The general German industry association (BDI) and the two telecommunication associations (BITKOM and VATM) have jointly published a strong position paper against the European proposals for mandatory data retention.
The German industry calls on both the European Commission and the ministers of Justice and Home Affairs to provide a solid and adequate impact assessment, since "LEAs have demonstrated neither the concrete need for a data retention regime nor the alleged lack of effectiveness of the current practice."
"Industry would like to point out that the European Union is confronted with a crisis of acceptance and a loss of confidence because politicians are too often unable to explain the purpose and benefits of European activities to citizens and industry."
The industry mentions 5 more specific demands on both Commission and Council:
1) Any period, if the necessity can be proven, must not exceed 6 months; 2) Any obligation to retain data must not include data types currently not centrally processed and recorded within the networks; 3) Any obligation can only address services provided directly by the provider of a customer; 4) Full cost reimbursement for both infrastructure and operational costs, in stead of the vague wording of 'additional costs'; 5) No additional obligation on the industry to collect statistics.
With regards to the second demand, the paper details the problems with data that are only generated but not used for billing or service delivery, such as failed caller attempts and registration of type of communication used. Storage of unsuccessful connection attempts (amounting to 40% of all calls according to GSM Europe!) would require fundamental rebuilding of all switching centres, resulting in costs "within the three-figure million Euro range." Storing whether a user sends a fax or makes a phone call is equally irrelevant to the operators, and would require equally substantial technical upgrading.
Specially addressing the demands on mobile communications, the industry explains that the demand to store the 'end' location of a mobile phone connection is unjustified, because it often goes to another provider. Law enforcement has "not yet proven an added value, as the retention of the cell ID at the beginning of every call already suffices to establish a movement profile." The demand for IMEI meets equal criticism from the German industry. In a consultation with German law enforcement, no need could be proven and the demand was dropped immediately.
With regards to Internet data retention, the paper notes that "communication data of the internet services used are not available for most services. Technical facilities to record, retain and analyse these data would first have to be created and would lead to a tremendous rise in the volume of data to be stored." Storage of the MAC address is completely unrelated to the ISP business, and "the added value of a MAC, in addition to an IP address, with regard to a clear identification of the user is questionable and has not been demonstrated."
On the demand for statistics, the industry justifiably points out that should have been the start of the legislative process to estimate the effectiveness and proportionality of a data retention regime. Industry also claims such an obligation exclusively resides with the competent authorities. True as that might be, from a digital civil rights perspective it would be a very good idea if the Commission would create a shadow-obligation on the service providers to collect statistics and jointly publish them in an annual report. But the Commission proposal doesn't address the public availability of the statistics, and given the lack of public supervision in many EU countries on the actual use of interception and surveillance powers, that is not a promising start.
Demands of German Industry (in German and English, 04.08.2005)
http://www.bitkom.org/Default_33225.aspx
ANEM, the Association of Independent Electronic Media in Serbia has issued an alarming statement about the lack of respect for press freedom in the country. ANEM "protests strongly at the re-emergence of unacceptable and irresponsible rhetoric in the public arena in Serbia" and "urges all democratic public and professional journalism and media associations to express solidarity with journalists and media who are subject to attacks and threats."
On 15 August 2005 Capital Investments Minister Velimir Ilic called the journalists from the renowned radio and television station B92 "sick and in need of a psychiatric clinic". When a B92 journalist attempted to ask him about his role in the withdrawal of charges against Marko Milosevic, the son of former Yugoslav president Slobodan Milosevic, the media advisor of the minister, former state media journalist Petar Lazovic, stepped in. He told the reporter to send a message to RTV B92 Director Veran Matic that he would kill him.
Consequently, Minister Ilic burst out in a rage. Ilic said: "We've come here for an important, a very serious investment. Ladies and gentlemen from B92, wherever you go you make chaos. Wherever you come you practice provocation. You're sick, you need a psychiatric clinic, you need to go for collective treatment. You need treatment at Kopaonik, we'll make a centre for you, to take care of you. I can promise you that, here I'll promise you that your great professional, Veran Matic, makes people look like idiots in Serbia. I claim that openly. We've gathered here for a serious matter. You're just talking about Marko Milosevic, forget Marko, why is Marko so important in your life? Please, don't get in our way in this serious work."
Culture and Information Minister Dragan Kojadinovic responded bravely, by firing his own media advisor for similar statements about B92. He also told the weekly Svedok: "It seems to me that the next step is for someone to pull out a gun and shoot at a journalist, which happened in the Milosevic era."
B92 is famous in the internet community for using the Internet so effectively to circumvent government restrictions and remain strictly independent.
