EDRI-gram newsletter - Number 21, 5 November 2003

[EDRI-gram newsletter]

==================================================================

                            EDRI-gram

    bi-weekly newsletter about digital civil rights in Europe

                    Number 21, 5 November 2003

==================================================================
CONTENTS
==================================================================

1. IPR Enforcement: rapporteur ready for compromise
2. New anti-spam legislation in NL and Austria
3. NGOs urge ICANN to safeguard privacy
4. Big Brother Awards presented across Europe
5. FIPR workshop on snooping-laws in the UK
6. State take-over of top-level domain in Ukraine
7. European campaign for safe e-voting
8. New telecommunication law in Germany
9. Lawsuit about website French trade union
10. Recommended reading
11. Agenda
12. About


==================================================================
1.IPR ENFORCEMENT: RAPPORTEUR READY FOR COMPROMISE
==================================================================

On 4 November there was a heated debate in the Judicial Affairs Committee
(JURI) of the European Parliament about the proposed new directive on the
Enforcement of Intellectual Property Rights. According to Social Democrat
Willy Rothley from Germany "the EU Commission aggressively attempts to
exceed its authorities and assume competencies it does not hold.
Senselessly, it deals with lawmaking as though it were a patchwork quilt,
and thus actually destroys the law."

Other MEPs from the four biggest political groups - Conservatives (PPE),
Social Democrats (PSE), Liberals (ELDR) and Greens alike - joined Mr.
Rothley in his criticism of the Commission which, according to most of
them, just hasn't done its homework in the drafting of this Directive. In
particular they criticised the scope, which in the Draft includes all
kinds of Intellectual Property Rights (IPR) infringements, ranging from
copyright to trademarks to patents, and the inclusion of criminal law
sanctions in a Co-Decision Directive. Members of the committee also
criticised the Directive for being much too prescriptive concerning
judicial procedures, which according to the subsidiarity principle should
be left as much as possible to the Member States.

The next day saw a closed-doors meeting that dealt with a set of
compromise Amendments that the Rapporteur, Janelly Fourtou, had tabled in
order to reduce the number of -by now- 226 Amendments. JURI members will
have to vote on the amendments on the evening of 17 November. While Mrs.
Fourtou had seemed pretty stubborn in the Legal Affairs Committee, where
she refused to join other Parliamentarians in their criticism of the
Commission, she now seemed much more prepared to make substantial
concessions. When even Arlene McCarthy, the PSE shadow rapporteur and
perhaps known to EDRI-gram readers as the rapporteur of the infamous
Software patents Directive, argued in favour of deleting Article 20, which
contains the criminal law provisions, Mrs. Fourtou declared she would not
insist on keeping that Article. Mrs. Fourtou also announced she will not
withdraw her amendment deleting the patent regime from the scope of the
Directive, as she had considered to do during the initial discussion of
the report, and that she would be ready to keep the Commissions limitation
of the scope to commercial infringements of IPR. Her main interest now
seems to be to accelerate the parliamentary procedure in order to pass the
Directive within the present Parliament term, even if it should go into
second reading.

Mrs. Fourtou's Compromise Amendments
http://www.europarl.eu.int/meetdocs/committees/juri/20031104/511548EN.pdf

(Contribution by Andreas Dietl, EDRI EU affairs director)


==================================================================
2. NEW ANTI-SPAM LEGISLATION IN NL AND AUSTRIA
==================================================================

On the 31st of October, the European Directive on Privacy in electronic
communications (2002/58/EC) went into force. Only a minority of countries
has implemented the directive in time, but any European citizen can now
directly appeal to the directive in their national courts.

Most recently, the Dutch Lower House accepted the spam-ban on 4 November,
voting unanimously for the new Telecommunication Law. Attempts from a
social-democrat member of parliament to introduce penal sanctions for 
spamming and to extend the spam-ban to recipients on the workfloor failed,
in spite of much anti-spam rhetoric from the governing liberal and
christian-democrat parties. The House did accept an amendment that
requires proof of consent from the senders of unsolicited communication,
making it more difficult for the direct marketing industry to rent-out
address-lists and play 'tell-a-friend' tricks.

