| |||||||||||||
EDRI-gram newsletter - Number 3.24, 5 December 2005
============================================================
EDRI-gram
biweekly newsletter about digital civil rights in Europe
Number 3.24, 5 December 2005
============================================================
Contents
============================================================
Urgent call for pledges of support for EDRI-gram
1. Final push for single EP vote on data retention
2. EDRI and PI call on EP to reject data retention
3. Polish plans for 15 years mandatory data retention
4. Urgency procedure for draft French anti-terrorism law
5. New anti-terrorism measures in Denmark
6. Launch of Digital Rights Ireland
7. Illegal video surveillance on Slovenian motorways
8. Post-WSIS civil society letter to Kofi Annan
9. NL supreme court ruling on internet anonymity
10. Results e-society conference in Macedonia
11. Advocate General European Court rejects PNR deal
12. Cryptography almost banned in the Czech Republic
13. Agenda
14. About
===========================================================
- Urgent call for pledges of support for EDRI-gram -
===========================================================
European Digital Rights needs your help in continuing EDRI-gram. This is
the last issue of 2005 and without any further support this issue might be
the last one ever.
That is why EDRI has started a campaign for pledges of financial support.
In total, EDRI needs 7.500 euro to produce another 24 editions of
EDRI-gram in 2006. With membership fees and some earlier donations, EDRI
is able to contribute 4.000 euro itself, leaving us with a gap of 3.500
euro.
We call on our readers to help us find donations through their companies,
institutions or associations. The first response to our call for support
was very positive; the union for IT-professionals in Denmark pledged to
support 500 euro if EDRI-gram would be produced for another year. This
leaves us with a target of 3.000 euro for 2006.
Pledges will only be collected if we reach the target of 3.000 euro within
2 months.
EDRI call for pledges
http://www.edri.org/pledge
Direct donations:
KBC Bank Auderghem-Centre, Chaussee de Wavre 1662, 1160 Bruxelles, Belgium
EDRI Bank account nr.: 733-0215021-02
IBAN: BE32 7330 2150 2102
BIC: KREDBEBB
===========================================================
1. Final push for single EP vote on data retention
===========================================================
Behind closed doors, representatives of the Council of Ministers of
Justice (JHA Council), representatives from the Commission and the leaders
in the European Parliament of the social-democrat and christian-democrat
groups have agreed to introduce an unprecedented law (directive) on
mandatory data retention in the EU. The groups have agreed to introduce
mandatory retention for fixed and mobile telephony data and for internet
log-in-log-off, for e-mail records and for Voice over IP records. There is
only one last formal hurdle; the plenary vote in the European Parliament
on Monday evening 12 December 2005.
But in practice this vote hardly has any meaning, given the majority
adoption of the principles of extensive data retention. The agreed minimum
period is 6 month, the maximum period 24 months. But member states may
also decide on any longer term they find necessary, including the new 15
years proposal from the Polish government (see article 3 in this
EDRI-gram). This is foreseen by the new article 11: "A Member State facing
particular circumstances warranting an extension for a limited period of
the maximum retention period referred to in Article 7 may take the
necessary (...) measures. The Member State shall immediately notify the
Commission and inform the other Member States of the measures taken by
virtue of this Article and indicate the grounds for introducing them."
The goal 'prevention' is deleted from this Council/EP compromise version,
but that won't pose any problem for any member state that wishes to
introduce or already has such legislation, since Article 15.1 of the
e-privacy directive (2002/58/EC) is not replaced by this directive, but
will still allow for any national retention rules. Thus member states that
already have legislation for longer retention periods, such as Ireland and
Italy, are not affected by this directive either.
The article about cost reimbursement is completely deleted, leaving it to
the kindness of individual member states to reimburse providers or not.
Access will be limited to the investigation of 'serious crimes', without
any definition of 'serious' nor any limit to the access for security
services. "The present Directive is without prejudice to the power of
Member States to adopt legislative measures concerning the right of access
to and use of data by national authorities as designated by them."
The outcome of these secret trialogue meetings underlines a fundamental
deficit in the democratic construction of the EU. Councils should meet in
public, as the European Ombudsman also demands (See EDRI-gram 3.22) and
the European Parliament should not be forced into blind obedience by a
Council that is unable to reach a unanimous decision itself.
The sudden change of heart of the German social-democrats, after their new
coalition with the christian-democrats has most likely been the ultimate
trump-card for the Council. Given the strong voting position of Germany
(reflecting the amount of inhabitants) their consistent (and historically
understandable) rejection of systematic surveillance was a major obstacle.
