Weekly Edition
Return to the Announcements pageSponsored link
Vyatta –
Linux & Open Source
Alternative to Cisco –
Advanced Routing,
Firewall, VPN, QoS..
Free Download ->
| |||||||||||||
|
| |||||||||||||
EDRI-gram newsletter
==================================================================
EDRI-gram
bi-weekly newsletter about digital civil rights in Europe
Number 20, 22 October 2003
==================================================================
CONTENTS
==================================================================
1. Expert meeting on spam in Brussels
2. 199 amendments on IP enforcement directive
3. Still no EU Data Protection Supervisor
4. First decision against spam in Poland
5. 'Mandatory data retention is unlawful'
6. EU health chip
7. Dutch Big Brother Award for Minister of Justice
8. White paper on notice and take-down
9. Report of WSIS prepcom 3
10. Recommended reading
11. Agenda
12. About
==================================================================
1. EXPERT MEETING ON SPAM IN BRUSSELS
==================================================================
With only a few days to go before the 31 October deadline for the
transposition of the new Directive for Privacy and Electronic
Communications, on 13 October the Commission organised a public workshop
about spam. More than 200 public and private stake-holders attended,
ranging from government representatives to consumer & civil rights groups
and from data protection authorities to spokespersons for both internet
and mobile telephony companies. Later this year, the Commission will
produce a (non-binding) communication based on the results of the
workshop.
In his opening speech Erkki Liikanen, the Commissioner for Enterprise and
the Information Society summed up 3 main tasks for member states after the
entry into force of the directive; enforcement, consumer self-help and
awareness and international co-operation.
Up to date, only Austria, Belgium, Denmark, Italy and Austria have enacted
the opt-in regime, the other member states have yet to follow. When asked
about the progress in negotiating a spam-ban with the United States,
Liikanen referred to private anti-spam initiatives by US internet service
providers. The United States currently don't even have an opt-out regime,
and Liikanen remarked that it was very difficult to convince US
politicians of the need to take measures, since they consider mail a very
important communication channel with their constituency and are afraid of
restricting it.
Discussing the need for complaints mechanisms, EDRI pleaded for Commission
support for national or even Europe-wide spam-boxes as the easiest way for
European citizens to get redress for complaints about spam. The
representative from the European Coalition against Unsolicited Commercial
Email (Eurocauce) supported the need for cross-border monitoring and
enforcement. The Commission said they would gladly intensify collaboration
with the Data Protection Authorities after the 31st of October. When asked
by the Commission about their experiences with a national spam mailbox,
representatives from the French and Belgian DPA answered that both pilot
projects had stopped. Both concluded that a national initiative would
never suffice, and called on the Commission to help with cross-border
enforcement. Though the Commission saw no possibility for further (civil
law) harmonisation of fines, the future framework decision on attacks
against information systems will create a penal law solution against
(fraudulent) spam.
In February 2004 the OECD will host a conference on spam. The Commission
hopes this will encourage more countries to switch to an opt-in regime.
Given the particularly slow implementation rate of the previous privacy
directives, it comes as no surprise that the spam-ban will not be
evaluated before 2006.
Commission: results of questionnaire (01.10.2003)
http://europa.eu.int/information_society/topics/ecomm/doc/highlights/current_spotlights/spam/310_01_issue_paper_workshopspam_web.doc
==================================================================
2. 199 AMENDMENTS ON IP ENFORCEMENT DIRECTIVE
==================================================================
Last Monday, the European Parliament's Judicial Affairs Committee (JURI)
should have discussed its Report on the Enforcement of Intellectual
Property Rights. But the agenda was so overcrowded that the Rapporteur,
French MEP Janelly Fourtou, could only make some introductory remarks
before the session was over.
Overwhelmed by the large number of 199 amendments the Parliament's
translation service failed to present translations into all of the EU's
eleven official languages, leaving Parliamentarians with nothing more than
English, Greek and Danish versions of the 159 page document, which were
presented only hours before the discussion was going to take place.
Mrs. Fourtou, who would like to see the report become applicable law
before the Enlargement of the Union and EU-wide Parliamentary elections
next summer, had to announce that the initial schedule was going to be
postponed.
