Commissioner Frits Bolkestein concealed important details on the draft agreement reached with the USA on the transfer of Passenger Name Record Data (PNR) to the U.S. Bureau of Customs and Border Protection when reporting to two Committees of the European Parliament four weeks ago. This is what Bolkestein's spokesman Jonathan Todd has admitted in an interview with German public television station WDR.
On 16 December 2003, speaking to a joint session of the EU Parliament's Legal Affairs and Interior Affairs Committees, Bolkestein claimed that the use of EU citizen’s personal data in the CAPPS-II system was explicitly exempted from the agreement the negotiation group he heading had just reached with U.S. authorities. He made the point that this exclusion was part of 'important concessions' of the U.S. side, prerequisite to the Commission's agreement to the transfer of PNR data to the U.S.: "The arrangement will not cover the US Computer Assisted Passenger Pre-Screening System (CAPPS II)." And: "In concluding my last round of discussions with Mr Ridge, I informed him that in the light of the narrower uses for PNR, the exclusion for now of CAPPS II and all the other improvements they had made, I was prepared to propose that the Commission make a finding of adequate protection with regard to transfers of PNR to the US Bureau of Customs and Border Protection."
"We have", Mr. Todd said on 13 January, "agreed that the TSA may use data for testing purposes. But that includes an obligation not to use the data operationally, to delete them after the test phase and not to pass them on to third parties." It is entirely unclear, however, how the Commission wants to make sure that the deletion will happen and the data is indeed merely used for testing purposes.
The Commission's confession comes one week after EDRI revealed that the U.S. side saw the agreement as covering the use of EU citizen's data "to test - and only to test - CAPPS II". In an e-mail to "Practical Nomad" editor Edward Hasbrouck, Nuala O'Connor Kelly, the 'Chief Privacy Officer' of the U.S. Department of Homeland Security, said that was what "the language of the agreement contemplates".
Mrs. O'Connor Kelly futher more announced: "We also stated publicly that we will immediately begin follow-on discussions with the EU in order to establish a framework for the transfer of PNR data for use by CAPPS II operations once the system has been fully developed and deployed." Mr. Todd now admits this statement correctly reflects the concessions made by Commissioner Bolkestein to the U.S. side: "We are already talking with the Americans about which security measures must be met if PNR data are to be used in CAPPS-II. We hope to reach an agreement as soon as possible once the U.S. Congress has approved CAPPS-II."
According to Article 25 of the EU Data Protection Directive, personal data of EU citizens may be transferred to foreign countries only if these have an adequate level of Data Protection. In particular, the EU Commission has to test whether the data will be fairly, lawfully and securely processed, for limited purposes and in accordance with the data subject’s rights only, whether the transfer is adequate, relevant and not excessive, the data transferred are accurate and will not be kept longer than necessary. The CAPPS-II system, which constitutes an immense Computer network for surveillance purposes, would, according to almost all privacy experts, not meet this criteria. What's more, the U.S. administration plans to interlink CAPPS-II with the even more extensive US-VISIT database system, to which the U.S. 'Intelligence Community' would have direct access, and where the data would be kept 100 years.
EDRi EU Affairs Director Andreas Dietl declared in a public statement on 14 January: "It is a shame that Commissioner Bolkestein has tried to mislead the European Parliament on the nature of the draft agreement dealt out with the U.S. Department of Homeland Security. The Commission has agreed to the abuse of EU citizen’s personal data to test a surveillance system that in its very nature is against the principles of EU data protection legislation. The claim by the U.S. that the data used for testing purposes will be deleted thereafter is merely a joke: the data will still be available in the Computerised Reservation System (CRS), where it can be accessed by government agencies at any time."
Commissioner Bolkestein's speech to the European Parliament (16.12.2003)
http://europa.eu.int/rapid/start/cgi/guestfr.ksh?p_action.gettxt=gt&am...
Press release EDRI (14.01.2004)
http://www.edri.org/cgi-bin/index?funktion=view&id=000100000123
Previous press release EDRI in English (06.01.2004)
http://www.edri.org/cgi-bin/index?funktion=view&id=000100000121
in French
http://www.iris.sgdg.org/actions/pnr/comm-edri0104.html
in German
http://www.quintessenz.org/cgi-bin/index?funktion=view&id=00010000...