Minister Warns Journalists May Be Shot (23.08.2005)
http://www.b92.net/doc/statements/050823-1.php
The European Commission has started infringement procedures against the governments of Austria and Germany for not creating adequate independence of the Data Protection Authorities.
In Austria, the Commission was alerted by a complaint from the data protection association Arge Daten in October 2003. On 5 July 2005, the Commission responded by instigating official proceedings against the Republic for a faulty implementation of Article 28 (1) second sentence of the data protection directive (95/46/EG) which requires that data protection authorities shall exercise their functions with complete independence.
The Austrian Data Protection Commission is, in terms of organisation and staff, integrated in the Federal Chancellery and its managing member is a senior official of the Chancellery.
In its 2005 activity report the Data Protection Commission (DPC) responds to the European Commission by describing the history of its organisational structures. It claims in 1999 Austria was one of the first states to implement the directive in national law and that it was unclear at the time what standards would develop for "independent protection authorities".
Besides the lamentable lack of independence the Austrian DPC suffers from a chronical shortage of staff. After some increases in the last two years the DPC now employs eight persons plus 10 persons working with the Data Processing Register. This amounts to a proportion of 1 data protection officer per 400.000 inhabitants. In a roughly equally sized country like Sweden this ratio is 1:230.769. Larger countries like the Czech Republic and Hungary still range before Austria, with 1:126.582 and 1:185.185.
This staff shortage results in the disability of the DPC to undertake event-unrelated investigations and in an all time high of formal complaints because of unjustified long processing times. In its activity report the DPC states that while other problems remain at least the long processing times should be a thing of the past. It is to hope that the formal action of the European Commission will do its part to help resolve the remaining problems.
Similarly, in Germany government has been given until 5 September 2005 by the Commission to create full independence of the regional DPAs. This decision was also inspired by a complaint filed in 2003, this time by the legal scientist Patrick Breyer. On the provincial level, members of the local government (Regierungspräsidium) act as data protection authority. While these DPAs have formal independence regarding state data protection, in civil cases they are supervised by the provincial ministries. The e-zine Heise reports that Breyer elaborated on a specific example in the province of Hessen, where the DPA allowed an internet company (T-Online) to store the IP-numbers of a flat-fee service for a period of 80 days. When a user of this service was prosecuted for posting a satirical contribution, but acquitted, he took the data retention practice to court. The provincial DPA said it was perfectly legal, only to be corrected much later by an independent local judge who ordered T-Online to stop collecting detailed traffic data.
According to Breyer, the state-embedded provincial DPAs also respond 'in a lethargic way' to complaints from citizens, while the truly independent provincial DPAs defend civil rights in a very engaged way.
Letter from the Commission to Arge Daten (22.07.2005)
ftp://ftp.freenet.at/beh/eu-vertragsverletzung-5109.pdf
Datenschutzbericht 2005, Report of the Austrian Data Protection
Commission covering 01.01.2002 until 30.06.2005
http://www.dsk.gv.at/Datenschutzbericht2005.pdf
EU-Kommission pocht auf Unabhängigkeit der Datenschutzbehörden (23.07.2005)
http://www.heise.de/newsticker/meldung/62007
(Contribution about Austria by Andreas Krisch, EDRI-member VIBE!AT)
The September edition of the German industry magazine Die Bank contains renewed speculation about the introduction of spy-chips in the Euro banknotes. The article discusses three possible new measures against the counterfeiting of the notes; a new biological paint, a colour-switch foil and the introduction of RFIDs (Radio Frequency Identification Devices) on every note. The Hitachi Mu-chip, with its 0.18 micron size, is mentioned as a likely candidate, as reported earlier in EDRI-gram. Though the current price of approx. 7 eurocent per chip might be prohibitive, the article also mentions a new invention by Philips to integrate the chip in the paper completely.
The way the chip would work, is by storing a 38 digit number that cannot be changed later on, containing both the unique serial number and data about the origin of the note. The metal strip on every note could function as antenna. To function properly, all current notes (8.2 billion) would have to be replaced and every citizen should have access to readers, to verify the authenticity of each note. The author of the article doesn't mention the privacy risks attached to the distribution of readers on a massive scale; the fact that every potential criminal could secretly scan the contents of every wallet.
Sicherheits-Innovationen: Banknoten der Zukunft (September 2005)
http://www.die-bank.de/index.asp?issue=092005&art=417
EDRI-gram: New rumours about spy chips in Euro notes (26.01.2005)
http://www.edri.org/edrigram/number3.2/rfid
The Belgian and Dutch music copyright collecting societies are to drop their claims of national exclusivity on the licensing of online rights. SABAM and BUMA, that manage the music copyrights for authors in Belgium and in the Netherlands, have announced this intention to the European Commission, after the Commission started in-depth investigations into the problems of online music licensing in the EU. In July 2005, the Commission proposed a serious reform, granting every artist the right to freely choose a collecting society anywhere in Europe to exploit their online rights.