Mrs. Fourtou has been under attack from a large number of her Parliament
colleagues, even from within her own Conservative Group. She is criticised
for introducing a set of amendments criminalising even small-scale file
sharers - and for her defence of an article in the draft directive that
constitutes a violation of the EU's rules of procedure.
Article 20 of the draft directive deals with criminal law provisions for
infringements of intellectual property rights. Some of the sanctions
foreseen pre-empt a possible decision by a Court of Justice on whether
such an infringement has taken place at all, and therefore constitutes
so-called substantive law. In the EU's complicated lawmaking process,
which foresees different procedures for different fields of competence,
creating substantive criminal law is still an intergovernmental competence
and can not take place under the co-decision procedure.
4 of the amendments aim at deleting Article 20, but Mrs. Fourtou and
Commission officials alike are not willing to even discuss this. The
initial discussion of the Report will now, as it seems, take place either
on Tuesday, November 4th - the date initially foreseen for the vote in the
Committee - or on November 6. The vote in the Committee would then take
place either on November 26 or the following day, which would mean the
vote in Plenary would have to take place in the week following December
15.
EU Commission: Proposal for a Directive on measures and procedures to
ensure the enforcement of intellectual property rights [COM (2003) 46]
http://europa.eu.int/eur-lex/en/com/pdf/2003/com2003_0046en01.pdf
Janelly Fourtou's Draft Report on this Directive
http://www.europarl.eu.int/meetdocs/committees/juri/20031020/498789en.pdf
199 Amendments to the Fourtou Report
http://www.europarl.eu.int/meetdocs/committees/juri/20031020/509224en.pdf
Law Professors criticise IPR Enforcement Directive
http://www.cl.cam.ac.uk/ftp/users/rja14/cornish.pdf
(Contribution by Andreas Dietl, consultant on EU privacy issues)
==================================================================
3. STILL NO EU DATA PROTECTION SUPERVISOR
==================================================================
European discussions can't agree on the appointment of a European
privacy-czar. The European parliament insists on choosing Joaquín Bayo
Delgado, who has no experience in data protection issues, as the new EU
Data Protection Supervisor. The Council favours the Dutch Data Protection
Commissioner Peter Hustinx.
Jorge Salvador Hernández Mollar, the President of the European
Parliament's Committee on Citizens' Freedoms and Rights, Justice and Home
Affairs (LIBE), recently made a move to break the blockade between the
Parliament and the Council on the issue. In a letter sent on 10 October to
Umberto Vattani, the Permanent Representative of Italy with the European
Union, Mr. Hernández expresses the hope that "each institution should
accept the first choice of the others", which seems to be diplomatic
language meaning that the Council should accept the choice of the
Parliament.
LIBE's indicative vote on 20 May 20 showed a slight but clear majority of
votes for Joaquín Bayo Delgado, the only candidate from the nine-person
list with no experience in Data Protection whatsoever. The Greek Council
Presidency made it known to the Parliament that it would not accept this
candidate. The Council instead favoured Peter Hustinx, the Dutch Data
Protection Commissioner, who has indeed been very active on the
international scene.
In an informal meeting following the vote both institutions agreed to
disagree, sticking to their different candidates. The rules for the
nomination of the Data Protection Commissioner and his Assistant did not
foresee any procedure for such a situation. Blame it on the rules - since
then, the silence between the Council and Parliament was only interrupted
by occasional letters confirming to the respective other side that the
authors were still not willing to leave their positions. Mr. Hernández, it
seems, was hoping for the Greek Presidency to be replaced by Italy, whose
government is politically closer to his own Spanish Popular Party. The two
parties are also in the same Group within the European Parliament, the
Conservative PPE. The fact that Italy has still not reacted, however, may
be an indication that the split doesn't follow party lines, but that the
question is understood as a national issue. The other outspoken backer of
Mr. Bayo Delgado, besides Mr. Hernández, is Ana Terrón i Cusí. She is a
member of the Social Democrat PSE Group, but she is Spanish, as are
Hernández Mollar and Bayo Delgado.
The procedure of choosing an EU Data Protection Supervisor started one
year ago.
