============================================================
EDRI-gram
biweekly newsletter about digital civil rights in Europe
Number 3.22, 3 November 2005
============================================================
Contents
============================================================
1. European Parliament: no retention of internet data
2. Article 29 WP rejects data retention once more
3. Big Brother Awards presented in 4 countries
4. French minister: copyright above privacy
5. Citizens' Summit on the Information Society
6. Greek court will rule on CCTV
7. European Data Protection Supervisor newsletter
8. Petition update: over 55.500 signatures
9. Support EDRI!
10. Agenda
11. About
===========================================================
1. European Parliament: no retention of internet data
===========================================================
Behind closed doors, the European Parliament is engaged in a monumentous
battle with the Council of ministers of Justice over the plans for
mandatory data retention. After a first meeting of the leading
parliamentary committee on Civil Liberties, Justice and Home Affairs
(LIBE) on Monday 24 October, it looks like a majority of social-democrats,
greens and some liberals is ready to delete internet data from the
proposal all together, focus on a very limited set of telephony data and
store them for only 3 months, while deleting the abhorred 'comitology
procedure'.
During the debate with LIBE the European Commission provided some
technical explanations about their proposal for a directive. A 'connection
label' is a number only related to voice over IP connections. And the term
user ID only relates to internet access. That would clearly exclude the
logging of data about e-mail correspondence. The Commission also explains
to what extent service operators should retain data on other services. A
question from the EP was "If a Vodafone user calls a Base user, how should
Vodafone obtain knowledge on the identity of the Base user?" Answering
that question, the Commission says the providers only need to deal with
data 'generated or processed in the process of supplying their
communications services', so in this example, Vodafone would only have to
provide the number of the Base user.
But this explanation carefully avoids to address the biggest uncertainty
about the proposal; namely how an internet service provider could know
what IP-numbers his customers contact. These are data perhaps flowing
through the mass of data, but never stored for any business purpose. If
such an obligation to store information about all these contacts was
nevertheless included in the Directive, the only way of gaining any
knowledge on the destination of IP communications would be by creating a
full wiretap on all customers.
If the leaders of the political groups don't reach another kind of
agreement in their secret negotiations this month with the Council, it
looks like LIBE will support some of the most important changes proposed
by rapporteur Alexander Alvaro. Alvaro wants to exclude internet and
location data, and to introduce a sunset provision. In that case, the
directive would be valid for 5 years. After that, Commission and
Parliament would have to evaluate the usefulness and engage in a new
legislative procedure or let the directive disappear.
Alvaro wants to delete the purpose of 'prevention' from the scope of data
retention. The comitology procedure must be deleted and the flexible
'technical annex' must be replaced by a limited list of data within the
text of the directive itself. Replacing the vague category of 'serious
crimes' proposed by the Commission, Alvaro sums up a limited list of
serious crimes, including terrorism, sexual exploitation of children,
environmental crime, hijacking, rape and arson.
On 14 November LIBE will meet again in Luxembourg and likely discuss the
long list of amendments proposed by the Social Democrats (Mastenbroek,
Grüber, Lambrinidis, Roure) the Conservatives (Newton Dunn) and the
Christian Democrats (Charlotte Cederschiöld, who has been opposing data
retention for a long time).
Meanwhile, the EP committee on Industry, Research and Energy (ITRE) has
made its amendments publicly available, together with the rapport of
rapporteur Angelika Niebler (Christian Democrats).
Niebler, like Alvaro, proposes to delete the comitology procedure and
limit the storage period to 3 months. "The practice of criminal
investigations," she writes "demonstrates that usually the data required
by law enforcement are not older than 3 months. Therefore the legal
retention requirements should be modified to meet the real needs." Like
Alvaro, Niebler also proposes to limit the set of data in order to reduce
the costs for the telecom industry, but she is not ready to delete
internet data all together.
