EDRI-gram newsletter - Number 11, 19 June 2003
EDRI-gram newsletter
edrigram at edri.org
Thu Jun 19 22:10:43 CEST 2003
==================================================================
EDRI-gram
bi-weekly newsletter about digital civil rights in Europe
Number 11, 19 June 2003
==================================================================
Contents
==================================================================
1. Answers to EU questionnaire on spam
2. OSCE statement about freedom of the media on-line
3. Industry groups against data retention laws
4. Right of reply in on-line media
5. Finnish Big Brother Awards for YTV and Sonera
6. EP Legal Committee approves of software patents
7. NGOs want Human Rights Commissioner at WSIS
8. UK acknowledges public criticism of identity-card
9. Plans to extend Schengen Information System
10. France ready to ratify Cybercrime convention
11. Recommended Reading
12. Agenda
13. About
==================================================================
1. ANSWERS TO EU QUESTIONNAIRE ON SPAM
==================================================================
During the last meeting of the EU Communication Committee on 11 June, a
document was presented with answers of the member states to the
questionnaire on spam. The same document was also presented next day to the
members of the article 29 working party (the collaboration between the EU
data protection authorities). The questionnaire was developed by the
European Commission to find out what problems member states might incur
when implementing the spam-ban decreed by the new Directive on Privacy in
the Telecommunications Sector.
The answers show a great variety in approach when it comes to awareness
raising, complaints mechanisms and judicial remedies and penalties. The new
privacy directive raises a number of complex issues. How should consent be
construed, and how should member states deal with the difference in
protection between legal and natural persons? Under Article 13 Member
States are only required to ensure the protection to natural persons, not
to legal persons. But how can a sender determine whether a recipient is a
natural or a legal person ? Should an e-mail address consisting of the name
of an individual working for a company be considered as belonging to
natural or a legal person? The definition of direct marketing is also
complex. There is no definition of direct marketing, only a description in
recital 30 of Directive 1995/46/EC, which states that messages by charities
and political parties are also covered by the definition.
"A majority of respondents would favour EU guidelines on these issues, in
order to guarantee as much effectiveness as possible", the report states.
Disappointingly, the Commission refrains from issuing specific guidelines
to clarify minimum standards. The commission only wants to set-up an
informal on-line newsgroup with 2 representatives from each country (one
from the government designated competent authority and 1 from the Data
Protection Authority).
EDRI was invited to attend the CoCom meeting as an expert. According to
EDRI, it would be good if every member state would at least empower the
National Regulatory Authority or Data Protection Authority to impose
administrative fines. Secondly, EDRI expects these guidelines to contain
minimum standards of redress for internet users when receiving spam from
any country within the internal market. When creating codes of conduct on
top of these minimum legal standards, representatives from internet user
groups and/or consumer associations should be heard and approval of the
data protection authority should be required.
Answers to the questionnaire (03.06.2003)
http://www.edri.org/docs/cocom03-33.pdf
Directive 2002/58/EC concerning the processing of personal data and the
protection of privacy in the electronic communications sector
http://europa.eu.int/comm/internal_market/privacy/law_en.htm
==================================================================
2. OSCE STATEMENT ABOUT FREEDOM OF THE MEDIA ON-LINE
==================================================================
At the end of a two-day conference in Amsterdam on internet-related perils
to freedom of expression, the OSCE Representative on Freedom of the Media,
Freimut Duve has issued a call to take up a strong position towards free
flow of information on the internet. The Organization for Security and
Co-operation in Europe (OSCE) is the largest regional security organization
in the world with 55 participating States from Europe, Central Asia and
North America.
"Freedom of the Media as a human right is universal. No matter what
technical means are used to channel the work of journalists to the public -
be it TV, radio, newspapers or the Internet - the basic constitutional
value of freedom of the media must not be questioned", Freimut Duve said in
his opening remarks to the conference.
In his statement Duve addresses the delicate balance between the need to
fight illegal content and the importance to guarantee freedom of
expression. "All legislative and law enforcement activity must clearly
target only illegal content and not the infrastructure of the Internet
itself." Filtering or blocking content is not acceptable, problems with
illegal content should be addressed in the country of origin, Duve writes,
because "In a modern democratic and civil society citizens themselves
should make the decision on what they want to access on the Internet."
The recommendation also addresses the perils to free speech arising from
the extensions of copyright and patent law. "To a considerable extent the
fast pace of innovation of digital networks is due to the fact that most of
the basic code and software are in the public domain, free for everyone to
use and enhance. This free-of-charge infrastructure is one of the key
elements of freedom of expression on the Internet. Access to the public
domain is important for both technical and cultural innovation and must not
be endangered through the adoption of new provisions related to patent and
copyright law."