Edward Hasbrouck's "Practical Nomad" website
http://www.hasbrouck.org/index.html
The Irish Presidency of Council of the European Union has published a Draft Common position on the planned Directive on the Enforcement of Intellectual Property Rights. On 13 January the Document was discussed in Strasbourg with interested Members of the European Parliament and with the Commission officials who had drafted the initial proposal for the Directive. The Council paper unites many of the worst proposals on this Directive so far, while carefully working around most of the good ones. It has an extremely wide scope, like the Commission proposal, and includes patents, which were deleted from the scope by the Parliament's Legal Affairs Committee.
Unlike the version adopted by the Parliament, it calls for penal sanctions to be imposed on all kinds of Intellectual Property Rights Infringements. The text proposed by the Council on this issue is similar to an amendment suggested by the Phonographic Industry Association, IFPI, and initially tabled erroneously by Austrian Green MEP Mercedes Echerer. The Committee ended up, however, adopting another amendment by Mrs. Echerer calling merely for "appropriate sanctions". While it adopted the reference to limitations in the E-Commerce and Copyright Directives, the Parliament deleted a reference to the regulations on reverse engineering for compatibility in the EU Software Directive.
Council as well as Parliament representatives have made it clear that the current draft of the Council position is still in a fairly early stage of preparation and that it will most probably take more meetings to find an agreement. This will be of importance for all the actors involved, because they want to see the Directive adopted before the enlargement of the European Union, in order not to give accession states, presumed to be the realm of piracy, a say in the drafting. If the Parliament should adopt a position the Council considers unacceptable, there will not remain enough time to go into a second reading before the dissolution of the Parliament in the first week of May. This puts pressure on the Council, but also on the Rapporteur, French Conservative Janelly Fourtou, who shares the Council's wish to adopt the Directive before the end of the term, to go ahead with negotiations and to find compromises. The next trilogue meeting will already take place next Tuesday 20 January in Brussels. It is almost certain now that the vote in the Parliament's Plenary will be delayed at least until the session in early March and maybe even to the one at the end of that month.
'Partially accessible' version (with all footnotes deleted) of the Draft Council Common Position (19.12.2003)
http://www.ffii.org.uk/ip_enforce/st16289.en03.PA.pdf
(Contribution by Andreas Dietl, EDRI EU affairs director)
In an important victory for Italian consumer rights, an Italian court has rejected the seizure of Sony PlayStation game consoles that use modified chips to permit unauthorised uses of the game systems. The case is one of the first to be brought in Italy under the new European Union Copyright Directive (EUCD).
In December 2003, the Public Prosecutor of Bolzano issued a search and seizure warrant against companies that purchased modified consoles from another company previously investigated by the Public Prosecutor of Bassano del Grappa. On 13 December this warrant lead to the seizing of a PlayStation and some modified chips from a company in Rimini.
This company took the case to the (civil) court to decide whether the producer of a device or computer, such as the Sony PlayStation Console, "to which extent a machine seller can forbid the modifications allowing a use different than the ones he likes." According to this court’s decision under Italian civil law, the answer is no.
The case was brought under article 171-ter of the Italian copyright law, which implements the EUCD in Italy and was passed in April of 2003.
"The Bolzano Court ruled that the new law does not apply because the modified chips are not primarily intended to circumvent copyright protection measures," explained University of Milano Law Professor Giovanni Ziccardi. "The court held that the aim of the modified chips is not to create infringing copies, but rather to fight Sony’s monopolistic business practices and to allow consumers to exercise a fuller range of their rights such as reading imported discs, back-up copies of games, and other lawful but unauthorised discs," said Ziccardi, IP Justice Board Member in Italy.
Verdict Bolzano Court in English (31.12.2003)
http://www.alcei.it/english/actions/psmodchip.htm
Press release by IP Justice - USA (12.01.2004)
http://ipjustice.org/media/release20040112_en.shtml
On 8 January 2004 the second reading by the French National Assembly of the draft law on Digital Economy (Loi sur la confiance dans l'economie numerique or LEN) stirred up public controversy. The law aims at transposing the E-Commerce Directive (2000/31/EC) and part of the Directive on Privacy and Electronic Communications (2002/58/EC).