The European Commission now invites public comments on the proposal from the two collecting societies. In the notice in the Official Journal about the consultation, the Commission states: "Given the fact that there is a single, monopolistic, collecting society per territory in the EEA, and that all collecting societies enter into such bilateral agreements, this means that each national collecting society is given absolute exclusivity for its territory as regards the possibility of granting multi-territorial/multirepertoire licenses for online music rights."
The problem with online rights however, is that the two mentioned collecting societies still have binding contracts with their members to exercise all their rights, including the exploitation of online rights. An artist that wishes to offer his own music for free on his own website, still has to pay for the rights to the collecting society.
Secondly, the collecting societies do not control the neighbouring rights. In case of webcasting or podcasting, this leads to a serious obstacle in the development of innovative new services. The Dutch BUMA recently announced a new flat-fee scheme for podcasting; 35 euro per month for individual podcasters and 85 euro per month plus 13% of the revenue for professional podcasters. The proposed fee, high as it is, does not cover the neighbouring rights, nor does it grant permission from the record companies. So far the national representative of neighbouring rights SENA has refused to set a similar cross-border flat-fee and record companies in the Netherlands shamelessly charge at least 950 euro per year for their permission.
Press release European Commission (17.08.2005)
http://europa.eu.int/rapid/pressReleasesAction.do?reference=IP/05/1056...
Commission notice in the Official Journal (17.08.2005)
http://europa.eu.int/eur-lex/lex/LexUriServ/site/en/oj/2005/c_200/c_20...
EDRI-gram: Music: commission wants 1 internet clearing house (14.07.2005)
http://www.edri.org/issues/copyright/collecting
Dutch podcast license set (20.07.2005)
http://p2pnet.net/story/5636
President Alexander Lukashenko of Belarus (White Russia) apparently wasn't amused by some satirical animated cartoons about him. The Minsk office of the Public Prosecutor started criminal proceedings against 3 activists from the organisation Third Way 'for insulting the President'. Such behaviour can be punished with a maximum of 5 years prison sentence under article 367 of the Belarussian Criminal Code.
The secret police carried out raids on three apartments in Minsk and Grodno. The KGB confiscated at least 12 computers and material used to produce the cartoons. The website administrators were interrogated for 5 hours and the person suspected of creating the Flash animations was arrested, but later released.
The news source E-belarus reports about an interview given by one of the administrators to Radio Freedom. According to him, "the Third Way had been established by a group of students of the European Humanitarian University which was closed by Belarussian authorities. At first it was just a club of animated cartoons fans but later on it developed into a civil initiative."
The e-zine Heise quotes a German representative from Reporters without Borders. Press spokesperson Katrin Evers accuses government of behaving autocratically. "Every form of satire or criticism is being heavily punished." She added that at least 3 journalists have been convicted to prison sentences for insulting the president. In the Belarus section of the annual Internet under Surveillance report 2004, Reporters without Borders state that Belarus only has one state-controlled ISP that controls all internet traffic and doesn't shy from blocking critical websites.
Third Way website
http://3dway.org
Criminal investigation on producers of anti-Lukashenko's Internet cartoons
gets underway (19.08.2005)
http://www.e-belarus.org/news/200508191.html
Weißrussland: KGB geht gegen Internet-Karikaturen vor (19.08.2005)
http://www.heise.de/newsticker/meldung/62999
Internet under Surveillance 2004: Belarus
http://www.rsf.org/article.php3?id_article=10668
In response to the article about the Norwegian Supreme Court decision on hyperlinks in the previous EDRI-gram, subscriber Matthias Spielkamp from Germany pointed to an article he wrote about recent jurisprudence in Germany. Contrasting the Norwegian decision that a hyperlink can not be considered unlawful in a copyright context, irrespective of the legal or illegal nature of the content offered, the appeal court of Munich decided to uphold a ruling that the e-zine Heise had to remove a link to the website Slysoft.com. At the site software was offered to make copies of copy-protected CDs and DVDs.
Spielkamp writes: By providing a link to the company's homepage, the court said, Heise intentionally provided "assistance in the fulfilment of unlawful acts" and is therefore liable as "an aider and abettor". The case is based on article 95a of the German authors rights code, resembling the infamous section 1201 of the US DMCA, prohibiting the circumvention of copy protection measures.
