Charles Clarke from the UK Home Office uttered some incredibly harsh threats to the European Parliament committee on civil liberties (LIBE) on 13 October, the day after the Council meeting, but his barking could not conceal the fact the ministers of Justice and Home Affairs did not have any teeth to bite with. Several national parliaments (Germany, Austria, the Netherlands) have not given their ministers the go-ahead on the framework decision on data retention. But according to Council conclusions, "The Council agreed to revert to this issue at its next meeting with a view to a final decision before the end of the year."
Clarke obviously thought it was a good strategy to try to intimidate the MEPs. If they didn't agree before December in first (and last!) reading on introducing data retention, he said, the ministers would pull out the framework decision anyway in the last formal JHA Council under UK Presidency, on 1 December 2005. Besides, if parliament failed, he would make sure the European Parliament would no longer have a say anymore on any JHA matters.
In fact, the Council suddenly took the advice from its own legal service into account (dating back to April 2005), according to a last minute note from the UK Presidency from 5 October 2005. This advice warns the ministers that if they would proceed, any ISP could take the Council to court once the measure was introduced and would most likely get full cost reimbursement for having to implement an illegal measure.
But in spite of the strong legal position of the European Parliament, the presidents of the political groups meeting in the European Parliament today (20 October) have just decided to let this time pressure prevail above the content of the directive. To ensure smooth negotiations, they propose to withdraw the mandate of rapporteur Alexander Alvaro and give it to the chairman of LIBE (the EP committee on civil liberties), the French centre-right Jean-Marie Cavada. The LIBE committee will have to vote on this proposal in their meeting of 24 October and the outcome is unclear. However, the proposal from the group presidents makes it very clear their main cause for concern was not getting formal co-decision power, not in the gross undermining of fundamental civil rights by the systematic surveillance of all innocent citizens.
The LIBE committee has until 26 October 2005 to enter amendments on the proposal from the European Commission and on the proposal from Alexander Alvaro. The secondary committee on Industry (ITRE) already had to file amendments before 18 October 2005. With regards to the content of the Commission proposal, the JHA Council made it clear they will not accept the maximum terms proposed by the Commission. They can live with the minimum of 6 months for internet data and 12 months for telephony, but wish to reserve the freedom to extend this period to 2 years, or as long as the member states have already seen fit. This is a specific gesture to Italy and Ireland, who have introduced data retention for 4 and 3 years respectively. Secondly, the Council does not want a general cost reimbursement for the industry, but wants to leave it to member states. Thirdly, the Council still insists on the inclusion of failed call attempts.
But on another crucial point about the scope of the obligation, Commission and Council seem to agree. According to sources around the Commission, all data mentioned in the Annex must be captured by all parties that can possibly detect them, both by network operators and by service operators. This means the term "data generated or processed by providers" includes any data transported on any network. This causes great concern when it comes to internet data, that can only be captured successfully by the party that actually provides the services, not by operators that merely let the data pass through their pipelines. If Commission and European Parliament agree on this very wide margin of interpretation, in reality all providers will have to create full wiretaps on all their networks to capture every byte and select the appropriate traffic data from this immense data mountain.
After the JHA Council the Danish minister of Justice, conservative Lene Espersen, made the headlines again with a brutal quote. After the previous informal JHA Council of 8 and 9 September she served off the telecom industry. "They should stop all their whining," she told reporters. "When you know these people are making money making their systems available to criminals, then maybe they should have a more humble attitude." This time, according to the BBC, she said: "We have to decide who we are most afraid of - the European Parliament or terrorists."
The evening before the JHA Council, the European Internet Foundation organised a special dinner debate on the matter, with representatives from the European Parliament, European Commission, industry and police. EDRI was also present (the editor) and was given the chance to explain its objections against mandatory data retention. At the very last minute the representatives from the Council and from the European Commission DG Justice cancelled their presence. The representative from the Belgian police, Chief Commissioner Luc Beirens of the Federal Computer Crime Unit, explained how useful traffic data were. An example he gave was the possibility of having your free webmail account hacked. This could result in blackmail "worth as much maybe as 200 euro" to get the account back or having child pornography spread in your name to your friends and colleagues.
