EDRI-gram - Number 2, 12 February 2003
Bits of Freedom
info at bof.nl
Wed Feb 12 23:36:44 CET 2003
EDRI-gram
bi-weekly newsletter about digital civil rights in Europe
Number 2, 12 February 2003
------------------------------------------------------------------
CONTENTS:
1. Internet censorship in Switzerland
2. E-commerce directive transposition raises serious privacy and
free speech concerns in France
3. Critical draft EP report on safer internet action plan
4. EUCD-implementation stalled in Finland
5. Finnish companies oppose law to censor Internet
6. Microsoft Passport does not comply with European privacy rules
7. UK parliamentary inquiry rejects data retention
8. EDRI-gram available in Spanish
9. Agenda
10. About
------------------------------------------------------------------
1. INTERNET CENSORSHIP IN SWITZERLAND (contribution by Felix Rauch,
SIUG)
In Switzerland, internet censorship is gaining ground. 2 recent events
demonstrate this development.
Last December, the examining magistrate of the canton Vaud issued a command
to many Swiss internet service providers (ISPs), to block access to 3
websites. The websites, all hosted in the USA, contain strong criticism of
a.o. the Swiss courts and are prosecuted for defamation. ISPs were also
asked to modify their DNS-servers to specifically block access to the
domain appel-au-people.org
The 3 contested websites are:
http://www.appel-au-peuple.org/
http://de.geocities.com/justicecontrol/
http://www.swiss-corruption.com/
Even before the blocking became effective, mirrors immediately sprang up at:
http://www.c9c.net/swiss-corruption/info
http://www.freejustice.de/
In their press release about this case, the Swiss Internet User Group
(SIUG) and the Swiss Network operators Group point out that internet
blocking measures are easily bypassed and that article 16 of the Swiss
constitution guarantees to every person ?the right to receive information
freely, to gather it from generally accessible sources and to disseminate it.?
Most Swiss providers did not obey at first and appealed against the
command. The magistrate then ordered the directors of the companies to
appear in court in person. Guido Honegger of Swiss ISP Green refused to
bend under this pressure and is now facing a procedure for disobedience. He
plans to fight the command in court. Other ISPs like e.g. Init Seven AG are
redirecting traffic for the incriminated sites to protest pages.
The blocking-orders coincide with a proposal from the Swiss federal office
of justice for a revision of the federal law on lotteries and betting. In
article 50 of the proposal, providers could be fined up to one year in
prison or a penalty of up to 1 Million Swiss francs (approx. EUR 660.000)
for ?providing access to games that are not allowed according to this law?.
The Swiss Internet User Group is concerned that this proposal is only the
start of new legislation providing for much wider censorship.
More reading:
Command by the canton Vaud (unofficial copy, French)
http://www.nrg4u.com:80/abuse/canton-de-vaud.pdf
Press release by SIUG and Swinog 13/12/02 (in German):
http://www.siug.ch/presse/Presse.20021213.txt
Press release ISP Green 30/01/03
http://www.green.ch/de/green/pressemitteilungen/pdf/green_freiheit.pdf
ISP Init7 explanation about the DNS-block (in German)
http://vaud.init7.net/
Federal Office of Justice (in 4 languages)
http://www.ofj.admin.ch/
2. E-COMMERCE DIRECTIVE IMPLEMENTATION RAISES SERIOUS PRIVACY AND
FREE SPEECH CONCERNS IN FRANCE (Contribution by Meryem Marzouki,
IRIS)
France has started the process of implementing the European Directive on
Electronic Commerce. The draft text of the Digital Economy Law ("Loi
relative à l'économie numérique" or LEN in French) deals with ISP
liability, electronic contracts and unsolicited commercial emails,
cryptography, cybercrime, and satellite systems. Among them, the most
controversial provisions are those concerning cryptography, cybercrime and
ISP liability.
CRYPTOGRAPHY
Providers of cryptography services should provide upon request decryption
keys to authorised agents named by the Prime Minister. The penalty for not
complying with this obligation is a 2 years jail sentence and a fine of EUR
30,000. When a crime or offence is suspected, the public prosecutor or a
judge may ask any expert to decrypt data. If the incurred penalty exceeds a
2 years prison sentence, military staff may be asked for help. In that
case, the decryption method and process would be kept secret, making it
very difficult for defence lawyers to question the outcome. The last
provision states that anyone having access to decryption keys should
provide them. The keys should be provided upon judicial request when
cryptography is used for commission, preparation, or facilitation of a
suspected crime or offence. The penalty is very high again: a jail sentence
of 3 years and a fine of EUR 45,000.