Amendments from ITRE members Trautmann (Social Democrat) and Rübig
(Christian Democrat) suggest 6 months retention for telephony data and 3
months for internet data, but all agree on deleting the comitology
procedure, failed caller attempts and creating clearer provisions on cost
reimbursement.
Like the LIBE committee, ITRE will also discuss the amendments on 14
November 2005. Meanwhile, the UK EU Presidency has confirmed once more in
a letter dated 28 October 2005 it is ready to adopt the framework decision
on data retention if the European Parliament doesn't adopt the Commission
proposal in a quick first and only reading. According to the Presidency a
majority of member states was open to a Directive, as long as it would be
exactly the same as the Framework decision. "There was wide agreement (in
the JHA Council) that any measure must reflect the elements referred to in
the Presidency paper, notably in respect of the provisions on retention
periods, scope and costs."
LIBE Draft report Alexander Nuno Alvaro (19.10.2005)
http://www2.europarl.eu.int/registre/commissions/libe/projet_rapport/2005/364679/LIBE_PR(2005)364679_EN.doc
ITRE report Angelika Niebler including all committee amendments (19.10.2005)
Amendments 1-14
http://www2.europarl.eu.int/registre/commissions/itre/projet_avis/2005/364724/ITRE_PA(2005)364724_XM.pdf
Amendments 15-48
http://www2.europarl.eu.int/registre/commissions/itre/amendments/2005/364725/ITRE_AM(2005)364725_XM.pdf
Heise: Parlamentskoordinator gegen Vorratspeicherung von
Internetverbindungsdaten (in German, 20.10.2005)
http://www.heise.de/newsticker/meldung/65150
Technical Questions on Data Retention - answers from the Commission
http://www.edri.org/docs/Technical_Questions_on_Data_Retention_answers.pdf
EU Presidency: Report on proceedings in the Council's other configurations
(28.10.2005)
http://register.consilium.eu.int/pdf/en/05/st13/st13743.en05.pdf
===========================================================
2. Article 29 WP rejects data retention once more
===========================================================
In a carefully worded report, the coalition of EU privacy commissioners
(the Article 29 Working Party) criticises both the Council and the
Commission policies on data retention. The Article 29 Working Party calls
for restraint and safeguards that have to date not appeared in any
national or EU policy. "The Working Party questions whether the
justification for an obligatory and general data retention coming from the
competent authorities in Member States is grounded on crystal-clear
evidence. The Working Party also doubts whether the proposed data
retention periods in the draft Directive are convincing." And when it
comes to safeguards, the Working Party states: "imposing the said data
retention obligations on communication service providers without having
first realised adequate, specific safeguards is not to be accepted within
the existing European legal framework."
This opinion follows many previous statements by the Working Party
rejecting the policy of retention. In November 2004, the Working Party
used very strong words on the lack of proven necessity. "Not everything
that might prove to be useful for law enforcement is desirable or can be
considered as a necessary measure in a democratic society, particularly if
this leads to the systematic recording of all electronic communications."
This time, under pressure from the UK privacy commissioner in particular,
the Working Party had to consider what a retention policy would look like
ideally.
Within this vacuum the Working Party outlines twenty specific safeguards
for any policy on retention. The purpose of retention should be limited to
combating terrorism and organised crime rather than to what it considers
the 'undetermined' serious crime language. There should be a maximum
retention period in all Member States for a maximum set of data, and the
law should evaporate after 3 years unless Parliament and Commission should
decide to re-confirm the need (a sunset clause). The Working Party also
calls for a publicly available list of designated law enforcement
authorities that may access the data in specific investigations into
terrorism. With regards to the fear of further registration demands (for
example for prepaid access), the Working Party says: "It is important to
clarify also in this Directive that there is no obligation for
identification in cases where the identification is not necessary for
billing purposes or other purposes to fulfil the contract."