His speech was warmly welcomed by representatives from the music and film-industry, the IFPI and the MPA. They both claimed data retention did not change anything at all, since member states already had the possibility to introduce mandatory data retention. Obviously, they did not bother to explain that an option is completely different from a binding European obligation. The IFPI representative insisted piracy was a form of organised crime that should be fought with all legal means, including tracing back the exact internet behaviour of all suspects for a substantial amount of time.
Mr. Beirens claimed Belgium had also introduced mandatory data retention for telephony traffic data. This could not be confirmed to EDRI-gram by either the Federal Privacy Commission or by the Belgian ISPA. In fact, Belgium has re-introduced the possibility of data retention on 13 June 2005 with the introduction of a new telecommunication law, but like before with the law on computer crime established in 2001, the actual royal decree stipulating what kind of data should be stored by which market parties for what period of time was and is never issued. Therefore, any traffic data stored by market parties beyond the direct purposes of transmission or billing, are plainly illegal.
There are still only 2 countries in the EU with actual and legal data retention legislation, Italy and Ireland, but both only for telephony, not for internet data.
Justice and Home Affairs Council Conclusions (12-13.10.2005)
http://www.fco.gov.uk/Files/kfile/JHA_12Oct_Results,0.pdf
BBC: EU states agree phone record law (12.10.2005)
http://news.bbc.co.uk/1/hi/world/europe/4335058.stm
Last JHA Council version (10.10.2005)
http://www.statewatch.org/news/2005/oct/council-data-ret-draft-10-oct-...
UK Presidency letter to Council (05.10.2005)
http://www.statewatch.org/news/2005/oct/council-data-retention-oct-05....
The UK ID card proposals have come closer than ever to defeat in their final House of Commons vote. The government's majority shrunk from the previous vote by 11 votes to 25, despite several concessions over cost and claims to improve privacy protection.
The legislation now moves to the House of Lords, where it is certain to face sustained attack from the House's majority of Conservative, Liberal Democrat and independent peers. The close vote in the Commons will encourage the Lords in their efforts to amend and defeat the Bill. Debate is likely to take place at the end of October 2005.
The Government continues to claim that the scheme is "voluntary" and would not hold detailed personal information. In the current version, it would not be compulsory to buy or carry ID. However, the Bill leaves open the possibility that ID Cards could be made compulsory at a later date and government has stated that this is their ultimate intention. Moreover, all applicants for passports and potentially for driving licences and criminal background checks would automatically be registered. A Home Office Minister claimed that "It is not our intention to create a database that will seek to hold detailed personal profiles on every individual," entirely missing the point that other government databases such as those holding medical records and police files will be linked up using the ID card number.
No to ID campaign
http://www.no2id.net/
(Contribution by Ian Brown, EDRI board member)
Today the International Commission of Jurists (ICJ) has launched a new 18 month panel on terrorism, counter-terrorism and human rights. "The legal community worldwide must now take a leadership role in articulating how the rule of law can be respected in addressing terrorism in its many complex global and local forms." The ICJ has formulated 10 legal and policy issues the panel should address. One of them addresses the issue of blanket electronic surveillance: "Do we need to have intrusive surveillance of public places and transports, data on travel, phone calls and Internet use in order to protect people from terrorism?" Other issues are freedom of speech (How can we criminalise incitement to violence without eroding freedom of speech, the press and religion?), discrimination (how to increase security without discriminating, alienating and marginalising minority communities?) and the boundaries of military law. In 18 countries and regions all over the world hearings will be organised. Europe will be covered by the hearing in the United Kingdom.
