(Dieser Artikel ist auch in deutscher Sprache verfügbar)
Despite the recent decision of the European Court of Justice (ECJ) on the annulment of the EU-US deal on Passenger Name Records PNR data, the European Commission is trying to push for PNR data to be shared also with the secret services of the European governments for all the flights within Europe.
The new position expressed by Friso Roscam Abbing, spokesman for Vice President of the European Commission and Justice and Security Commissioner, comes just a few days after several people were charged in UK for alleged plans to blow up transatlantic planes.
This time the data would not be reduced to the name or address of the passengers and could include also information related to their credit card, telephone numbers, hotel reservations or other details as available in the files created by the global travel reservation services. The same principles as in the deal with US should be maintained in the new proposal, where the PNR data will be available to the European governments that should have access to the same 34 pieces the information. The data could be kept for three years. According to the spokesman, "The information would be handed to the government of the country a person was flying to and would only be used for anti-terrorism purposes."
Until now, no official proposal was sent to the Commission, but a draft document is being discussed. Such a proposal should be approved by the Commission and the Council of Ministers.
This decision comes in close connection with the EU-US PNR agreement that needs to be re-drafted in order to comply with the ECJ decision. US officials are also trying to push for an extension of the data shared in the new agreement. In a recent interview Homeland Security Secretary Michael Chertoff said that the US Government wanted to search broadly through the PNR data in order to identify people that could be linked to terrorists.
Under the former agreement, the US was limited in sharing the PNR data with other law enforcement agencies for cross searches between databases.
Officials Seek Broader Access to Airline Data (22.08.2006)
http://www.nytimes.com/2006/08/22/washington/22data.html
Security services will be given passenger data on all European flights
(22.08.2006)
http://www.out-law.com/page-7218
Frattini to propose giving up passenger privacy to uncover terror plots
(23.08.2006)
http://www.euractiv.com/en/justice/frattini-propose-giving-passenger-p...
Michael Chertoff - A Tool We Need to Stop the Next Airliner Plot
(29.08.2006)
http://www.washingtonpost.com/wp-dyn/content/article/2006/08/28/AR2006...
EDRI-gram : EU-US agreement on passenger data transfer annulled (7.06.2006)
http://www.edri.org/edrigram/number4.11/pnr
EDRI-gram : The European Commission dribbles the Parliament again in the PNR
deal (21.06.2006)
http://www.edri.org/edrigram/number4.12/pnr
(Dieser Artikel ist auch in deutscher Sprache verfügbar)
European media scholars criticized a European Commission proposal for a new EU Directive on Audiovisual Media Services for its vague regulatory concept of 'non-linear audiovisual services' that would also affect the Internet. The criticism was expressed in the "Budapest Declaration for Freedom of the Internet" drafted by Peter Molnar, PhD, Senior research fellow at the Center for Media and Communication Studies at the Central European University. The Declaration is open for further signatures by media scholars.
"The unjustifiable restrictions suggested in the draft proposal of the European Commission would put freedom of speech and freedom of information at risk especially in Central-, and East-European countries where arbitrary use of the state regulatory power is more likely than at least in some West-European democracies," the scholars warn.
The draft Directive is meant to replace the Television without Frontiers Directive (TVWF) from 1989 (last revised 1997). It establishes regulations for two types of audiovisual media content: 'linear' and 'non-linear'. 'Linear services' are classic TV broadcasts. 'Non-linear services' include on demand services and commercial audiovisual content, also on the Internet.
The regulation for 'linear services' would be similar to those that the TVWF already imposes on TV services, but it would be simplified. 'Non-linear services' would be subject to a lower degree of regulation.
Despite the ongoing discussion there is still a considerable uncertainty on what kind of media could qualify as 'non-linear audiovisual media' that would fall under the basic tier regulation of the proposal.
Critics, also among delegations from European Union member states, fear that weblogs, online video games, or private websites with advertisement banners might also fall under the scope of this Directive, as they are not strictly 'non-commercial'.