The National Assembly not only confirmed its willingness to allow for private justice in France with the notice and take down procedure, but it also adopted a general obligation on hosting providers to monitor the content of their customers, a measure explicitly forbidden by the E-Commerce Directive. In addition, access and hosting providers would have the obligation to filter some contents upon judicial request, a measure which obviously applies to content hosted on foreign websites. Another amendment from the right-wing UDF party obliges internet providers to warn against possible infringements of copyrights in all their advertisements with the mandatory line: 'piracy harms artistic creation'.
Moreover, the National Assembly adopted a new definition of e-mail, which is no longer qualified as "private correspondence". While this incredible provision could be seen as the French effort to commemorate the 20th anniversary of 1984, it is simply the result of a deal made by the French government and the right-wing majority with the audio-visual industry. With the new provisions they want to fight the exchange of music files and P2P activities.
Civil liberties organisations, trade-unions, and associations of Internet users have opposed the project since the beginning of the transposition process in February 2003. They are all against what they call "privatisation of justice", which would be the result of the introduction of a notice and take down procedure in French legislation. Currently, hosting providers can only be held liable for illegal content they host if they don't comply with a judicial injunction to remove the content.
Many actions have already been undertaken by LEN opponents: EDRI-member IRIS has launched a petition against this provision in the draft law, together with the French Human Rights League, the G10-solidaires association of trade-unions, and two non commercial providers which has recently faced lawsuits (see EDRI-gram issue 23). The petition has been signed by more than 8.000 individuals and 170 organisations. Other actions have been undertaken by Odebi, an association of Internet users, and by Reporters without Borders (RSF).
After the second reading, the campaign of civil liberties associations was joined by the French ISP association (AFA). In a press conference held on 13 January under the header "LEN: 10 millions of presumed guilty", they announced their decision to simply stop hosting the whole set of services (chats, web fora, personal web pages, ...), if the draft law is not modified. While the French ISPs can accept the notice and take down procedure, they completely refuse the general surveillance obligation, the content filtering provision, and the new definition of e-mail. For the first time ever, they have launched themselves a petition sent to all their subscribers. In a single day, French ISPs have received 11,000 individual signatures.
The draft law must now undergo second reading by the French Senate, scheduled for mid-February. After that, a commission should be set up to approximate the text resulting from both Chambers. In case of final disagreement, the National Assembly has the 'last word'. The parliamentary opposition (left-wing) has already been called upon by IRIS and RSF to submit the final text to the French Constitutional Council. In addition IRIS has committed to file a case against the French government for violation of the European legislation, in case the opposition fails.
IRIS comprehensive dossier on the LEN
http://www.iris.sgdg.org/actions/len/
IRIS petition
http://www.iris.sgdg.org/actions/len/petition.html
AFA, French ISP Association
http://www.afa-france.com
RSF press release (09.01.2004)
http://www.rsf.org/article.php3?id_article=9011 (French)
http://www.rsf.org/article.php3?id_article=9014 (English)
Odebi, Internet users association
http://www.odebi.org
(Contribution by Meryem Marzouki, IRIS)
The Belgian consumer group Test Aankoop (in French: Test Achats) is starting a court case against 4 leading companies in the music industry. Test Aankoop, member of the European Consumer association BEUC, is suing Sony, EMI, BMG and Universal Music at a Brussels court for using technical protection measures on their music CDs that make it impossible for consumers to make private copies.
Test Aankoop says it has received many complaints from consumers that the music CD's they have bought can not be played on computers and that it is impossible to make a private copy as allowed by the Belgian Copyright Act of 1994. The consumer group has gathered hundreds of consumer testimonials about specific music CD titles such as 'My tribute to the King' by Helmut Lotty (EMI); 'Laundry Service' by Shakira (Sony); '1 Giant Leap' by Faithless (BMG) and 'Greatest Hits' by Björk (Universal).
In the law suit Test Aankoop argues that consumers are granted the right to make private copies under Belgian law and that the music industry is compensated with a levy on blank recording media such as CD-R's. Test Aankoop is asking the court in Brussels to order the music industry to stop selling music CD's with technical protections.
Belgium has not yet implemented the EU Copyright Directive (2001/29/EC). It is not clear yet how the draft implementation, currently discussed in the Belgian Senate, will protect the right to make private copies.
In May 2003, 2 French consumer groups also started legal procedures against several major record companies in order to fight copy protection on CDs. EMI Music France was condemned for deception and ordered to print the following warning on copy protected CD's: 'Attention, this CD cannot be read by all players or car-radio's.' (see EDRI-gram issue 13, 16 July 2003).