In August 2004, the ICJ brought together 160 jurists of all regions in the city of its birth, Berlin, and adopted the Berlin Declaration on Upholding Human Rights and the Rule of Law in Combating Terrorism. This declaration set out 11 principles that states should respect when countering terrorism. The introduction provides a clear explanation of the need for those principles: "The odious nature of terrorist acts cannot serve as a basis or pretext for states to disregard their international obligations, in particular in the protection of fundamental human rights. A pervasive security-oriented discourse promotes the sacrifice of fundamental rights and freedoms in the name of eradicating terrorism."
Founded in Berlin in 1952, the ICJ is a global network of judges, lawyers and human rights defenders united by international law and rule of law principles that advance human rights. The ICJ is best known for its network of 60 Commissioners. It has 37 national sections and 45 affiliated organisations.
Eminent Jurists Panel on Terrorism, Counter-Terrorism and Human Rights
(19.10.2005)
http://www.icj.org/article.php3?id_article=3789&recalcul=oui
ICJ Berlin declaration (28.08.2004)
http://www.icj.org/IMG/pdf/Berlin_Declaration.pdf
The European Ombudsman (Mr Diamandouros) has come out in support of those calling for EU ministers to legislate in a more transparent manner. His report follows a call from a group of influential British MEPs on the UK to push for more openness, according to an article in EU Observer. "They pointed out that the EU is the only legislature in the world, except North Korea, that still makes laws in secret."
The European Constitution would have obliged the Council to open their doors, but many ministers have wilfully misinterpreted the rejection of the Constitution as a signal against public control on their decision making processes. The Ombudsman already sees enough legal ground in an earlier vital EU agreement; in Article 1 (2) of the Treaty on the European Union (as amended by the Treaty of Amsterdam in 1997).
The Council argued that the degree of openness of its meetings was a political choice to be made by the Council and said Article 1 (2) of the Treaty on European Union merely indicated that the future Union should be as open as possible. The Ombudsman takes the view that this future has already begun with the Treaty of Amsterdam and the degree of openness is not a political decision but a fundamental right.
At the same time, the European Parliament is also trying to get more influence on procedures initiated by the European Commission of which the details are arranged by committees with representatives of the member states, the so-called Comitology procedure. This Comitology procedure also plays an important role in the debate about the data retention proposal, because Parliament would not have a veto right on decisions taken by member states in comitology to expand the scope of the law. And if member states cannot agree with the Commission, the Council may take the matter in its own hands and take a decision. A group of MEPs led by UK Labour MEP Richard Corbett will be appointed by the European Parliament's constitutional affairs committee to try and negotiate a right to oversee - and where necessary, call-back - decisions taken by the comitology committees.
Press release Ombudsman (11.10.2005)
http://www.euro-ombudsman.eu.int/release/en/2005-10-11.htm
Special report Ombudsman (11.10.2005)
http://www.euro-ombudsman.eu.int/special/pdf/en/032395.pdf
EU Parliament attempts to win new powers (14.10.2005)
http://www.euractiv.com/Article?tcmuri=tcm:29-145842-16&type=News
The US based digital rights organisation EFF has started extensive research into the hidden codes some laser colour printers and photo copiers add to every page they print or copy. In 2004 printer-manufacturer Canon was awarded a Big Brother Award in Germany for secretly adding a unique code to every print-out. Soon after, it turned out the practice is very wide-spread.
The unique number on every print-out is invisible to the bare eye, measuring only 0,1 millimetre. After the Big Brother Award for Canon, the Dutch police immediately admitted they use the codes to detect the sources of print-outs, tracing individual printers through the vendor chain. Questioned by the Lower House, the Dutch minister of Economical Affairs said he agreed manufacturers should inform their customers, but did not create any obligation in that direction.
EFF suspects the US government of having persuaded most manufacturers of including the secret codes, "in a purported effort to identify counterfeiters." In addition to a call to the public to send in print-outs, to create an even more extensive list of printers, EFF has filed a Freedom of Information Act (FOIA) request to find out all about "the Secret Service’s efforts to promote the development and implementation of machine identification code (MIC) technology in colour laser printers and colour photocopiers."
