In order to convince the European Parliament of the need for mandatory data retention, the UK presidency of the EU has challenged the validity of the European Convention of Human Rights. The UK Home Office secretary, Mr Clarke, basically told the European Parliament on 7 September that the 50 year old convention was outdated. Talking about the need "to balance important rights for individuals against the collective right for security", Clarke said: "The view of my Government is that this balance is not right for the circumstances which we now face – circumstances very different from those faced by the founding fathers of the European Convention on Human Rights - and that it needs to be closely examined in that context."
Clarke was specifically referring to the difficulty under the Convention of deporting people suspected of being involved with terrorism, but obviously thought it was acceptable to attack the general principle of protecting citizens against their governments by granting them inalienable minimum rights and freedoms.
A large majority of liberals, social democrats and greens in the European Parliament responded in outrage. The influential Liberal leader Graham Watson told Reuters: "Human rights are indivisible. Freedom and security are not alternatives, they go hand-in-hand ... Much as the public may dislike it, suspected terrorists have rights." Watson also quoted criticism by human rights lawyer Cherie Booth -- wife of Prime Minister Tony Blair -- of the country’s hardline anti-terror measures. "To ... invoke a form of summary justice would in the words of the lawyer Cherie Booth cheapen our right to call ourselves a civilised society," he said.
Franco Frattini, the European Commissioner for Justice addressed the Parliament in a much calmer way on the same topic. "We should never be tired to repeat that when working on security we have to keep a balance between law enforcement activities and the protection of other fundamental rights." Earlier, the spokesperson of Frattini told the Berliner Zeitung the Commission would finally launch its proposal for a directive on data retention on 21 September. But Frattini created more ambivalence about the timeline in his speech: "And we have to balance prosecution activities and privacy. We will consider this both in the proposal on data retention and in the presentation of the first comprehensive proposal on data protection in the third pillar scheduled for October."
The ministers of Justice and Home Affairs are meeting today and tomorrow in Newcastle, UK, for an informal JHA Council. Data retention is high on the agenda. According to the first reports about the meeting today, it is becoming unlikely that the ministers will reach a unanimous agreement on 12 October, especially because of the differences in opinion about cost reimbursement for the industry. Today industry was heard for the first time, and short statements given by representatives of EuroISPA, GSM Europe, ECCA and ETNO, the European associations of cable and telecom operators respectively. Their response is not positive. Though they profusely claim utter willingness to fight any kind of crime, especially terrorism, they find most of the demands of the ministers completely unreasonable, such as registering location data during mobile communication and registering failed caller-attempts.
Given the attitude of the UK presidency, it is no surprise that civil rights advocates are not invited in Newcastle. They were only given a chance to respond to a consultation organised in September last year by the European Commission. European Digital Rights and Privacy International used this occasion to produce a thorough legal analysis. EDRI and PI conclude that the proposed framework decision on data retention is invasive, illegal, illegitimate and produces illusory gains. The conclusions were supported by 90 civil rights organisations across Europe, the United States and other countries around the world. These points are summarised in the ongoing petition against data retention, that has already been signed by almost 42.000 people.
Speech by Charles Clarke (07.09.2005)
http://www.eu2005.gov.uk/servlet/Front?pagename=OpenMarket/Xcelerate/S...
Speech by Franco Frattini (07.09.2005)
http://europa.eu.int/rapid/pressReleasesAction.do?reference=SPEECH/05/...
Britain calls for change to European Convention on Human Rights (08.09.2005)
http://euobserver.com/?aid=19822&rk=1
Reuters: EU must accept some erosion of civil rights - Clarke (07.09.2005)
http://www.x-stream.co.uk/news/newswire.php/news/reuters/2005/09/07/to...
