EDRI-gram newsletter - Number 14, 30 July 2003

[EDRI-gram newsletter]

==================================================================

                             EDRI-gram

      bi-weekly newsletter about digital civil rights in Europe

                      Number 14, 30 July 2003

==================================================================
CONTENTS
==================================================================

1. Big brother in the supermarket
2. Landwell scares Spanish peer-to-peer users
3. Dutch MEP announces court case about PNR-data
4. Analysis of draft IP enforcement directive
5. French IP commission promotes internet-surveillance
6. European Commission rejects Greek gaming law
7. Report about Paris inter-sessional WSIS meeting
8. Agenda
9. About

==================================================================
1. BIG BROTHER IN THE SUPERMARKET
==================================================================

The UK supermarket chain Tesco has confirmed that it is testing a 
controversial surveillance system that tracks customers in one of their 
stores in Cambridge. Anyone buying certain products will have their picture 
taken. Twice.

The system uses Radio Frequency Identifiers (RFIDs) to trigger CCTV cameras 
to take a picture of the customer. In the test RFIDs are embedded in 
Gillette razor blades. When the customer takes a package of Gillette from 
the shelf a RFID reader will trigger a camera to take a picture. At the 
checkout another RFID reader will trigger a second camera. The camera's are 
monitored by security personnel in the shop who will compare the two 
pictures. The system is supposedly designed to detect theft.

RFIDs are very small radio chips that transmit a unique serial code when a 
reader is placed in their proximity. Retailers hail the technology for its 
usefulness in logistics and supply chain management. Consumer groups and 
privacy advocates are campaigning for rules for the use of the chips to 
prevent the technology from becoming a covert surveillance tool to spy on 
consumers.

The use of RFIDs to track buyers in supermarkets is outlined in various 
presentation documents from the Auto-ID center, a platform of the RFID 
industry. The documents also outline ideas for theft prediction by tracking 
the movements and behavior of customers in a supermarket through the use of 
RFIDs.

Tesco tests spy chip technology (19.07.2003)
http://www.guardian.co.uk/uk_news/story/0%2c3604%2c1001211%2c00.html

The Next Information Revolution: The Networked Physical World (Auto-ID Center)
http://cryptome.org/rfid/fmi_2002.pdf


==================================================================
2. LANDWELL SCARES SPANISH PEER-TO-PEER USERS
==================================================================

On 17 July, Landwell, a Spanish legal firm related to 
Price-Waterhouse-Coopers, issued a press release stating that they were 
planning to present a lawsuit against 4.000 Spanish Kazaa users for 
illegally downloading copyrighted material such as movies, songs or 
software. They announced they had identified a total of 95.000 Spanish 
file-sharers, and were going to start with the prosecution of the 4.000 
most serious ones.

In fact, this would be the biggest prosecution of internet users yet in 
Europe, mimicking the recent hunt down of users in the United States. 
Before, only Danish users were brought to court, when in December 2002, APG 
(Antipiracygroup) registered the IP numbers of potential copyright 
violators (i.e. people that offered files on Kazaa and eDonkey) and 
subsequently used the IP numbers to get a court order. With the court order 
in place, APG got the users names and addresses from the ISPs, and 
subsequently sent out app. 150 requests for financial compensation.

The announcement of the Spanish lawsuit was accompanied by a request to use 
unspecified software able to emulate p2p protocols in order to identify the 
users. Several cyberrights organization acted very fast, stating that users 
have a perfect right to share files as long as there is no profit behind 
it. The Asociacion de Internautas (a large internet user association) 
compared Landwell to the Gestapo and freely offered their lawyers to any 
Spanish citizen that would be accused under the announced lawsuit.

The cyberrights e-zine Kriptópolis made a special issue, including a text 
by Xavier Ribas, the main lawyer behind the lawsuit from Landwell, and a 
reply from Carlos Sánchez Almeida, a well-known expert in legal internet 
issues. Analyzing and comparing the arguments, it becomes quite clear that 
the lawsuit is nothing more than an attempt to create fear amongst Spanish 
users, as there seems to be nothing solid behind the lawsuit. First of all, 
it is not clear that sharing files is a crime, if it is done non-profit. 
More importantly, the system Landwell used to track the users (the Kazaa 
protocols) does not offer enough information to track the real identities 
of the users.