In the new German government coalition, this resistance was reduced to the
industry argument of not including failed caller attempts. The Council
immediately jumped to this chance, and now only calls for the retention of
some of these calls if companies already store such data.
"This shall include (...) unsuccessful call attempts where that data is
generated or processed and stored (as regards telephony data) or logged
(as regards Internet data) by providers of publicly available electronic
communications services or of a public communications network within their
jurisdiction in the process of supplying the communication services
concerned. This Directive shall not require the retention of data in
relation to unconnected calls."
In an interview with the German national radio on 2 December, the new
minister of the Interior Wolfgang Schäuble explained his very positive
view on data retention. Industry should not ask for cost reimbursement he
said. Every citizen must keep financial records in order to file the
annual tax declaration and nobody was claiming the Ministry of Finance
should reimburse them for that civil duty. And because the main purpose
from his perspective was the prevention of crimes, there should be broad
access for security services, without any specific suspicion. The German
coalition of regional data protection authorities, chaired by the
independent authority of Schleswig-Holstein replied to the Council
decision with a press release in which they reiterated their fundamental
(constitutional) objections against the principle of retention. They call
it a box of Pandora and conclude: "We expect that the European Parliament,
the German parliament and the constitutional courts in Europe will make
sure that this box will remain closed."
A week before the meeting of the JHA Council, on 24 November 2005 the LIBE
committee of the European Parliament had agreed to a more limited set of
data and retention period of 6-12 months. While this outcome in the LIBE
committee was a serious set-back for digital rights groups, at least the
LIBE committee had the decency to introduce strict limits to the use of
the data (only with a judicial warrant!), truly independent oversight
mechanisms and demands for extensive, public statistics on the use.
The day before the vote in the LIBE committee, EDRI and XS4ALL presented
the +58.000 signatures to the petition against data retention to the
chairman of LIBE, Jean Marie Cavada and to rapporteur Alexander Alvaro.
The petition was also presented to 3 MEPs opposing data retention:
Kathalijne Buitenweg (group leader of the Greens); Edith Mastenbroek
(social democrat) and Charlotte Cederschild (christian democrat).
Pictures of the presentation can be found at the campaign WIKI.
While Alvaro proposed a maximum retention of 3 months for telephony data
only, LIBE enlarged the list with location data and internet log-in
log-off data, for a period of 6-12 months (to the discretion of member
states). Another serious set-back for civil society was the new definition
of 'serious crimes', based on the European Arrest Warrant. This list
includes 'piracy', and this will become a criminal offence under the
proposed new Commission decision on Intellectual Property Enforcement,
including cases of downloading 'on a commercial scale'. But even this list
is obviously too limiting for the Council, given its refusal to define
serious crimes.
Possibly the Council and some members of parliament have fallen for the
dramatic call from the audiovisual entertainment industry not to exclude
them from access to the new European data well. In a press release from 23
November, the Creative and Media Business Alliance (companies and media
associations) and IFPI urge the MEPs to include all criminal offences in
the scope of the directive. They specifically refer to the Intellectual
Property Enforcement Directive when they write: "For this legislation to
be meaningful, it is essential that service providers retain the relevant
data for a reasonable period and that the data can be disclosed for
appropriate purposes. The proposed Directive on data retention should
serve to facilitate this."
On Wednesday morning 7 December, EDRI will participate in a public hearing
about data retention in Brussels, represented by Sjoera Nas, your
EDRI-gram editor. The hearing is organised by the Greens in the European
Parliament. Other speakers include representatives from EuroISPA, ETNO and
the European Data Protection Supervisor (EDPS).
Outcome of the JHA Council / new compromise Directive proposal (02.12.2005)
http://www.edri.org/docs/2decembercouncil.pdf
Note from Presidency setting out four areas for decision of Council on its
position (01.12.05)
http://www.statewatch.org/news/2005/dec/eu-dat-ret-counci...
Interview with Wolfgang Schäuble, the new German minister of the Interior
(in German, 02.12.2005)
http://www.dradio.de/dkultur/sendungen/interview/444143/
Euractiv analysis of the LIBE voting results, with voting list (24.11.2005)
http://www.euractiv.com/Article?tcmuri=tcm:29-149617-16&...
Final LIBE report, as amended (28.11.2005)
http://www.edri.org/docs/364679XM.pdf
CMBA/IFPI statement pro data retention (23.11.2005)
https://wiki.dataretentionisnosolution.com/index.php/The_...