Other examples for content that cannot be easily defined under the provisions of the proposal include newly emerging video hosting platforms like 'Youtube' or similar offers at 'Google', 'Yahoo' or elsewhere.
The European Commissioner for Information Society and Media, Viviane Reding, assures however that the proposal for the Audiovisual Directive is not about new restrictive provisions but will create the legal framework for new services in the internal market by further co-ordination of minimum standards. She states that the proposed piece of legislation complements other elements of Community legislation, especially the e-Commerce Directive that does not provide for harmonised rules in some essential areas of public interest such as the protection of minors.
The Budapest Declaration, on the other hand, expresses concerns that the "extension of the scope of some rather burdensome part of the Television Directive to the internet - as the draft new directive of the European Commission suggests in far too vague terms that would leave content providers and users uncertain about whether or not their various activities are regulated by this new directive - would be an unjustifiable restriction on freedom of speech and freedom of information."
Instead, the signatories argue, "the e-Commerce Directive of the European Union already provides the necessary regulatory framework for the information society services."
The Declaration has been submitted to Members of the European Parliament and is open for further signature by media scholars.
The European Commission submitted the proposal to the European Parliament on 13 December 2005. According to Commissioner Reding, the adoption by the Cultural Committee of the European Parliament is scheduled for October and finally the vote in plenary will take place in December 2006. A political agreement in Council could be reached under the German Presidency (1st half 2007) and the second reading could take place under the Portuguese Presidency (2nd half 2007).
Budapest Declaration for Freedom of the Internet (15.06.2006)
http://www.edri.org/docs/BudapestDeclaration.pdf
Signatures can be submitted to Peter Molnar and Laura Ranca
http://www.cmcs.ceu.hu:8080/cmcs/people/peter_molnar
Modernising the TV without Frontiers directive
http://europa.eu.int/information_society/newsroom/cf/itemlongdetail.cf...
EDRI-gram : Draft Audiovisual Media Services Directive under criticism
(24.05.2006)
http://www.edri.org/edrigram/number4.10/audiovisual
(Contribution by Christian Möller)
(Dieser Artikel ist auch in deutscher Sprache verfügbar)
France has tried to implement an Internet voting system that should have allowed French citizens living abroad to vote during the presidential elections in 2007. However, the system has been criticized and has not been proven to be reliable.
The French living abroad are represented by the AFE (Assemblée des Français de l'Étranger), a consultative body which elects 12 senators (out of 331). Half of the AFE was replaced in June 2006. Votes could be cast either in embassies (in a traditional way), by regular mail or Internet.
In 2003, Internet voting had been used for the first time and it was then restricted to voters living in the USA. This time, all the 525 000 voters were concerned. The purpose was to allow afterwards these expatriates to use the Internet for the 2007 presidential election; a bill has been submitted.
28 138 voters had registered to use the Internet and as the typical turnout is low (less than 20%), this represented about a third of expected voters. The procedure was complicated: during the week before the election, the voter had to confirm his/her registration and had to test his/her computer's compatibility and especially the Java virtual machine. Only 10 201 people finally voted.
EADS was the company that produced the software named Cybervote and Experian was the company that actually ran the election. Servers were located in the south of France. The replication of the operation of a normal polling station was attempted. During a week in Paris, the poll clerks (in French assesseurs) sat in front of computer screens showing how many people had voted, if the electronic ballot box was consistent, and transmitting images from a camera located in the servers room.
The real polling stations organized the traditional vote and counted the mail voting. In each country in Europe and Asia, there were from one to seven of them. They also received the results of the Internet voting, together with the list of the actual voters. In several countries, only one or two voters had opted to use Internet, so a breach of vote secrecy was thus inevitable which, curiously, had not been anticipated. In the middle of the election period, it was decided to block electronic voting concerning these countries. How that was done is unclear and most of the poll clerks had not been informed before the final day of election.