EU Commission: EU Data Protection Supervisor
http://europa.eu.int/comm/internal_market/privacy/application_en.htm
Outsider recommended as new EU Data Protection Supervisor (EDRI-gram 9)
http://www.edri.org/cgi-bin/index?funktion=view&id=000100000098
EU data protection supervisor: contest not over yet (EDRI-gram 10)
http://www.edri.org/cgi-bin/index?funktion=view&id=000100000099
(Contribution by Andreas Dietl, consultant on EU privacy issues)
==================================================================
4. FIRST DECISION AGAINST SPAM IN POLAND
==================================================================
The Polish agency for Competition and Consumer Protection recently for the
first time condoned a spammer. According to the agency, the Firm
Edukacyjna Impuls Plus from the city of Grudziadz had violated the
Provision of Electronic Services Bill by sending unsolicited commercial
mail. The businessman was ordered to stop such actions and to publish a
special announcement in the Gazeta Wyborcza (one of the most popular daily
newspapers in Poland).
It is the first decision against a spammer in Poland and it is based on
administrative law.
Nobody has yet tried to challenge the phenomenon on the ground of private
law.
The Polish law on the provision of electronic services was enacted on 18
July 2002, partially transposing both the directive on electronic commerce
(2000/31/EC) and the directive on privacy and electronic communications
(2002/58/EC).
The Polish regulation imposes a ban on sending unsolicited commercial
messages to private persons by means of electronic communication,
especially electronic mail. Legally, spamming is considered to be unfair
competition in the interpretation of the law on Fighting Unfair
Competition.
But the issue is quite complex. "The attempts to answer some questions
connected with the use of information and communication technologies in a
normative context, face many difficulties when it comes to defining
certain terms" - the lawmakers said. One of the problems the Poles face is
the fact that the law only protects against spam with a clear commercial
character.
Legal analysis of the anti-spam decision (in Polish)
http://www.vagla.pl/skrypts/spam_delikt_nieuczciwej_konkurencji.htm
Polish - English translation service
http://www.translate.pl
(Contribution by Piotr VaGla Waglowski, Internet Society Poland)
==================================================================
5. 'MANDATORY DATA RETENTION IS UNLAWFUL'
==================================================================
A legal opinion commissioned by EDRI-member Privacy International and
provided by the law firm Covington & Burling concludes that mandatory data
retention plans in the EU are unlawful.
The opinion, which relates to an EU framework directive on the retention
of communications data, has profound ramifications for ten EU states that
have implemented, or are planning to implement, measures to place
communications users under blanket surveillance.
The opinion states: "The data retention regime envisaged by the (EU)
Framework Decision, and now appearing in various forms at the Member State
level, is unlawful. Article 8 of the European Convention on Human Rights
(ECHR) guarantees every individual the right to respect for his or her
private life, subject only to narrow exceptions where government action is
imperative. The Framework Decision and national laws similar to it would
interfere with this right, by requiring the accumulation of large amounts
of information bearing on individuals' private activities. This
interference with the privacy rights of every user of European-based
communications services cannot be justified under the limited exceptions
envisaged by Article 8 because it is neither consistent with the rule of
law nor necessary in a democratic society."
The opinion continues: "The indiscriminate collection of traffic data
offends a core principle of the rule of law: that citizens should have
notice of the circumstances in which the State may conduct surveillance,
so that they can regulate their behaviour to avoid unwanted intrusions.
Moreover, the data retention requirement would be so extensive as to be
out of all proportion to the law enforcement objectives served. Under the
case law of the European Court of Human Rights, such a disproportionate
interference in the private lives of individuals cannot be said to be
necessary in a democratic society."
A series of regulations (Statutory Instruments) recently laid before the
UK Parliament intends to create a legal basis for comprehensive
surveillance of communications. The regulations will allow an extensive
list of public authorities access to records of individuals' telephone and
Internet usage. This 'communications data' -- phone numbers and e-mail
addresses contacted, web sites visited, locations of mobile phones, etc. -
will be available to government without any judicial oversight. Not only
does government want access to this information, but it also intends to
oblige companies to keep personal data just in case it may be useful.
Privacy International
http://www.privacyinternational.org/
==================================================================
6. EU HEALTH CHIP
=================================================================
The European Union has taken steps towards the creation of an EU-wide
health identity card. By 2008 there will be a new card with a microchip
that can store a range of biometric and personal data. Approved by Union
ministers in Luxembourg the plastic disk will slide into the credit-card
pouch of a wallet or purse.