Press release Test Aankoop in Dutch (01.01.2004) http://www.test-aankoop.be/engine.asp?ref_id=5-1.1-1.1-1&press_id=...
Press release in French (01.01.2004) http://www.test-achats.be/engine.asp?ref_id=5-1.1-1.1-1&press_id=2...
On 5 January 2004 the Irish Free Software Organisation (IFSO) was launched. Since June 2003, members of a European free software mailing list have been collaborating on issues such as software patents, and the European Copyright Directive. One of the founders, Ciaran O'Riordan, comments: "With Ireland holding the presidency of the EU for the next six months, political lobbying in Ireland will be of increased importance. The fate of the software patentability directive is still undecided, and we now also have the Intellectual Property Rights Enforcement Directive to deal with. In the coming months, we also hope to work on spreading education and adoption of Free Software in Ireland."
Irish Free Software Organisation
http://ifso.info/
Ciaran O'Riordan
http://www.compsoc.com/~coriordan/
With four million CCTV cameras watching the public, the UK now has the highest level of surveillance in the world. The number of closed circuit television (CCTV) cameras has quadrupled in the past three years, and there is now one camera for every 14 people in the UK. According to an article in the newspaper The Independent, residents of a city such as London can each expect to be captured on CCTV cameras up to 300 times a day.
The Information Commissioner Richard Thomas, appointed to supervise data protection, responded on 13 January with an instruction to the operators of the cameras to destroy images of people caught on film as soon as possible.
The next day Thomas announced more measures to help organisations and businesses interprete the Data Protection Act of 1998. These measures include strengthening the Data Protection Helpline, developing more practical and user friendly guidance for organisations and a renewed call for responses to a consultation announced in the summer of 2003 on 'making data protection simpler'.
The Information Commissioner explained: "Data protection law stands in the way of a surveillance society where government and commercial bodies know everything about everybody. It helps to prevent the growing problems of identity theft and the buying and selling of personal information. The data protection principles are largely matters of common sense and fairness but data protection can never be a set of detailed Do's and Don'ts.
Statement from the Information Commissioner (in MS Word, 12.01.2004)
http://www.informationcommissioner.gov.uk/cms/DocumentUploads/Data%20p...
Big Brother Britain, 2004 (12.01.2004)
http://news.independent.co.uk/uk/this_britain/story.jsp?story=480364
Privacy International CCTV Dossier
http://www.privacyinternational.org/issues/cctv/index.html
Ms Brindusa Armanca, a journalist from the Public Romanian Television, was fired recently for an internet posting. She was accused of spreading negative opinions about the public broadcaster via a discussion list on the internet. The discussion list is FreeEx, a public online forum dedicated to journalists hosted by Yahoo. The list is part of a Freedom of Expression Project Romania, an initiative started in 1999 to defend freedom of speech in Romania, make government officials recognise the journalist status and generally raise awareness on the importance of freedom of speech and the frequent cases of its violation in Romania. In 2003 the program was financially supported by the Open Society Institute, the Konrad Adenauer Foundation and the International Federation of Journalists.
Ms Armanca announced she will appeal the decision in court.
Report in the Rumanian newspaper Evenimentul Zilei (14.01.2003)
http://www.evenimentulzilei.ro/investigatii/?news_id=142770
Freedom of Expression Project
http://www.freeex.org/en/index_en.html
(Contribution by Bogdan Manolea, Romanian legal expert)
With the planned inclusion of two biometric identifiers into EU Member States' passports and ID Cards as well as Visa to the EU, it was only a question of time when the first plans to store these identifiers in an EU-wide database would be announced.
The announcement came shortly before Christmas: Biometric data will, according to a Communication from the EU Commission, be included in the data sets referring to persons in the next-generation Schengen Information System. While the update of the present Schengen Information System (SIS) was initially justified by this system's inability to deal with the 25 Member States the EU will have after the enlargement (SIS can only deal with up to 18 national databases), new features have been added continuously to SIS-II, making it the hub of future EU surveillance networks. The present SIS contains, in practice, personal information mostly on non-EU citizens who have been denied access to the EU. SIS-II, which is to become operational in two year's time, will, according to the Commission, be 'integrated in the same architecture' as the future Visa Information System (VIS). Europol, the EU police force, will have access to both.