In Austria the Directive was implemented in time. The anti-spam regulation
went into force in August. Like the Dutch, the Austrian government refused
to extend the spam-ban to all natural persons, including e-mail addresses
used at work.
Unlike the Dutch though, Austria already had opt-in protection for all
recipients under the old telecommunication law. Anti-spam legislation
already deteriorated when the E-Commerce directive was implemented,
forcing the Austrians to suddenly create an opt-out list. Since the
implementation of the new Privacy directive some enforcement agencies
state that even that opt-out list no longer applies to non-consumers since
the new telecom law explicitly _allows_ them to be spammed, as long as an
opt-out-possibility is mentioned in the spam-message.

According to the Directive (Article 13) all natural persons have to be
protected via opt-in, leaving it up to member states to extend the
protection to business addresses. In reality, it is very difficult to
distinguish between different addresses. On top of that, many free-lancers
and -in some countries- small businesses are not legal persons and should
be protected via opt-in according to the Directive.

European Commission: New privacy rules for digital networks and services
(31.10.2003)
http://www.europa.eu.int/rapid/start/cgi/guesten.ksh?
p_action.gettxt=gt&doc=IP/03/1492|0|RAPID&lg=EN&display=

New anti-spam regulation in Austria (in English)
http://www.euro.cauce.org/en/countries/c_at.html

(Thanks to Albert Koellner, Vibe!AT)


==================================================================
3. NGOs URGE ICANN TO SAFEGUARD PRIVACY
==================================================================

More than 50 consumer and civil liberties organisations from around the
world have written to ICANN to urge the organisation to limit the use and
scope of the WHOIS database to its original purpose - the resolution of
technical network issues - and to establish strong privacy protections
based on internationally accepted privacy standards. The WHOIS database
broadly exposes domain registrants' personal data to a global audience.

The NGOs urge ICANN to consider their views on the use of WHOIS data. The
letter asks for purpose limitation so that data are not going to be used
for purposes that they were not originally submitted for. The letter also
insists on a possibility for individuals to opt-out from the publication
of their data in the public accessible WHOIS database. The NGOs believe
that disclosure of WHOIS information to law enforcement or in the context
of civil litigation must be pursuant to explicit legal authority set out
in statute.

WHOIS Letter to ICANN (28.10.2003)
http://www.thepublicvoice.org/whoisletter.html


==================================================================
4. BIG BROTHER AWARDS PRESENTED ACROSS EUROPE
==================================================================

Privacy and civil liberty activists across Europe have presented their Big
Brother Awards to governments, companies and persons that have excelled in
violating the right to privacy. In a weeks period Award ceremonies were
held in Germany (24 October), Spain (25 October), Austria (26 October) and
Switzerland (1 November).

In Germany prices went to German Post-Shop, part of the Post Office, for
pressing their workers to agree that there is no confidentiality between
the worker and their doctor when they report sick from work. The German
cash-and-carry chain Metro deserved an Award for introducing RFIDs in some
of their shops and Berlins Senator of the Interior Körting got one for
sending 'silent' SMS messages over the mobile telephony network in order
to track and trace GSM users, a practice referred to as 'pinging'.

In Spain Awards were given to the Ministry of Science and Technology for
introducing the first mandatory data retention law in Europe. The
PriceWaterhouseCoopers lawyer Ribas was honoured with two Awards, both
from the jury and the public, for threatening to sue all peer-to-peer
users in Spain. Microsoft was awarded for developing Palladium, their
future DRM-based operating system.

The Austrian Big Brother Awards were equally divided between domestic and
European price winners. Some of the winners are the European Commission
for their draft Intellectual Property Enforcement Directive and the
European Patent Bureau for awarding patents to ideas and methods in
information technology. Just as in Germany the Post was awarded, here for
selling addresses to direct marketing firms from people that request
forwarding of their post after changing their residential address.

One of the Swiss Awards went to examining magistrate Treccani from
Lausanne who ordered mobile telephony companies to hand over all traffic
data from specific base stations. Another was given to the Swiss Ministry
of Defence for asking recruits privacy sensitive questions such as their
sexual preference.