Article 29 WP Opinion on data retention (21.10.2005)
http://www.edri.org/docs/Art29-WP113en-Data_Retention_Oct2005.pdf
Opinion EU privacy authorities on data retention (17.11.2004)
http://www.edri.org/edrigram/number2.22/dataretention
(Thanks to Gus Hosein, Privacy International)
===========================================================
3. Big Brother Awards presented in 4 countries
===========================================================
The sixth edition of Swiss Big Brother Awards ceremony was held in
Zurich's Rote Fabrik on 29 October 2005. The Swiss jury received 100
nominations in four categories: government, business, workplace and the
special life-time achievement award. The financial services branch of
Swiss Post, Postfinance, was awarded the business award for the illegal
transfer of bank transaction data to the United States. The transfer
became apparent after a Swiss man tried to transfer an amount in US
dollars to a Cuban travel agency based in Switzerland. Both bank accounts
were registered in Zurich. Although the man assumed the transfer was
purely domestic it turned out that Postfinance uses its US partner Western
Union for all transactions in US dollars. The man was notified that the US
Department of the Treasury had confiscated his money because of the US
embargo against Cuba. Postfinance advised him to send a protest to the US
authorities in order to get his money back. So much for the Swiss bank
secrecy.
The workplace award went to a public prosecutor in Zurich who, during a
secret nightly search, had examined the contents of the paper waste
baskets of all 100 employees at his office. The reason for the search
remains unknown but after the exposure of the search the paper shredder at
the office became much more popular. The government award went to the city
of Emmen for having appointed the first inspector in Switzerland in charge
of investigating social security fraud. The life-time award was given, as
a comfort, to the police commissioner of the city of Biel-Bienne. The poor
man has been trying for years to promote CCTV but saw his aspirations
blocked repeatedly by the city council. A positive Winkelried-Award for
people or institutions that fight against control and surveillance went to
the human right group Augenauf. The group registers pre-paid mobile phones
on the names of its members, in order to comply with the newly introduced
Swiss mandatory registration for pre-paid GSM. They give the phones to
asylum seekers who lack the proper documents to register themselves.
The Swiss jury consisted of journalists, politicians and representatives
of consumer organisations and trade unions.
The first Big Brother Awards ceremony in the Czech republic was organised
by the Czech NGO Iuridicum Remedium on 28 October in Prague. Awards were
given in 8 categories. The city of Prague and its mayor Pavel Bém in the
category won an award as Greatest State Institution Intruder for their
massive and uncritical support of the implementation of CCTV. Supermarket
chain Tesco was awarded in the category Greatest Corporate Invader for
their reluctance to inform customers and employees about the companies
practice in dealing with the personal data of customers and employees, the
extensive implementation of camera surveillance in the stores and the
possible experiments with the introduction of RFID chip technology. The
European Commission got an International Snooper award for its proposal on
data retention. The Czech Credit Bureau got a prize in the category
Lifetime Menace for building an extensive database of personal information
with client banking information. A positive prize for the protection of
privacy went to the cryptographic software PGP and its inventor Phil
Zimmermann. The jury of the Czech Big Brother Awards included the former
chief of the Czech Data Protection Office, a member of the Bureau of
European Parliament and representatives of consumer organisations, trade
unions and several privacy NGOs.
The sixth German Big Brother Awards were presented in 8 categories on 28
October in Bielefeld. The Communications award went to the State
Prosecutor of Schleswig-Holstein for tracking all 700 mobile phone users
who had been near a crime scene. In a press statement the police made it
clear that mobile phone users who did not report as a witness would arouse
suspicion. In the category Consumer Protection the prize was won by the
organisational committee of the 2006 football world cup for sharing
customer data with sponsors, and for the use of RFID spy-chips in the
tickets and thus the attempt to make this surveillance technology
acceptable. The regional award went to a primary school near Bünde and two
local banks for sharing the names of first time school pupils without the
parents' consent. The banks used the information to advertise starter
accounts. The Lifetime Achievement award was won by Otto Schily, the
former Federal Minister of the Interior for the introduction of the
biometric passport and his persistent efforts to expand surveillance
systems and erode data protection under the guise of public security and
the fight against terror. The German jury consisted of representatives of
privacy NGOs, the humanist union and the international human rights
league.
