Internet or in a newspaper is immaterial.
If linking were to be considered as the 'making available to the public', the Court writes, every link, be it to legally or illegally published copyright protected material would require prior authorisation from the rightholder. This was exactly what the music industry claimed. But the court said this was too complicated a reasoning and therefore decided to only look at accessory liability.
In the appeal procedure, the court of second instance had rejected this claim, because it said that the uploaders' illegal acts stopped at the point in time when the music was uploaded. But the Supreme Court finds an uploader liable 'as long as the uploader makes the music available on the Internet.' Bruviks contention - that if the linking was not considered as making available to the public, there could be no legal basis for accessory liability – was rejected by the Supreme Court stating that it is not a requirement in criminal law that the accessory act in itself must be illegal. The linking enhanced the effect of the uploaders' acts by increasing the availability of the music.
Similar to the US Grokster case, the Norwegian Supreme Court states further that Bruvik acted wilfully, referring to the introductory text on the homepage: "Welcome to napster.no. You are now visiting Norway's largest and best website with music free of charge. Here you may download as much music as you desire."
The owner must pay an unspecified compensation for damages, related to the amount of users of the website that otherwise would have bought the CDs.
Krog comments: "It is the first case of its kind in Norway, and one of the first in Europe. The case is relevant for other jurisdictions as well since the Norwegian Copyright Act is a result of international agreements such as the Bern Convention and the EEA agreement with the EU."
Krog: Summary and link to extensive analysis of the case (14.05.2005)
http://blogs.law.harvard.edu/ugasser/discuss/msgReader$76?mode=topic
(Thanks to Georg Philip Krog, doctoral researcher in Private International Law, University of Oslo)
The German Constitutional Court has outlawed a special security law of the state of Niedersachsen that allowed police to wiretap telephone connections without any specific suspicion, as well as collect traffic data, GSM location data, e-mail and SMS traffic. The ruling also affects the state of Thuringen, with a similar law, and Bavaria, currently developing a similar law.
The Court outlines that under the German constitution interception is only possible under strict conditions. The security law is too vague (not specific enough and not enough standardised) and doesn't guarantee that completely private conversations are excluded or immediately deleted from the record. Preventive interception can only be lawful according to the Court if there are specific indications pointing to the preparation or planning of a criminal act.
Heise reports that the president of the Court said the ruling was in the heart of the tension between freedom and safety. According to him, there is no freedom without safety, "but security laws that allow for state interventions (in the privacy of citizens), limit the freedom and in extreme cases, may rather make citizens feel insecure."
Heise also reports about a heated debate that ensued in the week after the ruling amongst data protection authorities, liberal and left wing politicians. The former liberal minister of Justice Sabine Leutheusser-Schnarrenberger called for a drastic rethinking of politics and police. According to her, with over 30.000 telephone interceptions in 2004, the practice had grown to an extreme. The German C'T magazine interviewed Peter Schaar, the chair of the article 29 Working Party of data protection authorities. Schaar sees a clear consequence of this verdict for data retention: even the EU Commission compromise of storing internet traffic data for 'only' half a year, especially when flatrate services are involved, "is in considerable breach of the Constitution." Schaar recommends the Cybercrime model of a 'quick freeze' of data of specific suspects as a much more proportional alternative.
Präventive Telefonüberwachung verstößt gegen Grundgesetz (27.07.2005)
http://www.heise.de/newsticker/meldung/62150
Constitutional Court ruling, Az.: 1 BvR 668/04 (27.07.2005)
http://www.bundesverfassungsgericht.de/entscheidungen/rs20050727_1bvr0...
Interview with Peter Schaar, chairman of the EU data protection authorities (28.07.2005)
http://www.heise.de/ct/aktuell/meldung/62231
In Romania, 4 parliamentarians from the (opposition) Social Democrat Party (PSD) have initiated a draft law to drastically extend wiretapping powers in cases of defending national security. According to the draft law the interception of communications would be possible without a warrant from a judge in some cases.
In special cases that involve the national security, the interception could start right away. Authorisation for the interception for communications should be requested from a judge in maximum 48 hours after the interception started. The draft law explicitly refuses the right to appeal to any communications interception authorisation. The MPs also wish to drop the demand for a warrant if someone is testing new interception equipment or just making improvements to the interception equipment.
The draft law foresees the creation of a Technical Centre for National Security - a special body that would collect and manage all the information gathered in these interceptions.
The draft law was heavily criticised in the press, by civil society and by a minister of the reigning Liberal Party. Transparency International, the Pro Democracy Association and former dissident Mircea Dinescu have accused the former communist Security Forces of falling back into old habits.
Draft law submitted to the Parliament on 25.07.2005 (in Romanian)
http://www.cdep.ro/pls/proiecte/upl_pck.proiect?idp=6486&cam=2
Razvan Ghoerghe, Intercepting without warrant in: Ziua (22.07.2005)
http://www.ziua.net/display.php?id=181243&data=2005-07-23
Mircea Dinescu, The loneliness of the microphone in: Gandul (26.07.2005)
http://www.gandul.info/2005-07-26/actual/singuratatea_microfonului_de_...