In Switzerland and Spain defenders of privacy were honoured with a
positive award. In Switzerland Rebekka Salome, a customer of the insurance
company Winterthur, was awarded for revealing the existence of a secret
customers database and activist Daniel Costantino for making public the
privacy invading recruit question lists of the Swiss Defence Ministry. In
Spain a positive Award went to Proinnova, a group opposing the EU patent
directive.

Since Privacy International presented the first Big Brother Awards in
1998, an international tradition has begun. By now, more than 45
ceremonies have taken place in 15 different countries.

Big Brother Awards Germany
http://www.big-brother-award.de/en/2003/

Big Brother Awards Spain
http://www.bigbrotherawards-es.org/

Big Brother Awards Austria
http://www.bigbrotherawards.at/2003/nominees/winners_2003.php

Big Brother Awards Switzerland
http://www.bigbrotherawards.ch/


==================================================================
5. UK WORKSHOP ON SNOOPING LAWS
==================================================================

On 22 October, EDRI members FIPR and Privacy International held a public
meeting to assess proposed government legislation to retain and snoop on
information about the phone and Internet activity of everyone in the UK.

Speakers from the government side tried to convince a sceptical audience
that the plans were a necessary and proportionate response to crime.
Representatives of the Home Office, Northamptonshire County Council and
the Department for Work and Pensions said that access to this data was
essential to their work. However, the head of information rights at the
Department for Constitutional Affairs said that they still had concerns
about the regulation of some government agencies. Meanwhile technical,
industry and Parliamentary speakers described the many problems with the
legislation. Oversight, cost and legality all remain to be addressed to
the satisfaction of many UK experts and Parliamentarians.

Today a follow-up meeting is taking place in the House of Lords, chaired
by Lord Phillips of Sudbury. Senators ('Peers') from all parties will be
attending. Several sceptical Lords are expected to push for rejection of
the proposed legislation. Co-organiser Privacy International will point at
the dangerous international aspects of mandatory data retention.
Eventually these very privacy-sensitive data will become available on
request to investigation authorities in countries such as Estonia, Serbia,
Russia and Croatia.

The potential for overseas countries to access this information comes
about through a range of international treaties. The most notable of these
is the recent Council of Europe (CoE) Cybercrime Convention, which allows
for 'minimum standard' mutual law enforcement assistance between nations.
37 countries have so far signed the treaty, including Armenia, Greece,
Lithuania and Turkey. Albania, Estonia and Croatia have already ratified
the treaty, thus bringing it into legal force. The UK has signed the
treaty, but no date has yet been set for its ratification into law.

Privacy International is especially worried because current procedures in
the UK do not require dual-criminality when responding to requests from
other countries. In fact, sometimes only very basic information is
required to inform the UK officials of the purpose of the data to be
transferred, and data may in turn be kept by foreign governments as long
as they see fit.

Scrambling for safety nr. 7 programme and pictures
http://www.fipr.org/sfs7.html

Cybercrime treaty
http://conventions.coe.int/Treaty/EN/WhatYouWant.asp?NT=185

Overview of signatures and ratifications
http://conventions.coe.int/Treaty/EN/searchsig.asp?NT=185&CM=&DF=


==================================================================
6. STATE TAKE-OVER OF TOP-LEVEL DOMAIN IN UKRAINE
==================================================================

The government of Ukraine is trying to take-over the national .ua
top-level domain. Via a new act on the administration of the .ua domain,
adopted on 22 July 2003, the new enterprise Ukrainian Network Information
Centre was established and made responsible. The act was apparently
adopted after complaints in the media by government officials about the
inefficiency of the domain administration and incapacity to meet the needs
of the Ukrainian Internet Community.

The governmental involvement in the new enterprise is clearly visible in
the list of organisations that are jointly responsible: the State
Telecommunications Committee; the State Security Service
Telecommunications and Information Protection Department and the Internet
Association of Ukraine, made up of 6 state-owned ISPs including state
monopolists Ukrtelecom, Utel, Infocom. The only 2 more or less independent
participants are the Association of Telephone Operators 'TELAS' and the
Ukrainian Association of Internet Market Participants, representing the
interests of 40 small regional ISPs.

The new act met with joined resistance from the Ukrainian Internet
Society, a major non-governmental organisation representing interests of
Internet users in all regions of the Ukraine and the previous technical
administrator of the domain, HostMaster Ltd.