Will this poor organization turn one's attention away from background problems ? Three computer scientists doing research made each a report on this election. Two of them had been commissioned by the two main political parties during the election. The three reports express many common concerns. They all remind why many safeguards exist in the normal voting procedures: "when the poll workers and assesseurs report results at the end of the day, these results are accepted as legitimate because everyone can see and understand every part of the process. There are many safeguards in this process, every safeguard is there because without it there was cheating in the past, and every safeguard is one in which the assesseur participates directly. In contrast, the process of an Internet election - this Internet election for the Assemblée - has no safeguards that the assesseurs can assess directly."
All three reports question the reality of the poll clerks' control: "Computers can be programmed to simulate almost any phenomenon. A computer program can conduct an accurate election or a fraudulent one. The assesseurs have no way of knowing what program is installed on the computers ... that run the election, because EADS guards that program as a trade secret and will not show it to the assesseurs. Even if EADS showed them the program, the assesseurs have no way of knowing whether the program showed to them is the same one that is installed on the computers."
SERVE was a system aimed to allow the U.S. soldiers abroad to vote by Internet. The three reports remind that the Pentagon abandoned SERVE without using it, on the basis of an alarming experts' report. Andrew Appel, Professor at Princeton University, comments on this abandonment: «As an expert in computer security and in voting technology, I believe that this was a wise decision.».
In his report, Bernard Lang, from INRIA, the French national computer-science research laboratory, analyses the decree that organizes this election. He reminds the poll clerks that they commit to a greater responsibility than they realize, because what they are asked is unspecific, or very technical. He formulates a long list of questions and reservations. For example, when the decree says: "The electronic polling station staff states that the electronic ballot box is empty", Bernard Lang recommends: "It is important to clarify that you state that the provided monitor screen shows that the electronic ballot box is empty. Never assert that it is actually empty."
Andrew Appel concludes: "the French people and the assesseurs that represent them will have no way to be confident that the election was conducted accurately and without fraud. Internet elections are not possible to conduct in a way that ensures legitimacy."
Does the CNIL, the French Data Protection Authority, back these hazardous experiments against its own advice ? The CNIL published in 2003 a recommendation - a requirement list to be fulfilled by an Internet election process.
The CNIL also examines most of the projects at the beginning of their setup. An officer from the CNIL explained in April 2006: "in all electronic voting operations, there are things that do not go well. There are lost votes, votes impossible to decipher, votes that do not work at all. It happened these last years, it has to be said." The election organizers - the Ministry of Foreign Affairs as well as the companies - constantly emphasised that everything complied with the CNIL's recommendations. However, the CNIL had already «emphasised» the «succinct character» of the provided technical documents, allowing it "to assess only partially if the ... specifications ... were fulfilled.". The CNIL had also «deplored» the absence of an expert's report. According to the draft of the decree organizing the election, the CNIL was to receive this expert's report commissioned by the Ministry of Foreign Affairs at some later time. This requirement vanished from the published version of the decree. As usual, the expert's report was not published.
One week before the election, the CNIL published an overview of Internet voting around the world. It reminded that the USA, the UK and Spain have abandoned their projects. Only three countries have significant projects: Estonia, Switzerland and South Korea. In the middle of the election period every reference to this overview vanished from the CNIL's website.
On the Internet vote for the Assemble des Francais de l'etranger - Andrew W.
Appel (14.06.2006)
English version
http://www.cs.princeton.edu/~appel/papers/urne.pdf
French version
http://www.recul-democratique.org/appel-afe.pdf
Report on the usage of Internet voting for the elections at the Assemblée
des Français de l'Étranger in June 2006 - Bernard Lang (in French only,
23.06.2006)
http://traitdunion.homeip.net/ELECTIONS-AFE-2006/COMMPRESS/c1.html#rap...