In fact, in a recent radio interview, Ribas admitted that the lawsuit had 
not been presented yet, giving further rise to the suspicion that it never 
would.

Ribas: Compartir copias no autorizadas a través de P2P es delito (26.07.2003)
http://www.kriptopolis.com/more.php?id=94_0_1_0_M

Almeida: Compartir no es delito (23.07.2003)
http://www.kriptopolis.com/more.php?id=91_0_1_0_M

Wired News: Spanish firm target file traders (23.07.2003)
http://www.wired.com/news/digiwood/0,1412,59720,00.html

(Contribution by David Casacuberta, CPSR Spain)


==================================================================
3. DUTCH MEP ANNOUNCES COURT-CASE ABOUT PNR-DATA
==================================================================

A Dutch member of the European Parliament is threatening to take the 
European Commission to court for failing to protect the digital privacy of 
its EU citizens. EU MP Johanna Boogerd is also vice-chairman of LIBE, the 
parliamentary committee on Citizens' Freedoms and Rights, Justice and Home 
Affairs. She opposes the agreement between the Commission and US Customs 
that allows for live access for an unlimited amount of US security 
officials to information about European air passengers, including sensitive 
personal data like travel history and food preferences.

As she explains in an interview with Radio Netherlands, providing such 
access to third parties breaks EU laws and directives designed to protect 
the privacy of the individual. Ms Boogerd says that although the European 
laws are under review for being too harsh, privacy cannot be altogether 
ignored.

Interview with Johanna Boogerd (24.07.2003)
http://www.rnw.nl/hotspots/html/eu030724.html


==================================================================
4. ANALYSIS OF DRAFT IP ENFORCEMENT DIRECTIVE
==================================================================

The EU parliament Committee on Legal Affairs and the Internal Market will 
vote on 11 September on the proposed EU Directive on the enforcement of 
intellectual property rights.

The Directive proposes to harmonize IP law in such a way that all 
enforcement measures available to IP owners in any EU member state must be 
available in all of them.

UK security researcher Ross Anderson has published an analysis of the 
proposed EU Directive. At present, copyright infringement is treated by 
most member states as a civil matter in general. The Directive would compel 
every member state to criminalize all violations of intellectual property 
that are deliberate and conducted in the course of a business.

The proposed Directive gives a 'Right of Information' to the music and film 
industry which is a quasi-automatic right to the personal data of alleged 
infringers, without filing a lawsuit. The proposal will have serious 
consequences for the privacy of P2P users and will give the entertainment 
industry direct access to names and addresses of users.

Anderson sums up the consequences for privacy, culture, universities, 
libraries and the disabled, software competition and the single market.

The Draft IP Enforcement Directive - A Threat to Competition and Liberty
http://www.cl.cam.ac.uk/~rja14/draftdir.html

Enforcement of intellectual property rights
http://europa.eu.int/comm/internal_market/en/indprop/piracy/index.htm


==================================================================
5. FRENCH IP-COMMISSION PROMOTES SPYING
==================================================================

On 26 June a special copyright advisory board within the French Ministry of 
Culture published a report supporting government plans to increase 
surveillance of Internet users as part of a wider bid to stop the online 
copying of protected works.

The Superior Council for Artistic and Literary Intellectual Property 
(Conseil Supérieur de la Propriété Littéraire et Artistique, or CSPLA) 
advises to create a 3 year period of mandatory retention of traffic data by 
ISP's to help track down online copyright violations and counterfeiting. 
The legal regime for data retention is set by the law on daily safety (Loi 
sur la Sécurité Quotidienne - LSQ) from 15 November 2001, even though the 
application decrees have not been adopted yet. In an earlier response to 
that law, the French privacy authority CNIL demanded a maximum period of 3 
months.