Hostmaster brought a lawsuit against government in August 2003 in the Kyiv
City Commercial Court, claiming unlawfulness of the Governmental Act on
the grounds that it interfered with commercial activity and constituted a
violation of the Law on Enterprises.

Since 1992, the .UA ccTLD was delegated by IANA (ICANN) to 2 Ukrainian
citizens in the interests of all Ukrainian users. Until 2001 the domain
was coordinated by enthusiasts of the Ukrainian Net Group Coordination (UA
NCG). In 2001 its activists established HostMaster Ltd. This company
introduced Domain Administration Rules that entered in force in February
2003. A Public Supervisory Council was established for the coordination of
the domain administration. According to the HostMaster, Ltd. press
release, public bodies rejected to participate in the Council.

Reporters Sans Frontieres has expressed alarm over the governmental
efforts to take control over the country's top-level domain, and is also
warning about proposals to legalise e-mail monitoring. The state
telecommunications commission asked telecom operators and Internet service
providers (ISPs) on 17 July to install equipment to monitor all traffic
they handled. The Ukrainian Internet Association objected strongly to this
as an unacceptable breach of privacy for Internet users and noted that for
the moment it was still illegal. The Ukrainian secret police asked
parliament on 19 August to legalise recording and interception of phone
and Internet messages, ostensibly to help fight crime and supposedly to
bring the law into line with European standards.
In a statement, RSFs secretary-general Robert Menard said that the
Ukrainian government is effectively trying to gag online activity.

Concern about secret police bid to control the Internet (27.20.2003)
http://www.rsf.fr/article.php3?id_article=8359

Statement by the director of the 'Ukrainian Network Information Centre'
(04.11.2003)
http://www.unian.net/eng/news/news-46560.html

(Thanks to Andriy Pazyuk from Privacy Ukraine)


==================================================================
7. EUROPEAN CAMPAIGN FOR SAFE E-VOTING
==================================================================

A coalition of technical, legal and political experts launched a campaign
on 4 November to ensure that electronic voting can be trusted by voters
and politicians across Europe.

Voters and candidates must be able to feel certain that voting intentions
are accurately recorded. If any doubts do arise then all stake-holders
must be able to verify and audit all aspects of the election. Without
these protections, debacles such as the count of votes in the US
presidential elections of 2000 are likely to be repeated on this side of
the Atlantic. This could destroy voter trust in the electoral system and
politics more widely.

Computerised voting is inherently subject to programming error, human
error, equipment malfunction and malicious tampering. Due to the opaque
nature of the technologies involved, which few understand, it is crucial
that electronic voting systems provide a voter-verifiable audit trail.
This is a permanent record of each vote that can be checked for accuracy
by the voter before the vote is submitted, and is difficult or impossible
to alter after it has been checked. This must be achieved without
compromising the secrecy and integrity of the ballot.

E-voting systems lacking these safeguards are being rushed upon voters
across Europe with little regard for the risks and the costs to our
democracies. In Ireland, France, Spain and the UK trials were held.
E-voting is already established in Belgium and Switzerland. In Denmark,
Estonia, the Netherlands and in some German municipal authorities trials
will be organised within a year. The European Commission is looking at
introducing e-voting across the EU, and the Council of Europe is
developing guidelines for elections involving e-voting. See also EDRI-gram
nr. 16.

The campaign is calling on all concerned European citizens to sign up to a
resolution demanding a voter-verifiable audit trail. Ian Brown, one of the
campaign founders and director of the Foundation for Information Policy
Research (EDRI-member), commented: "Unsafe e-voting systems could prove a
very expensive way to destroy voter trust in elections. Governments need
to look at less gimmicky ways of increasing public involvement in
politics."

Another EDRI-member, Mikko Valimaki, chairman of Electronic Frontier
Finland (EFFI) added: "We have already seen real problems with e-voting
machines in the US. One candidate in the 2000 US elections was awarded
-16,022 votes due to a technical error. While this problem was fixed in
time, in a democratic society we cannot tolerate software or hardware
errors in the voting system."