Observations report - François Pellegrini (in French only, 12.06.2006)
http://www.recul-democratique.org/pellegrini.pdf
A Security Analysis of the Secure Electronic Registration and Voting
Experiment (SERVE) - David Jefferson, Avi Rubin, Barbara Simons and David
Wagner (20.01.2004)
http://servesecurityreport.org/
(Contribution by Pierre Muller, founder of recul-democratique.org)
(Dieser Artikel ist auch in deutscher Sprache verfügbar)
SWIFT has recently confirmed that it had succeeded in putting some restrictions to the US Treasury's programme of transferring transactional data from them. However, the activities of the company since 2001 are still under investigation by several European bodies.
The US Treasury's programme has been operating, without oversight, by subpoenas, after 11 September 2001 terrorist attacks in view of tracking down terrorist funding. US Government has thus gained access to records stored in SWIFT data centres all around the world of financial transactions performed in more than 200 countries. Concerns were expressed as to the extent and amount of data transferred.
SWIFT has announced during August 2006 that the US Treasury agreed they could only take limited sets of data that could then be searched only for specific transactions proven to have links to terrorism. The searches will be audited by SWIFT as well as an external auditor.
But this is not considered enough by Privacy International (PI) who launched on 28 June 2006 an international campaign against the SWIFT activities and filed simultaneous complaints with Data Protection and Privacy regulators in 33 countries. PI still wants a proof that "the Treasury was only able to see records that it knew contained details of terrorist financial transactions."
The SWIFT case is also under discussion in several data protection regulators. On 23 August, European data protection regulators met within the Article 29 Data Protection Working Party to discuss the case of SWIFT, hoping they could direct the case into the jurisdiction of EU data protection law. As security matters are not covered by EU regulators jurisdiction, they cannot intervene in the case of the US subpoenas on European firms if their purpose is national security.
As most EU member countries extended the EU Data Protection directive implementation in order to include security matters, the national Belgian law has competence over Swift in this case. However, Article 29 Data Protection Working Party would not like to rely only on the Belgian law as in the absence of a EU law, member countries may individually enter bi-lateral agreements with US for an unrestricted transfer of data.
The Independent State Center for Data Protection of the German federal state of Schleswig-Holstein (ULD) has already performed an analysis of the SWIFT transfer of sensitive data to the US Government.
The conclusion of the analysis was that for intra-European transactions, the transfers of records to the US Government violated a substantial number of provisions of German and European privacy legislation and should be stopped immediately.
SWIFT is seen as a data processor for German banks, thus giving the Commission of Schleswig-Holstein jurisdiction over the case. As regards the transactions between EU and US banks, the analysis also states there was no legal basis because of the lack of data protection safeguards in the U.S.
Thilo Weichert, the head of the ULD, said they expected "banks to create in the very near future the legal and technical conditions for processing transfer order data in a permissible fashion." He stated that proper data protection regulations were required as well as clear procedures to establish authority and technical safeguards.
ULD has given the banks in question a deadline until the end of September to report back to it on the measures adopted.
US authorities had free rein over world's bank data (22.08.06)
http://www.theregister.co.uk/2006/08/22/terrorist_finance_snoop/
EU may be powerless to stop US snooping (25.08.06)
http://www.theregister.co.uk/2006/08/25/eu_vs_us_snooping/
German Lander Commissioner legal analysis condemns SWIFT transfers to U.S.
(25.08.06)
http://www.privacyinternational.org/article.shtml?cmd³³0³=x-347-542162
ULD Opinion on the Swift Case (only in German, 23.08.2006)
http://www.datenschutzzentrum.de/wirtschaft/swift/060825_swift.pdf
Privacy watchdogs: US authorities' access to SWIFT data must be stopped
(26.08.06)
http://www.heise.de/english/newsticker/news/77305
Update and Q&A to SWIFT's 23 June 2006 statement on compliance
http://www.swift.com/index.cfm?item_id=60275
EDRI-gram: Terrorist Finance Tracking Program raises privacy questions
(5.07.2006)
http://www.edri.org/edrigram/number4.13/swift
(Dieser Artikel ist auch in deutscher Sprache verfügbar)
The German anonymization program An.On, developed by the University of Dresden and the regional data protection authority of Schleswig Holstein (ULD), is enabling its users to surf anonymously via a Java-webproxy. The program has been heavily criticized by the Minister of Justice of the German federal state of Schleswig-Holstein Uwe Döring, even though An.On is still being financially supported by the German Federal Ministry of Economics and Technology.