Pictures of the petition presentation in Brussels (23.11.2005)
http://wiki.dataretentionisnosolution.com/
Decision against data retention of the German DPAs (in German, 27-28.10.2005)
http://www.datenschutzzentrum.de/material/themen/presse/2...
===========================================================
2. EDRI and PI call on EP to reject data retention
===========================================================
European Digital Rights and Privacy International are urgently calling on
the individual members of the European Parliament to reject the misguided
compromise proposal on data retention. Party leaders of the
christian-democrats and social-democrats in the parliament have agreed
behind closed doors to allow for mandatory data retention of telephony and
internet data for a period of 6 to 24 months, with even longer terms at
the individual discretion of every member state, including the purpose of
'prevention of criminal offences'. This compromise completely overrules
the suggestions of the appropriate parliamentary LIBE committee and
ignores all the legal and technical objections against the inclusion of
location and internet data.
On Tuesday 6 December the open letter will be offered to all 731 members
of the European Parliament, endorsed by many digital rights groups,
providers, consumer unions and other concerned parties. The full list of
endorsements will be available on Tuesday afternoon 6 December.
The letter mentions 5 reasons to reject the proposal:
1. This Directive invades the privacy of all Europeans. The Directive
calls for the indiscriminate collection and retention of data on a wide
range of Europeans' activities. Never has a policy been introduced that
mandates the mass storage of information for the mere eventuality that it
may be of interest to the State at some point in the future.
2. The proposed Directive is illegal. It contravenes the European
Convention on Human Rights by proposing the indiscriminate and
disproportionate recording of sensitive personal information. Political,
legal, medical, religious and press communications would be logged,
exposing such information to use and abuse.
3. The Directive threatens consumer confidence. More than 58,000 Europeans
have already signed a petition opposing the Directive. A German poll
revealed that 78% of citizens were opposed to a retention policy. The
Directive will have a chilling effect on communications activity as
consumers may avoid participating in entirely legal transactions for fear
that this will be logged for years.
4. The Directive burdens EU industry and harms global competitiveness.
Retention of all this data creates additional costs of hundreds of
millions of Euros every year. These burdens are placed on EU industry
alone. The U.S., Canada and the Council of Europe have already rejected
retention.
5. The Directive requires more invasive laws. Once adopted, this Directive
will prove not to be the ultimate solution against serious crimes. There
will be calls for additional draconian measures including:
- the prior identification of all those who communicate, thus requiring ID
cards at cybercafes, public telephone booths, wireless hotspots, and
identification of all pre-paid clients;
- the banning of all international communications services such as webmail
(e.g. Hotmail and Gmail) and blocking the use of non-EU internet service
providers and advanced corporate services.
According to the letter, the vote is a key moment, that might set in
motion a chain of events that will lead to a surveillance society. The
compromise-proposal lacks limits to the access and limits to the use.
"Though the Council claims retention will combat terrorism, for years it
has rejected limiting the legislation to such investigations. Even if
access to this data were limited by the Parliament to a list of serious
crimes nothing prevents the expansion of this list: already the Copyright
Industry has called for access to this data to combat file-sharing
online."
The European Parliament will have its first and final vote on Monday
evening 12 December in Strasbourg. Given the low attendance in general in
Strasbourg, and the fact Monday evening many attending MEPs won't have
arrived, the vote seems reduced to a showpiece.
EDRI and PI letter to the European Parliament (06.12.2005)
http://www.privacyinternational.org/retentionlaunderingca...
Translation in French (by EDRI-member IRIS)
http://www.iris.sgdg.org/actions/retention/lettre-pe-fr-1...
Translation in Polish (by EDRI-observer ISOC Poland)
http://prawo.vagla.pl/node/5812
===========================================================
3. Polish plans for 15 years mandatory data retention
===========================================================
In Poland, the parliamentary leader of the new social-right governing
party 'Law and Justice', Przemyslaw Gosiewski, has called for a new law to
introduce mandatory telephony data retention for 15 years. His call
followed an article the day before, on 22 November 2005, in the leading
newspaper Gazeta Wyborcza with a cry from local investigators that they
are unable to effectively prosecute corruption without telephony billing
data from the last 4 years.
Poland only just formed a new minority-government after the elections, but
the new conservative government does not seem to have a clear plan on this
issue. They seem to have just responded spontaneously, but with a large
parliamentary majority as the unfortunate result.
Gosiewski can count on support from two smaller populist parties: Andrzej
Lepper's 'Selfdefense' and the extreme nationalists from the 'Union of
Polish Families'. Both parties are most eager to prove that most (rich)
entrepreneurs are thieves.