Sign the resolution
http://www.free-project.org/resolution/

FIPR E-democracy file
http://www.fipr.org/eDemocracy/

American file on electronic voting
http://www.verifiedvoting.org/


==================================================================
8. DRAFT NEW TELECOMMUNICATION ACT IN GERMANY
==================================================================

On 15 October the German Federal Government adopted a draft new
telecommunication act. The draft aims, inter alia, at  implementing the
European Directive on privacy and electronic communications (2002/58/EC),
but will not introduce the spam-ban described in Article 13 of the
Directive. In Germany spam will be banned through an update of the Act
against Unfair Competition, and remain subject only to civil law.

The new telecommunications Act contains some important changes in privacy
issues. Most notably, the provisions concerning information requests for
law enforcement purposes have been completely reorganised and expanded.

Section 109 now explicitly obliges telecommunication service providers
that use phone numbers to identify their customers and to retain the
according basic data for future information requests from law enforcement
authorities.

This provision particularly aims at prepaid phone-cards, where customer
data is not necessary to bill (mobile) services. Furthermore, service
providers now will have to hand over, upon request, passwords, PINs etc.
to the designated authorities under the so-called manual information
procedure.

With regard to the interception of telecommunications, little is changed
in the draft act. As before, the act itself does not authorise such
interception; all relevant provisions are contained in separate acts.
Providers will also still be obliged to install wiretapping infrastructure
at their own expense. A similar - but not identical - provision in the
former Austrian Telecommunications Act was repealed by the Austrian
Constitutional Court in February 2003 (See EDRI-gram nr. 6). In addition
to the Telecommunications Act, the accompanying Telecommunications
Surveillance Ordinance will be revised as well. The current draft,
published on 30 April, only contains minor changes to the current
Ordinance. Most of these changes deal with the particularities of Internet
communications.

In the next legislative step, the Bundesrat, the parliamentary body
representing the German states ('Länder'), will discuss the draft
Telecommunications Act. Because the regional states are primarily
responsible for matters relating to public security, they tend to advocate
far-reaching powers for law enforcement authorities. In the past this
included proposals for mandatory data retention, so it may well be
possible that the Bundesrat will again propose the insertion of such
provisions into the new telecommunications act.

Overview of the legislative process (in German)
http://www.tkrecht.de/index.php4?direktmodus=novelle-genese

Complete text draft law (in German)
http://www.bmwa.bund.de/Redaktion/Inhalte/Downloads/TKG-E-entwurf-mit-
begruendung,property=pdf.pdf

(Contribution by Andreas Neumann, Research Associate at the Centre for
European Integration Studies and one of the editors of tkrecht.de)


===================================================
9. LAWSUIT ABOUT WEBSITE FRENCH TRADE UNION
===================================================

On Monday 3 November, in intermediary proceedings against not-for-profit
provider RAS in a Paris court, two telemarketing  companies demanded the
immediate take-down of the website of the radical trade union SUD PTT. The
lawsuit was brought against the ISP and the trade union by the companies
Ceritex and Mediatel. According to their complaint, some remarks published
on the website about the management of the 2 companies are untrue and
grave insults. Ceritex is accused of being reigned by little bosses, a
manager of the quali-metrics division is described as being unable to
distinguish between friendship and hierarchical relationships and a female
president is disqualified as being perfectly aware of the situation, but
not acting on it - as usual.

EDRI-member IRIS voluntarily joined the defendants in the lawsuit. Both
IRIS and SUD PTT, as well as more than 100 French activist organisations
and trade unions, are members of the RAS, the Réseau Associatif et
Syndical. The RAS acts as an ISP for its members. IRIS and the RAS were
represented by a lawyer from the French Human Rights League, another
member of the RAS.

Current French legislation is very clear: an ISP cannot be held liable for
content it hosts, except when the company  fails to obey a judicial order
to block or remove the content. Modification of this legislation is
foreseen in the "Digital Economy draft law" (Loi sur la confiance dans
l'économie numérique, or LEN), adopted in first reading by the French
Parliament. The second reading is scheduled to happen in the first two
weeks of December. In the litigation IRIS sees further proof that the law
will encourage pressure on and intimidation of service providers, a
development detrimental to the freedom of speech. A petition against the
law, set-up by IRIS earlier, has already attracted over 3000 individual
and over 100 collective signatures.