Considering that combating terrorism has become a much more important objective than respecting privacy and the right to anonymity on the Internet, Mr. Doring said that "The spending of taxpayers' money on a project that makes it possible for terrorists and criminals of all kinds to commit crimes without being caught, cannot be countenanced. In these days of the War on Terror it was essential that the authorities obtain information fast. Such programs are more or less designed to foil authorities' attempts to act swiftly" He then asked that limits should be set to the programme and said that the programme should not be available free of charge on the Internet.
After the 2003 legal action against An.On when a German district court confirmed the legality of such a service, this new statement came as a new attempt from the law enforcement authorities to stop this project although supported by an independent state agency.
The ULD has promptly reacted and dismissed the claims of Mr Doring, explaining that "The project was carried out in close cooperation with the prosecuting authorities of both the German federal states and the federal government. If there was reasonable suspicion of a crime and if the German Code of Criminal Procedure provided for such an approach in the case in question, it was quite possible to register the IP addresses of computers."
The Internet content was also the main target of another initiative of the German officials. The Federal Minister of the Interior and the German police trade union have recently announced their intention to closer monitor the Internet content in order to identify the terrorist activities and illegal propaganda on the web. To achieve that, they considered that they needed more experts "with appropriate language skills" in order "to intensify the monitoring of the Internet", but they didn't give details on the type of Internet monitoring taken into consideration.
ULD: "Hands off AN.ON" (only in German, 22.08.2006)
http://www.datenschutz.de/news/detail/?nid=1911
Minister of Justice criticizes anonymization service (23.08.2006)
http://www.heise.de/english/newsticker/news/77162
Federal minister and GdP call for more stringent monitoring of Web content
(24.08.2006)
http://www.heise.de/english/newsticker/news/77200
An.On Service
http://anon.inf.tu-dresden.de/win/download_en.html
EDRI-gram : Police Raids German Anonymiser (10.10.2003)
http://archive.edri.org/cgi-bin/index?id=000100000109
(Dieser Artikel ist auch in deutscher Sprache verfügbar)
OSS Watch performed a survey during February and March 2006 on UK Higher Education and Further Education institutions with the purpose to get an image of the present situation of open source software (OSS) in the target group. A comparison was made with the previous similar report drafted in 2003 and future work areas were identified for OSS Watch activities.
The survey was carried out by Dr. Ellen J. Helsper. Helsper, a Tutorial Fellow at the London School of Economics and Political Science, considered also the reasons for using OSS and the contribution to the OSS community by the target group.
Having received answers from 23 institutions, the present study shows a positive trend in the use on OSS in both types of institutions.
Some of the findings of the 2006 survey are that:
- Although only 25% of institutions mention OSS in an institutional policy,
in practice 77% of institutions consider OSS when procuring software;
- 69% of institutions have deployed OS software on servers;
- 100% of institutions provide Internet Explorer on their Windows desktop
PCs, yet 68% now also provide Mozilla Firefox;
- 56% of Further Education institutions use Moodle as a Virtual Learning
Environment;
- there is a big number of CMS solutions in use;
- cost continues to the principal driver in reasons for considering OSS.
One of the most important results of the report is that OSS solutions have increased since 2003 and will certainly continue to be used in educational institutions also in the future.
OSS Watch Survey 2006 (07.06)
http://www.oss-watch.ac.uk/studies/survey2006/
OSS Watch Survey 2006 - Press release (4.08.06)
http://www.oss-watch.ac.uk/press/pressrelease-2006-08-04.pdf
(Dieser Artikel ist auch in deutscher Sprache verfügbar)
Although concerns have been expressed by the scientific services of the German Parliament's lower chamber on the implementation of the EU directive on data retention, the Ministry of Justice continues with its work on a draft bill in this matter.