Communication from the European Commission to the Council and the European Parliament: Development of the Schengen Information System II and possible synergies with a future Visa Information System (VIS) (11.12.2003)
http://europa.eu.int/eur-lex/en/com/cnc/2003/com2003_0771en01.pdf
EU Commission general information on SIS II
http://europa.eu.int/scadplus/leg/en/lvb/l33183.htm
Statewatch: Biometrics - the EU takes another step down the road to 1984
http://www.statewatch.org/news/2003/sep/19eubiometric.htm
(Contribution by Andreas Dietl, EDRI EU affairs director)
The case against DVD-Jon (Jon Johansen) finally ended on 5 January 2004, when the Norwegian Economic Crime Unit (Okokrim) confirmed it would not appeal the upholding of his acquittal on copyright charges to the Supreme Court of Norway. DVD-Jon won the first trial on the 6th of January 2003. The Norwegian Okokrim appealed but Jon also won the new trial on 22 December 2003.
The case started in 1999 when the Norwegian teenager reverse-engineered DVD-technology and wrote DeCSS software, in order to build an independent DVD player for the Linux operating system (See EDRI-gram nr. 23).
Second acquittal by the Borgarting Appellate Court in English (22.12.2003)
http://efn.no/DVD-dom-20031222-en.html
For the fourth consecutive year, French civil liberty activists will present the French Big Brother Awards during an Orwell Party in Paris on Wednesday 4 February 2004. Since Privacy International presented the first Big Brother Awards in 1998 to government agencies, private companies and individuals who have excelled in the violation of privacy, an international tradition has begun. In 2003, the awards were presented in 14 different countries.
Besides the usual 4 categories of products, institutions, governments and companies and the special prize for persons (for a lifetime achievement), the French have added a special Orwell Europe prize to the contest list. The public is invited to nominate candidates that have excelled in violating privacy and generally increasing surveillance. The deadline for nominations is Friday 16 January. In order for the jury to evaluate the facts, nominations must contain solid facts and sources. The jury will publish both the complete list and the selected nominations on 24 January.
Nominations for the French Big Brother Awards
http://candidats.bigbrotherawards.eu.org/
General information about the Big Brother Awards
http://www.bigbrotherawards.org/
On 14 January 2004 the Dutch scientist Bert Jaap Koops, working for the information law department of the University of Tilburg, released an update of his extensive Crypto Law Survey, a unique collection of worldwide resources about cryptography and the law. The new version contains updates about the legal situation of cryptography in 6 European countries:
- Belgium (current state of Program Act) - Italy (radio-amateur law) - Lithuania (export and import controls, no domestic law) - Netherlands (no TTP law) - Spain (new Telecommunications Act) - Switzerland (radio-traffic law)
Crypto Law Survey, version 22.0 (14.01.2004)
http://rechten.uvt.nl/koops/cryptolaw/
Koops' thesis on 'The Crypto Controversy' is now also available online full-text in PDF. The Crypto Controversy gives an overview of the crypto problems for law-enforcement and their 'solutions'.
http://law.uvt.nl/koops/thesis/thesis.htm
30-31 January 2004, Stockholm, Sweden - WHOLES
Multiple View of Individual Privacy in a Networked World. An international workshop to explore interdisciplinary approaches to privacy.
http://www.sics.se/privacy/wholes2004/
4 February 2004, Paris, France - Orwell Party
Presentation of the French Big Brother Awards, in the Centre culturel La Clef, 21 rue de la Clef 75005 Paris.
http://bigbrotherawards.eu.org/2003/
9 February 2004 - Deadline Call for Papers
Selected papers are to be presented at the Center for Intellectual Property 2004 Annual Symposium, titled Colleges, Code and Copyright: the impact of digital networks and technological controls on copyright and the dissemination of information in higher education on 10 and 11 June 2004 in Adelphi, Maryland (USA)
http://www.umuc.edu/odell/cip/symposium/cpapers.html
25 March 2004 - Deadline Call for Papers
The European Black Hat conference 2004 will take place in the Krasnapolsky Hotel in Amsterdam, the Netherlands, from 17 to 20 May 2004. Papers are invited especially about the European perspective on Privacy, Anonymity, and DRM.
http://www.blackhat.com/html/bh-europe-04/bh-europe-04-cfp.html