Overview of the case and copies of the charges
http://www.ras.eu.org/ras/actions/ceritex-SudPTT/index.html

IRIS press release (in French)
http://www.iris.sgdg.org/info-debat/comm-proces-ras1003.html

IRIS petition against the LEN
http://www.iris.sgdg.org/actions/len/petition.html


===================================================
10. RECOMMENDED READING
===================================================

'Freedom of Information and Access to Government Records Around the World'
by Privacy Internationals David Banisar gives a detailed, global overview
of legislation towards access of government records and identifies some of
the problems with current laws and the factors for adoption in countries
that do not yet have such laws.

Over fifty countries have adopted comprehensive laws to facilitate access
to government information. In just the past year, six countries have
adopted laws and over thirty more are in the process. The laws are broadly
similar, allowing for a general right by citizens, residents and often
anyone else to demand information from government bodies.

However, the battle is far from over. Many of the laws are not adequate.
In some countries, the laws lie dormant due to a failure to implement them
properly or a lack of demand. In others, the exemptions are abused by
governments to prevent embarrassment. New laws promoting secrecy in the
global war on terror have undercut access. International organisations
take over national government roles and have not subjected themselves to
the same rules. These problems need to be addressed by all of the
participants. Access ebbs and flows at any given time in any country but
the transformation has begun and it is no longer possible to tell citizens
that they have no right to know.

Freedom of Information and Access to Government Records Around the World
(28.09.2003)
http://www.freedominfo.org/survey.htm


==================================================================
11. AGENDA
==================================================================

6 November, Budapest, Hungary - Big Brother Awards 2003
http://www.bigbrotherawards.org

26 November, London, the UK - Privacy Law Conference
Single day conference, impressive speakerlist but high entrance fee (EUR 507)
http://www.sweetandmaxwell.co.uk/conferences/261103pro.html

28-29 November, Paris, France - Copyright and Neighbouring Rights in the
Information Society
Colloquium organised by the French national UNESO Commission with support
from the French National Library. In French, in preparation of WSIS)
http://www.unesco.org/comnat/france/coloque_Com112003.htm

8-9 January 2004, Sheffield, UK - CCTV and Social Control
Conference organised by the Centre for Criminological Research, University
of Sheffield on the politics and practice of video surveillance, from a
European and global perspective.
http://www.sheffield.ac.uk/ccr/publicity/conference/index.html

30-31 January 2004, Stockholm, Sweden - WHOLES
A Multiple View of Individual Privacy in a Networked World
An international workshop to explore interdisciplinary approaches to
privacy. Contribution deadline for papers: 31 October 2003.
http://www.sics.se/privacy/wholes2004/


==================================================================
12. ABOUT
==================================================================

EDRI-gram is a bi-weekly newsletter from European organisations in Europe.
Currently EDRI has 14 members from 11 European countries. EDRI takes an
active interest in developments in the EU accession countries and wants to
share knowledge and awareness through the EDRI-grams. All contributions,
suggestions for content or agenda-tips are most welcome.

Newsletter editor: Sjoera Nas <edrigram at edri.org>

Information about EDRI and its members:
http://www.edri.org/

- EDRI-gram subscription information

subscribe/unsubscribe web interface
http://www.edri.org/cgi-bin/mailman/listinfo/edri-news/

subscribe by e-mail
To: edri-news-request at edri.org
Subject: subscribe

You will receive an automated e-mail asking to confirm your request.

- EDRI-gram in Russian

EDRI-gram is also available in Russian, a few days after the English
edition. The contents are the same. Translations are provided by Sergei
Smirnov, Human Rights Network, Russia.

The EDRI-gram in Russian can be read on-line via
http://www.hro.org/editions/edri/

- EDRI-gram in Italian

EDRI-gram is also available in Italian, a few days after the English
edition. The contents are the same. Translations are provided by
autistici.org

The EDRI-gram in Italian can be read on-line via
http://www.autistici.org/edrigram/

- Newsletter archive

Back issues are available at:
http://www.edri.org/cgi-bin/index?funktion=edrigram

- Help

Please ask <info at edri.org> if you have any problems with subscribing or
unsubscribing.

==================================================================
Publication of this newsletter is made possible by a grant from
the Open Society Institute (OSI).
==================================================================