The European Health Insurance Card is intended to replace forms currently
used by travellers who fall ill in other EU countries. Eventually it will
replace a plethora of other complex forms needed for longer stays.
During the first phase - starting at 1 June 2004 - each country will be
able to choose whether to include photographs, fingerprints and biometric
data, such as eye measurements, on the 'national' side of the card. The
ultimate objective is to have an electronic chip on the card as the
technology improves.
European health insurance card
http://europa.eu.int/comm/employment_social/news/2003/feb/hicard_en.html
==================================================================
7. DUTCH BIG BROTHER AWARD FOR MINISTER OF JUSTICE
==================================================================
The Dutch Big Brother Awards were presented in front of a 300 person
audience in Amsterdam on the 11th of October. With the Awards the person,
company, governmental institution and initiative are rewarded for damaging
the privacy of citizens in 2003 the most. The 4 winners of 2003 are:
minister of Justice Piet Hein Donner; several major lawyer firms; the
Immigration and Naturalisation Service and the legal proposal to introduce
compulsory identification.
According to the jury minister Donner seems to have a personal mission in
the destruction of the right to privacy. The minister was awarded for a
long list of proposals and determined efforts to shift the balance between
privacy and safety. The minister is in particular responsible for the law
proposal for compulsory identification for all persons starting at 14
years.
The second Big Brother Award is awarded to several Dutch lawyer firms for
using the services of investigation office Mariendijk. Under false
pretence the office managed to extract very privacy-sensitive information
from banks and social security offices.
The Immigration and Naturalisation Service (IND) deserves the Award with
the storage of all e-mails of all employees for an undetermined period of
time.
Finally the jury crowned the legal proposal for compulsory identification
with an Orwellian Award. This proposal requires all persons to permanently
wear ID from the age of 14. People unable to immediately show a valid
passport, drivers license or identity card risk a fine of 2250 euro.
Since Privacy International presented the first Big Brother Awards in
1998, an international tradition has begun. By now, more than 40
ceremonies have taken place in 15 different countries. In the next two
weeks several Award ceremonies are scheduled in Germany, Spain, Austria,
Switzerland and Hungary (see agenda below).
Dutch Big Brother Awards
http://www.bigbrotherawards.nl/index_uk.html
Big Brother Awards International
http://www.bigbrotherawards.org/
==================================================================
8. WHITE PAPER ON NOTICE AND TAKE-DOWN
==================================================================
The RightsWatch Project, a research project funded under the European
Commission's Information Society Technology programme, produced a white
paper on notice and take-down of websites.
During a 2 year project RightsWatch tried to develop consensus between
providers, right holders and internet users about self-regulatory notice
and takedown (NTD) procedures. The attempts miserably failed, since
self-regulation requires at least some willingness to achieve consensus.
While right holders insisted on immediate take-down after any
(unsubstantiated) complaint, internet users objected against private
censorship by internet providers and internet providers dreaded their
position in the middle. European commission and parliament refused to
solve this problem in the directive on electronic commerce (2000/31/EC),
leaving it up to market forces to guarantee freedom of speech online, in
stead of referring these complex issues to independent courts.
White Paper (October 2003)
http://www.rightswatch.com
==================================================================
9. REPORT ON WSIS PREPCOM 3
==================================================================
>From 15 to 26 September 2003 governments and civil society assembled in
Geneva for the third preparatory conference for the World Summit on the
Information Society. The two weeks ended with many key issues still
unresolved, and with a last-minute proposal to reconvene for an extra
session from 10 to 14 November.
EDRI members IRIS (FR) and Digital Rights (DK) participated as
co-ordinators of the Human Rights caucus, currently made up of 32
organisations. EDRI-member EFFI also participated, as part of the Finish
delegation. The HR caucus presented oral statements to the plenary
government meetings, to the EU-group, and to the two governmental working
groups on communication rights and privacy/security, respectively.
Furthermore, drafting proposals were made both for the Declaration of
Principles and Plan of Action.
Some of the key messages of the HR Caucus were:
The WSIS documents need to build on the human rights framework and
standards and general HR principles on equal rights and non-discrimination
must be ensured on all levels of IT policy and action plans. Secondly, the
right to privacy should be acknowledged in a new Article 34a and thirdly,
the concept of "information security" should not be used, as it may be
used to legitimise censorship. Instead the term 'network security' is
proposed.