To make matters even worse, the conservative-liberal opposition from
Platforma Obywatelska (Citizens Platform) also did not object to this
proposal, and neglected to present itself as a defender of civil rights.
The platform considers itself to be the 'almost governing' party, with a
tendency to support all moves towards a so called 'stronger state'.
EDRI-observer ISOC Poland is trying to fight the proposal and has already
contacted several ministers. They aim to also engage the Polish
Commissioner for Civil Rights Protection and the Inspector General for the
Protection of Personal Data.
File on data retention proposals (in Polish)
http://prawo.vagla.pl/retencja_danych
Polish - English translation service
http://www.translate.pl/
(Contribution by Piotr Vagla Waglowski and Wladyslaw Majewski,
EDRI-observer ISOC Poland)
===========================================================
4. Urgency procedure for draft French anti-terrorism law
===========================================================
The French government has decided to apply the urgency procedure to a new
anti-terrorism draft law, with only one reading by each Chamber. The draft
law was already passed by the National Assembly (French Lower House) on 29
November 2005 and will be examined by the French Senate in late December
or early January 2006. The proposal creates increasing powers for the
police and the intelligence services, thus undermining the protection of
formal judicial procedures.
The law will extend the use of video-surveillance, authorising private
parties to install CCTV cameras in public places "likely to be exposed to
terrorist acts", and in places open to the public when they are
"particularly exposed to risks of aggression or theft". Obviously, this
covers almost any public or privately-owned place, including shops. In
case of emergency, CCTV cameras may be installed prior to any
authorisation.
The draft law also extends telecom data retention possibilities, by
putting cybercafe owners and WiFi providers (whether wireless Internet
access is free or with payment) in the same category as telecom operators.
This means, in practice, that cybercafe owners, as well as bars,
restaurants and hotels will have to ask their customers for their IDs for
Internet use in their establishments. Any logged data may also be seized
directly by the police, without any judicial order, as is obliged
currently.
Another major aspect of this draft law is a serious violation of freedom
of movement. Anywhere on French territory, the police is authorised to
take photographs of car plates and of people travelling by car on French
roads, for the purpose of "fighting car theft". Furthermore, an
administrative authority may allow for law enforcement to take pictures of
people attending big public events (like football matches or street
demonstrations), for the purpose of "public order preservation".
Finally, the draft law allows the French ministry of Interior to collect
and process PNR (Passenger Name Record) data of any traveller to or from
non-EU countries, for the purpose of fighting illegal immigration. Not
only are the French willing to apply to non-EU countries what the US have
done to the EU, but they are also extending the idea beyond air travel,
since travelling by sea or rail is also concerned.
The French Data Protection Authority (CNIL) has expressed serious
reservations on this draft law. However, the French ministry of Interior
has made it clear that it has no intention to listen, stating in a
communique that "each party must take its responsibility". In a joint
press conference with the French Human Rights League and other French NGOs
as well as magistrates and lawyers trade-unions, EDRI member IRIS also
assessed the dangers of the draft law, explaining how it violates the
finality and proportionality principles.
In a press release published today, IRIS also makes the link between this
French draft law and the Directive proposal on data retention, to be
examined by the EP on 12 December.
IRIS press release (in French, 05.12.05)
http://www.iris.sgdg.org/info-debat/comm-lettre-pe1205.html
CNIL opinion (in French, 10.10.05)
http://www.cnil.fr/index.php?id=1883&delib%5Buid%5D=7...
Ministry of Interior press release (in French, 18.10.05)
http://www.interieur.gouv.fr/rubriques/a/a5_communiques/2...
IRIS et al. joint press release (in French, 23.11.05)
http://www.iris.sgdg.org/info-debat/comm-loi-terror1105.html
French National Assembly Dossier on draft law (in French, 29.11.05)
http://www.assemblee-nationale.fr/12/dossiers/terrorisme_...
(Contribution by Meryem Marzouki, EDRI-member IRIS, France)
===========================================================
5. New anti-terrorism measures in Denmark
===========================================================
Like France, Denmark is also working on a new round of anti-terrorism
measures, to be presented to Parliament in the spring of 2006. The
proposals are quite far reaching and encompass a range of intrusions into
citizens' digital privacy.