Amsterdam Recommendation (17.06.2003)
http://www.osce.org/documents/rfm/2003/06/215_en.pdf
==================================================================
3. INDUSTRY GROUPS AGAINST DATA RETENTION LAWS
==================================================================
Four major industry groups have published a joint statement against
mandatory data retention. The coalition represents worldwide and European
businesses including most major electronic communications service providers
and manufacturers. They are challenging EU member states on proposals that
would require communication service providers to store details of all
calls, emails and transactions for use by law enforcement agencies.
In the statement the coalition expresses concern at the overly broad
definitions of traffic data and excessive storage periods, costs for
industry, technical feasibility and damage to end-user confidence due to
privacy concerns and increased security risks.
The statement recommends that European countries favour data preservation
(targeted storage of specific data on specified end-users) over data
retention (general storage of data for a specified period of time). It also
says that any requirement for data storage must be "necessary, appropriate
and proportionate" and that "transparent and effective oversight procedures
are necessary to prevent abuses and to safeguard public confidence".
A majority of EU members favours a binding European law for mandatory data
retention as became clear from the answers to a questionnaire that the EU
previously sent to member states.
Common industry statement on storage of traffic data for law enforcement
purposes (04.06.2003)
http://www.iccwbo.org/home/news_archives/2003/stories/data.asp
Answers to questionnaire on traffic data retention (20.11.2002)
http://www.effi.org/sananvapaus/eu-2002-11-20.html
==================================================================
4. RIGHT OF REPLY IN ON-LINE MEDIA
==================================================================
The Council of Europe (45 member states) is finalizing a recommendation on
the 'right of reply' in on-line media. Through a right of reply persons and
organisations can reply to articles in the media in which they have been
portrayed or criticized. Many countries in Europe already have a limited
right of reply for printed media.
A committee of specialists has finalized the draft recommendation during a
16-18 June meeting. The recommendations are not limited to professional
on-line media but "any natural or legal person or other entity whose [main]
activity is to engage in the collection, editing and dissemination of
information to the public via the Internet". This definition will not only
cover professional news portals but also personal blogs, moderated
mailinglists and individual websites.
Some parts of the recommendation are very detailed. "The reply should be
made publicly available in a prominent place for a period of time which is
at least equal to the period of time during which the contested information
was publicly available, but in any case no less than for 24 hours." The
recommendation will pose a greater burden on on-line media then on off-line
media as on-line media are supposed to have more room for lengthy replies:
"There should be flexibility regarding the length of the reply since there
are less capacity limits for content than in off-line media."
An earlier draft of the recommendation limited itself to professional
on-line media. But after an expert hearing in February 2003 definitions
were broadened. The summary of the hearing mentions: "It could be argued
that there was a particular need to grant a right of reply against
non-professional media where there was an increased risk of compromising
material."
The recommendation might collide with the very recent declaration on
freedom on the internet by the same Council of Europe. That declaration
urged countries to preserve anonymity on the internet. But the
recommendation on the right of reply in on-line media mentions that
"on-line media should make the name and contact details of a person
responsible for handling requests for replies easily available".
A recommendation from the Council of Europe is not binding for its member
states.
The right of reply in the on-line environment (21.03.2003)
http://www.coe.int/t/e/human_rights/media/7_Links/Right_of_reply_hearing.asp
==================================================================
5. FINNISH BIG BROTHER AWARDS FOR YTV AND SONERA
==================================================================
On 4 June EDRI-member EFFI organised a second annual Big Brother Ceremony.
The award in the public sector was given to YTV, a firm that controls
public transport in the Helsinki region. The company received the award for
its new electronical ticket system that stores individual passenger
information, including social security numbers. Anonymous cards were
available, but in practice only for business purposes, at a much higher
price. Only after a long struggle with the the Finnish data protection
agency YTV finally changed their mind and concluded that the system could
also work without any identification of the passengers.
For the Big Brother Award in the business category there was really only
one candidate. Sonera, the biggest telephone company in Finland, was caught
analysing the traffic data from the mobile phones of at least 50 customers,
both employees and outsiders, in order to find out who had been leaking
confidential corporate information to the press. The analysis didn't
produce a suspect. At least 5 senior staff members were arrested (but later
released) including the company executive officer (CEO). They will most
likely face criminal charges.
A positive award was given to the Finnish ISPs, who have been very
successful in their lobby against mandatory retention of telecom traffic
data. Governmental plans for a 2 year period were withdrawn. Finnish
providers are now required to retain traffic data for a period of 3 weeks.