EFF: Is Your Printer Spying On You? (13.10.2005)
http://www.eff.org/Privacy/printers/
EDRI-gram 'Secret code added to most colour prints' (03.11.2004)
http://www.edri.org/edrigram/number2.21/printers
According to the Swedish e-zine The Local, the Swedish Data Inspection Board now allows the Swedish anti-piracy group Antipiratbyrån and the record industry group IFPI to collect the IP addresses of file-sharers.
In an earlier ruling EDRI-gram reported about, the Swedish Data Protection Authority said APB and IFPI broke privacy laws, because they were collecting personal information without permission. Only government authorities were allowed to create registers of criminal offences. The DPA now grants the organisations an exception from the law. APB and IFPI maintain they do not keep extensive personal files, but just pass on the IP addresses to providers or to the police.
From the rulings it seems the anti-piracy group collected the IP addresses itself, with a computer program. In the Netherlands and in Ireland, anti-piracy groups used the services of the US based company MediaSentry to collect the IP addresses. Because this company does not comply with European data protection legislation, ISPs in the Netherlands have successfully objected against claims from the industry to hand-over identifying data of their customers.
Green light to chase file-sharers (13.10.2005)
http://www.thelocal.se/article.php?ID=2282&date=20051013
Swedish DPA reprimands anti-piracy group (15.06.2005)
http://www.edri.org/edrigram/number3.12/sweden
Datainspektionen säger ja till film- och musikbranschen (Swedish, 13.10.2005)
http://www.datainspektionen.se/nyhetsarkiv/nyheter/2005/oktober/2005-1...
The Business Software Alliance has issued a report on the growing online music market. According to the BSA, in western Europe alone it is expected to grow more than 500% by 2008 to 559.1 million euro, from 106.4 million euro this year. The BSA states most of this content is protected by digital rights management, thus making the current levies on recordable media superfluous.
Quoting a report from the powerful German industry association Bitkom about the fact most Germans pay around 150 euro per year on levies on recordable media such as CDs and tapes, BSA calls on all national governments in the EU to phase out the levy system.
The UK, Ireland and Luxembourg do not have a levy system, but in other countries the levies are continuously rising. A previous BSA study forecasted a 500% rise in private copy levies from 2002 to 2006 in France, Spain, Germany, the Netherlands and Italy.
"With DRM technology's expanding role in the market, levies have become a superfluous double tax on consumers," Francisco Mingorance, director of public policy in Europe for the BSA, says in the press release. "Levies were designed to compensate for unpoliceable private copying. But with DRM, the rationale for levies disappears."
Civil rights activists arguing against the ever-expanding scope of copyright levies might not use the same arguments. Digital rights management brings many serious challenges to privacy and to the right of access to information. In the worst scenario, DRM will allow the entertainment industry total and minute control over every second of music or film we listen or view, on what device and where.
BSA press release (13.10.2005)
http://www.bsa.org/eupolicy/press/newsreleases/Study-Finds-Growing-Mar...
Google is offering more detailed information about how it collects and uses personal data of internet users. Since 14 October Google has expanded its privacy policy outlining more details but little change in substance. Some key issues, such as how long personal data are kept, are not answered by the new privacy policy.
The new privacy policy is 'layered' and consists of a easy readable short version and a more comprehensive full version. Google has joined the US safe harbour program in order to bring its data collection practices more in line with EU data protection principles. According to the safe harbour principles personal data can be accessed, corrected or removed by the subject. But Google does put some serious limitations on those rights saying that "extremely impractical" requests for removing will not be honoured, "for instance, requests concerning information residing on backup tapes". The problem does also apply to e-mail messages in Gmail, Googles web e-mail service: "Residual copies of deleted messages and accounts may take up to 60 days to be deleted from our active servers and may remain in our offline backup systems".