There are 3 major objections against these provisions. First, judicial
control is not ensured. The public prosecutor may start investigations
before any crime or offence has been committed. Secondly, they allow for
self-incrimination, and thus contradict the French law. Thirdly,
professional secrecy is no longer guaranteed for some professions, for
example for lawyers that exchange encrypted e-mails with their clients.
ISP LIABILITY
On ISP liability, the draft is a third attempt to introduce a "notice and
take down" procedure in French legislation. Currently, a French ISP can
only be held liable for hosting illegal content if he does not obey a
judicial order to remove this content.
With the implementation of the Digital Economy Law, ISPs would not be held
liable if, after obtaining actual knowledge or becoming aware of facts and
circumstances indicating illegal activity, they act expeditiously to remove
or to disable access to the information. These provisions reproduce the
exact words of the E-Commerce Directive (article 14). This would open the
way for privatized censorship, where the ISP has to decide what is illegal
and what is not, after having been notified by a third party on the basis
of its private interests. There is no provision for counter claims,
seriously undermining presumption of innocence and the right to a fair trial.
Moreover, the draft introduces the possibility of ordering French providers
to block access to foreign websites. This unprecedented provision may open
the door to further restrictions and censorship on other media, and would
undermine freedom of circulation on the Internet.
On 5 February, EDRI-member IRIS launched a petition against provisions on
ISP liability and access filtering, in collaboration with 2 non commercial
ISPs, the French Human Rights League and a Federation of Trade Unions. The
still on-going petition has already been signed by more than 40 French
organizations and almost 400 French individuals.
More reading:
European Directive on Electronic Commerce (2000/31/EC)
http://europa.eu.int/cgi-bin/eur-lex/udl.pl?REQUEST=Seek-
Deliver&COLLECTION=oj&SERVICE=eurlex&LANGUAGE=en&DOCID=2000l178p0001
Petition against ISP liability and access filtering provisions (in French)
http://www.iris.sgdg.org/actions/len/petition.html
IRIS Dossier (in French)
http://www.iris.sgdg.org/actions/len/index.html
3. CRITICAL DRAFT EP REPORT ON SAFER INTERNET ACTION PLAN
The EU Safer Internet Action Plan, than ran from 1999 to 2002, did not
deliver very impressive results, to put it mildly. Rapporteur Bill Newton
Dunn (UK Liberal Democrat) from the Parliamentary Committee on Citizen?s
Freedoms and Rights, Justice and Home Affairs (LIBE) wrote a slashing draft
report about the request to extend the plan for another 2 years. The
original plan had 4 objectives:
-Create a European network of childporn hotlines
-Develop European filtering and rating systems
-Encourage awareness actions
-Organise an international conference about the topic
Analysing the achievements, Newton Dunn states that nobody seems to know
the telephone numbers of the supposed network of hotlines in 10 member
states. Secondly, in stead of validating existing filtering software and
carry out security tests against counter-attacks, the express wish of the
EP, the Commission financed 13 seemingly vague and uncoordinated filtering
projects. Awareness has not been promoted very well either. ?Projects such
as the SUI project resulted in the distribution of 60.000 copies of a
brochure on safer Internet use to teachers (...).? Finally, no conference
was organised, ?and now, in the rapporteur?s opinion, the money would be
better spent with the candidate countries.?
The report will be discussed in the next meeting of LIBE, on 17 February
2003. Next day LIBE will vote, followed in Plenary on 10 March.
More reading:
Revised Newton Dunn draft report (January 2003)
http://www.europarl.eu.int/meetdocs/committees/libe/20030217/481624en.pdf
4. EUCD-IMPLEMENTATION STALLED IN FINLAND (contribution by Ville
Oksanen, EFFI)
Last week, the Finnish parliament returned the national copyright law
proposal back to the ministry that originally drafted it. Electronic
Frontier Finland heavily criticized the anti-circumvention provisions and
other controversial issues of the proposal. After a parliamentary hearing
on the 31st of January, the chair of the hearing committee announced it was
impossible to continue with the proposal.
Mr Jyrki Katainen, member of the parliament committee and vice chairman of
the Conservative Party, confirmed to EFFI that the main reason for this
very rare dismissal was the extreme unclearness of the law. The possibility
of a 2 years jail sentence for the circumvention of copy protection for
example, would have posed a serious risk to unwitting citizens.