A honourable mention was given to Finnair, because of the companies refusal
so far to hand-over passenger data to the US government.
Pictures and description of BBA ceremony (translation in English will
follow soon)
http://www.effi.org/yksityisyys/bb2003/index.html?setlang=en
YTV English web page:
http://www.ytv.fi/matkakortti/english/index.html
More arrests in Sonera snooping probe (The Register - 26.11.2002)
http://www.theregister.co.uk/content/6/28295.html
(Contribution by Ville Oksanen, EFFI)
==================================================================
6. EP LEGAL COMMITTEE APPROVES OF SOFTWARE PATENTS
==================================================================
The European Parliament's Committee for Legal Affairs and the Internal
Market (JURI) voted Tuesday 17 June about a list of proposed amendments to
the planned software patent directive. It was the third and last in a
series of committee votes. The results will be presented to the parliament
in plenary early in September. The other two commissions (Culture,
Industry) had chosen to more or less clearly forbid software patents. The
rapporteur of the JURI committee, Arlene McCarthy (UK socialist) also
claimed to be aiming for a "restrictive harmonisation of the status quo"
and "exclusion of software as such, algorithms and business methods from
patentability". Yet McCarthy presented a voting list to fellow members of
parliament that does make it possible to turn ideas like the Amazon
One-Click shopping method into patentable inventions.
McCarthy and her followers rejected all amendment proposals that would
limit patentability while supporting all those that even go beyond the
European Commission's proposal. The new amendments threaten to impose
unlimited patentability and patent enforceability in Europe, with little
chance of recovery for years to come.
Most of McCarthy's proposals found a conservative-socialist 2/3 majority
(20 of 30 MEPs), whereas the proposals from the other committees (CULT,
ITRE) and study reports commissioned by parliament and other EU
institutions were disregarded. A few socialists and conservatives voted
together with Greens, Left and (partially) Liberals in favour of amendments
that would limit patentability, but they were overruled by the two biggest
blocks.
Daniel Cohn-Bendit (Greens - Fr), co-president of the Greens/EFA group and
chairman of a conference earlier this year on software patents and SMEs,
commented: "This patent report is an insult even to the principle of free
trade. Pretending to protect inventors and their inventions, it instead
allows multinationals to lock up the market."
Detailed description of the vote in JURI
http://swpat.ffii.org/news/03/juri0617/
Public debate about software patents in The Guardian: Richard Stallman and
Nick Hill attack software patents
http://www.guardian.co.uk/online/story/0,3605,970294,00.html
Rapporteur Arlene McCarthy defends her proposals
http://www.guardian.co.uk/online/story/0,3605,975126,00.html
(Contribution by Hartmut Pilch, Foundation For a Free Information structure)
==================================================================
7. NGOs WANT HUMAN RIGHTS COMMISSIONER AT WSIS
==================================================================
The World Summit on the Information Society (WSIS), the first part of which
will be held in Geneva from 10 to 12 December this year, tries to involve
governments, the private sector and the civil society in its process.
Intergovernmental organizations and various UN Agencies are also part of
the WSIS, with the International Telecommunications Union being the
organizer of the whole event. But so far, the absence of the UN Office of
the High Commissioner for Human Rights has been remarkable.
43 International non-governmental organisations (NGOs) have signed an open
letter to Mr Bertrand Ramcharan, the UN Deputy High Commissioner for Human
Rights, calling for his active participation. The initiative is also
endorsed by EDRI.
The participation of the Human Rights Commissioner to the preparatory
meetings and the World Summit itself would help to ensure that human rights
language in the WSIS process is comprehensive, strong and consistent with
resolutions and decisions adopted by the Commission on Human Rights. The
development of an information and communication society has to build on a
core set of principles that are fundamental for democratic societies.
International human rights standards represent such principles and should
serve as the international framework guiding regional and national policies
and actions.
A copy has been sent by email to Mr Adama Samassekou, President of the WSIS
Preparatory Process, and to Mr Pierre Gagné, Director of the WSIS Executive
Secretariat.
This letter is a joint initiative from the World Federalist Movement and
the WSIS Human Rights in the Information Society Caucus, a group of 22 NGOs.