Brüssel will Abhörregeln vereinheitlichen (01.09.2005)
http://www.berlinonline.de/berliner-zeitung/politik/478960.html
Costs hold up EU accord on telecoms anti-terror measures UPDATE (09.08.2005)
http://www.forbes.com/finance/feeds/afx/2005/09/08/afx2213110.html
Draft of the European Commission directive proposal (20.07.2005)
http://www.edri.org/docs/EUcommissiondataretentionjuly2005.pdf
PI and EDRI analysis (15.09.2004)
http://www.privacyinternational.org/article.shtml?cmd³³0³=x-347-103020
On Monday 5 and Tuesday 6 September the UK presidency tried its best to convince member of the European Parliament to give up their resistance against mandatory data retention. On Monday the parliamentary committee on civil liberties was addressed by the UK chairman of the criminal matters working group, Simon Watkin and by the London police special operations veteran David Johnson. Watkin made it clear the Council would continue to work on its proposal, ignoring all the legal advices that only the European Commission is qualified to propose data retention, with full co-decision rights from the European Parliament.
Johnson gave the committee several examples how GSM traffic data were used to solve murders and kidnappings. He saw it fit to also present pictures of a burned body. Funnily, at the end of his presentation, he showed a copy of the EDRI petition website, with the 3 objections that data retention is invasive, illegitimate and illusory. "Do these claims really stand up to scrutiny?" asked Johnson, in stead of asking himself if his own claims about the usefulness of data retention could really stand up to any scrutiny.
While Watkin promised the indignant MEPs that the UK Presidency would present a major new study into the effectiveness and viability of the measures the next day, the disappointment was enormous when the UK presidency paper was finally released. In stead of scientific research into the need and benefits of data retention in Europe, as urgently requested by the LIBE members, the paper is a thin narrative with some emotional examples of the use of traffic data in police investigations. The only seemingly good news from a privacy perspective is the fact that the UK is now limiting its demand to a maximum of 12 months and excludes all internet data, except for login/logoff access data. The extreme danger of this approach is the proposed flexibility in upgrading the retention requirements every instant, without any democratic control.
The study mentions 4 examples of the use of traffic data, all of which seem to fall within a 3 months framework. All these data should thus have been available by the telephony companies for their own purposes irrespective of any law on data retention.
"In Sweden, a bomb threat was made to police by e-mail that a bomb had been placed at Stockholm Central Station. Using logs of the allocation of IP addresses retained by an Internet Service Provider, the source of the e-mail was traced to a public library in Stockholm. The library staff was able to provide information to the police that enabled the identification of the offender."
EDRI cannot help but wonder how long after the threat the request was made for the logs. Secondly, the current proposals do not require the identification of the users of public Internet terminals; will that be introduced later?
"In the UK a suspect was eliminated from a murder investigation with unsuccessful call data. He gave evidence that he did not know the victim was dead and had, in fact been, calling her all day. His mobile phone call records showed no calls to the victim (because no calls to her had incurred a charge). The mobile phone company did not keep a record of connected-unanswered calls. However because calls from a mobile to a landline will pass via the cheapest route, they can be present on another provider’s interconnectivity records, which incur a charge (from one provider to another) and thus a record is generated. Communications data evidence showed 27 connected-unanswered calls between the suspects' mobile and the victim's landline, corroborating the man's explanation and eliminating him from enquiries."
Again EDRI wonders how long after the murder these data were requested? How long would interconnect records be kept for standard business purposes?
Thirdly, the paper mentions a series of burglaries in 2002 in a city in the UK. "Mobile phone data was obtained which proved links between the offences. Because data from the time of the earliest burglaries had been deleted evidence of the full extent of the criminality was lost."
But this only points to the fact that retained data might have provided a small additional amount of evidence, but not helped in solving the crimes.
And the fourth example is equally unconvincing: "The family reported the ransom to police in Ghana who contacted the UK police. The UK and Dutch authorities co-operated with the investigation. After four days there had been no contact from the hostage for more than 24 hours and the UK police were contacted to help identify the hostage's London contact." Would more than four days of data retention have been required in this case?
Finally, the paper refers to "A recent study of the requirements for disclosure of data made by the police in the UK established that the majority of data required (85%) was less than six months old. However, where data between 7 and 12 months old was required, it was used to investigate the most serious crimes, mostly murder."
If this research was made public, it would be interesting to see how many cases it included, and in how many of those cases the disclosure of data lead to identification of the perpetrator. But the Presidencypaper contains no footnotes or other references to controllable sources.
Adding to the immense concern about civil liberties, half of the paper is devoted to other law enforcement demands related to biometrics, passenger name data and camera surveillance.