(Contribution by Bogdan Manolea, Romanian legal expert)
On 1 August 2005 the Irish Minister for Trade and Commerce, Mr. Michael Ahern, announced a package of new IP legislation to be presented to parliament before the end of the year. Ireland needs to bring the public lending right and the artists' resale right into conformity with EU legislation and will simultaneously implement the new EU Directive on the Enforcement of Intellectual Property Rights, in collaboration with the Ministry of Justice. The enforcement directive (2004/48/EC) has to be implemented before the end of April 2006.
On the website of the ministry, the Minister acknowledges that the new implementation of the EU Rental and Lending Directive is caused by the Commission proceedings against Ireland in the European Court of Justice. Ireland exempted all public libraries from a remuneration scheme for lending, "referring to our small lending pool, the expected modest benefits for authors in relation to collection costs, and our long-standing efforts to encourage greater use of public libraries."
Press release Irish ministry for Enterprise, Trade and Employment (01.08.2005)
http://www.entemp.ie/press/2005/20050801.htm
(Thanks to Teresa Hackett, Project Manager eIFL-IP)
The Study "Protecting the Virtual Commons, Self-Organizing Open Source and Free Software Communities and Innovative Intellectual Property Regimes" by 2 technical and 1 legal scientist from the Netherlands dates back to early 2003, but offers a nice insight in the world of open source and free software. It makes good introductory reading for whomever is interested in the upcoming heated debate about the new third version of the General Public License. On 9 June 2005 Eben Moglen and Richard M. Stallman announced their intentions to create a new version. The second GPL version dates back to 1991 and hasn't been changed since.
In chapter two the authors explore why anybody would contribute software for free to the community. They cite low participation costs, and the benefits of the users direct need for a specific tool, pure joy and reputation. They also analyse the process of innovation. When normally this is done in a hierarchy, termed 'collective decision making' with a central command center, in the free software and open source community, selection is done through 'professional attention', meaning crowds of people will flock to the developers with the highest reputation. "Why is open source and free software so innovative? According to our argument, a high level of variation and emergent selection among that variety are responsible for much of the innovation. Individuals in open source and free software communities create a high level of variety, as they face hardly any restrictions."
Eben Moglen and Richard M. Stallman, GPL Version 3: Background to Adoption (09.06.2005)
http://www.fsf.org/news/gpl3.html
IT&Law nr 3, Protecting the Virtual Commons, by R. van Wendel de Joode, J.A. de Bruijn and M.J.G. van Eeten, Asser Press, The Hague (2003). Ordering information and table of contents
http://www.asserpress.nl/cata/ITlaw3/fra.htm
European Digital Rights needs your help in upholding digital rights in the EU. Donations allow EDRI to hire part-time professional assistance in Brussels and invest in targeted campaigns. With the plans for mandatory data retention and the continuous erosion of digital civil rights, your donation could make a huge difference.
If you wish to help us promote digital rights, please consider making a private donation, or interest your organisation in sponsorship. We will gladly send you a confirmation for any amount above 250 euro.
European Digital Rights Aisbl
KBC Bank Auderghem-Centre
Chaussée de Wavre 1662, 1160 Bruxelles, Belgium
EDRI Bank account nr.: 733-0215021-02
IBAN: BE32 7330 2150 2102
BIC: KREDBEBB
8 September 2005, Brussels, Belgium
EuroSOCAP Workshop on confidentiality and privacy in healthcare
3 year programme to develop new ethical standards for privacy and patient access to (electronical) files, started on 31 January 2003.
http://www.eurosocap.org/eurosocap-workshop.aspx
12-13 September 2005, Strasbourg, France
CoE Pan-European Forum on Human Rights in the Information Society
http://www.coe.int/T/E/human_rights/media/
13 September 2005, Montreux, Switzerland
Strategies for International Privacy Protection: Issues, Actors, and Future cooperation, event on data retention and biometrics, organised by EDRi and a growing number of other organisations.
Details will be announced at the EDRI website
14-16 September 2005, Montreux, Switzerland
27th World Conference of Data Protection Commissioners
http://www.privacyconference2005.org
19-30 September 2005, Geneva, Switzerland
3rd meeting of the Preparatory Committee for the World Summit on the Information Society (PrepCom-3)
http://www.wsis.org
civil society perspectives
http://www.worldsummit2005.org
5 October 2005, Paris, France, RFID
Radio-Frequency Identification (RFID): Applications and Public Policy Considerations. Conference convened by the Committee for Information, Computer and Communications Policy (ICCP) of the Organisation for Economic Co-operation and Development (OECD).
1-2 December 2005, London, UK, Patenting Lives
Conference in the Queen Mary Intellectual Property Research Institute. The call for papers closes on 26 August 2005 and invites abstracts on topics such as Access to Knowledge, Consumer Aspects, Public Interest, Public Goods, Public Domain and Human Rights.
http://www.patentinglives.org/conference.htm