The letter with the list of signatures is available on the Human Rights
Caucus web site
http://www.iris.sgdg.org/actions/smsi/hr-wsis
Draft action plan and declaration of principles (05.06.2003)
http://www.itu.int/wsis/documents/doc_multi.asp?lang=en&id=624%7C626
Official website of organisers of the World Summit
http://www.itu.int/wsis/
(Contribution by Meryem Marzouki, IRIS and co-coordinator of the WSIS Human
Rights in the Information Society Caucus)
==================================================================
8. UK ACKNOWLEDGES PUBLIC CRITICISM OF IDENTITY-CARD
==================================================================
The UK Government has finally admitted that the public are overwhelmingly
opposed to the idea of a national ID card. In response to a parliamentary
question from member of parliament Anne McIntosh, Home Office minister
Beverley Hughes has confirmed that over 5,000 of the 7,000 responses to a
public consultation on the issue were opposed to the scheme.
Recently, government ministers claimed that they received around 2,000
responses, 2:1 of which were in favour of the idea. Yet stand.org.uk, which
allowed user to e-mail responses to the consultation, report that they
forwarded 5,029 -- mostly negative -- messages on behalf of users. And the
798 responses sent through two phones lines (Yes and No) set up by
EDRI-member Privacy International were also ignored.
Privacy International made an open government request early in May to ask
the Home Office exactly how many responses they had received, and how those
responses would be classified. But on the day the request was due to be
answered, the Home Office told Privacy International that a similar request
for information had been made by a Member of Parliament. Therefore, due to
to parliamentary procedure, they would have to answer that MPs query first.
(This procedure is not mentioned in the open government code that governs
these requests).
The latest press reports suggest that the government intends to press on
with its plans for ID cards - this time using the crime and asylum
arguments that they explicitly rejected in 2002 when they launched their
consultation.
Dossier Privacy International
http://www.privacyinternational.org/issues/idcard/uk/
(Contribution by Ian Brown, FIPR)
==================================================================
9. EXTENSION OF SCHENGEN INFORMATION SYSTEM
==================================================================
The European Parliament currently discusses 3 different reports about the
Schengen Information System (SIS). Rapporteur for all three reports is
Carlos Coelho. The reports aim at extending the amount of data handled and
the degree of cross-linking within the computer network.
Coelho, a Portuguese Conservative, has already been the Rapporteur on four
previous reports on the Schengen Information System in the last
year-and-a-half. Before that, he was the chairman of the Temporary
Committee on the Echelon system, and it is in part his merit that the
report on the U.S.-led interception system became a call for something
similar in the EU. Coelho may be considered very close to pro-surveillance
circles in the Council and the Commission. For this reason, his reports
should more or less reflect the positions of the officials running the SIS
server in Strasbourg and its mirrors in each of the EU Member States.
One of the reports, officially an own-initiative report (Proposal for a
Recommendation pursuant to Rule 49(1) of the Rules of Procedure) on behalf
of the Conservative Group in the EP, deals with the schedule and
capabilities of the Schengen Information System II (SIS II), which shall be
installed by 2006. As a starting point, Coelho quotes from a council
Document stating "When the SIS was first created, its only purpose was to
be a compensatory measure for the opening of the borders. Ever since, and
not in the least because the SIS has proven to be a useful and efficient
tool, recognition has grown that the potential of the SIS could be
maximised, mainly within the frame of police cooperation." This would
probably include close links between Europol and SIS, a plan that was
uncovered by the UK publication Statewatch last year.
Besides extending SIS / SIS II from a border-oriented to an all-over data
warehouse - which has already been acquired in practice, Coelho and his
party plan to extend capacities, scope and users of the system: "SIS II
must have the potential to handle a significantly larger quantity of data
and be extended to cope with new information types, new subjects, further
new functions and new categories of users." He quotes from the draft
conclusions of the June 5th / 6th Justice and Home Affairs Council to give
a few examples of new features of the system, e.g. interlinking of alerts
('alert' is what a data record in SIS is called), including biometric data
and new 'categories of persons' like 'violent troublemakers' (EU slang for
persons engaged in Anti-EU Demonstrations) and 'persons precluded from
leaving the Schengen area'.
Working Document on the Schengen Information System II (SIS II): current
developments (timetable, new functionalities and users currently under
discussion)
http://www.europarl.eu.int/meetdocs/committees/libe/20030611/499809EN.pdf
Working Document on Schengen Information System II: future developments
http://www.europarl.eu.int/meetdocs/committees/libe/20030611/500117EN.pdf
Proposal for a Recommendation pursuant to Rule 49(1) of the Rules of
Procedure by Carlos Coelho on behalf of the PPE-DE Group on the
second-generation Schengen information system (SIS II)
http://www.europarl.eu.int/meetdocs/committees/libe/20030611/030066en.pdf
Statewatch: Europol to be given access to the S.I.S., then custody?
http://www.statewatch.org/news/2002/mar/15europol.htm
(Contribution by Andreas Dietl, consultant on EU privacy issues)
==================================================================
10. FRANCE READY TO RATIFY CYBERCRIME CONVENTION
==================================================================
France has started the process of ratification of the Council of Europe
cybercrime convention. On 11 June, Dominique de Villepin, the French
minister of foreign affairs presented to the council of ministers a draft
law for the ratification of the convention. France would be the first EU
country to ratify the convention, which has only been ratified till now by
3 Council of Europe countries: Albania, Croatia and Estonia. The convention
needs at least 5 ratifications (among them 3 from CoE countries) to enter
into force.