UK Presidency paper on data retention
http://www.edri.org/docs/UKpresidencypaper.pdf
Data-retention moves worry MEPs (06.09.2005)
http://euobserver.com/?sid=9&aid=19799
(Thanks to Ian Brown, EDRI board member)
The French newspaper Le Monde has a number of articles on new plans from the French government for anti-terrorism legislation. On 6 September the Prime Minister, Dominique de Villepin presented a rough impression of 16 new measures to the members of parliament. The package will be presented to the Council of Ministers in October 2005.
Some of the proposed measures are:
-An extension of the scope of camera surveillance, to include the possibility to film the public streets in front of certain organisations that 'are exposed to the risk of terrorist acts'. In this context, specifically synagogues and confessional schools are mentioned, but local authorities may also order industry and public transport to do the same. Le Monde bluntly states that this intention clearly shows that terrorism is used as a pretext by de Villepin, since he tried to introduce such broader surveillance powers before he became Prime minister. The camera images will have to be kept for 1 month.
-France will introduce mandatory data retention of telephony traffic data for one year. Though France has a framework law that would allow government to introduce data retention measures, the government has not yet done so, like most other governments in the EU.
-Access to all European passenger data. Le Monde quotes an anonymous declaration that "it is paradoxical that the USA have all the information on EU flights and EU countries don't"...
-While biometrics are not explicitly mentioned, it seems that the ministry of the interior wants the secret and security services to have full access to all kinds of "administrative files" (ID cards, resident cards, passports, vehicles number plates, etc.). They would "secure" this access by introducing "traceability of the file consultation".
The most important measure from the ministry of Justice is an increase in prison sentence for people aiding terrorists from 10 to 20 years, and from 20 to 30 years for network leaders. Currently, Le Monde reports, 358 people have been convicted or accused of an activist offence. 300 of them have been indicted under the provision "criminal association in relation to a terrorist offence". 159 of them are from the Bask territory, 94 are Islamic and 76 Corsican.
Le projet de loi inclut des mesures pour renforcer les moyens d'enquête et de prévention (07.09.2005, short access period)
http://www.lemonde.fr/web/imprimer_element/0,40-0@2-3226,50-686446,0.h...
Le gouvernement veut punir plus sévèrement les terroristes (08.09.2005, short access period)
http://www.lemonde.fr/web/imprimer_element/0,40-0@2-3226,50-686442,0.h...
(Thanks to Meryem Marzouki, EDRI-member IRIS, France)
(Mistake corrected on 9 September: Villepin is Prime Minister, not Minister of the Interior anymore.)
European Digital Rights, together with a number of other international digital rights organisations, is organising two panels on data retention and on biometrics, as a pre-event to the annual DPA conference in Montreux, Switzerland on 13 September 2005.
It is widely expected the Chair of the Article 29 Working Party, Peter Schaar, will close the meeting with a vehement statement against the current proposals for data retention. This statement might well follow the lines of a recent opinion written by the Dutch chair of the Data Protection Authority, Jacob Kohnstamm. He specifically addresses the two types of cases which according to the Erasmus study require data retention: International criminal investigations and long-lasting research into organised crime.
Kohnstamm writes: "Where international criminal investigations make very slow progress, streamlining procedures and formalities for obtaining international legal assistance should be pursued energetically. A mandatory extension of the retention period for traffic data does not offer a logical solution to the problem." And when investigating organised crime "one should first check whether this type of investigation is given sufficient priority by the police and the prosecutor's office, before deciding on new far-reaching powers." If the priority is high enough, the police can use many other powers, such as bugging conversations and wiretapping telephone lines, according to Kohnstamm.
Opinion Dutch DPA against data retention (in Dutch, UK will follow soon, 09.08.2005)
http://www.cbpweb.nl/documenten/art_jko_2005_privacy_niet_opgeven_terr...
EDRI panels on data retention and biometrics
http://www.edri.org/panels
The UK government is planning to outlaw the possession of "extreme pornographic material". The proposed new law is outlined in a consultation document published by the UK Home Office.
The consultation sets out "options for creating a new offence of simple possession of extreme pornographic material which is graphic and sexually explicit and which contains actual scenes or realistic depictions of serious violence, bestiality or necrophilia." Possession could be punished with a prison sentence of up to 3 years. The law is limited to material featuring adults as the possession of child pornography is already a criminal offence in the UK.