Mr. Katainen was also worried the law would have harmed the Finnish
competitiveness as an information society. "The proposal was simply
overreaching", he said.
More reading:
EFFI press-release 31/01/03
http://www.effi.org/julkaisut/tiedotteet/pressrelease-2003-01-31.html
Slashdot
http://yro.slashdot.org/article.pl?sid=03/01/31/213251&mode=thread&tid=153
5. FINNISH COMPANIES OPPOSE LAW TO CENSOR INTERNET (contribution
by Ville Oksanen, EFFI)
A coalition of Finnish telecom and media companies has joined the fight
against proposed government legislation to make owners of message boards
liable for all content, similar to print media. Additionally, Finnish
government wants access to historical data to trace anonymous postings. The
law therefore requires publishers and ISPs website to log practically all
Internet traffic data for a period of 3 months. In a message delivered to
parliament on 5 February, the companies say the law could have a chilling
effect on commercial communication.
Electronic Frontier Foundation has acted against the new law from the
beginning, warning it will stifle freedom of expression on the Internet.
More reading:
Press release Finnish companies (06/02/03)
http://www.iccwbo.org/home/news_archives/2003/stories/finnish.asp
EFFI dossier about the law (Jan/Feb 2003)
http://www.effi.org/sananvapaus/index.en.html
Previous EFFI fight against mandatory data retention (25/11/02)
http://www.effi.org/julkaisut/tiedotteet/pressrelease-2002-11-25.html
6. MICROSOFT PASSPORT DOES NOT COMPLY WITH EUROPEAN PRIVACY RULES
Microsoft has agreed to change its Passport authentication system, after
the publication on 29 January of a very critical review by the united EU
privacy commissioners. Besides the Microsoft .NET Passport system, the
commissioners, united in the so-called Article 29 Working Party, also
examined the Liberty Alliance Project. The review concludes with general
guidelines for future on-line authentication systems.
In order to comply with EU privacy rules, Microsoft agreed to substantially
modify the Passport system, "involving in particular a radical change of
the information flow".
Passport is a system that centralizes authentication and information
sharing for users on the internet. The system stores user information such
as addresses, ages, phone and credit card numbers and other personal
details in a large central database. With one click, users can transfer
their personal information to participating websites.
The most important consequence of the agreement is that users "will be
informed and empowered to decide as to which data they want to provide and
under which conditions these data will be processed by Microsoft or by the
participating websites".
Microsoft will have to enable users to decide on a site-by-site basis
whether they want to communicate their profile data or not. Some of the
changes involve giving information to users on how to open a Passport
account without using their real e-mail address. Microsoft will have to
reconfigure the user profile to allow users to fill out the fields they
choose, while leaving others blank. All changes have to be made according
to an agreed time line.
USA based privacy and consumers organisations, led by the Electronic
Privacy Information Center (EPIC), previously filed a complaint in 2001
with the United States Federal Trade Commission (FTC) regarding Passport
and other Microsoft products. The FTC ruled in 2002 that Microsoft made
false security and privacy promises about Passport.
Microsoft has made no formal statement regarding the issue but a Microsoft
spokesperson responded to the agreed changes of Passport saying that "data
protection is a dynamic process".
Simultaneously, other complaints about Microsoft are pending with EU
anti-trust regulators. A long running investigation involves the bundling
of Windows Media Player and alleged abuse of dominance in the server market
linked to Windows 2000. EU competition commissioner Mario Monti recently
announced to present conclusions in the first half of 2003. A completely
new complaint was filed this week by the Computer & Communications Industry
Association, representing a number of large technology and media
corporations, regarding the bundling of applications with Windows XP and
the misuse of a dominant market position by Microsoft.
More reading:
Article 29 Data Protection Working Party: 'Working document on on-line
authentication services' 29/01/03
http://europa.eu.int/comm/internal_market/en/dataprot/wpdocs/wp68_en.pdf
EPIC archive on Passport
http://www.epic.org/privacy/consumer/microsoft/passport.html
Computer & Communications Industry Association (CCIA) v. Microsoft
http://www.ccianet.org/ms_eu.php3
7. UK PARLIAMENTARY INQUIRY REJECTS DATA RETENTION
In the UK, a parliamentary inquiry resulted in a firm rejection of
governmental plans for general data retention. In one piece of proposed
legislation Government expected phone companies, mobile operators and
Internet service providers to voluntarily keep logging data for a period of
up to 12 months. These data would reveal who has been calling and e-mailing
whom, which websites they had visited, and even where people have been with
their mobile phones. In their report, the All Party Internet Group (APIG)
concludes that the Government had underestimated the costs of the scheme,
that billing databases would migrate abroad to escape regulation and that
there were few incentives for industry to help the government track
technical change. To cap all this, the scheme appeared to be in breach of
Human Rights legislation and despite a year of effort by the Home Office,
no solution was in sight.