Among the most notorious proposals are:
- a recommendation to let the authorities monitor the entire spectrum of
telecommunications taking place within a delimited geographical area such
as an apartment complex;
- to allow intelligence services to request any information stored in any
government database about any citizen without it being part of an ongoing
investigation;
- the introduction of mandatory screening of airline passenger lists by
intelligence services;
- to oblige all operators of services for electronic communications to
implement technical measures to enable the authorities to wiretap any
given communication at short notice.
- a delegation to local authorities of the power to put in place CCTV
surveillance of public spaces and open areas - a practice which previously
had been disallowed.
The initiatives are part of a 49 item 'wish list' compiled by civil
servants at the request of the government in the wake of the 7/7 bombings
in London.
The initial reaction among legal experts, telecom operators and citizens'
rights groups has been one of strongly outspoken opposition in relation to
many of the proposals, which seems to have put the government on the
defensive.
An action plan to further debate and implement the proposals was recently
put forward in Parliament and won backing, although a majority had
reservations. The political parties are now be invited to consult with
government on the initial legislative drafts. In connection with this, the
Parliamentary judicial committee has announced an expert conference on the
initiatives in January 2006 and the government is expected to put forward
its proposed legislation by spring of 2006. Digital Rights in Denmark are
working pro-actively to influence public opinion in these matters.
Freedom and security under the shadow of terror (11.11.2005)
http://www.cphpost.dk/get/92115.html
PM backs off on terror package (17.11.2005)
http://www.cphpost.dk/get/92259.html
Government Action Plan on anti-terrorism (in Danish only)
http://www.stm.dk/publikationer/terrorpakke/index.htm
(Contribution by Kristoffer Nilaus Olsen, EDRI-member Digital Rights Denmark)
===========================================================
6. Launch of Digital Rights Ireland
===========================================================
Digital Rights Ireland will formally launch at a press conference in the
Conference Room in Pearse Street Library, at 11-am on Tuesday 6 December.
The group has been formed to defend civil, human and legal rights in a
digital age. Digital Rights Ireland will be discussing its mission, and
current developments in relation to Data Retention, IRMA legal action and
other matters.
Digital Rights Ireland is chaired by UCD Law Lecturer TJ McIntyre and is
comprised of academics, journalists and technologists. The group believes
that citizens' digital rights are being eroded - the rights we expect in
the real world are being stripped from us in the online world. Protection
of these rights will involve public promotion of digital rights, and
lobbying for their protection where required.
Digital Rights Ireland is a contact point for policy makers who wish to
gauge the impact of their regulation in this complicated, and sometimes
technical, area. In addition, the group aims to provide an informed
position on issues in the digital rights field, free from any commercial
or political bias. Current areas of concern for the group include data
retention, rights to privacy/data protection, helping people to fight
spam, and intellectual property issues. Digital Rights Ireland also aims
to inform citizens of their rights, and how to exercise them. To that end,
collaborators already have produced pamphlets and research material on
areas such as SMS spam and the Data Protection & Freedom of Information
Acts. Further pamphlets, on matters such as libel liability for online
speech, will follow shortly.
The foundation of Digital Rights Ireland is directly related to two
political developments.
First, under current Irish law, citizens' electronic communications data
must be retained for 3 years. This includes the physical location of every
mobile phone in the country, and the numbers dialled from every mobile and
land line. It may be accessed, without a court order or specific
ministerial order, by the Gardai. This access need not be in response to
any crime. If the Gardai are satisfied that it might be useful in the
prevention of a crime (not limited to serious crime), it is permissible.
The Irish Government is currently one of a group of four countries seeking
to have this requirement extended across the EU, and broadened to include
your online activities. If passed, this will require Internet Services
Providers to log every email you send and every web page you visit.
Digital Rights Ireland will act to keep Irish people informed about these
issues, to defend their right to privacy from unwarranted infringement and
to ensure that all legislation proposed and passed is in line with
European and Irish Human Rights Law.
Secondly, the Irish Recorded Music Association is currently seeking to sue
individuals they say they have identified as having uploaded music onto
file-sharing networks. DRI are in favour of civil, legal and human rights
being protected in a digital world. That must extend to the legal rights
of copyright holders, as much as individuals. However, protection of
copyright cannot come at the expense of the civil right to privacy.
The Irish Recorded Music Association has also publicly stated that it
believes that it's illegal to transfer music from your (legally bought)
CDs to your (legally bought) iPod or MP3 player. DRI believes that the law
in this area needs to be clarified - and if things like this are illegal,
that the law needs to be changed.