It is already illegal to publish, sell or import extreme pornographic material in the UK under the Obscene Publications Act. The proposed new law is specifically aimed at pornographic material on the Internet, from websites outside of the UK which can not be prosecuted for publishing under UK law. The proposal will make it illegal to access such sites as the consultation document describes viewing as downloading and thus possession. Home Officer Minister Paul Goggins told the BCC radio that the proposal would especially protect young children and "reduce demand" for the material.
In detail the proposal will ban the viewing of intercourse or oral sex with an animal, sexual interference with a human corpse and serious violence in a sexual context. Accidentally accessing the material will not be penalised according to the document.
The consultation document acknowledges that the UK will take a particular position if the law is introduced: "We are not aware of any western jurisdiction which prohibits simple possession of extreme material". The Home Office acknowledges that "the proposal (...) will impact upon the freedom of individuals to view what they wish in the privacy of their own homes". The UK government sees no conflict with the European Convention on Human Rights, "our view is that both our domestic courts and the Strasbourg court will find our proposal compatible with Article 10 (freedom of expression) or Article 8 (private life)".
The proposal is the result of a campaign against extreme pornographic by the family of the British murder victim Jane Longhurst. The murderer was supposedly addicted to violent pornography on the Internet. The BBC quotes the founder of the UK pressure group Internet Freedom, Cris Evans. He questions the supposed link between viewing violent images and acts of violence. "I think the serious problem with it is the assumption that ordinary people cannot be trusted to make up their own minds about what they read, watch or see".
The document does not discuss at all how the law can and should be enforced and which means the UK police would use to do so. The Guardian writes in an editorial that "the document (does not) explain how police can be helped from being swamped by the scale and difficulty of bringing viable prosecutions".
The consultation will run for over three months until 2 December 2005.
Consultation: On the possession of extreme pornographic material (August 2005)
http://www.homeoffice.gov.uk/docs4/Consultation_Extreme_Pornographic_M...
Ban on violent net porn planned (30.08.2005)
http://news.bbc.co.uk/1/hi/uk/4195332.stm
Not whether but how (30.08.2005)
http://www.guardian.co.uk/leaders/story/0,,1558823,00.html
(Contribution by Maurice Wessling, EDRI-member Bits of Freedom, NL)
Ms Leena Luhtanen, Minister of Transport and Communications, announced on 26 August 2005 that Finnish ISPs will implement a censorship system to curb access to foreign web pages containing child pornography.
The announcement was accompanied by a study conducted by the ministry exploring the legal and practical aspects of such a system. The study concludes that the system is not efficient at curtailing child porn distribution, but may result in legitimate pages being blocked. The legal basis of the system is also somewhat suspect. Critics have denounced the Minister's plan as an empty attempt to woo voters.
The Finnish constitution makes it very difficult to pass a law sanctioning ex ante censorship of web pages. The ministry acknowledges this and as a result, Ms Luhtanen's plan is framed as a voluntary scheme of industry self-regulation, instead of mandatory regulation. The ministry contends that this is allowable under the constitution, and points out that similar systems are already in use in Sweden and Norway. However, in Sweden and Norway the systems are truly voluntary, in that end-users may choose whether to have their connection subjected to censorship or not. In Finland, the biggest ISP TeliaSonera has indicated that end-users will not have a choice, meaning that censorship is mandatory. According to EDRI member Electronic Frontier Finland (EFFI), this mode of censorship conflicts with the constitution.
According to the ministerial study, in practice ISPs will deny access to a list of IP addresses supplied by the Finnish police. The list is to be maintained by the police based on web pages suspected to contain child pornography. The list is to be kept secret. EFFI points out serious problems with this arrangement: there is no judicial review of items that end up on the list, meaning that the police is assuming powers belonging to the judiciary; there are bound to be mistaken entries due to simple human error in the absence of a review process; and there is also a grave potential for abuse due to secrecy and lack of review. Statements from the Finnish police indicate that they are not entirely comfortable with this arrangement either. ISPs note that IP-based censorship may result in legitimate pages being blocked as well.