In Vienna the seventh edition of the Austrian Big Brother Awards saw
awards in six categories. The Business award went to the cleaning company
Assa. They take fingerprint and DNA samples of all cleaning personnel
because, according to the companies website, most of the personnel
originates from Eastern countries. The judges of the Austrian criminal
courts won a joint award for authorising an explosive rise in telephone
surveillance. The makers of the online computer game 'World of Warcraft'
won an award for installing spy software on the computers of gamers
without their consent. The metro in Vienna won the publics choice award
for installing a new CCTV system while crime statistics are falling
rapidly. A positive prize, the Defensor Libertatis award, went to the
European Parliament for resisting software patents and voting against the
transfer of air passengers data to the US. Lawyers, journalists and
privacy NGO took part in the Austrian jury.
The next Big Brother Award ceremonies will take place in Australia (8
November) and for the first time in South Korea (22 November). Since the
Big Brother Awards were launched in 1998 in the UK by Privacy
International in total 60 award ceremonies took place around the world.
Big Brother Awards Switzerland 2005
http://www.bigbrotherawards.ch/2005/
Big Brother Awards Czech Republic 2005
http://www.bigbrotherawards.cz/
Big Brother Awards Germany 2005
http://www.bigbrotherawards.de/en/2005/
Big Brother Awards Austria 2005
http://www.bigbrotherawards.at/
Big Brother Awards International
http://www.bigbrotherawards.org/
===========================================================
4. French minister: copyright above privacy
===========================================================
After the French data protection authority CNIL published a strong
rejection of the systematic collection of IP-addresses by the music and
film industry, the French minister of Culture, Renaud Donnedieu de Vabres,
said he would look at the current implementation of the Copyright
Directive to override these privacy-hurdles. The proposal for
implementation will be discussed in the Lower House for the first time on
6 December 2005.
On 18 October 2005 the CNIL organised a debate with representatives of the
entertainment industry to discuss their strategy to deal with unlawful
file-sharing. The collecting societies proposed to employ automatic
systems to detect copyright infringement on peer to peer networks, and
secondly, to force internet service providers to translate a given
IP-address into an e-mail address and forward a 'pedagogical' e-mail
message from the societies to their customer.
Though the French privacy law, as modified in August 2004, allows for
actions against copyright infringement, the CNIL rejects both proposals.
First of all, service providers should not collaborate with the industry.
The CNIL quotes a ruling from the Constitutional Court of 29 July 2004
that the use of traffic data in relation to copyright infringement should
be under judicial control.
The CNIL also sums up 4 strong reasons why the automatic collection of IP
addresses is not proportional, and thus not allowed in France:
-The goal is not strictly limited to the fight against infringement
-The approach may easily lead to the massive collection of personal data
-It allows for extensive and permanent surveillance of peer to peer networks
-Users may be prosecuted in civil or penal proceedings as a result of the
collection, but it is unclear which users risk prosecution, since the
copyright societies base their decision to start proceedings only on the
amount of works offered, an amount they can change anytime they feel like
it.
La Cnil gêne ? Changeons les règles ! (in French, 27.10.2005)
http://www.ratiatum.com/news2555_La_Cnil_gene_Changeons_les_regles.html
Conclusions CNIL on the policy of warning and tracing P2P-users (in
French, 24.10.2005)
http://www.cnil.fr/index.php?id=1881
===========================================================
5. Citizens' Summit on the Information Society
===========================================================
A broad coalition of human rights organisations has announced they will
organise a Citizens' Summit on the Information Society in Tunis, from 16
to 18 November 2005, to coincide with the World Summit on the Information
Society (WSIS).
Citizens groups, civil society organisations, national, regional and
international institutions, government delegations and all other
interested parties and individuals are invited to participate in the
Citizen's Summit on the Information Society.