On top of that, in their advice on the implementation of the European 
Copyright Directive (2001/29/EC, to be transposed in the law on the digital 
economy) the CSPLA wants explicit legal permission to create databases with 
the IP-numbers of internet users that share music, films or computer 
programs. They call on parliament to 'find a solution to allow collecting 
societies and rightholders to create such files with the sole purpose of 
protecting their rights.'

That call seems hardly necessary anymore. Even though the CNIL explicitly 
rejected the creation of such a database in an advice from March 2001, 
recently the CNIL changed its mind. According to an amendment on the new 
privacy law drafted by CNIL vice-president and senator Alex Turk, companies 
that are victims of copyright infringements have the right to collect 
personal data when related to infringements, judgments and safety measures.

Finally, the commission recommends the future of Digital Rights Management 
as a system that won't just to be able to check whether files are 
authorized for legal exchange online, but also able to identify and block 
file exchanges in any server and router on its way.

The draft law on the digital economy, approved last February by the lower 
house of Parliament and late June by the Senate, is expected to be passed 
by the end of this year.

CSPLA report (26.06.2003, in French)
http://www.culture.gouv.fr/culture/cspla/raplibertesindiv.pdf

Article in e-zine Transfert (04.07.2003, in French)
http://www.transfert.net/a9082


==================================================================
6. COMMISSION REJECTS GREEK GAMING LAW
==================================================================

On 22 July, the European Commission announced legal steps against the 
government of Greece for it's unjust anti-gaming law. The Commission 
questions the compatibility of the law in question (of 29 July 2002) with 
the provisions of the EC Treaty on the free movement of goods and services 
and the freedom of establishment.

The Greek law puts a general ban on computer games, without any distinction 
between slot machines and computer-games, thus making it totally impossible 
to provide and supply electronic games equipment and programs or to perform 
related activities (for example, the installation, repair and maintenance 
of such equipment and programs).

According to the Commission, the law "could be disproportionate, insofar as 
it tends to encompass, on the one hand, equipment (slot machines) and games 
of chance which might give rise to social concerns and, on the other, games 
of an entirely different nature which are not, in themselves, a source of 
particular disquiet with regard to public order or consumer protection."

Earlier, this same law was declared unconstitutional by a judge, and 
charges against three people were dismissed. All three of them were 
operating or working for internetcafe's.

Announcement European Commission (22.07.2003)
http://www.europa.eu.int/rapid/start/cgi/guesten.ksh?
p_action.gettxt=gt&doc=IP/03/1062|0|RAPID&lg=EN&display=

Greek gaming law defeated in court (11.09.2002)
http://news.com.com/2100-1040-957519.html


==================================================================
7. REPORT ABOUT PARIS INTER-SESSIONAL WSIS MEETING
==================================================================

Between 15 and 18 July an inter-sessional meeting for the World Summit on 
the Information Society (WSIS) took place in Paris, with a special focus on 
human rights in the information society. In this Human Rights caucus, made 
up of 25 organizations, 2 EDRI-members participated, the French IRIS and 
the Danish Digital Rights. The HR group presented 2 oral statements to 
different plenary government meetings and an alternative to the first 
paragraph of the draft Declaration of Principles.

The first oral statement was entitled 'Back to the Basics, WSIS and Human 
Rights', and argued for stronger protection of privacy and security of 
cultural rights instead of the culture of security. The second statement 
was presented on behalf of the civil society plenary, to express the 
general feeling of the civil society organizations about the last draft of 
the Declaration of principles. In this statement, the importance of article 
19 of the Human Rights Declaration was underlined, regretting the proposed 
"amputation of the section that guarantees that freedom of expression shall 
be exercised without interference of any kind, regardless of frontiers."

The alternative to the first paragraph of the draft Declaration of 
Principles was provided to many government delegates and to both the 
president of the inter-sessional and the WSIS preparatory process. The 
rewritten paragraph was immediately supported by the Swiss government and 
stands a good chance of being adopted as the official version.