Press release announcing ratification plans (in French - 11.06.2003)
http://www.premier-ministre.gouv.fr/fr/p.cfm?ref=39831
IRIS dossier on the cybercrime convention
http://www.iris.sgdg.org/actions/cybercrime/
(Contribution by Meryem Marzouki, IRIS)
==================================================================
11. RECOMMENDED READING
==================================================================
On 13 June, the Article 29 working party (the association of the EU data
protection authorities) released an opinion about the transfer of so-called
PNR-data to the USA, detailed booking-information about European
airtravellers. The data protection authorities recommend a 'push' technique
for selected records, in stead of full and live access for the Americans to
all databases with PNR-data. Pushing also enables the European airlines to
limit the amount of information per passenger, and for example not give
away sensitive data like meal preferences.
Finally, the working party recommends that the purposes for which the data
will be used should be limited to fighting acts of terrorism without
expanding their scope to other unspecified 'serious criminal offences'.
Opinion on PNR transfer, 13 June 2003:
http://europa.eu.int/comm/internal_market/privacy/docs/wpdocs/2003/wp78_en.pdf
==================================================================
12. AGENDA
==================================================================
20 June 2003 Registration deadline WSIS Intersessional Meeting
The meeting will take place 15-18 July 2003, in the UNESCO headquarters in
Paris, France. The Intersessional Period between PrepCom-2 and PrepCom-3
will be dedicated to refining the working documents for the Draft
Declaration of Principles and Draft Action Plan. Only NGOs accredited to
prepCom2 and/or in consultative status with UN/ECOSOC may participate.
http://www.itu.int/wsis/preparatory/prepcom/intersessional/index.html
25 June 2003 London, United Kingdom - International Big Brother Award
http://www.privacyinternational.org/bigbrother/
30 June - 2 July 2003 St. Petersburg, Russia - Building the Information
Commonwealth
http://www.communities.org.ru/conference/
9-12 July 2003 Metz, France - RMLL2003
(Unofficial) fourth annual Libre Software meeting
http://www.rencontresmondiales.org/
7-10 August 2003 Berlin, Germany - Chaos Computer Camp 2003
http://www.ccc.de/camp/
5 September - Deadline Call for Papers about Copyright and Open and
Proprietary Software
On 4-5 December 2003, the Center for Tele-Information of the Technical
University of Denmark organizes its 8th annual international conference -
this year on copyright and software patents. A selection of the best papers
for the conference will be published in the international journal
Telematics and Informatics in spring 2004.
http://www.cti.dtu.dk
==================================================================
13. ABOUT
==================================================================
EDRI-gram is a bi-weekly newsletter from European Digital Rights, an
association of privacy and civil rights organisations in Europe. Currently
EDRI has 10 members from 7 European countries. EDRI takes an active
interest in developments in the EU accession countries and wants to share
knowledge and awareness through the EDRI-grams. All contributions,
suggestions for content or agenda-tips are most welcome.
Newsletter editor: Sjoera Nas <edrigram at edri.org>
Information about EDRI and its members:
http://www.edri.org/
- EDRI-gram subscription information
subscribe/unsubscribe web interface
http://www.edri.org/cgi-bin/mailman/listinfo/edri-news/
subscribe by email
To: edri-news-request at edri.org
Subject: subscribe
You will receive an automated email asking to confirm your request.
- EDRI-gram in Russian
EDRI-gram is also available in Russian, a few days after the English
edition. The contents are the same. Translations are provided by Sergei
Smirnov, Human Rights Network, Russia.
The EDRI-gram in Russian can be read on-line via
http://www.hro.org/editions/edri/
- Newsletter archive
Back issues are available at:
http://www.edri.org/cgi-bin/index?funktion=edrigram
- Help
Please ask <info at edri.org> if you have any problems with subscribing or
unsubscribing.
==================================================================
Publication of this newsletter is made possible by a grant from
the Open Society Institute (OSI).
==================================================================
More information about the Syndicate
mailing list