The CSIS program will consist of a series of panels and conferences
addressing main WSIS issues from the public perspective. CSIS aims to
first of all send a strong message of support and solidarity from the
international civil society to the local civil society and citizens in
Tunisia. Secondly, CSIS wants to offer a specific civil society
perspective on the main issues debated at the WSIS. In the first phase, in
Geneva in 2003, thanks also to constant pressure from civil society, the
conference focussed on human rights and social justice as cornerstones of
the Information Society.
CSIS is organised by a large coalition of human rights organisations such
as the Association for Progressive Communications, the Canadian
Journalists for Free Expression, Human Rights Watch, the World Association
of Newspapers, the World Press Freedom Committee and the WSIS Civil
Society Human Rights Caucus. CSIS will be organised in coordination with
independent Tunisian civil society organisations. These local Tunisian
organisations are having difficulties in accessing the WSIS conference
itself. Most of the independent Tunisian organisations are even denied any
access to WSIS. Since they are not officially recognised by the Tunisian
government, they can not ask for accreditation.
Announcement and call for support CSIS (24.10.2005)
http://www.iris.sgdg.org/actions/smsi/hr-wsis/csis-pr-241005-en.pdf
Citizens' Summit on the Information Society
http://www.citizens-summit.org/
===========================================================
6. Greek court will rule on CCTV
===========================================================
The Greek public prosecution service has filed an appeal on 11 October
2005 at the highest administrative court of Greece against a decision by
the Hellenic Data Protection Authority (DPA) that a new large high-tech
CCTV system in Athens can only be used to monitor traffic.
The Greek DPA decided that the CCTV cameras could only be used to watch
congested roads. The ministry of public prosecution service argues that
the DPA's decision is "unconstitutional, against the European Convention
of Human Rights and illegal since national safety and public order rank
higher than the protection of privacy", according to the Greek newspaper
Kathimerini.
The Greek DPA has put many restrictions on the use of the system which
consists of camera's, microphones and video analysis software. "Using the
system and utilising the data collected through the system and recorded on
it for any other reason is forbidden, including discovering offences,
other than those related to regulating circulation." The usage of CCTV on
"low traffic roads, squares, parks, pedestrian zones and citizens'
assembly places (i.e. theatre entrances)" is not allowed.
Placing microphones in the public space is also forbidden by the DPA.
"Taking and recording sound is prohibited. Therefore, microphones must be
taken off the poles on which they are set." But it doesn't stop there. The
DPA also ruled that many camera positions need to be changed: "Cameras
must operate in such a way that taking and recording pictures of the
entrance or the interior of houses is not possible. Therefore, cameras
must be adjusted so that either they are stable or able to exclude certain
areas through proper restrictions of the optical angle, tilt or zoom."
In preparation of the Olympics, 293 CCTV cameras were installed in Athens
last year. Dozens of them have been set on fire by angry citizens.
Court to rule on CCTV cameras (12.10.2005)
http://www.ekathimerini.com/4dcgi/_w_articles_politics_100008_12/10/2005_61791
Decision 63/2004: CCTV cameras on the Attica road network (24.11.2004)
http://www.dpa.gr/Documents/Eng/CCTV%20cameras%20on%20the%20Atttica%20road%20network.doc
===========================================================
7. European Data Protection Supervisor newsletter
===========================================================
The European Data Protection Supervisor has started an e-mail newsletter
to inform a general public about his activities such as opinions, policy
papers and publications.
The October newsletter contains brief information and links to the EDPS's
involvement in PNR and the Visa Information System. The newsletter also
mentions a policy paper on the conflict between two fundamental rights:
access to information and data protection.
European Data Protection Supervisor newsletter
http://www.edps.eu.int/publications/newsletter_en.htm
===========================================================
8. Petition update: over 55.500 signatures
===========================================================
The EDRI and XS4ALL petition against data retention has attracted over
55.500 signatures, of which over 20.000 from the Netherlands (where the
campaign was launched), over 6.500 from Germany and almost 6.000 from
Finland. Runners-up in the daily country count are Bulgaria (over 3.000),
Sweden and Spain (over 2.000 each), Austria (over 1.750). France, the UK,
Italy, Belgium, the United States and Slovenia have each contributed over
a 1.000 signatures.