Doubts have been expressed by the scientists on the compatibility of the EU directive with the fundamental privacy rights recognized by the EU and especially in relation to the German Constitution, which guarantees the citizens the right to privacy.
The choice of procedure - the data retention directive was initially submitted as a framework decision, but withdrawn since it would not get unanimity of votes - has been questioned as usually such a procedure is chosen with the purpose of harmonizing legal and administrative provisions to ease up the operation of a single market.
The doubts expressed by the scientists were also related to the implementation of the directive into the German legislation in "a constitutional manner" mainly in connection with the 6 months period of data retention decided by the European Commission as the minimum period that would help in combating terrorism. One of the reasons for concern was that the EU directive gives freedom to the Member States to pile up large amounts of data over long periods of time even in cases of milder crimes.
However, the Federal Ministry of Justice affirmed that the bill could meet both the requirements of the EU and German legislation, without contradicting the German Federal Constitution. Klaus-Uwe Benneter, a member of the Bundestag, stated the act could be drafted so as to comply with the provisions of Germany's constitution, reminding that it was up the each state to create a balance between "data protection and the protection against terrorism".
New doubts about the legality of telecommunications data retention(17.08.06)
http://www.heise.de/english/newsticker/news/76958
Federal Ministry of Justice to stick with its plans for telecommunications
data retention (24.08.06)
http://www.heise.de/english/newsticker/news/77215
EDRI-gram: German Parliament rejects motion against data retention
(21.06.06)
http://www.edri.org/edrigram/number4.12/germandataretention
EDRI-gram: Data Retention faces growing opposition in Germany (24.05.06)
http://www.edri.org/edrigram/number4.10/dataretentionde
(Dieser Artikel ist auch in deutscher Sprache verfügbar)
In a public demonstration at the Black Hat security conference in Las Vegas on 3 August 2006, Lukas Grunwald's, CTO of German security consultancy DN-Systems Enterprise Internet Solutions, made a demonstration on how electronic passports could be cloned. The industry that produces the passports has denied the allegations.
The German consultant made a demonstration showing the data on the e-passport chip can be easily copied. He has shown that the data can be transferred onto a blank chip that can then be inserted into a blank document looking like the original passport to the electronic passport reader.
Thus, a terrorist could use a passport with his/her real name and picture including a fake chip with different information copied from someone else's passport and could pass through an electronic screening system. Grunwald made the demonstration on a new European Union German passport, but the method could be used on any type of new electronic passport. He considered that: "From my point of view all of these (biometric) passports are a huge waste of money - they're not increasing security at all."
However, the Smart Card Alliance states e-passports are secure and almost impossible to counterfeit as they are based on several security layers. Although presently the data on the chip is not encrypted, it is digitally signed by the authority issuing the passport making any changes "visible" at a passport control.
Grunwald's counterfeiting technique needs the possession of the original passport that cannot be cloned from someone's pocket or bag. The e-passport has a feature called Basic Access Control that requires the unlocking of the RFID chip by officials by means of a unique key printed in the passport page.
Frank Moss, deputy assistant secretary of state for passport services at the State Department, said the digital photo of the passport holder and the physical inspection of passports would prevent the use of faked passports.
Referring to Lukas Grunwald Moss said: "What this person has done is neither unexpected nor really all that remarkable. The chip is not in and of itself a silver bullet.... It's an additional means of verifying that the person who is carrying the passport is the person to whom that passport was issued by the relevant government." On the other hand, he stated there were, however, countries that considered eliminating the human inspection and using only the electronic automated inspection.
Another concern expressed at the Black Hat Conference was related to the fact that, although protected by a metal fiber embedded in the front cover, an e-passport could be spied on by a reader if it is even very slightly open.