The evidence heard by the parliamentary inquiry made it clear that the
proposed voluntary retention scheme had no hope of acceptance by industry.
The report also concludes that it would be impractical to proceed with the
fallback of mandatory data retention and strongly recommends that the Home
Office scrap their plans altogether and start negotiations on a lower
impact scheme of targeted "data preservation" instead.
The group also examined existing pieces of legislation including the
Regulation of Investigatory Powers Act 2000 (RIPA) and recommended that
definition of communications data be improved.
More reading:
The APIG report 28/01/03
http://www.apig.org.uk/APIGreport.pdf
8. EDRI-GRAM IN SPANISH
From now on, EDRI-gram will also be available in Spanish, usually 3 days
after the English edition. Translations will be provided by David
Casacuberta, secretary of the Spanish chapter of CPSR (Computer
Professionals for Social Responsibility). To receive the Spanish EDRI-gram,
please visit
http://www.edri.org/cgi-bin/mailman/listinfo/edri-grama/
or subscribe by email:
To: edri-grama-request at edri.org
Subject: subscribe
9. AGENDA
17-28 February 2003 Geneva, Switzerland - Second Preparatory Meeting on the
World Summit
Second preparatory meeting for the World Summit on the Information Society
to be held in Geneva from December 10-12 2003.
http://www.itu.int/wsis/preparatory/prepcom/prepcom2.html
25 February 2003 Kiev, Ukraine - Problems and prospects of Information
Society Development
International conference organised by the All-Ukrainian Foundation
?Information Society of Ukraine? in close cooperation with Ukrainian
Institute of Information Society.
http://www.isu.org.ua/en/index.php
27-28 February 2003 Luxembourg, Luxembourg - 2 workshops on 'Safer Internet'
http://www.saferinternet.org/news/Events-feb2003.asp
10-12 March 2003 Malmo, Sweden - ASEM summit on Globalisation and ICT
http://www.iked.org/asem2003ict/program.html
15 March 2003 Nomination deadline for the world's most stupid security
measure. The Stupid Security Award will be presented on 3 April 2003,
during the CFP-conference.
http://www.privacyinternational.org/activities/stupidsecurity/
25 March 2003 - UK Big Brother Awards
For the 5th time, Privacy International will present awards for: Worst
Public Servant; Most Invasive Company; Most Appalling Project; Most Heinous
Government Organisation & Lifetime Menace.
http://www.privacyinternational.org/bigbrother/uk2003/
1-4 April 2003 New York, USA - CFP 2003, including international Big
Brother Award presentation.
http://www.cfp2003.org/cfp2003/program.html
22-24 April 2003 St Petersburg, Russia - Building the Information Commonwealth
International Conference on Information Technologies and Building Prospects
for the Development of Civil Society Institutions in the CIS Countries.
http://www.communities.org.ru/conference
6-7 May 2003 Padova, Italy - Information Society Visions and Governance
Colloquium in preparation for the World Summit on the Information Society,
organised by the European Institute for Communication and Culture
(EURICOM), in co-operation with the University of Padua (Padova) Contact
for information: Claudia Padovani, Dipartimento di Studi Storici e
Politici, Università di Padova e-mail: claudia.padovani at unipd.it
10. ABOUT
EDRI-gram is a bi-weekly newsletter from European Digital Rights, an
association of privacy and civil rights organisations in Europe. Currently
EDRI has 10 members from 7 European countries. EDRI takes an active
interest in developments in the EU accession countries and wants to share
knowledge and awareness through the EDRI-grams. In general, all
contributions, suggestions for content or agenda-tips are most welcome.
Please e-mail your contributions to the editor, Sjoera Nas, edrigram at edri.org .
Information about EDRI and its members:
http://www.edri.org/
Subscription Information
subscribe/unsubscribe web interface
http://www.edri.org/cgi-bin/mailman/listinfo/edri-news
subscribe by email
To: edri-news-request at edri.org
Subject: subscribe
You will receive an automated email asking to confirm your request.
_______________________________________________
More information about the Syndicate
mailing list