The ministry's study, TeliaSonera, EFFI and the police all agree that the system can not prevent all intentional access to child pornography. Most child pornography is not distributed through web pages with static IP addresses, but rather through alternative mechanisms such as newsgroups. IP-based censorship is also easily circumvented using any of the numerous free proxy services available on the web. Ms Luhtanen, Minister of Transport and Communications, nevertheless misleadingly states in her announcement that the system will stop most persons who intentionally attempt to access child pornography pages.
Ms Luhtanen's main selling point however is that the system will prevent Internet users from accidentally accessing pages that containing child pornography. EFFI points out that in this case the system should be a voluntary value-added service similar to Sweden and Norway, not a mandatory one, as censorship is not justifiable under the constitution even if the intention is to protect users from inadvertent access. According to EFFI it also remains unclear whether accidental access to child pornography even happens to such an extent that it can be considered a national problem. Optional filtering services to combat this alleged problem already exist, but as the ministry's study concludes, people have expressed very little demand for them so far.
This is not the first time Internet censorship is proposed in Finland. Earlier this year another Finnish minister unveiled a plan to block not child pornography but all indeterminate "filth" on public computers located in schools and libraries, following a promise made prior to elections. EFFI has been active in promoting public debate on the merits of such proposals. In general, censorship positions have been untenable so far.
Announcement by Ms Leena Luhtanen, Minister of Transport and Communications (26.8.2005, in Finnish)
http://www.lvm.fi/scripts/cgiip.exe/WService%253Dlvm/cm/pub/showdoc.p?...
Study by Ministry of Transport and Communications: Blocking access to foreign child pornography pages (26.8.2005, in Finnish) )
http://www.lvm.fi/oliver/upl784-Selvitys.pdf
(Contribution by Vili Lehdonvirta, EDRI member Electronic Frontier Finland)
The UK government has announced it will drop pilots with Internet and telephone votes, scheduled for the local elections in May 2006. Answering a parliamentary question, Harriet Harman, the minister responsible, said government no longer looked for pilot requests from local authorities. She explained the time was not yet right for e-voting. This is a remarkable change in position. Labour always was very enthusiastic about remote (mobile phone or Internet) voting, and preferred it above electronic voting machines, as used in for example Belgium and the Netherlands. The decision to postphone the pilots was welcomed by the Conservative shadow-minister. He told the newspaper The Independent he thought the remote voting plans were reckless: "This lack of an adequate audit trail is extremely worrying in the light of the risk of fraud already exposed with all-postal voting."
The UK government ruled out electronic voting as too expensive and unable to deliver the desired boost in turnout. A major advantage of electronic voting machines, the possibility to add a paper trail, was ignored. The UK Internet community consultant Jason Kitcat already reported in August 2005 that the ministry had not even sent out any invitations to suppliers, confirming the rumour that the pilots would be cancelled.
E-voting plans shelved (06.09.2005)
http://news.independent.co.uk/uk/politics/article310725.ece
Web and text vote trials dropped (06.09.2005)
http://news.bbc.co.uk/2/hi/uk_news/politics/4219008.stm
2006 e-voting pilots cancelled (26.08.2005)
http://www.j-dom.org/h/f/JDOM/blog//1//?be_id=218
Microsoft has launched a second appeal case against the anti-trust decision by the European Commission in March 2004. On 10 August 2005 Microsoft filed a new complaint at the European Court of Justice (First Instance) in Luxembourg, asking for annulment of the decision to open up the Windows source code enough to create interoperability and allow open source vendors to distribute Windows source code.
"We are taking this step so the court can begin its review now of this issue, given its far-reaching implications for the protection of our intellectual property rights around the world," said Microsoft spokesman Tom Brookes. The hearing won't begin until 2006.
In December 2004, the Court of First Instance entirely dismissed Microsoft's first legal objections to the sanctions and ruled that the Commission's decision does not "cause serious and irreparable damage" to Microsoft. In March and again in June 2005, the Commission rejected a proposed license scheme because Microsoft did not agree to license the protocols for use in open-source products.
Microsoft files suit against European Commission (07.09.2005)
http://today.reuters.co.uk/news/NewsArticle.aspx?type=technologyNews&a...
