EDRI-gram newsletter - Number 16, 27 August 2003

Thu Aug 28 15:24:39 CEST 2003

==================================================================

                            EDRI-gram

    bi-weekly newsletter about digital civil rights in Europe

                    Number 16, 27 August 2003

==================================================================
CONTENTS
==================================================================

1.  Successful appeal against backdoor in German anonymiser
2.  Demonstration against software patents
3.  Spy-chip in all European cars?
4.  Londoners to pay extra for anonymous travelling
5.  Anonymiser reveals identity Dutch pudding-poisoner
6.  Danish experiment with online voting
7.  Air France spies on staff
8.  Recommended reading
9.  Agenda
10. About

==================================================================
1.SUCCESSFUL APPEAL AGAINST BACK-DOOR IN GERMAN ANONYMISER
==================================================================

Yesterday, an appeal-court in Germany suspended an earlier order to build
a backdoor into Germany's most famous anonymising service. The backdoor
was removed immediately. According to the original court-order, the
IP-addresses of all visitors to a certain website had to be logged and
handed-over to the federal criminal police office. This vital information
was not disclosed by the developers, but discovered by an attentive user
of the service who close-read the open source.

The AN.ON-service enables its users to surf anonymously via a
Java-webproxy, disguising traces through a network of 'Mix'-computers. The
software was developed by experts from the universities of Dresden and
Berlin, in collaboration with the independent regional data protection
authority of Schleswig-Holstein.
According to the data protectioners, they were constitutionally forbidden
to communicate this privacy-breach to their customers. Only after great
public upheaval they felt free to give their opinion on the case, stating
the court-order was illegal to begin with, since telecommunication service
providers should only hand-over data they are regularly obliged to retain.
Obviously, the anonymiser did not regularly store data that are traceable
to individual users. The developers launched a formal legal protest
against the order, but since that did not have a suspending function, they
felt forced to create the backdoor.

Erster Teilerfolg fuer AN.ON (27.08.2003)
http://www.datenschutzzentrum.de/material/themen/presse/anonip2.htm

AN.ON still guarantees anonymity (19.08.2003)
http://www.datenschutzzentrum.de/material/themen/presse/anonip_e.htm

Information about AN.ON in English
http://anon.inf.tu-dresden.de/index_en.html

==================================================================
2.DEMONSTRATION AGAINST SOFTWARE PATENTS
==================================================================

Today, both online and off-line demonstrations were organised in a final
attempt to change a proposed EU-directive on software patents. The
European Parliament will vote on the proposal in the plenary session on 1
September. The demonstrations were organised by FFII. In an open letter to
the members of parliament, FFII points out that the proposal 'would make
calculation rules and business methods such as Amazon One Click Shopping
patentable, as in the USA.' Moreover, FFII fears that the 30.000 patents
on software that have already been granted by the European Patent Office
'against the letter and spirit of the current law', would become
enforceable in Europe, making it impossible for national courts to
continue to revoke these patents.

Resistance against the proposal was also strongly voiced by a group of 10
leading European economists. According to them, the exploitation of
extensive portfolios of software patents 'will have serious detrimental
effects on European innovation, growth, and competitiveness.'

FFII open letter to members of parliament (27.08.2003)
http://swpat.ffii.org/letters/meps038/index.en.html

Open letter economists (25.08.2003)
http://www.researchineurope.org/policy/patentdirltr.pdf

==================================================================
3.SPY-CHIP IN ALL EUROPEAN CARS?
==================================================================

A few days ago, the Sunday Times revealed plans from British government
officials to fit all cars in Britain with personalised spy-chips. The
micro-chip will automatically report a wide range of offences including
speeding, road tax evasion and illegal parking. Roadside sensors will be
able to monitor all private cars wherever they travel.

But plans for Electronic Vehicle Identification (EVI) are not limited to
the UK. The European Directorate General Energy and Transport aims to
develop a standardised electronic, unique identifier for motor vehicles,
interoperable all over Europe. In December 2002 the Commission gave a
grant to the umbrella organisation ERTICO (made up of different
stake-holders in the field of implementation of transport telematics
systems and services) to do a feasibility study. Results are expected in
the summer of 2004.

In February of this year an EVI workgroup was formed, consisting of the
Ministries of Transport of Belgium, France, the Netherlands, Norway and
the UK, as well as ACPO (UK), KLPD (Netherlands), RDW (Netherlands),
Q-Free (Norway), EFKON (Austria), TNO (Netherlands) and ERTICO.

Both the Directorate General and the EVI workgroup seem confident that
they will overcome public resistance against the plans. According to the
website of the DG Energy and Transport, 'there are not only the political
and strategic decisions to be taken, [but also] (...) societal issues to
be tackled such as privacy and security.' The EVI workgroup describes
'socio-political aspects like general acceptance' as a relevant
non-technical issue.