Google will use personal information to display customized content and advertising, develop new services and ensure that its network continues to function. The practices aren't new but weren't explicit before. The policy is also more explicit on data security stressing not only that employees have access on a need-to-know basis but will also be fired or criminally prosecuted for violations.
The biggest omission in the privacy policy is however that it doesn't put any limit on how long personal data are kept and how data are removed after it has fulfilled its purpose. The policy can only be read in such a way that Google keeps personal data forever.
In April 2004 Privacy International filed complaints about Google's proposed Gmail service with privacy and data protection regulators in 17 countries. The complaint identifies a large number of possible breaches of EU law including the searching of email content and indefinite retention. Gmail scans e-mail content to display custom advertisements.
Google Privacy Policy (14.10.2005)
http://www.google.com/privacypolicy.html
Gmail Privacy Notice (14.10.2005)
http://gmail.google.com/gmail/help/privacy.html
Privacy International complaint (19.04.2004)
http://www.privacyinternational.org/issues/internet/gmail-complaint.pd...
More on Gmail and privacy (15.07.2004)
http://mail.google.com/mail/help/intl/en/more.html
Google's Privacy Policy In Layman's Words (15.10.2005)
http://blog.outer-court.com/archive/2005-10-15-n31.html
(Contribution by Maurice Wessling, EDRI-member Bits of Freedom)
The EDRI and XS4ALL petition against data retention has attracted over 54.000 signatures, of which over 20.000 from the Netherlands (where the campaign was launched), over 6.000 from Germany and 5.750 from Finland. Runners-up in the daily country count are Bulgaria (over 3.000), Sweden and Spain (over 2.000 each), Austria (over 1.500). Italy, the UK, Belgium, France, Slovenia and the US respectively, have each contributed over a 1.000 signatures.
Currently, 79 organisations and companies have signed in support of the petition. The petition is available in 20 languages.
The campaign continues to invite signatures and support throughout October 2005, when the Commission proposal is debated by the European Parliament. Meanwhile, the Council is still threatening to adopt a framework decision in the last official meeting this year, on 1 December 2005, if the Parliament won't adopt data retention quick enough.
Petition
http://www.dataretentionisnosolution.com
http://www.stopdataretention.com
Petition WIKI
http://wiki.dataretentionisnosolution.com
European Digital Rights needs your help in upholding digital rights in the EU. Donations allow EDRI to hire part-time professional assistance in Brussels and invest in targeted campaigns. With the plans for mandatory data retention and the continuous erosion of digital civil rights, your donation could make a huge difference.
If you wish to help us promote digital rights, please consider making a private donation, or interest your organisation in sponsorship. We will gladly send you a confirmation for any amount above 250 euro.
KBC Bank Auderghem-Centre, Chaussée de Wavre 1662, 1160 Bruxelles, Belgium
EDRI Bank account nr.: 733-0215021-02
IBAN: BE32 7330 2150 2102
BIC: KREDBEBB
Ongoing from 20 October 2005, Zurich, Switzerland
Biweekly talks about copyright, creative commons, netlabels etcetera in
the Rote Fabrik in Zurich
http://www.allmend.ch
25 October 2005, Vienna, Austria
28 October 2005, Bielefeld and Prague, Germany and Czech Republic
29 October 2005, Zurich, Switzerland
Presentations of the Big Brother Awards
International ceremony schedule
http://www.bigbrotherawards.org/
15-19 November 2005, Tunis, Tunesia
Word Summit on the Information Society (WSIS)
http://www.itu.int/wsis/
1-2 December 2005, London, UK, Patenting Lives
Conference in the Queen Mary Intellectual Property Research Institute. The
call for papers closes on 26 August 2005 and invites abstracts on topics
such as Access to Knowledge, Consumer Aspects, Public Interest, Public
Goods, Public Domain and Human Rights.
http://www.patentinglives.org/conference.htm
27-31 December 2005, Berlin, Germany, 22nd CCC congress
http://www.ccc.de/