Spielkamp continues: Christian Persson, Heise Online's editor in chief, said "it has to be taken for granted that in online reporting it is legal to provide a link to a company's web site". The High Court had ruled in 2004 that links are a "fundamental component of online journalism". They could only be seen as breach of law in case journalists "ignore blatant evidence that they are unlawful".
German appeals court outlaws links to websites offering circumvention
technology (09.08.2005)
http://www.immateriblog.de/archives/000254.html
German High Court ruling (01.04.2004)
http://www.linksandlaw.de/urteil63.htm
The EDRI and XS4ALL petition against data retention has attracted almost 30.000 signatures, of which over 10.000 from the Netherlands (where the campaign was launched) and over 5.000 from Germany. The number three position is held by Finland, with almost 5.000 signatures. Runners-up in the daily country count are Bulgaria, Austria and Italy, with over a 1.000 signatures each. In Sweden, Belgium, France, the UK and Hungary over 500 people each have signed the petition.
Currently, 55 organisations and companies have signed in support of the petition. The petition is now available in 14 languages. Slovenian will be added later today as the 15th translation.
The campaign continues to invite signatures and support throughout September 2005, when EDRI expects a heated political battle between the European Commission and the Council of ministers of Justice and Home Affairs. From 25 August 2005 onwards, the petition can also be reached at the URL www.stopdataretention.com
Petition
http://www.dataretentionisnosolution.com
http://www.stopdataretention.com
Petition WIKI
http://wiki.dataretentionisnosolution.com
European Digital Rights needs your help in upholding digital rights in the EU. Donations allow EDRI to hire part-time professional assistance in Brussels and invest in targeted campaigns. With the plans for mandatory data retention and the continuous erosion of digital civil rights, your donation could make a huge difference.
If you wish to help us promote digital rights, please consider making a private donation, or interest your organisation in sponsorship. We will gladly send you a confirmation for any amount above 250 euro.
European Digital Rights Aisbl
KBC Bank Auderghem-Centre
Chaussée de Wavre 1662, 1160 Bruxelles, Belgium
EDRI Bank account nr.: 733-0215021-02
IBAN: BE32 7330 2150 2102
BIC: KREDBEBB
8 September 2005, Brussels, Belgium
EuroSOCAP Workshop on confidentiality and privacy in healthcare
3 year programme to develop new ethical standards for privacy and patient access to (electronical) files, started on 31 January 2003.
http://www.eurosocap.org/eurosocap-workshop.aspx
12-13 September 2005, Strasbourg, France
CoE Pan-European Forum on Human Rights in the Information Society
http://www.coe.int/T/E/human_rights/media/
13 September 2005, Montreux, Switzerland
Strategies for International Privacy Protection: Issues, Actors, and Future cooperation, event on data retention and biometrics, organised by EDRi and a number of other NGOs defending digital rights.
http://www.edri.org/panels
14-16 September 2005, Montreux, Switzerland
27th World Conference of Data Protection Commissioners
http://www.privacyconference2005.org
19-30 September 2005, Geneva, Switzerland
3rd meeting of the Preparatory Committee for the World Summit on the Information Society (PrepCom-3)
http://www.wsis.org
civil society perspectives
http://www.worldsummit2005.org
21-23 September 2005, French Riviera, World E-ID .
The three day conference World e-ID (previously named 'eGovernment &
SmartCard International Meeting') is organised by the main pan-european
e-government association eForum and deals with the future application of
DNA and other biometrics for identification usages, both politically and
technically. High-level representatives from the national governments and
from the European Commission will present an inventory of current
initiatives and speak about their visions of the future. .
http://www.strategiestm.com/conferences/we-id/05/program.htm
1 October 2005, deadline Call for Papers 22C3
The 22nd German Chaos Communication Conference is inviting submissions
from potential speakers, either in German or English. The conference will
take place in Berlin from 27 to 31 December 2005.
http://www.ccc.de/congress/2005/cfp.html
5 October 2005, Paris, France, RFID
Radio-Frequency Identification (RFID): Applications and Public Policy Considerations. Conference convened by the Committee for Information, Computer and Communications Policy (ICCP) of the Organisation for Economic Co-operation and Development (OECD).
25 October 2005, Vienna, Austria
28 October 2005, Bielefeld and Prague, Germany and Czech Republic
29 October 2005, Zurich, Switzerland
Presentations of the Big Brother Awards
International ceremony schedule
http://www.bigbrotherawards.org/
1-2 December 2005, London, UK, Patenting Lives
Conference in the Queen Mary Intellectual Property Research Institute. The call for papers closes on 26 August 2005 and invites abstracts on topics such as Access to Knowledge, Consumer Aspects, Public Interest, Public Goods, Public Domain and Human Rights.
http://www.patentinglives.org/conference.htm