All about Digital Rights Ireland
http://www.digitalrights.ie
(Contribution by Teresa Hackett, EDRI-observer eiFL, Ireland)
===========================================================
7. Illegal video surveillance on Slovenian motorways
===========================================================
In Slovenia the number of installed surveillance video cameras on the
roads is increasing rapidly. Apart from the CCTV systems on sections of so
called "smart motorways" - which enable real-time
monitoring of important traffic parameters and the informing of drivers
via traffic portals - a large number of surveillance video cameras is
installed on the whole Slovenian motorway network.
Article 74 of Slovenian Personal Data Protection Act requires that "a
public or private sector person that conducts video surveillance must
publish a notice to that effect. Such notice must be visible and plainly
made public in a manner that enables individuals to acquaint themselves
with its implementation at the latest when the video surveillance begins."
DARS (Motorway company in the Republic of Slovenia) has published such
notices on toll collection booths. However, there are many sections (so
called "open sections" and "half-open sections") of motorways on which
drivers do not have to cross toll collection station in order to use the
motorway. The use of such sections is free of charge. These sections are
also equipped with video surveillance systems, but the drivers have no
opportunity to get informed that they are entering the zone of video
surveillance.
The Slovenian Personal Data Protection Inspector, Mr. Joze Bogataj
confirmed that DARS is breaching article 74 of Personal Data Protection
Act in case of motorway sections where drivers are not informed by toll
booths or otherwise. There is one escape for video surveillance on these
roads: it can be justified only if the video cameras are not able to
capture image in sufficient quality, so that veivehiclechle number plates
are not readable.
According to a statement by a police representative on 7 November on Radio
Slovenia 1, DARS' video surveillance cameras on certain motorway sections
are also used by the police for the prosecution of traffic offences.
Therefore, the video cameras are most likely able to capture images in a
way that vehicle number plates can be read from the recorded image.
Inspector Bogataj made the point that there is no special law that would
permit DARS to perform video surveillance without having to comply with
article 74 of Personal Data Protection Act.
On the 23 August 2005, there were 859 video surveillance cameras installed
on the Slovenian motorway network, including those for monitoring toll
collection stations (information provided by DARS).
Detailed article about road CCTV (in Slovenian only)
http://www.slo-tech.com/clanki/05016/
(Contribution by Aljaz Marn, EDRI-observer Privacyblog.net, Slovenia)
===========================================================
8. Post-WSIS civil society letter to Kofi Annan
===========================================================
After the World Summit on the Information Society (WSIS) held in Tunis
between 16 and 19 November 2005, a large number of attending civil society
organisations decided to write another letter to Kofi Annan,
secretary-general of the United Nations. During the WSIS the Tunisian
government committed serious attacks on human rights and the right to
freedom of expression. These attacks included harassment of delegates,
assaults on Tunisian and international journalists and human rights
defenders, denial of entry to the country, the blocking of websites, the
censorship of documents and speeches, and the prevention and disruption of
meetings. See also the report on the disturbance of a panel on freedom of
expression, in EDRI-gram 3.23.
In the letter they ask him to investigate the attacks on human rights
experienced by the participants during the Summit. "We believe it is
essential that lessons are learnt from what has taken place here this week
and we therefore call upon you, the Secretary General of the United
Nations, to launch a full investigation into the attacks on human rights
and freedom of expression that we have witnessed in Tunisia both in the
run-up to and during the World Summit on the Information Society. We ask
you to closely monitor the follow-up period in Tunisia."
On 1 October 2005 civil society organisations already sent a joint letter
expressing very serious concerns about the suitability of Tunisia as a
host country. Annan kindly replied on 27 October 2005, indicating he
shared those concerns.
Civil society letter to Kofi Annan (28.11.2005)
http://www.citizens-summit.org/Letter-SecGen-241105.shtml
EDRI-gram 3.23, WSIS special
http://www.edri.org/edrigram/number3.23
===========================================================
9. NL supreme court ruling on internet anonymity
===========================================================
The Supreme Court of the Netherlands ruled on 25 November 2005 in a
landmark case against the freedom of internet users to express their
opinion anonymously. The Supreme Court upheld a previous court verdict in
which internetportal Lycos was forced to hand over the personal data of
one of its subscribers to the Dutch stamp trader Pessers.
Mr Pessers trades in postage stamps on the auction portal eBay and was
accused of fraud by a Lycos subscriber, who published Mr Pesser's name on
his website. Subsequently Pessers demanded the personal data from the
subscriber in order to sue for damages. But Lycos refused and was taken to
court. After the initial verdict, Lycos did hand over the data, but only
to find out the address data were false. Pessers started another
procedure, to force Lycos to find other ways to retrieve the correct
information, but that demand was declined.