Industry group defends e-passports (11.08.06)
http://www.theregister.co.uk/2006/08/11/e-passports_defended/
Hackers crack new biometric passports (07.08.06)
http://www.guardian.co.uk/frontpage/story/0,,1838753,00.html
e-passport cloning risks exposed (04.08.06)
http://www.theregister.co.uk/2006/08/04/e-passport_hack_attack/
Hackers Clone E-Passports (03.08.06)
http://www.wired.com/news/technology/0,71521-0.html
(Dieser Artikel ist auch in deutscher Sprache verfügbar)
The event "Travellers privacy and EU" was organised on 3 August 2006 by Prague based NGO Iuridicum Remedium and it brought together Czech and European stakeholders across the spectrum working on technological developments that affect the movement of people across borders.
Speakers came from Data protection agencies within Europe (Italy, Czech Republic, Spain), Czech law enforcement agencies, including the Ministry of the Interior, Czech airlines and the company (Logica CMG) that is producing the RFID-chipped Czech passport - which comes into force on 1 September 2006.
The day was divided into three sessions: the first on the background of travel documents and biometrics, the Schengen Information System, and the evolution of Schengen II and III systems.
The second part focussed in more detail on the mechanics of biometrics and how this is being incorporated into the Czech passport. Even for the most ardent campaigners on this issue it was the first time we had actually seen one and heard from the company that won the tender to produce them. Then a very interesting session on RFID followed focused on the underlying technology and its applications particularly in supermarkets. A case study was presented on the use of RFID by Metro - the biggest German supermarket chain - which was awarded the German Big Brother Award last year.
The final session was dedicated to the issue of exchange of passenger data records between European airlines and the US authorities.
All of the presentations were interesting and there was a great degree of openness in the discussions between different people. One of the most interesting point appreciated by participants was made by Gus Hosein on the disturbing trend we see in the European Union to take over "bad ideas" (such as data retention, biometric passports, exchange of passenger data) often initiated by the US (possibly after some initial opposition and debate) and make them even worse.
The event, organised in an informal and friendly space, having gathered a large number of interested people, was appreciated by everyone and was considered a success.
Those interested in obtaining copies of presentations from the seminar can contact organisers at iure (at) iure.org
Agenda " Travellers privacy and EU" (3.08.2006)
http://marek.greennet.org.uk/wiki/index.php/Main_Page#Travelers_privac...
What is Wrong With Europe? PI Report Criticises EU anti-terror policies
(14.12.2005)
http://www.privacyinternational.org/comparativeterrorpowers
(Contribution by Karen Banks - APC and Filip Pospisil - EDRi-Member Iuridicum Remedium - Czech Republic )
(Dieser Artikel ist auch in deutscher Sprache verfügbar)
The Scrambling for Safety 8 focused on the UK Home Office consultations over plans to give the police powers to require the production of decryption keys and of plaintext. The Home Office produced a draft code of practice on government access to "communications data" - phone numbers and e-mail addresses contacted, web sites visited, locations of mobile phones etc.
About 100 representatives of the Government, industry, academia and civil society discussed privacy and security issues related to these consultations.
The police representatives used the event to defend their draft. They considered the encryption was used more and more to hide evidences and argued that these new provisions might be used only in connection with other evidences against suspects. Detective Chief Inspector Matt Sarti stated that there were 200 computers in police forensic centres with encrypted data that could have crime evidences on them. Also he claimed that there were cases when alleged paedophiles could not be charged because there were encrypted files on their computer that could not be read. He said: "We have to balance the right to private life with the right to private life of victims and the right to life of victims."
On the other hand, other speakers such as Caspar Bowden claimed that the draft code of conduct did not have any guidance on a balance between the right to privacy or the rights of the victims and the law enforcement authorities' interests. He pointed out that new malware could be created in order to change the password or the encryption key on different machines, thus making innocent users publishable. Bowden also questioned the possibility to identify a genuine loss of a password and reminded that the threat of a jail sentence in these cases could be arbitrary. He also explained the possible use by the criminals of viruses (VAMP - Virus Ate My Password) against themselves as a reason for not revealing the encryption key.