Currently, 81 organisations and companies have signed in support of the
petition. The petition is available in 21 languages, with Portugese as the
last addition.
The campaign continues to invite last-minute signatures and support. The
petition will be offered to the European Parliament before the end of
November.
Petition
http://www.dataretentionisnosolution.com
http://www.stopdataretention.com
Petition WIKI
http://wiki.dataretentionisnosolution.com
===========================================================
9. Support EDRI!
===========================================================
European Digital Rights needs your help in upholding digital rights in the
EU. Donations allow EDRI to hire part-time professional assistance in
Brussels, to continue EDRI-gram in 2006 and invest in targeted campaigns.
With the plans for mandatory data retention and the continuous erosion of
digital civil rights, your donation could make a huge difference.
If you wish to help us promote digital rights, please consider making a
private donation, or interest your organisation in sponsorship. We will
gladly send you a confirmation for any amount above 250 euro.
KBC Bank Auderghem-Centre, Chaussée de Wavre 1662, 1160 Bruxelles, Belgium
EDRI Bank account nr.: 733-0215021-02
IBAN: BE32 7330 2150 2102
BIC: KREDBEBB
===========================================================
10. Agenda
===========================================================
15-19 November 2005, Tunis, Tunesia
Word Summit on the Information Society (WSIS)
http://www.itu.int/wsis/
16-18 November 2005, Tunis, Tunesia
Citizens Summit on the Information Society (CSIS)
http://www.citizens-summit.org/
1-2 December 2005, London, UK, Patenting Lives
Conference in the Queen Mary Intellectual Property Research Institute. The
call for papers closes on 26 August 2005 and invites abstracts on topics
such as Access to Knowledge, Consumer Aspects, Public Interest, Public
Goods, Public Domain and Human Rights.
http://www.patentinglives.org/conference.htm
27-31 December 2005, Berlin, Germany, 22nd CCC congress
http://www.ccc.de/
===========================================================
11. About
===========================================================
EDRI-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRI has 21 members from 14 European countries. European Digital
Rights takes an active interest in developments in the EU accession
countries and wants to share knowledge and awareness through the
EDRI-grams. All contributions, suggestions for content, corrections or
agenda-tips are most welcome. Errors are corrected as soon as possible and
visibly on the EDRI website.
Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 2.0 License. See the full text at
http://creativecommons.org/licenses/by/2.0/
Newsletter editor: Sjoera Nas <[EMAIL PROTECTED]>
Information about EDRI and its members:
http://www.edri.org/
- EDRI-gram subscription information
subscribe by e-mail
To: [EMAIL PROTECTED]
Subject: subscribe
You will receive an automated e-mail asking to confirm your request.
unsubscribe by e-mail
To: [EMAIL PROTECTED]
Subject: unsubscribe
- EDRI-gram in Ukrainian and Italian
EDRI-gram is also available in Ukrainian and Italian, a few days
after the English edition. The contents are the same.
Translations are provided by Privacy Ukraine and autistici.org, Italy
The EDRI-gram in Ukrainian can be read on-line via
http://www.internetrights.org.ua/index.php?page=edri-gram
The EDRI-gram in Italian can be read on-line via
http://www.autistici.org/edrigram/
- Newsletter archive
Back issues are available at:
http://www.edri.org/edrigram
- Help
Please ask <[EMAIL PROTECTED]> if you have any problems with subscribing or
unsubscribing.
============================================================
Publication of this newsletter is made possible by a grant from
the Open Society Institute (OSI).
============================================================
_______________________________________________
asbl-libre mailing list
asbl-libre@ael.be
http://www.ael.be/mailman/listinfo/asbl-libre
ASBL Association Electronique Libre http://www.ael.be/