Although the Court acknowledges that the content on the website was not
'apparently unlawful', the Court ruled that Lycos was required to hand
over the data. In the view of the Court Pessers had made it 'sufficiently
plausible' that the website 'could be' unlawful.
The outcome of the Supreme Court verdict is that ISPs in the Netherlands
will have to evaluate two questions regarding websites when receiving
complaints. The ISPs will have to take websites off-line after a notice
and takedown request when that website is 'apparently unlawful'. This is a
direct result of the e-commerce directive (2000/31/EC). The Court has now
added a second question. If the website 'could be' unlawful then the ISP
will have to hand over the personal data of the website owner. The music
industry in the Netherlands has taken a great interest in the case
Lycos/Pessers. The Dutch anti-piracy organisation Brein even paid for
Pessers legal costs hoping that the ruling would enable them to get the
personal data of peer-to-peer users through their access providers.
As a result of this ruling, ISPs in the Netherlands will have to evaluate
a complex series of questions. Although Lycos decided to fight the legal
battle to the very end, it is expected that most ISPs will not follow this
example. It could become quite simple in the Netherlands to gain someone's
personal data through an ISP if all it takes is to convince the ISP that
the website involved 'could be' unlawful.
There is some light at the end of the tunnel as the Court stresses in its
verdict that the conclusion only applies to the specific conflict between
Lycos and Pessers and does not constitute a general rule.
Supreme Court: Lycos / Pessers (in Dutch only, 25.11.2005)
http://zoeken.rechtspraak.nl/zoeken/dtluitspraak.asp?sear...
===========================================================
10. Results e-society conference in Macedonia
===========================================================
The international conference "e-Society.Mk" took place in Macedonia in
October and November 2005, with the goal of raising awareness and sharing
knowledge of decision makers about important information society issues
with the general public. It was organised by Foundation Metamorphosis and
supported by OSCE Mission in Skopje and the OSCE Representative on Freedom
of the Media, in line with the recently adopted National strategy for the
development of the information society.
Over thirty international and local experts interacted with an audience of
around 400 participants in all events, discussing the topics of freedom of
the media on the internet, e-business and cybercrime, copyrights and
privacy, e-government and e-education. The audience consisted mainly of
representatives of central and local government, IT experts, NGOs,
journalists and university students (law, economics and IT).
Some of these sessions introduced topics that were entirely new to the
Macedonian public discourse, such as alternative forms of protection of
intellectual property (Creative Commons) and the protection of privacy. In
Macedonia, there is no law on data protection yet. It is due in two years.
Some sessions also served as advocacy channel to promote concrete
solutions, including the announced Freedom of Information Act, expected to
be adopted in the beginning of 2006.
Media coverage of the conference focused on the problem of increasing
Internet penetration and bridging the digital divide in Macedonia, whose
market is not completely liberalised, with large market players acting as
de facto monopolies.
Mr. Miklos Haraszti, OSCE Representative on Freedom of the Media, stressed
the need for "constant legislative care about pluralism of providers,
pluralism of content providers, and pluralism in terms of media."
Mr. Xhemail Mehazi, the Minister of transport and communications of the
Republic of Macedonia, emphasised the need for public-private partnerships
and co-operation with all actors in society. Further policy and
legislative obligations for Macedonia include enacting a Law on
Information Society and a Broadband Strategy, scheduled for the beginning
of 2006.
The conference started with an all-day plenary session in Skopje (on 20
October 2005) and was followed by public debates in four cities:
e-business/cybercrime in Ohrid, freedom of the media on the internet in
Skopje, e-government in Bitola and e-education in Tetovo.
e-Society.Mk Conference website
http://www.e-society.org.mk
Foundation Metamorphosis
http://www.metamorphosis.org.mk
OSCE Spillover Mission to Skopje
http://www.osce.org/skopje
(Contribution by Filip Stojanovski, EDRI-member Metamorphosis, Macedonia)
===========================================================
11. Advocate General European Court rejects PNR deal
===========================================================
On 22 November 2005 the Advocate General of the European Court of Justice
has advised to annul the EU-US agreement on the transfer of passenger
data. The AG does not answer the privacy-questions raised by the European
Parliament, but finds the agreement unacceptable under the subsidiarity
rule of the European Union. Only the member states should decide on these
matters, not the European Commission.