Microsoft gets record-breaking fine (24.03.2005))
http://www.edri.org/edrigram/number2.6/microsoft
The EDRI and XS4ALL petition against data retention has attracted almost 42.000 signatures, of which over 16.000 from the Netherlands (where the campaign was launched) and over 5.000 from Germany and Finland. Runners-up in the daily country count are Sweden and Bulgaria (almost 2.000 each), followed by Austria (almost 1.500) and Italy (well over 1.000). Belgium, Slovenia and France have each almost reached 1.000 signatures.
Currently, 66 organisations and companies have signed in support of the petition. The petition is now available in 17 languages.
The campaign continues to invite signatures and support throughout September 2005, when EDRI expects a heated political battle between the European Commission and the Council of ministers of Justice and Home Affairs.
Petition
http://www.dataretentionisnosolution.com
http://www.stopdataretention.com
Petition WIKI
http://wiki.dataretentionisnosolution.com
European Digital Rights needs your help in upholding digital rights in the EU. Donations allow EDRI to hire part-time professional assistance in Brussels and invest in targeted campaigns. With the plans for mandatory data retention and the continuous erosion of digital civil rights, your donation could make a huge difference.
If you wish to help us promote digital rights, please consider making a private donation, or interest your organisation in sponsorship. We will gladly send you a confirmation for any amount above 250 euro.
European Digital Rights Aisbl
KBC Bank Auderghem-Centre
Chaussée de Wavre 1662, 1160 Bruxelles, Belgium
EDRI Bank account nr.: 733-0215021-02
IBAN: BE32 7330 2150 2102
BIC: KREDBEBB
10 September 2005, global, Software Freedom International
Software Freedom Day is a global grassroots effort to promote the use of Free and Open Source Software. There is a long list of planned activities in many European countries
http://maitri.ubuntu.com/softwarefreedomday/wiki/index.php/Team_pages#...
12-13 September 2005, Strasbourg, France
CoE Pan-European Forum on Human Rights in the Information Society
http://www.coe.int/T/E/human_rights/media/
13 September 2005, Montreux, Switzerland
Strategies for International Privacy Protection: Issues, Actors, and Future cooperation, event on data retention and biometrics, organised by EDRi and a number of other NGOs defending digital rights.
http://www.edri.org/panels
14-16 September 2005, Montreux, Switzerland
27th World Conference of Data Protection Commissioners
http://www.privacyconference2005.org
19-30 September 2005, Geneva, Switzerland
3rd meeting of the Preparatory Committee for the World Summit on the Information Society (PrepCom-3)
http://www.wsis.org
civil society perspectives
http://www.worldsummit2005.org
21-23 September 2005, French Riviera, World E-ID .
The three day conference World e-ID (previously named 'eGovernment &
SmartCard International Meeting') is organised by the main pan-european
e-government association eForum and deals with the future application of
DNA and other biometrics for identification usages, both politically and
technically. High-level representatives from the national governments and
from the European Commission will present an inventory of current
initiatives and speak about their visions of the future. .
http://www.strategiestm.com/conferences/we-id/05/program.htm
1 October 2005, deadline Call for Papers 22C3
The 22nd German Chaos Communication Conference is inviting submissions
from potential speakers, either in German or English. The conference will
take place in Berlin from 27 to 31 December 2005.
http://www.ccc.de/congress/2005/cfp.html
5 October 2005, Paris, France, RFID
Radio-Frequency Identification (RFID): Applications and Public Policy Considerations. Conference convened by the Committee for Information, Computer and Communications Policy (ICCP) of the Organisation for Economic Co-operation and Development (OECD).
25 October 2005, Vienna, Austria
28 October 2005, Bielefeld and Prague, Germany and Czech Republic
29 October 2005, Zurich, Switzerland
Presentations of the Big Brother Awards
International ceremony schedule
http://www.bigbrotherawards.org/
1-2 December 2005, London, UK, Patenting Lives
Conference in the Queen Mary Intellectual Property Research Institute. The call for papers closes on 26 August 2005 and invites abstracts on topics such as Access to Knowledge, Consumer Aspects, Public Interest, Public Goods, Public Domain and Human Rights.
http://www.patentinglives.org/conference.htm