Goodbye speed cameras, hello a spy in every car (subscription - 24.08.2003)
http://www.timesonline.co.uk/article/0,,2087-790512,00.html

Commission workingplan Electronic Vehicle Identification
http://europa.eu.int/comm/transport/road/roadsafety/its/evi/index_en.htm

EVI workgroup
http://www.ertico.com/activiti/projects/evi/home.htm

==================================================================
4.LONDONERS TO PAY EXTRA FOR ANONYMOUS TRAVELLING
==================================================================

A new price-scheme for public transport in London puts a high price on
privacy. Bus and tube tickets in central London will rise up to 25% in
price from January 2004. But passengers using the Oyster smartcard will be
able to travel at 2003 prices. This plastic card, fitted with a
contact-less microchip (RFID), was introduced earlier this summer for
annual and monthly ticket holders and requires registration of name,
address and photocard number. According to the official website, one of
the scheme's advantages is that it will 'provide information that will
help London to manage its transport system better. For instance, we will
be able to identify where people, and how many, are transferring from bus
to bus or from bus to Tube.'

For almost the same plans to register all travel-movements, the Helsinki
public transport company YTC was presented with a Big Brother Award in
June. In Finland anonymous cards were only available at a much higher
price. Only after a long struggle with the the Finnish data protection
agency YTV finally changed their mind and concluded that the system could
also work without any identification of the passengers.

Tube fares to rise (19.08.2003)
http://news.bbc.co.uk/1/hi/england/london/3163103.stm

Oystercard (introduced 30.06.2003)
http://www.oystercard.com

YTV English web page
http://www.ytv.fi/matkakortti/english/index.html

==================================================================
5.ANONYMISER REVEALS IDENTITY DUTCH PUDDING-POISONER
==================================================================

The identity of a Dutch pudding-poisoner was revealed through an
anonymiser. The Dutchman tried to blackmail Campina, a large dairy
producer, by poisoning a tin of pudding. He made Campina open a bank
account, get a 'world card' with it and deposit 200.000 Euro. Then they
had to send him the details of the magnetic stripe, together with the PIN
code. With the information he created a copy of the card. To prevent being
traced, he made Campina use steganography. He sent them a floppy with a
stego program and instructed them to encode the information into a picture
of a red Volkswagen Golf.

Finally, Campina had to place the picture in a fake add on a website where
large amounts of people sell/buy second hand cars. Trying to be really
clever, the blackmailer did not approach the website with the car adds
directly, but trough an anonymiser called surfola.com. On its website this
Florida-based anonymiser claims: 'We will not give out your name,
residence address, or e-mail address to any third parties without your
permission, for any reason, at any time, ever.' But in spite of this
privacy-statement, Surfola immediately handed-over the details when asked
to do so by the FBI.

The poisoner was caught red-handed at an ATM trying to collect some of the
money. He immediately confessed and will be tried in the middle of
October.

Campina blackmail suspect arrested (22.08.2003)
http://www.expatica.com/index.asp?pad=2,18,&item_id=33655

Overview of available steganographic software
http://www.jjtc.com/stegoarchive/stego/software.html

==================================================================
6.DANISH EXPERIMENT WITH E-VOTING
==================================================================

15,000 Danish voters in the council of Ishoj, near Copenhagen, are invited
to experiment with internet voting during the next elections for the
European Parliament, in June 2004. According to the spokesperson from the
European Parliament, Soren Sondergaard, the Danes aim at a high voter
participation, especially among the young. 'At the same time it is cheaper
and more efficient when the votes are to be counted,' he added. To
overcome security concerns, the Ishoj voters will also have to pass by a
'real' ballot box to cast their votes.

In may, in a large-scale experiment during local elections in the United
Kingdom 1.5 million people in 18 local council areas were able to take
part in voting trials by text message, Internet, electronic kiosk and
digital TV. Other governments in Europe with plans for e-voting include
Estonia and Ireland (for their next general elections), the Netherlands
(the European parliament, limited to voters outside of the Netherlands)
and the canton of Geneva in Switzerland and the city-boards of Bremen and
Cologne (for local elections).

Worldwide, civil rights advocates and security experts express grave
concerns about the security, anonimity and accountability of internet
elections. Governments should use open source systems for e-voting, not
the closed systems currently in vogue. Guaranteeing the anonymity of
voting in a living-room is a tough problem to solve. And finally, e-voting
lacks the accountability of a paper audit trail that can be verified by
voters.

Danes to experiment with e-vote in EP election (21.08.2003)
http://www.euobserver.com/index.phtml?sid=9&aid=12406

UK e-voting pilots deeply flawed (31.07.2003)
http://www.theregister.co.uk/content/55/32091.html

==================================================================
7.AIR FRANCE SPIES ON STAFF
==================================================================

According to an article in Transfert.net, Air France has been spying for
years on some of its staff with the help of a camera hidden behind a
clock. A union-member became suspicious when he took a close look at the
thick electrical wires going to a clock in a private relaxation room on
Roissy airport. Flipping the clock, he discovered a hidden camera. Asked
for an explanation by the union CGT, Air France said the camera was only
monitoring a door leading directly to a border, and would only be
activated in case the door was opened. The camera was installed back in
1999, following orders from the airport security working-group.