US Customs have had access to the passenger lists of Europeans flying to
the US since May 2004. European commissioner Frattini promised to send the
European Parliament an evaluation in May 2005, but nothing has surfaced
yet.
The full court ruling will follow early in 2006. The court might still
come up with a ruling that addresses the privacy-issue.
The court press release (available in different languages)
http://curia.eu.int/fr/actu/communiques/index.htm
Full-text of the opinion (in French, 22.11.2005)
http://www.statewatch.org/news/2005/nov/eu-us-pnr-ecj-ag-...
Advocate general backs Parliament challenge on passenger records (22.11.2005)
http://www.euractiv.com/Article?tcmuri=tcm:29-149486-16&...
===========================================================
12. Cryptography almost banned in the Czech Republic
===========================================================
The Czech Lower House recently approved of a law introducing a new Penal
Code, including a ratification of the Cybercrime convention.
The original version, prepared by the Ministry of Justice, contained a
provision that would criminalise hacking and cracking IT systems, but due
to misguided and very unclear wording it also criminalised legitimate
activities such a cryptography, IT security testing etcetera.
The vagueness of the new law would have posed a serious threat of
arbitrary criminalisation of legitimate activities and legal uncertainty
in general.
Together with a coalition of crypto-analysts, EDRI-observer IuRe was
successful in suggesting amendments of the proposal, basing it more
literally on the text of the Convention.
The Senate still has to approve of the law, but nobody expects any
challenges to the revised and improved provision.
Text of the proposed law from the Minsitry of Justice (in Czech)
http://www.psp.cz/sqw/text/tiskt.sqw?O=4&CT=744&C...
Amendments proposed by MP¥s in the second reading (in Czech)
http://www.psp.cz/sqw/text/tiskt.sqw?o=4&ct=744&c...
(Contribution by Helena Svatoöov·, EDRI-member Iuridicum remedium, Czech
Republic)
===========================================================
13. Agenda
===========================================================
14 December 2005, Brussels, Belgium, presentation of the 'Worst EU
lobbying Award'
Corporate Europe Observatory, LobbyControl, Spinwatch and Friends of the
Earth Europe will present a new award for the most offensive case of
corporate lobbying in EU capital Brussels. In the press release the
Observatory writes: "Backed by almost a billion euros per year, over
10,000 corporate lobbyists roam the corridors of power in Brussels. Ever
more inventive and often problematic ways of gaining influence are gaining
ground. Pretending to be concerned environmentalists, buying science,
funding anarcho-capitalist think-tanks, and securing first class treatment
and access by EU bodies, powerful lobby groups manage to get their
interests satisfied."
So far, the 'Campaign for Creativity' is heading the list, nominated as a
fake NGO brilliantly disguising corporate demands as grassroots concerns
when in fact set up to lobby MEPs to vote for
US-style software patents.
http://www.corporateeurope.org/worstlobby/
27-31 December 2005, Berlin, Germany, 22nd CCC congress
http://www.ccc.de/
28 January 2006, Amsterdam, the Netherlands
Presentation of the Big Brother Awards 2005
http://www.bigbrotherawards.nl
===========================================================
14. About
===========================================================
EDRI-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRI has 21 members from 14 European countries and 5 observers
from 5 more countries (Italy, Ireland, Poland, Portugal and Slovenia).
European Digital Rights takes an active interest in developments in the EU
accession countries and wants to share knowledge and awareness through the
EDRI-grams. All contributions, suggestions for content, corrections or
agenda-tips are most welcome. Errors are corrected as soon as possible and
visibly on the EDRI website.
Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 2.0 License. See the full text at
http://creativecommons.org/licenses/by/2.0/
Newsletter editor: Sjoera Nas <edrigram@edri.org>
Information about EDRI and its members:
http://www.edri.org/
- EDRI-gram subscription information
subscribe by e-mail
To: edri-news-request@edri.org
Subject: subscribe
You will receive an automated e-mail asking to confirm your request.
unsubscribe by e-mail
To: edri-news-request@edri.org
Subject: unsubscribe
- EDRI-gram in Ukrainian
EDRI-gram is also available in Ukrainian, with delay. Translations are
provided by Privacy Ukraine
http://www.internetrights.org.ua/index.php?page=edri-gram
- Newsletter archive
Back issues are available at:
http://www.edri.org/edrigram
- Help
Please ask <edrigram@edri.org> if you have any problems with subscribing or
unsubscribing.
============================================================
Publication of this newsletter is made possible by a grant from
the Open Society Institute (OSI).
============================================================
(Log in to post comments)
|
|||||||||||||