The HR caucus also issued a petition against the nomination of General
Habib Ammar as President of the preparatory committee of the second phase
of the Summit to be held in Tunisia in 2005. Furthermore, the HR Caucus
wrote a protest letter on the exclusion of Reporters sans Frontiers and
Human Rights China from the WSIS process (see EDRI-gram 18).
Statements, input and Tunisia petition HR caucus
http://www.iris.sgdg.org/actions/smsi/hr-wsis/
(Contribution by Rikke Frank Joergensen, Digital Rights)
==================================================================
10. RECOMMENDED READING
==================================================================
A number of well-known information security specialists have written an
opinion on the security risk resulting from Microsoft's monopoly.
"Most of the world's computers run Microsoft's operating systems, thus
most of the world's computers are vulnerable to the same viruses and worms
at the same time. The only way to stop this is to avoid monoculture in
computer operating systems, and for reasons just as reasonable and obvious
as avoiding monoculture in farming."
The authors recommend government intervention "to confront the security
effects of monopoly and acknowledge that competition policy is entangled
with security policy from this point forward". They also have a few
short-term recommendations for Microsoft such as publication of certain
specifications.
One of the authors, Daniel Geer, Chief Technical Officer for @Stake, was
fired because of the report. @stake said that Geer had been sacked because
he had not gained its approval for release of the report, which presented
opposing views to those of the company.
CyberInsecurity: The Cost of Monopoly.
http://www.ccianet.org/papers/cyberinsecurity.pdf
==================================================================
11. AGENDA
==================================================================
Upcoming Big Brother Awards 2003:
24 October, Bielefeld, Germany
24 October, Iruna (Pamplona), Spain
26 October, Vienna, Austria
1 November, Berne, Switzerland
6 November, Budapest, Hungary
http://www.bigbrotherawards.org
24-26 November, Paris, France - EGOVOS
The EGOVOS conference is a high-level international event covering the
topic of free/open source software, interoperability and open standards in
the government sphere.
http://www.egovos.org/nov-2003/agenda.html
8-9 January 2004, Sheffield, UK - CCTV and Social Control
Conference organised by the Centre for Criminological Research, University
of Sheffield on the politics and practice of video surveillance, from a
European and global perspective.
http://www.sheffield.ac.uk/ccr/publicity/conference/index.html
30-31 January 2004, Stockholm, Sweden - WHOLES
A Multiple View of Individual Privacy in a Networked World
An international workshop to explore interdisciplinary approaches to
privacy. Contribution deadline for papers: 31 October 2003.
http://www.sics.se/privacy/wholes2004/
==================================================================
12. ABOUT
==================================================================
EDRI-gram is a bi-weekly newsletter from European organisations in Europe.
Currently EDRI has 14 members from 11 European countries. EDRI takes an
active interest in developments in the EU accession countries and wants to
share knowledge and awareness through the EDRI-grams. All contributions,
suggestions for content or agenda-tips are most welcome.
Newsletter editor: Sjoera Nas <edrigram-AT-edri.org>
Information about EDRI and its members:
http://www.edri.org/
- EDRI-gram subscription information
subscribe/unsubscribe web interface
http://www.edri.org/cgi-bin/mailman/listinfo/edri-news/
subscribe by e-mail
To: edri-news-request-AT-edri.org
Subject: subscribe
You will receive an automated email asking to confirm your request.
- EDRI-gram in Russian
EDRI-gram is also available in Russian, a few days after the English
edition. The contents are the same. Translations are provided by Sergei
Smirnov, Human Rights Network, Russia.
The EDRI-gram in Russian can be read on-line via
http://www.hro.org/editions/edri/
- EDRI-gram in Italian
EDRI-gram is also available in Italian, a few days after the English
edition. The contents are the same. Translations are provided by
autistici.org
The EDRI-gram in Italian can be read on-line via
http://www.autistici.org/edrigram/
- Newsletter archive
Back issues are available at:
http://www.edri.org/cgi-bin/index?funktion=edrigram
- Help
Please ask <info-AT-edri.org> if you have any problems with subscribing or
unsubscribing.
==================================================================
Publication of this newsletter is made possible by a grant from
the Open Society Institute (OSI).
==================================================================
(Log in to post comments)
|
|||||||||||||