The human rights caucus also helped the association CRIS (communication 
rights in the information society) to clarify their proposal of a "right to 
communicate", arguing that a new right cannot be claimed while existing 
rights dealing with information and communication are still being ignored. 
Existing rights (including economic, social and cultural rights) need to be 
reaffirmed and enforced and treated as indivisible rights. The revised 
statement from CRIS reaffirms freedom of expression as "the basis for 
individual and societal development", and "communication rightS" is now the 
preferred expression, rather that a "right to communicate".

First oral statement to governments plenary (16.07.203, in English)
http://www.iris.sgdg.org/actions/smsi/hr-wsis/hris-speech-160703.html

Second oral statement to governments plenary (18.07.2003, in English)
http://www.iris.sgdg.org/actions/smsi/hr-wsis/hris-cs-180703.html

Alternative first paragraph of the Declaration of Principles (17.07.2003, 
in English)
http://www.iris.sgdg.org/actions/smsi/hr-wsis/hris-para1-170703.html

Revised CRIS statement (17.07.2003, in English)
http://www.crisinfo.org/live/index.php?section=2&subsection=3&id=39

(Contribution by Meryem Marzouki, IRIS)


==================================================================
8. AGENDA
==================================================================

7-10 August 2003, Berlin, Germany - Chaos Computer Camp 2003
Conference schedule:
http://www.ccc.de/camp/2003/conference/

2 September 2003, Copenhagen, Denmark - Freedom of Expression in the 
Information Society
The conference will address issues concerning freedom of expression 
regulation, press freedom and media pluralism, the new Council of Europe 
Declaration on Freedom of Communication on the Internet, intellectual 
property rights and access to information. The conference will combine 
plenary discussions with workshop sessions. The seminars will take place in 
the Danish Parliament in Copenhagen and are open to all stakeholders. For 
further information and registration please contact Jane Johnsen, the 
Danish United Nations Association, jane at una.dk
http://www.una.dk/wsis/conf.htm

5 September 2003, Deadline Call for Papers about Copyright and Open and 
Proprietary Software
On 4-5 December 2003, the Center for Tele-Information of the Technical 
University of Denmark organizes its 8th annual international conference - 
this year on copyright and software patents. A selection of the best papers 
for the conference will be published in the international journal 
Telematics and Informatics in spring 2004.
http://www.cti.dtu.dk/

11-14 September 2003, Amsterdam, Netherlands - Next 5 Minutes, 
International Festival of Tactical Media
http://www.n5m.org/

15-26 September, Geneva, Switzerland - WSIS Preparatory Conference
http://www.itu.int/wsis/preparatory/prepcom/pc3/index.html


==================================================================
9. ABOUT
==================================================================

EDRI-gram is a bi-weekly newsletter from European Digital Rights, an 
association of privacy and civil rights organizations in Europe. Currently 
EDRI has 14 members from 11 European countries. EDRI takes an active 
interest in developments in the EU accession countries and wants to share 
knowledge and awareness through the EDRI-grams. All contributions, 
suggestions for content or agenda-tips are most welcome.

Newsletter editor: Sjoera Nas <edrigram at edri.org>

Information about EDRI and its members:
http://www.edri.org/

- EDRI-gram subscription information

subscribe/unsubscribe web interface
http://www.edri.org/cgi-bin/mailman/listinfo/edri-news/

subscribe by email
To: edri-news-request at edri.org
Subject: subscribe

You will receive an automated email asking to confirm your request.

- EDRI-gram in Russian

EDRI-gram is also available in Russian, a few days after the English 
edition. The contents are the same. Translations are provided by Sergei 
Smirnov, Human Rights Network, Russia.

The EDRI-gram in Russian can be read on-line via
http://www.hro.org/editions/edri/

- Newsletter archive

Back issues are available at:
http://www.edri.org/cgi-bin/index?funktion=edrigram

- Help

Please ask <info at edri.org> if you have any problems with subscribing or 
unsubscribing.

==================================================================
Publication of this newsletter is made possible by a grant from
the Open Society Institute (OSI).
==================================================================