Other participants also raised questions on the present code of conduct having good standards for the protection of fundamental rights or on the effectiveness of the decryption programs.
Lord Phillips of Sudbury from the House of Lords concluded : "You do not secure the liberty of our country and value of our democracy by undermining them. That's the road to hell."
Scrambling for Safety 8 - Agenda and presentations (14.08.2006)
http://www.fipr.org/sfs8/index.html
Will RIPA lead to an infestation of Vamp-ires? (15.08.2006)
http://management.silicon.com/government/0,39024677,39161432,00.htm
Police decryption powers 'flawed' (15.08.2006)
http://news.bbc.co.uk/1/hi/technology/4794383.stm
(Dieser Artikel ist auch in deutscher Sprache verfügbar)
2-4 September 2006, Jerusalem, Israel
NATO Advanced Research Workshop on Identity, Security and Democracy; Social,
Ethical and Policy implications of Automated Systems for Human
Identification organised by the Centre for Science, Society and Citizenship
and the Israeli Center for the Study of Bioterrorism.
http://www.biteproject.org
5 September 2006, Koln, Germany
4th German Anti-Spam Summit
Focus on international Anti-Phishing Projects
http://www.eco.de/servlet/PB/menu/1846137_l1/index.html
7-8 September 2006, Munich, Germany
1st Conference on Policy, Law and Economics of Intellectual Property -
European Policy for Intellectual Property
http://www.epip.eu/activities_conferences.php
14-16 September 2006, Berlin, Germany
Wizards of OS 4 Information Freedom Rules
http://wizards-of-os.org/
14-15 September 2006, Barcelona, Spain
A New Open Europe: Public access to documents and data protection
http://www.statewatch.org/news/2006/jul/open-europe.pdf
21-22 September 2006. Helsinki, Finland
Workshop: IPR Protection of Software: Copyright, Patent, and/or Open Source?
The aim of the workshop is to bring together the communities of software
economists, lawyers and decision makers to discuss the state of research
and practice on dealing with intellectual property rights and competion
law on software.
http://www.joensuu.fi/taloustieteet/ott/ajankoht/iprseminar.htm
5-6 October 2006, Erevan, Armenia
Pan-European Forum on "Human Rights in the Information Society: Empowering
children and young people" organized by Council of Europe in cooperation
with the Ministry of Foreign Affairs of Armenia and the Information
Technologies Foundation of Armenia
http://www.coe.int/t/e/human_rights/media/Links/Events/Forum2006YEREVA...
16 October 2006, Brussels, Belgium
The European Commission will organise in Brussels on Monday 16 October a
final conference on Radio Frequency Identification (RFID) to close the
series of consultation initiatives.
http://www.rfidconsultation.eu/
19-20 October 2006 Kirchberg, Luxembourg
Hack.lu 2006
Hack.lu is an open convention /conference where people can discuss about
computer security, privacy, information technology and its
cultural/technical implication on society. The aim of the convention is to :
make a bridge of the various actors in the computer security world.
http://www.hack.lu/index.php/Main_Page
23-24 October 2006, Brussels, Belgium
Conference on International Transfers of Personal Data, organized by the
European Commission jointly with
the Article 29 Data Protection Working Party and the United States
Department of Commerce's International Trade Administration.
Registration deadline : 29 September 2006
http://ec.europa.eu/justice_home/news/events/news_events_en.htm#data_p...
31 October 2006 - deadline for nominations
Stupid Security Awards - Privacy International
The awards aim to highlight the absurdities of the security industry. The
competition is open to anyone from any country.
http://www.privacyinternational.org/stupidsecurity
30 November - 1 December 2006, Berlin, Germany
The New Surveillance - A critical analysis of research and methods in
Surveillance Studies
A two day international Conference hosted at the Centre for Technology and
Society of the Technical University Berlin
http://www.ztg.tu-berlin.de/surveillance