The union wasn't satisfied with the answers, and wanted to know why the
employees had not been properly informed about this camera. According to
their statement, all other camera's on Roissy are marked with signs
referring to the responsible authorities. Investigating the exact position
of the camera, CGT concluded the view of the door was actually blocked by
a clothing cabinet. Moreover, looking at the surveillance of a similar
waiting-room, with a clearly visible camera outside, they couldn't
understand why in this case Air France wanted to film the backs of
possible intruders, instead of their faces.

Une camera cachee dans une salle de repos cree de la confusion a Air
France (21.08.2003)
http://www.transfert.net/a9164

==================================================================
8.RECOMMENDED READING
==================================================================

The UK Anti-Terrorism, Crime and Security Act 2001 was introduced in
response to the attacks of 11 September. The act facilitates the use of
electronic surveillance in order to prevent, detect or prosecute the
perpetrators of terrorism, augmenting existing surveillance powers under
the Regulation of Investigatory Powers Act 2000. This article plots the
relationship between the two statutes and also their relationship to data
protection laws. For example, the study explains that '[o]ne way or the
other, many more terabytes of data will have to be stored' by
communications service providers about their users 'as a result of the
threat or operation of Part XI' of the Anti-Terrorism, Crime and Security
Act even though there are serious doubts as to 'whether Part XI will
achieve its ultimate objective of providing evidence against nefarious
activities.'

Anti-Terrorism Laws and Data Retention: War is over? by Clive Walker and
Yaman Akdeniz, published in the Northern Ireland Legal Quarterly, 54(2),
pp 159-182.
http://www.cyber-rights.org/documents/data_retention_article.pdf

==================================================================
9. AGENDA
==================================================================
2 September 2003, Copenhagen, Denmark - Freedom of Expression in the
Information Society
The conference will address issues concerning freedom of expression
regulation, press freedom and media pluralism, the new Council of Europe
Declaration on Freedom of Communication on the Internet, intellectual
property rights and access to information. The conference will combine
plenary discussions with workshop sessions. The seminars will take place
in the Danish Parliament in Copenhagen and are open to all
stake-holders.For further information and registration please contact Jane
Johnsen, the
Danish United Nations Association, <jane at una.dk>.
http://www.una.dk/wsis/conf.htm

5 September 2003, Deadline Call for Papers about Copyright and Open and
Proprietary Software
On 4-5 December 2003, the Centre for Tele-Information of the Technical
University of Denmark organises its 8th annual international conference -
this year on copyright and software patents. A selection of the best
papers for the conference will be published in the international journal
Telematics and Informatics in spring 2004.
http://conference.cti.dtu.dk/submission.php

11-14 September 2003, Amsterdam, Netherlands - Next 5 Minutes,
International Festival of Tactical Media
http://www.n5m.org/

14 September 2003, application deadline workshop on NGO media strategy
'The News about Networks', 10-14 November 2003, Amsterdam, Netherlands
Submissions via http://www.issuenetwork.org/node.php?id=6

15-26 September 2003, Geneva, Switzerland - WSIS Preparatory Conference
http://www.itu.int/wsis/preparatory/prepcom/pc3/index.html

5-7 October 2003, Ischia (Naples), Italy - Industrial Property - Quo Vadis?
Conference about the future role of IP in creating wealth and employment
and stimulating innovation and competition

Speakers and program:
http://www.ischiaconference-ipr.org/ing/invitedspeakers.htm
http://www.ischiaconference-ipr.org/ing/program.htm

Upcoming Big Brother Awards 2003:
11 October, Amsterdam, Netherlands
24 October, Kiel, Germany
26 October, Vienna, Austria
1 November, Bern, Switzerland
7 November, Budapest, Hungary
http://www.bigbrotherawards.org

==================================================================
10. ABOUT
==================================================================

EDRI-gram is a bi-weekly newsletter from European organisations in Europe.
Currently EDRI has 14 members from 11 European countries. EDRI takes an
active interest in developments in the EU accession countries and wants to
share knowledge and awareness through the EDRI-grams. All contributions,
suggestions for content or agenda-tips are most welcome.

Newsletter editor: Sjoera Nas <edrigram at edri.org>

Information about EDRI and its members:
http://www.edri.org/

- EDRI-gram subscription information

subscribe/unsubscribe web interface
http://www.edri.org/cgi-bin/mailman/listinfo/edri-news/

subscribe by email
To: edri-news-request at edri.org
Subject: subscribe

You will receive an automated email asking to confirm your request.

- EDRI-gram in Russian

EDRI-gram is also available in Russian, a few days after the English
edition. The contents are the same. Translations are provided by Sergei
Smirnov, Human Rights Network, Russia.

The EDRI-gram in Russian can be read on-line via
http://www.hro.org/editions/edri/

- Newsletter archive

Back issues are available at:
http://www.edri.org/cgi-bin/index?funktion=edrigram

- Help

Please ask <info at edri.org> if you have any problems with subscribing or
unsubscribing.

==================================================================
Publication of this newsletter is made possible by a grant from
the Open Society Institute (OSI).
==================================================================